From 77d1b63284b8518b3e6b0685e3abe9acbec17f74 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 6 Nov 2020 17:30:59 +0100
Subject: [PATCH 001/192] adds a UP check where 2.1 is asking for it

---
 src/ctap/mod.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 442d942..3ec7c6a 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -342,6 +342,7 @@ where
         if let Some(auth_param) = &pin_uv_auth_param {
             // This case was added in FIDO 2.1.
             if auth_param.is_empty() {
+                let _ = (self.check_user_presence)(cid);
                 if self.persistent_store.pin_hash()?.is_none() {
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
                 } else {
@@ -545,6 +546,7 @@ where
         if let Some(auth_param) = &pin_uv_auth_param {
             // This case was added in FIDO 2.1.
             if auth_param.is_empty() {
+                let _ = (self.check_user_presence)(cid);
                 if self.persistent_store.pin_hash()?.is_none() {
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
                 } else {

From 5673b9148f185931a3a35c576fa7435b3a2b40fa Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Wed, 11 Nov 2020 12:55:37 +0100
Subject: [PATCH 002/192] Use new persistent store library (and delete old)

---
 Cargo.toml                           |    3 +-
 src/ctap/mod.rs                      |    2 +-
 src/ctap/status_code.rs              |   12 +
 src/ctap/storage.rs                  |  744 +++++++---------
 src/ctap/storage/key.rs              |  135 +++
 src/embedded_flash/buffer.rs         |  457 ----------
 src/embedded_flash/mod.rs            |   10 +-
 src/embedded_flash/storage.rs        |  107 ---
 src/embedded_flash/store/bitfield.rs |  177 ----
 src/embedded_flash/store/format.rs   |  565 ------------
 src/embedded_flash/store/mod.rs      | 1182 --------------------------
 src/embedded_flash/syscall.rs        |   36 +-
 12 files changed, 493 insertions(+), 2937 deletions(-)
 create mode 100644 src/ctap/storage/key.rs
 delete mode 100644 src/embedded_flash/buffer.rs
 delete mode 100644 src/embedded_flash/storage.rs
 delete mode 100644 src/embedded_flash/store/bitfield.rs
 delete mode 100644 src/embedded_flash/store/format.rs
 delete mode 100644 src/embedded_flash/store/mod.rs

diff --git a/Cargo.toml b/Cargo.toml
index 8faf8dd..5b01795 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -15,6 +15,7 @@ libtock_drivers = { path = "third_party/libtock-drivers" }
 lang_items = { path = "third_party/lang-items" }
 cbor = { path = "libraries/cbor" }
 crypto = { path = "libraries/crypto" }
+persistent_store = { path = "libraries/persistent_store" }
 byteorder = { version = "1", default-features = false }
 arrayref = "0.3.6"
 subtle = { version = "2.2", default-features = false, features = ["nightly"] }
@@ -23,7 +24,7 @@ subtle = { version = "2.2", default-features = false, features = ["nightly"] }
 debug_allocations = ["lang_items/debug_allocations"]
 debug_ctap = ["crypto/derive_debug", "libtock_drivers/debug_ctap"]
 panic_console = ["lang_items/panic_console"]
-std = ["cbor/std", "crypto/std", "crypto/derive_debug", "lang_items/std"]
+std = ["cbor/std", "crypto/std", "crypto/derive_debug", "lang_items/std", "persistent_store/std"]
 ram_storage = []
 verbose = ["debug_ctap", "libtock_drivers/verbose_usb"]
 with_ctap1 = ["crypto/with_ctap1"]
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 1a98ce5..8f46f77 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -500,7 +500,7 @@ where
         let (signature, x5c) = match self.persistent_store.attestation_private_key()? {
             Some(attestation_private_key) => {
                 let attestation_key =
-                    crypto::ecdsa::SecKey::from_bytes(attestation_private_key).unwrap();
+                    crypto::ecdsa::SecKey::from_bytes(&attestation_private_key).unwrap();
                 let attestation_certificate = self
                     .persistent_store
                     .attestation_certificate()?
diff --git a/src/ctap/status_code.rs b/src/ctap/status_code.rs
index adb84fd..b4f78fd 100644
--- a/src/ctap/status_code.rs
+++ b/src/ctap/status_code.rs
@@ -81,5 +81,17 @@ pub enum Ctap2StatusCode {
     /// This type of error is unexpected and the current state is undefined.
     CTAP2_ERR_VENDOR_INTERNAL_ERROR = 0xF2,
 
+    /// The persistent storage invariant is broken.
+    ///
+    /// There can be multiple reasons:
+    /// - The persistent storage has not been erased before its first usage.
+    /// - The persistent storage has been tempered by a third party.
+    /// - The flash is malfunctioning (including the Tock driver).
+    ///
+    /// In the first 2 cases the persistent storage should be completely erased. If the error
+    /// reproduces, it may indicate a software bug or a hardware deficiency. In both cases, the
+    /// error should be reported.
+    CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE = 0xF3,
+
     CTAP2_ERR_VENDOR_LAST = 0xFF,
 }
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 127dc23..d99d62c 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -12,13 +12,15 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+mod key;
+
 #[cfg(feature = "with_ctap2_1")]
 use crate::ctap::data_formats::{extract_array, extract_text_string};
 use crate::ctap::data_formats::{CredentialProtectionPolicy, PublicKeyCredentialSource};
 use crate::ctap::pin_protocol_v1::PIN_AUTH_LENGTH;
 use crate::ctap::status_code::Ctap2StatusCode;
 use crate::ctap::{key_material, USE_BATCH_ATTESTATION};
-use crate::embedded_flash::{self, StoreConfig, StoreEntry, StoreError};
+#[cfg(feature = "with_ctap2_1")]
 use alloc::string::String;
 #[cfg(any(test, feature = "ram_storage", feature = "with_ctap2_1"))]
 use alloc::vec;
@@ -30,16 +32,16 @@ use core::convert::TryInto;
 use crypto::rng256::Rng256;
 
 #[cfg(any(test, feature = "ram_storage"))]
-type Storage = embedded_flash::BufferStorage;
+type Storage = persistent_store::BufferStorage;
 #[cfg(not(any(test, feature = "ram_storage")))]
-type Storage = embedded_flash::SyscallStorage;
+type Storage = crate::embedded_flash::SyscallStorage;
 
 // Those constants may be modified before compilation to tune the behavior of the key.
 //
-// The number of pages should be at least 2 and at most what the flash can hold. There should be no
-// reason to put a small number here, except that the latency of flash operations depends on the
-// number of pages. This will improve in the future. Currently, using 20 pages gives 65ms per
-// operation. The rule of thumb is 3.5ms per additional page.
+// The number of pages should be at least 3 and at most what the flash can hold. There should be no
+// reason to put a small number here, except that the latency of flash operations is linear in the
+// number of pages. This may improve in the future. Currently, using 20 pages gives between 20ms and
+// 240ms per operation. The rule of thumb is between 1ms and 12ms per additional page.
 //
 // Limiting the number of residential keys permits to ensure a minimum number of counter increments.
 // Let:
@@ -49,32 +51,15 @@ type Storage = embedded_flash::SyscallStorage;
 // - C the number of erase cycles (10000)
 // - I the minimum number of counter increments
 //
-// We have: I = ((P - 1) * 4092 - K * S) / 12 * C
+// We have: I = (P * 4084 - 5107 - K * S) / 8 * C
 //
-// With P=20 and K=150, we have I > 2M which is enough for 500 increments per day for 10 years.
+// With P=20 and K=150, we have I=2M which is enough for 500 increments per day for 10 years.
 #[cfg(feature = "ram_storage")]
-const NUM_PAGES: usize = 2;
+const NUM_PAGES: usize = 3;
 #[cfg(not(feature = "ram_storage"))]
 const NUM_PAGES: usize = 20;
 const MAX_SUPPORTED_RESIDENTIAL_KEYS: usize = 150;
 
-// List of tags. They should all be unique. And there should be less than NUM_TAGS.
-const TAG_CREDENTIAL: usize = 0;
-const GLOBAL_SIGNATURE_COUNTER: usize = 1;
-const MASTER_KEYS: usize = 2;
-const PIN_HASH: usize = 3;
-const PIN_RETRIES: usize = 4;
-const ATTESTATION_PRIVATE_KEY: usize = 5;
-const ATTESTATION_CERTIFICATE: usize = 6;
-const AAGUID: usize = 7;
-#[cfg(feature = "with_ctap2_1")]
-const MIN_PIN_LENGTH: usize = 8;
-#[cfg(feature = "with_ctap2_1")]
-const MIN_PIN_LENGTH_RP_IDS: usize = 9;
-// Different NUM_TAGS depending on the CTAP version make the storage incompatible,
-// so we use the maximum.
-const NUM_TAGS: usize = 10;
-
 const MAX_PIN_RETRIES: u8 = 8;
 const ATTESTATION_PRIVATE_KEY_LENGTH: usize = 32;
 const AAGUID_LENGTH: usize = 16;
@@ -88,92 +73,18 @@ const _DEFAULT_MIN_PIN_LENGTH_RP_IDS: Vec<String> = Vec::new();
 #[cfg(feature = "with_ctap2_1")]
 const _MAX_RP_IDS_LENGTH: usize = 8;
 
-#[allow(clippy::enum_variant_names)]
-#[derive(PartialEq, Eq, PartialOrd, Ord)]
-enum Key {
-    // TODO(cretin): Test whether this doesn't consume too much memory. Otherwise, we can use less
-    // keys. Either only a simple enum value for all credentials, or group by rp_id.
-    Credential {
-        rp_id: Option<String>,
-        credential_id: Option<Vec<u8>>,
-        user_handle: Option<Vec<u8>>,
-    },
-    GlobalSignatureCounter,
-    MasterKeys,
-    PinHash,
-    PinRetries,
-    AttestationPrivateKey,
-    AttestationCertificate,
-    Aaguid,
-    #[cfg(feature = "with_ctap2_1")]
-    MinPinLength,
-    #[cfg(feature = "with_ctap2_1")]
-    MinPinLengthRpIds,
-}
-
+/// Wrapper for master keys.
 pub struct MasterKeys {
+    /// Master encryption key.
     pub encryption: [u8; 32],
+
+    /// Master hmac key.
     pub hmac: [u8; 32],
 }
 
-struct Config;
-
-impl StoreConfig for Config {
-    type Key = Key;
-
-    fn num_tags(&self) -> usize {
-        NUM_TAGS
-    }
-
-    fn keys(&self, entry: StoreEntry, mut add: impl FnMut(Key)) {
-        match entry.tag {
-            TAG_CREDENTIAL => {
-                let credential = match deserialize_credential(entry.data) {
-                    None => {
-                        debug_assert!(false);
-                        return;
-                    }
-                    Some(credential) => credential,
-                };
-                add(Key::Credential {
-                    rp_id: Some(credential.rp_id.clone()),
-                    credential_id: Some(credential.credential_id),
-                    user_handle: None,
-                });
-                add(Key::Credential {
-                    rp_id: Some(credential.rp_id.clone()),
-                    credential_id: None,
-                    user_handle: None,
-                });
-                add(Key::Credential {
-                    rp_id: Some(credential.rp_id),
-                    credential_id: None,
-                    user_handle: Some(credential.user_handle),
-                });
-                add(Key::Credential {
-                    rp_id: None,
-                    credential_id: None,
-                    user_handle: None,
-                });
-            }
-            GLOBAL_SIGNATURE_COUNTER => add(Key::GlobalSignatureCounter),
-            MASTER_KEYS => add(Key::MasterKeys),
-            PIN_HASH => add(Key::PinHash),
-            PIN_RETRIES => add(Key::PinRetries),
-            ATTESTATION_PRIVATE_KEY => add(Key::AttestationPrivateKey),
-            ATTESTATION_CERTIFICATE => add(Key::AttestationCertificate),
-            AAGUID => add(Key::Aaguid),
-            #[cfg(feature = "with_ctap2_1")]
-            MIN_PIN_LENGTH => add(Key::MinPinLength),
-            #[cfg(feature = "with_ctap2_1")]
-            MIN_PIN_LENGTH_RP_IDS => add(Key::MinPinLengthRpIds),
-            _ => debug_assert!(false),
-        }
-    }
-}
-
+/// CTAP persistent storage.
 pub struct PersistentStore {
-    store: embedded_flash::Store<Storage, Config>,
+    store: persistent_store::Store<Storage>,
 }
 
 impl PersistentStore {
@@ -188,17 +99,19 @@ impl PersistentStore {
         #[cfg(any(test, feature = "ram_storage"))]
         let storage = PersistentStore::new_test_storage();
         let mut store = PersistentStore {
-            store: embedded_flash::Store::new(storage, Config).unwrap(),
+            store: persistent_store::Store::new(storage).ok().unwrap(),
         };
-        store.init(rng);
+        store.init(rng).unwrap();
         store
     }
 
+    /// Creates a syscall storage in flash.
     #[cfg(not(any(test, feature = "ram_storage")))]
     fn new_prod_storage() -> Storage {
         Storage::new(NUM_PAGES).unwrap()
     }
 
+    /// Creates a buffer storage in RAM.
     #[cfg(any(test, feature = "ram_storage"))]
     fn new_test_storage() -> Storage {
         #[cfg(not(test))]
@@ -206,7 +119,7 @@ impl PersistentStore {
         #[cfg(test)]
         const PAGE_SIZE: usize = 0x1000;
         let store = vec![0xff; NUM_PAGES * PAGE_SIZE].into_boxed_slice();
-        let options = embedded_flash::BufferOptions {
+        let options = persistent_store::BufferOptions {
             word_size: 4,
             page_size: PAGE_SIZE,
             max_word_writes: 2,
@@ -216,283 +129,265 @@ impl PersistentStore {
         Storage::new(store, options)
     }
 
-    fn init(&mut self, rng: &mut impl Rng256) {
-        if self.store.find_one(&Key::MasterKeys).is_none() {
+    /// Initializes the store by creating missing objects.
+    fn init(&mut self, rng: &mut impl Rng256) -> Result<(), Ctap2StatusCode> {
+        // Generate and store the master keys if they are missing.
+        if self.store.find_handle(key::MASTER_KEYS)?.is_none() {
             let master_encryption_key = rng.gen_uniform_u8x32();
             let master_hmac_key = rng.gen_uniform_u8x32();
             let mut master_keys = Vec::with_capacity(64);
             master_keys.extend_from_slice(&master_encryption_key);
             master_keys.extend_from_slice(&master_hmac_key);
-            self.store
-                .insert(StoreEntry {
-                    tag: MASTER_KEYS,
-                    data: &master_keys,
-                    sensitive: true,
-                })
-                .unwrap();
+            self.store.insert(key::MASTER_KEYS, &master_keys)?;
         }
         // The following 3 entries are meant to be written by vendor-specific commands.
         if USE_BATCH_ATTESTATION {
-            if self.store.find_one(&Key::AttestationPrivateKey).is_none() {
-                self.set_attestation_private_key(key_material::ATTESTATION_PRIVATE_KEY)
-                    .unwrap();
+            if self
+                .store
+                .find_handle(key::ATTESTATION_PRIVATE_KEY)?
+                .is_none()
+            {
+                self.set_attestation_private_key(key_material::ATTESTATION_PRIVATE_KEY)?;
             }
-            if self.store.find_one(&Key::AttestationCertificate).is_none() {
-                self.set_attestation_certificate(key_material::ATTESTATION_CERTIFICATE)
-                    .unwrap();
+            if self
+                .store
+                .find_handle(key::ATTESTATION_CERTIFICATE)?
+                .is_none()
+            {
+                self.set_attestation_certificate(key_material::ATTESTATION_CERTIFICATE)?;
             }
         }
-        if self.store.find_one(&Key::Aaguid).is_none() {
-            self.set_aaguid(key_material::AAGUID).unwrap();
+        if self.store.find_handle(key::AAGUID)?.is_none() {
+            self.set_aaguid(key_material::AAGUID)?;
         }
+        Ok(())
     }
 
+    /// Returns the first matching credential.
+    ///
+    /// Returns `None` if no credentials are matched or if `check_cred_protect` is set and the first
+    /// matched credential requires user verification.
     pub fn find_credential(
         &self,
         rp_id: &str,
         credential_id: &[u8],
         check_cred_protect: bool,
     ) -> Result<Option<PublicKeyCredentialSource>, Ctap2StatusCode> {
-        let key = Key::Credential {
-            rp_id: Some(rp_id.into()),
-            credential_id: Some(credential_id.into()),
-            user_handle: None,
-        };
-        let entry = match self.store.find_one(&key) {
-            None => return Ok(None),
-            Some((_, entry)) => entry,
-        };
-        debug_assert_eq!(entry.tag, TAG_CREDENTIAL);
-        let result = deserialize_credential(entry.data);
-        debug_assert!(result.is_some());
-        let user_verification_required = result.as_ref().map_or(false, |cred| {
-            cred.cred_protect_policy == Some(CredentialProtectionPolicy::UserVerificationRequired)
+        let mut iter_result = Ok(());
+        let iter = self.iter_credentials(&mut iter_result)?;
+        // TODO(reviewer): Should we return an error if we find more than one matching credential?
+        // We did not use to in the previous version (panic in debug mode, nothing in release mode)
+        // but I don't remember why. Let's document it.
+        let result = iter.map(|(_, credential)| credential).find(|credential| {
+            credential.rp_id == rp_id && credential.credential_id == credential_id
         });
-        if check_cred_protect && user_verification_required {
-            Ok(None)
-        } else {
-            Ok(result)
+        iter_result?;
+        if let Some(cred) = &result {
+            let user_verification_required = cred.cred_protect_policy
+                == Some(CredentialProtectionPolicy::UserVerificationRequired);
+            if check_cred_protect && user_verification_required {
+                return Ok(None);
+            }
         }
+        Ok(result)
     }
 
+    /// Stores or updates a credential.
+    ///
+    /// If a credential with the same RP id and user handle already exists, it is replaced.
     pub fn store_credential(
         &mut self,
-        credential: PublicKeyCredentialSource,
+        new_credential: PublicKeyCredentialSource,
     ) -> Result<(), Ctap2StatusCode> {
-        let key = Key::Credential {
-            rp_id: Some(credential.rp_id.clone()),
-            credential_id: None,
-            user_handle: Some(credential.user_handle.clone()),
-        };
-        let old_entry = self.store.find_one(&key);
-        if old_entry.is_none() && self.count_credentials()? >= MAX_SUPPORTED_RESIDENTIAL_KEYS {
+        // Holds the key of the existing credential if this is an update.
+        let mut old_key = None;
+        // Holds the unordered list of used keys.
+        let mut keys = Vec::new();
+        let mut iter_result = Ok(());
+        let iter = self.iter_credentials(&mut iter_result)?;
+        for (key, credential) in iter {
+            keys.push(key);
+            if credential.rp_id == new_credential.rp_id
+                && credential.user_handle == new_credential.user_handle
+            {
+                if old_key.is_some() {
+                    return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE);
+                }
+                old_key = Some(key);
+            }
+        }
+        iter_result?;
+        if old_key.is_none() && keys.len() >= MAX_SUPPORTED_RESIDENTIAL_KEYS {
             return Err(Ctap2StatusCode::CTAP2_ERR_KEY_STORE_FULL);
         }
-        let credential = serialize_credential(credential)?;
-        let new_entry = StoreEntry {
-            tag: TAG_CREDENTIAL,
-            data: &credential,
-            sensitive: true,
-        };
-        match old_entry {
-            None => self.store.insert(new_entry)?,
-            Some((index, old_entry)) => {
-                debug_assert_eq!(old_entry.tag, TAG_CREDENTIAL);
-                self.store.replace(index, new_entry)?
-            }
+        let key = match old_key {
+            // This is a new credential being added, we need to allocate a free key. We choose the
+            // first available key. This is quadratic in the number of existing keys.
+            None => key::CREDENTIALS
+                .take(MAX_SUPPORTED_RESIDENTIAL_KEYS)
+                .find(|key| !keys.contains(key))
+                .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE)?,
+            // This is an existing credential being updated, we reuse its key.
+            Some(x) => x,
         };
+        let value = serialize_credential(new_credential)?;
+        self.store.insert(key, &value)?;
         Ok(())
     }
 
+    /// Returns the list of matching credentials.
+    ///
+    /// Does not return credentials that are not discoverable if `check_cred_protect` is set.
     pub fn filter_credential(
         &self,
         rp_id: &str,
         check_cred_protect: bool,
     ) -> Result<Vec<PublicKeyCredentialSource>, Ctap2StatusCode> {
-        Ok(self
-            .store
-            .find_all(&Key::Credential {
-                rp_id: Some(rp_id.into()),
-                credential_id: None,
-                user_handle: None,
-            })
-            .filter_map(|(_, entry)| {
-                debug_assert_eq!(entry.tag, TAG_CREDENTIAL);
-                let credential = deserialize_credential(entry.data);
-                debug_assert!(credential.is_some());
-                credential
+        let mut iter_result = Ok(());
+        let iter = self.iter_credentials(&mut iter_result)?;
+        let result = iter
+            .filter_map(|(_, credential)| {
+                if credential.rp_id == rp_id {
+                    Some(credential)
+                } else {
+                    None
+                }
             })
             .filter(|cred| !check_cred_protect || cred.is_discoverable())
-            .collect())
+            .collect();
+        iter_result?;
+        Ok(result)
     }
 
+    /// Returns the number of credentials.
+    #[cfg(test)]
     pub fn count_credentials(&self) -> Result<usize, Ctap2StatusCode> {
-        Ok(self
-            .store
-            .find_all(&Key::Credential {
-                rp_id: None,
-                credential_id: None,
-                user_handle: None,
-            })
-            .count())
+        let mut iter_result = Ok(());
+        let iter = self.iter_credentials(&mut iter_result)?;
+        let result = iter.count();
+        iter_result?;
+        Ok(result)
     }
 
+    /// Iterates through the credentials.
+    ///
+    /// If an error is encountered during iteration, it is written to `result`.
+    fn iter_credentials<'a>(
+        &'a self,
+        result: &'a mut Result<(), Ctap2StatusCode>,
+    ) -> Result<IterCredentials<'a>, Ctap2StatusCode> {
+        IterCredentials::new(&self.store, result)
+    }
+
+    /// Returns the global signature counter.
     pub fn global_signature_counter(&self) -> Result<u32, Ctap2StatusCode> {
-        Ok(self
-            .store
-            .find_one(&Key::GlobalSignatureCounter)
-            .map_or(0, |(_, entry)| {
-                u32::from_ne_bytes(*array_ref!(entry.data, 0, 4))
-            }))
-    }
-
-    pub fn incr_global_signature_counter(&mut self) -> Result<(), Ctap2StatusCode> {
-        let mut buffer = [0; core::mem::size_of::<u32>()];
-        match self.store.find_one(&Key::GlobalSignatureCounter) {
-            None => {
-                buffer.copy_from_slice(&1u32.to_ne_bytes());
-                self.store.insert(StoreEntry {
-                    tag: GLOBAL_SIGNATURE_COUNTER,
-                    data: &buffer,
-                    sensitive: false,
-                })?;
-            }
-            Some((index, entry)) => {
-                let value = u32::from_ne_bytes(*array_ref!(entry.data, 0, 4));
-                // In hopes that servers handle the wrapping gracefully.
-                buffer.copy_from_slice(&value.wrapping_add(1).to_ne_bytes());
-                self.store.replace(
-                    index,
-                    StoreEntry {
-                        tag: GLOBAL_SIGNATURE_COUNTER,
-                        data: &buffer,
-                        sensitive: false,
-                    },
-                )?;
-            }
-        }
-        Ok(())
-    }
-
-    pub fn master_keys(&self) -> Result<MasterKeys, Ctap2StatusCode> {
-        let (_, entry) = self.store.find_one(&Key::MasterKeys).unwrap();
-        if entry.data.len() != 64 {
-            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
-        }
-        Ok(MasterKeys {
-            encryption: *array_ref![entry.data, 0, 32],
-            hmac: *array_ref![entry.data, 32, 32],
+        Ok(match self.store.find(key::GLOBAL_SIGNATURE_COUNTER)? {
+            None => 0,
+            Some(value) => u32::from_ne_bytes(*array_ref!(&value, 0, 4)),
         })
     }
 
-    pub fn pin_hash(&self) -> Result<Option<[u8; PIN_AUTH_LENGTH]>, Ctap2StatusCode> {
-        let data = match self.store.find_one(&Key::PinHash) {
-            None => return Ok(None),
-            Some((_, entry)) => entry.data,
-        };
-        if data.len() != PIN_AUTH_LENGTH {
-            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
-        }
-        Ok(Some(*array_ref![data, 0, PIN_AUTH_LENGTH]))
+    /// Increments the global signature counter.
+    pub fn incr_global_signature_counter(&mut self) -> Result<(), Ctap2StatusCode> {
+        let old_value = self.global_signature_counter()?;
+        // In hopes that servers handle the wrapping gracefully.
+        let new_value = old_value.wrapping_add(1);
+        self.store
+            .insert(key::GLOBAL_SIGNATURE_COUNTER, &new_value.to_ne_bytes())?;
+        Ok(())
     }
 
+    /// Returns the master keys.
+    pub fn master_keys(&self) -> Result<MasterKeys, Ctap2StatusCode> {
+        let master_keys = self
+            .store
+            .find(key::MASTER_KEYS)?
+            .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE)?;
+        if master_keys.len() != 64 {
+            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE);
+        }
+        Ok(MasterKeys {
+            encryption: *array_ref![master_keys, 0, 32],
+            hmac: *array_ref![master_keys, 32, 32],
+        })
+    }
+
+    /// Returns the PIN hash if defined.
+    pub fn pin_hash(&self) -> Result<Option<[u8; PIN_AUTH_LENGTH]>, Ctap2StatusCode> {
+        let pin_hash = match self.store.find(key::PIN_HASH)? {
+            None => return Ok(None),
+            Some(pin_hash) => pin_hash,
+        };
+        if pin_hash.len() != PIN_AUTH_LENGTH {
+            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE);
+        }
+        Ok(Some(*array_ref![pin_hash, 0, PIN_AUTH_LENGTH]))
+    }
+
+    /// Sets the PIN hash.
+    ///
+    /// If it was already defined, it is updated.
     pub fn set_pin_hash(
         &mut self,
         pin_hash: &[u8; PIN_AUTH_LENGTH],
     ) -> Result<(), Ctap2StatusCode> {
-        let entry = StoreEntry {
-            tag: PIN_HASH,
-            data: pin_hash,
-            sensitive: true,
-        };
-        match self.store.find_one(&Key::PinHash) {
-            None => self.store.insert(entry)?,
-            Some((index, _)) => self.store.replace(index, entry)?,
-        }
-        Ok(())
+        Ok(self.store.insert(key::PIN_HASH, pin_hash)?)
     }
 
+    /// Returns the number of remaining PIN retries.
     pub fn pin_retries(&self) -> Result<u8, Ctap2StatusCode> {
-        Ok(self
-            .store
-            .find_one(&Key::PinRetries)
-            .map_or(MAX_PIN_RETRIES, |(_, entry)| {
-                debug_assert_eq!(entry.data.len(), 1);
-                entry.data[0]
-            }))
+        match self.store.find(key::PIN_RETRIES)? {
+            None => Ok(MAX_PIN_RETRIES),
+            Some(value) if value.len() == 1 => Ok(value[0]),
+            _ => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE),
+        }
     }
 
+    /// Decrements the number of remaining PIN retries.
     pub fn decr_pin_retries(&mut self) -> Result<(), Ctap2StatusCode> {
-        match self.store.find_one(&Key::PinRetries) {
-            None => {
-                self.store.insert(StoreEntry {
-                    tag: PIN_RETRIES,
-                    data: &[MAX_PIN_RETRIES.saturating_sub(1)],
-                    sensitive: false,
-                })?;
-            }
-            Some((index, entry)) => {
-                debug_assert_eq!(entry.data.len(), 1);
-                if entry.data[0] == 0 {
-                    return Ok(());
-                }
-                let new_value = entry.data[0].saturating_sub(1);
-                self.store.replace(
-                    index,
-                    StoreEntry {
-                        tag: PIN_RETRIES,
-                        data: &[new_value],
-                        sensitive: false,
-                    },
-                )?;
-            }
+        let old_value = self.pin_retries()?;
+        let new_value = old_value.saturating_sub(1);
+        if new_value != old_value {
+            self.store.insert(key::PIN_RETRIES, &[new_value])?;
         }
         Ok(())
     }
 
+    /// Resets the number of remaining PIN retries.
     pub fn reset_pin_retries(&mut self) -> Result<(), Ctap2StatusCode> {
-        if let Some((index, _)) = self.store.find_one(&Key::PinRetries) {
-            self.store.delete(index)?;
-        }
-        Ok(())
+        Ok(self.store.remove(key::PIN_RETRIES)?)
     }
 
+    /// Returns the minimum PIN length.
     #[cfg(feature = "with_ctap2_1")]
     pub fn min_pin_length(&self) -> Result<u8, Ctap2StatusCode> {
-        Ok(self
-            .store
-            .find_one(&Key::MinPinLength)
-            .map_or(DEFAULT_MIN_PIN_LENGTH, |(_, entry)| {
-                debug_assert_eq!(entry.data.len(), 1);
-                entry.data[0]
-            }))
+        match self.store.find(key::MIN_PIN_LENGTH)? {
+            None => Ok(DEFAULT_MIN_PIN_LENGTH),
+            Some(value) if value.len() == 1 => Ok(value[0]),
+            _ => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE),
+        }
     }
 
+    /// Sets the minimum PIN length.
     #[cfg(feature = "with_ctap2_1")]
     pub fn set_min_pin_length(&mut self, min_pin_length: u8) -> Result<(), Ctap2StatusCode> {
-        let entry = StoreEntry {
-            tag: MIN_PIN_LENGTH,
-            data: &[min_pin_length],
-            sensitive: false,
-        };
-        Ok(match self.store.find_one(&Key::MinPinLength) {
-            None => self.store.insert(entry)?,
-            Some((index, _)) => self.store.replace(index, entry)?,
-        })
+        Ok(self.store.insert(key::MIN_PIN_LENGTH, &[min_pin_length])?)
     }
 
+    /// TODO: Help from reviewer needed for documentation.
     #[cfg(feature = "with_ctap2_1")]
     pub fn _min_pin_length_rp_ids(&self) -> Result<Vec<String>, Ctap2StatusCode> {
         let rp_ids = self
             .store
-            .find_one(&Key::MinPinLengthRpIds)
-            .map_or(Some(_DEFAULT_MIN_PIN_LENGTH_RP_IDS), |(_, entry)| {
-                _deserialize_min_pin_length_rp_ids(entry.data)
+            .find(key::_MIN_PIN_LENGTH_RP_IDS)?
+            .map_or(Some(_DEFAULT_MIN_PIN_LENGTH_RP_IDS), |value| {
+                _deserialize_min_pin_length_rp_ids(&value)
             });
         debug_assert!(rp_ids.is_some());
         Ok(rp_ids.unwrap_or(vec![]))
     }
 
+    /// TODO: Help from reviewer needed for documentation.
     #[cfg(feature = "with_ctap2_1")]
     pub fn _set_min_pin_length_rp_ids(
         &mut self,
@@ -507,138 +402,173 @@ impl PersistentStore {
         if min_pin_length_rp_ids.len() > _MAX_RP_IDS_LENGTH {
             return Err(Ctap2StatusCode::CTAP2_ERR_KEY_STORE_FULL);
         }
-        let entry = StoreEntry {
-            tag: MIN_PIN_LENGTH_RP_IDS,
-            data: &_serialize_min_pin_length_rp_ids(min_pin_length_rp_ids)?,
-            sensitive: false,
-        };
-        match self.store.find_one(&Key::MinPinLengthRpIds) {
-            None => {
-                self.store.insert(entry).unwrap();
-            }
-            Some((index, _)) => {
-                self.store.replace(index, entry).unwrap();
-            }
-        }
-        Ok(())
+        Ok(self.store.insert(
+            key::_MIN_PIN_LENGTH_RP_IDS,
+            &_serialize_min_pin_length_rp_ids(min_pin_length_rp_ids)?,
+        )?)
     }
 
+    /// Returns the attestation private key if defined.
     pub fn attestation_private_key(
         &self,
-    ) -> Result<Option<&[u8; ATTESTATION_PRIVATE_KEY_LENGTH]>, Ctap2StatusCode> {
-        let data = match self.store.find_one(&Key::AttestationPrivateKey) {
-            None => return Ok(None),
-            Some((_, entry)) => entry.data,
-        };
-        if data.len() != ATTESTATION_PRIVATE_KEY_LENGTH {
-            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
+    ) -> Result<Option<[u8; ATTESTATION_PRIVATE_KEY_LENGTH]>, Ctap2StatusCode> {
+        match self.store.find(key::ATTESTATION_PRIVATE_KEY)? {
+            None => Ok(None),
+            Some(key) if key.len() != ATTESTATION_PRIVATE_KEY_LENGTH => {
+                Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE)
+            }
+            Some(key) => Ok(Some(*array_ref![key, 0, ATTESTATION_PRIVATE_KEY_LENGTH])),
         }
-        Ok(Some(array_ref!(data, 0, ATTESTATION_PRIVATE_KEY_LENGTH)))
     }
 
+    /// Sets the attestation private key.
+    ///
+    /// If it is already defined, it is overwritten.
     pub fn set_attestation_private_key(
         &mut self,
         attestation_private_key: &[u8; ATTESTATION_PRIVATE_KEY_LENGTH],
     ) -> Result<(), Ctap2StatusCode> {
-        let entry = StoreEntry {
-            tag: ATTESTATION_PRIVATE_KEY,
-            data: attestation_private_key,
-            sensitive: false,
-        };
-        match self.store.find_one(&Key::AttestationPrivateKey) {
-            None => self.store.insert(entry)?,
-            Some((index, _)) => self.store.replace(index, entry)?,
-        }
-        Ok(())
+        Ok(self
+            .store
+            .insert(key::ATTESTATION_PRIVATE_KEY, attestation_private_key)?)
     }
 
+    /// Returns the attestation certificate if defined.
     pub fn attestation_certificate(&self) -> Result<Option<Vec<u8>>, Ctap2StatusCode> {
-        let data = match self.store.find_one(&Key::AttestationCertificate) {
-            None => return Ok(None),
-            Some((_, entry)) => entry.data,
-        };
-        Ok(Some(data.to_vec()))
+        Ok(self.store.find(key::ATTESTATION_CERTIFICATE)?)
     }
 
+    /// Sets the attestation certificate.
+    ///
+    /// If it is already defined, it is overwritten.
     pub fn set_attestation_certificate(
         &mut self,
         attestation_certificate: &[u8],
     ) -> Result<(), Ctap2StatusCode> {
-        let entry = StoreEntry {
-            tag: ATTESTATION_CERTIFICATE,
-            data: attestation_certificate,
-            sensitive: false,
-        };
-        match self.store.find_one(&Key::AttestationCertificate) {
-            None => self.store.insert(entry)?,
-            Some((index, _)) => self.store.replace(index, entry)?,
-        }
-        Ok(())
-    }
-
-    pub fn aaguid(&self) -> Result<[u8; AAGUID_LENGTH], Ctap2StatusCode> {
-        let (_, entry) = self
+        Ok(self
             .store
-            .find_one(&Key::Aaguid)
-            .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?;
-        let data = entry.data;
-        if data.len() != AAGUID_LENGTH {
-            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
-        }
-        Ok(*array_ref![data, 0, AAGUID_LENGTH])
+            .insert(key::ATTESTATION_CERTIFICATE, attestation_certificate)?)
     }
 
+    /// Returns the AAGUID.
+    pub fn aaguid(&self) -> Result<[u8; AAGUID_LENGTH], Ctap2StatusCode> {
+        let aaguid = self
+            .store
+            .find(key::AAGUID)?
+            .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE)?;
+        if aaguid.len() != AAGUID_LENGTH {
+            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE);
+        }
+        Ok(*array_ref![aaguid, 0, AAGUID_LENGTH])
+    }
+
+    /// Sets the AAGUID.
+    ///
+    /// If it is already defined, it is overwritten.
     pub fn set_aaguid(&mut self, aaguid: &[u8; AAGUID_LENGTH]) -> Result<(), Ctap2StatusCode> {
-        let entry = StoreEntry {
-            tag: AAGUID,
-            data: aaguid,
-            sensitive: false,
-        };
-        match self.store.find_one(&Key::Aaguid) {
-            None => self.store.insert(entry)?,
-            Some((index, _)) => self.store.replace(index, entry)?,
-        }
-        Ok(())
+        Ok(self.store.insert(key::AAGUID, aaguid)?)
     }
 
+    /// Resets the store as for a CTAP reset.
+    ///
+    /// In particular persistent entries are not reset.
     pub fn reset(&mut self, rng: &mut impl Rng256) -> Result<(), Ctap2StatusCode> {
-        loop {
-            let index = {
-                let mut iter = self.store.iter().filter(|(_, entry)| should_reset(entry));
-                match iter.next() {
-                    None => break,
-                    Some((index, _)) => index,
-                }
-            };
-            self.store.delete(index)?;
-        }
-        self.init(rng);
+        self.store.clear(key::NUM_PERSISTENT_KEYS)?;
+        self.init(rng)?;
         Ok(())
     }
 }
 
-impl From<StoreError> for Ctap2StatusCode {
-    fn from(error: StoreError) -> Ctap2StatusCode {
+impl From<persistent_store::StoreError> for Ctap2StatusCode {
+    fn from(error: persistent_store::StoreError) -> Ctap2StatusCode {
+        use persistent_store::StoreError::*;
         match error {
-            StoreError::StoreFull => Ctap2StatusCode::CTAP2_ERR_KEY_STORE_FULL,
-            StoreError::InvalidTag => unreachable!(),
-            StoreError::InvalidPrecondition => unreachable!(),
+            // This error is expected. The store is full.
+            NoCapacity => Ctap2StatusCode::CTAP2_ERR_KEY_STORE_FULL,
+            // This error is expected. The flash is out of life.
+            NoLifetime => Ctap2StatusCode::CTAP2_ERR_KEY_STORE_FULL,
+            // This error is expected if we don't satisfy the store preconditions. For example we
+            // try to store a credential which is too long.
+            InvalidArgument => Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR,
+            // This error is not expected. The storage has been tempered with. We could erase the
+            // storage.
+            InvalidStorage => Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE,
+            // This error is not expected. The kernel is failing our syscalls.
+            StorageError => Ctap2StatusCode::CTAP1_ERR_OTHER,
         }
     }
 }
 
-fn should_reset(entry: &StoreEntry<'_>) -> bool {
-    match entry.tag {
-        ATTESTATION_PRIVATE_KEY | ATTESTATION_CERTIFICATE | AAGUID => false,
-        _ => true,
+/// Iterator for credentials.
+struct IterCredentials<'a> {
+    /// The store being iterated.
+    store: &'a persistent_store::Store<Storage>,
+
+    /// The store iterator.
+    iter: persistent_store::StoreIter<'a, Storage>,
+
+    /// The iteration result.
+    ///
+    /// It starts as success and gets written at most once with an error if something fails. The
+    /// iteration stops as soon as an error is encountered.
+    result: &'a mut Result<(), Ctap2StatusCode>,
+}
+
+impl<'a> IterCredentials<'a> {
+    /// Creates a credential iterator.
+    fn new(
+        store: &'a persistent_store::Store<Storage>,
+        result: &'a mut Result<(), Ctap2StatusCode>,
+    ) -> Result<IterCredentials<'a>, Ctap2StatusCode> {
+        let iter = store.iter()?;
+        Ok(IterCredentials {
+            store,
+            iter,
+            result,
+        })
+    }
+
+    /// Marks the iteration as failed if the content is absent.
+    ///
+    /// For convenience, the function takes and returns ownership instead of taking a shared
+    /// reference and returning nothing. This permits to use it in both expressions and statements
+    /// instead of statements only.
+    fn unwrap<T>(&mut self, x: Option<T>) -> Option<T> {
+        if x.is_none() {
+            *self.result = Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE);
+        }
+        x
     }
 }
 
+impl<'a> Iterator for IterCredentials<'a> {
+    type Item = (usize, PublicKeyCredentialSource);
+
+    fn next(&mut self) -> Option<(usize, PublicKeyCredentialSource)> {
+        if self.result.is_err() {
+            return None;
+        }
+        while let Some(next) = self.iter.next() {
+            let handle = self.unwrap(next.ok())?;
+            let key = handle.get_key();
+            if !key::CREDENTIALS.contains(&key) {
+                continue;
+            }
+            let value = self.unwrap(handle.get_value(&self.store).ok())?;
+            let credential = self.unwrap(deserialize_credential(&value))?;
+            return Some((key, credential));
+        }
+        None
+    }
+}
+
+/// Deserializes a credential from storage representation.
 fn deserialize_credential(data: &[u8]) -> Option<PublicKeyCredentialSource> {
     let cbor = cbor::read(data).ok()?;
     cbor.try_into().ok()
 }
 
+/// Serializes a credential to storage representation.
 fn serialize_credential(credential: PublicKeyCredentialSource) -> Result<Vec<u8>, Ctap2StatusCode> {
     let mut data = Vec::new();
     if cbor::write(credential.into(), &mut data) {
@@ -648,6 +578,7 @@ fn serialize_credential(credential: PublicKeyCredentialSource) -> Result<Vec<u8>
     }
 }
 
+/// TODO: Help from reviewer needed for documentation.
 #[cfg(feature = "with_ctap2_1")]
 fn _deserialize_min_pin_length_rp_ids(data: &[u8]) -> Option<Vec<String>> {
     let cbor = cbor::read(data).ok()?;
@@ -659,6 +590,7 @@ fn _deserialize_min_pin_length_rp_ids(data: &[u8]) -> Option<Vec<String>> {
         .ok()
 }
 
+/// TODO: Help from reviewer needed for documentation.
 #[cfg(feature = "with_ctap2_1")]
 fn _serialize_min_pin_length_rp_ids(rp_ids: Vec<String>) -> Result<Vec<u8>, Ctap2StatusCode> {
     let mut data = Vec::new();
@@ -693,28 +625,6 @@ mod test {
         }
     }
 
-    #[test]
-    fn format_overhead() {
-        // nRF52840 NVMC
-        const WORD_SIZE: usize = 4;
-        const PAGE_SIZE: usize = 0x1000;
-        const NUM_PAGES: usize = 100;
-        let store = vec![0xff; NUM_PAGES * PAGE_SIZE].into_boxed_slice();
-        let options = embedded_flash::BufferOptions {
-            word_size: WORD_SIZE,
-            page_size: PAGE_SIZE,
-            max_word_writes: 2,
-            max_page_erases: 10000,
-            strict_write: true,
-        };
-        let storage = Storage::new(store, options);
-        let store = embedded_flash::Store::new(storage, Config).unwrap();
-        // We can replace 3 bytes with minimal overhead.
-        assert_eq!(store.replace_len(false, 0), 2 * WORD_SIZE);
-        assert_eq!(store.replace_len(false, 3), 3 * WORD_SIZE);
-        assert_eq!(store.replace_len(false, 4), 3 * WORD_SIZE);
-    }
-
     #[test]
     fn test_store() {
         let mut rng = ThreadRng256 {};
@@ -974,21 +884,21 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
 
         // The pin retries is initially at the maximum.
-        assert_eq!(persistent_store.pin_retries().unwrap(), MAX_PIN_RETRIES);
+        assert_eq!(persistent_store.pin_retries(), Ok(MAX_PIN_RETRIES));
 
         // Decrementing the pin retries decrements the pin retries.
         for pin_retries in (0..MAX_PIN_RETRIES).rev() {
             persistent_store.decr_pin_retries().unwrap();
-            assert_eq!(persistent_store.pin_retries().unwrap(), pin_retries);
+            assert_eq!(persistent_store.pin_retries(), Ok(pin_retries));
         }
 
         // Decrementing the pin retries after zero does not modify the pin retries.
         persistent_store.decr_pin_retries().unwrap();
-        assert_eq!(persistent_store.pin_retries().unwrap(), 0);
+        assert_eq!(persistent_store.pin_retries(), Ok(0));
 
         // Resetting the pin retries resets the pin retries.
         persistent_store.reset_pin_retries().unwrap();
-        assert_eq!(persistent_store.pin_retries().unwrap(), MAX_PIN_RETRIES);
+        assert_eq!(persistent_store.pin_retries(), Ok(MAX_PIN_RETRIES));
     }
 
     #[test]
@@ -1018,7 +928,7 @@ mod test {
         // The persistent keys stay initialized and preserve their value after a reset.
         persistent_store.reset(&mut rng).unwrap();
         assert_eq!(
-            persistent_store.attestation_private_key().unwrap().unwrap(),
+            &persistent_store.attestation_private_key().unwrap().unwrap(),
             key_material::ATTESTATION_PRIVATE_KEY
         );
         assert_eq!(
diff --git a/src/ctap/storage/key.rs b/src/ctap/storage/key.rs
new file mode 100644
index 0000000..9796d5a
--- /dev/null
+++ b/src/ctap/storage/key.rs
@@ -0,0 +1,135 @@
+// Copyright 2019-2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/// Number of keys that persist the CTAP reset command.
+pub const NUM_PERSISTENT_KEYS: usize = 20;
+
+/// Defines a key given its name and value or range of values.
+macro_rules! make_key {
+    ($(#[$doc: meta])* $name: ident = $key: literal..$end: literal) => {
+        $(#[$doc])* pub const $name: core::ops::Range<usize> = $key..$end;
+    };
+    ($(#[$doc: meta])* $name: ident = $key: literal) => {
+        $(#[$doc])* pub const $name: usize = $key;
+    };
+}
+
+/// Returns the range of values of a key given its value description.
+#[cfg(test)]
+macro_rules! make_range {
+    ($key: literal..$end: literal) => {
+        $key..$end
+    };
+    ($key: literal) => {
+        $key..$key + 1
+    };
+}
+
+/// Helper to define keys as a partial partition of a range.
+macro_rules! make_partition {
+        ($range: expr,
+         $(
+             $(#[$doc: meta])*
+             $name: ident = $key: literal $(.. $end: literal)?;
+         )*) => {
+            $(
+                make_key!($(#[$doc])* $name = $key $(.. $end)?);
+            )*
+            #[cfg(test)]
+            const KEY_RANGE: core::ops::Range<usize> = $range;
+            #[cfg(test)]
+            const ALL_KEYS: &[core::ops::Range<usize>] = &[$(make_range!($key $(.. $end)?)),*];
+        };
+    }
+
+make_partition! {
+    // We reserve 0 and 2048+ for possible migration purposes. We add persistent entries starting
+    // from 1 and going up. We add non-persistent entries starting from 2047 and going down. This
+    // way, we don't commit to a fixed number of persistent keys.
+    1..2048,
+
+    // WARNING: Keys should not be deleted but prefixed with `_` to avoid accidentally reusing them.
+
+    /// The attestation private key.
+    ATTESTATION_PRIVATE_KEY = 1;
+
+    /// The attestation certificate.
+    ATTESTATION_CERTIFICATE = 2;
+
+    /// The aaguid.
+    AAGUID = 3;
+
+    // This is the persistent key limit:
+    // - When adding a (persistent) key above this message, make sure its value is smaller than
+    //   NUM_PERSISTENT_KEYS.
+    // - When adding a (non-persistent) key below this message, make sure its value is bigger or
+    //   equal than NUM_PERSISTENT_KEYS.
+
+    /// The credentials.
+    ///
+    /// Depending on `MAX_SUPPORTED_RESIDENTIAL_KEYS`, only a prefix of those keys is used. Each
+    /// board may configure `MAX_SUPPORTED_RESIDENTIAL_KEYS` depending on the storage size.
+    CREDENTIALS = 1700..2000;
+
+    /// TODO: Help from reviewer needed for documentation.
+    _MIN_PIN_LENGTH_RP_IDS = 2042;
+
+    /// The minimum PIN length.
+    #[cfg(feature = "with_ctap2_1")]
+    MIN_PIN_LENGTH = 2043;
+
+    /// The number of PIN retries.
+    ///
+    /// If the entry is absent, the number of PIN retries is `MAX_PIN_RETRIES`.
+    PIN_RETRIES = 2044;
+
+    /// The PIN hash.
+    ///
+    /// If the entry is absent, there is no PIN set.
+    PIN_HASH = 2045;
+
+    /// The encryption and hmac keys.
+    ///
+    /// This entry is always present. It is generated at startup if absent. This is not a persistent
+    /// key because its value should change after a CTAP reset.
+    MASTER_KEYS = 2046;
+
+    /// The global signature counter.
+    ///
+    /// If the entry is absent, the counter is 0.
+    GLOBAL_SIGNATURE_COUNTER = 2047;
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    #[test]
+    fn enough_credentials() {
+        use super::super::MAX_SUPPORTED_RESIDENTIAL_KEYS;
+        assert!(MAX_SUPPORTED_RESIDENTIAL_KEYS <= CREDENTIALS.end - CREDENTIALS.start);
+    }
+
+    #[test]
+    fn keys_are_disjoint() {
+        // Check that keys are in the range.
+        for keys in ALL_KEYS {
+            assert!(KEY_RANGE.start <= keys.start && keys.end <= KEY_RANGE.end);
+        }
+        // Check that keys are assigned at most once, essentially partitioning the range.
+        for key in KEY_RANGE {
+            assert!(ALL_KEYS.iter().filter(|keys| keys.contains(&key)).count() <= 1);
+        }
+    }
+}
diff --git a/src/embedded_flash/buffer.rs b/src/embedded_flash/buffer.rs
deleted file mode 100644
index 0e7171a..0000000
--- a/src/embedded_flash/buffer.rs
+++ /dev/null
@@ -1,457 +0,0 @@
-// Copyright 2019 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-use super::{Index, Storage, StorageError, StorageResult};
-use alloc::boxed::Box;
-use alloc::vec;
-
-pub struct BufferStorage {
-    storage: Box<[u8]>,
-    options: BufferOptions,
-    word_writes: Box<[usize]>,
-    page_erases: Box<[usize]>,
-    snapshot: Snapshot,
-}
-
-#[derive(Copy, Clone, Debug)]
-pub struct BufferOptions {
-    /// Size of a word in bytes.
-    pub word_size: usize,
-
-    /// Size of a page in bytes.
-    pub page_size: usize,
-
-    /// How many times a word can be written between page erasures
-    pub max_word_writes: usize,
-
-    /// How many times a page can be erased.
-    pub max_page_erases: usize,
-
-    /// Bits cannot be written from 0 to 1.
-    pub strict_write: bool,
-}
-
-impl BufferStorage {
-    /// Creates a fake embedded flash using a buffer.
-    ///
-    /// This implementation checks that no words are written more than `max_word_writes` between
-    /// page erasures and than no pages are erased more than `max_page_erases`. If `strict_write` is
-    /// true, it also checks that no bits are written from 0 to 1. It also permits to take snapshots
-    /// of the storage during write and erase operations (although words would still be written or
-    /// erased completely).
-    ///
-    /// # Panics
-    ///
-    /// The following preconditions must hold:
-    /// - `options.word_size` must be a power of two.
-    /// - `options.page_size` must be a power of two.
-    /// - `options.page_size` must be word-aligned.
-    /// - `storage.len()` must be page-aligned.
-    pub fn new(storage: Box<[u8]>, options: BufferOptions) -> BufferStorage {
-        assert!(options.word_size.is_power_of_two());
-        assert!(options.page_size.is_power_of_two());
-        let num_words = storage.len() / options.word_size;
-        let num_pages = storage.len() / options.page_size;
-        let buffer = BufferStorage {
-            storage,
-            options,
-            word_writes: vec![0; num_words].into_boxed_slice(),
-            page_erases: vec![0; num_pages].into_boxed_slice(),
-            snapshot: Snapshot::Ready,
-        };
-        assert!(buffer.is_word_aligned(buffer.options.page_size));
-        assert!(buffer.is_page_aligned(buffer.storage.len()));
-        buffer
-    }
-
-    /// Takes a snapshot of the storage after a given amount of word operations.
-    ///
-    /// Each time a word is written or erased, the delay is decremented if positive. Otherwise, a
-    /// snapshot is taken before the operation is executed.
-    ///
-    /// # Panics
-    ///
-    /// Panics if a snapshot has been armed and not examined.
-    pub fn arm_snapshot(&mut self, delay: usize) {
-        self.snapshot.arm(delay);
-    }
-
-    /// Unarms and returns the snapshot or the delay remaining.
-    ///
-    /// # Panics
-    ///
-    /// Panics if a snapshot was not armed.
-    pub fn get_snapshot(&mut self) -> Result<Box<[u8]>, usize> {
-        self.snapshot.get()
-    }
-
-    /// Takes a snapshot of the storage.
-    pub fn take_snapshot(&self) -> Box<[u8]> {
-        self.storage.clone()
-    }
-
-    /// Returns the storage.
-    pub fn get_storage(self) -> Box<[u8]> {
-        self.storage
-    }
-
-    fn is_word_aligned(&self, x: usize) -> bool {
-        x & (self.options.word_size - 1) == 0
-    }
-
-    fn is_page_aligned(&self, x: usize) -> bool {
-        x & (self.options.page_size - 1) == 0
-    }
-
-    /// Writes a slice to the storage.
-    ///
-    /// The slice `value` is written to `index`. The `erase` boolean specifies whether this is an
-    /// erase operation or a write operation which matters for the checks and updating the shadow
-    /// storage. This also takes a snapshot of the storage if a snapshot was armed and the delay has
-    /// elapsed.
-    ///
-    /// The following preconditions should hold:
-    /// - `index` is word-aligned.
-    /// - `value.len()` is word-aligned.
-    ///
-    /// The following checks are performed:
-    /// - The region of length `value.len()` starting at `index` fits in a storage page.
-    /// - A word is not written more than `max_word_writes`.
-    /// - A page is not erased more than `max_page_erases`.
-    /// - The new word only switches 1s to 0s (only if `strict_write` is set).
-    fn update_storage(&mut self, index: Index, value: &[u8], erase: bool) -> StorageResult<()> {
-        debug_assert!(self.is_word_aligned(index.byte) && self.is_word_aligned(value.len()));
-        let dst = index.range(value.len(), self)?.step_by(self.word_size());
-        let src = value.chunks(self.word_size());
-        // Check and update page shadow.
-        if erase {
-            let page = index.page;
-            assert!(self.page_erases[page] < self.max_page_erases());
-            self.page_erases[page] += 1;
-        }
-        for (byte, val) in dst.zip(src) {
-            let range = byte..byte + self.word_size();
-            // The driver doesn't write identical words.
-            if &self.storage[range.clone()] == val {
-                continue;
-            }
-            // Check and update word shadow.
-            let word = byte / self.word_size();
-            if erase {
-                self.word_writes[word] = 0;
-            } else {
-                assert!(self.word_writes[word] < self.max_word_writes());
-                self.word_writes[word] += 1;
-            }
-            // Check strict write.
-            if !erase && self.options.strict_write {
-                for (byte, &val) in range.clone().zip(val) {
-                    assert_eq!(self.storage[byte] & val, val);
-                }
-            }
-            // Take snapshot if armed and delay expired.
-            self.snapshot.take(&self.storage);
-            // Write storage
-            self.storage[range].copy_from_slice(val);
-        }
-        Ok(())
-    }
-}
-
-impl Storage for BufferStorage {
-    fn word_size(&self) -> usize {
-        self.options.word_size
-    }
-
-    fn page_size(&self) -> usize {
-        self.options.page_size
-    }
-
-    fn num_pages(&self) -> usize {
-        self.storage.len() / self.options.page_size
-    }
-
-    fn max_word_writes(&self) -> usize {
-        self.options.max_word_writes
-    }
-
-    fn max_page_erases(&self) -> usize {
-        self.options.max_page_erases
-    }
-
-    fn read_slice(&self, index: Index, length: usize) -> StorageResult<&[u8]> {
-        Ok(&self.storage[index.range(length, self)?])
-    }
-
-    fn write_slice(&mut self, index: Index, value: &[u8]) -> StorageResult<()> {
-        if !self.is_word_aligned(index.byte) || !self.is_word_aligned(value.len()) {
-            return Err(StorageError::NotAligned);
-        }
-        self.update_storage(index, value, false)
-    }
-
-    fn erase_page(&mut self, page: usize) -> StorageResult<()> {
-        let index = Index { page, byte: 0 };
-        let value = vec![0xff; self.page_size()];
-        self.update_storage(index, &value, true)
-    }
-}
-
-// Controls when a snapshot of the storage is taken.
-//
-// This can be used to simulate power-offs while the device is writing to the storage or erasing a
-// page in the storage.
-enum Snapshot {
-    // Mutable word operations have normal behavior.
-    Ready,
-    // If the delay is positive, mutable word operations decrement it. If the count is zero, mutable
-    // word operations take a snapshot of the storage.
-    Armed { delay: usize },
-    // Mutable word operations have normal behavior.
-    Taken { storage: Box<[u8]> },
-}
-
-impl Snapshot {
-    fn arm(&mut self, delay: usize) {
-        match self {
-            Snapshot::Ready => *self = Snapshot::Armed { delay },
-            _ => panic!(),
-        }
-    }
-
-    fn get(&mut self) -> Result<Box<[u8]>, usize> {
-        let mut snapshot = Snapshot::Ready;
-        core::mem::swap(self, &mut snapshot);
-        match snapshot {
-            Snapshot::Armed { delay } => Err(delay),
-            Snapshot::Taken { storage } => Ok(storage),
-            _ => panic!(),
-        }
-    }
-
-    fn take(&mut self, storage: &[u8]) {
-        if let Snapshot::Armed { delay } = self {
-            if *delay == 0 {
-                let storage = storage.to_vec().into_boxed_slice();
-                *self = Snapshot::Taken { storage };
-            } else {
-                *delay -= 1;
-            }
-        }
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    const NUM_PAGES: usize = 2;
-    const OPTIONS: BufferOptions = BufferOptions {
-        word_size: 4,
-        page_size: 16,
-        max_word_writes: 2,
-        max_page_erases: 3,
-        strict_write: true,
-    };
-    // Those words are decreasing bit patterns. Bits are only changed from 1 to 0 and at last one
-    // bit is changed.
-    const BLANK_WORD: &[u8] = &[0xff, 0xff, 0xff, 0xff];
-    const FIRST_WORD: &[u8] = &[0xee, 0xdd, 0xbb, 0x77];
-    const SECOND_WORD: &[u8] = &[0xca, 0xc9, 0xa9, 0x65];
-    const THIRD_WORD: &[u8] = &[0x88, 0x88, 0x88, 0x44];
-
-    fn new_storage() -> Box<[u8]> {
-        vec![0xff; NUM_PAGES * OPTIONS.page_size].into_boxed_slice()
-    }
-
-    #[test]
-    fn words_are_decreasing() {
-        fn assert_is_decreasing(prev: &[u8], next: &[u8]) {
-            for (&prev, &next) in prev.iter().zip(next.iter()) {
-                assert_eq!(prev & next, next);
-                assert!(prev != next);
-            }
-        }
-        assert_is_decreasing(BLANK_WORD, FIRST_WORD);
-        assert_is_decreasing(FIRST_WORD, SECOND_WORD);
-        assert_is_decreasing(SECOND_WORD, THIRD_WORD);
-    }
-
-    #[test]
-    fn options_ok() {
-        let buffer = BufferStorage::new(new_storage(), OPTIONS);
-        assert_eq!(buffer.word_size(), OPTIONS.word_size);
-        assert_eq!(buffer.page_size(), OPTIONS.page_size);
-        assert_eq!(buffer.num_pages(), NUM_PAGES);
-        assert_eq!(buffer.max_word_writes(), OPTIONS.max_word_writes);
-        assert_eq!(buffer.max_page_erases(), OPTIONS.max_page_erases);
-    }
-
-    #[test]
-    fn read_write_ok() {
-        let mut buffer = BufferStorage::new(new_storage(), OPTIONS);
-        let index = Index { page: 0, byte: 0 };
-        let next_index = Index { page: 0, byte: 4 };
-        assert_eq!(buffer.read_slice(index, 4).unwrap(), BLANK_WORD);
-        buffer.write_slice(index, FIRST_WORD).unwrap();
-        assert_eq!(buffer.read_slice(index, 4).unwrap(), FIRST_WORD);
-        assert_eq!(buffer.read_slice(next_index, 4).unwrap(), BLANK_WORD);
-    }
-
-    #[test]
-    fn erase_ok() {
-        let mut buffer = BufferStorage::new(new_storage(), OPTIONS);
-        let index = Index { page: 0, byte: 0 };
-        let other_index = Index { page: 1, byte: 0 };
-        buffer.write_slice(index, FIRST_WORD).unwrap();
-        buffer.write_slice(other_index, FIRST_WORD).unwrap();
-        assert_eq!(buffer.read_slice(index, 4).unwrap(), FIRST_WORD);
-        assert_eq!(buffer.read_slice(other_index, 4).unwrap(), FIRST_WORD);
-        buffer.erase_page(0).unwrap();
-        assert_eq!(buffer.read_slice(index, 4).unwrap(), BLANK_WORD);
-        assert_eq!(buffer.read_slice(other_index, 4).unwrap(), FIRST_WORD);
-    }
-
-    #[test]
-    fn invalid_range() {
-        let mut buffer = BufferStorage::new(new_storage(), OPTIONS);
-        let index = Index { page: 0, byte: 12 };
-        let half_index = Index { page: 0, byte: 14 };
-        let over_index = Index { page: 0, byte: 16 };
-        let bad_page = Index { page: 2, byte: 0 };
-
-        // Reading a word in the storage is ok.
-        assert!(buffer.read_slice(index, 4).is_ok());
-        // Reading a half-word in the storage is ok.
-        assert!(buffer.read_slice(half_index, 2).is_ok());
-        // Reading even a single byte outside a page is not ok.
-        assert!(buffer.read_slice(over_index, 1).is_err());
-        // But reading an empty slice just after a page is ok.
-        assert!(buffer.read_slice(over_index, 0).is_ok());
-        // Reading even an empty slice outside the storage is not ok.
-        assert!(buffer.read_slice(bad_page, 0).is_err());
-
-        // Writing a word in the storage is ok.
-        assert!(buffer.write_slice(index, FIRST_WORD).is_ok());
-        // Writing an unaligned word is not ok.
-        assert!(buffer.write_slice(half_index, FIRST_WORD).is_err());
-        // Writing a word outside a page is not ok.
-        assert!(buffer.write_slice(over_index, FIRST_WORD).is_err());
-        // But writing an empty slice just after a page is ok.
-        assert!(buffer.write_slice(over_index, &[]).is_ok());
-        // Writing even an empty slice outside the storage is not ok.
-        assert!(buffer.write_slice(bad_page, &[]).is_err());
-
-        // Only pages in the storage can be erased.
-        assert!(buffer.erase_page(0).is_ok());
-        assert!(buffer.erase_page(2).is_err());
-    }
-
-    #[test]
-    fn write_twice_ok() {
-        let mut buffer = BufferStorage::new(new_storage(), OPTIONS);
-        let index = Index { page: 0, byte: 4 };
-        assert!(buffer.write_slice(index, FIRST_WORD).is_ok());
-        assert!(buffer.write_slice(index, SECOND_WORD).is_ok());
-    }
-
-    #[test]
-    fn write_twice_and_once_ok() {
-        let mut buffer = BufferStorage::new(new_storage(), OPTIONS);
-        let index = Index { page: 0, byte: 0 };
-        let next_index = Index { page: 0, byte: 4 };
-        assert!(buffer.write_slice(index, FIRST_WORD).is_ok());
-        assert!(buffer.write_slice(index, SECOND_WORD).is_ok());
-        assert!(buffer.write_slice(next_index, THIRD_WORD).is_ok());
-    }
-
-    #[test]
-    #[should_panic]
-    fn write_three_times_panics() {
-        let mut buffer = BufferStorage::new(new_storage(), OPTIONS);
-        let index = Index { page: 0, byte: 4 };
-        assert!(buffer.write_slice(index, FIRST_WORD).is_ok());
-        assert!(buffer.write_slice(index, SECOND_WORD).is_ok());
-        let _ = buffer.write_slice(index, THIRD_WORD);
-    }
-
-    #[test]
-    fn write_twice_then_once_ok() {
-        let mut buffer = BufferStorage::new(new_storage(), OPTIONS);
-        let index = Index { page: 0, byte: 0 };
-        assert!(buffer.write_slice(index, FIRST_WORD).is_ok());
-        assert!(buffer.write_slice(index, SECOND_WORD).is_ok());
-        assert!(buffer.erase_page(0).is_ok());
-        assert!(buffer.write_slice(index, FIRST_WORD).is_ok());
-    }
-
-    #[test]
-    fn erase_three_times_ok() {
-        let mut buffer = BufferStorage::new(new_storage(), OPTIONS);
-        assert!(buffer.erase_page(0).is_ok());
-        assert!(buffer.erase_page(0).is_ok());
-        assert!(buffer.erase_page(0).is_ok());
-    }
-
-    #[test]
-    fn erase_three_times_and_once_ok() {
-        let mut buffer = BufferStorage::new(new_storage(), OPTIONS);
-        assert!(buffer.erase_page(0).is_ok());
-        assert!(buffer.erase_page(0).is_ok());
-        assert!(buffer.erase_page(0).is_ok());
-        assert!(buffer.erase_page(1).is_ok());
-    }
-
-    #[test]
-    #[should_panic]
-    fn erase_four_times_panics() {
-        let mut buffer = BufferStorage::new(new_storage(), OPTIONS);
-        assert!(buffer.erase_page(0).is_ok());
-        assert!(buffer.erase_page(0).is_ok());
-        assert!(buffer.erase_page(0).is_ok());
-        let _ = buffer.erase_page(0).is_ok();
-    }
-
-    #[test]
-    #[should_panic]
-    fn switch_zero_to_one_panics() {
-        let mut buffer = BufferStorage::new(new_storage(), OPTIONS);
-        let index = Index { page: 0, byte: 0 };
-        assert!(buffer.write_slice(index, SECOND_WORD).is_ok());
-        let _ = buffer.write_slice(index, FIRST_WORD);
-    }
-
-    #[test]
-    fn get_storage_ok() {
-        let mut buffer = BufferStorage::new(new_storage(), OPTIONS);
-        let index = Index { page: 0, byte: 4 };
-        buffer.write_slice(index, FIRST_WORD).unwrap();
-        let storage = buffer.get_storage();
-        assert_eq!(&storage[..4], BLANK_WORD);
-        assert_eq!(&storage[4..8], FIRST_WORD);
-    }
-
-    #[test]
-    fn snapshot_ok() {
-        let mut buffer = BufferStorage::new(new_storage(), OPTIONS);
-        let index = Index { page: 0, byte: 0 };
-        let value = [FIRST_WORD, SECOND_WORD].concat();
-        buffer.arm_snapshot(1);
-        buffer.write_slice(index, &value).unwrap();
-        let storage = buffer.get_snapshot().unwrap();
-        assert_eq!(&storage[..8], &[FIRST_WORD, BLANK_WORD].concat()[..]);
-        let storage = buffer.take_snapshot();
-        assert_eq!(&storage[..8], &value[..]);
-    }
-}
diff --git a/src/embedded_flash/mod.rs b/src/embedded_flash/mod.rs
index 05407c0..b16504b 100644
--- a/src/embedded_flash/mod.rs
+++ b/src/embedded_flash/mod.rs
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC
+// Copyright 2019-2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,16 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-#[cfg(any(test, feature = "ram_storage"))]
-mod buffer;
-mod storage;
-mod store;
 #[cfg(not(any(test, feature = "ram_storage")))]
 mod syscall;
 
-#[cfg(any(test, feature = "ram_storage"))]
-pub use self::buffer::{BufferOptions, BufferStorage};
-pub use self::storage::{Index, Storage, StorageError, StorageResult};
-pub use self::store::{Store, StoreConfig, StoreEntry, StoreError, StoreIndex};
 #[cfg(not(any(test, feature = "ram_storage")))]
 pub use self::syscall::SyscallStorage;
diff --git a/src/embedded_flash/storage.rs b/src/embedded_flash/storage.rs
deleted file mode 100644
index fe87ac4..0000000
--- a/src/embedded_flash/storage.rs
+++ /dev/null
@@ -1,107 +0,0 @@
-// Copyright 2019 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#[derive(Copy, Clone, PartialEq, Eq)]
-#[cfg_attr(feature = "std", derive(Debug))]
-pub struct Index {
-    pub page: usize,
-    pub byte: usize,
-}
-
-#[derive(Debug)]
-pub enum StorageError {
-    BadFlash,
-    NotAligned,
-    OutOfBounds,
-    KernelError { code: isize },
-}
-
-pub type StorageResult<T> = Result<T, StorageError>;
-
-/// Abstraction for embedded flash storage.
-pub trait Storage {
-    /// Returns the size of a word in bytes.
-    fn word_size(&self) -> usize;
-
-    /// Returns the size of a page in bytes.
-    fn page_size(&self) -> usize;
-
-    /// Returns the number of pages in the storage.
-    fn num_pages(&self) -> usize;
-
-    /// Returns how many times a word can be written between page erasures.
-    fn max_word_writes(&self) -> usize;
-
-    /// Returns how many times a page can be erased in the lifetime of the flash.
-    fn max_page_erases(&self) -> usize;
-
-    /// Reads a slice from the storage.
-    ///
-    /// The slice does not need to be word-aligned.
-    ///
-    /// # Errors
-    ///
-    /// The `index` must designate `length` bytes in the storage.
-    fn read_slice(&self, index: Index, length: usize) -> StorageResult<&[u8]>;
-
-    /// Writes a word-aligned slice to the storage.
-    ///
-    /// The written words should not have been written too many times since last page erasure.
-    ///
-    /// # Errors
-    ///
-    /// The following preconditions must hold:
-    /// - `index` must be word-aligned.
-    /// - `value.len()` must be a multiple of the word size.
-    /// - `index` must designate `value.len()` bytes in the storage.
-    /// - `value` must be in memory until [read-only allow][tock_1274] is resolved.
-    ///
-    /// [tock_1274]: https://github.com/tock/tock/issues/1274.
-    fn write_slice(&mut self, index: Index, value: &[u8]) -> StorageResult<()>;
-
-    /// Erases a page of the storage.
-    ///
-    /// # Errors
-    ///
-    /// The `page` must be in the storage.
-    fn erase_page(&mut self, page: usize) -> StorageResult<()>;
-}
-
-impl Index {
-    /// Returns whether a slice fits in a storage page.
-    fn is_valid(self, length: usize, storage: &impl Storage) -> bool {
-        self.page < storage.num_pages()
-            && storage
-                .page_size()
-                .checked_sub(length)
-                .map(|limit| self.byte <= limit)
-                .unwrap_or(false)
-    }
-
-    /// Returns the range of a valid slice.
-    ///
-    /// The range starts at `self` with `length` bytes.
-    pub fn range(
-        self,
-        length: usize,
-        storage: &impl Storage,
-    ) -> StorageResult<core::ops::Range<usize>> {
-        if self.is_valid(length, storage) {
-            let start = self.page * storage.page_size() + self.byte;
-            Ok(start..start + length)
-        } else {
-            Err(StorageError::OutOfBounds)
-        }
-    }
-}
diff --git a/src/embedded_flash/store/bitfield.rs b/src/embedded_flash/store/bitfield.rs
deleted file mode 100644
index 797c78b..0000000
--- a/src/embedded_flash/store/bitfield.rs
+++ /dev/null
@@ -1,177 +0,0 @@
-// Copyright 2019 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-/// Defines a consecutive sequence of bits.
-#[derive(Copy, Clone)]
-pub struct BitRange {
-    /// The first bit of the sequence.
-    pub start: usize,
-
-    /// The length in bits of the sequence.
-    pub length: usize,
-}
-
-impl BitRange {
-    /// Returns the first bit following a bit range.
-    pub fn end(self) -> usize {
-        self.start + self.length
-    }
-}
-
-/// Defines a consecutive sequence of bytes.
-///
-/// The bits in those bytes are ignored which essentially creates a gap in a sequence of bits. The
-/// gap is necessarily at byte boundaries. This is used to ignore the user data in an entry
-/// essentially providing a view of the entry information (header and footer).
-#[derive(Copy, Clone)]
-pub struct ByteGap {
-    pub start: usize,
-    pub length: usize,
-}
-
-/// Empty gap. All bits count.
-pub const NO_GAP: ByteGap = ByteGap {
-    start: 0,
-    length: 0,
-};
-
-impl ByteGap {
-    /// Translates a bit to skip the gap.
-    fn shift(self, bit: usize) -> usize {
-        if bit < 8 * self.start {
-            bit
-        } else {
-            bit + 8 * self.length
-        }
-    }
-
-    /// Returns the slice of `data` corresponding to the gap.
-    pub fn slice(self, data: &[u8]) -> &[u8] {
-        &data[self.start..self.start + self.length]
-    }
-}
-
-/// Returns whether a bit is set in a sequence of bits.
-///
-/// The sequence of bits is little-endian (both for bytes and bits) and defined by the bits that
-/// are in `data` but not in `gap`.
-pub fn is_zero(bit: usize, data: &[u8], gap: ByteGap) -> bool {
-    let bit = gap.shift(bit);
-    debug_assert!(bit < 8 * data.len());
-    data[bit / 8] & (1 << (bit % 8)) == 0
-}
-
-/// Sets a bit to zero in a sequence of bits.
-///
-/// The sequence of bits is little-endian (both for bytes and bits) and defined by the bits that
-/// are in `data` but not in `gap`.
-pub fn set_zero(bit: usize, data: &mut [u8], gap: ByteGap) {
-    let bit = gap.shift(bit);
-    debug_assert!(bit < 8 * data.len());
-    data[bit / 8] &= !(1 << (bit % 8));
-}
-
-/// Returns a little-endian value in a sequence of bits.
-///
-/// The sequence of bits is little-endian (both for bytes and bits) and defined by the bits that
-/// are in `data` but not in `gap`. The range of bits where the value is stored in defined by
-/// `range`. The value must fit in a `usize`.
-pub fn get_range(range: BitRange, data: &[u8], gap: ByteGap) -> usize {
-    debug_assert!(range.length <= 8 * core::mem::size_of::<usize>());
-    let mut result = 0;
-    for i in 0..range.length {
-        if !is_zero(range.start + i, data, gap) {
-            result |= 1 << i;
-        }
-    }
-    result
-}
-
-/// Sets a little-endian value in a sequence of bits.
-///
-/// The sequence of bits is little-endian (both for bytes and bits) and defined by the bits that
-/// are in `data` but not in `gap`. The range of bits where the value is stored in defined by
-/// `range`. The bits set to 1 in `value` must also be set to `1` in the sequence of bits.
-pub fn set_range(range: BitRange, data: &mut [u8], gap: ByteGap, value: usize) {
-    debug_assert!(range.length == 8 * core::mem::size_of::<usize>() || value < 1 << range.length);
-    for i in 0..range.length {
-        if value & 1 << i == 0 {
-            set_zero(range.start + i, data, gap);
-        }
-    }
-}
-
-/// Tests the `is_zero` and `set_zero` pair of functions.
-#[test]
-fn zero_ok() {
-    const GAP: ByteGap = ByteGap {
-        start: 2,
-        length: 1,
-    };
-    for i in 0..24 {
-        assert!(!is_zero(i, &[0xffu8, 0xff, 0x00, 0xff] as &[u8], GAP));
-    }
-    // Tests reading and setting a bit. The result should have all bits set to 1 except for the bit
-    // to test and the gap.
-    fn test(bit: usize, result: &[u8]) {
-        assert!(is_zero(bit, result, GAP));
-        let mut data = vec![0xff; result.len()];
-        // Set the gap bits to 0.
-        for i in 0..GAP.length {
-            data[GAP.start + i] = 0x00;
-        }
-        set_zero(bit, &mut data, GAP);
-        assert_eq!(data, result);
-    }
-    test(0, &[0xfe, 0xff, 0x00, 0xff]);
-    test(1, &[0xfd, 0xff, 0x00, 0xff]);
-    test(2, &[0xfb, 0xff, 0x00, 0xff]);
-    test(7, &[0x7f, 0xff, 0x00, 0xff]);
-    test(8, &[0xff, 0xfe, 0x00, 0xff]);
-    test(15, &[0xff, 0x7f, 0x00, 0xff]);
-    test(16, &[0xff, 0xff, 0x00, 0xfe]);
-    test(17, &[0xff, 0xff, 0x00, 0xfd]);
-    test(23, &[0xff, 0xff, 0x00, 0x7f]);
-}
-
-/// Tests the `get_range` and `set_range` pair of functions.
-#[test]
-fn range_ok() {
-    // Tests reading and setting a range. The result should have all bits set to 1 except for the
-    // range to test and the gap.
-    fn test(start: usize, length: usize, value: usize, result: &[u8], gap: ByteGap) {
-        let range = BitRange { start, length };
-        assert_eq!(get_range(range, result, gap), value);
-        let mut data = vec![0xff; result.len()];
-        for i in 0..gap.length {
-            data[gap.start + i] = 0x00;
-        }
-        set_range(range, &mut data, gap, value);
-        assert_eq!(data, result);
-    }
-    test(0, 8, 42, &[42], NO_GAP);
-    test(3, 12, 0b11_0101, &[0b1010_1111, 0b1000_0001], NO_GAP);
-    test(0, 16, 0x1234, &[0x34, 0x12], NO_GAP);
-    test(4, 16, 0x1234, &[0x4f, 0x23, 0xf1], NO_GAP);
-    let mut gap = ByteGap {
-        start: 1,
-        length: 1,
-    };
-    test(3, 12, 0b11_0101, &[0b1010_1111, 0x00, 0b1000_0001], gap);
-    gap.length = 2;
-    test(0, 16, 0x1234, &[0x34, 0x00, 0x00, 0x12], gap);
-    gap.start = 2;
-    gap.length = 1;
-    test(4, 16, 0x1234, &[0x4f, 0x23, 0x00, 0xf1], gap);
-}
diff --git a/src/embedded_flash/store/format.rs b/src/embedded_flash/store/format.rs
deleted file mode 100644
index 03787cf..0000000
--- a/src/embedded_flash/store/format.rs
+++ /dev/null
@@ -1,565 +0,0 @@
-// Copyright 2019 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-use super::super::{Index, Storage};
-use super::{bitfield, StoreConfig, StoreEntry, StoreError};
-use alloc::vec;
-use alloc::vec::Vec;
-
-/// Whether a user entry is a replace entry.
-pub enum IsReplace {
-    /// This is a replace entry.
-    Replace,
-
-    /// This is an insert entry.
-    Insert,
-}
-
-/// Helpers to parse the store format.
-///
-/// See the store module-level documentation for information about the format.
-pub struct Format {
-    pub word_size: usize,
-    pub page_size: usize,
-    pub num_pages: usize,
-    pub max_page_erases: usize,
-    pub num_tags: usize,
-
-    /// Whether an entry is present.
-    ///
-    /// - 0 for entries (user entries or internal entries).
-    /// - 1 for free space until the end of the page.
-    present_bit: usize,
-
-    /// Whether an entry is deleted.
-    ///
-    /// - 0 for deleted entries.
-    /// - 1 for alive entries.
-    deleted_bit: usize,
-
-    /// Whether an entry is internal.
-    ///
-    /// - 0 for internal entries.
-    /// - 1 for user entries.
-    internal_bit: usize,
-
-    /// Whether a user entry is a replace entry.
-    ///
-    /// - 0 for replace entries.
-    /// - 1 for insert entries.
-    replace_bit: usize,
-
-    /// Whether a user entry has sensitive data.
-    ///
-    /// - 0 for sensitive data.
-    /// - 1 for non-sensitive data.
-    ///
-    /// When a user entry with sensitive data is deleted, the data is overwritten with zeroes. This
-    /// feature is subject to the same guarantees as all other features of the store, in particular
-    /// deleting a sensitive entry is atomic. See the store module-level documentation for more
-    /// information.
-    sensitive_bit: usize,
-
-    /// The data length of a user entry.
-    length_range: bitfield::BitRange,
-
-    /// The tag of a user entry.
-    tag_range: bitfield::BitRange,
-
-    /// The page index of a replace entry.
-    replace_page_range: bitfield::BitRange,
-
-    /// The byte index of a replace entry.
-    replace_byte_range: bitfield::BitRange,
-
-    /// The index of the page to erase.
-    ///
-    /// This is only present for internal entries.
-    old_page_range: bitfield::BitRange,
-
-    /// The current erase count of the page to erase.
-    ///
-    /// This is only present for internal entries.
-    saved_erase_count_range: bitfield::BitRange,
-
-    /// Whether a page is initialized.
-    ///
-    /// - 0 for initialized pages.
-    /// - 1 for uninitialized pages.
-    initialized_bit: usize,
-
-    /// The erase count of a page.
-    erase_count_range: bitfield::BitRange,
-
-    /// Whether a page is being compacted.
-    ///
-    /// - 0 for pages being compacted.
-    /// - 1 otherwise.
-    compacting_bit: usize,
-
-    /// The page index to which a page is being compacted.
-    new_page_range: bitfield::BitRange,
-}
-
-impl Format {
-    /// Returns a helper to parse the store format for a given storage and config.
-    ///
-    /// # Errors
-    ///
-    /// Returns `None` if any of the following conditions does not hold:
-    /// - The word size must be a power of two.
-    /// - The page size must be a power of two.
-    /// - There should be at least 2 pages in the storage.
-    /// - It should be possible to write a word at least twice.
-    /// - It should be possible to erase a page at least once.
-    /// - There should be at least 1 tag.
-    pub fn new<S: Storage, C: StoreConfig>(storage: &S, config: &C) -> Option<Format> {
-        let word_size = storage.word_size();
-        let page_size = storage.page_size();
-        let num_pages = storage.num_pages();
-        let max_word_writes = storage.max_word_writes();
-        let max_page_erases = storage.max_page_erases();
-        let num_tags = config.num_tags();
-        if !(word_size.is_power_of_two()
-            && page_size.is_power_of_two()
-            && num_pages > 1
-            && max_word_writes >= 2
-            && max_page_erases > 0
-            && num_tags > 0)
-        {
-            return None;
-        }
-        // Compute how many bits we need to store the fields.
-        let page_bits = num_bits(num_pages);
-        let byte_bits = num_bits(page_size);
-        let tag_bits = num_bits(num_tags);
-        let erase_bits = num_bits(max_page_erases + 1);
-        // Compute the bit position of the fields.
-        let present_bit = 0;
-        let deleted_bit = present_bit + 1;
-        let internal_bit = deleted_bit + 1;
-        let replace_bit = internal_bit + 1;
-        let sensitive_bit = replace_bit + 1;
-        let length_range = bitfield::BitRange {
-            start: sensitive_bit + 1,
-            length: byte_bits,
-        };
-        let tag_range = bitfield::BitRange {
-            start: length_range.end(),
-            length: tag_bits,
-        };
-        let replace_page_range = bitfield::BitRange {
-            start: tag_range.end(),
-            length: page_bits,
-        };
-        let replace_byte_range = bitfield::BitRange {
-            start: replace_page_range.end(),
-            length: byte_bits,
-        };
-        let old_page_range = bitfield::BitRange {
-            start: internal_bit + 1,
-            length: page_bits,
-        };
-        let saved_erase_count_range = bitfield::BitRange {
-            start: old_page_range.end(),
-            length: erase_bits,
-        };
-        let initialized_bit = 0;
-        let erase_count_range = bitfield::BitRange {
-            start: initialized_bit + 1,
-            length: erase_bits,
-        };
-        let compacting_bit = erase_count_range.end();
-        let new_page_range = bitfield::BitRange {
-            start: compacting_bit + 1,
-            length: page_bits,
-        };
-        let format = Format {
-            word_size,
-            page_size,
-            num_pages,
-            max_page_erases,
-            num_tags,
-            present_bit,
-            deleted_bit,
-            internal_bit,
-            replace_bit,
-            sensitive_bit,
-            length_range,
-            tag_range,
-            replace_page_range,
-            replace_byte_range,
-            old_page_range,
-            saved_erase_count_range,
-            initialized_bit,
-            erase_count_range,
-            compacting_bit,
-            new_page_range,
-        };
-        // Make sure all the following conditions hold:
-        // - The page header is one word.
-        // - The internal entry is one word.
-        // - The entry header fits in one word (which is equivalent to the entry header size being
-        //   exactly one word for sensitive entries).
-        if format.page_header_size() != word_size
-            || format.internal_entry_size() != word_size
-            || format.header_size(true) != word_size
-        {
-            return None;
-        }
-        Some(format)
-    }
-
-    /// Ensures a user entry is valid.
-    pub fn validate_entry(&self, entry: StoreEntry) -> Result<(), StoreError> {
-        if entry.tag >= self.num_tags {
-            return Err(StoreError::InvalidTag);
-        }
-        if entry.data.len() >= self.page_size {
-            return Err(StoreError::StoreFull);
-        }
-        Ok(())
-    }
-
-    /// Returns the entry header length in bytes.
-    ///
-    /// This is the smallest number of bytes necessary to store all fields of the entry info up to
-    /// and including `length`. For sensitive entries, the result is word-aligned.
-    pub fn header_size(&self, sensitive: bool) -> usize {
-        let mut size = self.bits_to_bytes(self.length_range.end());
-        if sensitive {
-            // We need to align to the next word boundary so that wiping the user data will not
-            // count as a write to the header.
-            size = self.align_word(size);
-        }
-        size
-    }
-
-    /// Returns the entry header length in bytes.
-    ///
-    /// This is a convenience function for `header_size` above.
-    fn header_offset(&self, entry: &[u8]) -> usize {
-        self.header_size(self.is_sensitive(entry))
-    }
-
-    /// Returns the entry info length in bytes.
-    ///
-    /// This is the number of bytes necessary to store all fields of the entry info. This also
-    /// includes the internal padding to protect the `committed` bit from the `deleted` bit and to
-    /// protect the entry info from the user data for sensitive entries.
-    fn info_size(&self, is_replace: IsReplace, sensitive: bool) -> usize {
-        let suffix_bits = 2; // committed + complete
-        let info_bits = match is_replace {
-            IsReplace::Replace => self.replace_byte_range.end() + suffix_bits,
-            IsReplace::Insert => self.tag_range.end() + suffix_bits,
-        };
-        let mut info_size = self.bits_to_bytes(info_bits);
-        // If the suffix bits would end up in the header, we need to add one byte for them.
-        let header_size = self.header_size(sensitive);
-        if info_size <= header_size {
-            info_size = header_size + 1;
-        }
-        // If the entry is sensitive, we need to align to the next word boundary.
-        if sensitive {
-            info_size = self.align_word(info_size);
-        }
-        info_size
-    }
-
-    /// Returns the length in bytes of an entry.
-    ///
-    /// This depends on the length of the user data and whether the entry replaces an old entry or
-    /// is an insertion. This also includes the internal padding to protect the `committed` bit from
-    /// the `deleted` bit.
-    pub fn entry_size(&self, is_replace: IsReplace, sensitive: bool, length: usize) -> usize {
-        let mut entry_size = length + self.info_size(is_replace, sensitive);
-        let word_size = self.word_size;
-        entry_size = self.align_word(entry_size);
-        // The entry must be at least 2 words such that the `committed` and `deleted` bits are on
-        // different words.
-        if entry_size == word_size {
-            entry_size += word_size;
-        }
-        entry_size
-    }
-
-    /// Returns the length in bytes of an internal entry.
-    pub fn internal_entry_size(&self) -> usize {
-        let length = self.bits_to_bytes(self.saved_erase_count_range.end());
-        self.align_word(length)
-    }
-
-    pub fn is_present(&self, header: &[u8]) -> bool {
-        bitfield::is_zero(self.present_bit, header, bitfield::NO_GAP)
-    }
-
-    pub fn set_present(&self, header: &mut [u8]) {
-        bitfield::set_zero(self.present_bit, header, bitfield::NO_GAP)
-    }
-
-    pub fn is_deleted(&self, header: &[u8]) -> bool {
-        bitfield::is_zero(self.deleted_bit, header, bitfield::NO_GAP)
-    }
-
-    /// Returns whether an entry is present and not deleted.
-    pub fn is_alive(&self, header: &[u8]) -> bool {
-        self.is_present(header) && !self.is_deleted(header)
-    }
-
-    pub fn set_deleted(&self, header: &mut [u8]) {
-        bitfield::set_zero(self.deleted_bit, header, bitfield::NO_GAP)
-    }
-
-    pub fn is_internal(&self, header: &[u8]) -> bool {
-        bitfield::is_zero(self.internal_bit, header, bitfield::NO_GAP)
-    }
-
-    pub fn set_internal(&self, header: &mut [u8]) {
-        bitfield::set_zero(self.internal_bit, header, bitfield::NO_GAP)
-    }
-
-    pub fn is_replace(&self, header: &[u8]) -> IsReplace {
-        if bitfield::is_zero(self.replace_bit, header, bitfield::NO_GAP) {
-            IsReplace::Replace
-        } else {
-            IsReplace::Insert
-        }
-    }
-
-    fn set_replace(&self, header: &mut [u8]) {
-        bitfield::set_zero(self.replace_bit, header, bitfield::NO_GAP)
-    }
-
-    pub fn is_sensitive(&self, header: &[u8]) -> bool {
-        bitfield::is_zero(self.sensitive_bit, header, bitfield::NO_GAP)
-    }
-
-    pub fn set_sensitive(&self, header: &mut [u8]) {
-        bitfield::set_zero(self.sensitive_bit, header, bitfield::NO_GAP)
-    }
-
-    pub fn get_length(&self, header: &[u8]) -> usize {
-        bitfield::get_range(self.length_range, header, bitfield::NO_GAP)
-    }
-
-    fn set_length(&self, header: &mut [u8], length: usize) {
-        bitfield::set_range(self.length_range, header, bitfield::NO_GAP, length)
-    }
-
-    pub fn get_data<'a>(&self, entry: &'a [u8]) -> &'a [u8] {
-        &entry[self.header_offset(entry)..][..self.get_length(entry)]
-    }
-
-    /// Returns the span of user data in an entry.
-    ///
-    /// The complement of this gap in the entry is exactly the entry info. The header is before the
-    /// gap and the footer is after the gap.
-    pub fn entry_gap(&self, entry: &[u8]) -> bitfield::ByteGap {
-        let start = self.header_offset(entry);
-        let mut length = self.get_length(entry);
-        if self.is_sensitive(entry) {
-            length = self.align_word(length);
-        }
-        bitfield::ByteGap { start, length }
-    }
-
-    pub fn get_tag(&self, entry: &[u8]) -> usize {
-        bitfield::get_range(self.tag_range, entry, self.entry_gap(entry))
-    }
-
-    fn set_tag(&self, entry: &mut [u8], tag: usize) {
-        bitfield::set_range(self.tag_range, entry, self.entry_gap(entry), tag)
-    }
-
-    pub fn get_replace_index(&self, entry: &[u8]) -> Index {
-        let gap = self.entry_gap(entry);
-        let page = bitfield::get_range(self.replace_page_range, entry, gap);
-        let byte = bitfield::get_range(self.replace_byte_range, entry, gap);
-        Index { page, byte }
-    }
-
-    fn set_replace_page(&self, entry: &mut [u8], page: usize) {
-        bitfield::set_range(self.replace_page_range, entry, self.entry_gap(entry), page)
-    }
-
-    fn set_replace_byte(&self, entry: &mut [u8], byte: usize) {
-        bitfield::set_range(self.replace_byte_range, entry, self.entry_gap(entry), byte)
-    }
-
-    /// Returns the bit position of the `committed` bit.
-    ///
-    /// This cannot be precomputed like other fields since it depends on the length of the entry.
-    fn committed_bit(&self, entry: &[u8]) -> usize {
-        8 * entry.len() - 2
-    }
-
-    /// Returns the bit position of the `complete` bit.
-    ///
-    /// This cannot be precomputed like other fields since it depends on the length of the entry.
-    fn complete_bit(&self, entry: &[u8]) -> usize {
-        8 * entry.len() - 1
-    }
-
-    pub fn is_committed(&self, entry: &[u8]) -> bool {
-        bitfield::is_zero(self.committed_bit(entry), entry, bitfield::NO_GAP)
-    }
-
-    pub fn set_committed(&self, entry: &mut [u8]) {
-        bitfield::set_zero(self.committed_bit(entry), entry, bitfield::NO_GAP)
-    }
-
-    pub fn is_complete(&self, entry: &[u8]) -> bool {
-        bitfield::is_zero(self.complete_bit(entry), entry, bitfield::NO_GAP)
-    }
-
-    fn set_complete(&self, entry: &mut [u8]) {
-        bitfield::set_zero(self.complete_bit(entry), entry, bitfield::NO_GAP)
-    }
-
-    pub fn get_old_page(&self, header: &[u8]) -> usize {
-        bitfield::get_range(self.old_page_range, header, bitfield::NO_GAP)
-    }
-
-    pub fn set_old_page(&self, header: &mut [u8], old_page: usize) {
-        bitfield::set_range(self.old_page_range, header, bitfield::NO_GAP, old_page)
-    }
-
-    pub fn get_saved_erase_count(&self, header: &[u8]) -> usize {
-        bitfield::get_range(self.saved_erase_count_range, header, bitfield::NO_GAP)
-    }
-
-    pub fn set_saved_erase_count(&self, header: &mut [u8], erase_count: usize) {
-        bitfield::set_range(
-            self.saved_erase_count_range,
-            header,
-            bitfield::NO_GAP,
-            erase_count,
-        )
-    }
-
-    /// Builds an entry for replace or insert operations.
-    pub fn build_entry(&self, replace: Option<Index>, user_entry: StoreEntry) -> Vec<u8> {
-        let StoreEntry {
-            tag,
-            data,
-            sensitive,
-        } = user_entry;
-        let is_replace = match replace {
-            None => IsReplace::Insert,
-            Some(_) => IsReplace::Replace,
-        };
-        let entry_len = self.entry_size(is_replace, sensitive, data.len());
-        let mut entry = Vec::with_capacity(entry_len);
-        // Build the header.
-        entry.resize(self.header_size(sensitive), 0xff);
-        self.set_present(&mut entry[..]);
-        if sensitive {
-            self.set_sensitive(&mut entry[..]);
-        }
-        self.set_length(&mut entry[..], data.len());
-        // Add the data.
-        entry.extend_from_slice(data);
-        // Build the footer.
-        entry.resize(entry_len, 0xff);
-        self.set_tag(&mut entry[..], tag);
-        self.set_complete(&mut entry[..]);
-        match replace {
-            None => self.set_committed(&mut entry[..]),
-            Some(Index { page, byte }) => {
-                self.set_replace(&mut entry[..]);
-                self.set_replace_page(&mut entry[..], page);
-                self.set_replace_byte(&mut entry[..], byte);
-            }
-        }
-        entry
-    }
-
-    /// Builds an entry for replace or insert operations.
-    pub fn build_erase_entry(&self, old_page: usize, saved_erase_count: usize) -> Vec<u8> {
-        let mut entry = vec![0xff; self.internal_entry_size()];
-        self.set_present(&mut entry[..]);
-        self.set_internal(&mut entry[..]);
-        self.set_old_page(&mut entry[..], old_page);
-        self.set_saved_erase_count(&mut entry[..], saved_erase_count);
-        entry
-    }
-
-    /// Returns the length in bytes of a page header entry.
-    ///
-    /// This includes the word padding.
-    pub fn page_header_size(&self) -> usize {
-        self.align_word(self.bits_to_bytes(self.erase_count_range.end()))
-    }
-
-    pub fn is_initialized(&self, header: &[u8]) -> bool {
-        bitfield::is_zero(self.initialized_bit, header, bitfield::NO_GAP)
-    }
-
-    pub fn set_initialized(&self, header: &mut [u8]) {
-        bitfield::set_zero(self.initialized_bit, header, bitfield::NO_GAP)
-    }
-
-    pub fn get_erase_count(&self, header: &[u8]) -> usize {
-        bitfield::get_range(self.erase_count_range, header, bitfield::NO_GAP)
-    }
-
-    pub fn set_erase_count(&self, header: &mut [u8], count: usize) {
-        bitfield::set_range(self.erase_count_range, header, bitfield::NO_GAP, count)
-    }
-
-    pub fn is_compacting(&self, header: &[u8]) -> bool {
-        bitfield::is_zero(self.compacting_bit, header, bitfield::NO_GAP)
-    }
-
-    pub fn set_compacting(&self, header: &mut [u8]) {
-        bitfield::set_zero(self.compacting_bit, header, bitfield::NO_GAP)
-    }
-
-    pub fn get_new_page(&self, header: &[u8]) -> usize {
-        bitfield::get_range(self.new_page_range, header, bitfield::NO_GAP)
-    }
-
-    pub fn set_new_page(&self, header: &mut [u8], new_page: usize) {
-        bitfield::set_range(self.new_page_range, header, bitfield::NO_GAP, new_page)
-    }
-
-    /// Returns the smallest word boundary greater or equal to a value.
-    fn align_word(&self, value: usize) -> usize {
-        let word_size = self.word_size;
-        (value + word_size - 1) / word_size * word_size
-    }
-
-    /// Returns the minimum number of bytes to represent a given number of bits.
-    fn bits_to_bytes(&self, bits: usize) -> usize {
-        (bits + 7) / 8
-    }
-}
-
-/// Returns the number of bits necessary to write numbers smaller than `x`.
-fn num_bits(x: usize) -> usize {
-    x.next_power_of_two().trailing_zeros() as usize
-}
-
-#[test]
-fn num_bits_ok() {
-    assert_eq!(num_bits(0), 0);
-    assert_eq!(num_bits(1), 0);
-    assert_eq!(num_bits(2), 1);
-    assert_eq!(num_bits(3), 2);
-    assert_eq!(num_bits(4), 2);
-    assert_eq!(num_bits(5), 3);
-    assert_eq!(num_bits(8), 3);
-    assert_eq!(num_bits(9), 4);
-    assert_eq!(num_bits(16), 4);
-}
diff --git a/src/embedded_flash/store/mod.rs b/src/embedded_flash/store/mod.rs
deleted file mode 100644
index 170fd87..0000000
--- a/src/embedded_flash/store/mod.rs
+++ /dev/null
@@ -1,1182 +0,0 @@
-// Copyright 2019 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//! Provides a multi-purpose data-structure.
-//!
-//! # Description
-//!
-//! The `Store` data-structure permits to iterate, find, insert, delete, and replace entries in a
-//! multi-set. The mutable operations (insert, delete, and replace) are atomic, in the sense that if
-//! power is lost during the operation, then the operation might either succeed or fail but the
-//! store remains in a coherent state. The data-structure is flash-efficient, in the sense that it
-//! tries to minimize the number of times a page is erased.
-//!
-//! An _entry_ is made of a _tag_, which is a number, and a _data_, which is a slice of bytes. The
-//! tag is stored efficiently by using unassigned bits of the entry header and footer. For example,
-//! it can be used to decide how to deserialize the data. It is not necessary to use tags since a
-//! prefix of the data could be used to decide how to deserialize the rest.
-//!
-//! Entries can also be associated to a set of _keys_. The find operation permits to retrieve all
-//! entries associated to a given key. The same key can be associated to multiple entries and the
-//! same entry can be associated to multiple keys.
-//!
-//! # Storage
-//!
-//! The data-structure is parametric over its storage which must implement the `Storage` trait.
-//! There are currently 2 implementations of this trait:
-//! - `SyscallStorage` using the `embedded_flash` syscall API for production builds.
-//! - `BufferStorage` using a heap-allocated buffer for testing.
-//!
-//! # Configuration
-//!
-//! The data-structure can be configured with the `StoreConfig` trait. By implementing this trait,
-//! the number of possible tags and the association between keys and entries are defined.
-//!
-//! # Properties
-//!
-//! The data-structure provides the following properties:
-//! - When an operation returns success, then the represented multi-set is updated accordingly. For
-//!   example, an inserted entry can be found without alteration until replaced or deleted.
-//! - When an operation returns an error, the resulting multi-set state is described in the error
-//!   documentation.
-//! - When power is lost before an operation returns, the operation will either succeed or be
-//!   rolled-back on the next initialization. So the multi-set would be either left unchanged or
-//!   updated accordingly.
-//!
-//! Those properties rely on the following assumptions:
-//! - Writing a word to flash is atomic. When power is lost, the word is either fully written or not
-//!   written at all.
-//! - Reading a word from flash is deterministic. When power is lost while writing or erasing a word
-//!   (erasing a page containing that word), reading that word repeatedly returns the same result
-//!   (until it is written or its page is erased).
-//! - To decide whether a page has been erased, it is enough to test if all its bits are equal to 1.
-//!
-//! The properties may still hold outside those assumptions but with weaker probabilities as the
-//! usage diverges from the assumptions.
-//!
-//! # Implementation
-//!
-//! The store is a page-aligned sequence of bits. It matches the following grammar:
-//!
-//! ```text
-//! Store := Page*
-//! Page := PageHeader (Entry | InternalEntry)*  Padding(page)
-//! PageHeader :=  // must fit in one word
-//!     initialized:1
-//!     erase_count:erase_bits
-//!     compacting:1
-//!     new_page:page_bits
-//!     Padding(word)
-//! Entry := Header Data Footer
-//! // Let X be the byte (word-aligned for sensitive queries) following `length` in `Info`.
-//! Header := Info[..X]  // must fit in one word
-//! Footer := Info[X..]  // must fit in one word
-//! Info :=
-//!     present=0
-//!     deleted:1
-//!     internal=1
-//!     replace:1
-//!     sensitive:1
-//!     length:byte_bits
-//!     tag:tag_bits
-//!     [  // present if `replace` is 0
-//!         replace_page:page_bits
-//!         replace_byte:byte_bits
-//!     ]
-//!     [Padding(bit)]  // until `complete` is the last bit of a different word than `present`
-//!     committed:1
-//!     complete=0
-//! InternalEntry :=
-//!     present=0
-//!     deleted:1
-//!     internal=0
-//!     old_page:page_bits
-//!     saved_erase_count:erase_bits
-//!     Padding(word)
-//! Padding(X) := 1* until X-aligned
-//! ```
-//!
-//! For bit flags, a value of 0 means true and a value of 1 means false. So when erased, bits are
-//! false. They can be set to true by writing 0.
-//!
-//! The `Entry` rule is for user entries and the `InternalEntry` rule is for internal entries of the
-//! store. Currently, there is only one kind of internal entry: an entry to erase the page being
-//! compacted.
-//!
-//! The `Header` and `Footer` rules are computed from the `Info` rule. An entry could simply be the
-//! concatenation of internal metadata and the user data. However, to optimize the size in flash, we
-//! splice the user data in the middle of the metadata. The reason is that we can only write twice
-//! the same word and for replace entries we need to write the deleted bit and the committed bit
-//! independently. Also, this is important for the complete bit to be the last written bit (since
-//! slices are written to flash from low to high addresses). Here is the representation of a
-//! specific replace entry for a specific configuration:
-//!
-//! ```text
-//! page_bits=6
-//! byte_bits=9
-//! tag_bits=5
-//!
-//! byte.bit name
-//!    0.0   present
-//!    0.1   deleted
-//!    0.2   internal
-//!    0.3   replace
-//!    0.4   sensitive
-//!    0.5   length (9 bits)
-//!    1.6   tag (least significant 2 bits out of 5)
-//! (the header ends at the first byte boundary after `length`)
-//!    2.0   <user data> (2 bytes in this example)
-//! (the footer starts immediately after the user data)
-//!    4.0   tag (most significant 3 bits out of 5)
-//!    4.3   replace_page (6 bits)
-//!    5.1   replace_byte (9 bits)
-//!    6.2   padding (make sure the 2 properties below hold)
-//!    7.6   committed
-//!    7.7   complete (on a different word than `present`)
-//!    8.0   <end> (word-aligned)
-//! ```
-//!
-//! The store should always contain at least one blank page, so that it is always possible to
-//! compact.
-
-// TODO(cretin): We don't need inner padding for insert entries. The store format can be:
-//   InsertEntry | ReplaceEntry | InternalEntry (maybe rename to EraseEntry)
-//   InsertEntry padding is until `complete` is the last bit of a word.
-//   ReplaceEntry padding is until `complete` is the last bit of a different word than `present`.
-// TODO(cretin): Add checksum (may play the same role as the completed bit) and recovery strategy?
-// TODO(cretin): Add corruption (deterministic but undetermined reads) to fuzzing.
-// TODO(cretin): Add more complex transactions? (this does not seem necessary yet)
-// TODO(cretin): Add possibility to shred an entry (force compact page after delete)?
-
-mod bitfield;
-mod format;
-
-use self::format::{Format, IsReplace};
-use super::{Index, Storage};
-#[cfg(any(test, feature = "ram_storage"))]
-use crate::embedded_flash::BufferStorage;
-#[cfg(any(test, feature = "ram_storage"))]
-use alloc::boxed::Box;
-use alloc::collections::BTreeMap;
-use alloc::vec;
-use alloc::vec::Vec;
-
-/// Configures a store.
-pub trait StoreConfig {
-    /// How entries are keyed.
-    ///
-    /// To disable keys, this may be defined to `()` or even better a custom empty enum.
-    type Key: Ord;
-
-    /// Number of entry tags.
-    ///
-    /// All tags must be smaller than this value.
-    ///
-    /// To disable tags, this function should return `1`. The only valid tag would then be `0`.
-    fn num_tags(&self) -> usize;
-
-    /// Specifies the set of keys of an entry.
-    ///
-    /// If keys are not used, this function can immediately return. Otherwise, it should call
-    /// `associate_key` for each key that should be associated to `entry`.
-    fn keys(&self, entry: StoreEntry, associate_key: impl FnMut(Self::Key));
-}
-
-/// Errors returned by store operations.
-#[derive(Debug, PartialEq, Eq)]
-pub enum StoreError {
-    /// The operation could not proceed because the store is full.
-    StoreFull,
-
-    /// The operation could not proceed because the provided tag is invalid.
-    InvalidTag,
-
-    /// The operation could not proceed because the preconditions do not hold.
-    InvalidPrecondition,
-}
-
-/// The position of an entry in the store.
-#[cfg_attr(feature = "std", derive(Debug))]
-#[derive(Copy, Clone)]
-pub struct StoreIndex {
-    /// The index of this entry in the storage.
-    index: Index,
-
-    /// The generation at which this index is valid.
-    ///
-    /// See the documentation of the field with the same name in the `Store` struct.
-    generation: usize,
-}
-
-/// A user entry.
-#[cfg_attr(feature = "std", derive(Debug, PartialEq, Eq))]
-#[derive(Copy, Clone)]
-pub struct StoreEntry<'a> {
-    /// The tag of the entry.
-    ///
-    /// Must be smaller than the configured number of tags.
-    pub tag: usize,
-
-    /// The data of the entry.
-    pub data: &'a [u8],
-
-    /// Whether the data is sensitive.
-    ///
-    /// Sensitive data is overwritten with zeroes when the entry is deleted.
-    pub sensitive: bool,
-}
-
-/// Implements a configurable multi-set on top of any storage.
-pub struct Store<S: Storage, C: StoreConfig> {
-    storage: S,
-    config: C,
-    format: Format,
-
-    /// The index of the blank page reserved for compaction.
-    blank_page: usize,
-
-    /// Counts the number of compactions since the store creation.
-    ///
-    /// A `StoreIndex` is valid only if they originate from the same generation. This is checked by
-    /// operations that take a `StoreIndex` as argument.
-    generation: usize,
-}
-
-impl<S: Storage, C: StoreConfig> Store<S, C> {
-    /// Creates a new store.
-    ///
-    /// Initializes the storage if it is fresh (filled with `0xff`). Rolls-back or completes an
-    /// operation if the store was powered off in the middle of that operation. In other words,
-    /// operations are atomic.
-    ///
-    /// # Errors
-    ///
-    /// Returns `None` if `storage` and/or `config` are not supported.
-    pub fn new(storage: S, config: C) -> Option<Store<S, C>> {
-        let format = Format::new(&storage, &config)?;
-        let blank_page = format.num_pages;
-        let mut store = Store {
-            storage,
-            config,
-            format,
-            blank_page,
-            generation: 0,
-        };
-        // Finish any ongoing page compaction.
-        store.recover_compact_page();
-        // Finish or roll-back any other entry-level operations.
-        store.recover_entry_operations();
-        // Initialize uninitialized pages.
-        store.initialize_storage();
-        Some(store)
-    }
-
-    /// Iterates over all entries in the store.
-    pub fn iter(&self) -> impl Iterator<Item = (StoreIndex, StoreEntry)> {
-        Iter::new(self).filter_map(move |(index, entry)| {
-            if self.format.is_alive(entry) {
-                Some((
-                    StoreIndex {
-                        index,
-                        generation: self.generation,
-                    },
-                    StoreEntry {
-                        tag: self.format.get_tag(entry),
-                        data: self.format.get_data(entry),
-                        sensitive: self.format.is_sensitive(entry),
-                    },
-                ))
-            } else {
-                None
-            }
-        })
-    }
-
-    /// Iterates over all entries matching a key in the store.
-    pub fn find_all<'a>(
-        &'a self,
-        key: &'a C::Key,
-    ) -> impl Iterator<Item = (StoreIndex, StoreEntry)> + 'a {
-        self.iter().filter(move |&(_, entry)| {
-            let mut has_match = false;
-            self.config.keys(entry, |k| has_match |= key == &k);
-            has_match
-        })
-    }
-
-    /// Returns the first entry matching a key in the store.
-    ///
-    /// This is a convenience function for when at most one entry should match the key.
-    ///
-    /// # Panics
-    ///
-    /// In debug mode, panics if more than one entry matches the key.
-    pub fn find_one<'a>(&'a self, key: &'a C::Key) -> Option<(StoreIndex, StoreEntry<'a>)> {
-        let mut iter = self.find_all(key);
-        let first = iter.next()?;
-        let has_only_one_element = iter.next().is_none();
-        debug_assert!(has_only_one_element);
-        Some(first)
-    }
-
-    /// Deletes an entry from the store.
-    pub fn delete(&mut self, index: StoreIndex) -> Result<(), StoreError> {
-        if self.generation != index.generation {
-            return Err(StoreError::InvalidPrecondition);
-        }
-        self.delete_index(index.index);
-        Ok(())
-    }
-
-    /// Replaces an entry with another with the same tag in the store.
-    ///
-    /// This operation (like others) is atomic. If it returns successfully, then the old entry is
-    /// deleted and the new is inserted. If it fails, the old entry is not deleted and the new entry
-    /// is not inserted. If power is lost during the operation, during next startup, the operation
-    /// is either rolled-back (like in case of failure) or completed (like in case of success).
-    ///
-    /// # Errors
-    ///
-    /// Returns:
-    /// - `StoreFull` if the new entry does not fit in the store.
-    /// - `InvalidTag` if the tag of the new entry is not smaller than the configured number of
-    ///   tags.
-    pub fn replace(&mut self, old: StoreIndex, new: StoreEntry) -> Result<(), StoreError> {
-        if self.generation != old.generation {
-            return Err(StoreError::InvalidPrecondition);
-        }
-        self.format.validate_entry(new)?;
-        let mut old_index = old.index;
-        // Find a slot.
-        let entry_len = self.replace_len(new.sensitive, new.data.len());
-        let index = self.find_slot_for_write(entry_len, Some(&mut old_index))?;
-        // Build a new entry replacing the old one.
-        let entry = self.format.build_entry(Some(old_index), new);
-        debug_assert_eq!(entry.len(), entry_len);
-        // Write the new entry.
-        self.write_entry(index, &entry);
-        // Commit the new entry, which both deletes the old entry and commits the new one.
-        self.commit_index(index);
-        Ok(())
-    }
-
-    /// Inserts an entry in the store.
-    ///
-    /// # Errors
-    ///
-    /// Returns:
-    /// - `StoreFull` if the new entry does not fit in the store.
-    /// - `InvalidTag` if the tag of the new entry is not smaller than the configured number of
-    ///   tags.
-    pub fn insert(&mut self, entry: StoreEntry) -> Result<(), StoreError> {
-        self.format.validate_entry(entry)?;
-        // Build entry.
-        let entry = self.format.build_entry(None, entry);
-        // Find a slot.
-        let index = self.find_slot_for_write(entry.len(), None)?;
-        // Write entry.
-        self.write_entry(index, &entry);
-        Ok(())
-    }
-
-    /// Returns the byte cost of a replace operation.
-    ///
-    /// Computes the length in bytes that would be used in the storage if a replace operation is
-    /// executed provided the data of the new entry has `length` bytes and whether this data is
-    /// sensitive.
-    pub fn replace_len(&self, sensitive: bool, length: usize) -> usize {
-        self.format
-            .entry_size(IsReplace::Replace, sensitive, length)
-    }
-
-    /// Returns the byte cost of an insert operation.
-    ///
-    /// Computes the length in bytes that would be used in the storage if an insert operation is
-    /// executed provided the data of the inserted entry has `length` bytes and whether this data is
-    /// sensitive.
-    #[allow(dead_code)]
-    pub fn insert_len(&self, sensitive: bool, length: usize) -> usize {
-        self.format.entry_size(IsReplace::Insert, sensitive, length)
-    }
-
-    /// Returns the erase count of all pages.
-    ///
-    /// The value at index `page` of the result is the number of times page `page` was erased. This
-    /// number is an underestimate in case power was lost when this page was erased.
-    #[allow(dead_code)]
-    pub fn compaction_info(&self) -> Vec<usize> {
-        let mut info = Vec::with_capacity(self.format.num_pages);
-        for page in 0..self.format.num_pages {
-            let (page_header, _) = self.read_page_header(page);
-            let erase_count = self.format.get_erase_count(page_header);
-            info.push(erase_count);
-        }
-        info
-    }
-
-    /// Completes any ongoing page compaction.
-    fn recover_compact_page(&mut self) {
-        for page in 0..self.format.num_pages {
-            let (page_header, _) = self.read_page_header(page);
-            if self.format.is_compacting(page_header) {
-                let new_page = self.format.get_new_page(page_header);
-                self.compact_page(page, new_page);
-            }
-        }
-    }
-
-    /// Rolls-back or completes any ongoing operation.
-    fn recover_entry_operations(&mut self) {
-        for page in 0..self.format.num_pages {
-            let (page_header, mut index) = self.read_page_header(page);
-            if !self.format.is_initialized(page_header) {
-                // Skip uninitialized pages.
-                continue;
-            }
-            while index.byte < self.format.page_size {
-                let entry_index = index;
-                let entry = self.read_entry(index);
-                index.byte += entry.len();
-                if !self.format.is_present(entry) {
-                    // Reached the end of the page.
-                } else if self.format.is_deleted(entry) {
-                    // Wipe sensitive data if needed.
-                    self.wipe_sensitive_data(entry_index);
-                } else if self.format.is_internal(entry) {
-                    // Finish page compaction.
-                    self.erase_page(entry_index);
-                } else if !self.format.is_complete(entry) {
-                    // Roll-back incomplete operations.
-                    self.delete_index(entry_index);
-                } else if !self.format.is_committed(entry) {
-                    // Finish complete but uncommitted operations.
-                    self.commit_index(entry_index)
-                }
-            }
-        }
-    }
-
-    /// Initializes uninitialized pages.
-    fn initialize_storage(&mut self) {
-        for page in 0..self.format.num_pages {
-            let (header, index) = self.read_page_header(page);
-            if self.format.is_initialized(header) {
-                // Update blank page.
-                let first_entry = self.read_entry(index);
-                if !self.format.is_present(first_entry) {
-                    self.blank_page = page;
-                }
-            } else {
-                // We set the erase count to zero the very first time we initialize a page.
-                self.initialize_page(page, 0);
-            }
-        }
-        debug_assert!(self.blank_page != self.format.num_pages);
-    }
-
-    /// Marks an entry as deleted.
-    ///
-    /// The provided index must point to the beginning of an entry.
-    fn delete_index(&mut self, index: Index) {
-        self.update_word(index, |format, word| format.set_deleted(word));
-        self.wipe_sensitive_data(index);
-    }
-
-    /// Wipes the data of a sensitive entry.
-    ///
-    /// If the entry at the provided index is sensitive, overwrites the data with zeroes. Otherwise,
-    /// does nothing.
-    fn wipe_sensitive_data(&mut self, mut index: Index) {
-        let entry = self.read_entry(index);
-        debug_assert!(self.format.is_present(entry));
-        debug_assert!(self.format.is_deleted(entry));
-        if self.format.is_internal(entry) || !self.format.is_sensitive(entry) {
-            // No need to wipe the data.
-            return;
-        }
-        let gap = self.format.entry_gap(entry);
-        let data = gap.slice(entry);
-        if data.iter().all(|&byte| byte == 0x00) {
-            // The data is already wiped.
-            return;
-        }
-        index.byte += gap.start;
-        self.storage
-            .write_slice(index, &vec![0; gap.length])
-            .unwrap();
-    }
-
-    /// Finds a page with enough free space.
-    ///
-    /// Returns an index to the free space of a page which can hold an entry of `length` bytes. If
-    /// necessary, pages may be compacted to free space. In that case, if provided, the `old_index`
-    /// is updated according to compaction.
-    fn find_slot_for_write(
-        &mut self,
-        length: usize,
-        mut old_index: Option<&mut Index>,
-    ) -> Result<Index, StoreError> {
-        loop {
-            if let Some(index) = self.choose_slot_for_write(length) {
-                return Ok(index);
-            }
-            match self.choose_page_for_compact() {
-                None => return Err(StoreError::StoreFull),
-                Some(page) => {
-                    let blank_page = self.blank_page;
-                    // Compact the chosen page and update the old index to point to the entry in the
-                    // new page if it happened to be in the old page. This is essentially a way to
-                    // avoid index invalidation due to compaction.
-                    let map = self.compact_page(page, blank_page);
-                    if let Some(old_index) = &mut old_index {
-                        map_index(page, blank_page, &map, old_index);
-                    }
-                }
-            }
-        }
-    }
-
-    /// Returns whether a page has enough free space.
-    ///
-    /// Returns an index to the free space of a page with smallest free space that may hold `length`
-    /// bytes.
-    fn choose_slot_for_write(&self, length: usize) -> Option<Index> {
-        Iter::new(self)
-            .filter(|(index, entry)| {
-                index.page != self.blank_page
-                    && !self.format.is_present(entry)
-                    && length <= entry.len()
-            })
-            .min_by_key(|(_, entry)| entry.len())
-            .map(|(index, _)| index)
-    }
-
-    /// Returns the page that should be compacted.
-    fn choose_page_for_compact(&self) -> Option<usize> {
-        // TODO(cretin): This could be optimized by using some cost function depending on:
-        // - the erase count
-        // - the length of the free space
-        // - the length of the alive entries
-        // We want to minimize this cost. We could also take into account the length of the entry we
-        // want to write to bound the number of compaction before failing with StoreFull.
-        //
-        // We should also make sure that all pages (including if they have no deleted entries and no
-        // free space) are eventually compacted (ideally to a heavily used page) to benefit from the
-        // low erase count of those pages.
-        (0..self.format.num_pages)
-            .map(|page| (page, self.page_info(page)))
-            .filter(|&(page, ref info)| {
-                page != self.blank_page
-                    && info.erase_count < self.format.max_page_erases
-                    && info.deleted_length > self.format.internal_entry_size()
-            })
-            .min_by(|(_, lhs_info), (_, rhs_info)| lhs_info.compare_for_compaction(rhs_info))
-            .map(|(page, _)| page)
-    }
-
-    fn page_info(&self, page: usize) -> PageInfo {
-        let (page_header, mut index) = self.read_page_header(page);
-        let mut info = PageInfo {
-            erase_count: self.format.get_erase_count(page_header),
-            deleted_length: 0,
-            free_length: 0,
-        };
-        while index.byte < self.format.page_size {
-            let entry = self.read_entry(index);
-            index.byte += entry.len();
-            if !self.format.is_present(entry) {
-                debug_assert_eq!(info.free_length, 0);
-                info.free_length = entry.len();
-            } else if self.format.is_deleted(entry) {
-                info.deleted_length += entry.len();
-            }
-        }
-        debug_assert_eq!(index.page, page);
-        info
-    }
-
-    fn read_slice(&self, index: Index, length: usize) -> &[u8] {
-        self.storage.read_slice(index, length).unwrap()
-    }
-
-    /// Reads an entry (with header and footer) at a given index.
-    ///
-    /// If no entry is present, returns the free space up to the end of the page.
-    fn read_entry(&self, index: Index) -> &[u8] {
-        let first_byte = self.read_slice(index, 1);
-        let max_length = self.format.page_size - index.byte;
-        let mut length = if !self.format.is_present(first_byte) {
-            max_length
-        } else if self.format.is_internal(first_byte) {
-            self.format.internal_entry_size()
-        } else {
-            // We don't know if the entry is sensitive or not, but it doesn't matter here. We just
-            // need to read the replace, sensitive, and length fields.
-            let header = self.read_slice(index, self.format.header_size(false));
-            let replace = self.format.is_replace(header);
-            let sensitive = self.format.is_sensitive(header);
-            let length = self.format.get_length(header);
-            self.format.entry_size(replace, sensitive, length)
-        };
-        // Truncate the length to fit the page. This can only happen in case of corruption or
-        // partial writes.
-        length = core::cmp::min(length, max_length);
-        self.read_slice(index, length)
-    }
-
-    /// Reads a page header.
-    ///
-    /// Also returns the index after the page header.
-    fn read_page_header(&self, page: usize) -> (&[u8], Index) {
-        let mut index = Index { page, byte: 0 };
-        let page_header = self.read_slice(index, self.format.page_header_size());
-        index.byte += page_header.len();
-        (page_header, index)
-    }
-
-    /// Updates a word at a given index.
-    ///
-    /// The `update` function is called with the word at `index`. The input value is the current
-    /// value of the word. The output value is the value that will be written. It should only change
-    /// bits from 1 to 0.
-    fn update_word(&mut self, index: Index, update: impl FnOnce(&Format, &mut [u8])) {
-        let word_size = self.format.word_size;
-        let mut word = self.read_slice(index, word_size).to_vec();
-        update(&self.format, &mut word);
-        self.storage.write_slice(index, &word).unwrap();
-    }
-
-    fn write_entry(&mut self, index: Index, entry: &[u8]) {
-        self.storage.write_slice(index, entry).unwrap();
-    }
-
-    /// Initializes a page by writing the page header.
-    ///
-    /// If the page is not erased, it is first erased.
-    fn initialize_page(&mut self, page: usize, erase_count: usize) {
-        let index = Index { page, byte: 0 };
-        let page = self.read_slice(index, self.format.page_size);
-        if !page.iter().all(|&byte| byte == 0xff) {
-            self.storage.erase_page(index.page).unwrap();
-        }
-        self.update_word(index, |format, header| {
-            format.set_initialized(header);
-            format.set_erase_count(header, erase_count);
-        });
-        self.blank_page = index.page;
-    }
-
-    /// Commits a replace entry.
-    ///
-    /// Deletes the old entry and commits the new entry.
-    fn commit_index(&mut self, mut index: Index) {
-        let entry = self.read_entry(index);
-        index.byte += entry.len();
-        let word_size = self.format.word_size;
-        debug_assert!(entry.len() >= 2 * word_size);
-        match self.format.is_replace(entry) {
-            IsReplace::Replace => {
-                let delete_index = self.format.get_replace_index(entry);
-                self.delete_index(delete_index);
-            }
-            IsReplace::Insert => debug_assert!(false),
-        };
-        index.byte -= word_size;
-        self.update_word(index, |format, word| format.set_committed(word));
-    }
-
-    /// Compacts a page to an other.
-    ///
-    /// Returns the mapping from the alive entries in the old page to their index in the new page.
-    fn compact_page(&mut self, old_page: usize, new_page: usize) -> BTreeMap<usize, usize> {
-        // Write the old page as being compacted to the new page.
-        let mut erase_count = 0;
-        self.update_word(
-            Index {
-                page: old_page,
-                byte: 0,
-            },
-            |format, header| {
-                erase_count = format.get_erase_count(header);
-                format.set_compacting(header);
-                format.set_new_page(header, new_page);
-            },
-        );
-        // Copy alive entries from the old page to the new page.
-        let page_header_size = self.format.page_header_size();
-        let mut old_index = Index {
-            page: old_page,
-            byte: page_header_size,
-        };
-        let mut new_index = Index {
-            page: new_page,
-            byte: page_header_size,
-        };
-        let mut map = BTreeMap::new();
-        while old_index.byte < self.format.page_size {
-            let old_entry = self.read_entry(old_index);
-            let old_entry_index = old_index.byte;
-            old_index.byte += old_entry.len();
-            if !self.format.is_alive(old_entry) {
-                continue;
-            }
-            let previous_mapping = map.insert(old_entry_index, new_index.byte);
-            debug_assert!(previous_mapping.is_none());
-            // We need to copy the old entry because it is in the storage and we are going to write
-            // to the storage. Rust cannot tell that both entries don't overlap.
-            let old_entry = old_entry.to_vec();
-            self.write_entry(new_index, &old_entry);
-            new_index.byte += old_entry.len();
-        }
-        // Save the old page index and erase count to the new page.
-        let erase_index = new_index;
-        let erase_entry = self.format.build_erase_entry(old_page, erase_count);
-        self.write_entry(new_index, &erase_entry);
-        // Erase the page.
-        self.erase_page(erase_index);
-        // Increase generation.
-        self.generation += 1;
-        map
-    }
-
-    /// Commits an internal entry.
-    ///
-    /// The only kind of internal entry is to erase a page, which first erases the page, then
-    /// initializes it with the saved erase count, and finally deletes the internal entry.
-    fn erase_page(&mut self, erase_index: Index) {
-        let erase_entry = self.read_entry(erase_index);
-        debug_assert!(self.format.is_present(erase_entry));
-        debug_assert!(!self.format.is_deleted(erase_entry));
-        debug_assert!(self.format.is_internal(erase_entry));
-        let old_page = self.format.get_old_page(erase_entry);
-        let erase_count = self.format.get_saved_erase_count(erase_entry) + 1;
-        // Erase the page.
-        self.storage.erase_page(old_page).unwrap();
-        // Initialize the page.
-        self.initialize_page(old_page, erase_count);
-        // Delete the internal entry.
-        self.delete_index(erase_index);
-    }
-}
-
-// Those functions are not meant for production.
-#[cfg(any(test, feature = "ram_storage"))]
-impl<C: StoreConfig> Store<BufferStorage, C> {
-    /// Takes a snapshot of the storage after a given amount of word operations.
-    pub fn arm_snapshot(&mut self, delay: usize) {
-        self.storage.arm_snapshot(delay);
-    }
-
-    /// Unarms and returns the snapshot or the delay remaining.
-    pub fn get_snapshot(&mut self) -> Result<Box<[u8]>, usize> {
-        self.storage.get_snapshot()
-    }
-
-    /// Takes a snapshot of the storage.
-    pub fn take_snapshot(&self) -> Box<[u8]> {
-        self.storage.take_snapshot()
-    }
-
-    /// Returns the storage.
-    pub fn get_storage(self) -> Box<[u8]> {
-        self.storage.get_storage()
-    }
-
-    /// Erases and initializes a page with a given erase count.
-    pub fn set_erase_count(&mut self, page: usize, erase_count: usize) {
-        self.initialize_page(page, erase_count);
-    }
-
-    /// Returns whether all deleted sensitive entries have been wiped.
-    pub fn deleted_entries_are_wiped(&self) -> bool {
-        for (_, entry) in Iter::new(self) {
-            if !self.format.is_present(entry)
-                || !self.format.is_deleted(entry)
-                || self.format.is_internal(entry)
-                || !self.format.is_sensitive(entry)
-            {
-                continue;
-            }
-            let gap = self.format.entry_gap(entry);
-            let data = gap.slice(entry);
-            if !data.iter().all(|&byte| byte == 0x00) {
-                return false;
-            }
-        }
-        true
-    }
-}
-
-/// Maps an index from an old page to a new page if needed.
-fn map_index(old_page: usize, new_page: usize, map: &BTreeMap<usize, usize>, index: &mut Index) {
-    if index.page == old_page {
-        index.page = new_page;
-        index.byte = *map.get(&index.byte).unwrap();
-    }
-}
-
-/// Page information for compaction.
-struct PageInfo {
-    /// How many times the page was erased.
-    erase_count: usize,
-
-    /// Cumulative length of deleted entries (including header and footer).
-    deleted_length: usize,
-
-    /// Length of the free space.
-    free_length: usize,
-}
-
-impl PageInfo {
-    /// Returns whether a page should be compacted before another.
-    fn compare_for_compaction(&self, rhs: &PageInfo) -> core::cmp::Ordering {
-        self.erase_count
-            .cmp(&rhs.erase_count)
-            .then(rhs.deleted_length.cmp(&self.deleted_length))
-            .then(self.free_length.cmp(&rhs.free_length))
-    }
-}
-
-/// Iterates over all entries (including free space) of a store.
-struct Iter<'a, S: Storage, C: StoreConfig> {
-    store: &'a Store<S, C>,
-    index: Index,
-}
-
-impl<'a, S: Storage, C: StoreConfig> Iter<'a, S, C> {
-    fn new(store: &'a Store<S, C>) -> Iter<'a, S, C> {
-        let index = Index {
-            page: 0,
-            byte: store.format.page_header_size(),
-        };
-        Iter { store, index }
-    }
-}
-
-impl<'a, S: Storage, C: StoreConfig> Iterator for Iter<'a, S, C> {
-    type Item = (Index, &'a [u8]);
-
-    fn next(&mut self) -> Option<(Index, &'a [u8])> {
-        if self.index.byte == self.store.format.page_size {
-            self.index.page += 1;
-            self.index.byte = self.store.format.page_header_size();
-        }
-        if self.index.page == self.store.format.num_pages {
-            return None;
-        }
-        let index = self.index;
-        let entry = self.store.read_entry(self.index);
-        self.index.byte += entry.len();
-        Some((index, entry))
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::super::{BufferOptions, BufferStorage};
-    use super::*;
-
-    struct Config;
-
-    const WORD_SIZE: usize = 4;
-    const PAGE_SIZE: usize = 8 * WORD_SIZE;
-    const NUM_PAGES: usize = 3;
-
-    impl StoreConfig for Config {
-        type Key = u8;
-
-        fn num_tags(&self) -> usize {
-            1
-        }
-
-        fn keys(&self, entry: StoreEntry, mut add: impl FnMut(u8)) {
-            assert_eq!(entry.tag, 0);
-            if !entry.data.is_empty() {
-                add(entry.data[0]);
-            }
-        }
-    }
-
-    fn new_buffer(storage: Box<[u8]>) -> BufferStorage {
-        let options = BufferOptions {
-            word_size: WORD_SIZE,
-            page_size: PAGE_SIZE,
-            max_word_writes: 2,
-            max_page_erases: 2,
-            strict_write: true,
-        };
-        BufferStorage::new(storage, options)
-    }
-
-    fn new_store() -> Store<BufferStorage, Config> {
-        let storage = vec![0xff; NUM_PAGES * PAGE_SIZE].into_boxed_slice();
-        Store::new(new_buffer(storage), Config).unwrap()
-    }
-
-    #[test]
-    fn insert_ok() {
-        let mut store = new_store();
-        assert_eq!(store.iter().count(), 0);
-        let tag = 0;
-        let key = 1;
-        let data = &[key, 2];
-        let entry = StoreEntry {
-            tag,
-            data,
-            sensitive: false,
-        };
-        store.insert(entry).unwrap();
-        assert_eq!(store.iter().count(), 1);
-        assert_eq!(store.find_one(&key).unwrap().1, entry);
-    }
-
-    #[test]
-    fn insert_sensitive_ok() {
-        let mut store = new_store();
-        let tag = 0;
-        let key = 1;
-        let data = &[key, 4];
-        let entry = StoreEntry {
-            tag,
-            data,
-            sensitive: true,
-        };
-        store.insert(entry).unwrap();
-        assert_eq!(store.iter().count(), 1);
-        assert_eq!(store.find_one(&key).unwrap().1, entry);
-    }
-
-    #[test]
-    fn delete_ok() {
-        let mut store = new_store();
-        let tag = 0;
-        let key = 1;
-        let entry = StoreEntry {
-            tag,
-            data: &[key, 2],
-            sensitive: false,
-        };
-        store.insert(entry).unwrap();
-        assert_eq!(store.find_all(&key).count(), 1);
-        let (index, _) = store.find_one(&key).unwrap();
-        store.delete(index).unwrap();
-        assert_eq!(store.find_all(&key).count(), 0);
-        assert_eq!(store.iter().count(), 0);
-    }
-
-    #[test]
-    fn delete_sensitive_ok() {
-        let mut store = new_store();
-        let tag = 0;
-        let key = 1;
-        let entry = StoreEntry {
-            tag,
-            data: &[key, 2],
-            sensitive: true,
-        };
-        store.insert(entry).unwrap();
-        assert_eq!(store.find_all(&key).count(), 1);
-        let (index, _) = store.find_one(&key).unwrap();
-        store.delete(index).unwrap();
-        assert_eq!(store.find_all(&key).count(), 0);
-        assert_eq!(store.iter().count(), 0);
-        assert!(store.deleted_entries_are_wiped());
-    }
-
-    #[test]
-    fn insert_until_full() {
-        let mut store = new_store();
-        let tag = 0;
-        let mut key = 0;
-        while store
-            .insert(StoreEntry {
-                tag,
-                data: &[key, 0],
-                sensitive: false,
-            })
-            .is_ok()
-        {
-            key += 1;
-        }
-        assert!(key > 0);
-    }
-
-    #[test]
-    fn compact_ok() {
-        let mut store = new_store();
-        let tag = 0;
-        let mut key = 0;
-        while store
-            .insert(StoreEntry {
-                tag,
-                data: &[key, 0],
-                sensitive: false,
-            })
-            .is_ok()
-        {
-            key += 1;
-        }
-        let (index, _) = store.find_one(&0).unwrap();
-        store.delete(index).unwrap();
-        store
-            .insert(StoreEntry {
-                tag: 0,
-                data: &[key, 0],
-                sensitive: false,
-            })
-            .unwrap();
-        for k in 1..=key {
-            assert_eq!(store.find_all(&k).count(), 1);
-        }
-    }
-
-    #[test]
-    fn reboot_ok() {
-        let mut store = new_store();
-        let tag = 0;
-        let key = 1;
-        let data = &[key, 2];
-        let entry = StoreEntry {
-            tag,
-            data,
-            sensitive: false,
-        };
-        store.insert(entry).unwrap();
-
-        // Reboot the store.
-        let store = store.get_storage();
-        let store = Store::new(new_buffer(store), Config).unwrap();
-
-        assert_eq!(store.iter().count(), 1);
-        assert_eq!(store.find_one(&key).unwrap().1, entry);
-    }
-
-    #[test]
-    fn replace_atomic() {
-        let tag = 0;
-        let key = 1;
-        let old_entry = StoreEntry {
-            tag,
-            data: &[key, 2, 3, 4, 5, 6],
-            sensitive: false,
-        };
-        let new_entry = StoreEntry {
-            tag,
-            data: &[key, 7, 8, 9],
-            sensitive: false,
-        };
-        let mut delay = 0;
-        loop {
-            let mut store = new_store();
-            store.insert(old_entry).unwrap();
-            store.arm_snapshot(delay);
-            let (index, _) = store.find_one(&key).unwrap();
-            store.replace(index, new_entry).unwrap();
-            let (complete, store) = match store.get_snapshot() {
-                Err(_) => (true, store.get_storage()),
-                Ok(store) => (false, store),
-            };
-            let store = Store::new(new_buffer(store), Config).unwrap();
-            assert_eq!(store.iter().count(), 1);
-            assert_eq!(store.find_all(&key).count(), 1);
-            let (_, cur_entry) = store.find_one(&key).unwrap();
-            assert!((cur_entry == old_entry && !complete) || cur_entry == new_entry);
-            if complete {
-                break;
-            }
-            delay += 1;
-        }
-    }
-
-    #[test]
-    fn compact_atomic() {
-        let tag = 0;
-        let mut delay = 0;
-        loop {
-            let mut store = new_store();
-            let mut key = 0;
-            while store
-                .insert(StoreEntry {
-                    tag,
-                    data: &[key, 0],
-                    sensitive: false,
-                })
-                .is_ok()
-            {
-                key += 1;
-            }
-            let (index, _) = store.find_one(&0).unwrap();
-            store.delete(index).unwrap();
-            let (index, _) = store.find_one(&1).unwrap();
-            store.arm_snapshot(delay);
-            store
-                .replace(
-                    index,
-                    StoreEntry {
-                        tag,
-                        data: &[1, 1],
-                        sensitive: false,
-                    },
-                )
-                .unwrap();
-            let (complete, store) = match store.get_snapshot() {
-                Err(_) => (true, store.get_storage()),
-                Ok(store) => (false, store),
-            };
-            let store = Store::new(new_buffer(store), Config).unwrap();
-            assert_eq!(store.iter().count(), key as usize - 1);
-            for k in 2..key {
-                assert_eq!(store.find_all(&k).count(), 1);
-                assert_eq!(
-                    store.find_one(&k).unwrap().1,
-                    StoreEntry {
-                        tag,
-                        data: &[k, 0],
-                        sensitive: false,
-                    }
-                );
-            }
-            assert_eq!(store.find_all(&1).count(), 1);
-            let (_, entry) = store.find_one(&1).unwrap();
-            assert_eq!(entry.tag, tag);
-            assert!((entry.data == [1, 0] && !complete) || entry.data == [1, 1]);
-            if complete {
-                break;
-            }
-            delay += 1;
-        }
-    }
-
-    #[test]
-    fn invalid_tag() {
-        let mut store = new_store();
-        let entry = StoreEntry {
-            tag: 1,
-            data: &[],
-            sensitive: false,
-        };
-        assert_eq!(store.insert(entry), Err(StoreError::InvalidTag));
-    }
-
-    #[test]
-    fn invalid_length() {
-        let mut store = new_store();
-        let entry = StoreEntry {
-            tag: 0,
-            data: &[0; PAGE_SIZE],
-            sensitive: false,
-        };
-        assert_eq!(store.insert(entry), Err(StoreError::StoreFull));
-    }
-}
diff --git a/src/embedded_flash/syscall.rs b/src/embedded_flash/syscall.rs
index 5eae561..e043772 100644
--- a/src/embedded_flash/syscall.rs
+++ b/src/embedded_flash/syscall.rs
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC
+// Copyright 2019-2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,9 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use super::{Index, Storage, StorageError, StorageResult};
 use alloc::vec::Vec;
 use libtock_core::syscalls;
+use persistent_store::{Storage, StorageError, StorageIndex, StorageResult};
 
 const DRIVER_NUMBER: usize = 0x50003;
 
@@ -42,15 +42,13 @@ mod memop_nr {
 
 fn get_info(nr: usize, arg: usize) -> StorageResult<usize> {
     let code = syscalls::command(DRIVER_NUMBER, command_nr::GET_INFO, nr, arg);
-    code.map_err(|e| StorageError::KernelError {
-        code: e.return_code,
-    })
+    code.map_err(|_| StorageError::CustomError)
 }
 
 fn memop(nr: u32, arg: usize) -> StorageResult<usize> {
     let code = unsafe { syscalls::raw::memop(nr, arg) };
     if code < 0 {
-        Err(StorageError::KernelError { code })
+        Err(StorageError::CustomError)
     } else {
         Ok(code as usize)
     }
@@ -70,7 +68,7 @@ impl SyscallStorage {
     ///
     /// # Errors
     ///
-    /// Returns `BadFlash` if any of the following conditions do not hold:
+    /// Returns `CustomError` if any of the following conditions do not hold:
     /// - The word size is a power of two.
     /// - The page size is a power of two.
     /// - The page size is a multiple of the word size.
@@ -90,13 +88,13 @@ impl SyscallStorage {
             || !syscall.page_size.is_power_of_two()
             || !syscall.is_word_aligned(syscall.page_size)
         {
-            return Err(StorageError::BadFlash);
+            return Err(StorageError::CustomError);
         }
         for i in 0..memop(memop_nr::STORAGE_CNT, 0)? {
             let storage_ptr = memop(memop_nr::STORAGE_PTR, i)?;
             let max_storage_len = memop(memop_nr::STORAGE_LEN, i)?;
             if !syscall.is_page_aligned(storage_ptr) || !syscall.is_page_aligned(max_storage_len) {
-                return Err(StorageError::BadFlash);
+                return Err(StorageError::CustomError);
             }
             let storage_len = core::cmp::min(num_pages * syscall.page_size, max_storage_len);
             num_pages -= storage_len / syscall.page_size;
@@ -141,12 +139,12 @@ impl Storage for SyscallStorage {
         self.max_page_erases
     }
 
-    fn read_slice(&self, index: Index, length: usize) -> StorageResult<&[u8]> {
+    fn read_slice(&self, index: StorageIndex, length: usize) -> StorageResult<&[u8]> {
         let start = index.range(length, self)?.start;
         find_slice(&self.storage_locations, start, length)
     }
 
-    fn write_slice(&mut self, index: Index, value: &[u8]) -> StorageResult<()> {
+    fn write_slice(&mut self, index: StorageIndex, value: &[u8]) -> StorageResult<()> {
         if !self.is_word_aligned(index.byte) || !self.is_word_aligned(value.len()) {
             return Err(StorageError::NotAligned);
         }
@@ -163,28 +161,24 @@ impl Storage for SyscallStorage {
             )
         };
         if code < 0 {
-            return Err(StorageError::KernelError { code });
+            return Err(StorageError::CustomError);
         }
 
         let code = syscalls::command(DRIVER_NUMBER, command_nr::WRITE_SLICE, ptr, value.len());
-        if let Err(e) = code {
-            return Err(StorageError::KernelError {
-                code: e.return_code,
-            });
+        if code.is_err() {
+            return Err(StorageError::CustomError);
         }
 
         Ok(())
     }
 
     fn erase_page(&mut self, page: usize) -> StorageResult<()> {
-        let index = Index { page, byte: 0 };
+        let index = StorageIndex { page, byte: 0 };
         let length = self.page_size();
         let ptr = self.read_slice(index, length)?.as_ptr() as usize;
         let code = syscalls::command(DRIVER_NUMBER, command_nr::ERASE_PAGE, ptr, length);
-        if let Err(e) = code {
-            return Err(StorageError::KernelError {
-                code: e.return_code,
-            });
+        if code.is_err() {
+            return Err(StorageError::CustomError);
         }
         Ok(())
     }

From 51681e49100887dc4b6d46ac86db8426d0df73ef Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 13 Nov 2020 06:51:53 +0100
Subject: [PATCH 003/192] changes operation touch behaviour

---
 src/ctap/mod.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index b3bbd64..06e3a57 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -345,7 +345,7 @@ where
         if let Some(auth_param) = &pin_uv_auth_param {
             // This case was added in FIDO 2.1.
             if auth_param.is_empty() {
-                let _ = (self.check_user_presence)(cid);
+                (self.check_user_presence)(cid)?;
                 if self.persistent_store.pin_hash()?.is_none() {
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
                 } else {
@@ -549,7 +549,7 @@ where
         if let Some(auth_param) = &pin_uv_auth_param {
             // This case was added in FIDO 2.1.
             if auth_param.is_empty() {
-                let _ = (self.check_user_presence)(cid);
+                (self.check_user_presence)(cid)?;
                 if self.persistent_store.pin_hash()?.is_none() {
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
                 } else {

From 58b5e4d8fab3d72443a58ea2aaabd624bc5df46a Mon Sep 17 00:00:00 2001
From: Mirna <mshetairy@google.com>
Date: Fri, 13 Nov 2020 09:32:59 +0200
Subject: [PATCH 004/192] Add short APDUs parser

---
 src/ctap/apdu.rs | 303 +++++++++++++++++++++++++++++++++++++++++++++++
 src/ctap/mod.rs  |   1 +
 2 files changed, 304 insertions(+)
 create mode 100644 src/ctap/apdu.rs

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
new file mode 100644
index 0000000..f324a03
--- /dev/null
+++ b/src/ctap/apdu.rs
@@ -0,0 +1,303 @@
+use alloc::vec::Vec;
+use core::convert::TryFrom;
+
+type ByteArray = &'static [u8];
+
+#[cfg_attr(test, derive(Clone, Debug))]
+#[allow(non_camel_case_types)]
+#[derive(PartialEq)]
+pub enum ApduStatusCode {
+    SW_SUCCESS,
+    /// Command successfully executed; 'XX' bytes of data are
+    /// available and can be requested using GET RESPONSE.
+    SW_GET_RESPONSE,
+    SW_WRONG_DATA,
+    SW_WRONG_LENGTH,
+    SW_COND_USE_NOT_SATISFIED,
+    SW_FILE_NOT_FOUND,
+    SW_INCORRECT_P1P2,
+    /// Instruction code not supported or invalid
+    SW_INS_INVALID,
+    SW_CLA_INVALID,
+    SW_INTERNAL_EXCEPTION,
+}
+
+impl From<ApduStatusCode> for ByteArray {
+    fn from(status_code: ApduStatusCode) -> ByteArray {
+        match status_code {
+            ApduStatusCode::SW_SUCCESS => b"\x90\x00",
+            ApduStatusCode::SW_GET_RESPONSE => b"\x61\x00",
+            ApduStatusCode::SW_WRONG_DATA => b"\x6A\x80",
+            ApduStatusCode::SW_WRONG_LENGTH => b"\x67\x00",
+            ApduStatusCode::SW_COND_USE_NOT_SATISFIED => b"\x69\x85",
+            ApduStatusCode::SW_FILE_NOT_FOUND => b"\x6a\x82",
+            ApduStatusCode::SW_INCORRECT_P1P2 => b"\x6a\x86",
+            ApduStatusCode::SW_INS_INVALID => b"\x6d\x00",
+            ApduStatusCode::SW_CLA_INVALID => b"\x6e\x00",
+            ApduStatusCode::SW_INTERNAL_EXCEPTION => b"\x6f\x00",
+        }
+    }
+}
+
+#[allow(non_camel_case_types, dead_code)]
+pub enum ApduIns {
+    SELECT = 0xA4,
+    READ_BINARY = 0xB0,
+    GET_RESPONSE = 0xC0,
+}
+
+#[cfg_attr(test, derive(Clone, Debug))]
+#[allow(dead_code)]
+#[derive(Default, PartialEq)]
+pub struct ApduHeader {
+    cla: u8,
+    ins: u8,
+    p1: u8,
+    p2: u8,
+}
+
+impl From<&[u8]> for ApduHeader {
+    fn from(header: &[u8]) -> Self {
+        ApduHeader {
+            cla: header[0],
+            ins: header[1],
+            p1: header[2],
+            p2: header[3],
+        }
+    }
+}
+
+#[cfg_attr(test, derive(Clone, Debug))]
+#[allow(dead_code)]
+#[derive(Default, PartialEq)]
+pub struct APDU {
+    header: ApduHeader,
+    lc: u16,
+    data: Vec<u8>,
+    le: u32,
+    case_type: u8,
+}
+
+const APDU_HEADER_LEN: u8 = 4;
+
+impl TryFrom<&[u8]> for APDU {
+    type Error = ApduStatusCode;
+
+    fn try_from(frame: &[u8]) -> Result<Self, ApduStatusCode> {
+        if frame.len() < APDU_HEADER_LEN as usize {
+            return Err(ApduStatusCode::SW_WRONG_DATA);
+        }
+        //        +-----+-----+----+----+
+        // header | CLA | INS | P1 | P2 |
+        //        +-----+-----+----+----+
+        let (header, payload) = frame.split_at(APDU_HEADER_LEN as usize);
+
+        let mut apdu = APDU {
+            header: header.into(),
+            lc: 0x00,
+            data: Vec::new(),
+            le: 0x00,
+            case_type: 0x00,
+        };
+
+        // case 1
+        if payload.is_empty() {
+            apdu.case_type = 0x01;
+        } else {
+            let byte_0 = payload[0];
+            // case 2S (Le)
+            if payload.len() == 1 {
+                apdu.case_type = 0x02;
+                apdu.le = if byte_0 == 0x00 {
+                    // Ne = 256
+                    0x100
+                } else {
+                    byte_0.into()
+                }
+            }
+            // case 3S (Lc + data)
+            if payload.len() == (1 + byte_0) as usize && byte_0 != 0 {
+                apdu.case_type = 0x03;
+                apdu.lc = byte_0.into();
+                apdu.data = payload[1..].to_vec();
+            }
+            // case 4S (Lc + data + Le)
+            if payload.len() == (1 + byte_0 + 1) as usize && byte_0 != 0 {
+                apdu.case_type = 0x04;
+                apdu.lc = byte_0.into();
+                apdu.data = payload[1..(payload.len() - 1)].to_vec();
+                apdu.le = (*payload.last().unwrap()).into();
+                if apdu.le == 0x00 {
+                    apdu.le = 0x100;
+                }
+            }
+        }
+        // TODO: Add extended length cases
+        if apdu.case_type == 0x00 {
+            return Err(ApduStatusCode::SW_COND_USE_NOT_SATISFIED);
+        }
+        Ok(apdu)
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    fn pass_frame(frame: &[u8]) -> Result<APDU, ApduStatusCode> {
+        APDU::try_from(frame)
+    }
+
+    #[test]
+    fn test_case_type_1() {
+        let frame: [u8; 4] = [0x00, 0x12, 0x00, 0x80];
+        let response = pass_frame(&frame);
+        assert!(response.is_ok());
+        let expected = APDU {
+            header: ApduHeader {
+                cla: 0x00,
+                ins: 0x12,
+                p1: 0x00,
+                p2: 0x80,
+            },
+            lc: 0x00,
+            data: Vec::new(),
+            le: 0x00,
+            case_type: 0x01,
+        };
+        assert_eq!(expected, response.unwrap());
+    }
+
+    #[test]
+    fn test_case_type_2_short() {
+        let frame: [u8; 5] = [0x00, 0xb0, 0x00, 0x00, 0x0f];
+        let response = pass_frame(&frame);
+        assert!(response.is_ok());
+        let expected = APDU {
+            header: ApduHeader {
+                cla: 0x00,
+                ins: 0xb0,
+                p1: 0x00,
+                p2: 0x00,
+            },
+            lc: 0x00,
+            data: Vec::new(),
+            le: 0x0f,
+            case_type: 0x02,
+        };
+        assert_eq!(expected, response.unwrap());
+    }
+
+    #[test]
+    fn test_case_type_2_short_le() {
+        let frame: [u8; 5] = [0x00, 0xb0, 0x00, 0x00, 0x00];
+        let response = pass_frame(&frame);
+        assert!(response.is_ok());
+        let expected = APDU {
+            header: ApduHeader {
+                cla: 0x00,
+                ins: 0xb0,
+                p1: 0x00,
+                p2: 0x00,
+            },
+            lc: 0x00,
+            data: Vec::new(),
+            le: 0x100,
+            case_type: 0x02,
+        };
+        assert_eq!(expected, response.unwrap());
+    }
+
+    #[test]
+    fn test_case_type_3_short() {
+        let frame: [u8; 7] = [0x00, 0xa4, 0x00, 0x0c, 0x02, 0xe1, 0x04];
+        let payload = [0xe1, 0x04];
+        let response = pass_frame(&frame);
+        assert!(response.is_ok());
+        let expected = APDU {
+            header: ApduHeader {
+                cla: 0x00,
+                ins: 0xa4,
+                p1: 0x00,
+                p2: 0x0c,
+            },
+            lc: 0x02,
+            data: payload.to_vec(),
+            le: 0x00,
+            case_type: 0x03,
+        };
+        assert_eq!(expected, response.unwrap());
+    }
+
+    #[test]
+    fn test_case_type_4_short() {
+        let frame: [u8; 13] = [
+            0x00, 0xa4, 0x04, 0x00, 0x07, 0xd2, 0x76, 0x00, 0x00, 0x85, 0x01, 0x01, 0xff,
+        ];
+        let payload = [0xd2, 0x76, 0x00, 0x00, 0x85, 0x01, 0x01];
+        let response = pass_frame(&frame);
+        assert!(response.is_ok());
+        let expected = APDU {
+            header: ApduHeader {
+                cla: 0x00,
+                ins: 0xa4,
+                p1: 0x04,
+                p2: 0x00,
+            },
+            lc: 0x07,
+            data: payload.to_vec(),
+            le: 0xff,
+            case_type: 0x04,
+        };
+        assert_eq!(expected, response.unwrap());
+    }
+
+    #[test]
+    fn test_case_type_4_short_le() {
+        let frame: [u8; 13] = [
+            0x00, 0xa4, 0x04, 0x00, 0x07, 0xd2, 0x76, 0x00, 0x00, 0x85, 0x01, 0x01, 0x00,
+        ];
+        let payload = [0xd2, 0x76, 0x00, 0x00, 0x85, 0x01, 0x01];
+        let response = pass_frame(&frame);
+        assert!(response.is_ok());
+        let expected = APDU {
+            header: ApduHeader {
+                cla: 0x00,
+                ins: 0xa4,
+                p1: 0x04,
+                p2: 0x00,
+            },
+            lc: 0x07,
+            data: payload.to_vec(),
+            le: 0x100,
+            case_type: 0x04,
+        };
+        assert_eq!(expected, response.unwrap());
+    }
+
+    #[test]
+    fn test_invalid_apdu_header_length() {
+        let frame: [u8; 3] = [0x00, 0x12, 0x00];
+        let response = pass_frame(&frame);
+        assert!(response.is_err());
+        assert_eq!(Some(ApduStatusCode::SW_WRONG_DATA), response.err());
+    }
+
+    #[test]
+    fn test_unsupported_case_type() {
+        let frame: [u8; 73] = [
+            0x00, 0x01, 0x03, 0x00, 0x00, 0x00, 0x40, 0xe3, 0x8f, 0xde, 0x51, 0x3d, 0xac, 0x9d,
+            0x1c, 0x6e, 0x86, 0x76, 0x31, 0x40, 0x25, 0x96, 0x86, 0x4d, 0x29, 0xe8, 0x07, 0xb3,
+            0x56, 0x19, 0xdf, 0x4a, 0x00, 0x02, 0xae, 0x2a, 0x8c, 0x9d, 0x5a, 0xab, 0xc3, 0x4b,
+            0x4e, 0xb9, 0x78, 0xb9, 0x11, 0xe5, 0x52, 0x40, 0xf3, 0x45, 0x64, 0x9c, 0xd3, 0xd7,
+            0xe8, 0xb5, 0x83, 0xfb, 0xe0, 0x66, 0x98, 0x4d, 0x98, 0x81, 0xf7, 0xb5, 0x49, 0x4d,
+            0xcb, 0x00, 0x00,
+        ];
+        let response = pass_frame(&frame);
+        assert!(response.is_err());
+        assert_eq!(
+            Some(ApduStatusCode::SW_COND_USE_NOT_SATISFIED),
+            response.err()
+        );
+    }
+}
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 1a98ce5..2551e7b 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+pub mod apdu;
 pub mod command;
 #[cfg(feature = "with_ctap1")]
 mod ctap1;

From fce91744c68abe1f41761500b563b4e10c612e80 Mon Sep 17 00:00:00 2001
From: Mirna <mshetairy@google.com>
Date: Fri, 13 Nov 2020 22:06:27 +0200
Subject: [PATCH 005/192] Addressing some of the requested changes

---
 src/ctap/apdu.rs | 98 +++++++++++++++++++++++++++---------------------
 1 file changed, 56 insertions(+), 42 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index f324a03..431b18e 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -3,6 +3,8 @@ use core::convert::TryFrom;
 
 type ByteArray = &'static [u8];
 
+const APDU_HEADER_LEN: usize = 4;
+
 #[cfg_attr(test, derive(Clone, Debug))]
 #[allow(non_camel_case_types)]
 #[derive(PartialEq)]
@@ -39,11 +41,11 @@ impl From<ApduStatusCode> for ByteArray {
     }
 }
 
-#[allow(non_camel_case_types, dead_code)]
-pub enum ApduIns {
-    SELECT = 0xA4,
-    READ_BINARY = 0xB0,
-    GET_RESPONSE = 0xC0,
+#[allow(dead_code)]
+pub enum ApduInstructions {
+    Select = 0xA4,
+    ReadBinary = 0xB0,
+    GetResponse = 0xC0,
 }
 
 #[cfg_attr(test, derive(Clone, Debug))]
@@ -67,6 +69,33 @@ impl From<&[u8]> for ApduHeader {
     }
 }
 
+#[cfg_attr(test, derive(Clone, Debug))]
+#[derive(PartialEq)]
+/// The APDU cases
+pub enum Case {
+    Le,
+    LcData,
+    LcDataLe,
+    // TODO: More cases to add as extended length APDUs
+    // Le could be 2 or 3 Bytes
+}
+
+#[cfg_attr(test, derive(Clone, Debug))]
+#[allow(dead_code)]
+#[derive(PartialEq)]
+pub enum ApduType {
+    Instruction,
+    Short(Case),
+    Extended(Case),
+    Unknown,
+}
+
+impl Default for ApduType {
+    fn default() -> ApduType {
+        ApduType::Unknown
+    }
+}
+
 #[cfg_attr(test, derive(Clone, Debug))]
 #[allow(dead_code)]
 #[derive(Default, PartialEq)]
@@ -75,11 +104,9 @@ pub struct APDU {
     lc: u16,
     data: Vec<u8>,
     le: u32,
-    case_type: u8,
+    case_type: ApduType,
 }
 
-const APDU_HEADER_LEN: u8 = 4;
-
 impl TryFrom<&[u8]> for APDU {
     type Error = ApduStatusCode;
 
@@ -90,24 +117,23 @@ impl TryFrom<&[u8]> for APDU {
         //        +-----+-----+----+----+
         // header | CLA | INS | P1 | P2 |
         //        +-----+-----+----+----+
-        let (header, payload) = frame.split_at(APDU_HEADER_LEN as usize);
+        let (header, payload) = frame.split_at(APDU_HEADER_LEN);
 
         let mut apdu = APDU {
             header: header.into(),
             lc: 0x00,
             data: Vec::new(),
             le: 0x00,
-            case_type: 0x00,
+            case_type: ApduType::default(),
         };
 
         // case 1
         if payload.is_empty() {
-            apdu.case_type = 0x01;
+            apdu.case_type = ApduType::Instruction;
         } else {
             let byte_0 = payload[0];
-            // case 2S (Le)
             if payload.len() == 1 {
-                apdu.case_type = 0x02;
+                apdu.case_type = ApduType::Short(Case::Le);
                 apdu.le = if byte_0 == 0x00 {
                     // Ne = 256
                     0x100
@@ -115,15 +141,13 @@ impl TryFrom<&[u8]> for APDU {
                     byte_0.into()
                 }
             }
-            // case 3S (Lc + data)
             if payload.len() == (1 + byte_0) as usize && byte_0 != 0 {
-                apdu.case_type = 0x03;
+                apdu.case_type = ApduType::Short(Case::LcData);
                 apdu.lc = byte_0.into();
                 apdu.data = payload[1..].to_vec();
             }
-            // case 4S (Lc + data + Le)
             if payload.len() == (1 + byte_0 + 1) as usize && byte_0 != 0 {
-                apdu.case_type = 0x04;
+                apdu.case_type = ApduType::Short(Case::LcDataLe);
                 apdu.lc = byte_0.into();
                 apdu.data = payload[1..(payload.len() - 1)].to_vec();
                 apdu.le = (*payload.last().unwrap()).into();
@@ -133,7 +157,7 @@ impl TryFrom<&[u8]> for APDU {
             }
         }
         // TODO: Add extended length cases
-        if apdu.case_type == 0x00 {
+        if apdu.case_type == ApduType::default() {
             return Err(ApduStatusCode::SW_COND_USE_NOT_SATISFIED);
         }
         Ok(apdu)
@@ -163,16 +187,15 @@ mod test {
             lc: 0x00,
             data: Vec::new(),
             le: 0x00,
-            case_type: 0x01,
+            case_type: ApduType::Instruction,
         };
-        assert_eq!(expected, response.unwrap());
+        assert_eq!(Ok(expected), response);
     }
 
     #[test]
     fn test_case_type_2_short() {
         let frame: [u8; 5] = [0x00, 0xb0, 0x00, 0x00, 0x0f];
         let response = pass_frame(&frame);
-        assert!(response.is_ok());
         let expected = APDU {
             header: ApduHeader {
                 cla: 0x00,
@@ -183,16 +206,15 @@ mod test {
             lc: 0x00,
             data: Vec::new(),
             le: 0x0f,
-            case_type: 0x02,
+            case_type: ApduType::Short(Case::Le),
         };
-        assert_eq!(expected, response.unwrap());
+        assert_eq!(Ok(expected), response);
     }
 
     #[test]
     fn test_case_type_2_short_le() {
         let frame: [u8; 5] = [0x00, 0xb0, 0x00, 0x00, 0x00];
         let response = pass_frame(&frame);
-        assert!(response.is_ok());
         let expected = APDU {
             header: ApduHeader {
                 cla: 0x00,
@@ -203,9 +225,9 @@ mod test {
             lc: 0x00,
             data: Vec::new(),
             le: 0x100,
-            case_type: 0x02,
+            case_type: ApduType::Short(Case::Le),
         };
-        assert_eq!(expected, response.unwrap());
+        assert_eq!(Ok(expected), response);
     }
 
     #[test]
@@ -213,7 +235,6 @@ mod test {
         let frame: [u8; 7] = [0x00, 0xa4, 0x00, 0x0c, 0x02, 0xe1, 0x04];
         let payload = [0xe1, 0x04];
         let response = pass_frame(&frame);
-        assert!(response.is_ok());
         let expected = APDU {
             header: ApduHeader {
                 cla: 0x00,
@@ -224,9 +245,9 @@ mod test {
             lc: 0x02,
             data: payload.to_vec(),
             le: 0x00,
-            case_type: 0x03,
+            case_type: ApduType::Short(Case::LcData),
         };
-        assert_eq!(expected, response.unwrap());
+        assert_eq!(Ok(expected), response);
     }
 
     #[test]
@@ -236,7 +257,6 @@ mod test {
         ];
         let payload = [0xd2, 0x76, 0x00, 0x00, 0x85, 0x01, 0x01];
         let response = pass_frame(&frame);
-        assert!(response.is_ok());
         let expected = APDU {
             header: ApduHeader {
                 cla: 0x00,
@@ -247,9 +267,9 @@ mod test {
             lc: 0x07,
             data: payload.to_vec(),
             le: 0xff,
-            case_type: 0x04,
+            case_type: ApduType::Short(Case::LcDataLe),
         };
-        assert_eq!(expected, response.unwrap());
+        assert_eq!(Ok(expected), response);
     }
 
     #[test]
@@ -259,7 +279,6 @@ mod test {
         ];
         let payload = [0xd2, 0x76, 0x00, 0x00, 0x85, 0x01, 0x01];
         let response = pass_frame(&frame);
-        assert!(response.is_ok());
         let expected = APDU {
             header: ApduHeader {
                 cla: 0x00,
@@ -270,17 +289,16 @@ mod test {
             lc: 0x07,
             data: payload.to_vec(),
             le: 0x100,
-            case_type: 0x04,
+            case_type: ApduType::Short(Case::LcDataLe),
         };
-        assert_eq!(expected, response.unwrap());
+        assert_eq!(Ok(expected), response);
     }
 
     #[test]
     fn test_invalid_apdu_header_length() {
         let frame: [u8; 3] = [0x00, 0x12, 0x00];
         let response = pass_frame(&frame);
-        assert!(response.is_err());
-        assert_eq!(Some(ApduStatusCode::SW_WRONG_DATA), response.err());
+        assert_eq!(Err(ApduStatusCode::SW_WRONG_DATA), response);
     }
 
     #[test]
@@ -294,10 +312,6 @@ mod test {
             0xcb, 0x00, 0x00,
         ];
         let response = pass_frame(&frame);
-        assert!(response.is_err());
-        assert_eq!(
-            Some(ApduStatusCode::SW_COND_USE_NOT_SATISFIED),
-            response.err()
-        );
+        assert_eq!(Err(ApduStatusCode::SW_COND_USE_NOT_SATISFIED), response);
     }
 }

From e842da0de7abe8c4304986e6dfa0dbbf68983a15 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Thu, 19 Nov 2020 11:27:50 +0100
Subject: [PATCH 006/192] Add store fuzzing

---
 libraries/persistent_store/fuzz/Cargo.toml    |   2 +
 .../fuzz/fuzz_targets/store.rs                |   2 +-
 libraries/persistent_store/fuzz/src/lib.rs    |   5 +-
 libraries/persistent_store/fuzz/src/store.rs  | 533 ++++++++++++++++++
 4 files changed, 538 insertions(+), 4 deletions(-)
 create mode 100644 libraries/persistent_store/fuzz/src/store.rs

diff --git a/libraries/persistent_store/fuzz/Cargo.toml b/libraries/persistent_store/fuzz/Cargo.toml
index fdc4f89..f0b01f1 100644
--- a/libraries/persistent_store/fuzz/Cargo.toml
+++ b/libraries/persistent_store/fuzz/Cargo.toml
@@ -11,6 +11,8 @@ cargo-fuzz = true
 [dependencies]
 libfuzzer-sys = "0.3"
 persistent_store = { path = "..", features = ["std"] }
+rand_core = "0.5"
+rand_pcg = "0.2"
 strum = { version = "0.19", features = ["derive"] }
 
 # Prevent this from interfering with workspaces
diff --git a/libraries/persistent_store/fuzz/fuzz_targets/store.rs b/libraries/persistent_store/fuzz/fuzz_targets/store.rs
index 1cff2a4..d96874d 100644
--- a/libraries/persistent_store/fuzz/fuzz_targets/store.rs
+++ b/libraries/persistent_store/fuzz/fuzz_targets/store.rs
@@ -17,5 +17,5 @@
 use libfuzzer_sys::fuzz_target;
 
 fuzz_target!(|data: &[u8]| {
-    // TODO(ia0): Call fuzzing when implemented.
+    fuzz_store::fuzz(data, false, None);
 });
diff --git a/libraries/persistent_store/fuzz/src/lib.rs b/libraries/persistent_store/fuzz/src/lib.rs
index 11645f3..3d32624 100644
--- a/libraries/persistent_store/fuzz/src/lib.rs
+++ b/libraries/persistent_store/fuzz/src/lib.rs
@@ -25,13 +25,12 @@
 //!   situation where coverage takes precedence over surjectivity is for the value of insert updates
 //!   where a pseudo-random generator is used to avoid wasting entropy.
 
-// TODO(ia0): Remove when used.
-#![allow(dead_code)]
-
 mod histogram;
 mod stats;
+mod store;
 
 pub use stats::{StatKey, Stats};
+pub use store::fuzz;
 
 /// Bit-level entropy source based on a byte slice shared reference.
 ///
diff --git a/libraries/persistent_store/fuzz/src/store.rs b/libraries/persistent_store/fuzz/src/store.rs
new file mode 100644
index 0000000..e51ed71
--- /dev/null
+++ b/libraries/persistent_store/fuzz/src/store.rs
@@ -0,0 +1,533 @@
+// Copyright 2019-2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use crate::stats::{StatKey, Stats};
+use crate::Entropy;
+use persistent_store::{
+    BufferOptions, BufferStorage, Store, StoreDriver, StoreDriverOff, StoreDriverOn,
+    StoreInterruption, StoreInvariant, StoreOperation, StoreUpdate,
+};
+use rand_core::{RngCore, SeedableRng};
+use rand_pcg::Pcg32;
+use std::collections::HashMap;
+use std::convert::TryInto;
+
+// NOTE: We should be able to improve coverage by only checking the last operation. Because
+// operations before the last could be checked with a shorter entropy.
+
+/// Checks the store against a sequence of manipulations.
+///
+/// The entropy to generate the sequence of manipulation should be provided in `data`. Debugging
+/// information is printed if `debug` is set. Statistics are gathered if `stats` is set.
+pub fn fuzz(data: &[u8], debug: bool, stats: Option<&mut Stats>) {
+    let mut fuzzer = Fuzzer::new(data, debug, stats);
+    fuzzer.init_counters();
+    fuzzer.record(StatKey::Entropy, data.len());
+    let mut driver = fuzzer.init();
+    let store = loop {
+        if fuzzer.debug {
+            print!("{}", driver.storage());
+        }
+        if let StoreDriver::On(driver) = &driver {
+            if !fuzzer.init.is_dirty() {
+                driver.check().unwrap();
+            }
+            if fuzzer.debug {
+                println!("----------------------------------------------------------------------");
+            }
+        }
+        if fuzzer.entropy.is_empty() {
+            if fuzzer.debug {
+                println!("No more entropy.");
+            }
+            if fuzzer.init.is_dirty() {
+                return;
+            }
+            fuzzer.record(StatKey::FinishedLifetime, 0);
+            break driver.power_on().unwrap().extract_store();
+        }
+        driver = match driver {
+            StoreDriver::On(driver) => match fuzzer.apply(driver) {
+                Ok(x) => x,
+                Err(store) => {
+                    if fuzzer.debug {
+                        println!("No more lifetime.");
+                    }
+                    if fuzzer.init.is_dirty() {
+                        return;
+                    }
+                    fuzzer.record(StatKey::FinishedLifetime, 1);
+                    break store;
+                }
+            },
+            StoreDriver::Off(driver) => fuzzer.power_on(driver),
+        }
+    };
+    let virt_window = (store.format().num_pages() * store.format().virt_page_size()) as usize;
+    let init_lifetime = fuzzer.init.used_cycles() * virt_window;
+    let lifetime = store.lifetime().unwrap().used() - init_lifetime;
+    fuzzer.record(StatKey::UsedLifetime, lifetime);
+    fuzzer.record(StatKey::NumCompactions, lifetime / virt_window);
+    fuzzer.record_counters();
+}
+
+/// Fuzzing state.
+struct Fuzzer<'a> {
+    /// Remaining fuzzing entropy.
+    entropy: Entropy<'a>,
+
+    /// Unlimited pseudo entropy.
+    ///
+    /// This source is only used to generate the values of entries. This is a compromise to avoid
+    /// consuming fuzzing entropy for low additional coverage.
+    values: Pcg32,
+
+    /// The fuzzing mode.
+    init: Init,
+
+    /// Whether debugging is enabled.
+    debug: bool,
+
+    /// Whether statistics should be gathered.
+    stats: Option<&'a mut Stats>,
+
+    /// Statistics counters (only used when gathering statistics).
+    ///
+    /// The counters are written to the statistics at the end of the fuzzing run, when their value
+    /// is final.
+    counters: HashMap<StatKey, usize>,
+}
+
+impl<'a> Fuzzer<'a> {
+    /// Creates an initial fuzzing state.
+    fn new(data: &'a [u8], debug: bool, stats: Option<&'a mut Stats>) -> Fuzzer<'a> {
+        let mut entropy = Entropy::new(data);
+        let seed = entropy.read_slice(16);
+        let values = Pcg32::from_seed(seed[..].try_into().unwrap());
+        Fuzzer {
+            entropy,
+            values,
+            init: Init::Clean,
+            debug,
+            stats,
+            counters: HashMap::new(),
+        }
+    }
+
+    /// Initializes the fuzzing state and returns the store driver.
+    fn init(&mut self) -> StoreDriver {
+        let mut options = BufferOptions {
+            word_size: 4,
+            page_size: 1 << self.entropy.read_range(5, 12),
+            max_word_writes: 2,
+            max_page_erases: self.entropy.read_range(0, 50000),
+            strict_write: true,
+        };
+        let num_pages = self.entropy.read_range(3, 64);
+        self.record(StatKey::PageSize, options.page_size);
+        self.record(StatKey::MaxPageErases, options.max_page_erases);
+        self.record(StatKey::NumPages, num_pages);
+        if self.debug {
+            println!("page_size: {}", options.page_size);
+            println!("num_pages: {}", num_pages);
+            println!("max_cycle: {}", options.max_page_erases);
+        }
+        let storage_size = num_pages * options.page_size;
+        if self.entropy.read_bit() {
+            self.init = Init::Dirty;
+            let mut storage = vec![0xff; storage_size].into_boxed_slice();
+            let length = self.entropy.read_range(0, storage_size);
+            self.record(StatKey::DirtyLength, length);
+            for byte in &mut storage[0..length] {
+                *byte = self.entropy.read_byte();
+            }
+            if self.debug {
+                println!("Start with dirty storage.");
+            }
+            options.strict_write = false;
+            let storage = BufferStorage::new(storage, options);
+            StoreDriver::Off(StoreDriverOff::new_dirty(storage))
+        } else if self.entropy.read_bit() {
+            let cycle = self.entropy.read_range(0, options.max_page_erases);
+            self.init = Init::Used { cycle };
+            if self.debug {
+                println!("Start with {} consumed erase cycles.", cycle);
+            }
+            self.record(StatKey::InitCycles, cycle);
+            let storage = vec![0xff; storage_size].into_boxed_slice();
+            let mut storage = BufferStorage::new(storage, options);
+            Store::init_with_cycle(&mut storage, cycle);
+            StoreDriver::Off(StoreDriverOff::new_dirty(storage))
+        } else {
+            StoreDriver::Off(StoreDriverOff::new(options, num_pages))
+        }
+    }
+
+    /// Powers a driver with possible interruption.
+    fn power_on(&mut self, driver: StoreDriverOff) -> StoreDriver {
+        if self.debug {
+            println!("Power on the store.");
+        }
+        self.increment(StatKey::PowerOnCount);
+        let interruption = self.interruption(driver.delay_map());
+        match driver.partial_power_on(interruption) {
+            Err((storage, _)) if self.init.is_dirty() => {
+                self.entropy.consume_all();
+                StoreDriver::Off(StoreDriverOff::new_dirty(storage))
+            }
+            Err(error) => self.crash(error),
+            Ok(driver) => driver,
+        }
+    }
+
+    /// Generates and applies an operation with possible interruption.
+    fn apply(&mut self, driver: StoreDriverOn) -> Result<StoreDriver, Store<BufferStorage>> {
+        let operation = self.operation(&driver);
+        if self.debug {
+            println!("{:?}", operation);
+        }
+        let interruption = self.interruption(driver.delay_map(&operation));
+        match driver.partial_apply(operation, interruption) {
+            Err((store, _)) if self.init.is_dirty() => {
+                self.entropy.consume_all();
+                Err(store)
+            }
+            Err((store, StoreInvariant::NoLifetime)) => Err(store),
+            Err((store, error)) => self.crash((store.extract_storage(), error)),
+            Ok((error, driver)) => {
+                if self.debug {
+                    if let Some(error) = error {
+                        println!("{:?}", error);
+                    }
+                }
+                Ok(driver)
+            }
+        }
+    }
+
+    /// Reports a broken invariant and terminates fuzzing.
+    fn crash(&self, error: (BufferStorage, StoreInvariant)) -> ! {
+        let (storage, invariant) = error;
+        if self.debug {
+            print!("{}", storage);
+        }
+        panic!("{:?}", invariant);
+    }
+
+    /// Records a statistics if enabled.
+    fn record(&mut self, key: StatKey, value: usize) {
+        if let Some(stats) = &mut self.stats {
+            stats.add(key, value);
+        }
+    }
+
+    /// Increments a counter if statistics are enabled.
+    fn increment(&mut self, key: StatKey) {
+        if self.stats.is_some() {
+            *self.counters.get_mut(&key).unwrap() += 1;
+        }
+    }
+
+    /// Initializes all counters if statistics are enabled.
+    fn init_counters(&mut self) {
+        if self.stats.is_some() {
+            use StatKey::*;
+            self.counters.insert(PowerOnCount, 0);
+            self.counters.insert(TransactionCount, 0);
+            self.counters.insert(ClearCount, 0);
+            self.counters.insert(PrepareCount, 0);
+            self.counters.insert(InsertCount, 0);
+            self.counters.insert(RemoveCount, 0);
+            self.counters.insert(InterruptionCount, 0);
+        }
+    }
+
+    /// Records all counters if statistics are enabled.
+    fn record_counters(&mut self) {
+        if let Some(stats) = &mut self.stats {
+            for (&key, &value) in self.counters.iter() {
+                stats.add(key, value);
+            }
+        }
+    }
+
+    /// Generates a possibly invalid operation.
+    fn operation(&mut self, driver: &StoreDriverOn) -> StoreOperation {
+        let format = driver.model().format();
+        match self.entropy.read_range(0, 2) {
+            0 => {
+                // We also generate an invalid count (one past the maximum value) to test the error
+                // scenario. Since the test for the error scenario is monotonic, this is a good
+                // compromise to keep entropy bounded.
+                let count = self
+                    .entropy
+                    .read_range(0, format.max_updates() as usize + 1);
+                let mut updates = Vec::with_capacity(count);
+                for _ in 0..count {
+                    updates.push(self.update());
+                }
+                self.increment(StatKey::TransactionCount);
+                StoreOperation::Transaction { updates }
+            }
+            1 => {
+                let min_key = self.key();
+                self.increment(StatKey::ClearCount);
+                StoreOperation::Clear { min_key }
+            }
+            2 => {
+                // We also generate an invalid length (one past the total capacity) to test the
+                // error scenario. See the explanation for transactions above for why it's enough.
+                let length = self
+                    .entropy
+                    .read_range(0, format.total_capacity() as usize + 1);
+                self.increment(StatKey::PrepareCount);
+                StoreOperation::Prepare { length }
+            }
+            _ => unreachable!(),
+        }
+    }
+
+    /// Generates a possibly invalid update.
+    fn update(&mut self) -> StoreUpdate {
+        match self.entropy.read_range(0, 1) {
+            0 => {
+                let key = self.key();
+                let value = self.value();
+                self.increment(StatKey::InsertCount);
+                StoreUpdate::Insert { key, value }
+            }
+            1 => {
+                let key = self.key();
+                self.increment(StatKey::RemoveCount);
+                StoreUpdate::Remove { key }
+            }
+            _ => unreachable!(),
+        }
+    }
+
+    /// Generates a possibly invalid key.
+    fn key(&mut self) -> usize {
+        // Use 4096 as the canonical invalid key.
+        self.entropy.read_range(0, 4096)
+    }
+
+    /// Generates a possibly invalid value.
+    fn value(&mut self) -> Vec<u8> {
+        // Use 1024 as the canonical invalid length.
+        let length = self.entropy.read_range(0, 1024);
+        let mut value = vec![0; length];
+        self.values.fill_bytes(&mut value);
+        value
+    }
+
+    /// Generates an interruption.
+    ///
+    /// The `delay_map` describes the number of modified bits by the upcoming sequence of store
+    /// operations.
+    // TODO(ia0): We use too much CPU to compute the delay map. We should be able to just count the
+    // number of storage operations by checking the remaining delay. We can then use the entropy
+    // directly from the corruption function because it's called at most once.
+    fn interruption(
+        &mut self,
+        delay_map: Result<Vec<usize>, (usize, BufferStorage)>,
+    ) -> StoreInterruption {
+        if self.init.is_dirty() {
+            // We only test that the store can power on without crashing. If it would get
+            // interrupted then it's like powering up with a different initial state, which would be
+            // tested with another fuzzing input.
+            return StoreInterruption::none();
+        }
+        let delay_map = match delay_map {
+            Ok(x) => x,
+            Err((delay, storage)) => {
+                print!("{}", storage);
+                panic!("delay={}", delay);
+            }
+        };
+        let delay = self.entropy.read_range(0, delay_map.len() - 1);
+        let mut complete_bits = BitStack::default();
+        for _ in 0..delay_map[delay] {
+            complete_bits.push(self.entropy.read_bit());
+        }
+        if self.debug {
+            if delay == delay_map.len() - 1 {
+                assert!(complete_bits.is_empty());
+                println!("Do not interrupt.");
+            } else {
+                println!(
+                    "Interrupt after {} operations with complete mask {}.",
+                    delay, complete_bits
+                );
+            }
+        }
+        if delay < delay_map.len() - 1 {
+            self.increment(StatKey::InterruptionCount);
+        }
+        let corrupt = Box::new(move |old: &mut [u8], new: &[u8]| {
+            for (old, new) in old.iter_mut().zip(new.iter()) {
+                for bit in 0..8 {
+                    let mask = 1 << bit;
+                    if *old & mask == *new & mask {
+                        continue;
+                    }
+                    if complete_bits.pop().unwrap() {
+                        *old ^= mask;
+                    }
+                }
+            }
+        });
+        StoreInterruption { delay, corrupt }
+    }
+}
+
+/// The initial fuzzing mode.
+enum Init {
+    /// Fuzzing starts from a clean storage.
+    ///
+    /// All invariant are checked.
+    Clean,
+
+    /// Fuzzing starts from a dirty storage.
+    ///
+    /// Only crashing is checked.
+    Dirty,
+
+    /// Fuzzing starts from a simulated old storage.
+    ///
+    /// All invariant are checked.
+    Used {
+        /// Number of simulated used cycles.
+        cycle: usize,
+    },
+}
+
+impl Init {
+    /// Returns whether fuzzing is in dirty mode.
+    fn is_dirty(&self) -> bool {
+        match self {
+            Init::Dirty => true,
+            _ => false,
+        }
+    }
+
+    /// Returns the number of used cycles.
+    ///
+    /// This is zero if the storage was not artificially aged.
+    fn used_cycles(&self) -> usize {
+        match self {
+            Init::Used { cycle } => *cycle,
+            _ => 0,
+        }
+    }
+}
+
+/// Compact stack of bits.
+// NOTE: This would probably go away once the delay map is simplified.
+#[derive(Default, Clone, Debug)]
+struct BitStack {
+    /// Bits stored in little-endian (for bytes and bits).
+    data: Vec<u8>,
+
+    /// Number of bits stored.
+    len: usize,
+}
+
+impl BitStack {
+    /// Returns whether the stack is empty.
+    fn is_empty(&self) -> bool {
+        self.len() == 0
+    }
+
+    /// Returns the length of the stack.
+    fn len(&self) -> usize {
+        if self.len == 0 {
+            8 * self.data.len()
+        } else {
+            8 * (self.data.len() - 1) + self.len
+        }
+    }
+
+    /// Pushes a bit to the stack.
+    fn push(&mut self, value: bool) {
+        if self.len == 0 {
+            self.data.push(0);
+        }
+        if value {
+            *self.data.last_mut().unwrap() |= 1 << self.len;
+        }
+        self.len += 1;
+        if self.len == 8 {
+            self.len = 0;
+        }
+    }
+
+    /// Pops a bit from the stack.
+    fn pop(&mut self) -> Option<bool> {
+        if self.len == 0 {
+            if self.data.is_empty() {
+                return None;
+            }
+            self.len = 8;
+        }
+        self.len -= 1;
+        let result = self.data.last().unwrap() & 1 << self.len;
+        if self.len == 0 {
+            self.data.pop().unwrap();
+        }
+        Some(result != 0)
+    }
+}
+
+impl std::fmt::Display for BitStack {
+    fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
+        let mut bits = self.clone();
+        while let Some(bit) = bits.pop() {
+            write!(f, "{}", bit as usize)?;
+        }
+        write!(f, " ({} bits)", self.len())?;
+        Ok(())
+    }
+}
+
+#[test]
+fn bit_stack_ok() {
+    let mut bits = BitStack::default();
+
+    assert_eq!(bits.pop(), None);
+
+    bits.push(true);
+    assert_eq!(bits.pop(), Some(true));
+    assert_eq!(bits.pop(), None);
+
+    bits.push(false);
+    assert_eq!(bits.pop(), Some(false));
+    assert_eq!(bits.pop(), None);
+
+    bits.push(true);
+    bits.push(false);
+    assert_eq!(bits.pop(), Some(false));
+    assert_eq!(bits.pop(), Some(true));
+    assert_eq!(bits.pop(), None);
+
+    bits.push(false);
+    bits.push(true);
+    assert_eq!(bits.pop(), Some(true));
+    assert_eq!(bits.pop(), Some(false));
+    assert_eq!(bits.pop(), None);
+
+    for i in 0..27 {
+        assert_eq!(bits.len(), i);
+        bits.push(true);
+    }
+}

From 5bf73cb8fdcd4bcb33381992c8608fd77df7dce6 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 20 Nov 2020 03:26:26 +0100
Subject: [PATCH 007/192] fail on UP=true in make

---
 src/ctap/data_formats.rs | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index dacafe5..45ebf9f 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -361,10 +361,8 @@ impl TryFrom<cbor::Value> for MakeCredentialOptions {
             Some(options_entry) => extract_bool(options_entry)?,
             None => false,
         };
-        if let Some(options_entry) = up {
-            if !extract_bool(options_entry)? {
-                return Err(Ctap2StatusCode::CTAP2_ERR_INVALID_OPTION);
-            }
+        if up.is_some() {
+            return Err(Ctap2StatusCode::CTAP2_ERR_INVALID_OPTION);
         }
         let uv = match uv {
             Some(options_entry) => extract_bool(options_entry)?,

From 9bb1aad45d526b29bb5f6477c56b5136a880cff2 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Mon, 23 Nov 2020 12:02:51 +0100
Subject: [PATCH 008/192] wraps HMAC secret into credentials

---
 src/ctap/ctap1.rs |  50 ++++++----
 src/ctap/mod.rs   | 229 ++++++++++++++++++++++++++++++++++++++++------
 2 files changed, 236 insertions(+), 43 deletions(-)

diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index 84c6fb0..a5a7921 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -288,7 +288,7 @@ impl Ctap1Command {
         let sk = crypto::ecdsa::SecKey::gensk(ctap_state.rng);
         let pk = sk.genpk();
         let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application)
+            .encrypt_key_handle(sk, &application, None)
             .map_err(|_| Ctap1StatusCode::SW_VENDOR_KEY_HANDLE_TOO_LONG)?;
         if key_handle.len() > 0xFF {
             // This is just being defensive with unreachable code.
@@ -373,7 +373,7 @@ impl Ctap1Command {
 
 #[cfg(test)]
 mod test {
-    use super::super::{ENCRYPTED_CREDENTIAL_ID_SIZE, USE_SIGNATURE_COUNTER};
+    use super::super::{CREDENTIAL_ID_BASE_SIZE, USE_SIGNATURE_COUNTER};
     use super::*;
     use crypto::rng256::ThreadRng256;
     use crypto::Hash256;
@@ -413,12 +413,12 @@ mod test {
             0x00,
             0x00,
             0x00,
-            65 + ENCRYPTED_CREDENTIAL_ID_SIZE as u8,
+            65 + CREDENTIAL_ID_BASE_SIZE as u8,
         ];
         let challenge = [0x0C; 32];
         message.extend(&challenge);
         message.extend(application);
-        message.push(ENCRYPTED_CREDENTIAL_ID_SIZE as u8);
+        message.push(CREDENTIAL_ID_BASE_SIZE as u8);
         message.extend(key_handle);
         message
     }
@@ -437,15 +437,15 @@ mod test {
             Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE).unwrap();
 
         assert_eq!(response[0], Ctap1Command::LEGACY_BYTE);
-        assert_eq!(response[66], ENCRYPTED_CREDENTIAL_ID_SIZE as u8);
+        assert_eq!(response[66], CREDENTIAL_ID_BASE_SIZE as u8);
         assert!(ctap_state
             .decrypt_credential_source(
-                response[67..67 + ENCRYPTED_CREDENTIAL_ID_SIZE].to_vec(),
+                response[67..67 + CREDENTIAL_ID_BASE_SIZE].to_vec(),
                 &application
             )
             .unwrap()
             .is_some());
-        const CERT_START: usize = 67 + ENCRYPTED_CREDENTIAL_ID_SIZE;
+        const CERT_START: usize = 67 + CREDENTIAL_ID_BASE_SIZE;
         assert_eq!(
             &response[CERT_START..CERT_START + ATTESTATION_CERTIFICATE.len()],
             &ATTESTATION_CERTIFICATE[..]
@@ -494,7 +494,9 @@ mod test {
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
+        let key_handle = ctap_state
+            .encrypt_key_handle(sk, &application, None)
+            .unwrap();
         let message = create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
 
         let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
@@ -510,7 +512,9 @@ mod test {
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
+        let key_handle = ctap_state
+            .encrypt_key_handle(sk, &application, None)
+            .unwrap();
         let application = [0x55; 32];
         let message = create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
 
@@ -527,7 +531,9 @@ mod test {
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
+        let key_handle = ctap_state
+            .encrypt_key_handle(sk, &application, None)
+            .unwrap();
         let mut message =
             create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
 
@@ -551,7 +557,9 @@ mod test {
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
+        let key_handle = ctap_state
+            .encrypt_key_handle(sk, &application, None)
+            .unwrap();
         let mut message =
             create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
         message[0] = 0xEE;
@@ -569,7 +577,9 @@ mod test {
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
+        let key_handle = ctap_state
+            .encrypt_key_handle(sk, &application, None)
+            .unwrap();
         let mut message =
             create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
         message[1] = 0xEE;
@@ -587,7 +597,9 @@ mod test {
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
+        let key_handle = ctap_state
+            .encrypt_key_handle(sk, &application, None)
+            .unwrap();
         let mut message =
             create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
         message[2] = 0xEE;
@@ -605,7 +617,9 @@ mod test {
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
+        let key_handle = ctap_state
+            .encrypt_key_handle(sk, &application, None)
+            .unwrap();
         let message =
             create_authenticate_message(&application, Ctap1Flags::EnforceUpAndSign, &key_handle);
 
@@ -630,7 +644,9 @@ mod test {
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
+        let key_handle = ctap_state
+            .encrypt_key_handle(sk, &application, None)
+            .unwrap();
         let message = create_authenticate_message(
             &application,
             Ctap1Flags::DontEnforceUpAndSign,
@@ -650,7 +666,7 @@ mod test {
     #[test]
     fn test_process_authenticate_bad_key_handle() {
         let application = [0x0A; 32];
-        let key_handle = vec![0x00; ENCRYPTED_CREDENTIAL_ID_SIZE];
+        let key_handle = vec![0x00; CREDENTIAL_ID_BASE_SIZE];
         let message =
             create_authenticate_message(&application, Ctap1Flags::EnforceUpAndSign, &key_handle);
 
@@ -667,7 +683,7 @@ mod test {
     #[test]
     fn test_process_authenticate_without_up() {
         let application = [0x0A; 32];
-        let key_handle = vec![0x00; ENCRYPTED_CREDENTIAL_ID_SIZE];
+        let key_handle = vec![0x00; CREDENTIAL_ID_BASE_SIZE];
         let message =
             create_authenticate_message(&application, Ctap1Flags::EnforceUpAndSign, &key_handle);
 
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 66ef234..2e095ed 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -83,8 +83,9 @@ const USE_SIGNATURE_COUNTER: bool = true;
 // - 16 byte initialization vector for AES-256,
 // - 32 byte ECDSA private key for the credential,
 // - 32 byte relying party ID hashed with SHA256,
+// - (optional) 32 byte for HMAC-secret,
 // - 32 byte HMAC-SHA256 over everything else.
-pub const ENCRYPTED_CREDENTIAL_ID_SIZE: usize = 112;
+pub const CREDENTIAL_ID_BASE_SIZE: usize = 112;
 // Set this bit when checking user presence.
 const UP_FLAG: u8 = 0x01;
 // Set this bit when checking user verification.
@@ -195,6 +196,7 @@ where
         &mut self,
         private_key: crypto::ecdsa::SecKey,
         application: &[u8; 32],
+        cred_random: Option<&[u8; 32]>,
     ) -> Result<Vec<u8>, Ctap2StatusCode> {
         let master_keys = self.persistent_store.master_keys()?;
         let aes_enc_key = crypto::aes256::EncryptionKey::new(&master_keys.encryption);
@@ -203,14 +205,19 @@ where
         let mut iv = [0; 16];
         iv.copy_from_slice(&self.rng.gen_uniform_u8x32()[..16]);
 
-        let mut blocks = [[0u8; 16]; 4];
+        let block_len = if cred_random.is_some() { 6 } else { 4 };
+        let mut blocks = vec![[0u8; 16]; block_len];
         blocks[0].copy_from_slice(&sk_bytes[..16]);
         blocks[1].copy_from_slice(&sk_bytes[16..]);
         blocks[2].copy_from_slice(&application[..16]);
         blocks[3].copy_from_slice(&application[16..]);
+        if let Some(cred_random) = cred_random {
+            blocks[4].copy_from_slice(&cred_random[..16]);
+            blocks[5].copy_from_slice(&cred_random[16..]);
+        }
         cbc_encrypt(&aes_enc_key, iv, &mut blocks);
 
-        let mut encrypted_id = Vec::with_capacity(ENCRYPTED_CREDENTIAL_ID_SIZE);
+        let mut encrypted_id = Vec::with_capacity(16 * (block_len + 3));
         encrypted_id.extend(&iv);
         for b in &blocks {
             encrypted_id.extend(b);
@@ -228,11 +235,15 @@ where
         credential_id: Vec<u8>,
         rp_id_hash: &[u8],
     ) -> Result<Option<PublicKeyCredentialSource>, Ctap2StatusCode> {
-        if credential_id.len() != ENCRYPTED_CREDENTIAL_ID_SIZE {
+        let has_cred_random = if credential_id.len() == CREDENTIAL_ID_BASE_SIZE {
+            false
+        } else if credential_id.len() == CREDENTIAL_ID_BASE_SIZE + 32 {
+            true
+        } else {
             return Ok(None);
-        }
+        };
         let master_keys = self.persistent_store.master_keys()?;
-        let payload_size = ENCRYPTED_CREDENTIAL_ID_SIZE - 32;
+        let payload_size = credential_id.len() - 32;
         if !verify_hmac_256::<Sha256>(
             &master_keys.hmac,
             &credential_id[..payload_size],
@@ -244,8 +255,9 @@ where
         let aes_dec_key = crypto::aes256::DecryptionKey::new(&aes_enc_key);
         let mut iv = [0; 16];
         iv.copy_from_slice(&credential_id[..16]);
-        let mut blocks = [[0u8; 16]; 4];
-        for i in 0..4 {
+        let block_len = if has_cred_random { 6 } else { 4 };
+        let mut blocks = vec![[0u8; 16]; block_len];
+        for i in 0..block_len {
             blocks[i].copy_from_slice(&credential_id[16 * (i + 1)..16 * (i + 2)]);
         }
 
@@ -256,6 +268,14 @@ where
         decrypted_sk[16..].clone_from_slice(&blocks[1]);
         decrypted_rp_id_hash[..16].clone_from_slice(&blocks[2]);
         decrypted_rp_id_hash[16..].clone_from_slice(&blocks[3]);
+        let cred_random = if has_cred_random {
+            let mut decrypted_cred_random = [0; 32];
+            decrypted_cred_random[..16].clone_from_slice(&blocks[4]);
+            decrypted_cred_random[16..].clone_from_slice(&blocks[5]);
+            Some(decrypted_cred_random.to_vec())
+        } else {
+            None
+        };
 
         if rp_id_hash != decrypted_rp_id_hash {
             return Ok(None);
@@ -269,7 +289,7 @@ where
             rp_id: String::from(""),
             user_handle: vec![],
             other_ui: None,
-            cred_random: None,
+            cred_random,
             cred_protect_policy: None,
         }))
     }
@@ -380,11 +400,7 @@ where
         };
 
         let cred_random = if use_hmac_extension {
-            if !options.rk {
-                // The extension is actually supported, but we need resident keys.
-                return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION);
-            }
-            Some(self.rng.gen_uniform_u8x32().to_vec())
+            Some(self.rng.gen_uniform_u8x32())
         } else {
             None
         };
@@ -463,13 +479,13 @@ where
                 other_ui: user
                     .user_display_name
                     .map(|s| truncate_to_char_boundary(&s, 64).to_string()),
-                cred_random,
+                cred_random: cred_random.map(|c| c.to_vec()),
                 cred_protect_policy,
             };
             self.persistent_store.store_credential(credential_source)?;
             random_id
         } else {
-            self.encrypt_key_handle(sk.clone(), &rp_id_hash)?
+            self.encrypt_key_handle(sk.clone(), &rp_id_hash, cred_random.as_ref())?
         };
 
         let mut auth_data = self.generate_auth_data(&rp_id_hash, flags)?;
@@ -728,10 +744,9 @@ where
                 ]),
                 #[cfg(feature = "with_ctap2_1")]
                 max_credential_count_in_list: MAX_CREDENTIAL_COUNT_IN_LIST.map(|c| c as u64),
-                // You can use ENCRYPTED_CREDENTIAL_ID_SIZE here, but if your
-                // browser passes that value, it might be used to fingerprint.
+                // #TODO(106) update with version 2.1 of HMAC-secret
                 #[cfg(feature = "with_ctap2_1")]
-                max_credential_id_length: None,
+                max_credential_id_length: Some(CREDENTIAL_ID_BASE_SIZE as u64 + 32),
                 #[cfg(feature = "with_ctap2_1")]
                 transports: Some(vec![AuthenticatorTransport::Usb]),
                 #[cfg(feature = "with_ctap2_1")]
@@ -829,7 +844,7 @@ mod test {
         let info_reponse = ctap_state.process_command(&[0x04], DUMMY_CHANNEL_ID);
 
         #[cfg(feature = "with_ctap2_1")]
-        let mut expected_response = vec![0x00, 0xA9, 0x01];
+        let mut expected_response = vec![0x00, 0xAA, 0x01];
         #[cfg(not(feature = "with_ctap2_1"))]
         let mut expected_response = vec![0x00, 0xA6, 0x01];
         // The difference here is a longer array of supported versions.
@@ -864,9 +879,9 @@ mod test {
         #[cfg(feature = "with_ctap2_1")]
         expected_response.extend(
             [
-                0x09, 0x81, 0x63, 0x75, 0x73, 0x62, 0x0A, 0x81, 0xA2, 0x63, 0x61, 0x6C, 0x67, 0x26,
-                0x64, 0x74, 0x79, 0x70, 0x65, 0x6A, 0x70, 0x75, 0x62, 0x6C, 0x69, 0x63, 0x2D, 0x6B,
-                0x65, 0x79, 0x0D, 0x04,
+                0x08, 0x18, 0x90, 0x09, 0x81, 0x63, 0x75, 0x73, 0x62, 0x0A, 0x81, 0xA2, 0x63, 0x61,
+                0x6C, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6A, 0x70, 0x75, 0x62, 0x6C, 0x69,
+                0x63, 0x2D, 0x6B, 0x65, 0x79, 0x0D, 0x04,
             ]
             .iter(),
         );
@@ -993,7 +1008,7 @@ mod test {
                     0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x41, 0x00, 0x00, 0x00, 0x00,
                 ];
                 expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
-                expected_auth_data.extend(&[0x00, ENCRYPTED_CREDENTIAL_ID_SIZE as u8]);
+                expected_auth_data.extend(&[0x00, CREDENTIAL_ID_BASE_SIZE as u8]);
                 assert_eq!(
                     auth_data[0..expected_auth_data.len()],
                     expected_auth_data[..]
@@ -1114,6 +1129,57 @@ mod test {
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
 
+        let extensions = Some(MakeCredentialExtensions {
+            hmac_secret: true,
+            cred_protect: None,
+        });
+        let mut make_credential_params = create_minimal_make_credential_parameters();
+        make_credential_params.options.rk = false;
+        make_credential_params.extensions = extensions;
+        let make_credential_response =
+            ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
+
+        match make_credential_response.unwrap() {
+            ResponseData::AuthenticatorMakeCredential(make_credential_response) => {
+                let AuthenticatorMakeCredentialResponse {
+                    fmt,
+                    auth_data,
+                    att_stmt,
+                } = make_credential_response;
+                // The expected response is split to only assert the non-random parts.
+                assert_eq!(fmt, "packed");
+                let mut expected_auth_data = vec![
+                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
+                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
+                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0xC1, 0x00, 0x00, 0x00, 0x00,
+                ];
+                expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
+                let credential_size = CREDENTIAL_ID_BASE_SIZE + 32;
+                expected_auth_data.extend(&[0x00, credential_size as u8]);
+                assert_eq!(
+                    auth_data[0..expected_auth_data.len()],
+                    expected_auth_data[..]
+                );
+                let expected_extension_cbor = vec![
+                    0xA1, 0x6B, 0x68, 0x6D, 0x61, 0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74,
+                    0xF5,
+                ];
+                assert_eq!(
+                    auth_data[auth_data.len() - expected_extension_cbor.len()..auth_data.len()],
+                    expected_extension_cbor[..]
+                );
+                assert_eq!(att_stmt.alg, SignatureAlgorithm::ES256 as i64);
+            }
+            _ => panic!("Invalid response type"),
+        }
+    }
+
+    #[test]
+    fn test_process_make_credential_hmac_secret_resident_key() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+
         let extensions = Some(MakeCredentialExtensions {
             hmac_secret: true,
             cred_protect: None,
@@ -1220,6 +1286,71 @@ mod test {
         }
     }
 
+    #[test]
+    fn test_process_get_assertion_hmac_secret() {
+        let mut rng = ThreadRng256 {};
+        let sk = crypto::ecdh::SecKey::gensk(&mut rng);
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+
+        let make_extensions = Some(MakeCredentialExtensions {
+            hmac_secret: true,
+            cred_protect: None,
+        });
+        let mut make_credential_params = create_minimal_make_credential_parameters();
+        make_credential_params.options.rk = false;
+        make_credential_params.extensions = make_extensions;
+        let make_credential_response =
+            ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
+        assert!(make_credential_response.is_ok());
+        let credential_id = match make_credential_response.unwrap() {
+            ResponseData::AuthenticatorMakeCredential(make_credential_response) => {
+                let auth_data = make_credential_response.auth_data;
+                let offset = 37 + ctap_state.persistent_store.aaguid().unwrap().len();
+                let credential_size = CREDENTIAL_ID_BASE_SIZE + 32;
+                assert_eq!(auth_data[offset], 0x00);
+                assert_eq!(auth_data[offset + 1] as usize, credential_size);
+                auth_data[offset + 2..offset + 2 + credential_size].to_vec()
+            }
+            _ => panic!("Invalid response type"),
+        };
+
+        let pk = sk.genpk();
+        let hmac_secret_input = GetAssertionHmacSecretInput {
+            key_agreement: CoseKey::from(pk),
+            salt_enc: vec![0x02; 32],
+            salt_auth: vec![0x03; 16],
+        };
+        let get_extensions = Some(GetAssertionExtensions {
+            hmac_secret: Some(hmac_secret_input),
+        });
+
+        let cred_desc = PublicKeyCredentialDescriptor {
+            key_type: PublicKeyCredentialType::PublicKey,
+            key_id: credential_id,
+            transports: None,
+        };
+        let get_assertion_params = AuthenticatorGetAssertionParameters {
+            rp_id: String::from("example.com"),
+            client_data_hash: vec![0xCD],
+            allow_list: Some(vec![cred_desc]),
+            extensions: get_extensions,
+            options: GetAssertionOptions {
+                up: false,
+                uv: false,
+            },
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let get_assertion_response =
+            ctap_state.process_get_assertion(get_assertion_params, DUMMY_CHANNEL_ID);
+
+        assert_eq!(
+            get_assertion_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION)
+        );
+    }
+
     #[test]
     fn test_residential_process_get_assertion_hmac_secret() {
         let mut rng = ThreadRng256 {};
@@ -1435,7 +1566,7 @@ mod test {
         // We are not testing the correctness of our SHA256 here, only if it is checked.
         let rp_id_hash = [0x55; 32];
         let encrypted_id = ctap_state
-            .encrypt_key_handle(private_key.clone(), &rp_id_hash)
+            .encrypt_key_handle(private_key.clone(), &rp_id_hash, None)
             .unwrap();
         let decrypted_source = ctap_state
             .decrypt_credential_source(encrypted_id, &rp_id_hash)
@@ -1445,6 +1576,29 @@ mod test {
         assert_eq!(private_key, decrypted_source.private_key);
     }
 
+    #[test]
+    fn test_encrypt_decrypt_credential_with_cred_random() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let private_key = crypto::ecdsa::SecKey::gensk(&mut rng);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+
+        // Usually, the relying party ID or its hash is provided by the client.
+        // We are not testing the correctness of our SHA256 here, only if it is checked.
+        let rp_id_hash = [0x55; 32];
+        let cred_random = [0xC9; 32];
+        let encrypted_id = ctap_state
+            .encrypt_key_handle(private_key.clone(), &rp_id_hash, Some(&cred_random))
+            .unwrap();
+        let decrypted_source = ctap_state
+            .decrypt_credential_source(encrypted_id, &rp_id_hash)
+            .unwrap()
+            .unwrap();
+
+        assert_eq!(private_key, decrypted_source.private_key);
+        assert_eq!(Some(cred_random.to_vec()), decrypted_source.cred_random);
+    }
+
     #[test]
     fn test_encrypt_decrypt_bad_hmac() {
         let mut rng = ThreadRng256 {};
@@ -1455,7 +1609,30 @@ mod test {
         // Same as above.
         let rp_id_hash = [0x55; 32];
         let encrypted_id = ctap_state
-            .encrypt_key_handle(private_key, &rp_id_hash)
+            .encrypt_key_handle(private_key, &rp_id_hash, None)
+            .unwrap();
+        for i in 0..encrypted_id.len() {
+            let mut modified_id = encrypted_id.clone();
+            modified_id[i] ^= 0x01;
+            assert!(ctap_state
+                .decrypt_credential_source(modified_id, &rp_id_hash)
+                .unwrap()
+                .is_none());
+        }
+    }
+
+    #[test]
+    fn test_encrypt_decrypt_bad_hmac_with_cred_random() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let private_key = crypto::ecdsa::SecKey::gensk(&mut rng);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+
+        // Same as above.
+        let rp_id_hash = [0x55; 32];
+        let cred_random = [0xC9; 32];
+        let encrypted_id = ctap_state
+            .encrypt_key_handle(private_key, &rp_id_hash, Some(&cred_random))
             .unwrap();
         for i in 0..encrypted_id.len() {
             let mut modified_id = encrypted_id.clone();

From a099ddbabde0c208b821c5417d5ed16e86560bd9 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Mon, 23 Nov 2020 14:34:38 +0100
Subject: [PATCH 009/192] introduce max credential size for readability

---
 src/ctap/mod.rs | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 2e095ed..dd9cabe 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -86,6 +86,7 @@ const USE_SIGNATURE_COUNTER: bool = true;
 // - (optional) 32 byte for HMAC-secret,
 // - 32 byte HMAC-SHA256 over everything else.
 pub const CREDENTIAL_ID_BASE_SIZE: usize = 112;
+pub const CREDENTIAL_ID_MAX_SIZE: usize = CREDENTIAL_ID_BASE_SIZE + 32;
 // Set this bit when checking user presence.
 const UP_FLAG: u8 = 0x01;
 // Set this bit when checking user verification.
@@ -235,12 +236,10 @@ where
         credential_id: Vec<u8>,
         rp_id_hash: &[u8],
     ) -> Result<Option<PublicKeyCredentialSource>, Ctap2StatusCode> {
-        let has_cred_random = if credential_id.len() == CREDENTIAL_ID_BASE_SIZE {
-            false
-        } else if credential_id.len() == CREDENTIAL_ID_BASE_SIZE + 32 {
-            true
-        } else {
-            return Ok(None);
+        let has_cred_random = match credential_id.len() {
+            CREDENTIAL_ID_BASE_SIZE => false,
+            CREDENTIAL_ID_MAX_SIZE => true,
+            _ => return Ok(None),
         };
         let master_keys = self.persistent_store.master_keys()?;
         let payload_size = credential_id.len() - 32;
@@ -1154,8 +1153,7 @@ mod test {
                     0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0xC1, 0x00, 0x00, 0x00, 0x00,
                 ];
                 expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
-                let credential_size = CREDENTIAL_ID_BASE_SIZE + 32;
-                expected_auth_data.extend(&[0x00, credential_size as u8]);
+                expected_auth_data.extend(&[0x00, CREDENTIAL_ID_MAX_SIZE as u8]);
                 assert_eq!(
                     auth_data[0..expected_auth_data.len()],
                     expected_auth_data[..]
@@ -1307,10 +1305,9 @@ mod test {
             ResponseData::AuthenticatorMakeCredential(make_credential_response) => {
                 let auth_data = make_credential_response.auth_data;
                 let offset = 37 + ctap_state.persistent_store.aaguid().unwrap().len();
-                let credential_size = CREDENTIAL_ID_BASE_SIZE + 32;
                 assert_eq!(auth_data[offset], 0x00);
-                assert_eq!(auth_data[offset + 1] as usize, credential_size);
-                auth_data[offset + 2..offset + 2 + credential_size].to_vec()
+                assert_eq!(auth_data[offset + 1] as usize, CREDENTIAL_ID_MAX_SIZE);
+                auth_data[offset + 2..offset + 2 + CREDENTIAL_ID_MAX_SIZE].to_vec()
             }
             _ => panic!("Invalid response type"),
         };

From 174c292f2f700cbfc85dec8da6c0412180e50fff Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <github@ichizoku.org>
Date: Mon, 23 Nov 2020 19:16:48 +0100
Subject: [PATCH 010/192] Adding metadata file used for certification.

---
 metadata/metadata.json | 47 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 metadata/metadata.json

diff --git a/metadata/metadata.json b/metadata/metadata.json
new file mode 100644
index 0000000..bb81d0c
--- /dev/null
+++ b/metadata/metadata.json
@@ -0,0 +1,47 @@
+{
+   "assertionScheme" : "FIDOV2",
+   "keyProtection" : 1,
+   "attestationRootCertificates" : [
+   ],
+   "aaguid" : "664d9f67-84a2-412a-9ff7-b4f7d8ee6d05",
+   "publicKeyAlgAndEncoding" : 260,
+   "protocolFamily" : "fido2",
+   "upv" : [
+      {
+         "major" : 1,
+         "minor" : 0
+      }
+   ],
+   "icon" : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAAAXNSR0IArs4c6QAAAERlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAAAQKADAAQAAAABAAAAQAAAAABGUUKwAAAIQ0lEQVR4Ae1aCVSUVRT+kGVYBBQFBYzYFJFNLdPQVksz85QnszRNbaPNzDI0OaIH27VUUnOpzAqXMJNIszKTUEQWRXBnExRiUYEUBATs3lfzJw3LDP/MMOfMPI/M++97///uve+++9797jO7TgVGXLoYsexCdJMCTBZg5BowLQEjNwCYLMBkAUauAdMSMHIDgEVnKqC8/AKOZh2Do6MDAgMGwMbaWu/s6FUBTU1NyMnNQ8bRTPqfheI/SySBzc3N4devLwaGBGFgcBBcXJylNl1WzHQdDVbX1CDr2HEcJYEz6be6ukYteVxdewtFsEL6+vqgSxfduCudKaCgsBCbt27Dmexc8MzLKba2tggOCkDYszNgZmYm51Mq7+pGrTRMcXEJTp3Oli08c1xDVpR8KBW6gC50pgAVVRsoQWcKcHd3w4jht6N7924GKvo/bGl1F+C1fu78eWH+TdebcOeIUEyfOhkHk1OwJXY7OcBqg1OG1hRwICkZ38fF48LFS82EdHLqjkmPT8DihRF4b8nH4L3fkIrsJcCO6cuvYrD+i40qwrOgly5VYNWn65GUfAjhb7wGKysrQ5Jffji8a/ev2PfH/naF2rY9jma/HA+PG9tuX312kLUErly5grj4H9XmN3b7Dix4Kxz33n2H2u+czs5B9Mo1sLS01MlhSJYC0g5noL7+WjNh+NAydsxoMnVL/ETWcamiQmrPzy9AZWUV2C+oW/hY7KTDnUSWDygoKFSRY/pTk0kBo3D/yHvwyovPq7SXlpWr0Noi/PZ7gvAtDg4ObXXrcJssBdTV16sM7O7mJtFaDmhUE1HFxX/SqfGM9J6ykpySim82bRWPHjf1UZK1+itLAT1aMOWkg4ckBhMSVZ2ju5ur1M47yO5f9iAy6l18sHQ59tJsK0vigYNYu36DdPz18vJUNmn1V5YP4Bg+fufuZgz5+nhLzzY2NlKdKwED+qOJhN7xw04h2PETJ0V4rOz0VcwWnDh1WgQ8qWmHlWTxHBIcKD1rsyJLARy/e3t5Ii//rODJx9sLgwYGS/zdessgxGz+Fo2NjWL/f2LiBPxICtuzd5/U5/+VtPQj/yfB368fujk6qtC1QZC1BJiBZ5+eBtt/Z/qxRx9pxpODvT2G3z4UFhYWCHtuBi5fvgx2apqWUaNGavqK2v21ggcUFJ4Th6FpUyapDHzh4kXU1taK7W/l6nWoratT6dMWwfNmDyxa8FZbXWS1aUUB7XGQkZmF5dGr2+um0s7gx8KIufD0vFmlTVsE2UtAHUaCAwMI1vrPOarzDvcZN3aMToXnMfSiAMbzXnj+GXTrpr4jGzwoBOMffoh51GnRiwJYgh5OTpj35utqefOgwAGE/z2tdfyvJU3qxQfcOHAZHYU/Wb2WgJOiG8lSfXjoMMx4agrtHOYSTZcVvSuAham/dg2bt8Ti94RESTYbG2tMfXISQofdJtH0UekUBSgFY+g89rs4uLn1xrgHx8DevquySW+/naoAvUnZxkB6c4Jt8NCpTSYFdKr6DWDwDltAQ0Mjjh0/ifQjGWBsUFflfFERODTOyzsrDVFRUYnsnFzpuZ6AmRMnT3UIcu9QOMwBzocfrSDBq2FHGGBlVRVeCnuGQuEQiSltVDZs/AaHUtLg4XGTSLj08/XFrJkvIjX9MIGxu7BqxVKBKzAkn5uXT3HDPI2H7ZACNm2OFZcZoiLnw5ouNTDau/7zjVi29H1crb2KSpohOzs7nKVtjpnmCxDKwtgBzyBjCV272lGIfAWlZWXo5eKCMzk56EOQWq9eLigimCwh8QDmz52Dfn19UFpahrkRC8nqTig/JX7j4nciM+s4IubNaTZOs05tPGisAAY3+FbH1MmPC+H526PvH4mdu36mVHi2SITE0CHHxbkneJn8RRjA4kUR4ij8+YavxZLp2cNJoMVRkRHIzc8X0FcfyiU2NV0nwYso/J0vhOFLEympaXB3dxVKWfdpNCyIVkLK4JKSli4s4dWXw9BRzFBjH8D5PVbCjYENAx8c8FRV/SUY4z8L5ofjnagFQpB9dOLjmU88kIRIokdRmsy1d2/8smev6N/Q0IDXX3uF6Cy4o1jP/E1GlY9kZOLV2eGIXrUGZWQpyosSdYQrfEam70hocf/+ftK4mlY0VoBC8c89ntra/4ANFoATowprhRifESCFQgGeQR8vTzLxchQSaMLx/ScEikRELhYmXkaZIjP6x4UF5sLoEjs1LgyvLXl/MebMnolGsqa3310ilg+38Zh33TEC1+lfzL/IMdM1LRovAYXCSpgbz8ywoUPEeMp16evtTevxWDMeKigRwibPCuHZmzXzBVhZWgnGrSjbc/KUKhzOH2BInBMrbEn+NMPeXl4Ie3mWBKJyAubJSRPFzZGPlq9ECF2lGXLL4GZjq/OgsQL4oxMnjMey6FVY95k5nJ17CJCT/YDyLgDf6NhEfoADHN6ewt+YJYANPuszzs+MJlHK/B5KkXUxa9kI/f38sGXrd1i6LBpBgQG07eUJ6/D29kT64QwpVOa2kffeJRK0PAFKHtQRnvuYL6KibmdlP0548OUl9sx8BuAs0AOj7xPNnC3KpT2bEWEOeR98YJTYHi1pWQy5dTBKSkpxlvoM8PcjwHSYgMl5yfAdIC41NVfhRRAYO7XQ0KGEJ9aJJcROddqUyXDuyc61ATa2Ngjw7y/eYdSYcUcubjfkHQShnT9aD4YS/tiP7TviseLjD9oZ2jCaW7Y/GbzZkzPz8NBNGksGW62+qnULaHUkA23QugUYqJytsmVSQKuqMZIGkwUYyUS3KqbJAlpVjZE0mCzASCa6VTH/Bnoy/0KF7w+OAAAAAElFTkSuQmCC",
+   "matcherProtection" : 1,
+   "supportedExtensions" : [
+      {
+         "id" : "hmac-secret",
+         "fail_if_unknown" : false
+      },
+      {
+         "id" : "credProtect",
+         "fail_if_unknown" : false
+      }
+   ],
+   "cryptoStrength" : 128,
+   "description" : "OpenSK authenticator",
+   "authenticatorVersion" : 1,
+   "isSecondFactorOnly" : false,
+   "userVerificationDetails" : [
+      [
+         {
+            "userVerification" : 1
+         },
+         {
+         	"userVerification" : 4
+         }
+      ]
+   ],
+   "attachmentHint" : 6,
+   "attestationTypes" : [
+      15880
+   ],
+   "authenticationAlgorithm" : 1,
+   "tcDisplay" : 0
+}

From 90f2d4a24955544fe426eb79a201f18b20253aa3 Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <github@ichizoku.org>
Date: Mon, 23 Nov 2020 20:33:01 +0100
Subject: [PATCH 011/192] Fix indentation

---
 metadata/metadata.json | 55 +++++++++++++++++++++---------------------
 1 file changed, 27 insertions(+), 28 deletions(-)

diff --git a/metadata/metadata.json b/metadata/metadata.json
index bb81d0c..eedeed9 100644
--- a/metadata/metadata.json
+++ b/metadata/metadata.json
@@ -1,47 +1,46 @@
 {
-   "assertionScheme" : "FIDOV2",
-   "keyProtection" : 1,
-   "attestationRootCertificates" : [
-   ],
-   "aaguid" : "664d9f67-84a2-412a-9ff7-b4f7d8ee6d05",
-   "publicKeyAlgAndEncoding" : 260,
-   "protocolFamily" : "fido2",
-   "upv" : [
+   "assertionScheme": "FIDOV2",
+   "keyProtection": 1,
+   "attestationRootCertificates": [],
+   "aaguid": "664d9f67-84a2-412a-9ff7-b4f7d8ee6d05",
+   "publicKeyAlgAndEncoding": 260,
+   "protocolFamily": "fido2",
+   "upv": [
       {
-         "major" : 1,
-         "minor" : 0
+         "major": 1,
+         "minor": 0
       }
    ],
-   "icon" : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAAAXNSR0IArs4c6QAAAERlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAAAQKADAAQAAAABAAAAQAAAAABGUUKwAAAIQ0lEQVR4Ae1aCVSUVRT+kGVYBBQFBYzYFJFNLdPQVksz85QnszRNbaPNzDI0OaIH27VUUnOpzAqXMJNIszKTUEQWRXBnExRiUYEUBATs3lfzJw3LDP/MMOfMPI/M++97///uve+++9797jO7TgVGXLoYsexCdJMCTBZg5BowLQEjNwCYLMBkAUauAdMSMHIDgEVnKqC8/AKOZh2Do6MDAgMGwMbaWu/s6FUBTU1NyMnNQ8bRTPqfheI/SySBzc3N4devLwaGBGFgcBBcXJylNl1WzHQdDVbX1CDr2HEcJYEz6be6ukYteVxdewtFsEL6+vqgSxfduCudKaCgsBCbt27Dmexc8MzLKba2tggOCkDYszNgZmYm51Mq7+pGrTRMcXEJTp3Oli08c1xDVpR8KBW6gC50pgAVVRsoQWcKcHd3w4jht6N7924GKvo/bGl1F+C1fu78eWH+TdebcOeIUEyfOhkHk1OwJXY7OcBqg1OG1hRwICkZ38fF48LFS82EdHLqjkmPT8DihRF4b8nH4L3fkIrsJcCO6cuvYrD+i40qwrOgly5VYNWn65GUfAjhb7wGKysrQ5Jffji8a/ev2PfH/naF2rY9jma/HA+PG9tuX312kLUErly5grj4H9XmN3b7Dix4Kxz33n2H2u+czs5B9Mo1sLS01MlhSJYC0g5noL7+WjNh+NAydsxoMnVL/ETWcamiQmrPzy9AZWUV2C+oW/hY7KTDnUSWDygoKFSRY/pTk0kBo3D/yHvwyovPq7SXlpWr0Noi/PZ7gvAtDg4ObXXrcJssBdTV16sM7O7mJtFaDmhUE1HFxX/SqfGM9J6ykpySim82bRWPHjf1UZK1+itLAT1aMOWkg4ckBhMSVZ2ju5ur1M47yO5f9iAy6l18sHQ59tJsK0vigYNYu36DdPz18vJUNmn1V5YP4Bg+fufuZgz5+nhLzzY2NlKdKwED+qOJhN7xw04h2PETJ0V4rOz0VcwWnDh1WgQ8qWmHlWTxHBIcKD1rsyJLARy/e3t5Ii//rODJx9sLgwYGS/zdessgxGz+Fo2NjWL/f2LiBPxICtuzd5/U5/+VtPQj/yfB368fujk6qtC1QZC1BJiBZ5+eBtt/Z/qxRx9pxpODvT2G3z4UFhYWCHtuBi5fvgx2apqWUaNGavqK2v21ggcUFJ4Th6FpUyapDHzh4kXU1taK7W/l6nWoratT6dMWwfNmDyxa8FZbXWS1aUUB7XGQkZmF5dGr2+um0s7gx8KIufD0vFmlTVsE2UtAHUaCAwMI1vrPOarzDvcZN3aMToXnMfSiAMbzXnj+GXTrpr4jGzwoBOMffoh51GnRiwJYgh5OTpj35utqefOgwAGE/z2tdfyvJU3qxQfcOHAZHYU/Wb2WgJOiG8lSfXjoMMx4agrtHOYSTZcVvSuAham/dg2bt8Ti94RESTYbG2tMfXISQofdJtH0UekUBSgFY+g89rs4uLn1xrgHx8DevquySW+/naoAvUnZxkB6c4Jt8NCpTSYFdKr6DWDwDltAQ0Mjjh0/ifQjGWBsUFflfFERODTOyzsrDVFRUYnsnFzpuZ6AmRMnT3UIcu9QOMwBzocfrSDBq2FHGGBlVRVeCnuGQuEQiSltVDZs/AaHUtLg4XGTSLj08/XFrJkvIjX9MIGxu7BqxVKBKzAkn5uXT3HDPI2H7ZACNm2OFZcZoiLnw5ouNTDau/7zjVi29H1crb2KSpohOzs7nKVtjpnmCxDKwtgBzyBjCV272lGIfAWlZWXo5eKCMzk56EOQWq9eLigimCwh8QDmz52Dfn19UFpahrkRC8nqTig/JX7j4nciM+s4IubNaTZOs05tPGisAAY3+FbH1MmPC+H526PvH4mdu36mVHi2SITE0CHHxbkneJn8RRjA4kUR4ij8+YavxZLp2cNJoMVRkRHIzc8X0FcfyiU2NV0nwYso/J0vhOFLEympaXB3dxVKWfdpNCyIVkLK4JKSli4s4dWXw9BRzFBjH8D5PVbCjYENAx8c8FRV/SUY4z8L5ofjnagFQpB9dOLjmU88kIRIokdRmsy1d2/8smev6N/Q0IDXX3uF6Cy4o1jP/E1GlY9kZOLV2eGIXrUGZWQpyosSdYQrfEam70hocf/+ftK4mlY0VoBC8c89ntra/4ANFoATowprhRifESCFQgGeQR8vTzLxchQSaMLx/ScEikRELhYmXkaZIjP6x4UF5sLoEjs1LgyvLXl/MebMnolGsqa3310ilg+38Zh33TEC1+lfzL/IMdM1LRovAYXCSpgbz8ywoUPEeMp16evtTevxWDMeKigRwibPCuHZmzXzBVhZWgnGrSjbc/KUKhzOH2BInBMrbEn+NMPeXl4Ie3mWBKJyAubJSRPFzZGPlq9ECF2lGXLL4GZjq/OgsQL4oxMnjMey6FVY95k5nJ17CJCT/YDyLgDf6NhEfoADHN6ewt+YJYANPuszzs+MJlHK/B5KkXUxa9kI/f38sGXrd1i6LBpBgQG07eUJ6/D29kT64QwpVOa2kffeJRK0PAFKHtQRnvuYL6KibmdlP0548OUl9sx8BuAs0AOj7xPNnC3KpT2bEWEOeR98YJTYHi1pWQy5dTBKSkpxlvoM8PcjwHSYgMl5yfAdIC41NVfhRRAYO7XQ0KGEJ9aJJcROddqUyXDuyc61ATa2Ngjw7y/eYdSYcUcubjfkHQShnT9aD4YS/tiP7TviseLjD9oZ2jCaW7Y/GbzZkzPz8NBNGksGW62+qnULaHUkA23QugUYqJytsmVSQKuqMZIGkwUYyUS3KqbJAlpVjZE0mCzASCa6VTH/Bnoy/0KF7w+OAAAAAElFTkSuQmCC",
-   "matcherProtection" : 1,
-   "supportedExtensions" : [
+   "icon": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAAAXNSR0IArs4c6QAAAERlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAAAQKADAAQAAAABAAAAQAAAAABGUUKwAAAIQ0lEQVR4Ae1aCVSUVRT+kGVYBBQFBYzYFJFNLdPQVksz85QnszRNbaPNzDI0OaIH27VUUnOpzAqXMJNIszKTUEQWRXBnExRiUYEUBATs3lfzJw3LDP/MMOfMPI/M++97///uve+++9797jO7TgVGXLoYsexCdJMCTBZg5BowLQEjNwCYLMBkAUauAdMSMHIDgEVnKqC8/AKOZh2Do6MDAgMGwMbaWu/s6FUBTU1NyMnNQ8bRTPqfheI/SySBzc3N4devLwaGBGFgcBBcXJylNl1WzHQdDVbX1CDr2HEcJYEz6be6ukYteVxdewtFsEL6+vqgSxfduCudKaCgsBCbt27Dmexc8MzLKba2tggOCkDYszNgZmYm51Mq7+pGrTRMcXEJTp3Oli08c1xDVpR8KBW6gC50pgAVVRsoQWcKcHd3w4jht6N7924GKvo/bGl1F+C1fu78eWH+TdebcOeIUEyfOhkHk1OwJXY7OcBqg1OG1hRwICkZ38fF48LFS82EdHLqjkmPT8DihRF4b8nH4L3fkIrsJcCO6cuvYrD+i40qwrOgly5VYNWn65GUfAjhb7wGKysrQ5Jffji8a/ev2PfH/naF2rY9jma/HA+PG9tuX312kLUErly5grj4H9XmN3b7Dix4Kxz33n2H2u+czs5B9Mo1sLS01MlhSJYC0g5noL7+WjNh+NAydsxoMnVL/ETWcamiQmrPzy9AZWUV2C+oW/hY7KTDnUSWDygoKFSRY/pTk0kBo3D/yHvwyovPq7SXlpWr0Noi/PZ7gvAtDg4ObXXrcJssBdTV16sM7O7mJtFaDmhUE1HFxX/SqfGM9J6ykpySim82bRWPHjf1UZK1+itLAT1aMOWkg4ckBhMSVZ2ju5ur1M47yO5f9iAy6l18sHQ59tJsK0vigYNYu36DdPz18vJUNmn1V5YP4Bg+fufuZgz5+nhLzzY2NlKdKwED+qOJhN7xw04h2PETJ0V4rOz0VcwWnDh1WgQ8qWmHlWTxHBIcKD1rsyJLARy/e3t5Ii//rODJx9sLgwYGS/zdessgxGz+Fo2NjWL/f2LiBPxICtuzd5/U5/+VtPQj/yfB368fujk6qtC1QZC1BJiBZ5+eBtt/Z/qxRx9pxpODvT2G3z4UFhYWCHtuBi5fvgx2apqWUaNGavqK2v21ggcUFJ4Th6FpUyapDHzh4kXU1taK7W/l6nWoratT6dMWwfNmDyxa8FZbXWS1aUUB7XGQkZmF5dGr2+um0s7gx8KIufD0vFmlTVsE2UtAHUaCAwMI1vrPOarzDvcZN3aMToXnMfSiAMbzXnj+GXTrpr4jGzwoBOMffoh51GnRiwJYgh5OTpj35utqefOgwAGE/z2tdfyvJU3qxQfcOHAZHYU/Wb2WgJOiG8lSfXjoMMx4agrtHOYSTZcVvSuAham/dg2bt8Ti94RESTYbG2tMfXISQofdJtH0UekUBSgFY+g89rs4uLn1xrgHx8DevquySW+/naoAvUnZxkB6c4Jt8NCpTSYFdKr6DWDwDltAQ0Mjjh0/ifQjGWBsUFflfFERODTOyzsrDVFRUYnsnFzpuZ6AmRMnT3UIcu9QOMwBzocfrSDBq2FHGGBlVRVeCnuGQuEQiSltVDZs/AaHUtLg4XGTSLj08/XFrJkvIjX9MIGxu7BqxVKBKzAkn5uXT3HDPI2H7ZACNm2OFZcZoiLnw5ouNTDau/7zjVi29H1crb2KSpohOzs7nKVtjpnmCxDKwtgBzyBjCV272lGIfAWlZWXo5eKCMzk56EOQWq9eLigimCwh8QDmz52Dfn19UFpahrkRC8nqTig/JX7j4nciM+s4IubNaTZOs05tPGisAAY3+FbH1MmPC+H526PvH4mdu36mVHi2SITE0CHHxbkneJn8RRjA4kUR4ij8+YavxZLp2cNJoMVRkRHIzc8X0FcfyiU2NV0nwYso/J0vhOFLEympaXB3dxVKWfdpNCyIVkLK4JKSli4s4dWXw9BRzFBjH8D5PVbCjYENAx8c8FRV/SUY4z8L5ofjnagFQpB9dOLjmU88kIRIokdRmsy1d2/8smev6N/Q0IDXX3uF6Cy4o1jP/E1GlY9kZOLV2eGIXrUGZWQpyosSdYQrfEam70hocf/+ftK4mlY0VoBC8c89ntra/4ANFoATowprhRifESCFQgGeQR8vTzLxchQSaMLx/ScEikRELhYmXkaZIjP6x4UF5sLoEjs1LgyvLXl/MebMnolGsqa3310ilg+38Zh33TEC1+lfzL/IMdM1LRovAYXCSpgbz8ywoUPEeMp16evtTevxWDMeKigRwibPCuHZmzXzBVhZWgnGrSjbc/KUKhzOH2BInBMrbEn+NMPeXl4Ie3mWBKJyAubJSRPFzZGPlq9ECF2lGXLL4GZjq/OgsQL4oxMnjMey6FVY95k5nJ17CJCT/YDyLgDf6NhEfoADHN6ewt+YJYANPuszzs+MJlHK/B5KkXUxa9kI/f38sGXrd1i6LBpBgQG07eUJ6/D29kT64QwpVOa2kffeJRK0PAFKHtQRnvuYL6KibmdlP0548OUl9sx8BuAs0AOj7xPNnC3KpT2bEWEOeR98YJTYHi1pWQy5dTBKSkpxlvoM8PcjwHSYgMl5yfAdIC41NVfhRRAYO7XQ0KGEJ9aJJcROddqUyXDuyc61ATa2Ngjw7y/eYdSYcUcubjfkHQShnT9aD4YS/tiP7TviseLjD9oZ2jCaW7Y/GbzZkzPz8NBNGksGW62+qnULaHUkA23QugUYqJytsmVSQKuqMZIGkwUYyUS3KqbJAlpVjZE0mCzASCa6VTH/Bnoy/0KF7w+OAAAAAElFTkSuQmCC",
+   "matcherProtection": 1,
+   "supportedExtensions": [
       {
-         "id" : "hmac-secret",
-         "fail_if_unknown" : false
+         "id": "hmac-secret",
+         "fail_if_unknown": false
       },
       {
-         "id" : "credProtect",
-         "fail_if_unknown" : false
+         "id": "credProtect",
+         "fail_if_unknown": false
       }
    ],
-   "cryptoStrength" : 128,
-   "description" : "OpenSK authenticator",
-   "authenticatorVersion" : 1,
-   "isSecondFactorOnly" : false,
-   "userVerificationDetails" : [
+   "cryptoStrength": 128,
+   "description": "OpenSK authenticator",
+   "authenticatorVersion": 1,
+   "isSecondFactorOnly": false,
+   "userVerificationDetails": [
       [
          {
-            "userVerification" : 1
+            "userVerification": 1
          },
          {
-         	"userVerification" : 4
+            "userVerification": 4
          }
       ]
    ],
-   "attachmentHint" : 6,
-   "attestationTypes" : [
+   "attachmentHint": 6,
+   "attestationTypes": [
       15880
    ],
-   "authenticationAlgorithm" : 1,
-   "tcDisplay" : 0
+   "authenticationAlgorithm": 1,
+   "tcDisplay": 0
 }

From 29ee45de6cf809e1a78250476d914a5e34308163 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Tue, 24 Nov 2020 11:29:14 +0100
Subject: [PATCH 012/192] Do not crash in the driver for store errors

We prefer to return those errors to the fuzzer which can then decide whether
they are expected or not (e.g. when starting from a dirty storage, the store is
expected to have errors).
---
 libraries/persistent_store/src/driver.rs | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/libraries/persistent_store/src/driver.rs b/libraries/persistent_store/src/driver.rs
index 15001cb..e529274 100644
--- a/libraries/persistent_store/src/driver.rs
+++ b/libraries/persistent_store/src/driver.rs
@@ -181,6 +181,12 @@ pub enum StoreInvariant {
     },
 }
 
+impl From<StoreError> for StoreInvariant {
+    fn from(error: StoreError) -> StoreInvariant {
+        StoreInvariant::StoreError(error)
+    }
+}
+
 impl StoreDriver {
     /// Provides read-only access to the storage.
     pub fn storage(&self) -> &BufferStorage {
@@ -249,6 +255,10 @@ impl StoreDriverOff {
     }
 
     /// Powers on the store without interruption.
+    ///
+    /// # Panics
+    ///
+    /// Panics if the store cannot be powered on.
     pub fn power_on(self) -> Result<StoreDriverOn, StoreInvariant> {
         Ok(self
             .partial_power_on(StoreInterruption::none())
@@ -506,8 +516,8 @@ impl StoreDriverOn {
     /// Checks that the store and model are in sync.
     fn check_model(&self) -> Result<(), StoreInvariant> {
         let mut model_content = self.model.content().clone();
-        for handle in self.store.iter().unwrap() {
-            let handle = handle.unwrap();
+        for handle in self.store.iter()? {
+            let handle = handle?;
             let model_value = match model_content.remove(&handle.get_key()) {
                 None => {
                     return Err(StoreInvariant::OnlyInStore {
@@ -516,7 +526,7 @@ impl StoreDriverOn {
                 }
                 Some(x) => x,
             };
-            let store_value = handle.get_value(&self.store).unwrap().into_boxed_slice();
+            let store_value = handle.get_value(&self.store)?.into_boxed_slice();
             if store_value != model_value {
                 return Err(StoreInvariant::DifferentValue {
                     key: handle.get_key(),
@@ -528,7 +538,7 @@ impl StoreDriverOn {
         if let Some(&key) = model_content.keys().next() {
             return Err(StoreInvariant::OnlyInModel { key });
         }
-        let store_capacity = self.store.capacity().unwrap().remaining();
+        let store_capacity = self.store.capacity()?.remaining();
         let model_capacity = self.model.capacity().remaining();
         if store_capacity != model_capacity {
             return Err(StoreInvariant::DifferentCapacity {
@@ -544,8 +554,8 @@ impl StoreDriverOn {
         let format = self.model.format();
         let storage = self.store.storage();
         let num_words = format.page_size() / format.word_size();
-        let head = self.store.head().unwrap();
-        let tail = self.store.tail().unwrap();
+        let head = self.store.head()?;
+        let tail = self.store.tail()?;
         for page in 0..format.num_pages() {
             // Check the erase cycle of the page.
             let store_erase = head.cycle(format) + (page < head.page(format)) as Nat;

From 0b2ea7d98be2dabe7925ed8c98504631d261b09e Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 24 Nov 2020 15:14:03 +0100
Subject: [PATCH 013/192] makes HMAC secret output reproducible

---
 src/ctap/pin_protocol_v1.rs | 118 ++++++++++++++++++++++++++----------
 1 file changed, 85 insertions(+), 33 deletions(-)

diff --git a/src/ctap/pin_protocol_v1.rs b/src/ctap/pin_protocol_v1.rs
index c03b81b..564ca6d 100644
--- a/src/ctap/pin_protocol_v1.rs
+++ b/src/ctap/pin_protocol_v1.rs
@@ -19,7 +19,6 @@ use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
 #[cfg(feature = "with_ctap2_1")]
 use alloc::string::String;
-#[cfg(feature = "with_ctap2_1")]
 use alloc::vec;
 use alloc::vec::Vec;
 use arrayref::array_ref;
@@ -74,10 +73,9 @@ fn encrypt_hmac_secret_output(
     let mut cred_random_secret = [0u8; 32];
     cred_random_secret.copy_from_slice(cred_random);
 
-    // Initialization of 4 blocks in any case makes this function more readable.
-    let mut blocks = [[0u8; 16]; 4];
     // With the if clause restriction above, block_len can only be 2 or 4.
     let block_len = salt_enc.len() / 16;
+    let mut blocks = vec![[0u8; 16]; block_len];
     for i in 0..block_len {
         blocks[i].copy_from_slice(&salt_enc[16 * i..16 * (i + 1)]);
     }
@@ -85,8 +83,8 @@ fn encrypt_hmac_secret_output(
 
     let mut decrypted_salt1 = [0u8; 32];
     decrypted_salt1[..16].copy_from_slice(&blocks[0]);
-    let output1 = hmac_256::<Sha256>(&cred_random_secret, &decrypted_salt1[..]);
     decrypted_salt1[16..].copy_from_slice(&blocks[1]);
+    let output1 = hmac_256::<Sha256>(&cred_random_secret, &decrypted_salt1[..]);
     for i in 0..2 {
         blocks[i].copy_from_slice(&output1[16 * i..16 * (i + 1)]);
     }
@@ -638,36 +636,52 @@ impl PinProtocolV1 {
 #[cfg(test)]
 mod test {
     use super::*;
-    use arrayref::array_refs;
     use crypto::rng256::ThreadRng256;
 
     // Stores a PIN hash corresponding to the dummy PIN "1234".
     fn set_standard_pin(persistent_store: &mut PersistentStore) {
         let mut pin = [0u8; 64];
-        pin[0] = 0x31;
-        pin[1] = 0x32;
-        pin[2] = 0x33;
-        pin[3] = 0x34;
+        pin[..4].copy_from_slice(b"1234");
         let mut pin_hash = [0u8; 16];
         pin_hash.copy_from_slice(&Sha256::hash(&pin[..])[..16]);
         persistent_store.set_pin_hash(&pin_hash).unwrap();
     }
 
+    // Encrypts the message with a zero IV and key derived from shared_secret.
+    fn encrypt_message(shared_secret: &[u8; 32], message: &[u8]) -> Vec<u8> {
+        assert!(message.len() % 16 == 0);
+        let block_len = message.len() / 16;
+        let mut blocks = vec![[0u8; 16]; block_len];
+        for i in 0..block_len {
+            blocks[i][..].copy_from_slice(&message[i * 16..(i + 1) * 16]);
+        }
+        let aes_enc_key = crypto::aes256::EncryptionKey::new(shared_secret);
+        let iv = [0u8; 16];
+        cbc_encrypt(&aes_enc_key, iv, &mut blocks);
+        blocks.iter().flatten().cloned().collect::<Vec<u8>>()
+    }
+
+    // Decrypts the message with a zero IV and key derived from shared_secret.
+    fn decrypt_message(shared_secret: &[u8; 32], message: &[u8]) -> Vec<u8> {
+        assert!(message.len() % 16 == 0);
+        let block_len = message.len() / 16;
+        let mut blocks = vec![[0u8; 16]; block_len];
+        for i in 0..block_len {
+            blocks[i][..].copy_from_slice(&message[i * 16..(i + 1) * 16]);
+        }
+        let aes_enc_key = crypto::aes256::EncryptionKey::new(shared_secret);
+        let aes_dec_key = crypto::aes256::DecryptionKey::new(&aes_enc_key);
+        let iv = [0u8; 16];
+        cbc_decrypt(&aes_dec_key, iv, &mut blocks);
+        blocks.iter().flatten().cloned().collect::<Vec<u8>>()
+    }
+
     // Fails on PINs bigger than 64 bytes.
     fn encrypt_pin(shared_secret: &[u8; 32], pin: Vec<u8>) -> Vec<u8> {
         assert!(pin.len() <= 64);
         let mut padded_pin = [0u8; 64];
         padded_pin[..pin.len()].copy_from_slice(&pin[..]);
-        let aes_enc_key = crypto::aes256::EncryptionKey::new(shared_secret);
-        let mut blocks = [[0u8; 16]; 4];
-        let (b0, b1, b2, b3) = array_refs!(&padded_pin, 16, 16, 16, 16);
-        blocks[0][..].copy_from_slice(b0);
-        blocks[1][..].copy_from_slice(b1);
-        blocks[2][..].copy_from_slice(b2);
-        blocks[3][..].copy_from_slice(b3);
-        let iv = [0u8; 16];
-        cbc_encrypt(&aes_enc_key, iv, &mut blocks);
-        blocks.iter().flatten().cloned().collect::<Vec<u8>>()
+        encrypt_message(shared_secret, &padded_pin)
     }
 
     // Encrypts the dummy PIN "1234".
@@ -677,22 +691,10 @@ mod test {
 
     // Encrypts the PIN hash corresponding to the dummy PIN "1234".
     fn encrypt_standard_pin_hash(shared_secret: &[u8; 32]) -> Vec<u8> {
-        let aes_enc_key = crypto::aes256::EncryptionKey::new(shared_secret);
         let mut pin = [0u8; 64];
-        pin[0] = 0x31;
-        pin[1] = 0x32;
-        pin[2] = 0x33;
-        pin[3] = 0x34;
+        pin[..4].copy_from_slice(b"1234");
         let pin_hash = Sha256::hash(&pin);
-
-        let mut blocks = [[0u8; 16]; 1];
-        blocks[0].copy_from_slice(&pin_hash[..16]);
-        let iv = [0u8; 16];
-        cbc_encrypt(&aes_enc_key, iv, &mut blocks);
-
-        let mut encrypted_pin_hash = Vec::with_capacity(16);
-        encrypted_pin_hash.extend(&blocks[0]);
-        encrypted_pin_hash
+        encrypt_message(shared_secret, &pin_hash[..16])
     }
 
     #[test]
@@ -1184,6 +1186,56 @@ mod test {
             output,
             Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION)
         );
+
+        let mut salt_enc = [0x00; 32];
+        let cred_random = [0xC9; 32];
+
+        // Test values to check for reproducibility.
+        let salt1 = [0x01; 32];
+        let salt2 = [0x02; 32];
+        let expected_output1 = hmac_256::<Sha256>(&cred_random, &salt1);
+        let expected_output2 = hmac_256::<Sha256>(&cred_random, &salt2);
+
+        let salt_enc1 = encrypt_message(&shared_secret, &salt1);
+        salt_enc.copy_from_slice(salt_enc1.as_slice());
+        let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random).unwrap();
+        let output_dec = decrypt_message(&shared_secret, &output);
+        assert_eq!(&output_dec, &expected_output1);
+
+        let salt_enc2 = &encrypt_message(&shared_secret, &salt2);
+        salt_enc.copy_from_slice(salt_enc2.as_slice());
+        let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random).unwrap();
+        let output_dec = decrypt_message(&shared_secret, &output);
+        assert_eq!(&output_dec, &expected_output2);
+
+        let mut salt_enc = [0x00; 64];
+        let mut salt12 = [0x00; 64];
+        salt12[..32].copy_from_slice(&salt1);
+        salt12[32..].copy_from_slice(&salt2);
+        let salt_enc12 = encrypt_message(&shared_secret, &salt12);
+        salt_enc.copy_from_slice(salt_enc12.as_slice());
+        let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random).unwrap();
+        let output_dec = decrypt_message(&shared_secret, &output);
+        assert_eq!(&output_dec[..32], &expected_output1);
+        assert_eq!(&output_dec[32..], &expected_output2);
+
+        let mut salt_enc = [0x00; 64];
+        let mut salt02 = [0x00; 64];
+        salt02[32..].copy_from_slice(&salt2);
+        let salt_enc02 = encrypt_message(&shared_secret, &salt02);
+        salt_enc.copy_from_slice(salt_enc02.as_slice());
+        let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random).unwrap();
+        let output_dec = decrypt_message(&shared_secret, &output);
+        assert_eq!(&output_dec[32..], &expected_output2);
+
+        let mut salt_enc = [0x00; 64];
+        let mut salt10 = [0x00; 64];
+        salt10[..32].copy_from_slice(&salt1);
+        let salt_enc10 = encrypt_message(&shared_secret, &salt10);
+        salt_enc.copy_from_slice(salt_enc10.as_slice());
+        let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random).unwrap();
+        let output_dec = decrypt_message(&shared_secret, &output);
+        assert_eq!(&output_dec[..32], &expected_output1);
     }
 
     #[cfg(feature = "with_ctap2_1")]

From 65f4f2de25b813ccf07871c0e57d8c84db8fd3f9 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 24 Nov 2020 18:11:18 +0100
Subject: [PATCH 014/192] moves shared precheck into helper function

---
 src/ctap/mod.rs | 69 +++++++++++++++++++++----------------------------
 1 file changed, 29 insertions(+), 40 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index caea0a0..13fc951 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -344,6 +344,33 @@ where
         }
     }
 
+    fn pin_uv_auth_precheck(
+        &mut self,
+        pin_uv_auth_param: &Option<Vec<u8>>,
+        pin_uv_auth_protocol: Option<u64>,
+        cid: ChannelID,
+    ) -> Result<(), Ctap2StatusCode> {
+        if let Some(auth_param) = &pin_uv_auth_param {
+            // This case was added in FIDO 2.1.
+            if auth_param.is_empty() {
+                (self.check_user_presence)(cid)?;
+                if self.persistent_store.pin_hash()?.is_none() {
+                    return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
+                } else {
+                    return Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID);
+                }
+            }
+
+            match pin_uv_auth_protocol {
+                Some(CtapState::<R, CheckUserPresence>::PIN_PROTOCOL_VERSION) => Ok(()),
+                Some(_) => Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
+                None => Err(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER),
+            }
+        } else {
+            Ok(())
+        }
+    }
+
     fn process_make_credential(
         &mut self,
         make_credential_params: AuthenticatorMakeCredentialParameters,
@@ -361,26 +388,7 @@ where
             pin_uv_auth_protocol,
         } = make_credential_params;
 
-        if let Some(auth_param) = &pin_uv_auth_param {
-            // This case was added in FIDO 2.1.
-            if auth_param.is_empty() {
-                (self.check_user_presence)(cid)?;
-                if self.persistent_store.pin_hash()?.is_none() {
-                    return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
-                } else {
-                    return Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID);
-                }
-            }
-
-            match pin_uv_auth_protocol {
-                Some(protocol) => {
-                    if protocol != CtapState::<R, CheckUserPresence>::PIN_PROTOCOL_VERSION {
-                        return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
-                    }
-                }
-                None => return Err(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER),
-            }
-        }
+        self.pin_uv_auth_precheck(&pin_uv_auth_param, pin_uv_auth_protocol, cid)?;
 
         if !pub_key_cred_params.contains(&ES256_CRED_PARAM) {
             return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM);
@@ -564,26 +572,7 @@ where
             pin_uv_auth_protocol,
         } = get_assertion_params;
 
-        if let Some(auth_param) = &pin_uv_auth_param {
-            // This case was added in FIDO 2.1.
-            if auth_param.is_empty() {
-                (self.check_user_presence)(cid)?;
-                if self.persistent_store.pin_hash()?.is_none() {
-                    return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
-                } else {
-                    return Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID);
-                }
-            }
-
-            match pin_uv_auth_protocol {
-                Some(protocol) => {
-                    if protocol != CtapState::<R, CheckUserPresence>::PIN_PROTOCOL_VERSION {
-                        return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
-                    }
-                }
-                None => return Err(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER),
-            }
-        }
+        self.pin_uv_auth_precheck(&pin_uv_auth_param, pin_uv_auth_protocol, cid)?;
 
         let hmac_secret_input = extensions.map(|e| e.hmac_secret).flatten();
         if hmac_secret_input.is_some() && !options.up {

From 3dbfae972fa5721e12c48deea2c538136d8e5824 Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Wed, 25 Nov 2020 17:12:03 +0100
Subject: [PATCH 015/192] Always insert attestation material in the store

---
 src/ctap/key_material.rs |  7 +++--
 src/ctap/storage.rs      | 63 ++++++++++++++++------------------------
 2 files changed, 30 insertions(+), 40 deletions(-)

diff --git a/src/ctap/key_material.rs b/src/ctap/key_material.rs
index 1958040..f8a833f 100644
--- a/src/ctap/key_material.rs
+++ b/src/ctap/key_material.rs
@@ -12,10 +12,13 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-pub const AAGUID: &[u8; 16] = include_bytes!(concat!(env!("OUT_DIR"), "/opensk_aaguid.bin"));
+pub const ATTESTATION_PRIVATE_KEY_LENGTH: usize = 32;
+pub const AAGUID_LENGTH: usize = 16;
+
+pub const AAGUID: &[u8; AAGUID_LENGTH] = include_bytes!(concat!(env!("OUT_DIR"), "/opensk_aaguid.bin"));
 
 pub const ATTESTATION_CERTIFICATE: &[u8] =
     include_bytes!(concat!(env!("OUT_DIR"), "/opensk_cert.bin"));
 
-pub const ATTESTATION_PRIVATE_KEY: &[u8; 32] =
+pub const ATTESTATION_PRIVATE_KEY: &[u8; ATTESTATION_PRIVATE_KEY_LENGTH] =
     include_bytes!(concat!(env!("OUT_DIR"), "/opensk_pkey.bin"));
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 127dc23..5793e6c 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -15,9 +15,9 @@
 #[cfg(feature = "with_ctap2_1")]
 use crate::ctap::data_formats::{extract_array, extract_text_string};
 use crate::ctap::data_formats::{CredentialProtectionPolicy, PublicKeyCredentialSource};
+use crate::ctap::key_material;
 use crate::ctap::pin_protocol_v1::PIN_AUTH_LENGTH;
 use crate::ctap::status_code::Ctap2StatusCode;
-use crate::ctap::{key_material, USE_BATCH_ATTESTATION};
 use crate::embedded_flash::{self, StoreConfig, StoreEntry, StoreError};
 use alloc::string::String;
 #[cfg(any(test, feature = "ram_storage", feature = "with_ctap2_1"))]
@@ -76,8 +76,6 @@ const MIN_PIN_LENGTH_RP_IDS: usize = 9;
 const NUM_TAGS: usize = 10;
 
 const MAX_PIN_RETRIES: u8 = 8;
-const ATTESTATION_PRIVATE_KEY_LENGTH: usize = 32;
-const AAGUID_LENGTH: usize = 16;
 #[cfg(feature = "with_ctap2_1")]
 const DEFAULT_MIN_PIN_LENGTH: u8 = 4;
 // TODO(kaczmarczyck) use this for the minPinLength extension
@@ -231,17 +229,16 @@ impl PersistentStore {
                 })
                 .unwrap();
         }
-        // The following 3 entries are meant to be written by vendor-specific commands.
-        if USE_BATCH_ATTESTATION {
-            if self.store.find_one(&Key::AttestationPrivateKey).is_none() {
-                self.set_attestation_private_key(key_material::ATTESTATION_PRIVATE_KEY)
-                    .unwrap();
-            }
-            if self.store.find_one(&Key::AttestationCertificate).is_none() {
-                self.set_attestation_certificate(key_material::ATTESTATION_CERTIFICATE)
-                    .unwrap();
-            }
+        // The following 2 entries are meant to be written by vendor-specific commands.
+        if self.store.find_one(&Key::AttestationPrivateKey).is_none() {
+            self.set_attestation_private_key(key_material::ATTESTATION_PRIVATE_KEY)
+                .unwrap();
         }
+        if self.store.find_one(&Key::AttestationCertificate).is_none() {
+            self.set_attestation_certificate(key_material::ATTESTATION_CERTIFICATE)
+                .unwrap();
+        }
+
         if self.store.find_one(&Key::Aaguid).is_none() {
             self.set_aaguid(key_material::AAGUID).unwrap();
         }
@@ -525,20 +522,24 @@ impl PersistentStore {
 
     pub fn attestation_private_key(
         &self,
-    ) -> Result<Option<&[u8; ATTESTATION_PRIVATE_KEY_LENGTH]>, Ctap2StatusCode> {
+    ) -> Result<Option<&[u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH]>, Ctap2StatusCode> {
         let data = match self.store.find_one(&Key::AttestationPrivateKey) {
             None => return Ok(None),
             Some((_, entry)) => entry.data,
         };
-        if data.len() != ATTESTATION_PRIVATE_KEY_LENGTH {
+        if data.len() != key_material::ATTESTATION_PRIVATE_KEY_LENGTH {
             return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
         }
-        Ok(Some(array_ref!(data, 0, ATTESTATION_PRIVATE_KEY_LENGTH)))
+        Ok(Some(array_ref!(
+            data,
+            0,
+            key_material::ATTESTATION_PRIVATE_KEY_LENGTH
+        )))
     }
 
     pub fn set_attestation_private_key(
         &mut self,
-        attestation_private_key: &[u8; ATTESTATION_PRIVATE_KEY_LENGTH],
+        attestation_private_key: &[u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH],
     ) -> Result<(), Ctap2StatusCode> {
         let entry = StoreEntry {
             tag: ATTESTATION_PRIVATE_KEY,
@@ -576,19 +577,22 @@ impl PersistentStore {
         Ok(())
     }
 
-    pub fn aaguid(&self) -> Result<[u8; AAGUID_LENGTH], Ctap2StatusCode> {
+    pub fn aaguid(&self) -> Result<[u8; key_material::AAGUID_LENGTH], Ctap2StatusCode> {
         let (_, entry) = self
             .store
             .find_one(&Key::Aaguid)
             .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?;
         let data = entry.data;
-        if data.len() != AAGUID_LENGTH {
+        if data.len() != key_material::AAGUID_LENGTH {
             return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
         }
-        Ok(*array_ref![data, 0, AAGUID_LENGTH])
+        Ok(*array_ref![data, 0, key_material::AAGUID_LENGTH])
     }
 
-    pub fn set_aaguid(&mut self, aaguid: &[u8; AAGUID_LENGTH]) -> Result<(), Ctap2StatusCode> {
+    pub fn set_aaguid(
+        &mut self,
+        aaguid: &[u8; key_material::AAGUID_LENGTH],
+    ) -> Result<(), Ctap2StatusCode> {
         let entry = StoreEntry {
             tag: AAGUID,
             data: aaguid,
@@ -996,23 +1000,6 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
 
-        // Make sure the attestation are absent. There is no batch attestation in tests.
-        assert!(persistent_store
-            .attestation_private_key()
-            .unwrap()
-            .is_none());
-        assert!(persistent_store
-            .attestation_certificate()
-            .unwrap()
-            .is_none());
-
-        // Make sure the persistent keys are initialized.
-        persistent_store
-            .set_attestation_private_key(key_material::ATTESTATION_PRIVATE_KEY)
-            .unwrap();
-        persistent_store
-            .set_attestation_certificate(key_material::ATTESTATION_CERTIFICATE)
-            .unwrap();
         assert_eq!(&persistent_store.aaguid().unwrap(), key_material::AAGUID);
 
         // The persistent keys stay initialized and preserve their value after a reset.

From 026b4a66ac1d983c09d1bf9385adf52ad94411ba Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Wed, 25 Nov 2020 17:26:08 +0100
Subject: [PATCH 016/192] Fix CTAP2 batch attestation

---
 src/ctap/mod.rs | 36 +++++++++++++++++++-----------------
 1 file changed, 19 insertions(+), 17 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 13fc951..e92afb7 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -522,25 +522,27 @@ where
 
         let mut signature_data = auth_data.clone();
         signature_data.extend(client_data_hash);
-        // We currently use the presence of the attestation private key in the persistent storage to
-        // decide whether batch attestation is needed.
-        let (signature, x5c) = match self.persistent_store.attestation_private_key()? {
-            Some(attestation_private_key) => {
-                let attestation_key =
-                    crypto::ecdsa::SecKey::from_bytes(attestation_private_key).unwrap();
-                let attestation_certificate = self
-                    .persistent_store
-                    .attestation_certificate()?
-                    .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?;
-                (
-                    attestation_key.sign_rfc6979::<crypto::sha256::Sha256>(&signature_data),
-                    Some(vec![attestation_certificate]),
-                )
-            }
-            None => (
+
+        let (signature, x5c) = if USE_BATCH_ATTESTATION {
+            let attestation_private_key = self
+                .persistent_store
+                .attestation_private_key()?
+                .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?;
+            let attestation_key =
+                crypto::ecdsa::SecKey::from_bytes(attestation_private_key).unwrap();
+            let attestation_certificate = self
+                .persistent_store
+                .attestation_certificate()?
+                .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?;
+            (
+                attestation_key.sign_rfc6979::<crypto::sha256::Sha256>(&signature_data),
+                Some(vec![attestation_certificate]),
+            )
+        } else {
+            (
                 sk.sign_rfc6979::<crypto::sha256::Sha256>(&signature_data),
                 None,
-            ),
+            )
         };
         let attestation_statement = PackedAttestationStatement {
             alg: SignatureAlgorithm::ES256 as i64,

From 41f7cc7b141db809d146d522be142635447b8d52 Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Wed, 25 Nov 2020 17:31:05 +0100
Subject: [PATCH 017/192] CTAP1/U2F accesses attestation material through the
 store.

---
 src/ctap/ctap1.rs | 42 +++++++++++++++++++++++++++++++++---------
 1 file changed, 33 insertions(+), 9 deletions(-)

diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index a5a7921..9eb1186 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -13,7 +13,6 @@
 // limitations under the License.
 
 use super::hid::ChannelID;
-use super::key_material::{ATTESTATION_CERTIFICATE, ATTESTATION_PRIVATE_KEY};
 use super::status_code::Ctap2StatusCode;
 use super::CtapState;
 use alloc::vec::Vec;
@@ -295,14 +294,22 @@ impl Ctap1Command {
             return Err(Ctap1StatusCode::SW_VENDOR_KEY_HANDLE_TOO_LONG);
         }
 
-        let mut response =
-            Vec::with_capacity(105 + key_handle.len() + ATTESTATION_CERTIFICATE.len());
+        let certificate = match ctap_state.persistent_store.attestation_certificate() {
+            Ok(Some(value)) => value,
+            _ => return Err(Ctap1StatusCode::SW_INS_NOT_SUPPORTED),
+        };
+        let private_key = match ctap_state.persistent_store.attestation_private_key() {
+            Ok(Some(value)) => value,
+            _ => return Err(Ctap1StatusCode::SW_INS_NOT_SUPPORTED),
+        };
+
+        let mut response = Vec::with_capacity(105 + key_handle.len() + certificate.len());
         response.push(Ctap1Command::LEGACY_BYTE);
         let user_pk = pk.to_uncompressed();
         response.extend_from_slice(&user_pk);
         response.push(key_handle.len() as u8);
         response.extend(key_handle.clone());
-        response.extend_from_slice(&ATTESTATION_CERTIFICATE);
+        response.extend_from_slice(&certificate);
 
         // The first byte is reserved.
         let mut signature_data = Vec::with_capacity(66 + key_handle.len());
@@ -312,7 +319,7 @@ impl Ctap1Command {
         signature_data.extend(key_handle);
         signature_data.extend_from_slice(&user_pk);
 
-        let attestation_key = crypto::ecdsa::SecKey::from_bytes(ATTESTATION_PRIVATE_KEY).unwrap();
+        let attestation_key = crypto::ecdsa::SecKey::from_bytes(private_key).unwrap();
         let signature = attestation_key.sign_rfc6979::<crypto::sha256::Sha256>(&signature_data);
 
         response.extend(signature.to_asn1_der());
@@ -373,7 +380,7 @@ impl Ctap1Command {
 
 #[cfg(test)]
 mod test {
-    use super::super::{CREDENTIAL_ID_BASE_SIZE, USE_SIGNATURE_COUNTER};
+    use super::super::{key_material, CREDENTIAL_ID_BASE_SIZE, USE_SIGNATURE_COUNTER};
     use super::*;
     use crypto::rng256::ThreadRng256;
     use crypto::Hash256;
@@ -434,8 +441,25 @@ mod test {
         ctap_state.u2f_up_state.consume_up(START_CLOCK_VALUE);
         ctap_state.u2f_up_state.grant_up(START_CLOCK_VALUE);
         let response =
-            Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE).unwrap();
+            Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
+        // Certificate and private key are missing
+        assert_eq!(response, Err(Ctap1StatusCode::SW_INS_NOT_SUPPORTED));
 
+        let fake_key = [0x41u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH];
+        assert!(ctap_state.persistent_store.set_attestation_private_key(&fake_key).is_ok());
+        ctap_state.u2f_up_state.consume_up(START_CLOCK_VALUE);
+        ctap_state.u2f_up_state.grant_up(START_CLOCK_VALUE);
+        let response =
+            Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
+        // Certificate is still missing
+        assert_eq!(response, Err(Ctap1StatusCode::SW_INS_NOT_SUPPORTED));
+
+        let fake_cert = [0x99u8; 100]; // Arbitrary length
+        assert!(ctap_state.persistent_store.set_attestation_certificate(&fake_cert[..]).is_ok());
+        ctap_state.u2f_up_state.consume_up(START_CLOCK_VALUE);
+        ctap_state.u2f_up_state.grant_up(START_CLOCK_VALUE);
+        let response =
+            Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE).unwrap();
         assert_eq!(response[0], Ctap1Command::LEGACY_BYTE);
         assert_eq!(response[66], CREDENTIAL_ID_BASE_SIZE as u8);
         assert!(ctap_state
@@ -447,8 +471,8 @@ mod test {
             .is_some());
         const CERT_START: usize = 67 + CREDENTIAL_ID_BASE_SIZE;
         assert_eq!(
-            &response[CERT_START..CERT_START + ATTESTATION_CERTIFICATE.len()],
-            &ATTESTATION_CERTIFICATE[..]
+            &response[CERT_START..CERT_START + fake_cert.len()],
+            &fake_cert[..]
         );
     }
 

From f47e1e2a8663e60a3c9b61db246cebfeb193d8f5 Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Wed, 25 Nov 2020 17:44:19 +0100
Subject: [PATCH 018/192] Ensure store behaves as expected in prod

---
 src/ctap/storage.rs | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 5793e6c..da8828c 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -229,6 +229,18 @@ impl PersistentStore {
                 })
                 .unwrap();
         }
+        // TODO(jmichel): remove this when vendor command is in place
+        #[cfg(not(any(test, feature = "ram_storage")))]
+        self.load_attestation_from_firmware();
+
+        if self.store.find_one(&Key::Aaguid).is_none() {
+            self.set_aaguid(key_material::AAGUID).unwrap();
+        }
+    }
+
+    // TODO(jmichel): remove this function when vendor command is in place.
+    #[cfg(not(any(test, feature = "ram_storage")))]
+    fn load_attestation_from_firmware(&mut self) {
         // The following 2 entries are meant to be written by vendor-specific commands.
         if self.store.find_one(&Key::AttestationPrivateKey).is_none() {
             self.set_attestation_private_key(key_material::ATTESTATION_PRIVATE_KEY)
@@ -238,10 +250,6 @@ impl PersistentStore {
             self.set_attestation_certificate(key_material::ATTESTATION_CERTIFICATE)
                 .unwrap();
         }
-
-        if self.store.find_one(&Key::Aaguid).is_none() {
-            self.set_aaguid(key_material::AAGUID).unwrap();
-        }
     }
 
     pub fn find_credential(
@@ -1000,6 +1008,23 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
 
+        // Make sure the attestation are absent. There is no batch attestation in tests.
+        assert!(persistent_store
+            .attestation_private_key()
+            .unwrap()
+            .is_none());
+        assert!(persistent_store
+            .attestation_certificate()
+            .unwrap()
+            .is_none());
+
+        // Make sure the persistent keys are initialized.
+        persistent_store
+            .set_attestation_private_key(key_material::ATTESTATION_PRIVATE_KEY)
+            .unwrap();
+        persistent_store
+            .set_attestation_certificate(key_material::ATTESTATION_CERTIFICATE)
+            .unwrap();
         assert_eq!(&persistent_store.aaguid().unwrap(), key_material::AAGUID);
 
         // The persistent keys stay initialized and preserve their value after a reset.

From f2b3ca4029227e532eb88972c766fd8dc99aba5d Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Wed, 25 Nov 2020 17:44:52 +0100
Subject: [PATCH 019/192] Make private key sensitive and ensure attestation is
 OTP

---
 src/ctap/storage.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index da8828c..8e396b6 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -552,11 +552,11 @@ impl PersistentStore {
         let entry = StoreEntry {
             tag: ATTESTATION_PRIVATE_KEY,
             data: attestation_private_key,
-            sensitive: false,
+            sensitive: true,
         };
         match self.store.find_one(&Key::AttestationPrivateKey) {
             None => self.store.insert(entry)?,
-            Some((index, _)) => self.store.replace(index, entry)?,
+            _ => return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
         }
         Ok(())
     }
@@ -580,7 +580,7 @@ impl PersistentStore {
         };
         match self.store.find_one(&Key::AttestationCertificate) {
             None => self.store.insert(entry)?,
-            Some((index, _)) => self.store.replace(index, entry)?,
+            _ => return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
         }
         Ok(())
     }

From d491492554e5e86a40d1d71b524fec569144217f Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Wed, 25 Nov 2020 17:48:47 +0100
Subject: [PATCH 020/192] Format

---
 src/ctap/ctap1.rs        | 16 ++++++++++------
 src/ctap/key_material.rs |  3 ++-
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index 9eb1186..0fa4745 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -440,22 +440,26 @@ mod test {
         let message = create_register_message(&application);
         ctap_state.u2f_up_state.consume_up(START_CLOCK_VALUE);
         ctap_state.u2f_up_state.grant_up(START_CLOCK_VALUE);
-        let response =
-            Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
+        let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
         // Certificate and private key are missing
         assert_eq!(response, Err(Ctap1StatusCode::SW_INS_NOT_SUPPORTED));
 
         let fake_key = [0x41u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH];
-        assert!(ctap_state.persistent_store.set_attestation_private_key(&fake_key).is_ok());
+        assert!(ctap_state
+            .persistent_store
+            .set_attestation_private_key(&fake_key)
+            .is_ok());
         ctap_state.u2f_up_state.consume_up(START_CLOCK_VALUE);
         ctap_state.u2f_up_state.grant_up(START_CLOCK_VALUE);
-        let response =
-            Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
+        let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
         // Certificate is still missing
         assert_eq!(response, Err(Ctap1StatusCode::SW_INS_NOT_SUPPORTED));
 
         let fake_cert = [0x99u8; 100]; // Arbitrary length
-        assert!(ctap_state.persistent_store.set_attestation_certificate(&fake_cert[..]).is_ok());
+        assert!(ctap_state
+            .persistent_store
+            .set_attestation_certificate(&fake_cert[..])
+            .is_ok());
         ctap_state.u2f_up_state.consume_up(START_CLOCK_VALUE);
         ctap_state.u2f_up_state.grant_up(START_CLOCK_VALUE);
         let response =
diff --git a/src/ctap/key_material.rs b/src/ctap/key_material.rs
index f8a833f..2563798 100644
--- a/src/ctap/key_material.rs
+++ b/src/ctap/key_material.rs
@@ -15,7 +15,8 @@
 pub const ATTESTATION_PRIVATE_KEY_LENGTH: usize = 32;
 pub const AAGUID_LENGTH: usize = 16;
 
-pub const AAGUID: &[u8; AAGUID_LENGTH] = include_bytes!(concat!(env!("OUT_DIR"), "/opensk_aaguid.bin"));
+pub const AAGUID: &[u8; AAGUID_LENGTH] =
+    include_bytes!(concat!(env!("OUT_DIR"), "/opensk_aaguid.bin"));
 
 pub const ATTESTATION_CERTIFICATE: &[u8] =
     include_bytes!(concat!(env!("OUT_DIR"), "/opensk_cert.bin"));

From 3ae59ce1ecfdfaa7a2e84f86d0c8050d2b1e08e5 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Thu, 17 Sep 2020 09:23:17 +0200
Subject: [PATCH 021/192] GetNextAssertion command minimal implementation

This still lacks order of credentials and timeouts.
---
 src/ctap/command.rs      |   2 +-
 src/ctap/data_formats.rs |   6 +-
 src/ctap/mod.rs          | 168 +++++++++++++++++++++++++--------------
 3 files changed, 112 insertions(+), 64 deletions(-)

diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index 5c58234..1b4b96a 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -57,8 +57,8 @@ impl Command {
     const AUTHENTICATOR_GET_INFO: u8 = 0x04;
     const AUTHENTICATOR_CLIENT_PIN: u8 = 0x06;
     const AUTHENTICATOR_RESET: u8 = 0x07;
-    // TODO(kaczmarczyck) use or remove those constants
     const AUTHENTICATOR_GET_NEXT_ASSERTION: u8 = 0x08;
+    // TODO(kaczmarczyck) use or remove those constants
     const AUTHENTICATOR_BIO_ENROLLMENT: u8 = 0x09;
     const AUTHENTICATOR_CREDENTIAL_MANAGEMENT: u8 = 0xA0;
     const AUTHENTICATOR_SELECTION: u8 = 0xB0;
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index 45ebf9f..35d5bcf 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -308,7 +308,8 @@ impl TryFrom<cbor::Value> for GetAssertionExtensions {
     }
 }
 
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Clone, Debug, PartialEq))]
+#[derive(Clone)]
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
 pub struct GetAssertionHmacSecretInput {
     pub key_agreement: CoseKey,
     pub salt_enc: Vec<u8>,
@@ -603,7 +604,8 @@ impl PublicKeyCredentialSource {
 // TODO(kaczmarczyck) we could decide to split this data type up
 // It depends on the algorithm though, I think.
 // So before creating a mess, this is my workaround.
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Clone, Debug, PartialEq))]
+#[derive(Clone)]
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
 pub struct CoseKey(pub BTreeMap<cbor::KeyType, cbor::Value>);
 
 // This is the algorithm specifier that is supposed to be used in a COSE key
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 13fc951..f037655 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -33,9 +33,9 @@ use self::command::{
 #[cfg(feature = "with_ctap2_1")]
 use self::data_formats::AuthenticatorTransport;
 use self::data_formats::{
-    CredentialProtectionPolicy, PackedAttestationStatement, PublicKeyCredentialDescriptor,
-    PublicKeyCredentialParameter, PublicKeyCredentialSource, PublicKeyCredentialType,
-    PublicKeyCredentialUserEntity, SignatureAlgorithm,
+    CredentialProtectionPolicy, GetAssertionHmacSecretInput, PackedAttestationStatement,
+    PublicKeyCredentialDescriptor, PublicKeyCredentialParameter, PublicKeyCredentialSource,
+    PublicKeyCredentialType, PublicKeyCredentialUserEntity, SignatureAlgorithm,
 };
 use self::hid::ChannelID;
 #[cfg(feature = "with_ctap2_1")]
@@ -133,6 +133,14 @@ fn truncate_to_char_boundary(s: &str, mut max: usize) -> &str {
     }
 }
 
+#[derive(Clone)]
+struct AssertionInput {
+    client_data_hash: Vec<u8>,
+    auth_data: Vec<u8>,
+    uv: bool,
+    hmac_secret_input: Option<GetAssertionHmacSecretInput>,
+}
+
 // This struct currently holds all state, not only the persistent memory. The persistent members are
 // in the persistent store field.
 pub struct CtapState<'a, R: Rng256, CheckUserPresence: Fn(ChannelID) -> Result<(), Ctap2StatusCode>>
@@ -147,6 +155,8 @@ pub struct CtapState<'a, R: Rng256, CheckUserPresence: Fn(ChannelID) -> Result<(
     accepts_reset: bool,
     #[cfg(feature = "with_ctap1")]
     pub u2f_up_state: U2fUserPresenceState,
+    next_credentials: Vec<PublicKeyCredentialSource>,
+    next_assertion_input: Option<AssertionInput>,
 }
 
 impl<'a, R, CheckUserPresence> CtapState<'a, R, CheckUserPresence>
@@ -173,6 +183,8 @@ where
                 U2F_UP_PROMPT_TIMEOUT,
                 Duration::from_ms(TOUCH_TIMEOUT_MS),
             ),
+            next_credentials: vec![],
+            next_assertion_input: None,
         }
     }
 
@@ -314,13 +326,13 @@ where
                     Command::AuthenticatorGetAssertion(params) => {
                         self.process_get_assertion(params, cid)
                     }
+                    Command::AuthenticatorGetNextAssertion => self.process_get_next_assertion(),
                     Command::AuthenticatorGetInfo => self.process_get_info(),
                     Command::AuthenticatorClientPin(params) => self.process_client_pin(params),
                     Command::AuthenticatorReset => self.process_reset(cid),
                     #[cfg(feature = "with_ctap2_1")]
                     Command::AuthenticatorSelection => self.process_selection(cid),
-                    // TODO(kaczmarczyck) implement GetNextAssertion and FIDO 2.1 commands
-                    _ => self.process_unknown_command(),
+                    // TODO(kaczmarczyck) implement FIDO 2.1 commands
                 };
                 #[cfg(feature = "debug_ctap")]
                 writeln!(&mut Console::new(), "Sending response: {:#?}", response).unwrap();
@@ -557,6 +569,63 @@ where
         ))
     }
 
+    fn assertion_response(
+        &self,
+        credential: &PublicKeyCredentialSource,
+        assertion_input: AssertionInput,
+    ) -> Result<ResponseData, Ctap2StatusCode> {
+        let AssertionInput {
+            client_data_hash,
+            mut auth_data,
+            uv,
+            hmac_secret_input,
+        } = assertion_input;
+
+        // Process extensions.
+        if let Some(hmac_secret_input) = hmac_secret_input {
+            let encrypted_output = self
+                .pin_protocol_v1
+                .process_hmac_secret(hmac_secret_input, &credential.cred_random)?;
+            let extensions_output = cbor_map! {
+                "hmac-secret" => encrypted_output,
+            };
+            if !cbor::write(extensions_output, &mut auth_data) {
+                return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_RESPONSE_CANNOT_WRITE_CBOR);
+            }
+        }
+
+        let mut signature_data = auth_data.clone();
+        signature_data.extend(client_data_hash);
+        let signature = credential
+            .private_key
+            .sign_rfc6979::<crypto::sha256::Sha256>(&signature_data);
+
+        let cred_desc = PublicKeyCredentialDescriptor {
+            key_type: PublicKeyCredentialType::PublicKey,
+            key_id: credential.credential_id.clone(),
+            transports: None, // You can set USB as a hint here.
+        };
+        let user = if uv && !credential.user_handle.is_empty() {
+            Some(PublicKeyCredentialUserEntity {
+                user_id: credential.user_handle.clone(),
+                user_name: None,
+                user_display_name: credential.other_ui.clone(),
+                user_icon: None,
+            })
+        } else {
+            None
+        };
+        Ok(ResponseData::AuthenticatorGetAssertion(
+            AuthenticatorGetAssertionResponse {
+                credential: Some(cred_desc),
+                auth_data,
+                signature: signature.to_asn1_der(),
+                user,
+                number_of_credentials: None,
+            },
+        ))
+    }
+
     fn process_get_assertion(
         &mut self,
         get_assertion_params: AuthenticatorGetAssertionParameters,
@@ -643,17 +712,19 @@ where
             }
             found_credentials
         } else {
-            // TODO(kaczmarczyck) use GetNextAssertion
             self.persistent_store.filter_credential(&rp_id, !has_uv)?
         };
 
-        let credential = if let Some(credential) = credentials.first() {
-            credential
-        } else {
-            decrypted_credential
-                .as_ref()
-                .ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)?
-        };
+        let credential =
+            if let Some((credential, remaining_credentials)) = credentials.split_first() {
+                // TODO(kaczmarczyck) correct credential order
+                self.next_credentials = remaining_credentials.to_vec();
+                credential
+            } else {
+                decrypted_credential
+                    .as_ref()
+                    .ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)?
+            };
 
         if options.up {
             (self.check_user_presence)(cid)?;
@@ -661,50 +732,30 @@ where
 
         self.increment_global_signature_counter()?;
 
-        let mut auth_data = self.generate_auth_data(&rp_id_hash, flags)?;
-        // Process extensions.
-        if let Some(hmac_secret_input) = hmac_secret_input {
-            let encrypted_output = self
-                .pin_protocol_v1
-                .process_hmac_secret(hmac_secret_input, &credential.cred_random)?;
-            let extensions_output = cbor_map! {
-                "hmac-secret" => encrypted_output,
-            };
-            if !cbor::write(extensions_output, &mut auth_data) {
-                return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_RESPONSE_CANNOT_WRITE_CBOR);
-            }
+        let assertion_input = AssertionInput {
+            client_data_hash,
+            auth_data: self.generate_auth_data(&rp_id_hash, flags)?,
+            uv: flags & UV_FLAG != 0,
+            hmac_secret_input,
+        };
+        if !self.next_credentials.is_empty() {
+            self.next_assertion_input = Some(assertion_input.clone());
         }
+        self.assertion_response(credential, assertion_input)
+    }
 
-        let mut signature_data = auth_data.clone();
-        signature_data.extend(client_data_hash);
-        let signature = credential
-            .private_key
-            .sign_rfc6979::<crypto::sha256::Sha256>(&signature_data);
-
-        let cred_desc = PublicKeyCredentialDescriptor {
-            key_type: PublicKeyCredentialType::PublicKey,
-            key_id: credential.credential_id.clone(),
-            transports: None, // You can set USB as a hint here.
-        };
-        let user = if (flags & UV_FLAG != 0) && !credential.user_handle.is_empty() {
-            Some(PublicKeyCredentialUserEntity {
-                user_id: credential.user_handle.clone(),
-                user_name: None,
-                user_display_name: credential.other_ui.clone(),
-                user_icon: None,
-            })
+    fn process_get_next_assertion(&mut self) -> Result<ResponseData, Ctap2StatusCode> {
+        // TODO(kaczmarczyck) introduce timer
+        let assertion_input = self
+            .next_assertion_input
+            .clone()
+            .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
+        if let Some(credential) = self.next_credentials.pop() {
+            self.assertion_response(&credential, assertion_input)
         } else {
-            None
-        };
-        Ok(ResponseData::AuthenticatorGetAssertion(
-            AuthenticatorGetAssertionResponse {
-                credential: Some(cred_desc),
-                auth_data,
-                signature: signature.to_asn1_der(),
-                user,
-                number_of_credentials: None,
-            },
-        ))
+            self.next_assertion_input = None;
+            Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+        }
     }
 
     fn process_get_info(&self) -> Result<ResponseData, Ctap2StatusCode> {
@@ -786,10 +837,6 @@ where
         Ok(ResponseData::AuthenticatorSelection)
     }
 
-    fn process_unknown_command(&self) -> Result<ResponseData, Ctap2StatusCode> {
-        Err(Ctap2StatusCode::CTAP1_ERR_INVALID_COMMAND)
-    }
-
     pub fn generate_auth_data(
         &self,
         rp_id_hash: &[u8],
@@ -813,9 +860,8 @@ where
 #[cfg(test)]
 mod test {
     use super::data_formats::{
-        CoseKey, GetAssertionExtensions, GetAssertionHmacSecretInput, GetAssertionOptions,
-        MakeCredentialExtensions, MakeCredentialOptions, PublicKeyCredentialRpEntity,
-        PublicKeyCredentialUserEntity,
+        CoseKey, GetAssertionExtensions, GetAssertionOptions, MakeCredentialExtensions,
+        MakeCredentialOptions, PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity,
     };
     use super::*;
     use crypto::rng256::ThreadRng256;

From af4eef808519b10055a92cce3aa8a97960df3d2a Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 17 Nov 2020 16:57:03 +0100
Subject: [PATCH 022/192] adds credential ordering

---
 src/ctap/data_formats.rs |  7 +++++++
 src/ctap/mod.rs          | 11 +++++++++--
 src/ctap/storage.rs      | 25 +++++++++++++++++++++++++
 3 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index 35d5bcf..fa747bc 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -500,6 +500,7 @@ pub struct PublicKeyCredentialSource {
     pub other_ui: Option<String>,
     pub cred_random: Option<Vec<u8>>,
     pub cred_protect_policy: Option<CredentialProtectionPolicy>,
+    pub creation_order: u64,
 }
 
 // We serialize credentials for the persistent storage using CBOR maps. Each field of a credential
@@ -512,6 +513,7 @@ enum PublicKeyCredentialSourceField {
     OtherUi = 4,
     CredRandom = 5,
     CredProtectPolicy = 6,
+    CreationOrder = 7,
     // When a field is removed, its tag should be reserved and not used for new fields. We document
     // those reserved tags below.
     // Reserved tags: none.
@@ -535,6 +537,7 @@ impl From<PublicKeyCredentialSource> for cbor::Value {
             PublicKeyCredentialSourceField::OtherUi => credential.other_ui,
             PublicKeyCredentialSourceField::CredRandom => credential.cred_random,
             PublicKeyCredentialSourceField::CredProtectPolicy => credential.cred_protect_policy,
+            PublicKeyCredentialSourceField::CreationOrder => credential.creation_order,
         }
     }
 }
@@ -552,6 +555,7 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialSource {
                 PublicKeyCredentialSourceField::OtherUi => other_ui,
                 PublicKeyCredentialSourceField::CredRandom => cred_random,
                 PublicKeyCredentialSourceField::CredProtectPolicy => cred_protect_policy,
+                PublicKeyCredentialSourceField::CreationOrder => creation_order,
             } = extract_map(cbor_value)?;
         }
 
@@ -569,6 +573,7 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialSource {
         let cred_protect_policy = cred_protect_policy
             .map(CredentialProtectionPolicy::try_from)
             .transpose()?;
+        let creation_order = creation_order.map(extract_unsigned).unwrap_or(Ok(0))?;
         // We don't return whether there were unknown fields in the CBOR value. This means that
         // deserialization is not injective. In particular deserialization is only an inverse of
         // serialization at a given version of OpenSK. This is not a problem because:
@@ -588,6 +593,7 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialSource {
             other_ui,
             cred_random,
             cred_protect_policy,
+            creation_order,
         })
     }
 }
@@ -1357,6 +1363,7 @@ mod test {
             other_ui: None,
             cred_random: None,
             cred_protect_policy: None,
+            creation_order: 0,
         };
 
         assert_eq!(
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index f037655..331ccc1 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -155,6 +155,7 @@ pub struct CtapState<'a, R: Rng256, CheckUserPresence: Fn(ChannelID) -> Result<(
     accepts_reset: bool,
     #[cfg(feature = "with_ctap1")]
     pub u2f_up_state: U2fUserPresenceState,
+    // Sorted by ascending order of creation, so the last element is the most recent one.
     next_credentials: Vec<PublicKeyCredentialSource>,
     next_assertion_input: Option<AssertionInput>,
 }
@@ -302,6 +303,7 @@ where
             other_ui: None,
             cred_random,
             cred_protect_policy: None,
+            creation_order: 0,
         }))
     }
 
@@ -424,7 +426,6 @@ where
         } else {
             None
         };
-        // TODO(kaczmarczyck) unsolicited output for default credProtect level
         let has_extension_output = use_hmac_extension || cred_protect_policy.is_some();
 
         let rp_id = rp.rp_id;
@@ -501,6 +502,7 @@ where
                     .map(|s| truncate_to_char_boundary(&s, 64).to_string()),
                 cred_random: cred_random.map(|c| c.to_vec()),
                 cred_protect_policy,
+                creation_order: self.persistent_store.new_creation_order()?,
             };
             self.persistent_store.store_credential(credential_source)?;
             random_id
@@ -717,8 +719,9 @@ where
 
         let credential =
             if let Some((credential, remaining_credentials)) = credentials.split_first() {
-                // TODO(kaczmarczyck) correct credential order
                 self.next_credentials = remaining_credentials.to_vec();
+                self.next_credentials
+                    .sort_unstable_by_key(|c| c.creation_order);
                 credential
             } else {
                 decrypted_credential
@@ -1091,6 +1094,7 @@ mod test {
             other_ui: None,
             cred_random: None,
             cred_protect_policy: None,
+            creation_order: 0,
         };
         assert!(ctap_state
             .persistent_store
@@ -1457,6 +1461,7 @@ mod test {
             cred_protect_policy: Some(
                 CredentialProtectionPolicy::UserVerificationOptionalWithCredentialIdList,
             ),
+            creation_order: 0,
         };
         assert!(ctap_state
             .persistent_store
@@ -1507,6 +1512,7 @@ mod test {
             other_ui: None,
             cred_random: None,
             cred_protect_policy: Some(CredentialProtectionPolicy::UserVerificationRequired),
+            creation_order: 0,
         };
         assert!(ctap_state
             .persistent_store
@@ -1550,6 +1556,7 @@ mod test {
             other_ui: None,
             cred_random: None,
             cred_protect_policy: None,
+            creation_order: 0,
         };
         assert!(ctap_state
             .persistent_store
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 127dc23..6e4506a 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -337,6 +337,26 @@ impl PersistentStore {
             .count())
     }
 
+    pub fn new_creation_order(&self) -> Result<u64, Ctap2StatusCode> {
+        Ok(self
+            .store
+            .find_all(&Key::Credential {
+                rp_id: None,
+                credential_id: None,
+                user_handle: None,
+            })
+            .filter_map(|(_, entry)| {
+                debug_assert_eq!(entry.tag, TAG_CREDENTIAL);
+                let credential = deserialize_credential(entry.data);
+                debug_assert!(credential.is_some());
+                credential
+            })
+            .map(|c| c.creation_order)
+            .max()
+            .unwrap_or(0)
+            + 1)
+    }
+
     pub fn global_signature_counter(&self) -> Result<u32, Ctap2StatusCode> {
         Ok(self
             .store
@@ -690,6 +710,7 @@ mod test {
             other_ui: None,
             cred_random: None,
             cred_protect_policy: None,
+            creation_order: 0,
         }
     }
 
@@ -853,6 +874,7 @@ mod test {
             cred_protect_policy: Some(
                 CredentialProtectionPolicy::UserVerificationOptionalWithCredentialIdList,
             ),
+            creation_order: 0,
         };
         assert!(persistent_store.store_credential(credential).is_ok());
 
@@ -894,6 +916,7 @@ mod test {
             other_ui: None,
             cred_random: None,
             cred_protect_policy: None,
+            creation_order: 0,
         };
         assert_eq!(found_credential, Some(expected_credential));
     }
@@ -913,6 +936,7 @@ mod test {
             other_ui: None,
             cred_random: None,
             cred_protect_policy: Some(CredentialProtectionPolicy::UserVerificationRequired),
+            creation_order: 0,
         };
         assert!(persistent_store.store_credential(credential).is_ok());
 
@@ -1090,6 +1114,7 @@ mod test {
             other_ui: None,
             cred_random: None,
             cred_protect_policy: None,
+            creation_order: 0,
         };
         let serialized = serialize_credential(credential.clone()).unwrap();
         let reconstructed = deserialize_credential(&serialized).unwrap();

From 5ff381678251473c0417b77f4b9a657d95d870a4 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Mon, 23 Nov 2020 17:33:20 +0100
Subject: [PATCH 023/192] sets the correct user and number of credentials

---
 src/ctap/mod.rs | 209 +++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 162 insertions(+), 47 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 331ccc1..1f91f4f 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -137,7 +137,6 @@ fn truncate_to_char_boundary(s: &str, mut max: usize) -> &str {
 struct AssertionInput {
     client_data_hash: Vec<u8>,
     auth_data: Vec<u8>,
-    uv: bool,
     hmac_secret_input: Option<GetAssertionHmacSecretInput>,
 }
 
@@ -571,15 +570,17 @@ where
         ))
     }
 
+    // Processes the input of a get_assertion operation for a given credential
+    // and returns the correct Get(Next)Assertion response.
     fn assertion_response(
         &self,
         credential: &PublicKeyCredentialSource,
         assertion_input: AssertionInput,
+        number_of_credentials: Option<usize>,
     ) -> Result<ResponseData, Ctap2StatusCode> {
         let AssertionInput {
             client_data_hash,
             mut auth_data,
-            uv,
             hmac_secret_input,
         } = assertion_input;
 
@@ -607,7 +608,7 @@ where
             key_id: credential.credential_id.clone(),
             transports: None, // You can set USB as a hint here.
         };
-        let user = if uv && !credential.user_handle.is_empty() {
+        let user = if !credential.user_handle.is_empty() {
             Some(PublicKeyCredentialUserEntity {
                 user_id: credential.user_handle.clone(),
                 user_name: None,
@@ -623,11 +624,37 @@ where
                 auth_data,
                 signature: signature.to_asn1_der(),
                 user,
-                number_of_credentials: None,
+                number_of_credentials: number_of_credentials.map(|n| n as u64),
             },
         ))
     }
 
+    // Returns the first applicable credential from the allow list.
+    fn get_any_credential_from_allow_list(
+        &mut self,
+        allow_list: Vec<PublicKeyCredentialDescriptor>,
+        rp_id: &str,
+        rp_id_hash: &[u8],
+        has_uv: bool,
+    ) -> Result<Option<PublicKeyCredentialSource>, Ctap2StatusCode> {
+        for allowed_credential in allow_list {
+            let credential = self.persistent_store.find_credential(
+                rp_id,
+                &allowed_credential.key_id,
+                !has_uv,
+            )?;
+            if credential.is_some() {
+                return Ok(credential);
+            }
+            let credential =
+                self.decrypt_credential_source(allowed_credential.key_id, &rp_id_hash)?;
+            if credential.is_some() {
+                return Ok(credential);
+            }
+        }
+        Ok(None)
+    }
+
     fn process_get_assertion(
         &mut self,
         get_assertion_params: AuthenticatorGetAssertionParameters,
@@ -690,44 +717,29 @@ where
         }
 
         let rp_id_hash = Sha256::hash(rp_id.as_bytes());
-        let mut decrypted_credential = None;
-        let credentials = if let Some(allow_list) = allow_list {
-            let mut found_credentials = vec![];
-            for allowed_credential in allow_list {
-                match self.persistent_store.find_credential(
-                    &rp_id,
-                    &allowed_credential.key_id,
-                    !has_uv,
-                )? {
-                    Some(credential) => {
-                        found_credentials.push(credential);
-                    }
-                    None => {
-                        if decrypted_credential.is_none() {
-                            decrypted_credential = self.decrypt_credential_source(
-                                allowed_credential.key_id,
-                                &rp_id_hash,
-                            )?;
-                        }
-                    }
-                }
+        let mut credentials = if let Some(allow_list) = allow_list {
+            if let Some(credential) =
+                self.get_any_credential_from_allow_list(allow_list, &rp_id, &rp_id_hash, has_uv)?
+            {
+                vec![credential]
+            } else {
+                vec![]
             }
-            found_credentials
         } else {
             self.persistent_store.filter_credential(&rp_id, !has_uv)?
         };
+        // Remove user identifiable information without uv.
+        if !has_uv {
+            for credential in &mut credentials {
+                credential.other_ui = None;
+            }
+        }
+        credentials.sort_unstable_by_key(|c| c.creation_order);
 
-        let credential =
-            if let Some((credential, remaining_credentials)) = credentials.split_first() {
-                self.next_credentials = remaining_credentials.to_vec();
-                self.next_credentials
-                    .sort_unstable_by_key(|c| c.creation_order);
-                credential
-            } else {
-                decrypted_credential
-                    .as_ref()
-                    .ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)?
-            };
+        let (credential, remaining_credentials) = credentials
+            .split_last()
+            .ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)?;
+        self.next_credentials = remaining_credentials.to_vec();
 
         if options.up {
             (self.check_user_presence)(cid)?;
@@ -738,13 +750,16 @@ where
         let assertion_input = AssertionInput {
             client_data_hash,
             auth_data: self.generate_auth_data(&rp_id_hash, flags)?,
-            uv: flags & UV_FLAG != 0,
             hmac_secret_input,
         };
-        if !self.next_credentials.is_empty() {
+        let number_of_credentials = if self.next_credentials.is_empty() {
+            self.next_assertion_input = None;
+            None
+        } else {
             self.next_assertion_input = Some(assertion_input.clone());
-        }
-        self.assertion_response(credential, assertion_input)
+            Some(self.next_credentials.len() + 1)
+        };
+        self.assertion_response(credential, assertion_input, number_of_credentials)
     }
 
     fn process_get_next_assertion(&mut self) -> Result<ResponseData, Ctap2StatusCode> {
@@ -753,12 +768,14 @@ where
             .next_assertion_input
             .clone()
             .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
-        if let Some(credential) = self.next_credentials.pop() {
-            self.assertion_response(&credential, assertion_input)
-        } else {
+        let credential = self
+            .next_credentials
+            .pop()
+            .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
+        if self.next_credentials.is_empty() {
             self.next_assertion_input = None;
-            Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
-        }
+        };
+        self.assertion_response(&credential, assertion_input, None)
     }
 
     fn process_get_info(&self) -> Result<ResponseData, Ctap2StatusCode> {
@@ -1318,7 +1335,13 @@ mod test {
                     0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x00, 0x00, 0x00, 0x00, 0x01,
                 ];
                 assert_eq!(auth_data, expected_auth_data);
-                assert!(user.is_none());
+                let expected_user = PublicKeyCredentialUserEntity {
+                    user_id: vec![0xFA, 0xB1, 0xA2],
+                    user_name: None,
+                    user_display_name: None,
+                    user_icon: None,
+                };
+                assert_eq!(user, Some(expected_user));
                 assert!(number_of_credentials.is_none());
             }
             _ => panic!("Invalid response type"),
@@ -1539,6 +1562,98 @@ mod test {
         );
     }
 
+    #[test]
+    fn test_process_get_next_assertion() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+
+        let mut make_credential_params = create_minimal_make_credential_parameters();
+        make_credential_params.user.user_id = vec![0x01];
+        assert!(ctap_state
+            .process_make_credential(make_credential_params, DUMMY_CHANNEL_ID)
+            .is_ok());
+        let mut make_credential_params = create_minimal_make_credential_parameters();
+        make_credential_params.user.user_id = vec![0x02];
+        assert!(ctap_state
+            .process_make_credential(make_credential_params, DUMMY_CHANNEL_ID)
+            .is_ok());
+
+        let get_assertion_params = AuthenticatorGetAssertionParameters {
+            rp_id: String::from("example.com"),
+            client_data_hash: vec![0xCD],
+            allow_list: None,
+            extensions: None,
+            options: GetAssertionOptions {
+                up: false,
+                uv: false,
+            },
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let get_assertion_response =
+            ctap_state.process_get_assertion(get_assertion_params, DUMMY_CHANNEL_ID);
+
+        match get_assertion_response.unwrap() {
+            ResponseData::AuthenticatorGetAssertion(get_assertion_response) => {
+                let AuthenticatorGetAssertionResponse {
+                    auth_data,
+                    user,
+                    number_of_credentials,
+                    ..
+                } = get_assertion_response;
+                let expected_auth_data = vec![
+                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
+                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
+                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x00, 0x00, 0x00, 0x00, 0x01,
+                ];
+                assert_eq!(auth_data, expected_auth_data);
+                let expected_user = PublicKeyCredentialUserEntity {
+                    user_id: vec![0x02],
+                    user_name: None,
+                    user_display_name: None,
+                    user_icon: None,
+                };
+                assert_eq!(user, Some(expected_user));
+                assert_eq!(number_of_credentials, Some(2));
+            }
+            _ => panic!("Invalid response type"),
+        }
+
+        let get_assertion_response = ctap_state.process_get_next_assertion();
+        match get_assertion_response.unwrap() {
+            ResponseData::AuthenticatorGetAssertion(get_assertion_response) => {
+                let AuthenticatorGetAssertionResponse {
+                    auth_data,
+                    user,
+                    number_of_credentials,
+                    ..
+                } = get_assertion_response;
+                let expected_auth_data = vec![
+                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
+                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
+                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x00, 0x00, 0x00, 0x00, 0x01,
+                ];
+                assert_eq!(auth_data, expected_auth_data);
+                let expected_user = PublicKeyCredentialUserEntity {
+                    user_id: vec![0x01],
+                    user_name: None,
+                    user_display_name: None,
+                    user_icon: None,
+                };
+                assert_eq!(user, Some(expected_user));
+                assert!(number_of_credentials.is_none());
+            }
+            _ => panic!("Invalid response type"),
+        }
+
+        let get_assertion_response = ctap_state.process_get_next_assertion();
+        assert_eq!(
+            get_assertion_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+        );
+    }
+
     #[test]
     fn test_process_reset() {
         let mut rng = ThreadRng256 {};

From ffe19e152b4bc334a188f7e35fcaf1bf51853ca2 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 24 Nov 2020 17:17:18 +0100
Subject: [PATCH 024/192] moves UP check in GetAssertion before NO_CREDENTIALS

---
 src/ctap/mod.rs | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 1f91f4f..98058ce 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -736,15 +736,17 @@ where
         }
         credentials.sort_unstable_by_key(|c| c.creation_order);
 
+        // This check comes before CTAP2_ERR_NO_CREDENTIALS in CTAP 2.0.
+        // For CTAP 2.1, it was moved to a later protocol step.
+        if options.up {
+            (self.check_user_presence)(cid)?;
+        }
+
         let (credential, remaining_credentials) = credentials
             .split_last()
             .ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)?;
         self.next_credentials = remaining_credentials.to_vec();
 
-        if options.up {
-            (self.check_user_presence)(cid)?;
-        }
-
         self.increment_global_signature_counter()?;
 
         let assertion_input = AssertionInput {

From ed59ebac0dd3dc5f44057e11c3b8a106d20a46e7 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Thu, 26 Nov 2020 14:40:02 +0100
Subject: [PATCH 025/192] command timeout for GetNextAssertion

---
 fuzz/fuzz_helper/src/lib.rs |   4 +-
 src/ctap/ctap1.rs           |  26 +-
 src/ctap/hid/mod.rs         |  11 +-
 src/ctap/mod.rs             | 490 ++++++++++++++++++++++++------------
 src/ctap/storage.rs         |  15 ++
 src/main.rs                 |  11 +-
 6 files changed, 373 insertions(+), 184 deletions(-)

diff --git a/fuzz/fuzz_helper/src/lib.rs b/fuzz/fuzz_helper/src/lib.rs
index a6dc1a7..1553f65 100644
--- a/fuzz/fuzz_helper/src/lib.rs
+++ b/fuzz/fuzz_helper/src/lib.rs
@@ -147,7 +147,7 @@ fn process_message<CheckUserPresence>(
 pub fn process_ctap_any_type(data: &[u8]) {
     // Initialize ctap state and hid and get the allocated cid.
     let mut rng = ThreadRng256 {};
-    let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+    let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
     let mut ctap_hid = CtapHid::new();
     let cid = initialize(&mut ctap_state, &mut ctap_hid);
     // Wrap input as message with the allocated cid.
@@ -165,7 +165,7 @@ pub fn process_ctap_specific_type(data: &[u8], input_type: InputType) {
     }
     // Initialize ctap state and hid and get the allocated cid.
     let mut rng = ThreadRng256 {};
-    let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+    let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
     let mut ctap_hid = CtapHid::new();
     let cid = initialize(&mut ctap_state, &mut ctap_hid);
     // Wrap input as message with allocated cid and command type.
diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index a5a7921..f299926 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -427,7 +427,7 @@ mod test {
     fn test_process_register() {
         let mut rng = ThreadRng256 {};
         let dummy_user_presence = |_| panic!("Unexpected user presence check in CTAP1");
-        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence);
+        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence, START_CLOCK_VALUE);
 
         let application = [0x0A; 32];
         let message = create_register_message(&application);
@@ -456,7 +456,7 @@ mod test {
     fn test_process_register_bad_message() {
         let mut rng = ThreadRng256 {};
         let dummy_user_presence = |_| panic!("Unexpected user presence check in CTAP1");
-        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence);
+        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence, START_CLOCK_VALUE);
 
         let application = [0x0A; 32];
         let message = create_register_message(&application);
@@ -476,7 +476,7 @@ mod test {
 
         let mut rng = ThreadRng256 {};
         let dummy_user_presence = |_| panic!("Unexpected user presence check in CTAP1");
-        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence);
+        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence, START_CLOCK_VALUE);
 
         ctap_state.u2f_up_state.consume_up(START_CLOCK_VALUE);
         ctap_state.u2f_up_state.grant_up(START_CLOCK_VALUE);
@@ -490,7 +490,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let dummy_user_presence = |_| panic!("Unexpected user presence check in CTAP1");
         let sk = crypto::ecdsa::SecKey::gensk(&mut rng);
-        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence);
+        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence, START_CLOCK_VALUE);
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
@@ -508,7 +508,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let dummy_user_presence = |_| panic!("Unexpected user presence check in CTAP1");
         let sk = crypto::ecdsa::SecKey::gensk(&mut rng);
-        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence);
+        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence, START_CLOCK_VALUE);
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
@@ -527,7 +527,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let dummy_user_presence = |_| panic!("Unexpected user presence check in CTAP1");
         let sk = crypto::ecdsa::SecKey::gensk(&mut rng);
-        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence);
+        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence, START_CLOCK_VALUE);
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
@@ -553,7 +553,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let dummy_user_presence = |_| panic!("Unexpected user presence check in CTAP1");
         let sk = crypto::ecdsa::SecKey::gensk(&mut rng);
-        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence);
+        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence, START_CLOCK_VALUE);
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
@@ -573,7 +573,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let dummy_user_presence = |_| panic!("Unexpected user presence check in CTAP1");
         let sk = crypto::ecdsa::SecKey::gensk(&mut rng);
-        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence);
+        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence, START_CLOCK_VALUE);
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
@@ -593,7 +593,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let dummy_user_presence = |_| panic!("Unexpected user presence check in CTAP1");
         let sk = crypto::ecdsa::SecKey::gensk(&mut rng);
-        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence);
+        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence, START_CLOCK_VALUE);
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
@@ -613,7 +613,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let dummy_user_presence = |_| panic!("Unexpected user presence check in CTAP1");
         let sk = crypto::ecdsa::SecKey::gensk(&mut rng);
-        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence);
+        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence, START_CLOCK_VALUE);
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
@@ -640,7 +640,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let dummy_user_presence = |_| panic!("Unexpected user presence check in CTAP1");
         let sk = crypto::ecdsa::SecKey::gensk(&mut rng);
-        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence);
+        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence, START_CLOCK_VALUE);
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
@@ -672,7 +672,7 @@ mod test {
 
         let mut rng = ThreadRng256 {};
         let dummy_user_presence = |_| panic!("Unexpected user presence check in CTAP1");
-        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence);
+        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence, START_CLOCK_VALUE);
 
         ctap_state.u2f_up_state.consume_up(START_CLOCK_VALUE);
         ctap_state.u2f_up_state.grant_up(START_CLOCK_VALUE);
@@ -689,7 +689,7 @@ mod test {
 
         let mut rng = ThreadRng256 {};
         let dummy_user_presence = |_| panic!("Unexpected user presence check in CTAP1");
-        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence);
+        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence, START_CLOCK_VALUE);
 
         ctap_state.u2f_up_state.consume_up(START_CLOCK_VALUE);
         ctap_state.u2f_up_state.grant_up(START_CLOCK_VALUE);
diff --git a/src/ctap/hid/mod.rs b/src/ctap/hid/mod.rs
index a6a18f7..3874792 100644
--- a/src/ctap/hid/mod.rs
+++ b/src/ctap/hid/mod.rs
@@ -200,7 +200,8 @@ impl CtapHid {
                         // Each transaction is atomic, so we process the command directly here and
                         // don't handle any other packet in the meantime.
                         // TODO: Send keep-alive packets in the meantime.
-                        let response = ctap_state.process_command(&message.payload, cid);
+                        let response =
+                            ctap_state.process_command(&message.payload, cid, clock_value);
                         if let Some(iterator) = CtapHid::split_message(Message {
                             cid,
                             cmd: CtapHid::COMMAND_CBOR,
@@ -520,7 +521,7 @@ mod test {
     fn test_spurious_continuation_packet() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
         let mut ctap_hid = CtapHid::new();
 
         let mut packet = [0x00; 64];
@@ -541,7 +542,7 @@ mod test {
     fn test_command_init() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
         let mut ctap_hid = CtapHid::new();
 
         let reply = process_messages(
@@ -586,7 +587,7 @@ mod test {
     fn test_command_init_for_sync() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
         let mut ctap_hid = CtapHid::new();
         let cid = cid_from_init(&mut ctap_hid, &mut ctap_state);
 
@@ -646,7 +647,7 @@ mod test {
     fn test_command_ping() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
         let mut ctap_hid = CtapHid::new();
         let cid = cid_from_init(&mut ctap_hid, &mut ctap_state);
 
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 98058ce..4675350 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -47,6 +47,7 @@ use self::response::{
 };
 use self::status_code::Ctap2StatusCode;
 use self::storage::PersistentStore;
+use self::timed_permission::TimedPermission;
 #[cfg(feature = "with_ctap1")]
 use self::timed_permission::U2fUserPresenceState;
 use alloc::collections::BTreeMap;
@@ -65,7 +66,7 @@ use crypto::sha256::Sha256;
 use crypto::Hash256;
 #[cfg(feature = "debug_ctap")]
 use libtock_drivers::console::Console;
-use libtock_drivers::timer::{Duration, Timestamp};
+use libtock_drivers::timer::{ClockValue, Duration};
 
 // This flag enables or disables basic attestation for FIDO2. U2F is unaffected by
 // this setting. The basic attestation uses the signing key from key_material.rs
@@ -99,7 +100,8 @@ const ED_FLAG: u8 = 0x80;
 pub const TOUCH_TIMEOUT_MS: isize = 30000;
 #[cfg(feature = "with_ctap1")]
 const U2F_UP_PROMPT_TIMEOUT: Duration<isize> = Duration::from_ms(10000);
-const RESET_TIMEOUT_MS: isize = 10000;
+const RESET_TIMEOUT_DURATION: Duration<isize> = Duration::from_ms(10000);
+const STATEFUL_COMMAND_TIMEOUT_DURATION: Duration<isize> = Duration::from_ms(30000);
 
 pub const FIDO2_VERSION_STRING: &str = "FIDO_2_0";
 #[cfg(feature = "with_ctap1")]
@@ -140,6 +142,17 @@ struct AssertionInput {
     hmac_secret_input: Option<GetAssertionHmacSecretInput>,
 }
 
+struct AssertionState {
+    assertion_input: AssertionInput,
+    // Sorted by ascending order of creation, so the last element is the most recent one.
+    next_credentials: Vec<PublicKeyCredentialSource>,
+}
+
+enum StatefulCommand {
+    Reset,
+    GetAssertion(AssertionState),
+}
+
 // This struct currently holds all state, not only the persistent memory. The persistent members are
 // in the persistent store field.
 pub struct CtapState<'a, R: Rng256, CheckUserPresence: Fn(ChannelID) -> Result<(), Ctap2StatusCode>>
@@ -150,13 +163,11 @@ pub struct CtapState<'a, R: Rng256, CheckUserPresence: Fn(ChannelID) -> Result<(
     check_user_presence: CheckUserPresence,
     persistent_store: PersistentStore,
     pin_protocol_v1: PinProtocolV1,
-    // This variable will be irreversibly set to false RESET_TIMEOUT_MS milliseconds after boot.
-    accepts_reset: bool,
     #[cfg(feature = "with_ctap1")]
     pub u2f_up_state: U2fUserPresenceState,
-    // Sorted by ascending order of creation, so the last element is the most recent one.
-    next_credentials: Vec<PublicKeyCredentialSource>,
-    next_assertion_input: Option<AssertionInput>,
+    // The state initializes to Reset and its timeout, and never goes back to Reset.
+    stateful_command_permission: TimedPermission,
+    stateful_command_type: Option<StatefulCommand>,
 }
 
 impl<'a, R, CheckUserPresence> CtapState<'a, R, CheckUserPresence>
@@ -169,6 +180,7 @@ where
     pub fn new(
         rng: &'a mut R,
         check_user_presence: CheckUserPresence,
+        now: ClockValue,
     ) -> CtapState<'a, R, CheckUserPresence> {
         let persistent_store = PersistentStore::new(rng);
         let pin_protocol_v1 = PinProtocolV1::new(rng);
@@ -177,20 +189,26 @@ where
             check_user_presence,
             persistent_store,
             pin_protocol_v1,
-            accepts_reset: true,
             #[cfg(feature = "with_ctap1")]
             u2f_up_state: U2fUserPresenceState::new(
                 U2F_UP_PROMPT_TIMEOUT,
                 Duration::from_ms(TOUCH_TIMEOUT_MS),
             ),
-            next_credentials: vec![],
-            next_assertion_input: None,
+            stateful_command_permission: TimedPermission::granted(now, RESET_TIMEOUT_DURATION),
+            stateful_command_type: Some(StatefulCommand::Reset),
         }
     }
 
-    pub fn check_disable_reset(&mut self, timestamp: Timestamp<isize>) {
-        if timestamp - Timestamp::<isize>::from_ms(0) > Duration::from_ms(RESET_TIMEOUT_MS) {
-            self.accepts_reset = false;
+    pub fn update_command_permission(&mut self, now: ClockValue) {
+        self.stateful_command_permission = self.stateful_command_permission.check_expiration(now);
+    }
+
+    fn check_command_permission(&mut self, now: ClockValue) -> Result<(), Ctap2StatusCode> {
+        self.stateful_command_permission = self.stateful_command_permission.check_expiration(now);
+        if self.stateful_command_permission.is_granted(now) {
+            Ok(())
+        } else {
+            Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
         }
     }
 
@@ -306,7 +324,12 @@ where
         }))
     }
 
-    pub fn process_command(&mut self, command_cbor: &[u8], cid: ChannelID) -> Vec<u8> {
+    pub fn process_command(
+        &mut self,
+        command_cbor: &[u8],
+        cid: ChannelID,
+        now: ClockValue,
+    ) -> Vec<u8> {
         let cmd = Command::deserialize(command_cbor);
         #[cfg(feature = "debug_ctap")]
         writeln!(&mut Console::new(), "Received command: {:#?}", cmd).unwrap();
@@ -320,17 +343,32 @@ where
                         Duration::from_ms(TOUCH_TIMEOUT_MS),
                     );
                 }
+                match (&command, &self.stateful_command_type) {
+                    (
+                        Command::AuthenticatorGetNextAssertion,
+                        Some(StatefulCommand::GetAssertion(_)),
+                    ) => (),
+                    (Command::AuthenticatorReset, Some(StatefulCommand::Reset)) => (),
+                    // GetInfo does not reset stateful commands.
+                    (Command::AuthenticatorGetInfo, _) => (),
+                    // AuthenticatorSelection does not reset stateful commands.
+                    #[cfg(feature = "with_ctap2_1")]
+                    (Command::AuthenticatorSelection, _) => (),
+                    (_, _) => {
+                        self.stateful_command_type = None;
+                    }
+                }
                 let response = match command {
                     Command::AuthenticatorMakeCredential(params) => {
                         self.process_make_credential(params, cid)
                     }
                     Command::AuthenticatorGetAssertion(params) => {
-                        self.process_get_assertion(params, cid)
+                        self.process_get_assertion(params, cid, now)
                     }
-                    Command::AuthenticatorGetNextAssertion => self.process_get_next_assertion(),
+                    Command::AuthenticatorGetNextAssertion => self.process_get_next_assertion(now),
                     Command::AuthenticatorGetInfo => self.process_get_info(),
                     Command::AuthenticatorClientPin(params) => self.process_client_pin(params),
-                    Command::AuthenticatorReset => self.process_reset(cid),
+                    Command::AuthenticatorReset => self.process_reset(cid, now),
                     #[cfg(feature = "with_ctap2_1")]
                     Command::AuthenticatorSelection => self.process_selection(cid),
                     // TODO(kaczmarczyck) implement FIDO 2.1 commands
@@ -659,6 +697,7 @@ where
         &mut self,
         get_assertion_params: AuthenticatorGetAssertionParameters,
         cid: ChannelID,
+        now: ClockValue,
     ) -> Result<ResponseData, Ctap2StatusCode> {
         let AuthenticatorGetAssertionParameters {
             rp_id,
@@ -745,7 +784,6 @@ where
         let (credential, remaining_credentials) = credentials
             .split_last()
             .ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)?;
-        self.next_credentials = remaining_credentials.to_vec();
 
         self.increment_global_signature_counter()?;
 
@@ -754,29 +792,37 @@ where
             auth_data: self.generate_auth_data(&rp_id_hash, flags)?,
             hmac_secret_input,
         };
-        let number_of_credentials = if self.next_credentials.is_empty() {
-            self.next_assertion_input = None;
+        let number_of_credentials = if remaining_credentials.is_empty() {
             None
         } else {
-            self.next_assertion_input = Some(assertion_input.clone());
-            Some(self.next_credentials.len() + 1)
+            self.stateful_command_permission =
+                TimedPermission::granted(now, STATEFUL_COMMAND_TIMEOUT_DURATION);
+            self.stateful_command_type = Some(StatefulCommand::GetAssertion(AssertionState {
+                assertion_input: assertion_input.clone(),
+                next_credentials: remaining_credentials.to_vec(),
+            }));
+            Some(remaining_credentials.len() + 1)
         };
         self.assertion_response(credential, assertion_input, number_of_credentials)
     }
 
-    fn process_get_next_assertion(&mut self) -> Result<ResponseData, Ctap2StatusCode> {
-        // TODO(kaczmarczyck) introduce timer
-        let assertion_input = self
-            .next_assertion_input
-            .clone()
-            .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
-        let credential = self
-            .next_credentials
-            .pop()
-            .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
-        if self.next_credentials.is_empty() {
-            self.next_assertion_input = None;
-        };
+    fn process_get_next_assertion(
+        &mut self,
+        now: ClockValue,
+    ) -> Result<ResponseData, Ctap2StatusCode> {
+        self.check_command_permission(now)?;
+        let (assertion_input, credential) =
+            if let Some(StatefulCommand::GetAssertion(assertion_state)) =
+                &mut self.stateful_command_type
+            {
+                let credential = assertion_state
+                    .next_credentials
+                    .pop()
+                    .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
+                (assertion_state.assertion_input.clone(), credential)
+            } else {
+                return Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED);
+            };
         self.assertion_response(&credential, assertion_input, None)
     }
 
@@ -834,10 +880,17 @@ where
         )
     }
 
-    fn process_reset(&mut self, cid: ChannelID) -> Result<ResponseData, Ctap2StatusCode> {
+    fn process_reset(
+        &mut self,
+        cid: ChannelID,
+        now: ClockValue,
+    ) -> Result<ResponseData, Ctap2StatusCode> {
         // Resets are only possible in the first 10 seconds after booting.
-        if !self.accepts_reset {
-            return Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED);
+        // TODO(kaczmarczyck) 2.1 allows Reset after Reset and 15 seconds?
+        self.check_command_permission(now)?;
+        match &self.stateful_command_type {
+            Some(StatefulCommand::Reset) => (),
+            _ => return Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED),
         }
         (self.check_user_presence)(cid)?;
 
@@ -886,8 +939,11 @@ mod test {
         MakeCredentialOptions, PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity,
     };
     use super::*;
+    use cbor::cbor_array;
     use crypto::rng256::ThreadRng256;
 
+    const CLOCK_FREQUENCY_HZ: usize = 32768;
+    const DUMMY_CLOCK_VALUE: ClockValue = ClockValue::new(0, CLOCK_FREQUENCY_HZ);
     // The keep-alive logic in the processing of some commands needs a channel ID to send
     // keep-alive packets to.
     // In tests where we define a dummy user-presence check that immediately returns, the channel
@@ -898,8 +954,8 @@ mod test {
     fn test_get_info() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
-        let info_reponse = ctap_state.process_command(&[0x04], DUMMY_CHANNEL_ID);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+        let info_reponse = ctap_state.process_command(&[0x04], DUMMY_CHANNEL_ID, DUMMY_CLOCK_VALUE);
 
         #[cfg(feature = "with_ctap2_1")]
         let mut expected_response = vec![0x00, 0xAA, 0x01];
@@ -955,7 +1011,7 @@ mod test {
             rp_icon: None,
         };
         let user = PublicKeyCredentialUserEntity {
-            user_id: vec![0xFA, 0xB1, 0xA2],
+            user_id: vec![0x1D],
             user_name: None,
             user_display_name: None,
             user_icon: None,
@@ -1008,7 +1064,7 @@ mod test {
     fn test_residential_process_make_credential() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         let make_credential_params = create_minimal_make_credential_parameters();
         let make_credential_response =
@@ -1044,7 +1100,7 @@ mod test {
     fn test_non_residential_process_make_credential() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.options.rk = false;
@@ -1081,7 +1137,7 @@ mod test {
     fn test_process_make_credential_unsupported_algorithm() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.pub_key_cred_params = vec![];
@@ -1099,7 +1155,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let excluded_private_key = crypto::ecdsa::SecKey::gensk(&mut rng);
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         let excluded_credential_id = vec![0x01, 0x23, 0x45, 0x67];
         let make_credential_params =
@@ -1132,7 +1188,7 @@ mod test {
     fn test_process_make_credential_credential_with_cred_protect() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         let test_policy = CredentialProtectionPolicy::UserVerificationOptionalWithCredentialIdList;
         let make_credential_params =
@@ -1186,7 +1242,7 @@ mod test {
     fn test_process_make_credential_hmac_secret() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         let extensions = Some(MakeCredentialExtensions {
             hmac_secret: true,
@@ -1236,7 +1292,7 @@ mod test {
     fn test_process_make_credential_hmac_secret_resident_key() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         let extensions = Some(MakeCredentialExtensions {
             hmac_secret: true,
@@ -1285,7 +1341,8 @@ mod test {
     fn test_process_make_credential_cancelled() {
         let mut rng = ThreadRng256 {};
         let user_presence_always_cancel = |_| Err(Ctap2StatusCode::CTAP2_ERR_KEEPALIVE_CANCEL);
-        let mut ctap_state = CtapState::new(&mut rng, user_presence_always_cancel);
+        let mut ctap_state =
+            CtapState::new(&mut rng, user_presence_always_cancel, DUMMY_CLOCK_VALUE);
 
         let make_credential_params = create_minimal_make_credential_parameters();
         let make_credential_response =
@@ -1297,11 +1354,43 @@ mod test {
         );
     }
 
+    fn check_assertion_response(
+        response: Result<ResponseData, Ctap2StatusCode>,
+        expected_user_id: Vec<u8>,
+        expected_number_of_credentials: Option<u64>,
+    ) {
+        match response.unwrap() {
+            ResponseData::AuthenticatorGetAssertion(get_assertion_response) => {
+                let AuthenticatorGetAssertionResponse {
+                    auth_data,
+                    user,
+                    number_of_credentials,
+                    ..
+                } = get_assertion_response;
+                let expected_auth_data = vec![
+                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
+                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
+                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x00, 0x00, 0x00, 0x00, 0x01,
+                ];
+                assert_eq!(auth_data, expected_auth_data);
+                let expected_user = PublicKeyCredentialUserEntity {
+                    user_id: expected_user_id,
+                    user_name: None,
+                    user_display_name: None,
+                    user_icon: None,
+                };
+                assert_eq!(user, Some(expected_user));
+                assert_eq!(number_of_credentials, expected_number_of_credentials);
+            }
+            _ => panic!("Invalid response type"),
+        }
+    }
+
     #[test]
     fn test_residential_process_get_assertion() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         let make_credential_params = create_minimal_make_credential_parameters();
         assert!(ctap_state
@@ -1320,34 +1409,12 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let get_assertion_response =
-            ctap_state.process_get_assertion(get_assertion_params, DUMMY_CHANNEL_ID);
-
-        match get_assertion_response.unwrap() {
-            ResponseData::AuthenticatorGetAssertion(get_assertion_response) => {
-                let AuthenticatorGetAssertionResponse {
-                    auth_data,
-                    user,
-                    number_of_credentials,
-                    ..
-                } = get_assertion_response;
-                let expected_auth_data = vec![
-                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
-                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
-                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x00, 0x00, 0x00, 0x00, 0x01,
-                ];
-                assert_eq!(auth_data, expected_auth_data);
-                let expected_user = PublicKeyCredentialUserEntity {
-                    user_id: vec![0xFA, 0xB1, 0xA2],
-                    user_name: None,
-                    user_display_name: None,
-                    user_icon: None,
-                };
-                assert_eq!(user, Some(expected_user));
-                assert!(number_of_credentials.is_none());
-            }
-            _ => panic!("Invalid response type"),
-        }
+        let get_assertion_response = ctap_state.process_get_assertion(
+            get_assertion_params,
+            DUMMY_CHANNEL_ID,
+            DUMMY_CLOCK_VALUE,
+        );
+        check_assertion_response(get_assertion_response, vec![0x1D], None);
     }
 
     #[test]
@@ -1355,7 +1422,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let sk = crypto::ecdh::SecKey::gensk(&mut rng);
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         let make_extensions = Some(MakeCredentialExtensions {
             hmac_secret: true,
@@ -1405,8 +1472,11 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let get_assertion_response =
-            ctap_state.process_get_assertion(get_assertion_params, DUMMY_CHANNEL_ID);
+        let get_assertion_response = ctap_state.process_get_assertion(
+            get_assertion_params,
+            DUMMY_CHANNEL_ID,
+            DUMMY_CLOCK_VALUE,
+        );
 
         assert_eq!(
             get_assertion_response,
@@ -1419,7 +1489,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let sk = crypto::ecdh::SecKey::gensk(&mut rng);
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         let make_extensions = Some(MakeCredentialExtensions {
             hmac_secret: true,
@@ -1453,8 +1523,11 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let get_assertion_response =
-            ctap_state.process_get_assertion(get_assertion_params, DUMMY_CHANNEL_ID);
+        let get_assertion_response = ctap_state.process_get_assertion(
+            get_assertion_params,
+            DUMMY_CHANNEL_ID,
+            DUMMY_CLOCK_VALUE,
+        );
 
         assert_eq!(
             get_assertion_response,
@@ -1468,7 +1541,7 @@ mod test {
         let private_key = crypto::ecdsa::SecKey::gensk(&mut rng);
         let credential_id = rng.gen_uniform_u8x32().to_vec();
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         let cred_desc = PublicKeyCredentialDescriptor {
             key_type: PublicKeyCredentialType::PublicKey,
@@ -1480,7 +1553,7 @@ mod test {
             credential_id: credential_id.clone(),
             private_key: private_key.clone(),
             rp_id: String::from("example.com"),
-            user_handle: vec![0x00],
+            user_handle: vec![0x1D],
             other_ui: None,
             cred_random: None,
             cred_protect_policy: Some(
@@ -1505,8 +1578,11 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let get_assertion_response =
-            ctap_state.process_get_assertion(get_assertion_params, DUMMY_CHANNEL_ID);
+        let get_assertion_response = ctap_state.process_get_assertion(
+            get_assertion_params,
+            DUMMY_CHANNEL_ID,
+            DUMMY_CLOCK_VALUE,
+        );
         assert_eq!(
             get_assertion_response,
             Err(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS),
@@ -1524,16 +1600,19 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let get_assertion_response =
-            ctap_state.process_get_assertion(get_assertion_params, DUMMY_CHANNEL_ID);
-        assert!(get_assertion_response.is_ok());
+        let get_assertion_response = ctap_state.process_get_assertion(
+            get_assertion_params,
+            DUMMY_CHANNEL_ID,
+            DUMMY_CLOCK_VALUE,
+        );
+        check_assertion_response(get_assertion_response, vec![0x1D], None);
 
         let credential = PublicKeyCredentialSource {
             key_type: PublicKeyCredentialType::PublicKey,
             credential_id,
             private_key,
             rp_id: String::from("example.com"),
-            user_handle: vec![0x00],
+            user_handle: vec![0x1D],
             other_ui: None,
             cred_random: None,
             cred_protect_policy: Some(CredentialProtectionPolicy::UserVerificationRequired),
@@ -1556,8 +1635,11 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let get_assertion_response =
-            ctap_state.process_get_assertion(get_assertion_params, DUMMY_CHANNEL_ID);
+        let get_assertion_response = ctap_state.process_get_assertion(
+            get_assertion_params,
+            DUMMY_CHANNEL_ID,
+            DUMMY_CLOCK_VALUE,
+        );
         assert_eq!(
             get_assertion_response,
             Err(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS),
@@ -1565,10 +1647,10 @@ mod test {
     }
 
     #[test]
-    fn test_process_get_next_assertion() {
+    fn test_process_get_next_assertion_two_credentials() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.user.user_id = vec![0x01];
@@ -1593,63 +1675,135 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let get_assertion_response =
-            ctap_state.process_get_assertion(get_assertion_params, DUMMY_CHANNEL_ID);
+        let get_assertion_response = ctap_state.process_get_assertion(
+            get_assertion_params,
+            DUMMY_CHANNEL_ID,
+            DUMMY_CLOCK_VALUE,
+        );
+        check_assertion_response(get_assertion_response, vec![0x02], Some(2));
 
-        match get_assertion_response.unwrap() {
-            ResponseData::AuthenticatorGetAssertion(get_assertion_response) => {
-                let AuthenticatorGetAssertionResponse {
-                    auth_data,
-                    user,
-                    number_of_credentials,
-                    ..
-                } = get_assertion_response;
-                let expected_auth_data = vec![
-                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
-                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
-                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x00, 0x00, 0x00, 0x00, 0x01,
-                ];
-                assert_eq!(auth_data, expected_auth_data);
-                let expected_user = PublicKeyCredentialUserEntity {
-                    user_id: vec![0x02],
-                    user_name: None,
-                    user_display_name: None,
-                    user_icon: None,
-                };
-                assert_eq!(user, Some(expected_user));
-                assert_eq!(number_of_credentials, Some(2));
-            }
-            _ => panic!("Invalid response type"),
-        }
+        let get_assertion_response = ctap_state.process_get_next_assertion(DUMMY_CLOCK_VALUE);
+        check_assertion_response(get_assertion_response, vec![0x01], None);
 
-        let get_assertion_response = ctap_state.process_get_next_assertion();
-        match get_assertion_response.unwrap() {
-            ResponseData::AuthenticatorGetAssertion(get_assertion_response) => {
-                let AuthenticatorGetAssertionResponse {
-                    auth_data,
-                    user,
-                    number_of_credentials,
-                    ..
-                } = get_assertion_response;
-                let expected_auth_data = vec![
-                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
-                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
-                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x00, 0x00, 0x00, 0x00, 0x01,
-                ];
-                assert_eq!(auth_data, expected_auth_data);
-                let expected_user = PublicKeyCredentialUserEntity {
-                    user_id: vec![0x01],
-                    user_name: None,
-                    user_display_name: None,
-                    user_icon: None,
-                };
-                assert_eq!(user, Some(expected_user));
-                assert!(number_of_credentials.is_none());
-            }
-            _ => panic!("Invalid response type"),
-        }
+        let get_assertion_response = ctap_state.process_get_next_assertion(DUMMY_CLOCK_VALUE);
+        assert_eq!(
+            get_assertion_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+        );
+    }
 
-        let get_assertion_response = ctap_state.process_get_next_assertion();
+    #[test]
+    fn test_process_get_next_assertion_three_credentials() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+
+        let mut make_credential_params = create_minimal_make_credential_parameters();
+        make_credential_params.user.user_id = vec![0x01];
+        assert!(ctap_state
+            .process_make_credential(make_credential_params, DUMMY_CHANNEL_ID)
+            .is_ok());
+        let mut make_credential_params = create_minimal_make_credential_parameters();
+        make_credential_params.user.user_id = vec![0x02];
+        assert!(ctap_state
+            .process_make_credential(make_credential_params, DUMMY_CHANNEL_ID)
+            .is_ok());
+        let mut make_credential_params = create_minimal_make_credential_parameters();
+        make_credential_params.user.user_id = vec![0x03];
+        assert!(ctap_state
+            .process_make_credential(make_credential_params, DUMMY_CHANNEL_ID)
+            .is_ok());
+
+        let get_assertion_params = AuthenticatorGetAssertionParameters {
+            rp_id: String::from("example.com"),
+            client_data_hash: vec![0xCD],
+            allow_list: None,
+            extensions: None,
+            options: GetAssertionOptions {
+                up: false,
+                uv: false,
+            },
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let get_assertion_response = ctap_state.process_get_assertion(
+            get_assertion_params,
+            DUMMY_CHANNEL_ID,
+            DUMMY_CLOCK_VALUE,
+        );
+        check_assertion_response(get_assertion_response, vec![0x03], Some(3));
+
+        let get_assertion_response = ctap_state.process_get_next_assertion(DUMMY_CLOCK_VALUE);
+        check_assertion_response(get_assertion_response, vec![0x02], None);
+
+        let get_assertion_response = ctap_state.process_get_next_assertion(DUMMY_CLOCK_VALUE);
+        check_assertion_response(get_assertion_response, vec![0x01], None);
+
+        let get_assertion_response = ctap_state.process_get_next_assertion(DUMMY_CLOCK_VALUE);
+        assert_eq!(
+            get_assertion_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+        );
+    }
+
+    #[test]
+    fn test_process_get_next_assertion_not_allowed() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+
+        let get_assertion_response = ctap_state.process_get_next_assertion(DUMMY_CLOCK_VALUE);
+        assert_eq!(
+            get_assertion_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+        );
+
+        let mut make_credential_params = create_minimal_make_credential_parameters();
+        make_credential_params.user.user_id = vec![0x01];
+        assert!(ctap_state
+            .process_make_credential(make_credential_params, DUMMY_CHANNEL_ID)
+            .is_ok());
+        let mut make_credential_params = create_minimal_make_credential_parameters();
+        make_credential_params.user.user_id = vec![0x02];
+        assert!(ctap_state
+            .process_make_credential(make_credential_params, DUMMY_CHANNEL_ID)
+            .is_ok());
+
+        let get_assertion_params = AuthenticatorGetAssertionParameters {
+            rp_id: String::from("example.com"),
+            client_data_hash: vec![0xCD],
+            allow_list: None,
+            extensions: None,
+            options: GetAssertionOptions {
+                up: false,
+                uv: false,
+            },
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let get_assertion_response = ctap_state.process_get_assertion(
+            get_assertion_params,
+            DUMMY_CHANNEL_ID,
+            DUMMY_CLOCK_VALUE,
+        );
+        assert!(get_assertion_response.is_ok());
+
+        // This is a MakeCredential command.
+        let mut command_cbor = vec![0x01];
+        let cbor_value = cbor_map! {
+            1 => vec![0xCD; 16],
+            2 => cbor_map! {
+                "id" => "example.com",
+            },
+            3 => cbor_map! {
+                "id" => vec![0x1D, 0x1D, 0x1D, 0x1D],
+            },
+            4 => cbor_array![ES256_CRED_PARAM],
+        };
+        assert!(cbor::write(cbor_value, &mut command_cbor));
+        ctap_state.process_command(&command_cbor, DUMMY_CHANNEL_ID, DUMMY_CLOCK_VALUE);
+
+        let get_assertion_response = ctap_state.process_get_next_assertion(DUMMY_CLOCK_VALUE);
         assert_eq!(
             get_assertion_response,
             Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
@@ -1661,7 +1815,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
         let private_key = crypto::ecdsa::SecKey::gensk(&mut rng);
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         let credential_id = vec![0x01, 0x23, 0x45, 0x67];
         let credential_source = PublicKeyCredentialSource {
@@ -1681,7 +1835,8 @@ mod test {
             .is_ok());
         assert!(ctap_state.persistent_store.count_credentials().unwrap() > 0);
 
-        let reset_reponse = ctap_state.process_command(&[0x07], DUMMY_CHANNEL_ID);
+        let reset_reponse =
+            ctap_state.process_command(&[0x07], DUMMY_CHANNEL_ID, DUMMY_CLOCK_VALUE);
         let expected_response = vec![0x00];
         assert_eq!(reset_reponse, expected_response);
         assert!(ctap_state.persistent_store.count_credentials().unwrap() == 0);
@@ -1691,9 +1846,10 @@ mod test {
     fn test_process_reset_cancelled() {
         let mut rng = ThreadRng256 {};
         let user_presence_always_cancel = |_| Err(Ctap2StatusCode::CTAP2_ERR_KEEPALIVE_CANCEL);
-        let mut ctap_state = CtapState::new(&mut rng, user_presence_always_cancel);
+        let mut ctap_state =
+            CtapState::new(&mut rng, user_presence_always_cancel, DUMMY_CLOCK_VALUE);
 
-        let reset_reponse = ctap_state.process_reset(DUMMY_CHANNEL_ID);
+        let reset_reponse = ctap_state.process_reset(DUMMY_CHANNEL_ID, DUMMY_CLOCK_VALUE);
 
         assert_eq!(
             reset_reponse,
@@ -1701,14 +1857,28 @@ mod test {
         );
     }
 
+    #[test]
+    fn test_process_reset_not_first() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+
+        // This is a GetNextAssertion command.
+        ctap_state.process_command(&[0x08], DUMMY_CHANNEL_ID, DUMMY_CLOCK_VALUE);
+
+        let reset_reponse = ctap_state.process_reset(DUMMY_CHANNEL_ID, DUMMY_CLOCK_VALUE);
+        assert_eq!(reset_reponse, Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED));
+    }
+
     #[test]
     fn test_process_unknown_command() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         // This command does not exist.
-        let reset_reponse = ctap_state.process_command(&[0xDF], DUMMY_CHANNEL_ID);
+        let reset_reponse =
+            ctap_state.process_command(&[0xDF], DUMMY_CHANNEL_ID, DUMMY_CLOCK_VALUE);
         let expected_response = vec![Ctap2StatusCode::CTAP1_ERR_INVALID_COMMAND as u8];
         assert_eq!(reset_reponse, expected_response);
     }
@@ -1718,7 +1888,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
         let private_key = crypto::ecdsa::SecKey::gensk(&mut rng);
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         // Usually, the relying party ID or its hash is provided by the client.
         // We are not testing the correctness of our SHA256 here, only if it is checked.
@@ -1739,7 +1909,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
         let private_key = crypto::ecdsa::SecKey::gensk(&mut rng);
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         // Usually, the relying party ID or its hash is provided by the client.
         // We are not testing the correctness of our SHA256 here, only if it is checked.
@@ -1762,7 +1932,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
         let private_key = crypto::ecdsa::SecKey::gensk(&mut rng);
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         // Same as above.
         let rp_id_hash = [0x55; 32];
@@ -1784,7 +1954,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
         let private_key = crypto::ecdsa::SecKey::gensk(&mut rng);
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         // Same as above.
         let rp_id_hash = [0x55; 32];
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 6e4506a..aae6add 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -746,6 +746,21 @@ mod test {
         assert!(persistent_store.count_credentials().unwrap() > 0);
     }
 
+    #[test]
+    fn test_credential_order() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let credential_source = create_credential_source(&mut rng, "example.com", vec![]);
+        let current_latest_creation = credential_source.creation_order;
+        assert!(persistent_store.store_credential(credential_source).is_ok());
+        let mut credential_source = create_credential_source(&mut rng, "example.com", vec![]);
+        credential_source.creation_order = persistent_store.new_creation_order().unwrap();
+        assert!(credential_source.creation_order > current_latest_creation);
+        let current_latest_creation = credential_source.creation_order;
+        assert!(persistent_store.store_credential(credential_source).is_ok());
+        assert!(persistent_store.new_creation_order().unwrap() > current_latest_creation);
+    }
+
     #[test]
     #[allow(clippy::assertions_on_constants)]
     fn test_fill_store() {
diff --git a/src/main.rs b/src/main.rs
index 855325e..51c8305 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -37,9 +37,11 @@ use libtock_drivers::console::Console;
 use libtock_drivers::led;
 use libtock_drivers::result::{FlexUnwrap, TockError};
 use libtock_drivers::timer;
+use libtock_drivers::timer::Duration;
 #[cfg(feature = "debug_ctap")]
 use libtock_drivers::timer::Timer;
-use libtock_drivers::timer::{Duration, Timestamp};
+#[cfg(feature = "debug_ctap")]
+use libtock_drivers::timer::Timestamp;
 use libtock_drivers::usb_ctap_hid;
 
 const KEEPALIVE_DELAY_MS: isize = 100;
@@ -57,12 +59,13 @@ fn main() {
         panic!("Cannot setup USB driver");
     }
 
+    let boot_time = timer.get_current_clock().flex_unwrap();
     let mut rng = TockRng256 {};
-    let mut ctap_state = CtapState::new(&mut rng, check_user_presence);
+    let mut ctap_state = CtapState::new(&mut rng, check_user_presence, boot_time);
     let mut ctap_hid = CtapHid::new();
 
     let mut led_counter = 0;
-    let mut last_led_increment = timer.get_current_clock().flex_unwrap();
+    let mut last_led_increment = boot_time;
 
     // Main loop. If CTAP1 is used, we register button presses for U2F while receiving and waiting.
     // The way TockOS and apps currently interact, callbacks need a yield syscall to execute,
@@ -115,7 +118,7 @@ fn main() {
 
         // These calls are making sure that even for long inactivity, wrapping clock values
         // never randomly wink or grant user presence for U2F.
-        ctap_state.check_disable_reset(Timestamp::<isize>::from_clock_value(now));
+        ctap_state.update_command_permission(now);
         ctap_hid.wink_permission = ctap_hid.wink_permission.check_expiration(now);
 
         if has_packet {

From 3aef7e8b19d6a522af175f73de1b239bae3bd682 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Thu, 26 Nov 2020 15:56:59 +0100
Subject: [PATCH 026/192] reuse update_command_permission

---
 src/ctap/mod.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 4675350..f2043d0 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -204,7 +204,7 @@ where
     }
 
     fn check_command_permission(&mut self, now: ClockValue) -> Result<(), Ctap2StatusCode> {
-        self.stateful_command_permission = self.stateful_command_permission.check_expiration(now);
+        self.update_command_permission(now);
         if self.stateful_command_permission.is_granted(now) {
             Ok(())
         } else {

From 3d1d8279847ef0dd8407b0a74e6c963a2eef4ce0 Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Thu, 26 Nov 2020 16:29:14 +0100
Subject: [PATCH 027/192] Address PR comments

---
 src/ctap/ctap1.rs   | 28 +++++++++++++++++-----------
 src/ctap/storage.rs |  8 ++++----
 2 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index 0fa4745..41df364 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -35,6 +35,8 @@ pub enum Ctap1StatusCode {
     SW_WRONG_LENGTH = 0x6700,
     SW_CLA_NOT_SUPPORTED = 0x6E00,
     SW_INS_NOT_SUPPORTED = 0x6D00,
+    SW_MEMERR = 0x6501,
+    SW_COMMAND_ABORTED = 0x6F00,
     SW_VENDOR_KEY_HANDLE_TOO_LONG = 0xF000,
 }
 
@@ -49,6 +51,8 @@ impl TryFrom<u16> for Ctap1StatusCode {
             0x6700 => Ok(Ctap1StatusCode::SW_WRONG_LENGTH),
             0x6E00 => Ok(Ctap1StatusCode::SW_CLA_NOT_SUPPORTED),
             0x6D00 => Ok(Ctap1StatusCode::SW_INS_NOT_SUPPORTED),
+            0x6501 => Ok(Ctap1StatusCode::SW_MEMERR),
+            0x6F00 => Ok(Ctap1StatusCode::SW_COMMAND_ABORTED),
             0xF000 => Ok(Ctap1StatusCode::SW_VENDOR_KEY_HANDLE_TOO_LONG),
             _ => Err(()),
         }
@@ -288,20 +292,22 @@ impl Ctap1Command {
         let pk = sk.genpk();
         let key_handle = ctap_state
             .encrypt_key_handle(sk, &application, None)
-            .map_err(|_| Ctap1StatusCode::SW_VENDOR_KEY_HANDLE_TOO_LONG)?;
+            .map_err(|_| Ctap1StatusCode::SW_COMMAND_ABORTED)?;
         if key_handle.len() > 0xFF {
             // This is just being defensive with unreachable code.
             return Err(Ctap1StatusCode::SW_VENDOR_KEY_HANDLE_TOO_LONG);
         }
 
-        let certificate = match ctap_state.persistent_store.attestation_certificate() {
-            Ok(Some(value)) => value,
-            _ => return Err(Ctap1StatusCode::SW_INS_NOT_SUPPORTED),
-        };
-        let private_key = match ctap_state.persistent_store.attestation_private_key() {
-            Ok(Some(value)) => value,
-            _ => return Err(Ctap1StatusCode::SW_INS_NOT_SUPPORTED),
-        };
+        let certificate = ctap_state
+            .persistent_store
+            .attestation_certificate()
+            .map_err(|_| Ctap1StatusCode::SW_MEMERR)?
+            .ok_or(Ctap1StatusCode::SW_COMMAND_ABORTED)?;
+        let private_key = ctap_state
+            .persistent_store
+            .attestation_private_key()
+            .map_err(|_| Ctap1StatusCode::SW_MEMERR)?
+            .ok_or(Ctap1StatusCode::SW_COMMAND_ABORTED)?;
 
         let mut response = Vec::with_capacity(105 + key_handle.len() + certificate.len());
         response.push(Ctap1Command::LEGACY_BYTE);
@@ -442,7 +448,7 @@ mod test {
         ctap_state.u2f_up_state.grant_up(START_CLOCK_VALUE);
         let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
         // Certificate and private key are missing
-        assert_eq!(response, Err(Ctap1StatusCode::SW_INS_NOT_SUPPORTED));
+        assert_eq!(response, Err(Ctap1StatusCode::SW_COMMAND_ABORTED));
 
         let fake_key = [0x41u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH];
         assert!(ctap_state
@@ -453,7 +459,7 @@ mod test {
         ctap_state.u2f_up_state.grant_up(START_CLOCK_VALUE);
         let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
         // Certificate is still missing
-        assert_eq!(response, Err(Ctap1StatusCode::SW_INS_NOT_SUPPORTED));
+        assert_eq!(response, Err(Ctap1StatusCode::SW_COMMAND_ABORTED));
 
         let fake_cert = [0x99u8; 100]; // Arbitrary length
         assert!(ctap_state
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 8e396b6..5ec6511 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -230,8 +230,8 @@ impl PersistentStore {
                 .unwrap();
         }
         // TODO(jmichel): remove this when vendor command is in place
-        #[cfg(not(any(test, feature = "ram_storage")))]
-        self.load_attestation_from_firmware();
+        #[cfg(not(test))]
+        self.load_attestation_data_from_firmware();
 
         if self.store.find_one(&Key::Aaguid).is_none() {
             self.set_aaguid(key_material::AAGUID).unwrap();
@@ -239,8 +239,8 @@ impl PersistentStore {
     }
 
     // TODO(jmichel): remove this function when vendor command is in place.
-    #[cfg(not(any(test, feature = "ram_storage")))]
-    fn load_attestation_from_firmware(&mut self) {
+    #[cfg(not(test))]
+    fn load_attestation_data_from_firmware(&mut self) {
         // The following 2 entries are meant to be written by vendor-specific commands.
         if self.store.find_one(&Key::AttestationPrivateKey).is_none() {
             self.set_attestation_private_key(key_material::ATTESTATION_PRIVATE_KEY)

From 1571f58cd3e51849626cb3681bb15ccef10155b8 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Thu, 26 Nov 2020 19:21:41 +0100
Subject: [PATCH 028/192] wrapping_add in storage and more moving

---
 src/ctap/mod.rs     | 27 ++++++++++++++-------------
 src/ctap/storage.rs |  2 +-
 2 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 9626da4..5fdfa9e 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -614,7 +614,7 @@ where
     // and returns the correct Get(Next)Assertion response.
     fn assertion_response(
         &self,
-        credential: &PublicKeyCredentialSource,
+        credential: PublicKeyCredentialSource,
         assertion_input: AssertionInput,
         number_of_credentials: Option<usize>,
     ) -> Result<ResponseData, Ctap2StatusCode> {
@@ -645,14 +645,14 @@ where
 
         let cred_desc = PublicKeyCredentialDescriptor {
             key_type: PublicKeyCredentialType::PublicKey,
-            key_id: credential.credential_id.clone(),
+            key_id: credential.credential_id,
             transports: None, // You can set USB as a hint here.
         };
         let user = if !credential.user_handle.is_empty() {
             Some(PublicKeyCredentialUserEntity {
-                user_id: credential.user_handle.clone(),
+                user_id: credential.user_handle,
                 user_name: None,
-                user_display_name: credential.other_ui.clone(),
+                user_display_name: credential.other_ui,
                 user_icon: None,
             })
         } else {
@@ -758,7 +758,7 @@ where
         }
 
         let rp_id_hash = Sha256::hash(rp_id.as_bytes());
-        let mut credentials = if let Some(allow_list) = allow_list {
+        let mut applicable_credentials = if let Some(allow_list) = allow_list {
             if let Some(credential) =
                 self.get_any_credential_from_allow_list(allow_list, &rp_id, &rp_id_hash, has_uv)?
             {
@@ -771,11 +771,11 @@ where
         };
         // Remove user identifiable information without uv.
         if !has_uv {
-            for credential in &mut credentials {
+            for credential in &mut applicable_credentials {
                 credential.other_ui = None;
             }
         }
-        credentials.sort_unstable_by_key(|c| c.creation_order);
+        applicable_credentials.sort_unstable_by_key(|c| c.creation_order);
 
         // This check comes before CTAP2_ERR_NO_CREDENTIALS in CTAP 2.0.
         // For CTAP 2.1, it was moved to a later protocol step.
@@ -783,8 +783,8 @@ where
             (self.check_user_presence)(cid)?;
         }
 
-        let (credential, remaining_credentials) = credentials
-            .split_last()
+        let credential = applicable_credentials
+            .pop()
             .ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)?;
 
         self.increment_global_signature_counter()?;
@@ -794,16 +794,17 @@ where
             auth_data: self.generate_auth_data(&rp_id_hash, flags)?,
             hmac_secret_input,
         };
-        let number_of_credentials = if remaining_credentials.is_empty() {
+        let number_of_credentials = if applicable_credentials.is_empty() {
             None
         } else {
+            let number_of_credentials = Some(applicable_credentials.len() + 1);
             self.stateful_command_permission =
                 TimedPermission::granted(now, STATEFUL_COMMAND_TIMEOUT_DURATION);
             self.stateful_command_type = Some(StatefulCommand::GetAssertion(AssertionState {
                 assertion_input: assertion_input.clone(),
-                next_credentials: remaining_credentials.to_vec(),
+                next_credentials: applicable_credentials,
             }));
-            Some(remaining_credentials.len() + 1)
+            number_of_credentials
         };
         self.assertion_response(credential, assertion_input, number_of_credentials)
     }
@@ -825,7 +826,7 @@ where
             } else {
                 return Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED);
             };
-        self.assertion_response(&credential, assertion_input, None)
+        self.assertion_response(credential, assertion_input, None)
     }
 
     fn process_get_info(&self) -> Result<ResponseData, Ctap2StatusCode> {
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index fd91cce..7952d75 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -359,7 +359,7 @@ impl PersistentStore {
             .map(|c| c.creation_order)
             .max()
             .unwrap_or(0)
-            + 1)
+            .wrapping_add(1))
     }
 
     pub fn global_signature_counter(&self) -> Result<u32, Ctap2StatusCode> {

From 2a4677c0b1a03229dd5049c0d32d12ea736e8167 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 27 Nov 2020 15:04:47 +0100
Subject: [PATCH 029/192] adds user data to persistent storage

---
 src/ctap/data_formats.rs    |  52 ++++++++++++---
 src/ctap/mod.rs             | 123 ++++++++++++++++++++++++++++--------
 src/ctap/pin_protocol_v1.rs |  16 +++++
 src/ctap/storage.rs         |  20 ++++--
 4 files changed, 169 insertions(+), 42 deletions(-)

diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index fa747bc..e7419fd 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -56,7 +56,7 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialRpEntity {
 }
 
 // https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialuserentity
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Clone, Debug, PartialEq))]
 pub struct PublicKeyCredentialUserEntity {
     pub user_id: Vec<u8>,
     pub user_name: Option<String>,
@@ -497,10 +497,12 @@ pub struct PublicKeyCredentialSource {
     pub private_key: ecdsa::SecKey, // TODO(kaczmarczyck) open for other algorithms
     pub rp_id: String,
     pub user_handle: Vec<u8>, // not optional, but nullable
-    pub other_ui: Option<String>,
+    pub user_display_name: Option<String>,
     pub cred_random: Option<Vec<u8>>,
     pub cred_protect_policy: Option<CredentialProtectionPolicy>,
     pub creation_order: u64,
+    pub user_name: Option<String>,
+    pub user_icon: Option<String>,
 }
 
 // We serialize credentials for the persistent storage using CBOR maps. Each field of a credential
@@ -510,10 +512,12 @@ enum PublicKeyCredentialSourceField {
     PrivateKey = 1,
     RpId = 2,
     UserHandle = 3,
-    OtherUi = 4,
+    UserDisplayName = 4,
     CredRandom = 5,
     CredProtectPolicy = 6,
     CreationOrder = 7,
+    UserName = 8,
+    UserIcon = 9,
     // When a field is removed, its tag should be reserved and not used for new fields. We document
     // those reserved tags below.
     // Reserved tags: none.
@@ -534,10 +538,12 @@ impl From<PublicKeyCredentialSource> for cbor::Value {
             PublicKeyCredentialSourceField::PrivateKey => Some(private_key.to_vec()),
             PublicKeyCredentialSourceField::RpId => Some(credential.rp_id),
             PublicKeyCredentialSourceField::UserHandle => Some(credential.user_handle),
-            PublicKeyCredentialSourceField::OtherUi => credential.other_ui,
+            PublicKeyCredentialSourceField::UserDisplayName => credential.user_display_name,
             PublicKeyCredentialSourceField::CredRandom => credential.cred_random,
             PublicKeyCredentialSourceField::CredProtectPolicy => credential.cred_protect_policy,
             PublicKeyCredentialSourceField::CreationOrder => credential.creation_order,
+            PublicKeyCredentialSourceField::UserName => credential.user_name,
+            PublicKeyCredentialSourceField::UserIcon => credential.user_icon,
         }
     }
 }
@@ -552,10 +558,12 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialSource {
                 PublicKeyCredentialSourceField::PrivateKey => private_key,
                 PublicKeyCredentialSourceField::RpId => rp_id,
                 PublicKeyCredentialSourceField::UserHandle => user_handle,
-                PublicKeyCredentialSourceField::OtherUi => other_ui,
+                PublicKeyCredentialSourceField::UserDisplayName => user_display_name,
                 PublicKeyCredentialSourceField::CredRandom => cred_random,
                 PublicKeyCredentialSourceField::CredProtectPolicy => cred_protect_policy,
                 PublicKeyCredentialSourceField::CreationOrder => creation_order,
+                PublicKeyCredentialSourceField::UserName => user_name,
+                PublicKeyCredentialSourceField::UserIcon => user_icon,
             } = extract_map(cbor_value)?;
         }
 
@@ -568,12 +576,14 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialSource {
             .ok_or(Ctap2StatusCode::CTAP2_ERR_INVALID_CBOR)?;
         let rp_id = extract_text_string(ok_or_missing(rp_id)?)?;
         let user_handle = extract_byte_string(ok_or_missing(user_handle)?)?;
-        let other_ui = other_ui.map(extract_text_string).transpose()?;
+        let user_display_name = user_display_name.map(extract_text_string).transpose()?;
         let cred_random = cred_random.map(extract_byte_string).transpose()?;
         let cred_protect_policy = cred_protect_policy
             .map(CredentialProtectionPolicy::try_from)
             .transpose()?;
         let creation_order = creation_order.map(extract_unsigned).unwrap_or(Ok(0))?;
+        let user_name = user_name.map(extract_text_string).transpose()?;
+        let user_icon = user_icon.map(extract_text_string).transpose()?;
         // We don't return whether there were unknown fields in the CBOR value. This means that
         // deserialization is not injective. In particular deserialization is only an inverse of
         // serialization at a given version of OpenSK. This is not a problem because:
@@ -590,10 +600,12 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialSource {
             private_key,
             rp_id,
             user_handle,
-            other_ui,
+            user_display_name,
             cred_random,
             cred_protect_policy,
             creation_order,
+            user_name,
+            user_icon,
         })
     }
 }
@@ -1360,10 +1372,12 @@ mod test {
             private_key: crypto::ecdsa::SecKey::gensk(&mut rng),
             rp_id: "example.com".to_string(),
             user_handle: b"foo".to_vec(),
-            other_ui: None,
+            user_display_name: None,
             cred_random: None,
             cred_protect_policy: None,
             creation_order: 0,
+            user_name: None,
+            user_icon: None,
         };
 
         assert_eq!(
@@ -1372,7 +1386,7 @@ mod test {
         );
 
         let credential = PublicKeyCredentialSource {
-            other_ui: Some("other".to_string()),
+            user_display_name: Some("Display Name".to_string()),
             ..credential
         };
 
@@ -1396,6 +1410,26 @@ mod test {
             ..credential
         };
 
+        assert_eq!(
+            PublicKeyCredentialSource::try_from(cbor::Value::from(credential.clone())),
+            Ok(credential.clone())
+        );
+
+        let credential = PublicKeyCredentialSource {
+            user_name: Some("name".to_string()),
+            ..credential
+        };
+
+        assert_eq!(
+            PublicKeyCredentialSource::try_from(cbor::Value::from(credential.clone())),
+            Ok(credential.clone())
+        );
+
+        let credential = PublicKeyCredentialSource {
+            user_icon: Some("icon".to_string()),
+            ..credential
+        };
+
         assert_eq!(
             PublicKeyCredentialSource::try_from(cbor::Value::from(credential.clone())),
             Ok(credential)
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 5fdfa9e..8efb92e 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -317,10 +317,12 @@ where
             private_key: sk,
             rp_id: String::from(""),
             user_handle: vec![],
-            other_ui: None,
+            user_display_name: None,
             cred_random,
             cred_protect_policy: None,
             creation_order: 0,
+            user_name: None,
+            user_icon: None,
         }))
     }
 
@@ -534,12 +536,18 @@ where
                 user_handle: user.user_id,
                 // This input is user provided, so we crop it to 64 byte for storage.
                 // The UTF8 encoding is always preserved, so the string might end up shorter.
-                other_ui: user
+                user_display_name: user
                     .user_display_name
                     .map(|s| truncate_to_char_boundary(&s, 64).to_string()),
                 cred_random: cred_random.map(|c| c.to_vec()),
                 cred_protect_policy,
                 creation_order: self.persistent_store.new_creation_order()?,
+                user_name: user
+                    .user_name
+                    .map(|s| truncate_to_char_boundary(&s, 64).to_string()),
+                user_icon: user
+                    .user_icon
+                    .map(|s| truncate_to_char_boundary(&s, 64).to_string()),
             };
             self.persistent_store.store_credential(credential_source)?;
             random_id
@@ -651,9 +659,9 @@ where
         let user = if !credential.user_handle.is_empty() {
             Some(PublicKeyCredentialUserEntity {
                 user_id: credential.user_handle,
-                user_name: None,
-                user_display_name: credential.other_ui,
-                user_icon: None,
+                user_name: credential.user_name,
+                user_display_name: credential.user_display_name,
+                user_icon: credential.user_icon,
             })
         } else {
             None
@@ -772,7 +780,9 @@ where
         // Remove user identifiable information without uv.
         if !has_uv {
             for credential in &mut applicable_credentials {
-                credential.other_ui = None;
+                credential.user_name = None;
+                credential.user_display_name = None;
+                credential.user_icon = None;
             }
         }
         applicable_credentials.sort_unstable_by_key(|c| c.creation_order);
@@ -1169,10 +1179,12 @@ mod test {
             private_key: excluded_private_key,
             rp_id: String::from("example.com"),
             user_handle: vec![],
-            other_ui: None,
+            user_display_name: None,
             cred_random: None,
             cred_protect_policy: None,
             creation_order: 0,
+            user_name: None,
+            user_icon: None,
         };
         assert!(ctap_state
             .persistent_store
@@ -1357,9 +1369,10 @@ mod test {
         );
     }
 
-    fn check_assertion_response(
+    fn check_assertion_response_with_user(
         response: Result<ResponseData, Ctap2StatusCode>,
-        expected_user_id: Vec<u8>,
+        expected_user: PublicKeyCredentialUserEntity,
+        flags: u8,
         expected_number_of_credentials: Option<u64>,
     ) {
         match response.unwrap() {
@@ -1373,15 +1386,9 @@ mod test {
                 let expected_auth_data = vec![
                     0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
                     0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
-                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x00, 0x00, 0x00, 0x00, 0x01,
+                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, flags, 0x00, 0x00, 0x00, 0x01,
                 ];
                 assert_eq!(auth_data, expected_auth_data);
-                let expected_user = PublicKeyCredentialUserEntity {
-                    user_id: expected_user_id,
-                    user_name: None,
-                    user_display_name: None,
-                    user_icon: None,
-                };
                 assert_eq!(user, Some(expected_user));
                 assert_eq!(number_of_credentials, expected_number_of_credentials);
             }
@@ -1389,6 +1396,25 @@ mod test {
         }
     }
 
+    fn check_assertion_response(
+        response: Result<ResponseData, Ctap2StatusCode>,
+        expected_user_id: Vec<u8>,
+        expected_number_of_credentials: Option<u64>,
+    ) {
+        let expected_user = PublicKeyCredentialUserEntity {
+            user_id: expected_user_id,
+            user_name: None,
+            user_display_name: None,
+            user_icon: None,
+        };
+        check_assertion_response_with_user(
+            response,
+            expected_user,
+            0x00,
+            expected_number_of_credentials,
+        );
+    }
+
     #[test]
     fn test_residential_process_get_assertion() {
         let mut rng = ThreadRng256 {};
@@ -1557,12 +1583,14 @@ mod test {
             private_key: private_key.clone(),
             rp_id: String::from("example.com"),
             user_handle: vec![0x1D],
-            other_ui: None,
+            user_display_name: None,
             cred_random: None,
             cred_protect_policy: Some(
                 CredentialProtectionPolicy::UserVerificationOptionalWithCredentialIdList,
             ),
             creation_order: 0,
+            user_name: None,
+            user_icon: None,
         };
         assert!(ctap_state
             .persistent_store
@@ -1616,10 +1644,12 @@ mod test {
             private_key,
             rp_id: String::from("example.com"),
             user_handle: vec![0x1D],
-            other_ui: None,
+            user_display_name: None,
             cred_random: None,
             cred_protect_policy: Some(CredentialProtectionPolicy::UserVerificationRequired),
             creation_order: 0,
+            user_name: None,
+            user_icon: None,
         };
         assert!(ctap_state
             .persistent_store
@@ -1650,22 +1680,48 @@ mod test {
     }
 
     #[test]
-    fn test_process_get_next_assertion_two_credentials() {
+    fn test_process_get_next_assertion_two_credentials_with_uv() {
         let mut rng = ThreadRng256 {};
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x88; 32];
+        let pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+        ctap_state.pin_protocol_v1 = pin_protocol_v1;
 
         let mut make_credential_params = create_minimal_make_credential_parameters();
-        make_credential_params.user.user_id = vec![0x01];
+        let user1 = PublicKeyCredentialUserEntity {
+            user_id: vec![0x01],
+            user_name: Some("user1".to_string()),
+            user_display_name: Some("User One".to_string()),
+            user_icon: Some("icon1".to_string()),
+        };
+        make_credential_params.user = user1.clone();
         assert!(ctap_state
             .process_make_credential(make_credential_params, DUMMY_CHANNEL_ID)
             .is_ok());
         let mut make_credential_params = create_minimal_make_credential_parameters();
-        make_credential_params.user.user_id = vec![0x02];
+        let user2 = PublicKeyCredentialUserEntity {
+            user_id: vec![0x02],
+            user_name: Some("user2".to_string()),
+            user_display_name: Some("User Two".to_string()),
+            user_icon: Some("icon2".to_string()),
+        };
+        make_credential_params.user = user2.clone();
         assert!(ctap_state
             .process_make_credential(make_credential_params, DUMMY_CHANNEL_ID)
             .is_ok());
 
+        ctap_state
+            .persistent_store
+            .set_pin_hash(&[0u8; 16])
+            .unwrap();
+        let pin_uv_auth_param = Some(vec![
+            0x6F, 0x52, 0x83, 0xBF, 0x1A, 0x91, 0xEE, 0x67, 0xE9, 0xD4, 0x4C, 0x80, 0x08, 0x79,
+            0x90, 0x8D,
+        ]);
+
         let get_assertion_params = AuthenticatorGetAssertionParameters {
             rp_id: String::from("example.com"),
             client_data_hash: vec![0xCD],
@@ -1673,20 +1729,20 @@ mod test {
             extensions: None,
             options: GetAssertionOptions {
                 up: false,
-                uv: false,
+                uv: true,
             },
-            pin_uv_auth_param: None,
-            pin_uv_auth_protocol: None,
+            pin_uv_auth_param,
+            pin_uv_auth_protocol: Some(1),
         };
         let get_assertion_response = ctap_state.process_get_assertion(
             get_assertion_params,
             DUMMY_CHANNEL_ID,
             DUMMY_CLOCK_VALUE,
         );
-        check_assertion_response(get_assertion_response, vec![0x02], Some(2));
+        check_assertion_response_with_user(get_assertion_response, user2, 0x04, Some(2));
 
         let get_assertion_response = ctap_state.process_get_next_assertion(DUMMY_CLOCK_VALUE);
-        check_assertion_response(get_assertion_response, vec![0x01], None);
+        check_assertion_response_with_user(get_assertion_response, user1, 0x04, None);
 
         let get_assertion_response = ctap_state.process_get_next_assertion(DUMMY_CLOCK_VALUE);
         assert_eq!(
@@ -1696,23 +1752,32 @@ mod test {
     }
 
     #[test]
-    fn test_process_get_next_assertion_three_credentials() {
+    fn test_process_get_next_assertion_three_credentials_no_uv() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.user.user_id = vec![0x01];
+        make_credential_params.user.user_name = Some("removed".to_string());
+        make_credential_params.user.user_display_name = Some("removed".to_string());
+        make_credential_params.user.user_icon = Some("removed".to_string());
         assert!(ctap_state
             .process_make_credential(make_credential_params, DUMMY_CHANNEL_ID)
             .is_ok());
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.user.user_id = vec![0x02];
+        make_credential_params.user.user_name = Some("removed".to_string());
+        make_credential_params.user.user_display_name = Some("removed".to_string());
+        make_credential_params.user.user_icon = Some("removed".to_string());
         assert!(ctap_state
             .process_make_credential(make_credential_params, DUMMY_CHANNEL_ID)
             .is_ok());
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.user.user_id = vec![0x03];
+        make_credential_params.user.user_name = Some("removed".to_string());
+        make_credential_params.user.user_display_name = Some("removed".to_string());
+        make_credential_params.user.user_icon = Some("removed".to_string());
         assert!(ctap_state
             .process_make_credential(make_credential_params, DUMMY_CHANNEL_ID)
             .is_ok());
@@ -1827,10 +1892,12 @@ mod test {
             private_key,
             rp_id: String::from("example.com"),
             user_handle: vec![],
-            other_ui: None,
+            user_display_name: None,
             cred_random: None,
             cred_protect_policy: None,
             creation_order: 0,
+            user_name: None,
+            user_icon: None,
         };
         assert!(ctap_state
             .persistent_store
diff --git a/src/ctap/pin_protocol_v1.rs b/src/ctap/pin_protocol_v1.rs
index 564ca6d..44aad71 100644
--- a/src/ctap/pin_protocol_v1.rs
+++ b/src/ctap/pin_protocol_v1.rs
@@ -631,6 +631,22 @@ impl PinProtocolV1 {
         }
         Ok(())
     }
+
+    #[cfg(test)]
+    pub fn new_test(
+        key_agreement_key: crypto::ecdh::SecKey,
+        pin_uv_auth_token: [u8; 32],
+    ) -> PinProtocolV1 {
+        PinProtocolV1 {
+            key_agreement_key,
+            pin_uv_auth_token,
+            consecutive_pin_mismatches: 0,
+            #[cfg(feature = "with_ctap2_1")]
+            permissions: 0xFF,
+            #[cfg(feature = "with_ctap2_1")]
+            permissions_rp_id: None,
+        }
+    }
 }
 
 #[cfg(test)]
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 7952d75..0e4941a 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -719,10 +719,12 @@ mod test {
             private_key,
             rp_id: String::from(rp_id),
             user_handle,
-            other_ui: None,
+            user_display_name: None,
             cred_random: None,
             cred_protect_policy: None,
             creation_order: 0,
+            user_name: None,
+            user_icon: None,
         }
     }
 
@@ -896,12 +898,14 @@ mod test {
             private_key,
             rp_id: String::from("example.com"),
             user_handle: vec![0x00],
-            other_ui: None,
+            user_display_name: None,
             cred_random: None,
             cred_protect_policy: Some(
                 CredentialProtectionPolicy::UserVerificationOptionalWithCredentialIdList,
             ),
             creation_order: 0,
+            user_name: None,
+            user_icon: None,
         };
         assert!(persistent_store.store_credential(credential).is_ok());
 
@@ -940,10 +944,12 @@ mod test {
             private_key: key0,
             rp_id: String::from("example.com"),
             user_handle: vec![0x00],
-            other_ui: None,
+            user_display_name: None,
             cred_random: None,
             cred_protect_policy: None,
             creation_order: 0,
+            user_name: None,
+            user_icon: None,
         };
         assert_eq!(found_credential, Some(expected_credential));
     }
@@ -960,10 +966,12 @@ mod test {
             private_key,
             rp_id: String::from("example.com"),
             user_handle: vec![0x00],
-            other_ui: None,
+            user_display_name: None,
             cred_random: None,
             cred_protect_policy: Some(CredentialProtectionPolicy::UserVerificationRequired),
             creation_order: 0,
+            user_name: None,
+            user_icon: None,
         };
         assert!(persistent_store.store_credential(credential).is_ok());
 
@@ -1138,10 +1146,12 @@ mod test {
             private_key,
             rp_id: String::from("example.com"),
             user_handle: vec![0x00],
-            other_ui: None,
+            user_display_name: None,
             cred_random: None,
             cred_protect_policy: None,
             creation_order: 0,
+            user_name: None,
+            user_icon: None,
         };
         let serialized = serialize_credential(credential.clone()).unwrap();
         let reconstructed = deserialize_credential(&serialized).unwrap();

From ed5a9e5b24f6d1d629cd6a575f29e4d0b5c24ddb Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Sat, 28 Nov 2020 19:01:16 +0100
Subject: [PATCH 030/192] Apply review comments

---
 libraries/persistent_store/fuzz/src/store.rs | 27 ++++++++++++++------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/libraries/persistent_store/fuzz/src/store.rs b/libraries/persistent_store/fuzz/src/store.rs
index e51ed71..a008a4e 100644
--- a/libraries/persistent_store/fuzz/src/store.rs
+++ b/libraries/persistent_store/fuzz/src/store.rs
@@ -32,8 +32,6 @@ use std::convert::TryInto;
 /// information is printed if `debug` is set. Statistics are gathered if `stats` is set.
 pub fn fuzz(data: &[u8], debug: bool, stats: Option<&mut Stats>) {
     let mut fuzzer = Fuzzer::new(data, debug, stats);
-    fuzzer.init_counters();
-    fuzzer.record(StatKey::Entropy, data.len());
     let mut driver = fuzzer.init();
     let store = loop {
         if fuzzer.debug {
@@ -115,14 +113,17 @@ impl<'a> Fuzzer<'a> {
         let mut entropy = Entropy::new(data);
         let seed = entropy.read_slice(16);
         let values = Pcg32::from_seed(seed[..].try_into().unwrap());
-        Fuzzer {
+        let mut fuzzer = Fuzzer {
             entropy,
             values,
             init: Init::Clean,
             debug,
             stats,
             counters: HashMap::new(),
-        }
+        };
+        fuzzer.init_counters();
+        fuzzer.record(StatKey::Entropy, data.len());
+        fuzzer
     }
 
     /// Initializes the fuzzing state and returns the store driver.
@@ -395,7 +396,7 @@ impl<'a> Fuzzer<'a> {
 enum Init {
     /// Fuzzing starts from a clean storage.
     ///
-    /// All invariant are checked.
+    /// All invariants are checked.
     Clean,
 
     /// Fuzzing starts from a dirty storage.
@@ -405,7 +406,7 @@ enum Init {
 
     /// Fuzzing starts from a simulated old storage.
     ///
-    /// All invariant are checked.
+    /// All invariants are checked.
     Used {
         /// Number of simulated used cycles.
         cycle: usize,
@@ -437,9 +438,13 @@ impl Init {
 #[derive(Default, Clone, Debug)]
 struct BitStack {
     /// Bits stored in little-endian (for bytes and bits).
+    ///
+    /// The last byte only contains `len` bits.
     data: Vec<u8>,
 
-    /// Number of bits stored.
+    /// Number of bits stored in the last byte.
+    ///
+    /// It is 0 if the last byte is full, not 8.
     len: usize,
 }
 
@@ -526,8 +531,14 @@ fn bit_stack_ok() {
     assert_eq!(bits.pop(), Some(false));
     assert_eq!(bits.pop(), None);
 
-    for i in 0..27 {
+    let n = 27;
+    for i in 0..n {
         assert_eq!(bits.len(), i);
         bits.push(true);
     }
+    for i in (0..n).rev() {
+        assert_eq!(bits.pop(), Some(true));
+        assert_eq!(bits.len(), i);
+    }
+    assert_eq!(bits.pop(), None);
 }

From f548a35f011de034785a5bd68c8423eee236362b Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Mon, 30 Nov 2020 10:29:18 +0100
Subject: [PATCH 031/192] Do not crash with dirty init

---
 libraries/persistent_store/fuzz/src/store.rs |  4 +--
 libraries/persistent_store/src/buffer.rs     | 31 +++++++++++++-------
 libraries/persistent_store/src/store.rs      |  2 +-
 3 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/libraries/persistent_store/fuzz/src/store.rs b/libraries/persistent_store/fuzz/src/store.rs
index a008a4e..c18eb51 100644
--- a/libraries/persistent_store/fuzz/src/store.rs
+++ b/libraries/persistent_store/fuzz/src/store.rs
@@ -133,7 +133,7 @@ impl<'a> Fuzzer<'a> {
             page_size: 1 << self.entropy.read_range(5, 12),
             max_word_writes: 2,
             max_page_erases: self.entropy.read_range(0, 50000),
-            strict_write: true,
+            strict_mode: true,
         };
         let num_pages = self.entropy.read_range(3, 64);
         self.record(StatKey::PageSize, options.page_size);
@@ -156,7 +156,7 @@ impl<'a> Fuzzer<'a> {
             if self.debug {
                 println!("Start with dirty storage.");
             }
-            options.strict_write = false;
+            options.strict_mode = false;
             let storage = BufferStorage::new(storage, options);
             StoreDriver::Off(StoreDriverOff::new_dirty(storage))
         } else if self.entropy.read_bit() {
diff --git a/libraries/persistent_store/src/buffer.rs b/libraries/persistent_store/src/buffer.rs
index 0059826..ae35089 100644
--- a/libraries/persistent_store/src/buffer.rs
+++ b/libraries/persistent_store/src/buffer.rs
@@ -23,9 +23,9 @@ use alloc::vec;
 /// for tests and fuzzing, for which it has dedicated functionalities.
 ///
 /// This storage tracks how many times words are written between page erase cycles, how many times
-/// pages are erased, and whether an operation flips bits in the wrong direction (optional).
-/// Operations panic if those conditions are broken. This storage also permits to interrupt
-/// operations for inspection or to corrupt the operation.
+/// pages are erased, and whether an operation flips bits in the wrong direction. Operations panic
+/// if those conditions are broken (optional). This storage also permits to interrupt operations for
+/// inspection or to corrupt the operation.
 #[derive(Clone)]
 pub struct BufferStorage {
     /// Content of the storage.
@@ -59,8 +59,13 @@ pub struct BufferOptions {
     /// How many times a page can be erased.
     pub max_page_erases: usize,
 
-    /// Whether bits cannot be written from 0 to 1.
-    pub strict_write: bool,
+    /// Whether the storage should check the flash invariant.
+    ///
+    /// When set, the following conditions would panic:
+    /// - A bit is written from 0 to 1.
+    /// - A word is written more than `max_word_writes`.
+    /// - A page is erased more than `max_page_erases`.
+    pub strict_mode: bool,
 }
 
 /// Corrupts a slice given actual and expected value.
@@ -214,7 +219,10 @@ impl BufferStorage {
     ///
     /// Panics if the maximum number of erase cycles per page is reached.
     fn incr_page_erases(&mut self, page: usize) {
-        assert!(self.page_erases[page] < self.max_page_erases());
+        // Check that pages are not erased too many times.
+        if self.options.strict_mode {
+            assert!(self.page_erases[page] < self.max_page_erases());
+        }
         self.page_erases[page] += 1;
         let num_words = self.page_size() / self.word_size();
         for word in 0..num_words {
@@ -252,7 +260,10 @@ impl BufferStorage {
                 continue;
             }
             let word = index / word_size + i;
-            assert!(self.word_writes[word] < self.max_word_writes());
+            // Check that words are not written too many times.
+            if self.options.strict_mode {
+                assert!(self.word_writes[word] < self.max_word_writes());
+            }
             self.word_writes[word] += 1;
         }
     }
@@ -306,8 +317,8 @@ impl Storage for BufferStorage {
         self.interruption.tick(&operation)?;
         // Check and update counters.
         self.incr_word_writes(range.start, value, value);
-        // Check strict write.
-        if self.options.strict_write {
+        // Check that bits are correctly flipped.
+        if self.options.strict_mode {
             for (byte, &val) in range.clone().zip(value.iter()) {
                 assert_eq!(self.storage[byte] & val, val);
             }
@@ -472,7 +483,7 @@ mod tests {
         page_size: 16,
         max_word_writes: 2,
         max_page_erases: 3,
-        strict_write: true,
+        strict_mode: true,
     };
     // Those words are decreasing bit patterns. Bits are only changed from 1 to 0 and at least one
     // bit is changed.
diff --git a/libraries/persistent_store/src/store.rs b/libraries/persistent_store/src/store.rs
index a3e084b..2559485 100644
--- a/libraries/persistent_store/src/store.rs
+++ b/libraries/persistent_store/src/store.rs
@@ -1257,7 +1257,7 @@ mod tests {
                 page_size: self.page_size,
                 max_word_writes: self.max_word_writes,
                 max_page_erases: self.max_page_erases,
-                strict_write: true,
+                strict_mode: true,
             };
             StoreDriverOff::new(options, self.num_pages)
         }

From 5f5f72b6d13f31da3a54569f75d16e85f134451d Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Mon, 30 Nov 2020 02:04:52 -0800
Subject: [PATCH 032/192] Use arrayref for converting into ApduHeader

---
 src/ctap/apdu.rs | 6 +++---
 src/lib.rs       | 4 ++++
 src/main.rs      | 3 +++
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 431b18e..fd03f2a 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -58,8 +58,8 @@ pub struct ApduHeader {
     p2: u8,
 }
 
-impl From<&[u8]> for ApduHeader {
-    fn from(header: &[u8]) -> Self {
+impl From<&[u8; 4]> for ApduHeader {
+    fn from(header: &[u8; 4]) -> Self {
         ApduHeader {
             cla: header[0],
             ins: header[1],
@@ -120,7 +120,7 @@ impl TryFrom<&[u8]> for APDU {
         let (header, payload) = frame.split_at(APDU_HEADER_LEN);
 
         let mut apdu = APDU {
-            header: header.into(),
+            header: array_ref!(header, 0, 4).into(),
             lc: 0x00,
             data: Vec::new(),
             le: 0x00,
diff --git a/src/lib.rs b/src/lib.rs
index d6260c7..07fd02e 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -18,3 +18,7 @@ extern crate alloc;
 
 pub mod ctap;
 pub mod embedded_flash;
+
+#[macro_use]
+extern crate arrayref;
+
diff --git a/src/main.rs b/src/main.rs
index 51c8305..ca10c3a 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -19,6 +19,9 @@ extern crate alloc;
 extern crate core;
 extern crate lang_items;
 
+#[macro_use]
+extern crate arrayref;
+
 mod ctap;
 pub mod embedded_flash;
 

From a0e3048f827b1e80e673ad959eb63f437a69f38e Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Mon, 30 Nov 2020 11:30:49 +0100
Subject: [PATCH 033/192] Add debug helper for fuzzing

---
 .../persistent_store/fuzz/examples/store.rs   | 116 ++++++++++++++++++
 1 file changed, 116 insertions(+)
 create mode 100644 libraries/persistent_store/fuzz/examples/store.rs

diff --git a/libraries/persistent_store/fuzz/examples/store.rs b/libraries/persistent_store/fuzz/examples/store.rs
new file mode 100644
index 0000000..be9240b
--- /dev/null
+++ b/libraries/persistent_store/fuzz/examples/store.rs
@@ -0,0 +1,116 @@
+// Copyright 2019-2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use fuzz_store::{fuzz, StatKey, Stats};
+use std::io::Write;
+use std::io::{stdout, Read};
+use std::path::Path;
+
+fn usage(program: &str) {
+    println!(
+        r#"Usage: {} {{ [<artifact_file>] | <corpus_directory> <bucket_predicate>.. }}
+
+If <artifact_file> is not provided, it is read from standard input.
+
+When <bucket_predicate>.. are provided, only runs matching all predicates are shown. The format of
+each <bucket_predicate> is <bucket_key>=<bucket_value>."#,
+        program
+    );
+}
+
+fn debug(data: &[u8]) {
+    println!("{:02x?}", data);
+    fuzz(data, true, None);
+}
+
+/// Bucket predicate.
+struct Predicate {
+    /// Bucket key.
+    key: StatKey,
+
+    /// Bucket value.
+    value: usize,
+}
+
+impl std::str::FromStr for Predicate {
+    type Err = String;
+
+    fn from_str(input: &str) -> Result<Self, Self::Err> {
+        let predicate: Vec<&str> = input.split('=').collect();
+        if predicate.len() != 2 {
+            return Err("Predicate should have exactly one equal sign.".to_string());
+        }
+        let key = predicate[0]
+            .parse()
+            .map_err(|_| format!("Predicate key `{}` is not recognized.", predicate[0]))?;
+        let value: usize = predicate[1]
+            .parse()
+            .map_err(|_| format!("Predicate value `{}` is not a number.", predicate[1]))?;
+        if value != 0 && !value.is_power_of_two() {
+            return Err(format!(
+                "Predicate value `{}` is not a bucket.",
+                predicate[1]
+            ));
+        }
+        Ok(Predicate { key, value })
+    }
+}
+
+fn analyze(corpus: &Path, predicates: Vec<Predicate>) {
+    let mut stats = Stats::default();
+    let mut count = 0;
+    let total = std::fs::read_dir(corpus).unwrap().count();
+    for entry in std::fs::read_dir(corpus).unwrap() {
+        let data = std::fs::read(entry.unwrap().path()).unwrap();
+        let mut stat = Stats::default();
+        fuzz(&data, false, Some(&mut stat));
+        if predicates
+            .iter()
+            .all(|p| stat.get_count(p.key, p.value).is_some())
+        {
+            stats.merge(&stat);
+        }
+        count += 1;
+        print!("\u{1b}[K{} / {}\r", count, total);
+        stdout().flush().unwrap();
+    }
+    // NOTE: To avoid reloading the corpus each time we want to check a different filter, we can
+    // start an interactive loop here taking filters as input and printing the filtered stats. We
+    // would keep all individual stats for each run in a vector.
+    print!("{}", stats);
+}
+
+fn main() {
+    let args: Vec<String> = std::env::args().collect();
+    // No arguments reads from stdin.
+    if args.len() <= 1 {
+        let stdin = std::io::stdin();
+        let mut data = Vec::new();
+        stdin.lock().read_to_end(&mut data).unwrap();
+        return debug(&data);
+    }
+    let path = Path::new(&args[1]);
+    // File argument assumes artifact.
+    if path.is_file() && args.len() == 2 {
+        return debug(&std::fs::read(path).unwrap());
+    }
+    // Directory argument assumes corpus.
+    if path.is_dir() {
+        match args[2..].iter().map(|x| x.parse()).collect() {
+            Ok(predicates) => return analyze(path, predicates),
+            Err(error) => eprintln!("Error: {}", error),
+        }
+    }
+    usage(&args[0]);
+}

From f8a6fb35e2bf178e755106e5b4e00a72ab7d56d0 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Mon, 30 Nov 2020 08:46:02 -0800
Subject: [PATCH 034/192] Ignore dirty submodules

---
 .gitmodules | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitmodules b/.gitmodules
index b70a516..273601b 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,6 +1,8 @@
 [submodule "third_party/libtock-rs"]
 	path = third_party/libtock-rs
 	url = https://github.com/tock/libtock-rs
+	ignore = dirty
 [submodule "third_party/tock"]
 	path = third_party/tock
 	url = https://github.com/tock/tock
+	ignore = dirty

From 94f548d5c53195c08df5ec59ce26867060050861 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Mon, 30 Nov 2020 14:35:01 -0800
Subject: [PATCH 035/192] Add extended APDU parser

---
 src/ctap/apdu.rs | 143 +++++++++++++++++++++++++++++++++++++++++------
 src/main.rs      |   2 +-
 2 files changed, 127 insertions(+), 18 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index fd03f2a..a761564 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -1,4 +1,5 @@
 use alloc::vec::Vec;
+use byteorder::{BigEndian, ByteOrder};
 use core::convert::TryFrom;
 
 type ByteArray = &'static [u8];
@@ -73,11 +74,14 @@ impl From<&[u8; 4]> for ApduHeader {
 #[derive(PartialEq)]
 /// The APDU cases
 pub enum Case {
-    Le,
-    LcData,
-    LcDataLe,
-    // TODO: More cases to add as extended length APDUs
-    // Le could be 2 or 3 Bytes
+    Le1,
+    Lc1Data,
+    Lc1DataLe1,
+    Lc3Data,
+    Lc3DataLe1,
+    Lc3DataLe2,
+    Lc3DataLe3,
+    Unknown,
 }
 
 #[cfg_attr(test, derive(Clone, Debug))]
@@ -127,13 +131,16 @@ impl TryFrom<&[u8]> for APDU {
             case_type: ApduType::default(),
         };
 
-        // case 1
         if payload.is_empty() {
+            // This branch is for Lc = 0
             apdu.case_type = ApduType::Instruction;
         } else {
+            // Lc is not equal to zero, let's figure out how long it is
             let byte_0 = payload[0];
             if payload.len() == 1 {
-                apdu.case_type = ApduType::Short(Case::Le);
+                // There is only one byte in the payload, that byte cannot be Lc because that would
+                // entail at *least* one another byte in the payload (for the command data)
+                apdu.case_type = ApduType::Short(Case::Le1);
                 apdu.le = if byte_0 == 0x00 {
                     // Ne = 256
                     0x100
@@ -142,12 +149,16 @@ impl TryFrom<&[u8]> for APDU {
                 }
             }
             if payload.len() == (1 + byte_0) as usize && byte_0 != 0 {
-                apdu.case_type = ApduType::Short(Case::LcData);
+                // Lc is one-byte long and since the size specified by Lc covers the rest of the
+                // payload there's no Le at the end
+                apdu.case_type = ApduType::Short(Case::Lc1Data);
                 apdu.lc = byte_0.into();
                 apdu.data = payload[1..].to_vec();
             }
             if payload.len() == (1 + byte_0 + 1) as usize && byte_0 != 0 {
-                apdu.case_type = ApduType::Short(Case::LcDataLe);
+                // Lc is one-byte long and since the size specified by Lc covers the rest of the
+                // payload with ONE additional byte that byte must be Le
+                apdu.case_type = ApduType::Short(Case::Lc1DataLe1);
                 apdu.lc = byte_0.into();
                 apdu.data = payload[1..(payload.len() - 1)].to_vec();
                 apdu.le = (*payload.last().unwrap()).into();
@@ -155,8 +166,38 @@ impl TryFrom<&[u8]> for APDU {
                     apdu.le = 0x100;
                 }
             }
+            if payload.len() > 2 {
+                // Lc is possibly three-bytes long
+                let extended_apdu_lc: usize = BigEndian::read_u16(&payload[1..]) as usize;
+                let extended_apdu_le_len: usize = if payload.len() > extended_apdu_lc {
+                    payload.len() - extended_apdu_lc - 3
+                } else {
+                    0
+                };
+                if byte_0 == 0 && extended_apdu_le_len <= 3 {
+                    // If first byte is zero AND the next two bytes can be parsed as a big-endian
+                    // length that covers the rest of the block (plus few additional bytes for Le), we
+                    // have an extended-length APDU
+                    apdu.case_type = ApduType::Extended(match extended_apdu_le_len {
+                        0 => Case::Lc3Data,
+                        1 => Case::Lc3DataLe1,
+                        2 => Case::Lc3DataLe2,
+                        3 => Case::Lc3DataLe3,
+                        _ => Case::Unknown,
+                    });
+                    apdu.data = payload[3..(payload.len() - extended_apdu_le_len)].to_vec();
+                    apdu.lc = extended_apdu_lc as u16;
+                    apdu.le = match extended_apdu_le_len {
+                        0 => 0,
+                        1 => (*payload.last().unwrap()).into(),
+                        2 => BigEndian::read_u16(&payload[payload.len() - extended_apdu_le_len..])
+                            as u32,
+                        3 => BigEndian::read_u32(&payload[payload.len() - extended_apdu_le_len..]),
+                        _ => 0,
+                    }
+                }
+            }
         }
-        // TODO: Add extended length cases
         if apdu.case_type == ApduType::default() {
             return Err(ApduStatusCode::SW_COND_USE_NOT_SATISFIED);
         }
@@ -206,7 +247,7 @@ mod test {
             lc: 0x00,
             data: Vec::new(),
             le: 0x0f,
-            case_type: ApduType::Short(Case::Le),
+            case_type: ApduType::Short(Case::Le1),
         };
         assert_eq!(Ok(expected), response);
     }
@@ -225,7 +266,7 @@ mod test {
             lc: 0x00,
             data: Vec::new(),
             le: 0x100,
-            case_type: ApduType::Short(Case::Le),
+            case_type: ApduType::Short(Case::Le1),
         };
         assert_eq!(Ok(expected), response);
     }
@@ -245,7 +286,7 @@ mod test {
             lc: 0x02,
             data: payload.to_vec(),
             le: 0x00,
-            case_type: ApduType::Short(Case::LcData),
+            case_type: ApduType::Short(Case::Lc1Data),
         };
         assert_eq!(Ok(expected), response);
     }
@@ -267,7 +308,7 @@ mod test {
             lc: 0x07,
             data: payload.to_vec(),
             le: 0xff,
-            case_type: ApduType::Short(Case::LcDataLe),
+            case_type: ApduType::Short(Case::Lc1DataLe1),
         };
         assert_eq!(Ok(expected), response);
     }
@@ -289,7 +330,7 @@ mod test {
             lc: 0x07,
             data: payload.to_vec(),
             le: 0x100,
-            case_type: ApduType::Short(Case::LcDataLe),
+            case_type: ApduType::Short(Case::Lc1DataLe1),
         };
         assert_eq!(Ok(expected), response);
     }
@@ -302,7 +343,56 @@ mod test {
     }
 
     #[test]
-    fn test_unsupported_case_type() {
+    fn test_extended_length_apdu() {
+        let frame: [u8; 186] = [
+            0x00, 0x02, 0x03, 0x00, 0x00, 0x00, 0xb1, 0x60, 0xc5, 0xb3, 0x42, 0x58, 0x6b, 0x49,
+            0xdb, 0x3e, 0x72, 0xd8, 0x24, 0x4b, 0xa5, 0x6c, 0x8d, 0x79, 0x2b, 0x65, 0x08, 0xe8,
+            0xda, 0x9b, 0x0e, 0x2b, 0xc1, 0x63, 0x0d, 0xbc, 0xf3, 0x6d, 0x66, 0xa5, 0x46, 0x72,
+            0xb2, 0x22, 0xc4, 0xcf, 0x95, 0xe1, 0x51, 0xed, 0x8d, 0x4d, 0x3c, 0x76, 0x7a, 0x6c,
+            0xc3, 0x49, 0x43, 0x59, 0x43, 0x79, 0x4e, 0x88, 0x4f, 0x3d, 0x02, 0x3a, 0x82, 0x29,
+            0xfd, 0x70, 0x3f, 0x8b, 0xd4, 0xff, 0xe0, 0xa8, 0x93, 0xdf, 0x1a, 0x58, 0x34, 0x16,
+            0xb0, 0x1b, 0x8e, 0xbc, 0xf0, 0x2d, 0xc9, 0x99, 0x8d, 0x6f, 0xe4, 0x8a, 0xb2, 0x70,
+            0x9a, 0x70, 0x3a, 0x27, 0x71, 0x88, 0x3c, 0x75, 0x30, 0x16, 0xfb, 0x02, 0x11, 0x4d,
+            0x30, 0x54, 0x6c, 0x4e, 0x8c, 0x76, 0xb2, 0xf0, 0xa8, 0x4e, 0xd6, 0x90, 0xe4, 0x40,
+            0x25, 0x6a, 0xdd, 0x64, 0x63, 0x3e, 0x83, 0x4f, 0x8b, 0x25, 0xcf, 0x88, 0x68, 0x80,
+            0x01, 0x07, 0xdb, 0xc8, 0x64, 0xf7, 0xca, 0x4f, 0xd1, 0xc7, 0x95, 0x7c, 0xe8, 0x45,
+            0xbc, 0xda, 0xd4, 0xef, 0x45, 0x63, 0x5a, 0x7a, 0x65, 0x3f, 0xaa, 0x22, 0x67, 0xe7,
+            0x8a, 0xf2, 0x5f, 0xe8, 0x59, 0x2e, 0x0b, 0xc6, 0x85, 0xc6, 0xf7, 0x0e, 0x9e, 0xdb,
+            0xb6, 0x2b, 0x00, 0x00,
+        ];
+        let payload = [
+            0x60, 0xc5, 0xb3, 0x42, 0x58, 0x6b, 0x49, 0xdb, 0x3e, 0x72, 0xd8, 0x24, 0x4b, 0xa5,
+            0x6c, 0x8d, 0x79, 0x2b, 0x65, 0x08, 0xe8, 0xda, 0x9b, 0x0e, 0x2b, 0xc1, 0x63, 0x0d,
+            0xbc, 0xf3, 0x6d, 0x66, 0xa5, 0x46, 0x72, 0xb2, 0x22, 0xc4, 0xcf, 0x95, 0xe1, 0x51,
+            0xed, 0x8d, 0x4d, 0x3c, 0x76, 0x7a, 0x6c, 0xc3, 0x49, 0x43, 0x59, 0x43, 0x79, 0x4e,
+            0x88, 0x4f, 0x3d, 0x02, 0x3a, 0x82, 0x29, 0xfd, 0x70, 0x3f, 0x8b, 0xd4, 0xff, 0xe0,
+            0xa8, 0x93, 0xdf, 0x1a, 0x58, 0x34, 0x16, 0xb0, 0x1b, 0x8e, 0xbc, 0xf0, 0x2d, 0xc9,
+            0x99, 0x8d, 0x6f, 0xe4, 0x8a, 0xb2, 0x70, 0x9a, 0x70, 0x3a, 0x27, 0x71, 0x88, 0x3c,
+            0x75, 0x30, 0x16, 0xfb, 0x02, 0x11, 0x4d, 0x30, 0x54, 0x6c, 0x4e, 0x8c, 0x76, 0xb2,
+            0xf0, 0xa8, 0x4e, 0xd6, 0x90, 0xe4, 0x40, 0x25, 0x6a, 0xdd, 0x64, 0x63, 0x3e, 0x83,
+            0x4f, 0x8b, 0x25, 0xcf, 0x88, 0x68, 0x80, 0x01, 0x07, 0xdb, 0xc8, 0x64, 0xf7, 0xca,
+            0x4f, 0xd1, 0xc7, 0x95, 0x7c, 0xe8, 0x45, 0xbc, 0xda, 0xd4, 0xef, 0x45, 0x63, 0x5a,
+            0x7a, 0x65, 0x3f, 0xaa, 0x22, 0x67, 0xe7, 0x8a, 0xf2, 0x5f, 0xe8, 0x59, 0x2e, 0x0b,
+            0xc6, 0x85, 0xc6, 0xf7, 0x0e, 0x9e, 0xdb, 0xb6, 0x2b,
+        ];
+        let response = pass_frame(&frame);
+        let expected = APDU {
+            header: ApduHeader {
+                cla: 0x00,
+                ins: 0x02,
+                p1: 0x03,
+                p2: 0x00,
+            },
+            lc: 0xb1,
+            data: payload.to_vec(),
+            le: 0x00,
+            case_type: ApduType::Extended(Case::Lc3DataLe2),
+        };
+        assert_eq!(Ok(expected), response);
+    }
+
+    #[test]
+    fn test_previously_unsupported_case_type() {
         let frame: [u8; 73] = [
             0x00, 0x01, 0x03, 0x00, 0x00, 0x00, 0x40, 0xe3, 0x8f, 0xde, 0x51, 0x3d, 0xac, 0x9d,
             0x1c, 0x6e, 0x86, 0x76, 0x31, 0x40, 0x25, 0x96, 0x86, 0x4d, 0x29, 0xe8, 0x07, 0xb3,
@@ -311,7 +401,26 @@ mod test {
             0xe8, 0xb5, 0x83, 0xfb, 0xe0, 0x66, 0x98, 0x4d, 0x98, 0x81, 0xf7, 0xb5, 0x49, 0x4d,
             0xcb, 0x00, 0x00,
         ];
+        let payload = [
+            0xe3, 0x8f, 0xde, 0x51, 0x3d, 0xac, 0x9d, 0x1c, 0x6e, 0x86, 0x76, 0x31, 0x40, 0x25,
+            0x96, 0x86, 0x4d, 0x29, 0xe8, 0x07, 0xb3, 0x56, 0x19, 0xdf, 0x4a, 0x00, 0x02, 0xae,
+            0x2a, 0x8c, 0x9d, 0x5a, 0xab, 0xc3, 0x4b, 0x4e, 0xb9, 0x78, 0xb9, 0x11, 0xe5, 0x52,
+            0x40, 0xf3, 0x45, 0x64, 0x9c, 0xd3, 0xd7, 0xe8, 0xb5, 0x83, 0xfb, 0xe0, 0x66, 0x98,
+            0x4d, 0x98, 0x81, 0xf7, 0xb5, 0x49, 0x4d, 0xcb,
+        ];
         let response = pass_frame(&frame);
-        assert_eq!(Err(ApduStatusCode::SW_COND_USE_NOT_SATISFIED), response);
+        let expected = APDU {
+            header: ApduHeader {
+                cla: 0x00,
+                ins: 0x01,
+                p1: 0x03,
+                p2: 0x00,
+            },
+            lc: 0x40,
+            data: payload.to_vec(),
+            le: 0x00,
+            case_type: ApduType::Extended(Case::Lc3DataLe2),
+        };
+        assert_eq!(Ok(expected), response);
     }
 }
diff --git a/src/main.rs b/src/main.rs
index ca10c3a..2ca12a8 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -18,9 +18,9 @@ extern crate alloc;
 #[cfg(feature = "std")]
 extern crate core;
 extern crate lang_items;
-
 #[macro_use]
 extern crate arrayref;
+extern crate byteorder;
 
 mod ctap;
 pub mod embedded_flash;

From ce46af0b6b9897bfd5287f98033d3efbffc449f3 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Mon, 30 Nov 2020 14:43:44 -0800
Subject: [PATCH 036/192] Make cargo fmt happy

---
 src/lib.rs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/lib.rs b/src/lib.rs
index 07fd02e..a5c4cba 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -21,4 +21,3 @@ pub mod embedded_flash;
 
 #[macro_use]
 extern crate arrayref;
-

From 1db73c699be15102323d82a9cc9f26c3d050b8d2 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Tue, 1 Dec 2020 11:29:52 +0100
Subject: [PATCH 037/192] Apply review comments

---
 src/ctap/status_code.rs |  2 +-
 src/ctap/storage.rs     | 29 +++++++++++++++--------------
 src/ctap/storage/key.rs |  5 ++++-
 3 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/src/ctap/status_code.rs b/src/ctap/status_code.rs
index b4f78fd..638caef 100644
--- a/src/ctap/status_code.rs
+++ b/src/ctap/status_code.rs
@@ -85,7 +85,7 @@ pub enum Ctap2StatusCode {
     ///
     /// There can be multiple reasons:
     /// - The persistent storage has not been erased before its first usage.
-    /// - The persistent storage has been tempered by a third party.
+    /// - The persistent storage has been tempered with by a third party.
     /// - The flash is malfunctioning (including the Tock driver).
     ///
     /// In the first 2 cases the persistent storage should be completely erased. If the error
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 158bc4f..054d3c8 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -122,7 +122,7 @@ impl PersistentStore {
             page_size: PAGE_SIZE,
             max_word_writes: 2,
             max_page_erases: 10000,
-            strict_write: true,
+            strict_mode: true,
         };
         Storage::new(store, options)
     }
@@ -180,9 +180,8 @@ impl PersistentStore {
     ) -> Result<Option<PublicKeyCredentialSource>, Ctap2StatusCode> {
         let mut iter_result = Ok(());
         let iter = self.iter_credentials(&mut iter_result)?;
-        // TODO(reviewer): Should we return an error if we find more than one matching credential?
-        // We did not use to in the previous version (panic in debug mode, nothing in release mode)
-        // but I don't remember why. Let's document it.
+        // We don't check whether there is more than one matching credential to be able to exit
+        // early.
         let result = iter.map(|(_, credential)| credential).find(|credential| {
             credential.rp_id == rp_id && credential.credential_id == credential_id
         });
@@ -388,7 +387,7 @@ impl PersistentStore {
         Ok(self.store.insert(key::MIN_PIN_LENGTH, &[min_pin_length])?)
     }
 
-    /// TODO: Help from reviewer needed for documentation.
+    /// Returns a list of RP IDs that used to check if reading the minimum PIN length is allowed.
     #[cfg(feature = "with_ctap2_1")]
     pub fn _min_pin_length_rp_ids(&self) -> Result<Vec<String>, Ctap2StatusCode> {
         let rp_ids = self
@@ -401,7 +400,7 @@ impl PersistentStore {
         Ok(rp_ids.unwrap_or(vec![]))
     }
 
-    /// TODO: Help from reviewer needed for documentation.
+    /// Set a list of RP IDs that used to check if reading the minimum PIN length is allowed.
     #[cfg(feature = "with_ctap2_1")]
     pub fn _set_min_pin_length_rp_ids(
         &mut self,
@@ -508,20 +507,22 @@ impl PersistentStore {
 
 impl From<persistent_store::StoreError> for Ctap2StatusCode {
     fn from(error: persistent_store::StoreError) -> Ctap2StatusCode {
-        use persistent_store::StoreError::*;
+        use persistent_store::StoreError;
         match error {
             // This error is expected. The store is full.
-            NoCapacity => Ctap2StatusCode::CTAP2_ERR_KEY_STORE_FULL,
+            StoreError::NoCapacity => Ctap2StatusCode::CTAP2_ERR_KEY_STORE_FULL,
             // This error is expected. The flash is out of life.
-            NoLifetime => Ctap2StatusCode::CTAP2_ERR_KEY_STORE_FULL,
+            StoreError::NoLifetime => Ctap2StatusCode::CTAP2_ERR_KEY_STORE_FULL,
             // This error is expected if we don't satisfy the store preconditions. For example we
             // try to store a credential which is too long.
-            InvalidArgument => Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR,
+            StoreError::InvalidArgument => Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR,
             // This error is not expected. The storage has been tempered with. We could erase the
             // storage.
-            InvalidStorage => Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE,
+            StoreError::InvalidStorage => {
+                Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE
+            }
             // This error is not expected. The kernel is failing our syscalls.
-            StorageError => Ctap2StatusCode::CTAP1_ERR_OTHER,
+            StoreError::StorageError => Ctap2StatusCode::CTAP1_ERR_OTHER,
         }
     }
 }
@@ -605,7 +606,7 @@ fn serialize_credential(credential: PublicKeyCredentialSource) -> Result<Vec<u8>
     }
 }
 
-/// TODO: Help from reviewer needed for documentation.
+/// Deserializes a list of RP IDs from storage representation.
 #[cfg(feature = "with_ctap2_1")]
 fn _deserialize_min_pin_length_rp_ids(data: &[u8]) -> Option<Vec<String>> {
     let cbor = cbor::read(data).ok()?;
@@ -617,7 +618,7 @@ fn _deserialize_min_pin_length_rp_ids(data: &[u8]) -> Option<Vec<String>> {
         .ok()
 }
 
-/// TODO: Help from reviewer needed for documentation.
+/// Serializes a list of RP IDs to storage representation.
 #[cfg(feature = "with_ctap2_1")]
 fn _serialize_min_pin_length_rp_ids(rp_ids: Vec<String>) -> Result<Vec<u8>, Ctap2StatusCode> {
     let mut data = Vec::new();
diff --git a/src/ctap/storage/key.rs b/src/ctap/storage/key.rs
index 9796d5a..3e86d8b 100644
--- a/src/ctap/storage/key.rs
+++ b/src/ctap/storage/key.rs
@@ -82,10 +82,13 @@ make_partition! {
     /// board may configure `MAX_SUPPORTED_RESIDENTIAL_KEYS` depending on the storage size.
     CREDENTIALS = 1700..2000;
 
-    /// TODO: Help from reviewer needed for documentation.
+    /// List of RP IDs allowed to read the minimum PIN length.
+    #[cfg(feature = "with_ctap2_1")]
     _MIN_PIN_LENGTH_RP_IDS = 2042;
 
     /// The minimum PIN length.
+    ///
+    /// If the entry is absent, the minimum PIN length is `DEFAULT_MIN_PIN_LENGTH`.
     #[cfg(feature = "with_ctap2_1")]
     MIN_PIN_LENGTH = 2043;
 

From b55d4320439fe1c59dd88d81a5a946738817e3f5 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Tue, 1 Dec 2020 15:39:51 +0100
Subject: [PATCH 038/192] Apply review comments

---
 src/ctap/storage.rs     | 5 +++--
 src/ctap/storage/key.rs | 3 +--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 054d3c8..0f1c73f 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -387,7 +387,8 @@ impl PersistentStore {
         Ok(self.store.insert(key::MIN_PIN_LENGTH, &[min_pin_length])?)
     }
 
-    /// Returns a list of RP IDs that used to check if reading the minimum PIN length is allowed.
+    /// Returns the list of RP IDs that are used to check if reading the minimum PIN length is
+    /// allowed.
     #[cfg(feature = "with_ctap2_1")]
     pub fn _min_pin_length_rp_ids(&self) -> Result<Vec<String>, Ctap2StatusCode> {
         let rp_ids = self
@@ -400,7 +401,7 @@ impl PersistentStore {
         Ok(rp_ids.unwrap_or(vec![]))
     }
 
-    /// Set a list of RP IDs that used to check if reading the minimum PIN length is allowed.
+    /// Sets the list of RP IDs that are used to check if reading the minimum PIN length is allowed.
     #[cfg(feature = "with_ctap2_1")]
     pub fn _set_min_pin_length_rp_ids(
         &mut self,
diff --git a/src/ctap/storage/key.rs b/src/ctap/storage/key.rs
index 3e86d8b..e37e470 100644
--- a/src/ctap/storage/key.rs
+++ b/src/ctap/storage/key.rs
@@ -104,8 +104,7 @@ make_partition! {
 
     /// The encryption and hmac keys.
     ///
-    /// This entry is always present. It is generated at startup if absent. This is not a persistent
-    /// key because its value should change after a CTAP reset.
+    /// This entry is always present. It is generated at startup if absent.
     MASTER_KEYS = 2046;
 
     /// The global signature counter.

From 042108e3d9d753fb0d0820733021c5c493f9eb4c Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Tue, 1 Dec 2020 17:46:28 +0100
Subject: [PATCH 039/192] Reserve 700 additional keys for credential-related
 stuff

---
 src/ctap/storage/key.rs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/ctap/storage/key.rs b/src/ctap/storage/key.rs
index e37e470..6dab699 100644
--- a/src/ctap/storage/key.rs
+++ b/src/ctap/storage/key.rs
@@ -76,6 +76,12 @@ make_partition! {
     // - When adding a (non-persistent) key below this message, make sure its value is bigger or
     //   equal than NUM_PERSISTENT_KEYS.
 
+    /// Reserved for future credential-related objects.
+    ///
+    /// In particular, additional credentials could be added there by reducing the lower bound of
+    /// the credential range below as well as the upper bound of this range in a similar manner.
+    _RESERVED_CREDENTIALS = 1000..1700;
+
     /// The credentials.
     ///
     /// Depending on `MAX_SUPPORTED_RESIDENTIAL_KEYS`, only a prefix of those keys is used. Each

From dc95310fc0e58418b546c2f9def1f70a06e515fa Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Tue, 1 Dec 2020 10:13:25 -0800
Subject: [PATCH 040/192] Clarify comments

---
 src/ctap/apdu.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index a761564..dd95caa 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -132,10 +132,10 @@ impl TryFrom<&[u8]> for APDU {
         };
 
         if payload.is_empty() {
-            // This branch is for Lc = 0
+            // Lc is zero-bytes in length
             apdu.case_type = ApduType::Instruction;
         } else {
-            // Lc is not equal to zero, let's figure out how long it is
+            // Lc is not zero-bytes in length, let's figure out how long it is
             let byte_0 = payload[0];
             if payload.len() == 1 {
                 // There is only one byte in the payload, that byte cannot be Lc because that would

From b9ffe7e4ce0664a0ebe4e5088efbbaa16a75e1a0 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Wed, 2 Dec 2020 23:02:07 -0800
Subject: [PATCH 041/192] Use constant instead of hardcoded integer

---
 src/ctap/apdu.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index dd95caa..5783cd7 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -59,8 +59,8 @@ pub struct ApduHeader {
     p2: u8,
 }
 
-impl From<&[u8; 4]> for ApduHeader {
-    fn from(header: &[u8; 4]) -> Self {
+impl From<&[u8; APDU_HEADER_LEN]> for ApduHeader {
+    fn from(header: &[u8; APDU_HEADER_LEN]) -> Self {
         ApduHeader {
             cla: header[0],
             ins: header[1],

From 2c49718fee700d349e0f5df9d1079823eca5259b Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Wed, 2 Dec 2020 23:03:35 -0800
Subject: [PATCH 042/192] Lc3DataLe3 is not a valid case

---
 src/ctap/apdu.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 5783cd7..6c2a03a 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -80,7 +80,7 @@ pub enum Case {
     Lc3Data,
     Lc3DataLe1,
     Lc3DataLe2,
-    Lc3DataLe3,
+    Le3,
     Unknown,
 }
 

From 0420ad8de6ebb9157202dd5333d1b49e012ed79a Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Wed, 2 Dec 2020 23:06:24 -0800
Subject: [PATCH 043/192] Use constant for consistency

---
 src/ctap/apdu.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 6c2a03a..d5210b1 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -124,7 +124,7 @@ impl TryFrom<&[u8]> for APDU {
         let (header, payload) = frame.split_at(APDU_HEADER_LEN);
 
         let mut apdu = APDU {
-            header: array_ref!(header, 0, 4).into(),
+            header: array_ref!(header, 0, APDU_HEADER_LEN).into(),
             lc: 0x00,
             data: Vec::new(),
             le: 0x00,

From 1d8c103d9b8180b93994e35ea9365c780e15803b Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Wed, 2 Dec 2020 23:29:11 -0800
Subject: [PATCH 044/192] Construct and return immutable instances of APDU
 instead of mutating one

---
 src/ctap/apdu.rs | 110 +++++++++++++++++++++++++++--------------------
 1 file changed, 64 insertions(+), 46 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index d5210b1..80be816 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -123,48 +123,56 @@ impl TryFrom<&[u8]> for APDU {
         //        +-----+-----+----+----+
         let (header, payload) = frame.split_at(APDU_HEADER_LEN);
 
-        let mut apdu = APDU {
-            header: array_ref!(header, 0, APDU_HEADER_LEN).into(),
-            lc: 0x00,
-            data: Vec::new(),
-            le: 0x00,
-            case_type: ApduType::default(),
-        };
-
         if payload.is_empty() {
             // Lc is zero-bytes in length
-            apdu.case_type = ApduType::Instruction;
+            return Ok(APDU {
+                header: array_ref!(header, 0, APDU_HEADER_LEN).into(),
+                lc: 0x00,
+                data: Vec::new(),
+                le: 0x00,
+                case_type: ApduType::Instruction,
+            });
         } else {
             // Lc is not zero-bytes in length, let's figure out how long it is
             let byte_0 = payload[0];
             if payload.len() == 1 {
                 // There is only one byte in the payload, that byte cannot be Lc because that would
                 // entail at *least* one another byte in the payload (for the command data)
-                apdu.case_type = ApduType::Short(Case::Le1);
-                apdu.le = if byte_0 == 0x00 {
-                    // Ne = 256
-                    0x100
-                } else {
-                    byte_0.into()
-                }
+                return Ok(APDU {
+                    header: array_ref!(header, 0, APDU_HEADER_LEN).into(),
+                    lc: 0x00,
+                    data: Vec::new(),
+                    le: if byte_0 == 0x00 {
+                        // Ne = 256
+                        0x100
+                    } else {
+                        byte_0.into()
+                    },
+                    case_type: ApduType::Short(Case::Le1),
+                });
             }
             if payload.len() == (1 + byte_0) as usize && byte_0 != 0 {
                 // Lc is one-byte long and since the size specified by Lc covers the rest of the
                 // payload there's no Le at the end
-                apdu.case_type = ApduType::Short(Case::Lc1Data);
-                apdu.lc = byte_0.into();
-                apdu.data = payload[1..].to_vec();
+                return Ok(APDU {
+                    header: array_ref!(header, 0, APDU_HEADER_LEN).into(),
+                    lc: byte_0.into(),
+                    data: payload[1..].to_vec(),
+                    case_type: ApduType::Short(Case::Lc1Data),
+                    le: 0,
+                });
             }
             if payload.len() == (1 + byte_0 + 1) as usize && byte_0 != 0 {
                 // Lc is one-byte long and since the size specified by Lc covers the rest of the
                 // payload with ONE additional byte that byte must be Le
-                apdu.case_type = ApduType::Short(Case::Lc1DataLe1);
-                apdu.lc = byte_0.into();
-                apdu.data = payload[1..(payload.len() - 1)].to_vec();
-                apdu.le = (*payload.last().unwrap()).into();
-                if apdu.le == 0x00 {
-                    apdu.le = 0x100;
-                }
+                let last_byte: u32 = (*payload.last().unwrap()).into();
+                return Ok(APDU {
+                    header: array_ref!(header, 0, APDU_HEADER_LEN).into(),
+                    lc: byte_0.into(),
+                    data: payload[1..(payload.len() - 1)].to_vec(),
+                    le: if last_byte == 0x00 { 0x100 } else { last_byte },
+                    case_type: ApduType::Short(Case::Lc1DataLe1),
+                });
             }
             if payload.len() > 2 {
                 // Lc is possibly three-bytes long
@@ -178,30 +186,40 @@ impl TryFrom<&[u8]> for APDU {
                     // If first byte is zero AND the next two bytes can be parsed as a big-endian
                     // length that covers the rest of the block (plus few additional bytes for Le), we
                     // have an extended-length APDU
-                    apdu.case_type = ApduType::Extended(match extended_apdu_le_len {
-                        0 => Case::Lc3Data,
-                        1 => Case::Lc3DataLe1,
-                        2 => Case::Lc3DataLe2,
-                        3 => Case::Lc3DataLe3,
-                        _ => Case::Unknown,
+                    let last_byte: u32 = (*payload.last().unwrap()).into();
+                    return Ok(APDU {
+                        header: array_ref!(header, 0, APDU_HEADER_LEN).into(),
+                        lc: extended_apdu_lc as u16,
+                        data: payload[3..(payload.len() - extended_apdu_le_len)].to_vec(),
+                        le: match extended_apdu_le_len {
+                            0 => 0,
+                            1 => {
+                                if last_byte == 0x00 {
+                                    0x100
+                                } else {
+                                    last_byte
+                                }
+                            }
+                            2 => BigEndian::read_u16(
+                                &payload[payload.len() - extended_apdu_le_len..],
+                            ) as u32,
+                            3 => BigEndian::read_u32(
+                                &payload[payload.len() - extended_apdu_le_len..],
+                            ),
+                            _ => 0,
+                        },
+                        case_type: ApduType::Extended(match extended_apdu_le_len {
+                            0 => Case::Lc3Data,
+                            1 => Case::Lc3DataLe1,
+                            2 => Case::Lc3DataLe2,
+                            3 => Case::Le3,
+                            _ => Case::Unknown,
+                        }),
                     });
-                    apdu.data = payload[3..(payload.len() - extended_apdu_le_len)].to_vec();
-                    apdu.lc = extended_apdu_lc as u16;
-                    apdu.le = match extended_apdu_le_len {
-                        0 => 0,
-                        1 => (*payload.last().unwrap()).into(),
-                        2 => BigEndian::read_u16(&payload[payload.len() - extended_apdu_le_len..])
-                            as u32,
-                        3 => BigEndian::read_u32(&payload[payload.len() - extended_apdu_le_len..]),
-                        _ => 0,
-                    }
                 }
             }
         }
-        if apdu.case_type == ApduType::default() {
-            return Err(ApduStatusCode::SW_COND_USE_NOT_SATISFIED);
-        }
-        Ok(apdu)
+        return Err(ApduStatusCode::SW_COND_USE_NOT_SATISFIED);
     }
 }
 

From 524ebe3fce0877dc019fb504d6c98aab31d751d3 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Wed, 2 Dec 2020 23:32:25 -0800
Subject: [PATCH 045/192] Prevent int overflow by casting before addition

---
 src/ctap/apdu.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 80be816..8e53276 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -151,7 +151,7 @@ impl TryFrom<&[u8]> for APDU {
                     case_type: ApduType::Short(Case::Le1),
                 });
             }
-            if payload.len() == (1 + byte_0) as usize && byte_0 != 0 {
+            if payload.len() == 1 + (byte_0 as usize) && byte_0 != 0 {
                 // Lc is one-byte long and since the size specified by Lc covers the rest of the
                 // payload there's no Le at the end
                 return Ok(APDU {
@@ -162,7 +162,7 @@ impl TryFrom<&[u8]> for APDU {
                     le: 0,
                 });
             }
-            if payload.len() == (1 + byte_0 + 1) as usize && byte_0 != 0 {
+            if payload.len() == 2 + (byte_0 as usize) && byte_0 != 0 {
                 // Lc is one-byte long and since the size specified by Lc covers the rest of the
                 // payload with ONE additional byte that byte must be Le
                 let last_byte: u32 = (*payload.last().unwrap()).into();

From 9fc1ac114d99bc7cc2b57c72103e042765b09fbe Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Wed, 2 Dec 2020 23:39:48 -0800
Subject: [PATCH 046/192] Reuse frame bytes for payload

---
 src/ctap/apdu.rs | 24 ++----------------------
 1 file changed, 2 insertions(+), 22 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 8e53276..6d06dc5 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -378,21 +378,7 @@ mod test {
             0x8a, 0xf2, 0x5f, 0xe8, 0x59, 0x2e, 0x0b, 0xc6, 0x85, 0xc6, 0xf7, 0x0e, 0x9e, 0xdb,
             0xb6, 0x2b, 0x00, 0x00,
         ];
-        let payload = [
-            0x60, 0xc5, 0xb3, 0x42, 0x58, 0x6b, 0x49, 0xdb, 0x3e, 0x72, 0xd8, 0x24, 0x4b, 0xa5,
-            0x6c, 0x8d, 0x79, 0x2b, 0x65, 0x08, 0xe8, 0xda, 0x9b, 0x0e, 0x2b, 0xc1, 0x63, 0x0d,
-            0xbc, 0xf3, 0x6d, 0x66, 0xa5, 0x46, 0x72, 0xb2, 0x22, 0xc4, 0xcf, 0x95, 0xe1, 0x51,
-            0xed, 0x8d, 0x4d, 0x3c, 0x76, 0x7a, 0x6c, 0xc3, 0x49, 0x43, 0x59, 0x43, 0x79, 0x4e,
-            0x88, 0x4f, 0x3d, 0x02, 0x3a, 0x82, 0x29, 0xfd, 0x70, 0x3f, 0x8b, 0xd4, 0xff, 0xe0,
-            0xa8, 0x93, 0xdf, 0x1a, 0x58, 0x34, 0x16, 0xb0, 0x1b, 0x8e, 0xbc, 0xf0, 0x2d, 0xc9,
-            0x99, 0x8d, 0x6f, 0xe4, 0x8a, 0xb2, 0x70, 0x9a, 0x70, 0x3a, 0x27, 0x71, 0x88, 0x3c,
-            0x75, 0x30, 0x16, 0xfb, 0x02, 0x11, 0x4d, 0x30, 0x54, 0x6c, 0x4e, 0x8c, 0x76, 0xb2,
-            0xf0, 0xa8, 0x4e, 0xd6, 0x90, 0xe4, 0x40, 0x25, 0x6a, 0xdd, 0x64, 0x63, 0x3e, 0x83,
-            0x4f, 0x8b, 0x25, 0xcf, 0x88, 0x68, 0x80, 0x01, 0x07, 0xdb, 0xc8, 0x64, 0xf7, 0xca,
-            0x4f, 0xd1, 0xc7, 0x95, 0x7c, 0xe8, 0x45, 0xbc, 0xda, 0xd4, 0xef, 0x45, 0x63, 0x5a,
-            0x7a, 0x65, 0x3f, 0xaa, 0x22, 0x67, 0xe7, 0x8a, 0xf2, 0x5f, 0xe8, 0x59, 0x2e, 0x0b,
-            0xc6, 0x85, 0xc6, 0xf7, 0x0e, 0x9e, 0xdb, 0xb6, 0x2b,
-        ];
+        let payload = array_ref!(frame, 7, 186 - 7 - 2);
         let response = pass_frame(&frame);
         let expected = APDU {
             header: ApduHeader {
@@ -419,13 +405,7 @@ mod test {
             0xe8, 0xb5, 0x83, 0xfb, 0xe0, 0x66, 0x98, 0x4d, 0x98, 0x81, 0xf7, 0xb5, 0x49, 0x4d,
             0xcb, 0x00, 0x00,
         ];
-        let payload = [
-            0xe3, 0x8f, 0xde, 0x51, 0x3d, 0xac, 0x9d, 0x1c, 0x6e, 0x86, 0x76, 0x31, 0x40, 0x25,
-            0x96, 0x86, 0x4d, 0x29, 0xe8, 0x07, 0xb3, 0x56, 0x19, 0xdf, 0x4a, 0x00, 0x02, 0xae,
-            0x2a, 0x8c, 0x9d, 0x5a, 0xab, 0xc3, 0x4b, 0x4e, 0xb9, 0x78, 0xb9, 0x11, 0xe5, 0x52,
-            0x40, 0xf3, 0x45, 0x64, 0x9c, 0xd3, 0xd7, 0xe8, 0xb5, 0x83, 0xfb, 0xe0, 0x66, 0x98,
-            0x4d, 0x98, 0x81, 0xf7, 0xb5, 0x49, 0x4d, 0xcb,
-        ];
+        let payload = array_ref!(frame, 7, 73 - 7 - 2);
         let response = pass_frame(&frame);
         let expected = APDU {
             header: ApduHeader {

From 943d7af5039656acb551df7af0172344e1791802 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Wed, 2 Dec 2020 23:43:35 -0800
Subject: [PATCH 047/192] Payload does not need to be an array

---
 src/ctap/apdu.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 6d06dc5..8cff770 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -378,7 +378,7 @@ mod test {
             0x8a, 0xf2, 0x5f, 0xe8, 0x59, 0x2e, 0x0b, 0xc6, 0x85, 0xc6, 0xf7, 0x0e, 0x9e, 0xdb,
             0xb6, 0x2b, 0x00, 0x00,
         ];
-        let payload = array_ref!(frame, 7, 186 - 7 - 2);
+        let payload: &[u8] = &frame[7..frame.len() - 2];
         let response = pass_frame(&frame);
         let expected = APDU {
             header: ApduHeader {
@@ -405,7 +405,7 @@ mod test {
             0xe8, 0xb5, 0x83, 0xfb, 0xe0, 0x66, 0x98, 0x4d, 0x98, 0x81, 0xf7, 0xb5, 0x49, 0x4d,
             0xcb, 0x00, 0x00,
         ];
-        let payload = array_ref!(frame, 7, 73 - 7 - 2);
+        let payload: &[u8] = &frame[7..frame.len() - 2];
         let response = pass_frame(&frame);
         let expected = APDU {
             header: ApduHeader {

From 71ec2cf937260c075222960405f478108cbe0106 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Thu, 3 Dec 2020 07:50:05 -0800
Subject: [PATCH 048/192] Return an error when the case isn't determined

---
 src/ctap/apdu.rs | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 8cff770..07cf136 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -81,7 +81,6 @@ pub enum Case {
     Lc3DataLe1,
     Lc3DataLe2,
     Le3,
-    Unknown,
 }
 
 #[cfg_attr(test, derive(Clone, Debug))]
@@ -213,7 +212,7 @@ impl TryFrom<&[u8]> for APDU {
                             1 => Case::Lc3DataLe1,
                             2 => Case::Lc3DataLe2,
                             3 => Case::Le3,
-                            _ => Case::Unknown,
+                            _ => return Err(ApduStatusCode::SW_COND_USE_NOT_SATISFIED),
                         }),
                     });
                 }

From 69cdd4a0dc3c1bb6967afc89c752c966ce6b8d99 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Thu, 3 Dec 2020 07:53:22 -0800
Subject: [PATCH 049/192] Use (relatively more) appropriate error code)

---
 src/ctap/apdu.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 07cf136..db4653f 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -205,20 +205,20 @@ impl TryFrom<&[u8]> for APDU {
                             3 => BigEndian::read_u32(
                                 &payload[payload.len() - extended_apdu_le_len..],
                             ),
-                            _ => 0,
+                            _ => return Err(ApduStatusCode::SW_INTERNAL_EXCEPTION),
                         },
                         case_type: ApduType::Extended(match extended_apdu_le_len {
                             0 => Case::Lc3Data,
                             1 => Case::Lc3DataLe1,
                             2 => Case::Lc3DataLe2,
                             3 => Case::Le3,
-                            _ => return Err(ApduStatusCode::SW_COND_USE_NOT_SATISFIED),
+                            _ => return Err(ApduStatusCode::SW_INTERNAL_EXCEPTION),
                         }),
                     });
                 }
             }
         }
-        return Err(ApduStatusCode::SW_COND_USE_NOT_SATISFIED);
+        return Err(ApduStatusCode::SW_INTERNAL_EXCEPTION);
     }
 }
 

From cc8bdb982d327275abc73a5c80dcfa84b22220f8 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Thu, 3 Dec 2020 07:55:34 -0800
Subject: [PATCH 050/192] Remove unknown apdu type

---
 src/ctap/apdu.rs | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index db4653f..0afe6b7 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -90,18 +90,11 @@ pub enum ApduType {
     Instruction,
     Short(Case),
     Extended(Case),
-    Unknown,
-}
-
-impl Default for ApduType {
-    fn default() -> ApduType {
-        ApduType::Unknown
-    }
 }
 
 #[cfg_attr(test, derive(Clone, Debug))]
 #[allow(dead_code)]
-#[derive(Default, PartialEq)]
+#[derive(PartialEq)]
 pub struct APDU {
     header: ApduHeader,
     lc: u16,

From bec94f02be79c4ae520ef97acc7b5899d352cf14 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Thu, 3 Dec 2020 08:10:44 -0800
Subject: [PATCH 051/192] Tweak Le appropriately depending on its swize

---
 src/ctap/apdu.rs | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 0afe6b7..17677c9 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -192,12 +192,27 @@ impl TryFrom<&[u8]> for APDU {
                                     last_byte
                                 }
                             }
-                            2 => BigEndian::read_u16(
-                                &payload[payload.len() - extended_apdu_le_len..],
-                            ) as u32,
-                            3 => BigEndian::read_u32(
-                                &payload[payload.len() - extended_apdu_le_len..],
-                            ),
+                            2 => {
+                                let le_parsed = BigEndian::read_u16(&payload[payload.len() - 2..]);
+                                if le_parsed == 0x00 {
+                                    0x100
+                                } else {
+                                    le_parsed as u32
+                                }
+                            }
+                            3 => {
+                                let le_first_byte: u32 =
+                                    (*payload.get(payload.len() - 3).unwrap()).into();
+                                if le_first_byte != 0x00 {
+                                    return Err(ApduStatusCode::SW_INTERNAL_EXCEPTION);
+                                }
+                                let le_parsed = BigEndian::read_u16(&payload[payload.len() - 2..]);
+                                if le_parsed == 0x00 {
+                                    0x10000
+                                } else {
+                                    le_parsed as u32
+                                }
+                            }
                             _ => return Err(ApduStatusCode::SW_INTERNAL_EXCEPTION),
                         },
                         case_type: ApduType::Extended(match extended_apdu_le_len {
@@ -381,7 +396,7 @@ mod test {
             },
             lc: 0xb1,
             data: payload.to_vec(),
-            le: 0x00,
+            le: 0x100,
             case_type: ApduType::Extended(Case::Lc3DataLe2),
         };
         assert_eq!(Ok(expected), response);
@@ -408,7 +423,7 @@ mod test {
             },
             lc: 0x40,
             data: payload.to_vec(),
-            le: 0x00,
+            le: 0x100,
             case_type: ApduType::Extended(Case::Lc3DataLe2),
         };
         assert_eq!(Ok(expected), response);

From 4bfce88e9b056d3ba2e79c081607dbf9fde00ca6 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Thu, 3 Dec 2020 08:14:07 -0800
Subject: [PATCH 052/192] Remove indention level made redundant by early-return

---
 src/ctap/apdu.rs | 192 +++++++++++++++++++++++------------------------
 1 file changed, 96 insertions(+), 96 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 17677c9..6a94790 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -124,108 +124,108 @@ impl TryFrom<&[u8]> for APDU {
                 le: 0x00,
                 case_type: ApduType::Instruction,
             });
-        } else {
-            // Lc is not zero-bytes in length, let's figure out how long it is
-            let byte_0 = payload[0];
-            if payload.len() == 1 {
-                // There is only one byte in the payload, that byte cannot be Lc because that would
-                // entail at *least* one another byte in the payload (for the command data)
-                return Ok(APDU {
-                    header: array_ref!(header, 0, APDU_HEADER_LEN).into(),
-                    lc: 0x00,
-                    data: Vec::new(),
-                    le: if byte_0 == 0x00 {
-                        // Ne = 256
-                        0x100
-                    } else {
-                        byte_0.into()
-                    },
-                    case_type: ApduType::Short(Case::Le1),
-                });
-            }
-            if payload.len() == 1 + (byte_0 as usize) && byte_0 != 0 {
-                // Lc is one-byte long and since the size specified by Lc covers the rest of the
-                // payload there's no Le at the end
-                return Ok(APDU {
-                    header: array_ref!(header, 0, APDU_HEADER_LEN).into(),
-                    lc: byte_0.into(),
-                    data: payload[1..].to_vec(),
-                    case_type: ApduType::Short(Case::Lc1Data),
-                    le: 0,
-                });
-            }
-            if payload.len() == 2 + (byte_0 as usize) && byte_0 != 0 {
-                // Lc is one-byte long and since the size specified by Lc covers the rest of the
-                // payload with ONE additional byte that byte must be Le
+        }
+        // Lc is not zero-bytes in length, let's figure out how long it is
+        let byte_0 = payload[0];
+        if payload.len() == 1 {
+            // There is only one byte in the payload, that byte cannot be Lc because that would
+            // entail at *least* one another byte in the payload (for the command data)
+            return Ok(APDU {
+                header: array_ref!(header, 0, APDU_HEADER_LEN).into(),
+                lc: 0x00,
+                data: Vec::new(),
+                le: if byte_0 == 0x00 {
+                    // Ne = 256
+                    0x100
+                } else {
+                    byte_0.into()
+                },
+                case_type: ApduType::Short(Case::Le1),
+            });
+        }
+        if payload.len() == 1 + (byte_0 as usize) && byte_0 != 0 {
+            // Lc is one-byte long and since the size specified by Lc covers the rest of the
+            // payload there's no Le at the end
+            return Ok(APDU {
+                header: array_ref!(header, 0, APDU_HEADER_LEN).into(),
+                lc: byte_0.into(),
+                data: payload[1..].to_vec(),
+                case_type: ApduType::Short(Case::Lc1Data),
+                le: 0,
+            });
+        }
+        if payload.len() == 2 + (byte_0 as usize) && byte_0 != 0 {
+            // Lc is one-byte long and since the size specified by Lc covers the rest of the
+            // payload with ONE additional byte that byte must be Le
+            let last_byte: u32 = (*payload.last().unwrap()).into();
+            return Ok(APDU {
+                header: array_ref!(header, 0, APDU_HEADER_LEN).into(),
+                lc: byte_0.into(),
+                data: payload[1..(payload.len() - 1)].to_vec(),
+                le: if last_byte == 0x00 { 0x100 } else { last_byte },
+                case_type: ApduType::Short(Case::Lc1DataLe1),
+            });
+        }
+        if payload.len() > 2 {
+            // Lc is possibly three-bytes long
+            let extended_apdu_lc: usize = BigEndian::read_u16(&payload[1..]) as usize;
+            let extended_apdu_le_len: usize = if payload.len() > extended_apdu_lc {
+                payload.len() - extended_apdu_lc - 3
+            } else {
+                0
+            };
+            if byte_0 == 0 && extended_apdu_le_len <= 3 {
+                // If first byte is zero AND the next two bytes can be parsed as a big-endian
+                // length that covers the rest of the block (plus few additional bytes for Le), we
+                // have an extended-length APDU
                 let last_byte: u32 = (*payload.last().unwrap()).into();
                 return Ok(APDU {
                     header: array_ref!(header, 0, APDU_HEADER_LEN).into(),
-                    lc: byte_0.into(),
-                    data: payload[1..(payload.len() - 1)].to_vec(),
-                    le: if last_byte == 0x00 { 0x100 } else { last_byte },
-                    case_type: ApduType::Short(Case::Lc1DataLe1),
+                    lc: extended_apdu_lc as u16,
+                    data: payload[3..(payload.len() - extended_apdu_le_len)].to_vec(),
+                    le: match extended_apdu_le_len {
+                        0 => 0,
+                        1 => {
+                            if last_byte == 0x00 {
+                                0x100
+                            } else {
+                                last_byte
+                            }
+                        }
+                        2 => {
+                            let le_parsed = BigEndian::read_u16(&payload[payload.len() - 2..]);
+                            if le_parsed == 0x00 {
+                                0x100
+                            } else {
+                                le_parsed as u32
+                            }
+                        }
+                        3 => {
+                            let le_first_byte: u32 =
+                                (*payload.get(payload.len() - 3).unwrap()).into();
+                            if le_first_byte != 0x00 {
+                                return Err(ApduStatusCode::SW_INTERNAL_EXCEPTION);
+                            }
+                            let le_parsed = BigEndian::read_u16(&payload[payload.len() - 2..]);
+                            if le_parsed == 0x00 {
+                                0x10000
+                            } else {
+                                le_parsed as u32
+                            }
+                        }
+                        _ => return Err(ApduStatusCode::SW_INTERNAL_EXCEPTION),
+                    },
+                    case_type: ApduType::Extended(match extended_apdu_le_len {
+                        0 => Case::Lc3Data,
+                        1 => Case::Lc3DataLe1,
+                        2 => Case::Lc3DataLe2,
+                        3 => Case::Le3,
+                        _ => return Err(ApduStatusCode::SW_INTERNAL_EXCEPTION),
+                    }),
                 });
             }
-            if payload.len() > 2 {
-                // Lc is possibly three-bytes long
-                let extended_apdu_lc: usize = BigEndian::read_u16(&payload[1..]) as usize;
-                let extended_apdu_le_len: usize = if payload.len() > extended_apdu_lc {
-                    payload.len() - extended_apdu_lc - 3
-                } else {
-                    0
-                };
-                if byte_0 == 0 && extended_apdu_le_len <= 3 {
-                    // If first byte is zero AND the next two bytes can be parsed as a big-endian
-                    // length that covers the rest of the block (plus few additional bytes for Le), we
-                    // have an extended-length APDU
-                    let last_byte: u32 = (*payload.last().unwrap()).into();
-                    return Ok(APDU {
-                        header: array_ref!(header, 0, APDU_HEADER_LEN).into(),
-                        lc: extended_apdu_lc as u16,
-                        data: payload[3..(payload.len() - extended_apdu_le_len)].to_vec(),
-                        le: match extended_apdu_le_len {
-                            0 => 0,
-                            1 => {
-                                if last_byte == 0x00 {
-                                    0x100
-                                } else {
-                                    last_byte
-                                }
-                            }
-                            2 => {
-                                let le_parsed = BigEndian::read_u16(&payload[payload.len() - 2..]);
-                                if le_parsed == 0x00 {
-                                    0x100
-                                } else {
-                                    le_parsed as u32
-                                }
-                            }
-                            3 => {
-                                let le_first_byte: u32 =
-                                    (*payload.get(payload.len() - 3).unwrap()).into();
-                                if le_first_byte != 0x00 {
-                                    return Err(ApduStatusCode::SW_INTERNAL_EXCEPTION);
-                                }
-                                let le_parsed = BigEndian::read_u16(&payload[payload.len() - 2..]);
-                                if le_parsed == 0x00 {
-                                    0x10000
-                                } else {
-                                    le_parsed as u32
-                                }
-                            }
-                            _ => return Err(ApduStatusCode::SW_INTERNAL_EXCEPTION),
-                        },
-                        case_type: ApduType::Extended(match extended_apdu_le_len {
-                            0 => Case::Lc3Data,
-                            1 => Case::Lc3DataLe1,
-                            2 => Case::Lc3DataLe2,
-                            3 => Case::Le3,
-                            _ => return Err(ApduStatusCode::SW_INTERNAL_EXCEPTION),
-                        }),
-                    });
-                }
-            }
         }
+
         return Err(ApduStatusCode::SW_INTERNAL_EXCEPTION);
     }
 }

From 1eaff57c885836e80e4bb76ee28649dabf0ea93c Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Thu, 3 Dec 2020 08:25:34 -0800
Subject: [PATCH 053/192] Le should be interpreted as 0x10000 even in the
 2-byte case

---
 src/ctap/apdu.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 6a94790..b39d7fb 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -195,7 +195,7 @@ impl TryFrom<&[u8]> for APDU {
                         2 => {
                             let le_parsed = BigEndian::read_u16(&payload[payload.len() - 2..]);
                             if le_parsed == 0x00 {
-                                0x100
+                                0x10000
                             } else {
                                 le_parsed as u32
                             }
@@ -396,7 +396,7 @@ mod test {
             },
             lc: 0xb1,
             data: payload.to_vec(),
-            le: 0x100,
+            le: 0x10000,
             case_type: ApduType::Extended(Case::Lc3DataLe2),
         };
         assert_eq!(Ok(expected), response);
@@ -423,7 +423,7 @@ mod test {
             },
             lc: 0x40,
             data: payload.to_vec(),
-            le: 0x100,
+            le: 0x10000,
             case_type: ApduType::Extended(Case::Lc3DataLe2),
         };
         assert_eq!(Ok(expected), response);

From b032a15654711bafcc797c148ed389056f8bc92d Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 4 Dec 2020 13:17:33 +0100
Subject: [PATCH 054/192] makes the global signature counter more privacy
 friendly

---
 src/ctap/ctap1.rs   |  35 +++++--
 src/ctap/mod.rs     | 246 ++++++++++++++++++++++++++++++++++++++++----
 src/ctap/storage.rs |  31 +++++-
 3 files changed, 276 insertions(+), 36 deletions(-)

diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index 5bc759c..5919431 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -388,6 +388,7 @@ impl Ctap1Command {
 mod test {
     use super::super::{key_material, CREDENTIAL_ID_BASE_SIZE, USE_SIGNATURE_COUNTER};
     use super::*;
+    use byteorder::{BigEndian, ByteOrder};
     use crypto::rng256::ThreadRng256;
     use crypto::Hash256;
 
@@ -642,6 +643,16 @@ mod test {
         assert_eq!(response, Err(Ctap1StatusCode::SW_WRONG_DATA));
     }
 
+    fn check_signature_counter(response: &[u8; 4], signature_counter: u32) {
+        if USE_SIGNATURE_COUNTER {
+            let mut signature_counter_bytes = [0u8; 4];
+            BigEndian::write_u32(&mut signature_counter_bytes, signature_counter);
+            assert_eq!(response, &signature_counter_bytes);
+        } else {
+            assert_eq!(response, &[0x00, 0x00, 0x00, 0x00]);
+        }
+    }
+
     #[test]
     fn test_process_authenticate_enforce() {
         let mut rng = ThreadRng256 {};
@@ -662,11 +673,13 @@ mod test {
         let response =
             Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE).unwrap();
         assert_eq!(response[0], 0x01);
-        if USE_SIGNATURE_COUNTER {
-            assert_eq!(response[1..5], [0x00, 0x00, 0x00, 0x01]);
-        } else {
-            assert_eq!(response[1..5], [0x00, 0x00, 0x00, 0x00]);
-        }
+        check_signature_counter(
+            array_ref!(response, 1, 4),
+            ctap_state
+                .persistent_store
+                .global_signature_counter()
+                .unwrap(),
+        );
     }
 
     #[test]
@@ -690,11 +703,13 @@ mod test {
         let response =
             Ctap1Command::process_command(&message, &mut ctap_state, TIMEOUT_CLOCK_VALUE).unwrap();
         assert_eq!(response[0], 0x01);
-        if USE_SIGNATURE_COUNTER {
-            assert_eq!(response[1..5], [0x00, 0x00, 0x00, 0x01]);
-        } else {
-            assert_eq!(response[1..5], [0x00, 0x00, 0x00, 0x00]);
-        }
+        check_signature_counter(
+            array_ref!(response, 1, 4),
+            ctap_state
+                .persistent_store
+                .global_signature_counter()
+                .unwrap(),
+        );
     }
 
     #[test]
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index d67796b..56cca9a 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -81,6 +81,7 @@ const USE_BATCH_ATTESTATION: bool = false;
 // need a flash storage friendly way to implement this feature. The implemented
 // solution is a compromise to be compatible with U2F and not wasting storage.
 const USE_SIGNATURE_COUNTER: bool = true;
+pub const INITIAL_SIGNATURE_COUNTER: u32 = 1;
 // Our credential ID consists of
 // - 16 byte initialization vector for AES-256,
 // - 32 byte ECDSA private key for the credential,
@@ -215,7 +216,9 @@ where
 
     pub fn increment_global_signature_counter(&mut self) -> Result<(), Ctap2StatusCode> {
         if USE_SIGNATURE_COUNTER {
-            self.persistent_store.incr_global_signature_counter()?;
+            let increment = self.rng.gen_uniform_u32x8()[0] % 8 + 1;
+            self.persistent_store
+                .incr_global_signature_counter(increment)?;
         }
         Ok(())
     }
@@ -1094,9 +1097,43 @@ mod test {
                 // The expected response is split to only assert the non-random parts.
                 assert_eq!(fmt, "packed");
                 let mut expected_auth_data = vec![
-                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
-                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
-                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x41, 0x00, 0x00, 0x00, 0x00,
+                    0xA3,
+                    0x79,
+                    0xA6,
+                    0xF6,
+                    0xEE,
+                    0xAF,
+                    0xB9,
+                    0xA5,
+                    0x5E,
+                    0x37,
+                    0x8C,
+                    0x11,
+                    0x80,
+                    0x34,
+                    0xE2,
+                    0x75,
+                    0x1E,
+                    0x68,
+                    0x2F,
+                    0xAB,
+                    0x9F,
+                    0x2D,
+                    0x30,
+                    0xAB,
+                    0x13,
+                    0xD2,
+                    0x12,
+                    0x55,
+                    0x86,
+                    0xCE,
+                    0x19,
+                    0x47,
+                    0x41,
+                    0x00,
+                    0x00,
+                    0x00,
+                    INITIAL_SIGNATURE_COUNTER as u8,
                 ];
                 expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
                 expected_auth_data.extend(&[0x00, 0x20]);
@@ -1131,9 +1168,43 @@ mod test {
                 // The expected response is split to only assert the non-random parts.
                 assert_eq!(fmt, "packed");
                 let mut expected_auth_data = vec![
-                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
-                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
-                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x41, 0x00, 0x00, 0x00, 0x00,
+                    0xA3,
+                    0x79,
+                    0xA6,
+                    0xF6,
+                    0xEE,
+                    0xAF,
+                    0xB9,
+                    0xA5,
+                    0x5E,
+                    0x37,
+                    0x8C,
+                    0x11,
+                    0x80,
+                    0x34,
+                    0xE2,
+                    0x75,
+                    0x1E,
+                    0x68,
+                    0x2F,
+                    0xAB,
+                    0x9F,
+                    0x2D,
+                    0x30,
+                    0xAB,
+                    0x13,
+                    0xD2,
+                    0x12,
+                    0x55,
+                    0x86,
+                    0xCE,
+                    0x19,
+                    0x47,
+                    0x41,
+                    0x00,
+                    0x00,
+                    0x00,
+                    INITIAL_SIGNATURE_COUNTER as u8,
                 ];
                 expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
                 expected_auth_data.extend(&[0x00, CREDENTIAL_ID_BASE_SIZE as u8]);
@@ -1280,9 +1351,43 @@ mod test {
                 // The expected response is split to only assert the non-random parts.
                 assert_eq!(fmt, "packed");
                 let mut expected_auth_data = vec![
-                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
-                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
-                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0xC1, 0x00, 0x00, 0x00, 0x00,
+                    0xA3,
+                    0x79,
+                    0xA6,
+                    0xF6,
+                    0xEE,
+                    0xAF,
+                    0xB9,
+                    0xA5,
+                    0x5E,
+                    0x37,
+                    0x8C,
+                    0x11,
+                    0x80,
+                    0x34,
+                    0xE2,
+                    0x75,
+                    0x1E,
+                    0x68,
+                    0x2F,
+                    0xAB,
+                    0x9F,
+                    0x2D,
+                    0x30,
+                    0xAB,
+                    0x13,
+                    0xD2,
+                    0x12,
+                    0x55,
+                    0x86,
+                    0xCE,
+                    0x19,
+                    0x47,
+                    0xC1,
+                    0x00,
+                    0x00,
+                    0x00,
+                    INITIAL_SIGNATURE_COUNTER as u8,
                 ];
                 expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
                 expected_auth_data.extend(&[0x00, CREDENTIAL_ID_MAX_SIZE as u8]);
@@ -1329,9 +1434,43 @@ mod test {
                 // The expected response is split to only assert the non-random parts.
                 assert_eq!(fmt, "packed");
                 let mut expected_auth_data = vec![
-                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
-                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
-                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0xC1, 0x00, 0x00, 0x00, 0x00,
+                    0xA3,
+                    0x79,
+                    0xA6,
+                    0xF6,
+                    0xEE,
+                    0xAF,
+                    0xB9,
+                    0xA5,
+                    0x5E,
+                    0x37,
+                    0x8C,
+                    0x11,
+                    0x80,
+                    0x34,
+                    0xE2,
+                    0x75,
+                    0x1E,
+                    0x68,
+                    0x2F,
+                    0xAB,
+                    0x9F,
+                    0x2D,
+                    0x30,
+                    0xAB,
+                    0x13,
+                    0xD2,
+                    0x12,
+                    0x55,
+                    0x86,
+                    0xCE,
+                    0x19,
+                    0x47,
+                    0xC1,
+                    0x00,
+                    0x00,
+                    0x00,
+                    INITIAL_SIGNATURE_COUNTER as u8,
                 ];
                 expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
                 expected_auth_data.extend(&[0x00, 0x20]);
@@ -1374,6 +1513,7 @@ mod test {
         response: Result<ResponseData, Ctap2StatusCode>,
         expected_user: PublicKeyCredentialUserEntity,
         flags: u8,
+        signature_counter: u32,
         expected_number_of_credentials: Option<u64>,
     ) {
         match response.unwrap() {
@@ -1384,11 +1524,16 @@ mod test {
                     number_of_credentials,
                     ..
                 } = get_assertion_response;
-                let expected_auth_data = vec![
+                let mut expected_auth_data = vec![
                     0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
                     0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
-                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, flags, 0x00, 0x00, 0x00, 0x01,
+                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, flags, 0x00, 0x00, 0x00, 0x00,
                 ];
+                let signature_counter_position = expected_auth_data.len() - 4;
+                BigEndian::write_u32(
+                    &mut expected_auth_data[signature_counter_position..],
+                    signature_counter,
+                );
                 assert_eq!(auth_data, expected_auth_data);
                 assert_eq!(user, Some(expected_user));
                 assert_eq!(number_of_credentials, expected_number_of_credentials);
@@ -1400,6 +1545,7 @@ mod test {
     fn check_assertion_response(
         response: Result<ResponseData, Ctap2StatusCode>,
         expected_user_id: Vec<u8>,
+        signature_counter: u32,
         expected_number_of_credentials: Option<u64>,
     ) {
         let expected_user = PublicKeyCredentialUserEntity {
@@ -1412,6 +1558,7 @@ mod test {
             response,
             expected_user,
             0x00,
+            signature_counter,
             expected_number_of_credentials,
         );
     }
@@ -1444,7 +1591,11 @@ mod test {
             DUMMY_CHANNEL_ID,
             DUMMY_CLOCK_VALUE,
         );
-        check_assertion_response(get_assertion_response, vec![0x1D], None);
+        let signature_counter = ctap_state
+            .persistent_store
+            .global_signature_counter()
+            .unwrap();
+        check_assertion_response(get_assertion_response, vec![0x1D], signature_counter, None);
     }
 
     #[test]
@@ -1637,7 +1788,11 @@ mod test {
             DUMMY_CHANNEL_ID,
             DUMMY_CLOCK_VALUE,
         );
-        check_assertion_response(get_assertion_response, vec![0x1D], None);
+        let signature_counter = ctap_state
+            .persistent_store
+            .global_signature_counter()
+            .unwrap();
+        check_assertion_response(get_assertion_response, vec![0x1D], signature_counter, None);
 
         let credential = PublicKeyCredentialSource {
             key_type: PublicKeyCredentialType::PublicKey,
@@ -1740,10 +1895,26 @@ mod test {
             DUMMY_CHANNEL_ID,
             DUMMY_CLOCK_VALUE,
         );
-        check_assertion_response_with_user(get_assertion_response, user2, 0x04, Some(2));
+        let signature_counter = ctap_state
+            .persistent_store
+            .global_signature_counter()
+            .unwrap();
+        check_assertion_response_with_user(
+            get_assertion_response,
+            user2,
+            0x04,
+            signature_counter,
+            Some(2),
+        );
 
         let get_assertion_response = ctap_state.process_get_next_assertion(DUMMY_CLOCK_VALUE);
-        check_assertion_response_with_user(get_assertion_response, user1, 0x04, None);
+        check_assertion_response_with_user(
+            get_assertion_response,
+            user1,
+            0x04,
+            signature_counter,
+            None,
+        );
 
         let get_assertion_response = ctap_state.process_get_next_assertion(DUMMY_CLOCK_VALUE);
         assert_eq!(
@@ -1800,13 +1971,22 @@ mod test {
             DUMMY_CHANNEL_ID,
             DUMMY_CLOCK_VALUE,
         );
-        check_assertion_response(get_assertion_response, vec![0x03], Some(3));
+        let signature_counter = ctap_state
+            .persistent_store
+            .global_signature_counter()
+            .unwrap();
+        check_assertion_response(
+            get_assertion_response,
+            vec![0x03],
+            signature_counter,
+            Some(3),
+        );
 
         let get_assertion_response = ctap_state.process_get_next_assertion(DUMMY_CLOCK_VALUE);
-        check_assertion_response(get_assertion_response, vec![0x02], None);
+        check_assertion_response(get_assertion_response, vec![0x02], signature_counter, None);
 
         let get_assertion_response = ctap_state.process_get_next_assertion(DUMMY_CLOCK_VALUE);
-        check_assertion_response(get_assertion_response, vec![0x01], None);
+        check_assertion_response(get_assertion_response, vec![0x01], signature_counter, None);
 
         let get_assertion_response = ctap_state.process_get_next_assertion(DUMMY_CLOCK_VALUE);
         assert_eq!(
@@ -2042,4 +2222,26 @@ mod test {
                 .is_none());
         }
     }
+
+    #[test]
+    fn test_signature_counter() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+
+        let mut last_counter = ctap_state
+            .persistent_store
+            .global_signature_counter()
+            .unwrap();
+        assert!(last_counter > 0);
+        for _ in 0..100 {
+            assert!(ctap_state.increment_global_signature_counter().is_ok());
+            let next_counter = ctap_state
+                .persistent_store
+                .global_signature_counter()
+                .unwrap();
+            assert!(next_counter > last_counter);
+            last_counter = next_counter;
+        }
+    }
 }
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 0e4941a..911bdd7 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -18,6 +18,7 @@ use crate::ctap::data_formats::{CredentialProtectionPolicy, PublicKeyCredentialS
 use crate::ctap::key_material;
 use crate::ctap::pin_protocol_v1::PIN_AUTH_LENGTH;
 use crate::ctap::status_code::Ctap2StatusCode;
+use crate::ctap::INITIAL_SIGNATURE_COUNTER;
 use crate::embedded_flash::{self, StoreConfig, StoreEntry, StoreError};
 use alloc::string::String;
 #[cfg(any(test, feature = "ram_storage", feature = "with_ctap2_1"))]
@@ -366,16 +367,16 @@ impl PersistentStore {
         Ok(self
             .store
             .find_one(&Key::GlobalSignatureCounter)
-            .map_or(0, |(_, entry)| {
+            .map_or(INITIAL_SIGNATURE_COUNTER, |(_, entry)| {
                 u32::from_ne_bytes(*array_ref!(entry.data, 0, 4))
             }))
     }
 
-    pub fn incr_global_signature_counter(&mut self) -> Result<(), Ctap2StatusCode> {
+    pub fn incr_global_signature_counter(&mut self, increment: u32) -> Result<(), Ctap2StatusCode> {
         let mut buffer = [0; core::mem::size_of::<u32>()];
         match self.store.find_one(&Key::GlobalSignatureCounter) {
             None => {
-                buffer.copy_from_slice(&1u32.to_ne_bytes());
+                buffer.copy_from_slice(&(increment + INITIAL_SIGNATURE_COUNTER).to_ne_bytes());
                 self.store.insert(StoreEntry {
                     tag: GLOBAL_SIGNATURE_COUNTER,
                     data: &buffer,
@@ -385,7 +386,7 @@ impl PersistentStore {
             Some((index, entry)) => {
                 let value = u32::from_ne_bytes(*array_ref!(entry.data, 0, 4));
                 // In hopes that servers handle the wrapping gracefully.
-                buffer.copy_from_slice(&value.wrapping_add(1).to_ne_bytes());
+                buffer.copy_from_slice(&value.wrapping_add(increment).to_ne_bytes());
                 self.store.replace(
                     index,
                     StoreEntry {
@@ -1136,6 +1137,28 @@ mod test {
         assert_eq!(persistent_store._min_pin_length_rp_ids().unwrap(), rp_ids);
     }
 
+    #[test]
+    fn test_global_signature_counter() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+
+        let mut counter_value = 1;
+        assert_eq!(
+            persistent_store.global_signature_counter().unwrap(),
+            counter_value
+        );
+        for increment in 1..10 {
+            assert!(persistent_store
+                .incr_global_signature_counter(increment)
+                .is_ok());
+            counter_value += increment;
+            assert_eq!(
+                persistent_store.global_signature_counter().unwrap(),
+                counter_value
+            );
+        }
+    }
+
     #[test]
     fn test_serialize_deserialize_credential() {
         let mut rng = ThreadRng256 {};

From 21b8ad18cecb47fb465b2870fa45570f767d238f Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 4 Dec 2020 13:41:56 +0100
Subject: [PATCH 055/192] fix clippy warning in apdu

---
 src/ctap/apdu.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index b39d7fb..949151e 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -226,7 +226,7 @@ impl TryFrom<&[u8]> for APDU {
             }
         }
 
-        return Err(ApduStatusCode::SW_INTERNAL_EXCEPTION);
+        Err(ApduStatusCode::SW_INTERNAL_EXCEPTION)
     }
 }
 

From 16c0196b1d3a97abd00e6b52615a78b7ac0ad11c Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Fri, 4 Dec 2020 14:42:16 +0100
Subject: [PATCH 056/192] Check global counter length

---
 src/ctap/storage.rs | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 0f1c73f..a10f2eb 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -294,10 +294,11 @@ impl PersistentStore {
 
     /// Returns the global signature counter.
     pub fn global_signature_counter(&self) -> Result<u32, Ctap2StatusCode> {
-        Ok(match self.store.find(key::GLOBAL_SIGNATURE_COUNTER)? {
-            None => 0,
-            Some(value) => u32::from_ne_bytes(*array_ref!(&value, 0, 4)),
-        })
+        match self.store.find(key::GLOBAL_SIGNATURE_COUNTER)? {
+            None => Ok(0),
+            Some(value) if value.len() == 4 => Ok(u32::from_ne_bytes(*array_ref!(&value, 0, 4))),
+            Some(_) => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE),
+        }
     }
 
     /// Increments the global signature counter.

From 0b55ff3c3ad995b34113d71808bf33fa7828e1bf Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 4 Dec 2020 14:57:11 +0100
Subject: [PATCH 057/192] fixes formatting

---
 src/ctap/ctap1.rs |   5 +-
 src/ctap/mod.rs   | 164 +++++-----------------------------------------
 2 files changed, 17 insertions(+), 152 deletions(-)

diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index 5919431..e434c36 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -388,7 +388,6 @@ impl Ctap1Command {
 mod test {
     use super::super::{key_material, CREDENTIAL_ID_BASE_SIZE, USE_SIGNATURE_COUNTER};
     use super::*;
-    use byteorder::{BigEndian, ByteOrder};
     use crypto::rng256::ThreadRng256;
     use crypto::Hash256;
 
@@ -645,9 +644,7 @@ mod test {
 
     fn check_signature_counter(response: &[u8; 4], signature_counter: u32) {
         if USE_SIGNATURE_COUNTER {
-            let mut signature_counter_bytes = [0u8; 4];
-            BigEndian::write_u32(&mut signature_counter_bytes, signature_counter);
-            assert_eq!(response, &signature_counter_bytes);
+            assert_eq!(u32::from_be_bytes(*response), signature_counter);
         } else {
             assert_eq!(response, &[0x00, 0x00, 0x00, 0x00]);
         }
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 56cca9a..ea42caf 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -1097,44 +1097,11 @@ mod test {
                 // The expected response is split to only assert the non-random parts.
                 assert_eq!(fmt, "packed");
                 let mut expected_auth_data = vec![
-                    0xA3,
-                    0x79,
-                    0xA6,
-                    0xF6,
-                    0xEE,
-                    0xAF,
-                    0xB9,
-                    0xA5,
-                    0x5E,
-                    0x37,
-                    0x8C,
-                    0x11,
-                    0x80,
-                    0x34,
-                    0xE2,
-                    0x75,
-                    0x1E,
-                    0x68,
-                    0x2F,
-                    0xAB,
-                    0x9F,
-                    0x2D,
-                    0x30,
-                    0xAB,
-                    0x13,
-                    0xD2,
-                    0x12,
-                    0x55,
-                    0x86,
-                    0xCE,
-                    0x19,
-                    0x47,
-                    0x41,
-                    0x00,
-                    0x00,
-                    0x00,
-                    INITIAL_SIGNATURE_COUNTER as u8,
+                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
+                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
+                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x41, 0x00, 0x00, 0x00,
                 ];
+                expected_auth_data.push(INITIAL_SIGNATURE_COUNTER as u8);
                 expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
                 expected_auth_data.extend(&[0x00, 0x20]);
                 assert_eq!(
@@ -1168,44 +1135,11 @@ mod test {
                 // The expected response is split to only assert the non-random parts.
                 assert_eq!(fmt, "packed");
                 let mut expected_auth_data = vec![
-                    0xA3,
-                    0x79,
-                    0xA6,
-                    0xF6,
-                    0xEE,
-                    0xAF,
-                    0xB9,
-                    0xA5,
-                    0x5E,
-                    0x37,
-                    0x8C,
-                    0x11,
-                    0x80,
-                    0x34,
-                    0xE2,
-                    0x75,
-                    0x1E,
-                    0x68,
-                    0x2F,
-                    0xAB,
-                    0x9F,
-                    0x2D,
-                    0x30,
-                    0xAB,
-                    0x13,
-                    0xD2,
-                    0x12,
-                    0x55,
-                    0x86,
-                    0xCE,
-                    0x19,
-                    0x47,
-                    0x41,
-                    0x00,
-                    0x00,
-                    0x00,
-                    INITIAL_SIGNATURE_COUNTER as u8,
+                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
+                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
+                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x41, 0x00, 0x00, 0x00,
                 ];
+                expected_auth_data.push(INITIAL_SIGNATURE_COUNTER as u8);
                 expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
                 expected_auth_data.extend(&[0x00, CREDENTIAL_ID_BASE_SIZE as u8]);
                 assert_eq!(
@@ -1351,44 +1285,11 @@ mod test {
                 // The expected response is split to only assert the non-random parts.
                 assert_eq!(fmt, "packed");
                 let mut expected_auth_data = vec![
-                    0xA3,
-                    0x79,
-                    0xA6,
-                    0xF6,
-                    0xEE,
-                    0xAF,
-                    0xB9,
-                    0xA5,
-                    0x5E,
-                    0x37,
-                    0x8C,
-                    0x11,
-                    0x80,
-                    0x34,
-                    0xE2,
-                    0x75,
-                    0x1E,
-                    0x68,
-                    0x2F,
-                    0xAB,
-                    0x9F,
-                    0x2D,
-                    0x30,
-                    0xAB,
-                    0x13,
-                    0xD2,
-                    0x12,
-                    0x55,
-                    0x86,
-                    0xCE,
-                    0x19,
-                    0x47,
-                    0xC1,
-                    0x00,
-                    0x00,
-                    0x00,
-                    INITIAL_SIGNATURE_COUNTER as u8,
+                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
+                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
+                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0xC1, 0x00, 0x00, 0x00,
                 ];
+                expected_auth_data.push(INITIAL_SIGNATURE_COUNTER as u8);
                 expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
                 expected_auth_data.extend(&[0x00, CREDENTIAL_ID_MAX_SIZE as u8]);
                 assert_eq!(
@@ -1434,44 +1335,11 @@ mod test {
                 // The expected response is split to only assert the non-random parts.
                 assert_eq!(fmt, "packed");
                 let mut expected_auth_data = vec![
-                    0xA3,
-                    0x79,
-                    0xA6,
-                    0xF6,
-                    0xEE,
-                    0xAF,
-                    0xB9,
-                    0xA5,
-                    0x5E,
-                    0x37,
-                    0x8C,
-                    0x11,
-                    0x80,
-                    0x34,
-                    0xE2,
-                    0x75,
-                    0x1E,
-                    0x68,
-                    0x2F,
-                    0xAB,
-                    0x9F,
-                    0x2D,
-                    0x30,
-                    0xAB,
-                    0x13,
-                    0xD2,
-                    0x12,
-                    0x55,
-                    0x86,
-                    0xCE,
-                    0x19,
-                    0x47,
-                    0xC1,
-                    0x00,
-                    0x00,
-                    0x00,
-                    INITIAL_SIGNATURE_COUNTER as u8,
+                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
+                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
+                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0xC1, 0x00, 0x00, 0x00,
                 ];
+                expected_auth_data.push(INITIAL_SIGNATURE_COUNTER as u8);
                 expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
                 expected_auth_data.extend(&[0x00, 0x20]);
                 assert_eq!(

From 4c84e940391149b1fb3526e148d290376787a71c Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Mon, 7 Dec 2020 21:23:55 -0800
Subject: [PATCH 058/192] Use new APDU parser in CTAP1 code

---
 src/ctap/apdu.rs  | 33 +++++++++++++++-----------
 src/ctap/ctap1.rs | 59 ++++++++++++++++++++++-------------------------
 2 files changed, 47 insertions(+), 45 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 949151e..530a85b 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -53,10 +53,10 @@ pub enum ApduInstructions {
 #[allow(dead_code)]
 #[derive(Default, PartialEq)]
 pub struct ApduHeader {
-    cla: u8,
-    ins: u8,
-    p1: u8,
-    p2: u8,
+    pub cla: u8,
+    pub ins: u8,
+    pub p1: u8,
+    pub p2: u8,
 }
 
 impl From<&[u8; APDU_HEADER_LEN]> for ApduHeader {
@@ -96,11 +96,11 @@ pub enum ApduType {
 #[allow(dead_code)]
 #[derive(PartialEq)]
 pub struct APDU {
-    header: ApduHeader,
-    lc: u16,
-    data: Vec<u8>,
-    le: u32,
-    case_type: ApduType,
+    pub header: ApduHeader,
+    pub lc: u16,
+    pub data: Vec<u8>,
+    pub le: u32,
+    pub case_type: ApduType,
 }
 
 impl TryFrom<&[u8]> for APDU {
@@ -168,12 +168,17 @@ impl TryFrom<&[u8]> for APDU {
         }
         if payload.len() > 2 {
             // Lc is possibly three-bytes long
-            let extended_apdu_lc: usize = BigEndian::read_u16(&payload[1..]) as usize;
-            let extended_apdu_le_len: usize = if payload.len() > extended_apdu_lc {
-                payload.len() - extended_apdu_lc - 3
-            } else {
-                0
+            let extended_apdu_lc: usize = BigEndian::read_u16(&payload[1..3]) as usize;
+            if payload.len() < extended_apdu_lc + 3 {
+                return Err(ApduStatusCode::SW_WRONG_LENGTH);
+            }
+            let extended_apdu_le_len: usize = match payload.len() - extended_apdu_lc {
+                // There's some possible Le bytes at the end
+                2..=5 => payload.len() - extended_apdu_lc - 3,
+                // There are more bytes than even Le3 can consume, return an error
+                _ => return Err(ApduStatusCode::SW_WRONG_LENGTH),
             };
+
             if byte_0 == 0 && extended_apdu_le_len <= 3 {
                 // If first byte is zero AND the next two bytes can be parsed as a big-endian
                 // length that covers the rest of the block (plus few additional bytes for Le), we
diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index e434c36..ea5f894 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use super::apdu::{ApduStatusCode, APDU};
 use super::hid::ChannelID;
 use super::status_code::Ctap2StatusCode;
 use super::CtapState;
@@ -118,11 +119,16 @@ impl TryFrom<&[u8]> for U2fCommand {
     type Error = Ctap1StatusCode;
 
     fn try_from(message: &[u8]) -> Result<Self, Ctap1StatusCode> {
-        if message.len() < Ctap1Command::APDU_HEADER_LEN as usize {
-            return Err(Ctap1StatusCode::SW_WRONG_DATA);
-        }
-
-        let (apdu, payload) = message.split_at(Ctap1Command::APDU_HEADER_LEN as usize);
+        let apdu: APDU = match APDU::try_from(message) {
+            Ok(apdu) => apdu,
+            // Todo: Better conversion between ApduStatusCode and Ctap1StatusCode
+            // Maybe use TryFrom?
+            Err(apdu_status_code) => match apdu_status_code {
+                ApduStatusCode::SW_WRONG_LENGTH => return Err(Ctap1StatusCode::SW_WRONG_LENGTH),
+                ApduStatusCode::SW_WRONG_DATA => return Err(Ctap1StatusCode::SW_WRONG_DATA),
+                _ => return Err(Ctap1StatusCode::SW_COMMAND_ABORTED),
+            },
+        };
 
         // ISO7816 APDU Header format. Each cell is 1 byte. Note that the CTAP flavor always
         // encodes the length on 3 bytes and doesn't use the field "Le" (Length Expected).
@@ -131,30 +137,29 @@ impl TryFrom<&[u8]> for U2fCommand {
         // +-----+-----+----+----+-----+-----+-----+
         // | CLA | INS | P1 | P2 | Lc1 | Lc2 | Lc3 |
         // +-----+-----+----+----+-----+-----+-----+
-        if apdu[0] != Ctap1Command::CTAP1_CLA {
+        if apdu.header.cla != Ctap1Command::CTAP1_CLA {
             return Err(Ctap1StatusCode::SW_CLA_NOT_SUPPORTED);
         }
 
-        let lc = (((apdu[4] as u32) << 16) | ((apdu[5] as u32) << 8) | (apdu[6] as u32)) as usize;
-
         // Since there is always request data, the expected length is either omitted or
         // encoded in 2 bytes.
-        if lc != payload.len() && lc + 2 != payload.len() {
+        // Todo: support extended APDUs now that the new parser can work with those
+        if apdu.lc as usize != apdu.data.len() && (apdu.lc as usize) + 2 != apdu.data.len() {
             return Err(Ctap1StatusCode::SW_WRONG_LENGTH);
         }
 
-        match apdu[1] {
+        match apdu.header.ins {
             // U2F raw message format specification, Section 4.1
             // +-----------------+-------------------+
             // + Challenge (32B) | Application (32B) |
             // +-----------------+-------------------+
             Ctap1Command::U2F_REGISTER => {
-                if lc != 64 {
+                if apdu.lc != 64 {
                     return Err(Ctap1StatusCode::SW_WRONG_LENGTH);
                 }
                 Ok(Self::Register {
-                    challenge: *array_ref!(payload, 0, 32),
-                    application: *array_ref!(payload, 32, 32),
+                    challenge: *array_ref!(apdu.data, 0, 32),
+                    application: *array_ref!(apdu.data, 32, 32),
                 })
             }
 
@@ -163,25 +168,25 @@ impl TryFrom<&[u8]> for U2fCommand {
             // + Challenge (32B) | Application (32B) | key handle len (1B) | key handle |
             // +-----------------+-------------------+---------------------+------------+
             Ctap1Command::U2F_AUTHENTICATE => {
-                if lc < 65 {
+                if apdu.lc < 65 {
                     return Err(Ctap1StatusCode::SW_WRONG_LENGTH);
                 }
-                let handle_length = payload[64] as usize;
-                if lc != 65 + handle_length {
+                let handle_length = apdu.data[64] as usize;
+                if apdu.lc as usize != 65 + handle_length {
                     return Err(Ctap1StatusCode::SW_WRONG_LENGTH);
                 }
-                let flag = Ctap1Flags::try_from(apdu[2])?;
+                let flag = Ctap1Flags::try_from(apdu.header.p1)?;
                 Ok(Self::Authenticate {
-                    challenge: *array_ref!(payload, 0, 32),
-                    application: *array_ref!(payload, 32, 32),
-                    key_handle: payload[65..lc].to_vec(),
+                    challenge: *array_ref!(apdu.data, 0, 32),
+                    application: *array_ref!(apdu.data, 32, 32),
+                    key_handle: apdu.data[65..].to_vec(),
                     flags: flag,
                 })
             }
 
             // U2F raw message format specification, Section 6.1
             Ctap1Command::U2F_VERSION => {
-                if lc != 0 {
+                if apdu.lc != 0 {
                     return Err(Ctap1StatusCode::SW_WRONG_LENGTH);
                 }
                 Ok(Self::Version)
@@ -190,7 +195,7 @@ impl TryFrom<&[u8]> for U2fCommand {
             // For Vendor specific command.
             Ctap1Command::VENDOR_SPECIFIC_FIRST..=Ctap1Command::VENDOR_SPECIFIC_LAST => {
                 Ok(Self::VendorSpecific {
-                    payload: payload.to_vec(),
+                    payload: apdu.data.to_vec(),
                 })
             }
 
@@ -202,8 +207,6 @@ impl TryFrom<&[u8]> for U2fCommand {
 pub struct Ctap1Command {}
 
 impl Ctap1Command {
-    const APDU_HEADER_LEN: u32 = 7; // CLA + INS + P1 + P2 + LC1-3
-
     const CTAP1_CLA: u8 = 0;
     // This byte is used in Register, but only serves backwards compatibility.
     const LEGACY_BYTE: u8 = 0x05;
@@ -571,13 +574,7 @@ mod test {
         let mut message =
             create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
 
-        message.push(0x00);
-        let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
-        assert_eq!(response, Err(Ctap1StatusCode::SW_WRONG_LENGTH));
-
-        // Two extra zeros are okay, they could encode the expected response length.
-        message.push(0x00);
-        message.push(0x00);
+        message.extend_from_slice(&[0x00, 0x00, 0x00, 0x00]);
         let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
         assert_eq!(response, Err(Ctap1StatusCode::SW_WRONG_LENGTH));
     }

From e4d160aaeeb4c209908a1c9a1eb073273d2792df Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Mon, 7 Dec 2020 23:32:04 -0800
Subject: [PATCH 059/192] Use TryFrom to convert between APDU and CTAP status
 codes

---
 src/ctap/ctap1.rs | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index ea5f894..b0ed506 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -60,6 +60,24 @@ impl TryFrom<u16> for Ctap1StatusCode {
     }
 }
 
+impl TryFrom<ApduStatusCode> for Ctap1StatusCode {
+    type Error = ();
+
+    fn try_from(apdu_status_code: ApduStatusCode) -> Result<Ctap1StatusCode, ()> {
+        match apdu_status_code {
+            ApduStatusCode::SW_WRONG_LENGTH => Ok(Ctap1StatusCode::SW_WRONG_LENGTH),
+            ApduStatusCode::SW_WRONG_DATA => Ok(Ctap1StatusCode::SW_WRONG_DATA),
+            ApduStatusCode::SW_CLA_INVALID => Ok(Ctap1StatusCode::SW_CLA_NOT_SUPPORTED),
+            ApduStatusCode::SW_INS_INVALID => Ok(Ctap1StatusCode::SW_INS_NOT_SUPPORTED),
+            ApduStatusCode::SW_COND_USE_NOT_SATISFIED => {
+                Ok(Ctap1StatusCode::SW_CONDITIONS_NOT_SATISFIED)
+            }
+            ApduStatusCode::SW_SUCCESS => Ok(Ctap1StatusCode::SW_NO_ERROR),
+            _ => Ok(Ctap1StatusCode::SW_COMMAND_ABORTED),
+        }
+    }
+}
+
 impl Into<u16> for Ctap1StatusCode {
     fn into(self) -> u16 {
         self as u16
@@ -121,13 +139,9 @@ impl TryFrom<&[u8]> for U2fCommand {
     fn try_from(message: &[u8]) -> Result<Self, Ctap1StatusCode> {
         let apdu: APDU = match APDU::try_from(message) {
             Ok(apdu) => apdu,
-            // Todo: Better conversion between ApduStatusCode and Ctap1StatusCode
-            // Maybe use TryFrom?
-            Err(apdu_status_code) => match apdu_status_code {
-                ApduStatusCode::SW_WRONG_LENGTH => return Err(Ctap1StatusCode::SW_WRONG_LENGTH),
-                ApduStatusCode::SW_WRONG_DATA => return Err(Ctap1StatusCode::SW_WRONG_DATA),
-                _ => return Err(Ctap1StatusCode::SW_COMMAND_ABORTED),
-            },
+            Err(apdu_status_code) => {
+                return Err(Ctap1StatusCode::try_from(apdu_status_code).unwrap())
+            }
         };
 
         // ISO7816 APDU Header format. Each cell is 1 byte. Note that the CTAP flavor always

From 373464b72d0d851d10481d3371f1ea09b4958a98 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Mon, 7 Dec 2020 23:35:47 -0800
Subject: [PATCH 060/192] Remove redundant type declaration

---
 src/ctap/apdu.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 530a85b..e3dfe23 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -168,7 +168,7 @@ impl TryFrom<&[u8]> for APDU {
         }
         if payload.len() > 2 {
             // Lc is possibly three-bytes long
-            let extended_apdu_lc: usize = BigEndian::read_u16(&payload[1..3]) as usize;
+            let extended_apdu_lc = BigEndian::read_u16(&payload[1..3]) as usize;
             if payload.len() < extended_apdu_lc + 3 {
                 return Err(ApduStatusCode::SW_WRONG_LENGTH);
             }

From 2d17bb2afafe1d94abd55978c6863d2015ff219b Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Mon, 7 Dec 2020 23:38:21 -0800
Subject: [PATCH 061/192] Readability improvements

---
 src/ctap/apdu.rs  |  4 ++--
 src/ctap/ctap1.rs | 13 +++++++------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index e3dfe23..70b17eb 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -172,9 +172,9 @@ impl TryFrom<&[u8]> for APDU {
             if payload.len() < extended_apdu_lc + 3 {
                 return Err(ApduStatusCode::SW_WRONG_LENGTH);
             }
-            let extended_apdu_le_len: usize = match payload.len() - extended_apdu_lc {
+            let extended_apdu_le_len: usize = match payload.len() - extended_apdu_lc - 3 {
                 // There's some possible Le bytes at the end
-                2..=5 => payload.len() - extended_apdu_lc - 3,
+                0..=3 => payload.len() - extended_apdu_lc - 3,
                 // There are more bytes than even Le3 can consume, return an error
                 _ => return Err(ApduStatusCode::SW_WRONG_LENGTH),
             };
diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index b0ed506..2677201 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -144,6 +144,8 @@ impl TryFrom<&[u8]> for U2fCommand {
             }
         };
 
+        let lc = apdu.lc as usize;
+
         // ISO7816 APDU Header format. Each cell is 1 byte. Note that the CTAP flavor always
         // encodes the length on 3 bytes and doesn't use the field "Le" (Length Expected).
         // We keep the 2 byte of "Le" for the packet length in mind, but always ignore its value.
@@ -157,8 +159,7 @@ impl TryFrom<&[u8]> for U2fCommand {
 
         // Since there is always request data, the expected length is either omitted or
         // encoded in 2 bytes.
-        // Todo: support extended APDUs now that the new parser can work with those
-        if apdu.lc as usize != apdu.data.len() && (apdu.lc as usize) + 2 != apdu.data.len() {
+        if lc != apdu.data.len() && (lc as usize) + 2 != apdu.data.len() {
             return Err(Ctap1StatusCode::SW_WRONG_LENGTH);
         }
 
@@ -168,7 +169,7 @@ impl TryFrom<&[u8]> for U2fCommand {
             // + Challenge (32B) | Application (32B) |
             // +-----------------+-------------------+
             Ctap1Command::U2F_REGISTER => {
-                if apdu.lc != 64 {
+                if lc != 64 {
                     return Err(Ctap1StatusCode::SW_WRONG_LENGTH);
                 }
                 Ok(Self::Register {
@@ -182,11 +183,11 @@ impl TryFrom<&[u8]> for U2fCommand {
             // + Challenge (32B) | Application (32B) | key handle len (1B) | key handle |
             // +-----------------+-------------------+---------------------+------------+
             Ctap1Command::U2F_AUTHENTICATE => {
-                if apdu.lc < 65 {
+                if lc < 65 {
                     return Err(Ctap1StatusCode::SW_WRONG_LENGTH);
                 }
                 let handle_length = apdu.data[64] as usize;
-                if apdu.lc as usize != 65 + handle_length {
+                if lc as usize != 65 + handle_length {
                     return Err(Ctap1StatusCode::SW_WRONG_LENGTH);
                 }
                 let flag = Ctap1Flags::try_from(apdu.header.p1)?;
@@ -200,7 +201,7 @@ impl TryFrom<&[u8]> for U2fCommand {
 
             // U2F raw message format specification, Section 6.1
             Ctap1Command::U2F_VERSION => {
-                if apdu.lc != 0 {
+                if lc != 0 {
                     return Err(Ctap1StatusCode::SW_WRONG_LENGTH);
                 }
                 Ok(Self::Version)

From 56bc86c5d01146e4c7c52f58a17e7386e87f147c Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Mon, 7 Dec 2020 23:40:06 -0800
Subject: [PATCH 062/192] No need to cast again

---
 src/ctap/ctap1.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index 2677201..4d18846 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -159,7 +159,7 @@ impl TryFrom<&[u8]> for U2fCommand {
 
         // Since there is always request data, the expected length is either omitted or
         // encoded in 2 bytes.
-        if lc != apdu.data.len() && (lc as usize) + 2 != apdu.data.len() {
+        if lc != apdu.data.len() && lc + 2 != apdu.data.len() {
             return Err(Ctap1StatusCode::SW_WRONG_LENGTH);
         }
 
@@ -187,7 +187,7 @@ impl TryFrom<&[u8]> for U2fCommand {
                     return Err(Ctap1StatusCode::SW_WRONG_LENGTH);
                 }
                 let handle_length = apdu.data[64] as usize;
-                if lc as usize != 65 + handle_length {
+                if lc != 65 + handle_length {
                     return Err(Ctap1StatusCode::SW_WRONG_LENGTH);
                 }
                 let flag = Ctap1Flags::try_from(apdu.header.p1)?;

From 90def7dfd3c913d04fe107373b926d1d012655ce Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 8 Dec 2020 18:12:48 +0100
Subject: [PATCH 063/192] implicitly generate HMAC-secret

---
 src/ctap/ctap1.rs           |  53 +++++----------
 src/ctap/data_formats.rs    |  20 +-----
 src/ctap/mod.rs             | 128 ++++++++++--------------------------
 src/ctap/pin_protocol_v1.rs |  30 ++-------
 src/ctap/storage.rs         |  59 +++++++++++++++--
 5 files changed, 112 insertions(+), 178 deletions(-)

diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index e434c36..47d2120 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -291,7 +291,7 @@ impl Ctap1Command {
         let sk = crypto::ecdsa::SecKey::gensk(ctap_state.rng);
         let pk = sk.genpk();
         let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
+            .encrypt_key_handle(sk, &application)
             .map_err(|_| Ctap1StatusCode::SW_COMMAND_ABORTED)?;
         if key_handle.len() > 0xFF {
             // This is just being defensive with unreachable code.
@@ -386,7 +386,7 @@ impl Ctap1Command {
 
 #[cfg(test)]
 mod test {
-    use super::super::{key_material, CREDENTIAL_ID_BASE_SIZE, USE_SIGNATURE_COUNTER};
+    use super::super::{key_material, CREDENTIAL_ID_SIZE, USE_SIGNATURE_COUNTER};
     use super::*;
     use crypto::rng256::ThreadRng256;
     use crypto::Hash256;
@@ -426,12 +426,12 @@ mod test {
             0x00,
             0x00,
             0x00,
-            65 + CREDENTIAL_ID_BASE_SIZE as u8,
+            65 + CREDENTIAL_ID_SIZE as u8,
         ];
         let challenge = [0x0C; 32];
         message.extend(&challenge);
         message.extend(application);
-        message.push(CREDENTIAL_ID_BASE_SIZE as u8);
+        message.push(CREDENTIAL_ID_SIZE as u8);
         message.extend(key_handle);
         message
     }
@@ -471,15 +471,12 @@ mod test {
         let response =
             Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE).unwrap();
         assert_eq!(response[0], Ctap1Command::LEGACY_BYTE);
-        assert_eq!(response[66], CREDENTIAL_ID_BASE_SIZE as u8);
+        assert_eq!(response[66], CREDENTIAL_ID_SIZE as u8);
         assert!(ctap_state
-            .decrypt_credential_source(
-                response[67..67 + CREDENTIAL_ID_BASE_SIZE].to_vec(),
-                &application
-            )
+            .decrypt_credential_source(response[67..67 + CREDENTIAL_ID_SIZE].to_vec(), &application)
             .unwrap()
             .is_some());
-        const CERT_START: usize = 67 + CREDENTIAL_ID_BASE_SIZE;
+        const CERT_START: usize = 67 + CREDENTIAL_ID_SIZE;
         assert_eq!(
             &response[CERT_START..CERT_START + fake_cert.len()],
             &fake_cert[..]
@@ -528,9 +525,7 @@ mod test {
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
-            .unwrap();
+        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
         let message = create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
 
         let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
@@ -546,9 +541,7 @@ mod test {
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
-            .unwrap();
+        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
         let application = [0x55; 32];
         let message = create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
 
@@ -565,9 +558,7 @@ mod test {
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
-            .unwrap();
+        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
         let mut message =
             create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
 
@@ -591,9 +582,7 @@ mod test {
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
-            .unwrap();
+        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
         let mut message =
             create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
         message[0] = 0xEE;
@@ -611,9 +600,7 @@ mod test {
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
-            .unwrap();
+        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
         let mut message =
             create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
         message[1] = 0xEE;
@@ -631,9 +618,7 @@ mod test {
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
-            .unwrap();
+        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
         let mut message =
             create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
         message[2] = 0xEE;
@@ -659,9 +644,7 @@ mod test {
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
-            .unwrap();
+        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
         let message =
             create_authenticate_message(&application, Ctap1Flags::EnforceUpAndSign, &key_handle);
 
@@ -688,9 +671,7 @@ mod test {
 
         let rp_id = "example.com";
         let application = crypto::sha256::Sha256::hash(rp_id.as_bytes());
-        let key_handle = ctap_state
-            .encrypt_key_handle(sk, &application, None)
-            .unwrap();
+        let key_handle = ctap_state.encrypt_key_handle(sk, &application).unwrap();
         let message = create_authenticate_message(
             &application,
             Ctap1Flags::DontEnforceUpAndSign,
@@ -712,7 +693,7 @@ mod test {
     #[test]
     fn test_process_authenticate_bad_key_handle() {
         let application = [0x0A; 32];
-        let key_handle = vec![0x00; CREDENTIAL_ID_BASE_SIZE];
+        let key_handle = vec![0x00; CREDENTIAL_ID_SIZE];
         let message =
             create_authenticate_message(&application, Ctap1Flags::EnforceUpAndSign, &key_handle);
 
@@ -729,7 +710,7 @@ mod test {
     #[test]
     fn test_process_authenticate_without_up() {
         let application = [0x0A; 32];
-        let key_handle = vec![0x00; CREDENTIAL_ID_BASE_SIZE];
+        let key_handle = vec![0x00; CREDENTIAL_ID_SIZE];
         let message =
             create_authenticate_message(&application, Ctap1Flags::EnforceUpAndSign, &key_handle);
 
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index e7419fd..a2b490d 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -498,7 +498,6 @@ pub struct PublicKeyCredentialSource {
     pub rp_id: String,
     pub user_handle: Vec<u8>, // not optional, but nullable
     pub user_display_name: Option<String>,
-    pub cred_random: Option<Vec<u8>>,
     pub cred_protect_policy: Option<CredentialProtectionPolicy>,
     pub creation_order: u64,
     pub user_name: Option<String>,
@@ -513,14 +512,14 @@ enum PublicKeyCredentialSourceField {
     RpId = 2,
     UserHandle = 3,
     UserDisplayName = 4,
-    CredRandom = 5,
     CredProtectPolicy = 6,
     CreationOrder = 7,
     UserName = 8,
     UserIcon = 9,
     // When a field is removed, its tag should be reserved and not used for new fields. We document
     // those reserved tags below.
-    // Reserved tags: none.
+    // Reserved tags:
+    // - CredRandom = 5,
 }
 
 impl From<PublicKeyCredentialSourceField> for cbor::KeyType {
@@ -539,7 +538,6 @@ impl From<PublicKeyCredentialSource> for cbor::Value {
             PublicKeyCredentialSourceField::RpId => Some(credential.rp_id),
             PublicKeyCredentialSourceField::UserHandle => Some(credential.user_handle),
             PublicKeyCredentialSourceField::UserDisplayName => credential.user_display_name,
-            PublicKeyCredentialSourceField::CredRandom => credential.cred_random,
             PublicKeyCredentialSourceField::CredProtectPolicy => credential.cred_protect_policy,
             PublicKeyCredentialSourceField::CreationOrder => credential.creation_order,
             PublicKeyCredentialSourceField::UserName => credential.user_name,
@@ -559,7 +557,6 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialSource {
                 PublicKeyCredentialSourceField::RpId => rp_id,
                 PublicKeyCredentialSourceField::UserHandle => user_handle,
                 PublicKeyCredentialSourceField::UserDisplayName => user_display_name,
-                PublicKeyCredentialSourceField::CredRandom => cred_random,
                 PublicKeyCredentialSourceField::CredProtectPolicy => cred_protect_policy,
                 PublicKeyCredentialSourceField::CreationOrder => creation_order,
                 PublicKeyCredentialSourceField::UserName => user_name,
@@ -577,7 +574,6 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialSource {
         let rp_id = extract_text_string(ok_or_missing(rp_id)?)?;
         let user_handle = extract_byte_string(ok_or_missing(user_handle)?)?;
         let user_display_name = user_display_name.map(extract_text_string).transpose()?;
-        let cred_random = cred_random.map(extract_byte_string).transpose()?;
         let cred_protect_policy = cred_protect_policy
             .map(CredentialProtectionPolicy::try_from)
             .transpose()?;
@@ -601,7 +597,6 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialSource {
             rp_id,
             user_handle,
             user_display_name,
-            cred_random,
             cred_protect_policy,
             creation_order,
             user_name,
@@ -1373,7 +1368,6 @@ mod test {
             rp_id: "example.com".to_string(),
             user_handle: b"foo".to_vec(),
             user_display_name: None,
-            cred_random: None,
             cred_protect_policy: None,
             creation_order: 0,
             user_name: None,
@@ -1395,16 +1389,6 @@ mod test {
             Ok(credential.clone())
         );
 
-        let credential = PublicKeyCredentialSource {
-            cred_random: Some(vec![0x00; 32]),
-            ..credential
-        };
-
-        assert_eq!(
-            PublicKeyCredentialSource::try_from(cbor::Value::from(credential.clone())),
-            Ok(credential.clone())
-        );
-
         let credential = PublicKeyCredentialSource {
             cred_protect_policy: Some(CredentialProtectionPolicy::UserVerificationOptional),
             ..credential
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index ea42caf..67a0e27 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -86,10 +86,8 @@ pub const INITIAL_SIGNATURE_COUNTER: u32 = 1;
 // - 16 byte initialization vector for AES-256,
 // - 32 byte ECDSA private key for the credential,
 // - 32 byte relying party ID hashed with SHA256,
-// - (optional) 32 byte for HMAC-secret,
 // - 32 byte HMAC-SHA256 over everything else.
-pub const CREDENTIAL_ID_BASE_SIZE: usize = 112;
-pub const CREDENTIAL_ID_MAX_SIZE: usize = CREDENTIAL_ID_BASE_SIZE + 32;
+pub const CREDENTIAL_ID_SIZE: usize = 112;
 // Set this bit when checking user presence.
 const UP_FLAG: u8 = 0x01;
 // Set this bit when checking user verification.
@@ -142,6 +140,7 @@ struct AssertionInput {
     client_data_hash: Vec<u8>,
     auth_data: Vec<u8>,
     hmac_secret_input: Option<GetAssertionHmacSecretInput>,
+    has_uv: bool,
 }
 
 struct AssertionState {
@@ -231,7 +230,6 @@ where
         &mut self,
         private_key: crypto::ecdsa::SecKey,
         application: &[u8; 32],
-        cred_random: Option<&[u8; 32]>,
     ) -> Result<Vec<u8>, Ctap2StatusCode> {
         let master_keys = self.persistent_store.master_keys()?;
         let aes_enc_key = crypto::aes256::EncryptionKey::new(&master_keys.encryption);
@@ -240,16 +238,12 @@ where
         let mut iv = [0; 16];
         iv.copy_from_slice(&self.rng.gen_uniform_u8x32()[..16]);
 
-        let block_len = if cred_random.is_some() { 6 } else { 4 };
+        let block_len = 4;
         let mut blocks = vec![[0u8; 16]; block_len];
         blocks[0].copy_from_slice(&sk_bytes[..16]);
         blocks[1].copy_from_slice(&sk_bytes[16..]);
         blocks[2].copy_from_slice(&application[..16]);
         blocks[3].copy_from_slice(&application[16..]);
-        if let Some(cred_random) = cred_random {
-            blocks[4].copy_from_slice(&cred_random[..16]);
-            blocks[5].copy_from_slice(&cred_random[16..]);
-        }
         cbc_encrypt(&aes_enc_key, iv, &mut blocks);
 
         let mut encrypted_id = Vec::with_capacity(16 * (block_len + 3));
@@ -270,11 +264,9 @@ where
         credential_id: Vec<u8>,
         rp_id_hash: &[u8],
     ) -> Result<Option<PublicKeyCredentialSource>, Ctap2StatusCode> {
-        let has_cred_random = match credential_id.len() {
-            CREDENTIAL_ID_BASE_SIZE => false,
-            CREDENTIAL_ID_MAX_SIZE => true,
-            _ => return Ok(None),
-        };
+        if credential_id.len() != CREDENTIAL_ID_SIZE {
+            return Ok(None);
+        }
         let master_keys = self.persistent_store.master_keys()?;
         let payload_size = credential_id.len() - 32;
         if !verify_hmac_256::<Sha256>(
@@ -288,7 +280,7 @@ where
         let aes_dec_key = crypto::aes256::DecryptionKey::new(&aes_enc_key);
         let mut iv = [0; 16];
         iv.copy_from_slice(&credential_id[..16]);
-        let block_len = if has_cred_random { 6 } else { 4 };
+        let block_len = 4;
         let mut blocks = vec![[0u8; 16]; block_len];
         for i in 0..block_len {
             blocks[i].copy_from_slice(&credential_id[16 * (i + 1)..16 * (i + 2)]);
@@ -301,15 +293,6 @@ where
         decrypted_sk[16..].clone_from_slice(&blocks[1]);
         decrypted_rp_id_hash[..16].clone_from_slice(&blocks[2]);
         decrypted_rp_id_hash[16..].clone_from_slice(&blocks[3]);
-        let cred_random = if has_cred_random {
-            let mut decrypted_cred_random = [0; 32];
-            decrypted_cred_random[..16].clone_from_slice(&blocks[4]);
-            decrypted_cred_random[16..].clone_from_slice(&blocks[5]);
-            Some(decrypted_cred_random.to_vec())
-        } else {
-            None
-        };
-
         if rp_id_hash != decrypted_rp_id_hash {
             return Ok(None);
         }
@@ -322,7 +305,6 @@ where
             rp_id: String::from(""),
             user_handle: vec![],
             user_display_name: None,
-            cred_random,
             cred_protect_policy: None,
             creation_order: 0,
             user_name: None,
@@ -464,11 +446,6 @@ where
             (false, DEFAULT_CRED_PROTECT)
         };
 
-        let cred_random = if use_hmac_extension {
-            Some(self.rng.gen_uniform_u8x32())
-        } else {
-            None
-        };
         let has_extension_output = use_hmac_extension || cred_protect_policy.is_some();
 
         let rp_id = rp.rp_id;
@@ -543,7 +520,6 @@ where
                 user_display_name: user
                     .user_display_name
                     .map(|s| truncate_to_char_boundary(&s, 64).to_string()),
-                cred_random: cred_random.map(|c| c.to_vec()),
                 cred_protect_policy,
                 creation_order: self.persistent_store.new_creation_order()?,
                 user_name: user
@@ -556,7 +532,7 @@ where
             self.persistent_store.store_credential(credential_source)?;
             random_id
         } else {
-            self.encrypt_key_handle(sk.clone(), &rp_id_hash, cred_random.as_ref())?
+            self.encrypt_key_handle(sk.clone(), &rp_id_hash)?
         };
 
         let mut auth_data = self.generate_auth_data(&rp_id_hash, flags)?;
@@ -622,10 +598,25 @@ where
         ))
     }
 
+    // Generates a different per-credential secret for each UV mode.
+    // The computation is deterministic, and private_key expected to be unique.
+    fn generate_cred_random(
+        &mut self,
+        private_key: &crypto::ecdsa::SecKey,
+        has_uv: bool,
+    ) -> Result<[u8; 32], Ctap2StatusCode> {
+        let mut private_key_bytes = [0u8; 32];
+        private_key.to_bytes(&mut private_key_bytes);
+        let salt = crypto::sha256::Sha256::hash(&private_key_bytes);
+        // TODO(kaczmarczyck) KDF? hash salt together with rp_id_hash?
+        let key = self.persistent_store.cred_random_secret(has_uv)?;
+        Ok(hmac_256::<Sha256>(&key, &salt[..]))
+    }
+
     // Processes the input of a get_assertion operation for a given credential
     // and returns the correct Get(Next)Assertion response.
     fn assertion_response(
-        &self,
+        &mut self,
         credential: PublicKeyCredentialSource,
         assertion_input: AssertionInput,
         number_of_credentials: Option<usize>,
@@ -634,13 +625,15 @@ where
             client_data_hash,
             mut auth_data,
             hmac_secret_input,
+            has_uv,
         } = assertion_input;
 
         // Process extensions.
         if let Some(hmac_secret_input) = hmac_secret_input {
+            let cred_random = self.generate_cred_random(&credential.private_key, has_uv)?;
             let encrypted_output = self
                 .pin_protocol_v1
-                .process_hmac_secret(hmac_secret_input, &credential.cred_random)?;
+                .process_hmac_secret(hmac_secret_input, &cred_random)?;
             let extensions_output = cbor_map! {
                 "hmac-secret" => encrypted_output,
             };
@@ -807,6 +800,7 @@ where
             client_data_hash,
             auth_data: self.generate_auth_data(&rp_id_hash, flags)?,
             hmac_secret_input,
+            has_uv,
         };
         let number_of_credentials = if applicable_credentials.is_empty() {
             None
@@ -872,7 +866,7 @@ where
                 max_credential_count_in_list: MAX_CREDENTIAL_COUNT_IN_LIST.map(|c| c as u64),
                 // #TODO(106) update with version 2.1 of HMAC-secret
                 #[cfg(feature = "with_ctap2_1")]
-                max_credential_id_length: Some(CREDENTIAL_ID_BASE_SIZE as u64 + 32),
+                max_credential_id_length: Some(CREDENTIAL_ID_SIZE as u64),
                 #[cfg(feature = "with_ctap2_1")]
                 transports: Some(vec![AuthenticatorTransport::Usb]),
                 #[cfg(feature = "with_ctap2_1")]
@@ -1010,7 +1004,7 @@ mod test {
         #[cfg(feature = "with_ctap2_1")]
         expected_response.extend(
             [
-                0x08, 0x18, 0x90, 0x09, 0x81, 0x63, 0x75, 0x73, 0x62, 0x0A, 0x81, 0xA2, 0x63, 0x61,
+                0x08, 0x18, 0x70, 0x09, 0x81, 0x63, 0x75, 0x73, 0x62, 0x0A, 0x81, 0xA2, 0x63, 0x61,
                 0x6C, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6A, 0x70, 0x75, 0x62, 0x6C, 0x69,
                 0x63, 0x2D, 0x6B, 0x65, 0x79, 0x0D, 0x04,
             ]
@@ -1141,7 +1135,7 @@ mod test {
                 ];
                 expected_auth_data.push(INITIAL_SIGNATURE_COUNTER as u8);
                 expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
-                expected_auth_data.extend(&[0x00, CREDENTIAL_ID_BASE_SIZE as u8]);
+                expected_auth_data.extend(&[0x00, CREDENTIAL_ID_SIZE as u8]);
                 assert_eq!(
                     auth_data[0..expected_auth_data.len()],
                     expected_auth_data[..]
@@ -1186,7 +1180,6 @@ mod test {
             rp_id: String::from("example.com"),
             user_handle: vec![],
             user_display_name: None,
-            cred_random: None,
             cred_protect_policy: None,
             creation_order: 0,
             user_name: None,
@@ -1291,7 +1284,7 @@ mod test {
                 ];
                 expected_auth_data.push(INITIAL_SIGNATURE_COUNTER as u8);
                 expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
-                expected_auth_data.extend(&[0x00, CREDENTIAL_ID_MAX_SIZE as u8]);
+                expected_auth_data.extend(&[0x00, CREDENTIAL_ID_SIZE as u8]);
                 assert_eq!(
                     auth_data[0..expected_auth_data.len()],
                     expected_auth_data[..]
@@ -1488,8 +1481,8 @@ mod test {
                 let auth_data = make_credential_response.auth_data;
                 let offset = 37 + ctap_state.persistent_store.aaguid().unwrap().len();
                 assert_eq!(auth_data[offset], 0x00);
-                assert_eq!(auth_data[offset + 1] as usize, CREDENTIAL_ID_MAX_SIZE);
-                auth_data[offset + 2..offset + 2 + CREDENTIAL_ID_MAX_SIZE].to_vec()
+                assert_eq!(auth_data[offset + 1] as usize, CREDENTIAL_ID_SIZE);
+                auth_data[offset + 2..offset + 2 + CREDENTIAL_ID_SIZE].to_vec()
             }
             _ => panic!("Invalid response type"),
         };
@@ -1604,7 +1597,6 @@ mod test {
             rp_id: String::from("example.com"),
             user_handle: vec![0x1D],
             user_display_name: None,
-            cred_random: None,
             cred_protect_policy: Some(
                 CredentialProtectionPolicy::UserVerificationOptionalWithCredentialIdList,
             ),
@@ -1669,7 +1661,6 @@ mod test {
             rp_id: String::from("example.com"),
             user_handle: vec![0x1D],
             user_display_name: None,
-            cred_random: None,
             cred_protect_policy: Some(CredentialProtectionPolicy::UserVerificationRequired),
             creation_order: 0,
             user_name: None,
@@ -1942,7 +1933,6 @@ mod test {
             rp_id: String::from("example.com"),
             user_handle: vec![],
             user_display_name: None,
-            cred_random: None,
             cred_protect_policy: None,
             creation_order: 0,
             user_name: None,
@@ -2013,7 +2003,7 @@ mod test {
         // We are not testing the correctness of our SHA256 here, only if it is checked.
         let rp_id_hash = [0x55; 32];
         let encrypted_id = ctap_state
-            .encrypt_key_handle(private_key.clone(), &rp_id_hash, None)
+            .encrypt_key_handle(private_key.clone(), &rp_id_hash)
             .unwrap();
         let decrypted_source = ctap_state
             .decrypt_credential_source(encrypted_id, &rp_id_hash)
@@ -2023,29 +2013,6 @@ mod test {
         assert_eq!(private_key, decrypted_source.private_key);
     }
 
-    #[test]
-    fn test_encrypt_decrypt_credential_with_cred_random() {
-        let mut rng = ThreadRng256 {};
-        let user_immediately_present = |_| Ok(());
-        let private_key = crypto::ecdsa::SecKey::gensk(&mut rng);
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
-
-        // Usually, the relying party ID or its hash is provided by the client.
-        // We are not testing the correctness of our SHA256 here, only if it is checked.
-        let rp_id_hash = [0x55; 32];
-        let cred_random = [0xC9; 32];
-        let encrypted_id = ctap_state
-            .encrypt_key_handle(private_key.clone(), &rp_id_hash, Some(&cred_random))
-            .unwrap();
-        let decrypted_source = ctap_state
-            .decrypt_credential_source(encrypted_id, &rp_id_hash)
-            .unwrap()
-            .unwrap();
-
-        assert_eq!(private_key, decrypted_source.private_key);
-        assert_eq!(Some(cred_random.to_vec()), decrypted_source.cred_random);
-    }
-
     #[test]
     fn test_encrypt_decrypt_bad_hmac() {
         let mut rng = ThreadRng256 {};
@@ -2056,30 +2023,7 @@ mod test {
         // Same as above.
         let rp_id_hash = [0x55; 32];
         let encrypted_id = ctap_state
-            .encrypt_key_handle(private_key, &rp_id_hash, None)
-            .unwrap();
-        for i in 0..encrypted_id.len() {
-            let mut modified_id = encrypted_id.clone();
-            modified_id[i] ^= 0x01;
-            assert!(ctap_state
-                .decrypt_credential_source(modified_id, &rp_id_hash)
-                .unwrap()
-                .is_none());
-        }
-    }
-
-    #[test]
-    fn test_encrypt_decrypt_bad_hmac_with_cred_random() {
-        let mut rng = ThreadRng256 {};
-        let user_immediately_present = |_| Ok(());
-        let private_key = crypto::ecdsa::SecKey::gensk(&mut rng);
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
-
-        // Same as above.
-        let rp_id_hash = [0x55; 32];
-        let cred_random = [0xC9; 32];
-        let encrypted_id = ctap_state
-            .encrypt_key_handle(private_key, &rp_id_hash, Some(&cred_random))
+            .encrypt_key_handle(private_key, &rp_id_hash)
             .unwrap();
         for i in 0..encrypted_id.len() {
             let mut modified_id = encrypted_id.clone();
diff --git a/src/ctap/pin_protocol_v1.rs b/src/ctap/pin_protocol_v1.rs
index 44aad71..410dac7 100644
--- a/src/ctap/pin_protocol_v1.rs
+++ b/src/ctap/pin_protocol_v1.rs
@@ -56,23 +56,16 @@ fn verify_pin_auth(hmac_key: &[u8], hmac_contents: &[u8], pin_auth: &[u8]) -> bo
 fn encrypt_hmac_secret_output(
     shared_secret: &[u8; 32],
     salt_enc: &[u8],
-    cred_random: &[u8],
+    cred_random: &[u8; 32],
 ) -> Result<Vec<u8>, Ctap2StatusCode> {
     if salt_enc.len() != 32 && salt_enc.len() != 64 {
         return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION);
     }
-    if cred_random.len() != 32 {
-        // We are strict here. We need at least 32 byte, but expect exactly 32.
-        return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION);
-    }
     let aes_enc_key = crypto::aes256::EncryptionKey::new(shared_secret);
     let aes_dec_key = crypto::aes256::DecryptionKey::new(&aes_enc_key);
     // The specification specifically asks for a zero IV.
     let iv = [0u8; 16];
 
-    let mut cred_random_secret = [0u8; 32];
-    cred_random_secret.copy_from_slice(cred_random);
-
     // With the if clause restriction above, block_len can only be 2 or 4.
     let block_len = salt_enc.len() / 16;
     let mut blocks = vec![[0u8; 16]; block_len];
@@ -84,7 +77,7 @@ fn encrypt_hmac_secret_output(
     let mut decrypted_salt1 = [0u8; 32];
     decrypted_salt1[..16].copy_from_slice(&blocks[0]);
     decrypted_salt1[16..].copy_from_slice(&blocks[1]);
-    let output1 = hmac_256::<Sha256>(&cred_random_secret, &decrypted_salt1[..]);
+    let output1 = hmac_256::<Sha256>(&cred_random[..], &decrypted_salt1[..]);
     for i in 0..2 {
         blocks[i].copy_from_slice(&output1[16 * i..16 * (i + 1)]);
     }
@@ -93,7 +86,7 @@ fn encrypt_hmac_secret_output(
         let mut decrypted_salt2 = [0u8; 32];
         decrypted_salt2[..16].copy_from_slice(&blocks[2]);
         decrypted_salt2[16..].copy_from_slice(&blocks[3]);
-        let output2 = hmac_256::<Sha256>(&cred_random_secret, &decrypted_salt2[..]);
+        let output2 = hmac_256::<Sha256>(&cred_random[..], &decrypted_salt2[..]);
         for i in 0..2 {
             blocks[i + 2].copy_from_slice(&output2[16 * i..16 * (i + 1)]);
         }
@@ -588,7 +581,7 @@ impl PinProtocolV1 {
     pub fn process_hmac_secret(
         &self,
         hmac_secret_input: GetAssertionHmacSecretInput,
-        cred_random: &Option<Vec<u8>>,
+        cred_random: &[u8; 32],
     ) -> Result<Vec<u8>, Ctap2StatusCode> {
         let GetAssertionHmacSecretInput {
             key_agreement,
@@ -602,12 +595,7 @@ impl PinProtocolV1 {
             // Hard to tell what the correct error code here is.
             return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION);
         }
-
-        match cred_random {
-            Some(cr) => encrypt_hmac_secret_output(&shared_secret, &salt_enc[..], cr),
-            // This is the case if the credential was not created with HMAC-secret.
-            None => Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION),
-        }
+        encrypt_hmac_secret_output(&shared_secret, &salt_enc[..], cred_random)
     }
 
     #[cfg(feature = "with_ctap2_1")]
@@ -1195,14 +1183,6 @@ mod test {
         let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random);
         assert_eq!(output.unwrap().len(), 64);
 
-        let salt_enc = [0x5E; 32];
-        let cred_random = [0xC9; 33];
-        let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random);
-        assert_eq!(
-            output,
-            Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION)
-        );
-
         let mut salt_enc = [0x00; 32];
         let cred_random = [0xC9; 32];
 
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 911bdd7..ae38219 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -72,9 +72,10 @@ const AAGUID: usize = 7;
 const MIN_PIN_LENGTH: usize = 8;
 #[cfg(feature = "with_ctap2_1")]
 const MIN_PIN_LENGTH_RP_IDS: usize = 9;
+const CRED_RANDOM_SECRET: usize = 10;
 // Different NUM_TAGS depending on the CTAP version make the storage incompatible,
 // so we use the maximum.
-const NUM_TAGS: usize = 10;
+const NUM_TAGS: usize = 11;
 
 const MAX_PIN_RETRIES: u8 = 8;
 #[cfg(feature = "with_ctap2_1")]
@@ -108,6 +109,7 @@ enum Key {
     MinPinLength,
     #[cfg(feature = "with_ctap2_1")]
     MinPinLengthRpIds,
+    CredRandomSecret,
 }
 
 pub struct MasterKeys {
@@ -166,6 +168,7 @@ impl StoreConfig for Config {
             MIN_PIN_LENGTH => add(Key::MinPinLength),
             #[cfg(feature = "with_ctap2_1")]
             MIN_PIN_LENGTH_RP_IDS => add(Key::MinPinLengthRpIds),
+            CRED_RANDOM_SECRET => add(Key::CredRandomSecret),
             _ => debug_assert!(false),
         }
     }
@@ -230,6 +233,22 @@ impl PersistentStore {
                 })
                 .unwrap();
         }
+
+        if self.store.find_one(&Key::CredRandomSecret).is_none() {
+            let cred_random_with_uv = rng.gen_uniform_u8x32();
+            let cred_random_without_uv = rng.gen_uniform_u8x32();
+            let mut cred_random = Vec::with_capacity(64);
+            cred_random.extend_from_slice(&cred_random_without_uv);
+            cred_random.extend_from_slice(&cred_random_with_uv);
+            self.store
+                .insert(StoreEntry {
+                    tag: CRED_RANDOM_SECRET,
+                    data: &cred_random,
+                    sensitive: true,
+                })
+                .unwrap();
+        }
+
         // TODO(jmichel): remove this when vendor command is in place
         #[cfg(not(test))]
         self.load_attestation_data_from_firmware();
@@ -411,6 +430,15 @@ impl PersistentStore {
         })
     }
 
+    pub fn cred_random_secret(&self, has_uv: bool) -> Result<[u8; 32], Ctap2StatusCode> {
+        let (_, entry) = self.store.find_one(&Key::CredRandomSecret).unwrap();
+        if entry.data.len() != 64 {
+            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
+        }
+        let offset = if has_uv { 32 } else { 0 };
+        Ok(*array_ref![entry.data, offset, 32])
+    }
+
     pub fn pin_hash(&self) -> Result<Option<[u8; PIN_AUTH_LENGTH]>, Ctap2StatusCode> {
         let data = match self.store.find_one(&Key::PinHash) {
             None => return Ok(None),
@@ -721,7 +749,6 @@ mod test {
             rp_id: String::from(rp_id),
             user_handle,
             user_display_name: None,
-            cred_random: None,
             cred_protect_policy: None,
             creation_order: 0,
             user_name: None,
@@ -900,7 +927,6 @@ mod test {
             rp_id: String::from("example.com"),
             user_handle: vec![0x00],
             user_display_name: None,
-            cred_random: None,
             cred_protect_policy: Some(
                 CredentialProtectionPolicy::UserVerificationOptionalWithCredentialIdList,
             ),
@@ -946,7 +972,6 @@ mod test {
             rp_id: String::from("example.com"),
             user_handle: vec![0x00],
             user_display_name: None,
-            cred_random: None,
             cred_protect_policy: None,
             creation_order: 0,
             user_name: None,
@@ -968,7 +993,6 @@ mod test {
             rp_id: String::from("example.com"),
             user_handle: vec![0x00],
             user_display_name: None,
-            cred_random: None,
             cred_protect_policy: Some(CredentialProtectionPolicy::UserVerificationRequired),
             creation_order: 0,
             user_name: None,
@@ -987,7 +1011,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
 
-        // Master keys stay the same between resets.
+        // Master keys stay the same between calls.
         let master_keys_1 = persistent_store.master_keys().unwrap();
         let master_keys_2 = persistent_store.master_keys().unwrap();
         assert_eq!(master_keys_2.encryption, master_keys_1.encryption);
@@ -1003,6 +1027,28 @@ mod test {
         assert!(master_keys_3.hmac != master_hmac_key.as_slice());
     }
 
+    #[test]
+    fn test_cred_random_secret() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+
+        // Master keys stay the same between calls.
+        let cred_random_with_uv_1 = persistent_store.cred_random_secret(true).unwrap();
+        let cred_random_without_uv_1 = persistent_store.cred_random_secret(false).unwrap();
+        let cred_random_with_uv_2 = persistent_store.cred_random_secret(true).unwrap();
+        let cred_random_without_uv_2 = persistent_store.cred_random_secret(false).unwrap();
+        assert_eq!(cred_random_with_uv_1, cred_random_with_uv_2);
+        assert_eq!(cred_random_without_uv_1, cred_random_without_uv_2);
+
+        // Master keys change after reset. This test may fail if the random generator produces the
+        // same keys.
+        persistent_store.reset(&mut rng).unwrap();
+        let cred_random_with_uv_3 = persistent_store.cred_random_secret(true).unwrap();
+        let cred_random_without_uv_3 = persistent_store.cred_random_secret(false).unwrap();
+        assert!(cred_random_with_uv_1 != cred_random_with_uv_3);
+        assert!(cred_random_without_uv_1 != cred_random_without_uv_3);
+    }
+
     #[test]
     fn test_pin_hash() {
         let mut rng = ThreadRng256 {};
@@ -1170,7 +1216,6 @@ mod test {
             rp_id: String::from("example.com"),
             user_handle: vec![0x00],
             user_display_name: None,
-            cred_random: None,
             cred_protect_policy: None,
             creation_order: 0,
             user_name: None,

From fcbaf1e973f396eb2911bb9f53f37ff650f1b0ce Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 8 Dec 2020 19:31:56 +0100
Subject: [PATCH 064/192] fixes comments

---
 src/ctap/storage.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index ae38219..7be33f1 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -1011,7 +1011,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
 
-        // Master keys stay the same between calls.
+        // Master keys stay the same within the same CTAP reset cycle.
         let master_keys_1 = persistent_store.master_keys().unwrap();
         let master_keys_2 = persistent_store.master_keys().unwrap();
         assert_eq!(master_keys_2.encryption, master_keys_1.encryption);
@@ -1032,7 +1032,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
 
-        // Master keys stay the same between calls.
+        // CredRandom secrets stay the same within the same CTAP reset cycle.
         let cred_random_with_uv_1 = persistent_store.cred_random_secret(true).unwrap();
         let cred_random_without_uv_1 = persistent_store.cred_random_secret(false).unwrap();
         let cred_random_with_uv_2 = persistent_store.cred_random_secret(true).unwrap();
@@ -1040,7 +1040,7 @@ mod test {
         assert_eq!(cred_random_with_uv_1, cred_random_with_uv_2);
         assert_eq!(cred_random_without_uv_1, cred_random_without_uv_2);
 
-        // Master keys change after reset. This test may fail if the random generator produces the
+        // CredRandom secrets change after reset. This test may fail if the random generator produces the
         // same keys.
         persistent_store.reset(&mut rng).unwrap();
         let cred_random_with_uv_3 = persistent_store.cred_random_secret(true).unwrap();

From 8965c6c8fb2d3879dcb84ec9efdd2af8899947c0 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Tue, 8 Dec 2020 20:45:27 +0100
Subject: [PATCH 065/192] Rename and use HARDWARE_FAILURE error

---
 src/ctap/status_code.rs | 13 +++----------
 src/ctap/storage.rs     | 28 +++++++++++++---------------
 2 files changed, 16 insertions(+), 25 deletions(-)

diff --git a/src/ctap/status_code.rs b/src/ctap/status_code.rs
index 638caef..097d7ec 100644
--- a/src/ctap/status_code.rs
+++ b/src/ctap/status_code.rs
@@ -81,17 +81,10 @@ pub enum Ctap2StatusCode {
     /// This type of error is unexpected and the current state is undefined.
     CTAP2_ERR_VENDOR_INTERNAL_ERROR = 0xF2,
 
-    /// The persistent storage invariant is broken.
+    /// The hardware is malfunctioning.
     ///
-    /// There can be multiple reasons:
-    /// - The persistent storage has not been erased before its first usage.
-    /// - The persistent storage has been tempered with by a third party.
-    /// - The flash is malfunctioning (including the Tock driver).
-    ///
-    /// In the first 2 cases the persistent storage should be completely erased. If the error
-    /// reproduces, it may indicate a software bug or a hardware deficiency. In both cases, the
-    /// error should be reported.
-    CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE = 0xF3,
+    /// It may be possible that some of those errors are actually internal errors.
+    CTAP2_ERR_VENDOR_HARDWARE_FAILURE = 0xF3,
 
     CTAP2_ERR_VENDOR_LAST = 0xFF,
 }
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 40ec89a..0660b6c 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -216,7 +216,7 @@ impl PersistentStore {
                 && credential.user_handle == new_credential.user_handle
             {
                 if old_key.is_some() {
-                    return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE);
+                    return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
                 }
                 old_key = Some(key);
             }
@@ -231,7 +231,7 @@ impl PersistentStore {
             None => key::CREDENTIALS
                 .take(MAX_SUPPORTED_RESIDENTIAL_KEYS)
                 .find(|key| !keys.contains(key))
-                .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE)?,
+                .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?,
             // This is an existing credential being updated, we reuse its key.
             Some(x) => x,
         };
@@ -298,7 +298,7 @@ impl PersistentStore {
         match self.store.find(key::GLOBAL_SIGNATURE_COUNTER)? {
             None => Ok(INITIAL_SIGNATURE_COUNTER),
             Some(value) if value.len() == 4 => Ok(u32::from_ne_bytes(*array_ref!(&value, 0, 4))),
-            Some(_) => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE),
+            Some(_) => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
         }
     }
 
@@ -317,9 +317,9 @@ impl PersistentStore {
         let master_keys = self
             .store
             .find(key::MASTER_KEYS)?
-            .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE)?;
+            .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?;
         if master_keys.len() != 64 {
-            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE);
+            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
         }
         Ok(MasterKeys {
             encryption: *array_ref![master_keys, 0, 32],
@@ -334,7 +334,7 @@ impl PersistentStore {
             Some(pin_hash) => pin_hash,
         };
         if pin_hash.len() != PIN_AUTH_LENGTH {
-            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE);
+            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
         }
         Ok(Some(*array_ref![pin_hash, 0, PIN_AUTH_LENGTH]))
     }
@@ -354,7 +354,7 @@ impl PersistentStore {
         match self.store.find(key::PIN_RETRIES)? {
             None => Ok(MAX_PIN_RETRIES),
             Some(value) if value.len() == 1 => Ok(value[0]),
-            _ => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE),
+            _ => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
         }
     }
 
@@ -379,7 +379,7 @@ impl PersistentStore {
         match self.store.find(key::MIN_PIN_LENGTH)? {
             None => Ok(DEFAULT_MIN_PIN_LENGTH),
             Some(value) if value.len() == 1 => Ok(value[0]),
-            _ => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE),
+            _ => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
         }
     }
 
@@ -437,7 +437,7 @@ impl PersistentStore {
                     key_material::ATTESTATION_PRIVATE_KEY_LENGTH
                 ]))
             }
-            Some(_) => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE),
+            Some(_) => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
         }
     }
 
@@ -481,9 +481,9 @@ impl PersistentStore {
         let aaguid = self
             .store
             .find(key::AAGUID)?
-            .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE)?;
+            .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?;
         if aaguid.len() != key_material::AAGUID_LENGTH {
-            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE);
+            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
         }
         Ok(*array_ref![aaguid, 0, key_material::AAGUID_LENGTH])
     }
@@ -521,9 +521,7 @@ impl From<persistent_store::StoreError> for Ctap2StatusCode {
             StoreError::InvalidArgument => Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR,
             // This error is not expected. The storage has been tempered with. We could erase the
             // storage.
-            StoreError::InvalidStorage => {
-                Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE
-            }
+            StoreError::InvalidStorage => Ctap2StatusCode::CTAP2_ERR_VENDOR_HARDWARE_FAILURE,
             // This error is not expected. The kernel is failing our syscalls.
             StoreError::StorageError => Ctap2StatusCode::CTAP1_ERR_OTHER,
         }
@@ -566,7 +564,7 @@ impl<'a> IterCredentials<'a> {
     /// instead of statements only.
     fn unwrap<T>(&mut self, x: Option<T>) -> Option<T> {
         if x.is_none() {
-            *self.result = Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INVALID_PERSISTENT_STORAGE);
+            *self.result = Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
         }
         x
     }

From 776093a68b54bf82c249c54777184f5e2990ed35 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Wed, 9 Dec 2020 10:52:51 +0100
Subject: [PATCH 066/192] Find the next free key in a linear way

---
 src/ctap/storage.rs | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 0660b6c..f48b70a 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -23,7 +23,6 @@ use crate::ctap::status_code::Ctap2StatusCode;
 use crate::ctap::INITIAL_SIGNATURE_COUNTER;
 #[cfg(feature = "with_ctap2_1")]
 use alloc::string::String;
-#[cfg(any(test, feature = "ram_storage", feature = "with_ctap2_1"))]
 use alloc::vec;
 use alloc::vec::Vec;
 use arrayref::array_ref;
@@ -206,12 +205,19 @@ impl PersistentStore {
     ) -> Result<(), Ctap2StatusCode> {
         // Holds the key of the existing credential if this is an update.
         let mut old_key = None;
-        // Holds the unordered list of used keys.
-        let mut keys = Vec::new();
+        let min_key = key::CREDENTIALS.start;
+        // Holds whether a key is used (indices are shifted by min_key).
+        let mut keys = vec![false; MAX_SUPPORTED_RESIDENTIAL_KEYS];
         let mut iter_result = Ok(());
         let iter = self.iter_credentials(&mut iter_result)?;
         for (key, credential) in iter {
-            keys.push(key);
+            if key < min_key
+                || key - min_key >= MAX_SUPPORTED_RESIDENTIAL_KEYS
+                || keys[key - min_key]
+            {
+                return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
+            }
+            keys[key - min_key] = true;
             if credential.rp_id == new_credential.rp_id
                 && credential.user_handle == new_credential.user_handle
             {
@@ -222,15 +228,17 @@ impl PersistentStore {
             }
         }
         iter_result?;
-        if old_key.is_none() && keys.len() >= MAX_SUPPORTED_RESIDENTIAL_KEYS {
+        if old_key.is_none()
+            && keys.iter().filter(|&&x| x).count() >= MAX_SUPPORTED_RESIDENTIAL_KEYS
+        {
             return Err(Ctap2StatusCode::CTAP2_ERR_KEY_STORE_FULL);
         }
         let key = match old_key {
             // This is a new credential being added, we need to allocate a free key. We choose the
-            // first available key. This is quadratic in the number of existing keys.
+            // first available key.
             None => key::CREDENTIALS
                 .take(MAX_SUPPORTED_RESIDENTIAL_KEYS)
-                .find(|key| !keys.contains(key))
+                .find(|key| !keys[key - min_key])
                 .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?,
             // This is an existing credential being updated, we reuse its key.
             Some(x) => x,

From 62dd088cd0ba55e0299dffe47fb20521c8874dee Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Wed, 9 Dec 2020 18:55:08 +0100
Subject: [PATCH 067/192] Add missing license header.

---
 src/ctap/apdu.rs | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 949151e..bb94a91 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -1,3 +1,17 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 use alloc::vec::Vec;
 use byteorder::{BigEndian, ByteOrder};
 use core::convert::TryFrom;

From 863bf521deabf4fe02ac2ac665a907181c942c87 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Wed, 9 Dec 2020 19:05:03 +0100
Subject: [PATCH 068/192] removes extra sha256

---
 src/ctap/mod.rs | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 67a0e27..55494a0 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -607,10 +607,8 @@ where
     ) -> Result<[u8; 32], Ctap2StatusCode> {
         let mut private_key_bytes = [0u8; 32];
         private_key.to_bytes(&mut private_key_bytes);
-        let salt = crypto::sha256::Sha256::hash(&private_key_bytes);
-        // TODO(kaczmarczyck) KDF? hash salt together with rp_id_hash?
         let key = self.persistent_store.cred_random_secret(has_uv)?;
-        Ok(hmac_256::<Sha256>(&key, &salt[..]))
+        Ok(hmac_256::<Sha256>(&key, &private_key_bytes[..]))
     }
 
     // Processes the input of a get_assertion operation for a given credential

From d942f0173f5cb88d395d96ca9d83a65835bd4916 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Wed, 9 Dec 2020 20:09:49 +0100
Subject: [PATCH 069/192] reverts block_len to a fixed number

---
 src/ctap/mod.rs | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 55494a0..a00fecf 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -238,15 +238,14 @@ where
         let mut iv = [0; 16];
         iv.copy_from_slice(&self.rng.gen_uniform_u8x32()[..16]);
 
-        let block_len = 4;
-        let mut blocks = vec![[0u8; 16]; block_len];
+        let mut blocks = [[0u8; 16]; 4];
         blocks[0].copy_from_slice(&sk_bytes[..16]);
         blocks[1].copy_from_slice(&sk_bytes[16..]);
         blocks[2].copy_from_slice(&application[..16]);
         blocks[3].copy_from_slice(&application[16..]);
         cbc_encrypt(&aes_enc_key, iv, &mut blocks);
 
-        let mut encrypted_id = Vec::with_capacity(16 * (block_len + 3));
+        let mut encrypted_id = Vec::with_capacity(0x70);
         encrypted_id.extend(&iv);
         for b in &blocks {
             encrypted_id.extend(b);
@@ -280,9 +279,8 @@ where
         let aes_dec_key = crypto::aes256::DecryptionKey::new(&aes_enc_key);
         let mut iv = [0; 16];
         iv.copy_from_slice(&credential_id[..16]);
-        let block_len = 4;
-        let mut blocks = vec![[0u8; 16]; block_len];
-        for i in 0..block_len {
+        let mut blocks = [[0u8; 16]; 4];
+        for i in 0..4 {
             blocks[i].copy_from_slice(&credential_id[16 * (i + 1)..16 * (i + 2)]);
         }
 
@@ -608,7 +606,7 @@ where
         let mut private_key_bytes = [0u8; 32];
         private_key.to_bytes(&mut private_key_bytes);
         let key = self.persistent_store.cred_random_secret(has_uv)?;
-        Ok(hmac_256::<Sha256>(&key, &private_key_bytes[..]))
+        Ok(hmac_256::<Sha256>(&key, &private_key_bytes))
     }
 
     // Processes the input of a get_assertion operation for a given credential

From 0da13cd61fc4485496227645c26bee34f8ad39ac Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Wed, 9 Dec 2020 20:43:06 -0800
Subject: [PATCH 070/192] De-deuplicate le length calculation

---
 src/ctap/apdu.rs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 70b17eb..7136084 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -172,9 +172,12 @@ impl TryFrom<&[u8]> for APDU {
             if payload.len() < extended_apdu_lc + 3 {
                 return Err(ApduStatusCode::SW_WRONG_LENGTH);
             }
-            let extended_apdu_le_len: usize = match payload.len() - extended_apdu_lc - 3 {
+
+            let possible_le_len = payload.len() as i32 - extended_apdu_lc as i32 - 3;
+
+            let extended_apdu_le_len: usize = match possible_le_len {
                 // There's some possible Le bytes at the end
-                0..=3 => payload.len() - extended_apdu_lc - 3,
+                0..=3 => possible_le_len as usize,
                 // There are more bytes than even Le3 can consume, return an error
                 _ => return Err(ApduStatusCode::SW_WRONG_LENGTH),
             };

From 6f1c63e9b8b451993e7f2ca3498849b4f2c1aab6 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Wed, 9 Dec 2020 21:06:49 -0800
Subject: [PATCH 071/192] Add test cases to cover different length scenarios

---
 src/ctap/ctap1.rs | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index 4d18846..ff07c0a 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -586,10 +586,25 @@ mod test {
         let key_handle = ctap_state
             .encrypt_key_handle(sk, &application, None)
             .unwrap();
-        let mut message =
-            create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
+        let mut message = create_authenticate_message(
+            &application,
+            Ctap1Flags::DontEnforceUpAndSign,
+            &key_handle,
+        );
 
-        message.extend_from_slice(&[0x00, 0x00, 0x00, 0x00]);
+        message.push(0x00);
+        let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
+        assert!(response.is_ok());
+
+        message.push(0x00);
+        let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
+        assert!(response.is_ok());
+
+        message.push(0x00);
+        let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
+        assert!(response.is_ok());
+
+        message.push(0x00);
         let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
         assert_eq!(response, Err(Ctap1StatusCode::SW_WRONG_LENGTH));
     }

From c2de3e7ed9da29e43a9c6fee8dd085bbc4b3c52c Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Thu, 10 Dec 2020 10:02:48 +0100
Subject: [PATCH 072/192] Use a vscode workspace instead of local settings.

---
 .vscode/extensions.json |  7 -----
 .vscode/settings.json   | 27 -------------------
 OpenSK.code-workspace   | 57 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 57 insertions(+), 34 deletions(-)
 delete mode 100644 .vscode/extensions.json
 delete mode 100644 .vscode/settings.json
 create mode 100644 OpenSK.code-workspace

diff --git a/.vscode/extensions.json b/.vscode/extensions.json
deleted file mode 100644
index cce0ec5..0000000
--- a/.vscode/extensions.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-    "recommendations": [
-        "davidanson.vscode-markdownlint",
-        "rust-lang.rust",
-        "ms-python.python"
-    ]
-}
diff --git a/.vscode/settings.json b/.vscode/settings.json
deleted file mode 100644
index 138097a..0000000
--- a/.vscode/settings.json
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-  "clang-format.fallbackStyle": "google",
-  "editor.detectIndentation": true,
-  "editor.formatOnPaste": false,
-  "editor.formatOnSave": true,
-  "editor.formatOnType": true,
-  "editor.insertSpaces": true,
-  "editor.tabSize": 4,
-  "files.insertFinalNewline": true,
-  "files.trimTrailingWhitespace": true,
-  "rust-client.channel": "nightly",
-  // The toolchain is updated from time to time so let's make sure that RLS is updated too
-  "rust-client.updateOnStartup": true,
-  "rust.clippy_preference": "on",
-  // Try to make VSCode formating as close as possible to the Google style.
-  "python.formatting.provider": "yapf",
-  "python.formatting.yapfArgs": [
-    "--style=yapf"
-  ],
-  "python.linting.enabled": true,
-  "python.linting.lintOnSave": true,
-  "python.linting.pylintEnabled": true,
-  "python.linting.pylintPath": "pylint",
-  "[python]": {
-    "editor.tabSize": 2
-  },
-}
diff --git a/OpenSK.code-workspace b/OpenSK.code-workspace
new file mode 100644
index 0000000..c367c89
--- /dev/null
+++ b/OpenSK.code-workspace
@@ -0,0 +1,57 @@
+{
+        "folders": [
+                {
+                        "name": "OpenSK",
+                        "path": "."
+                },
+                {
+                        "name": "tock",
+                        "path": "third_party/tock"
+                },
+                {
+                        "name": "libtock-rs",
+                        "path": "third_party/libtock-rs"
+                },
+                {
+                        "name": "libtock-drivers",
+                        "path": "third_party/libtock-drivers"
+                }
+        ],
+        "settings": {
+                "clang-format.fallbackStyle": "google",
+                "editor.detectIndentation": true,
+                "editor.formatOnPaste": false,
+                "editor.formatOnSave": true,
+                "editor.formatOnType": true,
+                "editor.insertSpaces": true,
+                "editor.tabSize": 4,
+                "files.insertFinalNewline": true,
+                "files.trimTrailingWhitespace": true,
+                // Ensure we use the toolchain we set in rust-toolchain file
+                "rust-client.channel": "default",
+                // The toolchain is updated from time to time so let's make sure that RLS is updated too
+                "rust-client.updateOnStartup": true,
+                "rust.clippy_preference": "on",
+                "rust.target": "thumbv7em-none-eabi",
+                "rust.all_targets": false,
+                // Try to make VSCode formating as close as possible to the Google style.
+                "python.formatting.provider": "yapf",
+                "python.formatting.yapfArgs": [
+                        "--style=yapf"
+                ],
+                "python.linting.enabled": true,
+                "python.linting.lintOnSave": true,
+                "python.linting.pylintEnabled": true,
+                "python.linting.pylintPath": "pylint",
+                "[python]": {
+                        "editor.tabSize": 2
+                },
+        },
+        "extensions": {
+                "recommendations": [
+                        "davidanson.vscode-markdownlint",
+                        "rust-lang.rust",
+                        "ms-python.python"
+                ]
+        }
+}

From 4253854cf145722839fe9c53331ae8d418e7a171 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Thu, 10 Dec 2020 13:06:05 +0100
Subject: [PATCH 073/192] Remove ram_storage feature

We don't need to build a production key without persistent storage. Tests and
fuzzing continue to use the std feature to use the RAM implementation (that does
sanity checks).
---
 .github/workflows/cargo_check.yml     |  6 ------
 Cargo.toml                            |  1 -
 deploy.py                             |  8 --------
 fuzz/fuzz_helper/Cargo.toml           |  2 +-
 libraries/persistent_store/src/lib.rs |  2 ++
 run_desktop_tests.sh                  |  1 -
 src/ctap/storage.rs                   | 18 ++++++------------
 src/embedded_flash/mod.rs             |  4 ++--
 8 files changed, 11 insertions(+), 31 deletions(-)

diff --git a/.github/workflows/cargo_check.yml b/.github/workflows/cargo_check.yml
index 6676e16..fd39614 100644
--- a/.github/workflows/cargo_check.yml
+++ b/.github/workflows/cargo_check.yml
@@ -66,12 +66,6 @@ jobs:
           command: check
           args: --target thumbv7em-none-eabi --release --features debug_allocations
 
-      - name: Check OpenSK ram_storage
-        uses: actions-rs/cargo@v1
-        with:
-          command: check
-          args: --target thumbv7em-none-eabi --release --features ram_storage
-
       - name: Check OpenSK verbose
         uses: actions-rs/cargo@v1
         with:
diff --git a/Cargo.toml b/Cargo.toml
index 5b01795..ed293cc 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -25,7 +25,6 @@ debug_allocations = ["lang_items/debug_allocations"]
 debug_ctap = ["crypto/derive_debug", "libtock_drivers/debug_ctap"]
 panic_console = ["lang_items/panic_console"]
 std = ["cbor/std", "crypto/std", "crypto/derive_debug", "lang_items/std", "persistent_store/std"]
-ram_storage = []
 verbose = ["debug_ctap", "libtock_drivers/verbose_usb"]
 with_ctap1 = ["crypto/with_ctap1"]
 with_ctap2_1 = []
diff --git a/deploy.py b/deploy.py
index e1ec38f..b28e645 100755
--- a/deploy.py
+++ b/deploy.py
@@ -863,14 +863,6 @@ if __name__ == "__main__":
             "This is useful to allow flashing multiple OpenSK authenticators "
             "in a row without them being considered clones."),
   )
-  main_parser.add_argument(
-      "--no-persistent-storage",
-      action="append_const",
-      const="ram_storage",
-      dest="features",
-      help=("Compiles and installs the OpenSK application without persistent "
-            "storage (i.e. unplugging the key will reset the key)."),
-  )
 
   main_parser.add_argument(
       "--elf2tab-output",
diff --git a/fuzz/fuzz_helper/Cargo.toml b/fuzz/fuzz_helper/Cargo.toml
index 3b70f43..2f2a5c1 100644
--- a/fuzz/fuzz_helper/Cargo.toml
+++ b/fuzz/fuzz_helper/Cargo.toml
@@ -10,5 +10,5 @@ arrayref = "0.3.6"
 libtock_drivers = { path = "../../third_party/libtock-drivers" }
 crypto = { path = "../../libraries/crypto", features = ['std'] }
 cbor = { path = "../../libraries/cbor", features = ['std'] }
-ctap2 = { path = "../..", features = ['std', 'ram_storage'] }
+ctap2 = { path = "../..", features = ['std'] }
 lang_items = { path = "../../third_party/lang-items", features = ['std'] }
diff --git a/libraries/persistent_store/src/lib.rs b/libraries/persistent_store/src/lib.rs
index 9b87bd4..c8be44b 100644
--- a/libraries/persistent_store/src/lib.rs
+++ b/libraries/persistent_store/src/lib.rs
@@ -348,6 +348,7 @@
 #[macro_use]
 extern crate alloc;
 
+#[cfg(feature = "std")]
 mod buffer;
 #[cfg(feature = "std")]
 mod driver;
@@ -357,6 +358,7 @@ mod model;
 mod storage;
 mod store;
 
+#[cfg(feature = "std")]
 pub use self::buffer::{BufferCorruptFunction, BufferOptions, BufferStorage};
 #[cfg(feature = "std")]
 pub use self::driver::{
diff --git a/run_desktop_tests.sh b/run_desktop_tests.sh
index 7f3b8f3..2e80b3d 100755
--- a/run_desktop_tests.sh
+++ b/run_desktop_tests.sh
@@ -48,7 +48,6 @@ cargo check --release --target=thumbv7em-none-eabi --features with_ctap2_1
 cargo check --release --target=thumbv7em-none-eabi --features debug_ctap
 cargo check --release --target=thumbv7em-none-eabi --features panic_console
 cargo check --release --target=thumbv7em-none-eabi --features debug_allocations
-cargo check --release --target=thumbv7em-none-eabi --features ram_storage
 cargo check --release --target=thumbv7em-none-eabi --features verbose
 cargo check --release --target=thumbv7em-none-eabi --features debug_ctap,with_ctap1
 cargo check --release --target=thumbv7em-none-eabi --features debug_ctap,with_ctap1,panic_console,debug_allocations,verbose
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 87c4c6c..5e42ec7 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -31,9 +31,9 @@ use cbor::cbor_array_vec;
 use core::convert::TryInto;
 use crypto::rng256::Rng256;
 
-#[cfg(any(test, feature = "ram_storage"))]
+#[cfg(feature = "std")]
 type Storage = persistent_store::BufferStorage;
-#[cfg(not(any(test, feature = "ram_storage")))]
+#[cfg(not(feature = "std"))]
 type Storage = crate::embedded_flash::SyscallStorage;
 
 // Those constants may be modified before compilation to tune the behavior of the key.
@@ -54,9 +54,6 @@ type Storage = crate::embedded_flash::SyscallStorage;
 // We have: I = (P * 4084 - 5107 - K * S) / 8 * C
 //
 // With P=20 and K=150, we have I=2M which is enough for 500 increments per day for 10 years.
-#[cfg(feature = "ram_storage")]
-const NUM_PAGES: usize = 3;
-#[cfg(not(feature = "ram_storage"))]
 const NUM_PAGES: usize = 20;
 const MAX_SUPPORTED_RESIDENTIAL_KEYS: usize = 150;
 
@@ -92,9 +89,9 @@ impl PersistentStore {
     ///
     /// This should be at most one instance of persistent store per program lifetime.
     pub fn new(rng: &mut impl Rng256) -> PersistentStore {
-        #[cfg(not(any(test, feature = "ram_storage")))]
+        #[cfg(not(feature = "std"))]
         let storage = PersistentStore::new_prod_storage();
-        #[cfg(any(test, feature = "ram_storage"))]
+        #[cfg(feature = "std")]
         let storage = PersistentStore::new_test_storage();
         let mut store = PersistentStore {
             store: persistent_store::Store::new(storage).ok().unwrap(),
@@ -104,17 +101,14 @@ impl PersistentStore {
     }
 
     /// Creates a syscall storage in flash.
-    #[cfg(not(any(test, feature = "ram_storage")))]
+    #[cfg(not(feature = "std"))]
     fn new_prod_storage() -> Storage {
         Storage::new(NUM_PAGES).unwrap()
     }
 
     /// Creates a buffer storage in RAM.
-    #[cfg(any(test, feature = "ram_storage"))]
+    #[cfg(feature = "std")]
     fn new_test_storage() -> Storage {
-        #[cfg(not(test))]
-        const PAGE_SIZE: usize = 0x100;
-        #[cfg(test)]
         const PAGE_SIZE: usize = 0x1000;
         let store = vec![0xff; NUM_PAGES * PAGE_SIZE].into_boxed_slice();
         let options = persistent_store::BufferOptions {
diff --git a/src/embedded_flash/mod.rs b/src/embedded_flash/mod.rs
index b16504b..862b37e 100644
--- a/src/embedded_flash/mod.rs
+++ b/src/embedded_flash/mod.rs
@@ -12,8 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-#[cfg(not(any(test, feature = "ram_storage")))]
+#[cfg(not(feature = "std"))]
 mod syscall;
 
-#[cfg(not(any(test, feature = "ram_storage")))]
+#[cfg(not(feature = "std"))]
 pub use self::syscall::SyscallStorage;

From ae08221cdb887ed4ffc831b833c17c97201743eb Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Thu, 10 Dec 2020 13:31:25 +0100
Subject: [PATCH 074/192] Add latency example

---
 deploy.py                 |   6 ++
 examples/store_latency.rs | 126 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 132 insertions(+)
 create mode 100644 examples/store_latency.rs

diff --git a/deploy.py b/deploy.py
index e1ec38f..42f3e44 100755
--- a/deploy.py
+++ b/deploy.py
@@ -907,6 +907,12 @@ if __name__ == "__main__":
       const="crypto_bench",
       help=("Compiles and installs the crypto_bench example that benchmarks "
             "the performance of the cryptographic algorithms on the board."))
+  apps_group.add_argument(
+      "--store_latency",
+      dest="application",
+      action="store_const",
+      const="store_latency",
+      help=("Compiles and installs the store_latency example."))
   apps_group.add_argument(
       "--panic_test",
       dest="application",
diff --git a/examples/store_latency.rs b/examples/store_latency.rs
new file mode 100644
index 0000000..f85d14d
--- /dev/null
+++ b/examples/store_latency.rs
@@ -0,0 +1,126 @@
+// Copyright 2019-2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#![no_std]
+
+extern crate alloc;
+extern crate lang_items;
+
+use alloc::vec;
+use core::fmt::Write;
+use ctap2::embedded_flash::SyscallStorage;
+use libtock_drivers::console::Console;
+use libtock_drivers::timer::{self, Duration, Timer, Timestamp};
+use persistent_store::{Storage, Store};
+
+fn timestamp(timer: &Timer) -> Timestamp<f64> {
+    Timestamp::<f64>::from_clock_value(timer.get_current_clock().ok().unwrap())
+}
+
+fn measure<T>(timer: &Timer, operation: impl FnOnce() -> T) -> (T, Duration<f64>) {
+    let before = timestamp(timer);
+    let result = operation();
+    let after = timestamp(timer);
+    (result, after - before)
+}
+
+// Only use one store at a time.
+unsafe fn boot_store(num_pages: usize, erase: bool) -> Store<SyscallStorage> {
+    let mut storage = SyscallStorage::new(num_pages).unwrap();
+    if erase {
+        for page in 0..storage.num_pages() {
+            storage.erase_page(page).unwrap();
+        }
+    }
+    Store::new(storage).ok().unwrap()
+}
+
+fn compute_latency(timer: &Timer, num_pages: usize, key_increment: usize, word_length: usize) {
+    let mut console = Console::new();
+    writeln!(
+        console,
+        "\nLatency for num_pages={} key_increment={} word_length={}.",
+        num_pages, key_increment, word_length
+    )
+    .unwrap();
+
+    let mut store = unsafe { boot_store(num_pages, true) };
+    let total_capacity = store.capacity().unwrap().total();
+
+    // Burn N words to align the end of the user capacity with the virtual capacity.
+    store.insert(0, &vec![0; 4 * (num_pages - 1)]).unwrap();
+    store.remove(0).unwrap();
+
+    // Insert entries until there is space for one more.
+    let count = total_capacity / (1 + word_length) - 1;
+    let ((), time) = measure(timer, || {
+        for i in 0..count {
+            let key = 1 + key_increment * i;
+            // For some reason the kernel sometimes fails.
+            while store.insert(key, &vec![0; 4 * word_length]).is_err() {
+                // We never enter this loop in practice, but we still need it for the kernel.
+                writeln!(console, "Retry insert.").unwrap();
+            }
+        }
+    });
+    writeln!(console, "Setup: {:.1}ms for {} entries.", time.ms(), count).unwrap();
+
+    // Measure latency of insert.
+    let key = 1 + key_increment * count;
+    let ((), time) = measure(&timer, || {
+        store.insert(key, &vec![0; 4 * word_length]).unwrap()
+    });
+    writeln!(console, "Insert: {:.1}ms.", time.ms()).unwrap();
+
+    // Measure latency of boot.
+    let (mut store, time) = measure(&timer, || unsafe { boot_store(num_pages, false) });
+    writeln!(console, "Boot: {:.1}ms.", time.ms()).unwrap();
+
+    // Measure latency of remove.
+    let ((), time) = measure(&timer, || store.remove(key).unwrap());
+    writeln!(console, "Remove: {:.1}ms.", time.ms()).unwrap();
+
+    // Measure latency of compaction.
+    let length = total_capacity + num_pages - store.lifetime().unwrap().used();
+    if length > 0 {
+        // Fill the store such that compaction is needed for one word.
+        store.insert(0, &vec![0; 4 * (length - 1)]).unwrap();
+        store.remove(0).unwrap();
+    }
+    let ((), time) = measure(timer, || store.prepare(1).unwrap());
+    writeln!(console, "Compaction: {:.1}ms.", time.ms()).unwrap();
+}
+
+fn main() {
+    let mut with_callback = timer::with_callback(|_, _| {});
+    let timer = with_callback.init().ok().unwrap();
+
+    writeln!(Console::new(), "\nRunning 4 tests...").unwrap();
+    // Those non-overwritten 50 words entries simulate credentials.
+    compute_latency(&timer, 3, 1, 50);
+    compute_latency(&timer, 20, 1, 50);
+    // Those overwritten 1 word entries simulate counters.
+    compute_latency(&timer, 3, 0, 1);
+    compute_latency(&timer, 6, 0, 1);
+    writeln!(Console::new(), "\nDone.").unwrap();
+
+    // Results on nrf52840dk:
+    //
+    // | Pages | Overwrite | Length    | Boot     | Compaction | Insert  | Remove  |
+    // | ----- | --------- | --------- | -------  | ---------- | ------  | ------- |
+    // | 3     | no        | 50 words  | 2.0 ms   | 132.5 ms   | 4.8 ms  | 1.2 ms  |
+    // | 20    | no        | 50 words  | 7.4 ms   | 135.5 ms   | 10.2 ms | 3.9 ms  |
+    // | 3     | yes       | 1 word    | 21.9 ms  | 94.5 ms    | 12.4 ms | 5.9 ms  |
+    // | 6     | yes       | 1 word    | 55.2 ms  | 100.8 ms   | 24.8 ms | 12.1 ms |
+}

From 19ebacec15d808d4fd05e30b0ba93e214ffd526b Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Thu, 10 Dec 2020 13:36:33 +0100
Subject: [PATCH 075/192] Do not use delay_map anymore

This permits to avoid copies. Before we used to do one copy per storage
operation. Now we do one copy per store operation.
---
 libraries/persistent_store/fuzz/src/store.rs | 162 +++----------------
 libraries/persistent_store/src/driver.rs     |  81 ++--------
 2 files changed, 38 insertions(+), 205 deletions(-)

diff --git a/libraries/persistent_store/fuzz/src/store.rs b/libraries/persistent_store/fuzz/src/store.rs
index c18eb51..3113f77 100644
--- a/libraries/persistent_store/fuzz/src/store.rs
+++ b/libraries/persistent_store/fuzz/src/store.rs
@@ -26,6 +26,9 @@ use std::convert::TryInto;
 // NOTE: We should be able to improve coverage by only checking the last operation. Because
 // operations before the last could be checked with a shorter entropy.
 
+// NOTE: Maybe we should split the fuzz target in smaller parts (like one per init). We should also
+// name the fuzz targets with action names.
+
 /// Checks the store against a sequence of manipulations.
 ///
 /// The entropy to generate the sequence of manipulation should be provided in `data`. Debugging
@@ -181,7 +184,7 @@ impl<'a> Fuzzer<'a> {
             println!("Power on the store.");
         }
         self.increment(StatKey::PowerOnCount);
-        let interruption = self.interruption(driver.delay_map());
+        let interruption = self.interruption(driver.count_operations());
         match driver.partial_power_on(interruption) {
             Err((storage, _)) if self.init.is_dirty() => {
                 self.entropy.consume_all();
@@ -198,7 +201,7 @@ impl<'a> Fuzzer<'a> {
         if self.debug {
             println!("{:?}", operation);
         }
-        let interruption = self.interruption(driver.delay_map(&operation));
+        let interruption = self.interruption(driver.count_operations(&operation));
         match driver.partial_apply(operation, interruption) {
             Err((store, _)) if self.init.is_dirty() => {
                 self.entropy.consume_all();
@@ -334,59 +337,48 @@ impl<'a> Fuzzer<'a> {
 
     /// Generates an interruption.
     ///
-    /// The `delay_map` describes the number of modified bits by the upcoming sequence of store
-    /// operations.
-    // TODO(ia0): We use too much CPU to compute the delay map. We should be able to just count the
-    // number of storage operations by checking the remaining delay. We can then use the entropy
-    // directly from the corruption function because it's called at most once.
-    fn interruption(
-        &mut self,
-        delay_map: Result<Vec<usize>, (usize, BufferStorage)>,
-    ) -> StoreInterruption {
+    /// The `max_delay` describes the number of storage operations.
+    fn interruption(&mut self, max_delay: Option<usize>) -> StoreInterruption {
         if self.init.is_dirty() {
             // We only test that the store can power on without crashing. If it would get
             // interrupted then it's like powering up with a different initial state, which would be
             // tested with another fuzzing input.
             return StoreInterruption::none();
         }
-        let delay_map = match delay_map {
-            Ok(x) => x,
-            Err((delay, storage)) => {
-                print!("{}", storage);
-                panic!("delay={}", delay);
-            }
+        let max_delay = match max_delay {
+            Some(x) => x,
+            None => return StoreInterruption::none(),
         };
-        let delay = self.entropy.read_range(0, delay_map.len() - 1);
-        let mut complete_bits = BitStack::default();
-        for _ in 0..delay_map[delay] {
-            complete_bits.push(self.entropy.read_bit());
-        }
+        let delay = self.entropy.read_range(0, max_delay);
         if self.debug {
-            if delay == delay_map.len() - 1 {
-                assert!(complete_bits.is_empty());
+            if delay == max_delay {
                 println!("Do not interrupt.");
             } else {
-                println!(
-                    "Interrupt after {} operations with complete mask {}.",
-                    delay, complete_bits
-                );
+                println!("Interrupt after {} operations.", delay);
             }
         }
-        if delay < delay_map.len() - 1 {
+        if delay < max_delay {
             self.increment(StatKey::InterruptionCount);
         }
         let corrupt = Box::new(move |old: &mut [u8], new: &[u8]| {
+            let mut count = 0;
+            let mut total = 0;
             for (old, new) in old.iter_mut().zip(new.iter()) {
                 for bit in 0..8 {
                     let mask = 1 << bit;
                     if *old & mask == *new & mask {
                         continue;
                     }
-                    if complete_bits.pop().unwrap() {
+                    total += 1;
+                    if self.entropy.read_bit() {
+                        count += 1;
                         *old ^= mask;
                     }
                 }
             }
+            if self.debug {
+                println!("Flip {} bits out of {}.", count, total);
+            }
         });
         StoreInterruption { delay, corrupt }
     }
@@ -432,113 +424,3 @@ impl Init {
         }
     }
 }
-
-/// Compact stack of bits.
-// NOTE: This would probably go away once the delay map is simplified.
-#[derive(Default, Clone, Debug)]
-struct BitStack {
-    /// Bits stored in little-endian (for bytes and bits).
-    ///
-    /// The last byte only contains `len` bits.
-    data: Vec<u8>,
-
-    /// Number of bits stored in the last byte.
-    ///
-    /// It is 0 if the last byte is full, not 8.
-    len: usize,
-}
-
-impl BitStack {
-    /// Returns whether the stack is empty.
-    fn is_empty(&self) -> bool {
-        self.len() == 0
-    }
-
-    /// Returns the length of the stack.
-    fn len(&self) -> usize {
-        if self.len == 0 {
-            8 * self.data.len()
-        } else {
-            8 * (self.data.len() - 1) + self.len
-        }
-    }
-
-    /// Pushes a bit to the stack.
-    fn push(&mut self, value: bool) {
-        if self.len == 0 {
-            self.data.push(0);
-        }
-        if value {
-            *self.data.last_mut().unwrap() |= 1 << self.len;
-        }
-        self.len += 1;
-        if self.len == 8 {
-            self.len = 0;
-        }
-    }
-
-    /// Pops a bit from the stack.
-    fn pop(&mut self) -> Option<bool> {
-        if self.len == 0 {
-            if self.data.is_empty() {
-                return None;
-            }
-            self.len = 8;
-        }
-        self.len -= 1;
-        let result = self.data.last().unwrap() & 1 << self.len;
-        if self.len == 0 {
-            self.data.pop().unwrap();
-        }
-        Some(result != 0)
-    }
-}
-
-impl std::fmt::Display for BitStack {
-    fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
-        let mut bits = self.clone();
-        while let Some(bit) = bits.pop() {
-            write!(f, "{}", bit as usize)?;
-        }
-        write!(f, " ({} bits)", self.len())?;
-        Ok(())
-    }
-}
-
-#[test]
-fn bit_stack_ok() {
-    let mut bits = BitStack::default();
-
-    assert_eq!(bits.pop(), None);
-
-    bits.push(true);
-    assert_eq!(bits.pop(), Some(true));
-    assert_eq!(bits.pop(), None);
-
-    bits.push(false);
-    assert_eq!(bits.pop(), Some(false));
-    assert_eq!(bits.pop(), None);
-
-    bits.push(true);
-    bits.push(false);
-    assert_eq!(bits.pop(), Some(false));
-    assert_eq!(bits.pop(), Some(true));
-    assert_eq!(bits.pop(), None);
-
-    bits.push(false);
-    bits.push(true);
-    assert_eq!(bits.pop(), Some(true));
-    assert_eq!(bits.pop(), Some(false));
-    assert_eq!(bits.pop(), None);
-
-    let n = 27;
-    for i in 0..n {
-        assert_eq!(bits.len(), i);
-        bits.push(true);
-    }
-    for i in (0..n).rev() {
-        assert_eq!(bits.pop(), Some(true));
-        assert_eq!(bits.len(), i);
-    }
-    assert_eq!(bits.pop(), None);
-}
diff --git a/libraries/persistent_store/src/driver.rs b/libraries/persistent_store/src/driver.rs
index e529274..f17f576 100644
--- a/libraries/persistent_store/src/driver.rs
+++ b/libraries/persistent_store/src/driver.rs
@@ -311,31 +311,15 @@ impl StoreDriverOff {
         })
     }
 
-    /// Returns a mapping from delay time to number of modified bits.
+    /// Returns the number of storage operations to power on.
     ///
-    /// For example if the `i`-th value is `n`, it means that the `i`-th operation modifies `n` bits
-    /// in the storage. For convenience, the vector always ends with `0` for one past the last
-    /// operation. This permits to choose a random index in the vector and then a random set of bit
-    /// positions among the number of modified bits to simulate any possible corruption (including
-    /// no corruption with the last index).
-    pub fn delay_map(&self) -> Result<Vec<usize>, (usize, BufferStorage)> {
-        let mut result = Vec::new();
-        loop {
-            let delay = result.len();
-            let mut storage = self.storage.clone();
-            storage.arm_interruption(delay);
-            match Store::new(storage) {
-                Err((StoreError::StorageError, x)) => storage = x,
-                Err((StoreError::InvalidStorage, mut storage)) => {
-                    storage.reset_interruption();
-                    return Err((delay, storage));
-                }
-                Ok(_) | Err(_) => break,
-            }
-            result.push(count_modified_bits(&mut storage));
-        }
-        result.push(0);
-        Ok(result)
+    /// Returns `None` if the store cannot power on successfully.
+    pub fn count_operations(&self) -> Option<usize> {
+        let initial_delay = usize::MAX;
+        let mut storage = self.storage.clone();
+        storage.arm_interruption(initial_delay);
+        let mut store = Store::new(storage).ok()?;
+        Some(initial_delay - store.storage_mut().disarm_interruption())
     }
 }
 
@@ -422,29 +406,15 @@ impl StoreDriverOn {
         })
     }
 
-    /// Returns a mapping from delay time to number of modified bits.
+    /// Returns the number of storage operations to apply a store operation.
     ///
-    /// See the documentation of [`StoreDriverOff::delay_map`] for details.
-    ///
-    /// [`StoreDriverOff::delay_map`]: struct.StoreDriverOff.html#method.delay_map
-    pub fn delay_map(
-        &self,
-        operation: &StoreOperation,
-    ) -> Result<Vec<usize>, (usize, BufferStorage)> {
-        let mut result = Vec::new();
-        loop {
-            let delay = result.len();
-            let mut store = self.store.clone();
-            store.storage_mut().arm_interruption(delay);
-            match store.apply(operation).1 {
-                Err(StoreError::StorageError) => (),
-                Err(StoreError::InvalidStorage) => return Err((delay, store.extract_storage())),
-                Ok(()) | Err(_) => break,
-            }
-            result.push(count_modified_bits(store.storage_mut()));
-        }
-        result.push(0);
-        Ok(result)
+    /// Returns `None` if the store cannot apply the operation successfully.
+    pub fn count_operations(&self, operation: &StoreOperation) -> Option<usize> {
+        let initial_delay = usize::MAX;
+        let mut store = self.store.clone();
+        store.storage_mut().arm_interruption(initial_delay);
+        store.apply(operation).1.ok()?;
+        Some(initial_delay - store.storage_mut().disarm_interruption())
     }
 
     /// Powers off the store.
@@ -629,22 +599,3 @@ impl<'a> StoreInterruption<'a> {
         }
     }
 }
-
-/// Counts the number of bits modified by an interrupted operation.
-///
-/// # Panics
-///
-/// Panics if an interruption did not trigger.
-fn count_modified_bits(storage: &mut BufferStorage) -> usize {
-    let mut modified_bits = 0;
-    storage.corrupt_operation(Box::new(|before, after| {
-        modified_bits = before
-            .iter()
-            .zip(after.iter())
-            .map(|(x, y)| (x ^ y).count_ones() as usize)
-            .sum();
-    }));
-    // We should never write the same slice or erase an erased page.
-    assert!(modified_bits > 0);
-    modified_bits
-}

From d4b20a5acc65d10b5b09b67b9a26b9cf8b6cd552 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Thu, 10 Dec 2020 16:14:17 +0100
Subject: [PATCH 076/192] Fix linked_list_allocator version to fix build

They released version 0.8.7 today which breaks our assumption that Heap::empty
is callable in const context.
---
 third_party/lang-items/Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/third_party/lang-items/Cargo.toml b/third_party/lang-items/Cargo.toml
index 39ffbf0..d4b3e33 100644
--- a/third_party/lang-items/Cargo.toml
+++ b/third_party/lang-items/Cargo.toml
@@ -11,7 +11,7 @@ edition = "2018"
 [dependencies]
 libtock_core = { path = "../../third_party/libtock-rs/core", default-features = false, features = ["alloc_init", "custom_panic_handler", "custom_alloc_error_handler"] }
 libtock_drivers = { path = "../libtock-drivers" }
-linked_list_allocator = { version = "0.8.1", default-features = false }
+linked_list_allocator = { version = "=0.8.1", default-features = false }
 
 [features]
 debug_allocations = []

From 7a641d639199c108007149eb01cedd26e4e0e655 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Thu, 10 Dec 2020 16:20:26 +0100
Subject: [PATCH 077/192] Use the new const_mut_refs default feature of
 linked_list_allocator

This is necessary for Heap::empty() to be const.
---
 third_party/lang-items/Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/third_party/lang-items/Cargo.toml b/third_party/lang-items/Cargo.toml
index d4b3e33..5d109f3 100644
--- a/third_party/lang-items/Cargo.toml
+++ b/third_party/lang-items/Cargo.toml
@@ -11,7 +11,7 @@ edition = "2018"
 [dependencies]
 libtock_core = { path = "../../third_party/libtock-rs/core", default-features = false, features = ["alloc_init", "custom_panic_handler", "custom_alloc_error_handler"] }
 libtock_drivers = { path = "../libtock-drivers" }
-linked_list_allocator = { version = "=0.8.1", default-features = false }
+linked_list_allocator = { version = "0.8.7", default-features = false, features = ["const_mut_refs"] }
 
 [features]
 debug_allocations = []

From 869e93234952fd09c5e85acd61430c5d079cb1fa Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Thu, 10 Dec 2020 16:44:00 +0100
Subject: [PATCH 078/192] Add asserts to make sure we compact

---
 examples/store_latency.rs | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/examples/store_latency.rs b/examples/store_latency.rs
index f85d14d..e664964 100644
--- a/examples/store_latency.rs
+++ b/examples/store_latency.rs
@@ -57,10 +57,14 @@ fn compute_latency(timer: &Timer, num_pages: usize, key_increment: usize, word_l
 
     let mut store = unsafe { boot_store(num_pages, true) };
     let total_capacity = store.capacity().unwrap().total();
+    assert_eq!(store.capacity().unwrap().used(), 0);
+    assert_eq!(store.lifetime().unwrap().used(), 0);
 
     // Burn N words to align the end of the user capacity with the virtual capacity.
     store.insert(0, &vec![0; 4 * (num_pages - 1)]).unwrap();
     store.remove(0).unwrap();
+    assert_eq!(store.capacity().unwrap().used(), 0);
+    assert_eq!(store.lifetime().unwrap().used(), num_pages);
 
     // Insert entries until there is space for one more.
     let count = total_capacity / (1 + word_length) - 1;
@@ -82,6 +86,10 @@ fn compute_latency(timer: &Timer, num_pages: usize, key_increment: usize, word_l
         store.insert(key, &vec![0; 4 * word_length]).unwrap()
     });
     writeln!(console, "Insert: {:.1}ms.", time.ms()).unwrap();
+    assert_eq!(
+        store.lifetime().unwrap().used(),
+        num_pages + (1 + count) * (1 + word_length)
+    );
 
     // Measure latency of boot.
     let (mut store, time) = measure(&timer, || unsafe { boot_store(num_pages, false) });
@@ -98,8 +106,11 @@ fn compute_latency(timer: &Timer, num_pages: usize, key_increment: usize, word_l
         store.insert(0, &vec![0; 4 * (length - 1)]).unwrap();
         store.remove(0).unwrap();
     }
+    assert!(store.capacity().unwrap().remaining() > 0);
+    assert_eq!(store.lifetime().unwrap().used(), num_pages + total_capacity);
     let ((), time) = measure(timer, || store.prepare(1).unwrap());
     writeln!(console, "Compaction: {:.1}ms.", time.ms()).unwrap();
+    assert!(store.lifetime().unwrap().used() > total_capacity + num_pages);
 }
 
 fn main() {

From 371b8af22425689dc5af6ea4a8745a4cc86a1d8c Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Thu, 10 Dec 2020 18:04:25 +0100
Subject: [PATCH 079/192] Move choice between prod and test storage to
 embedded_flash module

This way all users of storage can share the logic to choose between flash or RAM
storage depending on the "std" feature. This is needed because the store_latency
example assumes flash storage but is built when running `cargo test
--features=std`.
---
 examples/store_latency.rs | 11 ++++++-----
 src/ctap/storage.rs       | 32 ++------------------------------
 src/embedded_flash/mod.rs | 33 +++++++++++++++++++++++++++++++++
 3 files changed, 41 insertions(+), 35 deletions(-)

diff --git a/examples/store_latency.rs b/examples/store_latency.rs
index e664964..c3f3e71 100644
--- a/examples/store_latency.rs
+++ b/examples/store_latency.rs
@@ -19,10 +19,10 @@ extern crate lang_items;
 
 use alloc::vec;
 use core::fmt::Write;
-use ctap2::embedded_flash::SyscallStorage;
+use ctap2::embedded_flash::{new_storage, Storage};
 use libtock_drivers::console::Console;
 use libtock_drivers::timer::{self, Duration, Timer, Timestamp};
-use persistent_store::{Storage, Store};
+use persistent_store::Store;
 
 fn timestamp(timer: &Timer) -> Timestamp<f64> {
     Timestamp::<f64>::from_clock_value(timer.get_current_clock().ok().unwrap())
@@ -36,10 +36,11 @@ fn measure<T>(timer: &Timer, operation: impl FnOnce() -> T) -> (T, Duration<f64>
 }
 
 // Only use one store at a time.
-unsafe fn boot_store(num_pages: usize, erase: bool) -> Store<SyscallStorage> {
-    let mut storage = SyscallStorage::new(num_pages).unwrap();
+unsafe fn boot_store(num_pages: usize, erase: bool) -> Store<Storage> {
+    let mut storage = new_storage(num_pages);
     if erase {
-        for page in 0..storage.num_pages() {
+        for page in 0..num_pages {
+            use persistent_store::Storage;
             storage.erase_page(page).unwrap();
         }
     }
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 5e42ec7..5f17052 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -21,6 +21,7 @@ use crate::ctap::key_material;
 use crate::ctap::pin_protocol_v1::PIN_AUTH_LENGTH;
 use crate::ctap::status_code::Ctap2StatusCode;
 use crate::ctap::INITIAL_SIGNATURE_COUNTER;
+use crate::embedded_flash::{new_storage, Storage};
 #[cfg(feature = "with_ctap2_1")]
 use alloc::string::String;
 use alloc::vec;
@@ -31,11 +32,6 @@ use cbor::cbor_array_vec;
 use core::convert::TryInto;
 use crypto::rng256::Rng256;
 
-#[cfg(feature = "std")]
-type Storage = persistent_store::BufferStorage;
-#[cfg(not(feature = "std"))]
-type Storage = crate::embedded_flash::SyscallStorage;
-
 // Those constants may be modified before compilation to tune the behavior of the key.
 //
 // The number of pages should be at least 3 and at most what the flash can hold. There should be no
@@ -89,10 +85,7 @@ impl PersistentStore {
     ///
     /// This should be at most one instance of persistent store per program lifetime.
     pub fn new(rng: &mut impl Rng256) -> PersistentStore {
-        #[cfg(not(feature = "std"))]
-        let storage = PersistentStore::new_prod_storage();
-        #[cfg(feature = "std")]
-        let storage = PersistentStore::new_test_storage();
+        let storage = new_storage(NUM_PAGES);
         let mut store = PersistentStore {
             store: persistent_store::Store::new(storage).ok().unwrap(),
         };
@@ -100,27 +93,6 @@ impl PersistentStore {
         store
     }
 
-    /// Creates a syscall storage in flash.
-    #[cfg(not(feature = "std"))]
-    fn new_prod_storage() -> Storage {
-        Storage::new(NUM_PAGES).unwrap()
-    }
-
-    /// Creates a buffer storage in RAM.
-    #[cfg(feature = "std")]
-    fn new_test_storage() -> Storage {
-        const PAGE_SIZE: usize = 0x1000;
-        let store = vec![0xff; NUM_PAGES * PAGE_SIZE].into_boxed_slice();
-        let options = persistent_store::BufferOptions {
-            word_size: 4,
-            page_size: PAGE_SIZE,
-            max_word_writes: 2,
-            max_page_erases: 10000,
-            strict_mode: true,
-        };
-        Storage::new(store, options)
-    }
-
     /// Initializes the store by creating missing objects.
     fn init(&mut self, rng: &mut impl Rng256) -> Result<(), Ctap2StatusCode> {
         // Generate and store the master keys if they are missing.
diff --git a/src/embedded_flash/mod.rs b/src/embedded_flash/mod.rs
index 862b37e..e307a55 100644
--- a/src/embedded_flash/mod.rs
+++ b/src/embedded_flash/mod.rs
@@ -17,3 +17,36 @@ mod syscall;
 
 #[cfg(not(feature = "std"))]
 pub use self::syscall::SyscallStorage;
+
+/// Storage definition for production.
+#[cfg(not(feature = "std"))]
+mod prod {
+    pub type Storage = super::SyscallStorage;
+
+    pub fn new_storage(num_pages: usize) -> Storage {
+        Storage::new(num_pages).unwrap()
+    }
+}
+#[cfg(not(feature = "std"))]
+pub use self::prod::{new_storage, Storage};
+
+/// Storage definition for testing.
+#[cfg(feature = "std")]
+mod test {
+    pub type Storage = persistent_store::BufferStorage;
+
+    pub fn new_storage(num_pages: usize) -> Storage {
+        const PAGE_SIZE: usize = 0x1000;
+        let store = vec![0xff; num_pages * PAGE_SIZE].into_boxed_slice();
+        let options = persistent_store::BufferOptions {
+            word_size: 4,
+            page_size: PAGE_SIZE,
+            max_word_writes: 2,
+            max_page_erases: 10000,
+            strict_mode: true,
+        };
+        Storage::new(store, options)
+    }
+}
+#[cfg(feature = "std")]
+pub use self::test::{new_storage, Storage};

From edcc206e9d1cfbc4616d4ef6adb33c4f24ebba18 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Thu, 10 Dec 2020 18:29:31 +0100
Subject: [PATCH 080/192] Make store operations constant wrt flash operations

---
 examples/store_latency.rs                |  14 +-
 libraries/persistent_store/src/format.rs |   8 +
 libraries/persistent_store/src/lib.rs    |   1 +
 libraries/persistent_store/src/store.rs  | 260 +++++++++++++----------
 src/ctap/storage.rs                      |   2 +-
 5 files changed, 162 insertions(+), 123 deletions(-)

diff --git a/examples/store_latency.rs b/examples/store_latency.rs
index c3f3e71..fd6f504 100644
--- a/examples/store_latency.rs
+++ b/examples/store_latency.rs
@@ -124,15 +124,15 @@ fn main() {
     compute_latency(&timer, 20, 1, 50);
     // Those overwritten 1 word entries simulate counters.
     compute_latency(&timer, 3, 0, 1);
-    compute_latency(&timer, 6, 0, 1);
+    compute_latency(&timer, 20, 0, 1);
     writeln!(Console::new(), "\nDone.").unwrap();
 
     // Results on nrf52840dk:
     //
-    // | Pages | Overwrite | Length    | Boot     | Compaction | Insert  | Remove  |
-    // | ----- | --------- | --------- | -------  | ---------- | ------  | ------- |
-    // | 3     | no        | 50 words  | 2.0 ms   | 132.5 ms   | 4.8 ms  | 1.2 ms  |
-    // | 20    | no        | 50 words  | 7.4 ms   | 135.5 ms   | 10.2 ms | 3.9 ms  |
-    // | 3     | yes       | 1 word    | 21.9 ms  | 94.5 ms    | 12.4 ms | 5.9 ms  |
-    // | 6     | yes       | 1 word    | 55.2 ms  | 100.8 ms   | 24.8 ms | 12.1 ms |
+    // | Pages | Overwrite | Length    | Boot     | Compaction | Insert  | Remove |
+    // | ----- | --------- | --------- | -------  | ---------- | ------  | ------ |
+    // | 3     | no        | 50 words  | 2.0 ms   | 132.8 ms   | 4.3 ms  | 1.2 ms |
+    // | 20    | no        | 50 words  | 7.8 ms   | 135.7 ms   | 9.9 ms  | 4.0 ms |
+    // | 3     | yes       | 1 word    | 19.6 ms  | 90.8 ms    | 4.7 ms  | 2.3 ms |
+    // | 20    | yes       | 1 word    | 183.3 ms | 90.9 ms    | 4.8 ms  | 2.3 ms |
 }
diff --git a/libraries/persistent_store/src/format.rs b/libraries/persistent_store/src/format.rs
index 1f87ef3..8de88e4 100644
--- a/libraries/persistent_store/src/format.rs
+++ b/libraries/persistent_store/src/format.rs
@@ -1077,4 +1077,12 @@ mod tests {
             0xff800000
         );
     }
+
+    #[test]
+    fn position_offsets_fit_in_a_halfword() {
+        // The store stores the entry positions as their offset from the head. Those offsets are
+        // represented as u16. The bound below is a large over-approximation of the maximal offset
+        // but it already fits.
+        assert_eq!((MAX_PAGE_INDEX + 1) * MAX_VIRT_PAGE_SIZE, 0xff80);
+    }
 }
diff --git a/libraries/persistent_store/src/lib.rs b/libraries/persistent_store/src/lib.rs
index c8be44b..06a3a68 100644
--- a/libraries/persistent_store/src/lib.rs
+++ b/libraries/persistent_store/src/lib.rs
@@ -344,6 +344,7 @@
 //! storage, the store is checked not to crash.
 
 #![cfg_attr(not(feature = "std"), no_std)]
+#![feature(try_trait)]
 
 #[macro_use]
 extern crate alloc;
diff --git a/libraries/persistent_store/src/store.rs b/libraries/persistent_store/src/store.rs
index 2559485..ba7ab4b 100644
--- a/libraries/persistent_store/src/store.rs
+++ b/libraries/persistent_store/src/store.rs
@@ -23,8 +23,11 @@ use crate::{usize_to_nat, Nat, Storage, StorageError, StorageIndex};
 pub use crate::{
     BufferStorage, StoreDriver, StoreDriverOff, StoreDriverOn, StoreInterruption, StoreInvariant,
 };
+use alloc::boxed::Box;
 use alloc::vec::Vec;
 use core::cmp::{max, min, Ordering};
+use core::convert::TryFrom;
+use core::option::NoneError;
 #[cfg(feature = "std")]
 use std::collections::HashSet;
 
@@ -75,6 +78,14 @@ impl From<StorageError> for StoreError {
     }
 }
 
+impl From<NoneError> for StoreError {
+    fn from(error: NoneError) -> StoreError {
+        match error {
+            NoneError => StoreError::InvalidStorage,
+        }
+    }
+}
+
 /// Result of store operations.
 pub type StoreResult<T> = Result<T, StoreError>;
 
@@ -174,6 +185,8 @@ impl StoreUpdate {
     }
 }
 
+pub type StoreIter<'a> = Box<dyn Iterator<Item = StoreResult<StoreHandle>> + 'a>;
+
 /// Implements a store with a map interface over a storage.
 #[derive(Clone)]
 pub struct Store<S: Storage> {
@@ -182,6 +195,14 @@ pub struct Store<S: Storage> {
 
     /// The storage configuration.
     format: Format,
+
+    /// The position of the first word in the store.
+    head: Option<Position>,
+
+    /// The list of the position of the user entries.
+    ///
+    /// The position is encoded as the word offset from the [head](Store#structfield.head).
+    entries: Option<Vec<u16>>,
 }
 
 impl<S: Storage> Store<S> {
@@ -199,7 +220,12 @@ impl<S: Storage> Store<S> {
             None => return Err((StoreError::InvalidArgument, storage)),
             Some(x) => x,
         };
-        let mut store = Store { storage, format };
+        let mut store = Store {
+            storage,
+            format,
+            head: None,
+            entries: None,
+        };
         if let Err(error) = store.recover() {
             return Err((error, store.storage));
         }
@@ -207,8 +233,19 @@ impl<S: Storage> Store<S> {
     }
 
     /// Iterates over the entries.
-    pub fn iter<'a>(&'a self) -> StoreResult<StoreIter<'a, S>> {
-        StoreIter::new(self)
+    pub fn iter<'a>(&'a self) -> StoreResult<StoreIter<'a>> {
+        let head = self.head?;
+        Ok(Box::new(self.entries.as_ref()?.iter().map(
+            move |&offset| {
+                let pos = head + offset as Nat;
+                match self.parse_entry(&mut pos.clone())? {
+                    ParsedEntry::User(Header {
+                        key, length: len, ..
+                    }) => Ok(StoreHandle { key, pos, len }),
+                    _ => Err(StoreError::InvalidStorage),
+                }
+            },
+        )))
     }
 
     /// Returns the current capacity in words.
@@ -217,16 +254,9 @@ impl<S: Storage> Store<S> {
     pub fn capacity(&self) -> StoreResult<StoreRatio> {
         let total = self.format.total_capacity();
         let mut used = 0;
-        let mut pos = self.head()?;
-        let end = pos + self.format.virt_size();
-        while pos < end {
-            let entry_pos = pos;
-            match self.parse_entry(&mut pos)? {
-                ParsedEntry::Tail => break,
-                ParsedEntry::Padding => (),
-                ParsedEntry::User(_) => used += pos - entry_pos,
-                _ => return Err(StoreError::InvalidStorage),
-            }
+        for handle in self.iter()? {
+            let handle = handle?;
+            used += 1 + self.format.bytes_to_words(handle.len);
         }
         Ok(StoreRatio { used, total })
     }
@@ -381,6 +411,7 @@ impl<S: Storage> Store<S> {
         let footer = entry_len / word_size - 1;
         self.write_slice(tail, &entry[..(footer * word_size) as usize])?;
         self.write_slice(tail + footer, &entry[(footer * word_size) as usize..])?;
+        self.push_entry(tail)?;
         self.insert_init(tail, footer, key)
     }
 
@@ -398,7 +429,8 @@ impl<S: Storage> Store<S> {
     /// Removes an entry given a handle.
     pub fn remove_handle(&mut self, handle: &StoreHandle) -> StoreResult<()> {
         self.check_handle(handle)?;
-        self.delete_pos(handle.pos, self.format.bytes_to_words(handle.len))
+        self.delete_pos(handle.pos, self.format.bytes_to_words(handle.len))?;
+        self.remove_entry(handle.pos)
     }
 
     /// Returns the maximum length in bytes of a value.
@@ -460,7 +492,9 @@ impl<S: Storage> Store<S> {
 
     /// Recovers a possible compaction interrupted while copying the entries.
     fn recover_compaction(&mut self) -> StoreResult<()> {
-        let head_page = self.head()?.page(&self.format);
+        let head = self.get_extremum_page_head(Ordering::Less)?;
+        self.head = Some(head);
+        let head_page = head.page(&self.format);
         match self.parse_compact(head_page)? {
             WordState::Erased => Ok(()),
             WordState::Partial => self.compact(),
@@ -470,14 +504,15 @@ impl<S: Storage> Store<S> {
 
     /// Recover a possible interrupted operation which is not a compaction.
     fn recover_operation(&mut self) -> StoreResult<()> {
-        let mut pos = self.head()?;
+        self.entries = Some(Vec::new());
+        let mut pos = self.head?;
         let mut prev_pos = pos;
         let end = pos + self.format.virt_size();
         while pos < end {
             let entry_pos = pos;
             match self.parse_entry(&mut pos)? {
                 ParsedEntry::Tail => break,
-                ParsedEntry::User(_) => (),
+                ParsedEntry::User(_) => self.push_entry(entry_pos)?,
                 ParsedEntry::Padding => {
                     self.wipe_span(entry_pos + 1, pos - entry_pos - 1)?;
                 }
@@ -610,7 +645,7 @@ impl<S: Storage> Store<S> {
     ///
     /// In particular, the handle has not been compacted.
     fn check_handle(&self, handle: &StoreHandle) -> StoreResult<()> {
-        if handle.pos < self.head()? {
+        if handle.pos < self.head? {
             Err(StoreError::InvalidArgument)
         } else {
             Ok(())
@@ -640,7 +675,7 @@ impl<S: Storage> Store<S> {
 
     /// Compacts one page.
     fn compact(&mut self) -> StoreResult<()> {
-        let head = self.head()?;
+        let head = self.head?;
         if head.cycle(&self.format) >= self.format.max_page_erases() {
             return Err(StoreError::NoLifetime);
         }
@@ -653,7 +688,7 @@ impl<S: Storage> Store<S> {
 
     /// Continues a compaction after its compact page info has been written.
     fn compact_copy(&mut self) -> StoreResult<()> {
-        let mut head = self.head()?;
+        let mut head = self.head?;
         let page = head.page(&self.format);
         let end = head.next_page(&self.format);
         let mut tail = match self.parse_compact(page)? {
@@ -667,8 +702,12 @@ impl<S: Storage> Store<S> {
             let pos = head;
             match self.parse_entry(&mut head)? {
                 ParsedEntry::Tail => break,
+                // This can happen if we copy to the next page. We actually reached the tail but we
+                // read what we just copied.
+                ParsedEntry::Partial if head > end => break,
                 ParsedEntry::User(_) => (),
-                _ => continue,
+                ParsedEntry::Padding => continue,
+                _ => return Err(StoreError::InvalidStorage),
             };
             let length = head - pos;
             // We have to copy the slice for 2 reasons:
@@ -676,7 +715,9 @@ impl<S: Storage> Store<S> {
             // 2. We can't pass a flash slice to the kernel. This should get fixed with
             //    https://github.com/tock/tock/issues/1274.
             let entry = self.read_slice(pos, length * self.format.word_size());
+            self.remove_entry(pos)?;
             self.write_slice(tail, &entry)?;
+            self.push_entry(tail)?;
             self.init_page(tail, tail + (length - 1))?;
             tail += length;
         }
@@ -688,14 +729,31 @@ impl<S: Storage> Store<S> {
 
     /// Continues a compaction after its erase entry has been written.
     fn compact_erase(&mut self, erase: Position) -> StoreResult<()> {
-        let page = match self.parse_entry(&mut erase.clone())? {
+        // Read the page to erase from the erase entry.
+        let mut page = match self.parse_entry(&mut erase.clone())? {
             ParsedEntry::Internal(InternalEntry::Erase { page }) => page,
             _ => return Err(StoreError::InvalidStorage),
         };
+        // Erase the page.
         self.storage_erase_page(page)?;
-        let head = self.head()?;
+        // Update the head.
+        page = (page + 1) % self.format.num_pages();
+        let init = match self.parse_init(page)? {
+            WordState::Valid(x) => x,
+            _ => return Err(StoreError::InvalidStorage),
+        };
+        let head = self.format.page_head(init, page);
+        if let Some(entries) = &mut self.entries {
+            let head_offset = u16::try_from(head - self.head?).ok()?;
+            for entry in entries {
+                *entry = entry.checked_sub(head_offset)?;
+            }
+        }
+        self.head = Some(head);
+        // Wipe the overlapping entry from the erased page.
         let pos = head.page_begin(&self.format);
         self.wipe_span(pos, head - pos)?;
+        // Mark the erase entry as done.
         self.set_padding(erase)?;
         Ok(())
     }
@@ -704,13 +762,13 @@ impl<S: Storage> Store<S> {
     fn transaction_apply(&mut self, sorted_keys: &[Nat], marker: Position) -> StoreResult<()> {
         self.delete_keys(&sorted_keys, marker)?;
         self.set_padding(marker)?;
-        let end = self.head()? + self.format.virt_size();
+        let end = self.head? + self.format.virt_size();
         let mut pos = marker + 1;
         while pos < end {
             let entry_pos = pos;
             match self.parse_entry(&mut pos)? {
                 ParsedEntry::Tail => break,
-                ParsedEntry::User(_) => (),
+                ParsedEntry::User(_) => self.push_entry(entry_pos)?,
                 ParsedEntry::Internal(InternalEntry::Remove { .. }) => {
                     self.set_padding(entry_pos)?
                 }
@@ -727,37 +785,38 @@ impl<S: Storage> Store<S> {
             ParsedEntry::Internal(InternalEntry::Clear { min_key }) => min_key,
             _ => return Err(StoreError::InvalidStorage),
         };
-        let mut pos = self.head()?;
-        let end = pos + self.format.virt_size();
-        while pos < end {
-            let entry_pos = pos;
-            match self.parse_entry(&mut pos)? {
-                ParsedEntry::Internal(InternalEntry::Clear { .. }) if entry_pos == clear => break,
-                ParsedEntry::User(header) if header.key >= min_key => {
-                    self.delete_pos(entry_pos, pos - entry_pos - 1)?;
-                }
-                ParsedEntry::Padding | ParsedEntry::User(_) => (),
-                _ => return Err(StoreError::InvalidStorage),
-            }
-        }
+        self.delete_if(clear, |key| key >= min_key)?;
         self.set_padding(clear)?;
         Ok(())
     }
 
     /// Deletes a set of entries up to a certain position.
     fn delete_keys(&mut self, sorted_keys: &[Nat], end: Position) -> StoreResult<()> {
-        let mut pos = self.head()?;
-        while pos < end {
-            let entry_pos = pos;
-            match self.parse_entry(&mut pos)? {
-                ParsedEntry::Tail => break,
-                ParsedEntry::User(header) if sorted_keys.binary_search(&header.key).is_ok() => {
-                    self.delete_pos(entry_pos, pos - entry_pos - 1)?;
-                }
-                ParsedEntry::Padding | ParsedEntry::User(_) => (),
+        self.delete_if(end, |key| sorted_keys.binary_search(&key).is_ok())
+    }
+
+    /// Deletes entries matching a predicate up to a certain position.
+    fn delete_if(&mut self, end: Position, delete: impl Fn(Nat) -> bool) -> StoreResult<()> {
+        let head = self.head?;
+        let mut entries = self.entries.take()?;
+        let mut i = 0;
+        while i < entries.len() {
+            let pos = head + entries[i] as Nat;
+            if pos >= end {
+                break;
+            }
+            let header = match self.parse_entry(&mut pos.clone())? {
+                ParsedEntry::User(x) => x,
                 _ => return Err(StoreError::InvalidStorage),
+            };
+            if delete(header.key) {
+                self.delete_pos(pos, self.format.bytes_to_words(header.length))?;
+                entries.swap_remove(i);
+            } else {
+                i += 1;
             }
         }
+        self.entries = Some(entries);
         Ok(())
     }
 
@@ -836,19 +895,20 @@ impl<S: Storage> Store<S> {
             }
         }
         // There is always at least one initialized page.
-        best.ok_or(StoreError::InvalidStorage)
+        Ok(best?)
     }
 
     /// Returns the number of words that can be written without compaction.
     fn immediate_capacity(&self) -> StoreResult<Nat> {
         let tail = self.tail()?;
-        let end = self.head()? + self.format.virt_size();
+        let end = self.head? + self.format.virt_size();
         Ok(end.get().saturating_sub(tail.get()))
     }
 
     /// Returns the position of the first word in the store.
+    #[cfg(feature = "std")]
     pub(crate) fn head(&self) -> StoreResult<Position> {
-        self.get_extremum_page_head(Ordering::Less)
+        Ok(self.head?)
     }
 
     /// Returns one past the position of the last word in the store.
@@ -863,6 +923,30 @@ impl<S: Storage> Store<S> {
         Ok(pos)
     }
 
+    fn push_entry(&mut self, pos: Position) -> StoreResult<()> {
+        let entries = match &mut self.entries {
+            None => return Ok(()),
+            Some(x) => x,
+        };
+        let head = self.head?;
+        let offset = u16::try_from(pos - head).ok()?;
+        debug_assert!(!entries.contains(&offset));
+        entries.push(offset);
+        Ok(())
+    }
+
+    fn remove_entry(&mut self, pos: Position) -> StoreResult<()> {
+        let entries = match &mut self.entries {
+            None => return Ok(()),
+            Some(x) => x,
+        };
+        let head = self.head?;
+        let offset = u16::try_from(pos - head).ok()?;
+        let i = entries.iter().position(|x| *x == offset)?;
+        entries.swap_remove(i);
+        Ok(())
+    }
+
     /// Parses the entry at a given position.
     ///
     /// The position is updated to point to the next entry.
@@ -1061,7 +1145,7 @@ impl Store<BufferStorage> {
     /// If the value has been partially compacted, only return the non-compacted part. Returns an
     /// empty value if it has been fully compacted.
     pub fn inspect_value(&self, handle: &StoreHandle) -> Vec<u8> {
-        let head = self.head().unwrap();
+        let head = self.head.unwrap();
         let length = self.format.bytes_to_words(handle.len);
         if head <= handle.pos {
             // The value has not been compacted.
@@ -1087,20 +1171,21 @@ impl Store<BufferStorage> {
             store
                 .iter()
                 .unwrap()
-                .map(|x| x.unwrap())
-                .filter(|x| delete_key(x.key as usize))
-                .collect::<Vec<_>>()
+                .filter(|x| x.is_err() || delete_key(x.as_ref().unwrap().key as usize))
+                .collect::<Result<Vec<_>, _>>()
         };
         match *operation {
             StoreOperation::Transaction { ref updates } => {
                 let keys: HashSet<usize> = updates.iter().map(|x| x.key()).collect();
-                let deleted = deleted(self, &|key| keys.contains(&key));
-                (deleted, self.transaction(updates))
-            }
-            StoreOperation::Clear { min_key } => {
-                let deleted = deleted(self, &|key| key >= min_key);
-                (deleted, self.clear(min_key))
+                match deleted(self, &|key| keys.contains(&key)) {
+                    Ok(deleted) => (deleted, self.transaction(updates)),
+                    Err(error) => (Vec::new(), Err(error)),
+                }
             }
+            StoreOperation::Clear { min_key } => match deleted(self, &|key| key >= min_key) {
+                Ok(deleted) => (deleted, self.clear(min_key)),
+                Err(error) => (Vec::new(), Err(error)),
+            },
             StoreOperation::Prepare { length } => (Vec::new(), self.prepare(length)),
         }
     }
@@ -1165,61 +1250,6 @@ enum ParsedEntry {
     Tail,
 }
 
-/// Iterates over the entries of a store.
-pub struct StoreIter<'a, S: Storage> {
-    /// The store being iterated.
-    store: &'a Store<S>,
-
-    /// The position of the next entry.
-    pos: Position,
-
-    /// Iteration stops when reaching this position.
-    end: Position,
-}
-
-impl<'a, S: Storage> StoreIter<'a, S> {
-    /// Creates an iterator over the entries of a store.
-    fn new(store: &'a Store<S>) -> StoreResult<StoreIter<'a, S>> {
-        let pos = store.head()?;
-        let end = pos + store.format.virt_size();
-        Ok(StoreIter { store, pos, end })
-    }
-}
-
-impl<'a, S: Storage> StoreIter<'a, S> {
-    /// Returns the next entry and advances the iterator.
-    fn transposed_next(&mut self) -> StoreResult<Option<StoreHandle>> {
-        if self.pos >= self.end {
-            return Ok(None);
-        }
-        while self.pos < self.end {
-            let entry_pos = self.pos;
-            match self.store.parse_entry(&mut self.pos)? {
-                ParsedEntry::Tail => break,
-                ParsedEntry::Padding => (),
-                ParsedEntry::User(header) => {
-                    return Ok(Some(StoreHandle {
-                        key: header.key,
-                        pos: entry_pos,
-                        len: header.length,
-                    }))
-                }
-                _ => return Err(StoreError::InvalidStorage),
-            }
-        }
-        self.pos = self.end;
-        Ok(None)
-    }
-}
-
-impl<'a, S: Storage> Iterator for StoreIter<'a, S> {
-    type Item = StoreResult<StoreHandle>;
-
-    fn next(&mut self) -> Option<StoreResult<StoreHandle>> {
-        self.transposed_next().transpose()
-    }
-}
-
 /// Returns whether 2 slices are different.
 ///
 /// Returns an error if `target` has a bit set to one for which `source` is set to zero.
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 5f17052..6b7ff20 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -532,7 +532,7 @@ struct IterCredentials<'a> {
     store: &'a persistent_store::Store<Storage>,
 
     /// The store iterator.
-    iter: persistent_store::StoreIter<'a, Storage>,
+    iter: persistent_store::StoreIter<'a>,
 
     /// The iteration result.
     ///

From fb15032f0b191d55dd586113fd5b528b685c082b Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Thu, 10 Dec 2020 18:52:13 +0100
Subject: [PATCH 081/192] Test with nightly

---
 .github/workflows/persistent_store_test.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/persistent_store_test.yml b/.github/workflows/persistent_store_test.yml
index 1a1d942..ffe10ff 100644
--- a/.github/workflows/persistent_store_test.yml
+++ b/.github/workflows/persistent_store_test.yml
@@ -13,6 +13,11 @@ jobs:
     steps:
       - uses: actions/checkout@v2
 
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: nightly
+          override: true
+
       - name: Unit testing of Persistent store library (release mode)
         uses: actions-rs/cargo@v1
         with:

From 162c00a0d12e5c92bd08ff180d365c57568476b3 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Thu, 10 Dec 2020 19:54:25 -0800
Subject: [PATCH 082/192] Simplify Le length calculation

---
 src/ctap/apdu.rs | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 7136084..3bf83da 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -173,14 +173,10 @@ impl TryFrom<&[u8]> for APDU {
                 return Err(ApduStatusCode::SW_WRONG_LENGTH);
             }
 
-            let possible_le_len = payload.len() as i32 - extended_apdu_lc as i32 - 3;
-
-            let extended_apdu_le_len: usize = match possible_le_len {
-                // There's some possible Le bytes at the end
-                0..=3 => possible_le_len as usize,
-                // There are more bytes than even Le3 can consume, return an error
-                _ => return Err(ApduStatusCode::SW_WRONG_LENGTH),
-            };
+            let extended_apdu_le_len: usize = payload.len() - extended_apdu_lc - 3;
+            if extended_apdu_le_len > 3 {
+                return Err(ApduStatusCode::SW_WRONG_LENGTH);
+            }
 
             if byte_0 == 0 && extended_apdu_le_len <= 3 {
                 // If first byte is zero AND the next two bytes can be parsed as a big-endian

From 21bdbd8114236795430326c31fb33b6d7a856d2b Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Thu, 10 Dec 2020 20:01:06 -0800
Subject: [PATCH 083/192] Use integers instead of ByteArray for the
 ApduStatusCode enum

---
 src/ctap/apdu.rs | 41 +++++++++++------------------------------
 1 file changed, 11 insertions(+), 30 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 3bf83da..b1d662f 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -2,44 +2,25 @@ use alloc::vec::Vec;
 use byteorder::{BigEndian, ByteOrder};
 use core::convert::TryFrom;
 
-type ByteArray = &'static [u8];
-
 const APDU_HEADER_LEN: usize = 4;
 
 #[cfg_attr(test, derive(Clone, Debug))]
-#[allow(non_camel_case_types)]
+#[allow(non_camel_case_types, dead_code)]
 #[derive(PartialEq)]
 pub enum ApduStatusCode {
-    SW_SUCCESS,
+    SW_SUCCESS = 0x90_00,
     /// Command successfully executed; 'XX' bytes of data are
     /// available and can be requested using GET RESPONSE.
-    SW_GET_RESPONSE,
-    SW_WRONG_DATA,
-    SW_WRONG_LENGTH,
-    SW_COND_USE_NOT_SATISFIED,
-    SW_FILE_NOT_FOUND,
-    SW_INCORRECT_P1P2,
+    SW_GET_RESPONSE = 0x61_00,
+    SW_WRONG_DATA = 0x6a_80,
+    SW_WRONG_LENGTH = 0x67_00,
+    SW_COND_USE_NOT_SATISFIED = 0x69_85,
+    SW_FILE_NOT_FOUND = 0x6a_82,
+    SW_INCORRECT_P1P2 = 0x6a_86,
     /// Instruction code not supported or invalid
-    SW_INS_INVALID,
-    SW_CLA_INVALID,
-    SW_INTERNAL_EXCEPTION,
-}
-
-impl From<ApduStatusCode> for ByteArray {
-    fn from(status_code: ApduStatusCode) -> ByteArray {
-        match status_code {
-            ApduStatusCode::SW_SUCCESS => b"\x90\x00",
-            ApduStatusCode::SW_GET_RESPONSE => b"\x61\x00",
-            ApduStatusCode::SW_WRONG_DATA => b"\x6A\x80",
-            ApduStatusCode::SW_WRONG_LENGTH => b"\x67\x00",
-            ApduStatusCode::SW_COND_USE_NOT_SATISFIED => b"\x69\x85",
-            ApduStatusCode::SW_FILE_NOT_FOUND => b"\x6a\x82",
-            ApduStatusCode::SW_INCORRECT_P1P2 => b"\x6a\x86",
-            ApduStatusCode::SW_INS_INVALID => b"\x6d\x00",
-            ApduStatusCode::SW_CLA_INVALID => b"\x6e\x00",
-            ApduStatusCode::SW_INTERNAL_EXCEPTION => b"\x6f\x00",
-        }
-    }
+    SW_INS_INVALID = 0x6d_00,
+    SW_CLA_INVALID = 0x6e_00,
+    SW_INTERNAL_EXCEPTION = 0x6f_00,
 }
 
 #[allow(dead_code)]

From 29dbff7a40a1207e19fc6f2e0249eebd6b6d5db8 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Thu, 10 Dec 2020 20:15:05 -0800
Subject: [PATCH 084/192] The great ApduStatusCode encroachment

---
 src/ctap/apdu.rs    |   6 +++
 src/ctap/ctap1.rs   | 101 ++++++++++----------------------------------
 src/ctap/hid/mod.rs |   2 +-
 3 files changed, 30 insertions(+), 79 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index b1d662f..6338d15 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -23,6 +23,12 @@ pub enum ApduStatusCode {
     SW_INTERNAL_EXCEPTION = 0x6f_00,
 }
 
+impl From<ApduStatusCode> for u16 {
+    fn from(_: ApduStatusCode) -> Self {
+        0
+    }
+}
+
 #[allow(dead_code)]
 pub enum ApduInstructions {
     Select = 0xA4,
diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index ff07c0a..1156c6d 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -23,67 +23,12 @@ use core::convert::TryFrom;
 use crypto::rng256::Rng256;
 use libtock_drivers::timer::ClockValue;
 
+// For now, they're the same thing with apdu.rs containing the authoritative definition
+pub type Ctap1StatusCode = ApduStatusCode;
+
 // The specification referenced in this file is at:
 // https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.pdf
 
-// status codes specification (version 20170411) section 3.3
-#[allow(non_camel_case_types)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
-pub enum Ctap1StatusCode {
-    SW_NO_ERROR = 0x9000,
-    SW_CONDITIONS_NOT_SATISFIED = 0x6985,
-    SW_WRONG_DATA = 0x6A80,
-    SW_WRONG_LENGTH = 0x6700,
-    SW_CLA_NOT_SUPPORTED = 0x6E00,
-    SW_INS_NOT_SUPPORTED = 0x6D00,
-    SW_MEMERR = 0x6501,
-    SW_COMMAND_ABORTED = 0x6F00,
-    SW_VENDOR_KEY_HANDLE_TOO_LONG = 0xF000,
-}
-
-impl TryFrom<u16> for Ctap1StatusCode {
-    type Error = ();
-
-    fn try_from(value: u16) -> Result<Ctap1StatusCode, ()> {
-        match value {
-            0x9000 => Ok(Ctap1StatusCode::SW_NO_ERROR),
-            0x6985 => Ok(Ctap1StatusCode::SW_CONDITIONS_NOT_SATISFIED),
-            0x6A80 => Ok(Ctap1StatusCode::SW_WRONG_DATA),
-            0x6700 => Ok(Ctap1StatusCode::SW_WRONG_LENGTH),
-            0x6E00 => Ok(Ctap1StatusCode::SW_CLA_NOT_SUPPORTED),
-            0x6D00 => Ok(Ctap1StatusCode::SW_INS_NOT_SUPPORTED),
-            0x6501 => Ok(Ctap1StatusCode::SW_MEMERR),
-            0x6F00 => Ok(Ctap1StatusCode::SW_COMMAND_ABORTED),
-            0xF000 => Ok(Ctap1StatusCode::SW_VENDOR_KEY_HANDLE_TOO_LONG),
-            _ => Err(()),
-        }
-    }
-}
-
-impl TryFrom<ApduStatusCode> for Ctap1StatusCode {
-    type Error = ();
-
-    fn try_from(apdu_status_code: ApduStatusCode) -> Result<Ctap1StatusCode, ()> {
-        match apdu_status_code {
-            ApduStatusCode::SW_WRONG_LENGTH => Ok(Ctap1StatusCode::SW_WRONG_LENGTH),
-            ApduStatusCode::SW_WRONG_DATA => Ok(Ctap1StatusCode::SW_WRONG_DATA),
-            ApduStatusCode::SW_CLA_INVALID => Ok(Ctap1StatusCode::SW_CLA_NOT_SUPPORTED),
-            ApduStatusCode::SW_INS_INVALID => Ok(Ctap1StatusCode::SW_INS_NOT_SUPPORTED),
-            ApduStatusCode::SW_COND_USE_NOT_SATISFIED => {
-                Ok(Ctap1StatusCode::SW_CONDITIONS_NOT_SATISFIED)
-            }
-            ApduStatusCode::SW_SUCCESS => Ok(Ctap1StatusCode::SW_NO_ERROR),
-            _ => Ok(Ctap1StatusCode::SW_COMMAND_ABORTED),
-        }
-    }
-}
-
-impl Into<u16> for Ctap1StatusCode {
-    fn into(self) -> u16 {
-        self as u16
-    }
-}
-
 #[cfg_attr(any(test, feature = "debug_ctap"), derive(Clone, Debug))]
 #[derive(PartialEq)]
 pub enum Ctap1Flags {
@@ -154,7 +99,7 @@ impl TryFrom<&[u8]> for U2fCommand {
         // | CLA | INS | P1 | P2 | Lc1 | Lc2 | Lc3 |
         // +-----+-----+----+----+-----+-----+-----+
         if apdu.header.cla != Ctap1Command::CTAP1_CLA {
-            return Err(Ctap1StatusCode::SW_CLA_NOT_SUPPORTED);
+            return Err(Ctap1StatusCode::SW_CLA_INVALID);
         }
 
         // Since there is always request data, the expected length is either omitted or
@@ -214,7 +159,7 @@ impl TryFrom<&[u8]> for U2fCommand {
                 })
             }
 
-            _ => Err(Ctap1StatusCode::SW_INS_NOT_SUPPORTED),
+            _ => Err(Ctap1StatusCode::SW_INS_INVALID),
         }
     }
 }
@@ -252,7 +197,7 @@ impl Ctap1Command {
                 application,
             } => {
                 if !ctap_state.u2f_up_state.consume_up(clock_value) {
-                    return Err(Ctap1StatusCode::SW_CONDITIONS_NOT_SATISFIED);
+                    return Err(Ctap1StatusCode::SW_COND_USE_NOT_SATISFIED);
                 }
                 Ctap1Command::process_register(challenge, application, ctap_state)
             }
@@ -267,7 +212,7 @@ impl Ctap1Command {
                 if flags == Ctap1Flags::EnforceUpAndSign
                     && !ctap_state.u2f_up_state.consume_up(clock_value)
                 {
-                    return Err(Ctap1StatusCode::SW_CONDITIONS_NOT_SATISFIED);
+                    return Err(Ctap1StatusCode::SW_COND_USE_NOT_SATISFIED);
                 }
                 Ctap1Command::process_authenticate(
                     challenge,
@@ -282,7 +227,7 @@ impl Ctap1Command {
             U2fCommand::Version => Ok(Vec::<u8>::from(super::U2F_VERSION_STRING)),
 
             // TODO: should we return an error instead such as SW_INS_NOT_SUPPORTED?
-            U2fCommand::VendorSpecific { .. } => Err(Ctap1StatusCode::SW_NO_ERROR),
+            U2fCommand::VendorSpecific { .. } => Err(Ctap1StatusCode::SW_INTERNAL_EXCEPTION),
         }
     }
 
@@ -310,22 +255,22 @@ impl Ctap1Command {
         let pk = sk.genpk();
         let key_handle = ctap_state
             .encrypt_key_handle(sk, &application, None)
-            .map_err(|_| Ctap1StatusCode::SW_COMMAND_ABORTED)?;
+            .map_err(|_| Ctap1StatusCode::SW_INTERNAL_EXCEPTION)?;
         if key_handle.len() > 0xFF {
             // This is just being defensive with unreachable code.
-            return Err(Ctap1StatusCode::SW_VENDOR_KEY_HANDLE_TOO_LONG);
+            return Err(Ctap1StatusCode::SW_WRONG_LENGTH);
         }
 
         let certificate = ctap_state
             .persistent_store
             .attestation_certificate()
-            .map_err(|_| Ctap1StatusCode::SW_MEMERR)?
-            .ok_or(Ctap1StatusCode::SW_COMMAND_ABORTED)?;
+            .map_err(|_| Ctap1StatusCode::SW_INTERNAL_EXCEPTION)?
+            .ok_or(Ctap1StatusCode::SW_INTERNAL_EXCEPTION)?;
         let private_key = ctap_state
             .persistent_store
             .attestation_private_key()
-            .map_err(|_| Ctap1StatusCode::SW_MEMERR)?
-            .ok_or(Ctap1StatusCode::SW_COMMAND_ABORTED)?;
+            .map_err(|_| Ctap1StatusCode::SW_INTERNAL_EXCEPTION)?
+            .ok_or(Ctap1StatusCode::SW_INTERNAL_EXCEPTION)?;
 
         let mut response = Vec::with_capacity(105 + key_handle.len() + certificate.len());
         response.push(Ctap1Command::LEGACY_BYTE);
@@ -380,14 +325,14 @@ impl Ctap1Command {
             .map_err(|_| Ctap1StatusCode::SW_WRONG_DATA)?;
         if let Some(credential_source) = credential_source {
             if flags == Ctap1Flags::CheckOnly {
-                return Err(Ctap1StatusCode::SW_CONDITIONS_NOT_SATISFIED);
+                return Err(Ctap1StatusCode::SW_COND_USE_NOT_SATISFIED);
             }
             ctap_state
                 .increment_global_signature_counter()
                 .map_err(|_| Ctap1StatusCode::SW_WRONG_DATA)?;
             let mut signature_data = ctap_state
                 .generate_auth_data(&application, Ctap1Command::USER_PRESENCE_INDICATOR_BYTE)
-                .map_err(|_| Ctap1StatusCode::SW_WRONG_DATA)?;
+                .map_err(|_| Ctap1StatusCode::SW_COND_USE_NOT_SATISFIED)?;
             signature_data.extend(&challenge);
             let signature = credential_source
                 .private_key
@@ -466,7 +411,7 @@ mod test {
         ctap_state.u2f_up_state.grant_up(START_CLOCK_VALUE);
         let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
         // Certificate and private key are missing
-        assert_eq!(response, Err(Ctap1StatusCode::SW_COMMAND_ABORTED));
+        assert_eq!(response, Err(Ctap1StatusCode::SW_INTERNAL_EXCEPTION));
 
         let fake_key = [0x41u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH];
         assert!(ctap_state
@@ -477,7 +422,7 @@ mod test {
         ctap_state.u2f_up_state.grant_up(START_CLOCK_VALUE);
         let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
         // Certificate is still missing
-        assert_eq!(response, Err(Ctap1StatusCode::SW_COMMAND_ABORTED));
+        assert_eq!(response, Err(Ctap1StatusCode::SW_INTERNAL_EXCEPTION));
 
         let fake_cert = [0x99u8; 100]; // Arbitrary length
         assert!(ctap_state
@@ -534,7 +479,7 @@ mod test {
         ctap_state.u2f_up_state.grant_up(START_CLOCK_VALUE);
         let response =
             Ctap1Command::process_command(&message, &mut ctap_state, TIMEOUT_CLOCK_VALUE);
-        assert_eq!(response, Err(Ctap1StatusCode::SW_CONDITIONS_NOT_SATISFIED));
+        assert_eq!(response, Err(Ctap1StatusCode::SW_COND_USE_NOT_SATISFIED));
     }
 
     #[test]
@@ -552,7 +497,7 @@ mod test {
         let message = create_authenticate_message(&application, Ctap1Flags::CheckOnly, &key_handle);
 
         let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
-        assert_eq!(response, Err(Ctap1StatusCode::SW_CONDITIONS_NOT_SATISFIED));
+        assert_eq!(response, Err(Ctap1StatusCode::SW_COND_USE_NOT_SATISFIED));
     }
 
     #[test]
@@ -626,7 +571,7 @@ mod test {
         message[0] = 0xEE;
 
         let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
-        assert_eq!(response, Err(Ctap1StatusCode::SW_CLA_NOT_SUPPORTED));
+        assert_eq!(response, Err(Ctap1StatusCode::SW_CLA_INVALID));
     }
 
     #[test]
@@ -646,7 +591,7 @@ mod test {
         message[1] = 0xEE;
 
         let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
-        assert_eq!(response, Err(Ctap1StatusCode::SW_INS_NOT_SUPPORTED));
+        assert_eq!(response, Err(Ctap1StatusCode::SW_INS_INVALID));
     }
 
     #[test]
@@ -768,6 +713,6 @@ mod test {
         ctap_state.u2f_up_state.grant_up(START_CLOCK_VALUE);
         let response =
             Ctap1Command::process_command(&message, &mut ctap_state, TIMEOUT_CLOCK_VALUE);
-        assert_eq!(response, Err(Ctap1StatusCode::SW_CONDITIONS_NOT_SATISFIED));
+        assert_eq!(response, Err(Ctap1StatusCode::SW_COND_USE_NOT_SATISFIED));
     }
 }
diff --git a/src/ctap/hid/mod.rs b/src/ctap/hid/mod.rs
index 3874792..7315449 100644
--- a/src/ctap/hid/mod.rs
+++ b/src/ctap/hid/mod.rs
@@ -417,7 +417,7 @@ impl CtapHid {
     #[cfg(feature = "with_ctap1")]
     fn ctap1_success_message(cid: ChannelID, payload: &[u8]) -> HidPacketIterator {
         let mut response = payload.to_vec();
-        let code: u16 = ctap1::Ctap1StatusCode::SW_NO_ERROR.into();
+        let code: u16 = ctap1::Ctap1StatusCode::SW_INTERNAL_EXCEPTION.into();
         response.extend_from_slice(&code.to_be_bytes());
         CtapHid::split_message(Message {
             cid,

From a7eb38aac8b6b3400cebba9b09fefca1c04cfbb3 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Thu, 10 Dec 2020 21:26:44 -0800
Subject: [PATCH 085/192] Use checked sub

---
 src/ctap/apdu.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 7a65fd2..66dde63 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -174,7 +174,8 @@ impl TryFrom<&[u8]> for APDU {
                 return Err(ApduStatusCode::SW_WRONG_LENGTH);
             }
 
-            let extended_apdu_le_len: usize = payload.len() - extended_apdu_lc - 3;
+            let extended_apdu_le_len: usize =
+                payload.len().checked_sub(extended_apdu_lc + 3).unwrap_or(0);
             if extended_apdu_le_len > 3 {
                 return Err(ApduStatusCode::SW_WRONG_LENGTH);
             }

From f74d1b9ffd96d54315066058fa3a4656968c17df Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Thu, 10 Dec 2020 21:27:52 -0800
Subject: [PATCH 086/192] Return error when Le calculation overflows

---
 src/ctap/apdu.rs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 66dde63..d9344ec 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -174,8 +174,10 @@ impl TryFrom<&[u8]> for APDU {
                 return Err(ApduStatusCode::SW_WRONG_LENGTH);
             }
 
-            let extended_apdu_le_len: usize =
-                payload.len().checked_sub(extended_apdu_lc + 3).unwrap_or(0);
+            let extended_apdu_le_len: usize = payload
+                .len()
+                .checked_sub(extended_apdu_lc + 3)
+                .unwrap_or(0xff);
             if extended_apdu_le_len > 3 {
                 return Err(ApduStatusCode::SW_WRONG_LENGTH);
             }

From 5882a6a3cc95348dc0b88bc0f68214e573bf1dd3 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Thu, 10 Dec 2020 23:40:47 -0800
Subject: [PATCH 087/192] Fix ApduStatusCode->u16 implementation

---
 src/ctap/apdu.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index d9344ec..ea59ac5 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -38,8 +38,8 @@ pub enum ApduStatusCode {
 }
 
 impl From<ApduStatusCode> for u16 {
-    fn from(_: ApduStatusCode) -> Self {
-        0
+    fn from(code: ApduStatusCode) -> Self {
+        code as u16
     }
 }
 

From dbbdddd58b83188dfca433c471c867a2458e0cf9 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Mon, 14 Dec 2020 03:45:13 -0800
Subject: [PATCH 088/192] Fix error codes

---
 src/ctap/apdu.rs    |  6 ++----
 src/ctap/ctap1.rs   | 10 +++++-----
 src/ctap/hid/mod.rs |  2 +-
 3 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index ea59ac5..14926ba 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -26,6 +26,7 @@ pub enum ApduStatusCode {
     /// Command successfully executed; 'XX' bytes of data are
     /// available and can be requested using GET RESPONSE.
     SW_GET_RESPONSE = 0x61_00,
+    SW_MEMERR = 0x65_01,
     SW_WRONG_DATA = 0x6a_80,
     SW_WRONG_LENGTH = 0x67_00,
     SW_COND_USE_NOT_SATISFIED = 0x69_85,
@@ -177,10 +178,7 @@ impl TryFrom<&[u8]> for APDU {
             let extended_apdu_le_len: usize = payload
                 .len()
                 .checked_sub(extended_apdu_lc + 3)
-                .unwrap_or(0xff);
-            if extended_apdu_le_len > 3 {
-                return Err(ApduStatusCode::SW_WRONG_LENGTH);
-            }
+                .ok_or(ApduStatusCode::SW_WRONG_LENGTH)?;
 
             if byte_0 == 0 && extended_apdu_le_len <= 3 {
                 // If first byte is zero AND the next two bytes can be parsed as a big-endian
diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index 13f4819..cc15fa0 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -227,7 +227,7 @@ impl Ctap1Command {
             U2fCommand::Version => Ok(Vec::<u8>::from(super::U2F_VERSION_STRING)),
 
             // TODO: should we return an error instead such as SW_INS_NOT_SUPPORTED?
-            U2fCommand::VendorSpecific { .. } => Err(Ctap1StatusCode::SW_INTERNAL_EXCEPTION),
+            U2fCommand::VendorSpecific { .. } => Err(Ctap1StatusCode::SW_SUCCESS),
         }
     }
 
@@ -258,13 +258,13 @@ impl Ctap1Command {
             .map_err(|_| Ctap1StatusCode::SW_INTERNAL_EXCEPTION)?;
         if key_handle.len() > 0xFF {
             // This is just being defensive with unreachable code.
-            return Err(Ctap1StatusCode::SW_WRONG_LENGTH);
+            return Err(Ctap1StatusCode::SW_INTERNAL_EXCEPTION);
         }
 
         let certificate = ctap_state
             .persistent_store
             .attestation_certificate()
-            .map_err(|_| Ctap1StatusCode::SW_INTERNAL_EXCEPTION)?
+            .map_err(|_| Ctap1StatusCode::SW_MEMERR)?
             .ok_or(Ctap1StatusCode::SW_INTERNAL_EXCEPTION)?;
         let private_key = ctap_state
             .persistent_store
@@ -332,7 +332,7 @@ impl Ctap1Command {
                 .map_err(|_| Ctap1StatusCode::SW_WRONG_DATA)?;
             let mut signature_data = ctap_state
                 .generate_auth_data(&application, Ctap1Command::USER_PRESENCE_INDICATOR_BYTE)
-                .map_err(|_| Ctap1StatusCode::SW_COND_USE_NOT_SATISFIED)?;
+                .map_err(|_| Ctap1StatusCode::SW_WRONG_DATA)?;
             signature_data.extend(&challenge);
             let signature = credential_source
                 .private_key
@@ -542,7 +542,7 @@ mod test {
 
         message.push(0x00);
         let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
-        assert_eq!(response, Err(Ctap1StatusCode::SW_WRONG_LENGTH));
+        assert_eq!(response, Err(Ctap1StatusCode::SW_INTERNAL_EXCEPTION));
     }
 
     #[test]
diff --git a/src/ctap/hid/mod.rs b/src/ctap/hid/mod.rs
index 7315449..a36063b 100644
--- a/src/ctap/hid/mod.rs
+++ b/src/ctap/hid/mod.rs
@@ -417,7 +417,7 @@ impl CtapHid {
     #[cfg(feature = "with_ctap1")]
     fn ctap1_success_message(cid: ChannelID, payload: &[u8]) -> HidPacketIterator {
         let mut response = payload.to_vec();
-        let code: u16 = ctap1::Ctap1StatusCode::SW_INTERNAL_EXCEPTION.into();
+        let code: u16 = ctap1::Ctap1StatusCode::SW_SUCCESS.into();
         response.extend_from_slice(&code.to_be_bytes());
         CtapHid::split_message(Message {
             cid,

From 35bdfe90ed52a5fac37d84b1ea6702b7d8c78001 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Mon, 14 Dec 2020 04:54:25 -0800
Subject: [PATCH 089/192] Re-instate the length check for Le bytes

---
 src/ctap/apdu.rs  | 3 +++
 src/ctap/ctap1.rs | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 14926ba..c99bf84 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -179,6 +179,9 @@ impl TryFrom<&[u8]> for APDU {
                 .len()
                 .checked_sub(extended_apdu_lc + 3)
                 .ok_or(ApduStatusCode::SW_WRONG_LENGTH)?;
+            if extended_apdu_le_len > 3 {
+                return Err(ApduStatusCode::SW_WRONG_LENGTH);
+            }
 
             if byte_0 == 0 && extended_apdu_le_len <= 3 {
                 // If first byte is zero AND the next two bytes can be parsed as a big-endian
diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index cc15fa0..0932e2c 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -542,7 +542,7 @@ mod test {
 
         message.push(0x00);
         let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
-        assert_eq!(response, Err(Ctap1StatusCode::SW_INTERNAL_EXCEPTION));
+        assert_eq!(response, Err(Ctap1StatusCode::SW_WRONG_LENGTH));
     }
 
     #[test]

From 1d576fdd316027f0cf4d565cb16b2002bc631ae6 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Mon, 14 Dec 2020 21:06:12 +0100
Subject: [PATCH 090/192] Add unit-test for Store::entries

---
 libraries/persistent_store/src/store.rs | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/libraries/persistent_store/src/store.rs b/libraries/persistent_store/src/store.rs
index ba7ab4b..bc4258a 100644
--- a/libraries/persistent_store/src/store.rs
+++ b/libraries/persistent_store/src/store.rs
@@ -1468,4 +1468,22 @@ mod tests {
         driver = driver.power_off().power_on().unwrap();
         driver.check().unwrap();
     }
+
+    #[test]
+    fn entries_ok() {
+        let mut driver = MINIMAL.new_driver().power_on().unwrap();
+
+        // The store is initially empty.
+        assert!(driver.store().entries.as_ref().unwrap().is_empty());
+
+        // Inserted elements are added.
+        const LEN: usize = 6;
+        driver.insert(0, &[0x38; (LEN - 1) * 4]).unwrap();
+        driver.insert(1, &[0x5c; 4]).unwrap();
+        assert_eq!(driver.store().entries, Some(vec![0, LEN as u16]));
+
+        // Deleted elements are removed.
+        driver.remove(0).unwrap();
+        assert_eq!(driver.store().entries, Some(vec![LEN as u16]));
+    }
 }

From 6c9fc2565a6e734fafb3658ee820f50e330e0256 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Wed, 16 Dec 2020 10:48:01 +0100
Subject: [PATCH 091/192] changes channel ID endianness to big endian

---
 src/ctap/hid/mod.rs | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/ctap/hid/mod.rs b/src/ctap/hid/mod.rs
index a36063b..1ae8334 100644
--- a/src/ctap/hid/mod.rs
+++ b/src/ctap/hid/mod.rs
@@ -68,8 +68,8 @@ pub struct CtapHid {
     // vendor specific.
     // We allocate them incrementally, that is all `cid` such that 1 <= cid <= allocated_cids are
     // allocated.
-    // In packets, the ids are then encoded with the native endianness (with the
-    // u32::to/from_ne_bytes methods).
+    // In packets, the ID encoding is Big Endian to match what is used throughout CTAP (with the
+    // u32::to/from_be_bytes methods).
     allocated_cids: usize,
     pub wink_permission: TimedPermission,
 }
@@ -235,7 +235,7 @@ impl CtapHid {
                         let new_cid = if cid == CtapHid::CHANNEL_BROADCAST {
                             // TODO: Prevent allocating 2^32 channels.
                             self.allocated_cids += 1;
-                            (self.allocated_cids as u32).to_ne_bytes()
+                            (self.allocated_cids as u32).to_be_bytes()
                         } else {
                             // Sync the channel and discard the current transaction.
                             cid
@@ -342,7 +342,7 @@ impl CtapHid {
     }
 
     fn is_allocated_channel(&self, cid: ChannelID) -> bool {
-        cid != CtapHid::CHANNEL_RESERVED && u32::from_ne_bytes(cid) as usize <= self.allocated_cids
+        cid != CtapHid::CHANNEL_RESERVED && u32::from_be_bytes(cid) as usize <= self.allocated_cids
     }
 
     fn error_message(cid: ChannelID, error_code: u8) -> HidPacketIterator {
@@ -569,10 +569,10 @@ mod test {
                     0xBC,
                     0xDE,
                     0xF0,
-                    0x01, // Allocated CID
-                    0x00,
+                    0x00, // Allocated CID
                     0x00,
                     0x00,
+                    0x01,
                     0x02, // Protocol version
                     0x00, // Device version
                     0x00,

From b002b4669e811219f9e83098aa4bb3f2ee77f9bf Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Fri, 11 Dec 2020 01:50:50 +0100
Subject: [PATCH 092/192] Update UICR registers.

---
 patches/tock/06-update-uicr.patch | 100 ++++++++++++++++++++++++++++++
 1 file changed, 100 insertions(+)
 create mode 100644 patches/tock/06-update-uicr.patch

diff --git a/patches/tock/06-update-uicr.patch b/patches/tock/06-update-uicr.patch
new file mode 100644
index 0000000..53ee945
--- /dev/null
+++ b/patches/tock/06-update-uicr.patch
@@ -0,0 +1,100 @@
+diff --git a/chips/nrf52/src/uicr.rs b/chips/nrf52/src/uicr.rs
+index 6bb6c86..3bb8b5a 100644
+--- a/chips/nrf52/src/uicr.rs
++++ b/chips/nrf52/src/uicr.rs
+@@ -1,38 +1,45 @@
+ //! User information configuration registers
+-//!
+-//! Minimal implementation to support activation of the reset button on
+-//! nRF52-DK.
++
+ 
+ use enum_primitive::cast::FromPrimitive;
+-use kernel::common::registers::{register_bitfields, ReadWrite};
++use kernel::common::registers::{register_bitfields, register_structs, ReadWrite};
+ use kernel::common::StaticRef;
++use kernel::hil;
++use kernel::ReturnCode;
+ 
+ use crate::gpio::Pin;
+ 
+ const UICR_BASE: StaticRef<UicrRegisters> =
+-    unsafe { StaticRef::new(0x10001200 as *const UicrRegisters) };
+-
+-#[repr(C)]
+-struct UicrRegisters {
+-    /// Mapping of the nRESET function (see POWER chapter for details)
+-    /// - Address: 0x200 - 0x204
+-    pselreset0: ReadWrite<u32, Pselreset::Register>,
+-    /// Mapping of the nRESET function (see POWER chapter for details)
+-    /// - Address: 0x204 - 0x208
+-    pselreset1: ReadWrite<u32, Pselreset::Register>,
+-    /// Access Port protection
+-    /// - Address: 0x208 - 0x20c
+-    approtect: ReadWrite<u32, ApProtect::Register>,
+-    /// Setting of pins dedicated to NFC functionality: NFC antenna or GPIO
+-    /// - Address: 0x20c - 0x210
+-    nfcpins: ReadWrite<u32, NfcPins::Register>,
+-    _reserved1: [u32; 60],
+-    /// External circuitry to be supplied from VDD pin.
+-    /// - Address: 0x300 - 0x304
+-    extsupply: ReadWrite<u32, ExtSupply::Register>,
+-    /// GPIO reference voltage
+-    /// - Address: 0x304 - 0x308
+-    regout0: ReadWrite<u32, RegOut::Register>,
++    unsafe { StaticRef::new(0x10001000 as *const UicrRegisters) };
++
++register_structs! {
++    UicrRegisters {
++        (0x000 => _reserved1),
++        /// Reserved for Nordic firmware design
++        (0x014 => nrffw: [ReadWrite<u32>; 13]),
++        (0x048 => _reserved2),
++        /// Reserved for Nordic hardware design
++        (0x050 => nrfhw: [ReadWrite<u32>; 12]),
++        /// Reserved for customer
++        (0x080 => customer: [ReadWrite<u32>; 32]),
++        (0x100 => _reserved3),
++        /// Mapping of the nRESET function (see POWER chapter for details)
++        (0x200 => pselreset0: ReadWrite<u32, Pselreset::Register>),
++        /// Mapping of the nRESET function (see POWER chapter for details)
++        (0x204 => pselreset1: ReadWrite<u32, Pselreset::Register>),
++        /// Access Port protection
++        (0x208 => approtect: ReadWrite<u32, ApProtect::Register>),
++        /// Setting of pins dedicated to NFC functionality: NFC antenna or GPIO
++        /// - Address: 0x20c - 0x210
++        (0x20c => nfcpins: ReadWrite<u32, NfcPins::Register>),
++        (0x210 => debugctrl: ReadWrite<u32, DebugControl::Register>),
++        (0x214 => _reserved4),
++        /// External circuitry to be supplied from VDD pin.
++        (0x300 => extsupply: ReadWrite<u32, ExtSupply::Register>),
++        /// GPIO reference voltage
++        (0x304 => regout0: ReadWrite<u32, RegOut::Register>),
++        (0x308 => @END),
++    }
+ }
+ 
+ register_bitfields! [u32,
+@@ -58,6 +65,21 @@ register_bitfields! [u32,
+             DISABLED = 0xff
+         ]
+     ],
++    /// Processor debug control
++    DebugControl [
++        CPUNIDEN OFFSET(0) NUMBITS(8) [
++            /// Enable
++            ENABLED = 0xff,
++            /// Disable
++            DISABLED = 0x00
++        ],
++        CPUFPBEN OFFSET(8) NUMBITS(8) [
++            /// Enable
++            ENABLED = 0xff,
++            /// Disable
++            DISABLED = 0x00
++        ]
++    ],
+     /// Setting of pins dedicated to NFC functionality: NFC antenna or GPIO
+     NfcPins [
+         /// Setting pins dedicated to NFC functionality
+

From 6e5a8cdf6d80167f55256ca8d80d302e361f2f1d Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Fri, 11 Dec 2020 01:51:16 +0100
Subject: [PATCH 093/192] Add kernel support for firmware protection

---
 patches/tock/07-firmware-protect.patch | 350 +++++++++++++++++++++++++
 1 file changed, 350 insertions(+)
 create mode 100644 patches/tock/07-firmware-protect.patch

diff --git a/patches/tock/07-firmware-protect.patch b/patches/tock/07-firmware-protect.patch
new file mode 100644
index 0000000..c062648
--- /dev/null
+++ b/patches/tock/07-firmware-protect.patch
@@ -0,0 +1,350 @@
+diff --git a/boards/components/src/firmware_protection.rs b/boards/components/src/firmware_protection.rs
+new file mode 100644
+index 0000000..5eda591
+--- /dev/null
++++ b/boards/components/src/firmware_protection.rs
+@@ -0,0 +1,67 @@
++//! Component for firmware protection syscall interface.
++//!
++//! This provides one Component, `FirmwareProtectionComponent`, which implements a
++//! userspace syscall interface to enable the code readout protection.
++//!
++//! Usage
++//! -----
++//! ```rust
++//! let crp = components::firmware_protection::FirmwareProtectionComponent::new(
++//!     board_kernel,
++//!     nrf52840::uicr::Uicr::new()
++//! )
++//! .finalize(
++//!     components::firmware_protection_component_helper!(uicr));
++//! ```
++
++use core::mem::MaybeUninit;
++
++use capsules::firmware_protection;
++use kernel::capabilities;
++use kernel::component::Component;
++use kernel::create_capability;
++use kernel::hil;
++use kernel::static_init_half;
++
++// Setup static space for the objects.
++#[macro_export]
++macro_rules! firmware_protection_component_helper {
++    ($C:ty) => {{
++        use capsules::firmware_protection;
++        use core::mem::MaybeUninit;
++        static mut BUF: MaybeUninit<firmware_protection::FirmwareProtection<'static, $C>> = MaybeUninit::uninit();
++        &mut BUF
++    };};
++}
++
++pub struct FirmwareProtectionComponent<C: 'static + hil::firmware_protection::FirmwareProtection> {
++    board_kernel: &'static kernel::Kernel,
++    crp: C,
++}
++
++impl<C: 'static + hil::firmware_protection::FirmwareProtection> FirmwareProtectionComponent<C> {
++    pub fn new(board_kernel: &'static kernel::Kernel, crp: C) -> FirmwareProtectionComponent<C> {
++        FirmwareProtectionComponent {
++            board_kernel: board_kernel,
++            crp: crp,
++        }
++    }
++}
++
++impl<C: 'static + hil::firmware_protection::FirmwareProtection> Component for FirmwareProtectionComponent<C> {
++    type StaticInput = &'static mut MaybeUninit<firmware_protection::FirmwareProtection<'static, C>>;
++    type Output = &'static firmware_protection::FirmwareProtection<'static, C>;
++
++    unsafe fn finalize(self, static_buffer: Self::StaticInput) -> Self::Output {
++        let grant_cap = create_capability!(capabilities::MemoryAllocationCapability);
++
++        static_init_half!(
++            static_buffer,
++            firmware_protection::FirmwareProtection<'static, C>,
++            firmware_protection::FirmwareProtection::new(
++                self.crp,
++                self.board_kernel.create_grant(&grant_cap),
++            )
++        )
++    }
++}
+diff --git a/boards/components/src/lib.rs b/boards/components/src/lib.rs
+index 917497a..520408f 100644
+--- a/boards/components/src/lib.rs
++++ b/boards/components/src/lib.rs
+@@ -9,6 +9,7 @@ pub mod console;
+ pub mod crc;
+ pub mod debug_queue;
+ pub mod debug_writer;
++pub mod firmware_protection;
+ pub mod ft6x06;
+ pub mod gpio;
+ pub mod hd44780;
+diff --git a/boards/nordic/nrf52840_dongle/src/main.rs b/boards/nordic/nrf52840_dongle/src/main.rs
+index 118ea6d..f340dd1 100644
+--- a/boards/nordic/nrf52840_dongle/src/main.rs
++++ b/boards/nordic/nrf52840_dongle/src/main.rs
+@@ -112,6 +112,10 @@ pub struct Platform {
+         'static,
+         nrf52840::usbd::Usbd<'static>,
+     >,
++    crp: &'static capsules::firmware_protection::FirmwareProtection<
++        'static,
++        nrf52840::uicr::Uicr,
++    >,
+ }
+ 
+ impl kernel::Platform for Platform {
+@@ -132,6 +136,7 @@ impl kernel::Platform for Platform {
+             capsules::analog_comparator::DRIVER_NUM => f(Some(self.analog_comparator)),
+             nrf52840::nvmc::DRIVER_NUM => f(Some(self.nvmc)),
+             capsules::usb::usb_ctap::DRIVER_NUM => f(Some(self.usb)),
++            capsules::firmware_protection::DRIVER_NUM => f(Some(self.crp)),
+             kernel::ipc::DRIVER_NUM => f(Some(&self.ipc)),
+             _ => f(None),
+         }
+@@ -355,6 +360,12 @@ pub unsafe fn reset_handler() {
+     )
+     .finalize(components::usb_ctap_component_buf!(nrf52840::usbd::Usbd));
+ 
++    let crp = components::firmware_protection::FirmwareProtectionComponent::new(
++        board_kernel,
++        nrf52840::uicr::Uicr::new(),
++    )
++    .finalize(components::firmware_protection_component_helper!(nrf52840::uicr::Uicr));
++
+     nrf52_components::NrfClockComponent::new().finalize(());
+ 
+     let platform = Platform {
+@@ -371,6 +382,7 @@ pub unsafe fn reset_handler() {
+         analog_comparator,
+         nvmc,
+         usb,
++        crp,
+         ipc: kernel::ipc::IPC::new(board_kernel, &memory_allocation_capability),
+     };
+ 
+diff --git a/boards/nordic/nrf52840dk/src/main.rs b/boards/nordic/nrf52840dk/src/main.rs
+index b1d0d3c..a37d180 100644
+--- a/boards/nordic/nrf52840dk/src/main.rs
++++ b/boards/nordic/nrf52840dk/src/main.rs
+@@ -180,6 +180,10 @@ pub struct Platform {
+         'static,
+         nrf52840::usbd::Usbd<'static>,
+     >,
++    crp: &'static capsules::firmware_protection::FirmwareProtection<
++        'static,
++        nrf52840::uicr::Uicr,
++    >,
+ }
+ 
+ impl kernel::Platform for Platform {
+@@ -201,6 +205,7 @@ impl kernel::Platform for Platform {
+             capsules::nonvolatile_storage_driver::DRIVER_NUM => f(Some(self.nonvolatile_storage)),
+             nrf52840::nvmc::DRIVER_NUM => f(Some(self.nvmc)),
+             capsules::usb::usb_ctap::DRIVER_NUM => f(Some(self.usb)),
++            capsules::firmware_protection::DRIVER_NUM => f(Some(self.crp)),
+             kernel::ipc::DRIVER_NUM => f(Some(&self.ipc)),
+             _ => f(None),
+         }
+@@ -480,6 +485,12 @@ pub unsafe fn reset_handler() {
+     )
+     .finalize(components::usb_ctap_component_buf!(nrf52840::usbd::Usbd));
+ 
++    let crp = components::firmware_protection::FirmwareProtectionComponent::new(
++        board_kernel,
++        nrf52840::uicr::Uicr::new(),
++    )
++    .finalize(components::firmware_protection_component_helper!(nrf52840::uicr::Uicr));
++
+     nrf52_components::NrfClockComponent::new().finalize(());
+ 
+     let platform = Platform {
+@@ -497,6 +508,7 @@ pub unsafe fn reset_handler() {
+         nonvolatile_storage,
+         nvmc,
+         usb,
++        crp,
+         ipc: kernel::ipc::IPC::new(board_kernel, &memory_allocation_capability),
+     };
+ 
+diff --git a/capsules/src/driver.rs b/capsules/src/driver.rs
+index ae458b3..f536dad 100644
+--- a/capsules/src/driver.rs
++++ b/capsules/src/driver.rs
+@@ -16,6 +16,7 @@ pub enum NUM {
+     Adc                   = 0x00005,
+     Dac                   = 0x00006,
+     AnalogComparator      = 0x00007,
++    FirmwareProtection    = 0x00008,
+ 
+     // Kernel
+     Ipc                   = 0x10000,
+diff --git a/capsules/src/firmware_protection.rs b/capsules/src/firmware_protection.rs
+new file mode 100644
+index 0000000..2c61d06
+--- /dev/null
++++ b/capsules/src/firmware_protection.rs
+@@ -0,0 +1,87 @@
++//! Provides userspace control of firmware protection on a board.
++//!
++//! This allows an application to enable firware readout protection,
++//! disabling JTAG interface and other ways to read/tamper the firmware.
++//! Of course, outside of a hardware bug, once set, the only way to enable
++//! programming/debugging is by fully erasing the flash.
++//!
++//! Usage
++//! -----
++//!
++//! ```rust
++//! # use kernel::static_init;
++//!
++//! let crp = static_init!(
++//!     capsules::firware_protection::FirmwareProtection<'static>,
++//!     capsules::firware_protection::FirmwareProtection::new(
++//!         nrf52840::uicr::Uicr,
++//!         board_kernel.create_grant(&grant_cap),
++//!     );
++//! ```
++//!
++//! Syscall Interface
++//! -----------------
++//!
++//! - Stability: 2 - Stable
++//!
++//! ### Command
++//!
++//! Enable code readout protection on the current board.
++//!
++//! #### `command_num`
++//!
++//! - `0`: Driver check.
++//! - `1`: Enable firmware readout protection (aka CRP).
++//!
++
++use core::marker::PhantomData;
++use kernel::hil;
++use kernel::{AppId, Callback, Driver, Grant, ReturnCode};
++
++/// Syscall driver number.
++use crate::driver;
++pub const DRIVER_NUM: usize = driver::NUM::FirmwareProtection as usize;
++
++pub struct FirmwareProtection<'a, C: hil::firmware_protection::FirmwareProtection> {
++    crp_unit: C,
++    apps: Grant<Option<Callback>>,
++    _phantom: PhantomData<&'a C>,
++}
++
++impl<'a, C: hil::firmware_protection::FirmwareProtection> FirmwareProtection<'a, C> {
++    pub fn new(
++        crp_unit: C,
++        apps: Grant<Option<Callback>>,
++    ) -> Self {
++        Self {
++            crp_unit,
++            apps,
++            _phantom: PhantomData,
++        }
++    }
++}
++
++impl<'a, C: hil::firmware_protection::FirmwareProtection> Driver for FirmwareProtection<'a, C> {
++    ///
++    /// ### Command numbers
++    ///
++    ///   * `0`: Returns non-zero to indicate the driver is present.
++    ///   * `1`: Enable firmware protection.
++    fn command(&self, command_num: usize, _: usize, _: usize, appid: AppId) -> ReturnCode {
++        match command_num {
++            // return if driver is available
++            0 => ReturnCode::SUCCESS,
++
++            // enable firmware protection
++            1 => {
++                self.apps.enter(appid, |_, _| {
++                    self.crp_unit.protect()
++                })
++                .unwrap_or_else(|err| err.into())
++            }
++
++            // default
++            _ => ReturnCode::ENOSUPPORT,
++        }
++    }
++}
+diff --git a/capsules/src/lib.rs b/capsules/src/lib.rs
+index e4423fe..7538aad 100644
+--- a/capsules/src/lib.rs
++++ b/capsules/src/lib.rs
+@@ -22,6 +22,7 @@ pub mod crc;
+ pub mod dac;
+ pub mod debug_process_restart;
+ pub mod driver;
++pub mod firmware_protection;
+ pub mod fm25cl;
+ pub mod ft6x06;
+ pub mod fxos8700cq;
+diff --git a/chips/nrf52/src/uicr.rs b/chips/nrf52/src/uicr.rs
+index 3bb8b5a..b8895d3 100644
+--- a/chips/nrf52/src/uicr.rs
++++ b/chips/nrf52/src/uicr.rs
+@@ -8,6 +8,7 @@ use kernel::hil;
+ use kernel::ReturnCode;
+ 
+ use crate::gpio::Pin;
++use crate::nvmc::NVMC;
+ 
+ const UICR_BASE: StaticRef<UicrRegisters> =
+     unsafe { StaticRef::new(0x10001000 as *const UicrRegisters) };
+@@ -210,3 +211,20 @@ impl Uicr {
+         self.registers.approtect.write(ApProtect::PALL::ENABLED);
+     }
+ }
++
++impl hil::firmware_protection::FirmwareProtection for Uicr {
++    fn protect(&self) -> ReturnCode {
++        unsafe { NVMC.configure_writeable() };
++        self.set_ap_protect();
++        // Prevent CPU debug
++        self.registers.debugctrl.write(
++            DebugControl::CPUNIDEN::DISABLED + DebugControl::CPUFPBEN::DISABLED);
++        // TODO(jmichel): Kill bootloader if present
++        unsafe { NVMC.configure_readonly() };
++        if self.is_ap_protect_enabled() {
++            ReturnCode::SUCCESS
++        } else {
++            ReturnCode::FAIL
++        }
++    }
++}
+diff --git a/kernel/src/hil/firmware_protection.rs b/kernel/src/hil/firmware_protection.rs
+new file mode 100644
+index 0000000..e43fdf0
+--- /dev/null
++++ b/kernel/src/hil/firmware_protection.rs
+@@ -0,0 +1,8 @@
++//! Interface for Firmware Protection, also called Code Readout Protection.
++
++use crate::returncode::ReturnCode;
++
++pub trait FirmwareProtection {
++    /// Disable debug ports and protects the device.
++    fn protect(&self) -> ReturnCode;
++}
+diff --git a/kernel/src/hil/mod.rs b/kernel/src/hil/mod.rs
+index 4f42afa..83e7702 100644
+--- a/kernel/src/hil/mod.rs
++++ b/kernel/src/hil/mod.rs
+@@ -8,6 +8,7 @@ pub mod dac;
+ pub mod digest;
+ pub mod eic;
+ pub mod entropy;
++pub mod firmware_protection;
+ pub mod flash;
+ pub mod gpio;
+ pub mod gpio_async;
+

From 218188ad497f07d024994f47c66b8a20985f2968 Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Tue, 1 Dec 2020 12:34:22 +0100
Subject: [PATCH 094/192] Add CRP support in libtock-rs

---
 third_party/libtock-drivers/src/crp.rs | 19 +++++++++++++++++++
 third_party/libtock-drivers/src/lib.rs |  1 +
 2 files changed, 20 insertions(+)
 create mode 100644 third_party/libtock-drivers/src/crp.rs

diff --git a/third_party/libtock-drivers/src/crp.rs b/third_party/libtock-drivers/src/crp.rs
new file mode 100644
index 0000000..fab747f
--- /dev/null
+++ b/third_party/libtock-drivers/src/crp.rs
@@ -0,0 +1,19 @@
+use crate::result::TockResult;
+use libtock_core::syscalls;
+
+const DRIVER_NUMBER: usize = 0x00008;
+
+mod command_nr {
+    pub const AVAILABLE: usize = 0;
+    pub const PROTECT: usize = 1;
+}
+
+pub fn is_available() -> TockResult<()> {
+    syscalls::command(DRIVER_NUMBER, command_nr::AVAILABLE, 0, 0)?;
+    Ok(())
+}
+
+pub fn protect() -> TockResult<()> {
+    syscalls::command(DRIVER_NUMBER, command_nr::PROTECT, 0, 0)?;
+    Ok(())
+}
diff --git a/third_party/libtock-drivers/src/lib.rs b/third_party/libtock-drivers/src/lib.rs
index 8b8983c..f014996 100644
--- a/third_party/libtock-drivers/src/lib.rs
+++ b/third_party/libtock-drivers/src/lib.rs
@@ -2,6 +2,7 @@
 
 pub mod buttons;
 pub mod console;
+pub mod crp;
 pub mod led;
 #[cfg(feature = "with_nfc")]
 pub mod nfc;

From efb63783113266a5aff33f2bc640e1c9205af056 Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Tue, 1 Dec 2020 15:32:32 +0100
Subject: [PATCH 095/192] Add vendor command to load certificate and priv key

---
 src/ctap/command.rs  |  78 ++++++++++++++++--
 src/ctap/mod.rs      | 190 ++++++++++++++++++++++++++++++++++++++++++-
 src/ctap/response.rs |  26 ++++++
 3 files changed, 287 insertions(+), 7 deletions(-)

diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index 1b4b96a..f2f2537 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -13,14 +13,17 @@
 // limitations under the License.
 
 use super::data_formats::{
-    extract_array, extract_byte_string, extract_map, extract_text_string, extract_unsigned,
-    ok_or_missing, ClientPinSubCommand, CoseKey, GetAssertionExtensions, GetAssertionOptions,
-    MakeCredentialExtensions, MakeCredentialOptions, PublicKeyCredentialDescriptor,
-    PublicKeyCredentialParameter, PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity,
+    extract_array, extract_bool, extract_byte_string, extract_map, extract_text_string,
+    extract_unsigned, ok_or_missing, ClientPinSubCommand, CoseKey, GetAssertionExtensions,
+    GetAssertionOptions, MakeCredentialExtensions, MakeCredentialOptions,
+    PublicKeyCredentialDescriptor, PublicKeyCredentialParameter, PublicKeyCredentialRpEntity,
+    PublicKeyCredentialUserEntity,
 };
+use super::key_material;
 use super::status_code::Ctap2StatusCode;
 use alloc::string::String;
 use alloc::vec::Vec;
+use arrayref::array_ref;
 use cbor::destructure_cbor_map;
 use core::convert::TryFrom;
 
@@ -41,6 +44,8 @@ pub enum Command {
     #[cfg(feature = "with_ctap2_1")]
     AuthenticatorSelection,
     // TODO(kaczmarczyck) implement FIDO 2.1 commands (see below consts)
+    // Vendor specific commands
+    AuthenticatorVendorConfigure(AuthenticatorVendorConfigureParameters),
 }
 
 impl From<cbor::reader::DecoderError> for Ctap2StatusCode {
@@ -63,7 +68,8 @@ impl Command {
     const AUTHENTICATOR_CREDENTIAL_MANAGEMENT: u8 = 0xA0;
     const AUTHENTICATOR_SELECTION: u8 = 0xB0;
     const AUTHENTICATOR_CONFIG: u8 = 0xC0;
-    const AUTHENTICATOR_VENDOR_FIRST: u8 = 0x40;
+    const AUTHENTICATOR_VENDOR_CONFIGURE: u8 = 0x40;
+    const AUTHENTICATOR_VENDOR_FIRST_UNUSED: u8 = 0x41;
     const AUTHENTICATOR_VENDOR_LAST: u8 = 0xBF;
 
     pub fn deserialize(bytes: &[u8]) -> Result<Command, Ctap2StatusCode> {
@@ -109,6 +115,12 @@ impl Command {
                 // Parameters are ignored.
                 Ok(Command::AuthenticatorSelection)
             }
+            Command::AUTHENTICATOR_VENDOR_CONFIGURE => {
+                let decoded_cbor = cbor::read(&bytes[1..])?;
+                Ok(Command::AuthenticatorVendorConfigure(
+                    AuthenticatorVendorConfigureParameters::try_from(decoded_cbor)?,
+                ))
+            }
             _ => Err(Ctap2StatusCode::CTAP1_ERR_INVALID_COMMAND),
         }
     }
@@ -372,6 +384,62 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
     }
 }
 
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+pub struct AuthenticatorAttestationMaterial {
+    pub certificate: Vec<u8>,
+    pub private_key: [u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH],
+}
+
+impl TryFrom<cbor::Value> for AuthenticatorAttestationMaterial {
+    type Error = Ctap2StatusCode;
+
+    fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
+        destructure_cbor_map! {
+            let {
+                1 => certificate,
+                2 => private_key,
+            } = extract_map(cbor_value)?;
+        }
+        let certificate = certificate.map(extract_byte_string).transpose()?.unwrap();
+        let private_key = private_key.map(extract_byte_string).transpose()?.unwrap();
+        if private_key.len() != key_material::ATTESTATION_PRIVATE_KEY_LENGTH {
+            return Err(Ctap2StatusCode::CTAP2_ERR_INVALID_CBOR);
+        }
+        let private_key = array_ref!(private_key, 0, key_material::ATTESTATION_PRIVATE_KEY_LENGTH);
+        Ok(AuthenticatorAttestationMaterial {
+            certificate,
+            private_key: *private_key,
+        })
+    }
+}
+
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+pub struct AuthenticatorVendorConfigureParameters {
+    pub lockdown: bool,
+    pub attestation_material: Option<AuthenticatorAttestationMaterial>,
+}
+
+impl TryFrom<cbor::Value> for AuthenticatorVendorConfigureParameters {
+    type Error = Ctap2StatusCode;
+
+    fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
+        destructure_cbor_map! {
+            let {
+                1 => lockdown,
+                2 => attestation_material,
+            } = extract_map(cbor_value)?;
+        }
+        let lockdown = lockdown.map_or(Ok(false), extract_bool)?;
+        let attestation_material = attestation_material
+            .map(AuthenticatorAttestationMaterial::try_from)
+            .transpose()?;
+        Ok(AuthenticatorVendorConfigureParameters {
+            lockdown,
+            attestation_material,
+        })
+    }
+}
+
 #[cfg(test)]
 mod test {
     use super::super::data_formats::{
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 4c5687a..50e0bbf 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -29,7 +29,7 @@ mod timed_permission;
 use self::command::MAX_CREDENTIAL_COUNT_IN_LIST;
 use self::command::{
     AuthenticatorClientPinParameters, AuthenticatorGetAssertionParameters,
-    AuthenticatorMakeCredentialParameters, Command,
+    AuthenticatorMakeCredentialParameters, AuthenticatorVendorConfigureParameters, Command,
 };
 #[cfg(feature = "with_ctap2_1")]
 use self::data_formats::AuthenticatorTransport;
@@ -44,7 +44,7 @@ use self::pin_protocol_v1::PinPermission;
 use self::pin_protocol_v1::PinProtocolV1;
 use self::response::{
     AuthenticatorGetAssertionResponse, AuthenticatorGetInfoResponse,
-    AuthenticatorMakeCredentialResponse, ResponseData,
+    AuthenticatorMakeCredentialResponse, AuthenticatorVendorResponse, ResponseData,
 };
 use self::status_code::Ctap2StatusCode;
 use self::storage::PersistentStore;
@@ -358,6 +358,10 @@ where
                     #[cfg(feature = "with_ctap2_1")]
                     Command::AuthenticatorSelection => self.process_selection(cid),
                     // TODO(kaczmarczyck) implement FIDO 2.1 commands
+                    // Vendor specific commands
+                    Command::AuthenticatorVendorConfigure(params) => {
+                        self.process_vendor_configure(params, cid)
+                    }
                 };
                 #[cfg(feature = "debug_ctap")]
                 writeln!(&mut Console::new(), "Sending response: {:#?}", response).unwrap();
@@ -919,6 +923,63 @@ where
         Ok(ResponseData::AuthenticatorSelection)
     }
 
+    fn process_vendor_configure(
+        &mut self,
+        params: AuthenticatorVendorConfigureParameters,
+        cid: ChannelID,
+    ) -> Result<ResponseData, Ctap2StatusCode> {
+        (self.check_user_presence)(cid)?;
+
+        // Sanity checks
+        let has_priv_key = self.persistent_store.attestation_private_key()?.is_some();
+        let has_cert = self.persistent_store.attestation_certificate()?.is_some();
+
+        if params.attestation_material.is_some() {
+            let data = params.attestation_material.unwrap();
+            if !has_cert {
+                self.persistent_store
+                    .set_attestation_certificate(&data.certificate)?;
+            }
+            if !has_priv_key {
+                self.persistent_store
+                    .set_attestation_private_key(&data.private_key)?;
+            }
+        };
+        let has_priv_key = self.persistent_store.attestation_private_key()?.is_some();
+        let has_cert = self.persistent_store.attestation_certificate()?.is_some();
+        if params.lockdown {
+            // To avoid bricking the authenticator, we only allow lockdown
+            // to happen if both values are programmed or if both U2F/CTAP1 and
+            // batch attestation are disabled.
+            #[cfg(feature = "with_ctap1")]
+            let need_certificate = true;
+            #[cfg(not(feature = "with_ctap1"))]
+            let need_certificate = USE_BATCH_ATTESTATION;
+
+            if (need_certificate && !(has_priv_key && has_cert))
+                || libtock_drivers::crp::protect().is_err()
+            {
+                Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)
+            } else {
+                Ok(ResponseData::AuthenticatorVendor(
+                    AuthenticatorVendorResponse {
+                        cert_programmed: has_cert,
+                        pkey_programmed: has_priv_key,
+                        lockdown_enabled: true,
+                    },
+                ))
+            }
+        } else {
+            Ok(ResponseData::AuthenticatorVendor(
+                AuthenticatorVendorResponse {
+                    cert_programmed: has_cert,
+                    pkey_programmed: has_priv_key,
+                    lockdown_enabled: false,
+                },
+            ))
+        }
+    }
+
     pub fn generate_auth_data(
         &self,
         rp_id_hash: &[u8],
@@ -941,6 +1002,7 @@ where
 
 #[cfg(test)]
 mod test {
+    use super::command::AuthenticatorAttestationMaterial;
     use super::data_formats::{
         CoseKey, GetAssertionExtensions, GetAssertionOptions, MakeCredentialExtensions,
         MakeCredentialOptions, PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity,
@@ -2052,4 +2114,128 @@ mod test {
             last_counter = next_counter;
         }
     }
+
+    #[test]
+    fn test_vendor_configure() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+
+        // Nothing should be configured at the beginning
+        let response = ctap_state.process_vendor_configure(
+            AuthenticatorVendorConfigureParameters {
+                lockdown: false,
+                attestation_material: None,
+            },
+            DUMMY_CHANNEL_ID,
+        );
+        assert_eq!(
+            response,
+            Ok(ResponseData::AuthenticatorVendor(
+                AuthenticatorVendorResponse {
+                    cert_programmed: false,
+                    pkey_programmed: false,
+                    lockdown_enabled: false
+                }
+            ))
+        );
+
+        // Inject dummy values
+        let dummy_key = [0x41u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH];
+        let dummy_cert = [0xddu8; 20];
+        let response = ctap_state.process_vendor_configure(
+            AuthenticatorVendorConfigureParameters {
+                lockdown: false,
+                attestation_material: Some(AuthenticatorAttestationMaterial {
+                    certificate: dummy_cert.to_vec(),
+                    private_key: dummy_key,
+                }),
+            },
+            DUMMY_CHANNEL_ID,
+        );
+        assert_eq!(
+            response,
+            Ok(ResponseData::AuthenticatorVendor(
+                AuthenticatorVendorResponse {
+                    cert_programmed: true,
+                    pkey_programmed: true,
+                    lockdown_enabled: false
+                }
+            ))
+        );
+        assert_eq!(
+            ctap_state
+                .persistent_store
+                .attestation_certificate()
+                .unwrap()
+                .unwrap(),
+            dummy_cert
+        );
+        assert_eq!(
+            ctap_state
+                .persistent_store
+                .attestation_private_key()
+                .unwrap()
+                .unwrap(),
+            dummy_key
+        );
+
+        // Try to inject other dummy values and check that intial values are retained.
+        let other_dummy_key = [0x44u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH];
+        let response = ctap_state.process_vendor_configure(
+            AuthenticatorVendorConfigureParameters {
+                lockdown: false,
+                attestation_material: Some(AuthenticatorAttestationMaterial {
+                    certificate: dummy_cert.to_vec(),
+                    private_key: other_dummy_key,
+                }),
+            },
+            DUMMY_CHANNEL_ID,
+        );
+        assert_eq!(
+            response,
+            Ok(ResponseData::AuthenticatorVendor(
+                AuthenticatorVendorResponse {
+                    cert_programmed: true,
+                    pkey_programmed: true,
+                    lockdown_enabled: false
+                }
+            ))
+        );
+        assert_eq!(
+            ctap_state
+                .persistent_store
+                .attestation_certificate()
+                .unwrap()
+                .unwrap(),
+            dummy_cert
+        );
+        assert_eq!(
+            ctap_state
+                .persistent_store
+                .attestation_private_key()
+                .unwrap()
+                .unwrap(),
+            dummy_key
+        );
+
+        // Now try to lock the device
+        let response = ctap_state.process_vendor_configure(
+            AuthenticatorVendorConfigureParameters {
+                lockdown: true,
+                attestation_material: None,
+            },
+            DUMMY_CHANNEL_ID,
+        );
+        assert_eq!(
+            response,
+            Ok(ResponseData::AuthenticatorVendor(
+                AuthenticatorVendorResponse {
+                    cert_programmed: true,
+                    pkey_programmed: true,
+                    lockdown_enabled: true
+                }
+            ))
+        );
+    }
 }
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index 47e1d54..674a1f5 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -34,6 +34,7 @@ pub enum ResponseData {
     AuthenticatorReset,
     #[cfg(feature = "with_ctap2_1")]
     AuthenticatorSelection,
+    AuthenticatorVendor(AuthenticatorVendorResponse),
 }
 
 impl From<ResponseData> for Option<cbor::Value> {
@@ -48,6 +49,7 @@ impl From<ResponseData> for Option<cbor::Value> {
             ResponseData::AuthenticatorReset => None,
             #[cfg(feature = "with_ctap2_1")]
             ResponseData::AuthenticatorSelection => None,
+            ResponseData::AuthenticatorVendor(data) => Some(data.into()),
         }
     }
 }
@@ -231,6 +233,30 @@ impl From<AuthenticatorClientPinResponse> for cbor::Value {
     }
 }
 
+#[cfg_attr(test, derive(PartialEq))]
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
+pub struct AuthenticatorVendorResponse {
+    pub cert_programmed: bool,
+    pub pkey_programmed: bool,
+    pub lockdown_enabled: bool,
+}
+
+impl From<AuthenticatorVendorResponse> for cbor::Value {
+    fn from(vendor_response: AuthenticatorVendorResponse) -> Self {
+        let AuthenticatorVendorResponse {
+            cert_programmed,
+            pkey_programmed,
+            lockdown_enabled,
+        } = vendor_response;
+
+        cbor_map_options! {
+            1 => cert_programmed,
+            2 => pkey_programmed,
+            3 => lockdown_enabled,
+        }
+    }
+}
+
 #[cfg(test)]
 mod test {
     use super::super::data_formats::PackedAttestationStatement;

From 3c93c8ddc649d07a580b59f78915b80e4f6d5c3e Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Tue, 1 Dec 2020 15:34:15 +0100
Subject: [PATCH 096/192] Remove compile time crypto material.

---
 Cargo.toml               |  1 -
 build.rs                 | 59 ----------------------------------------
 src/ctap/key_material.rs |  6 ----
 src/ctap/storage.rs      | 35 +++++-------------------
 4 files changed, 7 insertions(+), 94 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index ed293cc..611b2a0 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -35,7 +35,6 @@ elf2tab = "0.6.0"
 enum-iterator = "0.6.0"
 
 [build-dependencies]
-openssl = "0.10"
 uuid = { version = "0.8", features = ["v4"] }
 
 [profile.dev]
diff --git a/build.rs b/build.rs
index e981555..b581d8e 100644
--- a/build.rs
+++ b/build.rs
@@ -12,11 +12,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use openssl::asn1;
-use openssl::ec;
-use openssl::nid::Nid;
-use openssl::pkey::PKey;
-use openssl::x509;
 use std::env;
 use std::fs::File;
 use std::io::Read;
@@ -25,65 +20,11 @@ use std::path::Path;
 use uuid::Uuid;
 
 fn main() {
-    println!("cargo:rerun-if-changed=crypto_data/opensk.key");
-    println!("cargo:rerun-if-changed=crypto_data/opensk_cert.pem");
     println!("cargo:rerun-if-changed=crypto_data/aaguid.txt");
 
     let out_dir = env::var_os("OUT_DIR").unwrap();
-    let priv_key_bin_path = Path::new(&out_dir).join("opensk_pkey.bin");
-    let cert_bin_path = Path::new(&out_dir).join("opensk_cert.bin");
     let aaguid_bin_path = Path::new(&out_dir).join("opensk_aaguid.bin");
 
-    // Load the OpenSSL PEM ECC key
-    let ecc_data = include_bytes!("crypto_data/opensk.key");
-    let pkey =
-        ec::EcKey::private_key_from_pem(ecc_data).expect("Failed to load OpenSK private key file");
-
-    // Check key validity
-    pkey.check_key().unwrap();
-    assert_eq!(pkey.group().curve_name(), Some(Nid::X9_62_PRIME256V1));
-
-    // Private keys generated by OpenSSL have variable size but we only handle
-    // constant size. Serialization is done in big endian so if the size is less
-    // than 32 bytes, we need to prepend with null bytes.
-    // If the size is 33 bytes, this means the serialized BigInt is negative.
-    // Any other size is invalid.
-    let priv_key_hex = pkey.private_key().to_hex_str().unwrap();
-    let priv_key_vec = pkey.private_key().to_vec();
-    let key_len = priv_key_vec.len();
-
-    assert!(
-        key_len <= 33,
-        "Invalid private key (too big): {} ({:#?})",
-        priv_key_hex,
-        priv_key_vec,
-    );
-
-    // Copy OpenSSL generated key to our vec, starting from the end
-    let mut output_vec = [0u8; 32];
-    let min_key_len = std::cmp::min(key_len, 32);
-    output_vec[32 - min_key_len..].copy_from_slice(&priv_key_vec[key_len - min_key_len..]);
-
-    // Create the raw private key out of the OpenSSL data
-    let mut priv_key_bin_file = File::create(&priv_key_bin_path).unwrap();
-    priv_key_bin_file.write_all(&output_vec).unwrap();
-
-    // Convert the PEM certificate to DER and extract the serial for AAGUID
-    let input_pem_cert = include_bytes!("crypto_data/opensk_cert.pem");
-    let cert = x509::X509::from_pem(input_pem_cert).expect("Failed to load OpenSK certificate");
-
-    // Do some sanity check on the certificate
-    assert!(cert
-        .public_key()
-        .unwrap()
-        .public_eq(&PKey::from_ec_key(pkey).unwrap()));
-    let now = asn1::Asn1Time::days_from_now(0).unwrap();
-    assert!(cert.not_after() > now);
-    assert!(cert.not_before() <= now);
-
-    let mut cert_bin_file = File::create(&cert_bin_path).unwrap();
-    cert_bin_file.write_all(&cert.to_der().unwrap()).unwrap();
-
     let mut aaguid_bin_file = File::create(&aaguid_bin_path).unwrap();
     let mut aaguid_txt_file = File::open("crypto_data/aaguid.txt").unwrap();
     let mut content = String::new();
diff --git a/src/ctap/key_material.rs b/src/ctap/key_material.rs
index 2563798..eec5456 100644
--- a/src/ctap/key_material.rs
+++ b/src/ctap/key_material.rs
@@ -17,9 +17,3 @@ pub const AAGUID_LENGTH: usize = 16;
 
 pub const AAGUID: &[u8; AAGUID_LENGTH] =
     include_bytes!(concat!(env!("OUT_DIR"), "/opensk_aaguid.bin"));
-
-pub const ATTESTATION_CERTIFICATE: &[u8] =
-    include_bytes!(concat!(env!("OUT_DIR"), "/opensk_cert.bin"));
-
-pub const ATTESTATION_PRIVATE_KEY: &[u8; ATTESTATION_PRIVATE_KEY_LENGTH] =
-    include_bytes!(concat!(env!("OUT_DIR"), "/opensk_pkey.bin"));
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 5f17052..110184f 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -115,36 +115,12 @@ impl PersistentStore {
             self.store.insert(key::CRED_RANDOM_SECRET, &cred_random)?;
         }
 
-        // TODO(jmichel): remove this when vendor command is in place
-        #[cfg(not(test))]
-        self.load_attestation_data_from_firmware()?;
         if self.store.find_handle(key::AAGUID)?.is_none() {
             self.set_aaguid(key_material::AAGUID)?;
         }
         Ok(())
     }
 
-    // TODO(jmichel): remove this function when vendor command is in place.
-    #[cfg(not(test))]
-    fn load_attestation_data_from_firmware(&mut self) -> Result<(), Ctap2StatusCode> {
-        // The following 2 entries are meant to be written by vendor-specific commands.
-        if self
-            .store
-            .find_handle(key::ATTESTATION_PRIVATE_KEY)?
-            .is_none()
-        {
-            self.set_attestation_private_key(key_material::ATTESTATION_PRIVATE_KEY)?;
-        }
-        if self
-            .store
-            .find_handle(key::ATTESTATION_CERTIFICATE)?
-            .is_none()
-        {
-            self.set_attestation_certificate(key_material::ATTESTATION_CERTIFICATE)?;
-        }
-        Ok(())
-    }
-
     /// Returns the first matching credential.
     ///
     /// Returns `None` if no credentials are matched or if `check_cred_protect` is set and the first
@@ -989,11 +965,14 @@ mod test {
             .is_none());
 
         // Make sure the persistent keys are initialized.
+        // Put dummy values
+        let dummy_key = [0x41u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH];
+        let dummy_cert = [0xddu8; 20];
         persistent_store
-            .set_attestation_private_key(key_material::ATTESTATION_PRIVATE_KEY)
+            .set_attestation_private_key(&dummy_key)
             .unwrap();
         persistent_store
-            .set_attestation_certificate(key_material::ATTESTATION_CERTIFICATE)
+            .set_attestation_certificate(&dummy_cert)
             .unwrap();
         assert_eq!(&persistent_store.aaguid().unwrap(), key_material::AAGUID);
 
@@ -1001,11 +980,11 @@ mod test {
         persistent_store.reset(&mut rng).unwrap();
         assert_eq!(
             &persistent_store.attestation_private_key().unwrap().unwrap(),
-            key_material::ATTESTATION_PRIVATE_KEY
+            &dummy_key
         );
         assert_eq!(
             persistent_store.attestation_certificate().unwrap().unwrap(),
-            key_material::ATTESTATION_CERTIFICATE
+            &dummy_cert
         );
         assert_eq!(&persistent_store.aaguid().unwrap(), key_material::AAGUID);
     }

From e35c41578ea61d31e07eefe0ba44fc6854387145 Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Thu, 10 Dec 2020 16:17:09 +0100
Subject: [PATCH 097/192] Add configuration tool

---
 .gitignore         |   1 +
 deploy.py          |  43 ++++++++++
 setup.sh           |   3 +
 tools/configure.py | 197 +++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 244 insertions(+)
 create mode 100755 tools/configure.py

diff --git a/.gitignore b/.gitignore
index 1b32046..611b278 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,3 +11,4 @@ Cargo.lock
 /reproducible/binaries.sha256sum
 /reproducible/elf2tab.txt
 /reproducible/reproduced.tar
+__pycache__
diff --git a/deploy.py b/deploy.py
index 42579a2..b3daa6f 100755
--- a/deploy.py
+++ b/deploy.py
@@ -710,6 +710,22 @@ class OpenSKInstaller:
             check=False,
             timeout=None,
         ).returncode
+
+    # Configure OpenSK through vendor specific command if needed
+    if any([
+        self.args.lock_device,
+        self.args.config_cert,
+        self.args.config_pkey,
+    ]):
+      # pylint: disable=g-import-not-at-top,import-outside-toplevel
+      import tools.configure
+      tools.configure.main(
+          argparse.Namespace(
+              batch=False,
+              certificate=self.args.config_cert,
+              priv_key=self.args.config_pkey,
+              lock=self.args.lock_device,
+          ))
     return 0
 
 
@@ -770,6 +786,33 @@ if __name__ == "__main__":
       help=("Erases the persistent storage when installing an application. "
             "All stored data will be permanently lost."),
   )
+  main_parser.add_argument(
+      "--lock-device",
+      action="store_true",
+      default=False,
+      dest="lock_device",
+      help=("Try to disable JTAG at the end of the operations. This "
+            "operation may fail if the device is already locked or if "
+            "the certificate/private key are not programmed."),
+  )
+  main_parser.add_argument(
+      "--inject-certificate",
+      default=None,
+      metavar="PEM_FILE",
+      type=argparse.FileType("rb"),
+      dest="config_cert",
+      help=("If this option is set, the corresponding certificate "
+            "will be programmed into the key as the last operation."),
+  )
+  main_parser.add_argument(
+      "--inject-private-key",
+      default=None,
+      metavar="PEM_FILE",
+      type=argparse.FileType("rb"),
+      dest="config_pkey",
+      help=("If this option is set, the corresponding private key "
+            "will be programmed into the key as the last operation."),
+  )
   main_parser.add_argument(
       "--programmer",
       metavar="METHOD",
diff --git a/setup.sh b/setup.sh
index 903e0e3..13ad9b0 100755
--- a/setup.sh
+++ b/setup.sh
@@ -44,3 +44,6 @@ rustup target add thumbv7em-none-eabi
 # Install dependency to create applications.
 mkdir -p elf2tab
 cargo install elf2tab --version 0.6.0 --root elf2tab/
+
+# Install python dependencies to factory configure OpenSK (crypto, JTAG lockdown)
+pip3 install --user --upgrade colorama tqdm cryptography fido2
diff --git a/tools/configure.py b/tools/configure.py
new file mode 100755
index 0000000..eff1166
--- /dev/null
+++ b/tools/configure.py
@@ -0,0 +1,197 @@
+#!/usr/bin/env python3
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# Lint as: python3
+
+from __future__ import absolute_import
+from __future__ import division
+from __future__ import print_function
+
+import argparse
+import getpass
+import datetime
+import sys
+import uuid
+
+import colorama
+from tqdm.auto import tqdm
+
+from cryptography import x509
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import ec
+
+from fido2 import ctap
+from fido2 import ctap2
+from fido2 import hid
+
+OPENSK_VID_PID = (0x1915, 0x521F)
+OPENSK_VENDOR_CONFIGURE = 0x40
+
+
+def fatal(msg):
+  tqdm.write("{style_begin}fatal:{style_end} {message}".format(
+      style_begin=colorama.Fore.RED + colorama.Style.BRIGHT,
+      style_end=colorama.Style.RESET_ALL,
+      message=msg))
+  sys.exit(1)
+
+
+def error(msg):
+  tqdm.write("{style_begin}error:{style_end} {message}".format(
+      style_begin=colorama.Fore.RED,
+      style_end=colorama.Style.RESET_ALL,
+      message=msg))
+
+
+def info(msg):
+  tqdm.write("{style_begin}info:{style_end} {message}".format(
+      style_begin=colorama.Fore.GREEN + colorama.Style.BRIGHT,
+      style_end=colorama.Style.RESET_ALL,
+      message=msg))
+
+
+def get_opensk_devices(batch_mode):
+  devices = []
+  for dev in hid.CtapHidDevice.list_devices():
+    if (dev.descriptor["vendor_id"],
+        dev.descriptor["product_id"]) == OPENSK_VID_PID:
+      if dev.capabilities & hid.CAPABILITY.CBOR:
+        if batch_mode:
+          devices.append(ctap2.CTAP2(dev))
+        else:
+          return [ctap2.CTAP2(dev)]
+  return devices
+
+
+def get_private_key(data, password=None):
+  # First we try without password
+  try:
+    return serialization.load_pem_private_key(data, password=None)
+  except TypeError:
+    # Maybe we need a password then
+    if sys.stdin.isatty():
+      password = getpass.getpass(prompt="Private key password: ")
+    else:
+      password = sys.stdin.readline().rstrip()
+    return get_private_key(data, password=password.encode(sys.stdin.encoding))
+
+
+def main(args):
+  colorama.init()
+  # We need either both the certificate and the key or none
+  if bool(args.priv_key) ^ bool(args.certificate):
+    fatal("Certificate and private key must be set together or both omitted.")
+
+  cbor_data = {1: args.lock}
+
+  if args.priv_key:
+    cbor_data[1] = args.lock
+    priv_key = get_private_key(args.priv_key.read())
+    if not isinstance(priv_key, ec.EllipticCurvePrivateKey):
+      fatal("Private key must be an Elliptic Curve one.")
+    if not isinstance(priv_key.curve, ec.SECP256R1):
+      fatal("Private key must use Secp256r1 curve.")
+    if priv_key.key_size != 256:
+      fatal("Private key must be 256 bits long.")
+    info("Private key is valid.")
+
+    cert = x509.load_pem_x509_certificate(args.certificate.read())
+    # Some sanity/validity checks
+    now = datetime.datetime.now()
+    if cert.not_valid_before > now:
+      fatal("Certificate validity starts in the future.")
+    if cert.not_valid_after <= now:
+      fatal("Certificate expired.")
+    pub_key = cert.public_key()
+    if not isinstance(pub_key, ec.EllipticCurvePublicKey):
+      fatal("Certificate public key must be an Elliptic Curve one.")
+    if not isinstance(pub_key.curve, ec.SECP256R1):
+      fatal("Certificate public key must use Secp256r1 curve.")
+    if pub_key.key_size != 256:
+      fatal("Certificate public key must be 256 bits long.")
+    if pub_key.public_numbers() != priv_key.public_key().public_numbers():
+      fatal("Certificate public doesn't match with the private key.")
+    info("Certificate is valid.")
+
+    cbor_data[2] = {
+        1:
+            cert.public_bytes(serialization.Encoding.DER),
+        2:
+            priv_key.private_numbers().private_value.to_bytes(
+                length=32, byteorder='big', signed=False)
+    }
+
+  for authenticator in tqdm(get_opensk_devices(args.batch)):
+    # If the device supports it, wink to show which device
+    # we're going to program
+    if authenticator.device.capabilities & hid.CAPABILITY.WINK:
+      authenticator.device.wink()
+    aaguid = uuid.UUID(bytes=authenticator.get_info().aaguid)
+    info(("Programming device {} AAGUID {} ({}). "
+          "Please touch the device to confirm...").format(
+              authenticator.device.descriptor.get("product_string", "Unknown"),
+              aaguid, authenticator.device))
+    try:
+      result = authenticator.send_cbor(
+          OPENSK_VENDOR_CONFIGURE,
+          data=cbor_data,
+      )
+      info("Certificate: {}".format("Present" if result[1] else "Missing"))
+      info("Private Key: {}".format("Present" if result[2] else "Missing"))
+      if result[3]:
+        info("Device locked down!")
+    except ctap.CtapError as ex:
+      if ex.code.value == ctap.CtapError.ERR.INVALID_COMMAND:
+        error("Failed to configure OpenSK (unsupported command).")
+
+
+if __name__ == "__main__":
+  parser = argparse.ArgumentParser()
+  parser.add_argument(
+      "--batch",
+      default=False,
+      action="store_true",
+      help=(
+          "When batch processing is used, all plugged OpenSK devices will "
+          "be programmed the same way. Otherwise (default) only the first seen "
+          "device will be programmed."),
+  )
+  parser.add_argument(
+      "--certificate",
+      type=argparse.FileType("rb"),
+      default=None,
+      metavar="PEM_FILE",
+      dest="certificate",
+      help=("PEM file containing the certificate to inject into "
+            "OpenSK authenticator."),
+  )
+  parser.add_argument(
+      "--private-key",
+      type=argparse.FileType("rb"),
+      default=None,
+      metavar="PEM_FILE",
+      dest="priv_key",
+      help=("PEM file containing the private key associated "
+            "with the certificate."),
+  )
+  parser.add_argument(
+      "--lock-device",
+      default=False,
+      action="store_true",
+      dest="lock",
+      help=("Locks the device (i.e. bootloader and JTAG access). "
+            "This command can fail if the certificate or the private key "
+            "haven't been both programmed yet."),
+  )
+  main(parser.parse_args())

From a1854bb98ae0edea56ee54ee6eea779f6e2e436a Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Fri, 11 Dec 2020 03:16:17 +0100
Subject: [PATCH 098/192] Update documentation

---
 README.md       | 43 +++++++++++++++++++++++++++----------------
 docs/install.md |  9 ++++++---
 2 files changed, 33 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index ccb6fc7..cca4eac 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,5 @@
 # <img alt="OpenSK logo" src="docs/img/OpenSK.svg" width="200px">
 
-[![Build Status](https://travis-ci.org/google/OpenSK.svg?branch=master)](https://travis-ci.org/google/OpenSK)
 ![markdownlint](https://github.com/google/OpenSK/workflows/markdownlint/badge.svg?branch=master)
 ![pylint](https://github.com/google/OpenSK/workflows/pylint/badge.svg?branch=master)
 ![Cargo check](https://github.com/google/OpenSK/workflows/Cargo%20check/badge.svg?branch=master)
@@ -31,7 +30,8 @@ our implementation was not reviewed nor officially tested and doesn't claim to
 be FIDO Certified.
 We started adding features of the upcoming next version of the
 [CTAP2.1 specifications](https://fidoalliance.org/specs/fido2/fido-client-to-authenticator-protocol-v2.1-rd-20191217.html).
-The development is currently between 2.0 and 2.1, with updates hidden behind a feature flag.
+The development is currently between 2.0 and 2.1, with updates hidden behind
+a feature flag.
 Please add the flag `--ctap2.1` to the deploy command to include them.
 
 ### Cryptography
@@ -58,8 +58,8 @@ For a more detailed guide, please refer to our
     ./setup.sh
     ```
 
-2.  Next step is to install Tock OS as well as the OpenSK application on your
-    board (**Warning**: it will erase the locally stored credentials). Run:
+1.  Next step is to install Tock OS as well as the OpenSK application on your
+    board. Run:
 
     ```shell
     # Nordic nRF52840-DK board
@@ -68,7 +68,17 @@ For a more detailed guide, please refer to our
     ./deploy.py --board=nrf52840_dongle --opensk
     ```
 
-3.  On Linux, you may want to avoid the need for `root` privileges to interact
+1.  Finally you need to inejct the cryptographic material if you enabled
+    batch attestation or CTAP1/U2F compatibility (which is the case by
+    default):
+
+    ```shell
+    ./tools/configure.py \
+        --certificate=crypto_data/opensk_cert.pem \
+        --private-key=crypto_data/opensk.key
+    ```
+
+1.  On Linux, you may want to avoid the need for `root` privileges to interact
     with the key. For that purpose we provide a udev rule file that can be
     installed with the following command:
 
@@ -148,7 +158,7 @@ operation.
 
 The additional output looks like the following.
 
-```
+```text
 # Allocation of 256 byte(s), aligned on 1 byte(s). The allocated address is
 # 0x2002401c. After this operation, 2 pointers have been allocated, totalling
 # 384 bytes (the total heap usage may be larger, due to alignment and
@@ -163,12 +173,12 @@ A tool is provided to analyze such reports, in `tools/heapviz`. This tool
 parses the console output, identifies the lines corresponding to (de)allocation
 operations, and first computes some statistics:
 
-- Address range used by the heap over this run of the program,
-- Peak heap usage (how many useful bytes are allocated),
-- Peak heap consumption (how many bytes are used by the heap, including
-  unavailable bytes between allocated blocks, due to alignment constraints and
-  memory fragmentation),
-- Fragmentation overhead (difference between heap consumption and usage).
+*   Address range used by the heap over this run of the program,
+*   Peak heap usage (how many useful bytes are allocated),
+*   Peak heap consumption (how many bytes are used by the heap, including
+    unavailable bytes between allocated blocks, due to alignment constraints and
+    memory fragmentation),
+*   Fragmentation overhead (difference between heap consumption and usage).
 
 Then, the `heapviz` tool displays an animated "movie" of the allocated bytes in
 heap memory. Each frame in this "movie" shows bytes that are currently
@@ -177,10 +187,11 @@ allocated. A new frame is generated for each (de)allocation operation. This tool
 uses the `ncurses` library, that you may have to install beforehand.
 
 You can control the tool with the following parameters:
-- `--logfile` (required) to provide the file which contains the console output
-  to parse,
-- `--fps` (optional) to customize the number of frames per second in the movie
-  animation.
+
+*   `--logfile` (required) to provide the file which contains the console output
+    to parse,
+*   `--fps` (optional) to customize the number of frames per second in the movie
+    animation.
 
 ```shell
 cargo run --manifest-path tools/heapviz/Cargo.toml -- --logfile console.log --fps 50
diff --git a/docs/install.md b/docs/install.md
index cf355fa..61866ff 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -125,6 +125,7 @@ This is the expected content after running our `setup.sh` script:
 
 File              | Purpose
 ----------------- | --------------------------------------------------------
+`aaguid.txt`      | Text file containaing the AAGUID value
 `opensk_ca.csr`   | Certificate sign request for the Root CA
 `opensk_ca.key`   | ECC secp256r1 private key used for the Root CA
 `opensk_ca.pem`   | PEM encoded certificate of the Root CA
@@ -136,9 +137,11 @@ File              | Purpose
 If you want to use your own attestation certificate and private key, simply
 replace `opensk_cert.pem` and `opensk.key` files.
 
-Our build script `build.rs` is responsible for converting `opensk_cert.pem` and
-`opensk.key` files into raw data that is then used by the Rust file:
-`src/ctap/key_material.rs`.
+Our build script `build.rs` is responsible for converting `aaguid.txt` file
+into raw data that is then used by the Rust file `src/ctap/key_material.rs`.
+
+Our configuration script `tools/configure.py` is responsible for configuring
+an OpenSK device with the correct certificate and private key.
 
 ### Flashing a firmware
 

From ca0606a5576a59b65cd9ed1b4f590f3084e4f317 Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Fri, 11 Dec 2020 01:52:52 +0100
Subject: [PATCH 099/192] Bump versions to 1.0 for FIDO2 certification.

---
 Cargo.toml                                 | 2 +-
 boards/nordic/nrf52840_mdk_dfu/src/main.rs | 2 +-
 patches/tock/02-usb.patch                  | 4 ++--
 src/ctap/hid/mod.rs                        | 9 ++++-----
 4 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 611b2a0..15984a0 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "ctap2"
-version = "0.1.0"
+version = "1.0.0"
 authors = [
   "Fabian Kaczmarczyck <kaczmarczyck@google.com>",
   "Guillaume Endignoux <guillaumee@google.com>",
diff --git a/boards/nordic/nrf52840_mdk_dfu/src/main.rs b/boards/nordic/nrf52840_mdk_dfu/src/main.rs
index a346da5..1eccb0e 100644
--- a/boards/nordic/nrf52840_mdk_dfu/src/main.rs
+++ b/boards/nordic/nrf52840_mdk_dfu/src/main.rs
@@ -48,7 +48,7 @@ static STRINGS: &'static [&'static str] = &[
     // Product
     "OpenSK",
     // Serial number
-    "v0.1",
+    "v1.0",
 ];
 
 // State for loading and holding applications.
diff --git a/patches/tock/02-usb.patch b/patches/tock/02-usb.patch
index 135369d..6220f6a 100644
--- a/patches/tock/02-usb.patch
+++ b/patches/tock/02-usb.patch
@@ -117,7 +117,7 @@ index d72d20482..118ea6d68 100644
 +    // Product
 +    "OpenSK",
 +    // Serial number
-+    "v0.1",
++    "v1.0",
 +];
 +
  // State for loading and holding applications.
@@ -189,7 +189,7 @@ index 2ebb384d8..4a7bfffdd 100644
 +    // Product
 +    "OpenSK",
 +    // Serial number
-+    "v0.1",
++    "v1.0",
 +];
 +
  // State for loading and holding applications.
diff --git a/src/ctap/hid/mod.rs b/src/ctap/hid/mod.rs
index 1ae8334..ef96eef 100644
--- a/src/ctap/hid/mod.rs
+++ b/src/ctap/hid/mod.rs
@@ -117,9 +117,8 @@ impl CtapHid {
     // CTAP specification (version 20190130) section 8.1.9.1.3
     const PROTOCOL_VERSION: u8 = 2;
 
-    // The device version number is vendor-defined. For now we define them to be zero.
-    // TODO: Update with device version?
-    const DEVICE_VERSION_MAJOR: u8 = 0;
+    // The device version number is vendor-defined.
+    const DEVICE_VERSION_MAJOR: u8 = 1;
     const DEVICE_VERSION_MINOR: u8 = 0;
     const DEVICE_VERSION_BUILD: u8 = 0;
 
@@ -574,7 +573,7 @@ mod test {
                     0x00,
                     0x01,
                     0x02, // Protocol version
-                    0x00, // Device version
+                    0x01, // Device version
                     0x00,
                     0x00,
                     CtapHid::CAPABILITIES
@@ -634,7 +633,7 @@ mod test {
                     cid[2],
                     cid[3],
                     0x02, // Protocol version
-                    0x00, // Device version
+                    0x01, // Device version
                     0x00,
                     0x00,
                     CtapHid::CAPABILITIES

From 7213c4ee996b5dc9481ffd18904177e519c33f27 Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Fri, 11 Dec 2020 12:58:26 +0100
Subject: [PATCH 100/192] Address first round of comments.

---
 README.md            |  2 +-
 docs/install.md      |  2 +-
 src/ctap/command.rs  | 85 +++++++++++++++++++++++++++++++++++++++--
 src/ctap/mod.rs      | 91 +++++++++++++++++++++++++++-----------------
 src/ctap/response.rs |  3 --
 src/ctap/storage.rs  |  3 +-
 tools/configure.py   | 21 +++++++---
 7 files changed, 157 insertions(+), 50 deletions(-)

diff --git a/README.md b/README.md
index cca4eac..68e9f71 100644
--- a/README.md
+++ b/README.md
@@ -68,7 +68,7 @@ For a more detailed guide, please refer to our
     ./deploy.py --board=nrf52840_dongle --opensk
     ```
 
-1.  Finally you need to inejct the cryptographic material if you enabled
+1.  Finally you need to inject the cryptographic material if you enabled
     batch attestation or CTAP1/U2F compatibility (which is the case by
     default):
 
diff --git a/docs/install.md b/docs/install.md
index 61866ff..d00b991 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -137,7 +137,7 @@ File              | Purpose
 If you want to use your own attestation certificate and private key, simply
 replace `opensk_cert.pem` and `opensk.key` files.
 
-Our build script `build.rs` is responsible for converting `aaguid.txt` file
+Our build script `build.rs` is responsible for converting the `aaguid.txt` file
 into raw data that is then used by the Rust file `src/ctap/key_material.rs`.
 
 Our configuration script `tools/configure.py` is responsible for configuring
diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index f2f2537..5dbd930 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -400,10 +400,10 @@ impl TryFrom<cbor::Value> for AuthenticatorAttestationMaterial {
                 2 => private_key,
             } = extract_map(cbor_value)?;
         }
-        let certificate = certificate.map(extract_byte_string).transpose()?.unwrap();
-        let private_key = private_key.map(extract_byte_string).transpose()?.unwrap();
+        let certificate = extract_byte_string(ok_or_missing(certificate)?)?;
+        let private_key = extract_byte_string(ok_or_missing(private_key)?)?;
         if private_key.len() != key_material::ATTESTATION_PRIVATE_KEY_LENGTH {
-            return Err(Ctap2StatusCode::CTAP2_ERR_INVALID_CBOR);
+            return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
         }
         let private_key = array_ref!(private_key, 0, key_material::ATTESTATION_PRIVATE_KEY_LENGTH);
         Ok(AuthenticatorAttestationMaterial {
@@ -638,4 +638,83 @@ mod test {
         let command = Command::deserialize(&cbor_bytes);
         assert_eq!(command, Ok(Command::AuthenticatorSelection));
     }
+
+    #[test]
+    fn test_vendor_configure() {
+        // Incomplete command
+        let mut cbor_bytes = vec![Command::AUTHENTICATOR_VENDOR_CONFIGURE];
+        let command = Command::deserialize(&cbor_bytes);
+        assert_eq!(command, Err(Ctap2StatusCode::CTAP2_ERR_INVALID_CBOR));
+
+        cbor_bytes.extend(&[0xA1, 0x01, 0xF5]);
+        let command = Command::deserialize(&cbor_bytes);
+        assert_eq!(
+            command,
+            Ok(Command::AuthenticatorVendorConfigure(
+                AuthenticatorVendorConfigureParameters {
+                    lockdown: true,
+                    attestation_material: None
+                }
+            ))
+        );
+
+        let dummy_cert = [0xddu8; 20];
+        let dummy_pkey = [0x41u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH];
+
+        // Attestation key is too short.
+        let cbor_value = cbor_map! {
+            1 => false,
+            2 => cbor_map! {
+                1 => dummy_cert,
+                2 => dummy_pkey[..key_material::ATTESTATION_PRIVATE_KEY_LENGTH - 1]
+            }
+        };
+        assert_eq!(
+            AuthenticatorVendorConfigureParameters::try_from(cbor_value),
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        );
+
+        // Missing private key
+        let cbor_value = cbor_map! {
+            1 => false,
+            2 => cbor_map! {
+                1 => dummy_cert
+            }
+        };
+        assert_eq!(
+            AuthenticatorVendorConfigureParameters::try_from(cbor_value),
+            Err(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)
+        );
+
+        // Missing certificate
+        let cbor_value = cbor_map! {
+            1 => false,
+            2 => cbor_map! {
+                2 => dummy_pkey
+            }
+        };
+        assert_eq!(
+            AuthenticatorVendorConfigureParameters::try_from(cbor_value),
+            Err(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)
+        );
+
+        // Valid
+        let cbor_value = cbor_map! {
+            1 => false,
+            2 => cbor_map! {
+                1 => dummy_cert,
+                2 => dummy_pkey
+            }
+        };
+        assert_eq!(
+            AuthenticatorVendorConfigureParameters::try_from(cbor_value),
+            Ok(AuthenticatorVendorConfigureParameters {
+                lockdown: false,
+                attestation_material: Some(AuthenticatorAttestationMaterial {
+                    certificate: dummy_cert.to_vec(),
+                    private_key: dummy_pkey
+                })
+            })
+        );
+    }
 }
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 50e0bbf..b6cf5b4 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -931,22 +931,64 @@ where
         (self.check_user_presence)(cid)?;
 
         // Sanity checks
-        let has_priv_key = self.persistent_store.attestation_private_key()?.is_some();
-        let has_cert = self.persistent_store.attestation_certificate()?.is_some();
+        let current_priv_key = self.persistent_store.attestation_private_key()?;
+        let current_cert = self.persistent_store.attestation_certificate()?;
 
-        if params.attestation_material.is_some() {
+        let response = if params.attestation_material.is_some() {
             let data = params.attestation_material.unwrap();
-            if !has_cert {
-                self.persistent_store
-                    .set_attestation_certificate(&data.certificate)?;
+
+            match (current_cert, current_priv_key) {
+                (Some(_), Some(_)) => {
+                    // Device is fully programmed.
+                    // We don't compare values to avoid giving an oracle
+                    // about the private key.
+                    AuthenticatorVendorResponse {
+                        cert_programmed: true,
+                        pkey_programmed: true,
+                    }
+                }
+                // Device is not programmed.
+                (None, None) => {
+                    self.persistent_store
+                        .set_attestation_certificate(&data.certificate)?;
+                    self.persistent_store
+                        .set_attestation_private_key(&data.private_key)?;
+                    AuthenticatorVendorResponse {
+                        cert_programmed: true,
+                        pkey_programmed: true,
+                    }
+                }
+                // Device is partially programmed. Ensure the programmed value
+                // matched the given one before programming anything.
+                (Some(cert), None) => {
+                    if cert != data.certificate {
+                        return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+                    }
+                    self.persistent_store
+                        .set_attestation_private_key(&data.private_key)?;
+                    AuthenticatorVendorResponse {
+                        cert_programmed: true,
+                        pkey_programmed: true,
+                    }
+                }
+                (None, Some(key)) => {
+                    if key != data.private_key {
+                        return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+                    }
+                    self.persistent_store
+                        .set_attestation_certificate(&data.certificate)?;
+                    AuthenticatorVendorResponse {
+                        cert_programmed: true,
+                        pkey_programmed: true,
+                    }
+                }
             }
-            if !has_priv_key {
-                self.persistent_store
-                    .set_attestation_private_key(&data.private_key)?;
+        } else {
+            AuthenticatorVendorResponse {
+                cert_programmed: current_cert.is_some(),
+                pkey_programmed: current_priv_key.is_some(),
             }
         };
-        let has_priv_key = self.persistent_store.attestation_private_key()?.is_some();
-        let has_cert = self.persistent_store.attestation_certificate()?.is_some();
         if params.lockdown {
             // To avoid bricking the authenticator, we only allow lockdown
             // to happen if both values are programmed or if both U2F/CTAP1 and
@@ -956,28 +998,13 @@ where
             #[cfg(not(feature = "with_ctap1"))]
             let need_certificate = USE_BATCH_ATTESTATION;
 
-            if (need_certificate && !(has_priv_key && has_cert))
+            if (need_certificate && !(response.pkey_programmed && response.cert_programmed))
                 || libtock_drivers::crp::protect().is_err()
             {
-                Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)
-            } else {
-                Ok(ResponseData::AuthenticatorVendor(
-                    AuthenticatorVendorResponse {
-                        cert_programmed: has_cert,
-                        pkey_programmed: has_priv_key,
-                        lockdown_enabled: true,
-                    },
-                ))
+                return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
             }
-        } else {
-            Ok(ResponseData::AuthenticatorVendor(
-                AuthenticatorVendorResponse {
-                    cert_programmed: has_cert,
-                    pkey_programmed: has_priv_key,
-                    lockdown_enabled: false,
-                },
-            ))
         }
+        Ok(ResponseData::AuthenticatorVendor(response))
     }
 
     pub fn generate_auth_data(
@@ -2135,7 +2162,6 @@ mod test {
                 AuthenticatorVendorResponse {
                     cert_programmed: false,
                     pkey_programmed: false,
-                    lockdown_enabled: false
                 }
             ))
         );
@@ -2159,7 +2185,6 @@ mod test {
                 AuthenticatorVendorResponse {
                     cert_programmed: true,
                     pkey_programmed: true,
-                    lockdown_enabled: false
                 }
             ))
         );
@@ -2180,7 +2205,7 @@ mod test {
             dummy_key
         );
 
-        // Try to inject other dummy values and check that intial values are retained.
+        // Try to inject other dummy values and check that initial values are retained.
         let other_dummy_key = [0x44u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH];
         let response = ctap_state.process_vendor_configure(
             AuthenticatorVendorConfigureParameters {
@@ -2198,7 +2223,6 @@ mod test {
                 AuthenticatorVendorResponse {
                     cert_programmed: true,
                     pkey_programmed: true,
-                    lockdown_enabled: false
                 }
             ))
         );
@@ -2233,7 +2257,6 @@ mod test {
                 AuthenticatorVendorResponse {
                     cert_programmed: true,
                     pkey_programmed: true,
-                    lockdown_enabled: true
                 }
             ))
         );
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index 674a1f5..9b9efc1 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -238,7 +238,6 @@ impl From<AuthenticatorClientPinResponse> for cbor::Value {
 pub struct AuthenticatorVendorResponse {
     pub cert_programmed: bool,
     pub pkey_programmed: bool,
-    pub lockdown_enabled: bool,
 }
 
 impl From<AuthenticatorVendorResponse> for cbor::Value {
@@ -246,13 +245,11 @@ impl From<AuthenticatorVendorResponse> for cbor::Value {
         let AuthenticatorVendorResponse {
             cert_programmed,
             pkey_programmed,
-            lockdown_enabled,
         } = vendor_response;
 
         cbor_map_options! {
             1 => cert_programmed,
             2 => pkey_programmed,
-            3 => lockdown_enabled,
         }
     }
 }
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 110184f..a701325 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -964,8 +964,7 @@ mod test {
             .unwrap()
             .is_none());
 
-        // Make sure the persistent keys are initialized.
-        // Put dummy values
+        // Make sure the persistent keys are initialized to dummy values.
         let dummy_key = [0x41u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH];
         let dummy_cert = [0xddu8; 20];
         persistent_store
diff --git a/tools/configure.py b/tools/configure.py
index eff1166..cc00a1a 100755
--- a/tools/configure.py
+++ b/tools/configure.py
@@ -75,11 +75,11 @@ def get_opensk_devices(batch_mode):
 
 
 def get_private_key(data, password=None):
-  # First we try without password
+  # First we try without password.
   try:
     return serialization.load_pem_private_key(data, password=None)
   except TypeError:
-    # Maybe we need a password then
+    # Maybe we need a password then.
     if sys.stdin.isatty():
       password = getpass.getpass(prompt="Private key password: ")
     else:
@@ -134,7 +134,7 @@ def main(args):
 
   for authenticator in tqdm(get_opensk_devices(args.batch)):
     # If the device supports it, wink to show which device
-    # we're going to program
+    # we're going to program.
     if authenticator.device.capabilities & hid.CAPABILITY.WINK:
       authenticator.device.wink()
     aaguid = uuid.UUID(bytes=authenticator.get_info().aaguid)
@@ -149,11 +149,20 @@ def main(args):
       )
       info("Certificate: {}".format("Present" if result[1] else "Missing"))
       info("Private Key: {}".format("Present" if result[2] else "Missing"))
-      if result[3]:
-        info("Device locked down!")
+      if args.lock:
+        info("Device is now locked down!")
     except ctap.CtapError as ex:
       if ex.code.value == ctap.CtapError.ERR.INVALID_COMMAND:
         error("Failed to configure OpenSK (unsupported command).")
+      elif ex.code.value == 0xF2:  # VENDOR_INTERNAL_ERROR
+        error(("Failed to configure OpenSK (lockdown conditions not met "
+               "or hardware error)."))
+      elif ex.code.value == ctap.CtapError.ERR.INVALID_PARAMETER:
+        error(
+            ("Failed to configure OpenSK (device is partially programmed but "
+             "the given cert/key don't match the ones currently programmed)."))
+      else:
+        error("Failed to configure OpenSK (unknown error: {}".format(ex))
 
 
 if __name__ == "__main__":
@@ -174,7 +183,7 @@ if __name__ == "__main__":
       metavar="PEM_FILE",
       dest="certificate",
       help=("PEM file containing the certificate to inject into "
-            "OpenSK authenticator."),
+            "the OpenSK authenticator."),
   )
   parser.add_argument(
       "--private-key",

From 8595ed5e286d3aaa6735d8c89facc2da3d0cb6d6 Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Fri, 11 Dec 2020 23:56:53 +0100
Subject: [PATCH 101/192] Addressing review comments.

---
 patches/tock/07-firmware-protect.patch | 209 +++++++++++++++++--------
 src/ctap/mod.rs                        |  89 +++++------
 src/ctap/response.rs                   |  30 ++++
 third_party/libtock-drivers/src/crp.rs |  39 ++++-
 4 files changed, 244 insertions(+), 123 deletions(-)

diff --git a/patches/tock/07-firmware-protect.patch b/patches/tock/07-firmware-protect.patch
index c062648..d002647 100644
--- a/patches/tock/07-firmware-protect.patch
+++ b/patches/tock/07-firmware-protect.patch
@@ -1,9 +1,9 @@
 diff --git a/boards/components/src/firmware_protection.rs b/boards/components/src/firmware_protection.rs
 new file mode 100644
-index 0000000..5eda591
+index 0000000..58695af
 --- /dev/null
 +++ b/boards/components/src/firmware_protection.rs
-@@ -0,0 +1,67 @@
+@@ -0,0 +1,70 @@
 +//! Component for firmware protection syscall interface.
 +//!
 +//! This provides one Component, `FirmwareProtectionComponent`, which implements a
@@ -35,12 +35,13 @@ index 0000000..5eda591
 +    ($C:ty) => {{
 +        use capsules::firmware_protection;
 +        use core::mem::MaybeUninit;
-+        static mut BUF: MaybeUninit<firmware_protection::FirmwareProtection<'static, $C>> = MaybeUninit::uninit();
++        static mut BUF: MaybeUninit<firmware_protection::FirmwareProtection<$C>> =
++            MaybeUninit::uninit();
 +        &mut BUF
 +    };};
 +}
 +
-+pub struct FirmwareProtectionComponent<C: 'static + hil::firmware_protection::FirmwareProtection> {
++pub struct FirmwareProtectionComponent<C: hil::firmware_protection::FirmwareProtection> {
 +    board_kernel: &'static kernel::Kernel,
 +    crp: C,
 +}
@@ -54,16 +55,18 @@ index 0000000..5eda591
 +    }
 +}
 +
-+impl<C: 'static + hil::firmware_protection::FirmwareProtection> Component for FirmwareProtectionComponent<C> {
-+    type StaticInput = &'static mut MaybeUninit<firmware_protection::FirmwareProtection<'static, C>>;
-+    type Output = &'static firmware_protection::FirmwareProtection<'static, C>;
++impl<C: 'static + hil::firmware_protection::FirmwareProtection> Component
++    for FirmwareProtectionComponent<C>
++{
++    type StaticInput = &'static mut MaybeUninit<firmware_protection::FirmwareProtection<C>>;
++    type Output = &'static firmware_protection::FirmwareProtection<C>;
 +
 +    unsafe fn finalize(self, static_buffer: Self::StaticInput) -> Self::Output {
 +        let grant_cap = create_capability!(capabilities::MemoryAllocationCapability);
 +
 +        static_init_half!(
 +            static_buffer,
-+            firmware_protection::FirmwareProtection<'static, C>,
++            firmware_protection::FirmwareProtection<C>,
 +            firmware_protection::FirmwareProtection::new(
 +                self.crp,
 +                self.board_kernel.create_grant(&grant_cap),
@@ -84,21 +87,18 @@ index 917497a..520408f 100644
  pub mod gpio;
  pub mod hd44780;
 diff --git a/boards/nordic/nrf52840_dongle/src/main.rs b/boards/nordic/nrf52840_dongle/src/main.rs
-index 118ea6d..f340dd1 100644
+index 118ea6d..76436f3 100644
 --- a/boards/nordic/nrf52840_dongle/src/main.rs
 +++ b/boards/nordic/nrf52840_dongle/src/main.rs
-@@ -112,6 +112,10 @@ pub struct Platform {
+@@ -112,6 +112,7 @@ pub struct Platform {
          'static,
          nrf52840::usbd::Usbd<'static>,
      >,
-+    crp: &'static capsules::firmware_protection::FirmwareProtection<
-+        'static,
-+        nrf52840::uicr::Uicr,
-+    >,
++    crp: &'static capsules::firmware_protection::FirmwareProtection<nrf52840::uicr::Uicr>,
  }
  
  impl kernel::Platform for Platform {
-@@ -132,6 +136,7 @@ impl kernel::Platform for Platform {
+@@ -132,6 +133,7 @@ impl kernel::Platform for Platform {
              capsules::analog_comparator::DRIVER_NUM => f(Some(self.analog_comparator)),
              nrf52840::nvmc::DRIVER_NUM => f(Some(self.nvmc)),
              capsules::usb::usb_ctap::DRIVER_NUM => f(Some(self.usb)),
@@ -106,7 +106,7 @@ index 118ea6d..f340dd1 100644
              kernel::ipc::DRIVER_NUM => f(Some(&self.ipc)),
              _ => f(None),
          }
-@@ -355,6 +360,12 @@ pub unsafe fn reset_handler() {
+@@ -355,6 +357,14 @@ pub unsafe fn reset_handler() {
      )
      .finalize(components::usb_ctap_component_buf!(nrf52840::usbd::Usbd));
  
@@ -114,12 +114,14 @@ index 118ea6d..f340dd1 100644
 +        board_kernel,
 +        nrf52840::uicr::Uicr::new(),
 +    )
-+    .finalize(components::firmware_protection_component_helper!(nrf52840::uicr::Uicr));
++    .finalize(components::firmware_protection_component_helper!(
++        nrf52840::uicr::Uicr
++    ));
 +
      nrf52_components::NrfClockComponent::new().finalize(());
  
      let platform = Platform {
-@@ -371,6 +382,7 @@ pub unsafe fn reset_handler() {
+@@ -371,6 +381,7 @@ pub unsafe fn reset_handler() {
          analog_comparator,
          nvmc,
          usb,
@@ -128,21 +130,18 @@ index 118ea6d..f340dd1 100644
      };
  
 diff --git a/boards/nordic/nrf52840dk/src/main.rs b/boards/nordic/nrf52840dk/src/main.rs
-index b1d0d3c..a37d180 100644
+index b1d0d3c..3cfb38d 100644
 --- a/boards/nordic/nrf52840dk/src/main.rs
 +++ b/boards/nordic/nrf52840dk/src/main.rs
-@@ -180,6 +180,10 @@ pub struct Platform {
+@@ -180,6 +180,7 @@ pub struct Platform {
          'static,
          nrf52840::usbd::Usbd<'static>,
      >,
-+    crp: &'static capsules::firmware_protection::FirmwareProtection<
-+        'static,
-+        nrf52840::uicr::Uicr,
-+    >,
++    crp: &'static capsules::firmware_protection::FirmwareProtection<nrf52840::uicr::Uicr>,
  }
  
  impl kernel::Platform for Platform {
-@@ -201,6 +205,7 @@ impl kernel::Platform for Platform {
+@@ -201,6 +202,7 @@ impl kernel::Platform for Platform {
              capsules::nonvolatile_storage_driver::DRIVER_NUM => f(Some(self.nonvolatile_storage)),
              nrf52840::nvmc::DRIVER_NUM => f(Some(self.nvmc)),
              capsules::usb::usb_ctap::DRIVER_NUM => f(Some(self.usb)),
@@ -150,7 +149,7 @@ index b1d0d3c..a37d180 100644
              kernel::ipc::DRIVER_NUM => f(Some(&self.ipc)),
              _ => f(None),
          }
-@@ -480,6 +485,12 @@ pub unsafe fn reset_handler() {
+@@ -480,6 +482,14 @@ pub unsafe fn reset_handler() {
      )
      .finalize(components::usb_ctap_component_buf!(nrf52840::usbd::Usbd));
  
@@ -158,12 +157,14 @@ index b1d0d3c..a37d180 100644
 +        board_kernel,
 +        nrf52840::uicr::Uicr::new(),
 +    )
-+    .finalize(components::firmware_protection_component_helper!(nrf52840::uicr::Uicr));
++    .finalize(components::firmware_protection_component_helper!(
++        nrf52840::uicr::Uicr
++    ));
 +
      nrf52_components::NrfClockComponent::new().finalize(());
  
      let platform = Platform {
-@@ -497,6 +508,7 @@ pub unsafe fn reset_handler() {
+@@ -497,6 +507,7 @@ pub unsafe fn reset_handler() {
          nonvolatile_storage,
          nvmc,
          usb,
@@ -185,10 +186,10 @@ index ae458b3..f536dad 100644
      Ipc                   = 0x10000,
 diff --git a/capsules/src/firmware_protection.rs b/capsules/src/firmware_protection.rs
 new file mode 100644
-index 0000000..2c61d06
+index 0000000..dc46a13
 --- /dev/null
 +++ b/capsules/src/firmware_protection.rs
-@@ -0,0 +1,87 @@
+@@ -0,0 +1,85 @@
 +//! Provides userspace control of firmware protection on a board.
 +//!
 +//! This allows an application to enable firware readout protection,
@@ -213,7 +214,7 @@ index 0000000..2c61d06
 +//! Syscall Interface
 +//! -----------------
 +//!
-+//! - Stability: 2 - Stable
++//! - Stability: 0 - Draft
 +//!
 +//! ### Command
 +//!
@@ -222,10 +223,10 @@ index 0000000..2c61d06
 +//! #### `command_num`
 +//!
 +//! - `0`: Driver check.
-+//! - `1`: Enable firmware readout protection (aka CRP).
++//! - `1`: Get current firmware readout protection (aka CRP) state.
++//! - `2`: Set current firmware readout protection (aka CRP) state.
 +//!
 +
-+use core::marker::PhantomData;
 +use kernel::hil;
 +use kernel::{AppId, Callback, Driver, Grant, ReturnCode};
 +
@@ -233,43 +234,41 @@ index 0000000..2c61d06
 +use crate::driver;
 +pub const DRIVER_NUM: usize = driver::NUM::FirmwareProtection as usize;
 +
-+pub struct FirmwareProtection<'a, C: hil::firmware_protection::FirmwareProtection> {
++pub struct FirmwareProtection<C: hil::firmware_protection::FirmwareProtection> {
 +    crp_unit: C,
 +    apps: Grant<Option<Callback>>,
-+    _phantom: PhantomData<&'a C>,
 +}
 +
-+impl<'a, C: hil::firmware_protection::FirmwareProtection> FirmwareProtection<'a, C> {
-+    pub fn new(
-+        crp_unit: C,
-+        apps: Grant<Option<Callback>>,
-+    ) -> Self {
-+        Self {
-+            crp_unit,
-+            apps,
-+            _phantom: PhantomData,
-+        }
++impl<C: hil::firmware_protection::FirmwareProtection> FirmwareProtection<C> {
++    pub fn new(crp_unit: C, apps: Grant<Option<Callback>>) -> Self {
++        Self { crp_unit, apps }
 +    }
 +}
 +
-+impl<'a, C: hil::firmware_protection::FirmwareProtection> Driver for FirmwareProtection<'a, C> {
++impl<C: hil::firmware_protection::FirmwareProtection> Driver for FirmwareProtection<C> {
 +    ///
 +    /// ### Command numbers
 +    ///
 +    ///   * `0`: Returns non-zero to indicate the driver is present.
-+    ///   * `1`: Enable firmware protection.
-+    fn command(&self, command_num: usize, _: usize, _: usize, appid: AppId) -> ReturnCode {
++    ///   * `1`: Gets firmware protection state.
++    ///   * `2`: Sets firmware protection state.
++    fn command(&self, command_num: usize, data: usize, _: usize, appid: AppId) -> ReturnCode {
 +        match command_num {
 +            // return if driver is available
 +            0 => ReturnCode::SUCCESS,
 +
-+            // enable firmware protection
-+            1 => {
-+                self.apps.enter(appid, |_, _| {
-+                    self.crp_unit.protect()
++            1 => self
++                .apps
++                .enter(appid, |_, _| ReturnCode::SuccessWithValue {
++                    value: self.crp_unit.get_protection() as usize,
 +                })
-+                .unwrap_or_else(|err| err.into())
-+            }
++                .unwrap_or_else(|err| err.into()),
++
++            // sets firmware protection
++            2 => self
++                .apps
++                .enter(appid, |_, _| self.crp_unit.set_protection(data.into()))
++                .unwrap_or_else(|err| err.into()),
 +
 +            // default
 +            _ => ReturnCode::ENOSUPPORT,
@@ -289,10 +288,18 @@ index e4423fe..7538aad 100644
  pub mod ft6x06;
  pub mod fxos8700cq;
 diff --git a/chips/nrf52/src/uicr.rs b/chips/nrf52/src/uicr.rs
-index 3bb8b5a..b8895d3 100644
+index 3bb8b5a..19c2e90 100644
 --- a/chips/nrf52/src/uicr.rs
 +++ b/chips/nrf52/src/uicr.rs
-@@ -8,6 +8,7 @@ use kernel::hil;
+@@ -1,13 +1,14 @@
+ //! User information configuration registers
+ 
+-
+ use enum_primitive::cast::FromPrimitive;
++use hil::firmware_protection::ProtectionLevel;
+ use kernel::common::registers::{register_bitfields, register_structs, ReadWrite};
+ use kernel::common::StaticRef;
+ use kernel::hil;
  use kernel::ReturnCode;
  
  use crate::gpio::Pin;
@@ -300,21 +307,47 @@ index 3bb8b5a..b8895d3 100644
  
  const UICR_BASE: StaticRef<UicrRegisters> =
      unsafe { StaticRef::new(0x10001000 as *const UicrRegisters) };
-@@ -210,3 +211,20 @@ impl Uicr {
+@@ -210,3 +211,46 @@ impl Uicr {
          self.registers.approtect.write(ApProtect::PALL::ENABLED);
      }
  }
 +
 +impl hil::firmware_protection::FirmwareProtection for Uicr {
-+    fn protect(&self) -> ReturnCode {
++    fn get_protection(&self) -> ProtectionLevel {
++        let ap_protect_state = self.is_ap_protect_enabled();
++        let cpu_debug_state = self
++            .registers
++            .debugctrl
++            .matches_all(DebugControl::CPUNIDEN::ENABLED + DebugControl::CPUFPBEN::ENABLED);
++        match (ap_protect_state, cpu_debug_state) {
++            (false, _) => ProtectionLevel::NoProtection,
++            (true, true) => ProtectionLevel::JtagDisabled,
++            (true, false) => ProtectionLevel::FullyLocked,
++        }
++    }
++
++    fn set_protection(&self, level: ProtectionLevel) -> ReturnCode {
++        let current_level = self.get_protection();
++        if current_level > level || level == ProtectionLevel::Unknown {
++            return ReturnCode::EINVAL;
++        }
++        if current_level == level {
++            return ReturnCode::EALREADY;
++        }
 +        unsafe { NVMC.configure_writeable() };
-+        self.set_ap_protect();
-+        // Prevent CPU debug
-+        self.registers.debugctrl.write(
-+            DebugControl::CPUNIDEN::DISABLED + DebugControl::CPUFPBEN::DISABLED);
-+        // TODO(jmichel): Kill bootloader if present
++        if level >= ProtectionLevel::JtagDisabled {
++            self.set_ap_protect();
++        }
++        if level >= ProtectionLevel::FullyLocked {
++            // Prevent CPU debug and flash patching. Leaving these enabled could
++            // allow to circumvent protection.
++            self.registers
++                .debugctrl
++                .write(DebugControl::CPUNIDEN::DISABLED + DebugControl::CPUFPBEN::DISABLED);
++            // TODO(jmichel): Kill bootloader if present
++        }
 +        unsafe { NVMC.configure_readonly() };
-+        if self.is_ap_protect_enabled() {
++        if self.get_protection() == level {
 +            ReturnCode::SUCCESS
 +        } else {
 +            ReturnCode::FAIL
@@ -323,17 +356,57 @@ index 3bb8b5a..b8895d3 100644
 +}
 diff --git a/kernel/src/hil/firmware_protection.rs b/kernel/src/hil/firmware_protection.rs
 new file mode 100644
-index 0000000..e43fdf0
+index 0000000..de08246
 --- /dev/null
 +++ b/kernel/src/hil/firmware_protection.rs
-@@ -0,0 +1,8 @@
+@@ -0,0 +1,48 @@
 +//! Interface for Firmware Protection, also called Code Readout Protection.
 +
 +use crate::returncode::ReturnCode;
 +
++#[derive(PartialOrd, PartialEq)]
++pub enum ProtectionLevel {
++    /// Unsupported feature
++    Unknown = 0,
++    /// This should be the factory default for the chip.
++    NoProtection = 1,
++    /// At this level, only JTAG/SWD are disabled but other debugging
++    /// features may still be enabled.
++    JtagDisabled = 2,
++    /// This is the maximum level of protection the chip supports.
++    /// At this level, JTAG and all other features are expected to be
++    /// disabled and only a full chip erase may allow to recover from
++    /// that state.
++    FullyLocked = 0xff,
++}
++
++impl From<usize> for ProtectionLevel {
++    fn from(value: usize) -> Self {
++        match value {
++            1 => ProtectionLevel::NoProtection,
++            2 => ProtectionLevel::JtagDisabled,
++            0xff => ProtectionLevel::FullyLocked,
++            _ => ProtectionLevel::Unknown,
++        }
++    }
++}
++
 +pub trait FirmwareProtection {
-+    /// Disable debug ports and protects the device.
-+    fn protect(&self) -> ReturnCode;
++    /// Gets the current firmware protection level.
++    /// This doesn't fail and always returns a value.
++    fn get_protection(&self) -> ProtectionLevel;
++
++    /// Sets the firmware protection level.
++    /// There are four valid return values:
++    ///   - SUCCESS: protection level has been set to `level`
++    ///   - FAIL: something went wrong while setting the protection
++    ///     level and the effective protection level is not the one
++    ///     that was requested.
++    ///   - EALREADY: the requested protection level is already the
++    ///     level that is set.
++    ///   - EINVAL: unsupported protection level or the requested
++    ///     protection level is lower than the currently set one.
++    fn set_protection(&self, level: ProtectionLevel) -> ReturnCode;
 +}
 diff --git a/kernel/src/hil/mod.rs b/kernel/src/hil/mod.rs
 index 4f42afa..83e7702 100644
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index b6cf5b4..dfa2d9b 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -67,6 +67,7 @@ use crypto::sha256::Sha256;
 use crypto::Hash256;
 #[cfg(feature = "debug_ctap")]
 use libtock_drivers::console::Console;
+use libtock_drivers::crp;
 use libtock_drivers::timer::{ClockValue, Duration};
 
 // This flag enables or disables basic attestation for FIDO2. U2F is unaffected by
@@ -934,59 +935,43 @@ where
         let current_priv_key = self.persistent_store.attestation_private_key()?;
         let current_cert = self.persistent_store.attestation_certificate()?;
 
-        let response = if params.attestation_material.is_some() {
-            let data = params.attestation_material.unwrap();
-
-            match (current_cert, current_priv_key) {
-                (Some(_), Some(_)) => {
-                    // Device is fully programmed.
-                    // We don't compare values to avoid giving an oracle
-                    // about the private key.
-                    AuthenticatorVendorResponse {
-                        cert_programmed: true,
-                        pkey_programmed: true,
-                    }
-                }
-                // Device is not programmed.
-                (None, None) => {
-                    self.persistent_store
-                        .set_attestation_certificate(&data.certificate)?;
-                    self.persistent_store
-                        .set_attestation_private_key(&data.private_key)?;
-                    AuthenticatorVendorResponse {
-                        cert_programmed: true,
-                        pkey_programmed: true,
-                    }
-                }
-                // Device is partially programmed. Ensure the programmed value
-                // matched the given one before programming anything.
-                (Some(cert), None) => {
-                    if cert != data.certificate {
-                        return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
-                    }
-                    self.persistent_store
-                        .set_attestation_private_key(&data.private_key)?;
-                    AuthenticatorVendorResponse {
-                        cert_programmed: true,
-                        pkey_programmed: true,
-                    }
-                }
-                (None, Some(key)) => {
-                    if key != data.private_key {
-                        return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
-                    }
-                    self.persistent_store
-                        .set_attestation_certificate(&data.certificate)?;
-                    AuthenticatorVendorResponse {
-                        cert_programmed: true,
-                        pkey_programmed: true,
-                    }
-                }
-            }
-        } else {
-            AuthenticatorVendorResponse {
+        let response = match params.attestation_material {
+            // Only reading values.
+            None => AuthenticatorVendorResponse {
                 cert_programmed: current_cert.is_some(),
                 pkey_programmed: current_priv_key.is_some(),
+            },
+            // Device is already fully programmed. We don't leak information.
+            Some(_) if current_cert.is_some() && current_priv_key.is_some() => {
+                AuthenticatorVendorResponse {
+                    cert_programmed: true,
+                    pkey_programmed: true,
+                }
+            }
+            // Device is partially or not programmed. We complete the process.
+            Some(data) => {
+                if let Some(current_cert) = &current_cert {
+                    if current_cert != &data.certificate {
+                        return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+                    }
+                }
+                if let Some(current_priv_key) = &current_priv_key {
+                    if current_priv_key != &data.private_key {
+                        return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+                    }
+                }
+                if current_cert.is_none() {
+                    self.persistent_store
+                        .set_attestation_certificate(&data.certificate)?;
+                }
+                if current_priv_key.is_none() {
+                    self.persistent_store
+                        .set_attestation_private_key(&data.private_key)?;
+                }
+                AuthenticatorVendorResponse {
+                    cert_programmed: true,
+                    pkey_programmed: true,
+                }
             }
         };
         if params.lockdown {
@@ -999,7 +984,7 @@ where
             let need_certificate = USE_BATCH_ATTESTATION;
 
             if (need_certificate && !(response.pkey_programmed && response.cert_programmed))
-                || libtock_drivers::crp::protect().is_err()
+                || crp::set_protection(crp::ProtectionLevel::FullyLocked).is_err()
             {
                 return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
             }
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index 9b9efc1..6422959 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -424,4 +424,34 @@ mod test {
         let response_cbor: Option<cbor::Value> = ResponseData::AuthenticatorSelection.into();
         assert_eq!(response_cbor, None);
     }
+
+    #[test]
+    fn test_vendor_response_into_cbor() {
+        let response_cbor: Option<cbor::Value> =
+            ResponseData::AuthenticatorVendor(AuthenticatorVendorResponse {
+                cert_programmed: true,
+                pkey_programmed: false,
+            })
+            .into();
+        assert_eq!(
+            response_cbor,
+            Some(cbor_map_options! {
+                1 => true,
+                2 => false,
+            })
+        );
+        let response_cbor: Option<cbor::Value> =
+            ResponseData::AuthenticatorVendor(AuthenticatorVendorResponse {
+                cert_programmed: false,
+                pkey_programmed: true,
+            })
+            .into();
+        assert_eq!(
+            response_cbor,
+            Some(cbor_map_options! {
+                1 => false,
+                2 => true,
+            })
+        );
+    }
 }
diff --git a/third_party/libtock-drivers/src/crp.rs b/third_party/libtock-drivers/src/crp.rs
index fab747f..3b686ca 100644
--- a/third_party/libtock-drivers/src/crp.rs
+++ b/third_party/libtock-drivers/src/crp.rs
@@ -5,7 +5,35 @@ const DRIVER_NUMBER: usize = 0x00008;
 
 mod command_nr {
     pub const AVAILABLE: usize = 0;
-    pub const PROTECT: usize = 1;
+    pub const GET_PROTECTION: usize = 1;
+    pub const SET_PROTECTION: usize = 2;
+}
+
+#[derive(PartialOrd, PartialEq)]
+pub enum ProtectionLevel {
+    /// Unsupported feature
+    Unknown = 0,
+    /// This should be the factory default for the chip.
+    NoProtection = 1,
+    /// At this level, only JTAG/SWD are disabled but other debugging
+    /// features may still be enabled.
+    JtagDisabled = 2,
+    /// This is the maximum level of protection the chip supports.
+    /// At this level, JTAG and all other features are expected to be
+    /// disabled and only a full chip erase may allow to recover from
+    /// that state.
+    FullyLocked = 0xff,
+}
+
+impl From<usize> for ProtectionLevel {
+    fn from(value: usize) -> Self {
+        match value {
+            1 => ProtectionLevel::NoProtection,
+            2 => ProtectionLevel::JtagDisabled,
+            0xff => ProtectionLevel::FullyLocked,
+            _ => ProtectionLevel::Unknown,
+        }
+    }
 }
 
 pub fn is_available() -> TockResult<()> {
@@ -13,7 +41,12 @@ pub fn is_available() -> TockResult<()> {
     Ok(())
 }
 
-pub fn protect() -> TockResult<()> {
-    syscalls::command(DRIVER_NUMBER, command_nr::PROTECT, 0, 0)?;
+pub fn get_protection() -> TockResult<ProtectionLevel> {
+    let current_level = syscalls::command(DRIVER_NUMBER, command_nr::GET_PROTECTION, 0, 0)?;
+    Ok(current_level.into())
+}
+
+pub fn set_protection(level: ProtectionLevel) -> TockResult<()> {
+    syscalls::command(DRIVER_NUMBER, command_nr::SET_PROTECTION, level as usize, 0)?;
     Ok(())
 }

From 712fa0f6a2bc3ecf602f5729647ed6f52b6352fc Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Mon, 14 Dec 2020 19:43:59 +0100
Subject: [PATCH 102/192] Small improvements on kernel patch

---
 patches/tock/07-firmware-protect.patch | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/patches/tock/07-firmware-protect.patch b/patches/tock/07-firmware-protect.patch
index d002647..365b20a 100644
--- a/patches/tock/07-firmware-protect.patch
+++ b/patches/tock/07-firmware-protect.patch
@@ -186,7 +186,7 @@ index ae458b3..f536dad 100644
      Ipc                   = 0x10000,
 diff --git a/capsules/src/firmware_protection.rs b/capsules/src/firmware_protection.rs
 new file mode 100644
-index 0000000..dc46a13
+index 0000000..8cf63d6
 --- /dev/null
 +++ b/capsules/src/firmware_protection.rs
 @@ -0,0 +1,85 @@
@@ -204,8 +204,8 @@ index 0000000..dc46a13
 +//! # use kernel::static_init;
 +//!
 +//! let crp = static_init!(
-+//!     capsules::firware_protection::FirmwareProtection<'static>,
-+//!     capsules::firware_protection::FirmwareProtection::new(
++//!     capsules::firmware_protection::FirmwareProtection,
++//!     capsules::firmware_protection::FirmwareProtection::new(
 +//!         nrf52840::uicr::Uicr,
 +//!         board_kernel.create_grant(&grant_cap),
 +//!     );
@@ -288,7 +288,7 @@ index e4423fe..7538aad 100644
  pub mod ft6x06;
  pub mod fxos8700cq;
 diff --git a/chips/nrf52/src/uicr.rs b/chips/nrf52/src/uicr.rs
-index 3bb8b5a..19c2e90 100644
+index 3bb8b5a..ea96cb2 100644
 --- a/chips/nrf52/src/uicr.rs
 +++ b/chips/nrf52/src/uicr.rs
 @@ -1,13 +1,14 @@
@@ -307,7 +307,7 @@ index 3bb8b5a..19c2e90 100644
  
  const UICR_BASE: StaticRef<UicrRegisters> =
      unsafe { StaticRef::new(0x10001000 as *const UicrRegisters) };
-@@ -210,3 +211,46 @@ impl Uicr {
+@@ -210,3 +211,49 @@ impl Uicr {
          self.registers.approtect.write(ApProtect::PALL::ENABLED);
      }
  }
@@ -334,19 +334,22 @@ index 3bb8b5a..19c2e90 100644
 +        if current_level == level {
 +            return ReturnCode::EALREADY;
 +        }
++
 +        unsafe { NVMC.configure_writeable() };
 +        if level >= ProtectionLevel::JtagDisabled {
 +            self.set_ap_protect();
 +        }
++
 +        if level >= ProtectionLevel::FullyLocked {
 +            // Prevent CPU debug and flash patching. Leaving these enabled could
 +            // allow to circumvent protection.
 +            self.registers
 +                .debugctrl
 +                .write(DebugControl::CPUNIDEN::DISABLED + DebugControl::CPUFPBEN::DISABLED);
-+            // TODO(jmichel): Kill bootloader if present
++            // TODO(jmichel): prevent returning into bootloader if present
 +        }
 +        unsafe { NVMC.configure_readonly() };
++
 +        if self.get_protection() == level {
 +            ReturnCode::SUCCESS
 +        } else {

From 763bc031aa9a6895222515105456684cdf2b2a76 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 18 Dec 2020 12:45:19 +0100
Subject: [PATCH 103/192] updates command bytes

---
 src/ctap/command.rs | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index 5dbd930..ecfae9e 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -65,12 +65,13 @@ impl Command {
     const AUTHENTICATOR_GET_NEXT_ASSERTION: u8 = 0x08;
     // TODO(kaczmarczyck) use or remove those constants
     const AUTHENTICATOR_BIO_ENROLLMENT: u8 = 0x09;
-    const AUTHENTICATOR_CREDENTIAL_MANAGEMENT: u8 = 0xA0;
-    const AUTHENTICATOR_SELECTION: u8 = 0xB0;
-    const AUTHENTICATOR_CONFIG: u8 = 0xC0;
+    const AUTHENTICATOR_CREDENTIAL_MANAGEMENT: u8 = 0x0A;
+    const AUTHENTICATOR_SELECTION: u8 = 0x0B;
+    const AUTHENTICATOR_LARGE_BLOBS: u8 = 0x0C;
+    const AUTHENTICATOR_CONFIG: u8 = 0x0D;
+    const _AUTHENTICATOR_VENDOR_FIRST: u8 = 0x40;
     const AUTHENTICATOR_VENDOR_CONFIGURE: u8 = 0x40;
-    const AUTHENTICATOR_VENDOR_FIRST_UNUSED: u8 = 0x41;
-    const AUTHENTICATOR_VENDOR_LAST: u8 = 0xBF;
+    const _AUTHENTICATOR_VENDOR_LAST: u8 = 0xBF;
 
     pub fn deserialize(bytes: &[u8]) -> Result<Command, Ctap2StatusCode> {
         if bytes.is_empty() {

From d6adab4381f43cfe3188ec68761fe23006c95838 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 18 Dec 2020 11:52:29 +0100
Subject: [PATCH 104/192] updates status codes for RD02

---
 src/ctap/hid/mod.rs         |  2 +-
 src/ctap/mod.rs             | 22 ++++++++++------------
 src/ctap/pin_protocol_v1.rs | 15 ++++++---------
 src/ctap/status_code.rs     | 23 +++++++++++------------
 src/ctap/storage.rs         |  4 ++--
 5 files changed, 30 insertions(+), 36 deletions(-)

diff --git a/src/ctap/hid/mod.rs b/src/ctap/hid/mod.rs
index ef96eef..01c0b11 100644
--- a/src/ctap/hid/mod.rs
+++ b/src/ctap/hid/mod.rs
@@ -219,7 +219,7 @@ impl CtapHid {
                                 cid,
                                 cmd: CtapHid::COMMAND_CBOR,
                                 payload: vec![
-                                    Ctap2StatusCode::CTAP2_ERR_VENDOR_RESPONSE_TOO_LONG as u8,
+                                    Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR as u8,
                                 ],
                             })
                             .unwrap()
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index dfa2d9b..7a23a1d 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -371,10 +371,8 @@ where
                         let mut response_vec = vec![0x00];
                         if let Some(value) = response_data.into() {
                             if !cbor::write(value, &mut response_vec) {
-                                response_vec = vec![
-                                    Ctap2StatusCode::CTAP2_ERR_VENDOR_RESPONSE_CANNOT_WRITE_CBOR
-                                        as u8,
-                                ];
+                                response_vec =
+                                    vec![Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR as u8];
                             }
                         }
                         response_vec
@@ -496,7 +494,7 @@ where
             }
             None => {
                 if self.persistent_store.pin_hash()?.is_some() {
-                    return Err(Ctap2StatusCode::CTAP2_ERR_PIN_REQUIRED);
+                    return Err(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED);
                 }
                 if options.uv {
                     return Err(Ctap2StatusCode::CTAP2_ERR_INVALID_OPTION);
@@ -542,13 +540,13 @@ where
         auth_data.extend(&self.persistent_store.aaguid()?);
         // The length is fixed to 0x20 or 0x70 and fits one byte.
         if credential_id.len() > 0xFF {
-            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_RESPONSE_TOO_LONG);
+            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
         }
         auth_data.extend(vec![0x00, credential_id.len() as u8]);
         auth_data.extend(&credential_id);
         let cose_key = match pk.to_cose_key() {
             Some(cose_key) => cose_key,
-            None => return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_RESPONSE_CANNOT_WRITE_CBOR),
+            None => return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
         };
         auth_data.extend(cose_key);
         if has_extension_output {
@@ -558,7 +556,7 @@ where
                 "credProtect" => cred_protect_policy,
             };
             if !cbor::write(extensions_output, &mut auth_data) {
-                return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_RESPONSE_CANNOT_WRITE_CBOR);
+                return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
             }
         }
 
@@ -639,7 +637,7 @@ where
                 "hmac-secret" => encrypted_output,
             };
             if !cbor::write(extensions_output, &mut auth_data) {
-                return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_RESPONSE_CANNOT_WRITE_CBOR);
+                return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
             }
         }
 
@@ -722,7 +720,7 @@ where
         let hmac_secret_input = extensions.map(|e| e.hmac_secret).flatten();
         if hmac_secret_input.is_some() && !options.up {
             // The extension is actually supported, but we need user presence.
-            return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION);
+            return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_OPTION);
         }
 
         // The user verification bit depends on the existance of PIN auth, since we do
@@ -1592,7 +1590,7 @@ mod test {
 
         assert_eq!(
             get_assertion_response,
-            Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION)
+            Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_OPTION)
         );
     }
 
@@ -1643,7 +1641,7 @@ mod test {
 
         assert_eq!(
             get_assertion_response,
-            Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION)
+            Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_OPTION)
         );
     }
 
diff --git a/src/ctap/pin_protocol_v1.rs b/src/ctap/pin_protocol_v1.rs
index 410dac7..96e92b3 100644
--- a/src/ctap/pin_protocol_v1.rs
+++ b/src/ctap/pin_protocol_v1.rs
@@ -59,7 +59,7 @@ fn encrypt_hmac_secret_output(
     cred_random: &[u8; 32],
 ) -> Result<Vec<u8>, Ctap2StatusCode> {
     if salt_enc.len() != 32 && salt_enc.len() != 64 {
-        return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION);
+        return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
     }
     let aes_enc_key = crypto::aes256::EncryptionKey::new(shared_secret);
     let aes_dec_key = crypto::aes256::DecryptionKey::new(&aes_enc_key);
@@ -232,7 +232,7 @@ impl PinProtocolV1 {
                 }
             }
             // This status code is not explicitly mentioned in the specification.
-            None => return Err(Ctap2StatusCode::CTAP2_ERR_PIN_REQUIRED),
+            None => return Err(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED),
         }
         persistent_store.reset_pin_retries()?;
         self.consecutive_pin_mismatches = 0;
@@ -400,7 +400,7 @@ impl PinProtocolV1 {
         pin_auth: Option<Vec<u8>>,
     ) -> Result<(), Ctap2StatusCode> {
         if min_pin_length_rp_ids.is_some() {
-            return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION);
+            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
         }
         if persistent_store.pin_hash()?.is_some() {
             match pin_auth {
@@ -419,7 +419,7 @@ impl PinProtocolV1 {
                     // TODO(kaczmarczyck) commented code is useful for the extension
                     // https://github.com/google/OpenSK/issues/129
                     // if !cbor::write(cbor_array_vec!(min_pin_length_rp_ids), &mut message) {
-                    //     return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_RESPONSE_CANNOT_WRITE_CBOR);
+                    //     return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
                     // }
                     if !verify_pin_auth(&self.pin_uv_auth_token, &message, &pin_auth) {
                         return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
@@ -593,7 +593,7 @@ impl PinProtocolV1 {
         // HMAC-secret does the same 16 byte truncated check.
         if !verify_pin_auth(&shared_secret, &salt_enc, &salt_auth) {
             // Hard to tell what the correct error code here is.
-            return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION);
+            return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
         }
         encrypt_hmac_secret_output(&shared_secret, &salt_enc[..], cred_random)
     }
@@ -1174,10 +1174,7 @@ mod test {
 
         let salt_enc = [0x5E; 48];
         let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random);
-        assert_eq!(
-            output,
-            Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION)
-        );
+        assert_eq!(output, Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER));
 
         let salt_enc = [0x5E; 64];
         let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random);
diff --git a/src/ctap/status_code.rs b/src/ctap/status_code.rs
index 097d7ec..40f258e 100644
--- a/src/ctap/status_code.rs
+++ b/src/ctap/status_code.rs
@@ -31,11 +31,10 @@ pub enum Ctap2StatusCode {
     CTAP2_ERR_INVALID_CBOR = 0x12,
     CTAP2_ERR_MISSING_PARAMETER = 0x14,
     CTAP2_ERR_LIMIT_EXCEEDED = 0x15,
-    CTAP2_ERR_UNSUPPORTED_EXTENSION = 0x16,
     #[cfg(feature = "with_ctap2_1")]
     CTAP2_ERR_FP_DATABASE_FULL = 0x17,
     #[cfg(feature = "with_ctap2_1")]
-    CTAP2_ERR_PC_STORAGE_FULL = 0x18,
+    CTAP2_ERR_LARGE_BLOB_STORAGE_FULL = 0x18,
     CTAP2_ERR_CREDENTIAL_EXCLUDED = 0x19,
     CTAP2_ERR_PROCESSING = 0x21,
     CTAP2_ERR_INVALID_CREDENTIAL = 0x22,
@@ -57,7 +56,7 @@ pub enum Ctap2StatusCode {
     CTAP2_ERR_PIN_AUTH_INVALID = 0x33,
     CTAP2_ERR_PIN_AUTH_BLOCKED = 0x34,
     CTAP2_ERR_PIN_NOT_SET = 0x35,
-    CTAP2_ERR_PIN_REQUIRED = 0x36,
+    CTAP2_ERR_PUAT_REQUIRED = 0x36,
     CTAP2_ERR_PIN_POLICY_VIOLATION = 0x37,
     CTAP2_ERR_PIN_TOKEN_EXPIRED = 0x38,
     CTAP2_ERR_REQUEST_TOO_LARGE = 0x39,
@@ -68,14 +67,15 @@ pub enum Ctap2StatusCode {
     CTAP2_ERR_INTEGRITY_FAILURE = 0x3D,
     #[cfg(feature = "with_ctap2_1")]
     CTAP2_ERR_INVALID_SUBCOMMAND = 0x3E,
+    #[cfg(feature = "with_ctap2_1")]
+    CTAP2_ERR_UV_INVALID = 0x3F,
+    #[cfg(feature = "with_ctap2_1")]
+    CTAP2_ERR_UNAUTHORIZED_PERMISSION = 0x40,
     CTAP1_ERR_OTHER = 0x7F,
-    CTAP2_ERR_SPEC_LAST = 0xDF,
-    CTAP2_ERR_EXTENSION_FIRST = 0xE0,
-    CTAP2_ERR_EXTENSION_LAST = 0xEF,
-    // CTAP2_ERR_VENDOR_FIRST = 0xF0,
-    CTAP2_ERR_VENDOR_RESPONSE_TOO_LONG = 0xF0,
-    CTAP2_ERR_VENDOR_RESPONSE_CANNOT_WRITE_CBOR = 0xF1,
-
+    _CTAP2_ERR_SPEC_LAST = 0xDF,
+    _CTAP2_ERR_EXTENSION_FIRST = 0xE0,
+    _CTAP2_ERR_EXTENSION_LAST = 0xEF,
+    _CTAP2_ERR_VENDOR_FIRST = 0xF0,
     /// An internal invariant is broken.
     ///
     /// This type of error is unexpected and the current state is undefined.
@@ -85,6 +85,5 @@ pub enum Ctap2StatusCode {
     ///
     /// It may be possible that some of those errors are actually internal errors.
     CTAP2_ERR_VENDOR_HARDWARE_FAILURE = 0xF3,
-
-    CTAP2_ERR_VENDOR_LAST = 0xFF,
+    _CTAP2_ERR_VENDOR_LAST = 0xFF,
 }
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index a701325..73bbc16 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -577,7 +577,7 @@ fn serialize_credential(credential: PublicKeyCredentialSource) -> Result<Vec<u8>
     if cbor::write(credential.into(), &mut data) {
         Ok(data)
     } else {
-        Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_RESPONSE_CANNOT_WRITE_CBOR)
+        Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)
     }
 }
 
@@ -600,7 +600,7 @@ fn _serialize_min_pin_length_rp_ids(rp_ids: Vec<String>) -> Result<Vec<u8>, Ctap
     if cbor::write(cbor_array_vec!(rp_ids), &mut data) {
         Ok(data)
     } else {
-        Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_RESPONSE_CANNOT_WRITE_CBOR)
+        Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)
     }
 }
 

From f67fdbc451963edf8b64e5ceeb14e0138078b334 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Tue, 22 Dec 2020 15:33:14 +0100
Subject: [PATCH 105/192] Add erase_storage application example

---
 deploy.py                 | 11 +++++++-
 examples/erase_storage.rs | 53 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+), 1 deletion(-)
 create mode 100644 examples/erase_storage.rs

diff --git a/deploy.py b/deploy.py
index b3daa6f..d5dcf2d 100755
--- a/deploy.py
+++ b/deploy.py
@@ -947,7 +947,16 @@ if __name__ == "__main__":
       dest="application",
       action="store_const",
       const="store_latency",
-      help=("Compiles and installs the store_latency example."))
+      help=("Compiles and installs the store_latency example which print "
+            "latency statistics of the persistent store library."))
+  apps_group.add_argument(
+      "--erase_storage",
+      dest="application",
+      action="store_const",
+      const="erase_storage",
+      help=("Compiles and installs the erase_storage example which erases "
+            "the storage. During operation the dongle red light is on. Once "
+            "the operation is completed the dongle green light is on."))
   apps_group.add_argument(
       "--panic_test",
       dest="application",
diff --git a/examples/erase_storage.rs b/examples/erase_storage.rs
new file mode 100644
index 0000000..6076348
--- /dev/null
+++ b/examples/erase_storage.rs
@@ -0,0 +1,53 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#![no_std]
+
+extern crate lang_items;
+
+use core::fmt::Write;
+use ctap2::embedded_flash::new_storage;
+use libtock_drivers::console::Console;
+use libtock_drivers::led;
+use libtock_drivers::result::FlexUnwrap;
+use persistent_store::{Storage, StorageIndex};
+
+fn is_page_erased(storage: &dyn Storage, page: usize) -> bool {
+    let index = StorageIndex { page, byte: 0 };
+    let length = storage.page_size();
+    storage
+        .read_slice(index, length)
+        .unwrap()
+        .iter()
+        .all(|&x| x == 0xff)
+}
+
+fn main() {
+    led::get(1).flex_unwrap().on().flex_unwrap(); // red on dongle
+    const NUM_PAGES: usize = 20; // should be at least ctap::storage::NUM_PAGES
+    let mut storage = new_storage(NUM_PAGES);
+    writeln!(Console::new(), "Erase {} pages of storage:", NUM_PAGES).unwrap();
+    for page in 0..NUM_PAGES {
+        write!(Console::new(), "- Page {} ", page).unwrap();
+        if is_page_erased(&storage, page) {
+            writeln!(Console::new(), "skipped (was already erased).").unwrap();
+        } else {
+            storage.erase_page(page).unwrap();
+            writeln!(Console::new(), "erased.").unwrap();
+        }
+    }
+    writeln!(Console::new(), "Done.").unwrap();
+    led::get(1).flex_unwrap().off().flex_unwrap();
+    led::get(0).flex_unwrap().on().flex_unwrap(); // green on dongle
+}

From de360a6cb6714cf6989bbebbf1cb1ce418686a74 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Wed, 6 Jan 2021 19:24:56 +0100
Subject: [PATCH 106/192] removes all occurences of CTAP 2.1 flags from
 workflows

---
 .github/workflows/cargo_check.yml | 16 ++--------------
 .github/workflows/opensk_test.yml | 24 ------------------------
 run_desktop_tests.sh              | 13 -------------
 3 files changed, 2 insertions(+), 51 deletions(-)

diff --git a/.github/workflows/cargo_check.yml b/.github/workflows/cargo_check.yml
index fd39614..7151806 100644
--- a/.github/workflows/cargo_check.yml
+++ b/.github/workflows/cargo_check.yml
@@ -42,12 +42,6 @@ jobs:
           command: check
           args: --target thumbv7em-none-eabi --release --features with_ctap1
 
-      - name: Check OpenSK with_ctap2_1
-        uses: actions-rs/cargo@v1
-        with:
-          command: check
-          args: --target thumbv7em-none-eabi --release --features with_ctap2_1
-
       - name: Check OpenSK debug_ctap
         uses: actions-rs/cargo@v1
         with:
@@ -78,17 +72,11 @@ jobs:
           command: check
           args: --target thumbv7em-none-eabi --release --features debug_ctap,with_ctap1
 
-      - name: Check OpenSK debug_ctap,with_ctap2_1
+      - name: Check OpenSK debug_ctap,with_ctap1,panic_console,debug_allocations,verbose
         uses: actions-rs/cargo@v1
         with:
           command: check
-          args: --target thumbv7em-none-eabi --release --features debug_ctap,with_ctap2_1
-
-      - name: Check OpenSK debug_ctap,with_ctap1,with_ctap2_1,panic_console,debug_allocations,verbose
-        uses: actions-rs/cargo@v1
-        with:
-          command: check
-          args: --target thumbv7em-none-eabi --release --features debug_ctap,with_ctap1,with_ctap2_1,panic_console,debug_allocations,verbose
+          args: --target thumbv7em-none-eabi --release --features debug_ctap,with_ctap1,,panic_console,debug_allocations,verbose
 
       - name: Check examples
         uses: actions-rs/cargo@v1
diff --git a/.github/workflows/opensk_test.yml b/.github/workflows/opensk_test.yml
index 588dab6..406a7f3 100644
--- a/.github/workflows/opensk_test.yml
+++ b/.github/workflows/opensk_test.yml
@@ -51,27 +51,3 @@ jobs:
           command: test
           args: --features std,with_ctap1
 
-      - name: Unit testing of CTAP2 (release mode + CTAP2.1)
-        uses: actions-rs/cargo@v1
-        with:
-          command: test
-          args: --release --features std,with_ctap2_1
-
-      - name: Unit testing of CTAP2 (debug mode + CTAP2.1)
-        uses: actions-rs/cargo@v1
-        with:
-          command: test
-          args: --features std,with_ctap2_1
-
-      - name: Unit testing of CTAP2 (release mode + CTAP1 + CTAP2.1)
-        uses: actions-rs/cargo@v1
-        with:
-          command: test
-          args: --release --features std,with_ctap1,with_ctap2_1
-
-      - name: Unit testing of CTAP2 (debug mode + CTAP1 + CTAP2.1)
-        uses: actions-rs/cargo@v1
-        with:
-          command: test
-          args: --features std,with_ctap1,with_ctap2_1
-
diff --git a/run_desktop_tests.sh b/run_desktop_tests.sh
index 2e80b3d..24771f7 100755
--- a/run_desktop_tests.sh
+++ b/run_desktop_tests.sh
@@ -44,7 +44,6 @@ cargo test --manifest-path tools/heapviz/Cargo.toml
 echo "Checking that CTAP2 builds properly..."
 cargo check --release --target=thumbv7em-none-eabi
 cargo check --release --target=thumbv7em-none-eabi --features with_ctap1
-cargo check --release --target=thumbv7em-none-eabi --features with_ctap2_1
 cargo check --release --target=thumbv7em-none-eabi --features debug_ctap
 cargo check --release --target=thumbv7em-none-eabi --features panic_console
 cargo check --release --target=thumbv7em-none-eabi --features debug_allocations
@@ -116,16 +115,4 @@ then
 
   echo "Running unit tests on the desktop (debug mode + CTAP1)..."
   cargo test --features std,with_ctap1
-
-  echo "Running unit tests on the desktop (release mode + CTAP2.1)..."
-  cargo test --release --features std,with_ctap2_1
-
-  echo "Running unit tests on the desktop (debug mode + CTAP2.1)..."
-  cargo test --features std,with_ctap2_1
-
-  echo "Running unit tests on the desktop (release mode + CTAP1 + CTAP2.1)..."
-  cargo test --release --features std,with_ctap1,with_ctap2_1
-
-  echo "Running unit tests on the desktop (debug mode + CTAP1 + CTAP2.1)..."
-  cargo test --features std,with_ctap1,with_ctap2_1
 fi

From c873d3b6147e81f1be7518718308d15deec04b85 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Wed, 6 Jan 2021 19:24:56 +0100
Subject: [PATCH 107/192] removes all occurences of CTAP 2.1 flags

---
 Cargo.toml                  |  1 -
 README.md                   | 15 ++++---
 deploy.py                   | 10 +----
 src/ctap/command.rs         | 43 -------------------
 src/ctap/data_formats.rs    | 11 -----
 src/ctap/mod.rs             | 82 +++++++++++--------------------------
 src/ctap/pin_protocol_v1.rs | 79 ++++-------------------------------
 src/ctap/response.rs        | 61 +--------------------------
 src/ctap/status_code.rs     |  6 ---
 src/ctap/storage.rs         | 22 ++--------
 src/ctap/storage/key.rs     |  2 -
 11 files changed, 47 insertions(+), 285 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 15984a0..bca9210 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -27,7 +27,6 @@ panic_console = ["lang_items/panic_console"]
 std = ["cbor/std", "crypto/std", "crypto/derive_debug", "lang_items/std", "persistent_store/std"]
 verbose = ["debug_ctap", "libtock_drivers/verbose_usb"]
 with_ctap1 = ["crypto/with_ctap1"]
-with_ctap2_1 = []
 with_nfc = ["libtock_drivers/with_nfc"]
 
 [dev-dependencies]
diff --git a/README.md b/README.md
index 68e9f71..decee76 100644
--- a/README.md
+++ b/README.md
@@ -24,15 +24,14 @@ few limitations:
 
 ### FIDO2
 
-Although we tested and implemented our firmware based on the published
+The stable branch implements the published
 [CTAP2.0 specifications](https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html),
-our implementation was not reviewed nor officially tested and doesn't claim to
-be FIDO Certified.
-We started adding features of the upcoming next version of the
-[CTAP2.1 specifications](https://fidoalliance.org/specs/fido2/fido-client-to-authenticator-protocol-v2.1-rd-20191217.html).
-The development is currently between 2.0 and 2.1, with updates hidden behind
-a feature flag.
-Please add the flag `--ctap2.1` to the deploy command to include them.
+but our implementation was not reviewed nor officially tested and doesn't claim
+to be FIDO Certified. It already contains some preview features of 2.1, that you
+can try by adding the flag `--ctap2.1` to the deploy command.
+The develop branch offers only the
+[CTAP2.1 specifications](https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html).
+The new features of 2.1 are currently work in progress.
 
 ### Cryptography
 
diff --git a/deploy.py b/deploy.py
index d5dcf2d..e8d5ffd 100755
--- a/deploy.py
+++ b/deploy.py
@@ -881,14 +881,6 @@ if __name__ == "__main__":
       help=("Compiles the OpenSK application without backward compatible "
             "support for U2F/CTAP1 protocol."),
   )
-  main_parser.add_argument(
-      "--ctap2.1",
-      action="append_const",
-      const="with_ctap2_1",
-      dest="features",
-      help=("Compiles the OpenSK application with backward compatible "
-            "support for CTAP2.1 protocol."),
-  )
   main_parser.add_argument(
       "--nfc",
       action="append_const",
@@ -947,7 +939,7 @@ if __name__ == "__main__":
       dest="application",
       action="store_const",
       const="store_latency",
-      help=("Compiles and installs the store_latency example which print "
+      help=("Compiles and installs the store_latency example which prints "
             "latency statistics of the persistent store library."))
   apps_group.add_argument(
       "--erase_storage",
diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index ecfae9e..0a86093 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -41,7 +41,6 @@ pub enum Command {
     AuthenticatorClientPin(AuthenticatorClientPinParameters),
     AuthenticatorReset,
     AuthenticatorGetNextAssertion,
-    #[cfg(feature = "with_ctap2_1")]
     AuthenticatorSelection,
     // TODO(kaczmarczyck) implement FIDO 2.1 commands (see below consts)
     // Vendor specific commands
@@ -111,7 +110,6 @@ impl Command {
                 // Parameters are ignored.
                 Ok(Command::AuthenticatorGetNextAssertion)
             }
-            #[cfg(feature = "with_ctap2_1")]
             Command::AUTHENTICATOR_SELECTION => {
                 // Parameters are ignored.
                 Ok(Command::AuthenticatorSelection)
@@ -292,13 +290,9 @@ pub struct AuthenticatorClientPinParameters {
     pub pin_auth: Option<Vec<u8>>,
     pub new_pin_enc: Option<Vec<u8>>,
     pub pin_hash_enc: Option<Vec<u8>>,
-    #[cfg(feature = "with_ctap2_1")]
     pub min_pin_length: Option<u8>,
-    #[cfg(feature = "with_ctap2_1")]
     pub min_pin_length_rp_ids: Option<Vec<String>>,
-    #[cfg(feature = "with_ctap2_1")]
     pub permissions: Option<u8>,
-    #[cfg(feature = "with_ctap2_1")]
     pub permissions_rp_id: Option<String>,
 }
 
@@ -306,18 +300,6 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
     type Error = Ctap2StatusCode;
 
     fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
-        #[cfg(not(feature = "with_ctap2_1"))]
-        destructure_cbor_map! {
-            let {
-                1 => pin_protocol,
-                2 => sub_command,
-                3 => key_agreement,
-                4 => pin_auth,
-                5 => new_pin_enc,
-                6 => pin_hash_enc,
-            } = extract_map(cbor_value)?;
-        }
-        #[cfg(feature = "with_ctap2_1")]
         destructure_cbor_map! {
             let {
                 1 => pin_protocol,
@@ -339,14 +321,12 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
         let pin_auth = pin_auth.map(extract_byte_string).transpose()?;
         let new_pin_enc = new_pin_enc.map(extract_byte_string).transpose()?;
         let pin_hash_enc = pin_hash_enc.map(extract_byte_string).transpose()?;
-        #[cfg(feature = "with_ctap2_1")]
         let min_pin_length = min_pin_length
             .map(extract_unsigned)
             .transpose()?
             .map(u8::try_from)
             .transpose()
             .map_err(|_| Ctap2StatusCode::CTAP2_ERR_PIN_POLICY_VIOLATION)?;
-        #[cfg(feature = "with_ctap2_1")]
         let min_pin_length_rp_ids = match min_pin_length_rp_ids {
             Some(entry) => Some(
                 extract_array(entry)?
@@ -356,14 +336,12 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
             ),
             None => None,
         };
-        #[cfg(feature = "with_ctap2_1")]
         // We expect a bit field of 8 bits, and drop everything else.
         // This means we ignore extensions in future versions.
         let permissions = permissions
             .map(extract_unsigned)
             .transpose()?
             .map(|p| p as u8);
-        #[cfg(feature = "with_ctap2_1")]
         let permissions_rp_id = permissions_rp_id.map(extract_text_string).transpose()?;
 
         Ok(AuthenticatorClientPinParameters {
@@ -373,13 +351,9 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
             pin_auth,
             new_pin_enc,
             pin_hash_enc,
-            #[cfg(feature = "with_ctap2_1")]
             min_pin_length,
-            #[cfg(feature = "with_ctap2_1")]
             min_pin_length_rp_ids,
-            #[cfg(feature = "with_ctap2_1")]
             permissions,
-            #[cfg(feature = "with_ctap2_1")]
             permissions_rp_id,
         })
     }
@@ -560,18 +534,6 @@ mod test {
 
     #[test]
     fn test_from_cbor_client_pin_parameters() {
-        // TODO(kaczmarczyck) inline the #cfg when #128 is resolved:
-        // https://github.com/google/OpenSK/issues/128
-        #[cfg(not(feature = "with_ctap2_1"))]
-        let cbor_value = cbor_map! {
-            1 => 1,
-            2 => ClientPinSubCommand::GetPinRetries,
-            3 => cbor_map!{},
-            4 => vec! [0xBB],
-            5 => vec! [0xCC],
-            6 => vec! [0xDD],
-        };
-        #[cfg(feature = "with_ctap2_1")]
         let cbor_value = cbor_map! {
             1 => 1,
             2 => ClientPinSubCommand::GetPinRetries,
@@ -594,13 +556,9 @@ mod test {
             pin_auth: Some(vec![0xBB]),
             new_pin_enc: Some(vec![0xCC]),
             pin_hash_enc: Some(vec![0xDD]),
-            #[cfg(feature = "with_ctap2_1")]
             min_pin_length: Some(4),
-            #[cfg(feature = "with_ctap2_1")]
             min_pin_length_rp_ids: Some(vec!["example.com".to_string()]),
-            #[cfg(feature = "with_ctap2_1")]
             permissions: Some(0x03),
-            #[cfg(feature = "with_ctap2_1")]
             permissions_rp_id: Some("example.com".to_string()),
         };
 
@@ -632,7 +590,6 @@ mod test {
         assert_eq!(command, Ok(Command::AuthenticatorGetNextAssertion));
     }
 
-    #[cfg(feature = "with_ctap2_1")]
     #[test]
     fn test_deserialize_selection() {
         let cbor_bytes = [Command::AUTHENTICATOR_SELECTION];
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index a2b490d..8081567 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -704,13 +704,9 @@ pub enum ClientPinSubCommand {
     SetPin = 0x03,
     ChangePin = 0x04,
     GetPinToken = 0x05,
-    #[cfg(feature = "with_ctap2_1")]
     GetPinUvAuthTokenUsingUvWithPermissions = 0x06,
-    #[cfg(feature = "with_ctap2_1")]
     GetUvRetries = 0x07,
-    #[cfg(feature = "with_ctap2_1")]
     SetMinPinLength = 0x08,
-    #[cfg(feature = "with_ctap2_1")]
     GetPinUvAuthTokenUsingPinWithPermissions = 0x09,
 }
 
@@ -731,18 +727,11 @@ impl TryFrom<cbor::Value> for ClientPinSubCommand {
             0x03 => Ok(ClientPinSubCommand::SetPin),
             0x04 => Ok(ClientPinSubCommand::ChangePin),
             0x05 => Ok(ClientPinSubCommand::GetPinToken),
-            #[cfg(feature = "with_ctap2_1")]
             0x06 => Ok(ClientPinSubCommand::GetPinUvAuthTokenUsingUvWithPermissions),
-            #[cfg(feature = "with_ctap2_1")]
             0x07 => Ok(ClientPinSubCommand::GetUvRetries),
-            #[cfg(feature = "with_ctap2_1")]
             0x08 => Ok(ClientPinSubCommand::SetMinPinLength),
-            #[cfg(feature = "with_ctap2_1")]
             0x09 => Ok(ClientPinSubCommand::GetPinUvAuthTokenUsingPinWithPermissions),
-            #[cfg(feature = "with_ctap2_1")]
             _ => Err(Ctap2StatusCode::CTAP2_ERR_INVALID_SUBCOMMAND),
-            #[cfg(not(feature = "with_ctap2_1"))]
-            _ => Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER),
         }
     }
 }
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 7a23a1d..4168f8f 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -25,23 +25,19 @@ pub mod status_code;
 mod storage;
 mod timed_permission;
 
-#[cfg(feature = "with_ctap2_1")]
-use self::command::MAX_CREDENTIAL_COUNT_IN_LIST;
 use self::command::{
     AuthenticatorClientPinParameters, AuthenticatorGetAssertionParameters,
     AuthenticatorMakeCredentialParameters, AuthenticatorVendorConfigureParameters, Command,
+    MAX_CREDENTIAL_COUNT_IN_LIST,
 };
-#[cfg(feature = "with_ctap2_1")]
-use self::data_formats::AuthenticatorTransport;
 use self::data_formats::{
-    CredentialProtectionPolicy, GetAssertionHmacSecretInput, PackedAttestationStatement,
-    PublicKeyCredentialDescriptor, PublicKeyCredentialParameter, PublicKeyCredentialSource,
-    PublicKeyCredentialType, PublicKeyCredentialUserEntity, SignatureAlgorithm,
+    AuthenticatorTransport, CredentialProtectionPolicy, GetAssertionHmacSecretInput,
+    PackedAttestationStatement, PublicKeyCredentialDescriptor, PublicKeyCredentialParameter,
+    PublicKeyCredentialSource, PublicKeyCredentialType, PublicKeyCredentialUserEntity,
+    SignatureAlgorithm,
 };
 use self::hid::ChannelID;
-#[cfg(feature = "with_ctap2_1")]
-use self::pin_protocol_v1::PinPermission;
-use self::pin_protocol_v1::PinProtocolV1;
+use self::pin_protocol_v1::{PinPermission, PinProtocolV1};
 use self::response::{
     AuthenticatorGetAssertionResponse, AuthenticatorGetInfoResponse,
     AuthenticatorMakeCredentialResponse, AuthenticatorVendorResponse, ResponseData,
@@ -108,7 +104,6 @@ pub const FIDO2_VERSION_STRING: &str = "FIDO_2_0";
 #[cfg(feature = "with_ctap1")]
 pub const U2F_VERSION_STRING: &str = "U2F_V2";
 // TODO(#106) change to final string when ready
-#[cfg(feature = "with_ctap2_1")]
 pub const FIDO2_1_VERSION_STRING: &str = "FIDO_2_1_PRE";
 
 // We currently only support one algorithm for signatures: ES256.
@@ -339,7 +334,6 @@ where
                     // GetInfo does not reset stateful commands.
                     (Command::AuthenticatorGetInfo, _) => (),
                     // AuthenticatorSelection does not reset stateful commands.
-                    #[cfg(feature = "with_ctap2_1")]
                     (Command::AuthenticatorSelection, _) => (),
                     (_, _) => {
                         self.stateful_command_type = None;
@@ -356,7 +350,6 @@ where
                     Command::AuthenticatorGetInfo => self.process_get_info(),
                     Command::AuthenticatorClientPin(params) => self.process_client_pin(params),
                     Command::AuthenticatorReset => self.process_reset(cid, now),
-                    #[cfg(feature = "with_ctap2_1")]
                     Command::AuthenticatorSelection => self.process_selection(cid),
                     // TODO(kaczmarczyck) implement FIDO 2.1 commands
                     // Vendor specific commands
@@ -484,12 +477,9 @@ where
                 {
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
                 }
-                #[cfg(feature = "with_ctap2_1")]
-                {
-                    self.pin_protocol_v1
-                        .has_permission(PinPermission::MakeCredential)?;
-                    self.pin_protocol_v1.has_permission_for_rp_id(&rp_id)?;
-                }
+                self.pin_protocol_v1
+                    .has_permission(PinPermission::MakeCredential)?;
+                self.pin_protocol_v1.has_permission_for_rp_id(&rp_id)?;
                 UP_FLAG | UV_FLAG | AT_FLAG | ed_flag
             }
             None => {
@@ -738,12 +728,9 @@ where
                 {
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
                 }
-                #[cfg(feature = "with_ctap2_1")]
-                {
-                    self.pin_protocol_v1
-                        .has_permission(PinPermission::GetAssertion)?;
-                    self.pin_protocol_v1.has_permission_for_rp_id(&rp_id)?;
-                }
+                self.pin_protocol_v1
+                    .has_permission(PinPermission::GetAssertion)?;
+                self.pin_protocol_v1.has_permission_for_rp_id(&rp_id)?;
                 UV_FLAG
             }
             None => {
@@ -851,7 +838,6 @@ where
                     #[cfg(feature = "with_ctap1")]
                     String::from(U2F_VERSION_STRING),
                     String::from(FIDO2_VERSION_STRING),
-                    #[cfg(feature = "with_ctap2_1")]
                     String::from(FIDO2_1_VERSION_STRING),
                 ],
                 extensions: Some(vec![String::from("hmac-secret")]),
@@ -861,19 +847,13 @@ where
                 pin_protocols: Some(vec![
                     CtapState::<R, CheckUserPresence>::PIN_PROTOCOL_VERSION,
                 ]),
-                #[cfg(feature = "with_ctap2_1")]
                 max_credential_count_in_list: MAX_CREDENTIAL_COUNT_IN_LIST.map(|c| c as u64),
                 // #TODO(106) update with version 2.1 of HMAC-secret
-                #[cfg(feature = "with_ctap2_1")]
                 max_credential_id_length: Some(CREDENTIAL_ID_SIZE as u64),
-                #[cfg(feature = "with_ctap2_1")]
                 transports: Some(vec![AuthenticatorTransport::Usb]),
-                #[cfg(feature = "with_ctap2_1")]
                 algorithms: Some(vec![ES256_CRED_PARAM]),
                 default_cred_protect: DEFAULT_CRED_PROTECT,
-                #[cfg(feature = "with_ctap2_1")]
                 min_pin_length: self.persistent_store.min_pin_length()?,
-                #[cfg(feature = "with_ctap2_1")]
                 firmware_version: None,
             },
         ))
@@ -916,7 +896,6 @@ where
         Ok(ResponseData::AuthenticatorReset)
     }
 
-    #[cfg(feature = "with_ctap2_1")]
     fn process_selection(&self, cid: ChannelID) -> Result<ResponseData, Ctap2StatusCode> {
         (self.check_user_presence)(cid)?;
         Ok(ResponseData::AuthenticatorSelection)
@@ -1036,42 +1015,31 @@ mod test {
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
         let info_reponse = ctap_state.process_command(&[0x04], DUMMY_CHANNEL_ID, DUMMY_CLOCK_VALUE);
 
-        #[cfg(feature = "with_ctap2_1")]
         let mut expected_response = vec![0x00, 0xAA, 0x01];
-        #[cfg(not(feature = "with_ctap2_1"))]
-        let mut expected_response = vec![0x00, 0xA6, 0x01];
         // The difference here is a longer array of supported versions.
         let mut version_count = 0;
-        // CTAP 2 is always supported
-        version_count += 1;
+        // CTAP 2.0 and 2.1 are always supported
+        version_count += 2;
         #[cfg(feature = "with_ctap1")]
         {
             version_count += 1;
         }
-        #[cfg(feature = "with_ctap2_1")]
-        {
-            version_count += 1;
-        }
         expected_response.push(0x80 + version_count);
         #[cfg(feature = "with_ctap1")]
         expected_response.extend(&[0x66, 0x55, 0x32, 0x46, 0x5F, 0x56, 0x32]);
-        expected_response.extend(&[0x68, 0x46, 0x49, 0x44, 0x4F, 0x5F, 0x32, 0x5F, 0x30]);
-        #[cfg(feature = "with_ctap2_1")]
-        expected_response.extend(&[
-            0x6C, 0x46, 0x49, 0x44, 0x4F, 0x5F, 0x32, 0x5F, 0x31, 0x5F, 0x50, 0x52, 0x45,
-        ]);
-        expected_response.extend(&[
-            0x02, 0x81, 0x6B, 0x68, 0x6D, 0x61, 0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74,
-            0x03, 0x50,
-        ]);
-        expected_response.extend(&ctap_state.persistent_store.aaguid().unwrap());
-        expected_response.extend(&[
-            0x04, 0xA3, 0x62, 0x72, 0x6B, 0xF5, 0x62, 0x75, 0x70, 0xF5, 0x69, 0x63, 0x6C, 0x69,
-            0x65, 0x6E, 0x74, 0x50, 0x69, 0x6E, 0xF4, 0x05, 0x19, 0x04, 0x00, 0x06, 0x81, 0x01,
-        ]);
-        #[cfg(feature = "with_ctap2_1")]
         expected_response.extend(
             [
+                0x68, 0x46, 0x49, 0x44, 0x4F, 0x5F, 0x32, 0x5F, 0x30, 0x6C, 0x46, 0x49, 0x44, 0x4F,
+                0x5F, 0x32, 0x5F, 0x31, 0x5F, 0x50, 0x52, 0x45, 0x02, 0x81, 0x6B, 0x68, 0x6D, 0x61,
+                0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x03, 0x50,
+            ]
+            .iter(),
+        );
+        expected_response.extend(&ctap_state.persistent_store.aaguid().unwrap());
+        expected_response.extend(
+            [
+                0x04, 0xA3, 0x62, 0x72, 0x6B, 0xF5, 0x62, 0x75, 0x70, 0xF5, 0x69, 0x63, 0x6C, 0x69,
+                0x65, 0x6E, 0x74, 0x50, 0x69, 0x6E, 0xF4, 0x05, 0x19, 0x04, 0x00, 0x06, 0x81, 0x01,
                 0x08, 0x18, 0x70, 0x09, 0x81, 0x63, 0x75, 0x73, 0x62, 0x0A, 0x81, 0xA2, 0x63, 0x61,
                 0x6C, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6A, 0x70, 0x75, 0x62, 0x6C, 0x69,
                 0x63, 0x2D, 0x6B, 0x65, 0x79, 0x0D, 0x04,
diff --git a/src/ctap/pin_protocol_v1.rs b/src/ctap/pin_protocol_v1.rs
index 96e92b3..b8aeb21 100644
--- a/src/ctap/pin_protocol_v1.rs
+++ b/src/ctap/pin_protocol_v1.rs
@@ -17,7 +17,6 @@ use super::data_formats::{ClientPinSubCommand, CoseKey, GetAssertionHmacSecretIn
 use super::response::{AuthenticatorClientPinResponse, ResponseData};
 use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
-#[cfg(feature = "with_ctap2_1")]
 use alloc::string::String;
 use alloc::vec;
 use alloc::vec::Vec;
@@ -28,7 +27,7 @@ use crypto::hmac::{hmac_256, verify_hmac_256_first_128bits};
 use crypto::rng256::Rng256;
 use crypto::sha256::Sha256;
 use crypto::Hash256;
-#[cfg(all(test, feature = "with_ctap2_1"))]
+#[cfg(test)]
 use enum_iterator::IntoEnumIterator;
 use subtle::ConstantTimeEq;
 
@@ -141,10 +140,7 @@ fn check_and_store_new_pin(
     let pin = decrypt_pin(aes_dec_key, new_pin_enc)
         .ok_or(Ctap2StatusCode::CTAP2_ERR_PIN_POLICY_VIOLATION)?;
 
-    #[cfg(feature = "with_ctap2_1")]
     let min_pin_length = persistent_store.min_pin_length()? as usize;
-    #[cfg(not(feature = "with_ctap2_1"))]
-    let min_pin_length = 4;
     if pin.len() < min_pin_length || pin.len() == PIN_PADDED_LENGTH {
         // TODO(kaczmarczyck) check 4 code point minimum instead
         return Err(Ctap2StatusCode::CTAP2_ERR_PIN_POLICY_VIOLATION);
@@ -155,7 +151,6 @@ fn check_and_store_new_pin(
     Ok(())
 }
 
-#[cfg(feature = "with_ctap2_1")]
 #[cfg_attr(test, derive(IntoEnumIterator))]
 // TODO remove when all variants are used
 #[allow(dead_code)]
@@ -173,9 +168,7 @@ pub struct PinProtocolV1 {
     key_agreement_key: crypto::ecdh::SecKey,
     pin_uv_auth_token: [u8; PIN_TOKEN_LENGTH],
     consecutive_pin_mismatches: u8,
-    #[cfg(feature = "with_ctap2_1")]
     permissions: u8,
-    #[cfg(feature = "with_ctap2_1")]
     permissions_rp_id: Option<String>,
 }
 
@@ -187,9 +180,7 @@ impl PinProtocolV1 {
             key_agreement_key,
             pin_uv_auth_token,
             consecutive_pin_mismatches: 0,
-            #[cfg(feature = "with_ctap2_1")]
             permissions: 0,
-            #[cfg(feature = "with_ctap2_1")]
             permissions_rp_id: None,
         }
     }
@@ -345,11 +336,8 @@ impl PinProtocolV1 {
         cbc_encrypt(&token_encryption_key, iv, &mut blocks);
         let pin_token: Vec<u8> = blocks.iter().flatten().cloned().collect();
 
-        #[cfg(feature = "with_ctap2_1")]
-        {
-            self.permissions = 0x03;
-            self.permissions_rp_id = None;
-        }
+        self.permissions = 0x03;
+        self.permissions_rp_id = None;
 
         Ok(AuthenticatorClientPinResponse {
             key_agreement: None,
@@ -358,7 +346,6 @@ impl PinProtocolV1 {
         })
     }
 
-    #[cfg(feature = "with_ctap2_1")]
     fn process_get_pin_uv_auth_token_using_uv_with_permissions(
         &self,
         // If you want to support local user verification, implement this function.
@@ -368,30 +355,14 @@ impl PinProtocolV1 {
         _permissions_rp_id: Option<String>,
     ) -> Result<AuthenticatorClientPinResponse, Ctap2StatusCode> {
         // User verifications is only supported through PIN currently.
-        #[cfg(not(feature = "with_ctap2_1"))]
-        {
-            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_COMMAND)
-        }
-        #[cfg(feature = "with_ctap2_1")]
-        {
-            Err(Ctap2StatusCode::CTAP2_ERR_INVALID_SUBCOMMAND)
-        }
+        Err(Ctap2StatusCode::CTAP2_ERR_INVALID_SUBCOMMAND)
     }
 
-    #[cfg(feature = "with_ctap2_1")]
     fn process_get_uv_retries(&self) -> Result<AuthenticatorClientPinResponse, Ctap2StatusCode> {
         // User verifications is only supported through PIN currently.
-        #[cfg(not(feature = "with_ctap2_1"))]
-        {
-            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_COMMAND)
-        }
-        #[cfg(feature = "with_ctap2_1")]
-        {
-            Err(Ctap2StatusCode::CTAP2_ERR_INVALID_SUBCOMMAND)
-        }
+        Err(Ctap2StatusCode::CTAP2_ERR_INVALID_SUBCOMMAND)
     }
 
-    #[cfg(feature = "with_ctap2_1")]
     fn process_set_min_pin_length(
         &mut self,
         persistent_store: &mut PersistentStore,
@@ -440,7 +411,6 @@ impl PinProtocolV1 {
         Ok(())
     }
 
-    #[cfg(feature = "with_ctap2_1")]
     fn process_get_pin_uv_auth_token_using_pin_with_permissions(
         &mut self,
         rng: &mut impl Rng256,
@@ -480,20 +450,13 @@ impl PinProtocolV1 {
             pin_auth,
             new_pin_enc,
             pin_hash_enc,
-            #[cfg(feature = "with_ctap2_1")]
             min_pin_length,
-            #[cfg(feature = "with_ctap2_1")]
             min_pin_length_rp_ids,
-            #[cfg(feature = "with_ctap2_1")]
             permissions,
-            #[cfg(feature = "with_ctap2_1")]
             permissions_rp_id,
         } = client_pin_params;
 
         if pin_protocol != 1 {
-            #[cfg(not(feature = "with_ctap2_1"))]
-            return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
-            #[cfg(feature = "with_ctap2_1")]
             return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
         }
 
@@ -528,7 +491,6 @@ impl PinProtocolV1 {
                 key_agreement.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
                 pin_hash_enc.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
             )?),
-            #[cfg(feature = "with_ctap2_1")]
             ClientPinSubCommand::GetPinUvAuthTokenUsingUvWithPermissions => Some(
                 self.process_get_pin_uv_auth_token_using_uv_with_permissions(
                     key_agreement.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
@@ -536,9 +498,7 @@ impl PinProtocolV1 {
                     permissions_rp_id,
                 )?,
             ),
-            #[cfg(feature = "with_ctap2_1")]
             ClientPinSubCommand::GetUvRetries => Some(self.process_get_uv_retries()?),
-            #[cfg(feature = "with_ctap2_1")]
             ClientPinSubCommand::SetMinPinLength => {
                 self.process_set_min_pin_length(
                     persistent_store,
@@ -548,7 +508,6 @@ impl PinProtocolV1 {
                 )?;
                 None
             }
-            #[cfg(feature = "with_ctap2_1")]
             ClientPinSubCommand::GetPinUvAuthTokenUsingPinWithPermissions => Some(
                 self.process_get_pin_uv_auth_token_using_pin_with_permissions(
                     rng,
@@ -571,11 +530,8 @@ impl PinProtocolV1 {
         self.key_agreement_key = crypto::ecdh::SecKey::gensk(rng);
         self.pin_uv_auth_token = rng.gen_uniform_u8x32();
         self.consecutive_pin_mismatches = 0;
-        #[cfg(feature = "with_ctap2_1")]
-        {
-            self.permissions = 0;
-            self.permissions_rp_id = None;
-        }
+        self.permissions = 0;
+        self.permissions_rp_id = None;
     }
 
     pub fn process_hmac_secret(
@@ -598,7 +554,6 @@ impl PinProtocolV1 {
         encrypt_hmac_secret_output(&shared_secret, &salt_enc[..], cred_random)
     }
 
-    #[cfg(feature = "with_ctap2_1")]
     pub fn has_permission(&self, permission: PinPermission) -> Result<(), Ctap2StatusCode> {
         // Relies on the fact that all permissions are represented by powers of two.
         if permission as u8 & self.permissions != 0 {
@@ -608,7 +563,6 @@ impl PinProtocolV1 {
         }
     }
 
-    #[cfg(feature = "with_ctap2_1")]
     pub fn has_permission_for_rp_id(&mut self, rp_id: &str) -> Result<(), Ctap2StatusCode> {
         if let Some(permissions_rp_id) = &self.permissions_rp_id {
             if rp_id != permissions_rp_id {
@@ -629,9 +583,7 @@ impl PinProtocolV1 {
             key_agreement_key,
             pin_uv_auth_token,
             consecutive_pin_mismatches: 0,
-            #[cfg(feature = "with_ctap2_1")]
             permissions: 0xFF,
-            #[cfg(feature = "with_ctap2_1")]
             permissions_rp_id: None,
         }
     }
@@ -919,7 +871,6 @@ mod test {
         );
     }
 
-    #[cfg(feature = "with_ctap2_1")]
     #[test]
     fn test_process_get_pin_uv_auth_token_using_pin_with_permissions() {
         let mut rng = ThreadRng256 {};
@@ -963,7 +914,7 @@ mod test {
                 &mut rng,
                 &mut persistent_store,
                 key_agreement.clone(),
-                pin_hash_enc.clone(),
+                pin_hash_enc,
                 0x03,
                 None,
             ),
@@ -984,7 +935,6 @@ mod test {
         );
     }
 
-    #[cfg(feature = "with_ctap2_1")]
     #[test]
     fn test_process_set_min_pin_length() {
         let mut rng = ThreadRng256 {};
@@ -1031,13 +981,9 @@ mod test {
             pin_auth: None,
             new_pin_enc: None,
             pin_hash_enc: None,
-            #[cfg(feature = "with_ctap2_1")]
             min_pin_length: None,
-            #[cfg(feature = "with_ctap2_1")]
             min_pin_length_rp_ids: None,
-            #[cfg(feature = "with_ctap2_1")]
             permissions: None,
-            #[cfg(feature = "with_ctap2_1")]
             permissions_rp_id: None,
         };
         assert!(pin_protocol_v1
@@ -1051,18 +997,11 @@ mod test {
             pin_auth: None,
             new_pin_enc: None,
             pin_hash_enc: None,
-            #[cfg(feature = "with_ctap2_1")]
             min_pin_length: None,
-            #[cfg(feature = "with_ctap2_1")]
             min_pin_length_rp_ids: None,
-            #[cfg(feature = "with_ctap2_1")]
             permissions: None,
-            #[cfg(feature = "with_ctap2_1")]
             permissions_rp_id: None,
         };
-        #[cfg(not(feature = "with_ctap2_1"))]
-        let error_code = Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID;
-        #[cfg(feature = "with_ctap2_1")]
         let error_code = Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER;
         assert_eq!(
             pin_protocol_v1.process_subcommand(&mut rng, &mut persistent_store, client_pin_params),
@@ -1231,7 +1170,6 @@ mod test {
         assert_eq!(&output_dec[..32], &expected_output1);
     }
 
-    #[cfg(feature = "with_ctap2_1")]
     #[test]
     fn test_has_permission() {
         let mut rng = ThreadRng256 {};
@@ -1249,7 +1187,6 @@ mod test {
         }
     }
 
-    #[cfg(feature = "with_ctap2_1")]
     #[test]
     fn test_has_permission_for_rp_id() {
         let mut rng = ThreadRng256 {};
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index 6422959..390b0cb 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -12,11 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-#[cfg(feature = "with_ctap2_1")]
-use super::data_formats::{AuthenticatorTransport, PublicKeyCredentialParameter};
 use super::data_formats::{
-    CoseKey, CredentialProtectionPolicy, PackedAttestationStatement, PublicKeyCredentialDescriptor,
-    PublicKeyCredentialUserEntity,
+    AuthenticatorTransport, CoseKey, CredentialProtectionPolicy, PackedAttestationStatement,
+    PublicKeyCredentialDescriptor, PublicKeyCredentialParameter, PublicKeyCredentialUserEntity,
 };
 use alloc::collections::BTreeMap;
 use alloc::string::String;
@@ -32,7 +30,6 @@ pub enum ResponseData {
     AuthenticatorGetInfo(AuthenticatorGetInfoResponse),
     AuthenticatorClientPin(Option<AuthenticatorClientPinResponse>),
     AuthenticatorReset,
-    #[cfg(feature = "with_ctap2_1")]
     AuthenticatorSelection,
     AuthenticatorVendor(AuthenticatorVendorResponse),
 }
@@ -47,7 +44,6 @@ impl From<ResponseData> for Option<cbor::Value> {
             ResponseData::AuthenticatorClientPin(Some(data)) => Some(data.into()),
             ResponseData::AuthenticatorClientPin(None) => None,
             ResponseData::AuthenticatorReset => None,
-            #[cfg(feature = "with_ctap2_1")]
             ResponseData::AuthenticatorSelection => None,
             ResponseData::AuthenticatorVendor(data) => Some(data.into()),
         }
@@ -118,23 +114,16 @@ pub struct AuthenticatorGetInfoResponse {
     pub options: Option<BTreeMap<String, bool>>,
     pub max_msg_size: Option<u64>,
     pub pin_protocols: Option<Vec<u64>>,
-    #[cfg(feature = "with_ctap2_1")]
     pub max_credential_count_in_list: Option<u64>,
-    #[cfg(feature = "with_ctap2_1")]
     pub max_credential_id_length: Option<u64>,
-    #[cfg(feature = "with_ctap2_1")]
     pub transports: Option<Vec<AuthenticatorTransport>>,
-    #[cfg(feature = "with_ctap2_1")]
     pub algorithms: Option<Vec<PublicKeyCredentialParameter>>,
     pub default_cred_protect: Option<CredentialProtectionPolicy>,
-    #[cfg(feature = "with_ctap2_1")]
     pub min_pin_length: u8,
-    #[cfg(feature = "with_ctap2_1")]
     pub firmware_version: Option<u64>,
 }
 
 impl From<AuthenticatorGetInfoResponse> for cbor::Value {
-    #[cfg(feature = "with_ctap2_1")]
     fn from(get_info_response: AuthenticatorGetInfoResponse) -> Self {
         let AuthenticatorGetInfoResponse {
             versions,
@@ -176,37 +165,6 @@ impl From<AuthenticatorGetInfoResponse> for cbor::Value {
             0x0E => firmware_version,
         }
     }
-
-    #[cfg(not(feature = "with_ctap2_1"))]
-    fn from(get_info_response: AuthenticatorGetInfoResponse) -> Self {
-        let AuthenticatorGetInfoResponse {
-            versions,
-            extensions,
-            aaguid,
-            options,
-            max_msg_size,
-            pin_protocols,
-            default_cred_protect,
-        } = get_info_response;
-
-        let options_cbor: Option<cbor::Value> = options.map(|options| {
-            let option_map: BTreeMap<_, _> = options
-                .into_iter()
-                .map(|(key, value)| (cbor_text!(key), cbor_bool!(value)))
-                .collect();
-            cbor_map_btree!(option_map)
-        });
-
-        cbor_map_options! {
-            0x01 => cbor_array_vec!(versions),
-            0x02 => extensions.map(|vec| cbor_array_vec!(vec)),
-            0x03 => &aaguid,
-            0x04 => options_cbor,
-            0x05 => max_msg_size,
-            0x06 => pin_protocols.map(|vec| cbor_array_vec!(vec)),
-            0x0C => default_cred_protect.map(|p| p as u64),
-        }
-    }
 }
 
 #[cfg_attr(test, derive(PartialEq))]
@@ -257,7 +215,6 @@ impl From<AuthenticatorVendorResponse> for cbor::Value {
 #[cfg(test)]
 mod test {
     use super::super::data_formats::PackedAttestationStatement;
-    #[cfg(feature = "with_ctap2_1")]
     use super::super::ES256_CRED_PARAM;
     use super::*;
     use cbor::{cbor_bytes, cbor_map};
@@ -321,28 +278,16 @@ mod test {
             options: None,
             max_msg_size: None,
             pin_protocols: None,
-            #[cfg(feature = "with_ctap2_1")]
             max_credential_count_in_list: None,
-            #[cfg(feature = "with_ctap2_1")]
             max_credential_id_length: None,
-            #[cfg(feature = "with_ctap2_1")]
             transports: None,
-            #[cfg(feature = "with_ctap2_1")]
             algorithms: None,
             default_cred_protect: None,
-            #[cfg(feature = "with_ctap2_1")]
             min_pin_length: 4,
-            #[cfg(feature = "with_ctap2_1")]
             firmware_version: None,
         };
         let response_cbor: Option<cbor::Value> =
             ResponseData::AuthenticatorGetInfo(get_info_response).into();
-        #[cfg(not(feature = "with_ctap2_1"))]
-        let expected_cbor = cbor_map_options! {
-            0x01 => cbor_array_vec![versions],
-            0x03 => vec![0x00; 16],
-        };
-        #[cfg(feature = "with_ctap2_1")]
         let expected_cbor = cbor_map_options! {
             0x01 => cbor_array_vec![versions],
             0x03 => vec![0x00; 16],
@@ -352,7 +297,6 @@ mod test {
     }
 
     #[test]
-    #[cfg(feature = "with_ctap2_1")]
     fn test_get_info_optionals_into_cbor() {
         let mut options_map = BTreeMap::new();
         options_map.insert(String::from("rk"), true);
@@ -418,7 +362,6 @@ mod test {
         assert_eq!(response_cbor, None);
     }
 
-    #[cfg(feature = "with_ctap2_1")]
     #[test]
     fn test_selection_into_cbor() {
         let response_cbor: Option<cbor::Value> = ResponseData::AuthenticatorSelection.into();
diff --git a/src/ctap/status_code.rs b/src/ctap/status_code.rs
index 40f258e..5a9ec71 100644
--- a/src/ctap/status_code.rs
+++ b/src/ctap/status_code.rs
@@ -31,9 +31,7 @@ pub enum Ctap2StatusCode {
     CTAP2_ERR_INVALID_CBOR = 0x12,
     CTAP2_ERR_MISSING_PARAMETER = 0x14,
     CTAP2_ERR_LIMIT_EXCEEDED = 0x15,
-    #[cfg(feature = "with_ctap2_1")]
     CTAP2_ERR_FP_DATABASE_FULL = 0x17,
-    #[cfg(feature = "with_ctap2_1")]
     CTAP2_ERR_LARGE_BLOB_STORAGE_FULL = 0x18,
     CTAP2_ERR_CREDENTIAL_EXCLUDED = 0x19,
     CTAP2_ERR_PROCESSING = 0x21,
@@ -63,13 +61,9 @@ pub enum Ctap2StatusCode {
     CTAP2_ERR_ACTION_TIMEOUT = 0x3A,
     CTAP2_ERR_UP_REQUIRED = 0x3B,
     CTAP2_ERR_UV_BLOCKED = 0x3C,
-    #[cfg(feature = "with_ctap2_1")]
     CTAP2_ERR_INTEGRITY_FAILURE = 0x3D,
-    #[cfg(feature = "with_ctap2_1")]
     CTAP2_ERR_INVALID_SUBCOMMAND = 0x3E,
-    #[cfg(feature = "with_ctap2_1")]
     CTAP2_ERR_UV_INVALID = 0x3F,
-    #[cfg(feature = "with_ctap2_1")]
     CTAP2_ERR_UNAUTHORIZED_PERMISSION = 0x40,
     CTAP1_ERR_OTHER = 0x7F,
     _CTAP2_ERR_SPEC_LAST = 0xDF,
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 73bbc16..28c1599 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -14,20 +14,18 @@
 
 mod key;
 
-#[cfg(feature = "with_ctap2_1")]
-use crate::ctap::data_formats::{extract_array, extract_text_string};
-use crate::ctap::data_formats::{CredentialProtectionPolicy, PublicKeyCredentialSource};
+use crate::ctap::data_formats::{
+    extract_array, extract_text_string, CredentialProtectionPolicy, PublicKeyCredentialSource,
+};
 use crate::ctap::key_material;
 use crate::ctap::pin_protocol_v1::PIN_AUTH_LENGTH;
 use crate::ctap::status_code::Ctap2StatusCode;
 use crate::ctap::INITIAL_SIGNATURE_COUNTER;
 use crate::embedded_flash::{new_storage, Storage};
-#[cfg(feature = "with_ctap2_1")]
 use alloc::string::String;
 use alloc::vec;
 use alloc::vec::Vec;
 use arrayref::array_ref;
-#[cfg(feature = "with_ctap2_1")]
 use cbor::cbor_array_vec;
 use core::convert::TryInto;
 use crypto::rng256::Rng256;
@@ -54,14 +52,11 @@ const NUM_PAGES: usize = 20;
 const MAX_SUPPORTED_RESIDENTIAL_KEYS: usize = 150;
 
 const MAX_PIN_RETRIES: u8 = 8;
-#[cfg(feature = "with_ctap2_1")]
 const DEFAULT_MIN_PIN_LENGTH: u8 = 4;
 // TODO(kaczmarczyck) use this for the minPinLength extension
 // https://github.com/google/OpenSK/issues/129
-#[cfg(feature = "with_ctap2_1")]
 const _DEFAULT_MIN_PIN_LENGTH_RP_IDS: Vec<String> = Vec::new();
 // TODO(kaczmarczyck) Check whether this constant is necessary, or replace it accordingly.
-#[cfg(feature = "with_ctap2_1")]
 const _MAX_RP_IDS_LENGTH: usize = 8;
 
 /// Wrapper for master keys.
@@ -348,7 +343,6 @@ impl PersistentStore {
     }
 
     /// Returns the minimum PIN length.
-    #[cfg(feature = "with_ctap2_1")]
     pub fn min_pin_length(&self) -> Result<u8, Ctap2StatusCode> {
         match self.store.find(key::MIN_PIN_LENGTH)? {
             None => Ok(DEFAULT_MIN_PIN_LENGTH),
@@ -358,14 +352,12 @@ impl PersistentStore {
     }
 
     /// Sets the minimum PIN length.
-    #[cfg(feature = "with_ctap2_1")]
     pub fn set_min_pin_length(&mut self, min_pin_length: u8) -> Result<(), Ctap2StatusCode> {
         Ok(self.store.insert(key::MIN_PIN_LENGTH, &[min_pin_length])?)
     }
 
     /// Returns the list of RP IDs that are used to check if reading the minimum PIN length is
     /// allowed.
-    #[cfg(feature = "with_ctap2_1")]
     pub fn _min_pin_length_rp_ids(&self) -> Result<Vec<String>, Ctap2StatusCode> {
         let rp_ids = self
             .store
@@ -374,11 +366,10 @@ impl PersistentStore {
                 _deserialize_min_pin_length_rp_ids(&value)
             });
         debug_assert!(rp_ids.is_some());
-        Ok(rp_ids.unwrap_or(vec![]))
+        Ok(rp_ids.unwrap_or_default())
     }
 
     /// Sets the list of RP IDs that are used to check if reading the minimum PIN length is allowed.
-    #[cfg(feature = "with_ctap2_1")]
     pub fn _set_min_pin_length_rp_ids(
         &mut self,
         min_pin_length_rp_ids: Vec<String>,
@@ -582,7 +573,6 @@ fn serialize_credential(credential: PublicKeyCredentialSource) -> Result<Vec<u8>
 }
 
 /// Deserializes a list of RP IDs from storage representation.
-#[cfg(feature = "with_ctap2_1")]
 fn _deserialize_min_pin_length_rp_ids(data: &[u8]) -> Option<Vec<String>> {
     let cbor = cbor::read(data).ok()?;
     extract_array(cbor)
@@ -594,7 +584,6 @@ fn _deserialize_min_pin_length_rp_ids(data: &[u8]) -> Option<Vec<String>> {
 }
 
 /// Serializes a list of RP IDs to storage representation.
-#[cfg(feature = "with_ctap2_1")]
 fn _serialize_min_pin_length_rp_ids(rp_ids: Vec<String>) -> Result<Vec<u8>, Ctap2StatusCode> {
     let mut data = Vec::new();
     if cbor::write(cbor_array_vec!(rp_ids), &mut data) {
@@ -988,7 +977,6 @@ mod test {
         assert_eq!(&persistent_store.aaguid().unwrap(), key_material::AAGUID);
     }
 
-    #[cfg(feature = "with_ctap2_1")]
     #[test]
     fn test_min_pin_length() {
         let mut rng = ThreadRng256 {};
@@ -1011,7 +999,6 @@ mod test {
         );
     }
 
-    #[cfg(feature = "with_ctap2_1")]
     #[test]
     fn test_min_pin_length_rp_ids() {
         let mut rng = ThreadRng256 {};
@@ -1080,7 +1067,6 @@ mod test {
         assert_eq!(credential, reconstructed);
     }
 
-    #[cfg(feature = "with_ctap2_1")]
     #[test]
     fn test_serialize_deserialize_min_pin_length_rp_ids() {
         let rp_ids = vec![String::from("example.com")];
diff --git a/src/ctap/storage/key.rs b/src/ctap/storage/key.rs
index 5c5b20e..ec39efa 100644
--- a/src/ctap/storage/key.rs
+++ b/src/ctap/storage/key.rs
@@ -92,13 +92,11 @@ make_partition! {
     CRED_RANDOM_SECRET = 2041;
 
     /// List of RP IDs allowed to read the minimum PIN length.
-    #[cfg(feature = "with_ctap2_1")]
     _MIN_PIN_LENGTH_RP_IDS = 2042;
 
     /// The minimum PIN length.
     ///
     /// If the entry is absent, the minimum PIN length is `DEFAULT_MIN_PIN_LENGTH`.
-    #[cfg(feature = "with_ctap2_1")]
     MIN_PIN_LENGTH = 2043;
 
     /// The number of PIN retries.

From da03f77a32e059491ee8e1e2b4a3a0b027e8fa45 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 8 Jan 2021 13:13:52 +0100
Subject: [PATCH 108/192] small readbility fix for variable assignment with cfg

---
 src/ctap/mod.rs | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 4168f8f..fe60e80 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -1016,14 +1016,11 @@ mod test {
         let info_reponse = ctap_state.process_command(&[0x04], DUMMY_CHANNEL_ID, DUMMY_CLOCK_VALUE);
 
         let mut expected_response = vec![0x00, 0xAA, 0x01];
-        // The difference here is a longer array of supported versions.
-        let mut version_count = 0;
-        // CTAP 2.0 and 2.1 are always supported
-        version_count += 2;
+        // The version array differs with CTAP1, always including 2.0 and 2.1.
+        #[cfg(not(feature = "with_ctap1"))]
+        let version_count = 2;
         #[cfg(feature = "with_ctap1")]
-        {
-            version_count += 1;
-        }
+        let version_count = 3;
         expected_response.push(0x80 + version_count);
         #[cfg(feature = "with_ctap1")]
         expected_response.extend(&[0x66, 0x55, 0x32, 0x46, 0x5F, 0x56, 0x32]);

From f4eb6c938e5105c9c0039f160146d21dfe18a101 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Thu, 7 Jan 2021 18:17:21 +0100
Subject: [PATCH 109/192] adds the config command

---
 README.md                   |  15 +-
 src/ctap/command.rs         |  80 +++++---
 src/ctap/config_command.rs  | 269 +++++++++++++++++++++++++++
 src/ctap/data_formats.rs    | 160 +++++++++++++++-
 src/ctap/mod.rs             | 361 +++++++++++++++++++++---------------
 src/ctap/pin_protocol_v1.rs | 114 ++----------
 src/ctap/response.rs        |   9 +
 src/ctap/storage.rs         | 114 ++++++++----
 src/ctap/storage/key.rs     |   9 +-
 9 files changed, 796 insertions(+), 335 deletions(-)
 create mode 100644 src/ctap/config_command.rs

diff --git a/README.md b/README.md
index decee76..48f6c6e 100644
--- a/README.md
+++ b/README.md
@@ -93,32 +93,37 @@ a few things you can personalize:
 
 1.  If you have multiple buttons, choose the buttons responsible for user
     presence in `main.rs`.
-2.  Decide whether you want to use batch attestation. There is a boolean flag in
+1.  Decide whether you want to use batch attestation. There is a boolean flag in
     `ctap/mod.rs`. It is mandatory for U2F, and you can create your own
     self-signed certificate. The flag is used for FIDO2 and has some privacy
     implications. Please check
     [WebAuthn](https://www.w3.org/TR/webauthn/#attestation) for more
     information.
-3.  Decide whether you want to use signature counters. Currently, only global
+1.  Decide whether you want to use signature counters. Currently, only global
     signature counters are implemented, as they are the default option for U2F.
     The flag in `ctap/mod.rs` only turns them off for FIDO2. The most privacy
     preserving solution is individual or no signature counters. Again, please
     check [WebAuthn](https://www.w3.org/TR/webauthn/#signature-counter) for
     documentation.
-4.  Depending on your available flash storage, choose an appropriate maximum
+1.  Depending on your available flash storage, choose an appropriate maximum
     number of supported residential keys and number of pages in
     `ctap/storage.rs`.
-5.  Change the default level for the credProtect extension in `ctap/mod.rs`.
+1.  Change the default level for the credProtect extension in `ctap/mod.rs`.
     When changing the default, resident credentials become undiscoverable without
     user verification. This helps privacy, but can make usage less comfortable
     for credentials that need less protection.
-6.  Increase the default minimum length for PINs in `ctap/storage.rs`.
+1.  Increase the default minimum length for PINs in `ctap/storage.rs`.
     The current minimum is 4. Values from 4 to 63 are allowed. Requiring longer
     PINs can help establish trust between users and relying parties. It makes
     user verification harder to break, but less convenient.
     NIST recommends at least 6-digit PINs in section 5.1.9.1:
     https://pages.nist.gov/800-63-3/sp800-63b.html
     You can add relying parties to the list of readers of the minimum PIN length.
+1.  In an enterprise setting, you can adapt `DEFAULT_MIN_PIN_LENGTH_RP_IDS` and
+    `MAX_RP_IDS_LENGTH` for tuning the `minPinLength` extension. The former
+    allows some relying parties to read the minimum PIN length by default. The
+    latter allows storing more relying parties that may check the minimum PIN
+    length.
 
 ### 3D printed enclosure
 
diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index 0a86093..6b6ab54 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -14,10 +14,10 @@
 
 use super::data_formats::{
     extract_array, extract_bool, extract_byte_string, extract_map, extract_text_string,
-    extract_unsigned, ok_or_missing, ClientPinSubCommand, CoseKey, GetAssertionExtensions,
-    GetAssertionOptions, MakeCredentialExtensions, MakeCredentialOptions,
-    PublicKeyCredentialDescriptor, PublicKeyCredentialParameter, PublicKeyCredentialRpEntity,
-    PublicKeyCredentialUserEntity,
+    extract_unsigned, ok_or_missing, ClientPinSubCommand, ConfigSubCommand, ConfigSubCommandParams,
+    CoseKey, GetAssertionExtensions, GetAssertionOptions, MakeCredentialExtensions,
+    MakeCredentialOptions, PublicKeyCredentialDescriptor, PublicKeyCredentialParameter,
+    PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity, SetMinPinLengthParams,
 };
 use super::key_material;
 use super::status_code::Ctap2StatusCode;
@@ -42,6 +42,7 @@ pub enum Command {
     AuthenticatorReset,
     AuthenticatorGetNextAssertion,
     AuthenticatorSelection,
+    AuthenticatorConfig(AuthenticatorConfigParameters),
     // TODO(kaczmarczyck) implement FIDO 2.1 commands (see below consts)
     // Vendor specific commands
     AuthenticatorVendorConfigure(AuthenticatorVendorConfigureParameters),
@@ -114,6 +115,12 @@ impl Command {
                 // Parameters are ignored.
                 Ok(Command::AuthenticatorSelection)
             }
+            Command::AUTHENTICATOR_CONFIG => {
+                let decoded_cbor = cbor::read(&bytes[1..])?;
+                Ok(Command::AuthenticatorConfig(
+                    AuthenticatorConfigParameters::try_from(decoded_cbor)?,
+                ))
+            }
             Command::AUTHENTICATOR_VENDOR_CONFIGURE => {
                 let decoded_cbor = cbor::read(&bytes[1..])?;
                 Ok(Command::AuthenticatorVendorConfigure(
@@ -290,8 +297,6 @@ pub struct AuthenticatorClientPinParameters {
     pub pin_auth: Option<Vec<u8>>,
     pub new_pin_enc: Option<Vec<u8>>,
     pub pin_hash_enc: Option<Vec<u8>>,
-    pub min_pin_length: Option<u8>,
-    pub min_pin_length_rp_ids: Option<Vec<String>>,
     pub permissions: Option<u8>,
     pub permissions_rp_id: Option<String>,
 }
@@ -308,8 +313,6 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
                 4 => pin_auth,
                 5 => new_pin_enc,
                 6 => pin_hash_enc,
-                7 => min_pin_length,
-                8 => min_pin_length_rp_ids,
                 9 => permissions,
                 10 => permissions_rp_id,
             } = extract_map(cbor_value)?;
@@ -321,21 +324,6 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
         let pin_auth = pin_auth.map(extract_byte_string).transpose()?;
         let new_pin_enc = new_pin_enc.map(extract_byte_string).transpose()?;
         let pin_hash_enc = pin_hash_enc.map(extract_byte_string).transpose()?;
-        let min_pin_length = min_pin_length
-            .map(extract_unsigned)
-            .transpose()?
-            .map(u8::try_from)
-            .transpose()
-            .map_err(|_| Ctap2StatusCode::CTAP2_ERR_PIN_POLICY_VIOLATION)?;
-        let min_pin_length_rp_ids = match min_pin_length_rp_ids {
-            Some(entry) => Some(
-                extract_array(entry)?
-                    .into_iter()
-                    .map(extract_text_string)
-                    .collect::<Result<Vec<String>, Ctap2StatusCode>>()?,
-            ),
-            None => None,
-        };
         // We expect a bit field of 8 bits, and drop everything else.
         // This means we ignore extensions in future versions.
         let permissions = permissions
@@ -351,14 +339,52 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
             pin_auth,
             new_pin_enc,
             pin_hash_enc,
-            min_pin_length,
-            min_pin_length_rp_ids,
             permissions,
             permissions_rp_id,
         })
     }
 }
 
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+pub struct AuthenticatorConfigParameters {
+    pub sub_command: ConfigSubCommand,
+    pub sub_command_params: Option<ConfigSubCommandParams>,
+    pub pin_uv_auth_param: Option<Vec<u8>>,
+    pub pin_uv_auth_protocol: Option<u64>,
+}
+
+impl TryFrom<cbor::Value> for AuthenticatorConfigParameters {
+    type Error = Ctap2StatusCode;
+
+    fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
+        destructure_cbor_map! {
+            let {
+                0x01 => sub_command,
+                0x02 => sub_command_params,
+                0x03 => pin_uv_auth_param,
+                0x04 => pin_uv_auth_protocol,
+            } = extract_map(cbor_value)?;
+        }
+
+        let sub_command = ConfigSubCommand::try_from(ok_or_missing(sub_command)?)?;
+        let sub_command_params = match sub_command {
+            ConfigSubCommand::SetMinPinLength => Some(ConfigSubCommandParams::SetMinPinLength(
+                SetMinPinLengthParams::try_from(ok_or_missing(sub_command_params)?)?,
+            )),
+            _ => None,
+        };
+        let pin_uv_auth_param = pin_uv_auth_param.map(extract_byte_string).transpose()?;
+        let pin_uv_auth_protocol = pin_uv_auth_protocol.map(extract_unsigned).transpose()?;
+
+        Ok(AuthenticatorConfigParameters {
+            sub_command,
+            sub_command_params,
+            pin_uv_auth_param,
+            pin_uv_auth_protocol,
+        })
+    }
+}
+
 #[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
 pub struct AuthenticatorAttestationMaterial {
     pub certificate: Vec<u8>,
@@ -541,8 +567,6 @@ mod test {
             4 => vec! [0xBB],
             5 => vec! [0xCC],
             6 => vec! [0xDD],
-            7 => 4,
-            8 => cbor_array!["example.com"],
             9 => 0x03,
             10 => "example.com",
         };
@@ -556,8 +580,6 @@ mod test {
             pin_auth: Some(vec![0xBB]),
             new_pin_enc: Some(vec![0xCC]),
             pin_hash_enc: Some(vec![0xDD]),
-            min_pin_length: Some(4),
-            min_pin_length_rp_ids: Some(vec!["example.com".to_string()]),
             permissions: Some(0x03),
             permissions_rp_id: Some("example.com".to_string()),
         };
diff --git a/src/ctap/config_command.rs b/src/ctap/config_command.rs
new file mode 100644
index 0000000..873a9b1
--- /dev/null
+++ b/src/ctap/config_command.rs
@@ -0,0 +1,269 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use super::check_pin_uv_auth_protocol;
+use super::command::AuthenticatorConfigParameters;
+use super::data_formats::{ConfigSubCommand, ConfigSubCommandParams, SetMinPinLengthParams};
+use super::pin_protocol_v1::PinProtocolV1;
+use super::response::ResponseData;
+use super::status_code::Ctap2StatusCode;
+use super::storage::PersistentStore;
+use alloc::vec;
+
+fn process_set_min_pin_length(
+    persistent_store: &mut PersistentStore,
+    pin_protocol_v1: &mut PinProtocolV1,
+    params: SetMinPinLengthParams,
+) -> Result<ResponseData, Ctap2StatusCode> {
+    let SetMinPinLengthParams {
+        new_min_pin_length,
+        min_pin_length_rp_ids,
+        force_change_pin,
+    } = params;
+    let store_min_pin_length = persistent_store.min_pin_length()?;
+    let new_min_pin_length = new_min_pin_length.unwrap_or(store_min_pin_length);
+    if new_min_pin_length < store_min_pin_length {
+        return Err(Ctap2StatusCode::CTAP2_ERR_PIN_POLICY_VIOLATION);
+    }
+    let mut force_change_pin = force_change_pin.unwrap_or(false);
+    if force_change_pin && persistent_store.pin_hash()?.is_none() {
+        return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
+    }
+    if let Some(old_length) = persistent_store.pin_code_point_length()? {
+        force_change_pin |= new_min_pin_length > old_length;
+    }
+    pin_protocol_v1.force_pin_change |= force_change_pin;
+    // TODO(kaczmarczyck) actually force a PIN change
+    persistent_store.set_min_pin_length(new_min_pin_length)?;
+    if let Some(min_pin_length_rp_ids) = min_pin_length_rp_ids {
+        persistent_store.set_min_pin_length_rp_ids(min_pin_length_rp_ids)?;
+    }
+    Ok(ResponseData::AuthenticatorConfig)
+}
+
+pub fn process_config(
+    persistent_store: &mut PersistentStore,
+    pin_protocol_v1: &mut PinProtocolV1,
+    params: AuthenticatorConfigParameters,
+) -> Result<ResponseData, Ctap2StatusCode> {
+    let AuthenticatorConfigParameters {
+        sub_command,
+        sub_command_params,
+        pin_uv_auth_param,
+        pin_uv_auth_protocol,
+    } = params;
+
+    if persistent_store.pin_hash()?.is_some() {
+        // TODO(kaczmarczyck) The error code is specified inconsistently with other commands.
+        check_pin_uv_auth_protocol(pin_uv_auth_protocol)
+            .map_err(|_| Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
+        let auth_param = pin_uv_auth_param.ok_or(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
+        let mut config_data = vec![0xFF; 32];
+        config_data.extend(&[0x0D, sub_command as u8]);
+        if let Some(sub_command_params) = sub_command_params.clone() {
+            if !cbor::write(sub_command_params.into(), &mut config_data) {
+                return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
+            }
+        }
+        if !pin_protocol_v1.verify_pin_auth_token(&config_data, &auth_param) {
+            return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
+        }
+    }
+
+    match sub_command {
+        ConfigSubCommand::SetMinPinLength => {
+            if let Some(ConfigSubCommandParams::SetMinPinLength(params)) = sub_command_params {
+                process_set_min_pin_length(persistent_store, pin_protocol_v1, params)
+            } else {
+                Err(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)
+            }
+        }
+        _ => Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER),
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::super::command::AuthenticatorConfigParameters;
+    use super::*;
+    use crypto::rng256::ThreadRng256;
+
+    fn create_min_pin_config_params(
+        min_pin_length: u8,
+        min_pin_length_rp_ids: Option<Vec<String>>,
+    ) -> AuthenticatorConfigParameters {
+        let set_min_pin_length_params = SetMinPinLengthParams {
+            new_min_pin_length: Some(min_pin_length),
+            min_pin_length_rp_ids,
+            force_change_pin: None,
+        };
+        AuthenticatorConfigParameters {
+            sub_command: ConfigSubCommand::SetMinPinLength,
+            sub_command_params: Some(ConfigSubCommandParams::SetMinPinLength(
+                set_min_pin_length_params,
+            )),
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: Some(1),
+        }
+    }
+
+    #[test]
+    fn test_process_set_min_pin_length() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+
+        // First, increase minimum PIN length from 4 to 6 without PIN auth.
+        let min_pin_length = 6;
+        let config_params = create_min_pin_config_params(min_pin_length, None);
+        let config_response =
+            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
+        assert_eq!(persistent_store.min_pin_length(), Ok(min_pin_length));
+
+        // Second, increase minimum PIN length from 6 to 8 with PIN auth.
+        // The stored PIN or its length don't matter since we control the token.
+        persistent_store.set_pin(&[0x88; 16], 8).unwrap();
+        let min_pin_length = 8;
+        let mut config_params = create_min_pin_config_params(min_pin_length, None);
+        let pin_auth = vec![
+            0x5C, 0x69, 0x71, 0x29, 0xBD, 0xCC, 0x53, 0xE8, 0x3C, 0x97, 0x62, 0xDD, 0x90, 0x29,
+            0xB2, 0xDE,
+        ];
+        config_params.pin_uv_auth_param = Some(pin_auth);
+        let config_response =
+            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
+        assert_eq!(persistent_store.min_pin_length(), Ok(min_pin_length));
+
+        // Third, decreasing the minimum PIN length from 8 to 7 fails.
+        let mut config_params = create_min_pin_config_params(7, None);
+        let pin_auth = vec![
+            0xC5, 0xEA, 0xC1, 0x5E, 0x7F, 0x80, 0x70, 0x1A, 0x4E, 0xC4, 0xAD, 0x85, 0x35, 0xD8,
+            0xA7, 0x71,
+        ];
+        config_params.pin_uv_auth_param = Some(pin_auth);
+        let config_response =
+            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        assert_eq!(
+            config_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_POLICY_VIOLATION)
+        );
+        assert_eq!(persistent_store.min_pin_length(), Ok(min_pin_length));
+    }
+
+    #[test]
+    fn test_process_set_min_pin_length_rp_ids() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+
+        // First, set RP IDs without PIN auth.
+        let min_pin_length = 6;
+        let min_pin_length_rp_ids = vec!["example.com".to_string()];
+        let config_params =
+            create_min_pin_config_params(min_pin_length, Some(min_pin_length_rp_ids.clone()));
+        let config_response =
+            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
+        assert_eq!(persistent_store.min_pin_length(), Ok(min_pin_length));
+        assert_eq!(
+            persistent_store.min_pin_length_rp_ids(),
+            Ok(min_pin_length_rp_ids)
+        );
+
+        // Second, change the RP IDs with PIN auth.
+        let min_pin_length = 8;
+        let min_pin_length_rp_ids = vec!["another.example.com".to_string()];
+        // The stored PIN or its length don't matter since we control the token.
+        persistent_store.set_pin(&[0x88; 16], 8).unwrap();
+        let mut config_params =
+            create_min_pin_config_params(min_pin_length, Some(min_pin_length_rp_ids.clone()));
+        let pin_auth = vec![
+            0x40, 0x51, 0x2D, 0xAC, 0x2D, 0xE2, 0x15, 0x77, 0x5C, 0xF9, 0x5B, 0x62, 0x9A, 0x2D,
+            0xD6, 0xDA,
+        ];
+        config_params.pin_uv_auth_param = Some(pin_auth.clone());
+        let config_response =
+            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
+        assert_eq!(persistent_store.min_pin_length(), Ok(min_pin_length));
+        assert_eq!(
+            persistent_store.min_pin_length_rp_ids(),
+            Ok(min_pin_length_rp_ids.clone())
+        );
+
+        // Third, changing RP IDs with bad PIN auth fails.
+        // One PIN auth shouldn't work for different lengths.
+        let mut config_params =
+            create_min_pin_config_params(9, Some(min_pin_length_rp_ids.clone()));
+        config_params.pin_uv_auth_param = Some(pin_auth.clone());
+        let config_response =
+            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        assert_eq!(
+            config_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+        assert_eq!(persistent_store.min_pin_length(), Ok(min_pin_length));
+        assert_eq!(
+            persistent_store.min_pin_length_rp_ids(),
+            Ok(min_pin_length_rp_ids.clone())
+        );
+
+        // Forth, changing RP IDs with bad PIN auth fails.
+        // One PIN auth shouldn't work for different RP IDs.
+        let mut config_params = create_min_pin_config_params(
+            min_pin_length,
+            Some(vec!["counter.example.com".to_string()]),
+        );
+        config_params.pin_uv_auth_param = Some(pin_auth);
+        let config_response =
+            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        assert_eq!(
+            config_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+        assert_eq!(persistent_store.min_pin_length(), Ok(min_pin_length));
+        assert_eq!(
+            persistent_store.min_pin_length_rp_ids(),
+            Ok(min_pin_length_rp_ids)
+        );
+    }
+
+    #[test]
+    fn test_process_config_vendor_prototype() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+
+        let config_params = AuthenticatorConfigParameters {
+            sub_command: ConfigSubCommand::VendorPrototype,
+            sub_command_params: None,
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let config_response =
+            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        assert_eq!(
+            config_response,
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        );
+    }
+}
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index 8081567..9cf149f 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -262,6 +262,7 @@ impl From<PublicKeyCredentialDescriptor> for cbor::Value {
 pub struct MakeCredentialExtensions {
     pub hmac_secret: bool,
     pub cred_protect: Option<CredentialProtectionPolicy>,
+    pub min_pin_length: bool,
 }
 
 impl TryFrom<cbor::Value> for MakeCredentialExtensions {
@@ -272,6 +273,7 @@ impl TryFrom<cbor::Value> for MakeCredentialExtensions {
             let {
                 "credProtect" => cred_protect,
                 "hmac-secret" => hmac_secret,
+                "minPinLength" => min_pin_length,
             } = extract_map(cbor_value)?;
         }
 
@@ -279,9 +281,11 @@ impl TryFrom<cbor::Value> for MakeCredentialExtensions {
         let cred_protect = cred_protect
             .map(CredentialProtectionPolicy::try_from)
             .transpose()?;
+        let min_pin_length = min_pin_length.map_or(Ok(false), extract_bool)?;
         Ok(Self {
             hmac_secret,
             cred_protect,
+            min_pin_length,
         })
     }
 }
@@ -706,7 +710,6 @@ pub enum ClientPinSubCommand {
     GetPinToken = 0x05,
     GetPinUvAuthTokenUsingUvWithPermissions = 0x06,
     GetUvRetries = 0x07,
-    SetMinPinLength = 0x08,
     GetPinUvAuthTokenUsingPinWithPermissions = 0x09,
 }
 
@@ -729,13 +732,114 @@ impl TryFrom<cbor::Value> for ClientPinSubCommand {
             0x05 => Ok(ClientPinSubCommand::GetPinToken),
             0x06 => Ok(ClientPinSubCommand::GetPinUvAuthTokenUsingUvWithPermissions),
             0x07 => Ok(ClientPinSubCommand::GetUvRetries),
-            0x08 => Ok(ClientPinSubCommand::SetMinPinLength),
             0x09 => Ok(ClientPinSubCommand::GetPinUvAuthTokenUsingPinWithPermissions),
             _ => Err(Ctap2StatusCode::CTAP2_ERR_INVALID_SUBCOMMAND),
         }
     }
 }
 
+#[derive(Clone, Copy)]
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[cfg_attr(test, derive(IntoEnumIterator))]
+pub enum ConfigSubCommand {
+    EnableEnterpriseAttestation = 0x01,
+    ToggleAlwaysUv = 0x02,
+    SetMinPinLength = 0x03,
+    VendorPrototype = 0xFF,
+}
+
+impl From<ConfigSubCommand> for cbor::Value {
+    fn from(subcommand: ConfigSubCommand) -> Self {
+        (subcommand as u64).into()
+    }
+}
+
+impl TryFrom<cbor::Value> for ConfigSubCommand {
+    type Error = Ctap2StatusCode;
+
+    fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
+        let subcommand_int = extract_unsigned(cbor_value)?;
+        match subcommand_int {
+            0x01 => Ok(ConfigSubCommand::EnableEnterpriseAttestation),
+            0x02 => Ok(ConfigSubCommand::ToggleAlwaysUv),
+            0x03 => Ok(ConfigSubCommand::SetMinPinLength),
+            0xFF => Ok(ConfigSubCommand::VendorPrototype),
+            _ => Err(Ctap2StatusCode::CTAP2_ERR_INVALID_SUBCOMMAND),
+        }
+    }
+}
+
+#[derive(Clone)]
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+pub enum ConfigSubCommandParams {
+    SetMinPinLength(SetMinPinLengthParams),
+}
+
+impl From<ConfigSubCommandParams> for cbor::Value {
+    fn from(params: ConfigSubCommandParams) -> Self {
+        match params {
+            ConfigSubCommandParams::SetMinPinLength(set_min_pin_length_params) => {
+                set_min_pin_length_params.into()
+            }
+        }
+    }
+}
+
+#[derive(Clone)]
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+pub struct SetMinPinLengthParams {
+    pub new_min_pin_length: Option<u8>,
+    pub min_pin_length_rp_ids: Option<Vec<String>>,
+    pub force_change_pin: Option<bool>,
+}
+
+impl TryFrom<cbor::Value> for SetMinPinLengthParams {
+    type Error = Ctap2StatusCode;
+
+    fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
+        destructure_cbor_map! {
+            let {
+                0x01 => new_min_pin_length,
+                0x02 => min_pin_length_rp_ids,
+                0x03 => force_change_pin,
+            } = extract_map(cbor_value)?;
+        }
+
+        let new_min_pin_length = new_min_pin_length
+            .map(extract_unsigned)
+            .transpose()?
+            .map(u8::try_from)
+            .transpose()
+            .map_err(|_| Ctap2StatusCode::CTAP2_ERR_PIN_POLICY_VIOLATION)?;
+        let min_pin_length_rp_ids = match min_pin_length_rp_ids {
+            Some(entry) => Some(
+                extract_array(entry)?
+                    .into_iter()
+                    .map(extract_text_string)
+                    .collect::<Result<Vec<String>, Ctap2StatusCode>>()?,
+            ),
+            None => None,
+        };
+        let force_change_pin = force_change_pin.map(extract_bool).transpose()?;
+
+        Ok(Self {
+            new_min_pin_length,
+            min_pin_length_rp_ids,
+            force_change_pin,
+        })
+    }
+}
+
+impl From<SetMinPinLengthParams> for cbor::Value {
+    fn from(params: SetMinPinLengthParams) -> Self {
+        cbor_map_options! {
+            0x01 => params.new_min_pin_length.map(|u| u as u64),
+            0x02 => params.min_pin_length_rp_ids.map(|vec| cbor_array_vec!(vec)),
+            0x03 => params.force_change_pin,
+        }
+    }
+}
+
 pub(super) fn extract_unsigned(cbor_value: cbor::Value) -> Result<u64, Ctap2StatusCode> {
     match cbor_value {
         cbor::Value::KeyValue(cbor::KeyType::Unsigned(unsigned)) => Ok(unsigned),
@@ -1240,11 +1344,13 @@ mod test {
         let cbor_extensions = cbor_map! {
             "hmac-secret" => true,
             "credProtect" => CredentialProtectionPolicy::UserVerificationRequired,
+            "minPinLength" => true,
         };
         let extensions = MakeCredentialExtensions::try_from(cbor_extensions);
         let expected_extensions = MakeCredentialExtensions {
             hmac_secret: true,
             cred_protect: Some(CredentialProtectionPolicy::UserVerificationRequired),
+            min_pin_length: true,
         };
         assert_eq!(extensions, Ok(expected_extensions));
     }
@@ -1347,6 +1453,56 @@ mod test {
         }
     }
 
+    #[test]
+    fn test_from_into_config_sub_command() {
+        let cbor_sub_command: cbor::Value = cbor_int!(0x01);
+        let sub_command = ConfigSubCommand::try_from(cbor_sub_command.clone());
+        let expected_sub_command = ConfigSubCommand::EnableEnterpriseAttestation;
+        assert_eq!(sub_command, Ok(expected_sub_command));
+        let created_cbor: cbor::Value = sub_command.unwrap().into();
+        assert_eq!(created_cbor, cbor_sub_command);
+
+        for command in ConfigSubCommand::into_enum_iter() {
+            let created_cbor: cbor::Value = command.clone().into();
+            let reconstructed = ConfigSubCommand::try_from(created_cbor).unwrap();
+            assert_eq!(command, reconstructed);
+        }
+    }
+
+    #[test]
+    fn test_from_set_min_pin_length_params() {
+        let params = SetMinPinLengthParams {
+            new_min_pin_length: Some(6),
+            min_pin_length_rp_ids: Some(vec!["example.com".to_string()]),
+            force_change_pin: Some(true),
+        };
+        let cbor_params = cbor_map! {
+            0x01 => 6,
+            0x02 => cbor_array_vec!(vec!["example.com".to_string()]),
+            0x03 => true,
+        };
+        assert_eq!(cbor::Value::from(params.clone()), cbor_params);
+        let reconstructed_params = SetMinPinLengthParams::try_from(cbor_params);
+        assert_eq!(reconstructed_params, Ok(params));
+    }
+
+    #[test]
+    fn test_from_config_sub_command_params() {
+        let set_min_pin_length_params = SetMinPinLengthParams {
+            new_min_pin_length: Some(6),
+            min_pin_length_rp_ids: Some(vec!["example.com".to_string()]),
+            force_change_pin: Some(true),
+        };
+        let config_sub_command_params =
+            ConfigSubCommandParams::SetMinPinLength(set_min_pin_length_params);
+        let cbor_params = cbor_map! {
+            0x01 => 6,
+            0x02 => cbor_array_vec!(vec!["example.com".to_string()]),
+            0x03 => true,
+        };
+        assert_eq!(cbor::Value::from(config_sub_command_params), cbor_params);
+    }
+
     #[test]
     fn test_credential_source_cbor_round_trip() {
         let mut rng = ThreadRng256 {};
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index fe60e80..233e5b7 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -14,6 +14,7 @@
 
 pub mod apdu;
 pub mod command;
+mod config_command;
 #[cfg(feature = "with_ctap1")]
 mod ctap1;
 pub mod data_formats;
@@ -30,6 +31,7 @@ use self::command::{
     AuthenticatorMakeCredentialParameters, AuthenticatorVendorConfigureParameters, Command,
     MAX_CREDENTIAL_COUNT_IN_LIST,
 };
+use self::config_command::process_config;
 use self::data_formats::{
     AuthenticatorTransport, CredentialProtectionPolicy, GetAssertionHmacSecretInput,
     PackedAttestationStatement, PublicKeyCredentialDescriptor, PublicKeyCredentialParameter,
@@ -106,6 +108,9 @@ pub const U2F_VERSION_STRING: &str = "U2F_V2";
 // TODO(#106) change to final string when ready
 pub const FIDO2_1_VERSION_STRING: &str = "FIDO_2_1_PRE";
 
+// This is the currently supported PIN protocol version.
+const PIN_PROTOCOL_VERSION: u64 = 1;
+
 // We currently only support one algorithm for signatures: ES256.
 // This algorithm is requested in MakeCredential and advertized in GetInfo.
 pub const ES256_CRED_PARAM: PublicKeyCredentialParameter = PublicKeyCredentialParameter {
@@ -117,6 +122,17 @@ pub const ES256_CRED_PARAM: PublicKeyCredentialParameter = PublicKeyCredentialPa
 // - Some(CredentialProtectionPolicy::UserVerificationRequired)
 const DEFAULT_CRED_PROTECT: Option<CredentialProtectionPolicy> = None;
 
+// Checks the PIN protocol parameter against all supported versions.
+pub fn check_pin_uv_auth_protocol(
+    pin_uv_auth_protocol: Option<u64>,
+) -> Result<(), Ctap2StatusCode> {
+    match pin_uv_auth_protocol {
+        Some(PIN_PROTOCOL_VERSION) => Ok(()),
+        Some(_) => Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
+        None => Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
+    }
+}
+
 // This function is adapted from https://doc.rust-lang.org/nightly/src/core/str/mod.rs.html#2110
 // (as of 2020-01-20) and truncates to "max" bytes, not breaking the encoding.
 // We change the return value, since we don't need the bool.
@@ -172,8 +188,6 @@ where
     R: Rng256,
     CheckUserPresence: Fn(ChannelID) -> Result<(), Ctap2StatusCode>,
 {
-    pub const PIN_PROTOCOL_VERSION: u64 = 1;
-
     pub fn new(
         rng: &'a mut R,
         check_user_presence: CheckUserPresence,
@@ -351,6 +365,11 @@ where
                     Command::AuthenticatorClientPin(params) => self.process_client_pin(params),
                     Command::AuthenticatorReset => self.process_reset(cid, now),
                     Command::AuthenticatorSelection => self.process_selection(cid),
+                    Command::AuthenticatorConfig(params) => process_config(
+                        &mut self.persistent_store,
+                        &mut self.pin_protocol_v1,
+                        params,
+                    ),
                     // TODO(kaczmarczyck) implement FIDO 2.1 commands
                     // Vendor specific commands
                     Command::AuthenticatorVendorConfigure(params) => {
@@ -394,11 +413,7 @@ where
                 }
             }
 
-            match pin_uv_auth_protocol {
-                Some(CtapState::<R, CheckUserPresence>::PIN_PROTOCOL_VERSION) => Ok(()),
-                Some(_) => Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
-                None => Err(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER),
-            }
+            check_pin_uv_auth_protocol(pin_uv_auth_protocol)
         } else {
             Ok(())
         }
@@ -427,22 +442,29 @@ where
             return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM);
         }
 
-        let (use_hmac_extension, cred_protect_policy) = if let Some(extensions) = extensions {
-            let mut cred_protect = extensions.cred_protect;
-            if cred_protect.unwrap_or(CredentialProtectionPolicy::UserVerificationOptional)
-                < DEFAULT_CRED_PROTECT
-                    .unwrap_or(CredentialProtectionPolicy::UserVerificationOptional)
-            {
-                cred_protect = DEFAULT_CRED_PROTECT;
-            }
-            (extensions.hmac_secret, cred_protect)
-        } else {
-            (false, DEFAULT_CRED_PROTECT)
-        };
-
-        let has_extension_output = use_hmac_extension || cred_protect_policy.is_some();
-
         let rp_id = rp.rp_id;
+        let (use_hmac_extension, cred_protect_policy, min_pin_length) =
+            if let Some(extensions) = extensions {
+                let mut cred_protect = extensions.cred_protect;
+                if cred_protect.unwrap_or(CredentialProtectionPolicy::UserVerificationOptional)
+                    < DEFAULT_CRED_PROTECT
+                        .unwrap_or(CredentialProtectionPolicy::UserVerificationOptional)
+                {
+                    cred_protect = DEFAULT_CRED_PROTECT;
+                }
+                let min_pin_length = extensions.min_pin_length
+                    && self
+                        .persistent_store
+                        .min_pin_length_rp_ids()?
+                        .contains(&rp_id);
+                (extensions.hmac_secret, cred_protect, min_pin_length)
+            } else {
+                (false, DEFAULT_CRED_PROTECT, false)
+            };
+
+        let has_extension_output =
+            use_hmac_extension || cred_protect_policy.is_some() || min_pin_length;
+
         let rp_id_hash = Sha256::hash(rp_id.as_bytes());
         if let Some(exclude_list) = exclude_list {
             for cred_desc in exclude_list {
@@ -541,9 +563,15 @@ where
         auth_data.extend(cose_key);
         if has_extension_output {
             let hmac_secret_output = if use_hmac_extension { Some(true) } else { None };
+            let min_pin_length_output = if min_pin_length {
+                Some(self.persistent_store.min_pin_length()? as u64)
+            } else {
+                None
+            };
             let extensions_output = cbor_map_options! {
                 "hmac-secret" => hmac_secret_output,
                 "credProtect" => cred_protect_policy,
+                "minPinLength" => min_pin_length_output,
             };
             if !cbor::write(extensions_output, &mut auth_data) {
                 return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
@@ -832,6 +860,7 @@ where
             String::from("clientPin"),
             self.persistent_store.pin_hash()?.is_some(),
         );
+        options_map.insert(String::from("setMinPINLength"), true);
         Ok(ResponseData::AuthenticatorGetInfo(
             AuthenticatorGetInfoResponse {
                 versions: vec![
@@ -840,13 +869,15 @@ where
                     String::from(FIDO2_VERSION_STRING),
                     String::from(FIDO2_1_VERSION_STRING),
                 ],
-                extensions: Some(vec![String::from("hmac-secret")]),
+                extensions: Some(vec![
+                    String::from("hmac-secret"),
+                    String::from("credProtect"),
+                    String::from("minPinLength"),
+                ]),
                 aaguid: self.persistent_store.aaguid()?,
                 options: Some(options_map),
                 max_msg_size: Some(1024),
-                pin_protocols: Some(vec![
-                    CtapState::<R, CheckUserPresence>::PIN_PROTOCOL_VERSION,
-                ]),
+                pin_protocols: Some(vec![PIN_PROTOCOL_VERSION]),
                 max_credential_count_in_list: MAX_CREDENTIAL_COUNT_IN_LIST.map(|c| c as u64),
                 // #TODO(106) update with version 2.1 of HMAC-secret
                 max_credential_id_length: Some(CREDENTIAL_ID_SIZE as u64),
@@ -1008,6 +1039,49 @@ mod test {
     // ID is irrelevant, so we pass this (dummy but valid) value.
     const DUMMY_CHANNEL_ID: ChannelID = [0x12, 0x34, 0x56, 0x78];
 
+    fn check_make_response(
+        make_credential_response: Result<ResponseData, Ctap2StatusCode>,
+        flags: u8,
+        expected_aaguid: &[u8],
+        expected_credential_id_size: u8,
+        expected_extension_cbor: &[u8],
+    ) {
+        match make_credential_response.unwrap() {
+            ResponseData::AuthenticatorMakeCredential(make_credential_response) => {
+                let AuthenticatorMakeCredentialResponse {
+                    fmt,
+                    auth_data,
+                    att_stmt,
+                } = make_credential_response;
+                // The expected response is split to only assert the non-random parts.
+                assert_eq!(fmt, "packed");
+                let mut expected_auth_data = vec![
+                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
+                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
+                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, flags, 0x00, 0x00, 0x00,
+                ];
+                expected_auth_data.push(INITIAL_SIGNATURE_COUNTER as u8);
+                expected_auth_data.extend(expected_aaguid);
+                expected_auth_data.extend(&[0x00, expected_credential_id_size]);
+                assert_eq!(
+                    auth_data[0..expected_auth_data.len()],
+                    expected_auth_data[..]
+                );
+                /*assert_eq!(
+                    &auth_data[expected_auth_data.len()
+                        ..expected_auth_data.len() + expected_attested_cred_data.len()],
+                    expected_attested_cred_data
+                );*/
+                assert_eq!(
+                    &auth_data[auth_data.len() - expected_extension_cbor.len()..auth_data.len()],
+                    expected_extension_cbor
+                );
+                assert_eq!(att_stmt.alg, SignatureAlgorithm::ES256 as i64);
+            }
+            _ => panic!("Invalid response type"),
+        }
+    }
+
     #[test]
     fn test_get_info() {
         let mut rng = ThreadRng256 {};
@@ -1027,19 +1101,22 @@ mod test {
         expected_response.extend(
             [
                 0x68, 0x46, 0x49, 0x44, 0x4F, 0x5F, 0x32, 0x5F, 0x30, 0x6C, 0x46, 0x49, 0x44, 0x4F,
-                0x5F, 0x32, 0x5F, 0x31, 0x5F, 0x50, 0x52, 0x45, 0x02, 0x81, 0x6B, 0x68, 0x6D, 0x61,
-                0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x03, 0x50,
+                0x5F, 0x32, 0x5F, 0x31, 0x5F, 0x50, 0x52, 0x45, 0x02, 0x83, 0x6B, 0x68, 0x6D, 0x61,
+                0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x6B, 0x63, 0x72, 0x65, 0x64, 0x50,
+                0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, 0x6C, 0x6D, 0x69, 0x6E, 0x50, 0x69, 0x6E, 0x4C,
+                0x65, 0x6E, 0x67, 0x74, 0x68, 0x03, 0x50,
             ]
             .iter(),
         );
         expected_response.extend(&ctap_state.persistent_store.aaguid().unwrap());
         expected_response.extend(
             [
-                0x04, 0xA3, 0x62, 0x72, 0x6B, 0xF5, 0x62, 0x75, 0x70, 0xF5, 0x69, 0x63, 0x6C, 0x69,
-                0x65, 0x6E, 0x74, 0x50, 0x69, 0x6E, 0xF4, 0x05, 0x19, 0x04, 0x00, 0x06, 0x81, 0x01,
-                0x08, 0x18, 0x70, 0x09, 0x81, 0x63, 0x75, 0x73, 0x62, 0x0A, 0x81, 0xA2, 0x63, 0x61,
-                0x6C, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6A, 0x70, 0x75, 0x62, 0x6C, 0x69,
-                0x63, 0x2D, 0x6B, 0x65, 0x79, 0x0D, 0x04,
+                0x04, 0xA4, 0x62, 0x72, 0x6B, 0xF5, 0x62, 0x75, 0x70, 0xF5, 0x69, 0x63, 0x6C, 0x69,
+                0x65, 0x6E, 0x74, 0x50, 0x69, 0x6E, 0xF4, 0x6F, 0x73, 0x65, 0x74, 0x4D, 0x69, 0x6E,
+                0x50, 0x49, 0x4E, 0x4C, 0x65, 0x6E, 0x67, 0x74, 0x68, 0xF5, 0x05, 0x19, 0x04, 0x00,
+                0x06, 0x81, 0x01, 0x08, 0x18, 0x70, 0x09, 0x81, 0x63, 0x75, 0x73, 0x62, 0x0A, 0x81,
+                0xA2, 0x63, 0x61, 0x6C, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6A, 0x70, 0x75,
+                0x62, 0x6C, 0x69, 0x63, 0x2D, 0x6B, 0x65, 0x79, 0x0D, 0x04,
             ]
             .iter(),
         );
@@ -1098,6 +1175,7 @@ mod test {
         let extensions = Some(MakeCredentialExtensions {
             hmac_secret: false,
             cred_protect: Some(policy),
+            min_pin_length: false,
         });
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.extensions = extensions;
@@ -1114,31 +1192,13 @@ mod test {
         let make_credential_response =
             ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
 
-        match make_credential_response.unwrap() {
-            ResponseData::AuthenticatorMakeCredential(make_credential_response) => {
-                let AuthenticatorMakeCredentialResponse {
-                    fmt,
-                    auth_data,
-                    att_stmt,
-                } = make_credential_response;
-                // The expected response is split to only assert the non-random parts.
-                assert_eq!(fmt, "packed");
-                let mut expected_auth_data = vec![
-                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
-                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
-                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x41, 0x00, 0x00, 0x00,
-                ];
-                expected_auth_data.push(INITIAL_SIGNATURE_COUNTER as u8);
-                expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
-                expected_auth_data.extend(&[0x00, 0x20]);
-                assert_eq!(
-                    auth_data[0..expected_auth_data.len()],
-                    expected_auth_data[..]
-                );
-                assert_eq!(att_stmt.alg, SignatureAlgorithm::ES256 as i64);
-            }
-            _ => panic!("Invalid response type"),
-        }
+        check_make_response(
+            make_credential_response,
+            0x41,
+            &ctap_state.persistent_store.aaguid().unwrap(),
+            0x20,
+            &[],
+        );
     }
 
     #[test]
@@ -1152,31 +1212,13 @@ mod test {
         let make_credential_response =
             ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
 
-        match make_credential_response.unwrap() {
-            ResponseData::AuthenticatorMakeCredential(make_credential_response) => {
-                let AuthenticatorMakeCredentialResponse {
-                    fmt,
-                    auth_data,
-                    att_stmt,
-                } = make_credential_response;
-                // The expected response is split to only assert the non-random parts.
-                assert_eq!(fmt, "packed");
-                let mut expected_auth_data = vec![
-                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
-                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
-                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0x41, 0x00, 0x00, 0x00,
-                ];
-                expected_auth_data.push(INITIAL_SIGNATURE_COUNTER as u8);
-                expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
-                expected_auth_data.extend(&[0x00, CREDENTIAL_ID_SIZE as u8]);
-                assert_eq!(
-                    auth_data[0..expected_auth_data.len()],
-                    expected_auth_data[..]
-                );
-                assert_eq!(att_stmt.alg, SignatureAlgorithm::ES256 as i64);
-            }
-            _ => panic!("Invalid response type"),
-        }
+        check_make_response(
+            make_credential_response,
+            0x41,
+            &ctap_state.persistent_store.aaguid().unwrap(),
+            CREDENTIAL_ID_SIZE as u8,
+            &[],
+        );
     }
 
     #[test]
@@ -1294,6 +1336,7 @@ mod test {
         let extensions = Some(MakeCredentialExtensions {
             hmac_secret: true,
             cred_protect: None,
+            min_pin_length: false,
         });
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.options.rk = false;
@@ -1301,39 +1344,16 @@ mod test {
         let make_credential_response =
             ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
 
-        match make_credential_response.unwrap() {
-            ResponseData::AuthenticatorMakeCredential(make_credential_response) => {
-                let AuthenticatorMakeCredentialResponse {
-                    fmt,
-                    auth_data,
-                    att_stmt,
-                } = make_credential_response;
-                // The expected response is split to only assert the non-random parts.
-                assert_eq!(fmt, "packed");
-                let mut expected_auth_data = vec![
-                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
-                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
-                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0xC1, 0x00, 0x00, 0x00,
-                ];
-                expected_auth_data.push(INITIAL_SIGNATURE_COUNTER as u8);
-                expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
-                expected_auth_data.extend(&[0x00, CREDENTIAL_ID_SIZE as u8]);
-                assert_eq!(
-                    auth_data[0..expected_auth_data.len()],
-                    expected_auth_data[..]
-                );
-                let expected_extension_cbor = vec![
-                    0xA1, 0x6B, 0x68, 0x6D, 0x61, 0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74,
-                    0xF5,
-                ];
-                assert_eq!(
-                    auth_data[auth_data.len() - expected_extension_cbor.len()..auth_data.len()],
-                    expected_extension_cbor[..]
-                );
-                assert_eq!(att_stmt.alg, SignatureAlgorithm::ES256 as i64);
-            }
-            _ => panic!("Invalid response type"),
-        }
+        let expected_extension_cbor = [
+            0xA1, 0x6B, 0x68, 0x6D, 0x61, 0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0xF5,
+        ];
+        check_make_response(
+            make_credential_response,
+            0xC1,
+            &ctap_state.persistent_store.aaguid().unwrap(),
+            CREDENTIAL_ID_SIZE as u8,
+            &expected_extension_cbor,
+        );
     }
 
     #[test]
@@ -1345,45 +1365,80 @@ mod test {
         let extensions = Some(MakeCredentialExtensions {
             hmac_secret: true,
             cred_protect: None,
+            min_pin_length: false,
         });
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.extensions = extensions;
         let make_credential_response =
             ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
 
-        match make_credential_response.unwrap() {
-            ResponseData::AuthenticatorMakeCredential(make_credential_response) => {
-                let AuthenticatorMakeCredentialResponse {
-                    fmt,
-                    auth_data,
-                    att_stmt,
-                } = make_credential_response;
-                // The expected response is split to only assert the non-random parts.
-                assert_eq!(fmt, "packed");
-                let mut expected_auth_data = vec![
-                    0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
-                    0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
-                    0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, 0xC1, 0x00, 0x00, 0x00,
-                ];
-                expected_auth_data.push(INITIAL_SIGNATURE_COUNTER as u8);
-                expected_auth_data.extend(&ctap_state.persistent_store.aaguid().unwrap());
-                expected_auth_data.extend(&[0x00, 0x20]);
-                assert_eq!(
-                    auth_data[0..expected_auth_data.len()],
-                    expected_auth_data[..]
-                );
-                let expected_extension_cbor = vec![
-                    0xA1, 0x6B, 0x68, 0x6D, 0x61, 0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74,
-                    0xF5,
-                ];
-                assert_eq!(
-                    auth_data[auth_data.len() - expected_extension_cbor.len()..auth_data.len()],
-                    expected_extension_cbor[..]
-                );
-                assert_eq!(att_stmt.alg, SignatureAlgorithm::ES256 as i64);
-            }
-            _ => panic!("Invalid response type"),
-        }
+        let expected_extension_cbor = [
+            0xA1, 0x6B, 0x68, 0x6D, 0x61, 0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0xF5,
+        ];
+        check_make_response(
+            make_credential_response,
+            0xC1,
+            &ctap_state.persistent_store.aaguid().unwrap(),
+            0x20,
+            &expected_extension_cbor,
+        );
+    }
+
+    #[test]
+    fn test_process_make_credential_min_pin_length() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+
+        // First part: The extension is ignored, since the RP ID is not on the list.
+        let extensions = Some(MakeCredentialExtensions {
+            hmac_secret: false,
+            cred_protect: None,
+            min_pin_length: true,
+        });
+        let mut make_credential_params = create_minimal_make_credential_parameters();
+        make_credential_params.extensions = extensions;
+        let make_credential_response =
+            ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
+        let mut expected_attested_cred_data =
+            ctap_state.persistent_store.aaguid().unwrap().to_vec();
+        expected_attested_cred_data.extend(&[0x00, 0x20]);
+        check_make_response(
+            make_credential_response,
+            0x41,
+            &ctap_state.persistent_store.aaguid().unwrap(),
+            0x20,
+            &[],
+        );
+
+        // Second part: The extension is used.
+        assert_eq!(
+            ctap_state
+                .persistent_store
+                .set_min_pin_length_rp_ids(vec!["example.com".to_string()]),
+            Ok(())
+        );
+
+        let extensions = Some(MakeCredentialExtensions {
+            hmac_secret: false,
+            cred_protect: None,
+            min_pin_length: true,
+        });
+        let mut make_credential_params = create_minimal_make_credential_parameters();
+        make_credential_params.extensions = extensions;
+        let make_credential_response =
+            ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
+        let expected_extension_cbor = [
+            0xA1, 0x6C, 0x6D, 0x69, 0x6E, 0x50, 0x69, 0x6E, 0x4C, 0x65, 0x6E, 0x67, 0x74, 0x68,
+            0x04,
+        ];
+        check_make_response(
+            make_credential_response,
+            0xC1,
+            &ctap_state.persistent_store.aaguid().unwrap(),
+            0x20,
+            &expected_extension_cbor,
+        );
     }
 
     #[test]
@@ -1502,6 +1557,7 @@ mod test {
         let make_extensions = Some(MakeCredentialExtensions {
             hmac_secret: true,
             cred_protect: None,
+            min_pin_length: false,
         });
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.options.rk = false;
@@ -1569,6 +1625,7 @@ mod test {
         let make_extensions = Some(MakeCredentialExtensions {
             hmac_secret: true,
             cred_protect: None,
+            min_pin_length: false,
         });
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.extensions = make_extensions;
@@ -1761,10 +1818,8 @@ mod test {
             .process_make_credential(make_credential_params, DUMMY_CHANNEL_ID)
             .is_ok());
 
-        ctap_state
-            .persistent_store
-            .set_pin_hash(&[0u8; 16])
-            .unwrap();
+        // The PIN length is outside of the test scope and most likely incorrect.
+        ctap_state.persistent_store.set_pin(&[0u8; 16], 4).unwrap();
         let pin_uv_auth_param = Some(vec![
             0x6F, 0x52, 0x83, 0xBF, 0x1A, 0x91, 0xEE, 0x67, 0xE9, 0xD4, 0x4C, 0x80, 0x08, 0x79,
             0x90, 0x8D,
diff --git a/src/ctap/pin_protocol_v1.rs b/src/ctap/pin_protocol_v1.rs
index b8aeb21..d4f148d 100644
--- a/src/ctap/pin_protocol_v1.rs
+++ b/src/ctap/pin_protocol_v1.rs
@@ -17,6 +17,7 @@ use super::data_formats::{ClientPinSubCommand, CoseKey, GetAssertionHmacSecretIn
 use super::response::{AuthenticatorClientPinResponse, ResponseData};
 use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
+use alloc::str;
 use alloc::string::String;
 use alloc::vec;
 use alloc::vec::Vec;
@@ -141,13 +142,14 @@ fn check_and_store_new_pin(
         .ok_or(Ctap2StatusCode::CTAP2_ERR_PIN_POLICY_VIOLATION)?;
 
     let min_pin_length = persistent_store.min_pin_length()? as usize;
-    if pin.len() < min_pin_length || pin.len() == PIN_PADDED_LENGTH {
-        // TODO(kaczmarczyck) check 4 code point minimum instead
+    let pin_length = str::from_utf8(&pin).unwrap_or("").chars().count();
+    if pin_length < min_pin_length || pin.len() == PIN_PADDED_LENGTH {
         return Err(Ctap2StatusCode::CTAP2_ERR_PIN_POLICY_VIOLATION);
     }
     let mut pin_hash = [0u8; 16];
     pin_hash.copy_from_slice(&Sha256::hash(&pin[..])[..16]);
-    persistent_store.set_pin_hash(&pin_hash)?;
+    // The PIN length is always < 64.
+    persistent_store.set_pin(&pin_hash, pin_length as u8)?;
     Ok(())
 }
 
@@ -170,6 +172,7 @@ pub struct PinProtocolV1 {
     consecutive_pin_mismatches: u8,
     permissions: u8,
     permissions_rp_id: Option<String>,
+    pub force_pin_change: bool,
 }
 
 impl PinProtocolV1 {
@@ -182,6 +185,7 @@ impl PinProtocolV1 {
             consecutive_pin_mismatches: 0,
             permissions: 0,
             permissions_rp_id: None,
+            force_pin_change: false,
         }
     }
 
@@ -363,54 +367,6 @@ impl PinProtocolV1 {
         Err(Ctap2StatusCode::CTAP2_ERR_INVALID_SUBCOMMAND)
     }
 
-    fn process_set_min_pin_length(
-        &mut self,
-        persistent_store: &mut PersistentStore,
-        min_pin_length: u8,
-        min_pin_length_rp_ids: Option<Vec<String>>,
-        pin_auth: Option<Vec<u8>>,
-    ) -> Result<(), Ctap2StatusCode> {
-        if min_pin_length_rp_ids.is_some() {
-            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
-        }
-        if persistent_store.pin_hash()?.is_some() {
-            match pin_auth {
-                Some(pin_auth) => {
-                    if self.consecutive_pin_mismatches >= 3 {
-                        return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_BLOCKED);
-                    }
-                    // TODO(kaczmarczyck) Values are taken from the (not yet public) new revision
-                    // of CTAP 2.1. The code should link the specification when published.
-                    // From CTAP2.1: "If request contains pinUvAuthParam, the Authenticator calls
-                    // verify(pinUvAuthToken, 32×0xff || 0x0608 || uint32LittleEndian(minPINLength)
-                    // || minPinLengthRPIDs, pinUvAuthParam)"
-                    let mut message = vec![0xFF; 32];
-                    message.extend(&[0x06, 0x08]);
-                    message.extend(&[min_pin_length as u8, 0x00, 0x00, 0x00]);
-                    // TODO(kaczmarczyck) commented code is useful for the extension
-                    // https://github.com/google/OpenSK/issues/129
-                    // if !cbor::write(cbor_array_vec!(min_pin_length_rp_ids), &mut message) {
-                    //     return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
-                    // }
-                    if !verify_pin_auth(&self.pin_uv_auth_token, &message, &pin_auth) {
-                        return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
-                    }
-                }
-                None => return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
-            };
-        }
-        if min_pin_length < persistent_store.min_pin_length()? {
-            return Err(Ctap2StatusCode::CTAP2_ERR_PIN_POLICY_VIOLATION);
-        }
-        persistent_store.set_min_pin_length(min_pin_length)?;
-        // TODO(kaczmarczyck) commented code is useful for the extension
-        // https://github.com/google/OpenSK/issues/129
-        // if let Some(min_pin_length_rp_ids) = min_pin_length_rp_ids {
-        //     persistent_store.set_min_pin_length_rp_ids(min_pin_length_rp_ids)?;
-        // }
-        Ok(())
-    }
-
     fn process_get_pin_uv_auth_token_using_pin_with_permissions(
         &mut self,
         rng: &mut impl Rng256,
@@ -450,8 +406,6 @@ impl PinProtocolV1 {
             pin_auth,
             new_pin_enc,
             pin_hash_enc,
-            min_pin_length,
-            min_pin_length_rp_ids,
             permissions,
             permissions_rp_id,
         } = client_pin_params;
@@ -499,15 +453,6 @@ impl PinProtocolV1 {
                 )?,
             ),
             ClientPinSubCommand::GetUvRetries => Some(self.process_get_uv_retries()?),
-            ClientPinSubCommand::SetMinPinLength => {
-                self.process_set_min_pin_length(
-                    persistent_store,
-                    min_pin_length.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
-                    min_pin_length_rp_ids,
-                    pin_auth,
-                )?;
-                None
-            }
             ClientPinSubCommand::GetPinUvAuthTokenUsingPinWithPermissions => Some(
                 self.process_get_pin_uv_auth_token_using_pin_with_permissions(
                     rng,
@@ -577,7 +522,7 @@ impl PinProtocolV1 {
     #[cfg(test)]
     pub fn new_test(
         key_agreement_key: crypto::ecdh::SecKey,
-        pin_uv_auth_token: [u8; 32],
+        pin_uv_auth_token: [u8; PIN_TOKEN_LENGTH],
     ) -> PinProtocolV1 {
         PinProtocolV1 {
             key_agreement_key,
@@ -585,6 +530,7 @@ impl PinProtocolV1 {
             consecutive_pin_mismatches: 0,
             permissions: 0xFF,
             permissions_rp_id: None,
+            force_pin_change: false,
         }
     }
 }
@@ -600,7 +546,7 @@ mod test {
         pin[..4].copy_from_slice(b"1234");
         let mut pin_hash = [0u8; 16];
         pin_hash.copy_from_slice(&Sha256::hash(&pin[..])[..16]);
-        persistent_store.set_pin_hash(&pin_hash).unwrap();
+        persistent_store.set_pin(&pin_hash, 4).unwrap();
     }
 
     // Encrypts the message with a zero IV and key derived from shared_secret.
@@ -662,7 +608,7 @@ mod test {
             0x01, 0xD9, 0x88, 0x40, 0x50, 0xBB, 0xD0, 0x7A, 0x23, 0x1A, 0xEB, 0x69, 0xD8, 0x36,
             0xC4, 0x12,
         ];
-        persistent_store.set_pin_hash(&pin_hash).unwrap();
+        persistent_store.set_pin(&pin_hash, 4).unwrap();
         let shared_secret = [0x88; 32];
         let aes_enc_key = crypto::aes256::EncryptionKey::new(&shared_secret);
         let aes_dec_key = crypto::aes256::DecryptionKey::new(&aes_enc_key);
@@ -935,40 +881,6 @@ mod test {
         );
     }
 
-    #[test]
-    fn test_process_set_min_pin_length() {
-        let mut rng = ThreadRng256 {};
-        let mut persistent_store = PersistentStore::new(&mut rng);
-        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
-        let min_pin_length = 8;
-        pin_protocol_v1.pin_uv_auth_token = [0x55; PIN_TOKEN_LENGTH];
-        let pin_auth = vec![
-            0x94, 0x86, 0xEF, 0x4C, 0xB3, 0x84, 0x2C, 0x85, 0x72, 0x02, 0xBF, 0xE4, 0x36, 0x22,
-            0xFE, 0xC9,
-        ];
-        // TODO(kaczmarczyck) implement test for the min PIN length extension
-        // https://github.com/google/OpenSK/issues/129
-        let response = pin_protocol_v1.process_set_min_pin_length(
-            &mut persistent_store,
-            min_pin_length,
-            None,
-            Some(pin_auth.clone()),
-        );
-        assert_eq!(response, Ok(()));
-        assert_eq!(persistent_store.min_pin_length().unwrap(), min_pin_length);
-        let response = pin_protocol_v1.process_set_min_pin_length(
-            &mut persistent_store,
-            7,
-            None,
-            Some(pin_auth),
-        );
-        assert_eq!(
-            response,
-            Err(Ctap2StatusCode::CTAP2_ERR_PIN_POLICY_VIOLATION)
-        );
-        assert_eq!(persistent_store.min_pin_length().unwrap(), min_pin_length);
-    }
-
     #[test]
     fn test_process() {
         let mut rng = ThreadRng256 {};
@@ -981,8 +893,6 @@ mod test {
             pin_auth: None,
             new_pin_enc: None,
             pin_hash_enc: None,
-            min_pin_length: None,
-            min_pin_length_rp_ids: None,
             permissions: None,
             permissions_rp_id: None,
         };
@@ -997,8 +907,6 @@ mod test {
             pin_auth: None,
             new_pin_enc: None,
             pin_hash_enc: None,
-            min_pin_length: None,
-            min_pin_length_rp_ids: None,
             permissions: None,
             permissions_rp_id: None,
         };
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index 390b0cb..0fa8e1e 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -31,6 +31,8 @@ pub enum ResponseData {
     AuthenticatorClientPin(Option<AuthenticatorClientPinResponse>),
     AuthenticatorReset,
     AuthenticatorSelection,
+    // TODO(kaczmarczyck) dummy, extend
+    AuthenticatorConfig,
     AuthenticatorVendor(AuthenticatorVendorResponse),
 }
 
@@ -45,6 +47,7 @@ impl From<ResponseData> for Option<cbor::Value> {
             ResponseData::AuthenticatorClientPin(None) => None,
             ResponseData::AuthenticatorReset => None,
             ResponseData::AuthenticatorSelection => None,
+            ResponseData::AuthenticatorConfig => None,
             ResponseData::AuthenticatorVendor(data) => Some(data.into()),
         }
     }
@@ -368,6 +371,12 @@ mod test {
         assert_eq!(response_cbor, None);
     }
 
+    #[test]
+    fn test_config_into_cbor() {
+        let response_cbor: Option<cbor::Value> = ResponseData::AuthenticatorConfig.into();
+        assert_eq!(response_cbor, None);
+    }
+
     #[test]
     fn test_vendor_response_into_cbor() {
         let response_cbor: Option<cbor::Value> =
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 28c1599..bc5ef95 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -53,11 +53,10 @@ const MAX_SUPPORTED_RESIDENTIAL_KEYS: usize = 150;
 
 const MAX_PIN_RETRIES: u8 = 8;
 const DEFAULT_MIN_PIN_LENGTH: u8 = 4;
-// TODO(kaczmarczyck) use this for the minPinLength extension
-// https://github.com/google/OpenSK/issues/129
-const _DEFAULT_MIN_PIN_LENGTH_RP_IDS: Vec<String> = Vec::new();
-// TODO(kaczmarczyck) Check whether this constant is necessary, or replace it accordingly.
-const _MAX_RP_IDS_LENGTH: usize = 8;
+const DEFAULT_MIN_PIN_LENGTH_RP_IDS: Vec<String> = Vec::new();
+// This constant is an attempt to limit storage requirements. If you don't set it to 0,
+// the stored strings can still be unbounded, but that is true for all RP IDs.
+const MAX_RP_IDS_LENGTH: usize = 8;
 
 /// Wrapper for master keys.
 pub struct MasterKeys {
@@ -68,6 +67,15 @@ pub struct MasterKeys {
     pub hmac: [u8; 32],
 }
 
+/// Wrapper for PIN properties.
+struct PinProperties {
+    /// 16 byte prefix of SHA256 of the currently set PIN.
+    hash: [u8; PIN_AUTH_LENGTH],
+
+    /// Length of the current PIN in code points.
+    code_point_length: u8,
+}
+
 /// CTAP persistent storage.
 pub struct PersistentStore {
     store: persistent_store::Store<Storage>,
@@ -296,26 +304,44 @@ impl PersistentStore {
         Ok(*array_ref![cred_random_secret, offset, 32])
     }
 
-    /// Returns the PIN hash if defined.
-    pub fn pin_hash(&self) -> Result<Option<[u8; PIN_AUTH_LENGTH]>, Ctap2StatusCode> {
-        let pin_hash = match self.store.find(key::PIN_HASH)? {
+    /// Reads the PIN properties and wraps them into PinProperties.
+    fn pin_properties(&self) -> Result<Option<PinProperties>, Ctap2StatusCode> {
+        let pin_properties = match self.store.find(key::PIN_PROPERTIES)? {
             None => return Ok(None),
-            Some(pin_hash) => pin_hash,
+            Some(pin_properties) => pin_properties,
         };
-        if pin_hash.len() != PIN_AUTH_LENGTH {
-            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
+        const PROPERTIES_LENGTH: usize = PIN_AUTH_LENGTH + 1;
+        match pin_properties.len() {
+            PROPERTIES_LENGTH => Ok(Some(PinProperties {
+                hash: *array_ref![pin_properties, 1, PIN_AUTH_LENGTH],
+                code_point_length: pin_properties[0],
+            })),
+            _ => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
         }
-        Ok(Some(*array_ref![pin_hash, 0, PIN_AUTH_LENGTH]))
     }
 
-    /// Sets the PIN hash.
+    /// Returns the PIN hash if defined.
+    pub fn pin_hash(&self) -> Result<Option<[u8; PIN_AUTH_LENGTH]>, Ctap2StatusCode> {
+        Ok(self.pin_properties()?.map(|p| p.hash))
+    }
+
+    /// Returns the length of the currently set PIN if defined.
+    pub fn pin_code_point_length(&self) -> Result<Option<u8>, Ctap2StatusCode> {
+        Ok(self.pin_properties()?.map(|p| p.code_point_length))
+    }
+
+    /// Sets the PIN hash and length.
     ///
     /// If it was already defined, it is updated.
-    pub fn set_pin_hash(
+    pub fn set_pin(
         &mut self,
         pin_hash: &[u8; PIN_AUTH_LENGTH],
+        pin_code_point_length: u8,
     ) -> Result<(), Ctap2StatusCode> {
-        Ok(self.store.insert(key::PIN_HASH, pin_hash)?)
+        let mut pin_properties = [0; 1 + PIN_AUTH_LENGTH];
+        pin_properties[0] = pin_code_point_length;
+        pin_properties[1..].clone_from_slice(pin_hash);
+        Ok(self.store.insert(key::PIN_PROPERTIES, &pin_properties)?)
     }
 
     /// Returns the number of remaining PIN retries.
@@ -358,34 +384,34 @@ impl PersistentStore {
 
     /// Returns the list of RP IDs that are used to check if reading the minimum PIN length is
     /// allowed.
-    pub fn _min_pin_length_rp_ids(&self) -> Result<Vec<String>, Ctap2StatusCode> {
+    pub fn min_pin_length_rp_ids(&self) -> Result<Vec<String>, Ctap2StatusCode> {
         let rp_ids = self
             .store
-            .find(key::_MIN_PIN_LENGTH_RP_IDS)?
-            .map_or(Some(_DEFAULT_MIN_PIN_LENGTH_RP_IDS), |value| {
-                _deserialize_min_pin_length_rp_ids(&value)
+            .find(key::MIN_PIN_LENGTH_RP_IDS)?
+            .map_or(Some(DEFAULT_MIN_PIN_LENGTH_RP_IDS), |value| {
+                deserialize_min_pin_length_rp_ids(&value)
             });
         debug_assert!(rp_ids.is_some());
         Ok(rp_ids.unwrap_or_default())
     }
 
     /// Sets the list of RP IDs that are used to check if reading the minimum PIN length is allowed.
-    pub fn _set_min_pin_length_rp_ids(
+    pub fn set_min_pin_length_rp_ids(
         &mut self,
         min_pin_length_rp_ids: Vec<String>,
     ) -> Result<(), Ctap2StatusCode> {
         let mut min_pin_length_rp_ids = min_pin_length_rp_ids;
-        for rp_id in _DEFAULT_MIN_PIN_LENGTH_RP_IDS {
+        for rp_id in DEFAULT_MIN_PIN_LENGTH_RP_IDS {
             if !min_pin_length_rp_ids.contains(&rp_id) {
                 min_pin_length_rp_ids.push(rp_id);
             }
         }
-        if min_pin_length_rp_ids.len() > _MAX_RP_IDS_LENGTH {
+        if min_pin_length_rp_ids.len() > MAX_RP_IDS_LENGTH {
             return Err(Ctap2StatusCode::CTAP2_ERR_KEY_STORE_FULL);
         }
         Ok(self.store.insert(
-            key::_MIN_PIN_LENGTH_RP_IDS,
-            &_serialize_min_pin_length_rp_ids(min_pin_length_rp_ids)?,
+            key::MIN_PIN_LENGTH_RP_IDS,
+            &serialize_min_pin_length_rp_ids(min_pin_length_rp_ids)?,
         )?)
     }
 
@@ -573,7 +599,7 @@ fn serialize_credential(credential: PublicKeyCredentialSource) -> Result<Vec<u8>
 }
 
 /// Deserializes a list of RP IDs from storage representation.
-fn _deserialize_min_pin_length_rp_ids(data: &[u8]) -> Option<Vec<String>> {
+fn deserialize_min_pin_length_rp_ids(data: &[u8]) -> Option<Vec<String>> {
     let cbor = cbor::read(data).ok()?;
     extract_array(cbor)
         .ok()?
@@ -584,7 +610,7 @@ fn _deserialize_min_pin_length_rp_ids(data: &[u8]) -> Option<Vec<String>> {
 }
 
 /// Serializes a list of RP IDs to storage representation.
-fn _serialize_min_pin_length_rp_ids(rp_ids: Vec<String>) -> Result<Vec<u8>, Ctap2StatusCode> {
+fn serialize_min_pin_length_rp_ids(rp_ids: Vec<String>) -> Result<Vec<u8>, Ctap2StatusCode> {
     let mut data = Vec::new();
     if cbor::write(cbor_array_vec!(rp_ids), &mut data) {
         Ok(data)
@@ -891,28 +917,38 @@ mod test {
     }
 
     #[test]
-    fn test_pin_hash() {
+    fn test_pin_hash_and_length() {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
 
         // Pin hash is initially not set.
         assert!(persistent_store.pin_hash().unwrap().is_none());
+        assert!(persistent_store.pin_code_point_length().unwrap().is_none());
 
-        // Setting the pin hash sets the pin hash.
+        // Setting the pin sets the pin hash.
         let random_data = rng.gen_uniform_u8x32();
         assert_eq!(random_data.len(), 2 * PIN_AUTH_LENGTH);
         let pin_hash_1 = *array_ref!(random_data, 0, PIN_AUTH_LENGTH);
         let pin_hash_2 = *array_ref!(random_data, PIN_AUTH_LENGTH, PIN_AUTH_LENGTH);
-        persistent_store.set_pin_hash(&pin_hash_1).unwrap();
+        let pin_length_1 = 4;
+        let pin_length_2 = 63;
+        persistent_store.set_pin(&pin_hash_1, pin_length_1).unwrap();
         assert_eq!(persistent_store.pin_hash().unwrap(), Some(pin_hash_1));
-        assert_eq!(persistent_store.pin_hash().unwrap(), Some(pin_hash_1));
-        persistent_store.set_pin_hash(&pin_hash_2).unwrap();
-        assert_eq!(persistent_store.pin_hash().unwrap(), Some(pin_hash_2));
+        assert_eq!(
+            persistent_store.pin_code_point_length().unwrap(),
+            Some(pin_length_1)
+        );
+        persistent_store.set_pin(&pin_hash_2, pin_length_2).unwrap();
         assert_eq!(persistent_store.pin_hash().unwrap(), Some(pin_hash_2));
+        assert_eq!(
+            persistent_store.pin_code_point_length().unwrap(),
+            Some(pin_length_2)
+        );
 
         // Resetting the storage resets the pin hash.
         persistent_store.reset(&mut rng).unwrap();
         assert!(persistent_store.pin_hash().unwrap().is_none());
+        assert!(persistent_store.pin_code_point_length().unwrap().is_none());
     }
 
     #[test]
@@ -1006,22 +1042,22 @@ mod test {
 
         // The minimum PIN length RP IDs are initially at the default.
         assert_eq!(
-            persistent_store._min_pin_length_rp_ids().unwrap(),
-            _DEFAULT_MIN_PIN_LENGTH_RP_IDS
+            persistent_store.min_pin_length_rp_ids().unwrap(),
+            DEFAULT_MIN_PIN_LENGTH_RP_IDS
         );
 
         // Changes by the setter are reflected by the getter.
         let mut rp_ids = vec![String::from("example.com")];
         assert_eq!(
-            persistent_store._set_min_pin_length_rp_ids(rp_ids.clone()),
+            persistent_store.set_min_pin_length_rp_ids(rp_ids.clone()),
             Ok(())
         );
-        for rp_id in _DEFAULT_MIN_PIN_LENGTH_RP_IDS {
+        for rp_id in DEFAULT_MIN_PIN_LENGTH_RP_IDS {
             if !rp_ids.contains(&rp_id) {
                 rp_ids.push(rp_id);
             }
         }
-        assert_eq!(persistent_store._min_pin_length_rp_ids().unwrap(), rp_ids);
+        assert_eq!(persistent_store.min_pin_length_rp_ids().unwrap(), rp_ids);
     }
 
     #[test]
@@ -1070,8 +1106,8 @@ mod test {
     #[test]
     fn test_serialize_deserialize_min_pin_length_rp_ids() {
         let rp_ids = vec![String::from("example.com")];
-        let serialized = _serialize_min_pin_length_rp_ids(rp_ids.clone()).unwrap();
-        let reconstructed = _deserialize_min_pin_length_rp_ids(&serialized).unwrap();
+        let serialized = serialize_min_pin_length_rp_ids(rp_ids.clone()).unwrap();
+        let reconstructed = deserialize_min_pin_length_rp_ids(&serialized).unwrap();
         assert_eq!(rp_ids, reconstructed);
     }
 }
diff --git a/src/ctap/storage/key.rs b/src/ctap/storage/key.rs
index ec39efa..dfe44fc 100644
--- a/src/ctap/storage/key.rs
+++ b/src/ctap/storage/key.rs
@@ -92,7 +92,7 @@ make_partition! {
     CRED_RANDOM_SECRET = 2041;
 
     /// List of RP IDs allowed to read the minimum PIN length.
-    _MIN_PIN_LENGTH_RP_IDS = 2042;
+    MIN_PIN_LENGTH_RP_IDS = 2042;
 
     /// The minimum PIN length.
     ///
@@ -104,10 +104,11 @@ make_partition! {
     /// If the entry is absent, the number of PIN retries is `MAX_PIN_RETRIES`.
     PIN_RETRIES = 2044;
 
-    /// The PIN hash.
+    /// The PIN hash and length.
     ///
-    /// If the entry is absent, there is no PIN set.
-    PIN_HASH = 2045;
+    /// If the entry is absent, there is no PIN set. The first byte represents
+    /// the length, the following are an array with the hash.
+    PIN_PROPERTIES = 2045;
 
     /// The encryption and hmac keys.
     ///

From ec259d8428fa0536abcd6c2dcdab11b2ef9a3b64 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Thu, 7 Jan 2021 18:50:34 +0100
Subject: [PATCH 110/192] adds comments to new config command file

---
 src/ctap/config_command.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/ctap/config_command.rs b/src/ctap/config_command.rs
index 873a9b1..f270513 100644
--- a/src/ctap/config_command.rs
+++ b/src/ctap/config_command.rs
@@ -21,6 +21,7 @@ use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
 use alloc::vec;
 
+/// Processes the subcommand setMinPINLength for AuthenticatorConfig.
 fn process_set_min_pin_length(
     persistent_store: &mut PersistentStore,
     pin_protocol_v1: &mut PinProtocolV1,
@@ -52,6 +53,7 @@ fn process_set_min_pin_length(
     Ok(ResponseData::AuthenticatorConfig)
 }
 
+/// Processes the AuthenticatorConfig command.
 pub fn process_config(
     persistent_store: &mut PersistentStore,
     pin_protocol_v1: &mut PinProtocolV1,

From 6f9f833c0b6c6b94cc1a3d3ff75769d130ad0288 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 8 Jan 2021 15:42:35 +0100
Subject: [PATCH 111/192] moves COSE related conversion from crypto to
 data_formats

---
 libraries/crypto/src/ecdh.rs  |  8 +++-
 libraries/crypto/src/ecdsa.rs | 59 ++++++++++-----------------
 src/ctap/data_formats.rs      | 75 +++++++++++++++++++++++++++--------
 src/ctap/mod.rs               | 10 ++---
 4 files changed, 88 insertions(+), 64 deletions(-)

diff --git a/libraries/crypto/src/ecdh.rs b/libraries/crypto/src/ecdh.rs
index c735d11..9645f66 100644
--- a/libraries/crypto/src/ecdh.rs
+++ b/libraries/crypto/src/ecdh.rs
@@ -62,8 +62,10 @@ impl SecKey {
         // - https://www.secg.org/sec1-v2.pdf
     }
 
-    // DH key agreement method defined in the FIDO2 specification, Section 5.5.4. "Getting
-    // sharedSecret from Authenticator"
+    /// Creates a shared key using the Diffie Hellman key agreement.
+    ///
+    /// The key agreement is defined in the FIDO2 specification,
+    /// Section 6.5.5.4. "Obtaining the Shared Secret"
     pub fn exchange_x_sha256(&self, other: &PubKey) -> [u8; 32] {
         let p = self.exchange_raw(other);
         let mut x: [u8; 32] = [Default::default(); 32];
@@ -83,11 +85,13 @@ impl PubKey {
         self.p.to_bytes_uncompressed(bytes);
     }
 
+    /// Creates a new PubKey from their coordinates.
     pub fn from_coordinates(x: &[u8; NBYTES], y: &[u8; NBYTES]) -> Option<PubKey> {
         PointP256::new_checked_vartime(Int256::from_bin(x), Int256::from_bin(y))
             .map(|p| PubKey { p })
     }
 
+    /// Writes the coordinates into the passed in arrays.
     pub fn to_coordinates(&self, x: &mut [u8; NBYTES], y: &mut [u8; NBYTES]) {
         self.p.getx().to_int().to_bin(x);
         self.p.gety().to_int().to_bin(y);
diff --git a/libraries/crypto/src/ecdsa.rs b/libraries/crypto/src/ecdsa.rs
index 52949e3..8fef458 100644
--- a/libraries/crypto/src/ecdsa.rs
+++ b/libraries/crypto/src/ecdsa.rs
@@ -21,12 +21,15 @@ use super::rng256::Rng256;
 use super::{Hash256, HashBlockSize64Bytes};
 use alloc::vec;
 use alloc::vec::Vec;
+#[cfg(test)]
+use arrayref::array_mut_ref;
 #[cfg(feature = "std")]
 use arrayref::array_ref;
-use arrayref::{array_mut_ref, mut_array_refs};
-use cbor::{cbor_bytes, cbor_map_options};
+use arrayref::mut_array_refs;
 use core::marker::PhantomData;
 
+pub const NBYTES: usize = int256::NBYTES;
+
 #[derive(Clone, PartialEq)]
 #[cfg_attr(feature = "derive_debug", derive(Debug))]
 pub struct SecKey {
@@ -38,6 +41,7 @@ pub struct Signature {
     s: NonZeroExponentP256,
 }
 
+#[cfg_attr(feature = "derive_debug", derive(Clone))]
 pub struct PubKey {
     p: PointP256,
 }
@@ -58,10 +62,11 @@ impl SecKey {
         }
     }
 
-    // ECDSA signature based on a RNG to generate a suitable randomization parameter.
-    // Under the hood, rejection sampling is used to make sure that the randomization parameter is
-    // uniformly distributed.
-    // The provided RNG must be cryptographically secure; otherwise this method is insecure.
+    /// Creates an ECDSA signature based on a RNG.
+    ///
+    /// Under the hood, rejection sampling is used to make sure that the
+    /// randomization parameter is uniformly distributed. The provided RNG must
+    /// be cryptographically secure; otherwise this method is insecure.
     pub fn sign_rng<H, R>(&self, msg: &[u8], rng: &mut R) -> Signature
     where
         H: Hash256,
@@ -77,8 +82,7 @@ impl SecKey {
         }
     }
 
-    // Deterministic ECDSA signature based on RFC 6979 to generate a suitable randomization
-    // parameter.
+    /// Creates a deterministic ECDSA signature based on RFC 6979.
     pub fn sign_rfc6979<H>(&self, msg: &[u8]) -> Signature
     where
         H: Hash256 + HashBlockSize64Bytes,
@@ -101,8 +105,10 @@ impl SecKey {
         }
     }
 
-    // Try signing a curve element given a randomization parameter k. If no signature can be
-    // obtained from this k, None is returned and the caller should try again with another value.
+    /// Try signing a curve element given a randomization parameter k.
+    ///
+    /// If no signature can be obtained from this k, None is returned and the
+    /// caller should try again with another value.
     fn try_sign(&self, k: &NonZeroExponentP256, msg: &ExponentP256) -> Option<Signature> {
         let r = ExponentP256::modn(PointP256::base_point_mul(k.as_exponent()).getx().to_int());
         // The branching here is fine because all this reveals is that k generated an unsuitable r.
@@ -242,35 +248,10 @@ impl PubKey {
         representation
     }
 
-    // Encodes the key according to CBOR Object Signing and Encryption, defined in RFC 8152.
-    pub fn to_cose_key(&self) -> Option<Vec<u8>> {
-        const EC2_KEY_TYPE: i64 = 2;
-        const P_256_CURVE: i64 = 1;
-        let mut x_bytes = vec![0; int256::NBYTES];
-        self.p
-            .getx()
-            .to_int()
-            .to_bin(array_mut_ref![x_bytes.as_mut_slice(), 0, int256::NBYTES]);
-        let x_byte_cbor: cbor::Value = cbor_bytes!(x_bytes);
-        let mut y_bytes = vec![0; int256::NBYTES];
-        self.p
-            .gety()
-            .to_int()
-            .to_bin(array_mut_ref![y_bytes.as_mut_slice(), 0, int256::NBYTES]);
-        let y_byte_cbor: cbor::Value = cbor_bytes!(y_bytes);
-        let cbor_value = cbor_map_options! {
-            1 => EC2_KEY_TYPE,
-            3 => PubKey::ES256_ALGORITHM,
-            -1 => P_256_CURVE,
-            -2 => x_byte_cbor,
-            -3 => y_byte_cbor,
-        };
-        let mut encoded_key = Vec::new();
-        if cbor::write(cbor_value, &mut encoded_key) {
-            Some(encoded_key)
-        } else {
-            None
-        }
+    /// Writes the coordinates into the passed in arrays.
+    pub fn to_coordinates(&self, x: &mut [u8; NBYTES], y: &mut [u8; NBYTES]) {
+        self.p.getx().to_int().to_bin(x);
+        self.p.gety().to_int().to_bin(y);
     }
 
     #[cfg(feature = "std")]
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index 8081567..ac1fb73 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -18,7 +18,7 @@ use alloc::string::String;
 use alloc::vec::Vec;
 use arrayref::array_ref;
 use cbor::{cbor_array_vec, cbor_bytes_lit, cbor_map_options, destructure_cbor_map};
-use core::convert::TryFrom;
+use core::convert::{TryFrom, TryInto};
 use crypto::{ecdh, ecdsa};
 #[cfg(test)]
 use enum_iterator::IntoEnumIterator;
@@ -631,26 +631,39 @@ const ES256_ALGORITHM: i64 = -7;
 const EC2_KEY_TYPE: i64 = 2;
 const P_256_CURVE: i64 = 1;
 
+impl TryFrom<cbor::Value> for CoseKey {
+    type Error = Ctap2StatusCode;
+
+    fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
+        if let cbor::Value::Map(cose_map) = cbor_value {
+            Ok(CoseKey(cose_map))
+        } else {
+            Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)
+        }
+    }
+}
+
+fn cose_key_from_bytes(x_bytes: [u8; ecdh::NBYTES], y_bytes: [u8; ecdh::NBYTES]) -> CoseKey {
+    let x_byte_cbor: cbor::Value = cbor_bytes_lit!(&x_bytes);
+    let y_byte_cbor: cbor::Value = cbor_bytes_lit!(&y_bytes);
+    // TODO(kaczmarczyck) do not write optional parameters, spec is unclear
+    let cose_cbor_value = cbor_map_options! {
+        1 => EC2_KEY_TYPE,
+        3 => ECDH_ALGORITHM,
+        -1 => P_256_CURVE,
+        -2 => x_byte_cbor,
+        -3 => y_byte_cbor,
+    };
+    // Unwrap is safe here since we know it's a map.
+    cose_cbor_value.try_into().unwrap()
+}
+
 impl From<ecdh::PubKey> for CoseKey {
     fn from(pk: ecdh::PubKey) -> Self {
         let mut x_bytes = [0; ecdh::NBYTES];
         let mut y_bytes = [0; ecdh::NBYTES];
         pk.to_coordinates(&mut x_bytes, &mut y_bytes);
-        let x_byte_cbor: cbor::Value = cbor_bytes_lit!(&x_bytes);
-        let y_byte_cbor: cbor::Value = cbor_bytes_lit!(&y_bytes);
-        // TODO(kaczmarczyck) do not write optional parameters, spec is unclear
-        let cose_cbor_value = cbor_map_options! {
-            1 => EC2_KEY_TYPE,
-            3 => ECDH_ALGORITHM,
-            -1 => P_256_CURVE,
-            -2 => x_byte_cbor,
-            -3 => y_byte_cbor,
-        };
-        if let cbor::Value::Map(cose_map) = cose_cbor_value {
-            CoseKey(cose_map)
-        } else {
-            unreachable!();
-        }
+        cose_key_from_bytes(x_bytes, y_bytes)
     }
 }
 
@@ -696,6 +709,15 @@ impl TryFrom<CoseKey> for ecdh::PubKey {
     }
 }
 
+impl From<ecdsa::PubKey> for CoseKey {
+    fn from(pk: ecdsa::PubKey) -> Self {
+        let mut x_bytes = [0; ecdh::NBYTES];
+        let mut y_bytes = [0; ecdh::NBYTES];
+        pk.to_coordinates(&mut x_bytes, &mut y_bytes);
+        cose_key_from_bytes(x_bytes, y_bytes)
+    }
+}
+
 #[cfg_attr(any(test, feature = "debug_ctap"), derive(Clone, Debug, PartialEq))]
 #[cfg_attr(test, derive(IntoEnumIterator))]
 pub enum ClientPinSubCommand {
@@ -1322,7 +1344,7 @@ mod test {
     }
 
     #[test]
-    fn test_from_into_cose_key() {
+    fn test_from_into_cose_key_ecdh() {
         let mut rng = ThreadRng256 {};
         let sk = crypto::ecdh::SecKey::gensk(&mut rng);
         let pk = sk.genpk();
@@ -1331,6 +1353,25 @@ mod test {
         assert_eq!(created_pk, Ok(pk));
     }
 
+    #[test]
+    fn test_into_cose_key_ecdsa() {
+        let mut rng = ThreadRng256 {};
+        let sk = crypto::ecdsa::SecKey::gensk(&mut rng);
+        let pk = sk.genpk();
+        let cose_key = CoseKey::from(pk);
+        let cose_map = cose_key.0;
+        let template = cbor_map! {
+            1 => 0,
+            3 => 0,
+            -1 => 0,
+            -2 => 0,
+            -3 => 0,
+        };
+        for key in CoseKey::try_from(template).unwrap().0.keys() {
+            assert!(cose_map.contains_key(key));
+        }
+    }
+
     #[test]
     fn test_from_into_client_pin_sub_command() {
         let cbor_sub_command: cbor::Value = cbor_int!(0x01);
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index fe60e80..f9229ac 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -31,7 +31,7 @@ use self::command::{
     MAX_CREDENTIAL_COUNT_IN_LIST,
 };
 use self::data_formats::{
-    AuthenticatorTransport, CredentialProtectionPolicy, GetAssertionHmacSecretInput,
+    AuthenticatorTransport, CoseKey, CredentialProtectionPolicy, GetAssertionHmacSecretInput,
     PackedAttestationStatement, PublicKeyCredentialDescriptor, PublicKeyCredentialParameter,
     PublicKeyCredentialSource, PublicKeyCredentialType, PublicKeyCredentialUserEntity,
     SignatureAlgorithm,
@@ -534,11 +534,9 @@ where
         }
         auth_data.extend(vec![0x00, credential_id.len() as u8]);
         auth_data.extend(&credential_id);
-        let cose_key = match pk.to_cose_key() {
-            Some(cose_key) => cose_key,
-            None => return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
-        };
-        auth_data.extend(cose_key);
+        if !cbor::write(cbor::Value::Map(CoseKey::from(pk).0), &mut auth_data) {
+            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
+        }
         if has_extension_output {
             let hmac_secret_output = if use_hmac_extension { Some(true) } else { None };
             let extensions_output = cbor_map_options! {

From 18ebeebb3e4ddb3e376bc2ff56de5fc1042e5837 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Mon, 11 Jan 2021 11:51:01 +0100
Subject: [PATCH 112/192] adds storage changes for credential management

---
 src/ctap/mod.rs      |  12 +++-
 src/ctap/response.rs |  19 ++++-
 src/ctap/storage.rs  | 164 +++++++++++++++++++++++++++++++++++--------
 3 files changed, 163 insertions(+), 32 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index fe60e80..4e93210 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -848,13 +848,19 @@ where
                     CtapState::<R, CheckUserPresence>::PIN_PROTOCOL_VERSION,
                 ]),
                 max_credential_count_in_list: MAX_CREDENTIAL_COUNT_IN_LIST.map(|c| c as u64),
-                // #TODO(106) update with version 2.1 of HMAC-secret
+                // TODO(#106) update with version 2.1 of HMAC-secret
                 max_credential_id_length: Some(CREDENTIAL_ID_SIZE as u64),
                 transports: Some(vec![AuthenticatorTransport::Usb]),
                 algorithms: Some(vec![ES256_CRED_PARAM]),
                 default_cred_protect: DEFAULT_CRED_PROTECT,
                 min_pin_length: self.persistent_store.min_pin_length()?,
                 firmware_version: None,
+                max_cred_blob_length: None,
+                // TODO(kaczmarczyck) update when extension is implemented
+                max_rp_ids_for_set_min_pin_length: None,
+                remaining_discoverable_credentials: Some(
+                    self.persistent_store.remaining_credentials()? as u64,
+                ),
             },
         ))
     }
@@ -1015,7 +1021,7 @@ mod test {
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
         let info_reponse = ctap_state.process_command(&[0x04], DUMMY_CHANNEL_ID, DUMMY_CLOCK_VALUE);
 
-        let mut expected_response = vec![0x00, 0xAA, 0x01];
+        let mut expected_response = vec![0x00, 0xAB, 0x01];
         // The version array differs with CTAP1, always including 2.0 and 2.1.
         #[cfg(not(feature = "with_ctap1"))]
         let version_count = 2;
@@ -1039,7 +1045,7 @@ mod test {
                 0x65, 0x6E, 0x74, 0x50, 0x69, 0x6E, 0xF4, 0x05, 0x19, 0x04, 0x00, 0x06, 0x81, 0x01,
                 0x08, 0x18, 0x70, 0x09, 0x81, 0x63, 0x75, 0x73, 0x62, 0x0A, 0x81, 0xA2, 0x63, 0x61,
                 0x6C, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6A, 0x70, 0x75, 0x62, 0x6C, 0x69,
-                0x63, 0x2D, 0x6B, 0x65, 0x79, 0x0D, 0x04,
+                0x63, 0x2D, 0x6B, 0x65, 0x79, 0x0D, 0x04, 0x14, 0x18, 0x96,
             ]
             .iter(),
         );
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index 390b0cb..3ebab3b 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -107,7 +107,6 @@ impl From<AuthenticatorGetAssertionResponse> for cbor::Value {
 #[cfg_attr(test, derive(PartialEq))]
 #[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
 pub struct AuthenticatorGetInfoResponse {
-    // TODO(kaczmarczyck) add maxAuthenticatorConfigLength and defaultCredProtect
     pub versions: Vec<String>,
     pub extensions: Option<Vec<String>>,
     pub aaguid: [u8; 16],
@@ -121,6 +120,9 @@ pub struct AuthenticatorGetInfoResponse {
     pub default_cred_protect: Option<CredentialProtectionPolicy>,
     pub min_pin_length: u8,
     pub firmware_version: Option<u64>,
+    pub max_cred_blob_length: Option<u64>,
+    pub max_rp_ids_for_set_min_pin_length: Option<u64>,
+    pub remaining_discoverable_credentials: Option<u64>,
 }
 
 impl From<AuthenticatorGetInfoResponse> for cbor::Value {
@@ -139,6 +141,9 @@ impl From<AuthenticatorGetInfoResponse> for cbor::Value {
             default_cred_protect,
             min_pin_length,
             firmware_version,
+            max_cred_blob_length,
+            max_rp_ids_for_set_min_pin_length,
+            remaining_discoverable_credentials,
         } = get_info_response;
 
         let options_cbor: Option<cbor::Value> = options.map(|options| {
@@ -163,6 +168,9 @@ impl From<AuthenticatorGetInfoResponse> for cbor::Value {
             0x0C => default_cred_protect.map(|p| p as u64),
             0x0D => min_pin_length as u64,
             0x0E => firmware_version,
+            0x0F => max_cred_blob_length,
+            0x10 => max_rp_ids_for_set_min_pin_length,
+            0x14 => remaining_discoverable_credentials,
         }
     }
 }
@@ -285,6 +293,9 @@ mod test {
             default_cred_protect: None,
             min_pin_length: 4,
             firmware_version: None,
+            max_cred_blob_length: None,
+            max_rp_ids_for_set_min_pin_length: None,
+            remaining_discoverable_credentials: None,
         };
         let response_cbor: Option<cbor::Value> =
             ResponseData::AuthenticatorGetInfo(get_info_response).into();
@@ -314,6 +325,9 @@ mod test {
             default_cred_protect: Some(CredentialProtectionPolicy::UserVerificationRequired),
             min_pin_length: 4,
             firmware_version: Some(0),
+            max_cred_blob_length: Some(1024),
+            max_rp_ids_for_set_min_pin_length: Some(8),
+            remaining_discoverable_credentials: Some(150),
         };
         let response_cbor: Option<cbor::Value> =
             ResponseData::AuthenticatorGetInfo(get_info_response).into();
@@ -331,6 +345,9 @@ mod test {
             0x0C => CredentialProtectionPolicy::UserVerificationRequired as u64,
             0x0D => 4,
             0x0E => 0,
+            0x0F => 1024,
+            0x10 => 8,
+            0x14 => 150,
         };
         assert_eq!(response_cbor, Some(expected_cbor));
     }
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 28c1599..76c2fd6 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -16,6 +16,7 @@ mod key;
 
 use crate::ctap::data_formats::{
     extract_array, extract_text_string, CredentialProtectionPolicy, PublicKeyCredentialSource,
+    PublicKeyCredentialUserEntity,
 };
 use crate::ctap::key_material;
 use crate::ctap::pin_protocol_v1::PIN_AUTH_LENGTH;
@@ -116,6 +117,29 @@ impl PersistentStore {
         Ok(())
     }
 
+    /// Finds the key and value for a given credential ID.
+    ///
+    /// # Errors
+    ///
+    /// Returns `CTAP2_ERR_NO_CREDENTIALS` if the credential is not found.
+    fn find_credential_item(
+        &self,
+        credential_id: &[u8],
+    ) -> Result<(usize, PublicKeyCredentialSource), Ctap2StatusCode> {
+        let mut iter_result = Ok(());
+        let iter = self.iter_credentials(&mut iter_result)?;
+        let mut credentials: Vec<(usize, PublicKeyCredentialSource)> = iter
+            .filter(|(_, credential)| credential.credential_id == credential_id)
+            .collect();
+        iter_result?;
+        if credentials.len() > 1 {
+            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
+        }
+        credentials
+            .pop()
+            .ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)
+    }
+
     /// Returns the first matching credential.
     ///
     /// Returns `None` if no credentials are matched or if `check_cred_protect` is set and the first
@@ -126,22 +150,17 @@ impl PersistentStore {
         credential_id: &[u8],
         check_cred_protect: bool,
     ) -> Result<Option<PublicKeyCredentialSource>, Ctap2StatusCode> {
-        let mut iter_result = Ok(());
-        let iter = self.iter_credentials(&mut iter_result)?;
-        // We don't check whether there is more than one matching credential to be able to exit
-        // early.
-        let result = iter.map(|(_, credential)| credential).find(|credential| {
-            credential.rp_id == rp_id && credential.credential_id == credential_id
-        });
-        iter_result?;
-        if let Some(cred) = &result {
-            let user_verification_required = cred.cred_protect_policy
-                == Some(CredentialProtectionPolicy::UserVerificationRequired);
-            if check_cred_protect && user_verification_required {
-                return Ok(None);
-            }
+        let credential = match self.find_credential_item(credential_id) {
+            Err(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS) => return Ok(None),
+            Err(e) => return Err(e),
+            Ok(credential) => credential.1,
+        };
+        let is_protected = credential.cred_protect_policy
+            == Some(CredentialProtectionPolicy::UserVerificationRequired);
+        if credential.rp_id != rp_id || (check_cred_protect && is_protected) {
+            return Ok(None);
         }
-        Ok(result)
+        Ok(Some(credential))
     }
 
     /// Stores or updates a credential.
@@ -196,6 +215,34 @@ impl PersistentStore {
         Ok(())
     }
 
+    /// Deletes a credential.
+    ///
+    /// # Errors
+    ///
+    /// Returns `CTAP2_ERR_NO_CREDENTIALS` if the credential is not found.
+    pub fn _delete_credential(&mut self, credential_id: &[u8]) -> Result<(), Ctap2StatusCode> {
+        let (key, _) = self.find_credential_item(credential_id)?;
+        Ok(self.store.remove(key)?)
+    }
+
+    /// Updates a credential's user information.
+    ///
+    /// # Errors
+    ///
+    /// Returns `CTAP2_ERR_NO_CREDENTIALS` if the credential is not found.
+    pub fn _update_credential(
+        &mut self,
+        credential_id: &[u8],
+        user: PublicKeyCredentialUserEntity,
+    ) -> Result<(), Ctap2StatusCode> {
+        let (key, mut credential) = self.find_credential_item(credential_id)?;
+        credential.user_name = user.user_name;
+        credential.user_display_name = user.user_display_name;
+        credential.user_icon = user.user_icon;
+        let value = serialize_credential(credential)?;
+        Ok(self.store.insert(key, &value)?)
+    }
+
     /// Returns the list of matching credentials.
     ///
     /// Does not return credentials that are not discoverable if `check_cred_protect` is set.
@@ -221,7 +268,6 @@ impl PersistentStore {
     }
 
     /// Returns the number of credentials.
-    #[cfg(test)]
     pub fn count_credentials(&self) -> Result<usize, Ctap2StatusCode> {
         let mut iter_result = Ok(());
         let iter = self.iter_credentials(&mut iter_result)?;
@@ -230,10 +276,17 @@ impl PersistentStore {
         Ok(result)
     }
 
+    /// Returns the estimated number of credentials that can still be stored.
+    pub fn remaining_credentials(&self) -> Result<usize, Ctap2StatusCode> {
+        MAX_SUPPORTED_RESIDENTIAL_KEYS
+            .checked_sub(self.count_credentials()?)
+            .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)
+    }
+
     /// Iterates through the credentials.
     ///
     /// If an error is encountered during iteration, it is written to `result`.
-    fn iter_credentials<'a>(
+    pub fn iter_credentials<'a>(
         &'a self,
         result: &'a mut Result<(), Ctap2StatusCode>,
     ) -> Result<IterCredentials<'a>, Ctap2StatusCode> {
@@ -494,7 +547,7 @@ impl From<persistent_store::StoreError> for Ctap2StatusCode {
 }
 
 /// Iterator for credentials.
-struct IterCredentials<'a> {
+pub struct IterCredentials<'a> {
     /// The store being iterated.
     store: &'a persistent_store::Store<Storage>,
 
@@ -629,6 +682,66 @@ mod test {
         assert!(persistent_store.count_credentials().unwrap() > 0);
     }
 
+    #[test]
+    fn test_delete_credential() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        assert_eq!(persistent_store.count_credentials().unwrap(), 0);
+
+        let mut credential_ids = vec![];
+        for i in 0..MAX_SUPPORTED_RESIDENTIAL_KEYS {
+            let user_handle = i.to_ne_bytes().to_vec();
+            let credential_source = create_credential_source(&mut rng, "example.com", user_handle);
+            credential_ids.push(credential_source.credential_id.clone());
+            assert!(persistent_store.store_credential(credential_source).is_ok());
+            assert_eq!(persistent_store.count_credentials().unwrap(), i + 1);
+        }
+        let mut count = persistent_store.count_credentials().unwrap();
+        for credential_id in credential_ids {
+            assert!(persistent_store._delete_credential(&credential_id).is_ok());
+            count -= 1;
+            assert_eq!(persistent_store.count_credentials().unwrap(), count);
+        }
+    }
+
+    #[test]
+    fn test_update_credential() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let user = PublicKeyCredentialUserEntity {
+            // User ID is ignored.
+            user_id: vec![0x00],
+            user_name: Some("name".to_string()),
+            user_display_name: Some("display_name".to_string()),
+            user_icon: Some("icon".to_string()),
+        };
+        assert_eq!(
+            persistent_store._update_credential(&[0x1D], user.clone()),
+            Err(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)
+        );
+
+        let credential_source = create_credential_source(&mut rng, "example.com", vec![0x1D]);
+        let credential_id = credential_source.credential_id.clone();
+        assert!(persistent_store.store_credential(credential_source).is_ok());
+        let stored_credential = persistent_store
+            .find_credential("example.com", &credential_id, false)
+            .unwrap()
+            .unwrap();
+        assert_eq!(stored_credential.user_name, None);
+        assert_eq!(stored_credential.user_display_name, None);
+        assert_eq!(stored_credential.user_icon, None);
+        assert!(persistent_store
+            ._update_credential(&credential_id, user.clone())
+            .is_ok());
+        let stored_credential = persistent_store
+            .find_credential("example.com", &credential_id, false)
+            .unwrap()
+            .unwrap();
+        assert_eq!(stored_credential.user_name, user.user_name);
+        assert_eq!(stored_credential.user_display_name, user.user_display_name);
+        assert_eq!(stored_credential.user_icon, user.user_icon);
+    }
+
     #[test]
     fn test_credential_order() {
         let mut rng = ThreadRng256 {};
@@ -645,17 +758,14 @@ mod test {
     }
 
     #[test]
-    #[allow(clippy::assertions_on_constants)]
     fn test_fill_store() {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         assert_eq!(persistent_store.count_credentials().unwrap(), 0);
 
-        // To make this test work for bigger storages, implement better int -> Vec conversion.
-        assert!(MAX_SUPPORTED_RESIDENTIAL_KEYS < 256);
         for i in 0..MAX_SUPPORTED_RESIDENTIAL_KEYS {
-            let credential_source =
-                create_credential_source(&mut rng, "example.com", vec![i as u8]);
+            let user_handle = i.to_ne_bytes().to_vec();
+            let credential_source = create_credential_source(&mut rng, "example.com", user_handle);
             assert!(persistent_store.store_credential(credential_source).is_ok());
             assert_eq!(persistent_store.count_credentials().unwrap(), i + 1);
         }
@@ -675,7 +785,6 @@ mod test {
     }
 
     #[test]
-    #[allow(clippy::assertions_on_constants)]
     fn test_overwrite() {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
@@ -699,11 +808,10 @@ mod test {
             &[expected_credential]
         );
 
-        // To make this test work for bigger storages, implement better int -> Vec conversion.
-        assert!(MAX_SUPPORTED_RESIDENTIAL_KEYS < 256);
+        let mut persistent_store = PersistentStore::new(&mut rng);
         for i in 0..MAX_SUPPORTED_RESIDENTIAL_KEYS {
-            let credential_source =
-                create_credential_source(&mut rng, "example.com", vec![i as u8]);
+            let user_handle = i.to_ne_bytes().to_vec();
+            let credential_source = create_credential_source(&mut rng, "example.com", user_handle);
             assert!(persistent_store.store_credential(credential_source).is_ok());
             assert_eq!(persistent_store.count_credentials().unwrap(), i + 1);
         }

From 4cee0c4c656374664426a8c7ed5d8221ceb9b983 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Mon, 11 Jan 2021 14:31:13 +0100
Subject: [PATCH 113/192] only keeps keys instead of credentials as state

---
 src/ctap/mod.rs     | 76 ++++++++++++++++++++++++++-------------------
 src/ctap/storage.rs | 64 ++++++++++++++++++++++++++------------
 2 files changed, 89 insertions(+), 51 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 4e93210..5072a47 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -142,7 +142,7 @@ struct AssertionInput {
 struct AssertionState {
     assertion_input: AssertionInput,
     // Sorted by ascending order of creation, so the last element is the most recent one.
-    next_credentials: Vec<PublicKeyCredentialSource>,
+    next_credential_keys: Vec<usize>,
 }
 
 enum StatefulCommand {
@@ -606,7 +606,7 @@ where
     // and returns the correct Get(Next)Assertion response.
     fn assertion_response(
         &mut self,
-        credential: PublicKeyCredentialSource,
+        mut credential: PublicKeyCredentialSource,
         assertion_input: AssertionInput,
         number_of_credentials: Option<usize>,
     ) -> Result<ResponseData, Ctap2StatusCode> {
@@ -642,6 +642,12 @@ where
             key_id: credential.credential_id,
             transports: None, // You can set USB as a hint here.
         };
+        // Remove user identifiable information without uv.
+        if !has_uv {
+            credential.user_name = None;
+            credential.user_display_name = None;
+            credential.user_icon = None;
+        }
         let user = if !credential.user_handle.is_empty() {
             Some(PublicKeyCredentialUserEntity {
                 user_id: credential.user_handle,
@@ -749,26 +755,23 @@ where
         }
 
         let rp_id_hash = Sha256::hash(rp_id.as_bytes());
-        let mut applicable_credentials = if let Some(allow_list) = allow_list {
-            if let Some(credential) =
-                self.get_any_credential_from_allow_list(allow_list, &rp_id, &rp_id_hash, has_uv)?
-            {
-                vec![credential]
-            } else {
-                vec![]
-            }
+        let (credential, next_credential_keys) = if let Some(allow_list) = allow_list {
+            (
+                self.get_any_credential_from_allow_list(allow_list, &rp_id, &rp_id_hash, has_uv)?,
+                vec![],
+            )
         } else {
-            self.persistent_store.filter_credential(&rp_id, !has_uv)?
+            let mut stored_credentials =
+                self.persistent_store.filter_credentials(&rp_id, !has_uv)?;
+            stored_credentials.sort_unstable_by_key(|c| c.1);
+            let mut stored_credentials: Vec<usize> =
+                stored_credentials.into_iter().map(|c| c.0).collect();
+            let credential = stored_credentials
+                .pop()
+                .map(|key| self.persistent_store.get_credential(key))
+                .transpose()?;
+            (credential, stored_credentials)
         };
-        // Remove user identifiable information without uv.
-        if !has_uv {
-            for credential in &mut applicable_credentials {
-                credential.user_name = None;
-                credential.user_display_name = None;
-                credential.user_icon = None;
-            }
-        }
-        applicable_credentials.sort_unstable_by_key(|c| c.creation_order);
 
         // This check comes before CTAP2_ERR_NO_CREDENTIALS in CTAP 2.0.
         // For CTAP 2.1, it was moved to a later protocol step.
@@ -776,9 +779,7 @@ where
             (self.check_user_presence)(cid)?;
         }
 
-        let credential = applicable_credentials
-            .pop()
-            .ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)?;
+        let credential = credential.ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)?;
 
         self.increment_global_signature_counter()?;
 
@@ -788,15 +789,15 @@ where
             hmac_secret_input,
             has_uv,
         };
-        let number_of_credentials = if applicable_credentials.is_empty() {
+        let number_of_credentials = if next_credential_keys.is_empty() {
             None
         } else {
-            let number_of_credentials = Some(applicable_credentials.len() + 1);
+            let number_of_credentials = Some(next_credential_keys.len() + 1);
             self.stateful_command_permission =
                 TimedPermission::granted(now, STATEFUL_COMMAND_TIMEOUT_DURATION);
             self.stateful_command_type = Some(StatefulCommand::GetAssertion(AssertionState {
                 assertion_input: assertion_input.clone(),
-                next_credentials: applicable_credentials,
+                next_credential_keys,
             }));
             number_of_credentials
         };
@@ -812,10 +813,11 @@ where
             if let Some(StatefulCommand::GetAssertion(assertion_state)) =
                 &mut self.stateful_command_type
             {
-                let credential = assertion_state
-                    .next_credentials
+                let credential_key = assertion_state
+                    .next_credential_keys
                     .pop()
                     .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
+                let credential = self.persistent_store.get_credential(credential_key)?;
                 (assertion_state.assertion_input.clone(), credential)
             } else {
                 return Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED);
@@ -1250,11 +1252,16 @@ mod test {
             ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
         assert!(make_credential_response.is_ok());
 
-        let stored_credential = ctap_state
+        let credential_key = ctap_state
             .persistent_store
-            .filter_credential("example.com", false)
+            .filter_credentials("example.com", false)
             .unwrap()
             .pop()
+            .unwrap()
+            .0;
+        let stored_credential = ctap_state
+            .persistent_store
+            .get_credential(credential_key)
             .unwrap();
         let credential_id = stored_credential.credential_id;
         assert_eq!(stored_credential.cred_protect_policy, Some(test_policy));
@@ -1275,11 +1282,16 @@ mod test {
             ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
         assert!(make_credential_response.is_ok());
 
-        let stored_credential = ctap_state
+        let credential_key = ctap_state
             .persistent_store
-            .filter_credential("example.com", false)
+            .filter_credentials("example.com", false)
             .unwrap()
             .pop()
+            .unwrap()
+            .0;
+        let stored_credential = ctap_state
+            .persistent_store
+            .get_credential(credential_key)
             .unwrap();
         let credential_id = stored_credential.credential_id;
         assert_eq!(stored_credential.cred_protect_policy, Some(test_policy));
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 76c2fd6..343751a 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -117,6 +117,24 @@ impl PersistentStore {
         Ok(())
     }
 
+    /// Returns the credential at the given key.
+    ///
+    /// # Errors
+    ///
+    /// Returns `CTAP2_ERR_VENDOR_INTERNAL_ERROR` if the key does not hold a valid credential.
+    pub fn get_credential(&self, key: usize) -> Result<PublicKeyCredentialSource, Ctap2StatusCode> {
+        let min_key = key::CREDENTIALS.start;
+        if key < min_key || key >= min_key + MAX_SUPPORTED_RESIDENTIAL_KEYS {
+            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
+        }
+        let credential_entry = self
+            .store
+            .find(key)?
+            .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?;
+        deserialize_credential(&credential_entry)
+            .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)
+    }
+
     /// Finds the key and value for a given credential ID.
     ///
     /// # Errors
@@ -246,22 +264,23 @@ impl PersistentStore {
     /// Returns the list of matching credentials.
     ///
     /// Does not return credentials that are not discoverable if `check_cred_protect` is set.
-    pub fn filter_credential(
+    pub fn filter_credentials(
         &self,
         rp_id: &str,
         check_cred_protect: bool,
-    ) -> Result<Vec<PublicKeyCredentialSource>, Ctap2StatusCode> {
+    ) -> Result<Vec<(usize, u64)>, Ctap2StatusCode> {
         let mut iter_result = Ok(());
         let iter = self.iter_credentials(&mut iter_result)?;
         let result = iter
-            .filter_map(|(_, credential)| {
-                if credential.rp_id == rp_id {
-                    Some(credential)
+            .filter_map(|(key, credential)| {
+                if credential.rp_id == rp_id
+                    && (!check_cred_protect || credential.is_discoverable())
+                {
+                    Some((key, credential.creation_order))
                 } else {
                     None
                 }
             })
-            .filter(|cred| !check_cred_protect || cred.is_discoverable())
             .collect();
         iter_result?;
         Ok(result)
@@ -801,12 +820,13 @@ mod test {
             .store_credential(credential_source1)
             .is_ok());
         assert_eq!(persistent_store.count_credentials().unwrap(), 1);
-        assert_eq!(
-            &persistent_store
-                .filter_credential("example.com", false)
-                .unwrap(),
-            &[expected_credential]
-        );
+        let filtered_credentials = persistent_store
+            .filter_credentials("example.com", false)
+            .unwrap();
+        let retrieved_credential_source = persistent_store
+            .get_credential(filtered_credentials[0].0)
+            .unwrap();
+        assert_eq!(retrieved_credential_source, expected_credential);
 
         let mut persistent_store = PersistentStore::new(&mut rng);
         for i in 0..MAX_SUPPORTED_RESIDENTIAL_KEYS {
@@ -831,7 +851,7 @@ mod test {
     }
 
     #[test]
-    fn test_filter() {
+    fn test_filter_get_credentials() {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         assert_eq!(persistent_store.count_credentials().unwrap(), 0);
@@ -852,14 +872,20 @@ mod test {
             .is_ok());
 
         let filtered_credentials = persistent_store
-            .filter_credential("example.com", false)
+            .filter_credentials("example.com", false)
             .unwrap();
         assert_eq!(filtered_credentials.len(), 2);
+        let retrieved_credential0 = persistent_store
+            .get_credential(filtered_credentials[0].0)
+            .unwrap();
+        let retrieved_credential1 = persistent_store
+            .get_credential(filtered_credentials[1].0)
+            .unwrap();
         assert!(
-            (filtered_credentials[0].credential_id == id0
-                && filtered_credentials[1].credential_id == id1)
-                || (filtered_credentials[1].credential_id == id0
-                    && filtered_credentials[0].credential_id == id1)
+            (retrieved_credential0.credential_id == id0
+                && retrieved_credential1.credential_id == id1)
+                || (retrieved_credential1.credential_id == id0
+                    && retrieved_credential0.credential_id == id1)
         );
     }
 
@@ -886,7 +912,7 @@ mod test {
         assert!(persistent_store.store_credential(credential).is_ok());
 
         let no_credential = persistent_store
-            .filter_credential("example.com", true)
+            .filter_credentials("example.com", true)
             .unwrap();
         assert_eq!(no_credential, vec![]);
     }

From 27a7108328fcea9bba7bfe1b1411167e9a7551ef Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 12 Jan 2021 07:01:25 +0100
Subject: [PATCH 114/192] moves filter_credentials to call side

---
 src/ctap/mod.rs     |  52 +++++++++++---------
 src/ctap/storage.rs | 112 ++++++++------------------------------------
 2 files changed, 49 insertions(+), 115 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 5072a47..2047500 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -761,11 +761,23 @@ where
                 vec![],
             )
         } else {
-            let mut stored_credentials =
-                self.persistent_store.filter_credentials(&rp_id, !has_uv)?;
-            stored_credentials.sort_unstable_by_key(|c| c.1);
-            let mut stored_credentials: Vec<usize> =
-                stored_credentials.into_iter().map(|c| c.0).collect();
+            let mut iter_result = Ok(());
+            let iter = self.persistent_store.iter_credentials(&mut iter_result)?;
+            let mut stored_credentials: Vec<(usize, u64)> = iter
+                .filter_map(|(key, credential)| {
+                    if credential.rp_id == rp_id && (has_uv || credential.is_discoverable()) {
+                        Some((key, credential.creation_order))
+                    } else {
+                        None
+                    }
+                })
+                .collect();
+            iter_result?;
+            stored_credentials.sort_unstable_by_key(|&(_key, order)| order);
+            let mut stored_credentials: Vec<usize> = stored_credentials
+                .into_iter()
+                .map(|(key, _order)| key)
+                .collect();
             let credential = stored_credentials
                 .pop()
                 .map(|key| self.persistent_store.get_credential(key))
@@ -1252,17 +1264,14 @@ mod test {
             ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
         assert!(make_credential_response.is_ok());
 
-        let credential_key = ctap_state
+        let mut iter_result = Ok(());
+        let iter = ctap_state
             .persistent_store
-            .filter_credentials("example.com", false)
-            .unwrap()
-            .pop()
-            .unwrap()
-            .0;
-        let stored_credential = ctap_state
-            .persistent_store
-            .get_credential(credential_key)
+            .iter_credentials(&mut iter_result)
             .unwrap();
+        // There is only 1 credential, so last is good enough.
+        let (_, stored_credential) = iter.last().unwrap();
+        iter_result.unwrap();
         let credential_id = stored_credential.credential_id;
         assert_eq!(stored_credential.cred_protect_policy, Some(test_policy));
 
@@ -1282,17 +1291,14 @@ mod test {
             ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
         assert!(make_credential_response.is_ok());
 
-        let credential_key = ctap_state
+        let mut iter_result = Ok(());
+        let iter = ctap_state
             .persistent_store
-            .filter_credentials("example.com", false)
-            .unwrap()
-            .pop()
-            .unwrap()
-            .0;
-        let stored_credential = ctap_state
-            .persistent_store
-            .get_credential(credential_key)
+            .iter_credentials(&mut iter_result)
             .unwrap();
+        // There is only 1 credential, so last is good enough.
+        let (_, stored_credential) = iter.last().unwrap();
+        iter_result.unwrap();
         let credential_id = stored_credential.credential_id;
         assert_eq!(stored_credential.cred_protect_policy, Some(test_policy));
 
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 343751a..8df987d 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -171,7 +171,7 @@ impl PersistentStore {
         let credential = match self.find_credential_item(credential_id) {
             Err(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS) => return Ok(None),
             Err(e) => return Err(e),
-            Ok(credential) => credential.1,
+            Ok((_key, credential)) => credential,
         };
         let is_protected = credential.cred_protect_policy
             == Some(CredentialProtectionPolicy::UserVerificationRequired);
@@ -261,31 +261,6 @@ impl PersistentStore {
         Ok(self.store.insert(key, &value)?)
     }
 
-    /// Returns the list of matching credentials.
-    ///
-    /// Does not return credentials that are not discoverable if `check_cred_protect` is set.
-    pub fn filter_credentials(
-        &self,
-        rp_id: &str,
-        check_cred_protect: bool,
-    ) -> Result<Vec<(usize, u64)>, Ctap2StatusCode> {
-        let mut iter_result = Ok(());
-        let iter = self.iter_credentials(&mut iter_result)?;
-        let result = iter
-            .filter_map(|(key, credential)| {
-                if credential.rp_id == rp_id
-                    && (!check_cred_protect || credential.is_discoverable())
-                {
-                    Some((key, credential.creation_order))
-                } else {
-                    None
-                }
-            })
-            .collect();
-        iter_result?;
-        Ok(result)
-    }
-
     /// Returns the number of credentials.
     pub fn count_credentials(&self) -> Result<usize, Ctap2StatusCode> {
         let mut iter_result = Ok(());
@@ -811,7 +786,8 @@ mod test {
         // These should have different IDs.
         let credential_source0 = create_credential_source(&mut rng, "example.com", vec![0x00]);
         let credential_source1 = create_credential_source(&mut rng, "example.com", vec![0x00]);
-        let expected_credential = credential_source1.clone();
+        let credential_id0 = credential_source0.credential_id.clone();
+        let credential_id1 = credential_source1.credential_id.clone();
 
         assert!(persistent_store
             .store_credential(credential_source0)
@@ -820,13 +796,14 @@ mod test {
             .store_credential(credential_source1)
             .is_ok());
         assert_eq!(persistent_store.count_credentials().unwrap(), 1);
-        let filtered_credentials = persistent_store
-            .filter_credentials("example.com", false)
-            .unwrap();
-        let retrieved_credential_source = persistent_store
-            .get_credential(filtered_credentials[0].0)
-            .unwrap();
-        assert_eq!(retrieved_credential_source, expected_credential);
+        assert!(persistent_store
+            .find_credential("example.com", &credential_id0, false)
+            .unwrap()
+            .is_none());
+        assert!(persistent_store
+            .find_credential("example.com", &credential_id1, false)
+            .unwrap()
+            .is_some());
 
         let mut persistent_store = PersistentStore::new(&mut rng);
         for i in 0..MAX_SUPPORTED_RESIDENTIAL_KEYS {
@@ -851,70 +828,21 @@ mod test {
     }
 
     #[test]
-    fn test_filter_get_credentials() {
+    fn test_get_credential() {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
-        assert_eq!(persistent_store.count_credentials().unwrap(), 0);
         let credential_source0 = create_credential_source(&mut rng, "example.com", vec![0x00]);
         let credential_source1 = create_credential_source(&mut rng, "example.com", vec![0x01]);
         let credential_source2 =
             create_credential_source(&mut rng, "another.example.com", vec![0x02]);
-        let id0 = credential_source0.credential_id.clone();
-        let id1 = credential_source1.credential_id.clone();
-        assert!(persistent_store
-            .store_credential(credential_source0)
-            .is_ok());
-        assert!(persistent_store
-            .store_credential(credential_source1)
-            .is_ok());
-        assert!(persistent_store
-            .store_credential(credential_source2)
-            .is_ok());
-
-        let filtered_credentials = persistent_store
-            .filter_credentials("example.com", false)
-            .unwrap();
-        assert_eq!(filtered_credentials.len(), 2);
-        let retrieved_credential0 = persistent_store
-            .get_credential(filtered_credentials[0].0)
-            .unwrap();
-        let retrieved_credential1 = persistent_store
-            .get_credential(filtered_credentials[1].0)
-            .unwrap();
-        assert!(
-            (retrieved_credential0.credential_id == id0
-                && retrieved_credential1.credential_id == id1)
-                || (retrieved_credential1.credential_id == id0
-                    && retrieved_credential0.credential_id == id1)
-        );
-    }
-
-    #[test]
-    fn test_filter_with_cred_protect() {
-        let mut rng = ThreadRng256 {};
-        let mut persistent_store = PersistentStore::new(&mut rng);
-        assert_eq!(persistent_store.count_credentials().unwrap(), 0);
-        let private_key = crypto::ecdsa::SecKey::gensk(&mut rng);
-        let credential = PublicKeyCredentialSource {
-            key_type: PublicKeyCredentialType::PublicKey,
-            credential_id: rng.gen_uniform_u8x32().to_vec(),
-            private_key,
-            rp_id: String::from("example.com"),
-            user_handle: vec![0x00],
-            user_display_name: None,
-            cred_protect_policy: Some(
-                CredentialProtectionPolicy::UserVerificationOptionalWithCredentialIdList,
-            ),
-            creation_order: 0,
-            user_name: None,
-            user_icon: None,
-        };
-        assert!(persistent_store.store_credential(credential).is_ok());
-
-        let no_credential = persistent_store
-            .filter_credentials("example.com", true)
-            .unwrap();
-        assert_eq!(no_credential, vec![]);
+        let credential_sources = vec![credential_source0, credential_source1, credential_source2];
+        for credential_source in credential_sources.into_iter() {
+            let cred_id = credential_source.credential_id.clone();
+            assert!(persistent_store.store_credential(credential_source).is_ok());
+            let (key, _) = persistent_store.find_credential_item(&cred_id).unwrap();
+            let cred = persistent_store.get_credential(key).unwrap();
+            assert_eq!(&cred_id, &cred.credential_id);
+        }
     }
 
     #[test]

From 2776bd9b8ec7af7f486b4db2cb1100625a810e28 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 12 Jan 2021 15:11:20 +0100
Subject: [PATCH 115/192] new CoseKey data format

---
 libraries/crypto/src/ecdh.rs  |   2 +-
 libraries/crypto/src/ecdsa.rs |   1 -
 src/ctap/command.rs           |  13 +-
 src/ctap/data_formats.rs      | 275 +++++++++++++++++++++++-----------
 src/ctap/mod.rs               |   2 +-
 src/ctap/response.rs          |   2 +-
 6 files changed, 196 insertions(+), 99 deletions(-)

diff --git a/libraries/crypto/src/ecdh.rs b/libraries/crypto/src/ecdh.rs
index 9645f66..a1e3736 100644
--- a/libraries/crypto/src/ecdh.rs
+++ b/libraries/crypto/src/ecdh.rs
@@ -85,7 +85,7 @@ impl PubKey {
         self.p.to_bytes_uncompressed(bytes);
     }
 
-    /// Creates a new PubKey from their coordinates.
+    /// Creates a new PubKey from its coordinates on the elliptic curve.
     pub fn from_coordinates(x: &[u8; NBYTES], y: &[u8; NBYTES]) -> Option<PubKey> {
         PointP256::new_checked_vartime(Int256::from_bin(x), Int256::from_bin(y))
             .map(|p| PubKey { p })
diff --git a/libraries/crypto/src/ecdsa.rs b/libraries/crypto/src/ecdsa.rs
index 8fef458..b6a1708 100644
--- a/libraries/crypto/src/ecdsa.rs
+++ b/libraries/crypto/src/ecdsa.rs
@@ -220,7 +220,6 @@ impl Signature {
 }
 
 impl PubKey {
-    pub const ES256_ALGORITHM: i64 = -7;
     #[cfg(feature = "with_ctap1")]
     const UNCOMPRESSED_LENGTH: usize = 1 + 2 * int256::NBYTES;
 
diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index 0a86093..6f0aa72 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -317,7 +317,7 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
 
         let pin_protocol = extract_unsigned(ok_or_missing(pin_protocol)?)?;
         let sub_command = ClientPinSubCommand::try_from(ok_or_missing(sub_command)?)?;
-        let key_agreement = key_agreement.map(extract_map).transpose()?.map(CoseKey);
+        let key_agreement = key_agreement.map(CoseKey::try_from).transpose()?;
         let pin_auth = pin_auth.map(extract_byte_string).transpose()?;
         let new_pin_enc = new_pin_enc.map(extract_byte_string).transpose()?;
         let pin_hash_enc = pin_hash_enc.map(extract_byte_string).transpose()?;
@@ -423,8 +423,8 @@ mod test {
     };
     use super::super::ES256_CRED_PARAM;
     use super::*;
-    use alloc::collections::BTreeMap;
     use cbor::{cbor_array, cbor_map};
+    use crypto::rng256::ThreadRng256;
 
     #[test]
     fn test_from_cbor_make_credential_parameters() {
@@ -534,10 +534,15 @@ mod test {
 
     #[test]
     fn test_from_cbor_client_pin_parameters() {
+        let mut rng = ThreadRng256 {};
+        let sk = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pk = sk.genpk();
+        let cose_key = CoseKey::from(pk);
+
         let cbor_value = cbor_map! {
             1 => 1,
             2 => ClientPinSubCommand::GetPinRetries,
-            3 => cbor_map!{},
+            3 => cbor::Value::from(cose_key.clone()),
             4 => vec! [0xBB],
             5 => vec! [0xCC],
             6 => vec! [0xDD],
@@ -552,7 +557,7 @@ mod test {
         let expected_pin_protocol_parameters = AuthenticatorClientPinParameters {
             pin_protocol: 1,
             sub_command: ClientPinSubCommand::GetPinRetries,
-            key_agreement: Some(CoseKey(BTreeMap::new())),
+            key_agreement: Some(cose_key),
             pin_auth: Some(vec![0xBB]),
             new_pin_enc: Some(vec![0xCC]),
             pin_hash_enc: Some(vec![0xDD]),
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index ac1fb73..87bc6b4 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -17,12 +17,23 @@ use alloc::collections::BTreeMap;
 use alloc::string::String;
 use alloc::vec::Vec;
 use arrayref::array_ref;
-use cbor::{cbor_array_vec, cbor_bytes_lit, cbor_map_options, destructure_cbor_map};
-use core::convert::{TryFrom, TryInto};
+use cbor::{cbor_array_vec, cbor_map, cbor_map_options, destructure_cbor_map};
+use core::convert::TryFrom;
 use crypto::{ecdh, ecdsa};
 #[cfg(test)]
 use enum_iterator::IntoEnumIterator;
 
+// This is the algorithm specifier that is supposed to be used in a COSE key
+// map in ECDH. CTAP requests -25 which represents ECDH-ES + HKDF-256 here:
+// https://www.iana.org/assignments/cose/cose.xhtml#algorithms
+const ECDH_ALGORITHM: i64 = -25;
+// This is the identifier used for ECDSA and ECDH in OpenSSH.
+const ES256_ALGORITHM: i64 = -7;
+// The COSE key parameter behind map key 1.
+const EC2_KEY_TYPE: i64 = 2;
+// The COSE key parameter behind map key -1.
+const P_256_CURVE: i64 = 1;
+
 // https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialrpentity
 #[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
 pub struct PublicKeyCredentialRpEntity {
@@ -322,17 +333,17 @@ impl TryFrom<cbor::Value> for GetAssertionHmacSecretInput {
     fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
         destructure_cbor_map! {
             let {
-                1 => cose_key,
+                1 => key_agreement,
                 2 => salt_enc,
                 3 => salt_auth,
             } = extract_map(cbor_value)?;
         }
 
-        let cose_key = extract_map(ok_or_missing(cose_key)?)?;
+        let key_agreement = CoseKey::try_from(ok_or_missing(key_agreement)?)?;
         let salt_enc = extract_byte_string(ok_or_missing(salt_enc)?)?;
         let salt_auth = extract_byte_string(ok_or_missing(salt_auth)?)?;
         Ok(Self {
-            key_agreement: CoseKey(cose_key),
+            key_agreement,
             salt_enc,
             salt_auth,
         })
@@ -432,7 +443,7 @@ impl From<PackedAttestationStatement> for cbor::Value {
 #[derive(PartialEq)]
 #[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
 pub enum SignatureAlgorithm {
-    ES256 = ecdsa::PubKey::ES256_ALGORITHM as isize,
+    ES256 = ES256_ALGORITHM as isize,
     // This is the default for all numbers not covered above.
     // Unknown types should be ignored, instead of returning errors.
     Unknown = 0,
@@ -449,7 +460,7 @@ impl TryFrom<cbor::Value> for SignatureAlgorithm {
 
     fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
         match extract_integer(cbor_value)? {
-            ecdsa::PubKey::ES256_ALGORITHM => Ok(SignatureAlgorithm::ES256),
+            ES256_ALGORITHM => Ok(SignatureAlgorithm::ES256),
             _ => Ok(SignatureAlgorithm::Unknown),
         }
     }
@@ -614,85 +625,31 @@ impl PublicKeyCredentialSource {
     }
 }
 
-// TODO(kaczmarczyck) we could decide to split this data type up
-// It depends on the algorithm though, I think.
-// So before creating a mess, this is my workaround.
+// The COSE key is used for both ECDH and ECDSA public keys for transmission.
 #[derive(Clone)]
 #[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
-pub struct CoseKey(pub BTreeMap<cbor::KeyType, cbor::Value>);
-
-// This is the algorithm specifier that is supposed to be used in a COSE key
-// map. The CTAP specification says -25 which represents ECDH-ES + HKDF-256
-// here: https://www.iana.org/assignments/cose/cose.xhtml#algorithms
-// In fact, this is just used for compatibility with older specification versions.
-const ECDH_ALGORITHM: i64 = -25;
-// This is the identifier used by OpenSSH. To be compatible, we accept both.
-const ES256_ALGORITHM: i64 = -7;
-const EC2_KEY_TYPE: i64 = 2;
-const P_256_CURVE: i64 = 1;
+pub struct CoseKey {
+    x_bytes: [u8; ecdh::NBYTES],
+    y_bytes: [u8; ecdh::NBYTES],
+    algorithm: i64,
+}
 
+// This conversion accepts both ECDH and ECDSA.
 impl TryFrom<cbor::Value> for CoseKey {
     type Error = Ctap2StatusCode;
 
     fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
-        if let cbor::Value::Map(cose_map) = cbor_value {
-            Ok(CoseKey(cose_map))
-        } else {
-            Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)
-        }
-    }
-}
-
-fn cose_key_from_bytes(x_bytes: [u8; ecdh::NBYTES], y_bytes: [u8; ecdh::NBYTES]) -> CoseKey {
-    let x_byte_cbor: cbor::Value = cbor_bytes_lit!(&x_bytes);
-    let y_byte_cbor: cbor::Value = cbor_bytes_lit!(&y_bytes);
-    // TODO(kaczmarczyck) do not write optional parameters, spec is unclear
-    let cose_cbor_value = cbor_map_options! {
-        1 => EC2_KEY_TYPE,
-        3 => ECDH_ALGORITHM,
-        -1 => P_256_CURVE,
-        -2 => x_byte_cbor,
-        -3 => y_byte_cbor,
-    };
-    // Unwrap is safe here since we know it's a map.
-    cose_cbor_value.try_into().unwrap()
-}
-
-impl From<ecdh::PubKey> for CoseKey {
-    fn from(pk: ecdh::PubKey) -> Self {
-        let mut x_bytes = [0; ecdh::NBYTES];
-        let mut y_bytes = [0; ecdh::NBYTES];
-        pk.to_coordinates(&mut x_bytes, &mut y_bytes);
-        cose_key_from_bytes(x_bytes, y_bytes)
-    }
-}
-
-impl TryFrom<CoseKey> for ecdh::PubKey {
-    type Error = Ctap2StatusCode;
-
-    fn try_from(cose_key: CoseKey) -> Result<Self, Ctap2StatusCode> {
         destructure_cbor_map! {
             let {
+                // This is sorted correctly, negative encoding is bigger.
                 1 => key_type,
                 3 => algorithm,
                 -1 => curve,
                 -2 => x_bytes,
                 -3 => y_bytes,
-            } = cose_key.0;
+            } = extract_map(cbor_value)?;
         }
 
-        let key_type = extract_integer(ok_or_missing(key_type)?)?;
-        if key_type != EC2_KEY_TYPE {
-            return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM);
-        }
-        let algorithm = extract_integer(ok_or_missing(algorithm)?)?;
-        if algorithm != ECDH_ALGORITHM && algorithm != ES256_ALGORITHM {
-            return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM);
-        }
-        let curve = extract_integer(ok_or_missing(curve)?)?;
-        if curve != P_256_CURVE {
-            return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM);
-        }
         let x_bytes = extract_byte_string(ok_or_missing(x_bytes)?)?;
         if x_bytes.len() != ecdh::NBYTES {
             return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
@@ -701,11 +658,55 @@ impl TryFrom<CoseKey> for ecdh::PubKey {
         if y_bytes.len() != ecdh::NBYTES {
             return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
         }
+        let curve = extract_integer(ok_or_missing(curve)?)?;
+        if curve != P_256_CURVE {
+            return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM);
+        }
+        let key_type = extract_integer(ok_or_missing(key_type)?)?;
+        if key_type != EC2_KEY_TYPE {
+            return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM);
+        }
+        let algorithm = extract_integer(ok_or_missing(algorithm)?)?;
+        if algorithm != ECDH_ALGORITHM && algorithm != ES256_ALGORITHM {
+            return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM);
+        }
 
-        let x_array_ref = array_ref![x_bytes.as_slice(), 0, ecdh::NBYTES];
-        let y_array_ref = array_ref![y_bytes.as_slice(), 0, ecdh::NBYTES];
-        ecdh::PubKey::from_coordinates(x_array_ref, y_array_ref)
-            .ok_or(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        Ok(CoseKey {
+            x_bytes: *array_ref![x_bytes.as_slice(), 0, ecdh::NBYTES],
+            y_bytes: *array_ref![y_bytes.as_slice(), 0, ecdh::NBYTES],
+            algorithm,
+        })
+    }
+}
+
+impl From<CoseKey> for cbor::Value {
+    fn from(cose_key: CoseKey) -> Self {
+        let CoseKey {
+            x_bytes,
+            y_bytes,
+            algorithm,
+        } = cose_key;
+
+        cbor_map! {
+            1 => EC2_KEY_TYPE,
+            3 => algorithm,
+            -1 => P_256_CURVE,
+            -2 => x_bytes,
+            -3 => y_bytes,
+        }
+    }
+}
+
+impl From<ecdh::PubKey> for CoseKey {
+    fn from(pk: ecdh::PubKey) -> Self {
+        let mut x_bytes = [0; ecdh::NBYTES];
+        let mut y_bytes = [0; ecdh::NBYTES];
+        pk.to_coordinates(&mut x_bytes, &mut y_bytes);
+        CoseKey {
+            x_bytes,
+            y_bytes,
+            algorithm: ECDH_ALGORITHM,
+        }
     }
 }
 
@@ -714,7 +715,32 @@ impl From<ecdsa::PubKey> for CoseKey {
         let mut x_bytes = [0; ecdh::NBYTES];
         let mut y_bytes = [0; ecdh::NBYTES];
         pk.to_coordinates(&mut x_bytes, &mut y_bytes);
-        cose_key_from_bytes(x_bytes, y_bytes)
+        CoseKey {
+            x_bytes,
+            y_bytes,
+            algorithm: ES256_ALGORITHM,
+        }
+    }
+}
+
+impl TryFrom<CoseKey> for ecdh::PubKey {
+    type Error = Ctap2StatusCode;
+
+    fn try_from(cose_key: CoseKey) -> Result<Self, Ctap2StatusCode> {
+        let CoseKey {
+            x_bytes,
+            y_bytes,
+            algorithm,
+        } = cose_key;
+
+        // Since algorithm can be used for different COSE key types, we check
+        // whether the current type is correct for ECDH. For an OpenSSH bugfix,
+        // the algorithm ES256_ALGORITHM is allowed here too.
+        if algorithm != ECDH_ALGORITHM && algorithm != ES256_ALGORITHM {
+            return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM);
+        }
+        ecdh::PubKey::from_coordinates(&x_bytes, &y_bytes)
+            .ok_or(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
     }
 }
 
@@ -827,8 +853,8 @@ mod test {
     use super::*;
     use alloc::collections::BTreeMap;
     use cbor::{
-        cbor_array, cbor_bool, cbor_bytes, cbor_false, cbor_int, cbor_map, cbor_null, cbor_text,
-        cbor_unsigned,
+        cbor_array, cbor_bool, cbor_bytes, cbor_bytes_lit, cbor_false, cbor_int, cbor_null,
+        cbor_text, cbor_unsigned,
     };
     use crypto::rng256::{Rng256, ThreadRng256};
 
@@ -1151,7 +1177,7 @@ mod test {
 
     #[test]
     fn test_from_into_signature_algorithm() {
-        let cbor_signature_algorithm: cbor::Value = cbor_int!(ecdsa::PubKey::ES256_ALGORITHM);
+        let cbor_signature_algorithm: cbor::Value = cbor_int!(ES256_ALGORITHM);
         let signature_algorithm = SignatureAlgorithm::try_from(cbor_signature_algorithm.clone());
         let expected_signature_algorithm = SignatureAlgorithm::ES256;
         assert_eq!(signature_algorithm, Ok(expected_signature_algorithm));
@@ -1225,7 +1251,7 @@ mod test {
     fn test_from_into_public_key_credential_parameter() {
         let cbor_credential_parameter = cbor_map! {
             "type" => "public-key",
-            "alg" => ecdsa::PubKey::ES256_ALGORITHM,
+            "alg" => ES256_ALGORITHM,
         };
         let credential_parameter =
             PublicKeyCredentialParameter::try_from(cbor_credential_parameter.clone());
@@ -1279,7 +1305,7 @@ mod test {
         let cose_key = CoseKey::from(pk);
         let cbor_extensions = cbor_map! {
             "hmac-secret" => cbor_map! {
-                1 => cbor::Value::Map(cose_key.0.clone()),
+                1 => cbor::Value::from(cose_key.clone()),
                 2 => vec![0x02; 32],
                 3 => vec![0x03; 16],
             },
@@ -1343,6 +1369,83 @@ mod test {
         assert_eq!(created_cbor, cbor_packed_attestation_statement);
     }
 
+    #[test]
+    fn test_from_into_cose_key_cbor() {
+        for algorithm in &[ECDH_ALGORITHM, ES256_ALGORITHM] {
+            let cbor_value = cbor_map! {
+                1 => EC2_KEY_TYPE,
+                3 => algorithm,
+                -1 => P_256_CURVE,
+                -2 => [0u8; 32],
+                -3 => [0u8; 32],
+            };
+            let cose_key = CoseKey::try_from(cbor_value.clone()).unwrap();
+            let created_cbor_value = cbor::Value::from(cose_key);
+            assert_eq!(created_cbor_value, cbor_value);
+        }
+
+        let cbor_value = cbor_map! {
+            1 => EC2_KEY_TYPE,
+            // unknown algorithm
+            3 => 0,
+            -1 => P_256_CURVE,
+            -2 => [0u8; 32],
+            -3 => [0u8; 32],
+        };
+        assert_eq!(
+            CoseKey::try_from(cbor_value),
+            Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM)
+        );
+        let cbor_value = cbor_map! {
+            // unknown type
+            1 => 0,
+            3 => ECDH_ALGORITHM,
+            -1 => P_256_CURVE,
+            -2 => [0u8; 32],
+            -3 => [0u8; 32],
+        };
+        assert_eq!(
+            CoseKey::try_from(cbor_value),
+            Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM)
+        );
+        let cbor_value = cbor_map! {
+            1 => EC2_KEY_TYPE,
+            3 => ECDH_ALGORITHM,
+            // unknown curve
+            -1 => 0,
+            -2 => [0u8; 32],
+            -3 => [0u8; 32],
+        };
+        assert_eq!(
+            CoseKey::try_from(cbor_value),
+            Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM)
+        );
+        let cbor_value = cbor_map! {
+            1 => EC2_KEY_TYPE,
+            3 => ECDH_ALGORITHM,
+            -1 => P_256_CURVE,
+            // wrong length
+            -2 => [0u8; 31],
+            -3 => [0u8; 32],
+        };
+        assert_eq!(
+            CoseKey::try_from(cbor_value),
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        );
+        let cbor_value = cbor_map! {
+            1 => EC2_KEY_TYPE,
+            3 => ECDH_ALGORITHM,
+            -1 => P_256_CURVE,
+            -2 => [0u8; 32],
+            // wrong length
+            -3 => [0u8; 33],
+        };
+        assert_eq!(
+            CoseKey::try_from(cbor_value),
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        );
+    }
+
     #[test]
     fn test_from_into_cose_key_ecdh() {
         let mut rng = ThreadRng256 {};
@@ -1359,17 +1462,7 @@ mod test {
         let sk = crypto::ecdsa::SecKey::gensk(&mut rng);
         let pk = sk.genpk();
         let cose_key = CoseKey::from(pk);
-        let cose_map = cose_key.0;
-        let template = cbor_map! {
-            1 => 0,
-            3 => 0,
-            -1 => 0,
-            -2 => 0,
-            -3 => 0,
-        };
-        for key in CoseKey::try_from(template).unwrap().0.keys() {
-            assert!(cose_map.contains_key(key));
-        }
+        assert_eq!(cose_key.algorithm, ES256_ALGORITHM);
     }
 
     #[test]
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 676f4c2..8895605 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -534,7 +534,7 @@ where
         }
         auth_data.extend(vec![0x00, credential_id.len() as u8]);
         auth_data.extend(&credential_id);
-        if !cbor::write(cbor::Value::Map(CoseKey::from(pk).0), &mut auth_data) {
+        if !cbor::write(cbor::Value::from(CoseKey::from(pk)), &mut auth_data) {
             return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
         }
         if has_extension_output {
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index 3ebab3b..f40dc21 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -192,7 +192,7 @@ impl From<AuthenticatorClientPinResponse> for cbor::Value {
         } = client_pin_response;
 
         cbor_map_options! {
-            1 => key_agreement.map(|cose_key| cbor_map_btree!(cose_key.0)),
+            1 => key_agreement.map(cbor::Value::from),
             2 => pin_token,
             3 => retries,
         }

From da27848c27c7a56cb6265d61ddc6eda50838f3dd Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 12 Jan 2021 17:17:23 +0100
Subject: [PATCH 116/192] updates license header to 2021 in ctap

---
 src/ctap/apdu.rs             | 2 +-
 src/ctap/command.rs          | 2 +-
 src/ctap/config_command.rs   | 2 +-
 src/ctap/ctap1.rs            | 2 +-
 src/ctap/data_formats.rs     | 2 +-
 src/ctap/hid/mod.rs          | 2 +-
 src/ctap/hid/receive.rs      | 2 +-
 src/ctap/hid/send.rs         | 2 +-
 src/ctap/key_material.rs     | 2 +-
 src/ctap/mod.rs              | 2 +-
 src/ctap/pin_protocol_v1.rs  | 2 +-
 src/ctap/response.rs         | 2 +-
 src/ctap/status_code.rs      | 2 +-
 src/ctap/storage.rs          | 2 +-
 src/ctap/timed_permission.rs | 2 +-
 15 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index c99bf84..f475308 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2020-2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index 6b6ab54..dcb96d6 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC
+// Copyright 2019-2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/src/ctap/config_command.rs b/src/ctap/config_command.rs
index f270513..57e2a97 100644
--- a/src/ctap/config_command.rs
+++ b/src/ctap/config_command.rs
@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2020-2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index 0932e2c..0bf43b5 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC
+// Copyright 2019-2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index 9cf149f..05b8374 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC
+// Copyright 2019-2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/src/ctap/hid/mod.rs b/src/ctap/hid/mod.rs
index 01c0b11..71bd7c8 100644
--- a/src/ctap/hid/mod.rs
+++ b/src/ctap/hid/mod.rs
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC
+// Copyright 2019-2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/src/ctap/hid/receive.rs b/src/ctap/hid/receive.rs
index b522837..8efdb1c 100644
--- a/src/ctap/hid/receive.rs
+++ b/src/ctap/hid/receive.rs
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC
+// Copyright 2019-2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/src/ctap/hid/send.rs b/src/ctap/hid/send.rs
index 434d633..22f9c61 100644
--- a/src/ctap/hid/send.rs
+++ b/src/ctap/hid/send.rs
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC
+// Copyright 2019-2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/src/ctap/key_material.rs b/src/ctap/key_material.rs
index eec5456..a8ae6da 100644
--- a/src/ctap/key_material.rs
+++ b/src/ctap/key_material.rs
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC
+// Copyright 2019-2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 7b5b2de..98ed569 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC
+// Copyright 2019-2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/src/ctap/pin_protocol_v1.rs b/src/ctap/pin_protocol_v1.rs
index d4f148d..e2a84eb 100644
--- a/src/ctap/pin_protocol_v1.rs
+++ b/src/ctap/pin_protocol_v1.rs
@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2020-2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index df38148..b4d4ed4 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC
+// Copyright 2019-2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/src/ctap/status_code.rs b/src/ctap/status_code.rs
index 5a9ec71..a593dad 100644
--- a/src/ctap/status_code.rs
+++ b/src/ctap/status_code.rs
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC
+// Copyright 2019-2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 0c6d15f..0bc9c5f 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC
+// Copyright 2019-2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/src/ctap/timed_permission.rs b/src/ctap/timed_permission.rs
index fcc0ada..868e9da 100644
--- a/src/ctap/timed_permission.rs
+++ b/src/ctap/timed_permission.rs
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC
+// Copyright 2019-2021 Google LLC
 //
 // Licensed under the Apache License, Version 2 (the "License");
 // you may not use this file except in compliance with the License.

From c30268a099c53c3f3219070525ba777bbe1c7bf9 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 12 Jan 2021 17:57:58 +0100
Subject: [PATCH 117/192] code cleanups and clarifications

---
 src/ctap/config_command.rs  |  9 +++++----
 src/ctap/mod.rs             | 11 +----------
 src/ctap/pin_protocol_v1.rs |  3 ---
 src/ctap/storage.rs         |  5 +++++
 4 files changed, 11 insertions(+), 17 deletions(-)

diff --git a/src/ctap/config_command.rs b/src/ctap/config_command.rs
index 57e2a97..e09bab3 100644
--- a/src/ctap/config_command.rs
+++ b/src/ctap/config_command.rs
@@ -24,7 +24,6 @@ use alloc::vec;
 /// Processes the subcommand setMinPINLength for AuthenticatorConfig.
 fn process_set_min_pin_length(
     persistent_store: &mut PersistentStore,
-    pin_protocol_v1: &mut PinProtocolV1,
     params: SetMinPinLengthParams,
 ) -> Result<ResponseData, Ctap2StatusCode> {
     let SetMinPinLengthParams {
@@ -44,8 +43,10 @@ fn process_set_min_pin_length(
     if let Some(old_length) = persistent_store.pin_code_point_length()? {
         force_change_pin |= new_min_pin_length > old_length;
     }
-    pin_protocol_v1.force_pin_change |= force_change_pin;
-    // TODO(kaczmarczyck) actually force a PIN change
+    if force_change_pin {
+        // TODO(kaczmarczyck) actually force a PIN change in PinProtocolV1
+        persistent_store.force_pin_change()?;
+    }
     persistent_store.set_min_pin_length(new_min_pin_length)?;
     if let Some(min_pin_length_rp_ids) = min_pin_length_rp_ids {
         persistent_store.set_min_pin_length_rp_ids(min_pin_length_rp_ids)?;
@@ -86,7 +87,7 @@ pub fn process_config(
     match sub_command {
         ConfigSubCommand::SetMinPinLength => {
             if let Some(ConfigSubCommandParams::SetMinPinLength(params)) = sub_command_params {
-                process_set_min_pin_length(persistent_store, pin_protocol_v1, params)
+                process_set_min_pin_length(persistent_store, params)
             } else {
                 Err(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)
             }
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 98ed569..1d7e286 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -128,8 +128,7 @@ pub fn check_pin_uv_auth_protocol(
 ) -> Result<(), Ctap2StatusCode> {
     match pin_uv_auth_protocol {
         Some(PIN_PROTOCOL_VERSION) => Ok(()),
-        Some(_) => Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
-        None => Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
+        _ => Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
     }
 }
 
@@ -1087,11 +1086,6 @@ mod test {
                     auth_data[0..expected_auth_data.len()],
                     expected_auth_data[..]
                 );
-                /*assert_eq!(
-                    &auth_data[expected_auth_data.len()
-                        ..expected_auth_data.len() + expected_attested_cred_data.len()],
-                    expected_attested_cred_data
-                );*/
                 assert_eq!(
                     &auth_data[auth_data.len() - expected_extension_cbor.len()..auth_data.len()],
                     expected_extension_cbor
@@ -1424,9 +1418,6 @@ mod test {
         make_credential_params.extensions = extensions;
         let make_credential_response =
             ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
-        let mut expected_attested_cred_data =
-            ctap_state.persistent_store.aaguid().unwrap().to_vec();
-        expected_attested_cred_data.extend(&[0x00, 0x20]);
         check_make_response(
             make_credential_response,
             0x41,
diff --git a/src/ctap/pin_protocol_v1.rs b/src/ctap/pin_protocol_v1.rs
index e2a84eb..eef0440 100644
--- a/src/ctap/pin_protocol_v1.rs
+++ b/src/ctap/pin_protocol_v1.rs
@@ -172,7 +172,6 @@ pub struct PinProtocolV1 {
     consecutive_pin_mismatches: u8,
     permissions: u8,
     permissions_rp_id: Option<String>,
-    pub force_pin_change: bool,
 }
 
 impl PinProtocolV1 {
@@ -185,7 +184,6 @@ impl PinProtocolV1 {
             consecutive_pin_mismatches: 0,
             permissions: 0,
             permissions_rp_id: None,
-            force_pin_change: false,
         }
     }
 
@@ -530,7 +528,6 @@ impl PinProtocolV1 {
             consecutive_pin_mismatches: 0,
             permissions: 0xFF,
             permissions_rp_id: None,
-            force_pin_change: false,
         }
     }
 }
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 0bc9c5f..cf9afbc 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -544,6 +544,11 @@ impl PersistentStore {
         self.init(rng)?;
         Ok(())
     }
+
+    pub fn force_pin_change(&mut self) -> Result<(), Ctap2StatusCode> {
+        // TODO(kaczmarczyck) implement storage logic
+        Ok(())
+    }
 }
 
 impl From<persistent_store::StoreError> for Ctap2StatusCode {

From 78167282f90937a4656d1e84ddbd3b37e877abc7 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 12 Jan 2021 19:11:32 +0100
Subject: [PATCH 118/192] comment for constants

---
 src/ctap/config_command.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/ctap/config_command.rs b/src/ctap/config_command.rs
index e09bab3..19d0cc2 100644
--- a/src/ctap/config_command.rs
+++ b/src/ctap/config_command.rs
@@ -72,6 +72,7 @@ pub fn process_config(
         check_pin_uv_auth_protocol(pin_uv_auth_protocol)
             .map_err(|_| Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
         let auth_param = pin_uv_auth_param.ok_or(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
+        // Constants are taken from the specification, section 6.11, step 4.2.
         let mut config_data = vec![0xFF; 32];
         config_data.extend(&[0x0D, sub_command as u8]);
         if let Some(sub_command_params) = sub_command_params.clone() {

From cc86fc274201143e5b7b213657aeac15a75af605 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Wed, 13 Jan 2021 08:52:00 +0100
Subject: [PATCH 119/192] removes unused import

---
 src/ctap/config_command.rs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/ctap/config_command.rs b/src/ctap/config_command.rs
index 19d0cc2..726634c 100644
--- a/src/ctap/config_command.rs
+++ b/src/ctap/config_command.rs
@@ -99,7 +99,6 @@ pub fn process_config(
 
 #[cfg(test)]
 mod test {
-    use super::super::command::AuthenticatorConfigParameters;
     use super::*;
     use crypto::rng256::ThreadRng256;
 

From a26de3b720e953a2e01371539b3b77c1d7bd3e9b Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Wed, 13 Jan 2021 14:00:34 +0100
Subject: [PATCH 120/192] moves constants to CoseKey

---
 src/ctap/data_formats.rs | 86 +++++++++++++++++++++++++---------------
 1 file changed, 54 insertions(+), 32 deletions(-)

diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index 87bc6b4..ffe2336 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -23,16 +23,8 @@ use crypto::{ecdh, ecdsa};
 #[cfg(test)]
 use enum_iterator::IntoEnumIterator;
 
-// This is the algorithm specifier that is supposed to be used in a COSE key
-// map in ECDH. CTAP requests -25 which represents ECDH-ES + HKDF-256 here:
-// https://www.iana.org/assignments/cose/cose.xhtml#algorithms
-const ECDH_ALGORITHM: i64 = -25;
-// This is the identifier used for ECDSA and ECDH in OpenSSH.
+// Used as the identifier for ECDSA in assertion signatures and COSE.
 const ES256_ALGORITHM: i64 = -7;
-// The COSE key parameter behind map key 1.
-const EC2_KEY_TYPE: i64 = 2;
-// The COSE key parameter behind map key -1.
-const P_256_CURVE: i64 = 1;
 
 // https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialrpentity
 #[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
@@ -634,6 +626,17 @@ pub struct CoseKey {
     algorithm: i64,
 }
 
+impl CoseKey {
+    // This is the algorithm specifier for ECDH.
+    // CTAP requests -25 which represents ECDH-ES + HKDF-256 here:
+    // https://www.iana.org/assignments/cose/cose.xhtml#algorithms
+    const ECDH_ALGORITHM: i64 = -25;
+    // The parameter behind map key 1.
+    const EC2_KEY_TYPE: i64 = 2;
+    // The parameter behind map key -1.
+    const P_256_CURVE: i64 = 1;
+}
+
 // This conversion accepts both ECDH and ECDSA.
 impl TryFrom<cbor::Value> for CoseKey {
     type Error = Ctap2StatusCode;
@@ -659,15 +662,15 @@ impl TryFrom<cbor::Value> for CoseKey {
             return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
         }
         let curve = extract_integer(ok_or_missing(curve)?)?;
-        if curve != P_256_CURVE {
+        if curve != CoseKey::P_256_CURVE {
             return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM);
         }
         let key_type = extract_integer(ok_or_missing(key_type)?)?;
-        if key_type != EC2_KEY_TYPE {
+        if key_type != CoseKey::EC2_KEY_TYPE {
             return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM);
         }
         let algorithm = extract_integer(ok_or_missing(algorithm)?)?;
-        if algorithm != ECDH_ALGORITHM && algorithm != ES256_ALGORITHM {
+        if algorithm != CoseKey::ECDH_ALGORITHM && algorithm != ES256_ALGORITHM {
             return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM);
         }
 
@@ -688,9 +691,9 @@ impl From<CoseKey> for cbor::Value {
         } = cose_key;
 
         cbor_map! {
-            1 => EC2_KEY_TYPE,
+            1 => CoseKey::EC2_KEY_TYPE,
             3 => algorithm,
-            -1 => P_256_CURVE,
+            -1 => CoseKey::P_256_CURVE,
             -2 => x_bytes,
             -3 => y_bytes,
         }
@@ -705,7 +708,7 @@ impl From<ecdh::PubKey> for CoseKey {
         CoseKey {
             x_bytes,
             y_bytes,
-            algorithm: ECDH_ALGORITHM,
+            algorithm: CoseKey::ECDH_ALGORITHM,
         }
     }
 }
@@ -735,8 +738,8 @@ impl TryFrom<CoseKey> for ecdh::PubKey {
 
         // Since algorithm can be used for different COSE key types, we check
         // whether the current type is correct for ECDH. For an OpenSSH bugfix,
-        // the algorithm ES256_ALGORITHM is allowed here too.
-        if algorithm != ECDH_ALGORITHM && algorithm != ES256_ALGORITHM {
+        // the algorithm ES256_ALGORITHM is allowed here too. See #90.
+        if algorithm != CoseKey::ECDH_ALGORITHM && algorithm != ES256_ALGORITHM {
             return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM);
         }
         ecdh::PubKey::from_coordinates(&x_bytes, &y_bytes)
@@ -1371,11 +1374,11 @@ mod test {
 
     #[test]
     fn test_from_into_cose_key_cbor() {
-        for algorithm in &[ECDH_ALGORITHM, ES256_ALGORITHM] {
+        for algorithm in &[CoseKey::ECDH_ALGORITHM, ES256_ALGORITHM] {
             let cbor_value = cbor_map! {
-                1 => EC2_KEY_TYPE,
+                1 => CoseKey::EC2_KEY_TYPE,
                 3 => algorithm,
-                -1 => P_256_CURVE,
+                -1 => CoseKey::P_256_CURVE,
                 -2 => [0u8; 32],
                 -3 => [0u8; 32],
             };
@@ -1383,12 +1386,15 @@ mod test {
             let created_cbor_value = cbor::Value::from(cose_key);
             assert_eq!(created_cbor_value, cbor_value);
         }
+    }
 
+    #[test]
+    fn test_cose_key_unknown_algorithm() {
         let cbor_value = cbor_map! {
-            1 => EC2_KEY_TYPE,
+            1 => CoseKey::EC2_KEY_TYPE,
             // unknown algorithm
             3 => 0,
-            -1 => P_256_CURVE,
+            -1 => CoseKey::P_256_CURVE,
             -2 => [0u8; 32],
             -3 => [0u8; 32],
         };
@@ -1396,11 +1402,15 @@ mod test {
             CoseKey::try_from(cbor_value),
             Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM)
         );
+    }
+
+    #[test]
+    fn test_cose_key_unknown_type() {
         let cbor_value = cbor_map! {
             // unknown type
             1 => 0,
-            3 => ECDH_ALGORITHM,
-            -1 => P_256_CURVE,
+            3 => CoseKey::ECDH_ALGORITHM,
+            -1 => CoseKey::P_256_CURVE,
             -2 => [0u8; 32],
             -3 => [0u8; 32],
         };
@@ -1408,9 +1418,13 @@ mod test {
             CoseKey::try_from(cbor_value),
             Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM)
         );
+    }
+
+    #[test]
+    fn test_cose_key_unknown_curve() {
         let cbor_value = cbor_map! {
-            1 => EC2_KEY_TYPE,
-            3 => ECDH_ALGORITHM,
+            1 => CoseKey::EC2_KEY_TYPE,
+            3 => CoseKey::ECDH_ALGORITHM,
             // unknown curve
             -1 => 0,
             -2 => [0u8; 32],
@@ -1420,10 +1434,14 @@ mod test {
             CoseKey::try_from(cbor_value),
             Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM)
         );
+    }
+
+    #[test]
+    fn test_cose_key_wrong_length_x() {
         let cbor_value = cbor_map! {
-            1 => EC2_KEY_TYPE,
-            3 => ECDH_ALGORITHM,
-            -1 => P_256_CURVE,
+            1 => CoseKey::EC2_KEY_TYPE,
+            3 => CoseKey::ECDH_ALGORITHM,
+            -1 => CoseKey::P_256_CURVE,
             // wrong length
             -2 => [0u8; 31],
             -3 => [0u8; 32],
@@ -1432,10 +1450,14 @@ mod test {
             CoseKey::try_from(cbor_value),
             Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
         );
+    }
+
+    #[test]
+    fn test_cose_key_wrong_length_y() {
         let cbor_value = cbor_map! {
-            1 => EC2_KEY_TYPE,
-            3 => ECDH_ALGORITHM,
-            -1 => P_256_CURVE,
+            1 => CoseKey::EC2_KEY_TYPE,
+            3 => CoseKey::ECDH_ALGORITHM,
+            -1 => CoseKey::P_256_CURVE,
             -2 => [0u8; 32],
             // wrong length
             -3 => [0u8; 33],

From 3e42531011d554b1b39d3dcb66fe8536e990c7b9 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Wed, 13 Jan 2021 14:26:59 +0100
Subject: [PATCH 121/192] full URL

---
 src/ctap/data_formats.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index ffe2336..dfdf4ed 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -738,7 +738,8 @@ impl TryFrom<CoseKey> for ecdh::PubKey {
 
         // Since algorithm can be used for different COSE key types, we check
         // whether the current type is correct for ECDH. For an OpenSSH bugfix,
-        // the algorithm ES256_ALGORITHM is allowed here too. See #90.
+        // the algorithm ES256_ALGORITHM is allowed here too.
+        // https://github.com/google/OpenSK/issues/90
         if algorithm != CoseKey::ECDH_ALGORITHM && algorithm != ES256_ALGORITHM {
             return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM);
         }

From c6726660ac09ea05766d09960f93761fe3651d6c Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Wed, 13 Jan 2021 11:22:41 +0100
Subject: [PATCH 122/192] adds the command logic for credential management

---
 src/ctap/command.rs               |  91 ++-
 src/ctap/credential_management.rs | 912 ++++++++++++++++++++++++++++++
 src/ctap/data_formats.rs          | 148 ++++-
 src/ctap/mod.rs                   |  86 ++-
 src/ctap/pin_protocol_v1.rs       |  20 +
 src/ctap/response.rs              | 141 ++++-
 src/ctap/storage.rs               |  10 +-
 7 files changed, 1366 insertions(+), 42 deletions(-)
 create mode 100644 src/ctap/credential_management.rs

diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index 6f0aa72..57056a7 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -14,10 +14,10 @@
 
 use super::data_formats::{
     extract_array, extract_bool, extract_byte_string, extract_map, extract_text_string,
-    extract_unsigned, ok_or_missing, ClientPinSubCommand, CoseKey, GetAssertionExtensions,
-    GetAssertionOptions, MakeCredentialExtensions, MakeCredentialOptions,
-    PublicKeyCredentialDescriptor, PublicKeyCredentialParameter, PublicKeyCredentialRpEntity,
-    PublicKeyCredentialUserEntity,
+    extract_unsigned, ok_or_missing, ClientPinSubCommand, CoseKey, CredentialManagementSubCommand,
+    CredentialManagementSubCommandParameters, GetAssertionExtensions, GetAssertionOptions,
+    MakeCredentialExtensions, MakeCredentialOptions, PublicKeyCredentialDescriptor,
+    PublicKeyCredentialParameter, PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity,
 };
 use super::key_material;
 use super::status_code::Ctap2StatusCode;
@@ -41,6 +41,7 @@ pub enum Command {
     AuthenticatorClientPin(AuthenticatorClientPinParameters),
     AuthenticatorReset,
     AuthenticatorGetNextAssertion,
+    AuthenticatorCredentialManagement(AuthenticatorCredentialManagementParameters),
     AuthenticatorSelection,
     // TODO(kaczmarczyck) implement FIDO 2.1 commands (see below consts)
     // Vendor specific commands
@@ -110,6 +111,12 @@ impl Command {
                 // Parameters are ignored.
                 Ok(Command::AuthenticatorGetNextAssertion)
             }
+            Command::AUTHENTICATOR_CREDENTIAL_MANAGEMENT => {
+                let decoded_cbor = cbor::read(&bytes[1..])?;
+                Ok(Command::AuthenticatorCredentialManagement(
+                    AuthenticatorCredentialManagementParameters::try_from(decoded_cbor)?,
+                ))
+            }
             Command::AUTHENTICATOR_SELECTION => {
                 // Parameters are ignored.
                 Ok(Command::AuthenticatorSelection)
@@ -388,6 +395,43 @@ impl TryFrom<cbor::Value> for AuthenticatorAttestationMaterial {
     }
 }
 
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+pub struct AuthenticatorCredentialManagementParameters {
+    pub sub_command: CredentialManagementSubCommand,
+    pub sub_command_params: Option<CredentialManagementSubCommandParameters>,
+    pub pin_protocol: Option<u64>,
+    pub pin_auth: Option<Vec<u8>>,
+}
+
+impl TryFrom<cbor::Value> for AuthenticatorCredentialManagementParameters {
+    type Error = Ctap2StatusCode;
+
+    fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
+        destructure_cbor_map! {
+            let {
+                0x01 => sub_command,
+                0x02 => sub_command_params,
+                0x03 => pin_protocol,
+                0x04 => pin_auth,
+            } = extract_map(cbor_value)?;
+        }
+
+        let sub_command = CredentialManagementSubCommand::try_from(ok_or_missing(sub_command)?)?;
+        let sub_command_params = sub_command_params
+            .map(CredentialManagementSubCommandParameters::try_from)
+            .transpose()?;
+        let pin_protocol = pin_protocol.map(extract_unsigned).transpose()?;
+        let pin_auth = pin_auth.map(extract_byte_string).transpose()?;
+
+        Ok(AuthenticatorCredentialManagementParameters {
+            sub_command,
+            sub_command_params,
+            pin_protocol,
+            pin_auth,
+        })
+    }
+}
+
 #[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
 pub struct AuthenticatorVendorConfigureParameters {
     pub lockdown: bool,
@@ -551,10 +595,10 @@ mod test {
             9 => 0x03,
             10 => "example.com",
         };
-        let returned_pin_protocol_parameters =
+        let returned_client_pin_parameters =
             AuthenticatorClientPinParameters::try_from(cbor_value).unwrap();
 
-        let expected_pin_protocol_parameters = AuthenticatorClientPinParameters {
+        let expected_client_pin_parameters = AuthenticatorClientPinParameters {
             pin_protocol: 1,
             sub_command: ClientPinSubCommand::GetPinRetries,
             key_agreement: Some(cose_key),
@@ -568,8 +612,8 @@ mod test {
         };
 
         assert_eq!(
-            returned_pin_protocol_parameters,
-            expected_pin_protocol_parameters
+            returned_client_pin_parameters,
+            expected_client_pin_parameters
         );
     }
 
@@ -595,6 +639,37 @@ mod test {
         assert_eq!(command, Ok(Command::AuthenticatorGetNextAssertion));
     }
 
+    #[test]
+    fn test_from_cbor_cred_management_parameters() {
+        let cbor_value = cbor_map! {
+            1 => CredentialManagementSubCommand::EnumerateCredentialsBegin as u64,
+            2 => cbor_map!{
+                0x01 => vec![0x1D; 32],
+            },
+            3 => 1,
+            4 => vec! [0x9A; 16],
+        };
+        let returned_cred_management_parameters =
+            AuthenticatorCredentialManagementParameters::try_from(cbor_value).unwrap();
+
+        let params = CredentialManagementSubCommandParameters {
+            rp_id_hash: Some(vec![0x1D; 32]),
+            credential_id: None,
+            user: None,
+        };
+        let expected_cred_management_parameters = AuthenticatorCredentialManagementParameters {
+            sub_command: CredentialManagementSubCommand::EnumerateCredentialsBegin,
+            sub_command_params: Some(params),
+            pin_protocol: Some(1),
+            pin_auth: Some(vec![0x9A; 16]),
+        };
+
+        assert_eq!(
+            returned_cred_management_parameters,
+            expected_cred_management_parameters
+        );
+    }
+
     #[test]
     fn test_deserialize_selection() {
         let cbor_bytes = [Command::AUTHENTICATOR_SELECTION];
diff --git a/src/ctap/credential_management.rs b/src/ctap/credential_management.rs
new file mode 100644
index 0000000..4a0d29c
--- /dev/null
+++ b/src/ctap/credential_management.rs
@@ -0,0 +1,912 @@
+// Copyright 2020-2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use super::command::AuthenticatorCredentialManagementParameters;
+use super::data_formats::{
+    CoseKey, CredentialManagementSubCommand, CredentialManagementSubCommandParameters,
+    PublicKeyCredentialDescriptor, PublicKeyCredentialRpEntity, PublicKeyCredentialSource,
+    PublicKeyCredentialUserEntity,
+};
+use super::pin_protocol_v1::{PinPermission, PinProtocolV1};
+use super::response::{AuthenticatorCredentialManagementResponse, ResponseData};
+use super::status_code::Ctap2StatusCode;
+use super::storage::PersistentStore;
+use super::timed_permission::TimedPermission;
+use super::{check_command_permission, StatefulCommand, STATEFUL_COMMAND_TIMEOUT_DURATION};
+use alloc::collections::BTreeSet;
+use alloc::string::String;
+use alloc::vec;
+use alloc::vec::Vec;
+use core::iter::FromIterator;
+use crypto::sha256::Sha256;
+use crypto::Hash256;
+use libtock_drivers::timer::ClockValue;
+
+/// Generates the response for subcommands enumerating RPs.
+fn enumerate_rps_response(
+    rp_id: Option<String>,
+    total_rps: Option<u64>,
+) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
+    let rp = rp_id.clone().map(|rp_id| PublicKeyCredentialRpEntity {
+        rp_id,
+        rp_name: None,
+        rp_icon: None,
+    });
+    let rp_id_hash = rp_id.map(|rp_id| Sha256::hash(rp_id.as_bytes()).to_vec());
+
+    Ok(AuthenticatorCredentialManagementResponse {
+        existing_resident_credentials_count: None,
+        max_possible_remaining_resident_credentials_count: None,
+        rp,
+        rp_id_hash,
+        total_rps,
+        user: None,
+        credential_id: None,
+        public_key: None,
+        total_credentials: None,
+        cred_protect: None,
+        large_blob_key: None,
+    })
+}
+
+/// Generates the response for subcommands enumerating credentials.
+fn enumerate_credentials_response(
+    credential: PublicKeyCredentialSource,
+    total_credentials: Option<u64>,
+) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
+    let PublicKeyCredentialSource {
+        key_type,
+        credential_id,
+        private_key,
+        rp_id: _,
+        user_handle,
+        user_display_name,
+        cred_protect_policy,
+        creation_order: _,
+        user_name,
+        user_icon,
+    } = credential;
+    let user = PublicKeyCredentialUserEntity {
+        user_id: user_handle,
+        user_name,
+        user_display_name,
+        user_icon,
+    };
+    let credential_id = PublicKeyCredentialDescriptor {
+        key_type,
+        key_id: credential_id,
+        transports: None, // You can set USB as a hint here.
+    };
+    let public_key = CoseKey::from(private_key.genpk());
+    Ok(AuthenticatorCredentialManagementResponse {
+        existing_resident_credentials_count: None,
+        max_possible_remaining_resident_credentials_count: None,
+        rp: None,
+        rp_id_hash: None,
+        total_rps: None,
+        user: Some(user),
+        credential_id: Some(credential_id),
+        public_key: Some(public_key),
+        total_credentials,
+        cred_protect: cred_protect_policy,
+        // TODO(kaczmarczyck) add when largeBlobKey is implemented
+        large_blob_key: None,
+    })
+}
+
+/// Processes the subcommand getCredsMetadata for CredentialManagement.
+fn process_get_creds_metadata(
+    persistent_store: &PersistentStore,
+) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
+    Ok(AuthenticatorCredentialManagementResponse {
+        existing_resident_credentials_count: Some(persistent_store.count_credentials()? as u64),
+        max_possible_remaining_resident_credentials_count: Some(
+            persistent_store.remaining_credentials()? as u64,
+        ),
+        rp: None,
+        rp_id_hash: None,
+        total_rps: None,
+        user: None,
+        credential_id: None,
+        public_key: None,
+        total_credentials: None,
+        cred_protect: None,
+        large_blob_key: None,
+    })
+}
+
+/// Processes the subcommand enumerateRPsBegin for CredentialManagement.
+fn process_enumerate_rps_begin(
+    persistent_store: &PersistentStore,
+    stateful_command_permission: &mut TimedPermission,
+    stateful_command_type: &mut Option<StatefulCommand>,
+    now: ClockValue,
+) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
+    let mut rp_set = BTreeSet::new();
+    let mut iter_result = Ok(());
+    for (_, credential) in persistent_store.iter_credentials(&mut iter_result)? {
+        rp_set.insert(credential.rp_id);
+    }
+    iter_result?;
+    let mut rp_ids = Vec::from_iter(rp_set);
+    let total_rps = rp_ids.len();
+
+    // TODO(kaczmarczyck) behaviour with empty list?
+    let rp_id = rp_ids.pop();
+    if total_rps > 1 {
+        *stateful_command_permission =
+            TimedPermission::granted(now, STATEFUL_COMMAND_TIMEOUT_DURATION);
+        *stateful_command_type = Some(StatefulCommand::EnumerateRps(rp_ids));
+    }
+    enumerate_rps_response(rp_id, Some(total_rps as u64))
+}
+
+/// Processes the subcommand enumerateRPsGetNextRP for CredentialManagement.
+fn process_enumerate_rps_get_next_rp(
+    stateful_command_permission: &mut TimedPermission,
+    stateful_command_type: &mut Option<StatefulCommand>,
+    now: ClockValue,
+) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
+    check_command_permission(stateful_command_permission, now)?;
+    if let Some(StatefulCommand::EnumerateRps(rp_ids)) = stateful_command_type {
+        let rp_id = rp_ids.pop().ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
+        enumerate_rps_response(Some(rp_id), None)
+    } else {
+        Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+    }
+}
+
+/// Processes the subcommand enumerateCredentialsBegin for CredentialManagement.
+fn process_enumerate_credentials_begin(
+    persistent_store: &PersistentStore,
+    stateful_command_permission: &mut TimedPermission,
+    stateful_command_type: &mut Option<StatefulCommand>,
+    sub_command_params: CredentialManagementSubCommandParameters,
+    now: ClockValue,
+) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
+    let rp_id_hash = sub_command_params
+        .rp_id_hash
+        .ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?;
+    let mut iter_result = Ok(());
+    let iter = persistent_store.iter_credentials(&mut iter_result)?;
+    let mut rp_credentials: Vec<usize> = iter
+        .filter_map(|(key, credential)| {
+            let cred_rp_id_hash = Sha256::hash(credential.rp_id.as_bytes());
+            if cred_rp_id_hash == rp_id_hash.as_slice() {
+                Some(key)
+            } else {
+                None
+            }
+        })
+        .collect();
+    iter_result?;
+    let total_credentials = rp_credentials.len();
+    let current_key = rp_credentials
+        .pop()
+        .ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)?;
+    let credential = persistent_store.get_credential(current_key)?;
+    if total_credentials > 1 {
+        *stateful_command_permission =
+            TimedPermission::granted(now, STATEFUL_COMMAND_TIMEOUT_DURATION);
+        *stateful_command_type = Some(StatefulCommand::EnumerateCredentials(rp_credentials));
+    }
+    enumerate_credentials_response(credential, Some(total_credentials as u64))
+}
+
+/// Processes the subcommand enumerateCredentialsGetNextCredential for CredentialManagement.
+fn process_enumerate_credentials_get_next_credential(
+    persistent_store: &PersistentStore,
+    stateful_command_permission: &mut TimedPermission,
+    mut stateful_command_type: &mut Option<StatefulCommand>,
+    now: ClockValue,
+) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
+    check_command_permission(stateful_command_permission, now)?;
+    if let Some(StatefulCommand::EnumerateCredentials(rp_credentials)) = &mut stateful_command_type
+    {
+        let current_key = rp_credentials
+            .pop()
+            .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
+        let credential = persistent_store.get_credential(current_key)?;
+        enumerate_credentials_response(credential, None)
+    } else {
+        Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+    }
+}
+
+/// Processes the subcommand deleteCredential for CredentialManagement.
+fn process_delete_credential(
+    persistent_store: &mut PersistentStore,
+    sub_command_params: CredentialManagementSubCommandParameters,
+) -> Result<(), Ctap2StatusCode> {
+    let credential_id = sub_command_params
+        .credential_id
+        .ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?
+        .key_id;
+    persistent_store.delete_credential(&credential_id)
+}
+
+/// Processes the subcommand updateUserInformation for CredentialManagement.
+fn process_update_user_information(
+    persistent_store: &mut PersistentStore,
+    sub_command_params: CredentialManagementSubCommandParameters,
+) -> Result<(), Ctap2StatusCode> {
+    let credential_id = sub_command_params
+        .credential_id
+        .ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?
+        .key_id;
+    let user = sub_command_params
+        .user
+        .ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?;
+    persistent_store.update_credential(&credential_id, user)
+}
+
+/// Checks the PIN protocol.
+///
+/// TODO(#246) refactor after #246 is merged
+fn pin_uv_auth_protocol_check(pin_uv_auth_protocol: Option<u64>) -> Result<(), Ctap2StatusCode> {
+    match pin_uv_auth_protocol {
+        Some(1) => Ok(()),
+        _ => Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
+    }
+}
+
+/// Processes the CredentialManagement command and all its subcommands.
+pub fn process_credential_management(
+    persistent_store: &mut PersistentStore,
+    stateful_command_permission: &mut TimedPermission,
+    mut stateful_command_type: &mut Option<StatefulCommand>,
+    pin_protocol_v1: &mut PinProtocolV1,
+    cred_management_params: AuthenticatorCredentialManagementParameters,
+    now: ClockValue,
+) -> Result<ResponseData, Ctap2StatusCode> {
+    let AuthenticatorCredentialManagementParameters {
+        sub_command,
+        sub_command_params,
+        pin_protocol,
+        pin_auth,
+    } = cred_management_params;
+
+    match (sub_command, &mut stateful_command_type) {
+        (
+            CredentialManagementSubCommand::EnumerateRpsGetNextRp,
+            Some(StatefulCommand::EnumerateRps(_)),
+        ) => (),
+        (
+            CredentialManagementSubCommand::EnumerateCredentialsGetNextCredential,
+            Some(StatefulCommand::EnumerateCredentials(_)),
+        ) => (),
+        (_, _) => {
+            *stateful_command_type = None;
+        }
+    }
+
+    match sub_command {
+        CredentialManagementSubCommand::GetCredsMetadata
+        | CredentialManagementSubCommand::EnumerateRpsBegin
+        | CredentialManagementSubCommand::DeleteCredential
+        | CredentialManagementSubCommand::EnumerateCredentialsBegin
+        | CredentialManagementSubCommand::UpdateUserInformation => {
+            pin_uv_auth_protocol_check(pin_protocol)?;
+            persistent_store
+                .pin_hash()?
+                .ok_or(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
+            let pin_auth = pin_auth.ok_or(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
+            let mut management_data = vec![sub_command as u8];
+            if let Some(sub_command_params) = sub_command_params.clone() {
+                if !cbor::write(sub_command_params.into(), &mut management_data) {
+                    return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
+                }
+            }
+            if !pin_protocol_v1.verify_pin_auth_token(&management_data, &pin_auth) {
+                return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
+            }
+            pin_protocol_v1.has_permission(PinPermission::CredentialManagement)?;
+            pin_protocol_v1.has_no_permission_rp_id()?;
+            // TODO(kaczmarczyck) sometimes allow a RP ID
+        }
+        CredentialManagementSubCommand::EnumerateRpsGetNextRp
+        | CredentialManagementSubCommand::EnumerateCredentialsGetNextCredential => {}
+    }
+
+    let response = match sub_command {
+        CredentialManagementSubCommand::GetCredsMetadata => {
+            Some(process_get_creds_metadata(persistent_store)?)
+        }
+        CredentialManagementSubCommand::EnumerateRpsBegin => Some(process_enumerate_rps_begin(
+            persistent_store,
+            stateful_command_permission,
+            stateful_command_type,
+            now,
+        )?),
+        CredentialManagementSubCommand::EnumerateRpsGetNextRp => {
+            Some(process_enumerate_rps_get_next_rp(
+                stateful_command_permission,
+                stateful_command_type,
+                now,
+            )?)
+        }
+        CredentialManagementSubCommand::EnumerateCredentialsBegin => {
+            Some(process_enumerate_credentials_begin(
+                persistent_store,
+                stateful_command_permission,
+                stateful_command_type,
+                sub_command_params.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
+                now,
+            )?)
+        }
+        CredentialManagementSubCommand::EnumerateCredentialsGetNextCredential => {
+            Some(process_enumerate_credentials_get_next_credential(
+                persistent_store,
+                stateful_command_permission,
+                stateful_command_type,
+                now,
+            )?)
+        }
+        CredentialManagementSubCommand::DeleteCredential => {
+            process_delete_credential(
+                persistent_store,
+                sub_command_params.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
+            )?;
+            None
+        }
+        CredentialManagementSubCommand::UpdateUserInformation => {
+            process_update_user_information(
+                persistent_store,
+                sub_command_params.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
+            )?;
+            None
+        }
+    };
+    Ok(ResponseData::AuthenticatorCredentialManagement(response))
+}
+
+#[cfg(test)]
+mod test {
+    use super::super::data_formats::PublicKeyCredentialType;
+    use super::super::CtapState;
+    use super::*;
+    use crypto::rng256::{Rng256, ThreadRng256};
+
+    const CLOCK_FREQUENCY_HZ: usize = 32768;
+    const DUMMY_CLOCK_VALUE: ClockValue = ClockValue::new(0, CLOCK_FREQUENCY_HZ);
+
+    fn create_credential_source(rng: &mut impl Rng256) -> PublicKeyCredentialSource {
+        let private_key = crypto::ecdsa::SecKey::gensk(rng);
+        PublicKeyCredentialSource {
+            key_type: PublicKeyCredentialType::PublicKey,
+            credential_id: rng.gen_uniform_u8x32().to_vec(),
+            private_key,
+            rp_id: String::from("example.com"),
+            user_handle: vec![0x01],
+            user_display_name: Some("display_name".to_string()),
+            cred_protect_policy: None,
+            creation_order: 0,
+            user_name: Some("name".to_string()),
+            user_icon: Some("icon".to_string()),
+        }
+    }
+
+    #[test]
+    fn test_process_get_creds_metadata() {
+        let mut rng = ThreadRng256 {};
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let credential_source = create_credential_source(&mut rng);
+
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+        ctap_state.pin_protocol_v1 = pin_protocol_v1;
+
+        ctap_state
+            .persistent_store
+            .set_pin_hash(&[0u8; 16])
+            .unwrap();
+        let pin_auth = Some(vec![
+            0xC5, 0xFB, 0x75, 0x55, 0x98, 0xB5, 0x19, 0x01, 0xB3, 0x31, 0x7D, 0xFE, 0x1D, 0xF5,
+            0xFB, 0x00,
+        ]);
+
+        let cred_management_params = AuthenticatorCredentialManagementParameters {
+            sub_command: CredentialManagementSubCommand::GetCredsMetadata,
+            sub_command_params: None,
+            pin_protocol: Some(1),
+            pin_auth: pin_auth.clone(),
+        };
+        let cred_management_response = process_credential_management(
+            &mut ctap_state.persistent_store,
+            &mut ctap_state.stateful_command_permission,
+            &mut ctap_state.stateful_command_type,
+            &mut ctap_state.pin_protocol_v1,
+            cred_management_params,
+            DUMMY_CLOCK_VALUE,
+        );
+        let initial_capacity = match cred_management_response.unwrap() {
+            ResponseData::AuthenticatorCredentialManagement(Some(response)) => {
+                assert_eq!(response.existing_resident_credentials_count, Some(0));
+                response
+                    .max_possible_remaining_resident_credentials_count
+                    .unwrap()
+            }
+            _ => panic!("Invalid response type"),
+        };
+
+        ctap_state
+            .persistent_store
+            .store_credential(credential_source)
+            .unwrap();
+
+        let cred_management_params = AuthenticatorCredentialManagementParameters {
+            sub_command: CredentialManagementSubCommand::GetCredsMetadata,
+            sub_command_params: None,
+            pin_protocol: Some(1),
+            pin_auth,
+        };
+        let cred_management_response = process_credential_management(
+            &mut ctap_state.persistent_store,
+            &mut ctap_state.stateful_command_permission,
+            &mut ctap_state.stateful_command_type,
+            &mut ctap_state.pin_protocol_v1,
+            cred_management_params,
+            DUMMY_CLOCK_VALUE,
+        );
+        match cred_management_response.unwrap() {
+            ResponseData::AuthenticatorCredentialManagement(Some(response)) => {
+                assert_eq!(response.existing_resident_credentials_count, Some(1));
+                assert_eq!(
+                    response.max_possible_remaining_resident_credentials_count,
+                    Some(initial_capacity - 1)
+                );
+            }
+            _ => panic!("Invalid response type"),
+        };
+    }
+
+    #[test]
+    fn test_process_enumerate_rps_with_uv() {
+        let mut rng = ThreadRng256 {};
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let credential_source1 = create_credential_source(&mut rng);
+        let mut credential_source2 = create_credential_source(&mut rng);
+        credential_source2.rp_id = "another.example.com".to_string();
+
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+        ctap_state.pin_protocol_v1 = pin_protocol_v1;
+
+        ctap_state
+            .persistent_store
+            .store_credential(credential_source1)
+            .unwrap();
+        ctap_state
+            .persistent_store
+            .store_credential(credential_source2)
+            .unwrap();
+
+        ctap_state
+            .persistent_store
+            .set_pin_hash(&[0u8; 16])
+            .unwrap();
+        let pin_auth = Some(vec![
+            0x1A, 0xA4, 0x96, 0xDA, 0x62, 0x80, 0x28, 0x13, 0xEB, 0x32, 0xB9, 0xF1, 0xD2, 0xA9,
+            0xD0, 0xD1,
+        ]);
+
+        let cred_management_params = AuthenticatorCredentialManagementParameters {
+            sub_command: CredentialManagementSubCommand::EnumerateRpsBegin,
+            sub_command_params: None,
+            pin_protocol: Some(1),
+            pin_auth,
+        };
+        let cred_management_response = process_credential_management(
+            &mut ctap_state.persistent_store,
+            &mut ctap_state.stateful_command_permission,
+            &mut ctap_state.stateful_command_type,
+            &mut ctap_state.pin_protocol_v1,
+            cred_management_params,
+            DUMMY_CLOCK_VALUE,
+        );
+        let first_rp_id = match cred_management_response.unwrap() {
+            ResponseData::AuthenticatorCredentialManagement(Some(response)) => {
+                assert_eq!(response.total_rps, Some(2));
+                let rp_id = response.rp.unwrap().rp_id;
+                let rp_id_hash = Sha256::hash(rp_id.as_bytes());
+                assert_eq!(rp_id_hash, response.rp_id_hash.unwrap().as_slice());
+                rp_id
+            }
+            _ => panic!("Invalid response type"),
+        };
+
+        let cred_management_params = AuthenticatorCredentialManagementParameters {
+            sub_command: CredentialManagementSubCommand::EnumerateRpsGetNextRp,
+            sub_command_params: None,
+            pin_protocol: None,
+            pin_auth: None,
+        };
+        let cred_management_response = process_credential_management(
+            &mut ctap_state.persistent_store,
+            &mut ctap_state.stateful_command_permission,
+            &mut ctap_state.stateful_command_type,
+            &mut ctap_state.pin_protocol_v1,
+            cred_management_params,
+            DUMMY_CLOCK_VALUE,
+        );
+        let second_rp_id = match cred_management_response.unwrap() {
+            ResponseData::AuthenticatorCredentialManagement(Some(response)) => {
+                assert_eq!(response.total_rps, None);
+                let rp_id = response.rp.unwrap().rp_id;
+                let rp_id_hash = Sha256::hash(rp_id.as_bytes());
+                assert_eq!(rp_id_hash, response.rp_id_hash.unwrap().as_slice());
+                rp_id
+            }
+            _ => panic!("Invalid response type"),
+        };
+
+        assert!(first_rp_id != second_rp_id);
+        let cred_management_params = AuthenticatorCredentialManagementParameters {
+            sub_command: CredentialManagementSubCommand::EnumerateRpsGetNextRp,
+            sub_command_params: None,
+            pin_protocol: None,
+            pin_auth: None,
+        };
+        let cred_management_response = process_credential_management(
+            &mut ctap_state.persistent_store,
+            &mut ctap_state.stateful_command_permission,
+            &mut ctap_state.stateful_command_type,
+            &mut ctap_state.pin_protocol_v1,
+            cred_management_params,
+            DUMMY_CLOCK_VALUE,
+        );
+        assert_eq!(
+            cred_management_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+        );
+    }
+
+    #[test]
+    fn test_process_enumerate_credentials_with_uv() {
+        let mut rng = ThreadRng256 {};
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let credential_source1 = create_credential_source(&mut rng);
+        let mut credential_source2 = create_credential_source(&mut rng);
+        credential_source2.user_handle = vec![0x02];
+        credential_source2.user_name = Some("user2".to_string());
+        credential_source2.user_display_name = Some("User Two".to_string());
+        credential_source2.user_icon = Some("icon2".to_string());
+
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+        ctap_state.pin_protocol_v1 = pin_protocol_v1;
+
+        ctap_state
+            .persistent_store
+            .store_credential(credential_source1)
+            .unwrap();
+        ctap_state
+            .persistent_store
+            .store_credential(credential_source2)
+            .unwrap();
+
+        ctap_state
+            .persistent_store
+            .set_pin_hash(&[0u8; 16])
+            .unwrap();
+        let pin_auth = Some(vec![
+            0xF8, 0xB0, 0x3C, 0xC1, 0xD5, 0x58, 0x9C, 0xB7, 0x4D, 0x42, 0xA1, 0x64, 0x14, 0x28,
+            0x2B, 0x68,
+        ]);
+
+        let sub_command_params = CredentialManagementSubCommandParameters {
+            rp_id_hash: Some(Sha256::hash(b"example.com").to_vec()),
+            credential_id: None,
+            user: None,
+        };
+        // RP ID hash:
+        // A379A6F6EEAFB9A55E378C118034E2751E682FAB9F2D30AB13D2125586CE1947
+        let cred_management_params = AuthenticatorCredentialManagementParameters {
+            sub_command: CredentialManagementSubCommand::EnumerateCredentialsBegin,
+            sub_command_params: Some(sub_command_params),
+            pin_protocol: Some(1),
+            pin_auth,
+        };
+        let cred_management_response = process_credential_management(
+            &mut ctap_state.persistent_store,
+            &mut ctap_state.stateful_command_permission,
+            &mut ctap_state.stateful_command_type,
+            &mut ctap_state.pin_protocol_v1,
+            cred_management_params,
+            DUMMY_CLOCK_VALUE,
+        );
+        let first_credential_id = match cred_management_response.unwrap() {
+            ResponseData::AuthenticatorCredentialManagement(Some(response)) => {
+                assert!(response.user.is_some());
+                assert!(response.public_key.is_some());
+                assert_eq!(response.total_credentials, Some(2));
+                response.credential_id.unwrap().key_id
+            }
+            _ => panic!("Invalid response type"),
+        };
+
+        let cred_management_params = AuthenticatorCredentialManagementParameters {
+            sub_command: CredentialManagementSubCommand::EnumerateCredentialsGetNextCredential,
+            sub_command_params: None,
+            pin_protocol: None,
+            pin_auth: None,
+        };
+        let cred_management_response = process_credential_management(
+            &mut ctap_state.persistent_store,
+            &mut ctap_state.stateful_command_permission,
+            &mut ctap_state.stateful_command_type,
+            &mut ctap_state.pin_protocol_v1,
+            cred_management_params,
+            DUMMY_CLOCK_VALUE,
+        );
+        let second_credential_id = match cred_management_response.unwrap() {
+            ResponseData::AuthenticatorCredentialManagement(Some(response)) => {
+                assert!(response.user.is_some());
+                assert!(response.public_key.is_some());
+                assert_eq!(response.total_credentials, None);
+                response.credential_id.unwrap().key_id
+            }
+            _ => panic!("Invalid response type"),
+        };
+
+        assert!(first_credential_id != second_credential_id);
+        let cred_management_params = AuthenticatorCredentialManagementParameters {
+            sub_command: CredentialManagementSubCommand::EnumerateCredentialsGetNextCredential,
+            sub_command_params: None,
+            pin_protocol: None,
+            pin_auth: None,
+        };
+        let cred_management_response = process_credential_management(
+            &mut ctap_state.persistent_store,
+            &mut ctap_state.stateful_command_permission,
+            &mut ctap_state.stateful_command_type,
+            &mut ctap_state.pin_protocol_v1,
+            cred_management_params,
+            DUMMY_CLOCK_VALUE,
+        );
+        assert_eq!(
+            cred_management_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+        );
+    }
+
+    #[test]
+    fn test_process_delete_credential() {
+        let mut rng = ThreadRng256 {};
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut credential_source = create_credential_source(&mut rng);
+        credential_source.credential_id = vec![0x1D; 32];
+
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+        ctap_state.pin_protocol_v1 = pin_protocol_v1;
+
+        ctap_state
+            .persistent_store
+            .store_credential(credential_source)
+            .unwrap();
+
+        ctap_state
+            .persistent_store
+            .set_pin_hash(&[0u8; 16])
+            .unwrap();
+        let pin_auth = Some(vec![
+            0xBD, 0xE3, 0xEF, 0x8A, 0x77, 0x01, 0xB1, 0x69, 0x19, 0xE6, 0x62, 0xB9, 0x9B, 0x89,
+            0x9C, 0x64,
+        ]);
+
+        let credential_id = PublicKeyCredentialDescriptor {
+            key_type: PublicKeyCredentialType::PublicKey,
+            key_id: vec![0x1D; 32],
+            transports: None, // You can set USB as a hint here.
+        };
+        let sub_command_params = CredentialManagementSubCommandParameters {
+            rp_id_hash: None,
+            credential_id: Some(credential_id),
+            user: None,
+        };
+        let cred_management_params = AuthenticatorCredentialManagementParameters {
+            sub_command: CredentialManagementSubCommand::DeleteCredential,
+            sub_command_params: Some(sub_command_params.clone()),
+            pin_protocol: Some(1),
+            pin_auth: pin_auth.clone(),
+        };
+        let cred_management_response = process_credential_management(
+            &mut ctap_state.persistent_store,
+            &mut ctap_state.stateful_command_permission,
+            &mut ctap_state.stateful_command_type,
+            &mut ctap_state.pin_protocol_v1,
+            cred_management_params,
+            DUMMY_CLOCK_VALUE,
+        );
+        assert_eq!(
+            cred_management_response,
+            Ok(ResponseData::AuthenticatorCredentialManagement(None))
+        );
+
+        let cred_management_params = AuthenticatorCredentialManagementParameters {
+            sub_command: CredentialManagementSubCommand::DeleteCredential,
+            sub_command_params: Some(sub_command_params),
+            pin_protocol: Some(1),
+            pin_auth,
+        };
+        let cred_management_response = process_credential_management(
+            &mut ctap_state.persistent_store,
+            &mut ctap_state.stateful_command_permission,
+            &mut ctap_state.stateful_command_type,
+            &mut ctap_state.pin_protocol_v1,
+            cred_management_params,
+            DUMMY_CLOCK_VALUE,
+        );
+        assert_eq!(
+            cred_management_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)
+        );
+    }
+
+    #[test]
+    fn test_process_update_user_information() {
+        let mut rng = ThreadRng256 {};
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut credential_source = create_credential_source(&mut rng);
+        credential_source.credential_id = vec![0x1D; 32];
+
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+        ctap_state.pin_protocol_v1 = pin_protocol_v1;
+
+        ctap_state
+            .persistent_store
+            .store_credential(credential_source)
+            .unwrap();
+
+        ctap_state
+            .persistent_store
+            .set_pin_hash(&[0u8; 16])
+            .unwrap();
+        let pin_auth = Some(vec![
+            0xA5, 0x55, 0x8F, 0x03, 0xC3, 0xD3, 0x73, 0x1C, 0x07, 0xDA, 0x1F, 0x8C, 0xC7, 0xBD,
+            0x9D, 0xB7,
+        ]);
+
+        let credential_id = PublicKeyCredentialDescriptor {
+            key_type: PublicKeyCredentialType::PublicKey,
+            key_id: vec![0x1D; 32],
+            transports: None, // You can set USB as a hint here.
+        };
+        let new_user = PublicKeyCredentialUserEntity {
+            user_id: vec![0xFF],
+            user_name: Some("new_name".to_string()),
+            user_display_name: Some("new_display_name".to_string()),
+            user_icon: Some("new_icon".to_string()),
+        };
+        let sub_command_params = CredentialManagementSubCommandParameters {
+            rp_id_hash: None,
+            credential_id: Some(credential_id),
+            user: Some(new_user),
+        };
+        let cred_management_params = AuthenticatorCredentialManagementParameters {
+            sub_command: CredentialManagementSubCommand::UpdateUserInformation,
+            sub_command_params: Some(sub_command_params),
+            pin_protocol: Some(1),
+            pin_auth,
+        };
+        let cred_management_response = process_credential_management(
+            &mut ctap_state.persistent_store,
+            &mut ctap_state.stateful_command_permission,
+            &mut ctap_state.stateful_command_type,
+            &mut ctap_state.pin_protocol_v1,
+            cred_management_params,
+            DUMMY_CLOCK_VALUE,
+        );
+        assert_eq!(
+            cred_management_response,
+            Ok(ResponseData::AuthenticatorCredentialManagement(None))
+        );
+
+        let updated_credential = ctap_state
+            .persistent_store
+            .find_credential("example.com", &[0x1D; 32], false)
+            .unwrap()
+            .unwrap();
+        assert_eq!(updated_credential.user_handle, vec![0x01]);
+        assert_eq!(&updated_credential.user_name.unwrap(), "new_name");
+        assert_eq!(
+            &updated_credential.user_display_name.unwrap(),
+            "new_display_name"
+        );
+        assert_eq!(&updated_credential.user_icon.unwrap(), "new_icon");
+    }
+
+    #[test]
+    fn test_process_credential_management_invalid_pin_protocol() {
+        let mut rng = ThreadRng256 {};
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+        ctap_state.pin_protocol_v1 = pin_protocol_v1;
+
+        ctap_state
+            .persistent_store
+            .set_pin_hash(&[0u8; 16])
+            .unwrap();
+        let pin_auth = Some(vec![
+            0xC5, 0xFB, 0x75, 0x55, 0x98, 0xB5, 0x19, 0x01, 0xB3, 0x31, 0x7D, 0xFE, 0x1D, 0xF5,
+            0xFB, 0x00,
+        ]);
+
+        let cred_management_params = AuthenticatorCredentialManagementParameters {
+            sub_command: CredentialManagementSubCommand::GetCredsMetadata,
+            sub_command_params: None,
+            pin_protocol: Some(123456),
+            pin_auth,
+        };
+        let cred_management_response = process_credential_management(
+            &mut ctap_state.persistent_store,
+            &mut ctap_state.stateful_command_permission,
+            &mut ctap_state.stateful_command_type,
+            &mut ctap_state.pin_protocol_v1,
+            cred_management_params,
+            DUMMY_CLOCK_VALUE,
+        );
+        assert_eq!(
+            cred_management_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+    }
+
+    #[test]
+    fn test_process_credential_management_invalid_pin_auth() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+
+        ctap_state
+            .persistent_store
+            .set_pin_hash(&[0u8; 16])
+            .unwrap();
+
+        let cred_management_params = AuthenticatorCredentialManagementParameters {
+            sub_command: CredentialManagementSubCommand::GetCredsMetadata,
+            sub_command_params: None,
+            pin_protocol: Some(1),
+            pin_auth: Some(vec![0u8; 16]),
+        };
+        let cred_management_response = process_credential_management(
+            &mut ctap_state.persistent_store,
+            &mut ctap_state.stateful_command_permission,
+            &mut ctap_state.stateful_command_type,
+            &mut ctap_state.pin_protocol_v1,
+            cred_management_params,
+            DUMMY_CLOCK_VALUE,
+        );
+        assert_eq!(
+            cred_management_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+    }
+}
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index dfdf4ed..bb330ef 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -27,6 +27,7 @@ use enum_iterator::IntoEnumIterator;
 const ES256_ALGORITHM: i64 = -7;
 
 // https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialrpentity
+#[derive(Clone)]
 #[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
 pub struct PublicKeyCredentialRpEntity {
     pub rp_id: String,
@@ -58,8 +59,19 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialRpEntity {
     }
 }
 
+impl From<PublicKeyCredentialRpEntity> for cbor::Value {
+    fn from(entity: PublicKeyCredentialRpEntity) -> Self {
+        cbor_map_options! {
+            "id" => entity.rp_id,
+            "name" => entity.rp_name,
+            "icon" => entity.rp_icon,
+        }
+    }
+}
+
 // https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialuserentity
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Clone, Debug, PartialEq))]
+#[derive(Clone)]
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
 pub struct PublicKeyCredentialUserEntity {
     pub user_id: Vec<u8>,
     pub user_name: Option<String>,
@@ -173,7 +185,8 @@ impl From<PublicKeyCredentialParameter> for cbor::Value {
 }
 
 // https://www.w3.org/TR/webauthn/#enumdef-authenticatortransport
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Clone, Debug, PartialEq))]
+#[derive(Clone)]
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
 #[cfg_attr(test, derive(IntoEnumIterator))]
 pub enum AuthenticatorTransport {
     Usb,
@@ -210,7 +223,8 @@ impl TryFrom<cbor::Value> for AuthenticatorTransport {
 }
 
 // https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialdescriptor
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Clone, Debug, PartialEq))]
+#[derive(Clone)]
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
 pub struct PublicKeyCredentialDescriptor {
     pub key_type: PublicKeyCredentialType,
     pub key_id: Vec<u8>,
@@ -788,6 +802,88 @@ impl TryFrom<cbor::Value> for ClientPinSubCommand {
     }
 }
 
+#[derive(Clone, Copy)]
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[cfg_attr(test, derive(IntoEnumIterator))]
+pub enum CredentialManagementSubCommand {
+    GetCredsMetadata = 0x01,
+    EnumerateRpsBegin = 0x02,
+    EnumerateRpsGetNextRp = 0x03,
+    EnumerateCredentialsBegin = 0x04,
+    EnumerateCredentialsGetNextCredential = 0x05,
+    DeleteCredential = 0x06,
+    UpdateUserInformation = 0x07,
+}
+
+impl From<CredentialManagementSubCommand> for cbor::Value {
+    fn from(subcommand: CredentialManagementSubCommand) -> Self {
+        (subcommand as u64).into()
+    }
+}
+
+impl TryFrom<cbor::Value> for CredentialManagementSubCommand {
+    type Error = Ctap2StatusCode;
+
+    fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
+        let subcommand_int = extract_unsigned(cbor_value)?;
+        match subcommand_int {
+            0x01 => Ok(CredentialManagementSubCommand::GetCredsMetadata),
+            0x02 => Ok(CredentialManagementSubCommand::EnumerateRpsBegin),
+            0x03 => Ok(CredentialManagementSubCommand::EnumerateRpsGetNextRp),
+            0x04 => Ok(CredentialManagementSubCommand::EnumerateCredentialsBegin),
+            0x05 => Ok(CredentialManagementSubCommand::EnumerateCredentialsGetNextCredential),
+            0x06 => Ok(CredentialManagementSubCommand::DeleteCredential),
+            0x07 => Ok(CredentialManagementSubCommand::UpdateUserInformation),
+            _ => Err(Ctap2StatusCode::CTAP2_ERR_INVALID_SUBCOMMAND),
+        }
+    }
+}
+
+#[derive(Clone)]
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+pub struct CredentialManagementSubCommandParameters {
+    pub rp_id_hash: Option<Vec<u8>>,
+    pub credential_id: Option<PublicKeyCredentialDescriptor>,
+    pub user: Option<PublicKeyCredentialUserEntity>,
+}
+
+impl TryFrom<cbor::Value> for CredentialManagementSubCommandParameters {
+    type Error = Ctap2StatusCode;
+
+    fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
+        destructure_cbor_map! {
+            let {
+                0x01 => rp_id_hash,
+                0x02 => credential_id,
+                0x03 => user,
+            } = extract_map(cbor_value)?;
+        }
+
+        let rp_id_hash = rp_id_hash.map(extract_byte_string).transpose()?;
+        let credential_id = credential_id
+            .map(PublicKeyCredentialDescriptor::try_from)
+            .transpose()?;
+        let user = user
+            .map(PublicKeyCredentialUserEntity::try_from)
+            .transpose()?;
+        Ok(Self {
+            rp_id_hash,
+            credential_id,
+            user,
+        })
+    }
+}
+
+impl From<CredentialManagementSubCommandParameters> for cbor::Value {
+    fn from(sub_command_params: CredentialManagementSubCommandParameters) -> Self {
+        cbor_map_options! {
+            0x01 => sub_command_params.rp_id_hash,
+            0x02 => sub_command_params.credential_id,
+            0x03 => sub_command_params.user,
+        }
+    }
+}
+
 pub(super) fn extract_unsigned(cbor_value: cbor::Value) -> Result<u64, Ctap2StatusCode> {
     match cbor_value {
         cbor::Value::KeyValue(cbor::KeyType::Unsigned(unsigned)) => Ok(unsigned),
@@ -1504,6 +1600,52 @@ mod test {
         }
     }
 
+    #[test]
+    fn test_from_into_cred_management_sub_command() {
+        let cbor_sub_command: cbor::Value = cbor_int!(0x01);
+        let sub_command = CredentialManagementSubCommand::try_from(cbor_sub_command.clone());
+        let expected_sub_command = CredentialManagementSubCommand::GetCredsMetadata;
+        assert_eq!(sub_command, Ok(expected_sub_command));
+        let created_cbor: cbor::Value = sub_command.unwrap().into();
+        assert_eq!(created_cbor, cbor_sub_command);
+
+        for command in CredentialManagementSubCommand::into_enum_iter() {
+            let created_cbor: cbor::Value = command.clone().into();
+            let reconstructed = CredentialManagementSubCommand::try_from(created_cbor).unwrap();
+            assert_eq!(command, reconstructed);
+        }
+    }
+
+    #[test]
+    fn test_from_into_cred_management_sub_command_params() {
+        let credential_id = PublicKeyCredentialDescriptor {
+            key_type: PublicKeyCredentialType::PublicKey,
+            key_id: vec![0x2D, 0x2D, 0x2D, 0x2D],
+            transports: Some(vec![AuthenticatorTransport::Usb]),
+        };
+        let user_entity = PublicKeyCredentialUserEntity {
+            user_id: vec![0x1D, 0x1D, 0x1D, 0x1D],
+            user_name: Some("foo".to_string()),
+            user_display_name: Some("bar".to_string()),
+            user_icon: Some("example.com/foo/icon.png".to_string()),
+        };
+        let cbor_sub_command_params = cbor_map! {
+            0x01 => vec![0x1D; 32],
+            0x02 => credential_id.clone(),
+            0x03 => user_entity.clone(),
+        };
+        let sub_command_params =
+            CredentialManagementSubCommandParameters::try_from(cbor_sub_command_params.clone());
+        let expected_sub_command_params = CredentialManagementSubCommandParameters {
+            rp_id_hash: Some(vec![0x1D; 32]),
+            credential_id: Some(credential_id),
+            user: Some(user_entity),
+        };
+        assert_eq!(sub_command_params, Ok(expected_sub_command_params));
+        let created_cbor: cbor::Value = sub_command_params.unwrap().into();
+        assert_eq!(created_cbor, cbor_sub_command_params);
+    }
+
     #[test]
     fn test_credential_source_cbor_round_trip() {
         let mut rng = ThreadRng256 {};
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 8895605..d4b73f4 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -14,6 +14,7 @@
 
 pub mod apdu;
 pub mod command;
+mod credential_management;
 #[cfg(feature = "with_ctap1")]
 mod ctap1;
 pub mod data_formats;
@@ -30,6 +31,7 @@ use self::command::{
     AuthenticatorMakeCredentialParameters, AuthenticatorVendorConfigureParameters, Command,
     MAX_CREDENTIAL_COUNT_IN_LIST,
 };
+use self::credential_management::process_credential_management;
 use self::data_formats::{
     AuthenticatorTransport, CoseKey, CredentialProtectionPolicy, GetAssertionHmacSecretInput,
     PackedAttestationStatement, PublicKeyCredentialDescriptor, PublicKeyCredentialParameter,
@@ -98,7 +100,7 @@ pub const TOUCH_TIMEOUT_MS: isize = 30000;
 #[cfg(feature = "with_ctap1")]
 const U2F_UP_PROMPT_TIMEOUT: Duration<isize> = Duration::from_ms(10000);
 const RESET_TIMEOUT_DURATION: Duration<isize> = Duration::from_ms(10000);
-const STATEFUL_COMMAND_TIMEOUT_DURATION: Duration<isize> = Duration::from_ms(30000);
+pub const STATEFUL_COMMAND_TIMEOUT_DURATION: Duration<isize> = Duration::from_ms(30000);
 
 pub const FIDO2_VERSION_STRING: &str = "FIDO_2_0";
 #[cfg(feature = "with_ctap1")]
@@ -139,15 +141,29 @@ struct AssertionInput {
     has_uv: bool,
 }
 
-struct AssertionState {
+pub struct AssertionState {
     assertion_input: AssertionInput,
     // Sorted by ascending order of creation, so the last element is the most recent one.
     next_credential_keys: Vec<usize>,
 }
 
-enum StatefulCommand {
+pub enum StatefulCommand {
     Reset,
     GetAssertion(AssertionState),
+    EnumerateRps(Vec<String>),
+    EnumerateCredentials(Vec<usize>),
+}
+
+pub fn check_command_permission(
+    stateful_command_permission: &mut TimedPermission,
+    now: ClockValue,
+) -> Result<(), Ctap2StatusCode> {
+    *stateful_command_permission = stateful_command_permission.check_expiration(now);
+    if stateful_command_permission.is_granted(now) {
+        Ok(())
+    } else {
+        Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+    }
 }
 
 // This struct currently holds all state, not only the persistent memory. The persistent members are
@@ -200,15 +216,6 @@ where
         self.stateful_command_permission = self.stateful_command_permission.check_expiration(now);
     }
 
-    fn check_command_permission(&mut self, now: ClockValue) -> Result<(), Ctap2StatusCode> {
-        self.update_command_permission(now);
-        if self.stateful_command_permission.is_granted(now) {
-            Ok(())
-        } else {
-            Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
-        }
-    }
-
     pub fn increment_global_signature_counter(&mut self) -> Result<(), Ctap2StatusCode> {
         if USE_SIGNATURE_COUNTER {
             let increment = self.rng.gen_uniform_u32x8()[0] % 8 + 1;
@@ -330,6 +337,14 @@ where
                         Command::AuthenticatorGetNextAssertion,
                         Some(StatefulCommand::GetAssertion(_)),
                     ) => (),
+                    (
+                        Command::AuthenticatorCredentialManagement(_),
+                        Some(StatefulCommand::EnumerateRps(_)),
+                    ) => (),
+                    (
+                        Command::AuthenticatorCredentialManagement(_),
+                        Some(StatefulCommand::EnumerateCredentials(_)),
+                    ) => (),
                     (Command::AuthenticatorReset, Some(StatefulCommand::Reset)) => (),
                     // GetInfo does not reset stateful commands.
                     (Command::AuthenticatorGetInfo, _) => (),
@@ -350,6 +365,16 @@ where
                     Command::AuthenticatorGetInfo => self.process_get_info(),
                     Command::AuthenticatorClientPin(params) => self.process_client_pin(params),
                     Command::AuthenticatorReset => self.process_reset(cid, now),
+                    Command::AuthenticatorCredentialManagement(params) => {
+                        process_credential_management(
+                            &mut self.persistent_store,
+                            &mut self.stateful_command_permission,
+                            &mut self.stateful_command_type,
+                            &mut self.pin_protocol_v1,
+                            params,
+                            now,
+                        )
+                    }
                     Command::AuthenticatorSelection => self.process_selection(cid),
                     // TODO(kaczmarczyck) implement FIDO 2.1 commands
                     // Vendor specific commands
@@ -818,7 +843,7 @@ where
         &mut self,
         now: ClockValue,
     ) -> Result<ResponseData, Ctap2StatusCode> {
-        self.check_command_permission(now)?;
+        check_command_permission(&mut self.stateful_command_permission, now)?;
         let (assertion_input, credential) =
             if let Some(StatefulCommand::GetAssertion(assertion_state)) =
                 &mut self.stateful_command_type
@@ -844,6 +869,7 @@ where
             String::from("clientPin"),
             self.persistent_store.pin_hash()?.is_some(),
         );
+        options_map.insert(String::from("credMgmt"), true);
         Ok(ResponseData::AuthenticatorGetInfo(
             AuthenticatorGetInfoResponse {
                 versions: vec![
@@ -895,7 +921,7 @@ where
     ) -> Result<ResponseData, Ctap2StatusCode> {
         // Resets are only possible in the first 10 seconds after booting.
         // TODO(kaczmarczyck) 2.1 allows Reset after Reset and 15 seconds?
-        self.check_command_permission(now)?;
+        check_command_permission(&mut self.stateful_command_permission, now)?;
         match &self.stateful_command_type {
             Some(StatefulCommand::Reset) => (),
             _ => return Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED),
@@ -1053,11 +1079,12 @@ mod test {
         expected_response.extend(&ctap_state.persistent_store.aaguid().unwrap());
         expected_response.extend(
             [
-                0x04, 0xA3, 0x62, 0x72, 0x6B, 0xF5, 0x62, 0x75, 0x70, 0xF5, 0x69, 0x63, 0x6C, 0x69,
-                0x65, 0x6E, 0x74, 0x50, 0x69, 0x6E, 0xF4, 0x05, 0x19, 0x04, 0x00, 0x06, 0x81, 0x01,
-                0x08, 0x18, 0x70, 0x09, 0x81, 0x63, 0x75, 0x73, 0x62, 0x0A, 0x81, 0xA2, 0x63, 0x61,
-                0x6C, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6A, 0x70, 0x75, 0x62, 0x6C, 0x69,
-                0x63, 0x2D, 0x6B, 0x65, 0x79, 0x0D, 0x04, 0x14, 0x18, 0x96,
+                0x04, 0xA4, 0x62, 0x72, 0x6B, 0xF5, 0x62, 0x75, 0x70, 0xF5, 0x68, 0x63, 0x72, 0x65,
+                0x64, 0x4D, 0x67, 0x6D, 0x74, 0xF5, 0x69, 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x50,
+                0x69, 0x6E, 0xF4, 0x05, 0x19, 0x04, 0x00, 0x06, 0x81, 0x01, 0x08, 0x18, 0x70, 0x09,
+                0x81, 0x63, 0x75, 0x73, 0x62, 0x0A, 0x81, 0xA2, 0x63, 0x61, 0x6C, 0x67, 0x26, 0x64,
+                0x74, 0x79, 0x70, 0x65, 0x6A, 0x70, 0x75, 0x62, 0x6C, 0x69, 0x63, 0x2D, 0x6B, 0x65,
+                0x79, 0x0D, 0x04, 0x14, 0x18, 0x96,
             ]
             .iter(),
         );
@@ -2034,6 +2061,22 @@ mod test {
         assert_eq!(reset_reponse, Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED));
     }
 
+    #[test]
+    fn test_process_credential_management_unknown_subcommand() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+
+        // The subcommand 0xEE does not exist.
+        let reponse = ctap_state.process_command(
+            &[0x0A, 0xA1, 0x01, 0x18, 0xEE],
+            DUMMY_CHANNEL_ID,
+            DUMMY_CLOCK_VALUE,
+        );
+        let expected_response = vec![Ctap2StatusCode::CTAP2_ERR_INVALID_SUBCOMMAND as u8];
+        assert_eq!(reponse, expected_response);
+    }
+
     #[test]
     fn test_process_unknown_command() {
         let mut rng = ThreadRng256 {};
@@ -2041,10 +2084,9 @@ mod test {
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         // This command does not exist.
-        let reset_reponse =
-            ctap_state.process_command(&[0xDF], DUMMY_CHANNEL_ID, DUMMY_CLOCK_VALUE);
+        let reponse = ctap_state.process_command(&[0xDF], DUMMY_CHANNEL_ID, DUMMY_CLOCK_VALUE);
         let expected_response = vec![Ctap2StatusCode::CTAP1_ERR_INVALID_COMMAND as u8];
-        assert_eq!(reset_reponse, expected_response);
+        assert_eq!(reponse, expected_response);
     }
 
     #[test]
diff --git a/src/ctap/pin_protocol_v1.rs b/src/ctap/pin_protocol_v1.rs
index b8aeb21..14c3d56 100644
--- a/src/ctap/pin_protocol_v1.rs
+++ b/src/ctap/pin_protocol_v1.rs
@@ -563,6 +563,13 @@ impl PinProtocolV1 {
         }
     }
 
+    pub fn has_no_permission_rp_id(&self) -> Result<(), Ctap2StatusCode> {
+        if self.permissions_rp_id.is_some() {
+            return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
+        }
+        Ok(())
+    }
+
     pub fn has_permission_for_rp_id(&mut self, rp_id: &str) -> Result<(), Ctap2StatusCode> {
         if let Some(permissions_rp_id) = &self.permissions_rp_id {
             if rp_id != permissions_rp_id {
@@ -1187,6 +1194,19 @@ mod test {
         }
     }
 
+    #[test]
+    fn test_has_no_permission_rp_id() {
+        let mut rng = ThreadRng256 {};
+        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
+        assert_eq!(pin_protocol_v1.has_no_permission_rp_id(), Ok(()));
+        assert_eq!(pin_protocol_v1.permissions_rp_id, None,);
+        pin_protocol_v1.permissions_rp_id = Some("example.com".to_string());
+        assert_eq!(
+            pin_protocol_v1.has_no_permission_rp_id(),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+    }
+
     #[test]
     fn test_has_permission_for_rp_id() {
         let mut rng = ThreadRng256 {};
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index f40dc21..8d5386b 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -14,7 +14,8 @@
 
 use super::data_formats::{
     AuthenticatorTransport, CoseKey, CredentialProtectionPolicy, PackedAttestationStatement,
-    PublicKeyCredentialDescriptor, PublicKeyCredentialParameter, PublicKeyCredentialUserEntity,
+    PublicKeyCredentialDescriptor, PublicKeyCredentialParameter, PublicKeyCredentialRpEntity,
+    PublicKeyCredentialUserEntity,
 };
 use alloc::collections::BTreeMap;
 use alloc::string::String;
@@ -30,6 +31,7 @@ pub enum ResponseData {
     AuthenticatorGetInfo(AuthenticatorGetInfoResponse),
     AuthenticatorClientPin(Option<AuthenticatorClientPinResponse>),
     AuthenticatorReset,
+    AuthenticatorCredentialManagement(Option<AuthenticatorCredentialManagementResponse>),
     AuthenticatorSelection,
     AuthenticatorVendor(AuthenticatorVendorResponse),
 }
@@ -41,9 +43,9 @@ impl From<ResponseData> for Option<cbor::Value> {
             ResponseData::AuthenticatorGetAssertion(data) => Some(data.into()),
             ResponseData::AuthenticatorGetNextAssertion(data) => Some(data.into()),
             ResponseData::AuthenticatorGetInfo(data) => Some(data.into()),
-            ResponseData::AuthenticatorClientPin(Some(data)) => Some(data.into()),
-            ResponseData::AuthenticatorClientPin(None) => None,
+            ResponseData::AuthenticatorClientPin(data) => data.map(|d| d.into()),
             ResponseData::AuthenticatorReset => None,
+            ResponseData::AuthenticatorCredentialManagement(data) => data.map(|d| d.into()),
             ResponseData::AuthenticatorSelection => None,
             ResponseData::AuthenticatorVendor(data) => Some(data.into()),
         }
@@ -199,6 +201,54 @@ impl From<AuthenticatorClientPinResponse> for cbor::Value {
     }
 }
 
+#[cfg_attr(test, derive(PartialEq))]
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
+pub struct AuthenticatorCredentialManagementResponse {
+    pub existing_resident_credentials_count: Option<u64>,
+    pub max_possible_remaining_resident_credentials_count: Option<u64>,
+    pub rp: Option<PublicKeyCredentialRpEntity>,
+    pub rp_id_hash: Option<Vec<u8>>,
+    pub total_rps: Option<u64>,
+    pub user: Option<PublicKeyCredentialUserEntity>,
+    pub credential_id: Option<PublicKeyCredentialDescriptor>,
+    pub public_key: Option<CoseKey>,
+    pub total_credentials: Option<u64>,
+    pub cred_protect: Option<CredentialProtectionPolicy>,
+    pub large_blob_key: Option<Vec<u8>>,
+}
+
+impl From<AuthenticatorCredentialManagementResponse> for cbor::Value {
+    fn from(cred_management_response: AuthenticatorCredentialManagementResponse) -> Self {
+        let AuthenticatorCredentialManagementResponse {
+            existing_resident_credentials_count,
+            max_possible_remaining_resident_credentials_count,
+            rp,
+            rp_id_hash,
+            total_rps,
+            user,
+            credential_id,
+            public_key,
+            total_credentials,
+            cred_protect,
+            large_blob_key,
+        } = cred_management_response;
+
+        cbor_map_options! {
+            0x01 => existing_resident_credentials_count,
+            0x02 => max_possible_remaining_resident_credentials_count,
+            0x03 => rp,
+            0x04 => rp_id_hash,
+            0x05 => total_rps,
+            0x06 => user,
+            0x07 => credential_id,
+            0x08 => public_key.map(cbor::Value::from),
+            0x09 => total_credentials,
+            0x0A => cred_protect,
+            0x0B => large_blob_key,
+        }
+    }
+}
+
 #[cfg_attr(test, derive(PartialEq))]
 #[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
 pub struct AuthenticatorVendorResponse {
@@ -222,10 +272,11 @@ impl From<AuthenticatorVendorResponse> for cbor::Value {
 
 #[cfg(test)]
 mod test {
-    use super::super::data_formats::PackedAttestationStatement;
+    use super::super::data_formats::{PackedAttestationStatement, PublicKeyCredentialType};
     use super::super::ES256_CRED_PARAM;
     use super::*;
     use cbor::{cbor_bytes, cbor_map};
+    use crypto::rng256::ThreadRng256;
 
     #[test]
     fn test_make_credential_into_cbor() {
@@ -379,6 +430,88 @@ mod test {
         assert_eq!(response_cbor, None);
     }
 
+    #[test]
+    fn test_used_credential_management_into_cbor() {
+        let cred_management_response = AuthenticatorCredentialManagementResponse {
+            existing_resident_credentials_count: None,
+            max_possible_remaining_resident_credentials_count: None,
+            rp: None,
+            rp_id_hash: None,
+            total_rps: None,
+            user: None,
+            credential_id: None,
+            public_key: None,
+            total_credentials: None,
+            cred_protect: None,
+            large_blob_key: None,
+        };
+        let response_cbor: Option<cbor::Value> =
+            ResponseData::AuthenticatorCredentialManagement(Some(cred_management_response)).into();
+        let expected_cbor = cbor_map_options! {};
+        assert_eq!(response_cbor, Some(expected_cbor));
+    }
+
+    #[test]
+    fn test_used_credential_management_optionals_into_cbor() {
+        let mut rng = ThreadRng256 {};
+        let sk = crypto::ecdh::SecKey::gensk(&mut rng);
+        let rp = PublicKeyCredentialRpEntity {
+            rp_id: String::from("example.com"),
+            rp_name: None,
+            rp_icon: None,
+        };
+        let user = PublicKeyCredentialUserEntity {
+            user_id: vec![0xFA, 0xB1, 0xA2],
+            user_name: None,
+            user_display_name: None,
+            user_icon: None,
+        };
+        let cred_descriptor = PublicKeyCredentialDescriptor {
+            key_type: PublicKeyCredentialType::PublicKey,
+            key_id: vec![0x1D; 32],
+            transports: None,
+        };
+        let pk = sk.genpk();
+        let cose_key = CoseKey::from(pk);
+
+        let cred_management_response = AuthenticatorCredentialManagementResponse {
+            existing_resident_credentials_count: Some(100),
+            max_possible_remaining_resident_credentials_count: Some(96),
+            rp: Some(rp.clone()),
+            rp_id_hash: Some(vec![0x1D; 32]),
+            total_rps: Some(3),
+            user: Some(user.clone()),
+            credential_id: Some(cred_descriptor.clone()),
+            public_key: Some(cose_key.clone()),
+            total_credentials: Some(2),
+            cred_protect: Some(CredentialProtectionPolicy::UserVerificationOptional),
+            large_blob_key: Some(vec![0xBB; 64]),
+        };
+        let response_cbor: Option<cbor::Value> =
+            ResponseData::AuthenticatorCredentialManagement(Some(cred_management_response)).into();
+        let expected_cbor = cbor_map_options! {
+            0x01 => 100,
+            0x02 => 96,
+            0x03 => rp,
+            0x04 => vec![0x1D; 32],
+            0x05 => 3,
+            0x06 => user,
+            0x07 => cred_descriptor,
+            0x08 => cbor::Value::from(cose_key),
+            0x09 => 2,
+            0x0A => 0x01,
+            0x0B => vec![0xBB; 64],
+        };
+        assert_eq!(response_cbor, Some(expected_cbor));
+    }
+
+    #[test]
+    fn test_empty_credential_management_into_cbor() {
+        let response_cbor: Option<cbor::Value> =
+            ResponseData::AuthenticatorCredentialManagement(None).into();
+        assert_eq!(response_cbor, None);
+    }
+
     #[test]
     fn test_selection_into_cbor() {
         let response_cbor: Option<cbor::Value> = ResponseData::AuthenticatorSelection.into();
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 8df987d..7902f34 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -238,7 +238,7 @@ impl PersistentStore {
     /// # Errors
     ///
     /// Returns `CTAP2_ERR_NO_CREDENTIALS` if the credential is not found.
-    pub fn _delete_credential(&mut self, credential_id: &[u8]) -> Result<(), Ctap2StatusCode> {
+    pub fn delete_credential(&mut self, credential_id: &[u8]) -> Result<(), Ctap2StatusCode> {
         let (key, _) = self.find_credential_item(credential_id)?;
         Ok(self.store.remove(key)?)
     }
@@ -248,7 +248,7 @@ impl PersistentStore {
     /// # Errors
     ///
     /// Returns `CTAP2_ERR_NO_CREDENTIALS` if the credential is not found.
-    pub fn _update_credential(
+    pub fn update_credential(
         &mut self,
         credential_id: &[u8],
         user: PublicKeyCredentialUserEntity,
@@ -692,7 +692,7 @@ mod test {
         }
         let mut count = persistent_store.count_credentials().unwrap();
         for credential_id in credential_ids {
-            assert!(persistent_store._delete_credential(&credential_id).is_ok());
+            assert!(persistent_store.delete_credential(&credential_id).is_ok());
             count -= 1;
             assert_eq!(persistent_store.count_credentials().unwrap(), count);
         }
@@ -710,7 +710,7 @@ mod test {
             user_icon: Some("icon".to_string()),
         };
         assert_eq!(
-            persistent_store._update_credential(&[0x1D], user.clone()),
+            persistent_store.update_credential(&[0x1D], user.clone()),
             Err(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)
         );
 
@@ -725,7 +725,7 @@ mod test {
         assert_eq!(stored_credential.user_display_name, None);
         assert_eq!(stored_credential.user_icon, None);
         assert!(persistent_store
-            ._update_credential(&credential_id, user.clone())
+            .update_credential(&credential_id, user.clone())
             .is_ok());
         let stored_credential = persistent_store
             .find_credential("example.com", &credential_id, false)

From a17ee39bb6e4f3ae922baf7373ab95db40e28e2b Mon Sep 17 00:00:00 2001
From: Geoffrey <geoffrey@ftsafe.com>
Date: Thu, 14 Jan 2021 19:10:42 +0800
Subject: [PATCH 123/192] Add Feitian OpenSK USB Dongle (#257)

Co-authored-by: superskybird <skybird.le@gmail.com>
---
 docs/install.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/install.md b/docs/install.md
index d00b991..166d5b5 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -17,6 +17,7 @@ You will need one the following supported boards:
 *   [Nordic nRF52840 Dongle](https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF52840-Dongle)
     to have a more practical form factor.
 *   [Makerdiary nRF52840-MDK USB dongle](https://wiki.makerdiary.com/nrf52840-mdk/).
+*   [Feitian OpenSK dongle](https://feitiantech.github.io/OpenSK_USB/).
 
 In the case of the Nordic USB dongle, you may also need the following extra
 hardware:

From 182afc7c3f76b2a185f5536ce9d2c1d131305261 Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Thu, 14 Jan 2021 12:33:03 +0100
Subject: [PATCH 124/192] Add Feitian OpenSK USB Dongle (#257) (#259)

Co-authored-by: superskybird <skybird.le@gmail.com>

Co-authored-by: Geoffrey <geoffrey@ftsafe.com>
Co-authored-by: superskybird <skybird.le@gmail.com>
---
 docs/install.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/install.md b/docs/install.md
index d00b991..166d5b5 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -17,6 +17,7 @@ You will need one the following supported boards:
 *   [Nordic nRF52840 Dongle](https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF52840-Dongle)
     to have a more practical form factor.
 *   [Makerdiary nRF52840-MDK USB dongle](https://wiki.makerdiary.com/nrf52840-mdk/).
+*   [Feitian OpenSK dongle](https://feitiantech.github.io/OpenSK_USB/).
 
 In the case of the Nordic USB dongle, you may also need the following extra
 hardware:

From 0bb6ee32fc96d32faa45a64127c7ae806a159019 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Thu, 14 Jan 2021 16:45:38 +0100
Subject: [PATCH 125/192] removes unused duplicate PIN protocol check helper

---
 src/ctap/credential_management.rs | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/src/ctap/credential_management.rs b/src/ctap/credential_management.rs
index dfc004e..c83c955 100644
--- a/src/ctap/credential_management.rs
+++ b/src/ctap/credential_management.rs
@@ -23,7 +23,10 @@ use super::response::{AuthenticatorCredentialManagementResponse, ResponseData};
 use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
 use super::timed_permission::TimedPermission;
-use super::{check_command_permission, StatefulCommand, STATEFUL_COMMAND_TIMEOUT_DURATION};
+use super::{
+    check_command_permission, check_pin_uv_auth_protocol, StatefulCommand,
+    STATEFUL_COMMAND_TIMEOUT_DURATION,
+};
 use alloc::collections::BTreeSet;
 use alloc::string::String;
 use alloc::vec;
@@ -251,16 +254,6 @@ fn process_update_user_information(
     persistent_store.update_credential(&credential_id, user)
 }
 
-/// Checks the PIN protocol.
-///
-/// TODO(#246) refactor after #246 is merged
-fn pin_uv_auth_protocol_check(pin_uv_auth_protocol: Option<u64>) -> Result<(), Ctap2StatusCode> {
-    match pin_uv_auth_protocol {
-        Some(1) => Ok(()),
-        _ => Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
-    }
-}
-
 /// Processes the CredentialManagement command and all its subcommands.
 pub fn process_credential_management(
     persistent_store: &mut PersistentStore,
@@ -297,7 +290,7 @@ pub fn process_credential_management(
         | CredentialManagementSubCommand::DeleteCredential
         | CredentialManagementSubCommand::EnumerateCredentialsBegin
         | CredentialManagementSubCommand::UpdateUserInformation => {
-            pin_uv_auth_protocol_check(pin_protocol)?;
+            check_pin_uv_auth_protocol(pin_protocol)?;
             persistent_store
                 .pin_hash()?
                 .ok_or(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;

From 7268a9474b09fb2aa1c710e1b2769bcd9ab8044f Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 18 Dec 2020 12:04:05 +0100
Subject: [PATCH 126/192] renames residential to resident

---
 src/ctap/mod.rs         | 10 +++++-----
 src/ctap/storage.rs     | 38 +++++++++++++++++---------------------
 src/ctap/storage/key.rs |  8 ++++----
 3 files changed, 26 insertions(+), 30 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index d98f09d..fc8324c 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -1195,7 +1195,7 @@ mod test {
     }
 
     #[test]
-    fn test_residential_process_make_credential() {
+    fn test_resident_process_make_credential() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
@@ -1214,7 +1214,7 @@ mod test {
     }
 
     #[test]
-    fn test_non_residential_process_make_credential() {
+    fn test_non_resident_process_make_credential() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
@@ -1526,7 +1526,7 @@ mod test {
     }
 
     #[test]
-    fn test_residential_process_get_assertion() {
+    fn test_resident_process_get_assertion() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
@@ -1629,7 +1629,7 @@ mod test {
     }
 
     #[test]
-    fn test_residential_process_get_assertion_hmac_secret() {
+    fn test_resident_process_get_assertion_hmac_secret() {
         let mut rng = ThreadRng256 {};
         let sk = crypto::ecdh::SecKey::gensk(&mut rng);
         let user_immediately_present = |_| Ok(());
@@ -1681,7 +1681,7 @@ mod test {
     }
 
     #[test]
-    fn test_residential_process_get_assertion_with_cred_protect() {
+    fn test_resident_process_get_assertion_with_cred_protect() {
         let mut rng = ThreadRng256 {};
         let private_key = crypto::ecdsa::SecKey::gensk(&mut rng);
         let credential_id = rng.gen_uniform_u8x32().to_vec();
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index cf9afbc..022a3c5 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -38,11 +38,11 @@ use crypto::rng256::Rng256;
 // number of pages. This may improve in the future. Currently, using 20 pages gives between 20ms and
 // 240ms per operation. The rule of thumb is between 1ms and 12ms per additional page.
 //
-// Limiting the number of residential keys permits to ensure a minimum number of counter increments.
+// Limiting the number of resident keys permits to ensure a minimum number of counter increments.
 // Let:
 // - P the number of pages (NUM_PAGES)
-// - K the maximum number of residential keys (MAX_SUPPORTED_RESIDENTIAL_KEYS)
-// - S the maximum size of a residential key (about 500)
+// - K the maximum number of resident keys (MAX_SUPPORTED_RESIDENT_KEYS)
+// - S the maximum size of a resident key (about 500)
 // - C the number of erase cycles (10000)
 // - I the minimum number of counter increments
 //
@@ -50,7 +50,7 @@ use crypto::rng256::Rng256;
 //
 // With P=20 and K=150, we have I=2M which is enough for 500 increments per day for 10 years.
 const NUM_PAGES: usize = 20;
-const MAX_SUPPORTED_RESIDENTIAL_KEYS: usize = 150;
+const MAX_SUPPORTED_RESIDENT_KEYS: usize = 150;
 
 const MAX_PIN_RETRIES: u8 = 8;
 const DEFAULT_MIN_PIN_LENGTH: u8 = 4;
@@ -132,7 +132,7 @@ impl PersistentStore {
     /// Returns `CTAP2_ERR_VENDOR_INTERNAL_ERROR` if the key does not hold a valid credential.
     pub fn get_credential(&self, key: usize) -> Result<PublicKeyCredentialSource, Ctap2StatusCode> {
         let min_key = key::CREDENTIALS.start;
-        if key < min_key || key >= min_key + MAX_SUPPORTED_RESIDENTIAL_KEYS {
+        if key < min_key || key >= min_key + MAX_SUPPORTED_RESIDENT_KEYS {
             return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
         }
         let credential_entry = self
@@ -200,13 +200,11 @@ impl PersistentStore {
         let mut old_key = None;
         let min_key = key::CREDENTIALS.start;
         // Holds whether a key is used (indices are shifted by min_key).
-        let mut keys = vec![false; MAX_SUPPORTED_RESIDENTIAL_KEYS];
+        let mut keys = vec![false; MAX_SUPPORTED_RESIDENT_KEYS];
         let mut iter_result = Ok(());
         let iter = self.iter_credentials(&mut iter_result)?;
         for (key, credential) in iter {
-            if key < min_key
-                || key - min_key >= MAX_SUPPORTED_RESIDENTIAL_KEYS
-                || keys[key - min_key]
+            if key < min_key || key - min_key >= MAX_SUPPORTED_RESIDENT_KEYS || keys[key - min_key]
             {
                 return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
             }
@@ -221,16 +219,14 @@ impl PersistentStore {
             }
         }
         iter_result?;
-        if old_key.is_none()
-            && keys.iter().filter(|&&x| x).count() >= MAX_SUPPORTED_RESIDENTIAL_KEYS
-        {
+        if old_key.is_none() && keys.iter().filter(|&&x| x).count() >= MAX_SUPPORTED_RESIDENT_KEYS {
             return Err(Ctap2StatusCode::CTAP2_ERR_KEY_STORE_FULL);
         }
         let key = match old_key {
             // This is a new credential being added, we need to allocate a free key. We choose the
             // first available key.
             None => key::CREDENTIALS
-                .take(MAX_SUPPORTED_RESIDENTIAL_KEYS)
+                .take(MAX_SUPPORTED_RESIDENT_KEYS)
                 .find(|key| !keys[key - min_key])
                 .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?,
             // This is an existing credential being updated, we reuse its key.
@@ -280,7 +276,7 @@ impl PersistentStore {
 
     /// Returns the estimated number of credentials that can still be stored.
     pub fn remaining_credentials(&self) -> Result<usize, Ctap2StatusCode> {
-        MAX_SUPPORTED_RESIDENTIAL_KEYS
+        MAX_SUPPORTED_RESIDENT_KEYS
             .checked_sub(self.count_credentials()?)
             .ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)
     }
@@ -714,7 +710,7 @@ mod test {
         assert_eq!(persistent_store.count_credentials().unwrap(), 0);
 
         let mut credential_ids = vec![];
-        for i in 0..MAX_SUPPORTED_RESIDENTIAL_KEYS {
+        for i in 0..MAX_SUPPORTED_RESIDENT_KEYS {
             let user_handle = i.to_ne_bytes().to_vec();
             let credential_source = create_credential_source(&mut rng, "example.com", user_handle);
             credential_ids.push(credential_source.credential_id.clone());
@@ -788,7 +784,7 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         assert_eq!(persistent_store.count_credentials().unwrap(), 0);
 
-        for i in 0..MAX_SUPPORTED_RESIDENTIAL_KEYS {
+        for i in 0..MAX_SUPPORTED_RESIDENT_KEYS {
             let user_handle = i.to_ne_bytes().to_vec();
             let credential_source = create_credential_source(&mut rng, "example.com", user_handle);
             assert!(persistent_store.store_credential(credential_source).is_ok());
@@ -797,7 +793,7 @@ mod test {
         let credential_source = create_credential_source(
             &mut rng,
             "example.com",
-            vec![MAX_SUPPORTED_RESIDENTIAL_KEYS as u8],
+            vec![MAX_SUPPORTED_RESIDENT_KEYS as u8],
         );
         assert_eq!(
             persistent_store.store_credential(credential_source),
@@ -805,7 +801,7 @@ mod test {
         );
         assert_eq!(
             persistent_store.count_credentials().unwrap(),
-            MAX_SUPPORTED_RESIDENTIAL_KEYS
+            MAX_SUPPORTED_RESIDENT_KEYS
         );
     }
 
@@ -837,7 +833,7 @@ mod test {
             .is_some());
 
         let mut persistent_store = PersistentStore::new(&mut rng);
-        for i in 0..MAX_SUPPORTED_RESIDENTIAL_KEYS {
+        for i in 0..MAX_SUPPORTED_RESIDENT_KEYS {
             let user_handle = i.to_ne_bytes().to_vec();
             let credential_source = create_credential_source(&mut rng, "example.com", user_handle);
             assert!(persistent_store.store_credential(credential_source).is_ok());
@@ -846,7 +842,7 @@ mod test {
         let credential_source = create_credential_source(
             &mut rng,
             "example.com",
-            vec![MAX_SUPPORTED_RESIDENTIAL_KEYS as u8],
+            vec![MAX_SUPPORTED_RESIDENT_KEYS as u8],
         );
         assert_eq!(
             persistent_store.store_credential(credential_source),
@@ -854,7 +850,7 @@ mod test {
         );
         assert_eq!(
             persistent_store.count_credentials().unwrap(),
-            MAX_SUPPORTED_RESIDENTIAL_KEYS
+            MAX_SUPPORTED_RESIDENT_KEYS
         );
     }
 
diff --git a/src/ctap/storage/key.rs b/src/ctap/storage/key.rs
index dfe44fc..c6e46e2 100644
--- a/src/ctap/storage/key.rs
+++ b/src/ctap/storage/key.rs
@@ -84,8 +84,8 @@ make_partition! {
 
     /// The credentials.
     ///
-    /// Depending on `MAX_SUPPORTED_RESIDENTIAL_KEYS`, only a prefix of those keys is used. Each
-    /// board may configure `MAX_SUPPORTED_RESIDENTIAL_KEYS` depending on the storage size.
+    /// Depending on `MAX_SUPPORTED_RESIDENT_KEYS`, only a prefix of those keys is used. Each
+    /// board may configure `MAX_SUPPORTED_RESIDENT_KEYS` depending on the storage size.
     CREDENTIALS = 1700..2000;
 
     /// The secret of the CredRandom feature.
@@ -127,8 +127,8 @@ mod test {
 
     #[test]
     fn enough_credentials() {
-        use super::super::MAX_SUPPORTED_RESIDENTIAL_KEYS;
-        assert!(MAX_SUPPORTED_RESIDENTIAL_KEYS <= CREDENTIALS.end - CREDENTIALS.start);
+        use super::super::MAX_SUPPORTED_RESIDENT_KEYS;
+        assert!(MAX_SUPPORTED_RESIDENT_KEYS <= CREDENTIALS.end - CREDENTIALS.start);
     }
 
     #[test]

From 69bdd8c615934be5b4526950cb4d02099058597d Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Thu, 14 Jan 2021 18:05:38 +0100
Subject: [PATCH 127/192] renames to resident in README

---
 README.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 48f6c6e..0691fb8 100644
--- a/README.md
+++ b/README.md
@@ -106,8 +106,7 @@ a few things you can personalize:
     check [WebAuthn](https://www.w3.org/TR/webauthn/#signature-counter) for
     documentation.
 1.  Depending on your available flash storage, choose an appropriate maximum
-    number of supported residential keys and number of pages in
-    `ctap/storage.rs`.
+    number of supported resident keys and number of pages in `ctap/storage.rs`.
 1.  Change the default level for the credProtect extension in `ctap/mod.rs`.
     When changing the default, resident credentials become undiscoverable without
     user verification. This helps privacy, but can make usage less comfortable

From 3702b61ce7c19dde35a5d9b74e2f9a61b3b0c972 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 15 Jan 2021 17:41:16 +0100
Subject: [PATCH 128/192] implements Default for Response type

---
 src/ctap/credential_management.rs | 25 +++----------------------
 src/ctap/response.rs              | 15 ++-------------
 2 files changed, 5 insertions(+), 35 deletions(-)

diff --git a/src/ctap/credential_management.rs b/src/ctap/credential_management.rs
index c83c955..71c1e39 100644
--- a/src/ctap/credential_management.rs
+++ b/src/ctap/credential_management.rs
@@ -49,17 +49,10 @@ fn enumerate_rps_response(
     let rp_id_hash = rp_id.map(|rp_id| Sha256::hash(rp_id.as_bytes()).to_vec());
 
     Ok(AuthenticatorCredentialManagementResponse {
-        existing_resident_credentials_count: None,
-        max_possible_remaining_resident_credentials_count: None,
         rp,
         rp_id_hash,
         total_rps,
-        user: None,
-        credential_id: None,
-        public_key: None,
-        total_credentials: None,
-        cred_protect: None,
-        large_blob_key: None,
+        ..Default::default()
     })
 }
 
@@ -93,11 +86,6 @@ fn enumerate_credentials_response(
     };
     let public_key = CoseKey::from(private_key.genpk());
     Ok(AuthenticatorCredentialManagementResponse {
-        existing_resident_credentials_count: None,
-        max_possible_remaining_resident_credentials_count: None,
-        rp: None,
-        rp_id_hash: None,
-        total_rps: None,
         user: Some(user),
         credential_id: Some(credential_id),
         public_key: Some(public_key),
@@ -105,6 +93,7 @@ fn enumerate_credentials_response(
         cred_protect: cred_protect_policy,
         // TODO(kaczmarczyck) add when largeBlobKey is implemented
         large_blob_key: None,
+        ..Default::default()
     })
 }
 
@@ -117,15 +106,7 @@ fn process_get_creds_metadata(
         max_possible_remaining_resident_credentials_count: Some(
             persistent_store.remaining_credentials()? as u64,
         ),
-        rp: None,
-        rp_id_hash: None,
-        total_rps: None,
-        user: None,
-        credential_id: None,
-        public_key: None,
-        total_credentials: None,
-        cred_protect: None,
-        large_blob_key: None,
+        ..Default::default()
     })
 }
 
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index 03bc70d..e4cda5e 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -204,6 +204,7 @@ impl From<AuthenticatorClientPinResponse> for cbor::Value {
     }
 }
 
+#[derive(Default)]
 #[cfg_attr(test, derive(PartialEq))]
 #[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
 pub struct AuthenticatorCredentialManagementResponse {
@@ -435,19 +436,7 @@ mod test {
 
     #[test]
     fn test_used_credential_management_into_cbor() {
-        let cred_management_response = AuthenticatorCredentialManagementResponse {
-            existing_resident_credentials_count: None,
-            max_possible_remaining_resident_credentials_count: None,
-            rp: None,
-            rp_id_hash: None,
-            total_rps: None,
-            user: None,
-            credential_id: None,
-            public_key: None,
-            total_credentials: None,
-            cred_protect: None,
-            large_blob_key: None,
-        };
+        let cred_management_response = AuthenticatorCredentialManagementResponse::default();
         let response_cbor: Option<cbor::Value> =
             ResponseData::AuthenticatorCredentialManagement(Some(cred_management_response)).into();
         let expected_cbor = cbor_map_options! {};

From 55038cc084bedb493cd7d3a901a0c7b7ff22199f Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Mon, 18 Jan 2021 16:13:01 +0100
Subject: [PATCH 129/192] Add bound-test in addition to equality-test

---
 libraries/persistent_store/src/format.rs | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/libraries/persistent_store/src/format.rs b/libraries/persistent_store/src/format.rs
index 8de88e4..9b5631b 100644
--- a/libraries/persistent_store/src/format.rs
+++ b/libraries/persistent_store/src/format.rs
@@ -1080,9 +1080,12 @@ mod tests {
 
     #[test]
     fn position_offsets_fit_in_a_halfword() {
-        // The store stores the entry positions as their offset from the head. Those offsets are
-        // represented as u16. The bound below is a large over-approximation of the maximal offset
-        // but it already fits.
-        assert_eq!((MAX_PAGE_INDEX + 1) * MAX_VIRT_PAGE_SIZE, 0xff80);
+        // The store stores in RAM the entry positions as their offset from the head. Those offsets
+        // are represented as u16. The bound below is a large over-approximation of the maximal
+        // offset. We first make sure it fits in a u16.
+        const MAX_POS: Nat = (MAX_PAGE_INDEX + 1) * MAX_VIRT_PAGE_SIZE;
+        assert!(MAX_POS <= u16::MAX as Nat);
+        // We also check the actual value for up-to-date documentation, since it's a constant.
+        assert_eq!(MAX_POS, 0xff80);
     }
 }

From a712d1476b373ed6295115d464f8bc357aba68f5 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Wed, 16 Dec 2020 19:40:55 +0100
Subject: [PATCH 130/192] Return error instead of debug assert

With dirty storage we hit the assert. Returning an error permits to continue to
catch if the invariant is broken for normal operation while being able to
continue fuzzing with dirty storage.
---
 libraries/persistent_store/src/format.rs      | 56 +++++++++----------
 .../persistent_store/src/format/bitfield.rs   | 29 ++++++----
 libraries/persistent_store/src/store.rs       | 36 +++++++-----
 3 files changed, 67 insertions(+), 54 deletions(-)

diff --git a/libraries/persistent_store/src/format.rs b/libraries/persistent_store/src/format.rs
index 9b5631b..f575750 100644
--- a/libraries/persistent_store/src/format.rs
+++ b/libraries/persistent_store/src/format.rs
@@ -335,12 +335,12 @@ impl Format {
     }
 
     /// Builds the storage representation of an init info.
-    pub fn build_init(&self, init: InitInfo) -> WordSlice {
+    pub fn build_init(&self, init: InitInfo) -> StoreResult<WordSlice> {
         let mut word = ERASED_WORD;
-        INIT_CYCLE.set(&mut word, init.cycle);
-        INIT_PREFIX.set(&mut word, init.prefix);
-        WORD_CHECKSUM.set(&mut word, 0);
-        word.as_slice()
+        INIT_CYCLE.set(&mut word, init.cycle)?;
+        INIT_PREFIX.set(&mut word, init.prefix)?;
+        WORD_CHECKSUM.set(&mut word, 0)?;
+        Ok(word.as_slice())
     }
 
     /// Returns the storage index of the compact info of a page.
@@ -368,36 +368,36 @@ impl Format {
     }
 
     /// Builds the storage representation of a compact info.
-    pub fn build_compact(&self, compact: CompactInfo) -> WordSlice {
+    pub fn build_compact(&self, compact: CompactInfo) -> StoreResult<WordSlice> {
         let mut word = ERASED_WORD;
-        COMPACT_TAIL.set(&mut word, compact.tail);
-        WORD_CHECKSUM.set(&mut word, 0);
-        word.as_slice()
+        COMPACT_TAIL.set(&mut word, compact.tail)?;
+        WORD_CHECKSUM.set(&mut word, 0)?;
+        Ok(word.as_slice())
     }
 
     /// Builds the storage representation of an internal entry.
-    pub fn build_internal(&self, internal: InternalEntry) -> WordSlice {
+    pub fn build_internal(&self, internal: InternalEntry) -> StoreResult<WordSlice> {
         let mut word = ERASED_WORD;
         match internal {
             InternalEntry::Erase { page } => {
-                ID_ERASE.set(&mut word);
-                ERASE_PAGE.set(&mut word, page);
+                ID_ERASE.set(&mut word)?;
+                ERASE_PAGE.set(&mut word, page)?;
             }
             InternalEntry::Clear { min_key } => {
-                ID_CLEAR.set(&mut word);
-                CLEAR_MIN_KEY.set(&mut word, min_key);
+                ID_CLEAR.set(&mut word)?;
+                CLEAR_MIN_KEY.set(&mut word, min_key)?;
             }
             InternalEntry::Marker { count } => {
-                ID_MARKER.set(&mut word);
-                MARKER_COUNT.set(&mut word, count);
+                ID_MARKER.set(&mut word)?;
+                MARKER_COUNT.set(&mut word, count)?;
             }
             InternalEntry::Remove { key } => {
-                ID_REMOVE.set(&mut word);
-                REMOVE_KEY.set(&mut word, key);
+                ID_REMOVE.set(&mut word)?;
+                REMOVE_KEY.set(&mut word, key)?;
             }
         }
-        WORD_CHECKSUM.set(&mut word, 0);
-        word.as_slice()
+        WORD_CHECKSUM.set(&mut word, 0)?;
+        Ok(word.as_slice())
     }
 
     /// Parses the first word of an entry from its storage representation.
@@ -459,31 +459,31 @@ impl Format {
     }
 
     /// Builds the storage representation of a user entry.
-    pub fn build_user(&self, key: Nat, value: &[u8]) -> Vec<u8> {
+    pub fn build_user(&self, key: Nat, value: &[u8]) -> StoreResult<Vec<u8>> {
         let length = usize_to_nat(value.len());
         let word_size = self.word_size();
         let footer = self.bytes_to_words(length);
         let mut result = vec![0xff; ((1 + footer) * word_size) as usize];
         result[word_size as usize..][..length as usize].copy_from_slice(value);
         let mut word = ERASED_WORD;
-        ID_HEADER.set(&mut word);
+        ID_HEADER.set(&mut word)?;
         if footer > 0 && is_erased(&result[(footer * word_size) as usize..]) {
             HEADER_FLIPPED.set(&mut word);
             *result.last_mut().unwrap() = 0x7f;
         }
-        HEADER_LENGTH.set(&mut word, length);
-        HEADER_KEY.set(&mut word, key);
+        HEADER_LENGTH.set(&mut word, length)?;
+        HEADER_KEY.set(&mut word, key)?;
         HEADER_CHECKSUM.set(
             &mut word,
             count_zeros(&result[(footer * word_size) as usize..]),
-        );
+        )?;
         result[..word_size as usize].copy_from_slice(&word.as_slice());
-        result
+        Ok(result)
     }
 
     /// Sets the padding bit in the first word of a user entry.
-    pub fn set_padding(&self, word: &mut Word) {
-        ID_PADDING.set(word);
+    pub fn set_padding(&self, word: &mut Word) -> StoreResult<()> {
+        ID_PADDING.set(word)
     }
 
     /// Sets the deleted bit in the first word of a user entry.
diff --git a/libraries/persistent_store/src/format/bitfield.rs b/libraries/persistent_store/src/format/bitfield.rs
index 2cffc4b..32c0ae5 100644
--- a/libraries/persistent_store/src/format/bitfield.rs
+++ b/libraries/persistent_store/src/format/bitfield.rs
@@ -42,15 +42,20 @@ impl Field {
 
     /// Sets the value of a bit field.
     ///
-    /// # Preconditions
+    /// # Errors
     ///
     /// - The value must fit in the bit field: `num_bits(value) < self.len`.
     /// - The value must only change bits from 1 to 0: `self.get(*word) & value == value`.
-    pub fn set(&self, word: &mut Word, value: Nat) {
-        debug_assert_eq!(value & self.mask(), value);
+    pub fn set(&self, word: &mut Word, value: Nat) -> StoreResult<()> {
+        if value & self.mask() != value {
+            return Err(StoreError::InvalidStorage);
+        }
         let mask = !(self.mask() << self.pos);
         word.0 &= mask | (value << self.pos);
-        debug_assert_eq!(self.get(*word), value);
+        if self.get(*word) != value {
+            return Err(StoreError::InvalidStorage);
+        }
+        Ok(())
     }
 
     /// Returns a bit mask the length of the bit field.
@@ -82,8 +87,8 @@ impl ConstField {
     }
 
     /// Sets the bit field to its value.
-    pub fn set(&self, word: &mut Word) {
-        self.field.set(word, self.value);
+    pub fn set(&self, word: &mut Word) -> StoreResult<()> {
+        self.field.set(word, self.value)
     }
 }
 
@@ -135,15 +140,15 @@ impl Checksum {
 
     /// Sets the checksum to the external increment value.
     ///
-    /// # Preconditions
+    /// # Errors
     ///
     /// - The bits of the checksum bit field should be set to one: `self.field.get(*word) ==
     ///   self.field.mask()`.
     /// - The checksum value should fit in the checksum bit field: `num_bits(word.count_zeros() +
     ///   value) < self.field.len`.
-    pub fn set(&self, word: &mut Word, value: Nat) {
+    pub fn set(&self, word: &mut Word, value: Nat) -> StoreResult<()> {
         debug_assert_eq!(self.field.get(*word), self.field.mask());
-        self.field.set(word, word.0.count_zeros() + value);
+        self.field.set(word, word.0.count_zeros() + value)
     }
 }
 
@@ -290,7 +295,7 @@ mod tests {
         assert_eq!(field.get(Word(0x000000f8)), 0x1f);
         assert_eq!(field.get(Word(0x0000ff37)), 6);
         let mut word = Word(0xffffffff);
-        field.set(&mut word, 3);
+        field.set(&mut word, 3).unwrap();
         assert_eq!(word, Word(0xffffff1f));
     }
 
@@ -305,7 +310,7 @@ mod tests {
         assert!(field.check(Word(0x00000048)));
         assert!(field.check(Word(0x0000ff4f)));
         let mut word = Word(0xffffffff);
-        field.set(&mut word);
+        field.set(&mut word).unwrap();
         assert_eq!(word, Word(0xffffff4f));
     }
 
@@ -333,7 +338,7 @@ mod tests {
         assert_eq!(field.get(Word(0x00ffff67)), Ok(4));
         assert_eq!(field.get(Word(0x7fffff07)), Err(StoreError::InvalidStorage));
         let mut word = Word(0x0fffffff);
-        field.set(&mut word, 4);
+        field.set(&mut word, 4).unwrap();
         assert_eq!(word, Word(0x0fffff47));
     }
 
diff --git a/libraries/persistent_store/src/store.rs b/libraries/persistent_store/src/store.rs
index bc4258a..f707a89 100644
--- a/libraries/persistent_store/src/store.rs
+++ b/libraries/persistent_store/src/store.rs
@@ -300,7 +300,9 @@ impl<S: Storage> Store<S> {
         self.reserve(self.format.transaction_capacity(updates))?;
         // Write the marker entry.
         let marker = self.tail()?;
-        let entry = self.format.build_internal(InternalEntry::Marker { count });
+        let entry = self
+            .format
+            .build_internal(InternalEntry::Marker { count })?;
         self.write_slice(marker, &entry)?;
         self.init_page(marker, marker)?;
         // Write the updates.
@@ -308,7 +310,7 @@ impl<S: Storage> Store<S> {
         for update in updates {
             let length = match *update {
                 StoreUpdate::Insert { key, ref value } => {
-                    let entry = self.format.build_user(usize_to_nat(key), value);
+                    let entry = self.format.build_user(usize_to_nat(key), value)?;
                     let word_size = self.format.word_size();
                     let footer = usize_to_nat(entry.len()) / word_size - 1;
                     self.write_slice(tail, &entry[..(footer * word_size) as usize])?;
@@ -317,7 +319,7 @@ impl<S: Storage> Store<S> {
                 }
                 StoreUpdate::Remove { key } => {
                     let key = usize_to_nat(key);
-                    let remove = self.format.build_internal(InternalEntry::Remove { key });
+                    let remove = self.format.build_internal(InternalEntry::Remove { key })?;
                     self.write_slice(tail, &remove)?;
                     0
                 }
@@ -337,7 +339,9 @@ impl<S: Storage> Store<S> {
         if min_key > self.format.max_key() {
             return Err(StoreError::InvalidArgument);
         }
-        let clear = self.format.build_internal(InternalEntry::Clear { min_key });
+        let clear = self
+            .format
+            .build_internal(InternalEntry::Clear { min_key })?;
         // We always have one word available. We can't use `reserve` because this is internal
         // capacity, not user capacity.
         while self.immediate_capacity()? < 1 {
@@ -403,7 +407,7 @@ impl<S: Storage> Store<S> {
         if key > self.format.max_key() || value_len > self.format.max_value_len() {
             return Err(StoreError::InvalidArgument);
         }
-        let entry = self.format.build_user(key, value);
+        let entry = self.format.build_user(key, value)?;
         let entry_len = usize_to_nat(entry.len());
         self.reserve(entry_len / self.format.word_size())?;
         let tail = self.tail()?;
@@ -469,7 +473,7 @@ impl<S: Storage> Store<S> {
         let init_info = self.format.build_init(InitInfo {
             cycle: 0,
             prefix: 0,
-        });
+        })?;
         self.storage_write_slice(index, &init_info)
     }
 
@@ -681,7 +685,9 @@ impl<S: Storage> Store<S> {
         }
         let tail = max(self.tail()?, head.next_page(&self.format));
         let index = self.format.index_compact(head.page(&self.format));
-        let compact_info = self.format.build_compact(CompactInfo { tail: tail - head });
+        let compact_info = self
+            .format
+            .build_compact(CompactInfo { tail: tail - head })?;
         self.storage_write_slice(index, &compact_info)?;
         self.compact_copy()
     }
@@ -721,7 +727,7 @@ impl<S: Storage> Store<S> {
             self.init_page(tail, tail + (length - 1))?;
             tail += length;
         }
-        let erase = self.format.build_internal(InternalEntry::Erase { page });
+        let erase = self.format.build_internal(InternalEntry::Erase { page })?;
         self.write_slice(tail, &erase)?;
         self.init_page(tail, tail)?;
         self.compact_erase(tail)
@@ -851,7 +857,7 @@ impl<S: Storage> Store<S> {
         let init_info = self.format.build_init(InitInfo {
             cycle: new_first.cycle(&self.format),
             prefix: new_first.word(&self.format),
-        });
+        })?;
         self.storage_write_slice(index, &init_info)?;
         Ok(())
     }
@@ -859,7 +865,7 @@ impl<S: Storage> Store<S> {
     /// Sets the padding bit of a user header.
     fn set_padding(&mut self, pos: Position) -> StoreResult<()> {
         let mut word = Word::from_slice(self.read_word(pos));
-        self.format.set_padding(&mut word);
+        self.format.set_padding(&mut word)?;
         self.write_slice(pos, &word.as_slice())?;
         Ok(())
     }
@@ -1195,10 +1201,12 @@ impl Store<BufferStorage> {
         let format = Format::new(storage).unwrap();
         // Write the init info of the first page.
         let mut index = format.index_init(0);
-        let init_info = format.build_init(InitInfo {
-            cycle: usize_to_nat(cycle),
-            prefix: 0,
-        });
+        let init_info = format
+            .build_init(InitInfo {
+                cycle: usize_to_nat(cycle),
+                prefix: 0,
+            })
+            .unwrap();
         storage.write_slice(index, &init_info).unwrap();
         // Pad the first word of the page. This makes the store looks used, otherwise we may confuse
         // it with a partially initialized store.

From e3353cb232e2892de0df43e6a04a8d4a2d376b6c Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 19 Jan 2021 12:42:41 +0100
Subject: [PATCH 131/192] only stores the RP ID index as state

---
 src/ctap/credential_management.rs | 128 ++++++++++++++++++++++++++----
 src/ctap/mod.rs                   |   2 +-
 2 files changed, 114 insertions(+), 16 deletions(-)

diff --git a/src/ctap/credential_management.rs b/src/ctap/credential_management.rs
index 71c1e39..dba7d36 100644
--- a/src/ctap/credential_management.rs
+++ b/src/ctap/credential_management.rs
@@ -31,11 +31,23 @@ use alloc::collections::BTreeSet;
 use alloc::string::String;
 use alloc::vec;
 use alloc::vec::Vec;
-use core::iter::FromIterator;
 use crypto::sha256::Sha256;
 use crypto::Hash256;
 use libtock_drivers::timer::ClockValue;
 
+/// Generates a set with all existing RP IDs.
+fn get_stored_rp_ids(
+    persistent_store: &PersistentStore,
+) -> Result<BTreeSet<String>, Ctap2StatusCode> {
+    let mut rp_set = BTreeSet::new();
+    let mut iter_result = Ok(());
+    for (_, credential) in persistent_store.iter_credentials(&mut iter_result)? {
+        rp_set.insert(credential.rp_id);
+    }
+    iter_result?;
+    Ok(rp_set)
+}
+
 /// Generates the response for subcommands enumerating RPs.
 fn enumerate_rps_response(
     rp_id: Option<String>,
@@ -117,34 +129,35 @@ fn process_enumerate_rps_begin(
     stateful_command_type: &mut Option<StatefulCommand>,
     now: ClockValue,
 ) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
-    let mut rp_set = BTreeSet::new();
-    let mut iter_result = Ok(());
-    for (_, credential) in persistent_store.iter_credentials(&mut iter_result)? {
-        rp_set.insert(credential.rp_id);
-    }
-    iter_result?;
-    let mut rp_ids = Vec::from_iter(rp_set);
-    let total_rps = rp_ids.len();
+    let rp_set = get_stored_rp_ids(persistent_store)?;
+    let total_rps = rp_set.len();
 
-    // TODO(kaczmarczyck) behaviour with empty list?
-    let rp_id = rp_ids.pop();
+    // TODO(kaczmarczyck) should we return CTAP2_ERR_NO_CREDENTIALS if empty?
     if total_rps > 1 {
         *stateful_command_permission =
             TimedPermission::granted(now, STATEFUL_COMMAND_TIMEOUT_DURATION);
-        *stateful_command_type = Some(StatefulCommand::EnumerateRps(rp_ids));
+        *stateful_command_type = Some(StatefulCommand::EnumerateRps(1));
     }
-    enumerate_rps_response(rp_id, Some(total_rps as u64))
+    // TODO https://github.com/rust-lang/rust/issues/62924 replace with pop_first()
+    enumerate_rps_response(rp_set.into_iter().next(), Some(total_rps as u64))
 }
 
 /// Processes the subcommand enumerateRPsGetNextRP for CredentialManagement.
 fn process_enumerate_rps_get_next_rp(
+    persistent_store: &PersistentStore,
     stateful_command_permission: &mut TimedPermission,
     stateful_command_type: &mut Option<StatefulCommand>,
     now: ClockValue,
 ) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
     check_command_permission(stateful_command_permission, now)?;
-    if let Some(StatefulCommand::EnumerateRps(rp_ids)) = stateful_command_type {
-        let rp_id = rp_ids.pop().ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
+    if let Some(StatefulCommand::EnumerateRps(rp_id_index)) = stateful_command_type {
+        let rp_set = get_stored_rp_ids(persistent_store)?;
+        // A BTreeSet is already sorted.
+        let rp_id = rp_set
+            .into_iter()
+            .nth(*rp_id_index)
+            .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
+        *stateful_command_type = Some(StatefulCommand::EnumerateRps(*rp_id_index + 1));
         enumerate_rps_response(Some(rp_id), None)
     } else {
         Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
@@ -305,6 +318,7 @@ pub fn process_credential_management(
         )?),
         CredentialManagementSubCommand::EnumerateRpsGetNextRp => {
             Some(process_enumerate_rps_get_next_rp(
+                persistent_store,
                 stateful_command_permission,
                 stateful_command_type,
                 now,
@@ -544,6 +558,90 @@ mod test {
         );
     }
 
+    #[test]
+    fn test_process_enumerate_rps_completeness() {
+        let mut rng = ThreadRng256 {};
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let credential_source = create_credential_source(&mut rng);
+
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+        ctap_state.pin_protocol_v1 = pin_protocol_v1;
+
+        const NUM_CREDENTIALS: usize = 20;
+        for i in 0..NUM_CREDENTIALS {
+            let mut credential = credential_source.clone();
+            credential.rp_id = i.to_string();
+            ctap_state
+                .persistent_store
+                .store_credential(credential)
+                .unwrap();
+        }
+
+        ctap_state.persistent_store.set_pin(&[0u8; 16], 4).unwrap();
+        let pin_auth = Some(vec![
+            0x1A, 0xA4, 0x96, 0xDA, 0x62, 0x80, 0x28, 0x13, 0xEB, 0x32, 0xB9, 0xF1, 0xD2, 0xA9,
+            0xD0, 0xD1,
+        ]);
+
+        let mut rp_set = BTreeSet::new();
+        // This mut is just to make the test code shorter.
+        // The command is different on the first loop iteration.
+        let mut cred_management_params = AuthenticatorCredentialManagementParameters {
+            sub_command: CredentialManagementSubCommand::EnumerateRpsBegin,
+            sub_command_params: None,
+            pin_protocol: Some(1),
+            pin_auth,
+        };
+
+        for _ in 0..NUM_CREDENTIALS {
+            let cred_management_response = process_credential_management(
+                &mut ctap_state.persistent_store,
+                &mut ctap_state.stateful_command_permission,
+                &mut ctap_state.stateful_command_type,
+                &mut ctap_state.pin_protocol_v1,
+                cred_management_params,
+                DUMMY_CLOCK_VALUE,
+            );
+            match cred_management_response.unwrap() {
+                ResponseData::AuthenticatorCredentialManagement(Some(response)) => {
+                    if rp_set.is_empty() {
+                        assert_eq!(response.total_rps, Some(NUM_CREDENTIALS as u64));
+                    } else {
+                        assert_eq!(response.total_rps, None);
+                    }
+                    let rp_id = response.rp.unwrap().rp_id;
+                    let rp_id_hash = Sha256::hash(rp_id.as_bytes());
+                    assert_eq!(rp_id_hash, response.rp_id_hash.unwrap().as_slice());
+                    assert!(!rp_set.contains(&rp_id));
+                    rp_set.insert(rp_id);
+                }
+                _ => panic!("Invalid response type"),
+            };
+            cred_management_params = AuthenticatorCredentialManagementParameters {
+                sub_command: CredentialManagementSubCommand::EnumerateRpsGetNextRp,
+                sub_command_params: None,
+                pin_protocol: None,
+                pin_auth: None,
+            };
+        }
+
+        let cred_management_response = process_credential_management(
+            &mut ctap_state.persistent_store,
+            &mut ctap_state.stateful_command_permission,
+            &mut ctap_state.stateful_command_type,
+            &mut ctap_state.pin_protocol_v1,
+            cred_management_params,
+            DUMMY_CLOCK_VALUE,
+        );
+        assert_eq!(
+            cred_management_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+        );
+    }
+
     #[test]
     fn test_process_enumerate_credentials_with_uv() {
         let mut rng = ThreadRng256 {};
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 96dbd41..49d14f4 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -165,7 +165,7 @@ pub struct AssertionState {
 pub enum StatefulCommand {
     Reset,
     GetAssertion(AssertionState),
-    EnumerateRps(Vec<String>),
+    EnumerateRps(usize),
     EnumerateCredentials(Vec<usize>),
 }
 

From 134c880212cb91f400052c33c28be38eac4e3ab8 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 19 Jan 2021 15:07:15 +0100
Subject: [PATCH 132/192] reworks command state to its own struct

---
 src/ctap/credential_management.rs |  85 +++++-------------
 src/ctap/mod.rs                   | 145 ++++++++++++++++++------------
 2 files changed, 111 insertions(+), 119 deletions(-)

diff --git a/src/ctap/credential_management.rs b/src/ctap/credential_management.rs
index dba7d36..2dbe961 100644
--- a/src/ctap/credential_management.rs
+++ b/src/ctap/credential_management.rs
@@ -22,11 +22,7 @@ use super::pin_protocol_v1::{PinPermission, PinProtocolV1};
 use super::response::{AuthenticatorCredentialManagementResponse, ResponseData};
 use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
-use super::timed_permission::TimedPermission;
-use super::{
-    check_command_permission, check_pin_uv_auth_protocol, StatefulCommand,
-    STATEFUL_COMMAND_TIMEOUT_DURATION,
-};
+use super::{check_pin_uv_auth_protocol, StatefulCommand, StatefulPermission};
 use alloc::collections::BTreeSet;
 use alloc::string::String;
 use alloc::vec;
@@ -125,8 +121,7 @@ fn process_get_creds_metadata(
 /// Processes the subcommand enumerateRPsBegin for CredentialManagement.
 fn process_enumerate_rps_begin(
     persistent_store: &PersistentStore,
-    stateful_command_permission: &mut TimedPermission,
-    stateful_command_type: &mut Option<StatefulCommand>,
+    stateful_command_permission: &mut StatefulPermission,
     now: ClockValue,
 ) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
     let rp_set = get_stored_rp_ids(persistent_store)?;
@@ -134,9 +129,7 @@ fn process_enumerate_rps_begin(
 
     // TODO(kaczmarczyck) should we return CTAP2_ERR_NO_CREDENTIALS if empty?
     if total_rps > 1 {
-        *stateful_command_permission =
-            TimedPermission::granted(now, STATEFUL_COMMAND_TIMEOUT_DURATION);
-        *stateful_command_type = Some(StatefulCommand::EnumerateRps(1));
+        stateful_command_permission.set_command(now, StatefulCommand::EnumerateRps(1));
     }
     // TODO https://github.com/rust-lang/rust/issues/62924 replace with pop_first()
     enumerate_rps_response(rp_set.into_iter().next(), Some(total_rps as u64))
@@ -145,19 +138,16 @@ fn process_enumerate_rps_begin(
 /// Processes the subcommand enumerateRPsGetNextRP for CredentialManagement.
 fn process_enumerate_rps_get_next_rp(
     persistent_store: &PersistentStore,
-    stateful_command_permission: &mut TimedPermission,
-    stateful_command_type: &mut Option<StatefulCommand>,
-    now: ClockValue,
+    stateful_command_permission: &mut StatefulPermission,
 ) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
-    check_command_permission(stateful_command_permission, now)?;
-    if let Some(StatefulCommand::EnumerateRps(rp_id_index)) = stateful_command_type {
+    if let StatefulCommand::EnumerateRps(rp_id_index) = stateful_command_permission.get_command()? {
         let rp_set = get_stored_rp_ids(persistent_store)?;
         // A BTreeSet is already sorted.
         let rp_id = rp_set
             .into_iter()
             .nth(*rp_id_index)
             .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
-        *stateful_command_type = Some(StatefulCommand::EnumerateRps(*rp_id_index + 1));
+        *rp_id_index += 1;
         enumerate_rps_response(Some(rp_id), None)
     } else {
         Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
@@ -167,8 +157,7 @@ fn process_enumerate_rps_get_next_rp(
 /// Processes the subcommand enumerateCredentialsBegin for CredentialManagement.
 fn process_enumerate_credentials_begin(
     persistent_store: &PersistentStore,
-    stateful_command_permission: &mut TimedPermission,
-    stateful_command_type: &mut Option<StatefulCommand>,
+    stateful_command_permission: &mut StatefulPermission,
     sub_command_params: CredentialManagementSubCommandParameters,
     now: ClockValue,
 ) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
@@ -194,9 +183,8 @@ fn process_enumerate_credentials_begin(
         .ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)?;
     let credential = persistent_store.get_credential(current_key)?;
     if total_credentials > 1 {
-        *stateful_command_permission =
-            TimedPermission::granted(now, STATEFUL_COMMAND_TIMEOUT_DURATION);
-        *stateful_command_type = Some(StatefulCommand::EnumerateCredentials(rp_credentials));
+        stateful_command_permission
+            .set_command(now, StatefulCommand::EnumerateCredentials(rp_credentials));
     }
     enumerate_credentials_response(credential, Some(total_credentials as u64))
 }
@@ -204,12 +192,10 @@ fn process_enumerate_credentials_begin(
 /// Processes the subcommand enumerateCredentialsGetNextCredential for CredentialManagement.
 fn process_enumerate_credentials_get_next_credential(
     persistent_store: &PersistentStore,
-    stateful_command_permission: &mut TimedPermission,
-    mut stateful_command_type: &mut Option<StatefulCommand>,
-    now: ClockValue,
+    stateful_command_permission: &mut StatefulPermission,
 ) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
-    check_command_permission(stateful_command_permission, now)?;
-    if let Some(StatefulCommand::EnumerateCredentials(rp_credentials)) = &mut stateful_command_type
+    if let StatefulCommand::EnumerateCredentials(rp_credentials) =
+        stateful_command_permission.get_command()?
     {
         let current_key = rp_credentials
             .pop()
@@ -251,8 +237,7 @@ fn process_update_user_information(
 /// Processes the CredentialManagement command and all its subcommands.
 pub fn process_credential_management(
     persistent_store: &mut PersistentStore,
-    stateful_command_permission: &mut TimedPermission,
-    mut stateful_command_type: &mut Option<StatefulCommand>,
+    stateful_command_permission: &mut StatefulPermission,
     pin_protocol_v1: &mut PinProtocolV1,
     cred_management_params: AuthenticatorCredentialManagementParameters,
     now: ClockValue,
@@ -264,17 +249,17 @@ pub fn process_credential_management(
         pin_auth,
     } = cred_management_params;
 
-    match (sub_command, &mut stateful_command_type) {
+    match (sub_command, stateful_command_permission.get_command()) {
         (
             CredentialManagementSubCommand::EnumerateRpsGetNextRp,
-            Some(StatefulCommand::EnumerateRps(_)),
-        ) => (),
-        (
+            Ok(StatefulCommand::EnumerateRps(_)),
+        )
+        | (
             CredentialManagementSubCommand::EnumerateCredentialsGetNextCredential,
-            Some(StatefulCommand::EnumerateCredentials(_)),
-        ) => (),
+            Ok(StatefulCommand::EnumerateCredentials(_)),
+        ) => stateful_command_permission.check_command_permission(now)?,
         (_, _) => {
-            *stateful_command_type = None;
+            stateful_command_permission.clear();
         }
     }
 
@@ -313,22 +298,15 @@ pub fn process_credential_management(
         CredentialManagementSubCommand::EnumerateRpsBegin => Some(process_enumerate_rps_begin(
             persistent_store,
             stateful_command_permission,
-            stateful_command_type,
             now,
         )?),
-        CredentialManagementSubCommand::EnumerateRpsGetNextRp => {
-            Some(process_enumerate_rps_get_next_rp(
-                persistent_store,
-                stateful_command_permission,
-                stateful_command_type,
-                now,
-            )?)
-        }
+        CredentialManagementSubCommand::EnumerateRpsGetNextRp => Some(
+            process_enumerate_rps_get_next_rp(persistent_store, stateful_command_permission)?,
+        ),
         CredentialManagementSubCommand::EnumerateCredentialsBegin => {
             Some(process_enumerate_credentials_begin(
                 persistent_store,
                 stateful_command_permission,
-                stateful_command_type,
                 sub_command_params.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
                 now,
             )?)
@@ -337,8 +315,6 @@ pub fn process_credential_management(
             Some(process_enumerate_credentials_get_next_credential(
                 persistent_store,
                 stateful_command_permission,
-                stateful_command_type,
-                now,
             )?)
         }
         CredentialManagementSubCommand::DeleteCredential => {
@@ -412,7 +388,6 @@ mod test {
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.stateful_command_type,
             &mut ctap_state.pin_protocol_v1,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
@@ -441,7 +416,6 @@ mod test {
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.stateful_command_type,
             &mut ctap_state.pin_protocol_v1,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
@@ -496,7 +470,6 @@ mod test {
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.stateful_command_type,
             &mut ctap_state.pin_protocol_v1,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
@@ -521,7 +494,6 @@ mod test {
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.stateful_command_type,
             &mut ctap_state.pin_protocol_v1,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
@@ -547,7 +519,6 @@ mod test {
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.stateful_command_type,
             &mut ctap_state.pin_protocol_v1,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
@@ -600,7 +571,6 @@ mod test {
             let cred_management_response = process_credential_management(
                 &mut ctap_state.persistent_store,
                 &mut ctap_state.stateful_command_permission,
-                &mut ctap_state.stateful_command_type,
                 &mut ctap_state.pin_protocol_v1,
                 cred_management_params,
                 DUMMY_CLOCK_VALUE,
@@ -631,7 +601,6 @@ mod test {
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.stateful_command_type,
             &mut ctap_state.pin_protocol_v1,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
@@ -690,7 +659,6 @@ mod test {
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.stateful_command_type,
             &mut ctap_state.pin_protocol_v1,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
@@ -714,7 +682,6 @@ mod test {
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.stateful_command_type,
             &mut ctap_state.pin_protocol_v1,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
@@ -739,7 +706,6 @@ mod test {
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.stateful_command_type,
             &mut ctap_state.pin_protocol_v1,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
@@ -793,7 +759,6 @@ mod test {
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.stateful_command_type,
             &mut ctap_state.pin_protocol_v1,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
@@ -812,7 +777,6 @@ mod test {
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.stateful_command_type,
             &mut ctap_state.pin_protocol_v1,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
@@ -872,7 +836,6 @@ mod test {
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.stateful_command_type,
             &mut ctap_state.pin_protocol_v1,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
@@ -922,7 +885,6 @@ mod test {
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.stateful_command_type,
             &mut ctap_state.pin_protocol_v1,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
@@ -950,7 +912,6 @@ mod test {
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.stateful_command_type,
             &mut ctap_state.pin_protocol_v1,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 49d14f4..46281fa 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -101,8 +101,9 @@ const ED_FLAG: u8 = 0x80;
 pub const TOUCH_TIMEOUT_MS: isize = 30000;
 #[cfg(feature = "with_ctap1")]
 const U2F_UP_PROMPT_TIMEOUT: Duration<isize> = Duration::from_ms(10000);
+// TODO(kaczmarczyck) 2.1 allows Reset after Reset and 15 seconds?
 const RESET_TIMEOUT_DURATION: Duration<isize> = Duration::from_ms(10000);
-pub const STATEFUL_COMMAND_TIMEOUT_DURATION: Duration<isize> = Duration::from_ms(30000);
+const STATEFUL_COMMAND_TIMEOUT_DURATION: Duration<isize> = Duration::from_ms(30000);
 
 pub const FIDO2_VERSION_STRING: &str = "FIDO_2_0";
 #[cfg(feature = "with_ctap1")]
@@ -169,15 +170,50 @@ pub enum StatefulCommand {
     EnumerateCredentials(Vec<usize>),
 }
 
-pub fn check_command_permission(
-    stateful_command_permission: &mut TimedPermission,
-    now: ClockValue,
-) -> Result<(), Ctap2StatusCode> {
-    *stateful_command_permission = stateful_command_permission.check_expiration(now);
-    if stateful_command_permission.is_granted(now) {
-        Ok(())
-    } else {
-        Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+pub struct StatefulPermission {
+    permission: TimedPermission,
+    command_type: Option<StatefulCommand>,
+}
+
+impl StatefulPermission {
+    // Resets are only possible in the first 10 seconds after booting.
+    // Therefore, initialization includes allowing Reset.
+    pub fn new_reset(now: ClockValue) -> StatefulPermission {
+        StatefulPermission {
+            permission: TimedPermission::granted(now, RESET_TIMEOUT_DURATION),
+            command_type: Some(StatefulCommand::Reset),
+        }
+    }
+
+    pub fn clear(&mut self) {
+        self.permission = TimedPermission::waiting();
+        self.command_type = None;
+    }
+
+    pub fn check_command_permission(&mut self, now: ClockValue) -> Result<(), Ctap2StatusCode> {
+        if self.permission.is_granted(now) {
+            Ok(())
+        } else {
+            self.clear();
+            Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+        }
+    }
+
+    pub fn get_command(&mut self) -> Result<&mut StatefulCommand, Ctap2StatusCode> {
+        self.command_type
+            .as_mut()
+            .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+    }
+
+    pub fn set_command(&mut self, now: ClockValue, new_command_type: StatefulCommand) {
+        match &new_command_type {
+            // Reset is only allowed after a power cycle.
+            StatefulCommand::Reset => unreachable!(),
+            _ => {
+                self.permission = TimedPermission::granted(now, STATEFUL_COMMAND_TIMEOUT_DURATION);
+                self.command_type = Some(new_command_type);
+            }
+        }
     }
 }
 
@@ -194,8 +230,7 @@ pub struct CtapState<'a, R: Rng256, CheckUserPresence: Fn(ChannelID) -> Result<(
     #[cfg(feature = "with_ctap1")]
     pub u2f_up_state: U2fUserPresenceState,
     // The state initializes to Reset and its timeout, and never goes back to Reset.
-    stateful_command_permission: TimedPermission,
-    stateful_command_type: Option<StatefulCommand>,
+    stateful_command_permission: StatefulPermission,
 }
 
 impl<'a, R, CheckUserPresence> CtapState<'a, R, CheckUserPresence>
@@ -220,13 +255,15 @@ where
                 U2F_UP_PROMPT_TIMEOUT,
                 Duration::from_ms(TOUCH_TIMEOUT_MS),
             ),
-            stateful_command_permission: TimedPermission::granted(now, RESET_TIMEOUT_DURATION),
-            stateful_command_type: Some(StatefulCommand::Reset),
+            stateful_command_permission: StatefulPermission::new_reset(now),
         }
     }
 
     pub fn update_command_permission(&mut self, now: ClockValue) {
-        self.stateful_command_permission = self.stateful_command_permission.check_expiration(now);
+        // Ignore the result, just update.
+        let _ = self
+            .stateful_command_permission
+            .check_command_permission(now);
     }
 
     pub fn increment_global_signature_counter(&mut self) -> Result<(), Ctap2StatusCode> {
@@ -345,27 +382,23 @@ where
                         Duration::from_ms(TOUCH_TIMEOUT_MS),
                     );
                 }
-                match (&command, &self.stateful_command_type) {
-                    (
-                        Command::AuthenticatorGetNextAssertion,
-                        Some(StatefulCommand::GetAssertion(_)),
-                    ) => (),
-                    (
+                match (&command, self.stateful_command_permission.get_command()) {
+                    (Command::AuthenticatorGetNextAssertion, Ok(StatefulCommand::GetAssertion(_)))
+                    | (Command::AuthenticatorReset, Ok(StatefulCommand::Reset))
+                    // AuthenticatorGetInfo still allows Reset.
+                    | (Command::AuthenticatorGetInfo, Ok(StatefulCommand::Reset))
+                    // AuthenticatorSelection still allows Reset.
+                    | (Command::AuthenticatorSelection, Ok(StatefulCommand::Reset))
+                    // AuthenticatorCredentialManagement handles its subcommands later.
+                    | (
                         Command::AuthenticatorCredentialManagement(_),
-                        Some(StatefulCommand::EnumerateRps(_)),
-                    ) => (),
-                    (
+                        Ok(StatefulCommand::EnumerateRps(_)),
+                    )
+                    | (
                         Command::AuthenticatorCredentialManagement(_),
-                        Some(StatefulCommand::EnumerateCredentials(_)),
+                        Ok(StatefulCommand::EnumerateCredentials(_)),
                     ) => (),
-                    (Command::AuthenticatorReset, Some(StatefulCommand::Reset)) => (),
-                    // GetInfo does not reset stateful commands.
-                    (Command::AuthenticatorGetInfo, _) => (),
-                    // AuthenticatorSelection does not reset stateful commands.
-                    (Command::AuthenticatorSelection, _) => (),
-                    (_, _) => {
-                        self.stateful_command_type = None;
-                    }
+                    (_, _) => self.stateful_command_permission.clear(),
                 }
                 let response = match command {
                     Command::AuthenticatorMakeCredential(params) => {
@@ -382,7 +415,6 @@ where
                         process_credential_management(
                             &mut self.persistent_store,
                             &mut self.stateful_command_permission,
-                            &mut self.stateful_command_type,
                             &mut self.pin_protocol_v1,
                             params,
                             now,
@@ -855,12 +887,12 @@ where
             None
         } else {
             let number_of_credentials = Some(next_credential_keys.len() + 1);
-            self.stateful_command_permission =
-                TimedPermission::granted(now, STATEFUL_COMMAND_TIMEOUT_DURATION);
-            self.stateful_command_type = Some(StatefulCommand::GetAssertion(AssertionState {
+            let assertion_state = StatefulCommand::GetAssertion(AssertionState {
                 assertion_input: assertion_input.clone(),
                 next_credential_keys,
-            }));
+            });
+            self.stateful_command_permission
+                .set_command(now, assertion_state);
             number_of_credentials
         };
         self.assertion_response(credential, assertion_input, number_of_credentials)
@@ -870,20 +902,20 @@ where
         &mut self,
         now: ClockValue,
     ) -> Result<ResponseData, Ctap2StatusCode> {
-        check_command_permission(&mut self.stateful_command_permission, now)?;
-        let (assertion_input, credential) =
-            if let Some(StatefulCommand::GetAssertion(assertion_state)) =
-                &mut self.stateful_command_type
-            {
-                let credential_key = assertion_state
-                    .next_credential_keys
-                    .pop()
-                    .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
-                let credential = self.persistent_store.get_credential(credential_key)?;
-                (assertion_state.assertion_input.clone(), credential)
-            } else {
-                return Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED);
-            };
+        self.stateful_command_permission
+            .check_command_permission(now)?;
+        let (assertion_input, credential) = if let StatefulCommand::GetAssertion(assertion_state) =
+            self.stateful_command_permission.get_command()?
+        {
+            let credential_key = assertion_state
+                .next_credential_keys
+                .pop()
+                .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
+            let credential = self.persistent_store.get_credential(credential_key)?;
+            (assertion_state.assertion_input.clone(), credential)
+        } else {
+            return Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED);
+        };
         self.assertion_response(credential, assertion_input, None)
     }
 
@@ -949,11 +981,10 @@ where
         cid: ChannelID,
         now: ClockValue,
     ) -> Result<ResponseData, Ctap2StatusCode> {
-        // Resets are only possible in the first 10 seconds after booting.
-        // TODO(kaczmarczyck) 2.1 allows Reset after Reset and 15 seconds?
-        check_command_permission(&mut self.stateful_command_permission, now)?;
-        match &self.stateful_command_type {
-            Some(StatefulCommand::Reset) => (),
+        self.stateful_command_permission
+            .check_command_permission(now)?;
+        match self.stateful_command_permission.get_command()? {
+            StatefulCommand::Reset => (),
             _ => return Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED),
         }
         (self.check_user_presence)(cid)?;

From 9296f51e19daa839fe7bf3167ea0b2b6b7aafcd1 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Wed, 20 Jan 2021 12:08:07 +0100
Subject: [PATCH 133/192] stricter API for StatefulCommandPermission

---
 src/ctap/credential_management.rs | 34 ++++---------
 src/ctap/mod.rs                   | 85 ++++++++++++++++++++++++-------
 2 files changed, 79 insertions(+), 40 deletions(-)

diff --git a/src/ctap/credential_management.rs b/src/ctap/credential_management.rs
index 2dbe961..25fe3b9 100644
--- a/src/ctap/credential_management.rs
+++ b/src/ctap/credential_management.rs
@@ -140,18 +140,14 @@ fn process_enumerate_rps_get_next_rp(
     persistent_store: &PersistentStore,
     stateful_command_permission: &mut StatefulPermission,
 ) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
-    if let StatefulCommand::EnumerateRps(rp_id_index) = stateful_command_permission.get_command()? {
-        let rp_set = get_stored_rp_ids(persistent_store)?;
-        // A BTreeSet is already sorted.
-        let rp_id = rp_set
-            .into_iter()
-            .nth(*rp_id_index)
-            .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
-        *rp_id_index += 1;
-        enumerate_rps_response(Some(rp_id), None)
-    } else {
-        Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
-    }
+    let rp_id_index = stateful_command_permission.next_enumerate_rp()?;
+    let rp_set = get_stored_rp_ids(persistent_store)?;
+    // A BTreeSet is already sorted.
+    let rp_id = rp_set
+        .into_iter()
+        .nth(rp_id_index)
+        .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
+    enumerate_rps_response(Some(rp_id), None)
 }
 
 /// Processes the subcommand enumerateCredentialsBegin for CredentialManagement.
@@ -194,17 +190,9 @@ fn process_enumerate_credentials_get_next_credential(
     persistent_store: &PersistentStore,
     stateful_command_permission: &mut StatefulPermission,
 ) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
-    if let StatefulCommand::EnumerateCredentials(rp_credentials) =
-        stateful_command_permission.get_command()?
-    {
-        let current_key = rp_credentials
-            .pop()
-            .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
-        let credential = persistent_store.get_credential(current_key)?;
-        enumerate_credentials_response(credential, None)
-    } else {
-        Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
-    }
+    let credential_key = stateful_command_permission.next_enumerate_credential()?;
+    let credential = persistent_store.get_credential(credential_key)?;
+    enumerate_credentials_response(credential, None)
 }
 
 /// Processes the subcommand deleteCredential for CredentialManagement.
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 46281fa..96d7b25 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -149,20 +149,23 @@ fn truncate_to_char_boundary(s: &str, mut max: usize) -> &str {
     }
 }
 
+/// Holds data necessary to sign an assertion for a credential.
 #[derive(Clone)]
-struct AssertionInput {
+pub struct AssertionInput {
     client_data_hash: Vec<u8>,
     auth_data: Vec<u8>,
     hmac_secret_input: Option<GetAssertionHmacSecretInput>,
     has_uv: bool,
 }
 
+/// Contains the state we need to store for GetNextAssertion.
 pub struct AssertionState {
     assertion_input: AssertionInput,
     // Sorted by ascending order of creation, so the last element is the most recent one.
     next_credential_keys: Vec<usize>,
 }
 
+/// Stores which command currently holds state for subsequent calls.
 pub enum StatefulCommand {
     Reset,
     GetAssertion(AssertionState),
@@ -170,14 +173,25 @@ pub enum StatefulCommand {
     EnumerateCredentials(Vec<usize>),
 }
 
+/// Stores the current CTAP command state and when it times out.
+///
+/// Some commands are executed in a series of calls to the authenticator.
+/// Interleaving calls to other commands interrupt the current command and
+/// remove all state and permissions. Power cycling allows the Reset command,
+/// and to prevent misuse or accidents, we disallow Reset after receiving
+/// different commands. Therefore, Reset behaves just like all other stateful
+/// commands and is included here. Please not that the allowed time for Reset
+/// differs from all other stateful commands.
 pub struct StatefulPermission {
     permission: TimedPermission,
     command_type: Option<StatefulCommand>,
 }
 
 impl StatefulPermission {
-    // Resets are only possible in the first 10 seconds after booting.
-    // Therefore, initialization includes allowing Reset.
+    /// Creates the command state at device startup.
+    ///
+    /// Resets are only possible after a power cycle. Therefore, initialization
+    /// means allowing Reset, and Reset cannot be granted later.
     pub fn new_reset(now: ClockValue) -> StatefulPermission {
         StatefulPermission {
             permission: TimedPermission::granted(now, RESET_TIMEOUT_DURATION),
@@ -185,11 +199,13 @@ impl StatefulPermission {
         }
     }
 
+    /// Clears all permissions and state.
     pub fn clear(&mut self) {
         self.permission = TimedPermission::waiting();
         self.command_type = None;
     }
 
+    /// Checks the permission timeout.
     pub fn check_command_permission(&mut self, now: ClockValue) -> Result<(), Ctap2StatusCode> {
         if self.permission.is_granted(now) {
             Ok(())
@@ -199,12 +215,14 @@ impl StatefulPermission {
         }
     }
 
-    pub fn get_command(&mut self) -> Result<&mut StatefulCommand, Ctap2StatusCode> {
+    /// Gets a reference to the current command state, if any exists.
+    pub fn get_command(&self) -> Result<&StatefulCommand, Ctap2StatusCode> {
         self.command_type
-            .as_mut()
+            .as_ref()
             .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
     }
 
+    /// Sets a new command state, and starts a new clock for timeouts.
     pub fn set_command(&mut self, now: ClockValue, new_command_type: StatefulCommand) {
         match &new_command_type {
             // Reset is only allowed after a power cycle.
@@ -215,6 +233,47 @@ impl StatefulPermission {
             }
         }
     }
+
+    /// Returns the state for the next assertion and advances it.
+    ///
+    /// The state includes all information from GetAssertion and the storage key
+    /// to the next credential that needs to be processed.
+    pub fn next_assertion_credential(
+        &mut self,
+    ) -> Result<(AssertionInput, usize), Ctap2StatusCode> {
+        if let Some(StatefulCommand::GetAssertion(assertion_state)) = &mut self.command_type {
+            let credential_key = assertion_state
+                .next_credential_keys
+                .pop()
+                .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
+            Ok((assertion_state.assertion_input.clone(), credential_key))
+        } else {
+            Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+        }
+    }
+
+    /// Returns the index to the next RP ID for enumeration and advances it.
+    pub fn next_enumerate_rp(&mut self) -> Result<usize, Ctap2StatusCode> {
+        if let Some(StatefulCommand::EnumerateRps(rp_id_index)) = &mut self.command_type {
+            let current_index = *rp_id_index;
+            *rp_id_index += 1;
+            Ok(current_index)
+        } else {
+            Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+        }
+    }
+
+    /// Returns the next storage credential key for enumeration and advances it.
+    pub fn next_enumerate_credential(&mut self) -> Result<usize, Ctap2StatusCode> {
+        if let Some(StatefulCommand::EnumerateCredentials(rp_credentials)) = &mut self.command_type
+        {
+            rp_credentials
+                .pop()
+                .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+        } else {
+            Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)
+        }
+    }
 }
 
 // This struct currently holds all state, not only the persistent memory. The persistent members are
@@ -904,18 +963,10 @@ where
     ) -> Result<ResponseData, Ctap2StatusCode> {
         self.stateful_command_permission
             .check_command_permission(now)?;
-        let (assertion_input, credential) = if let StatefulCommand::GetAssertion(assertion_state) =
-            self.stateful_command_permission.get_command()?
-        {
-            let credential_key = assertion_state
-                .next_credential_keys
-                .pop()
-                .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
-            let credential = self.persistent_store.get_credential(credential_key)?;
-            (assertion_state.assertion_input.clone(), credential)
-        } else {
-            return Err(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED);
-        };
+        let (assertion_input, credential_key) = self
+            .stateful_command_permission
+            .next_assertion_credential()?;
+        let credential = self.persistent_store.get_credential(credential_key)?;
         self.assertion_response(credential, assertion_input, None)
     }
 

From 6bf4a7edec3370f1bb3b452888f04f5f8c6caec1 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Wed, 20 Jan 2021 13:22:24 +0100
Subject: [PATCH 134/192] fix typo

---
 src/ctap/mod.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 96d7b25..8ac324c 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -180,7 +180,7 @@ pub enum StatefulCommand {
 /// remove all state and permissions. Power cycling allows the Reset command,
 /// and to prevent misuse or accidents, we disallow Reset after receiving
 /// different commands. Therefore, Reset behaves just like all other stateful
-/// commands and is included here. Please not that the allowed time for Reset
+/// commands and is included here. Please note that the allowed time for Reset
 /// differs from all other stateful commands.
 pub struct StatefulPermission {
     permission: TimedPermission,

From 8634e2ec2437eed88229f0a28a00c78016d6e3dc Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Wed, 20 Jan 2021 15:56:06 +0100
Subject: [PATCH 135/192] Make StoreUpdate generic over the byte slice
 ownership

This permits to call it without having to create a Vec<u8> when possible.
---
 libraries/persistent_store/fuzz/src/store.rs |  2 +-
 libraries/persistent_store/src/format.rs     | 17 ++++++++++++-----
 libraries/persistent_store/src/model.rs      |  4 ++--
 libraries/persistent_store/src/store.rs      | 18 +++++++++++-------
 4 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/libraries/persistent_store/fuzz/src/store.rs b/libraries/persistent_store/fuzz/src/store.rs
index 3113f77..006532b 100644
--- a/libraries/persistent_store/fuzz/src/store.rs
+++ b/libraries/persistent_store/fuzz/src/store.rs
@@ -303,7 +303,7 @@ impl<'a> Fuzzer<'a> {
     }
 
     /// Generates a possibly invalid update.
-    fn update(&mut self) -> StoreUpdate {
+    fn update(&mut self) -> StoreUpdate<Vec<u8>> {
         match self.entropy.read_range(0, 1) {
             0 => {
                 let key = self.key();
diff --git a/libraries/persistent_store/src/format.rs b/libraries/persistent_store/src/format.rs
index f575750..a70dcc4 100644
--- a/libraries/persistent_store/src/format.rs
+++ b/libraries/persistent_store/src/format.rs
@@ -20,6 +20,7 @@ use self::bitfield::Length;
 use self::bitfield::{count_zeros, num_bits, Bit, Checksum, ConstField, Field};
 use crate::{usize_to_nat, Nat, Storage, StorageIndex, StoreError, StoreResult, StoreUpdate};
 use alloc::vec::Vec;
+use core::borrow::Borrow;
 use core::cmp::min;
 use core::convert::TryFrom;
 
@@ -492,13 +493,16 @@ impl Format {
     }
 
     /// Returns the capacity required by a transaction.
-    pub fn transaction_capacity(&self, updates: &[StoreUpdate]) -> Nat {
+    pub fn transaction_capacity<ByteSlice: Borrow<[u8]>>(
+        &self,
+        updates: &[StoreUpdate<ByteSlice>],
+    ) -> Nat {
         match updates.len() {
             // An empty transaction doesn't consume anything.
             0 => 0,
             // Transactions with a single update are optimized by avoiding a marker entry.
             1 => match &updates[0] {
-                StoreUpdate::Insert { value, .. } => self.entry_size(value),
+                StoreUpdate::Insert { value, .. } => self.entry_size(value.borrow()),
                 // Transactions with a single update which is a removal don't consume anything.
                 StoreUpdate::Remove { .. } => 0,
             },
@@ -508,9 +512,9 @@ impl Format {
     }
 
     /// Returns the capacity of an update.
-    fn update_capacity(&self, update: &StoreUpdate) -> Nat {
+    fn update_capacity<ByteSlice: Borrow<[u8]>>(&self, update: &StoreUpdate<ByteSlice>) -> Nat {
         match update {
-            StoreUpdate::Insert { value, .. } => self.entry_size(value),
+            StoreUpdate::Insert { value, .. } => self.entry_size(value.borrow()),
             StoreUpdate::Remove { .. } => 1,
         }
     }
@@ -523,7 +527,10 @@ impl Format {
     /// Checks if a transaction is valid and returns its sorted keys.
     ///
     /// Returns `None` if the transaction is invalid.
-    pub fn transaction_valid(&self, updates: &[StoreUpdate]) -> Option<Vec<Nat>> {
+    pub fn transaction_valid<ByteSlice: Borrow<[u8]>>(
+        &self,
+        updates: &[StoreUpdate<ByteSlice>],
+    ) -> Option<Vec<Nat>> {
         if usize_to_nat(updates.len()) > self.max_updates() {
             return None;
         }
diff --git a/libraries/persistent_store/src/model.rs b/libraries/persistent_store/src/model.rs
index c509b03..eebc329 100644
--- a/libraries/persistent_store/src/model.rs
+++ b/libraries/persistent_store/src/model.rs
@@ -34,7 +34,7 @@ pub enum StoreOperation {
     /// Applies a transaction.
     Transaction {
         /// The list of updates to be applied.
-        updates: Vec<StoreUpdate>,
+        updates: Vec<StoreUpdate<Vec<u8>>>,
     },
 
     /// Deletes all keys above a threshold.
@@ -89,7 +89,7 @@ impl StoreModel {
     }
 
     /// Applies a transaction.
-    fn transaction(&mut self, updates: Vec<StoreUpdate>) -> StoreResult<()> {
+    fn transaction(&mut self, updates: Vec<StoreUpdate<Vec<u8>>>) -> StoreResult<()> {
         // Fail if the transaction is invalid.
         if self.format.transaction_valid(&updates).is_none() {
             return Err(StoreError::InvalidArgument);
diff --git a/libraries/persistent_store/src/store.rs b/libraries/persistent_store/src/store.rs
index f707a89..224eeb9 100644
--- a/libraries/persistent_store/src/store.rs
+++ b/libraries/persistent_store/src/store.rs
@@ -25,6 +25,7 @@ pub use crate::{
 };
 use alloc::boxed::Box;
 use alloc::vec::Vec;
+use core::borrow::Borrow;
 use core::cmp::{max, min, Ordering};
 use core::convert::TryFrom;
 use core::option::NoneError;
@@ -159,15 +160,15 @@ impl StoreHandle {
 
 /// Represents an update to the store as part of a transaction.
 #[derive(Clone, Debug)]
-pub enum StoreUpdate {
+pub enum StoreUpdate<ByteSlice: Borrow<[u8]>> {
     /// Inserts or replaces an entry in the store.
-    Insert { key: usize, value: Vec<u8> },
+    Insert { key: usize, value: ByteSlice },
 
     /// Removes an entry from the store.
     Remove { key: usize },
 }
 
-impl StoreUpdate {
+impl<ByteSlice: Borrow<[u8]>> StoreUpdate<ByteSlice> {
     /// Returns the key affected by the update.
     pub fn key(&self) -> usize {
         match *self {
@@ -179,7 +180,7 @@ impl StoreUpdate {
     /// Returns the value written by the update.
     pub fn value(&self) -> Option<&[u8]> {
         match self {
-            StoreUpdate::Insert { value, .. } => Some(value),
+            StoreUpdate::Insert { value, .. } => Some(value.borrow()),
             StoreUpdate::Remove { .. } => None,
         }
     }
@@ -280,14 +281,17 @@ impl<S: Storage> Store<S> {
     /// - There are too many updates.
     /// - The updates overlap, i.e. their keys are not disjoint.
     /// - The updates are invalid, e.g. key out of bound or value too long.
-    pub fn transaction(&mut self, updates: &[StoreUpdate]) -> StoreResult<()> {
+    pub fn transaction<ByteSlice: Borrow<[u8]>>(
+        &mut self,
+        updates: &[StoreUpdate<ByteSlice>],
+    ) -> StoreResult<()> {
         let count = usize_to_nat(updates.len());
         if count == 0 {
             return Ok(());
         }
         if count == 1 {
             match updates[0] {
-                StoreUpdate::Insert { key, ref value } => return self.insert(key, value),
+                StoreUpdate::Insert { key, ref value } => return self.insert(key, value.borrow()),
                 StoreUpdate::Remove { key } => return self.remove(key),
             }
         }
@@ -310,7 +314,7 @@ impl<S: Storage> Store<S> {
         for update in updates {
             let length = match *update {
                 StoreUpdate::Insert { key, ref value } => {
-                    let entry = self.format.build_user(usize_to_nat(key), value)?;
+                    let entry = self.format.build_user(usize_to_nat(key), value.borrow())?;
                     let word_size = self.format.word_size();
                     let footer = usize_to_nat(entry.len()) / word_size - 1;
                     self.write_slice(tail, &entry[..(footer * word_size) as usize])?;

From 14189a398addfc273e179b84d43ecce4f3666258 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Wed, 20 Jan 2021 18:46:38 +0100
Subject: [PATCH 136/192] implements the credBlob extensions

---
 README.md                         |   2 +
 src/ctap/command.rs               |  42 ++--
 src/ctap/credential_management.rs |   2 +
 src/ctap/data_formats.rs          |  47 +++-
 src/ctap/mod.rs                   | 359 +++++++++++++++++++++++-------
 src/ctap/storage.rs               |   6 +-
 6 files changed, 356 insertions(+), 102 deletions(-)

diff --git a/README.md b/README.md
index 0691fb8..da46d7f 100644
--- a/README.md
+++ b/README.md
@@ -123,6 +123,8 @@ a few things you can personalize:
     allows some relying parties to read the minimum PIN length by default. The
     latter allows storing more relying parties that may check the minimum PIN
     length.
+1.  Increase the `MAX_CRED_BLOB_LENGTH` in `ctap/mod.rs`, if you expect blobs
+    bigger than the default value.
 
 ### 3D printed enclosure
 
diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index 620a06f..128c4b4 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -147,8 +147,9 @@ pub struct AuthenticatorMakeCredentialParameters {
     pub user: PublicKeyCredentialUserEntity,
     pub pub_key_cred_params: Vec<PublicKeyCredentialParameter>,
     pub exclude_list: Option<Vec<PublicKeyCredentialDescriptor>>,
-    pub extensions: Option<MakeCredentialExtensions>,
-    // Even though options are optional, we can use the default if not present.
+    // Extensions are optional, but we can use defaults for all missing fields.
+    pub extensions: MakeCredentialExtensions,
+    // Same for options, use defaults when not present.
     pub options: MakeCredentialOptions,
     pub pin_uv_auth_param: Option<Vec<u8>>,
     pub pin_uv_auth_protocol: Option<u64>,
@@ -198,15 +199,13 @@ impl TryFrom<cbor::Value> for AuthenticatorMakeCredentialParameters {
 
         let extensions = extensions
             .map(MakeCredentialExtensions::try_from)
-            .transpose()?;
+            .transpose()?
+            .unwrap_or_default();
 
-        let options = match options {
-            Some(entry) => MakeCredentialOptions::try_from(entry)?,
-            None => MakeCredentialOptions {
-                rk: false,
-                uv: false,
-            },
-        };
+        let options = options
+            .map(MakeCredentialOptions::try_from)
+            .transpose()?
+            .unwrap_or_default();
 
         let pin_uv_auth_param = pin_uv_auth_param.map(extract_byte_string).transpose()?;
         let pin_uv_auth_protocol = pin_uv_auth_protocol.map(extract_unsigned).transpose()?;
@@ -230,8 +229,9 @@ pub struct AuthenticatorGetAssertionParameters {
     pub rp_id: String,
     pub client_data_hash: Vec<u8>,
     pub allow_list: Option<Vec<PublicKeyCredentialDescriptor>>,
-    pub extensions: Option<GetAssertionExtensions>,
-    // Even though options are optional, we can use the default if not present.
+    // Extensions are optional, but we can use defaults for all missing fields.
+    pub extensions: GetAssertionExtensions,
+    // Same for options, use defaults when not present.
     pub options: GetAssertionOptions,
     pub pin_uv_auth_param: Option<Vec<u8>>,
     pub pin_uv_auth_protocol: Option<u64>,
@@ -272,15 +272,13 @@ impl TryFrom<cbor::Value> for AuthenticatorGetAssertionParameters {
 
         let extensions = extensions
             .map(GetAssertionExtensions::try_from)
-            .transpose()?;
+            .transpose()?
+            .unwrap_or_default();
 
-        let options = match options {
-            Some(entry) => GetAssertionOptions::try_from(entry)?,
-            None => GetAssertionOptions {
-                up: true,
-                uv: false,
-            },
-        };
+        let options = options
+            .map(GetAssertionOptions::try_from)
+            .transpose()?
+            .unwrap_or_default();
 
         let pin_uv_auth_param = pin_uv_auth_param.map(extract_byte_string).transpose()?;
         let pin_uv_auth_protocol = pin_uv_auth_protocol.map(extract_unsigned).transpose()?;
@@ -545,7 +543,7 @@ mod test {
             user,
             pub_key_cred_params: vec![ES256_CRED_PARAM],
             exclude_list: Some(vec![]),
-            extensions: None,
+            extensions: MakeCredentialExtensions::default(),
             options,
             pin_uv_auth_param: Some(vec![0x12, 0x34]),
             pin_uv_auth_protocol: Some(1),
@@ -591,7 +589,7 @@ mod test {
             rp_id,
             client_data_hash,
             allow_list: Some(vec![pub_key_cred_descriptor]),
-            extensions: None,
+            extensions: GetAssertionExtensions::default(),
             options,
             pin_uv_auth_param: Some(vec![0x12, 0x34]),
             pin_uv_auth_protocol: Some(1),
diff --git a/src/ctap/credential_management.rs b/src/ctap/credential_management.rs
index 25fe3b9..7681fa1 100644
--- a/src/ctap/credential_management.rs
+++ b/src/ctap/credential_management.rs
@@ -80,6 +80,7 @@ fn enumerate_credentials_response(
         creation_order: _,
         user_name,
         user_icon,
+        cred_blob: _,
     } = credential;
     let user = PublicKeyCredentialUserEntity {
         user_id: user_handle,
@@ -346,6 +347,7 @@ mod test {
             creation_order: 0,
             user_name: Some("name".to_string()),
             user_icon: Some("icon".to_string()),
+            cred_blob: None,
         }
     }
 
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index 9d4d10f..da992f8 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -275,11 +275,13 @@ impl From<PublicKeyCredentialDescriptor> for cbor::Value {
     }
 }
 
+#[derive(Default)]
 #[cfg_attr(any(test, feature = "debug_ctap"), derive(Clone, Debug, PartialEq))]
 pub struct MakeCredentialExtensions {
     pub hmac_secret: bool,
     pub cred_protect: Option<CredentialProtectionPolicy>,
     pub min_pin_length: bool,
+    pub cred_blob: Option<Vec<u8>>,
 }
 
 impl TryFrom<cbor::Value> for MakeCredentialExtensions {
@@ -288,6 +290,7 @@ impl TryFrom<cbor::Value> for MakeCredentialExtensions {
     fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
         destructure_cbor_map! {
             let {
+                "credBlob" => cred_blob,
                 "credProtect" => cred_protect,
                 "hmac-secret" => hmac_secret,
                 "minPinLength" => min_pin_length,
@@ -299,17 +302,21 @@ impl TryFrom<cbor::Value> for MakeCredentialExtensions {
             .map(CredentialProtectionPolicy::try_from)
             .transpose()?;
         let min_pin_length = min_pin_length.map_or(Ok(false), extract_bool)?;
+        let cred_blob = cred_blob.map(extract_byte_string).transpose()?;
         Ok(Self {
             hmac_secret,
             cred_protect,
             min_pin_length,
+            cred_blob,
         })
     }
 }
 
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Clone, Debug, PartialEq))]
+#[derive(Clone, Default)]
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
 pub struct GetAssertionExtensions {
     pub hmac_secret: Option<GetAssertionHmacSecretInput>,
+    pub cred_blob: bool,
 }
 
 impl TryFrom<cbor::Value> for GetAssertionExtensions {
@@ -318,6 +325,7 @@ impl TryFrom<cbor::Value> for GetAssertionExtensions {
     fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
         destructure_cbor_map! {
             let {
+                "credBlob" => cred_blob,
                 "hmac-secret" => hmac_secret,
             } = extract_map(cbor_value)?;
         }
@@ -325,7 +333,11 @@ impl TryFrom<cbor::Value> for GetAssertionExtensions {
         let hmac_secret = hmac_secret
             .map(GetAssertionHmacSecretInput::try_from)
             .transpose()?;
-        Ok(Self { hmac_secret })
+        let cred_blob = cred_blob.map_or(Ok(false), extract_bool)?;
+        Ok(Self {
+            hmac_secret,
+            cred_blob,
+        })
     }
 }
 
@@ -361,6 +373,7 @@ impl TryFrom<cbor::Value> for GetAssertionHmacSecretInput {
 }
 
 // Even though options are optional, we can use the default if not present.
+#[derive(Default)]
 #[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
 pub struct MakeCredentialOptions {
     pub rk: bool,
@@ -400,6 +413,15 @@ pub struct GetAssertionOptions {
     pub uv: bool,
 }
 
+impl Default for GetAssertionOptions {
+    fn default() -> Self {
+        GetAssertionOptions {
+            up: true,
+            uv: false,
+        }
+    }
+}
+
 impl TryFrom<cbor::Value> for GetAssertionOptions {
     type Error = Ctap2StatusCode;
 
@@ -523,6 +545,7 @@ pub struct PublicKeyCredentialSource {
     pub creation_order: u64,
     pub user_name: Option<String>,
     pub user_icon: Option<String>,
+    pub cred_blob: Option<Vec<u8>>,
 }
 
 // We serialize credentials for the persistent storage using CBOR maps. Each field of a credential
@@ -537,6 +560,7 @@ enum PublicKeyCredentialSourceField {
     CreationOrder = 7,
     UserName = 8,
     UserIcon = 9,
+    CredBlob = 10,
     // When a field is removed, its tag should be reserved and not used for new fields. We document
     // those reserved tags below.
     // Reserved tags:
@@ -563,6 +587,7 @@ impl From<PublicKeyCredentialSource> for cbor::Value {
             PublicKeyCredentialSourceField::CreationOrder => credential.creation_order,
             PublicKeyCredentialSourceField::UserName => credential.user_name,
             PublicKeyCredentialSourceField::UserIcon => credential.user_icon,
+            PublicKeyCredentialSourceField::CredBlob => credential.cred_blob,
         }
     }
 }
@@ -582,6 +607,7 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialSource {
                 PublicKeyCredentialSourceField::CreationOrder => creation_order,
                 PublicKeyCredentialSourceField::UserName => user_name,
                 PublicKeyCredentialSourceField::UserIcon => user_icon,
+                PublicKeyCredentialSourceField::CredBlob => cred_blob,
             } = extract_map(cbor_value)?;
         }
 
@@ -601,6 +627,7 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialSource {
         let creation_order = creation_order.map(extract_unsigned).unwrap_or(Ok(0))?;
         let user_name = user_name.map(extract_text_string).transpose()?;
         let user_icon = user_icon.map(extract_text_string).transpose()?;
+        let cred_blob = cred_blob.map(extract_byte_string).transpose()?;
         // We don't return whether there were unknown fields in the CBOR value. This means that
         // deserialization is not injective. In particular deserialization is only an inverse of
         // serialization at a given version of OpenSK. This is not a problem because:
@@ -622,6 +649,7 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialSource {
             creation_order,
             user_name,
             user_icon,
+            cred_blob,
         })
     }
 }
@@ -1493,12 +1521,14 @@ mod test {
             "hmac-secret" => true,
             "credProtect" => CredentialProtectionPolicy::UserVerificationRequired,
             "minPinLength" => true,
+            "credBlob" => vec![0xCB],
         };
         let extensions = MakeCredentialExtensions::try_from(cbor_extensions);
         let expected_extensions = MakeCredentialExtensions {
             hmac_secret: true,
             cred_protect: Some(CredentialProtectionPolicy::UserVerificationRequired),
             min_pin_length: true,
+            cred_blob: Some(vec![0xCB]),
         };
         assert_eq!(extensions, Ok(expected_extensions));
     }
@@ -1515,6 +1545,7 @@ mod test {
                 2 => vec![0x02; 32],
                 3 => vec![0x03; 16],
             },
+            "credBlob" => true,
         };
         let extensions = GetAssertionExtensions::try_from(cbor_extensions);
         let expected_input = GetAssertionHmacSecretInput {
@@ -1524,6 +1555,7 @@ mod test {
         };
         let expected_extensions = GetAssertionExtensions {
             hmac_secret: Some(expected_input),
+            cred_blob: true,
         };
         assert_eq!(extensions, Ok(expected_extensions));
     }
@@ -1816,6 +1848,7 @@ mod test {
             creation_order: 0,
             user_name: None,
             user_icon: None,
+            cred_blob: None,
         };
 
         assert_eq!(
@@ -1858,6 +1891,16 @@ mod test {
             ..credential
         };
 
+        assert_eq!(
+            PublicKeyCredentialSource::try_from(cbor::Value::from(credential.clone())),
+            Ok(credential.clone())
+        );
+
+        let credential = PublicKeyCredentialSource {
+            cred_blob: Some(vec![0xCB]),
+            ..credential
+        };
+
         assert_eq!(
             PublicKeyCredentialSource::try_from(cbor::Value::from(credential.clone())),
             Ok(credential)
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 8ac324c..6ffd108 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -35,7 +35,7 @@ use self::command::{
 use self::config_command::process_config;
 use self::credential_management::process_credential_management;
 use self::data_formats::{
-    AuthenticatorTransport, CoseKey, CredentialProtectionPolicy, GetAssertionHmacSecretInput,
+    AuthenticatorTransport, CoseKey, CredentialProtectionPolicy, GetAssertionExtensions,
     PackedAttestationStatement, PublicKeyCredentialDescriptor, PublicKeyCredentialParameter,
     PublicKeyCredentialSource, PublicKeyCredentialType, PublicKeyCredentialUserEntity,
     SignatureAlgorithm,
@@ -47,17 +47,18 @@ use self::response::{
     AuthenticatorMakeCredentialResponse, AuthenticatorVendorResponse, ResponseData,
 };
 use self::status_code::Ctap2StatusCode;
-use self::storage::PersistentStore;
+use self::storage::{PersistentStore, MAX_RP_IDS_LENGTH};
 use self::timed_permission::TimedPermission;
 #[cfg(feature = "with_ctap1")]
 use self::timed_permission::U2fUserPresenceState;
+use alloc::boxed::Box;
 use alloc::collections::BTreeMap;
 use alloc::string::{String, ToString};
 use alloc::vec;
 use alloc::vec::Vec;
 use arrayref::array_ref;
 use byteorder::{BigEndian, ByteOrder};
-use cbor::{cbor_map, cbor_map_options};
+use cbor::cbor_map_options;
 #[cfg(feature = "debug_ctap")]
 use core::fmt::Write;
 use crypto::cbc::{cbc_decrypt, cbc_encrypt};
@@ -124,6 +125,8 @@ pub const ES256_CRED_PARAM: PublicKeyCredentialParameter = PublicKeyCredentialPa
 // - Some(CredentialProtectionPolicy::UserVerificationOptionalWithCredentialIdList)
 // - Some(CredentialProtectionPolicy::UserVerificationRequired)
 const DEFAULT_CRED_PROTECT: Option<CredentialProtectionPolicy> = None;
+// Maximum size stored with the credBlob extension. Must be at least 32.
+const MAX_CRED_BLOB_LENGTH: usize = 32;
 
 // Checks the PIN protocol parameter against all supported versions.
 pub fn check_pin_uv_auth_protocol(
@@ -154,7 +157,7 @@ fn truncate_to_char_boundary(s: &str, mut max: usize) -> &str {
 pub struct AssertionInput {
     client_data_hash: Vec<u8>,
     auth_data: Vec<u8>,
-    hmac_secret_input: Option<GetAssertionHmacSecretInput>,
+    extensions: GetAssertionExtensions,
     has_uv: bool,
 }
 
@@ -168,7 +171,7 @@ pub struct AssertionState {
 /// Stores which command currently holds state for subsequent calls.
 pub enum StatefulCommand {
     Reset,
-    GetAssertion(AssertionState),
+    GetAssertion(Box<AssertionState>),
     EnumerateRps(usize),
     EnumerateCredentials(Vec<usize>),
 }
@@ -419,6 +422,7 @@ where
             creation_order: 0,
             user_name: None,
             user_icon: None,
+            cred_blob: None,
         }))
     }
 
@@ -558,27 +562,31 @@ where
         }
 
         let rp_id = rp.rp_id;
-        let (use_hmac_extension, cred_protect_policy, min_pin_length) =
-            if let Some(extensions) = extensions {
-                let mut cred_protect = extensions.cred_protect;
-                if cred_protect.unwrap_or(CredentialProtectionPolicy::UserVerificationOptional)
-                    < DEFAULT_CRED_PROTECT
-                        .unwrap_or(CredentialProtectionPolicy::UserVerificationOptional)
-                {
-                    cred_protect = DEFAULT_CRED_PROTECT;
-                }
-                let min_pin_length = extensions.min_pin_length
-                    && self
-                        .persistent_store
-                        .min_pin_length_rp_ids()?
-                        .contains(&rp_id);
-                (extensions.hmac_secret, cred_protect, min_pin_length)
-            } else {
-                (false, DEFAULT_CRED_PROTECT, false)
-            };
-
-        let has_extension_output =
-            use_hmac_extension || cred_protect_policy.is_some() || min_pin_length;
+        let mut cred_protect_policy = extensions.cred_protect;
+        if cred_protect_policy.unwrap_or(CredentialProtectionPolicy::UserVerificationOptional)
+            < DEFAULT_CRED_PROTECT.unwrap_or(CredentialProtectionPolicy::UserVerificationOptional)
+        {
+            cred_protect_policy = DEFAULT_CRED_PROTECT;
+        }
+        let min_pin_length = extensions.min_pin_length
+            && self
+                .persistent_store
+                .min_pin_length_rp_ids()?
+                .contains(&rp_id);
+        // None for no input, false for invalid input, true for valid input.
+        let has_cred_blob_output = extensions.cred_blob.is_some();
+        let cred_blob = extensions
+            .cred_blob
+            .filter(|c| options.rk && c.len() <= MAX_CRED_BLOB_LENGTH);
+        let cred_blob_output = if has_cred_blob_output {
+            Some(cred_blob.is_some())
+        } else {
+            None
+        };
+        let has_extension_output = extensions.hmac_secret
+            || cred_protect_policy.is_some()
+            || min_pin_length
+            || has_cred_blob_output;
 
         let rp_id_hash = Sha256::hash(rp_id.as_bytes());
         if let Some(exclude_list) = exclude_list {
@@ -656,6 +664,7 @@ where
                 user_icon: user
                     .user_icon
                     .map(|s| truncate_to_char_boundary(&s, 64).to_string()),
+                cred_blob,
             };
             self.persistent_store.store_credential(credential_source)?;
             random_id
@@ -675,7 +684,11 @@ where
             return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
         }
         if has_extension_output {
-            let hmac_secret_output = if use_hmac_extension { Some(true) } else { None };
+            let hmac_secret_output = if extensions.hmac_secret {
+                Some(true)
+            } else {
+                None
+            };
             let min_pin_length_output = if min_pin_length {
                 Some(self.persistent_store.min_pin_length()? as u64)
             } else {
@@ -685,6 +698,7 @@ where
                 "hmac-secret" => hmac_secret_output,
                 "credProtect" => cred_protect_policy,
                 "minPinLength" => min_pin_length_output,
+                "credBlob" => cred_blob_output,
             };
             if !cbor::write(extensions_output, &mut auth_data) {
                 return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
@@ -754,18 +768,30 @@ where
         let AssertionInput {
             client_data_hash,
             mut auth_data,
-            hmac_secret_input,
+            extensions,
             has_uv,
         } = assertion_input;
 
         // Process extensions.
-        if let Some(hmac_secret_input) = hmac_secret_input {
-            let cred_random = self.generate_cred_random(&credential.private_key, has_uv)?;
-            let encrypted_output = self
-                .pin_protocol_v1
-                .process_hmac_secret(hmac_secret_input, &cred_random)?;
-            let extensions_output = cbor_map! {
+        if extensions.hmac_secret.is_some() || extensions.cred_blob {
+            let encrypted_output = if let Some(hmac_secret_input) = extensions.hmac_secret {
+                let cred_random = self.generate_cred_random(&credential.private_key, has_uv)?;
+                Some(
+                    self.pin_protocol_v1
+                        .process_hmac_secret(hmac_secret_input, &cred_random)?,
+                )
+            } else {
+                None
+            };
+            // This could be written more nicely with `then_some` when stable.
+            let cred_blob = if extensions.cred_blob {
+                Some(credential.cred_blob.unwrap_or_default())
+            } else {
+                None
+            };
+            let extensions_output = cbor_map_options! {
                 "hmac-secret" => encrypted_output,
+                "credBlob" => cred_blob,
             };
             if !cbor::write(extensions_output, &mut auth_data) {
                 return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
@@ -854,8 +880,7 @@ where
 
         self.pin_uv_auth_precheck(&pin_uv_auth_param, pin_uv_auth_protocol, cid)?;
 
-        let hmac_secret_input = extensions.map(|e| e.hmac_secret).flatten();
-        if hmac_secret_input.is_some() && !options.up {
+        if extensions.hmac_secret.is_some() && !options.up {
             // The extension is actually supported, but we need user presence.
             return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_OPTION);
         }
@@ -891,7 +916,7 @@ where
         if options.up {
             flags |= UP_FLAG;
         }
-        if hmac_secret_input.is_some() {
+        if extensions.hmac_secret.is_some() || extensions.cred_blob {
             flags |= ED_FLAG;
         }
 
@@ -939,17 +964,17 @@ where
         let assertion_input = AssertionInput {
             client_data_hash,
             auth_data: self.generate_auth_data(&rp_id_hash, flags)?,
-            hmac_secret_input,
+            extensions,
             has_uv,
         };
         let number_of_credentials = if next_credential_keys.is_empty() {
             None
         } else {
             let number_of_credentials = Some(next_credential_keys.len() + 1);
-            let assertion_state = StatefulCommand::GetAssertion(AssertionState {
+            let assertion_state = StatefulCommand::GetAssertion(Box::new(AssertionState {
                 assertion_input: assertion_input.clone(),
                 next_credential_keys,
-            });
+            }));
             self.stateful_command_permission
                 .set_command(now, assertion_state);
             number_of_credentials
@@ -993,22 +1018,21 @@ where
                     String::from("hmac-secret"),
                     String::from("credProtect"),
                     String::from("minPinLength"),
+                    String::from("credBlob"),
                 ]),
                 aaguid: self.persistent_store.aaguid()?,
                 options: Some(options_map),
                 max_msg_size: Some(1024),
                 pin_protocols: Some(vec![PIN_PROTOCOL_VERSION]),
                 max_credential_count_in_list: MAX_CREDENTIAL_COUNT_IN_LIST.map(|c| c as u64),
-                // TODO(#106) update with version 2.1 of HMAC-secret
                 max_credential_id_length: Some(CREDENTIAL_ID_SIZE as u64),
                 transports: Some(vec![AuthenticatorTransport::Usb]),
                 algorithms: Some(vec![ES256_CRED_PARAM]),
                 default_cred_protect: DEFAULT_CRED_PROTECT,
                 min_pin_length: self.persistent_store.min_pin_length()?,
                 firmware_version: None,
-                max_cred_blob_length: None,
-                // TODO(kaczmarczyck) update when extension is implemented
-                max_rp_ids_for_set_min_pin_length: None,
+                max_cred_blob_length: Some(MAX_CRED_BLOB_LENGTH as u64),
+                max_rp_ids_for_set_min_pin_length: Some(MAX_RP_IDS_LENGTH as u64),
                 remaining_discoverable_credentials: Some(
                     self.persistent_store.remaining_credentials()? as u64,
                 ),
@@ -1149,11 +1173,11 @@ where
 mod test {
     use super::command::AuthenticatorAttestationMaterial;
     use super::data_formats::{
-        CoseKey, GetAssertionExtensions, GetAssertionOptions, MakeCredentialExtensions,
+        CoseKey, GetAssertionHmacSecretInput, GetAssertionOptions, MakeCredentialExtensions,
         MakeCredentialOptions, PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity,
     };
     use super::*;
-    use cbor::cbor_array;
+    use cbor::{cbor_array, cbor_map};
     use crypto::rng256::ThreadRng256;
 
     const CLOCK_FREQUENCY_HZ: usize = 32768;
@@ -1209,7 +1233,7 @@ mod test {
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
         let info_reponse = ctap_state.process_command(&[0x04], DUMMY_CHANNEL_ID, DUMMY_CLOCK_VALUE);
 
-        let mut expected_response = vec![0x00, 0xAB, 0x01];
+        let mut expected_response = vec![0x00, 0xAD, 0x01];
         // The version array differs with CTAP1, always including 2.0 and 2.1.
         #[cfg(not(feature = "with_ctap1"))]
         let version_count = 2;
@@ -1221,10 +1245,11 @@ mod test {
         expected_response.extend(
             [
                 0x68, 0x46, 0x49, 0x44, 0x4F, 0x5F, 0x32, 0x5F, 0x30, 0x6C, 0x46, 0x49, 0x44, 0x4F,
-                0x5F, 0x32, 0x5F, 0x31, 0x5F, 0x50, 0x52, 0x45, 0x02, 0x83, 0x6B, 0x68, 0x6D, 0x61,
+                0x5F, 0x32, 0x5F, 0x31, 0x5F, 0x50, 0x52, 0x45, 0x02, 0x84, 0x6B, 0x68, 0x6D, 0x61,
                 0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x6B, 0x63, 0x72, 0x65, 0x64, 0x50,
                 0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, 0x6C, 0x6D, 0x69, 0x6E, 0x50, 0x69, 0x6E, 0x4C,
-                0x65, 0x6E, 0x67, 0x74, 0x68, 0x03, 0x50,
+                0x65, 0x6E, 0x67, 0x74, 0x68, 0x68, 0x63, 0x72, 0x65, 0x64, 0x42, 0x6C, 0x6F, 0x62,
+                0x03, 0x50,
             ]
             .iter(),
         );
@@ -1237,7 +1262,7 @@ mod test {
                 0x65, 0x6E, 0x67, 0x74, 0x68, 0xF5, 0x05, 0x19, 0x04, 0x00, 0x06, 0x81, 0x01, 0x08,
                 0x18, 0x70, 0x09, 0x81, 0x63, 0x75, 0x73, 0x62, 0x0A, 0x81, 0xA2, 0x63, 0x61, 0x6C,
                 0x67, 0x26, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6A, 0x70, 0x75, 0x62, 0x6C, 0x69, 0x63,
-                0x2D, 0x6B, 0x65, 0x79, 0x0D, 0x04, 0x14, 0x18, 0x96,
+                0x2D, 0x6B, 0x65, 0x79, 0x0D, 0x04, 0x0F, 0x18, 0x20, 0x10, 0x08, 0x14, 0x18, 0x96,
             ]
             .iter(),
         );
@@ -1269,7 +1294,7 @@ mod test {
             user,
             pub_key_cred_params,
             exclude_list: None,
-            extensions: None,
+            extensions: MakeCredentialExtensions::default(),
             options,
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
@@ -1293,11 +1318,12 @@ mod test {
     fn create_make_credential_parameters_with_cred_protect_policy(
         policy: CredentialProtectionPolicy,
     ) -> AuthenticatorMakeCredentialParameters {
-        let extensions = Some(MakeCredentialExtensions {
+        let extensions = MakeCredentialExtensions {
             hmac_secret: false,
             cred_protect: Some(policy),
             min_pin_length: false,
-        });
+            cred_blob: None,
+        };
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.extensions = extensions;
         make_credential_params
@@ -1380,6 +1406,7 @@ mod test {
             creation_order: 0,
             user_name: None,
             user_icon: None,
+            cred_blob: None,
         };
         assert!(ctap_state
             .persistent_store
@@ -1458,11 +1485,12 @@ mod test {
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
-        let extensions = Some(MakeCredentialExtensions {
+        let extensions = MakeCredentialExtensions {
             hmac_secret: true,
             cred_protect: None,
             min_pin_length: false,
-        });
+            cred_blob: None,
+        };
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.options.rk = false;
         make_credential_params.extensions = extensions;
@@ -1487,11 +1515,12 @@ mod test {
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
-        let extensions = Some(MakeCredentialExtensions {
+        let extensions = MakeCredentialExtensions {
             hmac_secret: true,
             cred_protect: None,
             min_pin_length: false,
-        });
+            cred_blob: None,
+        };
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.extensions = extensions;
         let make_credential_response =
@@ -1516,11 +1545,12 @@ mod test {
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         // First part: The extension is ignored, since the RP ID is not on the list.
-        let extensions = Some(MakeCredentialExtensions {
+        let extensions = MakeCredentialExtensions {
             hmac_secret: false,
             cred_protect: None,
             min_pin_length: true,
-        });
+            cred_blob: None,
+        };
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.extensions = extensions;
         let make_credential_response =
@@ -1541,11 +1571,12 @@ mod test {
             Ok(())
         );
 
-        let extensions = Some(MakeCredentialExtensions {
+        let extensions = MakeCredentialExtensions {
             hmac_secret: false,
             cred_protect: None,
             min_pin_length: true,
-        });
+            cred_blob: None,
+        };
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.extensions = extensions;
         let make_credential_response =
@@ -1563,6 +1594,82 @@ mod test {
         );
     }
 
+    #[test]
+    fn test_process_make_credential_cred_blob_ok() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+
+        let extensions = MakeCredentialExtensions {
+            hmac_secret: false,
+            cred_protect: None,
+            min_pin_length: false,
+            cred_blob: Some(vec![0xCB]),
+        };
+        let mut make_credential_params = create_minimal_make_credential_parameters();
+        make_credential_params.extensions = extensions;
+        let make_credential_response =
+            ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
+        let expected_extension_cbor = [
+            0xA1, 0x68, 0x63, 0x72, 0x65, 0x64, 0x42, 0x6C, 0x6F, 0x62, 0xF5,
+        ];
+        check_make_response(
+            make_credential_response,
+            0xC1,
+            &ctap_state.persistent_store.aaguid().unwrap(),
+            0x20,
+            &expected_extension_cbor,
+        );
+
+        let mut iter_result = Ok(());
+        let iter = ctap_state
+            .persistent_store
+            .iter_credentials(&mut iter_result)
+            .unwrap();
+        // There is only 1 credential, so last is good enough.
+        let (_, stored_credential) = iter.last().unwrap();
+        iter_result.unwrap();
+        assert_eq!(stored_credential.cred_blob, Some(vec![0xCB]));
+    }
+
+    #[test]
+    fn test_process_make_credential_cred_blob_too_big() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+
+        let extensions = MakeCredentialExtensions {
+            hmac_secret: false,
+            cred_protect: None,
+            min_pin_length: false,
+            cred_blob: Some(vec![0xCB; MAX_CRED_BLOB_LENGTH + 1]),
+        };
+        let mut make_credential_params = create_minimal_make_credential_parameters();
+        make_credential_params.extensions = extensions;
+        let make_credential_response =
+            ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
+        let expected_extension_cbor = [
+            0xA1, 0x68, 0x63, 0x72, 0x65, 0x64, 0x42, 0x6C, 0x6F, 0x62, 0xF4,
+        ];
+        check_make_response(
+            make_credential_response,
+            0xC1,
+            &ctap_state.persistent_store.aaguid().unwrap(),
+            0x20,
+            &expected_extension_cbor,
+        );
+
+        let mut iter_result = Ok(());
+        let iter = ctap_state
+            .persistent_store
+            .iter_credentials(&mut iter_result)
+            .unwrap();
+        // There is only 1 credential, so last is good enough.
+        let (_, stored_credential) = iter.last().unwrap();
+        iter_result.unwrap();
+        assert_eq!(stored_credential.cred_blob, None);
+    }
+
     #[test]
     fn test_process_make_credential_cancelled() {
         let mut rng = ThreadRng256 {};
@@ -1586,6 +1693,7 @@ mod test {
         flags: u8,
         signature_counter: u32,
         expected_number_of_credentials: Option<u64>,
+        expected_extension_cbor: &[u8],
     ) {
         match response.unwrap() {
             ResponseData::AuthenticatorGetAssertion(get_assertion_response) => {
@@ -1605,6 +1713,7 @@ mod test {
                     &mut expected_auth_data[signature_counter_position..],
                     signature_counter,
                 );
+                expected_auth_data.extend(expected_extension_cbor);
                 assert_eq!(auth_data, expected_auth_data);
                 assert_eq!(user, Some(expected_user));
                 assert_eq!(number_of_credentials, expected_number_of_credentials);
@@ -1613,6 +1722,29 @@ mod test {
         }
     }
 
+    fn check_assertion_response_with_extension(
+        response: Result<ResponseData, Ctap2StatusCode>,
+        expected_user_id: Vec<u8>,
+        signature_counter: u32,
+        expected_number_of_credentials: Option<u64>,
+        expected_extension_cbor: &[u8],
+    ) {
+        let expected_user = PublicKeyCredentialUserEntity {
+            user_id: expected_user_id,
+            user_name: None,
+            user_display_name: None,
+            user_icon: None,
+        };
+        check_assertion_response_with_user(
+            response,
+            expected_user,
+            0x80,
+            signature_counter,
+            expected_number_of_credentials,
+            expected_extension_cbor,
+        );
+    }
+
     fn check_assertion_response(
         response: Result<ResponseData, Ctap2StatusCode>,
         expected_user_id: Vec<u8>,
@@ -1631,6 +1763,7 @@ mod test {
             0x00,
             signature_counter,
             expected_number_of_credentials,
+            &[],
         );
     }
 
@@ -1649,7 +1782,7 @@ mod test {
             rp_id: String::from("example.com"),
             client_data_hash: vec![0xCD],
             allow_list: None,
-            extensions: None,
+            extensions: GetAssertionExtensions::default(),
             options: GetAssertionOptions {
                 up: false,
                 uv: false,
@@ -1676,11 +1809,12 @@ mod test {
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
-        let make_extensions = Some(MakeCredentialExtensions {
+        let make_extensions = MakeCredentialExtensions {
             hmac_secret: true,
             cred_protect: None,
             min_pin_length: false,
-        });
+            cred_blob: None,
+        };
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.options.rk = false;
         make_credential_params.extensions = make_extensions;
@@ -1704,9 +1838,10 @@ mod test {
             salt_enc: vec![0x02; 32],
             salt_auth: vec![0x03; 16],
         };
-        let get_extensions = Some(GetAssertionExtensions {
+        let get_extensions = GetAssertionExtensions {
             hmac_secret: Some(hmac_secret_input),
-        });
+            cred_blob: false,
+        };
 
         let cred_desc = PublicKeyCredentialDescriptor {
             key_type: PublicKeyCredentialType::PublicKey,
@@ -1744,11 +1879,12 @@ mod test {
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
-        let make_extensions = Some(MakeCredentialExtensions {
+        let make_extensions = MakeCredentialExtensions {
             hmac_secret: true,
             cred_protect: None,
             min_pin_length: false,
-        });
+            cred_blob: None,
+        };
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.extensions = make_extensions;
         assert!(ctap_state
@@ -1761,9 +1897,10 @@ mod test {
             salt_enc: vec![0x02; 32],
             salt_auth: vec![0x03; 16],
         };
-        let get_extensions = Some(GetAssertionExtensions {
+        let get_extensions = GetAssertionExtensions {
             hmac_secret: Some(hmac_secret_input),
-        });
+            cred_blob: false,
+        };
 
         let get_assertion_params = AuthenticatorGetAssertionParameters {
             rp_id: String::from("example.com"),
@@ -1800,7 +1937,7 @@ mod test {
         let cred_desc = PublicKeyCredentialDescriptor {
             key_type: PublicKeyCredentialType::PublicKey,
             key_id: credential_id.clone(),
-            transports: None, // You can set USB as a hint here.
+            transports: None,
         };
         let credential = PublicKeyCredentialSource {
             key_type: PublicKeyCredentialType::PublicKey,
@@ -1815,6 +1952,7 @@ mod test {
             creation_order: 0,
             user_name: None,
             user_icon: None,
+            cred_blob: None,
         };
         assert!(ctap_state
             .persistent_store
@@ -1825,7 +1963,7 @@ mod test {
             rp_id: String::from("example.com"),
             client_data_hash: vec![0xCD],
             allow_list: None,
-            extensions: None,
+            extensions: GetAssertionExtensions::default(),
             options: GetAssertionOptions {
                 up: false,
                 uv: false,
@@ -1847,7 +1985,7 @@ mod test {
             rp_id: String::from("example.com"),
             client_data_hash: vec![0xCD],
             allow_list: Some(vec![cred_desc.clone()]),
-            extensions: None,
+            extensions: GetAssertionExtensions::default(),
             options: GetAssertionOptions {
                 up: false,
                 uv: false,
@@ -1877,6 +2015,7 @@ mod test {
             creation_order: 0,
             user_name: None,
             user_icon: None,
+            cred_blob: None,
         };
         assert!(ctap_state
             .persistent_store
@@ -1887,7 +2026,7 @@ mod test {
             rp_id: String::from("example.com"),
             client_data_hash: vec![0xCD],
             allow_list: Some(vec![cred_desc]),
-            extensions: None,
+            extensions: GetAssertionExtensions::default(),
             options: GetAssertionOptions {
                 up: false,
                 uv: false,
@@ -1906,6 +2045,69 @@ mod test {
         );
     }
 
+    #[test]
+    fn test_process_get_assertion_with_cred_blob() {
+        let mut rng = ThreadRng256 {};
+        let private_key = crypto::ecdsa::SecKey::gensk(&mut rng);
+        let credential_id = rng.gen_uniform_u8x32().to_vec();
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+
+        let credential = PublicKeyCredentialSource {
+            key_type: PublicKeyCredentialType::PublicKey,
+            credential_id,
+            private_key,
+            rp_id: String::from("example.com"),
+            user_handle: vec![0x1D],
+            user_display_name: None,
+            cred_protect_policy: None,
+            creation_order: 0,
+            user_name: None,
+            user_icon: None,
+            cred_blob: Some(vec![0xCB]),
+        };
+        assert!(ctap_state
+            .persistent_store
+            .store_credential(credential)
+            .is_ok());
+
+        let extensions = GetAssertionExtensions {
+            hmac_secret: None,
+            cred_blob: true,
+        };
+        let get_assertion_params = AuthenticatorGetAssertionParameters {
+            rp_id: String::from("example.com"),
+            client_data_hash: vec![0xCD],
+            allow_list: None,
+            extensions,
+            options: GetAssertionOptions {
+                up: false,
+                uv: false,
+            },
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let get_assertion_response = ctap_state.process_get_assertion(
+            get_assertion_params,
+            DUMMY_CHANNEL_ID,
+            DUMMY_CLOCK_VALUE,
+        );
+        let signature_counter = ctap_state
+            .persistent_store
+            .global_signature_counter()
+            .unwrap();
+        let expected_extension_cbor = [
+            0xA1, 0x68, 0x63, 0x72, 0x65, 0x64, 0x42, 0x6C, 0x6F, 0x62, 0x41, 0xCB,
+        ];
+        check_assertion_response_with_extension(
+            get_assertion_response,
+            vec![0x1D],
+            signature_counter,
+            None,
+            &expected_extension_cbor,
+        );
+    }
+
     #[test]
     fn test_process_get_next_assertion_two_credentials_with_uv() {
         let mut rng = ThreadRng256 {};
@@ -1951,7 +2153,7 @@ mod test {
             rp_id: String::from("example.com"),
             client_data_hash: vec![0xCD],
             allow_list: None,
-            extensions: None,
+            extensions: GetAssertionExtensions::default(),
             options: GetAssertionOptions {
                 up: false,
                 uv: true,
@@ -1974,6 +2176,7 @@ mod test {
             0x04,
             signature_counter,
             Some(2),
+            &[],
         );
 
         let get_assertion_response = ctap_state.process_get_next_assertion(DUMMY_CLOCK_VALUE);
@@ -1983,6 +2186,7 @@ mod test {
             0x04,
             signature_counter,
             None,
+            &[],
         );
 
         let get_assertion_response = ctap_state.process_get_next_assertion(DUMMY_CLOCK_VALUE);
@@ -2027,7 +2231,7 @@ mod test {
             rp_id: String::from("example.com"),
             client_data_hash: vec![0xCD],
             allow_list: None,
-            extensions: None,
+            extensions: GetAssertionExtensions::default(),
             options: GetAssertionOptions {
                 up: false,
                 uv: false,
@@ -2091,7 +2295,7 @@ mod test {
             rp_id: String::from("example.com"),
             client_data_hash: vec![0xCD],
             allow_list: None,
-            extensions: None,
+            extensions: GetAssertionExtensions::default(),
             options: GetAssertionOptions {
                 up: false,
                 uv: false,
@@ -2147,6 +2351,7 @@ mod test {
             creation_order: 0,
             user_name: None,
             user_icon: None,
+            cred_blob: None,
         };
         assert!(ctap_state
             .persistent_store
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 18dd199..ffc5dd6 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -57,7 +57,7 @@ const DEFAULT_MIN_PIN_LENGTH: u8 = 4;
 const DEFAULT_MIN_PIN_LENGTH_RP_IDS: Vec<String> = Vec::new();
 // This constant is an attempt to limit storage requirements. If you don't set it to 0,
 // the stored strings can still be unbounded, but that is true for all RP IDs.
-const MAX_RP_IDS_LENGTH: usize = 8;
+pub const MAX_RP_IDS_LENGTH: usize = 8;
 
 /// Wrapper for master keys.
 pub struct MasterKeys {
@@ -690,6 +690,7 @@ mod test {
             creation_order: 0,
             user_name: None,
             user_icon: None,
+            cred_blob: None,
         }
     }
 
@@ -906,6 +907,7 @@ mod test {
             creation_order: 0,
             user_name: None,
             user_icon: None,
+            cred_blob: None,
         };
         assert_eq!(found_credential, Some(expected_credential));
     }
@@ -927,6 +929,7 @@ mod test {
             creation_order: 0,
             user_name: None,
             user_icon: None,
+            cred_blob: None,
         };
         assert!(persistent_store.store_credential(credential).is_ok());
 
@@ -1160,6 +1163,7 @@ mod test {
             creation_order: 0,
             user_name: None,
             user_icon: None,
+            cred_blob: None,
         };
         let serialized = serialize_credential(credential.clone()).unwrap();
         let reconstructed = deserialize_credential(&serialized).unwrap();

From de3addba74530ca34f8eb5d26e12c8a0c7c2184a Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Thu, 21 Jan 2021 17:38:22 +0100
Subject: [PATCH 137/192] force PIN changes

---
 src/ctap/config_command.rs  | 56 +++++++++++++++++++++++++++++++++++++
 src/ctap/mod.rs             | 18 ++++++++----
 src/ctap/pin_protocol_v1.rs | 49 ++++++++++++++++++++++++++++++++
 src/ctap/storage.rs         | 29 +++++++++++++++++--
 src/ctap/storage/key.rs     |  3 ++
 5 files changed, 146 insertions(+), 9 deletions(-)

diff --git a/src/ctap/config_command.rs b/src/ctap/config_command.rs
index 726634c..e96ce7a 100644
--- a/src/ctap/config_command.rs
+++ b/src/ctap/config_command.rs
@@ -248,6 +248,62 @@ mod test {
         );
     }
 
+    #[test]
+    fn test_process_set_min_pin_length_force_pin_change_implicit() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+
+        persistent_store.set_pin(&[0x88; 16], 4).unwrap();
+        // Increase min PIN, force PIN change.
+        let min_pin_length = 6;
+        let mut config_params = create_min_pin_config_params(min_pin_length, None);
+        let pin_uv_auth_param = Some(vec![
+            0x81, 0x37, 0x37, 0xF3, 0xD8, 0x69, 0xBD, 0x74, 0xFE, 0x88, 0x30, 0x8C, 0xC4, 0x2E,
+            0xA8, 0xC8,
+        ]);
+        config_params.pin_uv_auth_param = pin_uv_auth_param;
+        let config_response =
+            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
+        assert_eq!(persistent_store.min_pin_length(), Ok(min_pin_length));
+        assert_eq!(persistent_store.has_force_pin_change(), Ok(true));
+    }
+
+    #[test]
+    fn test_process_set_min_pin_length_force_pin_change_explicit() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+
+        persistent_store.set_pin(&[0x88; 16], 4).unwrap();
+        let pin_uv_auth_param = Some(vec![
+            0xE3, 0x74, 0xF4, 0x27, 0xBE, 0x7D, 0x40, 0xB5, 0x71, 0xB6, 0xB4, 0x1A, 0xD2, 0xC1,
+            0x53, 0xD7,
+        ]);
+        let set_min_pin_length_params = SetMinPinLengthParams {
+            new_min_pin_length: Some(persistent_store.min_pin_length().unwrap()),
+            min_pin_length_rp_ids: None,
+            force_change_pin: Some(true),
+        };
+        let config_params = AuthenticatorConfigParameters {
+            sub_command: ConfigSubCommand::SetMinPinLength,
+            sub_command_params: Some(ConfigSubCommandParams::SetMinPinLength(
+                set_min_pin_length_params,
+            )),
+            pin_uv_auth_param,
+            pin_uv_auth_protocol: Some(1),
+        };
+        let config_response =
+            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
+        assert_eq!(persistent_store.has_force_pin_change(), Ok(true));
+    }
+
     #[test]
     fn test_process_config_vendor_prototype() {
         let mut rng = ThreadRng256 {};
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 6ffd108..8a4479a 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -1006,6 +1006,10 @@ where
         );
         options_map.insert(String::from("credMgmt"), true);
         options_map.insert(String::from("setMinPINLength"), true);
+        options_map.insert(
+            String::from("forcePINChange"),
+            self.persistent_store.has_force_pin_change()?,
+        );
         Ok(ResponseData::AuthenticatorGetInfo(
             AuthenticatorGetInfoResponse {
                 versions: vec![
@@ -1256,13 +1260,15 @@ mod test {
         expected_response.extend(&ctap_state.persistent_store.aaguid().unwrap());
         expected_response.extend(
             [
-                0x04, 0xA5, 0x62, 0x72, 0x6B, 0xF5, 0x62, 0x75, 0x70, 0xF5, 0x68, 0x63, 0x72, 0x65,
+                0x04, 0xA6, 0x62, 0x72, 0x6B, 0xF5, 0x62, 0x75, 0x70, 0xF5, 0x68, 0x63, 0x72, 0x65,
                 0x64, 0x4D, 0x67, 0x6D, 0x74, 0xF5, 0x69, 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x50,
-                0x69, 0x6E, 0xF4, 0x6F, 0x73, 0x65, 0x74, 0x4D, 0x69, 0x6E, 0x50, 0x49, 0x4E, 0x4C,
-                0x65, 0x6E, 0x67, 0x74, 0x68, 0xF5, 0x05, 0x19, 0x04, 0x00, 0x06, 0x81, 0x01, 0x08,
-                0x18, 0x70, 0x09, 0x81, 0x63, 0x75, 0x73, 0x62, 0x0A, 0x81, 0xA2, 0x63, 0x61, 0x6C,
-                0x67, 0x26, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6A, 0x70, 0x75, 0x62, 0x6C, 0x69, 0x63,
-                0x2D, 0x6B, 0x65, 0x79, 0x0D, 0x04, 0x0F, 0x18, 0x20, 0x10, 0x08, 0x14, 0x18, 0x96,
+                0x69, 0x6E, 0xF4, 0x6E, 0x66, 0x6F, 0x72, 0x63, 0x65, 0x50, 0x49, 0x4E, 0x43, 0x68,
+                0x61, 0x6E, 0x67, 0x65, 0xF4, 0x6F, 0x73, 0x65, 0x74, 0x4D, 0x69, 0x6E, 0x50, 0x49,
+                0x4E, 0x4C, 0x65, 0x6E, 0x67, 0x74, 0x68, 0xF5, 0x05, 0x19, 0x04, 0x00, 0x06, 0x81,
+                0x01, 0x08, 0x18, 0x70, 0x09, 0x81, 0x63, 0x75, 0x73, 0x62, 0x0A, 0x81, 0xA2, 0x63,
+                0x61, 0x6C, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6A, 0x70, 0x75, 0x62, 0x6C,
+                0x69, 0x63, 0x2D, 0x6B, 0x65, 0x79, 0x0D, 0x04, 0x0F, 0x18, 0x20, 0x10, 0x08, 0x14,
+                0x18, 0x96,
             ]
             .iter(),
         );
diff --git a/src/ctap/pin_protocol_v1.rs b/src/ctap/pin_protocol_v1.rs
index 0e46573..ae1b1df 100644
--- a/src/ctap/pin_protocol_v1.rs
+++ b/src/ctap/pin_protocol_v1.rs
@@ -328,6 +328,9 @@ impl PinProtocolV1 {
         let token_encryption_key = crypto::aes256::EncryptionKey::new(&shared_secret);
         let pin_decryption_key = crypto::aes256::DecryptionKey::new(&token_encryption_key);
         self.verify_pin_hash_enc(rng, persistent_store, &pin_decryption_key, pin_hash_enc)?;
+        if persistent_store.has_force_pin_change()? {
+            return Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID);
+        }
 
         // Assuming PIN_TOKEN_LENGTH % block_size == 0 here.
         let iv = [0u8; 16];
@@ -821,6 +824,28 @@ mod test {
         );
     }
 
+    #[test]
+    fn test_process_get_pin_token_force_pin_change() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        set_standard_pin(&mut persistent_store);
+        assert_eq!(persistent_store.force_pin_change(), Ok(()));
+        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
+        let pk = pin_protocol_v1.key_agreement_key.genpk();
+        let shared_secret = pin_protocol_v1.key_agreement_key.exchange_x_sha256(&pk);
+        let key_agreement = CoseKey::from(pk);
+        let pin_hash_enc = encrypt_standard_pin_hash(&shared_secret);
+        assert_eq!(
+            pin_protocol_v1.process_get_pin_token(
+                &mut rng,
+                &mut persistent_store,
+                key_agreement,
+                pin_hash_enc
+            ),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID),
+        );
+    }
+
     #[test]
     fn test_process_get_pin_uv_auth_token_using_pin_with_permissions() {
         let mut rng = ThreadRng256 {};
@@ -885,6 +910,30 @@ mod test {
         );
     }
 
+    #[test]
+    fn test_process_get_pin_token_force_pin_change_force_pin_change() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        set_standard_pin(&mut persistent_store);
+        assert_eq!(persistent_store.force_pin_change(), Ok(()));
+        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
+        let pk = pin_protocol_v1.key_agreement_key.genpk();
+        let shared_secret = pin_protocol_v1.key_agreement_key.exchange_x_sha256(&pk);
+        let key_agreement = CoseKey::from(pk);
+        let pin_hash_enc = encrypt_standard_pin_hash(&shared_secret);
+        assert_eq!(
+            pin_protocol_v1.process_get_pin_uv_auth_token_using_pin_with_permissions(
+                &mut rng,
+                &mut persistent_store,
+                key_agreement,
+                pin_hash_enc,
+                0x03,
+                Some(String::from("example.com")),
+            ),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID),
+        );
+    }
+
     #[test]
     fn test_process() {
         let mut rng = ThreadRng256 {};
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index ffc5dd6..74c11a6 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -384,7 +384,9 @@ impl PersistentStore {
         let mut pin_properties = [0; 1 + PIN_AUTH_LENGTH];
         pin_properties[0] = pin_code_point_length;
         pin_properties[1..].clone_from_slice(pin_hash);
-        Ok(self.store.insert(key::PIN_PROPERTIES, &pin_properties)?)
+        self.store.insert(key::PIN_PROPERTIES, &pin_properties)?;
+        // If this second transaction fails, you are forced to retry.
+        Ok(self.store.remove(key::FORCE_PIN_CHANGE)?)
     }
 
     /// Returns the number of remaining PIN retries.
@@ -541,9 +543,18 @@ impl PersistentStore {
         Ok(())
     }
 
+    /// Returns whether the PIN needs to be changed before its next usage.
+    pub fn has_force_pin_change(&self) -> Result<bool, Ctap2StatusCode> {
+        match self.store.find(key::FORCE_PIN_CHANGE)? {
+            None => Ok(false),
+            Some(value) if value.len() == 1 && value[0] == 1 => Ok(true),
+            _ => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
+        }
+    }
+
+    /// Marks the PIN as outdated with respect to the new PIN policy.
     pub fn force_pin_change(&mut self) -> Result<(), Ctap2StatusCode> {
-        // TODO(kaczmarczyck) implement storage logic
-        Ok(())
+        Ok(self.store.insert(key::FORCE_PIN_CHANGE, &[1])?)
     }
 }
 
@@ -1148,6 +1159,18 @@ mod test {
         }
     }
 
+    #[test]
+    fn test_force_pin_change() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+
+        assert!(!persistent_store.has_force_pin_change().unwrap());
+        assert_eq!(persistent_store.force_pin_change(), Ok(()));
+        assert!(persistent_store.has_force_pin_change().unwrap());
+        assert_eq!(persistent_store.set_pin(&[0x88; 16], 8), Ok(()));
+        assert!(!persistent_store.has_force_pin_change().unwrap());
+    }
+
     #[test]
     fn test_serialize_deserialize_credential() {
         let mut rng = ThreadRng256 {};
diff --git a/src/ctap/storage/key.rs b/src/ctap/storage/key.rs
index c6e46e2..1c0e21e 100644
--- a/src/ctap/storage/key.rs
+++ b/src/ctap/storage/key.rs
@@ -88,6 +88,9 @@ make_partition! {
     /// board may configure `MAX_SUPPORTED_RESIDENT_KEYS` depending on the storage size.
     CREDENTIALS = 1700..2000;
 
+    /// If this entry exists and equals 1, the PIN needs to be changed.
+    FORCE_PIN_CHANGE = 2040;
+
     /// The secret of the CredRandom feature.
     CRED_RANDOM_SECRET = 2041;
 

From 3408c0a2edf7f6f880803c9d844e779c954a5322 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Thu, 21 Jan 2021 18:24:25 +0100
Subject: [PATCH 138/192] makes test_get_info more readable

---
 src/ctap/mod.rs | 75 +++++++++++++++++++++++++------------------------
 1 file changed, 38 insertions(+), 37 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 8a4479a..6f10589 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -1181,7 +1181,7 @@ mod test {
         MakeCredentialOptions, PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity,
     };
     use super::*;
-    use cbor::{cbor_array, cbor_map};
+    use cbor::{cbor_array, cbor_array_vec, cbor_map};
     use crypto::rng256::ThreadRng256;
 
     const CLOCK_FREQUENCY_HZ: usize = 32768;
@@ -1237,43 +1237,44 @@ mod test {
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
         let info_reponse = ctap_state.process_command(&[0x04], DUMMY_CHANNEL_ID, DUMMY_CLOCK_VALUE);
 
-        let mut expected_response = vec![0x00, 0xAD, 0x01];
-        // The version array differs with CTAP1, always including 2.0 and 2.1.
-        #[cfg(not(feature = "with_ctap1"))]
-        let version_count = 2;
-        #[cfg(feature = "with_ctap1")]
-        let version_count = 3;
-        expected_response.push(0x80 + version_count);
-        #[cfg(feature = "with_ctap1")]
-        expected_response.extend(&[0x66, 0x55, 0x32, 0x46, 0x5F, 0x56, 0x32]);
-        expected_response.extend(
-            [
-                0x68, 0x46, 0x49, 0x44, 0x4F, 0x5F, 0x32, 0x5F, 0x30, 0x6C, 0x46, 0x49, 0x44, 0x4F,
-                0x5F, 0x32, 0x5F, 0x31, 0x5F, 0x50, 0x52, 0x45, 0x02, 0x84, 0x6B, 0x68, 0x6D, 0x61,
-                0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x6B, 0x63, 0x72, 0x65, 0x64, 0x50,
-                0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, 0x6C, 0x6D, 0x69, 0x6E, 0x50, 0x69, 0x6E, 0x4C,
-                0x65, 0x6E, 0x67, 0x74, 0x68, 0x68, 0x63, 0x72, 0x65, 0x64, 0x42, 0x6C, 0x6F, 0x62,
-                0x03, 0x50,
-            ]
-            .iter(),
-        );
-        expected_response.extend(&ctap_state.persistent_store.aaguid().unwrap());
-        expected_response.extend(
-            [
-                0x04, 0xA6, 0x62, 0x72, 0x6B, 0xF5, 0x62, 0x75, 0x70, 0xF5, 0x68, 0x63, 0x72, 0x65,
-                0x64, 0x4D, 0x67, 0x6D, 0x74, 0xF5, 0x69, 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x50,
-                0x69, 0x6E, 0xF4, 0x6E, 0x66, 0x6F, 0x72, 0x63, 0x65, 0x50, 0x49, 0x4E, 0x43, 0x68,
-                0x61, 0x6E, 0x67, 0x65, 0xF4, 0x6F, 0x73, 0x65, 0x74, 0x4D, 0x69, 0x6E, 0x50, 0x49,
-                0x4E, 0x4C, 0x65, 0x6E, 0x67, 0x74, 0x68, 0xF5, 0x05, 0x19, 0x04, 0x00, 0x06, 0x81,
-                0x01, 0x08, 0x18, 0x70, 0x09, 0x81, 0x63, 0x75, 0x73, 0x62, 0x0A, 0x81, 0xA2, 0x63,
-                0x61, 0x6C, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6A, 0x70, 0x75, 0x62, 0x6C,
-                0x69, 0x63, 0x2D, 0x6B, 0x65, 0x79, 0x0D, 0x04, 0x0F, 0x18, 0x20, 0x10, 0x08, 0x14,
-                0x18, 0x96,
-            ]
-            .iter(),
-        );
+        let expected_cbor = cbor_map_options! {
+             0x01 => cbor_array_vec![vec![
+                    #[cfg(feature = "with_ctap1")]
+                    String::from(U2F_VERSION_STRING),
+                    String::from(FIDO2_VERSION_STRING),
+                    String::from(FIDO2_1_VERSION_STRING),
+                ]],
+            0x02 => cbor_array_vec![vec![
+                    String::from("hmac-secret"),
+                    String::from("credProtect"),
+                    String::from("minPinLength"),
+                    String::from("credBlob"),
+                ]],
+            0x03 => ctap_state.persistent_store.aaguid().unwrap(),
+            0x04 => cbor_map! {
+                "rk" => true,
+                "up" => true,
+                "clientPin" => false,
+                "credMgmt" => true,
+                "setMinPINLength" => true,
+                "forcePINChange" => false,
+            },
+            0x05 => 1024,
+            0x06 => cbor_array_vec![vec![1]],
+            0x07 => MAX_CREDENTIAL_COUNT_IN_LIST.map(|c| c as u64),
+            0x08 => CREDENTIAL_ID_SIZE as u64,
+            0x09 => cbor_array_vec![vec!["usb"]],
+            0x0A => cbor_array_vec![vec![ES256_CRED_PARAM]],
+            0x0C => DEFAULT_CRED_PROTECT.map(|c| c as u64),
+            0x0D => ctap_state.persistent_store.min_pin_length().unwrap() as u64,
+            0x0F => MAX_CRED_BLOB_LENGTH as u64,
+            0x10 => MAX_RP_IDS_LENGTH as u64,
+            0x14 => ctap_state.persistent_store.remaining_credentials().unwrap() as u64,
+        };
 
-        assert_eq!(info_reponse, expected_response);
+        let mut response_cbor = vec![0x00];
+        assert!(cbor::write(expected_cbor, &mut response_cbor));
+        assert_eq!(info_reponse, response_cbor);
     }
 
     fn create_minimal_make_credential_parameters() -> AuthenticatorMakeCredentialParameters {

From 5fe111698bb6993cd72255075bb6d407c45a837d Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Thu, 21 Jan 2021 18:47:00 +0100
Subject: [PATCH 139/192] remove resolved TODO

---
 src/ctap/config_command.rs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/ctap/config_command.rs b/src/ctap/config_command.rs
index e96ce7a..5e4daf3 100644
--- a/src/ctap/config_command.rs
+++ b/src/ctap/config_command.rs
@@ -44,7 +44,6 @@ fn process_set_min_pin_length(
         force_change_pin |= new_min_pin_length > old_length;
     }
     if force_change_pin {
-        // TODO(kaczmarczyck) actually force a PIN change in PinProtocolV1
         persistent_store.force_pin_change()?;
     }
     persistent_store.set_min_pin_length(new_min_pin_length)?;

From c38f00624a1a315d5533952c4be45faf8f1943c5 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 22 Jan 2021 10:55:11 +0100
Subject: [PATCH 140/192] use transactions, and how to store a bool

---
 src/ctap/pin_protocol_v1.rs |  1 +
 src/ctap/storage.rs         | 17 ++++++++++++-----
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/ctap/pin_protocol_v1.rs b/src/ctap/pin_protocol_v1.rs
index ae1b1df..eb537f0 100644
--- a/src/ctap/pin_protocol_v1.rs
+++ b/src/ctap/pin_protocol_v1.rs
@@ -328,6 +328,7 @@ impl PinProtocolV1 {
         let token_encryption_key = crypto::aes256::EncryptionKey::new(&shared_secret);
         let pin_decryption_key = crypto::aes256::DecryptionKey::new(&token_encryption_key);
         self.verify_pin_hash_enc(rng, persistent_store, &pin_decryption_key, pin_hash_enc)?;
+        // TODO(kaczmarczyck) can this be moved up in the specification?
         if persistent_store.has_force_pin_change()? {
             return Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID);
         }
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 74c11a6..b85f918 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -30,6 +30,7 @@ use arrayref::array_ref;
 use cbor::cbor_array_vec;
 use core::convert::TryInto;
 use crypto::rng256::Rng256;
+use persistent_store::StoreUpdate;
 
 // Those constants may be modified before compilation to tune the behavior of the key.
 //
@@ -384,9 +385,15 @@ impl PersistentStore {
         let mut pin_properties = [0; 1 + PIN_AUTH_LENGTH];
         pin_properties[0] = pin_code_point_length;
         pin_properties[1..].clone_from_slice(pin_hash);
-        self.store.insert(key::PIN_PROPERTIES, &pin_properties)?;
-        // If this second transaction fails, you are forced to retry.
-        Ok(self.store.remove(key::FORCE_PIN_CHANGE)?)
+        Ok(self.store.transaction(&[
+            StoreUpdate::Insert {
+                key: key::PIN_PROPERTIES,
+                value: &pin_properties[..],
+            },
+            StoreUpdate::Remove {
+                key: key::FORCE_PIN_CHANGE,
+            },
+        ])?)
     }
 
     /// Returns the number of remaining PIN retries.
@@ -547,14 +554,14 @@ impl PersistentStore {
     pub fn has_force_pin_change(&self) -> Result<bool, Ctap2StatusCode> {
         match self.store.find(key::FORCE_PIN_CHANGE)? {
             None => Ok(false),
-            Some(value) if value.len() == 1 && value[0] == 1 => Ok(true),
+            Some(value) if value.is_empty() => Ok(true),
             _ => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
         }
     }
 
     /// Marks the PIN as outdated with respect to the new PIN policy.
     pub fn force_pin_change(&mut self) -> Result<(), Ctap2StatusCode> {
-        Ok(self.store.insert(key::FORCE_PIN_CHANGE, &[1])?)
+        Ok(self.store.insert(key::FORCE_PIN_CHANGE, &[])?)
     }
 }
 

From b2c8c5a12879cf8421e2ab5c18a074bf26746ec9 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Wed, 6 Jan 2021 13:39:59 +0100
Subject: [PATCH 141/192] adds the new command AuthenticatorLargeBlobs

---
 src/ctap/command.rs               | 236 ++++++++++++++++-
 src/ctap/credential_management.rs |   2 +-
 src/ctap/large_blobs.rs           | 422 ++++++++++++++++++++++++++++++
 src/ctap/mod.rs                   |  12 +-
 src/ctap/pin_protocol_v1.rs       |   2 +-
 src/ctap/response.rs              |  35 +++
 src/ctap/storage.rs               | 209 +++++++++++++++
 src/ctap/storage/key.rs           |   5 +
 8 files changed, 914 insertions(+), 9 deletions(-)
 create mode 100644 src/ctap/large_blobs.rs

diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index 128c4b4..2e1fe3b 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -22,6 +22,7 @@ use super::data_formats::{
 };
 use super::key_material;
 use super::status_code::Ctap2StatusCode;
+use super::storage::MAX_LARGE_BLOB_ARRAY_SIZE;
 use alloc::string::String;
 use alloc::vec::Vec;
 use arrayref::array_ref;
@@ -33,6 +34,9 @@ use core::convert::TryFrom;
 // You might also want to set the max credential size in process_get_info then.
 pub const MAX_CREDENTIAL_COUNT_IN_LIST: Option<usize> = None;
 
+// This constant is a consequence of the structure of messages.
+const MIN_LARGE_BLOB_LEN: usize = 17;
+
 // CTAP specification (version 20190130) section 6.1
 #[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
 pub enum Command {
@@ -44,8 +48,8 @@ pub enum Command {
     AuthenticatorGetNextAssertion,
     AuthenticatorCredentialManagement(AuthenticatorCredentialManagementParameters),
     AuthenticatorSelection,
+    AuthenticatorLargeBlobs(AuthenticatorLargeBlobsParameters),
     AuthenticatorConfig(AuthenticatorConfigParameters),
-    // TODO(kaczmarczyck) implement FIDO 2.1 commands (see below consts)
     // Vendor specific commands
     AuthenticatorVendorConfigure(AuthenticatorVendorConfigureParameters),
 }
@@ -56,8 +60,6 @@ impl From<cbor::reader::DecoderError> for Ctap2StatusCode {
     }
 }
 
-// TODO: Remove this `allow(dead_code)` once the constants are used.
-#[allow(dead_code)]
 impl Command {
     const AUTHENTICATOR_MAKE_CREDENTIAL: u8 = 0x01;
     const AUTHENTICATOR_GET_ASSERTION: u8 = 0x02;
@@ -65,8 +67,8 @@ impl Command {
     const AUTHENTICATOR_CLIENT_PIN: u8 = 0x06;
     const AUTHENTICATOR_RESET: u8 = 0x07;
     const AUTHENTICATOR_GET_NEXT_ASSERTION: u8 = 0x08;
-    // TODO(kaczmarczyck) use or remove those constants
-    const AUTHENTICATOR_BIO_ENROLLMENT: u8 = 0x09;
+    // Implement Bio Enrollment when your hardware supports biometrics.
+    const _AUTHENTICATOR_BIO_ENROLLMENT: u8 = 0x09;
     const AUTHENTICATOR_CREDENTIAL_MANAGEMENT: u8 = 0x0A;
     const AUTHENTICATOR_SELECTION: u8 = 0x0B;
     const AUTHENTICATOR_LARGE_BLOBS: u8 = 0x0C;
@@ -123,6 +125,12 @@ impl Command {
                 // Parameters are ignored.
                 Ok(Command::AuthenticatorSelection)
             }
+            Command::AUTHENTICATOR_LARGE_BLOBS => {
+                let decoded_cbor = cbor::read(&bytes[1..])?;
+                Ok(Command::AuthenticatorLargeBlobs(
+                    AuthenticatorLargeBlobsParameters::try_from(decoded_cbor)?,
+                ))
+            }
             Command::AUTHENTICATOR_CONFIG => {
                 let decoded_cbor = cbor::read(&bytes[1..])?;
                 Ok(Command::AuthenticatorConfig(
@@ -351,6 +359,81 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
     }
 }
 
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+pub struct AuthenticatorLargeBlobsParameters {
+    pub get: Option<usize>,
+    pub set: Option<Vec<u8>>,
+    pub offset: usize,
+    pub length: Option<usize>,
+    pub pin_uv_auth_param: Option<Vec<u8>>,
+    pub pin_uv_auth_protocol: Option<u64>,
+}
+
+impl TryFrom<cbor::Value> for AuthenticatorLargeBlobsParameters {
+    type Error = Ctap2StatusCode;
+
+    fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
+        destructure_cbor_map! {
+            let {
+                1 => get,
+                2 => set,
+                3 => offset,
+                4 => length,
+                5 => pin_uv_auth_param,
+                6 => pin_uv_auth_protocol,
+            } = extract_map(cbor_value)?;
+        }
+
+        // careful: some missing parameters here are CTAP1_ERR_INVALID_PARAMETER
+        let get = get.map(extract_unsigned).transpose()?.map(|u| u as usize);
+        let set = set.map(extract_byte_string).transpose()?;
+        let offset =
+            extract_unsigned(offset.ok_or(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)?)? as usize;
+        let length = length
+            .map(extract_unsigned)
+            .transpose()?
+            .map(|u| u as usize);
+        let pin_uv_auth_param = pin_uv_auth_param.map(extract_byte_string).transpose()?;
+        let pin_uv_auth_protocol = pin_uv_auth_protocol.map(extract_unsigned).transpose()?;
+
+        if get.is_none() && set.is_none() {
+            return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+        }
+        if get.is_some() && set.is_some() {
+            return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+        }
+        if get.is_some()
+            && (length.is_some() || pin_uv_auth_param.is_some() || pin_uv_auth_protocol.is_some())
+        {
+            return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+        }
+        if set.is_some() && offset == 0 {
+            match length {
+                None => return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER),
+                Some(len) if len > MAX_LARGE_BLOB_ARRAY_SIZE => {
+                    return Err(Ctap2StatusCode::CTAP2_ERR_LARGE_BLOB_STORAGE_FULL)
+                }
+                Some(len) if len < MIN_LARGE_BLOB_LEN => {
+                    return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+                }
+                Some(_) => (),
+            }
+        }
+        if set.is_some() && offset != 0 && length.is_some() {
+            return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+        }
+
+        Ok(AuthenticatorLargeBlobsParameters {
+            get,
+            set,
+            offset,
+            length,
+            pin_uv_auth_param,
+            pin_uv_auth_protocol,
+        })
+    }
+}
+
 #[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
 pub struct AuthenticatorConfigParameters {
     pub sub_command: ConfigSubCommand,
@@ -698,6 +781,149 @@ mod test {
         assert_eq!(command, Ok(Command::AuthenticatorSelection));
     }
 
+    #[test]
+    fn test_from_cbor_large_blobs_parameters() {
+        // successful get
+        let cbor_value = cbor_map! {
+            1 => 2,
+            3 => 4,
+        };
+        let returned_large_blobs_parameters =
+            AuthenticatorLargeBlobsParameters::try_from(cbor_value).unwrap();
+        let expected_large_blobs_parameters = AuthenticatorLargeBlobsParameters {
+            get: Some(2),
+            set: None,
+            offset: 4,
+            length: None,
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        assert_eq!(
+            returned_large_blobs_parameters,
+            expected_large_blobs_parameters
+        );
+
+        // successful first set
+        let cbor_value = cbor_map! {
+            2 => vec! [0x5E],
+            3 => 0,
+            4 => MIN_LARGE_BLOB_LEN as u64,
+            5 => vec! [0xA9],
+            6 => 1,
+        };
+        let returned_large_blobs_parameters =
+            AuthenticatorLargeBlobsParameters::try_from(cbor_value).unwrap();
+        let expected_large_blobs_parameters = AuthenticatorLargeBlobsParameters {
+            get: None,
+            set: Some(vec![0x5E]),
+            offset: 0,
+            length: Some(MIN_LARGE_BLOB_LEN),
+            pin_uv_auth_param: Some(vec![0xA9]),
+            pin_uv_auth_protocol: Some(1),
+        };
+        assert_eq!(
+            returned_large_blobs_parameters,
+            expected_large_blobs_parameters
+        );
+
+        // successful next set
+        let cbor_value = cbor_map! {
+            2 => vec! [0x5E],
+            3 => 1,
+            5 => vec! [0xA9],
+            6 => 1,
+        };
+        let returned_large_blobs_parameters =
+            AuthenticatorLargeBlobsParameters::try_from(cbor_value).unwrap();
+        let expected_large_blobs_parameters = AuthenticatorLargeBlobsParameters {
+            get: None,
+            set: Some(vec![0x5E]),
+            offset: 1,
+            length: None,
+            pin_uv_auth_param: Some(vec![0xA9]),
+            pin_uv_auth_protocol: Some(1),
+        };
+        assert_eq!(
+            returned_large_blobs_parameters,
+            expected_large_blobs_parameters
+        );
+
+        // failing with neither get nor set
+        let cbor_value = cbor_map! {
+            3 => 4,
+            5 => vec! [0xA9],
+            6 => 1,
+        };
+        assert_eq!(
+            AuthenticatorLargeBlobsParameters::try_from(cbor_value),
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        );
+
+        // failing with get and set
+        let cbor_value = cbor_map! {
+            1 => 2,
+            2 => vec! [0x5E],
+            3 => 4,
+            5 => vec! [0xA9],
+            6 => 1,
+        };
+        assert_eq!(
+            AuthenticatorLargeBlobsParameters::try_from(cbor_value),
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        );
+
+        // failing with get and length
+        let cbor_value = cbor_map! {
+            1 => 2,
+            3 => 4,
+            4 => MIN_LARGE_BLOB_LEN as u64,
+            5 => vec! [0xA9],
+            6 => 1,
+        };
+        assert_eq!(
+            AuthenticatorLargeBlobsParameters::try_from(cbor_value),
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        );
+
+        // failing with zero offset and no length present
+        let cbor_value = cbor_map! {
+            2 => vec! [0x5E],
+            3 => 0,
+            5 => vec! [0xA9],
+            6 => 1,
+        };
+        assert_eq!(
+            AuthenticatorLargeBlobsParameters::try_from(cbor_value),
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        );
+
+        // failing with length smaller than minimum
+        let cbor_value = cbor_map! {
+            2 => vec! [0x5E],
+            3 => 0,
+            4 => MIN_LARGE_BLOB_LEN as u64 - 1,
+            5 => vec! [0xA9],
+            6 => 1,
+        };
+        assert_eq!(
+            AuthenticatorLargeBlobsParameters::try_from(cbor_value),
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        );
+
+        // failing with non-zero offset and length present
+        let cbor_value = cbor_map! {
+            2 => vec! [0x5E],
+            3 => 4,
+            4 => MIN_LARGE_BLOB_LEN as u64,
+            5 => vec! [0xA9],
+            6 => 1,
+        };
+        assert_eq!(
+            AuthenticatorLargeBlobsParameters::try_from(cbor_value),
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        );
+    }
+
     #[test]
     fn test_vendor_configure() {
         // Incomplete command
diff --git a/src/ctap/credential_management.rs b/src/ctap/credential_management.rs
index 7681fa1..7665ea7 100644
--- a/src/ctap/credential_management.rs
+++ b/src/ctap/credential_management.rs
@@ -100,7 +100,7 @@ fn enumerate_credentials_response(
         public_key: Some(public_key),
         total_credentials,
         cred_protect: cred_protect_policy,
-        // TODO(kaczmarczyck) add when largeBlobKey is implemented
+        // TODO(kaczmarczyck) add when largeBlobKey extension is implemented
         large_blob_key: None,
         ..Default::default()
     })
diff --git a/src/ctap/large_blobs.rs b/src/ctap/large_blobs.rs
new file mode 100644
index 0000000..32934e9
--- /dev/null
+++ b/src/ctap/large_blobs.rs
@@ -0,0 +1,422 @@
+// Copyright 2020-2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use super::check_pin_uv_auth_protocol;
+use super::command::AuthenticatorLargeBlobsParameters;
+use super::pin_protocol_v1::{PinPermission, PinProtocolV1};
+use super::response::{AuthenticatorLargeBlobsResponse, ResponseData};
+use super::status_code::Ctap2StatusCode;
+use super::storage::PersistentStore;
+use alloc::vec;
+use alloc::vec::Vec;
+use byteorder::{ByteOrder, LittleEndian};
+use crypto::sha256::Sha256;
+use crypto::Hash256;
+
+/// This is maximum message size supported by the authenticator. 1024 is the default.
+/// Increasing this values can speed up commands with longer responses, but lead to
+/// packets dropping or unexpected failures.
+pub const MAX_MSG_SIZE: usize = 1024;
+/// The length of the truncated hash that as appended to the large blob data.
+const TRUNCATED_HASH_LEN: usize = 16;
+
+pub struct LargeBlobs {
+    buffer: Vec<u8>,
+    expected_length: usize,
+    expected_next_offset: usize,
+}
+
+/// Implements the logic for the AuthenticatorLargeBlobs command and keeps its state.
+impl LargeBlobs {
+    pub fn new() -> LargeBlobs {
+        LargeBlobs {
+            buffer: Vec::new(),
+            expected_length: 0,
+            expected_next_offset: 0,
+        }
+    }
+
+    /// Process the large blob command.
+    pub fn process_command(
+        &mut self,
+        persistent_store: &mut PersistentStore,
+        pin_protocol_v1: &mut PinProtocolV1,
+        large_blobs_params: AuthenticatorLargeBlobsParameters,
+    ) -> Result<ResponseData, Ctap2StatusCode> {
+        let AuthenticatorLargeBlobsParameters {
+            get,
+            set,
+            offset,
+            length,
+            pin_uv_auth_param,
+            pin_uv_auth_protocol,
+        } = large_blobs_params;
+
+        const MAX_FRAGMENT_LENGTH: usize = MAX_MSG_SIZE - 64;
+
+        if let Some(get) = get {
+            if get > MAX_FRAGMENT_LENGTH {
+                return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_LENGTH);
+            }
+            let config = persistent_store.get_large_blob_array(get, offset)?;
+            return Ok(ResponseData::AuthenticatorLargeBlobs(Some(
+                AuthenticatorLargeBlobsResponse { config },
+            )));
+        }
+
+        if let Some(mut set) = set {
+            if set.len() > MAX_FRAGMENT_LENGTH {
+                return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_LENGTH);
+            }
+            if offset == 0 {
+                // Checks for offset and length are already done in command.
+                self.expected_length =
+                    length.ok_or(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)?;
+                self.expected_next_offset = 0;
+            }
+            if offset != self.expected_next_offset {
+                return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_SEQ);
+            }
+            if persistent_store.pin_hash()?.is_some() {
+                let pin_uv_auth_param =
+                    pin_uv_auth_param.ok_or(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
+                // TODO(kaczmarczyck) Error codes for PIN protocol differ across commands.
+                // Change to Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED for None?
+                check_pin_uv_auth_protocol(pin_uv_auth_protocol)?;
+                pin_protocol_v1.has_permission(PinPermission::LargeBlobWrite)?;
+                let mut message = vec![0xFF; 32];
+                message.extend(&[0x0C, 0x00]);
+                let mut offset_bytes = [0u8; 4];
+                LittleEndian::write_u32(&mut offset_bytes, offset as u32);
+                message.extend(&offset_bytes);
+                message.extend(&Sha256::hash(set.as_slice()));
+                if !pin_protocol_v1.verify_pin_auth_token(&message, &pin_uv_auth_param) {
+                    return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
+                }
+            }
+            if offset + set.len() > self.expected_length {
+                return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+            }
+            if offset == 0 {
+                self.buffer = Vec::with_capacity(self.expected_length);
+            }
+            self.buffer.append(&mut set);
+            self.expected_next_offset = self.buffer.len();
+            if self.expected_next_offset == self.expected_length {
+                self.expected_length = 0;
+                self.expected_next_offset = 0;
+                // Must be a positive number.
+                let buffer_hash_index = self.buffer.len() - TRUNCATED_HASH_LEN;
+                if Sha256::hash(&self.buffer[..buffer_hash_index])[..TRUNCATED_HASH_LEN]
+                    != self.buffer[buffer_hash_index..]
+                {
+                    self.buffer = Vec::new();
+                    return Err(Ctap2StatusCode::CTAP2_ERR_INTEGRITY_FAILURE);
+                }
+                persistent_store.commit_large_blob_array(&self.buffer)?;
+                self.buffer = Vec::new();
+            }
+            return Ok(ResponseData::AuthenticatorLargeBlobs(None));
+        }
+
+        // This should be unreachable, since the command has either get or set.
+        Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+    use crypto::rng256::ThreadRng256;
+
+    #[test]
+    fn test_process_command_get_empty() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut large_blobs = LargeBlobs::new();
+
+        let large_blob = vec![
+            0x80, 0x76, 0xbe, 0x8b, 0x52, 0x8d, 0x00, 0x75, 0xf7, 0xaa, 0xe9, 0x8d, 0x6f, 0xa5,
+            0x7a, 0x6d, 0x3c,
+        ];
+        let large_blobs_params = AuthenticatorLargeBlobsParameters {
+            get: Some(large_blob.len()),
+            set: None,
+            offset: 0,
+            length: None,
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let large_blobs_response = large_blobs.process_command(
+            &mut persistent_store,
+            &mut pin_protocol_v1,
+            large_blobs_params,
+        );
+        match large_blobs_response.unwrap() {
+            ResponseData::AuthenticatorLargeBlobs(Some(response)) => {
+                assert_eq!(response.config, large_blob);
+            }
+            _ => panic!("Invalid response type"),
+        };
+    }
+
+    #[test]
+    fn test_process_command_commit_and_get() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut large_blobs = LargeBlobs::new();
+
+        const BLOB_LEN: usize = 200;
+        const DATA_LEN: usize = BLOB_LEN - TRUNCATED_HASH_LEN;
+        let mut large_blob = vec![0x1B; DATA_LEN];
+        large_blob.extend_from_slice(&Sha256::hash(&large_blob[..])[..TRUNCATED_HASH_LEN]);
+
+        let large_blobs_params = AuthenticatorLargeBlobsParameters {
+            get: None,
+            set: Some(large_blob[..BLOB_LEN / 2].to_vec()),
+            offset: 0,
+            length: Some(BLOB_LEN),
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let large_blobs_response = large_blobs.process_command(
+            &mut persistent_store,
+            &mut pin_protocol_v1,
+            large_blobs_params,
+        );
+        assert_eq!(
+            large_blobs_response,
+            Ok(ResponseData::AuthenticatorLargeBlobs(None))
+        );
+
+        let large_blobs_params = AuthenticatorLargeBlobsParameters {
+            get: None,
+            set: Some(large_blob[BLOB_LEN / 2..].to_vec()),
+            offset: BLOB_LEN / 2,
+            length: None,
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let large_blobs_response = large_blobs.process_command(
+            &mut persistent_store,
+            &mut pin_protocol_v1,
+            large_blobs_params,
+        );
+        assert_eq!(
+            large_blobs_response,
+            Ok(ResponseData::AuthenticatorLargeBlobs(None))
+        );
+
+        let large_blobs_params = AuthenticatorLargeBlobsParameters {
+            get: Some(BLOB_LEN),
+            set: None,
+            offset: 0,
+            length: None,
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let large_blobs_response = large_blobs.process_command(
+            &mut persistent_store,
+            &mut pin_protocol_v1,
+            large_blobs_params,
+        );
+        match large_blobs_response.unwrap() {
+            ResponseData::AuthenticatorLargeBlobs(Some(response)) => {
+                assert_eq!(response.config, large_blob);
+            }
+            _ => panic!("Invalid response type"),
+        };
+    }
+
+    #[test]
+    fn test_process_command_commit_unexpected_offset() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut large_blobs = LargeBlobs::new();
+
+        const BLOB_LEN: usize = 200;
+        const DATA_LEN: usize = BLOB_LEN - TRUNCATED_HASH_LEN;
+        let mut large_blob = vec![0x1B; DATA_LEN];
+        large_blob.extend_from_slice(&Sha256::hash(&large_blob[..])[..TRUNCATED_HASH_LEN]);
+
+        let large_blobs_params = AuthenticatorLargeBlobsParameters {
+            get: None,
+            set: Some(large_blob[..BLOB_LEN / 2].to_vec()),
+            offset: 0,
+            length: Some(BLOB_LEN),
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let large_blobs_response = large_blobs.process_command(
+            &mut persistent_store,
+            &mut pin_protocol_v1,
+            large_blobs_params,
+        );
+        assert_eq!(
+            large_blobs_response,
+            Ok(ResponseData::AuthenticatorLargeBlobs(None))
+        );
+
+        let large_blobs_params = AuthenticatorLargeBlobsParameters {
+            get: None,
+            set: Some(large_blob[BLOB_LEN / 2..].to_vec()),
+            // The offset is 1 too big.
+            offset: BLOB_LEN / 2 + 1,
+            length: None,
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let large_blobs_response = large_blobs.process_command(
+            &mut persistent_store,
+            &mut pin_protocol_v1,
+            large_blobs_params,
+        );
+        assert_eq!(
+            large_blobs_response,
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_SEQ),
+        );
+    }
+
+    #[test]
+    fn test_process_command_commit_unexpected_length() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut large_blobs = LargeBlobs::new();
+
+        const BLOB_LEN: usize = 200;
+        const DATA_LEN: usize = BLOB_LEN - TRUNCATED_HASH_LEN;
+        let mut large_blob = vec![0x1B; DATA_LEN];
+        large_blob.extend_from_slice(&Sha256::hash(&large_blob[..])[..TRUNCATED_HASH_LEN]);
+
+        let large_blobs_params = AuthenticatorLargeBlobsParameters {
+            get: None,
+            set: Some(large_blob[..BLOB_LEN / 2].to_vec()),
+            offset: 0,
+            // The length is 1 too small.
+            length: Some(BLOB_LEN - 1),
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let large_blobs_response = large_blobs.process_command(
+            &mut persistent_store,
+            &mut pin_protocol_v1,
+            large_blobs_params,
+        );
+        assert_eq!(
+            large_blobs_response,
+            Ok(ResponseData::AuthenticatorLargeBlobs(None))
+        );
+
+        let large_blobs_params = AuthenticatorLargeBlobsParameters {
+            get: None,
+            set: Some(large_blob[BLOB_LEN / 2..].to_vec()),
+            offset: BLOB_LEN / 2,
+            length: None,
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let large_blobs_response = large_blobs.process_command(
+            &mut persistent_store,
+            &mut pin_protocol_v1,
+            large_blobs_params,
+        );
+        assert_eq!(
+            large_blobs_response,
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER),
+        );
+    }
+
+    #[test]
+    fn test_process_command_commit_unexpected_hash() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut large_blobs = LargeBlobs::new();
+
+        const BLOB_LEN: usize = 20;
+        // This blob does not have an appropriate hash.
+        let large_blob = vec![0x1B; BLOB_LEN];
+
+        let large_blobs_params = AuthenticatorLargeBlobsParameters {
+            get: None,
+            set: Some(large_blob.to_vec()),
+            offset: 0,
+            length: Some(BLOB_LEN),
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let large_blobs_response = large_blobs.process_command(
+            &mut persistent_store,
+            &mut pin_protocol_v1,
+            large_blobs_params,
+        );
+        assert_eq!(
+            large_blobs_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_INTEGRITY_FAILURE),
+        );
+    }
+
+    #[test]
+    fn test_process_command_commit_with_pin() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut large_blobs = LargeBlobs::new();
+
+        const BLOB_LEN: usize = 20;
+        const DATA_LEN: usize = BLOB_LEN - TRUNCATED_HASH_LEN;
+        let mut large_blob = vec![0x1B; DATA_LEN];
+        large_blob.extend_from_slice(&Sha256::hash(&large_blob[..])[..TRUNCATED_HASH_LEN]);
+
+        persistent_store.set_pin(&[0u8; 16], 4).unwrap();
+        let pin_uv_auth_param = Some(vec![
+            0x68, 0x0C, 0x3F, 0x6A, 0x62, 0x47, 0xE6, 0x7C, 0x23, 0x1F, 0x79, 0xE3, 0xDC, 0x6D,
+            0xC3, 0xDE,
+        ]);
+
+        let large_blobs_params = AuthenticatorLargeBlobsParameters {
+            get: None,
+            set: Some(large_blob),
+            offset: 0,
+            length: Some(BLOB_LEN),
+            pin_uv_auth_param,
+            pin_uv_auth_protocol: Some(1),
+        };
+        let large_blobs_response = large_blobs.process_command(
+            &mut persistent_store,
+            &mut pin_protocol_v1,
+            large_blobs_params,
+        );
+        assert_eq!(
+            large_blobs_response,
+            Ok(ResponseData::AuthenticatorLargeBlobs(None))
+        );
+    }
+}
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 6f10589..95b5b0a 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -21,6 +21,7 @@ mod ctap1;
 pub mod data_formats;
 pub mod hid;
 mod key_material;
+mod large_blobs;
 mod pin_protocol_v1;
 pub mod response;
 pub mod status_code;
@@ -41,6 +42,7 @@ use self::data_formats::{
     SignatureAlgorithm,
 };
 use self::hid::ChannelID;
+use self::large_blobs::{LargeBlobs, MAX_MSG_SIZE};
 use self::pin_protocol_v1::{PinPermission, PinProtocolV1};
 use self::response::{
     AuthenticatorGetAssertionResponse, AuthenticatorGetInfoResponse,
@@ -293,6 +295,7 @@ pub struct CtapState<'a, R: Rng256, CheckUserPresence: Fn(ChannelID) -> Result<(
     pub u2f_up_state: U2fUserPresenceState,
     // The state initializes to Reset and its timeout, and never goes back to Reset.
     stateful_command_permission: StatefulPermission,
+    large_blobs: LargeBlobs,
 }
 
 impl<'a, R, CheckUserPresence> CtapState<'a, R, CheckUserPresence>
@@ -318,6 +321,7 @@ where
                 Duration::from_ms(TOUCH_TIMEOUT_MS),
             ),
             stateful_command_permission: StatefulPermission::new_reset(now),
+            large_blobs: LargeBlobs::new(),
         }
     }
 
@@ -484,12 +488,16 @@ where
                         )
                     }
                     Command::AuthenticatorSelection => self.process_selection(cid),
+                    Command::AuthenticatorLargeBlobs(params) => self.large_blobs.process_command(
+                        &mut self.persistent_store,
+                        &mut self.pin_protocol_v1,
+                        params,
+                    ),
                     Command::AuthenticatorConfig(params) => process_config(
                         &mut self.persistent_store,
                         &mut self.pin_protocol_v1,
                         params,
                     ),
-                    // TODO(kaczmarczyck) implement FIDO 2.1 commands
                     // Vendor specific commands
                     Command::AuthenticatorVendorConfigure(params) => {
                         self.process_vendor_configure(params, cid)
@@ -1026,7 +1034,7 @@ where
                 ]),
                 aaguid: self.persistent_store.aaguid()?,
                 options: Some(options_map),
-                max_msg_size: Some(1024),
+                max_msg_size: Some(MAX_MSG_SIZE as u64),
                 pin_protocols: Some(vec![PIN_PROTOCOL_VERSION]),
                 max_credential_count_in_list: MAX_CREDENTIAL_COUNT_IN_LIST.map(|c| c as u64),
                 max_credential_id_length: Some(CREDENTIAL_ID_SIZE as u64),
diff --git a/src/ctap/pin_protocol_v1.rs b/src/ctap/pin_protocol_v1.rs
index eb537f0..6ec5644 100644
--- a/src/ctap/pin_protocol_v1.rs
+++ b/src/ctap/pin_protocol_v1.rs
@@ -162,7 +162,7 @@ pub enum PinPermission {
     GetAssertion = 0x02,
     CredentialManagement = 0x04,
     BioEnrollment = 0x08,
-    PlatformConfiguration = 0x10,
+    LargeBlobWrite = 0x10,
     AuthenticatorConfiguration = 0x20,
 }
 
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index e4cda5e..245218f 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -33,6 +33,7 @@ pub enum ResponseData {
     AuthenticatorReset,
     AuthenticatorCredentialManagement(Option<AuthenticatorCredentialManagementResponse>),
     AuthenticatorSelection,
+    AuthenticatorLargeBlobs(Option<AuthenticatorLargeBlobsResponse>),
     // TODO(kaczmarczyck) dummy, extend
     AuthenticatorConfig,
     AuthenticatorVendor(AuthenticatorVendorResponse),
@@ -49,6 +50,7 @@ impl From<ResponseData> for Option<cbor::Value> {
             ResponseData::AuthenticatorReset => None,
             ResponseData::AuthenticatorCredentialManagement(data) => data.map(|d| d.into()),
             ResponseData::AuthenticatorSelection => None,
+            ResponseData::AuthenticatorLargeBlobs(data) => data.map(|d| d.into()),
             ResponseData::AuthenticatorConfig => None,
             ResponseData::AuthenticatorVendor(data) => Some(data.into()),
         }
@@ -204,6 +206,22 @@ impl From<AuthenticatorClientPinResponse> for cbor::Value {
     }
 }
 
+#[cfg_attr(test, derive(PartialEq))]
+#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
+pub struct AuthenticatorLargeBlobsResponse {
+    pub config: Vec<u8>,
+}
+
+impl From<AuthenticatorLargeBlobsResponse> for cbor::Value {
+    fn from(platform_large_blobs_response: AuthenticatorLargeBlobsResponse) -> Self {
+        let AuthenticatorLargeBlobsResponse { config } = platform_large_blobs_response;
+
+        cbor_map_options! {
+            0x01 => config,
+        }
+    }
+}
+
 #[derive(Default)]
 #[cfg_attr(test, derive(PartialEq))]
 #[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
@@ -510,6 +528,23 @@ mod test {
         assert_eq!(response_cbor, None);
     }
 
+    #[test]
+    fn test_large_blobs_into_cbor() {
+        let large_blobs_response = AuthenticatorLargeBlobsResponse { config: vec![0xC0] };
+        let response_cbor: Option<cbor::Value> =
+            ResponseData::AuthenticatorLargeBlobs(Some(large_blobs_response)).into();
+        let expected_cbor = cbor_map_options! {
+            0x01 => vec![0xC0],
+        };
+        assert_eq!(response_cbor, Some(expected_cbor));
+    }
+
+    #[test]
+    fn test_empty_large_blobs_into_cbor() {
+        let response_cbor: Option<cbor::Value> = ResponseData::AuthenticatorLargeBlobs(None).into();
+        assert_eq!(response_cbor, None);
+    }
+
     #[test]
     fn test_config_into_cbor() {
         let response_cbor: Option<cbor::Value> = ResponseData::AuthenticatorConfig.into();
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index b85f918..a89c02d 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -28,6 +28,7 @@ use alloc::vec;
 use alloc::vec::Vec;
 use arrayref::array_ref;
 use cbor::cbor_array_vec;
+use core::cmp;
 use core::convert::TryInto;
 use crypto::rng256::Rng256;
 use persistent_store::StoreUpdate;
@@ -59,6 +60,9 @@ const DEFAULT_MIN_PIN_LENGTH_RP_IDS: Vec<String> = Vec::new();
 // This constant is an attempt to limit storage requirements. If you don't set it to 0,
 // the stored strings can still be unbounded, but that is true for all RP IDs.
 pub const MAX_RP_IDS_LENGTH: usize = 8;
+const SHARD_SIZE: usize = 128;
+pub const MAX_LARGE_BLOB_ARRAY_SIZE: usize =
+    SHARD_SIZE * (key::LARGE_BLOB_SHARDS.end - key::LARGE_BLOB_SHARDS.start);
 
 /// Wrapper for master keys.
 pub struct MasterKeys {
@@ -467,6 +471,70 @@ impl PersistentStore {
         )?)
     }
 
+    /// Reads the byte vector stored as the serialized large blobs array.
+    ///
+    /// If more data is requested than stored, return as many bytes as possible.
+    pub fn get_large_blob_array(
+        &self,
+        mut byte_count: usize,
+        mut offset: usize,
+    ) -> Result<Vec<u8>, Ctap2StatusCode> {
+        if self.store.find(key::LARGE_BLOB_SHARDS.start)?.is_none() {
+            return Ok(vec![
+                0x80, 0x76, 0xbe, 0x8b, 0x52, 0x8d, 0x00, 0x75, 0xf7, 0xaa, 0xe9, 0x8d, 0x6f, 0xa5,
+                0x7a, 0x6d, 0x3c,
+            ]);
+        }
+        let mut output = Vec::with_capacity(byte_count);
+        while byte_count > 0 {
+            let shard = offset / SHARD_SIZE;
+            let shard_offset = offset % SHARD_SIZE;
+            let shard_length = cmp::min(SHARD_SIZE - shard_offset, byte_count);
+
+            let shard_key = key::LARGE_BLOB_SHARDS.start + shard;
+            if !key::LARGE_BLOB_SHARDS.contains(&shard_key) {
+                // This request should have been caught at application level.
+                return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
+            }
+            let shard_entry = self.store.find(shard_key)?.unwrap_or_default();
+            if shard_entry.len() < shard_offset + shard_length {
+                output.extend(&shard_entry[..]);
+                return Ok(output);
+            }
+            output.extend(&shard_entry[shard_offset..shard_offset + shard_length]);
+            offset += shard_length;
+            byte_count -= shard_length;
+        }
+        Ok(output)
+    }
+
+    /// Sets a byte vector as the serialized large blobs array.
+    pub fn commit_large_blob_array(
+        &mut self,
+        large_blob_array: &[u8],
+    ) -> Result<(), Ctap2StatusCode> {
+        let mut large_blob_index = 0;
+        let mut shard_key = key::LARGE_BLOB_SHARDS.start;
+        while large_blob_index < large_blob_array.len() {
+            if !key::LARGE_BLOB_SHARDS.contains(&shard_key) {
+                return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
+            }
+            let shard_length = cmp::min(SHARD_SIZE, large_blob_array.len() - large_blob_index);
+            self.store.insert(
+                shard_key,
+                &large_blob_array[large_blob_index..large_blob_index + shard_length],
+            )?;
+            large_blob_index += shard_length;
+            shard_key += 1;
+        }
+        // The length is not stored, so overwrite old entries explicitly.
+        for key in shard_key..key::LARGE_BLOB_SHARDS.end {
+            // Assuming the store optimizes out unnecessary writes.
+            self.store.remove(key)?;
+        }
+        Ok(())
+    }
+
     /// Returns the attestation private key if defined.
     pub fn attestation_private_key(
         &self,
@@ -1144,6 +1212,147 @@ mod test {
         assert_eq!(persistent_store.min_pin_length_rp_ids().unwrap(), rp_ids);
     }
 
+    #[test]
+    #[allow(clippy::assertions_on_constants)]
+    fn test_max_large_blob_array_size() {
+        assert!(MAX_LARGE_BLOB_ARRAY_SIZE >= 1024);
+    }
+
+    #[test]
+    fn test_commit_get_large_blob_array_1_shard() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+
+        let large_blob_array = vec![0xC0; 1];
+        assert!(persistent_store
+            .commit_large_blob_array(&large_blob_array)
+            .is_ok());
+        let restored_large_blob_array = persistent_store.get_large_blob_array(1, 0).unwrap();
+        assert_eq!(large_blob_array, restored_large_blob_array);
+
+        let large_blob_array = vec![0xC0; SHARD_SIZE];
+        assert!(persistent_store
+            .commit_large_blob_array(&large_blob_array)
+            .is_ok());
+        let restored_large_blob_array = persistent_store
+            .get_large_blob_array(SHARD_SIZE, 0)
+            .unwrap();
+        assert_eq!(large_blob_array, restored_large_blob_array);
+        let restored_large_blob_array = persistent_store
+            .get_large_blob_array(SHARD_SIZE + 1, 0)
+            .unwrap();
+        assert_eq!(large_blob_array, restored_large_blob_array);
+    }
+
+    #[test]
+    fn test_commit_get_large_blob_array_2_shards() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+
+        let large_blob_array = vec![0xC0; SHARD_SIZE + 1];
+        assert!(persistent_store
+            .commit_large_blob_array(&large_blob_array)
+            .is_ok());
+        let restored_large_blob_array = persistent_store
+            .get_large_blob_array(SHARD_SIZE, 0)
+            .unwrap();
+        assert_eq!(
+            large_blob_array[..SHARD_SIZE],
+            restored_large_blob_array[..]
+        );
+        let restored_large_blob_array = persistent_store
+            .get_large_blob_array(SHARD_SIZE + 1, 0)
+            .unwrap();
+        assert_eq!(large_blob_array, restored_large_blob_array);
+
+        let large_blob_array = vec![0xC0; 2 * SHARD_SIZE];
+        assert!(persistent_store
+            .commit_large_blob_array(&large_blob_array)
+            .is_ok());
+        let restored_large_blob_array = persistent_store
+            .get_large_blob_array(2 * SHARD_SIZE, 0)
+            .unwrap();
+        assert_eq!(large_blob_array, restored_large_blob_array);
+        let restored_large_blob_array = persistent_store
+            .get_large_blob_array(2 * SHARD_SIZE + 1, 0)
+            .unwrap();
+        assert_eq!(large_blob_array, restored_large_blob_array);
+    }
+
+    #[test]
+    fn test_commit_get_large_blob_array_3_shards() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+
+        let mut large_blob_array = vec![0x11; SHARD_SIZE];
+        large_blob_array.extend([0x22; SHARD_SIZE].iter());
+        large_blob_array.extend([0x33; 1].iter());
+        assert!(persistent_store
+            .commit_large_blob_array(&large_blob_array)
+            .is_ok());
+        let restored_large_blob_array = persistent_store
+            .get_large_blob_array(2 * SHARD_SIZE + 1, 0)
+            .unwrap();
+        assert_eq!(large_blob_array, restored_large_blob_array);
+        let restored_large_blob_array = persistent_store
+            .get_large_blob_array(3 * SHARD_SIZE, 0)
+            .unwrap();
+        assert_eq!(large_blob_array, restored_large_blob_array);
+        let shard1 = persistent_store
+            .get_large_blob_array(SHARD_SIZE, 0)
+            .unwrap();
+        let shard2 = persistent_store
+            .get_large_blob_array(SHARD_SIZE, SHARD_SIZE)
+            .unwrap();
+        let shard3 = persistent_store
+            .get_large_blob_array(1, 2 * SHARD_SIZE)
+            .unwrap();
+        assert_eq!(large_blob_array[..SHARD_SIZE], shard1[..]);
+        assert_eq!(large_blob_array[SHARD_SIZE..2 * SHARD_SIZE], shard2[..]);
+        assert_eq!(large_blob_array[2 * SHARD_SIZE..], shard3[..]);
+        let shard12 = persistent_store
+            .get_large_blob_array(2, SHARD_SIZE - 1)
+            .unwrap();
+        let shard23 = persistent_store
+            .get_large_blob_array(2, 2 * SHARD_SIZE - 1)
+            .unwrap();
+        assert_eq!(vec![0x11, 0x22], shard12);
+        assert_eq!(vec![0x22, 0x33], shard23);
+    }
+
+    #[test]
+    fn test_commit_get_large_blob_array_overwrite() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+
+        let large_blob_array = vec![0x11; SHARD_SIZE + 1];
+        assert!(persistent_store
+            .commit_large_blob_array(&large_blob_array)
+            .is_ok());
+        let large_blob_array = vec![0x22; SHARD_SIZE];
+        assert!(persistent_store
+            .commit_large_blob_array(&large_blob_array)
+            .is_ok());
+        let restored_large_blob_array = persistent_store
+            .get_large_blob_array(SHARD_SIZE + 1, 0)
+            .unwrap();
+        assert_eq!(large_blob_array, restored_large_blob_array);
+        let restored_large_blob_array = persistent_store
+            .get_large_blob_array(1, SHARD_SIZE)
+            .unwrap();
+        assert_eq!(Vec::<u8>::new(), restored_large_blob_array);
+
+        assert!(persistent_store.commit_large_blob_array(&[]).is_ok());
+        let restored_large_blob_array = persistent_store
+            .get_large_blob_array(SHARD_SIZE + 1, 0)
+            .unwrap();
+        let empty_blob_array = vec![
+            0x80, 0x76, 0xbe, 0x8b, 0x52, 0x8d, 0x00, 0x75, 0xf7, 0xaa, 0xe9, 0x8d, 0x6f, 0xa5,
+            0x7a, 0x6d, 0x3c,
+        ];
+        assert_eq!(empty_blob_array, restored_large_blob_array);
+    }
+
     #[test]
     fn test_global_signature_counter() {
         let mut rng = ThreadRng256 {};
diff --git a/src/ctap/storage/key.rs b/src/ctap/storage/key.rs
index 1c0e21e..4f6ba51 100644
--- a/src/ctap/storage/key.rs
+++ b/src/ctap/storage/key.rs
@@ -88,6 +88,11 @@ make_partition! {
     /// board may configure `MAX_SUPPORTED_RESIDENT_KEYS` depending on the storage size.
     CREDENTIALS = 1700..2000;
 
+    /// Storage for the serialized large blob array.
+    ///
+    /// The stored large blob can be too big for one key, so it has to be sharded.
+    LARGE_BLOB_SHARDS = 2000..2016;
+
     /// If this entry exists and equals 1, the PIN needs to be changed.
     FORCE_PIN_CHANGE = 2040;
 

From 3517b1163d9e76243923153d743f33c8977cc15f Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 22 Jan 2021 13:48:27 +0100
Subject: [PATCH 142/192] bigger shards, fixed get_large_blob

---
 src/ctap/large_blobs.rs |  4 ++--
 src/ctap/storage.rs     | 27 +++++++++++++++++----------
 src/ctap/storage/key.rs |  2 +-
 3 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/src/ctap/large_blobs.rs b/src/ctap/large_blobs.rs
index 32934e9..6dc80ce 100644
--- a/src/ctap/large_blobs.rs
+++ b/src/ctap/large_blobs.rs
@@ -150,8 +150,8 @@ mod test {
         let mut large_blobs = LargeBlobs::new();
 
         let large_blob = vec![
-            0x80, 0x76, 0xbe, 0x8b, 0x52, 0x8d, 0x00, 0x75, 0xf7, 0xaa, 0xe9, 0x8d, 0x6f, 0xa5,
-            0x7a, 0x6d, 0x3c,
+            0x80, 0x76, 0xBE, 0x8B, 0x52, 0x8D, 0x00, 0x75, 0xF7, 0xAA, 0xE9, 0x8D, 0x6F, 0xA5,
+            0x7A, 0x6D, 0x3C,
         ];
         let large_blobs_params = AuthenticatorLargeBlobsParameters {
             get: Some(large_blob.len()),
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index a89c02d..9b6ce31 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -60,7 +60,7 @@ const DEFAULT_MIN_PIN_LENGTH_RP_IDS: Vec<String> = Vec::new();
 // This constant is an attempt to limit storage requirements. If you don't set it to 0,
 // the stored strings can still be unbounded, but that is true for all RP IDs.
 pub const MAX_RP_IDS_LENGTH: usize = 8;
-const SHARD_SIZE: usize = 128;
+const SHARD_SIZE: usize = 1023;
 pub const MAX_LARGE_BLOB_ARRAY_SIZE: usize =
     SHARD_SIZE * (key::LARGE_BLOB_SHARDS.end - key::LARGE_BLOB_SHARDS.start);
 
@@ -473,7 +473,8 @@ impl PersistentStore {
 
     /// Reads the byte vector stored as the serialized large blobs array.
     ///
-    /// If more data is requested than stored, return as many bytes as possible.
+    /// If too few bytes exist at that offset, return the maximum number
+    /// available. This includes cases of offset being beyond the stored array.
     pub fn get_large_blob_array(
         &self,
         mut byte_count: usize,
@@ -481,24 +482,24 @@ impl PersistentStore {
     ) -> Result<Vec<u8>, Ctap2StatusCode> {
         if self.store.find(key::LARGE_BLOB_SHARDS.start)?.is_none() {
             return Ok(vec![
-                0x80, 0x76, 0xbe, 0x8b, 0x52, 0x8d, 0x00, 0x75, 0xf7, 0xaa, 0xe9, 0x8d, 0x6f, 0xa5,
-                0x7a, 0x6d, 0x3c,
+                0x80, 0x76, 0xBE, 0x8B, 0x52, 0x8D, 0x00, 0x75, 0xF7, 0xAA, 0xE9, 0x8D, 0x6F, 0xA5,
+                0x7A, 0x6D, 0x3C,
             ]);
         }
         let mut output = Vec::with_capacity(byte_count);
         while byte_count > 0 {
-            let shard = offset / SHARD_SIZE;
             let shard_offset = offset % SHARD_SIZE;
             let shard_length = cmp::min(SHARD_SIZE - shard_offset, byte_count);
 
-            let shard_key = key::LARGE_BLOB_SHARDS.start + shard;
+            let shard_key = key::LARGE_BLOB_SHARDS.start + offset / SHARD_SIZE;
             if !key::LARGE_BLOB_SHARDS.contains(&shard_key) {
                 // This request should have been caught at application level.
                 return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
             }
             let shard_entry = self.store.find(shard_key)?.unwrap_or_default();
             if shard_entry.len() < shard_offset + shard_length {
-                output.extend(&shard_entry[..]);
+                // If fewer bytes exist than requested, return them all.
+                output.extend(&shard_entry[shard_offset..]);
                 return Ok(output);
             }
             output.extend(&shard_entry[shard_offset..shard_offset + shard_length]);
@@ -529,7 +530,7 @@ impl PersistentStore {
         }
         // The length is not stored, so overwrite old entries explicitly.
         for key in shard_key..key::LARGE_BLOB_SHARDS.end {
-            // Assuming the store optimizes out unnecessary writes.
+            // Assuming the store optimizes out unnecessary removes.
             self.store.remove(key)?;
         }
         Ok(())
@@ -1223,12 +1224,18 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
 
-        let large_blob_array = vec![0xC0; 1];
+        let large_blob_array = vec![0x01, 0x02, 0x03];
         assert!(persistent_store
             .commit_large_blob_array(&large_blob_array)
             .is_ok());
         let restored_large_blob_array = persistent_store.get_large_blob_array(1, 0).unwrap();
-        assert_eq!(large_blob_array, restored_large_blob_array);
+        assert_eq!(vec![0x01], restored_large_blob_array);
+        let restored_large_blob_array = persistent_store.get_large_blob_array(1, 1).unwrap();
+        assert_eq!(vec![0x02], restored_large_blob_array);
+        let restored_large_blob_array = persistent_store.get_large_blob_array(1, 2).unwrap();
+        assert_eq!(vec![0x03], restored_large_blob_array);
+        let restored_large_blob_array = persistent_store.get_large_blob_array(2, 2).unwrap();
+        assert_eq!(vec![0x03], restored_large_blob_array);
 
         let large_blob_array = vec![0xC0; SHARD_SIZE];
         assert!(persistent_store
diff --git a/src/ctap/storage/key.rs b/src/ctap/storage/key.rs
index 4f6ba51..2093685 100644
--- a/src/ctap/storage/key.rs
+++ b/src/ctap/storage/key.rs
@@ -91,7 +91,7 @@ make_partition! {
     /// Storage for the serialized large blob array.
     ///
     /// The stored large blob can be too big for one key, so it has to be sharded.
-    LARGE_BLOB_SHARDS = 2000..2016;
+    LARGE_BLOB_SHARDS = 2000..2004;
 
     /// If this entry exists and equals 1, the PIN needs to be changed.
     FORCE_PIN_CHANGE = 2040;

From cf8b54b39c1f0ab7b5232ba4af8572628b46fc4b Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 22 Jan 2021 14:16:34 +0100
Subject: [PATCH 143/192] large blob commit is one transaction

---
 src/ctap/storage.rs | 35 +++++++++++++++++------------------
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 9b6ce31..0b66f4f 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -514,26 +514,25 @@ impl PersistentStore {
         &mut self,
         large_blob_array: &[u8],
     ) -> Result<(), Ctap2StatusCode> {
-        let mut large_blob_index = 0;
-        let mut shard_key = key::LARGE_BLOB_SHARDS.start;
-        while large_blob_index < large_blob_array.len() {
-            if !key::LARGE_BLOB_SHARDS.contains(&shard_key) {
-                return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
+        if large_blob_array.len() > MAX_LARGE_BLOB_ARRAY_SIZE {
+            return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
+        }
+        const MIN_SHARD_KEY: usize = key::LARGE_BLOB_SHARDS.start;
+        const SHARD_COUNT: usize = key::LARGE_BLOB_SHARDS.end - MIN_SHARD_KEY;
+        let mut transactions = Vec::with_capacity(SHARD_COUNT);
+        for shard_key in MIN_SHARD_KEY..key::LARGE_BLOB_SHARDS.end {
+            let large_blob_index = (shard_key - MIN_SHARD_KEY) * SHARD_SIZE;
+            if large_blob_array.len() > large_blob_index {
+                let shard_length = cmp::min(SHARD_SIZE, large_blob_array.len() - large_blob_index);
+                transactions.push(StoreUpdate::Insert {
+                    key: shard_key,
+                    value: &large_blob_array[large_blob_index..large_blob_index + shard_length],
+                });
+            } else {
+                transactions.push(StoreUpdate::Remove { key: shard_key });
             }
-            let shard_length = cmp::min(SHARD_SIZE, large_blob_array.len() - large_blob_index);
-            self.store.insert(
-                shard_key,
-                &large_blob_array[large_blob_index..large_blob_index + shard_length],
-            )?;
-            large_blob_index += shard_length;
-            shard_key += 1;
         }
-        // The length is not stored, so overwrite old entries explicitly.
-        for key in shard_key..key::LARGE_BLOB_SHARDS.end {
-            // Assuming the store optimizes out unnecessary removes.
-            self.store.remove(key)?;
-        }
-        Ok(())
+        Ok(self.store.transaction(&transactions)?)
     }
 
     /// Returns the attestation private key if defined.

From 7d04c5c6d0140115ea5914469f8b09365385ece6 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 22 Jan 2021 14:23:32 +0100
Subject: [PATCH 144/192] fixes const usage in test_get_info

---
 src/ctap/mod.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 95b5b0a..8fa622c 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -1267,7 +1267,7 @@ mod test {
                 "setMinPINLength" => true,
                 "forcePINChange" => false,
             },
-            0x05 => 1024,
+            0x05 => MAX_MSG_SIZE as u64,
             0x06 => cbor_array_vec![vec![1]],
             0x07 => MAX_CREDENTIAL_COUNT_IN_LIST.map(|c| c as u64),
             0x08 => CREDENTIAL_ID_SIZE as u64,

From 19c089e955547d34ce5857c1661f5f62252e07e7 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 22 Jan 2021 18:54:45 +0100
Subject: [PATCH 145/192] improvements to large blob storage

---
 src/ctap/large_blobs.rs |   2 +-
 src/ctap/storage.rs     | 188 +++++++++++++++++++++++++---------------
 2 files changed, 120 insertions(+), 70 deletions(-)

diff --git a/src/ctap/large_blobs.rs b/src/ctap/large_blobs.rs
index 6dc80ce..ab38df0 100644
--- a/src/ctap/large_blobs.rs
+++ b/src/ctap/large_blobs.rs
@@ -69,7 +69,7 @@ impl LargeBlobs {
             if get > MAX_FRAGMENT_LENGTH {
                 return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_LENGTH);
             }
-            let config = persistent_store.get_large_blob_array(get, offset)?;
+            let config = persistent_store.get_large_blob_array(offset, get)?;
             return Ok(ResponseData::AuthenticatorLargeBlobs(Some(
                 AuthenticatorLargeBlobsResponse { config },
             )));
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 0b66f4f..934d533 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -60,9 +60,7 @@ const DEFAULT_MIN_PIN_LENGTH_RP_IDS: Vec<String> = Vec::new();
 // This constant is an attempt to limit storage requirements. If you don't set it to 0,
 // the stored strings can still be unbounded, but that is true for all RP IDs.
 pub const MAX_RP_IDS_LENGTH: usize = 8;
-const SHARD_SIZE: usize = 1023;
-pub const MAX_LARGE_BLOB_ARRAY_SIZE: usize =
-    SHARD_SIZE * (key::LARGE_BLOB_SHARDS.end - key::LARGE_BLOB_SHARDS.start);
+pub const MAX_LARGE_BLOB_ARRAY_SIZE: usize = 2048;
 
 /// Wrapper for master keys.
 pub struct MasterKeys {
@@ -471,38 +469,55 @@ impl PersistentStore {
         )?)
     }
 
+    /// The size used for shards of large blobs.
+    ///
+    /// This value is constant during the lifetime of the device.
+    fn shard_size(&self) -> usize {
+        self.store.max_value_length()
+    }
+
     /// Reads the byte vector stored as the serialized large blobs array.
     ///
     /// If too few bytes exist at that offset, return the maximum number
     /// available. This includes cases of offset being beyond the stored array.
+    ///
+    /// If no large blob is committed to the store, get responds as if an empty
+    /// CBOR array (0x80) was written, together with the 16 byte prefix of its
+    /// SHA256, to a total length of 17 byte (which is the shortest legitemate
+    /// large blob entry possible).
     pub fn get_large_blob_array(
         &self,
-        mut byte_count: usize,
         mut offset: usize,
+        mut byte_count: usize,
     ) -> Result<Vec<u8>, Ctap2StatusCode> {
-        if self.store.find(key::LARGE_BLOB_SHARDS.start)?.is_none() {
-            return Ok(vec![
-                0x80, 0x76, 0xBE, 0x8B, 0x52, 0x8D, 0x00, 0x75, 0xF7, 0xAA, 0xE9, 0x8D, 0x6F, 0xA5,
-                0x7A, 0x6D, 0x3C,
-            ]);
-        }
         let mut output = Vec::with_capacity(byte_count);
         while byte_count > 0 {
-            let shard_offset = offset % SHARD_SIZE;
-            let shard_length = cmp::min(SHARD_SIZE - shard_offset, byte_count);
-
-            let shard_key = key::LARGE_BLOB_SHARDS.start + offset / SHARD_SIZE;
+            let shard_key = key::LARGE_BLOB_SHARDS.start + offset / self.shard_size();
             if !key::LARGE_BLOB_SHARDS.contains(&shard_key) {
                 // This request should have been caught at application level.
                 return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
             }
-            let shard_entry = self.store.find(shard_key)?.unwrap_or_default();
-            if shard_entry.len() < shard_offset + shard_length {
-                // If fewer bytes exist than requested, return them all.
-                output.extend(&shard_entry[shard_offset..]);
-                return Ok(output);
+            let shard_entry = self.store.find(shard_key)?;
+            let shard_entry = if shard_key == key::LARGE_BLOB_SHARDS.start {
+                shard_entry.unwrap_or_else(|| {
+                    vec![
+                        0x80, 0x76, 0xBE, 0x8B, 0x52, 0x8D, 0x00, 0x75, 0xF7, 0xAA, 0xE9, 0x8D,
+                        0x6F, 0xA5, 0x7A, 0x6D, 0x3C,
+                    ]
+                })
+            } else {
+                shard_entry.unwrap_or_default()
+            };
+
+            let shard_offset = offset % self.shard_size();
+            if shard_entry.len() < shard_offset {
+                break;
+            }
+            let shard_length = cmp::min(shard_entry.len() - shard_offset, byte_count);
+            output.extend(&shard_entry[shard_offset..][..shard_length]);
+            if shard_entry.len() < self.shard_size() {
+                break;
             }
-            output.extend(&shard_entry[shard_offset..shard_offset + shard_length]);
             offset += shard_length;
             byte_count -= shard_length;
         }
@@ -517,22 +532,18 @@ impl PersistentStore {
         if large_blob_array.len() > MAX_LARGE_BLOB_ARRAY_SIZE {
             return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
         }
-        const MIN_SHARD_KEY: usize = key::LARGE_BLOB_SHARDS.start;
-        const SHARD_COUNT: usize = key::LARGE_BLOB_SHARDS.end - MIN_SHARD_KEY;
-        let mut transactions = Vec::with_capacity(SHARD_COUNT);
-        for shard_key in MIN_SHARD_KEY..key::LARGE_BLOB_SHARDS.end {
-            let large_blob_index = (shard_key - MIN_SHARD_KEY) * SHARD_SIZE;
-            if large_blob_array.len() > large_blob_index {
-                let shard_length = cmp::min(SHARD_SIZE, large_blob_array.len() - large_blob_index);
-                transactions.push(StoreUpdate::Insert {
-                    key: shard_key,
-                    value: &large_blob_array[large_blob_index..large_blob_index + shard_length],
-                });
-            } else {
-                transactions.push(StoreUpdate::Remove { key: shard_key });
-            }
+
+        let mut shards = large_blob_array.chunks(self.shard_size());
+        let mut updates = Vec::with_capacity(shards.len());
+        for key in key::LARGE_BLOB_SHARDS {
+            let update = match shards.next() {
+                Some(value) => StoreUpdate::Insert { key, value },
+                None if self.store.find(key)?.is_some() => StoreUpdate::Remove { key },
+                _ => break,
+            };
+            updates.push(update);
         }
-        Ok(self.store.transaction(&transactions)?)
+        Ok(self.store.transaction(&updates)?)
     }
 
     /// Returns the attestation private key if defined.
@@ -1213,9 +1224,19 @@ mod test {
     }
 
     #[test]
-    #[allow(clippy::assertions_on_constants)]
     fn test_max_large_blob_array_size() {
-        assert!(MAX_LARGE_BLOB_ARRAY_SIZE >= 1024);
+        let mut rng = ThreadRng256 {};
+        let persistent_store = PersistentStore::new(&mut rng);
+
+        #[allow(clippy::assertions_on_constants)]
+        {
+            assert!(MAX_LARGE_BLOB_ARRAY_SIZE >= 1024);
+        }
+        assert!(
+            MAX_LARGE_BLOB_ARRAY_SIZE
+                <= persistent_store.shard_size()
+                    * (key::LARGE_BLOB_SHARDS.end - key::LARGE_BLOB_SHARDS.start)
+        );
     }
 
     #[test]
@@ -1227,25 +1248,29 @@ mod test {
         assert!(persistent_store
             .commit_large_blob_array(&large_blob_array)
             .is_ok());
-        let restored_large_blob_array = persistent_store.get_large_blob_array(1, 0).unwrap();
+        let restored_large_blob_array = persistent_store.get_large_blob_array(0, 1).unwrap();
         assert_eq!(vec![0x01], restored_large_blob_array);
         let restored_large_blob_array = persistent_store.get_large_blob_array(1, 1).unwrap();
         assert_eq!(vec![0x02], restored_large_blob_array);
-        let restored_large_blob_array = persistent_store.get_large_blob_array(1, 2).unwrap();
+        let restored_large_blob_array = persistent_store.get_large_blob_array(2, 1).unwrap();
         assert_eq!(vec![0x03], restored_large_blob_array);
         let restored_large_blob_array = persistent_store.get_large_blob_array(2, 2).unwrap();
         assert_eq!(vec![0x03], restored_large_blob_array);
+        let restored_large_blob_array = persistent_store.get_large_blob_array(3, 1).unwrap();
+        assert_eq!(Vec::<u8>::new(), restored_large_blob_array);
+        let restored_large_blob_array = persistent_store.get_large_blob_array(4, 1).unwrap();
+        assert_eq!(Vec::<u8>::new(), restored_large_blob_array);
 
-        let large_blob_array = vec![0xC0; SHARD_SIZE];
+        let large_blob_array = vec![0xC0; persistent_store.shard_size()];
         assert!(persistent_store
             .commit_large_blob_array(&large_blob_array)
             .is_ok());
         let restored_large_blob_array = persistent_store
-            .get_large_blob_array(SHARD_SIZE, 0)
+            .get_large_blob_array(0, persistent_store.shard_size())
             .unwrap();
         assert_eq!(large_blob_array, restored_large_blob_array);
         let restored_large_blob_array = persistent_store
-            .get_large_blob_array(SHARD_SIZE + 1, 0)
+            .get_large_blob_array(0, persistent_store.shard_size() + 1)
             .unwrap();
         assert_eq!(large_blob_array, restored_large_blob_array);
     }
@@ -1255,32 +1280,32 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
 
-        let large_blob_array = vec![0xC0; SHARD_SIZE + 1];
+        let large_blob_array = vec![0xC0; persistent_store.shard_size() + 1];
         assert!(persistent_store
             .commit_large_blob_array(&large_blob_array)
             .is_ok());
         let restored_large_blob_array = persistent_store
-            .get_large_blob_array(SHARD_SIZE, 0)
+            .get_large_blob_array(0, persistent_store.shard_size())
             .unwrap();
         assert_eq!(
-            large_blob_array[..SHARD_SIZE],
+            large_blob_array[..persistent_store.shard_size()],
             restored_large_blob_array[..]
         );
         let restored_large_blob_array = persistent_store
-            .get_large_blob_array(SHARD_SIZE + 1, 0)
+            .get_large_blob_array(0, persistent_store.shard_size() + 1)
             .unwrap();
         assert_eq!(large_blob_array, restored_large_blob_array);
 
-        let large_blob_array = vec![0xC0; 2 * SHARD_SIZE];
+        let large_blob_array = vec![0xC0; 2 * persistent_store.shard_size()];
         assert!(persistent_store
             .commit_large_blob_array(&large_blob_array)
             .is_ok());
         let restored_large_blob_array = persistent_store
-            .get_large_blob_array(2 * SHARD_SIZE, 0)
+            .get_large_blob_array(0, 2 * persistent_store.shard_size())
             .unwrap();
         assert_eq!(large_blob_array, restored_large_blob_array);
         let restored_large_blob_array = persistent_store
-            .get_large_blob_array(2 * SHARD_SIZE + 1, 0)
+            .get_large_blob_array(0, 2 * persistent_store.shard_size() + 1)
             .unwrap();
         assert_eq!(large_blob_array, restored_large_blob_array);
     }
@@ -1290,37 +1315,46 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
 
-        let mut large_blob_array = vec![0x11; SHARD_SIZE];
-        large_blob_array.extend([0x22; SHARD_SIZE].iter());
-        large_blob_array.extend([0x33; 1].iter());
+        let mut large_blob_array = vec![0x11; persistent_store.shard_size()];
+        large_blob_array.extend(vec![0x22; persistent_store.shard_size()]);
+        large_blob_array.extend(&[0x33; 1]);
         assert!(persistent_store
             .commit_large_blob_array(&large_blob_array)
             .is_ok());
         let restored_large_blob_array = persistent_store
-            .get_large_blob_array(2 * SHARD_SIZE + 1, 0)
+            .get_large_blob_array(0, 2 * persistent_store.shard_size() + 1)
             .unwrap();
         assert_eq!(large_blob_array, restored_large_blob_array);
         let restored_large_blob_array = persistent_store
-            .get_large_blob_array(3 * SHARD_SIZE, 0)
+            .get_large_blob_array(0, 3 * persistent_store.shard_size())
             .unwrap();
         assert_eq!(large_blob_array, restored_large_blob_array);
         let shard1 = persistent_store
-            .get_large_blob_array(SHARD_SIZE, 0)
+            .get_large_blob_array(0, persistent_store.shard_size())
             .unwrap();
         let shard2 = persistent_store
-            .get_large_blob_array(SHARD_SIZE, SHARD_SIZE)
+            .get_large_blob_array(persistent_store.shard_size(), persistent_store.shard_size())
             .unwrap();
         let shard3 = persistent_store
-            .get_large_blob_array(1, 2 * SHARD_SIZE)
+            .get_large_blob_array(2 * persistent_store.shard_size(), 1)
             .unwrap();
-        assert_eq!(large_blob_array[..SHARD_SIZE], shard1[..]);
-        assert_eq!(large_blob_array[SHARD_SIZE..2 * SHARD_SIZE], shard2[..]);
-        assert_eq!(large_blob_array[2 * SHARD_SIZE..], shard3[..]);
+        assert_eq!(
+            large_blob_array[..persistent_store.shard_size()],
+            shard1[..]
+        );
+        assert_eq!(
+            large_blob_array[persistent_store.shard_size()..2 * persistent_store.shard_size()],
+            shard2[..]
+        );
+        assert_eq!(
+            large_blob_array[2 * persistent_store.shard_size()..],
+            shard3[..]
+        );
         let shard12 = persistent_store
-            .get_large_blob_array(2, SHARD_SIZE - 1)
+            .get_large_blob_array(persistent_store.shard_size() - 1, 2)
             .unwrap();
         let shard23 = persistent_store
-            .get_large_blob_array(2, 2 * SHARD_SIZE - 1)
+            .get_large_blob_array(2 * persistent_store.shard_size() - 1, 2)
             .unwrap();
         assert_eq!(vec![0x11, 0x22], shard12);
         assert_eq!(vec![0x22, 0x33], shard23);
@@ -1331,32 +1365,48 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
 
-        let large_blob_array = vec![0x11; SHARD_SIZE + 1];
+        let large_blob_array = vec![0x11; persistent_store.shard_size() + 1];
         assert!(persistent_store
             .commit_large_blob_array(&large_blob_array)
             .is_ok());
-        let large_blob_array = vec![0x22; SHARD_SIZE];
+        let large_blob_array = vec![0x22; persistent_store.shard_size()];
         assert!(persistent_store
             .commit_large_blob_array(&large_blob_array)
             .is_ok());
         let restored_large_blob_array = persistent_store
-            .get_large_blob_array(SHARD_SIZE + 1, 0)
+            .get_large_blob_array(0, persistent_store.shard_size() + 1)
             .unwrap();
         assert_eq!(large_blob_array, restored_large_blob_array);
         let restored_large_blob_array = persistent_store
-            .get_large_blob_array(1, SHARD_SIZE)
+            .get_large_blob_array(persistent_store.shard_size(), 1)
             .unwrap();
         assert_eq!(Vec::<u8>::new(), restored_large_blob_array);
 
         assert!(persistent_store.commit_large_blob_array(&[]).is_ok());
         let restored_large_blob_array = persistent_store
-            .get_large_blob_array(SHARD_SIZE + 1, 0)
+            .get_large_blob_array(0, persistent_store.shard_size() + 1)
             .unwrap();
+        // Committing an empty array resets to the default blob of 17 byte.
+        assert_eq!(restored_large_blob_array.len(), 17);
+    }
+
+    #[test]
+    fn test_commit_get_large_blob_array_no_commit() {
+        let mut rng = ThreadRng256 {};
+        let persistent_store = PersistentStore::new(&mut rng);
+
         let empty_blob_array = vec![
-            0x80, 0x76, 0xbe, 0x8b, 0x52, 0x8d, 0x00, 0x75, 0xf7, 0xaa, 0xe9, 0x8d, 0x6f, 0xa5,
-            0x7a, 0x6d, 0x3c,
+            0x80, 0x76, 0xBE, 0x8B, 0x52, 0x8D, 0x00, 0x75, 0xF7, 0xAA, 0xE9, 0x8D, 0x6F, 0xA5,
+            0x7A, 0x6D, 0x3C,
         ];
+        let restored_large_blob_array = persistent_store
+            .get_large_blob_array(0, persistent_store.shard_size())
+            .unwrap();
         assert_eq!(empty_blob_array, restored_large_blob_array);
+        let restored_large_blob_array = persistent_store.get_large_blob_array(0, 1).unwrap();
+        assert_eq!(vec![0x80], restored_large_blob_array);
+        let restored_large_blob_array = persistent_store.get_large_blob_array(16, 1).unwrap();
+        assert_eq!(vec![0x3C], restored_large_blob_array);
     }
 
     #[test]

From f0c51950cb92be099e76ad51b2c8758464399a2b Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Fri, 22 Jan 2021 19:19:52 +0100
Subject: [PATCH 146/192] Add fragmentation support

---
 libraries/persistent_store/src/fragment.rs   | 179 ++++++++++++++++++
 libraries/persistent_store/src/lib.rs        |   1 +
 libraries/persistent_store/src/store.rs      |  22 ++-
 libraries/persistent_store/tests/config.rs   |  49 +++++
 libraries/persistent_store/tests/fragment.rs | 188 +++++++++++++++++++
 5 files changed, 438 insertions(+), 1 deletion(-)
 create mode 100644 libraries/persistent_store/src/fragment.rs
 create mode 100644 libraries/persistent_store/tests/config.rs
 create mode 100644 libraries/persistent_store/tests/fragment.rs

diff --git a/libraries/persistent_store/src/fragment.rs b/libraries/persistent_store/src/fragment.rs
new file mode 100644
index 0000000..5bab46f
--- /dev/null
+++ b/libraries/persistent_store/src/fragment.rs
@@ -0,0 +1,179 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Helper functions for fragmented entries.
+//!
+//! This module permits to handle entries larger than the [maximum value
+//! length](Store::max_value_length) by storing ordered consecutive fragments in a sequence of keys.
+//! The first keys hold fragments of maximal length, followed by a possibly partial fragment. The
+//! remaining keys are not used.
+
+use crate::{Storage, Store, StoreError, StoreHandle, StoreResult, StoreUpdate};
+use alloc::vec::Vec;
+use core::ops::Range;
+
+/// Represents a sequence of keys.
+pub trait Keys {
+    /// Returns the number of keys.
+    fn len(&self) -> usize;
+
+    /// Returns the position of a key in the sequence.
+    fn pos(&self, key: usize) -> Option<usize>;
+
+    /// Returns the key of a position in the sequence.
+    ///
+    /// # Preconditions
+    ///
+    /// The position must be within the length: `pos < len()`.
+    fn key(&self, pos: usize) -> usize;
+}
+
+impl Keys for Range<usize> {
+    fn len(&self) -> usize {
+        self.end - self.start
+    }
+
+    fn pos(&self, key: usize) -> Option<usize> {
+        if self.start <= key && key < self.end {
+            Some(key - self.start)
+        } else {
+            None
+        }
+    }
+
+    fn key(&self, pos: usize) -> usize {
+        debug_assert!(pos < Keys::len(self));
+        self.start + pos
+    }
+}
+
+/// Reads the concatenated value of a sequence of keys.
+pub fn read(store: &Store<impl Storage>, keys: &impl Keys) -> StoreResult<Option<Vec<u8>>> {
+    let handles = get_handles(store, keys)?;
+    if handles.is_empty() {
+        return Ok(None);
+    }
+    let mut result = Vec::with_capacity(handles.len() * store.max_value_length());
+    for handle in handles {
+        result.extend(handle.get_value(store)?);
+    }
+    Ok(Some(result))
+}
+
+/// Reads a range from the concatenated value of a sequence of keys.
+///
+/// This is equivalent to calling [`read`] then taking the range except that:
+/// - Only the needed chunks are read.
+/// - The range is truncated to fit in the value.
+pub fn read_range(
+    store: &Store<impl Storage>,
+    keys: &impl Keys,
+    range: Range<usize>,
+) -> StoreResult<Option<Vec<u8>>> {
+    let range_len = match range.end.checked_sub(range.start) {
+        None => return Err(StoreError::InvalidArgument),
+        Some(x) => x,
+    };
+    let handles = get_handles(store, keys)?;
+    if handles.is_empty() {
+        return Ok(None);
+    }
+    let mut result = Vec::with_capacity(range_len);
+    let mut offset = 0;
+    for handle in handles {
+        let start = range.start.saturating_sub(offset);
+        let length = handle.get_length(store)?;
+        let end = core::cmp::min(range.end.saturating_sub(offset), length);
+        offset += length;
+        if start < end && end <= length {
+            result.extend(&handle.get_value(store)?[start..end]);
+        }
+    }
+    Ok(Some(result))
+}
+
+/// Writes a value to a sequence of keys as chunks.
+pub fn write(store: &mut Store<impl Storage>, keys: &impl Keys, value: &[u8]) -> StoreResult<()> {
+    let handles = get_handles(store, keys)?;
+    let keys_len = keys.len();
+    let mut updates = Vec::with_capacity(keys_len);
+    let mut chunks = value.chunks(store.max_value_length());
+    for pos in 0..keys_len {
+        let key = keys.key(pos);
+        match (handles.get(pos), chunks.next()) {
+            // No existing handle and no new chunk: nothing to do.
+            (None, None) => (),
+            // Existing handle and no new chunk: remove old handle.
+            (Some(_), None) => updates.push(StoreUpdate::Remove { key }),
+            // Existing handle with same value as new chunk: nothing to do.
+            (Some(handle), Some(value)) if handle.get_value(store)? == value => (),
+            // New chunk: Write (or overwrite) the new value.
+            (_, Some(value)) => updates.push(StoreUpdate::Insert { key, value }),
+        }
+    }
+    if chunks.next().is_some() {
+        // The value is too long.
+        return Err(StoreError::InvalidArgument);
+    }
+    store.transaction(&updates)
+}
+
+/// Deletes the value of a sequence of keys.
+pub fn delete(store: &mut Store<impl Storage>, keys: &impl Keys) -> StoreResult<()> {
+    let updates: Vec<StoreUpdate<Vec<u8>>> = get_handles(store, keys)?
+        .iter()
+        .map(|handle| StoreUpdate::Remove {
+            key: handle.get_key(),
+        })
+        .collect();
+    store.transaction(&updates)
+}
+
+/// Returns the handles of a sequence of keys.
+///
+/// The handles are truncated to the keys that are present.
+fn get_handles(store: &Store<impl Storage>, keys: &impl Keys) -> StoreResult<Vec<StoreHandle>> {
+    let keys_len = keys.len();
+    let mut handles: Vec<Option<StoreHandle>> = vec![None; keys_len as usize];
+    for handle in store.iter()? {
+        let handle = handle?;
+        let pos = match keys.pos(handle.get_key()) {
+            Some(pos) => pos,
+            None => continue,
+        };
+        if pos >= keys_len {
+            return Err(StoreError::InvalidArgument);
+        }
+        if let Some(old_handle) = &handles[pos] {
+            if old_handle.get_key() != handle.get_key() {
+                // The user provided a non-injective `pos` function.
+                return Err(StoreError::InvalidArgument);
+            } else {
+                return Err(StoreError::InvalidStorage);
+            }
+        }
+        handles[pos] = Some(handle);
+    }
+    let num_handles = handles.iter().filter(|x| x.is_some()).count();
+    let mut result = Vec::with_capacity(num_handles);
+    for (i, handle) in handles.into_iter().enumerate() {
+        match (i < num_handles, handle) {
+            (true, Some(handle)) => result.push(handle),
+            (false, None) => (),
+            // We should have `num_handles` Somes followed by Nones.
+            _ => return Err(StoreError::InvalidStorage),
+        }
+    }
+    Ok(result)
+}
diff --git a/libraries/persistent_store/src/lib.rs b/libraries/persistent_store/src/lib.rs
index 06a3a68..41acbaf 100644
--- a/libraries/persistent_store/src/lib.rs
+++ b/libraries/persistent_store/src/lib.rs
@@ -354,6 +354,7 @@ mod buffer;
 #[cfg(feature = "std")]
 mod driver;
 mod format;
+pub mod fragment;
 #[cfg(feature = "std")]
 mod model;
 mod storage;
diff --git a/libraries/persistent_store/src/store.rs b/libraries/persistent_store/src/store.rs
index 224eeb9..2630950 100644
--- a/libraries/persistent_store/src/store.rs
+++ b/libraries/persistent_store/src/store.rs
@@ -100,7 +100,7 @@ pub type StoreResult<T> = Result<T, StoreError>;
 ///
 /// [capacity]: struct.Store.html#method.capacity
 /// [lifetime]: struct.Store.html#method.lifetime
-#[derive(Copy, Clone, PartialEq, Eq)]
+#[derive(Copy, Clone, Debug, PartialEq, Eq)]
 pub struct StoreRatio {
     /// How much of the metric is used.
     pub(crate) used: Nat,
@@ -148,6 +148,15 @@ impl StoreHandle {
         self.key as usize
     }
 
+    /// Returns the length of value of the entry.
+    ///
+    /// # Errors
+    ///
+    /// Returns `InvalidArgument` if the entry has been deleted or compacted.
+    pub fn get_length<S: Storage>(&self, store: &Store<S>) -> StoreResult<usize> {
+        store.get_length(self)
+    }
+
     /// Returns the value of the entry.
     ///
     /// # Errors
@@ -446,6 +455,17 @@ impl<S: Storage> Store<S> {
         self.format.max_value_len() as usize
     }
 
+    /// Returns the length of the value of an entry given its handle.
+    fn get_length(&self, handle: &StoreHandle) -> StoreResult<usize> {
+        self.check_handle(handle)?;
+        let mut pos = handle.pos;
+        match self.parse_entry(&mut pos)? {
+            ParsedEntry::User(header) => Ok(header.length as usize),
+            ParsedEntry::Padding => Err(StoreError::InvalidArgument),
+            _ => Err(StoreError::InvalidStorage),
+        }
+    }
+
     /// Returns the value of an entry given its handle.
     fn get_value(&self, handle: &StoreHandle) -> StoreResult<Vec<u8>> {
         self.check_handle(handle)?;
diff --git a/libraries/persistent_store/tests/config.rs b/libraries/persistent_store/tests/config.rs
new file mode 100644
index 0000000..8812743
--- /dev/null
+++ b/libraries/persistent_store/tests/config.rs
@@ -0,0 +1,49 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use persistent_store::{BufferOptions, BufferStorage, Store, StoreDriverOff};
+
+#[derive(Clone)]
+pub struct Config {
+    word_size: usize,
+    page_size: usize,
+    num_pages: usize,
+    max_word_writes: usize,
+    max_page_erases: usize,
+}
+
+impl Config {
+    pub fn new_driver(&self) -> StoreDriverOff {
+        let options = BufferOptions {
+            word_size: self.word_size,
+            page_size: self.page_size,
+            max_word_writes: self.max_word_writes,
+            max_page_erases: self.max_page_erases,
+            strict_mode: true,
+        };
+        StoreDriverOff::new(options, self.num_pages)
+    }
+
+    pub fn new_store(&self) -> Store<BufferStorage> {
+        self.new_driver().power_on().unwrap().extract_store()
+    }
+}
+
+pub const MINIMAL: Config = Config {
+    word_size: 4,
+    page_size: 64,
+    num_pages: 5,
+    max_word_writes: 2,
+    max_page_erases: 9,
+};
diff --git a/libraries/persistent_store/tests/fragment.rs b/libraries/persistent_store/tests/fragment.rs
new file mode 100644
index 0000000..fd045bc
--- /dev/null
+++ b/libraries/persistent_store/tests/fragment.rs
@@ -0,0 +1,188 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use persistent_store::fragment;
+
+mod config;
+
+#[test]
+fn read_empty_entry() {
+    let store = config::MINIMAL.new_store();
+    assert_eq!(fragment::read(&store, &(0..4)), Ok(None));
+}
+
+#[test]
+fn read_single_chunk() {
+    let mut store = config::MINIMAL.new_store();
+    let value = b"hello".to_vec();
+    assert_eq!(store.insert(0, &value), Ok(()));
+    assert_eq!(fragment::read(&store, &(0..4)), Ok(Some(value)));
+}
+
+#[test]
+fn read_multiple_chunks() {
+    let mut store = config::MINIMAL.new_store();
+    let value: Vec<_> = (0..60).collect();
+    assert_eq!(store.insert(0, &value[..52]), Ok(()));
+    assert_eq!(store.insert(1, &value[52..]), Ok(()));
+    assert_eq!(fragment::read(&store, &(0..4)), Ok(Some(value)));
+}
+
+#[test]
+fn read_range_first_chunk() {
+    let mut store = config::MINIMAL.new_store();
+    let value: Vec<_> = (0..60).collect();
+    assert_eq!(store.insert(0, &value[..52]), Ok(()));
+    assert_eq!(store.insert(1, &value[52..]), Ok(()));
+    assert_eq!(
+        fragment::read_range(&store, &(0..4), 0..10),
+        Ok(Some((0..10).collect()))
+    );
+    assert_eq!(
+        fragment::read_range(&store, &(0..4), 10..20),
+        Ok(Some((10..20).collect()))
+    );
+    assert_eq!(
+        fragment::read_range(&store, &(0..4), 40..52),
+        Ok(Some((40..52).collect()))
+    );
+}
+
+#[test]
+fn read_range_second_chunk() {
+    let mut store = config::MINIMAL.new_store();
+    let value: Vec<_> = (0..60).collect();
+    assert_eq!(store.insert(0, &value[..52]), Ok(()));
+    assert_eq!(store.insert(1, &value[52..]), Ok(()));
+    assert_eq!(
+        fragment::read_range(&store, &(0..4), 52..53),
+        Ok(Some(vec![52]))
+    );
+    assert_eq!(
+        fragment::read_range(&store, &(0..4), 53..54),
+        Ok(Some(vec![53]))
+    );
+    assert_eq!(
+        fragment::read_range(&store, &(0..4), 59..60),
+        Ok(Some(vec![59]))
+    );
+}
+
+#[test]
+fn read_range_both_chunks() {
+    let mut store = config::MINIMAL.new_store();
+    let value: Vec<_> = (0..60).collect();
+    assert_eq!(store.insert(0, &value[..52]), Ok(()));
+    assert_eq!(store.insert(1, &value[52..]), Ok(()));
+    assert_eq!(
+        fragment::read_range(&store, &(0..4), 40..60),
+        Ok(Some((40..60).collect()))
+    );
+    assert_eq!(
+        fragment::read_range(&store, &(0..4), 0..60),
+        Ok(Some((0..60).collect()))
+    );
+}
+
+#[test]
+fn read_range_outside() {
+    let mut store = config::MINIMAL.new_store();
+    let value: Vec<_> = (0..60).collect();
+    assert_eq!(store.insert(0, &value[..52]), Ok(()));
+    assert_eq!(store.insert(1, &value[52..]), Ok(()));
+    assert_eq!(
+        fragment::read_range(&store, &(0..4), 40..100),
+        Ok(Some((40..60).collect()))
+    );
+    assert_eq!(
+        fragment::read_range(&store, &(0..4), 60..100),
+        Ok(Some(vec![]))
+    );
+}
+
+#[test]
+fn write_single_chunk() {
+    let mut store = config::MINIMAL.new_store();
+    let value = b"hello".to_vec();
+    assert_eq!(fragment::write(&mut store, &(0..4), &value), Ok(()));
+    assert_eq!(store.find(0), Ok(Some(value)));
+    assert_eq!(store.find(1), Ok(None));
+    assert_eq!(store.find(2), Ok(None));
+    assert_eq!(store.find(3), Ok(None));
+}
+
+#[test]
+fn write_multiple_chunks() {
+    let mut store = config::MINIMAL.new_store();
+    let value: Vec<_> = (0..60).collect();
+    assert_eq!(fragment::write(&mut store, &(0..4), &value), Ok(()));
+    assert_eq!(store.find(0), Ok(Some((0..52).collect())));
+    assert_eq!(store.find(1), Ok(Some((52..60).collect())));
+    assert_eq!(store.find(2), Ok(None));
+    assert_eq!(store.find(3), Ok(None));
+}
+
+#[test]
+fn overwrite_less_chunks() {
+    let mut store = config::MINIMAL.new_store();
+    let value: Vec<_> = (0..60).collect();
+    assert_eq!(store.insert(0, &value[..52]), Ok(()));
+    assert_eq!(store.insert(1, &value[52..]), Ok(()));
+    let value: Vec<_> = (42..69).collect();
+    assert_eq!(fragment::write(&mut store, &(0..4), &value), Ok(()));
+    assert_eq!(store.find(0), Ok(Some((42..69).collect())));
+    assert_eq!(store.find(1), Ok(None));
+    assert_eq!(store.find(2), Ok(None));
+    assert_eq!(store.find(3), Ok(None));
+}
+
+#[test]
+fn overwrite_needed_chunks() {
+    let mut store = config::MINIMAL.new_store();
+    let mut value: Vec<_> = (0..60).collect();
+    assert_eq!(store.insert(0, &value[..52]), Ok(()));
+    assert_eq!(store.insert(1, &value[52..]), Ok(()));
+    // Current lifetime is 2 words of overhead (2 insert) and 60 bytes of data.
+    let mut lifetime = 2 + 60 / 4;
+    assert_eq!(store.lifetime().unwrap().used(), lifetime);
+    // Update the value.
+    value.extend(60..80);
+    assert_eq!(fragment::write(&mut store, &(0..4), &value), Ok(()));
+    // Added lifetime is 1 word of overhead (1 insert) and (80 - 52) bytes of data.
+    lifetime += 1 + (80 - 52) / 4;
+    assert_eq!(store.lifetime().unwrap().used(), lifetime);
+}
+
+#[test]
+fn delete_empty() {
+    let mut store = config::MINIMAL.new_store();
+    assert_eq!(fragment::delete(&mut store, &(0..4)), Ok(()));
+    assert_eq!(store.find(0), Ok(None));
+    assert_eq!(store.find(1), Ok(None));
+    assert_eq!(store.find(2), Ok(None));
+    assert_eq!(store.find(3), Ok(None));
+}
+
+#[test]
+fn delete_chunks() {
+    let mut store = config::MINIMAL.new_store();
+    let value: Vec<_> = (0..60).collect();
+    assert_eq!(store.insert(0, &value[..52]), Ok(()));
+    assert_eq!(store.insert(1, &value[52..]), Ok(()));
+    assert_eq!(fragment::delete(&mut store, &(0..4)), Ok(()));
+    assert_eq!(store.find(0), Ok(None));
+    assert_eq!(store.find(1), Ok(None));
+    assert_eq!(store.find(2), Ok(None));
+    assert_eq!(store.find(3), Ok(None));
+}

From 41a3f512c81b074b1e2ffb5bb6ceb1cfd12ac0b5 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Mon, 25 Jan 2021 11:31:42 +0100
Subject: [PATCH 147/192] Remove useless check

---
 libraries/persistent_store/src/fragment.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libraries/persistent_store/src/fragment.rs b/libraries/persistent_store/src/fragment.rs
index 5bab46f..73b6d29 100644
--- a/libraries/persistent_store/src/fragment.rs
+++ b/libraries/persistent_store/src/fragment.rs
@@ -96,7 +96,7 @@ pub fn read_range(
         let length = handle.get_length(store)?;
         let end = core::cmp::min(range.end.saturating_sub(offset), length);
         offset += length;
-        if start < end && end <= length {
+        if start < end {
             result.extend(&handle.get_value(store)?[start..end]);
         }
     }

From 0e537733f12314b7edf3a4113bdf2bacd3ae4575 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Mon, 25 Jan 2021 17:04:01 +0100
Subject: [PATCH 148/192] Improve count_credentials by not deserializing them

---
 src/ctap/storage.rs | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index b85f918..c5182bc 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -268,11 +268,11 @@ impl PersistentStore {
 
     /// Returns the number of credentials.
     pub fn count_credentials(&self) -> Result<usize, Ctap2StatusCode> {
-        let mut iter_result = Ok(());
-        let iter = self.iter_credentials(&mut iter_result)?;
-        let result = iter.count();
-        iter_result?;
-        Ok(result)
+        let mut count = 0;
+        for handle in self.store.iter()? {
+            count += key::CREDENTIALS.contains(&handle?.get_key()) as usize;
+        }
+        Ok(count)
     }
 
     /// Returns the estimated number of credentials that can still be stored.

From ae0156d2876871fa13b3ee6b41717767c3960cc2 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Mon, 25 Jan 2021 17:30:50 +0100
Subject: [PATCH 149/192] Factor test tools between store and fragment

Those need the driver to deal with the fact that the store is stateful. Those
tests can't be moved to the test suite because they use private functions.
---
 libraries/persistent_store/src/fragment.rs    | 165 +++++++++++++++
 libraries/persistent_store/src/lib.rs         |   4 +-
 libraries/persistent_store/src/store.rs       |  70 +------
 .../{tests/config.rs => src/test.rs}          |  37 +++-
 libraries/persistent_store/tests/fragment.rs  | 188 ------------------
 5 files changed, 211 insertions(+), 253 deletions(-)
 rename libraries/persistent_store/{tests/config.rs => src/test.rs} (60%)
 delete mode 100644 libraries/persistent_store/tests/fragment.rs

diff --git a/libraries/persistent_store/src/fragment.rs b/libraries/persistent_store/src/fragment.rs
index 73b6d29..9aec377 100644
--- a/libraries/persistent_store/src/fragment.rs
+++ b/libraries/persistent_store/src/fragment.rs
@@ -177,3 +177,168 @@ fn get_handles(store: &Store<impl Storage>, keys: &impl Keys) -> StoreResult<Vec
     }
     Ok(result)
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::test::MINIMAL;
+
+    #[test]
+    fn read_empty_entry() {
+        let store = MINIMAL.new_store();
+        assert_eq!(read(&store, &(0..4)), Ok(None));
+    }
+
+    #[test]
+    fn read_single_chunk() {
+        let mut store = MINIMAL.new_store();
+        let value = b"hello".to_vec();
+        assert_eq!(store.insert(0, &value), Ok(()));
+        assert_eq!(read(&store, &(0..4)), Ok(Some(value)));
+    }
+
+    #[test]
+    fn read_multiple_chunks() {
+        let mut store = MINIMAL.new_store();
+        let value: Vec<_> = (0..60).collect();
+        assert_eq!(store.insert(0, &value[..52]), Ok(()));
+        assert_eq!(store.insert(1, &value[52..]), Ok(()));
+        assert_eq!(read(&store, &(0..4)), Ok(Some(value)));
+    }
+
+    #[test]
+    fn read_range_first_chunk() {
+        let mut store = MINIMAL.new_store();
+        let value: Vec<_> = (0..60).collect();
+        assert_eq!(store.insert(0, &value[..52]), Ok(()));
+        assert_eq!(store.insert(1, &value[52..]), Ok(()));
+        assert_eq!(
+            read_range(&store, &(0..4), 0..10),
+            Ok(Some((0..10).collect()))
+        );
+        assert_eq!(
+            read_range(&store, &(0..4), 10..20),
+            Ok(Some((10..20).collect()))
+        );
+        assert_eq!(
+            read_range(&store, &(0..4), 40..52),
+            Ok(Some((40..52).collect()))
+        );
+    }
+
+    #[test]
+    fn read_range_second_chunk() {
+        let mut store = MINIMAL.new_store();
+        let value: Vec<_> = (0..60).collect();
+        assert_eq!(store.insert(0, &value[..52]), Ok(()));
+        assert_eq!(store.insert(1, &value[52..]), Ok(()));
+        assert_eq!(read_range(&store, &(0..4), 52..53), Ok(Some(vec![52])));
+        assert_eq!(read_range(&store, &(0..4), 53..54), Ok(Some(vec![53])));
+        assert_eq!(read_range(&store, &(0..4), 59..60), Ok(Some(vec![59])));
+    }
+
+    #[test]
+    fn read_range_both_chunks() {
+        let mut store = MINIMAL.new_store();
+        let value: Vec<_> = (0..60).collect();
+        assert_eq!(store.insert(0, &value[..52]), Ok(()));
+        assert_eq!(store.insert(1, &value[52..]), Ok(()));
+        assert_eq!(
+            read_range(&store, &(0..4), 40..60),
+            Ok(Some((40..60).collect()))
+        );
+        assert_eq!(
+            read_range(&store, &(0..4), 0..60),
+            Ok(Some((0..60).collect()))
+        );
+    }
+
+    #[test]
+    fn read_range_outside() {
+        let mut store = MINIMAL.new_store();
+        let value: Vec<_> = (0..60).collect();
+        assert_eq!(store.insert(0, &value[..52]), Ok(()));
+        assert_eq!(store.insert(1, &value[52..]), Ok(()));
+        assert_eq!(
+            read_range(&store, &(0..4), 40..100),
+            Ok(Some((40..60).collect()))
+        );
+        assert_eq!(read_range(&store, &(0..4), 60..100), Ok(Some(vec![])));
+    }
+
+    #[test]
+    fn write_single_chunk() {
+        let mut store = MINIMAL.new_store();
+        let value = b"hello".to_vec();
+        assert_eq!(write(&mut store, &(0..4), &value), Ok(()));
+        assert_eq!(store.find(0), Ok(Some(value)));
+        assert_eq!(store.find(1), Ok(None));
+        assert_eq!(store.find(2), Ok(None));
+        assert_eq!(store.find(3), Ok(None));
+    }
+
+    #[test]
+    fn write_multiple_chunks() {
+        let mut store = MINIMAL.new_store();
+        let value: Vec<_> = (0..60).collect();
+        assert_eq!(write(&mut store, &(0..4), &value), Ok(()));
+        assert_eq!(store.find(0), Ok(Some((0..52).collect())));
+        assert_eq!(store.find(1), Ok(Some((52..60).collect())));
+        assert_eq!(store.find(2), Ok(None));
+        assert_eq!(store.find(3), Ok(None));
+    }
+
+    #[test]
+    fn overwrite_less_chunks() {
+        let mut store = MINIMAL.new_store();
+        let value: Vec<_> = (0..60).collect();
+        assert_eq!(store.insert(0, &value[..52]), Ok(()));
+        assert_eq!(store.insert(1, &value[52..]), Ok(()));
+        let value: Vec<_> = (42..69).collect();
+        assert_eq!(write(&mut store, &(0..4), &value), Ok(()));
+        assert_eq!(store.find(0), Ok(Some((42..69).collect())));
+        assert_eq!(store.find(1), Ok(None));
+        assert_eq!(store.find(2), Ok(None));
+        assert_eq!(store.find(3), Ok(None));
+    }
+
+    #[test]
+    fn overwrite_needed_chunks() {
+        let mut store = MINIMAL.new_store();
+        let mut value: Vec<_> = (0..60).collect();
+        assert_eq!(store.insert(0, &value[..52]), Ok(()));
+        assert_eq!(store.insert(1, &value[52..]), Ok(()));
+        // Current lifetime is 2 words of overhead (2 insert) and 60 bytes of data.
+        let mut lifetime = 2 + 60 / 4;
+        assert_eq!(store.lifetime().unwrap().used(), lifetime);
+        // Update the value.
+        value.extend(60..80);
+        assert_eq!(write(&mut store, &(0..4), &value), Ok(()));
+        // Added lifetime is 1 word of overhead (1 insert) and (80 - 52) bytes of data.
+        lifetime += 1 + (80 - 52) / 4;
+        assert_eq!(store.lifetime().unwrap().used(), lifetime);
+    }
+
+    #[test]
+    fn delete_empty() {
+        let mut store = MINIMAL.new_store();
+        assert_eq!(delete(&mut store, &(0..4)), Ok(()));
+        assert_eq!(store.find(0), Ok(None));
+        assert_eq!(store.find(1), Ok(None));
+        assert_eq!(store.find(2), Ok(None));
+        assert_eq!(store.find(3), Ok(None));
+    }
+
+    #[test]
+    fn delete_chunks() {
+        let mut store = MINIMAL.new_store();
+        let value: Vec<_> = (0..60).collect();
+        assert_eq!(store.insert(0, &value[..52]), Ok(()));
+        assert_eq!(store.insert(1, &value[52..]), Ok(()));
+        assert_eq!(delete(&mut store, &(0..4)), Ok(()));
+        assert_eq!(store.find(0), Ok(None));
+        assert_eq!(store.find(1), Ok(None));
+        assert_eq!(store.find(2), Ok(None));
+        assert_eq!(store.find(3), Ok(None));
+    }
+}
diff --git a/libraries/persistent_store/src/lib.rs b/libraries/persistent_store/src/lib.rs
index 41acbaf..a8adc2b 100644
--- a/libraries/persistent_store/src/lib.rs
+++ b/libraries/persistent_store/src/lib.rs
@@ -1,4 +1,4 @@
-// Copyright 2019-2020 Google LLC
+// Copyright 2019-2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -359,6 +359,8 @@ pub mod fragment;
 mod model;
 mod storage;
 mod store;
+#[cfg(test)]
+mod test;
 
 #[cfg(feature = "std")]
 pub use self::buffer::{BufferCorruptFunction, BufferOptions, BufferStorage};
diff --git a/libraries/persistent_store/src/store.rs b/libraries/persistent_store/src/store.rs
index 2630950..f19f463 100644
--- a/libraries/persistent_store/src/store.rs
+++ b/libraries/persistent_store/src/store.rs
@@ -1301,71 +1301,15 @@ fn is_write_needed(source: &[u8], target: &[u8]) -> StoreResult<bool> {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::BufferOptions;
-
-    #[derive(Clone)]
-    struct Config {
-        word_size: usize,
-        page_size: usize,
-        num_pages: usize,
-        max_word_writes: usize,
-        max_page_erases: usize,
-    }
-
-    impl Config {
-        fn new_driver(&self) -> StoreDriverOff {
-            let options = BufferOptions {
-                word_size: self.word_size,
-                page_size: self.page_size,
-                max_word_writes: self.max_word_writes,
-                max_page_erases: self.max_page_erases,
-                strict_mode: true,
-            };
-            StoreDriverOff::new(options, self.num_pages)
-        }
-    }
-
-    const MINIMAL: Config = Config {
-        word_size: 4,
-        page_size: 64,
-        num_pages: 5,
-        max_word_writes: 2,
-        max_page_erases: 9,
-    };
-
-    const NORDIC: Config = Config {
-        word_size: 4,
-        page_size: 0x1000,
-        num_pages: 20,
-        max_word_writes: 2,
-        max_page_erases: 10000,
-    };
-
-    const TITAN: Config = Config {
-        word_size: 4,
-        page_size: 0x800,
-        num_pages: 10,
-        max_word_writes: 2,
-        max_page_erases: 10000,
-    };
+    use crate::test::MINIMAL;
 
     #[test]
-    fn nordic_capacity() {
-        let driver = NORDIC.new_driver().power_on().unwrap();
-        assert_eq!(driver.model().capacity().total, 19123);
-    }
-
-    #[test]
-    fn titan_capacity() {
-        let driver = TITAN.new_driver().power_on().unwrap();
-        assert_eq!(driver.model().capacity().total, 4315);
-    }
-
-    #[test]
-    fn minimal_virt_page_size() {
-        // Make sure a virtual page has 14 words. We use this property in the other tests below to
-        // know whether entries are spanning, starting, and ending pages.
-        assert_eq!(MINIMAL.new_driver().model().format().virt_page_size(), 14);
+    fn is_write_needed_ok() {
+        assert_eq!(is_write_needed(&[], &[]), Ok(false));
+        assert_eq!(is_write_needed(&[0], &[0]), Ok(false));
+        assert_eq!(is_write_needed(&[0], &[1]), Err(StoreError::InvalidStorage));
+        assert_eq!(is_write_needed(&[1], &[0]), Ok(true));
+        assert_eq!(is_write_needed(&[1], &[1]), Ok(false));
     }
 
     #[test]
diff --git a/libraries/persistent_store/tests/config.rs b/libraries/persistent_store/src/test.rs
similarity index 60%
rename from libraries/persistent_store/tests/config.rs
rename to libraries/persistent_store/src/test.rs
index 8812743..2d20574 100644
--- a/libraries/persistent_store/tests/config.rs
+++ b/libraries/persistent_store/src/test.rs
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use persistent_store::{BufferOptions, BufferStorage, Store, StoreDriverOff};
+use crate::{BufferOptions, BufferStorage, Store, StoreDriverOff};
 
 #[derive(Clone)]
 pub struct Config {
@@ -47,3 +47,38 @@ pub const MINIMAL: Config = Config {
     max_word_writes: 2,
     max_page_erases: 9,
 };
+
+const NORDIC: Config = Config {
+    word_size: 4,
+    page_size: 0x1000,
+    num_pages: 20,
+    max_word_writes: 2,
+    max_page_erases: 10000,
+};
+
+const TITAN: Config = Config {
+    word_size: 4,
+    page_size: 0x800,
+    num_pages: 10,
+    max_word_writes: 2,
+    max_page_erases: 10000,
+};
+
+#[test]
+fn nordic_capacity() {
+    let driver = NORDIC.new_driver().power_on().unwrap();
+    assert_eq!(driver.model().capacity().total, 19123);
+}
+
+#[test]
+fn titan_capacity() {
+    let driver = TITAN.new_driver().power_on().unwrap();
+    assert_eq!(driver.model().capacity().total, 4315);
+}
+
+#[test]
+fn minimal_virt_page_size() {
+    // Make sure a virtual page has 14 words. We use this property in the other tests below to
+    // know whether entries are spanning, starting, and ending pages.
+    assert_eq!(MINIMAL.new_driver().model().format().virt_page_size(), 14);
+}
diff --git a/libraries/persistent_store/tests/fragment.rs b/libraries/persistent_store/tests/fragment.rs
deleted file mode 100644
index fd045bc..0000000
--- a/libraries/persistent_store/tests/fragment.rs
+++ /dev/null
@@ -1,188 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-use persistent_store::fragment;
-
-mod config;
-
-#[test]
-fn read_empty_entry() {
-    let store = config::MINIMAL.new_store();
-    assert_eq!(fragment::read(&store, &(0..4)), Ok(None));
-}
-
-#[test]
-fn read_single_chunk() {
-    let mut store = config::MINIMAL.new_store();
-    let value = b"hello".to_vec();
-    assert_eq!(store.insert(0, &value), Ok(()));
-    assert_eq!(fragment::read(&store, &(0..4)), Ok(Some(value)));
-}
-
-#[test]
-fn read_multiple_chunks() {
-    let mut store = config::MINIMAL.new_store();
-    let value: Vec<_> = (0..60).collect();
-    assert_eq!(store.insert(0, &value[..52]), Ok(()));
-    assert_eq!(store.insert(1, &value[52..]), Ok(()));
-    assert_eq!(fragment::read(&store, &(0..4)), Ok(Some(value)));
-}
-
-#[test]
-fn read_range_first_chunk() {
-    let mut store = config::MINIMAL.new_store();
-    let value: Vec<_> = (0..60).collect();
-    assert_eq!(store.insert(0, &value[..52]), Ok(()));
-    assert_eq!(store.insert(1, &value[52..]), Ok(()));
-    assert_eq!(
-        fragment::read_range(&store, &(0..4), 0..10),
-        Ok(Some((0..10).collect()))
-    );
-    assert_eq!(
-        fragment::read_range(&store, &(0..4), 10..20),
-        Ok(Some((10..20).collect()))
-    );
-    assert_eq!(
-        fragment::read_range(&store, &(0..4), 40..52),
-        Ok(Some((40..52).collect()))
-    );
-}
-
-#[test]
-fn read_range_second_chunk() {
-    let mut store = config::MINIMAL.new_store();
-    let value: Vec<_> = (0..60).collect();
-    assert_eq!(store.insert(0, &value[..52]), Ok(()));
-    assert_eq!(store.insert(1, &value[52..]), Ok(()));
-    assert_eq!(
-        fragment::read_range(&store, &(0..4), 52..53),
-        Ok(Some(vec![52]))
-    );
-    assert_eq!(
-        fragment::read_range(&store, &(0..4), 53..54),
-        Ok(Some(vec![53]))
-    );
-    assert_eq!(
-        fragment::read_range(&store, &(0..4), 59..60),
-        Ok(Some(vec![59]))
-    );
-}
-
-#[test]
-fn read_range_both_chunks() {
-    let mut store = config::MINIMAL.new_store();
-    let value: Vec<_> = (0..60).collect();
-    assert_eq!(store.insert(0, &value[..52]), Ok(()));
-    assert_eq!(store.insert(1, &value[52..]), Ok(()));
-    assert_eq!(
-        fragment::read_range(&store, &(0..4), 40..60),
-        Ok(Some((40..60).collect()))
-    );
-    assert_eq!(
-        fragment::read_range(&store, &(0..4), 0..60),
-        Ok(Some((0..60).collect()))
-    );
-}
-
-#[test]
-fn read_range_outside() {
-    let mut store = config::MINIMAL.new_store();
-    let value: Vec<_> = (0..60).collect();
-    assert_eq!(store.insert(0, &value[..52]), Ok(()));
-    assert_eq!(store.insert(1, &value[52..]), Ok(()));
-    assert_eq!(
-        fragment::read_range(&store, &(0..4), 40..100),
-        Ok(Some((40..60).collect()))
-    );
-    assert_eq!(
-        fragment::read_range(&store, &(0..4), 60..100),
-        Ok(Some(vec![]))
-    );
-}
-
-#[test]
-fn write_single_chunk() {
-    let mut store = config::MINIMAL.new_store();
-    let value = b"hello".to_vec();
-    assert_eq!(fragment::write(&mut store, &(0..4), &value), Ok(()));
-    assert_eq!(store.find(0), Ok(Some(value)));
-    assert_eq!(store.find(1), Ok(None));
-    assert_eq!(store.find(2), Ok(None));
-    assert_eq!(store.find(3), Ok(None));
-}
-
-#[test]
-fn write_multiple_chunks() {
-    let mut store = config::MINIMAL.new_store();
-    let value: Vec<_> = (0..60).collect();
-    assert_eq!(fragment::write(&mut store, &(0..4), &value), Ok(()));
-    assert_eq!(store.find(0), Ok(Some((0..52).collect())));
-    assert_eq!(store.find(1), Ok(Some((52..60).collect())));
-    assert_eq!(store.find(2), Ok(None));
-    assert_eq!(store.find(3), Ok(None));
-}
-
-#[test]
-fn overwrite_less_chunks() {
-    let mut store = config::MINIMAL.new_store();
-    let value: Vec<_> = (0..60).collect();
-    assert_eq!(store.insert(0, &value[..52]), Ok(()));
-    assert_eq!(store.insert(1, &value[52..]), Ok(()));
-    let value: Vec<_> = (42..69).collect();
-    assert_eq!(fragment::write(&mut store, &(0..4), &value), Ok(()));
-    assert_eq!(store.find(0), Ok(Some((42..69).collect())));
-    assert_eq!(store.find(1), Ok(None));
-    assert_eq!(store.find(2), Ok(None));
-    assert_eq!(store.find(3), Ok(None));
-}
-
-#[test]
-fn overwrite_needed_chunks() {
-    let mut store = config::MINIMAL.new_store();
-    let mut value: Vec<_> = (0..60).collect();
-    assert_eq!(store.insert(0, &value[..52]), Ok(()));
-    assert_eq!(store.insert(1, &value[52..]), Ok(()));
-    // Current lifetime is 2 words of overhead (2 insert) and 60 bytes of data.
-    let mut lifetime = 2 + 60 / 4;
-    assert_eq!(store.lifetime().unwrap().used(), lifetime);
-    // Update the value.
-    value.extend(60..80);
-    assert_eq!(fragment::write(&mut store, &(0..4), &value), Ok(()));
-    // Added lifetime is 1 word of overhead (1 insert) and (80 - 52) bytes of data.
-    lifetime += 1 + (80 - 52) / 4;
-    assert_eq!(store.lifetime().unwrap().used(), lifetime);
-}
-
-#[test]
-fn delete_empty() {
-    let mut store = config::MINIMAL.new_store();
-    assert_eq!(fragment::delete(&mut store, &(0..4)), Ok(()));
-    assert_eq!(store.find(0), Ok(None));
-    assert_eq!(store.find(1), Ok(None));
-    assert_eq!(store.find(2), Ok(None));
-    assert_eq!(store.find(3), Ok(None));
-}
-
-#[test]
-fn delete_chunks() {
-    let mut store = config::MINIMAL.new_store();
-    let value: Vec<_> = (0..60).collect();
-    assert_eq!(store.insert(0, &value[..52]), Ok(()));
-    assert_eq!(store.insert(1, &value[52..]), Ok(()));
-    assert_eq!(fragment::delete(&mut store, &(0..4)), Ok(()));
-    assert_eq!(store.find(0), Ok(None));
-    assert_eq!(store.find(1), Ok(None));
-    assert_eq!(store.find(2), Ok(None));
-    assert_eq!(store.find(3), Ok(None));
-}

From 563f35184ac8e97849b677f4d4f026e849329aa3 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Mon, 25 Jan 2021 17:50:01 +0100
Subject: [PATCH 150/192] use new store fragments

---
 src/ctap/storage.rs | 79 ++++++++++++++-------------------------------
 1 file changed, 25 insertions(+), 54 deletions(-)

diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 934d533..dab6620 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -32,6 +32,7 @@ use core::cmp;
 use core::convert::TryInto;
 use crypto::rng256::Rng256;
 use persistent_store::StoreUpdate;
+use persistent_store::fragment::{read_range, write};
 
 // Those constants may be modified before compilation to tune the behavior of the key.
 //
@@ -469,13 +470,6 @@ impl PersistentStore {
         )?)
     }
 
-    /// The size used for shards of large blobs.
-    ///
-    /// This value is constant during the lifetime of the device.
-    fn shard_size(&self) -> usize {
-        self.store.max_value_length()
-    }
-
     /// Reads the byte vector stored as the serialized large blobs array.
     ///
     /// If too few bytes exist at that offset, return the maximum number
@@ -483,45 +477,23 @@ impl PersistentStore {
     ///
     /// If no large blob is committed to the store, get responds as if an empty
     /// CBOR array (0x80) was written, together with the 16 byte prefix of its
-    /// SHA256, to a total length of 17 byte (which is the shortest legitemate
+    /// SHA256, to a total length of 17 byte (which is the shortest legitimate
     /// large blob entry possible).
     pub fn get_large_blob_array(
         &self,
-        mut offset: usize,
-        mut byte_count: usize,
+        offset: usize,
+        byte_count: usize,
     ) -> Result<Vec<u8>, Ctap2StatusCode> {
-        let mut output = Vec::with_capacity(byte_count);
-        while byte_count > 0 {
-            let shard_key = key::LARGE_BLOB_SHARDS.start + offset / self.shard_size();
-            if !key::LARGE_BLOB_SHARDS.contains(&shard_key) {
-                // This request should have been caught at application level.
-                return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
-            }
-            let shard_entry = self.store.find(shard_key)?;
-            let shard_entry = if shard_key == key::LARGE_BLOB_SHARDS.start {
-                shard_entry.unwrap_or_else(|| {
-                    vec![
-                        0x80, 0x76, 0xBE, 0x8B, 0x52, 0x8D, 0x00, 0x75, 0xF7, 0xAA, 0xE9, 0x8D,
-                        0x6F, 0xA5, 0x7A, 0x6D, 0x3C,
-                    ]
-                })
-            } else {
-                shard_entry.unwrap_or_default()
-            };
-
-            let shard_offset = offset % self.shard_size();
-            if shard_entry.len() < shard_offset {
-                break;
-            }
-            let shard_length = cmp::min(shard_entry.len() - shard_offset, byte_count);
-            output.extend(&shard_entry[shard_offset..][..shard_length]);
-            if shard_entry.len() < self.shard_size() {
-                break;
-            }
-            offset += shard_length;
-            byte_count -= shard_length;
-        }
-        Ok(output)
+        let byte_range = offset..offset + byte_count;
+        let output = read_range(&self.store, &key::LARGE_BLOB_SHARDS, byte_range)?;
+        Ok(output.unwrap_or_else(|| {
+            let empty_large_blob = vec![
+                0x80, 0x76, 0xBE, 0x8B, 0x52, 0x8D, 0x00, 0x75, 0xF7, 0xAA, 0xE9, 0x8D, 0x6F, 0xA5,
+                0x7A, 0x6D, 0x3C,
+            ];
+            let last_index = cmp::min(empty_large_blob.len(), offset + byte_count);
+            empty_large_blob.get(offset..last_index).unwrap_or_default().to_vec()
+        }))
     }
 
     /// Sets a byte vector as the serialized large blobs array.
@@ -529,21 +501,11 @@ impl PersistentStore {
         &mut self,
         large_blob_array: &[u8],
     ) -> Result<(), Ctap2StatusCode> {
+        // This input should have been caught at caller level.
         if large_blob_array.len() > MAX_LARGE_BLOB_ARRAY_SIZE {
             return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
         }
-
-        let mut shards = large_blob_array.chunks(self.shard_size());
-        let mut updates = Vec::with_capacity(shards.len());
-        for key in key::LARGE_BLOB_SHARDS {
-            let update = match shards.next() {
-                Some(value) => StoreUpdate::Insert { key, value },
-                None if self.store.find(key)?.is_some() => StoreUpdate::Remove { key },
-                _ => break,
-            };
-            updates.push(update);
-        }
-        Ok(self.store.transaction(&updates)?)
+        Ok(write(&mut self.store, &key::LARGE_BLOB_SHARDS, large_blob_array)?)
     }
 
     /// Returns the attestation private key if defined.
@@ -642,6 +604,15 @@ impl PersistentStore {
     pub fn force_pin_change(&mut self) -> Result<(), Ctap2StatusCode> {
         Ok(self.store.insert(key::FORCE_PIN_CHANGE, &[])?)
     }
+
+    /// The size used for shards of large blobs.
+    ///
+    /// This value is constant during the lifetime of the device.
+    #[cfg(test)]
+    fn shard_size(&self) -> usize {
+        self.store.max_value_length()
+    }
+
 }
 
 impl From<persistent_store::StoreError> for Ctap2StatusCode {

From 4f3c773b15ccc6f7f04bc871b0e760dbb016aab2 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Mon, 25 Jan 2021 18:08:48 +0100
Subject: [PATCH 151/192] formats code, clippy

---
 libraries/persistent_store/src/fragment.rs |  1 +
 src/ctap/storage.rs                        | 14 ++++++++++----
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/libraries/persistent_store/src/fragment.rs b/libraries/persistent_store/src/fragment.rs
index 73b6d29..851e3d2 100644
--- a/libraries/persistent_store/src/fragment.rs
+++ b/libraries/persistent_store/src/fragment.rs
@@ -24,6 +24,7 @@ use alloc::vec::Vec;
 use core::ops::Range;
 
 /// Represents a sequence of keys.
+#[allow(clippy::len_without_is_empty)]
 pub trait Keys {
     /// Returns the number of keys.
     fn len(&self) -> usize;
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index dab6620..0408041 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -31,8 +31,8 @@ use cbor::cbor_array_vec;
 use core::cmp;
 use core::convert::TryInto;
 use crypto::rng256::Rng256;
-use persistent_store::StoreUpdate;
 use persistent_store::fragment::{read_range, write};
+use persistent_store::StoreUpdate;
 
 // Those constants may be modified before compilation to tune the behavior of the key.
 //
@@ -492,7 +492,10 @@ impl PersistentStore {
                 0x7A, 0x6D, 0x3C,
             ];
             let last_index = cmp::min(empty_large_blob.len(), offset + byte_count);
-            empty_large_blob.get(offset..last_index).unwrap_or_default().to_vec()
+            empty_large_blob
+                .get(offset..last_index)
+                .unwrap_or_default()
+                .to_vec()
         }))
     }
 
@@ -505,7 +508,11 @@ impl PersistentStore {
         if large_blob_array.len() > MAX_LARGE_BLOB_ARRAY_SIZE {
             return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
         }
-        Ok(write(&mut self.store, &key::LARGE_BLOB_SHARDS, large_blob_array)?)
+        Ok(write(
+            &mut self.store,
+            &key::LARGE_BLOB_SHARDS,
+            large_blob_array,
+        )?)
     }
 
     /// Returns the attestation private key if defined.
@@ -612,7 +619,6 @@ impl PersistentStore {
     fn shard_size(&self) -> usize {
         self.store.max_value_length()
     }
-
 }
 
 impl From<persistent_store::StoreError> for Ctap2StatusCode {

From 2af85ad9d0eebe8ef11d837b935f9d7739e1f9ea Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Mon, 25 Jan 2021 18:29:38 +0100
Subject: [PATCH 152/192] style fix

---
 src/ctap/storage.rs | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 7fdf50c..6f75461 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -31,8 +31,7 @@ use cbor::cbor_array_vec;
 use core::cmp;
 use core::convert::TryInto;
 use crypto::rng256::Rng256;
-use persistent_store::fragment::{read_range, write};
-use persistent_store::StoreUpdate;
+use persistent_store::{fragment, StoreUpdate};
 
 // Those constants may be modified before compilation to tune the behavior of the key.
 //
@@ -485,14 +484,14 @@ impl PersistentStore {
         byte_count: usize,
     ) -> Result<Vec<u8>, Ctap2StatusCode> {
         let byte_range = offset..offset + byte_count;
-        let output = read_range(&self.store, &key::LARGE_BLOB_SHARDS, byte_range)?;
+        let output = fragment::read_range(&self.store, &key::LARGE_BLOB_SHARDS, byte_range)?;
         Ok(output.unwrap_or_else(|| {
-            let empty_large_blob = vec![
+            const EMPTY_LARGE_BLOB: [u8; 17] = [
                 0x80, 0x76, 0xBE, 0x8B, 0x52, 0x8D, 0x00, 0x75, 0xF7, 0xAA, 0xE9, 0x8D, 0x6F, 0xA5,
                 0x7A, 0x6D, 0x3C,
             ];
-            let last_index = cmp::min(empty_large_blob.len(), offset + byte_count);
-            empty_large_blob
+            let last_index = cmp::min(EMPTY_LARGE_BLOB.len(), offset + byte_count);
+            EMPTY_LARGE_BLOB
                 .get(offset..last_index)
                 .unwrap_or_default()
                 .to_vec()
@@ -508,7 +507,7 @@ impl PersistentStore {
         if large_blob_array.len() > MAX_LARGE_BLOB_ARRAY_SIZE {
             return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
         }
-        Ok(write(
+        Ok(fragment::write(
             &mut self.store,
             &key::LARGE_BLOB_SHARDS,
             large_blob_array,

From 769a2ae1c543a731a3daae1e386de72d842ff019 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Mon, 25 Jan 2021 18:43:51 +0100
Subject: [PATCH 153/192] reduce testing to not account for shard size

---
 src/ctap/storage.rs | 130 +++-----------------------------------------
 1 file changed, 8 insertions(+), 122 deletions(-)

diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 6f75461..43a00c7 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -610,14 +610,6 @@ impl PersistentStore {
     pub fn force_pin_change(&mut self) -> Result<(), Ctap2StatusCode> {
         Ok(self.store.insert(key::FORCE_PIN_CHANGE, &[])?)
     }
-
-    /// The size used for shards of large blobs.
-    ///
-    /// This value is constant during the lifetime of the device.
-    #[cfg(test)]
-    fn shard_size(&self) -> usize {
-        self.store.max_value_length()
-    }
 }
 
 impl From<persistent_store::StoreError> for Ctap2StatusCode {
@@ -1210,13 +1202,13 @@ mod test {
         }
         assert!(
             MAX_LARGE_BLOB_ARRAY_SIZE
-                <= persistent_store.shard_size()
+                <= persistent_store.store.max_value_length()
                     * (key::LARGE_BLOB_SHARDS.end - key::LARGE_BLOB_SHARDS.start)
         );
     }
 
     #[test]
-    fn test_commit_get_large_blob_array_1_shard() {
+    fn test_commit_get_large_blob_array() {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
 
@@ -1236,104 +1228,6 @@ mod test {
         assert_eq!(Vec::<u8>::new(), restored_large_blob_array);
         let restored_large_blob_array = persistent_store.get_large_blob_array(4, 1).unwrap();
         assert_eq!(Vec::<u8>::new(), restored_large_blob_array);
-
-        let large_blob_array = vec![0xC0; persistent_store.shard_size()];
-        assert!(persistent_store
-            .commit_large_blob_array(&large_blob_array)
-            .is_ok());
-        let restored_large_blob_array = persistent_store
-            .get_large_blob_array(0, persistent_store.shard_size())
-            .unwrap();
-        assert_eq!(large_blob_array, restored_large_blob_array);
-        let restored_large_blob_array = persistent_store
-            .get_large_blob_array(0, persistent_store.shard_size() + 1)
-            .unwrap();
-        assert_eq!(large_blob_array, restored_large_blob_array);
-    }
-
-    #[test]
-    fn test_commit_get_large_blob_array_2_shards() {
-        let mut rng = ThreadRng256 {};
-        let mut persistent_store = PersistentStore::new(&mut rng);
-
-        let large_blob_array = vec![0xC0; persistent_store.shard_size() + 1];
-        assert!(persistent_store
-            .commit_large_blob_array(&large_blob_array)
-            .is_ok());
-        let restored_large_blob_array = persistent_store
-            .get_large_blob_array(0, persistent_store.shard_size())
-            .unwrap();
-        assert_eq!(
-            large_blob_array[..persistent_store.shard_size()],
-            restored_large_blob_array[..]
-        );
-        let restored_large_blob_array = persistent_store
-            .get_large_blob_array(0, persistent_store.shard_size() + 1)
-            .unwrap();
-        assert_eq!(large_blob_array, restored_large_blob_array);
-
-        let large_blob_array = vec![0xC0; 2 * persistent_store.shard_size()];
-        assert!(persistent_store
-            .commit_large_blob_array(&large_blob_array)
-            .is_ok());
-        let restored_large_blob_array = persistent_store
-            .get_large_blob_array(0, 2 * persistent_store.shard_size())
-            .unwrap();
-        assert_eq!(large_blob_array, restored_large_blob_array);
-        let restored_large_blob_array = persistent_store
-            .get_large_blob_array(0, 2 * persistent_store.shard_size() + 1)
-            .unwrap();
-        assert_eq!(large_blob_array, restored_large_blob_array);
-    }
-
-    #[test]
-    fn test_commit_get_large_blob_array_3_shards() {
-        let mut rng = ThreadRng256 {};
-        let mut persistent_store = PersistentStore::new(&mut rng);
-
-        let mut large_blob_array = vec![0x11; persistent_store.shard_size()];
-        large_blob_array.extend(vec![0x22; persistent_store.shard_size()]);
-        large_blob_array.extend(&[0x33; 1]);
-        assert!(persistent_store
-            .commit_large_blob_array(&large_blob_array)
-            .is_ok());
-        let restored_large_blob_array = persistent_store
-            .get_large_blob_array(0, 2 * persistent_store.shard_size() + 1)
-            .unwrap();
-        assert_eq!(large_blob_array, restored_large_blob_array);
-        let restored_large_blob_array = persistent_store
-            .get_large_blob_array(0, 3 * persistent_store.shard_size())
-            .unwrap();
-        assert_eq!(large_blob_array, restored_large_blob_array);
-        let shard1 = persistent_store
-            .get_large_blob_array(0, persistent_store.shard_size())
-            .unwrap();
-        let shard2 = persistent_store
-            .get_large_blob_array(persistent_store.shard_size(), persistent_store.shard_size())
-            .unwrap();
-        let shard3 = persistent_store
-            .get_large_blob_array(2 * persistent_store.shard_size(), 1)
-            .unwrap();
-        assert_eq!(
-            large_blob_array[..persistent_store.shard_size()],
-            shard1[..]
-        );
-        assert_eq!(
-            large_blob_array[persistent_store.shard_size()..2 * persistent_store.shard_size()],
-            shard2[..]
-        );
-        assert_eq!(
-            large_blob_array[2 * persistent_store.shard_size()..],
-            shard3[..]
-        );
-        let shard12 = persistent_store
-            .get_large_blob_array(persistent_store.shard_size() - 1, 2)
-            .unwrap();
-        let shard23 = persistent_store
-            .get_large_blob_array(2 * persistent_store.shard_size() - 1, 2)
-            .unwrap();
-        assert_eq!(vec![0x11, 0x22], shard12);
-        assert_eq!(vec![0x22, 0x33], shard23);
     }
 
     #[test]
@@ -1341,27 +1235,21 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
 
-        let large_blob_array = vec![0x11; persistent_store.shard_size() + 1];
+        let large_blob_array = vec![0x11; 5];
         assert!(persistent_store
             .commit_large_blob_array(&large_blob_array)
             .is_ok());
-        let large_blob_array = vec![0x22; persistent_store.shard_size()];
+        let large_blob_array = vec![0x22; 4];
         assert!(persistent_store
             .commit_large_blob_array(&large_blob_array)
             .is_ok());
-        let restored_large_blob_array = persistent_store
-            .get_large_blob_array(0, persistent_store.shard_size() + 1)
-            .unwrap();
+        let restored_large_blob_array = persistent_store.get_large_blob_array(0, 5).unwrap();
         assert_eq!(large_blob_array, restored_large_blob_array);
-        let restored_large_blob_array = persistent_store
-            .get_large_blob_array(persistent_store.shard_size(), 1)
-            .unwrap();
+        let restored_large_blob_array = persistent_store.get_large_blob_array(4, 1).unwrap();
         assert_eq!(Vec::<u8>::new(), restored_large_blob_array);
 
         assert!(persistent_store.commit_large_blob_array(&[]).is_ok());
-        let restored_large_blob_array = persistent_store
-            .get_large_blob_array(0, persistent_store.shard_size() + 1)
-            .unwrap();
+        let restored_large_blob_array = persistent_store.get_large_blob_array(0, 20).unwrap();
         // Committing an empty array resets to the default blob of 17 byte.
         assert_eq!(restored_large_blob_array.len(), 17);
     }
@@ -1375,9 +1263,7 @@ mod test {
             0x80, 0x76, 0xBE, 0x8B, 0x52, 0x8D, 0x00, 0x75, 0xF7, 0xAA, 0xE9, 0x8D, 0x6F, 0xA5,
             0x7A, 0x6D, 0x3C,
         ];
-        let restored_large_blob_array = persistent_store
-            .get_large_blob_array(0, persistent_store.shard_size())
-            .unwrap();
+        let restored_large_blob_array = persistent_store.get_large_blob_array(0, 17).unwrap();
         assert_eq!(empty_blob_array, restored_large_blob_array);
         let restored_large_blob_array = persistent_store.get_large_blob_array(0, 1).unwrap();
         assert_eq!(vec![0x80], restored_large_blob_array);

From 2dbe1c5f075a2f563f1cd880ad355c03e0a38eab Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Mon, 25 Jan 2021 20:59:26 +0100
Subject: [PATCH 154/192] adds enterprise for make, byte keys

---
 src/ctap/command.rs  | 226 ++++++++++++++++++++++---------------------
 src/ctap/mod.rs      |   2 +
 src/ctap/response.rs |  46 ++++-----
 3 files changed, 141 insertions(+), 133 deletions(-)

diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index 2e1fe3b..8a2cade 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -161,6 +161,7 @@ pub struct AuthenticatorMakeCredentialParameters {
     pub options: MakeCredentialOptions,
     pub pin_uv_auth_param: Option<Vec<u8>>,
     pub pin_uv_auth_protocol: Option<u64>,
+    pub enterprise_attestation: Option<bool>,
 }
 
 impl TryFrom<cbor::Value> for AuthenticatorMakeCredentialParameters {
@@ -169,15 +170,16 @@ impl TryFrom<cbor::Value> for AuthenticatorMakeCredentialParameters {
     fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
         destructure_cbor_map! {
             let {
-                1 => client_data_hash,
-                2 => rp,
-                3 => user,
-                4 => cred_param_vec,
-                5 => exclude_list,
-                6 => extensions,
-                7 => options,
-                8 => pin_uv_auth_param,
-                9 => pin_uv_auth_protocol,
+                0x01 => client_data_hash,
+                0x02 => rp,
+                0x03 => user,
+                0x04 => cred_param_vec,
+                0x05 => exclude_list,
+                0x06 => extensions,
+                0x07 => options,
+                0x08 => pin_uv_auth_param,
+                0x09 => pin_uv_auth_protocol,
+                0x0A => enterprise_attestation,
             } = extract_map(cbor_value)?;
         }
 
@@ -217,6 +219,7 @@ impl TryFrom<cbor::Value> for AuthenticatorMakeCredentialParameters {
 
         let pin_uv_auth_param = pin_uv_auth_param.map(extract_byte_string).transpose()?;
         let pin_uv_auth_protocol = pin_uv_auth_protocol.map(extract_unsigned).transpose()?;
+        let enterprise_attestation = enterprise_attestation.map(extract_bool).transpose()?;
 
         Ok(AuthenticatorMakeCredentialParameters {
             client_data_hash,
@@ -228,6 +231,7 @@ impl TryFrom<cbor::Value> for AuthenticatorMakeCredentialParameters {
             options,
             pin_uv_auth_param,
             pin_uv_auth_protocol,
+            enterprise_attestation,
         })
     }
 }
@@ -251,13 +255,13 @@ impl TryFrom<cbor::Value> for AuthenticatorGetAssertionParameters {
     fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
         destructure_cbor_map! {
             let {
-                1 => rp_id,
-                2 => client_data_hash,
-                3 => allow_list,
-                4 => extensions,
-                5 => options,
-                6 => pin_uv_auth_param,
-                7 => pin_uv_auth_protocol,
+                0x01 => rp_id,
+                0x02 => client_data_hash,
+                0x03 => allow_list,
+                0x04 => extensions,
+                0x05 => options,
+                0x06 => pin_uv_auth_param,
+                0x07 => pin_uv_auth_protocol,
             } = extract_map(cbor_value)?;
         }
 
@@ -321,14 +325,14 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
     fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
         destructure_cbor_map! {
             let {
-                1 => pin_protocol,
-                2 => sub_command,
-                3 => key_agreement,
-                4 => pin_auth,
-                5 => new_pin_enc,
-                6 => pin_hash_enc,
-                9 => permissions,
-                10 => permissions_rp_id,
+                0x01 => pin_protocol,
+                0x02 => sub_command,
+                0x03 => key_agreement,
+                0x04 => pin_auth,
+                0x05 => new_pin_enc,
+                0x06 => pin_hash_enc,
+                0x09 => permissions,
+                0x0A => permissions_rp_id,
             } = extract_map(cbor_value)?;
         }
 
@@ -375,12 +379,12 @@ impl TryFrom<cbor::Value> for AuthenticatorLargeBlobsParameters {
     fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
         destructure_cbor_map! {
             let {
-                1 => get,
-                2 => set,
-                3 => offset,
-                4 => length,
-                5 => pin_uv_auth_param,
-                6 => pin_uv_auth_protocol,
+                0x01 => get,
+                0x02 => set,
+                0x03 => offset,
+                0x04 => length,
+                0x05 => pin_uv_auth_param,
+                0x06 => pin_uv_auth_protocol,
             } = extract_map(cbor_value)?;
         }
 
@@ -486,8 +490,8 @@ impl TryFrom<cbor::Value> for AuthenticatorAttestationMaterial {
     fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
         destructure_cbor_map! {
             let {
-                1 => certificate,
-                2 => private_key,
+                0x01 => certificate,
+                0x02 => private_key,
             } = extract_map(cbor_value)?;
         }
         let certificate = extract_byte_string(ok_or_missing(certificate)?)?;
@@ -552,8 +556,8 @@ impl TryFrom<cbor::Value> for AuthenticatorVendorConfigureParameters {
     fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
         destructure_cbor_map! {
             let {
-                1 => lockdown,
-                2 => attestation_material,
+                0x01 => lockdown,
+                0x02 => attestation_material,
             } = extract_map(cbor_value)?;
         }
         let lockdown = lockdown.map_or(Ok(false), extract_bool)?;
@@ -581,22 +585,23 @@ mod test {
     #[test]
     fn test_from_cbor_make_credential_parameters() {
         let cbor_value = cbor_map! {
-            1 => vec![0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F],
-            2 => cbor_map! {
+            0x01 => vec![0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F],
+            0x02 => cbor_map! {
                 "id" => "example.com",
                 "name" => "Example",
                 "icon" => "example.com/icon.png",
             },
-            3 => cbor_map! {
+            0x03 => cbor_map! {
                 "id" => vec![0x1D, 0x1D, 0x1D, 0x1D],
                 "name" => "foo",
                 "displayName" => "bar",
                 "icon" => "example.com/foo/icon.png",
             },
-            4 => cbor_array![ES256_CRED_PARAM],
-            5 => cbor_array![],
-            8 => vec![0x12, 0x34],
-            9 => 1,
+            0x04 => cbor_array![ES256_CRED_PARAM],
+            0x05 => cbor_array![],
+            0x08 => vec![0x12, 0x34],
+            0x09 => 1,
+            0x0A => true,
         };
         let returned_make_credential_parameters =
             AuthenticatorMakeCredentialParameters::try_from(cbor_value).unwrap();
@@ -630,6 +635,7 @@ mod test {
             options,
             pin_uv_auth_param: Some(vec![0x12, 0x34]),
             pin_uv_auth_protocol: Some(1),
+            enterprise_attestation: Some(true),
         };
 
         assert_eq!(
@@ -641,15 +647,15 @@ mod test {
     #[test]
     fn test_from_cbor_get_assertion_parameters() {
         let cbor_value = cbor_map! {
-            1 => "example.com",
-            2 => vec![0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F],
-            3 => cbor_array![ cbor_map! {
+            0x01 => "example.com",
+            0x02 => vec![0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F],
+            0x03 => cbor_array![ cbor_map! {
                 "type" => "public-key",
                 "id" => vec![0x2D, 0x2D, 0x2D, 0x2D],
                 "transports" => cbor_array!["usb"],
             } ],
-            6 => vec![0x12, 0x34],
-            7 => 1,
+            0x06 => vec![0x12, 0x34],
+            0x07 => 1,
         };
         let returned_get_assertion_parameters =
             AuthenticatorGetAssertionParameters::try_from(cbor_value).unwrap();
@@ -692,14 +698,14 @@ mod test {
         let cose_key = CoseKey::from(pk);
 
         let cbor_value = cbor_map! {
-            1 => 1,
-            2 => ClientPinSubCommand::GetPinRetries,
-            3 => cbor::Value::from(cose_key.clone()),
-            4 => vec! [0xBB],
-            5 => vec! [0xCC],
-            6 => vec! [0xDD],
-            9 => 0x03,
-            10 => "example.com",
+            0x01 => 1,
+            0x02 => ClientPinSubCommand::GetPinRetries,
+            0x03 => cbor::Value::from(cose_key.clone()),
+            0x04 => vec! [0xBB],
+            0x05 => vec! [0xCC],
+            0x06 => vec! [0xDD],
+            0x09 => 0x03,
+            0x0A => "example.com",
         };
         let returned_client_pin_parameters =
             AuthenticatorClientPinParameters::try_from(cbor_value).unwrap();
@@ -746,12 +752,12 @@ mod test {
     #[test]
     fn test_from_cbor_cred_management_parameters() {
         let cbor_value = cbor_map! {
-            1 => CredentialManagementSubCommand::EnumerateCredentialsBegin as u64,
-            2 => cbor_map!{
+            0x01 => CredentialManagementSubCommand::EnumerateCredentialsBegin as u64,
+            0x02 => cbor_map!{
                 0x01 => vec![0x1D; 32],
             },
-            3 => 1,
-            4 => vec! [0x9A; 16],
+            0x03 => 1,
+            0x04 => vec! [0x9A; 16],
         };
         let returned_cred_management_parameters =
             AuthenticatorCredentialManagementParameters::try_from(cbor_value).unwrap();
@@ -785,8 +791,8 @@ mod test {
     fn test_from_cbor_large_blobs_parameters() {
         // successful get
         let cbor_value = cbor_map! {
-            1 => 2,
-            3 => 4,
+            0x01 => 2,
+            0x03 => 4,
         };
         let returned_large_blobs_parameters =
             AuthenticatorLargeBlobsParameters::try_from(cbor_value).unwrap();
@@ -805,11 +811,11 @@ mod test {
 
         // successful first set
         let cbor_value = cbor_map! {
-            2 => vec! [0x5E],
-            3 => 0,
-            4 => MIN_LARGE_BLOB_LEN as u64,
-            5 => vec! [0xA9],
-            6 => 1,
+            0x02 => vec! [0x5E],
+            0x03 => 0,
+            0x04 => MIN_LARGE_BLOB_LEN as u64,
+            0x05 => vec! [0xA9],
+            0x06 => 1,
         };
         let returned_large_blobs_parameters =
             AuthenticatorLargeBlobsParameters::try_from(cbor_value).unwrap();
@@ -828,10 +834,10 @@ mod test {
 
         // successful next set
         let cbor_value = cbor_map! {
-            2 => vec! [0x5E],
-            3 => 1,
-            5 => vec! [0xA9],
-            6 => 1,
+            0x02 => vec! [0x5E],
+            0x03 => 1,
+            0x05 => vec! [0xA9],
+            0x06 => 1,
         };
         let returned_large_blobs_parameters =
             AuthenticatorLargeBlobsParameters::try_from(cbor_value).unwrap();
@@ -850,9 +856,9 @@ mod test {
 
         // failing with neither get nor set
         let cbor_value = cbor_map! {
-            3 => 4,
-            5 => vec! [0xA9],
-            6 => 1,
+            0x03 => 4,
+            0x05 => vec! [0xA9],
+            0x06 => 1,
         };
         assert_eq!(
             AuthenticatorLargeBlobsParameters::try_from(cbor_value),
@@ -861,11 +867,11 @@ mod test {
 
         // failing with get and set
         let cbor_value = cbor_map! {
-            1 => 2,
-            2 => vec! [0x5E],
-            3 => 4,
-            5 => vec! [0xA9],
-            6 => 1,
+            0x01 => 2,
+            0x02 => vec! [0x5E],
+            0x03 => 4,
+            0x05 => vec! [0xA9],
+            0x06 => 1,
         };
         assert_eq!(
             AuthenticatorLargeBlobsParameters::try_from(cbor_value),
@@ -874,11 +880,11 @@ mod test {
 
         // failing with get and length
         let cbor_value = cbor_map! {
-            1 => 2,
-            3 => 4,
-            4 => MIN_LARGE_BLOB_LEN as u64,
-            5 => vec! [0xA9],
-            6 => 1,
+            0x01 => 2,
+            0x03 => 4,
+            0x04 => MIN_LARGE_BLOB_LEN as u64,
+            0x05 => vec! [0xA9],
+            0x06 => 1,
         };
         assert_eq!(
             AuthenticatorLargeBlobsParameters::try_from(cbor_value),
@@ -887,10 +893,10 @@ mod test {
 
         // failing with zero offset and no length present
         let cbor_value = cbor_map! {
-            2 => vec! [0x5E],
-            3 => 0,
-            5 => vec! [0xA9],
-            6 => 1,
+            0x02 => vec! [0x5E],
+            0x03 => 0,
+            0x05 => vec! [0xA9],
+            0x06 => 1,
         };
         assert_eq!(
             AuthenticatorLargeBlobsParameters::try_from(cbor_value),
@@ -899,11 +905,11 @@ mod test {
 
         // failing with length smaller than minimum
         let cbor_value = cbor_map! {
-            2 => vec! [0x5E],
-            3 => 0,
-            4 => MIN_LARGE_BLOB_LEN as u64 - 1,
-            5 => vec! [0xA9],
-            6 => 1,
+            0x02 => vec! [0x5E],
+            0x03 => 0,
+            0x04 => MIN_LARGE_BLOB_LEN as u64 - 1,
+            0x05 => vec! [0xA9],
+            0x06 => 1,
         };
         assert_eq!(
             AuthenticatorLargeBlobsParameters::try_from(cbor_value),
@@ -912,11 +918,11 @@ mod test {
 
         // failing with non-zero offset and length present
         let cbor_value = cbor_map! {
-            2 => vec! [0x5E],
-            3 => 4,
-            4 => MIN_LARGE_BLOB_LEN as u64,
-            5 => vec! [0xA9],
-            6 => 1,
+            0x02 => vec! [0x5E],
+            0x03 => 4,
+            0x04 => MIN_LARGE_BLOB_LEN as u64,
+            0x05 => vec! [0xA9],
+            0x06 => 1,
         };
         assert_eq!(
             AuthenticatorLargeBlobsParameters::try_from(cbor_value),
@@ -948,10 +954,10 @@ mod test {
 
         // Attestation key is too short.
         let cbor_value = cbor_map! {
-            1 => false,
-            2 => cbor_map! {
-                1 => dummy_cert,
-                2 => dummy_pkey[..key_material::ATTESTATION_PRIVATE_KEY_LENGTH - 1]
+            0x01 => false,
+            0x02 => cbor_map! {
+                0x01 => dummy_cert,
+                0x02 => dummy_pkey[..key_material::ATTESTATION_PRIVATE_KEY_LENGTH - 1]
             }
         };
         assert_eq!(
@@ -961,9 +967,9 @@ mod test {
 
         // Missing private key
         let cbor_value = cbor_map! {
-            1 => false,
-            2 => cbor_map! {
-                1 => dummy_cert
+            0x01 => false,
+            0x02 => cbor_map! {
+                0x01 => dummy_cert
             }
         };
         assert_eq!(
@@ -973,9 +979,9 @@ mod test {
 
         // Missing certificate
         let cbor_value = cbor_map! {
-            1 => false,
-            2 => cbor_map! {
-                2 => dummy_pkey
+            0x01 => false,
+            0x02 => cbor_map! {
+                0x02 => dummy_pkey
             }
         };
         assert_eq!(
@@ -985,10 +991,10 @@ mod test {
 
         // Valid
         let cbor_value = cbor_map! {
-            1 => false,
-            2 => cbor_map! {
-                1 => dummy_cert,
-                2 => dummy_pkey
+            0x01 => false,
+            0x02 => cbor_map! {
+                0x01 => dummy_cert,
+                0x02 => dummy_pkey
             }
         };
         assert_eq!(
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 8fa622c..7b426c1 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -561,6 +561,7 @@ where
             options,
             pin_uv_auth_param,
             pin_uv_auth_protocol,
+            enterprise_attestation: _,
         } = make_credential_params;
 
         self.pin_uv_auth_precheck(&pin_uv_auth_param, pin_uv_auth_protocol, cid)?;
@@ -1313,6 +1314,7 @@ mod test {
             options,
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
+            enterprise_attestation: None,
         }
     }
 
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index 245218f..87d94cc 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -74,9 +74,9 @@ impl From<AuthenticatorMakeCredentialResponse> for cbor::Value {
         } = make_credential_response;
 
         cbor_map_options! {
-            1 => fmt,
-            2 => auth_data,
-            3 => att_stmt,
+            0x01 => fmt,
+            0x02 => auth_data,
+            0x03 => att_stmt,
         }
     }
 }
@@ -102,11 +102,11 @@ impl From<AuthenticatorGetAssertionResponse> for cbor::Value {
         } = get_assertion_response;
 
         cbor_map_options! {
-            1 => credential,
-            2 => auth_data,
-            3 => signature,
-            4 => user,
-            5 => number_of_credentials,
+            0x01 => credential,
+            0x02 => auth_data,
+            0x03 => signature,
+            0x04 => user,
+            0x05 => number_of_credentials,
         }
     }
 }
@@ -199,9 +199,9 @@ impl From<AuthenticatorClientPinResponse> for cbor::Value {
         } = client_pin_response;
 
         cbor_map_options! {
-            1 => key_agreement.map(cbor::Value::from),
-            2 => pin_token,
-            3 => retries,
+            0x01 => key_agreement.map(cbor::Value::from),
+            0x02 => pin_token,
+            0x03 => retries,
         }
     }
 }
@@ -286,8 +286,8 @@ impl From<AuthenticatorVendorResponse> for cbor::Value {
         } = vendor_response;
 
         cbor_map_options! {
-            1 => cert_programmed,
-            2 => pkey_programmed,
+            0x01 => cert_programmed,
+            0x02 => pkey_programmed,
         }
     }
 }
@@ -324,9 +324,9 @@ mod test {
         let response_cbor: Option<cbor::Value> =
             ResponseData::AuthenticatorMakeCredential(make_credential_response).into();
         let expected_cbor = cbor_map_options! {
-            1 => "packed",
-            2 => vec![0xAD],
-            3 => cbor_packed_attestation_statement,
+            0x01 => "packed",
+            0x02 => vec![0xAD],
+            0x03 => cbor_packed_attestation_statement,
         };
         assert_eq!(response_cbor, Some(expected_cbor));
     }
@@ -343,8 +343,8 @@ mod test {
         let response_cbor: Option<cbor::Value> =
             ResponseData::AuthenticatorGetAssertion(get_assertion_response).into();
         let expected_cbor = cbor_map_options! {
-            2 => vec![0xAD],
-            3 => vec![0x51],
+            0x02 => vec![0xAD],
+            0x03 => vec![0x51],
         };
         assert_eq!(response_cbor, Some(expected_cbor));
     }
@@ -435,7 +435,7 @@ mod test {
         let response_cbor: Option<cbor::Value> =
             ResponseData::AuthenticatorClientPin(Some(client_pin_response)).into();
         let expected_cbor = cbor_map_options! {
-            2 => vec![70],
+            0x02 => vec![70],
         };
         assert_eq!(response_cbor, Some(expected_cbor));
     }
@@ -562,8 +562,8 @@ mod test {
         assert_eq!(
             response_cbor,
             Some(cbor_map_options! {
-                1 => true,
-                2 => false,
+                0x01 => true,
+                0x02 => false,
             })
         );
         let response_cbor: Option<cbor::Value> =
@@ -575,8 +575,8 @@ mod test {
         assert_eq!(
             response_cbor,
             Some(cbor_map_options! {
-                1 => false,
-                2 => true,
+                0x01 => false,
+                0x02 => true,
             })
         );
     }

From 5741595e575205211ccf4831acbf18c7e620afde Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Mon, 25 Jan 2021 21:45:06 +0100
Subject: [PATCH 155/192] new extension entry for largeBlobKey

---
 src/ctap/credential_management.rs |   5 +-
 src/ctap/data_formats.rs          |  39 +++++++
 src/ctap/mod.rs                   | 179 +++++++++++++++++++++++-------
 src/ctap/response.rs              |  59 ++++++++--
 src/ctap/storage.rs               |   4 +
 5 files changed, 233 insertions(+), 53 deletions(-)

diff --git a/src/ctap/credential_management.rs b/src/ctap/credential_management.rs
index 7665ea7..acc9278 100644
--- a/src/ctap/credential_management.rs
+++ b/src/ctap/credential_management.rs
@@ -81,6 +81,7 @@ fn enumerate_credentials_response(
         user_name,
         user_icon,
         cred_blob: _,
+        large_blob_key,
     } = credential;
     let user = PublicKeyCredentialUserEntity {
         user_id: user_handle,
@@ -100,8 +101,7 @@ fn enumerate_credentials_response(
         public_key: Some(public_key),
         total_credentials,
         cred_protect: cred_protect_policy,
-        // TODO(kaczmarczyck) add when largeBlobKey extension is implemented
-        large_blob_key: None,
+        large_blob_key,
         ..Default::default()
     })
 }
@@ -348,6 +348,7 @@ mod test {
             user_name: Some("name".to_string()),
             user_icon: Some("icon".to_string()),
             cred_blob: None,
+            large_blob_key: None,
         }
     }
 
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index da992f8..ba9ca1a 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -282,6 +282,7 @@ pub struct MakeCredentialExtensions {
     pub cred_protect: Option<CredentialProtectionPolicy>,
     pub min_pin_length: bool,
     pub cred_blob: Option<Vec<u8>>,
+    pub large_blob_key: Option<bool>,
 }
 
 impl TryFrom<cbor::Value> for MakeCredentialExtensions {
@@ -293,6 +294,7 @@ impl TryFrom<cbor::Value> for MakeCredentialExtensions {
                 "credBlob" => cred_blob,
                 "credProtect" => cred_protect,
                 "hmac-secret" => hmac_secret,
+                "largeBlobKey" => large_blob_key,
                 "minPinLength" => min_pin_length,
             } = extract_map(cbor_value)?;
         }
@@ -303,11 +305,18 @@ impl TryFrom<cbor::Value> for MakeCredentialExtensions {
             .transpose()?;
         let min_pin_length = min_pin_length.map_or(Ok(false), extract_bool)?;
         let cred_blob = cred_blob.map(extract_byte_string).transpose()?;
+        let large_blob_key = large_blob_key.map(extract_bool).transpose()?;
+        if let Some(large_blob_key) = large_blob_key {
+            if !large_blob_key {
+                return Err(Ctap2StatusCode::CTAP2_ERR_INVALID_OPTION);
+            }
+        }
         Ok(Self {
             hmac_secret,
             cred_protect,
             min_pin_length,
             cred_blob,
+            large_blob_key,
         })
     }
 }
@@ -317,6 +326,7 @@ impl TryFrom<cbor::Value> for MakeCredentialExtensions {
 pub struct GetAssertionExtensions {
     pub hmac_secret: Option<GetAssertionHmacSecretInput>,
     pub cred_blob: bool,
+    pub large_blob_key: Option<bool>,
 }
 
 impl TryFrom<cbor::Value> for GetAssertionExtensions {
@@ -327,6 +337,7 @@ impl TryFrom<cbor::Value> for GetAssertionExtensions {
             let {
                 "credBlob" => cred_blob,
                 "hmac-secret" => hmac_secret,
+                "largeBlobKey" => large_blob_key,
             } = extract_map(cbor_value)?;
         }
 
@@ -334,9 +345,16 @@ impl TryFrom<cbor::Value> for GetAssertionExtensions {
             .map(GetAssertionHmacSecretInput::try_from)
             .transpose()?;
         let cred_blob = cred_blob.map_or(Ok(false), extract_bool)?;
+        let large_blob_key = large_blob_key.map(extract_bool).transpose()?;
+        if let Some(large_blob_key) = large_blob_key {
+            if !large_blob_key {
+                return Err(Ctap2StatusCode::CTAP2_ERR_INVALID_OPTION);
+            }
+        }
         Ok(Self {
             hmac_secret,
             cred_blob,
+            large_blob_key,
         })
     }
 }
@@ -546,6 +564,7 @@ pub struct PublicKeyCredentialSource {
     pub user_name: Option<String>,
     pub user_icon: Option<String>,
     pub cred_blob: Option<Vec<u8>>,
+    pub large_blob_key: Option<Vec<u8>>,
 }
 
 // We serialize credentials for the persistent storage using CBOR maps. Each field of a credential
@@ -561,6 +580,7 @@ enum PublicKeyCredentialSourceField {
     UserName = 8,
     UserIcon = 9,
     CredBlob = 10,
+    LargeBlobKey = 11,
     // When a field is removed, its tag should be reserved and not used for new fields. We document
     // those reserved tags below.
     // Reserved tags:
@@ -588,6 +608,7 @@ impl From<PublicKeyCredentialSource> for cbor::Value {
             PublicKeyCredentialSourceField::UserName => credential.user_name,
             PublicKeyCredentialSourceField::UserIcon => credential.user_icon,
             PublicKeyCredentialSourceField::CredBlob => credential.cred_blob,
+            PublicKeyCredentialSourceField::LargeBlobKey => credential.large_blob_key,
         }
     }
 }
@@ -608,6 +629,7 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialSource {
                 PublicKeyCredentialSourceField::UserName => user_name,
                 PublicKeyCredentialSourceField::UserIcon => user_icon,
                 PublicKeyCredentialSourceField::CredBlob => cred_blob,
+                PublicKeyCredentialSourceField::LargeBlobKey => large_blob_key,
             } = extract_map(cbor_value)?;
         }
 
@@ -628,6 +650,7 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialSource {
         let user_name = user_name.map(extract_text_string).transpose()?;
         let user_icon = user_icon.map(extract_text_string).transpose()?;
         let cred_blob = cred_blob.map(extract_byte_string).transpose()?;
+        let large_blob_key = large_blob_key.map(extract_byte_string).transpose()?;
         // We don't return whether there were unknown fields in the CBOR value. This means that
         // deserialization is not injective. In particular deserialization is only an inverse of
         // serialization at a given version of OpenSK. This is not a problem because:
@@ -650,6 +673,7 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialSource {
             user_name,
             user_icon,
             cred_blob,
+            large_blob_key,
         })
     }
 }
@@ -1522,6 +1546,7 @@ mod test {
             "credProtect" => CredentialProtectionPolicy::UserVerificationRequired,
             "minPinLength" => true,
             "credBlob" => vec![0xCB],
+            "largeBlobKey" => true,
         };
         let extensions = MakeCredentialExtensions::try_from(cbor_extensions);
         let expected_extensions = MakeCredentialExtensions {
@@ -1529,6 +1554,7 @@ mod test {
             cred_protect: Some(CredentialProtectionPolicy::UserVerificationRequired),
             min_pin_length: true,
             cred_blob: Some(vec![0xCB]),
+            large_blob_key: Some(true),
         };
         assert_eq!(extensions, Ok(expected_extensions));
     }
@@ -1546,6 +1572,7 @@ mod test {
                 3 => vec![0x03; 16],
             },
             "credBlob" => true,
+            "largeBlobKey" => true,
         };
         let extensions = GetAssertionExtensions::try_from(cbor_extensions);
         let expected_input = GetAssertionHmacSecretInput {
@@ -1556,6 +1583,7 @@ mod test {
         let expected_extensions = GetAssertionExtensions {
             hmac_secret: Some(expected_input),
             cred_blob: true,
+            large_blob_key: Some(true),
         };
         assert_eq!(extensions, Ok(expected_extensions));
     }
@@ -1849,6 +1877,7 @@ mod test {
             user_name: None,
             user_icon: None,
             cred_blob: None,
+            large_blob_key: None,
         };
 
         assert_eq!(
@@ -1901,6 +1930,16 @@ mod test {
             ..credential
         };
 
+        assert_eq!(
+            PublicKeyCredentialSource::try_from(cbor::Value::from(credential.clone())),
+            Ok(credential.clone())
+        );
+
+        let credential = PublicKeyCredentialSource {
+            large_blob_key: Some(vec![0x1B]),
+            ..credential
+        };
+
         assert_eq!(
             PublicKeyCredentialSource::try_from(cbor::Value::from(credential.clone())),
             Ok(credential)
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 7b426c1..ab66177 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -49,7 +49,7 @@ use self::response::{
     AuthenticatorMakeCredentialResponse, AuthenticatorVendorResponse, ResponseData,
 };
 use self::status_code::Ctap2StatusCode;
-use self::storage::{PersistentStore, MAX_RP_IDS_LENGTH};
+use self::storage::{PersistentStore, MAX_LARGE_BLOB_ARRAY_SIZE, MAX_RP_IDS_LENGTH};
 use self::timed_permission::TimedPermission;
 #[cfg(feature = "with_ctap1")]
 use self::timed_permission::U2fUserPresenceState;
@@ -427,6 +427,7 @@ where
             user_name: None,
             user_icon: None,
             cred_blob: None,
+            large_blob_key: None,
         }))
     }
 
@@ -596,6 +597,10 @@ where
             || cred_protect_policy.is_some()
             || min_pin_length
             || has_cred_blob_output;
+        let large_blob_key = match (options.rk, extensions.large_blob_key) {
+            (true, Some(true)) => Some(self.rng.gen_uniform_u8x32().to_vec()),
+            _ => None,
+        };
 
         let rp_id_hash = Sha256::hash(rp_id.as_bytes());
         if let Some(exclude_list) = exclude_list {
@@ -674,6 +679,7 @@ where
                     .user_icon
                     .map(|s| truncate_to_char_boundary(&s, 64).to_string()),
                 cred_blob,
+                large_blob_key: large_blob_key.clone(),
             };
             self.persistent_store.store_credential(credential_source)?;
             random_id
@@ -749,6 +755,7 @@ where
                 fmt: String::from("packed"),
                 auth_data,
                 att_stmt: attestation_statement,
+                large_blob_key,
             },
         ))
     }
@@ -806,6 +813,10 @@ where
                 return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
             }
         }
+        let large_blob_key = match extensions.large_blob_key {
+            Some(true) => credential.large_blob_key,
+            _ => None,
+        };
 
         let mut signature_data = auth_data.clone();
         signature_data.extend(client_data_hash);
@@ -841,6 +852,7 @@ where
                 signature: signature.to_asn1_der(),
                 user,
                 number_of_credentials: number_of_credentials.map(|n| n as u64),
+                large_blob_key,
             },
         ))
     }
@@ -1006,19 +1018,18 @@ where
 
     fn process_get_info(&self) -> Result<ResponseData, Ctap2StatusCode> {
         let mut options_map = BTreeMap::new();
-        // TODO(kaczmarczyck) add authenticatorConfig and credProtect options
         options_map.insert(String::from("rk"), true);
-        options_map.insert(String::from("up"), true);
         options_map.insert(
             String::from("clientPin"),
             self.persistent_store.pin_hash()?.is_some(),
         );
+        options_map.insert(String::from("up"), true);
+        options_map.insert(String::from("pinUvAuthToken"), true);
+        options_map.insert(String::from("largeBlobs"), true);
+        options_map.insert(String::from("authnrCfg"), true);
         options_map.insert(String::from("credMgmt"), true);
         options_map.insert(String::from("setMinPINLength"), true);
-        options_map.insert(
-            String::from("forcePINChange"),
-            self.persistent_store.has_force_pin_change()?,
-        );
+        options_map.insert(String::from("makeCredUvNotRqd"), true);
         Ok(ResponseData::AuthenticatorGetInfo(
             AuthenticatorGetInfoResponse {
                 versions: vec![
@@ -1032,6 +1043,7 @@ where
                     String::from("credProtect"),
                     String::from("minPinLength"),
                     String::from("credBlob"),
+                    String::from("largeBlobKey"),
                 ]),
                 aaguid: self.persistent_store.aaguid()?,
                 options: Some(options_map),
@@ -1041,7 +1053,8 @@ where
                 max_credential_id_length: Some(CREDENTIAL_ID_SIZE as u64),
                 transports: Some(vec![AuthenticatorTransport::Usb]),
                 algorithms: Some(vec![ES256_CRED_PARAM]),
-                default_cred_protect: DEFAULT_CRED_PROTECT,
+                max_serialized_large_blob_array: Some(MAX_LARGE_BLOB_ARRAY_SIZE as u64),
+                force_pin_change: Some(self.persistent_store.has_force_pin_change()?),
                 min_pin_length: self.persistent_store.min_pin_length()?,
                 firmware_version: None,
                 max_cred_blob_length: Some(MAX_CRED_BLOB_LENGTH as u64),
@@ -1214,6 +1227,7 @@ mod test {
                     fmt,
                     auth_data,
                     att_stmt,
+                    large_blob_key,
                 } = make_credential_response;
                 // The expected response is split to only assert the non-random parts.
                 assert_eq!(fmt, "packed");
@@ -1234,6 +1248,7 @@ mod test {
                     expected_extension_cbor
                 );
                 assert_eq!(att_stmt.alg, SignatureAlgorithm::ES256 as i64);
+                assert_eq!(large_blob_key, None);
             }
             _ => panic!("Invalid response type"),
         }
@@ -1258,15 +1273,19 @@ mod test {
                     String::from("credProtect"),
                     String::from("minPinLength"),
                     String::from("credBlob"),
+                    String::from("largeBlobKey"),
                 ]],
             0x03 => ctap_state.persistent_store.aaguid().unwrap(),
             0x04 => cbor_map! {
                 "rk" => true,
-                "up" => true,
                 "clientPin" => false,
+                "up" => true,
+                "pinUvAuthToken" => true,
+                "largeBlobs" => true,
+                "authnrCfg" => true,
                 "credMgmt" => true,
                 "setMinPINLength" => true,
-                "forcePINChange" => false,
+                "makeCredUvNotRqd" => true,
             },
             0x05 => MAX_MSG_SIZE as u64,
             0x06 => cbor_array_vec![vec![1]],
@@ -1274,7 +1293,8 @@ mod test {
             0x08 => CREDENTIAL_ID_SIZE as u64,
             0x09 => cbor_array_vec![vec!["usb"]],
             0x0A => cbor_array_vec![vec![ES256_CRED_PARAM]],
-            0x0C => DEFAULT_CRED_PROTECT.map(|c| c as u64),
+            0x0B => MAX_LARGE_BLOB_ARRAY_SIZE as u64,
+            0x0C => false,
             0x0D => ctap_state.persistent_store.min_pin_length().unwrap() as u64,
             0x0F => MAX_CRED_BLOB_LENGTH as u64,
             0x10 => MAX_RP_IDS_LENGTH as u64,
@@ -1336,10 +1356,8 @@ mod test {
         policy: CredentialProtectionPolicy,
     ) -> AuthenticatorMakeCredentialParameters {
         let extensions = MakeCredentialExtensions {
-            hmac_secret: false,
             cred_protect: Some(policy),
-            min_pin_length: false,
-            cred_blob: None,
+            ..Default::default()
         };
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.extensions = extensions;
@@ -1424,6 +1442,7 @@ mod test {
             user_name: None,
             user_icon: None,
             cred_blob: None,
+            large_blob_key: None,
         };
         assert!(ctap_state
             .persistent_store
@@ -1504,9 +1523,7 @@ mod test {
 
         let extensions = MakeCredentialExtensions {
             hmac_secret: true,
-            cred_protect: None,
-            min_pin_length: false,
-            cred_blob: None,
+            ..Default::default()
         };
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.options.rk = false;
@@ -1534,9 +1551,7 @@ mod test {
 
         let extensions = MakeCredentialExtensions {
             hmac_secret: true,
-            cred_protect: None,
-            min_pin_length: false,
-            cred_blob: None,
+            ..Default::default()
         };
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.extensions = extensions;
@@ -1563,10 +1578,8 @@ mod test {
 
         // First part: The extension is ignored, since the RP ID is not on the list.
         let extensions = MakeCredentialExtensions {
-            hmac_secret: false,
-            cred_protect: None,
             min_pin_length: true,
-            cred_blob: None,
+            ..Default::default()
         };
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.extensions = extensions;
@@ -1589,10 +1602,8 @@ mod test {
         );
 
         let extensions = MakeCredentialExtensions {
-            hmac_secret: false,
-            cred_protect: None,
             min_pin_length: true,
-            cred_blob: None,
+            ..Default::default()
         };
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.extensions = extensions;
@@ -1618,10 +1629,8 @@ mod test {
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         let extensions = MakeCredentialExtensions {
-            hmac_secret: false,
-            cred_protect: None,
-            min_pin_length: false,
             cred_blob: Some(vec![0xCB]),
+            ..Default::default()
         };
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.extensions = extensions;
@@ -1656,10 +1665,8 @@ mod test {
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
         let extensions = MakeCredentialExtensions {
-            hmac_secret: false,
-            cred_protect: None,
-            min_pin_length: false,
             cred_blob: Some(vec![0xCB; MAX_CRED_BLOB_LENGTH + 1]),
+            ..Default::default()
         };
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.extensions = extensions;
@@ -1687,6 +1694,39 @@ mod test {
         assert_eq!(stored_credential.cred_blob, None);
     }
 
+    #[test]
+    fn test_process_make_credential_large_blob_key() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+
+        let extensions = MakeCredentialExtensions {
+            large_blob_key: Some(true),
+            ..Default::default()
+        };
+        let mut make_credential_params = create_minimal_make_credential_parameters();
+        make_credential_params.extensions = extensions;
+        let make_credential_response =
+            ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
+        let large_blob_key = match make_credential_response.unwrap() {
+            ResponseData::AuthenticatorMakeCredential(make_credential_response) => {
+                make_credential_response.large_blob_key.unwrap()
+            }
+            _ => panic!("Invalid response type"),
+        };
+        assert_eq!(large_blob_key.len(), 32);
+
+        let mut iter_result = Ok(());
+        let iter = ctap_state
+            .persistent_store
+            .iter_credentials(&mut iter_result)
+            .unwrap();
+        // There is only 1 credential, so last is good enough.
+        let (_, stored_credential) = iter.last().unwrap();
+        iter_result.unwrap();
+        assert_eq!(stored_credential.large_blob_key.unwrap(), large_blob_key);
+    }
+
     #[test]
     fn test_process_make_credential_cancelled() {
         let mut rng = ThreadRng256 {};
@@ -1828,9 +1868,7 @@ mod test {
 
         let make_extensions = MakeCredentialExtensions {
             hmac_secret: true,
-            cred_protect: None,
-            min_pin_length: false,
-            cred_blob: None,
+            ..Default::default()
         };
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.options.rk = false;
@@ -1857,7 +1895,7 @@ mod test {
         };
         let get_extensions = GetAssertionExtensions {
             hmac_secret: Some(hmac_secret_input),
-            cred_blob: false,
+            ..Default::default()
         };
 
         let cred_desc = PublicKeyCredentialDescriptor {
@@ -1898,9 +1936,7 @@ mod test {
 
         let make_extensions = MakeCredentialExtensions {
             hmac_secret: true,
-            cred_protect: None,
-            min_pin_length: false,
-            cred_blob: None,
+            ..Default::default()
         };
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.extensions = make_extensions;
@@ -1916,7 +1952,7 @@ mod test {
         };
         let get_extensions = GetAssertionExtensions {
             hmac_secret: Some(hmac_secret_input),
-            cred_blob: false,
+            ..Default::default()
         };
 
         let get_assertion_params = AuthenticatorGetAssertionParameters {
@@ -1970,6 +2006,7 @@ mod test {
             user_name: None,
             user_icon: None,
             cred_blob: None,
+            large_blob_key: None,
         };
         assert!(ctap_state
             .persistent_store
@@ -2033,6 +2070,7 @@ mod test {
             user_name: None,
             user_icon: None,
             cred_blob: None,
+            large_blob_key: None,
         };
         assert!(ctap_state
             .persistent_store
@@ -2082,6 +2120,7 @@ mod test {
             user_name: None,
             user_icon: None,
             cred_blob: Some(vec![0xCB]),
+            large_blob_key: None,
         };
         assert!(ctap_state
             .persistent_store
@@ -2089,8 +2128,8 @@ mod test {
             .is_ok());
 
         let extensions = GetAssertionExtensions {
-            hmac_secret: None,
             cred_blob: true,
+            ..Default::default()
         };
         let get_assertion_params = AuthenticatorGetAssertionParameters {
             rp_id: String::from("example.com"),
@@ -2125,6 +2164,63 @@ mod test {
         );
     }
 
+    #[test]
+    fn test_process_get_assertion_with_large_blob_key() {
+        let mut rng = ThreadRng256 {};
+        let private_key = crypto::ecdsa::SecKey::gensk(&mut rng);
+        let credential_id = rng.gen_uniform_u8x32().to_vec();
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+
+        let credential = PublicKeyCredentialSource {
+            key_type: PublicKeyCredentialType::PublicKey,
+            credential_id,
+            private_key,
+            rp_id: String::from("example.com"),
+            user_handle: vec![0x1D],
+            user_display_name: None,
+            cred_protect_policy: None,
+            creation_order: 0,
+            user_name: None,
+            user_icon: None,
+            cred_blob: None,
+            large_blob_key: Some(vec![0x1C; 32]),
+        };
+        assert!(ctap_state
+            .persistent_store
+            .store_credential(credential)
+            .is_ok());
+
+        let extensions = GetAssertionExtensions {
+            large_blob_key: Some(true),
+            ..Default::default()
+        };
+        let get_assertion_params = AuthenticatorGetAssertionParameters {
+            rp_id: String::from("example.com"),
+            client_data_hash: vec![0xCD],
+            allow_list: None,
+            extensions,
+            options: GetAssertionOptions {
+                up: false,
+                uv: false,
+            },
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let get_assertion_response = ctap_state.process_get_assertion(
+            get_assertion_params,
+            DUMMY_CHANNEL_ID,
+            DUMMY_CLOCK_VALUE,
+        );
+        let large_blob_key = match get_assertion_response.unwrap() {
+            ResponseData::AuthenticatorGetAssertion(get_assertion_response) => {
+                get_assertion_response.large_blob_key.unwrap()
+            }
+            _ => panic!("Invalid response type"),
+        };
+        assert_eq!(large_blob_key, vec![0x1C; 32]);
+    }
+
     #[test]
     fn test_process_get_next_assertion_two_credentials_with_uv() {
         let mut rng = ThreadRng256 {};
@@ -2369,6 +2465,7 @@ mod test {
             user_name: None,
             user_icon: None,
             cred_blob: None,
+            large_blob_key: None,
         };
         assert!(ctap_state
             .persistent_store
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index 87d94cc..346a348 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -63,6 +63,7 @@ pub struct AuthenticatorMakeCredentialResponse {
     pub fmt: String,
     pub auth_data: Vec<u8>,
     pub att_stmt: PackedAttestationStatement,
+    pub large_blob_key: Option<Vec<u8>>,
 }
 
 impl From<AuthenticatorMakeCredentialResponse> for cbor::Value {
@@ -71,12 +72,14 @@ impl From<AuthenticatorMakeCredentialResponse> for cbor::Value {
             fmt,
             auth_data,
             att_stmt,
+            large_blob_key,
         } = make_credential_response;
 
         cbor_map_options! {
             0x01 => fmt,
             0x02 => auth_data,
             0x03 => att_stmt,
+            0x05 => large_blob_key,
         }
     }
 }
@@ -89,6 +92,7 @@ pub struct AuthenticatorGetAssertionResponse {
     pub signature: Vec<u8>,
     pub user: Option<PublicKeyCredentialUserEntity>,
     pub number_of_credentials: Option<u64>,
+    pub large_blob_key: Option<Vec<u8>>,
 }
 
 impl From<AuthenticatorGetAssertionResponse> for cbor::Value {
@@ -99,6 +103,7 @@ impl From<AuthenticatorGetAssertionResponse> for cbor::Value {
             signature,
             user,
             number_of_credentials,
+            large_blob_key,
         } = get_assertion_response;
 
         cbor_map_options! {
@@ -107,6 +112,7 @@ impl From<AuthenticatorGetAssertionResponse> for cbor::Value {
             0x03 => signature,
             0x04 => user,
             0x05 => number_of_credentials,
+            0x07 => large_blob_key,
         }
     }
 }
@@ -124,7 +130,8 @@ pub struct AuthenticatorGetInfoResponse {
     pub max_credential_id_length: Option<u64>,
     pub transports: Option<Vec<AuthenticatorTransport>>,
     pub algorithms: Option<Vec<PublicKeyCredentialParameter>>,
-    pub default_cred_protect: Option<CredentialProtectionPolicy>,
+    pub max_serialized_large_blob_array: Option<u64>,
+    pub force_pin_change: Option<bool>,
     pub min_pin_length: u8,
     pub firmware_version: Option<u64>,
     pub max_cred_blob_length: Option<u64>,
@@ -145,7 +152,8 @@ impl From<AuthenticatorGetInfoResponse> for cbor::Value {
             max_credential_id_length,
             transports,
             algorithms,
-            default_cred_protect,
+            max_serialized_large_blob_array,
+            force_pin_change,
             min_pin_length,
             firmware_version,
             max_cred_blob_length,
@@ -172,7 +180,8 @@ impl From<AuthenticatorGetInfoResponse> for cbor::Value {
             0x08 => max_credential_id_length,
             0x09 => transports.map(|vec| cbor_array_vec!(vec)),
             0x0A => algorithms.map(|vec| cbor_array_vec!(vec)),
-            0x0C => default_cred_protect.map(|p| p as u64),
+            0x0B => max_serialized_large_blob_array,
+            0x0C => force_pin_change,
             0x0D => min_pin_length as u64,
             0x0E => firmware_version,
             0x0F => max_cred_blob_length,
@@ -297,7 +306,7 @@ mod test {
     use super::super::data_formats::{PackedAttestationStatement, PublicKeyCredentialType};
     use super::super::ES256_CRED_PARAM;
     use super::*;
-    use cbor::{cbor_bytes, cbor_map};
+    use cbor::{cbor_array, cbor_bytes, cbor_map};
     use crypto::rng256::ThreadRng256;
 
     #[test]
@@ -320,6 +329,7 @@ mod test {
             fmt: "packed".to_string(),
             auth_data: vec![0xAD],
             att_stmt,
+            large_blob_key: Some(vec![0x1B]),
         };
         let response_cbor: Option<cbor::Value> =
             ResponseData::AuthenticatorMakeCredential(make_credential_response).into();
@@ -327,24 +337,50 @@ mod test {
             0x01 => "packed",
             0x02 => vec![0xAD],
             0x03 => cbor_packed_attestation_statement,
+            0x05 => vec![0x1B],
         };
         assert_eq!(response_cbor, Some(expected_cbor));
     }
 
     #[test]
     fn test_get_assertion_into_cbor() {
+        let pub_key_cred_descriptor = PublicKeyCredentialDescriptor {
+            key_type: PublicKeyCredentialType::PublicKey,
+            key_id: vec![0x2D, 0x2D, 0x2D, 0x2D],
+            transports: Some(vec![AuthenticatorTransport::Usb]),
+        };
+        let user = PublicKeyCredentialUserEntity {
+            user_id: vec![0x1D, 0x1D, 0x1D, 0x1D],
+            user_name: Some("foo".to_string()),
+            user_display_name: Some("bar".to_string()),
+            user_icon: Some("example.com/foo/icon.png".to_string()),
+        };
         let get_assertion_response = AuthenticatorGetAssertionResponse {
-            credential: None,
+            credential: Some(pub_key_cred_descriptor),
             auth_data: vec![0xAD],
             signature: vec![0x51],
-            user: None,
-            number_of_credentials: None,
+            user: Some(user),
+            number_of_credentials: Some(2),
+            large_blob_key: Some(vec![0x1B]),
         };
         let response_cbor: Option<cbor::Value> =
             ResponseData::AuthenticatorGetAssertion(get_assertion_response).into();
         let expected_cbor = cbor_map_options! {
+            0x01 => cbor_map! {
+                "type" => "public-key",
+                "id" => vec![0x2D, 0x2D, 0x2D, 0x2D],
+                "transports" => cbor_array!["usb"],
+            },
             0x02 => vec![0xAD],
             0x03 => vec![0x51],
+            0x04 => cbor_map! {
+                "id" => vec![0x1D, 0x1D, 0x1D, 0x1D],
+                "name" => "foo".to_string(),
+                "displayName" => "bar".to_string(),
+                "icon" => "example.com/foo/icon.png".to_string(),
+            },
+            0x05 => 2,
+            0x07 => vec![0x1B],
         };
         assert_eq!(response_cbor, Some(expected_cbor));
     }
@@ -363,7 +399,8 @@ mod test {
             max_credential_id_length: None,
             transports: None,
             algorithms: None,
-            default_cred_protect: None,
+            max_serialized_large_blob_array: None,
+            force_pin_change: None,
             min_pin_length: 4,
             firmware_version: None,
             max_cred_blob_length: None,
@@ -395,7 +432,8 @@ mod test {
             max_credential_id_length: Some(256),
             transports: Some(vec![AuthenticatorTransport::Usb]),
             algorithms: Some(vec![ES256_CRED_PARAM]),
-            default_cred_protect: Some(CredentialProtectionPolicy::UserVerificationRequired),
+            max_serialized_large_blob_array: Some(1024),
+            force_pin_change: Some(false),
             min_pin_length: 4,
             firmware_version: Some(0),
             max_cred_blob_length: Some(1024),
@@ -415,7 +453,8 @@ mod test {
             0x08 => 256,
             0x09 => cbor_array_vec![vec!["usb"]],
             0x0A => cbor_array_vec![vec![ES256_CRED_PARAM]],
-            0x0C => CredentialProtectionPolicy::UserVerificationRequired as u64,
+            0x0B => 1024,
+            0x0C => false,
             0x0D => 4,
             0x0E => 0,
             0x0F => 1024,
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 43a00c7..b982922 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -756,6 +756,7 @@ mod test {
             user_name: None,
             user_icon: None,
             cred_blob: None,
+            large_blob_key: None,
         }
     }
 
@@ -973,6 +974,7 @@ mod test {
             user_name: None,
             user_icon: None,
             cred_blob: None,
+            large_blob_key: None,
         };
         assert_eq!(found_credential, Some(expected_credential));
     }
@@ -995,6 +997,7 @@ mod test {
             user_name: None,
             user_icon: None,
             cred_blob: None,
+            large_blob_key: None,
         };
         assert!(persistent_store.store_credential(credential).is_ok());
 
@@ -1321,6 +1324,7 @@ mod test {
             user_name: None,
             user_icon: None,
             cred_blob: None,
+            large_blob_key: None,
         };
         let serialized = serialize_credential(credential.clone()).unwrap();
         let reconstructed = deserialize_credential(&serialized).unwrap();

From 371e8b6f35efc8b489a2101cb8f078bd717652f4 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 2 Feb 2021 05:46:03 +0100
Subject: [PATCH 156/192] remove conditional trait implementation

---
 libraries/crypto/src/ec/exponent256.rs |  6 +--
 libraries/crypto/src/ec/gfp256.rs      |  1 -
 libraries/crypto/src/ec/int256.rs      |  1 -
 libraries/crypto/src/ec/point.rs       |  2 -
 libraries/crypto/src/ecdh.rs           |  2 +-
 libraries/crypto/src/ecdsa.rs          |  5 +-
 src/ctap/apdu.rs                       | 15 ++----
 src/ctap/command.rs                    | 18 +++----
 src/ctap/ctap1.rs                      |  5 +-
 src/ctap/data_formats.rs               | 65 +++++++++-----------------
 src/ctap/response.rs                   | 25 ++++------
 11 files changed, 51 insertions(+), 94 deletions(-)

diff --git a/libraries/crypto/src/ec/exponent256.rs b/libraries/crypto/src/ec/exponent256.rs
index 8638eaa..4a31aee 100644
--- a/libraries/crypto/src/ec/exponent256.rs
+++ b/libraries/crypto/src/ec/exponent256.rs
@@ -18,11 +18,10 @@ use core::ops::Mul;
 use subtle::{self, Choice, ConditionallySelectable, CtOption};
 
 // An exponent on the elliptic curve, that is an element modulo the curve order N.
-#[derive(Clone, Copy, PartialEq, Eq)]
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
 // TODO: remove this Default once https://github.com/dalek-cryptography/subtle/issues/63 is
 // resolved.
 #[derive(Default)]
-#[cfg_attr(feature = "derive_debug", derive(Debug))]
 pub struct ExponentP256 {
     int: Int256,
 }
@@ -92,11 +91,10 @@ impl Mul for &ExponentP256 {
 }
 
 // A non-zero exponent on the elliptic curve.
-#[derive(Clone, Copy, PartialEq, Eq)]
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
 // TODO: remove this Default once https://github.com/dalek-cryptography/subtle/issues/63 is
 // resolved.
 #[derive(Default)]
-#[cfg_attr(feature = "derive_debug", derive(Debug))]
 pub struct NonZeroExponentP256 {
     e: ExponentP256,
 }
diff --git a/libraries/crypto/src/ec/gfp256.rs b/libraries/crypto/src/ec/gfp256.rs
index bb3232c..0e6179f 100644
--- a/libraries/crypto/src/ec/gfp256.rs
+++ b/libraries/crypto/src/ec/gfp256.rs
@@ -111,7 +111,6 @@ impl Mul for &GFP256 {
     }
 }
 
-#[cfg(feature = "derive_debug")]
 impl core::fmt::Debug for GFP256 {
     fn fmt(&self, f: &mut core::fmt::Formatter) -> core::fmt::Result {
         write!(f, "GFP256::{:?}", self.int)
diff --git a/libraries/crypto/src/ec/int256.rs b/libraries/crypto/src/ec/int256.rs
index 9954c37..8927b19 100644
--- a/libraries/crypto/src/ec/int256.rs
+++ b/libraries/crypto/src/ec/int256.rs
@@ -636,7 +636,6 @@ impl SubAssign<&Int256> for Int256 {
     }
 }
 
-#[cfg(feature = "derive_debug")]
 impl core::fmt::Debug for Int256 {
     fn fmt(&self, f: &mut core::fmt::Formatter) -> core::fmt::Result {
         write!(f, "Int256 {{ digits: {:08x?} }}", self.digits)
diff --git a/libraries/crypto/src/ec/point.rs b/libraries/crypto/src/ec/point.rs
index 11c6cde..1038808 100644
--- a/libraries/crypto/src/ec/point.rs
+++ b/libraries/crypto/src/ec/point.rs
@@ -542,7 +542,6 @@ impl Add for &PointProjective {
     }
 }
 
-#[cfg(feature = "derive_debug")]
 impl core::fmt::Debug for PointP256 {
     fn fmt(&self, f: &mut core::fmt::Formatter) -> core::fmt::Result {
         f.debug_struct("PointP256")
@@ -552,7 +551,6 @@ impl core::fmt::Debug for PointP256 {
     }
 }
 
-#[cfg(feature = "derive_debug")]
 impl PartialEq for PointP256 {
     fn eq(&self, other: &PointP256) -> bool {
         self.x == other.x && self.y == other.y
diff --git a/libraries/crypto/src/ecdh.rs b/libraries/crypto/src/ecdh.rs
index a1e3736..705aee0 100644
--- a/libraries/crypto/src/ecdh.rs
+++ b/libraries/crypto/src/ecdh.rs
@@ -26,7 +26,7 @@ pub struct SecKey {
     a: NonZeroExponentP256,
 }
 
-#[cfg_attr(feature = "derive_debug", derive(Clone, PartialEq, Debug))]
+#[derive(Clone, Debug, PartialEq)]
 pub struct PubKey {
     p: PointP256,
 }
diff --git a/libraries/crypto/src/ecdsa.rs b/libraries/crypto/src/ecdsa.rs
index b6a1708..eb61365 100644
--- a/libraries/crypto/src/ecdsa.rs
+++ b/libraries/crypto/src/ecdsa.rs
@@ -30,8 +30,7 @@ use core::marker::PhantomData;
 
 pub const NBYTES: usize = int256::NBYTES;
 
-#[derive(Clone, PartialEq)]
-#[cfg_attr(feature = "derive_debug", derive(Debug))]
+#[derive(Clone, Debug, PartialEq)]
 pub struct SecKey {
     k: NonZeroExponentP256,
 }
@@ -41,7 +40,7 @@ pub struct Signature {
     s: NonZeroExponentP256,
 }
 
-#[cfg_attr(feature = "derive_debug", derive(Clone))]
+#[derive(Clone)]
 pub struct PubKey {
     p: PointP256,
 }
diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index f475308..f12ded2 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -18,9 +18,8 @@ use core::convert::TryFrom;
 
 const APDU_HEADER_LEN: usize = 4;
 
-#[cfg_attr(test, derive(Clone, Debug))]
+#[derive(Clone, Debug, PartialEq)]
 #[allow(non_camel_case_types, dead_code)]
-#[derive(PartialEq)]
 pub enum ApduStatusCode {
     SW_SUCCESS = 0x90_00,
     /// Command successfully executed; 'XX' bytes of data are
@@ -51,9 +50,8 @@ pub enum ApduInstructions {
     GetResponse = 0xC0,
 }
 
-#[cfg_attr(test, derive(Clone, Debug))]
+#[derive(Clone, Debug, Default, PartialEq)]
 #[allow(dead_code)]
-#[derive(Default, PartialEq)]
 pub struct ApduHeader {
     pub cla: u8,
     pub ins: u8,
@@ -72,8 +70,7 @@ impl From<&[u8; APDU_HEADER_LEN]> for ApduHeader {
     }
 }
 
-#[cfg_attr(test, derive(Clone, Debug))]
-#[derive(PartialEq)]
+#[derive(Clone, Debug, PartialEq)]
 /// The APDU cases
 pub enum Case {
     Le1,
@@ -85,18 +82,16 @@ pub enum Case {
     Le3,
 }
 
-#[cfg_attr(test, derive(Clone, Debug))]
+#[derive(Clone, Debug, PartialEq)]
 #[allow(dead_code)]
-#[derive(PartialEq)]
 pub enum ApduType {
     Instruction,
     Short(Case),
     Extended(Case),
 }
 
-#[cfg_attr(test, derive(Clone, Debug))]
+#[derive(Clone, Debug, PartialEq)]
 #[allow(dead_code)]
-#[derive(PartialEq)]
 pub struct APDU {
     pub header: ApduHeader,
     pub lc: u16,
diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index 8a2cade..a76254a 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -38,7 +38,7 @@ pub const MAX_CREDENTIAL_COUNT_IN_LIST: Option<usize> = None;
 const MIN_LARGE_BLOB_LEN: usize = 17;
 
 // CTAP specification (version 20190130) section 6.1
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Debug, PartialEq)]
 pub enum Command {
     AuthenticatorMakeCredential(AuthenticatorMakeCredentialParameters),
     AuthenticatorGetAssertion(AuthenticatorGetAssertionParameters),
@@ -148,7 +148,7 @@ impl Command {
     }
 }
 
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Debug, PartialEq)]
 pub struct AuthenticatorMakeCredentialParameters {
     pub client_data_hash: Vec<u8>,
     pub rp: PublicKeyCredentialRpEntity,
@@ -236,7 +236,7 @@ impl TryFrom<cbor::Value> for AuthenticatorMakeCredentialParameters {
     }
 }
 
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Debug, PartialEq)]
 pub struct AuthenticatorGetAssertionParameters {
     pub rp_id: String,
     pub client_data_hash: Vec<u8>,
@@ -307,7 +307,7 @@ impl TryFrom<cbor::Value> for AuthenticatorGetAssertionParameters {
     }
 }
 
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Debug, PartialEq)]
 pub struct AuthenticatorClientPinParameters {
     pub pin_protocol: u64,
     pub sub_command: ClientPinSubCommand,
@@ -363,7 +363,7 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
     }
 }
 
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Debug, PartialEq)]
 pub struct AuthenticatorLargeBlobsParameters {
     pub get: Option<usize>,
     pub set: Option<Vec<u8>>,
@@ -438,7 +438,7 @@ impl TryFrom<cbor::Value> for AuthenticatorLargeBlobsParameters {
     }
 }
 
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Debug, PartialEq)]
 pub struct AuthenticatorConfigParameters {
     pub sub_command: ConfigSubCommand,
     pub sub_command_params: Option<ConfigSubCommandParams>,
@@ -478,7 +478,7 @@ impl TryFrom<cbor::Value> for AuthenticatorConfigParameters {
     }
 }
 
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Debug, PartialEq)]
 pub struct AuthenticatorAttestationMaterial {
     pub certificate: Vec<u8>,
     pub private_key: [u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH],
@@ -507,7 +507,7 @@ impl TryFrom<cbor::Value> for AuthenticatorAttestationMaterial {
     }
 }
 
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Debug, PartialEq)]
 pub struct AuthenticatorCredentialManagementParameters {
     pub sub_command: CredentialManagementSubCommand,
     pub sub_command_params: Option<CredentialManagementSubCommandParameters>,
@@ -544,7 +544,7 @@ impl TryFrom<cbor::Value> for AuthenticatorCredentialManagementParameters {
     }
 }
 
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Debug, PartialEq)]
 pub struct AuthenticatorVendorConfigureParameters {
     pub lockdown: bool,
     pub attestation_material: Option<AuthenticatorAttestationMaterial>,
diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index 0bf43b5..09a3c6c 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -29,8 +29,7 @@ pub type Ctap1StatusCode = ApduStatusCode;
 // The specification referenced in this file is at:
 // https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.pdf
 
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Clone, Debug))]
-#[derive(PartialEq)]
+#[derive(Clone, Debug, PartialEq)]
 pub enum Ctap1Flags {
     CheckOnly = 0x07,
     EnforceUpAndSign = 0x03,
@@ -56,7 +55,7 @@ impl Into<u8> for Ctap1Flags {
     }
 }
 
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Debug, PartialEq)]
 // TODO: remove #allow when https://github.com/rust-lang/rust/issues/64362 is fixed
 enum U2fCommand {
     #[allow(dead_code)]
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index ba9ca1a..1992469 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -27,8 +27,7 @@ use enum_iterator::IntoEnumIterator;
 const ES256_ALGORITHM: i64 = -7;
 
 // https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialrpentity
-#[derive(Clone)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Clone, Debug, PartialEq)]
 pub struct PublicKeyCredentialRpEntity {
     pub rp_id: String,
     pub rp_name: Option<String>,
@@ -70,8 +69,7 @@ impl From<PublicKeyCredentialRpEntity> for cbor::Value {
 }
 
 // https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialuserentity
-#[derive(Clone)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Clone, Debug, PartialEq)]
 pub struct PublicKeyCredentialUserEntity {
     pub user_id: Vec<u8>,
     pub user_name: Option<String>,
@@ -118,8 +116,7 @@ impl From<PublicKeyCredentialUserEntity> for cbor::Value {
 }
 
 // https://www.w3.org/TR/webauthn/#enumdef-publickeycredentialtype
-#[derive(Clone, PartialEq)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
+#[derive(Clone, Debug, PartialEq)]
 pub enum PublicKeyCredentialType {
     PublicKey,
     // This is the default for all strings not covered above.
@@ -151,8 +148,7 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialType {
 }
 
 // https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialparameters
-#[derive(PartialEq)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
+#[derive(Debug, PartialEq)]
 pub struct PublicKeyCredentialParameter {
     pub cred_type: PublicKeyCredentialType,
     pub alg: SignatureAlgorithm,
@@ -185,8 +181,7 @@ impl From<PublicKeyCredentialParameter> for cbor::Value {
 }
 
 // https://www.w3.org/TR/webauthn/#enumdef-authenticatortransport
-#[derive(Clone)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Clone, Debug, PartialEq)]
 #[cfg_attr(test, derive(IntoEnumIterator))]
 pub enum AuthenticatorTransport {
     Usb,
@@ -223,8 +218,7 @@ impl TryFrom<cbor::Value> for AuthenticatorTransport {
 }
 
 // https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialdescriptor
-#[derive(Clone)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Clone, Debug, PartialEq)]
 pub struct PublicKeyCredentialDescriptor {
     pub key_type: PublicKeyCredentialType,
     pub key_id: Vec<u8>,
@@ -275,8 +269,7 @@ impl From<PublicKeyCredentialDescriptor> for cbor::Value {
     }
 }
 
-#[derive(Default)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Clone, Debug, PartialEq))]
+#[derive(Clone, Debug, Default, PartialEq)]
 pub struct MakeCredentialExtensions {
     pub hmac_secret: bool,
     pub cred_protect: Option<CredentialProtectionPolicy>,
@@ -321,8 +314,7 @@ impl TryFrom<cbor::Value> for MakeCredentialExtensions {
     }
 }
 
-#[derive(Clone, Default)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Clone, Debug, Default, PartialEq)]
 pub struct GetAssertionExtensions {
     pub hmac_secret: Option<GetAssertionHmacSecretInput>,
     pub cred_blob: bool,
@@ -359,8 +351,7 @@ impl TryFrom<cbor::Value> for GetAssertionExtensions {
     }
 }
 
-#[derive(Clone)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Clone, Debug, PartialEq)]
 pub struct GetAssertionHmacSecretInput {
     pub key_agreement: CoseKey,
     pub salt_enc: Vec<u8>,
@@ -391,8 +382,7 @@ impl TryFrom<cbor::Value> for GetAssertionHmacSecretInput {
 }
 
 // Even though options are optional, we can use the default if not present.
-#[derive(Default)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Debug, Default, PartialEq)]
 pub struct MakeCredentialOptions {
     pub rk: bool,
     pub uv: bool,
@@ -425,7 +415,7 @@ impl TryFrom<cbor::Value> for MakeCredentialOptions {
     }
 }
 
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Debug, PartialEq)]
 pub struct GetAssertionOptions {
     pub up: bool,
     pub uv: bool,
@@ -470,8 +460,7 @@ impl TryFrom<cbor::Value> for GetAssertionOptions {
 }
 
 // https://www.w3.org/TR/webauthn/#packed-attestation
-#[cfg_attr(test, derive(PartialEq))]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
+#[derive(Debug, PartialEq)]
 pub struct PackedAttestationStatement {
     pub alg: i64,
     pub sig: Vec<u8>,
@@ -490,8 +479,7 @@ impl From<PackedAttestationStatement> for cbor::Value {
     }
 }
 
-#[derive(PartialEq)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
+#[derive(Debug, PartialEq)]
 pub enum SignatureAlgorithm {
     ES256 = ES256_ALGORITHM as isize,
     // This is the default for all numbers not covered above.
@@ -516,8 +504,7 @@ impl TryFrom<cbor::Value> for SignatureAlgorithm {
     }
 }
 
-#[derive(Clone, Copy, PartialEq, PartialOrd)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
+#[derive(Clone, Copy, Debug, PartialEq, PartialOrd)]
 #[cfg_attr(test, derive(IntoEnumIterator))]
 pub enum CredentialProtectionPolicy {
     UserVerificationOptional = 0x01,
@@ -548,9 +535,7 @@ impl TryFrom<cbor::Value> for CredentialProtectionPolicy {
 //
 // Note that we only use the WebAuthn definition as an example. This data-structure is not specified
 // by FIDO. In particular we may choose how we serialize and deserialize it.
-#[derive(Clone)]
-#[cfg_attr(test, derive(PartialEq))]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
+#[derive(Clone, Debug, PartialEq)]
 pub struct PublicKeyCredentialSource {
     // TODO function to convert to / from Vec<u8>
     pub key_type: PublicKeyCredentialType,
@@ -688,8 +673,7 @@ impl PublicKeyCredentialSource {
 }
 
 // The COSE key is used for both ECDH and ECDSA public keys for transmission.
-#[derive(Clone)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Clone, Debug, PartialEq)]
 pub struct CoseKey {
     x_bytes: [u8; ecdh::NBYTES],
     y_bytes: [u8; ecdh::NBYTES],
@@ -818,7 +802,7 @@ impl TryFrom<CoseKey> for ecdh::PubKey {
     }
 }
 
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Clone, Debug, PartialEq))]
+#[derive(Clone, Debug, PartialEq)]
 #[cfg_attr(test, derive(IntoEnumIterator))]
 pub enum ClientPinSubCommand {
     GetPinRetries = 0x01,
@@ -856,8 +840,7 @@ impl TryFrom<cbor::Value> for ClientPinSubCommand {
     }
 }
 
-#[derive(Clone, Copy)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Clone, Copy, Debug, PartialEq)]
 #[cfg_attr(test, derive(IntoEnumIterator))]
 pub enum ConfigSubCommand {
     EnableEnterpriseAttestation = 0x01,
@@ -887,8 +870,7 @@ impl TryFrom<cbor::Value> for ConfigSubCommand {
     }
 }
 
-#[derive(Clone)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Clone, Debug, PartialEq)]
 pub enum ConfigSubCommandParams {
     SetMinPinLength(SetMinPinLengthParams),
 }
@@ -903,8 +885,7 @@ impl From<ConfigSubCommandParams> for cbor::Value {
     }
 }
 
-#[derive(Clone)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Clone, Debug, PartialEq)]
 pub struct SetMinPinLengthParams {
     pub new_min_pin_length: Option<u8>,
     pub min_pin_length_rp_ids: Option<Vec<String>>,
@@ -958,8 +939,7 @@ impl From<SetMinPinLengthParams> for cbor::Value {
     }
 }
 
-#[derive(Clone, Copy)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Clone, Copy, Debug, PartialEq)]
 #[cfg_attr(test, derive(IntoEnumIterator))]
 pub enum CredentialManagementSubCommand {
     GetCredsMetadata = 0x01,
@@ -995,8 +975,7 @@ impl TryFrom<cbor::Value> for CredentialManagementSubCommand {
     }
 }
 
-#[derive(Clone)]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
+#[derive(Clone, Debug, PartialEq)]
 pub struct CredentialManagementSubCommandParameters {
     pub rp_id_hash: Option<Vec<u8>>,
     pub credential_id: Option<PublicKeyCredentialDescriptor>,
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index 346a348..093d4c9 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -22,8 +22,7 @@ use alloc::string::String;
 use alloc::vec::Vec;
 use cbor::{cbor_array_vec, cbor_bool, cbor_map_btree, cbor_map_options, cbor_text};
 
-#[cfg_attr(test, derive(PartialEq))]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
+#[derive(Debug, PartialEq)]
 pub enum ResponseData {
     AuthenticatorMakeCredential(AuthenticatorMakeCredentialResponse),
     AuthenticatorGetAssertion(AuthenticatorGetAssertionResponse),
@@ -57,8 +56,7 @@ impl From<ResponseData> for Option<cbor::Value> {
     }
 }
 
-#[cfg_attr(test, derive(PartialEq))]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
+#[derive(Debug, PartialEq)]
 pub struct AuthenticatorMakeCredentialResponse {
     pub fmt: String,
     pub auth_data: Vec<u8>,
@@ -84,8 +82,7 @@ impl From<AuthenticatorMakeCredentialResponse> for cbor::Value {
     }
 }
 
-#[cfg_attr(test, derive(PartialEq))]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
+#[derive(Debug, PartialEq)]
 pub struct AuthenticatorGetAssertionResponse {
     pub credential: Option<PublicKeyCredentialDescriptor>,
     pub auth_data: Vec<u8>,
@@ -117,8 +114,7 @@ impl From<AuthenticatorGetAssertionResponse> for cbor::Value {
     }
 }
 
-#[cfg_attr(test, derive(PartialEq))]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
+#[derive(Debug, PartialEq)]
 pub struct AuthenticatorGetInfoResponse {
     pub versions: Vec<String>,
     pub extensions: Option<Vec<String>>,
@@ -191,8 +187,7 @@ impl From<AuthenticatorGetInfoResponse> for cbor::Value {
     }
 }
 
-#[cfg_attr(test, derive(PartialEq))]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
+#[derive(Debug, PartialEq)]
 pub struct AuthenticatorClientPinResponse {
     pub key_agreement: Option<CoseKey>,
     pub pin_token: Option<Vec<u8>>,
@@ -215,8 +210,7 @@ impl From<AuthenticatorClientPinResponse> for cbor::Value {
     }
 }
 
-#[cfg_attr(test, derive(PartialEq))]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
+#[derive(Debug, PartialEq)]
 pub struct AuthenticatorLargeBlobsResponse {
     pub config: Vec<u8>,
 }
@@ -231,9 +225,7 @@ impl From<AuthenticatorLargeBlobsResponse> for cbor::Value {
     }
 }
 
-#[derive(Default)]
-#[cfg_attr(test, derive(PartialEq))]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
+#[derive(Debug, Default, PartialEq)]
 pub struct AuthenticatorCredentialManagementResponse {
     pub existing_resident_credentials_count: Option<u64>,
     pub max_possible_remaining_resident_credentials_count: Option<u64>,
@@ -280,8 +272,7 @@ impl From<AuthenticatorCredentialManagementResponse> for cbor::Value {
     }
 }
 
-#[cfg_attr(test, derive(PartialEq))]
-#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug))]
+#[derive(Debug, PartialEq)]
 pub struct AuthenticatorVendorResponse {
     pub cert_programmed: bool,
     pub pkey_programmed: bool,

From 9270afbc21022f862a7d3c15802754b60a4ac66a Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 2 Feb 2021 06:42:49 +0100
Subject: [PATCH 157/192] remove derive_debug feature

---
 Cargo.toml                  | 4 ++--
 libraries/crypto/Cargo.toml | 1 -
 run_desktop_tests.sh        | 4 ++--
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index bca9210..b7b0360 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -22,9 +22,9 @@ subtle = { version = "2.2", default-features = false, features = ["nightly"] }
 
 [features]
 debug_allocations = ["lang_items/debug_allocations"]
-debug_ctap = ["crypto/derive_debug", "libtock_drivers/debug_ctap"]
+debug_ctap = ["libtock_drivers/debug_ctap"]
 panic_console = ["lang_items/panic_console"]
-std = ["cbor/std", "crypto/std", "crypto/derive_debug", "lang_items/std", "persistent_store/std"]
+std = ["cbor/std", "crypto/std", "lang_items/std", "persistent_store/std"]
 verbose = ["debug_ctap", "libtock_drivers/verbose_usb"]
 with_ctap1 = ["crypto/with_ctap1"]
 with_nfc = ["libtock_drivers/with_nfc"]
diff --git a/libraries/crypto/Cargo.toml b/libraries/crypto/Cargo.toml
index ead1294..aa1a597 100644
--- a/libraries/crypto/Cargo.toml
+++ b/libraries/crypto/Cargo.toml
@@ -25,5 +25,4 @@ regex = { version = "1", optional = true }
 
 [features]
 std = ["cbor/std", "hex", "rand", "ring", "untrusted", "serde", "serde_json", "regex"]
-derive_debug = []
 with_ctap1 = []
diff --git a/run_desktop_tests.sh b/run_desktop_tests.sh
index 24771f7..b54d3a8 100755
--- a/run_desktop_tests.sh
+++ b/run_desktop_tests.sh
@@ -91,7 +91,7 @@ then
   cargo test --release --features std
   cd ../..
   cd libraries/crypto
-  RUSTFLAGS='-C target-feature=+aes' cargo test --release --features std,derive_debug
+  RUSTFLAGS='-C target-feature=+aes' cargo test --release --features std
   cd ../..
   cd libraries/persistent_store
   cargo test --release --features std
@@ -103,7 +103,7 @@ then
   cargo test --features std
   cd ../..
   cd libraries/crypto
-  RUSTFLAGS='-C target-feature=+aes' cargo test --features std,derive_debug
+  RUSTFLAGS='-C target-feature=+aes' cargo test --features std
   cd ../..
   cd libraries/persistent_store
   cargo test --features std

From f64567febc45fc738b2fc16d3b2e79b4faad3a72 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 2 Feb 2021 06:52:01 +0100
Subject: [PATCH 158/192] fix crypto workflow

---
 .github/workflows/crypto_test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/crypto_test.yml b/.github/workflows/crypto_test.yml
index 50fdf88..5abfce9 100644
--- a/.github/workflows/crypto_test.yml
+++ b/.github/workflows/crypto_test.yml
@@ -33,10 +33,10 @@ jobs:
         uses: actions-rs/cargo@v1
         with:
           command: test
-          args: --manifest-path libraries/crypto/Cargo.toml --release --features std,derive_debug
+          args: --manifest-path libraries/crypto/Cargo.toml --release --features std
 
       - name: Unit testing of crypto library (debug mode)
         uses: actions-rs/cargo@v1
         with:
           command: test
-          args: --manifest-path libraries/crypto/Cargo.toml --features std,derive_debug
+          args: --manifest-path libraries/crypto/Cargo.toml --features std

From db7ed10f5f45aaa8173a43d4f8560bac9cd4dfe0 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 2 Feb 2021 18:04:29 +0100
Subject: [PATCH 159/192] changes the handling of 0 credentials

---
 src/ctap/credential_management.rs | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/ctap/credential_management.rs b/src/ctap/credential_management.rs
index acc9278..f0721ac 100644
--- a/src/ctap/credential_management.rs
+++ b/src/ctap/credential_management.rs
@@ -46,16 +46,15 @@ fn get_stored_rp_ids(
 
 /// Generates the response for subcommands enumerating RPs.
 fn enumerate_rps_response(
-    rp_id: Option<String>,
+    rp_id: String,
     total_rps: Option<u64>,
 ) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
-    let rp = rp_id.clone().map(|rp_id| PublicKeyCredentialRpEntity {
+    let rp_id_hash = Some(Sha256::hash(rp_id.as_bytes()).to_vec());
+    let rp = Some(PublicKeyCredentialRpEntity {
         rp_id,
         rp_name: None,
         rp_icon: None,
     });
-    let rp_id_hash = rp_id.map(|rp_id| Sha256::hash(rp_id.as_bytes()).to_vec());
-
     Ok(AuthenticatorCredentialManagementResponse {
         rp,
         rp_id_hash,
@@ -128,12 +127,15 @@ fn process_enumerate_rps_begin(
     let rp_set = get_stored_rp_ids(persistent_store)?;
     let total_rps = rp_set.len();
 
-    // TODO(kaczmarczyck) should we return CTAP2_ERR_NO_CREDENTIALS if empty?
     if total_rps > 1 {
         stateful_command_permission.set_command(now, StatefulCommand::EnumerateRps(1));
     }
     // TODO https://github.com/rust-lang/rust/issues/62924 replace with pop_first()
-    enumerate_rps_response(rp_set.into_iter().next(), Some(total_rps as u64))
+    let rp_id = rp_set
+        .into_iter()
+        .next()
+        .ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)?;
+    enumerate_rps_response(rp_id, Some(total_rps as u64))
 }
 
 /// Processes the subcommand enumerateRPsGetNextRP for CredentialManagement.
@@ -148,7 +150,7 @@ fn process_enumerate_rps_get_next_rp(
         .into_iter()
         .nth(rp_id_index)
         .ok_or(Ctap2StatusCode::CTAP2_ERR_NOT_ALLOWED)?;
-    enumerate_rps_response(Some(rp_id), None)
+    enumerate_rps_response(rp_id, None)
 }
 
 /// Processes the subcommand enumerateCredentialsBegin for CredentialManagement.

From e3148319c5dc60dcacbefac49b79c57ce902a0db Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Thu, 4 Feb 2021 16:06:25 +0100
Subject: [PATCH 160/192] allow RP ID permissions for some subcommands

---
 src/ctap/credential_management.rs |  47 ++++++++++----
 src/ctap/mod.rs                   |   4 +-
 src/ctap/pin_protocol_v1.rs       | 101 +++++++++++++++++++++++++-----
 src/ctap/storage.rs               |   2 +-
 4 files changed, 123 insertions(+), 31 deletions(-)

diff --git a/src/ctap/credential_management.rs b/src/ctap/credential_management.rs
index acc9278..b4ecf6f 100644
--- a/src/ctap/credential_management.rs
+++ b/src/ctap/credential_management.rs
@@ -106,6 +106,22 @@ fn enumerate_credentials_response(
     })
 }
 
+/// Check if the token permissions have the correct associated RP ID.
+///
+/// Either no RP ID is associated, or the RP ID matches the stored credential.
+fn check_rp_id_permissions(
+    persistent_store: &mut PersistentStore,
+    pin_protocol_v1: &mut PinProtocolV1,
+    credential_id: &[u8],
+) -> Result<(), Ctap2StatusCode> {
+    // Pre-check a sufficient condition before calling the store.
+    if pin_protocol_v1.has_no_rp_id_permission().is_ok() {
+        return Ok(());
+    }
+    let (_, credential) = persistent_store.find_credential_item(credential_id)?;
+    pin_protocol_v1.has_no_or_rp_id_permission(&credential.rp_id)
+}
+
 /// Processes the subcommand getCredsMetadata for CredentialManagement.
 fn process_get_creds_metadata(
     persistent_store: &PersistentStore,
@@ -155,12 +171,14 @@ fn process_enumerate_rps_get_next_rp(
 fn process_enumerate_credentials_begin(
     persistent_store: &PersistentStore,
     stateful_command_permission: &mut StatefulPermission,
+    pin_protocol_v1: &mut PinProtocolV1,
     sub_command_params: CredentialManagementSubCommandParameters,
     now: ClockValue,
 ) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
     let rp_id_hash = sub_command_params
         .rp_id_hash
         .ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?;
+    pin_protocol_v1.has_no_or_rp_id_hash_permission(&rp_id_hash[..])?;
     let mut iter_result = Ok(());
     let iter = persistent_store.iter_credentials(&mut iter_result)?;
     let mut rp_credentials: Vec<usize> = iter
@@ -199,18 +217,21 @@ fn process_enumerate_credentials_get_next_credential(
 /// Processes the subcommand deleteCredential for CredentialManagement.
 fn process_delete_credential(
     persistent_store: &mut PersistentStore,
+    pin_protocol_v1: &mut PinProtocolV1,
     sub_command_params: CredentialManagementSubCommandParameters,
 ) -> Result<(), Ctap2StatusCode> {
     let credential_id = sub_command_params
         .credential_id
         .ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?
         .key_id;
+    check_rp_id_permissions(persistent_store, pin_protocol_v1, &credential_id)?;
     persistent_store.delete_credential(&credential_id)
 }
 
 /// Processes the subcommand updateUserInformation for CredentialManagement.
 fn process_update_user_information(
     persistent_store: &mut PersistentStore,
+    pin_protocol_v1: &mut PinProtocolV1,
     sub_command_params: CredentialManagementSubCommandParameters,
 ) -> Result<(), Ctap2StatusCode> {
     let credential_id = sub_command_params
@@ -220,6 +241,7 @@ fn process_update_user_information(
     let user = sub_command_params
         .user
         .ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?;
+    check_rp_id_permissions(persistent_store, pin_protocol_v1, &credential_id)?;
     persistent_store.update_credential(&credential_id, user)
 }
 
@@ -255,13 +277,10 @@ pub fn process_credential_management(
     match sub_command {
         CredentialManagementSubCommand::GetCredsMetadata
         | CredentialManagementSubCommand::EnumerateRpsBegin
-        | CredentialManagementSubCommand::DeleteCredential
         | CredentialManagementSubCommand::EnumerateCredentialsBegin
+        | CredentialManagementSubCommand::DeleteCredential
         | CredentialManagementSubCommand::UpdateUserInformation => {
             check_pin_uv_auth_protocol(pin_protocol)?;
-            persistent_store
-                .pin_hash()?
-                .ok_or(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
             let pin_auth = pin_auth.ok_or(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
             let mut management_data = vec![sub_command as u8];
             if let Some(sub_command_params) = sub_command_params.clone() {
@@ -272,9 +291,8 @@ pub fn process_credential_management(
             if !pin_protocol_v1.verify_pin_auth_token(&management_data, &pin_auth) {
                 return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
             }
+            // The RP ID permission is handled differently per subcommand below.
             pin_protocol_v1.has_permission(PinPermission::CredentialManagement)?;
-            pin_protocol_v1.has_no_permission_rp_id()?;
-            // TODO(kaczmarczyck) sometimes allow a RP ID
         }
         CredentialManagementSubCommand::EnumerateRpsGetNextRp
         | CredentialManagementSubCommand::EnumerateCredentialsGetNextCredential => {}
@@ -282,13 +300,17 @@ pub fn process_credential_management(
 
     let response = match sub_command {
         CredentialManagementSubCommand::GetCredsMetadata => {
+            pin_protocol_v1.has_no_rp_id_permission()?;
             Some(process_get_creds_metadata(persistent_store)?)
         }
-        CredentialManagementSubCommand::EnumerateRpsBegin => Some(process_enumerate_rps_begin(
-            persistent_store,
-            stateful_command_permission,
-            now,
-        )?),
+        CredentialManagementSubCommand::EnumerateRpsBegin => {
+            pin_protocol_v1.has_no_rp_id_permission()?;
+            Some(process_enumerate_rps_begin(
+                persistent_store,
+                stateful_command_permission,
+                now,
+            )?)
+        }
         CredentialManagementSubCommand::EnumerateRpsGetNextRp => Some(
             process_enumerate_rps_get_next_rp(persistent_store, stateful_command_permission)?,
         ),
@@ -296,6 +318,7 @@ pub fn process_credential_management(
             Some(process_enumerate_credentials_begin(
                 persistent_store,
                 stateful_command_permission,
+                pin_protocol_v1,
                 sub_command_params.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
                 now,
             )?)
@@ -309,6 +332,7 @@ pub fn process_credential_management(
         CredentialManagementSubCommand::DeleteCredential => {
             process_delete_credential(
                 persistent_store,
+                pin_protocol_v1,
                 sub_command_params.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
             )?;
             None
@@ -316,6 +340,7 @@ pub fn process_credential_management(
         CredentialManagementSubCommand::UpdateUserInformation => {
             process_update_user_information(
                 persistent_store,
+                pin_protocol_v1,
                 sub_command_params.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
             )?;
             None
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index ab66177..0579f62 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -638,7 +638,7 @@ where
                 }
                 self.pin_protocol_v1
                     .has_permission(PinPermission::MakeCredential)?;
-                self.pin_protocol_v1.has_permission_for_rp_id(&rp_id)?;
+                self.pin_protocol_v1.require_rp_id_permission(&rp_id)?;
                 UP_FLAG | UV_FLAG | AT_FLAG | ed_flag
             }
             None => {
@@ -923,7 +923,7 @@ where
                 }
                 self.pin_protocol_v1
                     .has_permission(PinPermission::GetAssertion)?;
-                self.pin_protocol_v1.has_permission_for_rp_id(&rp_id)?;
+                self.pin_protocol_v1.require_rp_id_permission(&rp_id)?;
                 UV_FLAG
             }
             None => {
diff --git a/src/ctap/pin_protocol_v1.rs b/src/ctap/pin_protocol_v1.rs
index 6ec5644..d95b5d1 100644
--- a/src/ctap/pin_protocol_v1.rs
+++ b/src/ctap/pin_protocol_v1.rs
@@ -501,6 +501,7 @@ impl PinProtocolV1 {
         encrypt_hmac_secret_output(&shared_secret, &salt_enc[..], cred_random)
     }
 
+    /// Check if the required command's token permission is granted.
     pub fn has_permission(&self, permission: PinPermission) -> Result<(), Ctap2StatusCode> {
         // Relies on the fact that all permissions are represented by powers of two.
         if permission as u8 & self.permissions != 0 {
@@ -510,22 +511,47 @@ impl PinProtocolV1 {
         }
     }
 
-    pub fn has_no_permission_rp_id(&self) -> Result<(), Ctap2StatusCode> {
+    /// Check if no RP ID is associated with the token permission.
+    pub fn has_no_rp_id_permission(&self) -> Result<(), Ctap2StatusCode> {
         if self.permissions_rp_id.is_some() {
             return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
         }
         Ok(())
     }
 
-    pub fn has_permission_for_rp_id(&mut self, rp_id: &str) -> Result<(), Ctap2StatusCode> {
-        if let Some(permissions_rp_id) = &self.permissions_rp_id {
-            if rp_id != permissions_rp_id {
-                return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
-            }
-        } else {
-            self.permissions_rp_id = Some(String::from(rp_id));
+    /// Check if no or the passed RP ID is associated with the token permission.
+    pub fn has_no_or_rp_id_permission(&mut self, rp_id: &str) -> Result<(), Ctap2StatusCode> {
+        match &self.permissions_rp_id {
+            Some(p) if rp_id != p => Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
+            _ => Ok(()),
+        }
+    }
+
+    /// Check if no RP ID is associated with the token permission, or it matches the hash.
+    pub fn has_no_or_rp_id_hash_permission(
+        &self,
+        rp_id_hash: &[u8],
+    ) -> Result<(), Ctap2StatusCode> {
+        match &self.permissions_rp_id {
+            Some(p) if rp_id_hash != Sha256::hash(p.as_bytes()) => {
+                Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+            }
+            _ => Ok(()),
+        }
+    }
+
+    /// Check if the passed RP ID is associated with the token permission.
+    ///
+    /// If no RP ID is associated, associate the passed RP ID as a side effect.
+    pub fn require_rp_id_permission(&mut self, rp_id: &str) -> Result<(), Ctap2StatusCode> {
+        match &self.permissions_rp_id {
+            Some(p) if rp_id != p => Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
+            None => {
+                self.permissions_rp_id = Some(String::from(rp_id));
+                Ok(())
+            }
+            _ => Ok(()),
         }
-        Ok(())
     }
 
     #[cfg(test)]
@@ -1150,24 +1176,65 @@ mod test {
     }
 
     #[test]
-    fn test_has_no_permission_rp_id() {
+    fn test_has_no_rp_id_permission() {
         let mut rng = ThreadRng256 {};
         let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
-        assert_eq!(pin_protocol_v1.has_no_permission_rp_id(), Ok(()));
-        assert_eq!(pin_protocol_v1.permissions_rp_id, None,);
+        assert_eq!(pin_protocol_v1.has_no_rp_id_permission(), Ok(()));
+        assert_eq!(pin_protocol_v1.permissions_rp_id, None);
         pin_protocol_v1.permissions_rp_id = Some("example.com".to_string());
         assert_eq!(
-            pin_protocol_v1.has_no_permission_rp_id(),
+            pin_protocol_v1.has_no_rp_id_permission(),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         );
     }
 
     #[test]
-    fn test_has_permission_for_rp_id() {
+    fn test_has_no_or_rp_id_permission() {
         let mut rng = ThreadRng256 {};
         let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
         assert_eq!(
-            pin_protocol_v1.has_permission_for_rp_id("example.com"),
+            pin_protocol_v1.has_no_or_rp_id_permission("example.com"),
+            Ok(())
+        );
+        assert_eq!(pin_protocol_v1.permissions_rp_id, None);
+        pin_protocol_v1.permissions_rp_id = Some("example.com".to_string());
+        assert_eq!(
+            pin_protocol_v1.has_no_or_rp_id_permission("example.com"),
+            Ok(())
+        );
+        assert_eq!(
+            pin_protocol_v1.has_no_or_rp_id_permission("another.example.com"),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+    }
+
+    #[test]
+    fn test_has_no_or_rp_id_hash_permission() {
+        let mut rng = ThreadRng256 {};
+        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
+        let rp_id_hash = Sha256::hash(b"example.com");
+        assert_eq!(
+            pin_protocol_v1.has_no_or_rp_id_hash_permission(&rp_id_hash),
+            Ok(())
+        );
+        assert_eq!(pin_protocol_v1.permissions_rp_id, None);
+        pin_protocol_v1.permissions_rp_id = Some("example.com".to_string());
+        assert_eq!(
+            pin_protocol_v1.has_no_or_rp_id_hash_permission(&rp_id_hash),
+            Ok(())
+        );
+        assert_eq!(
+            pin_protocol_v1.has_no_or_rp_id_hash_permission(&[0x4A; 32]),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+    }
+
+    #[test]
+    fn test_require_rp_id_permission() {
+        let mut rng = ThreadRng256 {};
+        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
+        assert_eq!(
+            pin_protocol_v1.require_rp_id_permission("example.com"),
             Ok(())
         );
         assert_eq!(
@@ -1175,11 +1242,11 @@ mod test {
             Some(String::from("example.com"))
         );
         assert_eq!(
-            pin_protocol_v1.has_permission_for_rp_id("example.com"),
+            pin_protocol_v1.require_rp_id_permission("example.com"),
             Ok(())
         );
         assert_eq!(
-            pin_protocol_v1.has_permission_for_rp_id("counter-example.com"),
+            pin_protocol_v1.require_rp_id_permission("counter-example.com"),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         );
     }
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index b982922..6231e3c 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -151,7 +151,7 @@ impl PersistentStore {
     /// # Errors
     ///
     /// Returns `CTAP2_ERR_NO_CREDENTIALS` if the credential is not found.
-    fn find_credential_item(
+    pub fn find_credential_item(
         &self,
         credential_id: &[u8],
     ) -> Result<(usize, PublicKeyCredentialSource), Ctap2StatusCode> {

From 44b7c3cdc1e4926531f19332be4b5512ce6895ba Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Thu, 4 Feb 2021 21:26:00 +0100
Subject: [PATCH 161/192] dummy implementation for enterprise attestation

---
 src/ctap/command.rs        |  8 +++---
 src/ctap/config_command.rs | 45 ++++++++++++++++++++++++++++-
 src/ctap/data_formats.rs   | 34 ++++++++++++++++++++++
 src/ctap/mod.rs            | 58 +++++++++++++++++++++++++++++++++-----
 src/ctap/response.rs       |  5 ++++
 src/ctap/storage.rs        | 29 +++++++++++++++++++
 src/ctap/storage/key.rs    |  5 +++-
 7 files changed, 171 insertions(+), 13 deletions(-)

diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index a76254a..eb16a1f 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -161,7 +161,7 @@ pub struct AuthenticatorMakeCredentialParameters {
     pub options: MakeCredentialOptions,
     pub pin_uv_auth_param: Option<Vec<u8>>,
     pub pin_uv_auth_protocol: Option<u64>,
-    pub enterprise_attestation: Option<bool>,
+    pub enterprise_attestation: Option<u64>,
 }
 
 impl TryFrom<cbor::Value> for AuthenticatorMakeCredentialParameters {
@@ -219,7 +219,7 @@ impl TryFrom<cbor::Value> for AuthenticatorMakeCredentialParameters {
 
         let pin_uv_auth_param = pin_uv_auth_param.map(extract_byte_string).transpose()?;
         let pin_uv_auth_protocol = pin_uv_auth_protocol.map(extract_unsigned).transpose()?;
-        let enterprise_attestation = enterprise_attestation.map(extract_bool).transpose()?;
+        let enterprise_attestation = enterprise_attestation.map(extract_unsigned).transpose()?;
 
         Ok(AuthenticatorMakeCredentialParameters {
             client_data_hash,
@@ -601,7 +601,7 @@ mod test {
             0x05 => cbor_array![],
             0x08 => vec![0x12, 0x34],
             0x09 => 1,
-            0x0A => true,
+            0x0A => 2,
         };
         let returned_make_credential_parameters =
             AuthenticatorMakeCredentialParameters::try_from(cbor_value).unwrap();
@@ -635,7 +635,7 @@ mod test {
             options,
             pin_uv_auth_param: Some(vec![0x12, 0x34]),
             pin_uv_auth_protocol: Some(1),
-            enterprise_attestation: Some(true),
+            enterprise_attestation: Some(2),
         };
 
         assert_eq!(
diff --git a/src/ctap/config_command.rs b/src/ctap/config_command.rs
index 5e4daf3..351ac1e 100644
--- a/src/ctap/config_command.rs
+++ b/src/ctap/config_command.rs
@@ -12,15 +12,27 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use super::check_pin_uv_auth_protocol;
 use super::command::AuthenticatorConfigParameters;
 use super::data_formats::{ConfigSubCommand, ConfigSubCommandParams, SetMinPinLengthParams};
 use super::pin_protocol_v1::PinProtocolV1;
 use super::response::ResponseData;
 use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
+use super::{check_pin_uv_auth_protocol, ENTERPRISE_ATTESTATION_MODE};
 use alloc::vec;
 
+/// Processes the subcommand enableEnterpriseAttestation for AuthenticatorConfig.
+fn process_enable_enterprise_attestation(
+    persistent_store: &mut PersistentStore,
+) -> Result<ResponseData, Ctap2StatusCode> {
+    if ENTERPRISE_ATTESTATION_MODE.is_some() {
+        persistent_store.enable_enterprise_attestation()?;
+        Ok(ResponseData::AuthenticatorConfig)
+    } else {
+        Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+    }
+}
+
 /// Processes the subcommand setMinPINLength for AuthenticatorConfig.
 fn process_set_min_pin_length(
     persistent_store: &mut PersistentStore,
@@ -85,6 +97,9 @@ pub fn process_config(
     }
 
     match sub_command {
+        ConfigSubCommand::EnableEnterpriseAttestation => {
+            process_enable_enterprise_attestation(persistent_store)
+        }
         ConfigSubCommand::SetMinPinLength => {
             if let Some(ConfigSubCommandParams::SetMinPinLength(params)) = sub_command_params {
                 process_set_min_pin_length(persistent_store, params)
@@ -101,6 +116,34 @@ mod test {
     use super::*;
     use crypto::rng256::ThreadRng256;
 
+    #[test]
+    fn test_process_enable_enterprise_attestation() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+
+        let config_params = AuthenticatorConfigParameters {
+            sub_command: ConfigSubCommand::EnableEnterpriseAttestation,
+            sub_command_params: None,
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let config_response =
+            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+
+        if ENTERPRISE_ATTESTATION_MODE.is_some() {
+            assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
+            assert_eq!(persistent_store.enterprise_attestation(), Ok(true));
+        } else {
+            assert_eq!(
+                config_response,
+                Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+            );
+        }
+    }
+
     fn create_min_pin_config_params(
         min_pin_length: u8,
         min_pin_length_rp_ids: Option<Vec<String>>,
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index 1992469..9f4b68c 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -939,6 +939,24 @@ impl From<SetMinPinLengthParams> for cbor::Value {
     }
 }
 
+#[derive(Debug, PartialEq)]
+pub enum EnterpriseAttestationMode {
+    VendorFacilitated = 0x01,
+    PlatformManaged = 0x02,
+}
+
+impl TryFrom<u64> for EnterpriseAttestationMode {
+    type Error = Ctap2StatusCode;
+
+    fn try_from(value: u64) -> Result<Self, Ctap2StatusCode> {
+        match value {
+            1 => Ok(EnterpriseAttestationMode::VendorFacilitated),
+            2 => Ok(EnterpriseAttestationMode::PlatformManaged),
+            _ => Err(Ctap2StatusCode::CTAP2_ERR_INVALID_OPTION),
+        }
+    }
+}
+
 #[derive(Clone, Copy, Debug, PartialEq)]
 #[cfg_attr(test, derive(IntoEnumIterator))]
 pub enum CredentialManagementSubCommand {
@@ -1795,6 +1813,22 @@ mod test {
         assert_eq!(cbor::Value::from(config_sub_command_params), cbor_params);
     }
 
+    #[test]
+    fn test_from_enterprise_attestation_mode() {
+        assert_eq!(
+            EnterpriseAttestationMode::try_from(1),
+            Ok(EnterpriseAttestationMode::VendorFacilitated),
+        );
+        assert_eq!(
+            EnterpriseAttestationMode::try_from(2),
+            Ok(EnterpriseAttestationMode::PlatformManaged),
+        );
+        assert_eq!(
+            EnterpriseAttestationMode::try_from(3),
+            Err(Ctap2StatusCode::CTAP2_ERR_INVALID_OPTION),
+        );
+    }
+
     #[test]
     fn test_from_into_cred_management_sub_command() {
         let cbor_sub_command: cbor::Value = cbor_int!(0x01);
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index ab66177..eeb43bc 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -36,10 +36,10 @@ use self::command::{
 use self::config_command::process_config;
 use self::credential_management::process_credential_management;
 use self::data_formats::{
-    AuthenticatorTransport, CoseKey, CredentialProtectionPolicy, GetAssertionExtensions,
-    PackedAttestationStatement, PublicKeyCredentialDescriptor, PublicKeyCredentialParameter,
-    PublicKeyCredentialSource, PublicKeyCredentialType, PublicKeyCredentialUserEntity,
-    SignatureAlgorithm,
+    AuthenticatorTransport, CoseKey, CredentialProtectionPolicy, EnterpriseAttestationMode,
+    GetAssertionExtensions, PackedAttestationStatement, PublicKeyCredentialDescriptor,
+    PublicKeyCredentialParameter, PublicKeyCredentialSource, PublicKeyCredentialType,
+    PublicKeyCredentialUserEntity, SignatureAlgorithm,
 };
 use self::hid::ChannelID;
 use self::large_blobs::{LargeBlobs, MAX_MSG_SIZE};
@@ -61,6 +61,7 @@ use alloc::vec::Vec;
 use arrayref::array_ref;
 use byteorder::{BigEndian, ByteOrder};
 use cbor::cbor_map_options;
+use core::convert::TryFrom;
 #[cfg(feature = "debug_ctap")]
 use core::fmt::Write;
 use crypto::cbc::{cbc_decrypt, cbc_encrypt};
@@ -86,6 +87,18 @@ const USE_BATCH_ATTESTATION: bool = false;
 // solution is a compromise to be compatible with U2F and not wasting storage.
 const USE_SIGNATURE_COUNTER: bool = true;
 pub const INITIAL_SIGNATURE_COUNTER: u32 = 1;
+// This flag allows usage of enterprise attestation. For privacy reasons, it is
+// disabled by default. You can choose between
+// - EnterpriseAttestationMode::VendorFacilitated,
+// - EnterpriseAttestationMode::PlatformManaged.
+// For VendorFacilitated, choose an appriopriate ENTERPRISE_RP_ID_LIST.
+// To enable the feature, send the subcommand enableEnterpriseAttestation in
+// AuthenticatorConfig. An enterprise might want to customize the type of
+// attestation that is used. OpenSK defaults to batch attestation. Configuring
+// individual certificates then makes authenticators identifiable. Do NOT set
+// USE_BATCH_ATTESTATION to true at the same time in this case!
+pub const ENTERPRISE_ATTESTATION_MODE: Option<EnterpriseAttestationMode> = None;
+const ENTERPRISE_RP_ID_LIST: Vec<String> = Vec::new();
 // Our credential ID consists of
 // - 16 byte initialization vector for AES-256,
 // - 32 byte ECDSA private key for the credential,
@@ -562,7 +575,7 @@ where
             options,
             pin_uv_auth_param,
             pin_uv_auth_protocol,
-            enterprise_attestation: _,
+            enterprise_attestation,
         } = make_credential_params;
 
         self.pin_uv_auth_precheck(&pin_uv_auth_param, pin_uv_auth_protocol, cid)?;
@@ -572,6 +585,26 @@ where
         }
 
         let rp_id = rp.rp_id;
+        let ep_att = if let Some(enterprise_attestation) = enterprise_attestation {
+            let authenticator_mode =
+                ENTERPRISE_ATTESTATION_MODE.ok_or(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)?;
+            if !self.persistent_store.enterprise_attestation()? {
+                return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+            }
+            match (
+                EnterpriseAttestationMode::try_from(enterprise_attestation)?,
+                authenticator_mode,
+            ) {
+                (
+                    EnterpriseAttestationMode::PlatformManaged,
+                    EnterpriseAttestationMode::PlatformManaged,
+                ) => ENTERPRISE_RP_ID_LIST.contains(&rp_id),
+                _ => true,
+            }
+        } else {
+            false
+        };
+
         let mut cred_protect_policy = extensions.cred_protect;
         if cred_protect_policy.unwrap_or(CredentialProtectionPolicy::UserVerificationOptional)
             < DEFAULT_CRED_PROTECT.unwrap_or(CredentialProtectionPolicy::UserVerificationOptional)
@@ -723,7 +756,7 @@ where
         let mut signature_data = auth_data.clone();
         signature_data.extend(client_data_hash);
 
-        let (signature, x5c) = if USE_BATCH_ATTESTATION {
+        let (signature, x5c) = if USE_BATCH_ATTESTATION || ep_att {
             let attestation_private_key = self
                 .persistent_store
                 .attestation_private_key()?
@@ -750,11 +783,13 @@ where
             x5c,
             ecdaa_key_id: None,
         };
+        let ep_att = if ep_att { Some(true) } else { None };
         Ok(ResponseData::AuthenticatorMakeCredential(
             AuthenticatorMakeCredentialResponse {
                 fmt: String::from("packed"),
                 auth_data,
                 att_stmt: attestation_statement,
+                ep_att,
                 large_blob_key,
             },
         ))
@@ -1026,6 +1061,12 @@ where
         options_map.insert(String::from("up"), true);
         options_map.insert(String::from("pinUvAuthToken"), true);
         options_map.insert(String::from("largeBlobs"), true);
+        if ENTERPRISE_ATTESTATION_MODE.is_some() {
+            options_map.insert(
+                String::from("ep"),
+                self.persistent_store.enterprise_attestation()?,
+            );
+        }
         options_map.insert(String::from("authnrCfg"), true);
         options_map.insert(String::from("credMgmt"), true);
         options_map.insert(String::from("setMinPINLength"), true);
@@ -1227,6 +1268,7 @@ mod test {
                     fmt,
                     auth_data,
                     att_stmt,
+                    ep_att,
                     large_blob_key,
                 } = make_credential_response;
                 // The expected response is split to only assert the non-random parts.
@@ -1247,6 +1289,7 @@ mod test {
                     &auth_data[auth_data.len() - expected_extension_cbor.len()..auth_data.len()],
                     expected_extension_cbor
                 );
+                assert!(ep_att.is_none());
                 assert_eq!(att_stmt.alg, SignatureAlgorithm::ES256 as i64);
                 assert_eq!(large_blob_key, None);
             }
@@ -1276,12 +1319,13 @@ mod test {
                     String::from("largeBlobKey"),
                 ]],
             0x03 => ctap_state.persistent_store.aaguid().unwrap(),
-            0x04 => cbor_map! {
+            0x04 => cbor_map_options! {
                 "rk" => true,
                 "clientPin" => false,
                 "up" => true,
                 "pinUvAuthToken" => true,
                 "largeBlobs" => true,
+                "ep" => ENTERPRISE_ATTESTATION_MODE.map(|_| false),
                 "authnrCfg" => true,
                 "credMgmt" => true,
                 "setMinPINLength" => true,
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index 093d4c9..b6b3d25 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -61,6 +61,7 @@ pub struct AuthenticatorMakeCredentialResponse {
     pub fmt: String,
     pub auth_data: Vec<u8>,
     pub att_stmt: PackedAttestationStatement,
+    pub ep_att: Option<bool>,
     pub large_blob_key: Option<Vec<u8>>,
 }
 
@@ -70,6 +71,7 @@ impl From<AuthenticatorMakeCredentialResponse> for cbor::Value {
             fmt,
             auth_data,
             att_stmt,
+            ep_att,
             large_blob_key,
         } = make_credential_response;
 
@@ -77,6 +79,7 @@ impl From<AuthenticatorMakeCredentialResponse> for cbor::Value {
             0x01 => fmt,
             0x02 => auth_data,
             0x03 => att_stmt,
+            0x04 => ep_att,
             0x05 => large_blob_key,
         }
     }
@@ -320,6 +323,7 @@ mod test {
             fmt: "packed".to_string(),
             auth_data: vec![0xAD],
             att_stmt,
+            ep_att: Some(true),
             large_blob_key: Some(vec![0x1B]),
         };
         let response_cbor: Option<cbor::Value> =
@@ -328,6 +332,7 @@ mod test {
             0x01 => "packed",
             0x02 => vec![0xAD],
             0x03 => cbor_packed_attestation_statement,
+            0x04 => true,
             0x05 => vec![0x1B],
         };
         assert_eq!(response_cbor, Some(expected_cbor));
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index b982922..c38146a 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -610,6 +610,23 @@ impl PersistentStore {
     pub fn force_pin_change(&mut self) -> Result<(), Ctap2StatusCode> {
         Ok(self.store.insert(key::FORCE_PIN_CHANGE, &[])?)
     }
+
+    /// Returns whether enterprise attestation is enabled.
+    pub fn enterprise_attestation(&self) -> Result<bool, Ctap2StatusCode> {
+        match self.store.find(key::ENTERPRISE_ATTESTATION)? {
+            None => Ok(false),
+            Some(value) if value.is_empty() => Ok(true),
+            _ => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
+        }
+    }
+
+    /// Marks enterprise attestation as enabled.
+    pub fn enable_enterprise_attestation(&mut self) -> Result<(), Ctap2StatusCode> {
+        if !self.enterprise_attestation()? {
+            self.store.insert(key::ENTERPRISE_ATTESTATION, &[])?;
+        }
+        Ok(())
+    }
 }
 
 impl From<persistent_store::StoreError> for Ctap2StatusCode {
@@ -1308,6 +1325,18 @@ mod test {
         assert!(!persistent_store.has_force_pin_change().unwrap());
     }
 
+    #[test]
+    fn test_enterprise_attestation() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+
+        assert!(!persistent_store.enterprise_attestation().unwrap());
+        assert_eq!(persistent_store.enable_enterprise_attestation(), Ok(()));
+        assert!(persistent_store.enterprise_attestation().unwrap());
+        persistent_store.reset(&mut rng).unwrap();
+        assert!(!persistent_store.enterprise_attestation().unwrap());
+    }
+
     #[test]
     fn test_serialize_deserialize_credential() {
         let mut rng = ThreadRng256 {};
diff --git a/src/ctap/storage/key.rs b/src/ctap/storage/key.rs
index 2093685..dd9f67e 100644
--- a/src/ctap/storage/key.rs
+++ b/src/ctap/storage/key.rs
@@ -93,7 +93,10 @@ make_partition! {
     /// The stored large blob can be too big for one key, so it has to be sharded.
     LARGE_BLOB_SHARDS = 2000..2004;
 
-    /// If this entry exists and equals 1, the PIN needs to be changed.
+    /// If this entry exists and is empty, enterprise attestation is enabled.
+    ENTERPRISE_ATTESTATION = 2039;
+
+    /// If this entry exists and is empty, the PIN needs to be changed.
     FORCE_PIN_CHANGE = 2040;
 
     /// The secret of the CredRandom feature.

From 53e05913634fe93bfb9887b2eb354fa56baeba86 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Thu, 4 Feb 2021 21:33:01 +0100
Subject: [PATCH 162/192] adds some documenation for enterprise attestation

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index da46d7f..92ddac0 100644
--- a/README.md
+++ b/README.md
@@ -125,6 +125,9 @@ a few things you can personalize:
     length.
 1.  Increase the `MAX_CRED_BLOB_LENGTH` in `ctap/mod.rs`, if you expect blobs
     bigger than the default value.
+1.  Implement enterprise attestation. This can be as easy as setting
+    ENTERPRISE_ATTESTATION_MODE in `ctap/mod.rs`. If you want to use a different
+    attestation type than batch attestation, you have to implement it first.
 
 ### 3D printed enclosure
 

From 49cccfd270aa7fe0bfdca13ac9959d580e1ec8db Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 5 Feb 2021 11:23:12 +0100
Subject: [PATCH 163/192] correct const arrays of strings

---
 src/ctap/data_formats.rs |  4 ++++
 src/ctap/mod.rs          |  4 ++--
 src/ctap/storage.rs      | 25 ++++++++++++++++---------
 3 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index 9f4b68c..04e9a36 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -1815,6 +1815,10 @@ mod test {
 
     #[test]
     fn test_from_enterprise_attestation_mode() {
+        assert_eq!(
+            EnterpriseAttestationMode::try_from(0),
+            Err(Ctap2StatusCode::CTAP2_ERR_INVALID_OPTION),
+        );
         assert_eq!(
             EnterpriseAttestationMode::try_from(1),
             Ok(EnterpriseAttestationMode::VendorFacilitated),
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index eeb43bc..b9a88b4 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -98,7 +98,7 @@ pub const INITIAL_SIGNATURE_COUNTER: u32 = 1;
 // individual certificates then makes authenticators identifiable. Do NOT set
 // USE_BATCH_ATTESTATION to true at the same time in this case!
 pub const ENTERPRISE_ATTESTATION_MODE: Option<EnterpriseAttestationMode> = None;
-const ENTERPRISE_RP_ID_LIST: Vec<String> = Vec::new();
+const ENTERPRISE_RP_ID_LIST: &[&str] = &[];
 // Our credential ID consists of
 // - 16 byte initialization vector for AES-256,
 // - 32 byte ECDSA private key for the credential,
@@ -598,7 +598,7 @@ where
                 (
                     EnterpriseAttestationMode::PlatformManaged,
                     EnterpriseAttestationMode::PlatformManaged,
-                ) => ENTERPRISE_RP_ID_LIST.contains(&rp_id),
+                ) => ENTERPRISE_RP_ID_LIST.contains(&rp_id.as_str()),
                 _ => true,
             }
         } else {
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index c38146a..777f71f 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -56,7 +56,7 @@ const MAX_SUPPORTED_RESIDENT_KEYS: usize = 150;
 
 const MAX_PIN_RETRIES: u8 = 8;
 const DEFAULT_MIN_PIN_LENGTH: u8 = 4;
-const DEFAULT_MIN_PIN_LENGTH_RP_IDS: Vec<String> = Vec::new();
+const DEFAULT_MIN_PIN_LENGTH_RP_IDS: &[&str] = &[];
 // This constant is an attempt to limit storage requirements. If you don't set it to 0,
 // the stored strings can still be unbounded, but that is true for all RP IDs.
 pub const MAX_RP_IDS_LENGTH: usize = 8;
@@ -439,12 +439,17 @@ impl PersistentStore {
     /// Returns the list of RP IDs that are used to check if reading the minimum PIN length is
     /// allowed.
     pub fn min_pin_length_rp_ids(&self) -> Result<Vec<String>, Ctap2StatusCode> {
-        let rp_ids = self
-            .store
-            .find(key::MIN_PIN_LENGTH_RP_IDS)?
-            .map_or(Some(DEFAULT_MIN_PIN_LENGTH_RP_IDS), |value| {
-                deserialize_min_pin_length_rp_ids(&value)
-            });
+        let rp_ids = self.store.find(key::MIN_PIN_LENGTH_RP_IDS)?.map_or_else(
+            || {
+                Some(
+                    DEFAULT_MIN_PIN_LENGTH_RP_IDS
+                        .iter()
+                        .map(|&s| String::from(s))
+                        .collect(),
+                )
+            },
+            |value| deserialize_min_pin_length_rp_ids(&value),
+        );
         debug_assert!(rp_ids.is_some());
         Ok(rp_ids.unwrap_or_default())
     }
@@ -455,7 +460,8 @@ impl PersistentStore {
         min_pin_length_rp_ids: Vec<String>,
     ) -> Result<(), Ctap2StatusCode> {
         let mut min_pin_length_rp_ids = min_pin_length_rp_ids;
-        for rp_id in DEFAULT_MIN_PIN_LENGTH_RP_IDS {
+        for rp_id in DEFAULT_MIN_PIN_LENGTH_RP_IDS.iter() {
+            let rp_id = String::from(*rp_id);
             if !min_pin_length_rp_ids.contains(&rp_id) {
                 min_pin_length_rp_ids.push(rp_id);
             }
@@ -1203,7 +1209,8 @@ mod test {
             persistent_store.set_min_pin_length_rp_ids(rp_ids.clone()),
             Ok(())
         );
-        for rp_id in DEFAULT_MIN_PIN_LENGTH_RP_IDS {
+        for rp_id in DEFAULT_MIN_PIN_LENGTH_RP_IDS.iter() {
+            let rp_id = rp_id.to_string().to_string();
             if !rp_ids.contains(&rp_id) {
                 rp_ids.push(rp_id);
             }

From 502006e29ead0e39425e4707b3b323a950c38c7f Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 5 Feb 2021 11:57:47 +0100
Subject: [PATCH 164/192] fix string conversion style

---
 src/ctap/storage.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 777f71f..f2f8220 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -460,8 +460,8 @@ impl PersistentStore {
         min_pin_length_rp_ids: Vec<String>,
     ) -> Result<(), Ctap2StatusCode> {
         let mut min_pin_length_rp_ids = min_pin_length_rp_ids;
-        for rp_id in DEFAULT_MIN_PIN_LENGTH_RP_IDS.iter() {
-            let rp_id = String::from(*rp_id);
+        for &rp_id in DEFAULT_MIN_PIN_LENGTH_RP_IDS.iter() {
+            let rp_id = String::from(rp_id);
             if !min_pin_length_rp_ids.contains(&rp_id) {
                 min_pin_length_rp_ids.push(rp_id);
             }
@@ -1209,8 +1209,8 @@ mod test {
             persistent_store.set_min_pin_length_rp_ids(rp_ids.clone()),
             Ok(())
         );
-        for rp_id in DEFAULT_MIN_PIN_LENGTH_RP_IDS.iter() {
-            let rp_id = rp_id.to_string().to_string();
+        for &rp_id in DEFAULT_MIN_PIN_LENGTH_RP_IDS.iter() {
+            let rp_id = String::from(rp_id);
             if !rp_ids.contains(&rp_id) {
                 rp_ids.push(rp_id);
             }

From 604f0848157f660dff850b190f1fc42375e4fcb4 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 5 Feb 2021 14:52:38 +0100
Subject: [PATCH 165/192] rename require_ to ensure

---
 src/ctap/mod.rs             |  4 ++--
 src/ctap/pin_protocol_v1.rs | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 0579f62..4d153f4 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -638,7 +638,7 @@ where
                 }
                 self.pin_protocol_v1
                     .has_permission(PinPermission::MakeCredential)?;
-                self.pin_protocol_v1.require_rp_id_permission(&rp_id)?;
+                self.pin_protocol_v1.ensure_rp_id_permission(&rp_id)?;
                 UP_FLAG | UV_FLAG | AT_FLAG | ed_flag
             }
             None => {
@@ -923,7 +923,7 @@ where
                 }
                 self.pin_protocol_v1
                     .has_permission(PinPermission::GetAssertion)?;
-                self.pin_protocol_v1.require_rp_id_permission(&rp_id)?;
+                self.pin_protocol_v1.ensure_rp_id_permission(&rp_id)?;
                 UV_FLAG
             }
             None => {
diff --git a/src/ctap/pin_protocol_v1.rs b/src/ctap/pin_protocol_v1.rs
index d95b5d1..3b00a35 100644
--- a/src/ctap/pin_protocol_v1.rs
+++ b/src/ctap/pin_protocol_v1.rs
@@ -543,7 +543,7 @@ impl PinProtocolV1 {
     /// Check if the passed RP ID is associated with the token permission.
     ///
     /// If no RP ID is associated, associate the passed RP ID as a side effect.
-    pub fn require_rp_id_permission(&mut self, rp_id: &str) -> Result<(), Ctap2StatusCode> {
+    pub fn ensure_rp_id_permission(&mut self, rp_id: &str) -> Result<(), Ctap2StatusCode> {
         match &self.permissions_rp_id {
             Some(p) if rp_id != p => Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
             None => {
@@ -1230,11 +1230,11 @@ mod test {
     }
 
     #[test]
-    fn test_require_rp_id_permission() {
+    fn test_ensure_rp_id_permission() {
         let mut rng = ThreadRng256 {};
         let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
         assert_eq!(
-            pin_protocol_v1.require_rp_id_permission("example.com"),
+            pin_protocol_v1.ensure_rp_id_permission("example.com"),
             Ok(())
         );
         assert_eq!(
@@ -1242,11 +1242,11 @@ mod test {
             Some(String::from("example.com"))
         );
         assert_eq!(
-            pin_protocol_v1.require_rp_id_permission("example.com"),
+            pin_protocol_v1.ensure_rp_id_permission("example.com"),
             Ok(())
         );
         assert_eq!(
-            pin_protocol_v1.require_rp_id_permission("counter-example.com"),
+            pin_protocol_v1.ensure_rp_id_permission("counter-example.com"),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         );
     }

From f90d43a6a1e8c27e7bef162f0d67d84e732d12e2 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 5 Feb 2021 18:43:27 +0100
Subject: [PATCH 166/192] implements alwaysUv and makeCredUvNotRqd

---
 src/ctap/apdu.rs           |   1 +
 src/ctap/config_command.rs | 105 ++++++++++++++++++++++++++++++++++-
 src/ctap/ctap1.rs          |  21 +++++++
 src/ctap/hid/mod.rs        |   2 +-
 src/ctap/large_blobs.rs    |   2 +-
 src/ctap/mod.rs            | 110 ++++++++++++++++++++++++++++++++++---
 src/ctap/storage.rs        |  30 ++++++++++
 src/ctap/storage/key.rs    |   3 +
 8 files changed, 262 insertions(+), 12 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index f12ded2..455e574 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -29,6 +29,7 @@ pub enum ApduStatusCode {
     SW_WRONG_DATA = 0x6a_80,
     SW_WRONG_LENGTH = 0x67_00,
     SW_COND_USE_NOT_SATISFIED = 0x69_85,
+    SW_COMMAND_NOT_ALLOWED = 0x69_86,
     SW_FILE_NOT_FOUND = 0x6a_82,
     SW_INCORRECT_P1P2 = 0x6a_86,
     /// Instruction code not supported or invalid
diff --git a/src/ctap/config_command.rs b/src/ctap/config_command.rs
index 5e4daf3..edff8f0 100644
--- a/src/ctap/config_command.rs
+++ b/src/ctap/config_command.rs
@@ -21,6 +21,21 @@ use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
 use alloc::vec;
 
+/// The specification mandates that authenticators support users disabling
+/// alwaysUv unless required not to by specific external certifications.
+const CAN_DISABLE_ALWAYS_UV: bool = true;
+
+/// Processes the subcommand toggleAlwaysUv for AuthenticatorConfig.
+fn process_toggle_always_uv(
+    persistent_store: &mut PersistentStore,
+) -> Result<ResponseData, Ctap2StatusCode> {
+    if !CAN_DISABLE_ALWAYS_UV && persistent_store.has_always_uv()? {
+        return Err(Ctap2StatusCode::CTAP2_ERR_OPERATION_DENIED);
+    }
+    persistent_store.toggle_always_uv()?;
+    Ok(ResponseData::AuthenticatorConfig)
+}
+
 /// Processes the subcommand setMinPINLength for AuthenticatorConfig.
 fn process_set_min_pin_length(
     persistent_store: &mut PersistentStore,
@@ -66,7 +81,11 @@ pub fn process_config(
         pin_uv_auth_protocol,
     } = params;
 
-    if persistent_store.pin_hash()?.is_some() {
+    let enforce_uv = match sub_command {
+        ConfigSubCommand::ToggleAlwaysUv => false,
+        _ => true,
+    } && persistent_store.has_always_uv()?;
+    if persistent_store.pin_hash()?.is_some() || enforce_uv {
         // TODO(kaczmarczyck) The error code is specified inconsistently with other commands.
         check_pin_uv_auth_protocol(pin_uv_auth_protocol)
             .map_err(|_| Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
@@ -85,6 +104,7 @@ pub fn process_config(
     }
 
     match sub_command {
+        ConfigSubCommand::ToggleAlwaysUv => process_toggle_always_uv(persistent_store),
         ConfigSubCommand::SetMinPinLength => {
             if let Some(ConfigSubCommandParams::SetMinPinLength(params)) = sub_command_params {
                 process_set_min_pin_length(persistent_store, params)
@@ -101,6 +121,89 @@ mod test {
     use super::*;
     use crypto::rng256::ThreadRng256;
 
+    #[test]
+    fn test_process_toggle_always_uv() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+
+        let config_params = AuthenticatorConfigParameters {
+            sub_command: ConfigSubCommand::ToggleAlwaysUv,
+            sub_command_params: None,
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let config_response =
+            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
+        assert!(persistent_store.has_always_uv().unwrap());
+
+        let config_params = AuthenticatorConfigParameters {
+            sub_command: ConfigSubCommand::ToggleAlwaysUv,
+            sub_command_params: None,
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        };
+        let config_response =
+            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        if CAN_DISABLE_ALWAYS_UV {
+            assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
+            assert!(!persistent_store.has_always_uv().unwrap());
+        } else {
+            assert_eq!(
+                config_response,
+                Err(Ctap2StatusCode::CTAP2_ERR_OPERATION_DENIED)
+            );
+            assert!(persistent_store.has_always_uv().unwrap());
+        }
+    }
+
+    #[test]
+    fn test_process_toggle_always_uv_with_pin() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x55; 32];
+        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        persistent_store.set_pin(&[0x88; 16], 4).unwrap();
+
+        let pin_uv_auth_param = Some(vec![
+            0x99, 0xBA, 0x0A, 0x57, 0x9D, 0x95, 0x5A, 0x44, 0xE3, 0x77, 0xCF, 0x95, 0x51, 0x3F,
+            0xFD, 0xBE,
+        ]);
+        let config_params = AuthenticatorConfigParameters {
+            sub_command: ConfigSubCommand::ToggleAlwaysUv,
+            sub_command_params: None,
+            pin_uv_auth_param: pin_uv_auth_param.clone(),
+            pin_uv_auth_protocol: Some(1),
+        };
+        let config_response =
+            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
+        assert!(persistent_store.has_always_uv().unwrap());
+
+        let config_params = AuthenticatorConfigParameters {
+            sub_command: ConfigSubCommand::ToggleAlwaysUv,
+            sub_command_params: None,
+            pin_uv_auth_param,
+            pin_uv_auth_protocol: Some(1),
+        };
+        let config_response =
+            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        if CAN_DISABLE_ALWAYS_UV {
+            assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
+            assert!(!persistent_store.has_always_uv().unwrap());
+        } else {
+            assert_eq!(
+                config_response,
+                Err(Ctap2StatusCode::CTAP2_ERR_OPERATION_DENIED)
+            );
+            assert!(persistent_store.has_always_uv().unwrap());
+        }
+    }
+
     fn create_min_pin_config_params(
         min_pin_length: u8,
         min_pin_length_rp_ids: Option<Vec<String>>,
diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
index 09a3c6c..d5e60ee 100644
--- a/src/ctap/ctap1.rs
+++ b/src/ctap/ctap1.rs
@@ -189,6 +189,12 @@ impl Ctap1Command {
         R: Rng256,
         CheckUserPresence: Fn(ChannelID) -> Result<(), Ctap2StatusCode>,
     {
+        if !ctap_state
+            .allows_ctap1()
+            .map_err(|_| Ctap1StatusCode::SW_INTERNAL_EXCEPTION)?
+        {
+            return Err(Ctap1StatusCode::SW_COMMAND_NOT_ALLOWED);
+        }
         let command = U2fCommand::try_from(message)?;
         match command {
             U2fCommand::Register {
@@ -398,6 +404,21 @@ mod test {
         message
     }
 
+    #[test]
+    fn test_process_allowed() {
+        let mut rng = ThreadRng256 {};
+        let dummy_user_presence = |_| panic!("Unexpected user presence check in CTAP1");
+        let mut ctap_state = CtapState::new(&mut rng, dummy_user_presence, START_CLOCK_VALUE);
+        ctap_state.persistent_store.toggle_always_uv().unwrap();
+
+        let application = [0x0A; 32];
+        let message = create_register_message(&application);
+        ctap_state.u2f_up_state.consume_up(START_CLOCK_VALUE);
+        ctap_state.u2f_up_state.grant_up(START_CLOCK_VALUE);
+        let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
+        assert_eq!(response, Err(Ctap1StatusCode::SW_COMMAND_NOT_ALLOWED));
+    }
+
     #[test]
     fn test_process_register() {
         let mut rng = ThreadRng256 {};
diff --git a/src/ctap/hid/mod.rs b/src/ctap/hid/mod.rs
index 71bd7c8..03cb637 100644
--- a/src/ctap/hid/mod.rs
+++ b/src/ctap/hid/mod.rs
@@ -177,7 +177,7 @@ impl CtapHid {
                 match message.cmd {
                     // CTAP specification (version 20190130) section 8.1.9.1.1
                     CtapHid::COMMAND_MSG => {
-                        // If we don't have CTAP1 backward compatibilty, this command in invalid.
+                        // If we don't have CTAP1 backward compatibilty, this command is invalid.
                         #[cfg(not(feature = "with_ctap1"))]
                         return CtapHid::error_message(cid, CtapHid::ERR_INVALID_CMD);
 
diff --git a/src/ctap/large_blobs.rs b/src/ctap/large_blobs.rs
index ab38df0..f84c1a9 100644
--- a/src/ctap/large_blobs.rs
+++ b/src/ctap/large_blobs.rs
@@ -88,7 +88,7 @@ impl LargeBlobs {
             if offset != self.expected_next_offset {
                 return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_SEQ);
             }
-            if persistent_store.pin_hash()?.is_some() {
+            if persistent_store.pin_hash()?.is_some() || persistent_store.has_always_uv()? {
                 let pin_uv_auth_param =
                     pin_uv_auth_param.ok_or(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
                 // TODO(kaczmarczyck) Error codes for PIN protocol differ across commands.
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index ab66177..8b90b68 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -341,6 +341,14 @@ where
         Ok(())
     }
 
+    // Returns whether CTAP1 commands are currently supported.
+    // If alwaysUv is enabled and the authenticator does not support internal UV,
+    // CTAP1 needs to be disabled.
+    #[cfg(feature = "with_ctap1")]
+    pub fn allows_ctap1(&self) -> Result<bool, Ctap2StatusCode> {
+        Ok(!self.persistent_store.has_always_uv()?)
+    }
+
     // Encrypts the private key and relying party ID hash into a credential ID. Other
     // information, such as a user name, are not stored, because encrypted credential IDs
     // are used for credentials stored server-side. Also, we want the key handle to be
@@ -642,7 +650,11 @@ where
                 UP_FLAG | UV_FLAG | AT_FLAG | ed_flag
             }
             None => {
-                if self.persistent_store.pin_hash()?.is_some() {
+                if self.persistent_store.has_always_uv()? {
+                    return Err(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED);
+                }
+                // Corresponds to makeCredUvNotRqd set to true.
+                if options.rk && self.persistent_store.pin_hash()?.is_some() {
                     return Err(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED);
                 }
                 if options.uv {
@@ -927,8 +939,10 @@ where
                 UV_FLAG
             }
             None => {
+                if self.persistent_store.has_always_uv()? {
+                    return Err(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED);
+                }
                 if options.uv {
-                    // The specification (inconsistently) wants CTAP2_ERR_UNSUPPORTED_OPTION.
                     return Err(Ctap2StatusCode::CTAP2_ERR_INVALID_OPTION);
                 }
                 0x00
@@ -1017,6 +1031,23 @@ where
     }
 
     fn process_get_info(&self) -> Result<ResponseData, Ctap2StatusCode> {
+        let has_always_uv = self.persistent_store.has_always_uv()?;
+        #[cfg(feature = "with_ctap1")]
+        let mut versions = vec![
+            String::from(FIDO2_VERSION_STRING),
+            String::from(FIDO2_1_VERSION_STRING),
+        ];
+        #[cfg(feature = "with_ctap1")]
+        {
+            if !has_always_uv {
+                versions.insert(0, String::from(U2F_VERSION_STRING))
+            }
+        }
+        #[cfg(not(feature = "with_ctap1"))]
+        let versions = vec![
+            String::from(FIDO2_VERSION_STRING),
+            String::from(FIDO2_1_VERSION_STRING),
+        ];
         let mut options_map = BTreeMap::new();
         options_map.insert(String::from("rk"), true);
         options_map.insert(
@@ -1029,15 +1060,11 @@ where
         options_map.insert(String::from("authnrCfg"), true);
         options_map.insert(String::from("credMgmt"), true);
         options_map.insert(String::from("setMinPINLength"), true);
-        options_map.insert(String::from("makeCredUvNotRqd"), true);
+        options_map.insert(String::from("makeCredUvNotRqd"), !has_always_uv);
+        options_map.insert(String::from("alwaysUv"), has_always_uv);
         Ok(ResponseData::AuthenticatorGetInfo(
             AuthenticatorGetInfoResponse {
-                versions: vec![
-                    #[cfg(feature = "with_ctap1")]
-                    String::from(U2F_VERSION_STRING),
-                    String::from(FIDO2_VERSION_STRING),
-                    String::from(FIDO2_1_VERSION_STRING),
-                ],
+                versions,
                 extensions: Some(vec![
                     String::from("hmac-secret"),
                     String::from("credProtect"),
@@ -1286,6 +1313,7 @@ mod test {
                 "credMgmt" => true,
                 "setMinPINLength" => true,
                 "makeCredUvNotRqd" => true,
+                "alwaysUv" => false,
             },
             0x05 => MAX_MSG_SIZE as u64,
             0x06 => cbor_array_vec![vec![1]],
@@ -1727,6 +1755,70 @@ mod test {
         assert_eq!(stored_credential.large_blob_key.unwrap(), large_blob_key);
     }
 
+    #[test]
+    fn test_non_resident_process_make_credential_with_pin() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+        ctap_state.persistent_store.set_pin(&[0x88; 16], 4).unwrap();
+
+        let mut make_credential_params = create_minimal_make_credential_parameters();
+        make_credential_params.options.rk = false;
+        let make_credential_response =
+            ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
+
+        check_make_response(
+            make_credential_response,
+            0x41,
+            &ctap_state.persistent_store.aaguid().unwrap(),
+            0x70,
+            &[],
+        );
+    }
+
+    #[test]
+    fn test_resident_process_make_credential_with_pin() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+        ctap_state.persistent_store.set_pin(&[0x88; 16], 4).unwrap();
+
+        let make_credential_params = create_minimal_make_credential_parameters();
+        let make_credential_response =
+            ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
+        assert_eq!(
+            make_credential_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)
+        );
+    }
+
+    #[test]
+    fn test_process_make_credential_with_pin_always_uv() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+
+        ctap_state.persistent_store.toggle_always_uv().unwrap();
+        let make_credential_params = create_minimal_make_credential_parameters();
+        let make_credential_response =
+            ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
+        assert_eq!(
+            make_credential_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)
+        );
+
+        ctap_state.persistent_store.set_pin(&[0x88; 16], 4).unwrap();
+        let mut make_credential_params = create_minimal_make_credential_parameters();
+        make_credential_params.pin_uv_auth_param = Some(vec![0xA4; 16]);
+        make_credential_params.pin_uv_auth_protocol = Some(1);
+        let make_credential_response =
+            ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
+        assert_eq!(
+            make_credential_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+    }
+
     #[test]
     fn test_process_make_credential_cancelled() {
         let mut rng = ThreadRng256 {};
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index b982922..b586d6d 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -610,6 +610,24 @@ impl PersistentStore {
     pub fn force_pin_change(&mut self) -> Result<(), Ctap2StatusCode> {
         Ok(self.store.insert(key::FORCE_PIN_CHANGE, &[])?)
     }
+
+    /// Returns whether alwaysUv is enabled.
+    pub fn has_always_uv(&self) -> Result<bool, Ctap2StatusCode> {
+        match self.store.find(key::ALWAYS_UV)? {
+            None => Ok(false),
+            Some(value) if value.is_empty() => Ok(true),
+            _ => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
+        }
+    }
+
+    /// Enables alwaysUv, when disabled, and vice versa.
+    pub fn toggle_always_uv(&mut self) -> Result<(), Ctap2StatusCode> {
+        if self.has_always_uv()? {
+            Ok(self.store.remove(key::ALWAYS_UV)?)
+        } else {
+            Ok(self.store.insert(key::ALWAYS_UV, &[])?)
+        }
+    }
 }
 
 impl From<persistent_store::StoreError> for Ctap2StatusCode {
@@ -1308,6 +1326,18 @@ mod test {
         assert!(!persistent_store.has_force_pin_change().unwrap());
     }
 
+    #[test]
+    fn test_always_uv() {
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+
+        assert!(!persistent_store.has_always_uv().unwrap());
+        assert_eq!(persistent_store.toggle_always_uv(), Ok(()));
+        assert!(persistent_store.has_always_uv().unwrap());
+        assert_eq!(persistent_store.toggle_always_uv(), Ok(()));
+        assert!(!persistent_store.has_always_uv().unwrap());
+    }
+
     #[test]
     fn test_serialize_deserialize_credential() {
         let mut rng = ThreadRng256 {};
diff --git a/src/ctap/storage/key.rs b/src/ctap/storage/key.rs
index 2093685..9387931 100644
--- a/src/ctap/storage/key.rs
+++ b/src/ctap/storage/key.rs
@@ -93,6 +93,9 @@ make_partition! {
     /// The stored large blob can be too big for one key, so it has to be sharded.
     LARGE_BLOB_SHARDS = 2000..2004;
 
+    /// If this entry exists and is empty, alwaysUv is enabled.
+    ALWAYS_UV = 2038;
+
     /// If this entry exists and equals 1, the PIN needs to be changed.
     FORCE_PIN_CHANGE = 2040;
 

From 842c592c9fab0d6f7f0147c4112bb5333f4934b9 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 5 Feb 2021 18:51:56 +0100
Subject: [PATCH 167/192] adds changes to README

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index da46d7f..14c3dc6 100644
--- a/README.md
+++ b/README.md
@@ -125,6 +125,12 @@ a few things you can personalize:
     length.
 1.  Increase the `MAX_CRED_BLOB_LENGTH` in `ctap/mod.rs`, if you expect blobs
     bigger than the default value.
+1.  If a certification (additional to FIDO's) requires that all requests are
+    protected with user verification, set `CAN_DISABLE_ALWAYS_UV` in
+    `ctap/config_command.rs` to `false`. In that case, consider deploying
+    authenticators after calling `toggleAlwaysUv` to activate the feature.
+    Alternatively, you could change `ctap/storage.rs` to set `alwaysUv` in its
+    initialization.
 
 ### 3D printed enclosure
 

From 54e9da7a5b265349f6e27f26ce04887954673740 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Mon, 8 Feb 2021 07:49:58 +0100
Subject: [PATCH 168/192] conditional allow instead of cfg not

---
 src/ctap/mod.rs | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 8b90b68..748afe6 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -1032,7 +1032,7 @@ where
 
     fn process_get_info(&self) -> Result<ResponseData, Ctap2StatusCode> {
         let has_always_uv = self.persistent_store.has_always_uv()?;
-        #[cfg(feature = "with_ctap1")]
+        #[cfg_attr(not(feature = "with_ctap1"), allow(unused_mut))]
         let mut versions = vec![
             String::from(FIDO2_VERSION_STRING),
             String::from(FIDO2_1_VERSION_STRING),
@@ -1043,11 +1043,6 @@ where
                 versions.insert(0, String::from(U2F_VERSION_STRING))
             }
         }
-        #[cfg(not(feature = "with_ctap1"))]
-        let versions = vec![
-            String::from(FIDO2_VERSION_STRING),
-            String::from(FIDO2_1_VERSION_STRING),
-        ];
         let mut options_map = BTreeMap::new();
         options_map.insert(String::from("rk"), true);
         options_map.insert(

From e941073a3157520dcf653679a824f45c08d17519 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Mon, 8 Feb 2021 13:10:18 +0100
Subject: [PATCH 169/192] new test for attestation configuration

---
 src/ctap/mod.rs | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index e89b15b..da6ba72 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -2764,4 +2764,19 @@ mod test {
             ))
         );
     }
+
+    #[test]
+    #[allow(clippy::assertions_on_constants)]
+    /// Make sure that privacy guarantees are uphold.
+    ///
+    /// The current enterprise attestation implementation reuses batch
+    /// attestation. Enterprise attestation would imply a batch size of 1, but
+    /// batch attestation needs a batch size of at least 100k. To prevent
+    /// accidential misconfiguration, this test allows only one of the constants
+    /// to be set. If you implement your own enterprise attestation mechanism,
+    /// and you want batch attestation at the same time, feel free to proceed
+    /// carefully and remove this test.
+    fn check_attestation_privacy() {
+        assert!(!USE_BATCH_ATTESTATION || ENTERPRISE_ATTESTATION_MODE.is_none());
+    }
 }

From 88a3c0fc803ce2444226c62eb43d7f309a3800f4 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Mon, 8 Feb 2021 16:30:14 +0100
Subject: [PATCH 170/192] assert correct const usage in code

---
 src/ctap/mod.rs | 33 ++++++++++++++-------------------
 1 file changed, 14 insertions(+), 19 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index da6ba72..f2c3ea6 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -75,9 +75,11 @@ use libtock_drivers::crp;
 use libtock_drivers::timer::{ClockValue, Duration};
 
 // This flag enables or disables basic attestation for FIDO2. U2F is unaffected by
-// this setting. The basic attestation uses the signing key from key_material.rs
-// as a batch key. Turn it on if you want attestation. In this case, be aware that
-// it is your responsibility to generate your own key material and keep it secret.
+// this setting. The basic attestation uses the signing key configured with a
+// vendor command as a batch key. If you turn batch attestation on, be aware that
+// it is your responsibility to safely generate and store the key material. Also,
+// the batches must have size of at least 100k authenticators before using new
+// key material.
 const USE_BATCH_ATTESTATION: bool = false;
 // The signature counter is currently implemented as a global counter, if you set
 // this flag to true. The spec strongly suggests to have per-credential-counters,
@@ -96,7 +98,10 @@ pub const INITIAL_SIGNATURE_COUNTER: u32 = 1;
 // AuthenticatorConfig. An enterprise might want to customize the type of
 // attestation that is used. OpenSK defaults to batch attestation. Configuring
 // individual certificates then makes authenticators identifiable. Do NOT set
-// USE_BATCH_ATTESTATION to true at the same time in this case!
+// USE_BATCH_ATTESTATION to true at the same time in this case! The code asserts
+// that you don't use the same key material for batch and enterprise attestation.
+// If you implement your own enterprise attestation mechanism, and you want batch
+// attestation at the same time, proceed carefully and remove the assertion.
 pub const ENTERPRISE_ATTESTATION_MODE: Option<EnterpriseAttestationMode> = None;
 const ENTERPRISE_RP_ID_LIST: &[&str] = &[];
 // Our credential ID consists of
@@ -321,6 +326,11 @@ where
         check_user_presence: CheckUserPresence,
         now: ClockValue,
     ) -> CtapState<'a, R, CheckUserPresence> {
+        #[allow(clippy::assertions_on_constants)]
+        {
+            assert!(!USE_BATCH_ATTESTATION || ENTERPRISE_ATTESTATION_MODE.is_none());
+        }
+
         let persistent_store = PersistentStore::new(rng);
         let pin_protocol_v1 = PinProtocolV1::new(rng);
         CtapState {
@@ -2764,19 +2774,4 @@ mod test {
             ))
         );
     }
-
-    #[test]
-    #[allow(clippy::assertions_on_constants)]
-    /// Make sure that privacy guarantees are uphold.
-    ///
-    /// The current enterprise attestation implementation reuses batch
-    /// attestation. Enterprise attestation would imply a batch size of 1, but
-    /// batch attestation needs a batch size of at least 100k. To prevent
-    /// accidential misconfiguration, this test allows only one of the constants
-    /// to be set. If you implement your own enterprise attestation mechanism,
-    /// and you want batch attestation at the same time, feel free to proceed
-    /// carefully and remove this test.
-    fn check_attestation_privacy() {
-        assert!(!USE_BATCH_ATTESTATION || ENTERPRISE_ATTESTATION_MODE.is_none());
-    }
 }

From 160c83d242bc7d7609d3297074aa33eb013d6e7a Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Mon, 8 Feb 2021 17:53:30 +0100
Subject: [PATCH 171/192] changes always uv constant to a clearer version

---
 src/ctap/config_command.rs | 36 +++++++++++++++---------------------
 src/ctap/mod.rs            |  3 +++
 src/ctap/storage.rs        | 22 ++++++++++++++++------
 3 files changed, 34 insertions(+), 27 deletions(-)

diff --git a/src/ctap/config_command.rs b/src/ctap/config_command.rs
index edff8f0..0d55717 100644
--- a/src/ctap/config_command.rs
+++ b/src/ctap/config_command.rs
@@ -12,24 +12,20 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use super::check_pin_uv_auth_protocol;
 use super::command::AuthenticatorConfigParameters;
 use super::data_formats::{ConfigSubCommand, ConfigSubCommandParams, SetMinPinLengthParams};
 use super::pin_protocol_v1::PinProtocolV1;
 use super::response::ResponseData;
 use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
+use super::{check_pin_uv_auth_protocol, ENFORCE_ALWAYS_UV};
 use alloc::vec;
 
-/// The specification mandates that authenticators support users disabling
-/// alwaysUv unless required not to by specific external certifications.
-const CAN_DISABLE_ALWAYS_UV: bool = true;
-
 /// Processes the subcommand toggleAlwaysUv for AuthenticatorConfig.
 fn process_toggle_always_uv(
     persistent_store: &mut PersistentStore,
 ) -> Result<ResponseData, Ctap2StatusCode> {
-    if !CAN_DISABLE_ALWAYS_UV && persistent_store.has_always_uv()? {
+    if ENFORCE_ALWAYS_UV {
         return Err(Ctap2StatusCode::CTAP2_ERR_OPERATION_DENIED);
     }
     persistent_store.toggle_always_uv()?;
@@ -148,15 +144,14 @@ mod test {
         };
         let config_response =
             process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
-        if CAN_DISABLE_ALWAYS_UV {
-            assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
-            assert!(!persistent_store.has_always_uv().unwrap());
-        } else {
+        if ENFORCE_ALWAYS_UV {
             assert_eq!(
                 config_response,
                 Err(Ctap2StatusCode::CTAP2_ERR_OPERATION_DENIED)
             );
-            assert!(persistent_store.has_always_uv().unwrap());
+        } else {
+            assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
+            assert!(!persistent_store.has_always_uv().unwrap());
         }
     }
 
@@ -181,6 +176,13 @@ mod test {
         };
         let config_response =
             process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        if ENFORCE_ALWAYS_UV {
+            assert_eq!(
+                config_response,
+                Err(Ctap2StatusCode::CTAP2_ERR_OPERATION_DENIED)
+            );
+            return;
+        }
         assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
         assert!(persistent_store.has_always_uv().unwrap());
 
@@ -192,16 +194,8 @@ mod test {
         };
         let config_response =
             process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
-        if CAN_DISABLE_ALWAYS_UV {
-            assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
-            assert!(!persistent_store.has_always_uv().unwrap());
-        } else {
-            assert_eq!(
-                config_response,
-                Err(Ctap2StatusCode::CTAP2_ERR_OPERATION_DENIED)
-            );
-            assert!(persistent_store.has_always_uv().unwrap());
-        }
+        assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
+        assert!(!persistent_store.has_always_uv().unwrap());
     }
 
     fn create_min_pin_config_params(
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 748afe6..2180eb7 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -129,6 +129,9 @@ pub const ES256_CRED_PARAM: PublicKeyCredentialParameter = PublicKeyCredentialPa
 const DEFAULT_CRED_PROTECT: Option<CredentialProtectionPolicy> = None;
 // Maximum size stored with the credBlob extension. Must be at least 32.
 const MAX_CRED_BLOB_LENGTH: usize = 32;
+// Enforce the alwaysUv option. With this constant set to true, commands require
+// a PIN to be set up. The command toggleAlwaysUv will fail to disable alwaysUv.
+pub const ENFORCE_ALWAYS_UV: bool = false;
 
 // Checks the PIN protocol parameter against all supported versions.
 pub fn check_pin_uv_auth_protocol(
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index b586d6d..3b0fb9e 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -18,10 +18,10 @@ use crate::ctap::data_formats::{
     extract_array, extract_text_string, CredentialProtectionPolicy, PublicKeyCredentialSource,
     PublicKeyCredentialUserEntity,
 };
-use crate::ctap::key_material;
 use crate::ctap::pin_protocol_v1::PIN_AUTH_LENGTH;
 use crate::ctap::status_code::Ctap2StatusCode;
 use crate::ctap::INITIAL_SIGNATURE_COUNTER;
+use crate::ctap::{key_material, ENFORCE_ALWAYS_UV};
 use crate::embedded_flash::{new_storage, Storage};
 use alloc::string::String;
 use alloc::vec;
@@ -613,6 +613,9 @@ impl PersistentStore {
 
     /// Returns whether alwaysUv is enabled.
     pub fn has_always_uv(&self) -> Result<bool, Ctap2StatusCode> {
+        if ENFORCE_ALWAYS_UV {
+            return Ok(true);
+        }
         match self.store.find(key::ALWAYS_UV)? {
             None => Ok(false),
             Some(value) if value.is_empty() => Ok(true),
@@ -622,6 +625,9 @@ impl PersistentStore {
 
     /// Enables alwaysUv, when disabled, and vice versa.
     pub fn toggle_always_uv(&mut self) -> Result<(), Ctap2StatusCode> {
+        if ENFORCE_ALWAYS_UV {
+            return Ok(());
+        }
         if self.has_always_uv()? {
             Ok(self.store.remove(key::ALWAYS_UV)?)
         } else {
@@ -1331,11 +1337,15 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
 
-        assert!(!persistent_store.has_always_uv().unwrap());
-        assert_eq!(persistent_store.toggle_always_uv(), Ok(()));
-        assert!(persistent_store.has_always_uv().unwrap());
-        assert_eq!(persistent_store.toggle_always_uv(), Ok(()));
-        assert!(!persistent_store.has_always_uv().unwrap());
+        if ENFORCE_ALWAYS_UV {
+            assert!(persistent_store.has_always_uv().unwrap());
+        } else {
+            assert!(!persistent_store.has_always_uv().unwrap());
+            assert_eq!(persistent_store.toggle_always_uv(), Ok(()));
+            assert!(persistent_store.has_always_uv().unwrap());
+            assert_eq!(persistent_store.toggle_always_uv(), Ok(()));
+            assert!(!persistent_store.has_always_uv().unwrap());
+        }
     }
 
     #[test]

From b9072047b3267bf166215454e11cdf442e2bd2c8 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Mon, 8 Feb 2021 17:56:27 +0100
Subject: [PATCH 172/192] update README to new constant

---
 README.md | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 14c3dc6..41f5378 100644
--- a/README.md
+++ b/README.md
@@ -126,11 +126,8 @@ a few things you can personalize:
 1.  Increase the `MAX_CRED_BLOB_LENGTH` in `ctap/mod.rs`, if you expect blobs
     bigger than the default value.
 1.  If a certification (additional to FIDO's) requires that all requests are
-    protected with user verification, set `CAN_DISABLE_ALWAYS_UV` in
-    `ctap/config_command.rs` to `false`. In that case, consider deploying
-    authenticators after calling `toggleAlwaysUv` to activate the feature.
-    Alternatively, you could change `ctap/storage.rs` to set `alwaysUv` in its
-    initialization.
+    protected with user verification, set `ENFORCE_ALWAYS_UV` in
+    `ctap/config_mod.rs` to `true`.
 
 ### 3D printed enclosure
 

From 6a31e06a5557fbdf2bd701638418a5dd7bca5138 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Mon, 8 Feb 2021 21:54:22 +0100
Subject: [PATCH 173/192] move some logic into storage.rs

---
 src/ctap/config_command.rs | 6 ++----
 src/ctap/mod.rs            | 2 +-
 src/ctap/storage.rs        | 6 +++++-
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/ctap/config_command.rs b/src/ctap/config_command.rs
index b4c7cc0..c65fc56 100644
--- a/src/ctap/config_command.rs
+++ b/src/ctap/config_command.rs
@@ -18,7 +18,7 @@ use super::pin_protocol_v1::PinProtocolV1;
 use super::response::ResponseData;
 use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
-use super::{check_pin_uv_auth_protocol, ENFORCE_ALWAYS_UV, ENTERPRISE_ATTESTATION_MODE};
+use super::{check_pin_uv_auth_protocol, ENTERPRISE_ATTESTATION_MODE};
 use alloc::vec;
 
 /// Processes the subcommand enableEnterpriseAttestation for AuthenticatorConfig.
@@ -37,9 +37,6 @@ fn process_enable_enterprise_attestation(
 fn process_toggle_always_uv(
     persistent_store: &mut PersistentStore,
 ) -> Result<ResponseData, Ctap2StatusCode> {
-    if ENFORCE_ALWAYS_UV {
-        return Err(Ctap2StatusCode::CTAP2_ERR_OPERATION_DENIED);
-    }
     persistent_store.toggle_always_uv()?;
     Ok(ResponseData::AuthenticatorConfig)
 }
@@ -130,6 +127,7 @@ pub fn process_config(
 #[cfg(test)]
 mod test {
     use super::*;
+    use crate::ctap::ENFORCE_ALWAYS_UV;
     use crypto::rng256::ThreadRng256;
 
     #[test]
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 85deafe..18b0345 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -148,7 +148,7 @@ const DEFAULT_CRED_PROTECT: Option<CredentialProtectionPolicy> = None;
 // Maximum size stored with the credBlob extension. Must be at least 32.
 const MAX_CRED_BLOB_LENGTH: usize = 32;
 // Enforce the alwaysUv option. With this constant set to true, commands require
-// a PIN to be set up. The command toggleAlwaysUv will fail to disable alwaysUv.
+// a PIN to be set up. alwaysUv can not be disabled by commands.
 pub const ENFORCE_ALWAYS_UV: bool = false;
 
 // Checks the PIN protocol parameter against all supported versions.
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index a8be6f1..b1aa4ec 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -649,7 +649,7 @@ impl PersistentStore {
     /// Enables alwaysUv, when disabled, and vice versa.
     pub fn toggle_always_uv(&mut self) -> Result<(), Ctap2StatusCode> {
         if ENFORCE_ALWAYS_UV {
-            return Ok(());
+            return Err(Ctap2StatusCode::CTAP2_ERR_OPERATION_DENIED);
         }
         if self.has_always_uv()? {
             Ok(self.store.remove(key::ALWAYS_UV)?)
@@ -1375,6 +1375,10 @@ mod test {
 
         if ENFORCE_ALWAYS_UV {
             assert!(persistent_store.has_always_uv().unwrap());
+            assert_eq!(
+                persistent_store.toggle_always_uv(),
+                Err(Ctap2StatusCode::CTAP2_ERR_OPERATION_DENIED)
+            );
         } else {
             assert!(!persistent_store.has_always_uv().unwrap());
             assert_eq!(persistent_store.toggle_always_uv(), Ok(()));

From 958d7a29dc8ab84da7e4f6eae1a97d45e78e04e6 Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Thu, 11 Feb 2021 17:44:49 +0100
Subject: [PATCH 174/192] Fix `config.py` tool according to the new API of
 fido2 python package (#284)

* Fix fido2 API update.

Since fido2 0.8.1 the device descriptor moved to NamedTuple, breaking
our configuration tool.
Code is now updated accordingly and the setup script ensure we're
using the correct version for fido2 package.

* Make Yapf happy

* Fix missing update for fido2 0.9.1

Also split the comment into 2 lines so that the touch is not hidden
at the end of the screen.
---
 setup.sh           |  2 +-
 tools/configure.py | 10 ++++------
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/setup.sh b/setup.sh
index 13ad9b0..6d58053 100755
--- a/setup.sh
+++ b/setup.sh
@@ -46,4 +46,4 @@ mkdir -p elf2tab
 cargo install elf2tab --version 0.6.0 --root elf2tab/
 
 # Install python dependencies to factory configure OpenSK (crypto, JTAG lockdown)
-pip3 install --user --upgrade colorama tqdm cryptography fido2
+pip3 install --user --upgrade colorama tqdm cryptography "fido2>=0.9.1"
diff --git a/tools/configure.py b/tools/configure.py
index cc00a1a..9343490 100755
--- a/tools/configure.py
+++ b/tools/configure.py
@@ -64,8 +64,7 @@ def info(msg):
 def get_opensk_devices(batch_mode):
   devices = []
   for dev in hid.CtapHidDevice.list_devices():
-    if (dev.descriptor["vendor_id"],
-        dev.descriptor["product_id"]) == OPENSK_VID_PID:
+    if (dev.descriptor.vid, dev.descriptor.pid) == OPENSK_VID_PID:
       if dev.capabilities & hid.CAPABILITY.CBOR:
         if batch_mode:
           devices.append(ctap2.CTAP2(dev))
@@ -138,10 +137,9 @@ def main(args):
     if authenticator.device.capabilities & hid.CAPABILITY.WINK:
       authenticator.device.wink()
     aaguid = uuid.UUID(bytes=authenticator.get_info().aaguid)
-    info(("Programming device {} AAGUID {} ({}). "
-          "Please touch the device to confirm...").format(
-              authenticator.device.descriptor.get("product_string", "Unknown"),
-              aaguid, authenticator.device))
+    info("Programming OpenSK device AAGUID {} ({}).".format(
+        aaguid, authenticator.device))
+    info("Please touch the device to confirm...")
     try:
       result = authenticator.send_cbor(
           OPENSK_VENDOR_CONFIGURE,

From c014d21ff8d19c26a0ffffb00aca6fc79f1ce92f Mon Sep 17 00:00:00 2001
From: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
Date: Thu, 11 Feb 2021 19:53:45 +0100
Subject: [PATCH 175/192] adds README changes, logo and certificate (#285)

---
 README.md                                     |  19 +++++++++---------
 ... Certificate Google FIDO20020210209001.pdf | Bin 0 -> 612439 bytes
 docs/img/FIDO2_Certified_L1.png               | Bin 0 -> 30553 bytes
 3 files changed, 10 insertions(+), 9 deletions(-)
 create mode 100644 docs/FIDO2 Certificate Google FIDO20020210209001.pdf
 create mode 100644 docs/img/FIDO2_Certified_L1.png

diff --git a/README.md b/README.md
index 68e9f71..8177220 100644
--- a/README.md
+++ b/README.md
@@ -24,15 +24,16 @@ few limitations:
 
 ### FIDO2
 
-Although we tested and implemented our firmware based on the published
-[CTAP2.0 specifications](https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html),
-our implementation was not reviewed nor officially tested and doesn't claim to
-be FIDO Certified.
-We started adding features of the upcoming next version of the
-[CTAP2.1 specifications](https://fidoalliance.org/specs/fido2/fido-client-to-authenticator-protocol-v2.1-rd-20191217.html).
-The development is currently between 2.0 and 2.1, with updates hidden behind
-a feature flag.
-Please add the flag `--ctap2.1` to the deploy command to include them.
+The stable branch implements the published
+[CTAP2.0 specifications](https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html)
+and is FIDO certified.
+
+<img alt="FIDO2 certified L1" src="docs/img/FIDO2_Certified_L1.png" width="200px">
+
+It already contains some preview features of 2.1, that you can try by adding the
+flag `--ctap2.1` to the deploy command. The full
+[CTAP2.1 specification](https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html)
+is work in progress in the develop branch and is tested less thoroughly.
 
 ### Cryptography
 
diff --git a/docs/FIDO2 Certificate Google FIDO20020210209001.pdf b/docs/FIDO2 Certificate Google FIDO20020210209001.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..9749108b1da0c83b159eb119507c16cf0a016ddf
GIT binary patch
literal 612439
zcmb@t2Ut_x)-D<aML<BLgAfz}0qIp*6s1e=ARr|`KtOsYB28-Oy(mRG0i;*yU8MKk
zd*}p`aH8MdXaE1b&wcK_=bRPhla;k*d*@hdjCYJNVOD)3!^z7fOhmw3g*}J}co}&Z
z?M<zT2*ky?H9bCpxnG+&n|!dh<W@DY1UoVEVQ;H*zcsP5d<M4TeEo`zkz2#r(Z$SJ
z(-90-x3_m@<P-c`Majg`M&8cC9^1{IQ?NNBwi;Mcl3NMvY+{b>lTrB3Q0m;;5U?BA
zQPmM_0d@r2nPJBe{yT`IBoP7F&iwCO{#^KPllnUu?$`D%cFv5v+=>u$Cj&<QKiwHJ
z{?~SYF8$xyVUb`5!cO$>@akYEdlyISu-J*}s+d}X&784k^0rvCf{gz_`TIkJQRGj3
zEC6YDXITwr6K62Co~(v2qwwE;WHosC7_oo<)RD2b`_qjKFC#C{-`g_Sn|~+BEyK^q
z`%k|z0*t)>G?o!$<okD1RY!X>4Y0ETH&!y-nqYV5e<maK&)4gJzU2Sl#4e>d#6-&8
z-2giT52Nr4K1Ly4K0`+Ay4X2m5jrsn{2g1?(ca}Fb~b;-`S%C62Dhf8iJjBOKPzG8
z!Tnl;`wiF?Vg^>1mBRL`X=3Vxt@4jx|5+_3MxOt=uzx!K_rl6RJ~)FNxn(|Jm*frD
z%-$T#{T6Iz>1>5X_d@tjD<@}1u!$`ZfqPn${;b`s%mW{)uh1#kiZ2shE!2LWrj+mJ
zDaVdMuA)v~MYG9%dj6sw7ol=SC-x)e!}QwB^E!pwiYw|XFU0s8oGj!V5q^!{9*Bd>
zy?`>`%tz^uV*N)66-z1Sf5Gg6#oCzHJFH(<nvKPJ4DX}Rbjhw_B3(;2p5E7k%Puue
zA6+GC*#%xCN5kfcJ<tb9QS^+>x7v0&WO7;3ya?dG)ZroVV>|R|gFI3tDiW8&5*f3d
z?KTE7@r<EPeG+OZ8cg_>3Ae|ui(>u5Qd>_WQ$<98Z{c#<Z@r*~YhrI~4EMIkqCDC|
zsN!g(B_o!C{X|%23FVYI({4?KziX{g;jX<mVX;;@i;SVCI$3uYVAx=%d*1y6f+0bk
zR?m76>0oMI<qcTwqSh4O2qD%UFEm{<=*r6!cRcflriroqHZTGtJu83Mp<&OUk0-)=
zk2kk~bSS#eH0Qiij{V-w-GI~Pd-$(x$)qfd19%=7lF7KLgvVWsC9#ChHB-NkMg9mY
z35{N)VzQwv75H^7-MeL>7;)mmJ5n*NzgjLZk`n!ph>Fg>!BVVHnweSdX+3GStC!Hz
zCRy(^V(;3Y;g?Cjr^)%)-#tAn_#o2ImVLx0O!IvzW3cDL8-;@E$E3H4=8@FV8s<Fx
zUZ!Zr`2G*-0s-2vZ@K1UGxtsvyCUzK(PEO!-xf3nJiZgWlMhF%@}gc`26bQflBn2J
zV<yg{f?wOVlO*k3JZA{?RavU>rf%10yYO13FJ*fkPLLFNAS_s(z4t9tZ9;?4eol2C
zI2d<IE!}><#r%flgnb~wn&D)};ehW8XR@Cs4lJ_kfpL55L)k8B<JL(q?_^Y%(B~_w
zfN?#q{k4!%eJ@6Z+(}IVrZMG=H~4yrhVeB*iioSb#(1N%uRrS76TPIf2HzK7zpEN_
z9!bmKuPpSs7uUtbgdIJvjFLv%eidOSyW%1F-u#Xz(F)b>oS_{gO6KnaC94i#bHBX(
z<lw?tIp}S-S-wm0qVkqZ3H&8#9KPWv8grpX_CnGEy`E-iN~2t2AKpw+hY4>Xf5cuq
znWkOJAfWdzS`Bnvk=(hn%%g@T;eH@;L?c6ZnaX{fp>jaWMzk&@qr^x;uyh|31*h4n
z;Gv9s(Ohf(7Nzmlvv=$^j@F|<lkN8tyt+iO16KJJjdLx-0WXoN_^+2z`tB%oyYRh)
zs7Yw!oF9<3Y$)kSIY&z!t@Tx{({x?w$9-bqnRf9DRM5?P#&YIbmGvq4J|*F$LcKXl
zd2J=HHT;2Z{A%g9ibF(mudM``OxJ7b&xW0W*->_z1raQb@R-ESdqG~4D&EPDOur>Q
z&%5`GztE5ONiP18!>>_%f<0jw7Ja6?FRt^+`RnOf8xF~LUbqA<znGKRc>lQ^X(EKr
zwvq5&U~ZFQfNk4!{8PGlIMpHxc^xK-fPB_nO*NHE8bUrvn&f<k(@bUHyK-^WZiBSh
zVB29oeXh<{-}tfE-BITk3u-*6gDf5NiPY|yPECnloq`l-nB1wHU)AS0ky)yInsCr)
zurMD}($_G2d_H{8KK{su&uAeA6gFo8(w-u3-AJ8Pf)L*Joq;1X-v%+lSsEN@_Kf&S
zh5~Zmb*t`P78}+G?eKS&@#__ce(%3sWS%@ve$raA)GTimvk()Tb`pVksY3r<VOKqf
zODaHXWCf=b==Xvx=+3V_+O~sP?TLZW{q@LDw2B(<D=l0LofjumY*nH+cgV=@+B?a<
zKL~qsOF_g?E0;*HdSi|~(Z0ceZg`!rD+&zuog7SyJjl5abj1QSdG-F;UT>^g1-PG_
zGM!XNsi>9j{!_^=GoB=&yRk>>jLxS*;Njk1Eb%<JcPK+h8OCSv9D3NNO-G-NXML9w
z(jbbAS4$c+owXf&%8d}|?(&F-`|mZR4Gx#Ct+I!Inx?u8A8_W$FmnoPtgpl0$XqVS
zRE>Q9GHLASt9zNc;A9OWM2aTd(D->G-ig5jd%0(ZA|I#rZNp#He_YzNEhDgCEx5-L
z6W^k*$L`xYAON@j*+<kokLK4ra}yR=_MdP|?l!Am6%x2qr1Rl5uK6Ily6l=~V-fxA
zmcMY6*`?C{4X(cX0>|wO*=GkS+J_`Bh21GH)O4IY<9+SjQXk${1Nm0Gei1n+TM8a$
zlCpPfg!r+cn_dR<qo|EKe&u!bXLZPk(SXS&8g*=#r=>o`za%1uD2tP@$9yJG<t6>i
zovae_l!B$kG7nEjCB&LsGQmKiN%Y&o6|wD$T1{2;cT(Z;KvPkJfQ+B)&Q9E^9ASNk
z5w5!i-Q@driQ1+7OXL|Q+T~it-l_1iI^wIxawT!31rqJSP^K+zRRvpVqnZ8Amz_X7
zWm?Pw8_7`3_0t=`;ISy|FRS^tMf^9x`9lc)ZBPH2>3>lXZVeYx=RYj$F9+e)ftX{>
zDj&~_7u<4Sh@};l{0Q;#W9|J1dq<6rCT8IOm~n0?h_jO_*zvW!?MHjNKYT}o`(Kv&
z&1=nn*=cz!PjLKb|HpFwrDxn4N+wP=j6#2D!@rEUAP=vQFz<gg<2O?`OMnLoGV(Hj
zTeofj-eW(2n`MBgv^&HC08ml_umb>qdjK4@2Y_4HGi((AK#dfD`{x`0Ans6m_@8s^
zHNed*;5Fdh-Me^q@7%+~!^6kFM{u8<=sqFgeVT`4B;@q8Kn8l+M~@hva<MW#dCv6c
z(KBJT=RCXu0s=tR7ZM_T;#~X!e1AH*g^!PapYT345fL@t<42GA{(m1gKLMoo?ke5m
z$GP<caGUfN4(Y9%4ge54?>ktef586hxOE!`_s(6sd-w!|*a}q-0Jm@9;M~T=xpM~>
z3-gu__C5fY^v=V_ysz$(shQwCaUkdOi~e?xNvgb+LVXzVl;70xGd=+&6*UblGYji8
zHg*9)Az_ghqOadb%gD;fD`;qHY3u0f>6@8@EiA1d)=thYu5Rugp8f%WLBU@_LStg%
z;u8{+l2fv>b8^4u<rfrI{HUy|uBol7Z)@-9?CS36?Hd^#8=sh*nx0u+SzTM-*xcIQ
zIXXT$Jv+a+L|*;Dbqj#=53K)*?Eiv`6pQONE-nr(-XC1IZo6R%4k_-P$GmqRzEZ<8
zaUgrb=XZ}>D*9V_D?SsyI)cK~ahQPeslYPx(I04kk^O%I_W6Ga+5ZIgA6zql`#86-
z!owj2fB;BL=(Df4|6dD-P5T1%n7FJ{#k7!A-bHLJQU|3{^)`>13nKP7*Uj84$DSh~
zf@bbii-x5^f@-<Cz?ahC+<=-y#6EdwdG-jdiLh+X=j5rTT+#FENQ@=UgxP;BMa^1C
z(gU|y_iM~9dG6tD|MnH!RG|_LJw;DlK)+SwQKR&myOXvu37mhEx91LeuVVC7Vp@i6
zYAP;09B#wdXZps7e*&Pd^lt#OwCCTG%c>0w9EN)Uw=hSm$Hm)Uqi4~e4u^w-BBowg
zf9P7`)2i6GCd0%PtJ3NUl>Cq%JT!`nGj%E!LlIc$Ep!r<noc{i2K5xgy#c(|m-;mX
zYB(YY+OHQ@Lyq@Qbx`(i=oy!s+Vqn4Z$MY`Qj*vem&1%Acx$-ehq95o#stOlse9al
z;q4eb1w!uK9=OPa_ltrp{trzxk4fg^U&vh1UbTu#gQ1wP(kb?`)d9i_Xg-PqWPtE?
znijA2<K8njP7%5l2`X_O>Cg-+PZWoezxhU$tqt`%R-#zEY*{|pUQt9p)>kwch;p$)
zcjsfYe(K~ZRI+!c5O1}qIk=iglWXS$lB>PE^WREg@c}9M53)~yUcu?D7NRP{m(Od8
zpMMkIcSt6|%BFZnE0Ecvfk?V3k}LE=iD_9T>E-e1b?U~!F&S+1c747tMcV^tr&wP8
z4Zu#M7gN<&ew5fsiIHjUnyrK-S;2D;B`IbrEe8<$-;A$JL-TF`^sS}bI+tpB=3k`8
z1LotK!6+E01ZW%p4WR;Ra+@x;7p%tVNS9u6>-^TrO?WI(2HO3G{B#wWeN^gNzpTy=
z6EGZ3RTAUL3T5vgSCa<(Zx^j1BGD6#I?8kHV-+?GIZgNENW(nS^1GNjKKgsznMkv{
zgwRD<6bEf>sI%6_o~8-g2aisQQ<iu{R>u<$TC%s$7Ka!T^jW7JNno_?4Imo&_KMnU
z=(yA#ZoHhwdMt1*v>=D{4ZY%4z0|Pi@m?e;gdG}$n_-ZG?beF~CdkNSx2NhPNU$TH
zWHJuZvA~3hl9;BlWWI8Ey|sreMRt*uXJiN{9%_ALjw%T+@*%R+v5twU=d*5=Cf5LD
zg+BY=FV)V*ggf;oH-K-mnH(bga;{%dUKolkQQ5XI9-aNsAvfL|K*Gm}A`I(ksr6L7
zW_r%q-aAO20fVBn53>oPaEkG`@x@&UJ94rc08DH1Qiq}a20(tE0-X=#fySGcm+UJW
zJNWiO`6P|AnohK_;{RYK87-KH7Wfo}cS6y+3nYYdj^~aXXs^qnDq`26KTkoqn!IB<
zNU(bguc-QV!RD!EjnL@yuix)Fjui6lNAgHZ8wS0SCRe@nf26piu(t1;X=|l`DP1?y
zM@f=k;2Xdrov&6m00Mzupy7ime6bki#a?JZsY22Wk9SSOu|Ncy{JSGjj_n5fz>fiK
zm#&?%Xu$}4w3GBuTfTxxqnK$sCiw}@m1*`a9OI*Sz%k9eAv+MKQ?(1kKmGOc^R7x_
zISo7XE+(j!$Y~h^&*4yf7}oFb>oRx%ul@!QWWBv=HF&%*G?1(jr}axY^jYZ->_h*5
zK-i%PGZS9@0iS265_Ci~U&UD6X6N`V01cdUBdFM^c`~hnstC7(cANrB-0D@@BE(FS
zoIOfgwsY2^pi!l4tJ|#oguO`GLiMVJU_UiuRo1qiP}pVO=`iM0Z4;?QcLN9%8VDXl
z?1`M!sFGmB<X80<(wdjAnNdB+>d>=v<7J8O27AI}GjBobX{(MmfG=p9p{mUL*7bzY
z@3TM-5wgc~!ACa$+L;9Qcpa-IFH&~L$PEc{HACG0uDkx|GVRSE6t~xkVp9|e*F4Fg
zrAga0iN?Ohi!Q<x<sOL8UU;g3LD=*Jp{^0cAnVCm%HgST;Ez5^L!-@Jyv!#I21gQj
z%PClLiRVsC=iZpkH^&~yTp#7QsIj=kQ3(;?CW?su+SEv|yR;AL@qILzs6nNkwGp-!
z?ACB9thq|hP`q?%93=E5^usB${gur}{!H(h)6(k2pNTz58aDSZJDCUyNEMKDr^kqq
z)3&9VB%$^O;C_PC!sn!NwHJR)<9kime>M3uTWOb>&7%f<nZn9k6)k|lZH(s`g79E=
zEm0it6Oxp(Z;S0JpADe}s;QYU$kGVTl6K$Kj#tLj>&|E!8Jb3Ut7dRhpY?;thIfiL
zfXTwpJbKfdCR($GUCSMJNjM^>baSM1iU<1=3*+1XEP!J=w+bM_SJJIPS2J?P)yu6{
z3_;EHv|Z7~Kql=<$_sk&IWxT7F<-%m6%dZBM5^zGgj8pc!zVpi_zmElj+VHRT+w0%
zC=^K}>frfdD9);Mw-ZESIf}CYF*x9q<s@BS1&;YvwM}L#6#q99^qJsU)~Ela!Y1{@
zXPkA54fAI4r1u7J82gfRSm71@EAlvinlw4KIA=USR5mk>IWEU^J-mNRd;{2nIjN~T
z<WaGG2#U4qNo->v&g{@Yo*aa!gfFKNzq<jrK)afQ5iJ3>D`m3Ll%sD0ybDF<K<$f7
z^2^3V`kfXv!n`@O;EH83Y9iP+YG-|Y55rXJzG`BdYjFI_9pIS>ePtx55Lu+fULrXF
z)md|qes*1stnfJVig<Mc_~A_5nCeUok?rp;^&*+57?|;mn|&|c(salVn=d#AcAg3J
zhfUPYeuwbX8<2(HIvMaWKyg5oM@&ZgR&31ph%U&){dq~G>6`d$1c&r>l+SmEJ(#ax
za`4?Fex{MLCfml@ZS&9v{K<DghjHZatZkucxZqq(S)iDX=N$;iHOKbbF-}2SMeR`e
z3X_DFUl7e}uQJt?8Ya~ZwrxuvlWp&KSE{V2ip=FrHYuJvG^9*6?A`zX5}P$ky20|p
z@GPLo_1gi-D?HWR!^%k6-(zI%b}JnI=wvVQV^(I$mldqLXo%edD^bUOGf5=ZEbrX2
zR^2X<^QUK5YPj~rd`46Cvx^<FGXUGKFyt1fM3~lY*x{nFMMd(PThr-dAGrpfSfgr7
zj-RP^(`Gk-mEeioP@5rQxkMo+!V*c1F`tQZrc3?m+}O91C1Cjjtu?>9+giMpHvkXl
z^jWF9;AF7f4F0&~k0kH@ab{z+!#6A2RgyNPF*{9OHvpqgDV_#v*4FxlrA-zy2{C{q
zXi0D#NX2;52xoN&*Mq^X<hyhrZt54nb#pP+2JJ7e{VvTOtK8(98l1x9FRYZ>cp5gB
zn4#g{^WV4g%SQVAlJK$7{iUE>A_(D}lxg@TP||n4<?SKumLZIIy*<)fupLeL!>nF6
z&WZF4=enh@R`i@rD^QoMb<0VCi)-LnR_O1je=G13BA|5BBzM9@-;+HL3y=$5fq+%L
z#6(?zEZDlv;)R6-saLG=Yj@UGp4p$(+K}p}tr<&^*e4cN<+#F2oT~b{F*)b)V9``B
z!nnQX1C9C!N##QHb${X`?$PV)Gq~*a-H_#RBJY)hLmE=QC=kg}p5cxSq(<iVllf<2
zMp`s44*hoz^&ABgB0HM<_hnyLnAM96VFqmaV#Dd;G6m{uDvlM4gmtX@rKiSee>LUH
zrV{Gza|X);0k_WVK#w)oy!IDcj-C@NgfNj_5qv+N$;kP<fmwfF19Hi;ErOlvpzcV0
zICa0YRn`HW_ASE3LPN9)I1Mp&i$Q_Ua&G|lt=m~j?_D!A*?*jm&RN6UXK%Ne)Lt^!
zt$**HdN~g50r?ekmqB8}UlkS#n>diFA;ZUEVp_wh&s*)DXMQU7?n(1v7?Y`7fx9Nc
z`H<g4^3b|1F3bHy+S8@Z^5ZQ{IKa^i*;OOqRg$3LIq}i$VV{IEdG1@(I-uW}_+6eS
zeO)(zSJBIL;dU{<)6(2#(aZb#))PjYRlI$aiyB`(LYpv5NbRW0x&p6?8$d4@?TS~G
zTZmFS>Od&kinWW|KFa^t*N#gY+0@>>a0fH;Q1s2?amGiF-YZCuoC>b+bs_qW<Z{hr
z*!w&`i-w++O$F*pq|84W^$#nXd6rdwkKkF}6M=9F@*fPJ?#I3)%BnXM{+WWw+D>Ju
z4yo@2_4}RfUg<!yQLLkvWP~MBcFVU2k;G8_^@50O6~%d^^<VZSEbViD5&yY(;|-uq
z6fGL$jnON#LBNz}9I_UocTbM=pjNU-<_oGlV`q0xiUX!)miVTY6=PqI>xNX=NEQ%Z
zAe-&>q#EmWow#ot)M{i8vvf`-t{i&aiilM_k-O%~Qn}!RwtZ{7RLm{(nU|Vwl3zU|
zhguDvTnFy4xDQh7RD%dOrH6%eMpYPm<yMq(&?=x@PnHNo*E21p?_szMG0H8%8;({9
zl0-8xj=rz<^e-zV?LN01?_wnOSyM4}T?R<4%snDYjGs=+#d1qqbD7E=YE7Ra)z6Py
z)kaS`*$`a`BDQvnzC{>;3|3N9h-WWJ3~<0ZmMgZvAbc=yUPi)*5;#)$;8iOw(DND(
z^WYLo++eoaR1$t_Xd+YV7NP}bmQAG}jmBE424{d#-NJso(b3*Hi8O{0N!_d_fBj1h
zQ^UaWOqEoOM-L(Qng`mtITMjG<mcw$<iP6UCk0zm0`1dMPF(C;aGObX#||6K+yL&K
zmL&_-hmstcW9iQ0OZi-+S95>9A9^nnk&Dh&{Bi9+^%lzw=g6>2zIFrXj{G|3gC4|C
z7nEQgLYj?frB7S-t4~n*nBlx(P_1w4g>1mE@k@Qw)6qJ@ukYlC^k}-zD2Q_rsc+?A
z$vN+4V90GcVPHs4_O%pc%kz>ghRzGw&%=frRfulYN=b`E#>TMgh(HH4kweW4_&k+0
z(F-Ejz>r}|nweMPq7GLsY@{Dp$Cq{1$_nLBm-^$=*TV?h`F1-TJw_-$w<^=VbL<|5
zcI6^;0)WQ#*IFYL+eg9!o-`yEvNZ+pER^tak=1kU<1=+4$vfyd-Jgt5mCbh|;cx4j
z;yJIHyUIS-2vqZVvn|Q3RO;@1rA)B7$Tf+<U^W-(&7fIUvc01vm}yrLK9|j13<c4z
zZyqa@US8t*+vOzbv+K8@*aao{hR(hdMrcd<@B|n)FS;QE+KX&!TyWR8_||eFVQ^|(
z(8A%nd)+cHo^aBUD8C^uAnMGTmm~$1v`)53TW?gMJhX%&3LPODlqXe&QX=$q986TP
z$Mhgt*xn4|(vI-ct1w?s`kO+fCMb<>3K8?@vC!ArBV6wpYs$$T(XTFM$VaqZHbS)i
zK8c2-m?2>meq6IF*hD#%VokDN+4y4*yf?ADyjPa6iSM=w8}rTWrTSGJuQ8q^3#|23
z>Lns@FME(D2!RtV(b5|+iK2T{tvvk1cuI~>^OGEKa)+bU+jxn_Ihy%AiPq+EfA{z|
zED8HPF*;}U-e~(cwTX9VAh-}HLl0|GEZnA?8B87*h{uh--r^l<VQ8M;wRVgb9#oW_
zkeGCS6O#~oJp_9Oe|dEH8PhgmJ@Y}ghLyi98?AQ++`9p=pIn{gPefR;b!^7HGfYyG
zrYLwUO(BsRKYrS*m0S6v7d;hKj(&EVfTL=-nRaJ##BPk&?A{JB&CqX>T_e9-6zj;0
zAn$gfPVLUYpg;1x&ZDC-(|xJ|RF$A+&iF!bpqlZ^dGDvApG_+9S8o8;LQZHUoy28^
zlqbkaudSazug!dq0Lr7pIgsgfc56QTBlZoE&-E}qTFr;H)U~uz(0V@|=`+{gAqF+Y
zVzAoeKWb+RL%I!C=5(RjELAzBNYD3XDFcLgr8Yps@L!ss{Lql%E|>v4$_qb3R^b*a
zfb0}*HY`cLy*#GOB}mhd^_lAU5vFSEN~b-U^EaIrp%^1*8i4sU;(o?z&FhE?+$%W}
z1M+lc?>L2b<{8$W>FUDP)v>A*RP2|zSG0JISX?&Ng|-3hfhg}C#N%_Es}#^O)d-BR
zR7zzW+Lbs_4(w?`JOx>jY@kS@Ey^3JZve(N;>L$vI>>R)>)R^0jl<ElKK48kNgtul
zCs|8Syr01q4a26f6N)aICq@voV~$IK(rmx#xdZe*EM*I>-g2pi^Nyt4xc9yXa>RU2
z_IJ2%RW2Bjs0gM@!E86g{{%(>CyK760^!isuql=DRcD=QP@B>-QGeU~0?Ywc+mc{a
z_5H6iJM2!QteGQu*D{Hg7kK5#E6zH#!q|$ogMn8!fS;+EBgL5kDQ=1WSqpyX!wlFy
ztxx70=>1;_eapI(&r1pt7h@vPal^$_1s8j>j=Dyb8EzkE)_ZUug)c|1(1J(O*p;Um
z&hE4-&C|Su!Xd{s@wVqZ!H<{LqA`d18{i<_r@Vu7-A~SR)bF7<N+}+z84+(N3D)*K
z%PRissgEt`<Xp-w_baV0*r=8D-W5~c-)=y$-vB;|6Pp~na9k2D$ot#hqM6PJfE_~F
zFX#-!K!p07>z8`=bG`>WPBq(TC6D+czWg~hF=>15W8r{@Itl1dTH^qd$_l+I7Dcf)
zI3L(=FL`?TaJ&+nTCuNi_j<c{15hH!#0qM|I-)n`k}JD(V0bp;eU&l|#=q=B(9rIT
zUPGwf9B5HxR6x=PII}2a7F1ENo<w4ujOdcIszely6vU;%$*b5v?*=f+%ZTessLElu
zd11sFP?Ig!jtm_V1qa|!c~(kam(<hnULx2e`?G2Y3zYN5_b<^z7Mo(bm;J^AuErz6
zR2oP0p&l_gI=_kG4Af>jjTq;<zrCf8`Ou+f^{&{^BGVOZZ<um(_1#T{M#WE!u^%=+
zGVFNd5jJqXLwbHLDcO{+lWr@&0epb!4{Im3OL*rN`i8&I-bG-WW*)&lnbe2%jg|Nl
zM;pq#Fz&vhML<a}jjr1h4Okh#4Vm-G+3WUZTRufQsY=>DLK?X?(a3~fJQc!&-DVl9
zNNr$PBa_`kWC?ZMC>I`H>A>kGl6EHE^0lsEccE7nGlLIvi|=ONnD$|)xS+#wlWd=N
zQ)OB^mn7m;a;2<jDqw6Smp*x5RQV6p{f70;Bh$a`)Yk|J@xN_ZBn(6ik*CTV`lU;I
z%7h>)^t8;!O9>vj2NA2RK-(HpRRU5R!q$FUBo61e(V(RrRDkkg(l0zYQVRL7afYEW
zofZ{Dq7wi8Egc1DeIUZRq`OUtpCg^?>Y)mNk_NR6wHn=}x*(Zq-a^!K%znpOWB|Wq
zzVre02{P0M^>n1od}fC&a|J6@0#GHy75WjYL|CQ0oV=MvP>twVRh;W-(6Vj~6u+c#
z{8}hm+$J*_{IZ*&!!%{U%B3Djh<*3goiA5nv}bAgYqG*88@50Mr^A))-xa-Ai(`+m
zk>|z=1W^Ym?DDh{c3mjy`x;onUD{{d_I+`Q;nyOWq@EI?P88U=p-sX&2s;V7SL46I
zl?^{ZyZ+EXA1r6N_dS!kV`fePx&&I4MLnr^IwGzi174C`j$BPJA*mLE_m)wMe#f{`
z{rDZ_^*|YQw)nHb#ZP$|{N?*x*_hqPmZT@OhHlFi8LbgrG3OCC014Zm;VbW!Tu^Br
zsPp^e3b#dO+YlhDNeC3MeO`ScC}rCc@DvKV)IP-$!Rm0^nlXzTfDLGgt+6e5y5aP#
zMEErWo3xiHR$YgcQO<+`57v&Z)brX5IR-&nDgHNrGU}r%i^TH?uAu`G6aJ2TxFc+t
zA#w94&zcxomw*NN16vZ6PF`U;8i&A=7DT`qf$M+R&Sy1asa{0PPZ_7>X~3C|BQ)Jn
zf2b|YTln00WL6op9^cJ@ssQQR@Z@<ZiClg2qH!KO_T;cvMI<zQziSgAszG}e!`lQ^
z&WteCF$dFdbk6k+VxvQvx1=d7+PXH?n?grM_@9nEdPWYY_sw)EH0p*}k}2|M0QL`j
zil!TB5G!;vSr%dY^|4NwOR#MWOI0KOl4hB7Wu+SP*eANM7*Xh_Q;Mw`s_Gfs*NP)d
zC-BT*Z*zZ)<a|+2$rqQ>!+s^7!(Mvc&%vpvFWJM+=>*J~I!P)oXmoY*))$Xfa%c~V
zJW~ZCBp7RqaLTBGAwMY+`DP&%9#^qGHEMR=G1GEG*OqnX`BT>Q1HLXD{dbbKMuZa|
zToIoQ?!S}hvtCeyrfwN?o+Y$Qn(o2#4{iYRNA!)h=&`6Y=;D(EHbEZfu(z~5hpSE^
z%?+SA5R49!3kwm{aXno7DTnGM&+3*>{8FVYv%e|z64hlR>4DXQ)srXmiKh|m@SOzt
z^<7%eL7b28Zuwt^`@fBq9;uqr_jzJ+|0npHU1p+vduYE};a0&$C;O1q+{1{CH;Zbs
zrv;BA7u6gj6Bf<J$TqG;K5*OsYN5H1{defTP>c#Rc8ANrx>9_#3rcL-oS-8oo$wv&
znEYU!L`l03q5~(AJ(zRXl*otEC_n>VI#WUy2@6jGwr8^L!ABnhsh|FFZarEeQ3QhI
zUN(WG3my11X~g$1Uor8cvZU-n4IAID&WzsvQr$SV9IDj3NQj*>?6+~ElNETY6(7VS
z{mQ8B*FU*{u_f*E^rb;BjTzIj7?G(PKym6C5Dtneh+C!b5F=ta=dpsn8*V1oTlbxQ
ze(@utyp5+NkEK5MQvSW!5Q?e7j9#%BYrg3Q*o=NF8+{p_>Mso*63}TP2}rTq=nC=l
zSo1vzEnUPHXc4&qbTp$#$AyJ~-yv8HwDXTiZMTBkg75|4VnFcNEzHI$h9<{8AVoC}
z$2Q*|J(mGh_^%pBX{b$t)9gi<sz16I8w)K?@+F%I8|cp;I7dgT;(=hGzRdFo;u>QX
zZWI1~cJ~hlrOJ%eDH>bR2^g(Y<zPhf46_C#i}5sJ%^YKk=75K_K9u_O&dA_r%lxaK
zs3XPQ_@{6Jy9G~@=}vETNp%L`gj~-E9D3Le4V2}ID16D!mG0_4{_Q;|-Uou!Ld|iF
zl6Ch$TG;rj@#P!NKhBhoDV0Pm9+K8rzXSRN%O#?`M4-Y;-kzET?YBv4bKpf)D#7Y=
zk57vC;F?$YtY;LPo||pyFOok?JA5CSdLIw+!vw+L$52{gP$&r)8aQ{P&oQ<qNoKI-
zQ;mTbR2bwNZ>G#*S)y$2-q5t*Bd8ZEiao<j>dFxH$BUxnn59}~NHFWE8l(Pmi|q)j
zkU|~6`SO^FRrDS1eOklJIfgdNFKR}+wusobtzGdx!s0R5U<vyV>~G~0Y9fO5AqTdP
zcsp!Rt9B$9OOJepmjrZLjJ=sh17rt&Z~DVp=xTrkrDO(|hE4#8a|r5;-XtmTZx-Sm
z?`di!9H{2SroXE(^sMMAD69Y?OEsbKl0*iKR9PL#*D-|@Wiw`lvVBsMw!hSAyI^1*
z6S_S-Bl9ZdgENEw+}JONfOokSv`P(+n`seMhap_mZQ@1dpr-U-!aWI<Dz9$;#yb?1
zlFF&}<)Vr%jJ@{VEx)x}0veg^s;zDl+Vai$2%Et{0~6yD1r7zh=;SQMpb_5SIPYxx
z0*T-qo9-fQt+Rq0qhW&|-#KFC4j0RcuSkL;J5*|n;6_WpHIRnF73>RK!}DG-=a5WP
z!0OH%Mk~Sod1dxGq^CyMhjvH02M>*9*A?57iMa1}CJXEvqR)ewd(PE{j*AT;-aNyu
zks+QHNbN&xSpLbZ-~`lT#ogcS7WUP8tkKR@OZ=hA%Vy|Y{HHvMwj9%+1t%(a$9tye
z3(`<F<mxlS1Q$uSRQ&obj*;LHe6gs~rjPmXyd}rBxq*D}T;%~Il|+RfvU-J)$+uo0
z4LTUy7}ewEd_@1dnhv&mx~nR<k4cfvD6&6KH5+ExglSrr--=biQy*r9*uFxaHK4KX
zwY#U+L}ZRNM9pZCjr)Wm%@=ry7v$csJp4)CD_f?6>uo|_;nhCY7@c@tvmEpdbyC`T
z<@wR?kSuh$&!1s}8d<wBc$}NoDb9B+-=-!3x*Wzoot>4=NwR3p1nM}SCnA%TQ>>2`
z%h%)7q&+SElX9Xc`ReX_(LuFqZ$m@6c@ax`{PhL^v`&_nc9NeaVmW<-p+pRJhX?}M
z9216@2DwB@ULDwM4c)txnYSg?y3?F&_d?>YY{!jpFZrmKB7aTr)2F=~<aU!l9;j>^
zG8Fh;r5$ahNcq`ivT^*x>YHh4_cQBj%OSx7bo_j}8jQ8RX6Kr?dBUPO8f%1}M3E#q
zIz*%Knk)qpXodR;a?cRE9QV6v&Ve01+gzoqKLWN>^qw26XSe_bO141LC5EiBm80Kc
zb}*V$ye!87b`K(_feWV;!7bWeJN2hVidg4?cbfujZ6TCiY~6caG%a2$icBOae|Zi>
zTQ_Dr8eNu-@yJPe1TLkNmJ2T1k<YUxn3*ebwU66YyI=cAz<p2FRU$&8Y8*40UlQ_#
zC7tJ3`wq}af)2fRlHy&N&Fx`yEnI>^gB~=d{Ei_KYoAQyyi+we9Sdxb`MKb8iwQoF
zj#W$RJ+OU!^BR1t{^@5+?8m;Dg4&SB2&9dd;Sb}}n5FP9O^J&O>7I$66?(=q#TANt
zaZxPpE{FTk{%Y3^0;`8yixXSE7e3-0v8om(ws1ZEjL(J*%*N337TR*$i<yV$!nP$N
zNU;Zfa5=r^MCr7>^VZ5(&X4#Nq@_%fIkzRQ&&2+g4Z#Ls3$YQh`WMTOxQ~k-Pl5Ax
z(?w}u<<W*SY|uGGkQ1~V!BN83-Qhau^_@cTEB{m0@XRfr-41Vi#O1(=(RLY9=Zk#G
zEcJp{^wz@s?&PQG8vt3vgGv+7<m?$X$r_q6Quleb)6=7|QVXW`#bkBJ_+)A#Ixekl
zdmGfI*rUXuZ{RE2wMOyu!K+6PAROb8kKH+QPF!s6xehTXjWPP{xxAN<^*pXW%h!pp
za_ZPfdqn>y1W^9?Z<<v6HQP2_W>$(!#N;6pN&eTn!+%pJf6^!a&qaG7c-c_L_@k|D
zUu&Ac@kjro!%H2*rNiJ%E8WAhFG)p9oi>pw-|P`^r%`bZdx%AiXmObB2mkc|?>vU!
z(JhXlqHsIq^gFIKKBUEvX(QRFtwn<8{?8g?ytZKo83OqB(5~S@I-*%5j@p?+_vO|o
zd+gQPq`tUx85-7pWlt}R+bekq92ld*c^8}hTKn@5=;!Di&_&-QdG1j0CYz^K^ND#$
zh2jZg*fP2=pRRZnrwsdW#$q0Dz>$|#DA=WzY*jhy1%{E!Yd>Np`P`84bYgv|sR0@R
zwgzE6g4nD>t{Z?K1OuEWjhL{L=)M8y|FCPO5tu#^NSB0O-nKlWu(kaVeAV*6_Nr?o
zPtNYs4M66Ix$Xwwxg3ieRm&aW^pt-%*MPxeazmsH|JZPMCUH-_0fY#`Ky4D-tQcmu
zBWV3EXok(0Sz;$CY~HZ*W6NHnJvLQWAd|P!gE@<W=Df%HaQa0hxq_Fm$Fk9RSl_+2
zGa(Bz3j;-!UbJEETt9L!C`qm?3qP>!zSAP<aaQ_i2gAmMqXf7@%A%~RrY7xHXY&`@
zE$w^}9u!WO#401PmCeFz2HD!iyd^>vL<-wy4eKL&_aeJ)ozyOW6fHleFA~~-?&E(O
z5vY7JZ9q8HGe4hS*I4uU_jZaA5;wqOl%ie13n0OcZe&|7x?9^6py=Y9%k)J^2=1NP
zS8h8NYrB1(`KIAX%(}jJ$Z*z3rF>T^O@aro=VV;o;=QD)1i3TAS&X_Oh^Wt8MxN{7
zcJ=aSEg5KXk$zW+8?H95f&96-7dSqKBn}(`>L-^ko`0PMIpms+kI#Kry!!Dy!Rnlg
zz~(cd@%_FA2plC6<8{H|ZoOgPBPBz;p#Pew!ZN5WwkO|(PM4*IHX<|{=aC|%qX|^y
z+rEB^PkiHduig7!^cOT^C|~gMY9RfmCM07$6B4Ca=}Iga-u3U~wT!tGr>qA+hAe%2
z_kF}}0Lcc`!&L&qy-#U5TW?cUhs$(h^!j98p`84+oTq_r%IoW57{S+4vwUTHe7e5z
zcp=%xg6W~t_~a(KZf%j)3vlPeX4=X+wd?LQ<iY{@eGDVc<wT@*+M@2lLaOg=Md|7I
z&c+$&7nAGT$!4h}56|6a^Fi2+K3{|1`a7pMpR{tuA!DY!hcfsvLvY{t=-l~l2=rJ0
zG-tZ2m&}duF(w$4t`?BGNYV>LRhL6~NuZpyOb8J{&CPopxn8^WgT7ElGNlBg7vd5=
zoDn-T#jMxu*X=(@q}YC|I4l=crQE$%PIu@l+giQiDH(cVX#b`v6vInK(Hh@#KU{LV
zb%$C<xcTB`iXul3?nJ4t`{DtpKBFsLPE<)jSZ(Xt1H`>sD}7>hA;|4aC*exjH1bqw
z5K}?9M205WHZp;GKOfCa&Pi$WqLE+!wk&_;2x33I$N4zM9`t6+JGo^uV5q#iOoFzu
zr5Yt`UfWR4|7@p=e`uvqiv|7*PPHKVokODLYz{%V7;t=BDdBs`R;(;+3>xS}3;QgH
z7NGK?OyNa+d~gH!x_JuEhkX&S`B9@fa+`Oj?-mo5p6+pyXwr<@qY6mm(y+U<2AwrJ
zw67m(98X6r6BlH!RuIHcKaf?0aBOpvqh189(^Sz*7({Y?yKX-MPBgl8WRe`7`dm<Y
z!Jl_OEktdf(POge3(QQ|9F-jVfAGh%#82d}ZX?>6J9_UwGm?E@m|Y-HHaqn3nlVV;
z;5t7Swr!M%IBe6Qoa8Rt5gH;7IiBr)vb1*g!8bGA)~M2|bugB?PK@aXg5-0{53HeQ
zCi0M^U3uqx1K1@vwN*ywNi+Cm7w`-BGr`qW?BVd-=dZjumk)VAVSd-slVJJy8C0~N
z*x42|WU8F&S*PyVNppB6xGJ=i8hepZ;gbm7_?6Bu%NaC3*PZ=xf>N1wJ&4N=5A&&c
z;d|b2WxtILXkSS|ZdC*G&77tebG~o`P_XmQ>3sfs-uQkF?29Src=S;MXfHJKig4c*
zW03QT{;QZ-j7B+ytg^~!aaMY~EZw;={A|adrX8v+bf__Ek)D$<vvD?bG$_=1$$koq
zP_YN+Eb3K_A$s$q=&XA;4vBpLOo9~O{cXjs=`{R46CEQ>z7U9>glqaT8e~>6@jd&2
zV_Oq9n>`~z0xx0xm9?W83Uyn#K)qI+=Cj#4o#z9GRMun&(PgKXDnDh&wx<wEFW6S-
zdh$cRo%NwKlSjGm8Qwyye0jo&qEHR|5s$)jr3c-8tRrdehS#KFOF7pwEL}M3QK%3X
zC*U19Er3lNQ|93oUs*L9Qa4Rzo9;}IWE*w5nDN>`B;A=`r+HcAaia5p=Mk_27Y=BO
z)o8@(^)6akf4F3`$}56jt;(_{ov=%^;5{hdw3i~@;eI{ysjzEILSVBy^BH~X#h&y-
z82d(5)`g+QF{Uvn{d5<Z`m5}+M(%{1-CBF~D~20WjwW)K?SSDY%1&@TnH6|vD1)a8
z3fsY|p0lFq3~1RrHUsLpvY<UH@cNSOGVYooEB8n__0D>s4P_|9!m<P3YTW@ex-{?w
z>wfl;EL3nVl{*j{^S|ruukUFY?BZjVN=O4XK138D(+JM7`}KU|CY7GkI!}hbD<hVF
zvzhl@vTEx*<KgFD<KXd9rmBGZ&*fgCKv!+`3!++72WBUpOhEI*uA%$Gl9c>`u{yQy
zyD_@2CXcYTT@i8Eu2~*$pfck9dEPQ9&F@Scqcufj{Bn3W^=&oeKoswz12S`473<%)
z+zU_btRxnBTKp1b>QO2`G$W>&ni%IQs8-WfvZLTEf%g{a!uhiI*-jV+hb2Mfp)I)l
z_wzXJm$Q5-%NW5ZlTqg-qG{ntrQS$3kZX%Jy~;@3js`hpicjdYz#e&0KPB{4>~C$!
z*;qM!$&{8x@0vy9o^dJ$E{%qQ9Sz>t8-Vv&9+66C3~Jk2%SSv4lqnb`Pz0@{bFUH<
z-f=g~VY7dUsk|8d4k2|RQhn{lIv*<40aNO}gcQc>=s}khPtbV%K<?Tx+QX2veZ~6}
z%Pk+FU9d|zZ@KP1LlJyDjkTJ~39}h%_AqpI0iBk*8l@g}EbOJ2*Jw_~xT#cPN@nzj
zyfwF^W%QVf0J_BP7zN6CRDLV~U1mID@Gj3I!Za&FBk($A2C@4lLn2e|%a)pPTphCq
zB#6fGz|)JKy4ndpjo=3?O7C82g(=$f>rNnS*q<xEZa6?TeXdz3)Z$oNfd;S74rJ)M
zzF9=XZ2$JYvWt_P<bIb=4GK1Hr=aghIa~2aoGjn|E&Ot*Ec)~j#zp4DD3Cb{LK$My
zcp|izh6XiUYC@;<BW8;f1wfEEJ5oiS6S=e2{CLRFyh`e*^bG*ln$7z33@`XiIObZd
zzTR#_q#B0uOx>`;!5E(59Bw?r#G5#ynGb_fp4JPCHU8lHqyhC6T}g01ZIF0<Em*nD
z{Ju>nbKr5W#F+D8C%A8<DJx<AY=5i>&R0u|8@!%?nY*eeg0eSR)%3`o%Ty;aL^Y7J
zVs6iA3a8j%jUPH@N3kaA*!<<~d<l_5HKpa$+V8x@=ba$~3gBD0^j|0x1fO8&bu2Af
zUKt9uEZ7J&JDr0bZ2O}TnWdn7fyGPtEWhTVEJ)a1rw8cM=80g~-5(w{^&|Ut1_(a>
zR_2F&+aa>)TAZN_A@<|b2O@3kl&49W4~jW-b<!|2Hd}Q~+><BA%&nZ0$cOaMj(p+X
zyxSQWub~mZSqwAIfau3#v^X}-Njpe+!NF@_>p;8qh@6k_q0cRGS}$E|-gkSphLqPd
z$0-(g+p%2`Fa7!T3;6Du&T}uU8*_dU^3Ee94;36Gj*SP?f~v(eoK8Be)O>J3t9nD0
z`FO8A3d6h#Ug&N_`@0-?5|~d=nS0b%f1TLV%`sIUFrdHOKYU$eP?Wfkh~jbV?is-h
z9~t(rM<uy_?8y3xnt|=NJlJ;kx^{TZ`dJPax~SM`F_=5Y?vav?nSHauirc$knHi;_
zwK0q;3RCoRGLzIS0CIR1ahs{{jD<Bg8iPj596L{qCzA^gmu>X|V#M^{iL3!MEss0F
zyGD1ewF-2z!_<C6`Ah)PpvL+6nDJb>SuW?AYN8te=i}%K(A`}fTU!^KCyUcmM~Z~r
zeUw_gR|Q*;6PfQ75sU6ym<<k*J<Lg86+DpEZJ?aFD;@NH8oL+xRB-bu@lzFA%!^Q^
zvaRKK<StR>C5iD!^H<}C!h_%y!sl?OAGp52F?Axkm*X-5yQBBJb3S-t@G|@AA=*Xs
zY(uGi`h3jPHHRFYK>CUbULEyf;(JWE+BHF^Y>lsqx*-hOk580XM6i#yxK4|E>~f`B
z@lgJ@uhX-iwE=0XJ1<Z>iT)@$+uZ(hB9K>8N3zFL8b%W1_x$=pJQp6C`mtMYAvRuH
z&I=@n@v=bt2-8tpDryP3N2^z{`ocAi?va<RWFEAJwf&%%<ZhtfnpgWjBRElF-*0<9
zPufxWhOww{ksq13Grad}?RD}zbiFupi6h8PU}YKWfp|18gcVdYrehAD%0lze`OJX<
z7Gh6DB6%lXqc_f2svj=&w@)ar)=m37*-&9~lgqv?n)a=PRF`eJx(V}rja7~0^&5LL
z*ap9zA2f%WE-0pkO`BE`yHVEp6fXwrrz$g?=)_)UwZLlyJe^UUHv6m|U5U?gGK>ro
z=Ae)DZL%TC2xJLoRYy_XhZI#sPok++$<sl8*=m2`elPovJqkZd;xxGJRNiS*%(<Cj
zr0et~M}`t`9pwvbM?>S~@}SJfZwLF7hAFFWKU)MDQVd5e`_<XDU-`xtLAYWIXVF0h
z$!0z1zPb06wwV4aFIwAQiRZKAiK?}sguBk@b4fSe^XGUDdeEs1ckK3@mZ~~?<OZEt
z=2r>p77u)Hw!G0dnDzXoi5l9N`AevJ0+s4d`ieJ;uF@sc8=?Y7J1Gtjf$d+@Pgvt5
z#;&huE26vetxRXtwS#u%I}|y>$?*;j&i8fCotk641mlm%>{$;s!!h9!-TK<jGe3s+
zu0fzNNp9nTmKDP%3kRdu`n{BjknY3SNB7S}&_v$jtH$?*gR7JfpFh~)TPaI!ALMPL
zina&2mbPZnQnW_#pW6kQIbF!v1#fxMt~c5)i+Oa+fM;r^!H<`tJz?L@=sCVq_=KY?
z^d+7)NUn*Ta2eMk<8CVhdP~EU5Hc+Vf$n?y&r&h^Z(H%O+fX=W8ebqr76xOKKniAz
zOYep<2guMIwV2l7${akc=0zbs)7NM`!O`bny`qtbL=P*eJc=Vw?a?6BvUH@DUHHXG
zMgcW@OVs8WT=BQ}ZCl3Ui5Use@w@Vj<~M*$4FjbW5zhDzD3Dn{lvGL{q?~tDIH_ji
zHU-mY3cV-a&(TxlhuK=2B+n`Ic62%&VF?kesM*ky^XACyt=qIIh)u73j*q&_cDJQu
z2OJb{^~BE|&uVo?g(7-$TNTJYs~mGkZ=T$@xm7fh0nXI3d?;7#O4*11l6Z{%6Mb*~
z`Qfs^VxOqbethpZ2DE1F)6(fWWdZx8EkdmoWr@L2a51K6y`JVIWZb#``pQY~Bc!57
zeDDb}N6NK-g3o_E$oH^`bm|?^$aYFdT?QXcu|a&DNY9X3igm70q_HQ|?c+Kuan2h1
zZwZ&F43_86{z-;EdK(et9`kBLHt!Y??O=aYybSgQgTplS?4u}ox;ZFU^YOk(jxC$z
z4?33j7d>mTi$WF;kbGnEQ<<4K<Zgl*Gp@s;p_qpx4;6%E^8neHq?*f7=rWt*qUD71
zIJ+k*4fb>VZdD^cyU{LtBJPsRQwTNCr-^;H<=n6`YS)d!C;GZU)s5$3&O<*}yZS)M
za~htqr5Nr-#{Gpg7ERWEWu*n|{&Cj*>M|wQjeaZuo9VSFz(2fiUdJ%26Z&-~{XA>i
z%;NLCsb$6hTVTlH<yhIJOMhkT{A{YbA7qB+b;Ye&hN{#e(Rz-4gfVt+HD8^kcMETT
z6=`Pj;ilwQY_46@KKUzyc-YZllgepPf~ZA&Aq~Ug{uf5W5hjxw_*bTH0tu8?t~LDn
z(&iH}cb>--C2pgapt({3>BZTl3((1=gT|hR^z^@M&%{!7_BT4CktGm=p%p@b6I-rW
z)f#%&n&c~BlD4;}Z=w(Xv|d%8;V19vR628}{BG;O%G7IIuO!Pajp99=8+TT({NB7<
zJ!C!!!?VmrDP>;D352z8?C5_q_;N**Jm&*KJ9CG+aKK^}N7c+80UlI?o)ZlC>sL3r
zPwG|awMAc_B8`u_)pX#DEp;*}oC?&HRWv#Q@mj$7nHNJ7)mnv0Mts*XDw`N{5oxPo
z5b7xdGi=RAgi?YeW^q-{`_+nEZLBhG4S{#UE^@-9D&yNn?<SCrUUV~pj4w(;A;aNx
zkaWh{-6YRC6Cy$XB;KFo=lMnMzKvVrLd$naT_i25(UHJw=M-N}?8bn*e~fq~N*CmA
zD{s``{SE8a6}MVK>3W`@sR<5vERs749f+=iybw8<!Fanjwgp)`teMY#SW2eWTfl4#
z8k^71pqJRkEBkziawr6F+`6ubgj@*=oE<UG5uGb}_K4fIGV?g>Mg}8_L!8HCHHxf>
zD8?H1p1sT8uRYHd))69MNq4(#EXAWn9fS9=Pgdkf-mGS1sgh>{diN{Vlna6?8iflU
zR_hGn4!CQi`6^)q2QI^wdz!_#oyQv^eD{W7sV9#@hhOCy*Tk+>r+;*pS<vV6A@%_3
z|Nd<JQ16Z85a0Y8|AVewZeXy$Xh73}fh2a{0i&C~@u9e^!KK!N6FP<Tm3ZiS0Lp(q
zBl~FZV|`{|Rmo$;1zovl7}BcN1)GT6IozLT(*DBo!`duaSvVhrDL>7(L{#OTH7I2p
zJ^x8;Y6{}E@2cN6<zPOLSMnLUy6%a4a-ofa!FC%j-Ih)A=b<)6vZ+=E7tdsgS6hBV
zMGqTaAsUpUlMe*8i*wClpNq4B3MU~;L&USUsP8eARj9RY$?ZXt^K@u;aurgnRlH8g
zA&%E0Q&S@!mVXPh7cFuh&Y9kWsbyq_pzo;j#irY9qt{}9rv^^L<%__1V2P5GWBoya
z;Ch$N+aL6xrY*cW!33r5FM?7X#SVTk&>-sWQ;N<PIdN?Jqk}g9el*cTul}oJpryUb
z3a4h}ahlJzxdf?C6Nju?^9bWBOR_=1MxVzuV&s|HX8p8=^3WASNba`KF;BAhGyyDm
zGArS9$hhwZsGO34>x@ngc<mQfb`@A)tvMR5H9OzZV?CsEL52+*TkHsP*iyn6ImbuV
z)@2=?I&~A3Mr=#Kb=7);f)VA64?mE?H2h*DIwcR^CMu6SttyXZjYCb!@Sg<k37yT(
zO(=iihE{6rjXli1Nc}}-@6$aJd>}97FplJu5C!qf8}hlk(6ce?7~t<GJqls0eG2<I
z5tI#v6zdA^2NZG6z2;{$EM6Uh!$(VW#smx{U%V+OkR~Tv&!Qvb5{qd6J?`#&y)R^S
zSi&IoKbSh}u%_Se-=ipCfeA>>uawdvAvqE0l8zD5F$U5lOhH1rQyAR?fx%#u2uRmP
zkC5(W0|uLCzjMxYo%7HB{9M<b&$HdneZODt_fr_LFG#t+G8&s7r70e&T-*Xb+ak#o
zOuQ1goUY1ca>-w80&d&MSh|w9XX`yH)-hE!qd41p5bpk>CQ2CzvKL6cdaL1#Zz}ap
z{qI{g5zvQ#6@X?~xyjEdk%Jm#k3i=_Y|ZwzWXZX{!f^7157<={d)2=5byk%KWM}AM
zqm6X1!&E6kR+-`JJv;$`(&`^xGLkDQ<94+ujoPkh+3?XgYYX$OI_`*5N0H`&s9q{-
zyKOhj)jhxB_P<%I9{QoxmT7xJkC+SXsWkoB{!x%nTLtECe1`Cx=dyp?Lo$(izA~+d
zGY>wo!<Jfc1%<vUr0O{YZlPR!WblWw&;GwG(gpR!ax12@osMbfhIhlQl3#v4ZYO||
zr1MF#s`FW}=;uil+rGYZs8kq~7HBf-TYhX9{K0IMQ}d2e#j$j=!nuBN)nx4NWs(9g
zNIhj_)a_!baK=}bS4}@juQ7J`zR+{^yFoI*YX)=?UQ!o#B}H??IR4)M@;4wSxYX1{
zgD-5yZ2WQg-5as`ez#63KJmutd~4nCyJ&sxP=zoFvJ2ieXB)G&$K;EPQ-2wz1AGVc
zXAujQv(`@X<nAi%AC>~ec8ncMXWlN@Rz;WC^K#U_z8|Q(rQx74r&j8O++)m$h=wc-
z#TL^3F2MFxD9m`rq1y0<&rRBUbU!+o^F?1!%{Alb)+l?%-PDNn%Mmmx&d9nzv=v#F
z>n9DOlvN}ni?d<|WLIkHrUlPh%Z{d<Zinnjeg(gLoccrJy{XsyrsJjRKqdK)@^kk9
zfL-}Kq$~bJ3>NPTXmV)}eK~cd0vO@?aXW{MPQ=)C+m`K}h!B;BzwIWV6+ird()-i-
z8##M1JXEo-C>#M0=97eO%lNRp($I%5Soo9D-8*~7NDD_iS9>M*{&$Zj`dO>Q^rUPn
zYD1|%K6jPifiA^Po0|^nOc@)ye3{c{C5xefo@EE3QffvC0`#nEAEN(JRPi1Q*03K;
z@YL(H6qRIW{-X%zP8F}UaI?PzgC@wMOM4SIoZR%MhW}qDYF};xf3wb%iKA5Ee`I?4
z2`H$jS}KG4I%AkovvcGt?6h9{^q~=m8Lns{OfO{#vZo%D84kE+)L*#Gi<sTVU#49>
zOw`6$X0^!v@bmwcbD83>xP)KnA7?+CgBy_Xi__*n@k?W?#>UVrC%ONy_05S&+V8!Y
zAow4Iv?Q6z53IG_4;I^t#gZ`95=DJ7aPsCRiy;`+sf@=$GcNZ^b`n8-Gh7B*SH5m0
zQ5E1>Q_HF)wE?Y*%|an|;t~=3%u#GMrUs_wt;Js>Y}&|7Z8yKAoidJi#4<W3n8H1u
z$gs%lAE)Z}W2?$0(`<6lgN*xeB_pnel9pL%ui+~oB7tS7vJcl`WWhdE@QOqBzeeW0
z)4w%1#?TnOpA&p8Hui}Ncck!)YB3pcvPA&^f7`W`E0^lho$D_-`n0msg>b!pZ)34~
zZY{PYDQS!AT70f{ZO4a4)ZcCTi+@lGF36Ji17#N*dwe=Z^SZ+J=l|*0bMcZ%AipU|
z6n}Yk*^7*9qf2W7S~RtM%nqVOyvgvX@e#dd<F6hG{QoZZOGH8K<Idhu(%jK2V(-tc
z@E;f4|0pI@h-J%N7fj=+LD!Cz0BL}1`>1=GdPXbb(pdTdk>3W>={wDhvg5soow5%x
z;@XdX_c%9NWl>j9Vi(ftD+vP!78o3W?{kbG;=JLx4Nz9H^cZ`}GTQbGQ?ES8G+!F4
zu=Tv`FIj*!epw=)Ch1*hgZf6#bHDhn<etoyCY-gOFKyP;NBCMe%;TkN)te#J>NlHf
zXP14%j$W8nv%E@+XtC2P2DI1xU8>Jbw9sF1{f#ovrO+abip+ijhYp}sw5eyM2axSm
zGlQK=L7@fOhJ*o`PuFf6&Vw4^bbHnJ9py~+ZX7;}>AFsLb<1fyw{`W$=aq8$X4mb{
zxXLTRHY9|g{(JlNKMKCp|5$>!LkNb<&?1X1_Y0rN#9uwdxW7a?c?;9lo-k2^MdA9&
zeOc@1yCfC^@9Mvneh%;N&==T0yM&WTvPod57p7|}vKcW&emic-c?_$cQ?GGT!UKFd
z+o{@Mu8;a?_cRY_>8|Q@uYlv^X=%Cq;i3wrzSM;@Akz}xa73Ae$myZZp_2hmh&Wh}
zdK!yHrBL}PK9k?{4+;!Qc~bMLtKFWJy`}ZeHyKz9F7TEhcU-6Utzx6Avy*F0zgF$9
z4ta%*8Qy;T6AjQ$wlkKzc!me;1)vppjj?U@-aZR+iToknIA~|RT;bMlylaDbs!+!D
zudqx<y2H3_aH2=@YVs497U$wbYNDFOxjW>MdYEmXnoc}tIh%ARsir;SF%p%NA<|qJ
zxqKSS;Blc{daBQQQ>CKAt72P=^@o)6Ub|;>kkJ&YpR`vwe)g{J9Dh5$s3xO5OuF%G
zgR#s>+kE&(kZZ-o)+Q6sUp;jat2Pc<PgPUl`!B-d6Bl38u8^V%L1zK9<?r-<;Nw}m
zs&E>=#I;smR@tzEsihS5FQ7e$*nbTS-;pn62A~K>!sCY;jv|J(>=@gX&+urK>FTnA
zy-QjBAiPED<jKVawI+CzKdh`+UO<O8>e-wS-TI$SVv+Q?|3U_9UYs_jkP0myKL*1=
zw$x$okzq?@zM>v7X(OfDUl{^4Y0k&aZ6TLuj~{SmPfr`Mj@9h-u2i4oz3dB+j9Nzl
z<HgciGR%y?hil3jCJ*8}<7AXbgS<LuhZgN((a?oQAHLX{#s;;o82P6pV5-<#YP|0=
zNNF9tUnz&V8Mtsb7DSoX5a*75GQ4R2y|_SND%I$&7Y*7$9c;H(<)Xn_3G09dEi7lF
zDjttPUd(TON>_UeN(pCAmT`EoCI~&UP^ofO@Ic#5lD3f*D!68DM%@YFx-`hybGB>p
zvw$WR?!NOslp%tvVmU3_eR%6zAk)Ji@Hxk0IB9Fmv3h=E{Iv0atYiw{1tIBI6-MFQ
z%uAMIV&j+rxNZ3#jBG32F+V8weF@>GG)EZFCq&asQBq#qZcJNXM&C+AGoTu^k85s3
z6SXK0pXk35Eku4W4<P=Ie%3O~+(~vv?d{HU)S#IMrEhKYUAfN#Z<7~yi4`p}POU!<
z^i}lc1}r-Q>syq{%2Fx#_eK<dk*8U0nRTo6wRJ>%2@oq_Bk@4)1^f08@us^tUF5L2
z`!vR^;Z$U?%b?*!ga5r;J84%QcP&iWmBXb{R7MC9?MI_d7N8foGy5fxGs~8iC7eGJ
z@3pzty|x~GggMMRZG32XZ@BQ`1*%L(-w1EF>lBDsL%{lui_XHIn*nu=oZ9%(zSZ+0
zLoVZmp-dKgi;tk?m(&LgWyf0oD9US#Fje;j@l^$Qdmx|VfA-F_uY2SUv;tT)IbQme
z5_4w7W}}ZA0PX$M+WLE7f!fQdmFdsqfqDDVe@Be6+L-XHDOokotIdBD-$J?~KQ~~)
z)BORQ?SJZqQY%=DAnKgoucdmYe{&}IaL=agnk0MgJa_8lBa=a?@Yg&?Sn9-}<o`2<
zuTF2WTs0>@CeFNpdH?iq?2I^LF&THRf+z$ygsWZ0HU6QZZi5mgOosb$kM;~^XQMow
z)!6B811UQLd3cAsC!fwB28>eOg{IWM(94#$-lVNp{&SqRXnzJZVBiDQD$G=UmWKke
zq_;}2Y@t~LWEX0Toix+C8ga>@?t!!8f;U%K_&byrsW8gN&Ew%kIL*{+h%mG{GZS=A
zO5+uFn`>!5TmH?LXhk}?5nW?d9azg`_UeENKf~YmHlx(n@8HiC3JAL4SM0~0;B&gN
z*$F!mMr$<lg)IWyli-t<&`<ID7lltz3r3`Z#tM~g&bV*r`Jw8X+}9s91oWpwl#`_E
z8qx3ORC+^A|2I~4a|4<D<n)o%Ii|LSXD#(W+asz>j+n+pga?ss$@q~2GhPeqb$zD4
zDQ2I8#$!Gxzkq>|8pmrqca6jPKu&1xTL2VSo??t%II{4+gk5~^RvS4H)B4Wm+#9Zd
z(NF(J!M32aG>-m9;p&@pkp0H_^qBd|=}tg|%bs-W{T@r-9>GU|Of6fFtMbCsG@&_!
zy{SU8ZkS=h6ilNha$=&wW*l)``@XaXxj?q!yPhY6r=vbSAo$%Qi4=6Pai+UQX<dWv
zL_uTh2P{i_o-@PE{zJJnJygj`Af2f?H<-k}&x|d>J2Iw3tFb?vKIn1vPcuLol1Dkp
zRpkC1h?RXohB$QX>s+btpOFW!x|#*ceRcQ0{24gQ8qg;n$FfC3Pk3d^N*QybLzTP*
z0Mapy+piWfXKnk!y@qpvb$TwwNP2@2vg8(^gHN$A4%~uv`iK8dP2aP4<XEv`_MYpT
z7Y8rhkiTwW>)}Ezy;`?e8h02E9rrdB-HP#T4ve*#yn3r}N3(Tsv$AY-TUbi9=L|?(
z5|~`&(e{+_!6|j5`GSgj-@JEfyN6sa(jqJruGA6b;WT2&VTd0VvUX;PTLlk!wTDXD
zOCTCCYcA1ESXkc5akX+oU26kW>isyoL*digw))UK-G!>^hyyssC0CPe8y6!-@h!Ht
zFvPcldscHm#>D+of0F$WQ%NV>`?sRl(Vb}}rHC&*r0bew7M52;7~4OlK{j_B>i?ms
z{;3FC%GO&(Z^4UQQH6i)H=%!;U=Ke_UVg*|mhf*2&ZP?ZTswE?tztxt8kQ!fk%ze!
zt9DxoySrB-S)Op=6{GQ`ntIbdUTc|TAMR<xF%tFR=LhoiFz3el@byen_l@>tFlA@X
zt=cisrwWm(Qw%qrJ!DB{3vLzEPw<rCVr3d!Uw6CwV@~Fa<FtybO<LR@wok_`Up`@c
z!|P>ZlD)G%#arMQV2y|hcl-U<i<_80nA9L%X?GH{OKc%}q+_k+j8-jVZkcPgXB6FT
zukz*lFQVfi$owGIZTxpj*OIsf^Qx^$cHu7QT4wCG%cSVr>uEB^jSC|cyUpwh4i!<h
zwvPEm{1c};PgV<FH2buGcVz-cREN?&piLC5OGezgR{Lc7Zji1goDLA*DYc>;_9k^3
zTRV5DHzhNhiZ>g~Et}G`8!{Pb=32^Afu8iTIN2*WjRNO}YrDl5Rg^&=I~wtQIT#!w
zkYfkr(BRrznR?S7=b^U`)2wX@@Ix5h4W|wqu(>?y)}2T_yHr$c*Wn6M%42P~G#K}H
z&J0U=Y<R*Ut}Sq`vMx_AEN9+$nisJ5=Ruvh+EH7C*u>ADEocGj%f}-kAArhLv^d@E
z>Io<tuYgVS;XXWK@y#0O+(v$9`=w$O%a!rAK^@S>%G&yL2yB#_q|%7-a<EZsxLEN9
zh&cIj_<w=Qztb&EbQ*G=TALODJ@Ls3%v?`6&VADuLh?((5;2CN6^vd(LSQk<voAqJ
zYIDi|vDS)c0mE^MDvwnj-IXL)yqX+biM_kDOa=R&bq(P|Tdhmrved*oZO7mK-0eyG
z?b;$36saXHNA}sd;U&+(rRK0OKeuc4+huX!=oFoW{`pj=_nPhZcv+Z#3FBrV9x!M)
zlsOXSCBt;=P=v_NQ~b}~s85kK*59xs1kUd;5p)WDGWWaEu$wg_P66zY!!llf87I(x
z{R4}1^>6O+smgQfrO@PuTo9~I3rni)1;gRi#pFbd-j<Y%g>BQTl9x_?^x3&is2YG}
zP3A{vgaE^dw4tH(VV!O|rJvu;pZibL!wGbgZ6V0RZ}gw|GK)?P#=dqryuA{J=9bAW
zE(N|>UKpzS0e$ckP<?L5sjdO7cMy~@u5|1ynpyF8{T(PiXdwn_?jbG5<dRHD_1luv
zUxNl*$`6%FX1F=uUW>cHiB?H#lxa%0imTktZpd?8`>HSaY{Hd_Xh)J#mb`H81P0T#
z$9Sl!`u8=FXzIPlfE?Gjmu(7z!sv$!r8PUv>YX@OUE{NdTxpb!sr>5;8pm_$Fv4{*
z{ARuVX|`+9Us|)7WY}nV*(Vd83x`v`OYIqG$$mU9al!6Q*>AqD<PkfOxdE3_3fi%0
z7Tme|vv-rsXkD^0Try}~swciheJgObv-=e%n^Rni!-Auj8Ts{Fx_tPh`)5u#Pl0kf
z23)C*ElM7N0S}BS<52|!Pp!ef<FbGzl~iJNkY^mj=QA(hl&H>X+I~J9Wx<cdJw%=5
z6ykSSQP7W}IwzpI;pvT`KYxLD4Imk$J`5B=^N&KUu^+T?{`eF5<iqt{B#n(5nb9Z6
zS7}6)8#0^}K<{Wnd82&4L_XLoh?}ZjF;dN6#YYu51_9F62ehY>Tg#^Vpv&CKKc&Zw
z&EnqQl;apbWB61ZF7ON!)pPfCIYS?nX-FbeAek7nE~TanUj}Y5+*jHV&%a3_xa?Ps
z(nwC5<)2f2N0lSIKmXvZl?t4x-uRtV^FNACXnI?}Gdx$!>$S^V(V*5Hy3!R~x5K&D
z{>M~^?D|a3!pC=&rQQduvKd<!x}HSUI}nq}5smK#VktT*Gje{4egry8Js4;lf_wSY
zm5V14mfZ9#`m|d?;$32ts~!HrLF`9WrHZgvf*XBFaWk{=EoM-8&e6{@<DuvTaHiJ%
zIx7e0MwXB6Zh%4InRo4WTBhhwt)c+qjm%eZ>Ct8EQ#tjK`8%CRw44u3;(|W!bNjV~
zKsj8+4?VUxwSN?U1qmd?jf1v-6q%y+fjlxnXc;Z_x9B%rH8$6wgcV%1VEegNvC1cO
zTSfro>xaLEJKUkyZ~C*s5#PCCx!X?S?jI9=zrjB{oG2icEH{QR^{VW%4@22a%n!0X
z6k0F5)I+gK+kPz2TO#>$M%#jWsia`UUfV;*mE=*b&u0nK<jJaeqL=Fv@jE3q$yOF6
zLZ-E;Z>?5~^_PHTiw*rD!S$?*JDR;~a9IXE-<dq4?%2@ZkBA!J?nC?%)eUcLA~ktq
zmn3-ElS>BdK1gZ1-ErgCq;m2QfLnNOAlorpml(3ZPw0D|l;(9tuk^*GhSWA5M1A$b
zm16z@2{qCB6Z*R>OM_Pe;x2#sHRk%1+Q>exhkAkP34Os8>_U>~_~87$`IV^O_yr0Q
zI(2o^gYebVyza0>y+e2lGcB=s^ayz@@nkbW!8e>p-6hnt3xD+vO0`^-?PH2joYx%G
zy7jlwoNoCI+-il@Y7NjGbVI6@jP_8jx4JI1RTNif*eIM*!s0D|{iE<{Uov&PX;g8Y
z=FKyFbq!W?tmS>^=>|R0w=d$5Zi%Si7akMDrU2y&c2FqJFIY{dOVz3_J=-zUJ4z~X
zg;ZM1T9joK79Ac;A3E_&7L=Gd8lsIC-dktTJv(I|_m8YFFJAwDko*6av1A@~xbs`h
zbEk4qDSe`StiZDK!9+Xl0<LQl<(&Da25bqSvhR=$DFeof;<$rP!CnbAFCO-HP>oIB
ze{)rnx%5XrW#V?gz@g%Jetp)alOtZNjTJMcJN}rt7=Vhv0f^8wJzL@JkV{?T?EJcs
z{e1K4-2wupu+hvzw{hI{7L!-*QlOG8+j_-&a;_Ug(&D0x3Fw8aiNB{Fz~qGU#mqYZ
zox)-ZETLA*ryZ9YQ@Su;hD5{77v|h*=QUSIC$uVM<W348*0AGN#*e9sz7X3=1TMG)
z!?(^dlWRwWkg0dTzN~-4-t=nBQ*52Ed6*uywTD?PIyNeCb8kGa%lf91ynk?P;ih_^
zkcUVm@OcBAnrl*TI7g(7aH-JXe^CUCr&4#Gh4L@gcs9B)4D<aZ@j#1S8&3pp^SgS1
zpUk8FWcftP-VTZH%vsMa0vW5i6r<Omh%E10t}iZ<bCys{6QEi5Zf?k_A*tCY+s|cR
zE3n9szTs$uvvRnJxH2odYGI`zb`PL9t}E$3BJiq(FV9RiFYML%l+?W;e2V)5NaaTE
zQgUqj2mh&eXt}_=U-`<rcBq8(WX4!Ub0Mum0@=i;ldVV`hhwxl$bKHGLR5T1XkpO_
z7V0eG(gN{48W}(OA78Wt7v9K=IU=%Z51n@_?(FOH(mp?FojdnjriTkc-QAwY>ANf=
z>cv|yLaA(~v!1usRA?zbo-N2|!QYhgOStdtKu3<QuAM;KQJb&p%d+cX!mp-wmx_9(
zs0u9TOqQ9WVvHZ&qP>=I`*q+ol9yP_y%gMGbKMD~_!~pww0J)$-R0MhPfkUDijl~B
zR7eMd58mIcnazRDp3jqFILYawSVPxyw$wZQ_@*)uZ3lnH76fK|sQH2F(E48=cctrP
zJ4|c4kFZ^LH7>vT+<O>r9H!;!Z{~U_ui6w0QZa*Ag+4cwPx!U*2`6!&H38Z4a$M4v
z)i_Pv+)6rD>(Rn%6`3jVs@@-~a750%C@S!eo^TPlSg()8Q!>jSoRRmBknESOGz9%X
zgN{9Epu?TY2qfJa*$<ua<ryi(!X&1P$pe*Q30V_jkMHe*hMFB-0cK}y_cM55Y0f|Y
zQPj?boO@PQ@A0T+nbenTlv&)>ed+76ls{=1<@R7Cy^t+8?x=XqLA+)=#-2ssSKEW5
z<Af;*f<bXc{!p>s?6<xrT@9-@BE|33G$+OW^@c|cy))wTy47*Qi3|({q&Uocr3SoH
z(3h6<gd3`vU9}f-0|Vw?I{CBs;8TTr{O+eK{tO8=kRO)V8%1~Izn#4|nT0PpDM<5Z
z{_l1i!X_Y^wm#2(Rk7ig3(!qkYb`ivi`qS|laHq%!`&9G<9Ctza`H|vG$L>g*3quI
zgZI3snuLST1W#VCr$lB_g?im~5;9Y$=Zdltle@PsQvv8yx0+h{igE8}dU^khkt~lI
zesIAKPv|-rSAKc*gps&-gRYY-wh>btW><ZV-l&YbyeRlD#Qts|k8EW%oju-Sr+T$#
z7`MLdL0>lzNM>veZ|pbEJ$`g%rowwwV@3<}&CH3pHBK)a`#JT*urgx>puJdAWp6ZJ
z;#;f|Z~d^cll3G7BwkmEYMGV17q8+P5nc%U3>dB}5U1wkH}S@`Emkk+P3&2fT(Nr_
z7VBF3@F*ufcCd-#dVLV<cA#AxS3UCr9MGQp<3;RB7=g0eB!>_n!?mcV=Ed+Rfwfay
zD#cyWdp-^wvA>6qvJ9Zwf*+WQe0bFLG4P;^?I!na@wR!8i36V09J;n`KUD7IW-BTq
zD>32A<twCgMWZL@2|Bq%CTYSNR@$VA{*jBp`1LWnob}5=42Rj6>Rg-FN2!E4HXb-B
zqiAul^1*(6rvAOh<<}xzgCv=Binyu+E@ViDI_5dww4E{=g8S13@Xg{&Mh$;EXWH}1
zTo7hJv#(XB_C{-@H(Hd(dspT44X`T5G&(Te0x^qRR9qJa=#FCcMci!Nk@P0f2An-Z
zkCS4?F5P}ag0p*4-CSgHcE-ZeQ2y~IzEr+pW^jmZ*(|X0dR0$}ua9zqZByH&`q+<e
z)a>ljP+j9XrIMPV{U(_Kx}`{AsKJ}kpvA&jau7;Yrk&f^zD+NAUZwN|Ci+6EwBn+f
zMB|;bLtw~U^BQsjZFSz09rO7}pbgp9&~Auzy}wgbG(5?<+H?497nq_+TT$6@*%Lea
z3$P!taz%03a{`z645OYc3wb?n8f&6?{p%hsPiZ#b<lM)#ec<>GR-uVkcqXeEKYK=h
zM6-gR<h@<<i+X&8gCyE-VPUo~kX6Q#Fh+MRD5M_3>T-S_1P)EG^lqYQQ@#1CgR2a*
z!|(YUs}FQQ21);+{H%2O3wOl>9)5(-gF~A)O8;g~c77m6b;hoIcP*Tj`CPwq0b4VW
z7AIv$IVR<$PRgx68JV-)V8_S+nd~E;3z=aZj~?zou9rRwT=wI}RS+OQ{5ex5CRPXQ
z9x$aZQ?&R=JRN!ZW=r8sy|F;TBJL7LH6>UUUTUEwn|~s!UEr)3QuvXLf}lrOuB___
z3c2NXKYpbymKg_tgQgH)@y!*@D(@?rKi6Cfi}R7_aT_u5&S|J~V1t}nvwrLPwrTMR
zAh^!MD$%6+qt$imAI0^RbpwsZh(H6vAK$BdG-#i>z_LlH@l<q7rAXe>6|v*zqiEC^
zLppuvb;G}G%XBs8*|_mP3J(cnbl`Lzv%Ug&(KmR%pKwb|{u$Ua-c>GM^`v*B3Tz_!
z@`b3_thpJ<D%m!mfLkRSvTuhuxJG{lXif(Fbs54@)r+($$}oZ8?D{&BT|e9s{!whR
zXQrMhA}1@SjF9P|z83=puw-%h5to2T&)Kj7%La^2L+r9BqnxmP9Ny?da;b4EN@fD4
z$fQ0BeP}+fg4duORAT%Kd8-MGFMmDLd*U}cSsebc@4M|H_b6>}5!0VE(eUXmammj%
zYi+|FA%QBZW3DCV{>pzusr+O(WIvD;e`Hm(B)556crUA^6-ACNC^VBeXE|K%AEGN%
z7vr218#4E}#znvHv%mk8e%xoJl`DO%+f#eGn`~zJIX7^_P2dUKC8gtxJp}eUq-fg&
z9A>6GCx4|qm-nJ`?j#OwF;P6RP|@EPID04CbFLc=IbHGAD4GE$G1IU&Mge5sNUUmu
z%bdI=Tf_)CX6lhN**=hsgO_`8PLnNY{xyY`;L)Ct#@2%1-azkD%hQfx^WDZ;P~t!U
zm<(N_Wtq50gfj~_G^{q6J`-dn1|Fgowv!o7!UsB0K0>6T=XU4(E2!4AT203J*~jZE
z0^+^prGVLSOUI<MP3jFpo76jjijy0IkBlsC&=SS^TbZX%iB5IOkX^4$<%?z5nf<8p
zC#amxR)?8qD`^edZ7PxV6KUXB3J%8GT7%cR^lx46{({IERKdx<rNn^v=-$^XkbXI)
zqo(k7OP!%M_Qz3d3dxQv+ABoc&KH!&jOAzM24v@gIWn6grZt}I?eh!#M=@<NS?{L0
zch*d5ukKC8@|YuZwTSSt3O^1jGzR$k>nKdlc!;fRnfi6*$KT;r0)HcNBAW`8?IzZ;
zKD47Aye*;Qy?ZjF=R+{4DuCdnTAw}-oP5zsU3C?#MyEqlWtaVal?3SCAt!jAdv4QL
zKpf#6g+)azUujO(5@iO5qJQ{b)6jdlJR^Y2c#;P$HEs?rj2j^6XRHo4S^ECHB|FB6
zDB1i}atthzV>}jRW#wFX)#udpkD{d?nC*l%@pi1%;J-*B$?MUbs~8+nP=UmnD7>wo
zj_hPQe^jg9JZa~{_p#eIeSrSb`xcniC8^QU^1%5&x2;AY5@PBfg~E|+n$rdqW5L(9
zLb51{g|1(bO(Ma-V|MZw4N>h0lv;Px3m^H!f_4hPfrq#phWiBMOk;)U-(9;Z|7B5k
zUZ7GZEpq>xtKG*QLZq`r<AifANlJ~uN`|pQ99J~piP=U6Riu$<EXqkpj)|(uu#&qv
z#vT0igO-^e)6+Oo_+jR}&(9RbMVf3f^jjKX-?hWu?rPF1IEET|(Qtgag*jb|4<V8Y
zaF#mHN4TS~33YvP9*s-NFRqO&LnXOyYA=A0MJTBHqqXT_6$lRZ!1Qs5HsvjGg{+xY
zx>kplic+IMm`((|yL9IDwUa+mZ*Xh{N0l-1Dv>lBnZv8Y4ad$Y#$vTBxHC3fLE*Mq
zskG3XWKZCI?2SFN9I*#SRr~`c&T$4ME6HT(@LuC80>$U#Z%M|wb<{<--~X1-TUBRh
z2w3~1w4(0?a&2%lU^8ED41S|s>k+?`KsYktcl-p~R6&W(Z_MoPJg(@AlMVk7pquK+
zv^+cpi3C5pq`9nqIt;vC-?H_`P)ltFY9aMG<F>|A|5aWYcqlxdUPu++7q{|EKx-q@
zs|z;m&mn}BRCD7PG<la7e4j!Jm>PumsXpo;RxD&f+IPIcjS74AI?%Ug#n6N%^orhq
zr_L1H^`OWyeXqyB)te(T*4%D`b=E?VbHj3BRyeZTM>a-k$0I$@z3qLHz{b6tPm(K7
z%jpS0*#Sbxy5`19xf^-DUv%D%SSNrmCi3NGg*?aRg)9{Ch>rbXV&CZ#=~Q&wsSF?1
z#QHnucOPXa-`_w@M-<EOo*BOsl0YpJ>o3)+0!fvEi<rNMd6j(suD!{OPA@Coru3v0
zxh&dnj#Y=8%E(nEUEU5b)etCxN@u?-_y+jS{X}zrK)Df>xQsW-^^ve-9kqIMdS|lO
z$p3r5V%$Zpt{Dx3_7QCwV@kFwzmnk`hsB^fkO`5)jn?6ARWnQ54fPJ)4r+tJ?K))R
zip-wE>+j6CUA_1!hnLv7&=Ury4oIn37h=2FSq_o}Ja#2-tG1L?$E^|%GObs2wg`71
z?9*E(PMC)-RYpD6WE6u=$Q~wWxaS3@@V2ax$Ad08(iZdp@KK`73SH0Yvdujq&;svV
zRRqY&Bzv;07ms@-<X1S-3;j9j5;}M>-xS9koAN3+rd$ur>#|3Hnq6xkPBbEYw2HP8
z0>iWrLtgC4XM7o}ZYie+Ba=;zcBy{qNy^8{J*n1-;M_^kn0F7XYUWyOu<VWMFF00D
zAMf!vcwu`j+inX!=q&7SJfT>vxVFf;?Nnso^ur>5>mmi<<sqUyIWiMkmEOu<aPw$E
zk*rY3nV19)w1o)damd<EL>w<A<EdE#y*F@`Avgcjln)<8`^63qU-1Z*$xfhWx-D<Q
z8#0l?D)`c3sR<!?&Mo$8W?zDCZV^vn;+S(g=b6LH83pzXwCm>>V~*@7rI#<oR?boy
zB}iT-$Md_@#a}i&H4Q~MN!g;`%5Ob<zvAg$!t)y`dTVdb8aZ(n%#Ry?p>1kw{j0-D
z3a0v7$c6SbCe5OqpcpeV@5P*NKJq!yacWrwQW&w+d+}%CE%jlEQ>GhgED`_mX2%!E
zNm^wBetvTRU9m}6&l9L~PBQB~>U(CO<12wLtGrU<V-Pl30CjM<1Jl@V&?s-J^iUsH
zrE4aa9S^m-RQ;o%E!I#`-Fm_|f^SHk)EJs56$a((wqgj8<Ml_PA&z5E2W&>w-uVYZ
zsn%nEJ;Md2%-?HV7y+cpS;4zcWcg+@DCO;rvn{sVanw{fJaJ&HE%1o+_@!R%o(vn-
zOm<O(UUzy70<xG$$eHFZDkVvO(<UE*fap4Ne%XQ7<|D)c&kd>P@q28$^IA&=0@a8Z
zbFYAktQ{|w8?#Rz```7vDqn-AhCDvf0DG~FFjHN3#M^J*9>tU%48pRY$?{7e5Mke*
z8B4})8f(y#6D%M5ZfG>dX-wRmq!-IEu`n|Y%zyvz0gK;ln%>nMaH-_$#X2qeGM_t1
z+4+{wNsJ=XZ~=C%DQ#a@E0+fwW>xL#IDovtVJ(zl067=B#~{!7EL-HGCvV6r<6Dgm
zQ_krt4mjMFime;5rg*``qPM0$i&5hz<rDx|N{;agbpD8Tb(f!25}I9n<zN~huFqaN
zB$#&BBsctn?LEoIYV`pA-)utDD?Y6{#TY|Off?}cos6fMeDaz}I%?y8uD|`8Gd#_G
zyk0!!+}0tpk!hsfy=T?YBc;N93drVNLj>ylaU*3pMK-s$GyP;gCcW1mbLSjC-O6~)
zM79Ao?yHj7mH#frG2aXY)3#@QPMINd@I1#MSFlKAbM@+%+C;ZC-cKbm-&ct@C3}lA
zoEAUE4L8AFb-x6N49$n<(~XZW+BGJL4I7DeJX(0XT^_V5zfcNhim&zK--{%crP;)0
z|ED=tf)mwBO@1`HIGF>T>^132DQXOnzsK6lM@WLg8@Hd!{Jy-z@OknMV81oC7|`$D
zt$qDwp<iNH@`UK5!LAUd7NykI_#mU#_wSulFP2pTEzjy}Gm{-c<#0!_(cOfEUfy^`
znHnQSm}rr90CFsdtX7z$&Q}#Qam9JuB$$_jK(hj4cj;Jsy#(Wh=eOzTtkAd6dep-x
zkfR*nx4b<LSftEu<bqSqW!Aeebo)vi{RJBk<*YP!ftSseUZn0zg|cDWT*oRLN_-c+
zye`PGV*-=5X3T-#1Rh^4&T79S?F>7n8rMnIb$4?9eqZSC7k+iqWNh5rN&JxVOaT2i
z@X0V#UfTgo%=0OeC&xZ<skC3?2IiFpqi^|Pk6yMOtV&*QFqy3WTz&`CHolVQO?l<$
zd1({X?Q{GZg8V-HW*0krozz~$l?p_ZOo$zGG)2mjHa%eI?2kb+{DV>G6&-aLUU8k2
z@}X`G+zcjjZ(r254PGgg&zn2`qp%KUE>&Y>yE#jX>2)nV(6c6u9bWa@#63_I>g^J7
zk6nr7^-xT+9ZXY;nVO1iVlQ;M1K83-WNFnq82;XuXHA!Nwr5U%a@j?v&SKy~US&X(
zS)iyP>t4aM)!Sx_(U=G75elT^K1NuX0Ke0|iCb&Pb9!$`+p+xV69;=GWOISoZK<5J
znfAeKR+A%A4)s#+qtHGL$qFT9gP7Q}&6)AO^$MTmwH-IBa0Y<u1N;x`bMQn%+&W^E
zv$&7}<pljLe{-Td{m3&)m{u&&oq1DfN8h$S%q-CLFsOfXO8wTRVJW#^4c{^ODf8P*
z$wPup<Zi>+8^8`b_e<^#<1|{!Q9*d*^803?m-|m5tjYf5$rN^GaaUk7!RLgFKc$|T
z+%#NdeTsY@C4y#)xJ~8+3FUzXq-|C?&pjdG^p*E>QI|dcDd|o{j%HZFjAJ`!$kL)+
zv%4=@=utTZjH6BbJXAb<9`PAiMyYxHH#>EYI0_97N^VW9)%J!QTwJyE4COb$%CPdQ
zCfQaS{jIk@cd!IxrvU}D)N$o%HeoXdo)uB4zQ*#rT$3AlH<%WXn2#-ui3H!-B`q#T
z(tFw7A2tC=ktvnc_0(8b&s6Wu(AXIjfKDd`>`zi>QybV72?Z_uDuLX6T3yT@R8pY8
z<?E;pVHR(ad98A<MPSFHVEg){d`Fn0_Z!(Sr_WIenD#oB41s+C{p5<M?-T5+KGaD@
zwOb3Uv9H$`85c<zD(hr2qW(1*hcLL<BpsEN)O-XJ8qx=7tDU$)&*$E*20Z8}cJlB3
zk?D)^G@1z-J^xq{+ge`VR#7w!QgII6#)~t)8hlqWPODs+J5gPdv`bJ(Ht237_S@F%
z_gswbw3%xLEUptD(Q3H59<xufI_HKfeLJEXk)m6P$6cWe5KKxlo}2vKNxM7l{Vss>
zIao6j`Iqei%awoFSLVcEWqnInQqlbm?I%zZLEC;=s#VLhL5qtqiTjPl(3jWIur1B|
z(Y8Z|O8gIxN$uKVvj~3|ovC_oorh@Uvkow`-`m`dPc7~Nr{zqXD6MjKjX|Lhk&IJq
z*hXahdARPQI_6?ej&%tNGJi#d;1COuYZ>R8>JP~NDa~F8`OzQ~as4N%LVNhEp#hrb
z|3|DQhFIV(s@Sf?`^x=dWa|_j_W)3Xm3MW$hK$_{8hb%q0azl?sTLGE(gldPt1mOV
z@f2?W0>5A8`iM4_bvwdM#8W)S`kr9&pN2h7x{_d}X0a<z=H}69J8&K6Kqm_AK{1}p
z71o2PmE3W}g=k<x<)!03|GFVE0WCM0w~jzK*fdNTO#05;$jeJmCLKP9`IN@+&-SQU
z0@98LK2eXb)3)FNsy(TPx=Hnj6INWU*nf@Ulc_$KUjAz9gggV@h*ehapL?0zlg_JS
zIHQfPCZf=VZc@j7`_~HZ%%Kwp!^D;a4+TExj^3MDcbbjE3U42w^QyUNvwUpd?Sq(=
zt=MlLr%ao86%>Ge+pXTjyA#U?qj_F0g9FThx**2PXQh&SurArKdV$ZnCGR!5W6}fq
z!UqQ%d&bYMc=_R8X4J!AWBP!==_IFpi}Qy$$;LaAuQct_)M6zfeq~Yyw=HQsEsHVM
zb>TlowoaMvjJv$tX%ZdSA={r@o7JRzSomVuZv;wa7PYI@xZP_-;-iUoW0lp(liY$N
zgNHIy$4f<x<5ivFZ&D;iE;~ibtRW>P89^O95-HxUpnBSZ>H9A}c=(`#ASb{^fkaY5
z?BZ-@biDB$iyBa~wX>TrmzKwl{_K?UL&i3&dll^+1f@$*#*pXU(q(QAq@mhBW(u4=
zeHC{+B(?jFB>0@LFbOUK>|C23!EMT&bv$vs!+pg6nXJ^w$S(0j<t3D>lo``h@o@lW
zni&Qh!uv4UojW;*wA2-2G{1}GY?@Q7^fy!9Jqbv`)Q^<~1lb?<<n+ACe8F}=;mNP3
z)ToVuvhroo)Zukr8!=R9^Y<>cXxSqRD=FO+v4cRE7Eo~PmT><2q;qpA)1cGBG-c@g
z8}{RoH7zj+Ij?7S`Yq#}bb{(%wxW}-7Zgr?O<|4*Q11sm_x>X_#?8tuDuAZSm6HRT
zBge#zJKyb5^rK>L-sT2FZ|1!d)Z+aNhn`cCpJQI=ZUpMd?YZI3xYx35pY7jo7=3M#
z`&r;?l}~Y^FuZ;(CxZ98K>BHD0F?~3sp7#~8!s<gHMO@o)9v$&OGQBP;MNphP|CbT
z|GUFt_wpRj{TjCH>Y-q)_@EVunIci+rW77y=>z_La70PF{H&QBras`3B`r*dNP-*<
zk}S6GbA-|;=kq;PgB@67(AAD6sv!QQ;3JN4_Nb4yWsPR)ez|M}zsv+4i0Ie3B{yXn
z!DL_`d4igrBs+>>atPSkt&8NfX+etS!~EXwj~_v+6W=^?LWN;}1h~ClvN@ccfiOmn
z2_&zaM`bVO71a!)^xHr2?|*dLm$iIPIdph1+w;CQah@3QNomvRY^nu1aMg`m_>W@?
zXiJ9MpyaFBp!MtaBF5P$4S4%iU1I;b(wW2xxvO~mJ?yaAd}Dt$OBZ)?jilEw%|;Je
zyjXD+Z6ee~2Ze>Ap!4nho06ZqFz>o^iD@5!&XImB3B<8uQhv;TH`th)QWawD1JNCi
zE1DFC?^quZUyj|&VU67-j@PB$htAsf91q>Q%x3JndbQP|bcqK3qc9p{<-1fmB_r?D
zgk+EwX|@K0Wp-H3uo%b`{qMt3d?$CDx}L$=h;6gR#7AKeWpK>dvTS*PLCONzA1fNc
zsGJ{~wV)&wx23S2%|futA;gR#Q9X&wE=${aBQE#ki!m*-ykKkqh%i?q5NGN9y0A`e
zy^sJoBa~&h=e06=pNiV`_tQ)gZ#YlFpPs<gZ1del*b1I@5DcCat)fKd@Zt%64TIhz
z5B^b%hPQeuzO;;Feb;wIo}I}m{-eklJtKcQKyy;yPhavkY+>66NX#|D8lU@3Y$HKj
zMUEn&@O|mR?;U@`=j+?$K5U8QPySw)NIRS2<&!6-C~&|ocK|7-EsEg^&B4+L2kXX$
zc&}Hf!@$2Bu;Ic)W&0!AjSK#zT0ff}$O;)Be^;Ex*jTk#0Zq+s_7T34v1-^A<xQQX
z7xyh7o!@rXLOO|HTfy2b7SHyOI^y}IMkxWolAaZAeK#^cpPe<22{6jvL<O!e!BA~q
ze%M?FOq3{wbz3#2gVf&4rj81%$Iu;?lcUkjtaWdDN2<*52L=XMl$`!qt7r=Gp^8K%
z0UFf%(XaHw1XC1!pK@m=Shb@|ENZAx4VglhOwaX`@wPblrU*7rfMUnmrS9j&&B3qf
z0Whd7Acn^wGjzcgH7TIyg?;!0Acwj5@DtsNo*GaK+?C0{VA(O9RwilY6%iBSt`H$S
zhKr8dJl*vTC3c`ocAeOzYrU~A6}7G?&fwr?DeroaT8}l8EG~6@PyX}|1;vj51C1eA
zcplH#wr)j8e;1jZVE?MkqZ85$K3IdU{wajv+*gCxBR9nSahXR~0TR@6UVu<JKhHLf
ziKSrHvFW!>R*FIeWu)MO<|&bx=il!oE%Y(m5yku^N%@mRANw#>Rp05Rh@9*VBu27F
z(|IiXsE`PVHC>1@TwQc+c?^M98fLFf)gvOGV3{AVsLb4l;+m==<nF<T&z$ctGO2+r
zrzp=C=aMk+w+*Ad2HjpaT@iDGVq8o0Z>5uB>rME*@hckRRdp<U&DYc8uitXf^v_9N
z8c-pftoW1Kr+PJy&%IxH-BZQmjy`qY51dYhC=hPfmB4DY7?ATENkk_0tsEng#c<+1
ze;-%g4?u9e%TtckxKI8e2BOo}i29$k4IUf{CZDD+v2lRhDt-8NNr2D7fxPBejm6u9
zoO2^o2LC=uh5btQ@Ql?lb9aCCM=JJnBP1^6v334eqLvAI>~!sC80d0F-T9fFQM~PM
z<UljF`Y~!f6NwIN8+H{|`pW5RWZA#M9A2#n*0KdwV5?mP&x3;3P1o)j5(WBuv`O4r
z&vmzV7Pl37+OkU*jrvd%8A%cjy>lhoyz&Z>cd`YJ7jPNRzE1v)msolBb>Cm#xc>4t
zmY;dIVdw05IC<5_Grt>~RHRg6p|7gfYS8sXt@Ep+e>NbyV2;VX36-Z0xkqtN24__X
z0@eJjXqSkj$4BH1Ny@JmsNWgz6&VOwQ#a>BW`4=;h#2;dov;Gkfj%Y+6Hd2o*7pY|
z(w4g|P8E4+C|0xzeg_}V4VeS!yTQD9ORXkgP_Ru+wmZ$!yCnrdrc60n5AQ3)ezl?4
zWK`-qBPV_jC+_H?pR0iz^PB2>_PZik$xxAPxr1n{_->p_L!Hq@xFBam7&mr(gKgqL
z<#N;Gra*&=KG{yUwuZ(ugES;<iOKlNcf%xRwWjbfCI4Wl=C>sC>;k?^Xzb_So<+*9
z2K<%MQqL1-qhtQtdv@Hj5n_VJf0D_cF&Q3HWUNV?+*4yA|7<@wkgu1T7d<-xo>Q!*
z;jC}wwTu_$Z0Pwx{(hBz@*wBhn`?$eQtIJK5Jh@WnJ{z2{_~|c7de@uNhC~hyz;4S
z!-Q>$WOBxxmu%rrNqX2;o>>y*rv~i<0CYF;Ugw;*YaYb}(L`k)ZWz?=!GJJ3eI+1z
z&sx3pPN|*pfK3lim?GOE(MejqxO`E?$CW$dQNQ#cPSHi_uUxNajlfQ}bc+k}_kRt`
zGhtJ<fbQ7x6)fB!2jrWJX#YBh*KD^%>BxR;?}UAlx(q;Pb1Y+gKo#WD02I=h+>8R%
zF~zL4#|v!<)j@yR00w|5Qrh+5ADZjprTD*zZFtxNd1|!dJR)oDKxVqeB+lcTgG!4o
z*U0i=ndQ4oNThP1JeZ~t7HjsM^U(?SNyVq=AJtRPBy#0(Hgx>Yb+-VbI<3Jt!{U^R
z&$v*eGRBT6?L?N9A`A!9kX5=GNakk>jE*CL1wTnCE+6>eb}bW(2kGk{=>)fKU(&8O
zExWYHmA-z>;r6GgZ|OfdT@zK=ZId=w3R$1Hs{dp-^>fRveah|_l6TAXe*f=pJc=@!
zzE@6z@l~NW5rU34rjV2YPm?9{Hz;TqV>AM-QWqEvFdM?Zj}I~;_v|RwSfD<lVpWR{
zm}|4I?S86}tC3~$b>J)G0I{UxHeQQ?wPOWyyqYBnSLhBl@gp~j1tP(V9~mE{e57HU
zTTe5@29_F`N`46%$M1cev4|T*@7!DK6#2DgK$2LI9n5MkdTmOMzlwaSG#{|hsO9ya
z23Thxn|wVN@bKxYO(l3ubFf(aRUcI3E&1fCEJF0nsNDZR{%X8OkF7_Y{{ZDwmTl>4
zu;mGtJKqJav4y(;;VR24pi22@GqbFO)7gS6Cnw$jwF`@V7XN!w_=YsR*9ZE3&rl&5
zUD#yNc%g=rdL5mss~4X|V@9!h!Y@cJ{@0tLiTnripkG9nddio8-RNsqLt@7O#E7FS
z_f?C<0523p3(Tv?{ETTJ2=<T|)okn+9SoT#541uvXO+9gzI6JB^f7L`sXW<bY5{}G
z9<cT@M(z-RrDqkh$y4G}{<^a<b#)R^EH^(a3NC%s-jNh-nGNl$YohvF4O@jQeSIng
zYKL3%ctbEIUS_Nlr=%*K)P9BZjGS%+TyybrL%}n;mN9ZX6kRD%LDEc2D(3dW%<9AY
zyA8;ve>YNew{jGv$gZWNvchF%shPX3Plw<mz9V@!lbKZXdwYcC8pvFXhV{R!@>=qe
zb{U*rIKA63<NrrN-m$QeCfXxAvx)ZXr6^xU;4EaUxC7YPQbE@lsiFBKuJdRnpL9H{
zw-~#>tpeyZs8B{bk-@g^kmqU;$(5LSa!AQ~X{Z0stusQ1z}8wT(B1-H)6w%&RQQ|M
zDYB3EA4NRI#tOL0`p|yR-K_69FYgQ6=r3B!zW|d_K;*oUnMV1bLHDwhx#bVwVG1jh
z2Z7(Bsr{+PU=ne&U;HIAl5=s2#cfY#9>jUtM|Rrb3Zx2^<L(j%kP4K!*E5SJqil;>
zt}ZX8P5;~wGtuwbf;`#l%jnhjpuxh5J#-ZW%D~LCL)Q3dc8{+j>PyO`tvxeJ6VX~?
zl7<?{abz*UeZTFOJM>W`@TY*ag;<~oL2;Y@H4?}DIF(*)$pqK17&WyIK$vMdLv0uL
z<pFrF-c9WH2$+11f_d0V7n8HOGs7J}=a9r$&JV!!inK|T?c6eG>mdWpeOP_Ps~&d>
z=}8At7iPa}5|y$7*?j&1sEa);UG<#bPs=2yyzggXaUy$HT7~^VGd_-M3xD3cXqrDI
zC+v9FHMed=2vQk??!Vl$kpbR(jD>sm?K1^HxacHMeXr(|b`Wlv3C=hTNIv-T>y5i^
z4{KL|`?)*v6+AH<7n!^8YVX@G!8KH&)?7tU{<&TZAF#z1csw>DcY%XD?lWuFG@&B(
zTiTk^mDru<A`E}LIEapf;0V6tx7GY&(!gtxz2Bp6FD|#-hcI;PDCtp1((UK4JN_jX
zGtEL*B-*D)D}I(rY7WXh;0_9V(mm8YICv)9lE_vx<Ur2y&Ue6zv4<rG7F&EKj$J?{
zYixZp$IGnC;_cjTh)ccwIRCZhgHv14T|!!feei;q6~}SB^%sV?Uv8#zZ7a!U2PLo!
zpUIIts9gNK;}q3000FhH&b}rSOV=ORI4o1aw5XFKV=TDpetb*(l}wM@g`sw_l5G(P
z``$%;$jt+RP&-bfn)4X{JP-acA@W`1!iW79d?v#9QL)m8KpHq$(XE6E2_gkYX=)AH
zRXaCi7LN6hO5=}Ucq1FAB<7G*;C)7p?{LW+{$wTf$2<5{$DWQzYE+@ocG|1&RrIfK
zXbW8!C&SVSUtV=<hggg+5a<JtGwTA{zNYrYH&xe)^i}a~4Q8-UliKw$YT5j*2)~<%
zFgFL4(6~kID{UmEv~uX>)CWY8a{AR!2EWliiaTU%auclT`fzRwH8CrFzdu;fbniCS
z<5%y_IeMFoDMsA~1(~f*m+xWDZsd-COdwE#RBvl#rZ%9}1_;Dkn*HdDyBM6>OGIZO
zI3T`jTB)Od<>G-B^p^2_@T^M-%a>Eb4wA)^@d=pW#rmS*&&aj3koDpo^58I3k@?+^
z)xfHu)|%&W<fxNEj%2$eWI)N;t|6}p9QfFx_Ru(3=M3HXB>!sA`prD)i50}pie2+?
zuXH0$h)XTtD^cUaC5vIi&+3STzkIihkpe(U!xFN+11Uz}&`wwGoKxaKB$8U_EKL-T
zqVTHovlH!V&T12vBd3a=@t@?mv*6ow{2e<t_*;8wT!PaxYuTOAr|J6PN}eYcxC*tU
zu9^lATz{1_Zr}zxU(aaH1ma8u@@U49&D3zg==t>5V?y+qYgt*$Q}cuQD{|*acjix-
zxK+JsMe|v$^ya+C&kEv%;|);T7Y~B&(&3M|4ADCiF^X!Bnei)Cpxlb@rM3N;d{e?|
z9z4m3n_}uN{x9&jQV1*ixbEA~8x5<%^RGx^J^VS-Jx^4#xu!(dFytcJRD_XNQ>e$l
z^P;E!j)*O>)Cms$Wit+>0!sF@j<cx+DrrMHilMdd==9|VpjyMQ05AST3$w3l${h6G
z{lKpbNpYBy@`ab#9I5Cx7%PN%039Bdq*?#I%-GQ-2L;W#41RT1zs)~CUeYny+%v=%
zCcIJceD&)E`KlBL6VJqRd!58LX9K|f71q~rWCP2V$xtC^WNC*{p!nDtiRDOVS&fxD
z-O<&MoauCD64666=sdSTG1l+^<xCVqbaYEk*N{uq+iE$fW`iTN4#mF>T3WnR9=?u1
z)!KN;hEp8r?X|pm&=OkIrh8+tCE|uu_S?RZGjJ}_E8axpuWRb`oaqm*3o?$ctM7SP
zCV=SO=K{1ep=KB^UnuvoP3ye8yloK8-_TAr%!dCjuFf*7$v<A>C@7+YptLe+C8e9G
zNQ|0vjF8TOw16-H0qF)A-QA4Q-QC?iVsyj)XXo9y&b#O3p6l85`+eiSKlh;CX@fay
zQ1xA+fE5=#Sd<bPvPF2v_E9~&JH-nRF6*EEy8>j-wDKOyMkK~RE$QWAj8UB|UT1kv
z|8PF>p@R=S;Dic|XislK#^{&JZ7Nk38~kz-X;tk^3B)|c-_jZWV<^6MB8KsZ%{>R3
zI!OXT`^t3ksTWudyhMs#wVCAf4|(LGPl8My*N}<-Z`Uc=UhTZZeC{QArWQArqx}z3
z4XtyO5i<2m+tKTMKO^MO4dP_{4K84*UDRiD2r)RDoRT!3pWSsyG2ffe{<*6CjjbC*
z`hn>Xzks?#u)*^Xij5ssudQ(=p+3c0uPeSe${p%>ge8*{>hB314A`2nzqYx`#rAWb
zdvsl^oM29cVWOS&-TA+z0f2VV)a$F#GArRa5wW7(hNGLrIsWJa4h&sYy!J-;9=lks
zEv-c?C?W&UJ1&(j)_WpVI9x*Av5l{x=aD>th_9$<q2!agOqw&1{gAfwp_^di$dO2i
zK1qA*$#elzeBTRnKlg2?WXMJ95SP5(kmFwC^0L=U15M>E=TVEFo32xx1=MX6TRHaq
zAu0G^WT4A(2@{tGQvvqNHGgJFuWG7~H>|RBZJ!p{+7jmYgg)>fv92ltTjVWq4mDLf
zEiI-;f~Ex|2sDm*C9I*+9q<LWre=L?d2u&`=!@ylb$0D@s@F+pugkT<v(7^KT2t9J
z0$n`Hb=$lg9=1d8v-XqUsGU#N>C4lWXr6Q;0Spj2ovGSQ*z;-0tU~1>=GaHjLzVu&
znX7N;vM+#PBK@%pIsFN72<%GrtN|~3snmW+XBX~l4oUiH@YJ|qv#NniLiq=gN|hmr
zq2h_G4U?15ZFamWc|@+Pl+uJPm8DRiiV4*EAUu2^Ciw!lj4?RZMU0(0L8(%817pDD
z?Fy9M{h(~+*slVTjGwtZ93}I}p0k!<8@|=_;W#SZRzotm=aaNh=ffrJKgUhj29VCY
zYgCj>`EdL2uvX_M#9Mmzb7@T5r#Ad2xnPn*L35xZy^y3S8Dpmgh*kXK)!RL<VK=HJ
zfhkzz1!B3Aw9BS2N-z!MpPx6hS!87R&@p?bS(0)<_YMhV*U(Q0ii|eFXS}_0D^AJ}
zJ1kl*sY5i^(C134X7pUO9(>+cU{5jVT#<3z)BH^>e{A}B43pI)tkiYYyq}$rC(}~K
zKlL9@NjR1v{|qx446!0r#o#ECZ5)w+GalGmw}RzZewwL9Gm@K0e12<lpfJ?TgvEOO
zmYlQc{D&69B+p>eVX8k{6-X6!rpr1D_W9hKw5$W;+>F>f*;4zjLJ<)+)RPhX?)4?Z
zPlMl=ecSo}@u?EHYZ|{3G#i`0!yH~pOCG>ly%Fb3d3W5cV}&Q28^2btOTlT}voeZn
zwP*Uz(Y8*^!+hr|7=c3rcKr&Jpj5g+T4dQPQkFf<1k;3Nm(QLRGMc&GJ=wF`tV9eC
zxrUA_&fbr!l@IYhMM0O8*5brZ)dBD0m>wMkmw46KQ)esnGmZ6J6Fwi8gN~nG4j+Vs
z3{;v^+_V?y#o>i-YJLpaiP80ny|cQ-@|Bf#%l1rn=W{ma(_$nJb`GD7J+&g~@BAT~
zC!F6>W3Ms)VmGT%or!li(I~t{NJUNn!t?Ho|L4<*sIA`K)(0mDPYz;hQFkkQ;05*L
z0m3GNT^Y0=<8)>k|Hc6IQrW;xQ@}yWJp1C@!v3_%if(Vs=~q0W*ClO?c|+$H#YGee
zGSiGgD!lKRnKj?4AKQ4N_Xfa|T*XJWUw<qTWm?v1s*N6^qW0L>L)eq##EUv<!c(8B
zYL6T-sEvkSKd{Tk#w3Vd$77mp?yJe-<2`v(mfATdQ1kVPQN#=lh8Mwk86zjpo$F1r
zKEuh);KGK7FBOvmr8-EAg@ubwccoOujU1eFjPUzv*&I(i$oHdEb_J1wF?>?)_D*?+
zEH0|r8xM;X{136ohXPr17g&Ll-TJoXL`IZZfiwrmq`>U3?P0OW;ML*bq2@(h-h|6a
z4Yo*GWaxdi#YEMHKk1-q_|tsO1X5&ku5Bg~D*xxv0i@z~y&78WFDho`k(^(}mT1gI
za5}R;dN!ZSZ^OUFIbE=VHry0?j}Cq*YvrD^=cWm)k6NRHwp=~??$~mWOp{^nMo~nj
zvr-H3Uw@G`BM~>^a5P_rx@F1Au_0Be5#gMXH1++AG<vfmIf-@Lu~2eL!izXqw|R;P
zGsIVk*Mrmw*M<ga!rb;@*WZ<e5Z!xMPAHH2j8SpE?f`8_oWpODJrV(m#z=wi6gSg@
z(LX$oy-y<@A6-#Du*)b>>}ZUZ+^@b;`3?Pcz>Av1MP1*j?!v!T%<0eW1y^(cdBR##
zT1_iA7H%}^HCS0`tvJ;Vr&qjvRfDzmf>jYcf2;9KL;Kt<Sl+zfmS!xQ32w?pRiUPX
z-qaja8YG14h;{P(K~1n!^FukET@t^;Btam&^4T9*p@hkysm<&8hJ(&UC2Xflb0yS@
z(2?W#VUlJNlrEbdHqZ3L7IWUh*|*)&@b>Q!S2m^tIho$SDCJDl3RuRq8kxa8E1^~u
z5r_*tu`ig1Zrt_r0_Fe6k~dcspw3F6Wej}3fqI@7_XYKVw*rWyf@S{ya9E@xiQhh(
zcer`pqzXM>*=kw#-)t#Eg`eh3RNK7%hq)YH73pzaR>x2oY1(rd2hXT#Yh&#tygv6_
zg`fu+7!6kz(hVw*!?HVH8^Ic&3R1bCdObM_&5ThBSo=5=%xn&9z59Y`44xi~sJ|TZ
zPAjA+Q-xLbIPfR5h9O-;XtCo4(r%#Ct%d>#&&6A|jT9sW3*~K@0B2+5T$_=Nv-|*m
zs%p$^cMtx_s<(i7uehLM2$hLFM{uI}!^Q;Wu@ZkQ9454%b?;xvi>~f<(P!ufvB<Fo
z^9n_!^ylFL@&GBSCkD2SQdU3x@U6>li(molD&O+vh<PiPhj1e<_0lj1B^P@euh&uf
zJ=?sCy%k)C*)=arBz(w2Q6JiJva4stUgubp&L<{}mrOS~<ZRgTEwITn`S~<~x0N`j
zVixC>a(gMLpvHfD`0n$|BK}#d0CN<|h=AZJhRGaPPyeuAMJ^jm&c<HA_VRywsZ1$3
z@t?}+xBeZ5Ndy)=*sxWq#HLSeE{wUJ9WLe<W#3YkA|z;tM3=E|zru+3@#ZyBL}bqi
zUI<?<`B6liW?SB!%+^LMk6{&H?#hkIkS~(lzsneqA?`FRGwes$iGO~YMpV?4B+DOE
z`}s{R>4#m1P*ZFu{4(@xNM@;J1oP~Cx70K@Vx363Wt>hOzwtB@$d>Yp@ePP^Y2{xu
zPdtpt|DIr9siwMWx{RoQMeidRuAR3UHT!f}L|jAcK}!ppi^B)9soIj0UD7z<8GW#(
z$$EA+%z3l?A5L7LyO8Mt*ai?_Y)+;mew55E_lI>;qy$zKLhGIfc|kq<o~H{BC`fW5
zd6Y!go{u`6TWqh7J8Y!5dJN{G#-V5W<zhyc?4*6xRUlRJBx=z>Zo}56`4Wr=kk1iN
z{*Yhd>5aU9yf{1~_<b5Zq3pTe=@TnBAgB0==%M$>2UMbGb%pG+`9((%E%5l~usWI0
zn}Wlbi=4^%72PHqCNE@so~@!X1?-6AlT%uW>CYhf{TUsqKDCJJXF0mr8&AsyOA|`3
zo^=V$R^{s`7_ChPs}>V2Z@P$R=_kLm;Zv-N{txF{z%qUGP@e=2+Qtb~LsJ&WQsp{W
zAP7DENmQNeEiB*$nxLQ1&?x)1wAjl?OZg5eVmi{II9Uv=jx}wj#ex95)o0YcY+pZ(
zK3%cyvStP~tHhhOego$!8SM!@K5Do6+5e>TtZ-1>#6f=%qg@owewqL4v$39C^qQ~5
zU1zelsRsM5F3A(fm;E5Tj9I!Y2iWct=c(j8id&tBE9BN~qBPUtw&mh7SNJ8R{9n_C
z)6Qbq`>N;ZKG$d08cDrGQz_jMOu=?EKw<e$)Hj%K4u?MQtb%#Ttfwh>Fb`@nA<1A9
z&5;Q|Rk;YSb*SnRz=~o3o3jIG7}<e0G}JE0<}D-0<3rc8!`7p+T-f%0v|b8~tymTC
zYYHVeJ>#Sp7vK!7O8u#_AF9z%LNlXN?|V9b;C=UC9ozQ3k&gss?=f(q_<PTxjczM|
zid2Q<*q2X_E28304yR`Pnc()e6{F0I77{sT?n%qD1?evw5Lwg#h+I;)UgqgpBY9R@
zL!d<HG|?kp`j@@<<*j?7nsy;p%$G3*QWTHOLpXXK$*hAUXP=h#xKmy#ZKvfbyt6Sq
z!<*YyNlT;i%P7fEwIe{9+4nVZqHbTVmk!Lh3aTWep1vTj#(S(PsPip#sC+{plH-?z
zyE6l_xz^7OcTlkuONRMo$<7Pn>?|%a3PV0Mtlt<VK12nleQVHvyAh$_&k(HL8RY0~
z@xyBboL&&S_Wlke4LNz>r%@7P0dxDAYdP4v`KD}!rUPX*HC!rAIHOoz{ZMxcR_ccl
zPMinX3w(typEuSh4U90F^x1X3x-S@AoWHh1%XM{44Yj`k(O}Sg2TsWkmRp(Q$!ftz
zu!*u>ZqC$V<LemJ>IBO8lZGp9>M$(3DR=@g?d*w~mR&LV>3yC^Wp6I=>^2yL7_f47
zaIAT}PIhMztfN5HhYH>CJJcCN(HN9iF?Ypv=nhZ~bZ`$+p6o|>AlRZ@|HRhMVInZk
zN+?RF!c(eWSY^h&%tzMh#e(b0<|Zak;0Rgb3Gvw_-nMPeYFkIFnLnatQUFM#|IGAB
zhWL%?mYxUJ`iL$6TtdY5DH_5*<!A9e-AmIw=$OpXm@5J~W14hgCpV^d&2uDb(nuD#
zcq%z!Ri=`$oiC>8ho$KZLd4FV=>wje!Izd+zjVVbRcm<cGW|4zKY_Nw-*q*#N1De3
zB1RtKB|ij(jjcb6mZv&$Xn4~6dv(2zT|+xKUU|$gq$1m-55UV_1c9s&f4(IDDeoS`
z!Lfk+{mIVjQ(K<lE2qo>wp7BGiy3bdy=5?QSZlhJqw^(nd~VT>3L~s%)bdY&B7Q4<
zieK}~I79!ti~WAgcN)#+TYboO!aZ;mI4Tf8wyUzoLmGspP>ERcs<od~H=vJK_*Y%j
zoAqHk!#3h(7Yr<+F{@nuX|3=<ueeeVP_>hLj0Is0SuWH|7C|!?GkCfP71Lpa!9su$
zCK`@CPUmffBNG2xZ)ttUVXJ!;)4iLsVC*V@+52j1I<p0Frxo%&^#ehGV^xp@xd#TK
zq&>b}pDJPUOC<HFJ44^rTffKnYxjjsAwyVUgv(^+J6+DP?wd`S*_DX1<$x@)=BtFI
ziL?8srPViH8_P?%C)sWUtY`?dH}aeSdmUdC*h;m8mEK=0<0mz|O~8Y3JP+RnWgJ5r
z13oe(Tyfm&^!G8I31nRMmT+_AK9}y!*-8uoxcs051Z^j)yT^D<rj6uXEGl2#Ki3r_
z(%jcfRizMmKa#fgX^!z!Pwo7M=D2ADj97VUf_h`(cCDuLd;DBNo@~=VE@MvixTgij
zTYQqmDfe3bSwDH|L0@^)7%?x54k#MCNVc<^1oK{rSf@Qu%8_~%vVWJ^Emr-HgE6dM
z(zx?-7pEBdWgM@@7t`6xxn-QAx0U6v0PL?hGPdCq_yiDJU`~Fq2ibPIU6224lCxV0
zX{xQ)Mw7E}blQ2f2(BnP7o_lS^qyC)jND?Wm%2-o&O}B6Hbz#Ctp?HoVI!J7QWtL@
ziX4x?I+wkLnbP6Xw`gqq?~c%M3cH#XBCf{B%vbpi%+T;aq8*`CaVD%Y5u`SH`#|LS
zeZMdvOKaUQEOf6UVL80>Lxz8hM`YM*c05AhZ<B4KqrNWQ?GE_~s0NqCX-N-@#4H~`
zvxoD%u>LA|ybnIzW1D~*5L1|U4R5U;vv&#7+`irE*ShiR8~AvEJF${OZaop&ltOi;
zaQvC7uc&X1qV!(Lyl6{jo|^G3g;WjCe>gY>En!;vvYkSGHPa#{A?3&r<A_dJn39D<
zj`kkAy^-n68Q&9~oL_`@gx(0(yUzFmj%iD~FEIhBA9$S>ab&@{?D1#?c#eVxEYY<l
znB|u@_0-X4&$`CuP5G^bQ|dhM+Q5q!8mU(*&O}#Q{T)K1uheu<C_*x8S5?G89?&9O
zdcG}i*_hy_;!uZlA0DeJI`kn?`~E~(2=|&U&EJAq2CjE9b+d9>p^(@_U1CD)Cpc@H
zFw|g2d1&4F3OjlzqWN=*5_~^>DHy>HfUiH(8VJ25zPaM>_I-ay!zsdum_#!WpV%?|
z0k;1+XDwyt?ii71&SK}Q|4e9mma*GP{0HDMkrX|ONZPB1wH+aX5Enuv7azt?ho`sb
zqfZ^0w+6qzj-Y<g<ISh-*ke+%D0g`<Ju}?ZSO@t)e<=}BQ9}D{eG<Vk#Ti80zrK!5
z_^D6}pv$_^V(yjvqv^8OtT9vweVBJSx{Z5QgsLl9e`4B%lvORRsqiH+39efUG55)v
z%Es-l3G2tbhlXS0%(d*RD~ffrmv8pp_`ZJC$NGgt3hnr;3oKClV^+TlDtTSPNk>3w
z_sq!`a)LSxt{t^5Dw=S4a3>fNK8?24jhRi-#(+4Fn1_e_9+Tl?4X!?b{zARh8gGtq
zXbifG>hn3re>mgt%ZLK2`6vCq+677b4unjA*QmTDIWBQX_MoV^5!TW0*kc~rw{#WO
z^tS9eGTJbRU#kk_;FY6;7X}T!!L@w%`xA7zZrB<bv;o<FcEp+Wm>ooikK>H9N_vP9
za0Ay+U>GO4_10Md4Z!8ahGEIy8v4|kqBMPOg0s1`KT{l1wpsxJqC4}+G0FNOE-n2d
z;QexTR%a&<8CVU+$;`0fj;@d^g)60+Qh``iW9ZnzS8rq9AKI6I5-XGeUGRh!CCQJf
zj#mdtS@?q^U&KsG921-nLyJ{n6c&z-HUZz9t+-r@?7I8T6r?Id$NA$`{uu|qsC8qk
zMDz3$d{g!ae<Ee#>Eh+-U{Rpm!JaX1CmzSZ3v5c|Q6KVE%0eN9>`bZygt$72$QIe|
z;O2EOmW-SQz4oCuPv9RIh|>N!GhOvwoR{WlS~-C(UD3s5*O**uc2oU&#5gpPNK?#m
zX~vP3*&%9wgj{*z>o`KtrE1cAnfI&eS0T~|YkjU|!HIRm)ZACTTEU8#z>!kV4=9~0
zIO2c|Wc8Rc)S*J{4I_Sp=AMm6KV04^7-`o6+~4F+?Mnc(yH&6z**NA&khcY4H7P1S
z>z<E#>)(q3mbovAzRe94qpWYSRkbm7@LGVbIxZ7*?}yj~=daIZc^#M9{#%1gq1Dj`
z3+Qx5ps2_P=>nG3v@}$$0a&Tiud7OiP^jkH0QK6GmK9KC;=BYZsYIeCW&i3hT)8GX
z_4RFD#w|@w@t&*ViL_H*&|%J}F}>_Scf*3WvKfVLbZ-N+8SBQ&@Its3!=(^G=lHo^
zMbe^CF`$AREYzy)9#pM+-~ycWF%QtR=ZVs#rn-pc{m6$FzAyBA%gOo2tkqn>IdI<>
ze695%`)BSxIO(ANuUnY%xb`m;Mqpy^c2m?lp3B%QDu*f%-`C6Ax509%qn|5td?8Vu
z4;(vqLR?<24u;x(Zc09i>N&=JaA++x?jE1w2+zpJkD>u{y^kx`yJEV1ZkI;3vb3nb
z!YBSM18(OI`<yz*Qj-%tqcsL)3}5>Gueb~+G^HW-v_+L?$bCGvg3JlVe1>T@N4;nF
z+Jyg6S@;<|p%T{TZ>G(piB-Q@SZ<)Iw=+_@!q7>~J>cberBrODd<?Dv>#cX7!;i*5
zq$*ZpJV1?uv3An9VD~G$Hdx-J=WP?5>%C~j!3dK(Svd*JEE~e^Nd`f-X&J^R;fd=?
z5=^vHCF9iiSFu}4qBBE*Jyr2HuegRGxkF8`I7Qp&+YQh^5t|V0HNFD$zeU=!-g|4j
z2GM}90)rddnaC`uMz^peVET}nX59TvLZ3BPnh!;g<)z2gb!}vKML|&7WZffJs+G8i
z>GaiAy9E#Q=_EkQ#OJ=ih1vo}Fu&;jGg?*y{>lA&-81mbA$Z0B1$C|o=ZqfI)DgU}
z`jKvNjBz25A>eO*3p?gUc{5I-R?g{<?<rsESWno^E~|Y_zu<Vp3i$M)Ub<)Yo;!c2
z9DVj!W;s+nVw7fl(!vw=TKiMflRwFE22%Wqgw~WAwZT`PtMmu(Y><pkvWbNNGv~P(
zedw-z+Oj0A7b{xRo!_Et))YM3WmaQksnGfhc$nuz9INvvyCyQR*MCT~BGJI~e3x2M
z=LfdozIpAj&5-c0cZ{rOETz`GB|U#_`Ev~8DP_|ha-Rb)Rc=Sm8$I8bY0lgWEz)^s
ztLn~b@2a%r6PTMO+n+8xWiji+oxvfTmbr@{-WN-c@d)Kj9jD*aEZJ(AFEy%2ytH#`
zs<%huj(UB;g6yNO?j$d5*eMXFq0<AK3bpZ4!=qlGH_i%@xr?2xr~kv@?zLL*vU84q
zHNO|t<B3CM#?zZOQ96MpIlIb91BFAvuJHughdY+E03+mWyY<!eEa_64?GW3(2ie*(
zS<eNt$~%Z+=8E0n%?A0dQIT4w+SL^VJH!l=t5uNV<j1qD8D3PPhp&FvmO04&564+U
z;>*t0iLIeQUw5^?tDl~Cog4UJjg4xZ$olFPlL?J+7O_u;Sc1+f+xvSU)XLfpp-`To
zyut<eheduX&hYPdE%P&ax_DBgUnRXrd#xny1BJds9#_xB1&%rcerGdw-umnueg;2O
zVV6-f=0)G*ktD>aP^gh1+=%<=ZG`kNU(7{ef=5?s4WlmzebC!p=(o+{b>eG7psUij
zr{5g%WjaF6_gdy87%|m5@Wz<mie%k`WH>8LarAs4jb#txp6GolO+|GJk5LUc`&ur?
zfwX0PVAvDfO1f(<eDXPWWvEE6$IOdNUuMY^7Po<0uqYw1XIda*FeEd6)_`eVRaP>%
zrJ1gQd$sED&mKtEmuq?E&m~(-uv!VwT2uaqGr!(HJ}yS(aMylZDo<SOX+js5RFV-r
zOj+*YB?ySc+Y4K)y^usm#HVxql8o9TVye(@kVzLBdSg<6zaK791h$N=lccqAslr~b
z+g$qGb&g)v%TP8{>KIX4^1CpT8>+Hp)^IUg4Sp|Cz~Os)TNd60oVKa!XztjDH58id
zt$gd;PX`S>g%|oq;nKT%YJLaSWdYlkh=uP|{*kfY#eA{dYnDrTA=gUUrT}^WqGIsj
z`9FBa*Wj@YLxg@1%U@pKM;dshbQd6TAv<_ts=^-y`n%oH)8XHyp{}^O)>{V)E^nW&
zDs5+1$@S0n5NhGlwfbDEb&SQ)4jZHeD`5p2%JRAlU5K^16PyV<oG56PmexB{`C2AS
zwx)sq8z-yVKQZ|~54T^%0Xx6c;O_)aR9BrgLY&;%0<=%V_H=xsE>@@A0%05d7~GzD
z=2O|pER%~a`=Vs`h5^hY8l8pSvGS>{G-V~#)uLxU;c}PZhCk+I^Pbj~ky#Cy6%M?k
z&q$g7YJ_$N_#4I(aQvdTr`<BGt0Pvwz<mRIX9HF#N7e~xx(RvfMPTA6`_ec+;b4BE
z4pmfnOTh7v?6jekvp2e-rJ+PL<2Hxvsz`swL1RW%oL^YS92}V=nV4rC*+%VIw`tD?
zs`}fFCdP+#=QdPgx{kX#jn2f;sV2EU)OT<I=?^xk<33P>LE>CfjB(x4Za*oq=|7w&
z@L!<jK>6FL&G-b>1rE|>hzP`=6nC5D2Z{K}a-I)yfywKZx#^FJJywvvKPn^C8MlYj
zR_rsZ$CvbCn7cYlYF_@7o2y3_Fs2tb$+O>xOEEnLG1roL@A?gkhI%+a`inE09t@`M
zn_(05(h}8N%hGF=^8C>q!ov3S#G~F}LvqdJHFZeP!3BQ2kTBspR{WJW!SJJlB70_3
z!19?YQUekSh<w$303+QcGL<T^J~R9}ro`AwOu+>Ba5*pBWg#Tbi;&CnUOC>-8}ckh
zvIe>|P+(o%NwB;qu4nheA81u)4sa+P#Qy?!wmCbn72p0;(u3&mu-pZ8DRa%TI}&*l
z3<`~E5GHr*=!`U2<g5))`Kb8ibl8FZ{5uX{xI`_~tUr78)&{n}&0bSx6K8ZH5jOwK
zMeI$Uxl}E8?Fi$s0Mg#VB)>gISN|ru-RaHTU=U`&jd6BHWE(|;Kn0*jQ8RdlXN<N5
z_Fs6qKD*=??qW;0l(r}aTmGnHwTG?q2eu4dY<=~iryi?{GMwsMO%0K8@srYss$naJ
zin~3}$`oe&LD#AINAm+A8H16|rrWY;>2_bwn)WSzu*szSg8pInPA2lW<r-jJw!Y+f
zu<LxM^{^kYT#g|{T?i}|8Lfe)!&jyQ^r{@U%)vnd+1NRQ#q1i?xV^$~gYouxnrwAN
zc}q>WOVp7rBM;jw>96eH_^w^%vt3X#Y)Iea3-Rc_tq$6>*hg3YZl}BRHrudTXY2Oo
zh{pZ|g5<4dYk?JSw2~-4C@d(?Oeps*&2gz~R{I=q3B353&1)aVl@2@dhpr3=*!5{)
z$Y>jIK0RIITEBnB1Y6;Nv6U6rk83G4MC`njKPhtkIWpLi!4Q8zbzP=d@5fGvfyj8t
zQUl_2uW0n)6MZWeu*lSm%>MR$&2rKN;kb3&D#EfoBCWCY)Qt|^?B}zK{U&PnijO$(
zSJ@UTLP!qZ8uwwPD7++`4S`%jBpvu?xqFnHPihj~O<u@U4O^HUw)h}--7^=9mUq(@
zms-jq4enr??+`WItElzmui@Kkj29ZMz@2#?+kw>{rJW%QN=d^z>V>p@E$+@~3|ECO
zm2XEmLpRA2kl24XWm{j_nNs=Ur!oO%FK?vzPH!MTcNRC!vgWdHV22~u^xiGJVdrX)
zYtdmrSQFQk^6E!sr(3wb`D#xF$~8&8I*Ps73x5e?UaV6)$?alU78g&>V2)#98Tzm?
z5Uiy!gZ0(C2xV?+=x1fDeEdBB{shzm=Z->`T!{hqC*7(hD~dY(G!f;!EZbXVksb`c
z)4e~zbG%;d0ZnTb$<d|Ebxh}9cS$B*s6BDNcVh~4lBHS(Uuj_>Z3dZ@?gBPL@;@o<
z(ecZV9=c2-#y$(ERWIl-XrAg~g>}o!nP1^4r78LPZFT_~_3=xJYJ5L732{0Wi4kdQ
z576_ZEPIC-+rvP$d!jwIhkD4O4ZxlrzD$r+gZSjo6!6q(R}>=vRtq10u-``d8`UCW
z6Q2Ey5;AcWdo%5{t$I0H=>`*c(6gT2@_gGr*T$UH-k?iO?i)1+$)}t80)44y_T>l5
zX_hNs@$<;`&tf2f&9Yi)isOGc4JLQ-tmriK47kYpa$X6UC^7)3^(&$|FPO~GO{n%@
zt_um>;8K@*h{Cg*;T6qdJNSE2g9lg|p}s0sC^3<l2;oeOcaK<!7QFd)*Xw>?#Nauk
z)|o(<e&8d*-e7Af0V>Fwa4sQd^qiwRUHffB2xHh-yy$WmAssA}`M^8{e-ByrxMb9a
zsldPR->HX1sJ$^;e9+#6JEBsVCJkTl@8va~LUE6=M~`ON<wa9!lKqcq7NWy{(2WF~
zd<>({{q6Km1u*H#Q_3rzUP%j3z$cX%ydOZeeih|0CrA67!<*P7-T9Tj=f_U$Li1(6
znu_XDjK#1JqxGUT{D6`jGx*;6YIvae<bz1AHF7>KY`qJRXl4Jh^I2G%q29UeREp^O
zh)TG^kik4N#MSWp53O5;_~Wdy5-_^%hW<7D2)2Jr;xS{7=3lK2el5hKqdi2bblmlt
zbtndNcX(c?Io~xQ<>KT?NMQD;eZl=5F8yv6FtOOn$bMt;{$_J={MYCJ>5bfBO^pD7
zQS(O>r5brd*y|8qZ_U_njlfMlT~Eygl`H5(0}9KJD6jL}6VjaI<fg9*Q47M>uS2}8
z-Wx)9tog0vsu28&QSQG{X1=mPnQ@{Y`|cwUS|_i0KfBvTb4^3E+vxrfYK#zP8d}x+
z|3SA4&8m&*CF9<#S30_|3xjOT%TD(+N?uQQKWS=A5aMZjj*ga@&un^<Mnw3MT+O&Y
zfux#D%^Xc))Xh$-IQ~je3%-8BSnqV{Jm1imXRo#&F(BYNH-jOQFdx@?UfG_Wrc4gI
zv|f0jG;VNt3d1@mzgUAnsL>qGqsz1a0a_HPboUym8CCz0>Z4o74~M`@b3dbk?%<iH
z{QfTp55H-r4SrWwu)H)NY6&pw%+=eN)7JtHr#QS=zSbQcXXeBvOyV5X{e$^arXH<t
z-P_-Ufa8V&UEm)$SzH*u$^P7YXT~`HY^0PxpjB^Sz{-h<tduFNT-sHOG-h2v?EUP=
z;LdcB4Q4s)n7PC=ORA8`Kxr>2A965GsYpOATQ+glMFn>(u3i%JHq1x$$!@Db#g{GX
zZO8k|Azvf5<(Hc6aNdsSR^(Z`*2Gf|<U&%W_gJ)QMYx=*lZlgGX*7PLn6tGt;-C*E
z`;yA*Mw;xoUUcoT3`skDmZ?8{S)A?}&CX@<d@)jYe&)uRYbI>vqM*R3crkNc$;KXU
z-mB-n!JTo-Ve046qDDgqyPKMWKu)M;8*U$M=hrcdin;qC)e1PRb}4@db%@@-Im{>t
z-S@YY6QQBg%E8<Q52Xx|Y^;2JJU4==8BI<oT~B@0geF*>WXp7?<K-xl6B&T!B7fIV
zha7QL>ca?_gP&IXf-Ku@I97FjiNYKYN$2Z9tgOhpqwE0*4t4Qc-P?F{>bO@9-*&Iy
zVGom$L)-egy+GKu&@*5o!LGE$U8*;zOYqKMWoF<A&}5T$73^F_s>5?9rr0mm!6mx|
z2O=-9?w1AV)IYa)&XQ|VKh^b#j)d%o$~~*v?@>g->ZiQQPCW=qEH}H&C09?c$C%kv
zBz0Lw0VnS|;O7Hd7F9P&sjD=hWs?XwzWHsxUM78SMg?T$h(91I#E8KYxo<1U$krXH
zw+w~8Z9h!WLdyXg@y*ExAy&6CHKo(Vms)HusI-q%B^stIx2ME~L@R|Y0g<1V-uNxt
zZ&&-fkq>FIsd#DaDfpj<REb`n1DF0TZiZ+gIQQyk!CUY;uS*+C@tez>MxYqU(aVo5
zJ17+t%~DN~odI9vS3qM}1UrUtxpw50O`v-H={u84?TCSh4at@@eHR;*EQM5>6%*lh
z)wo0hG<u^`x6>gain``&N|YD)OrXrdDo+nJQ{x)OVU{h|xMO=0$}1!LT@IrTH`cY9
zIiB-MG^@9y-iiw9HO@XTR2G~32<agojGrF<D*8u(vx;ZSR4p=ZMTETVS@lg`ksBDj
za8gm_Me(QJk$+y#b<^a9M0T(z5ADpw>-gEm<F3Iu+O?XGa=@kU{V<Nn%PR%5^&5sb
z9wL<NbJ-<FVPGQTNukGAcBo5H+b>;V@fI$yZ7mK4AwMrW&AnNTX_6Wl3$3lS8F|v}
zN;W!N(Yu_Ei@aG+&<b#G6v<KSaR_@{8J;e*1dJ@g5e$10pXAuEQ5UU|D0}jOUOi%)
zZSqlINNT$rQul@}36eXBQ{-)Okrk8ZIN%!VMYn%@L4H_x!Ph8len_0m=)~TcIsN%z
zruCh7OO9BlAXuV1g^<{+Jw)$TG!>SH(&T5YkNGzB=Qz;RUdRT}@SfF<?Jb>+Pr9|1
z65S1h6O$sCZPV!QEiPP{C*?n!rfckl_YXZYa6zfV+Y(%iBWe8TWoVhV`@`pg#v{b_
zWY^2~)@WI(tLIL)F&c+x)s>Fv+a%n}e7A*mxecZrw^f3YXSN$5khE`3h|<`HSmNwT
zv!r9x^;DOL{C<(rEzB^3TiQNK*6r5pxaOw0%ep2qYANVBcw0Be_eo6W;SV$RCsDzR
z<a>v|Ywyp}tP3&*ZTX>6-{P>DqZMSLwZlM;?P9Cdwk(LDJSdC~Qb2%V1+bBHZs!t#
zq+3orY|I|qiBPcG;mKm#+;H@In}JYGg6$ZeDRdZ@dt)BaC{mnr0G!j>;gF$sbeA|u
zQ<+bnSodvj-?RDKIisdqjV|^6<{vP{IGJk0sN(xNeCAsv(QCDx&80NXnSA^Ua(HY$
zLR0X}K#Q$kAucrvJIeX)_F`N5U1X$a^7m;|-Ioyuo&Nvf$b`lcjrR92M~q_?eXCPY
z@q&LZ@&ku3qnHaJgA;yHgYU@4kkk!v)|q?u$=F?acnN1qS&vl8hXTh;kn;kO=x9<%
z3|ZaaI7P>x7r}mnk+zT|!^Gian~Cia)o$JC2JrV*%PaMF<&!Qq@!RMPQ%6Axkk}pD
z)jeDHAwaI_Wt;7MT&tLym=UhWBR}|RiWSI!;EM!SMBq^9t1F>HW<7tncTnMziCsw%
zRg1~){D(7Bz<7L#gvHm#MY^43Go`hfPUrlG^Y`$elxDU^I5M5Ans@W7*K5*<?gDMA
z=_?|Z9D66`?ZE?ISRC9S{Z+D1897(78J8BT&<w;IuqjquW<%N%z{v@Pdk#sjOABv5
z76N>C=hu;4o2YrOSfy9d{*Xg!1(Yt{nZD32&E`|S3%Xg4b8Jz{3!blmz^a%#NjuC6
z^}Bz?aky>>_hL{Ig;w>d3F!4WWDBZv<5!>OAbiI=E>FB5Z%#?rI4Awj>p;4?o1oi?
z?^C7IVvNq^175CcCQDRLg@f9}ora811nv~gk%>$JpEd`<SF)UGy3;j+x62ho7v(&Q
zQfxPo6}|6;30po-YP1*U6+5Hshp-wqIpq&_8k59HMb=sbbtPPWv9hj%_Tf)q4flnm
zNPEtb+$6ky&9DA`xR{&bfpX2uA09!pH#6Xev<Ku`1GV@P@?#M$Q(%}+xuaJAkyH0Y
z-MGQk{cFe-=j_OFlb@cojpOXgg}0ljhm(&mo|@>KVg;K#u8c=YNQj_pwUI}{NU1|G
zM1iU#o>l=8d1xEP(P1t`sTOcAA+gV-J5cabbW!>YWdCCz!WeeDUT;LLlGFG0U}Xf{
zf3$5rA6q&=Gs!crw~Mk9?6$Dd@Dd^y@L0cDo8~$%`oy^ON-h+KY2d2T%W1q||A4t^
z+}9Zr@E35UgMW@qZF384UP%7JfCtbN`P8E4r>k=ZdhZso1eMN-yYHVrm${Suxfb@d
zhPc`C6OM>p1&(Lhc<rpyPEUA4;8|&hQY}_ZP&ugjx}F#tLFL9hD7dl0kP*`1da{Rc
zT;!;U`sn)UV{0<Go*O<Re5XuCBiUNE>}D4$MsKYJedg~K@DiOTQr$jNiHrUK;OU?f
z?~`~4Y|>M*dsggxNikNE96H+j#@_73l`>e*LV`VY#@y<nq1&9ZMpGrV^^I{gCx_(R
z+N@&qv-I$_WgYNwDLz>3P+kClfM>T9g>^ZWn#i!<%?SjSw^RjR;I#La7qB%YO}s`5
z!p-XKrx+`>7o%wB8GUDO9pG8{)<Ed-^&M$66*T*0Jw=~$Pe17XI{)0#*Xk5zRU4t4
zyoT$w{vXaVSkX-&uUc6zjS|w-?5)oQ=1Q1_KpCYcO9?gMe@^P|3OGzycdccQ{l^QU
z=TVM%RB?*3#|PFmS^0WaNZ#4Gukk7w-6mVfuFUmkn&)?(CHBge_8<*4Oqdh>j>OEA
zzXjEJa<T|FH+$JWn$}VNYP7WCXBv1*a;h5U(%5xhm&r{!K(s#KmA5b;`sOCppzjg(
zKYURL(YGFvmi47<XvAl0TNnW6zlqWkP|_VM;ha0)s;^G;)}c|`W+X0(iHTBj%wHzw
zn2{~pr9l?U*=A4J2@o6|<eir3Yxm$?KWCEYaK6afClyS3dw8NBvy2z!B_m^aK~)%S
zDX0~1<Ce4hoo8VS+(v{-?b+9e`39d6buD|L^f>u7tOZb?cKY7QA%bJ7tO|lvJR2TA
zVsFTt31SgSfP2-K3Vp47iLd#~;#Nz_J#%5C7_!(H^w(HjPHyerD<td0!hCK3ry%-t
zMI}gz=Tl@e=*?p}#)`-3{;Avg%#N-x%pGZZuOg<3YWNfQViDUm$CZYOF)@`23NH-_
zxJfhBI&ULodal$7|HIi85T9<D2hQhfvo*ETv)=usbUPD}gfoeHUxf1UmoSidR)?kC
zJ5O2WAmuiY|Dpslm|DM|6M})6Q;vDX^;rD7cV+`>H0kk<O0zWmXCKaukx%kf0Mw1T
z<~nIUDjwU4<s<wzM+#WK10z^ZauJ)lzxHBe2on;*kihmdC$~+YuK7Mx5|U`A@GQ#`
zy4IsL`$+h5X$B<~-7;dxmCyO${lp4tFd$Q>*0r4D$k_9P>ioXyW^%L7VZF9EOALB&
z*!#}8PtoE65JxFDP~09(;bh0$V0Xh@lm768CUnedbg!~~q12o$wAGojRpp$T6|0MX
zU)m>dt&ia-!5BlL-0hj`zmDsSaL+{&M|Fl^wJrLcG~MIpkR(o%k;cC{P5Hc4siF9a
zfD*$LbKf1AG5Y>La~!j1r<k-nf$I1IPQ+FQkZHU;YQWjNul3eUc1N{<tx{_ln0k5F
zGt}Rt%%KM^vpK#=X79!MJoZX_<G9FUyMRn@vF$r-x{hyHwB_y{cF69HD9N)t(Y8Xq
z(jC}dT9mGN#c;s*?)WK~i4dcami5!v9`PbfT2<KOCYS=R;?3%<7O<ksjJy$Hj~r~a
zG<bOVpiJu}Qi3icH%sK)kb5UVfE#cB9jtuuG}e47bBd+0ZZ?djNbcdK9lp=`+Ybq%
zTxErOF#{YdANB6XKRz#7pi3u_AD^mrSCdChocB&^ci^XV{08;losFk)EanJM_Sd_i
z9$d-CL56CNufCC`mrq1xR^d|tJk<7<TjXb^SP)~&I2jhr0Z+mnQENL)rfK%Am+am$
ziHg`1%`tk$;SOj#@ugUGeiNgU)gkn1kNfS`fr40t?R&0Hm?v)f?f9ie7VW|^EbwCD
zzJEK!TjAv0sBvxMq<PEtv%bd()SK0T{(v-~zd-7UG%GE)0NsImIOE~N2E++fId8>n
zma~}o2X<bNeZzNs-cw#k0}eEXI|w%fqv%B}M_*D`L<*4x8+2#88<8KmVGrW<9p%FV
z^(i}6CBYY-LAnY>@poUlBHo!iZ(bUfK=F?d4>|8%sd5%G*>yZzs`S0{@Pv<_GEr6y
zytZ=5M@!nCIuKQyQ?EuTIEaf1$G^y&56E!FPYhtgIcRS2Cyv#t+p}#cOY;6acxV~R
zjo5|nfr@Q2HJKjq7d8FH#l<-mevJ|k+d95e5}53U6!`X>nLKZj>rqx_$F2b7Y&I;c
znBp%TianPY4HVq48ZcfPmj7@xClq8~>;6cA&J2X*MEdxwSYGT8k(0}bi1g3g*vxz-
zt*VrZ`7&i^N4LIwX^}b#ksHSs`Hpj-r1_WVm4VOH{Q&3_ThH~nod_1ERd`V{^>;ic
zb$yKU$$(diF5!;7rm#dHxt3m)jS{1>Oq6Md9AlIRzXcv(I#;hB9*5p2!FUou;7bD-
zz<)SF_Ce_CZjoTUeEen+K(5WOB#Y(RxrFA7o$gp@K5PkFM|~dhz#ES{5sYz5H4i82
znS7YgNd+QwxG$dlUAOV}I;}0?9>ANKi%*SE;WR9iRL}Hl>mol&Hj@57WPa>3e&s!P
z&pkun^48f6rzdN0&%L^+E{tTL=bpF`vS#DAmZ)`yRD_*Om06q^VSiXa9MJgD!)FX)
zO=E2O!Z2}$DC>+b3J)X9wj?<X`vPmvZkn)L(evErrJ!IJ1v5TTNp)vk5g;E7gKlU>
z$;j2?)71eVJX(qwmN~l<@ytJP5MQeS_g~?<Z7f%+goI8kfv_j`KQy}O`FyHB^XB$t
zyMjAo?EPL0A(qpFU!qd&ejXC&i&_2*6`td_t?j*_+bEIFF_e82J-tg&l@^4v7g$B&
zplM#$GPW&PCAy?rz8La;IXo`|t57lBQo>w{N;biW2aACIN$+*|rzf_;xJ~}Lm)l`?
z!=qR8o*y&21sbYf<Sl<Zt@G*Yj0B*C(Sg&&yS%e{I>m*AI7&5CIlunIP>X@}UV5m4
zv$<24yRvBC%J9|srY#{`?()u$^!JFml&o85J+Sk}ZBwkWm?B1hX<P2EpBjQruV$!S
zE`8HsVP6C2WbY*KP#Z0VB@no|(HvinB%^zBt-%r(w7=^pbhlb?oONV#I4H^Xgt$3)
zo*{%~29hk+Sd;@#vgcj38c+{z==yV_kZCutC@9yENmX&6nHAuOO*&|zR2wiK+aopi
zr1wu{p|<?HT7E9P8l1;+_+HjA62z4ZaQeCkvc)W~<X9^Xy^h8Tqk<}S7|u?kBCj#W
zZ)F`IT}WD?LQDb{^-6z~p~u&GWJ1{X>zqtS(VY-qQs)8}7?msST%~)njZ3=#U_;Nk
zesikz5{<B(3gRR?14As^TQ&OpJDlwsi&K}d{MqLUADSncUH`CTynzyKTq`_^YM9;d
zyLf$Y6OARvU6*~TFCPJ7SWf2$za+)3Kpp*#h|>Y8B=V+LWme>fnOMn@HvwX`Sm(KB
z=gyCN(EYOlir3nml%%4CLTPreU~xdAY$@=YwbdhqIk=^449{r}KDrj@&~mAEt#Sl`
zUB86^o1XgHTqN}}OvX5vxBtY7sW=%VnjV0UzKvX39deb};d-S^*=2kek+#c*)i23r
zl#rDXAb(~#yls@idpK;O2CqJ%%T}|G=Dj@dp|N~w@EYJjxmJ6AbglB<;OG|9()ZYm
zNDuUSdfrEM0Ln|W`s3sy^@G#RB;Sh9Isw0qjIC*yvEBtZ_IpGR`Ky&AFg3_@6Oo<6
zV7U<2_w7;747oL?yZ=rfkt{!|$N%s7z-deT>^r)i$K}v|G>HLJYwdbhb$sSPb>^^?
z!=-_C)~}E3*~HJCIN^79@VfO9NrkqzQ>DM|9MyZmwSPEDCO%kStR%i&iYe%7jFvMC
z>z3iE-SqG!$Wzw*Y0HhxZrh0LA15YI3iP|du>q-sTt*$)PiR~Pfp+^1*sI{D-L!x3
zl%QwOx7sfW7*WCcuAU)KA#h6&)$2I3L@$s5*7<)@6vnVPr@h?q;Z##IG5PFI2L=9(
zS}xG0!e2WGYWEgdu|dikkH7H7Tf@mWCN}dT+VGev1`)F>_m6<7pEN7wepe%0h)07x
z;+LNe68U3RcX4U>PyG@B=j2J<pvgHkFb=5gpM*s%8f__=v0QHqJHA}SBu}#j?Ie7g
z=Cn=NqW=axckRLA*Qz=-euUKALUu4xf9(3>MV)UqPge}&RhK}#@}3*zB@i!1mg+iB
z&-Yn~iinSav`Oy5__tFb|JJI;OQTo&-bS-Ykx7Rg@SO?Otc%`hLjT<A-Fj!>X}&7N
z)1h*|v3TyCY$8%>MhVJJNm6P+U)=-w6wYjn5jB-pGbhq+W@aDbKT(GYi>KC+3uePz
z^9uER#B}w8o*SF|TX;hVSVL)KR864GWGBiL)ry{K+Xe7?{c}({;Y@;9m(YI+`GJ>C
z*LeX*aY6!37n`<V`>F?Z)uXXGdfJxoWVNrVN+%YhrQmm0)LmLtlUZ=`ipdTI=ok}5
z*sJaQvZxu*n0j6lCF~A0`%>4fXz&N1IKgt9GO6{L)X7$7_HT#ei-;UaP;Ixf#`MS$
zmI+M>LNG{p11ce?=>mqn=j}SC;QGyqK8%J*2mFtd{`}l>=@~7$Ch|fCb2K_Vj=HqU
zDNXdCQ?XkOlAC>s_6J`%wcSqH=u5V@Yj1`F*lrg88rORDKTrK3BO*}+xg+Q<gj>(+
zd#7#6iaJ#E>2X}nL=y-x?e0jXZ`VU1GPP5jwim)*ZYtX|jToQoymc=L@trUf=ILUc
z>)@|w{GRYcfgYdwO(-Boi!#!h##u;_s*S(oNxR5MLIWWEJI_Vl8xDpXYO%c2g|hzJ
z`_4Tf^WgYtr07#0XPGtEHgjR>ZyCQ^C2Lvon*5ckGWu{B@XcdA$=m=tx9U*@+tV&7
zyqYW`^h;C{_&9{#Ca3wf+=L!)8?SH$j~D7IaJOZNs-agM-f@L03NfZFmvc5(SfTd5
zy2eWdmb_BPC%L%Iu+i|IL9A+2GWW##)&<KR@95)q>@IC`q<r`BcDt0hIHUAJjPgu(
zeG1PiR8a2Ct!we&)8!5MiPF69WZU`;3=X}I%C#{pF(KfnlD9{wl9DU`+gr-)X!3@-
z38O^JoWt|@wl!CuQ!lw8=^UqZPV+Agy??zxtr!ipZxtzx3U4tf&1N=XWj>ga$u*zL
zF2lxv1!>QahM+egNjY&8Jbeo>zTi6ki3GkFO>B0R&cYc*eC3{nHi$FLU%gb*9sTQ{
zwhK;FGHiwa!BZ|qJ>>}ciZI+LY4Ce`-0DZx)1s^W7R~X)@V3`>S2*ulpNSZ5sg#UD
zEi|Jy?W$`2kZ?RK`aZh{J<V0$7&zFf2|;VsPPlE$cwL0vvIgKWGC&gfL<~OR{HQCW
zqw>$5T>1y7D(2q#c#utlGOxX3oRxA(+-`V8L*{LmSUD)`T?>#;8iZ4oLQB?tmVSiY
zl^4W|wDp)7wCI9K0G8RQQK)MS<Ib-VH{lep%AE<vx4bwD64I|?Bx-v~){xIoU?9}a
zh2VLIJ)ghIRW?4}`+Fy?mP%*ry*fU|^wI23aTwxdDc^4yWzc%w<oV<@DaRr1r)f(Z
zO+Z5*?$*dv(fhSME~^H?OKh{a`g*%sK`O3gilv#I>M^b9e>hr?e-vR@mk|O=T%JoR
zIm|{u#u3A*YW_sk7JFWWUfk^gpmBHfyXYkl)7Lo;S^MG2iy@iI%S-77qL(u59i!aX
zdS<yI*6g{RM*JaUQ`M?}On|@6x%bHyqT1di$<>|Cj<n|VV{>AmAcm>VcTMLVB3yhe
zUief06**T(p5m?2MSm=q=U1FNt#v*t2k6$}ddk^P)>l2mtLuKS?Ni8=RSeouNi9wq
zJ9dVZH3g3~H0KU&9U{8+cag5UkyU>7{3f(Qgub#H+JgzH)Kjj#xLJfBF$8K&dQ<50
ztRe-%OGk7F>CKo@?>x_FsDrM@P|=DmI4u?U!S0>+Zrf)w#u{0H;`Kcd5YU5L;n%ro
zo(*f&JD+0bCYg?dA4NSLclRhtvDe8@=>ADqH$1@SR}H9s6}cxKavK@^UCvr)SyQq4
z2D7mgqR4vi%5smSyAPK|X);7}+Q>Dj;~7#-rM{EA`*7E>80z=s*O;b)zSdsz#nned
zYPLsNT8_1@*|=N@YwYV<abdNH-cSuxacYm|qyW2>kc?4W2ysPUC>9yaqt3aFfIc4Q
zl%`5g+0c<){(CIDcBsqS!yKMhq^JLNT)WSX7Uy__4Je6l0No8h0lA@I<az&$6-!<Y
zD#3O1#=vYCRYMmpr{A&gZW0-=*jH#naflcfLYj@xpT7Qh$*%k-iBnA`cv!|$gyB0?
zI28rwP56hXHsZ7=v$YHg`d`*anX%L-zn3fDU~w8{w>SLNu)i&3oxy0#x&%ORGBeP&
za*)Oq(A_T>F=(D!XU~YmkC=Yrov$_*jF<#P_Z(y5_}OXpUu5Zh<ms}1MWTc{dv)z=
z-RK6ho?xC%Y=PNDx92r$hvgj;TDt9FoBw-5?+r}z!yljMGc9c9xv_mk=Wje*bg^v2
zpv74><gbgEFv4@3oFn&F`d)``Fk5Rw@QW}>^`4{xUaV^neK;?>4$5bmm{t<>qL?A#
zY>eWM*gH_(ILC?Tk5L}t#5QvLfSKJs6QsrTg-yYR6~{bbIqQ)r`x8K%23*8tpGb0B
zOFJVR6k2xAQ>umI{pNW+`gDI<P(|KgQYWUCm{`4Z<K}su_zU+OojH^ZBP3^lJ=&oK
zhpcDRCDTfPxqe0&je2NBei=M9xSpf8Gp+_UfUjg=DboC|XW&a6(-j+2n)SoU|8R<<
zBHjT?v1t=_EY-ePXy7S%*r>0p`v@&T>+_a0-Hf~!UP7O2k}gD2zm0Xu@;!OuO)XLo
zeFgVguph|0o7okpFh7OZEDY##*=QT{Lh`@(ZTt83hu%7`S8bXfU#4u*FXZcUnSOT<
zmh9NGkp;=zL7OHkIFK{87OqB7gi^Iv5=DZ8{{t35>Art#c#7icWimw>X-W^`0O42p
z3W?p?OX6<J$$y={F|OSZwpwIbb(-qhnr;M-CfxON*q?6odiTT=E|(SB+rYOMY{Twu
z{m|nFJ$a?pq_&3I(REQY_XIqJA#fKZyPseH<I=0$OQl?B_A^OqaU3eo68Un1Q0F}4
zbJsNA?$d-FtiE^CRxgUpp>%ywC3~5sv9=Ec4B_ETkLY<EbUu}ybjw@iFQraeKr(IS
zz?1$0dNpWh`gObBlVx_d5K9|HENnK&fR4EDgN~KYO%&F5ZxdxDiSS4`Ad14HlBXYN
zuC@NITy4zkY3fE>YYi)I_}L?GVy(F6@u}@*w%2EhE8?+U1{-I_1fxA0-_X_TTYH}q
z=%sFcNuWQuorVON>JR1Cs#|zg<LwS*xr=NZxP<O}^}rsrr?aT!r3HAqegfu=tn_Hj
z)+Ll{*N#ggtjrf25CP*KhAUn>pY2@_P>~}40EvK&1jR@C#0{O_Tn=ki_R~(*M01;Y
zO~c2=*9gsnh6jvp6lw9nWpL1GX%i|2j&^bT!2bZlpY}-@;<b(*N~8C$8DH`Je?nZ-
ziqlkbx&-q>ty-9aoz4~2MslaEY2Nrs=<2N<xlgmm*;Xzx2Yx#7TGuzwL1dRqfg-$+
z#$|~@NeIUyAajNWrn}y)cW<1`)}~u`9dnF0ACNzd5W`bY<deOf`)~eYbsg@sA&Pk5
zyVEU@NG%DH-J_F?upoj*u4=xVju*rc$(_>5=ri2mkMgMQCu@%k*k3Wt#1gEm-Od=U
ze?_fZyQ^5WD>$wRNoJVHrZwS#1xD|{_4cimn@znm`<k&ke_f2tCg<#aAGW=bo5_hK
zjnPjmS;hy~l4<bSDb+NY?b)QWiU&S+H~?<z@5rciZ5s01MY7Z225;Xnl%U`eeqYem
zoso{x${PshR<~HDS!KuFb;d~c88o36bqT9kFTYR2xZ75`>vE^s67~r0ZCXQZZErj~
zSn>#78}SvK(7Et!kCq8$y2u0Ha383v8WxwRLnftS@s)x|%6X^m?(9de2en^~;<Jcp
zkTH_-D^VgAUz2bpvH|CJB>ojDE^+3bmrZ>1+wL1_J0f{*4X(Df(QYw_UgF_UWVs^)
z@!(fCKZP#_pka$)iJK_Q;5Oe}b>sS0%1ZIxYnp&RHM~L?&$t}_04hru$<p-0CgXW>
z8X(80jIm}vm-DAm5UlMb-LJmZ`H43jj9(Py+UDO*jJMhCp-`arC#k74vmLL8XS%(B
z$q=1d1U((VBcE^Zt<!M2jm_j1=!LCh7`T~3?aO??0yqE;K9skz+gxdowd`@FgO)3i
zhxARLcRZ8zsrD<{N~)K8cJ25Nn?)NOHO<`jmrZdqmX(fk>Fg_`)jr9m-HYkfXT6#<
zWPttDZKEvTk3m;#^nEhY_bqKE=;kXMOCTZk^39BN6;D{vWWAlWF>;W_G07J{Ax^-4
zHHx896x_FW`@H`EAJndRwwB1v(r&JAd`E9I@-&Xb?kD@WIs7qErjn?iY1Abaw(N3>
zMr4qGvcJ^U-L{Q4hpetOBevq{7i?;SDuDH4_*W@&b2Z%UH1af(G31k2)Q_@)RaNDy
z{{V;kii_rc?#D*@g`|1}a#~rVtTUM7H$!>kWS>Dvqia*$-8GcaTNIHP#-b1aa54|+
zMEX&OL$QkL;yYN0X{C4MmOTJb$sm6^O&j|vJwtuGcM`M_w5>C^Pyip@ALCo6QB;a<
z+kaLk-Q{ARE5&NV%UgX$CC>-tkbj7(T5P~cCXJ|qu*%y;;mk62BCcqcI#jyE9#y3F
z^D!zm%e@;Qf)078yg_Lww}SFqdCJ~Qj;Dz@%07L^@~LUKdu6Lz_G`>*N6KG{;@aE$
zPfuG2+8bnCqc6`W3^y@8y~Q%hDDAJ7!6eFw66(%IKX@Li_>MlJlI7WK?0iEChH|1S
zlszB#PJX!lRR*sNQt37~+Iu_23o;Y@QH<mR^f~=2NlM!G)p|epf0c<!{{TPCmru>N
zh&3%S+^w|2K*P{rkVn2L$R*Hp!5pfyLp9dc1C^FCy+vIQX?d+G>?wS0@{T%689VwO
zdeulEMAGc^{Z(E$8sUUY-1%f}!1^5iwOqDOmF;^z+N~e;_zL~YGQ`#%B)Pkh8|<;!
z5}+Tvpat4}^Hk@NbT};j#Nue~ZW>@ey&eDxe=}C2^RDIBEGCr1k1itIIx{yPfxxHR
z+C?eTbh*$a#j+*Blhpjja{ih8Dx6%t4KI6o-&Obu_S_i&@j24o0&Je$Q4k)>^8@+h
zRc$i%OPMuUrhvJ&b8`~^0CB(|56k&dN2v$VuC*QC=}@ymjo)jqVf|{%lEr0nYVnb?
zQ@9ey2lp93$L7S*blQ@7Z}NICxrMqEZLbVo9!*L`X1ami7+j7r=Q;d2{Odv_w~tUa
zVgCTqbvVCt6#dXsC6D4UQLHfBz21l<3u|c{WWTz$T>hj}<B2s5OH9<12yLTHqwsPO
zey21+Jr?%2-kqEKf!L!9$)$K=JDDN>07&y&$YcB)fXid>IIGEKWAO#XsWYmmk8}!p
z$V6b1^c7VdF75S6wI*+~!*rx=AA4><LFwA8m?pc|B)V|PX0~Jo>JxHw9=+*7X&Y;`
zzE@XceN5dNCe$r;JFA(td4*O<N&Bmv&HR9?7G71>qaLLs0h(#nD@dE7BI7K6fPQsW
z`dDP}{5JY@E|E!cP!6pw6mowP(yd=gntT?P7TIk<p;$0K<&N%K{sePb#?eap+Rpvk
z{+QmsG81nPh~~Kv#}qdZ&66UG2Z)}h+<MhJ+le(hm~_20SlYyP#Gl?h*#4%prg(I%
z4)z;VP(urLpC2@j)%o-tDZU=Cku2hxH36=q!^p=QB2&ovvEq}1l$1KXWp7=-uTiIE
zf4E5A9}dj67V#y;{NyaMx7|(O!aLL&w!I{G@>;`hYSz%PMMi`Xk=OO5p8H9UTxpH9
z%+m{v%_GUQDGk^G&{TSq8bQ?VVU?~eCi4k097u;e=NuYSl(`&f$t0iks3fm;iRZf0
z<<TtC>e$<*!@HAfz*bxgl|6dZYfT}b)U57ekuI#v%b8>T9(pkBYHOV;U-(9eSB`YI
zl)6h3WHL8ja6!dmSZWtKeZZR8$UW5Z8`z4@q?BhLXu2=!&r+hUpDQdKM(<D6uAN&u
zrC}s(%D+7btvF({Z8uTWH1n~V4UcY4OhmBGKiS1ks(5-!{kohimf}?NCXQpbVej}<
zx)ze!RKIJURhBu2lok=aO1JSb>@q7_bZV-cvR>}G_P<hGqsw)<%xU_Bx_!p<0pnq|
zNSp4u`Wn*l3~A(P(^{hoBL*WUvD`@q-<s8zMbZrBLvK8Ag?DyYG8C!#kc@v?(Gx1^
zkt9As+DPU&Bt^=u@3=^Be1Z?H6!6mIl{vjSe_espS4|@aK(>8bNWRmZn+di^N$9Q5
z^QUPV4b7$ayt`aQY<H0p2PKC=#cf408{wo(g5GAg+zdb}yE6RQ1GpoPrBc1RmMu2d
zP`3s-TI?H@U+;mmgY0qo*1pD^Vx=uye@`zflg%dDT}fqmZ!LADke0Z%^J78>{IhHj
zKOlcPp>~En7sK-&vB~*lf<KjMTzS@>BEA;b-*IXsj1j?QJwHSF(%i#stQoAWr1GBD
zXtJe#L5z$pD(43)uDY*XZ}}l7Yjz0cipuG2F5So4FP>O&{2(_O_9rz;-Xzj(F0L=c
zk%+Ii#)E?)0N@X9b4#dM-d*^w?H3ARwSb2b6Y}g++uWYs^<!LD)vTnqW>IpN5*u^_
z@2UZj^}!~IU8y^38{5zN>GuNZ=eb*3Mwr<jFuL7dd6AR-(ia2p=~pICJH~eI2Ix(*
zhxFPD15DF2x#rU}$!@a|vX!LT<C48c>rRUP2GH)VY{@AKN{;dYypziP23Y=7($|_=
zUeE6T0Ec3~Md(5a*EHE6lgwtixRLGKv|#|oeFtyGt7u*wxVFCgW!kRWa9L3tF)llC
z=~7+!wtgMcZ0*>r(nzYsPdxnC{Y7fb(X_gQER7Aly5dPA;Fl+Jk?(*9<5L=Ol$58e
zmA@<g18t>cvp5@xC%U|Mmvc=c^O4SdE1}l!e!!`38WDXhx-9bdQH*ULUiGtYbe9(P
z+JtuS$0f@c(F|dkn|1>h#&`glt$A%_solu8v4L{iq=8`KMvXzn?%d;w#bMlF`6YKN
ze_pJvd%af2KjF1$btkv}380Z2o`7xYe;iWWU&E%v)_P-Qh{V@_#Qw|Zwb93Gr`TA{
z1Q1TLPl#V(-r<PJQS=>a75pV~E{q9xY;rd)=D{oLiiuFG3TiOb_w9azQ;T<HYe*)#
z@a)l|G>q42<)|4Yww(TyEv<%<>i4s>_ewz!Tek{-+Hdf!9b@e}2AvL{XShQ7X|4zH
zx#|J!z^pAU&GijZ3t$P{*<<LVlUdF@l8rlFS}*IlN!>Tl*w%GswbbNWdpkug70a|i
zn3e#Xll7}Hc!pu6rTg2%ETTgM*<2P<GCF=Ds%o~jV^g@e)UNikKg(?Z+`&fx6VP!_
z^YqJq52+e_trYX{k2lQQN8ZRD_^r9>DwBNH-}<pOi%UYbqopI-F0ZEN?9Ou0{{R#x
zzu{J`O|G$QZ*NBHixehhAM)J*`E&1{4P4Tm33RzXvyxHe&KgU3m>ud=hE+ZC2kBXM
zsJcgr#0TbrM%jk`DBq@kG5J#Ej9g~E8E@MC{{Y~Bm|eTBsK4f0>l#gzQ$Y+yMv^$*
zHQFMRIZ^Z?i&Xy6({A!WxQ^7paT)4aIY<35QCy@NKBpy|g@&JSM3K1U#OiU8^gJJG
zm&$uj8$~K}1=-vfeb?N){YGm=d#-Kti~O(scd)u?>Q}Ih^^XlTqsj!3%mf>c-Xs&Z
z`Qo)LCo8JjX|u!+mu!+oPaaf(dHgY1{!CZeCEICHI!q@=k`R930P?=oet#l+yS7l{
zP=d*U9emJGbM*w(Q%xwox@+BQ`2PS~idx*GXKu0S6KU7QqI;XRjR`y>fCxWAa6cNi
zYcKp%U)c<TSRsivj>_l(2lL{gTX{8oCrXjz-*F4>WbVnhE`Fl|rM#LpgHqNYAtyj>
zoDc5@7(a-`5nQP?va|J8yFm5+x|MBiraC^OaWqVBtzE)D_k6>K{JB4kM?KVu;ahv9
zjh5nKAZdM32_yVJ3elG44>raGz>iZ8B*XouP(PhEFCt5;jV5wF&t(ix?Ud!eJdsB$
zw<?!QeD}ZIpkJ+rOLZN#scUYrlx<5AT$Uf+U7>$Gnxl1Uk!V*MWua*<AeJ_pX~<@5
zj1Q+3W;?j<EiJXnpc+VB<Bbn?E%N>VW}oCqrhjc-D}<VD%?c6xA-QkN@lCE|-$#Fv
zYxQgTxR!*^aMrrTt%63YH1LMFanAA(fCsk~m*h*LcxvMkfpt5gN~5f5LF4O+zhmS=
z`aQ+Y_PdrJDkML{%Y5hXBB@7iw)!O3I=V_$OQ9mBerb3(&!9A=cCYL5O)tc2`tuzS
zT{l6oypWB`j`1gVmCgbB0Zz3MX%;t`g=D!~VAIJU$ll~_j~}V1?%{n)#P)Cq@dQ!C
z%!~I?a2V2D&2OpS%WD*e>@l-k-OM`3N2j+yDlcuiXuWN#{Julqe^H5HV)4hVvMhFi
z3p@&X$__S<VtJ~NTVD8|Qj%$3Y-5&l_hVl{Ry;#>n;kyRC{_h!GZ>U(89y)MkLOy@
z+KoEKXyz=Iu-mY5pMB(P24Fpb+nSY5GoLTnR&UMQ@E<cu{Yv&arJ}po+uBCfHmK6O
z$THFu9ep`CtYhK{?k3%HX=Oh1&iF=uG0k4mXVT@8=GNZIZPGyFFE`BKbB>rDDuUYS
zSDaei$!jlUxfxUc00JF95m7nRlou?Q<?_^NMK^S4YYV2`YE5eLNoh1FvBt;divVyv
zM_R9Ir`*^>sjR8<HK{Skrz-1_k`I0<z9h1m87*$5Uz%u?J`P6p7&tzMgGu52M&&M+
zz^hMdK2hVwc7xQ9N>Xw5?M+$#0G`)CugP>(vei7OzQ=lo;?26D>YnO*8o8_6$7!Nj
zM{O{g-dSXm%pLjw54ahrZ+s^`wZRE>Z{<5}h{*d(A5X1pT4~T&=`(4!;pb93<|?>V
z=nm7|j;5-e3av_=MQu0j<?|G$9U3{^7f_GPj>7eP%U6&T^@+2=9^SQITS;Tq?)>E{
z##UjULU{cvpiM7Jvv!(DjB*J)s08i0CTwL}APy^Hb1l{6R`SOd?~+GHK*8fYFz2{G
zp{rO~N}nX2ss8|1{RHYIE2LphrQB<J1(oXaa~hPB%sY1|CkG~<rD?Z1MUC9dO5IHh
zh<1F+0*vP)jGo_0yB?(--k&wlMpJDtS>Y!t5RIoE*ykRioeMp;iQ}>iO`Nu2QF~wx
zqxJmjWlo<oYAxNB{{Rb<%_}rg)W6c~G^?nG{Cr%i$&c^g59SRm>}9-5siF*->>qAB
zouePhrP3Yktb{VEv=(#9CJZxx2IV8)KhCXL!naotYW9v@R@IP4Aj2^P<0qvx4{2xB
z*}syr{KEDt-7;TVUf9OcOM7i>sNKYvDoGyTf+&JWY>l0(O6h%ZX0Rw6d0Y|+_a>?6
zcGq??-(TGW9PE+^<B)RfK4N}?o3B~iUEV``Yr0#M2$LcXQTB!edmPlcOOx8$-tFao
z&;A@NugiT4R)fm%a~VJ7-pxV(0KQazGf>(y*y-Bs!vnc)3dDUJ<#Ipos=uh(!)Di-
zmE5crc;iB`kC-qZk?Gh}daHf58yI5>u-@FHh!k_T0I@##CaO?yzjb!LdN0sP-}>xT
z)%3}ASW)6uH&(Hva=eEM;I4C%#z8#&Y9-SyG*1oP+;T3bDw&MuVrSHP{{V$)O*x;%
zCMIlI$7s(YkGew+N&Lk&;{O2bdUd_@p^HxJW3~qY!Qnyn3I`shl&RC^l=|wg_+Rn)
zjY?KX<@`MqvTL@!Qj@jAKeG4zDcZiF9E@zNl*eTg91ij~b~V|8)^`)ZYZN9xh1F6p
zyFuX)<J9s`wPhVAO1(a4K+?v+E_{dC5*!jvNIVR7tYw9iY5O?6Z?F6h)TL25b2MgY
zkVSXl`-Qxl$+v>xUw?i<$X|2CP`=d~;xTJ%pJ%gAyAuBZ7rP$jx{JFTZAQi&GSOs!
zB6-S6<$2CGp2UuS8p^TojI+;)Zms;N-)z2HWP&=6twl-|Y@tnGrThN?!wxf!t&F_W
zZg101*r08+Q!K7<s4{Vr^r^IO?7Lk_ZJ}u{rI{KzBtI;8!N>!t=~X;Oe|Yz8Wa!Xa
zL-NNLKvZxE^{04l%4u5a?l3=d6Dk%U0PHc6Phc`>MXzsYE5GvJLA&x@kgtd?pqn<<
z_Hb=Hd2kLt9<{T3tJ`l&ORGr!#djJ?8Zm}K!>{0TSf<}dv*LS+ZzUa8-{nF700KRK
z0ax{VjWQ{qw4TC4<v@#+n+%!f9E==hh)$$n`J}%;kTn+7kxKH;@56eGbHw|Q^BjYt
zk3;?ydgJ>(&d_TX&@7E~!DEfrD+_-YAIh}mwHl3tF+^HRS*?^Id~c3L&ekK`4Y{n3
z4lFme*Sc-j`m(-ipYAZ=pVWR;e$SSCk=k2dqyE3G1<iGL(7UQKHT0T|yh@i=g(f?C
zO%Vg1sOj{o+Qdq_CB5CF{^@QD!oc!@hD!ZI3Y$riDK3teeA_OeSGQI@Bt!fM@#Ixa
zF~ydfs@vZ{(nS+SOijTVZKRJw$fqWyd;P2Yn%DaDxR#$IO|4&3zS1={Wohvf&lu_k
ze(?6lH3Lf~t)c2ABHeO~v9tG)6p}v?Q^RWMsA(5gMn|z&N*CyHmN;QmE@qAmAusfu
z$-eMAul)0Eq!m8g{<WmEO}{(&=(S&Xk##NY?x(O>9E+O>Qdiu5`eS$I4nI1j4czy>
z8^60TlW`Ve66c>Sh+;nv>snV43r%kGS6oX9z{<<nSZz|L@T$%BeLd_gqHNjUNh6W|
z!+-{Ul;swizMHSU$uTGWer0`9_E<FSHtraT&2-{vTl>s_0r~Z-H*e(lmd{R#21|Jn
zgQu^VoyYM0l`MWu<^9c+ga~x`Ba%G-0Cff%{A#E6i2ld^*=}zXy}WtqH#Y4412mqE
zw*LUA@Ath&{eAlmRfkd++DKsyy`fEoxWH0FvG+O6NUCr3y&~q#7+Q#k0gv5PVyE-s
zrkXfmxx9fCJ;tRA%5l|KZb1A_YNYFNr)j!fj52SN?Kqey=XOJF`V7-*+RLZt^j~xS
ztS$Ebv=UD@RkOd-?IPI}6Gt3qe}n>Z$N8GAtOBd0X%^D?kQGuGe;YGnKT5xNkw*@*
zX{Y&*bn*w4m%iuwgXx-*IIV289V!{(GTsPP0-w7W8OirGGJ}?l@1uYA_QOuv{{UMM
zYOsdBeKt1&d$|{R2Z*6Tz(1C1JDckpT{6}oWfNJ+Gk~r#%!2^FdlG+@SJBa4T~AWI
zk<tQ;o@wNg$DDiPkH(*BQvTs@q=8yLF>S2vh{}&reQ-JY)blxNv~v8f{{Ro_*zIi}
zL9;-f7)ho_4|h2$Y;*S`{`b_?YYiwHXVvvG!r4yXg#6PV@Ft|ZAKN}HXxN`3HrjF7
z6R+|=ooQ;V1X^5YQdu!9#gYgZ4XP9cQhQ(@)}xX#a+leS?b`j=?$wu8M<<A6I$K}I
zYXnkxf(w6_C07}5=qjd-stc`7F+Gi$C>lWN7S;tpBd5}x=V^Bu4&!G!Lk##TlI4`J
z>&WM&GfK0y{?mfvPP-EAZ=T*^vC5tfJ01-_dXlLJ&2^{sV6;+t6<W^ARd#y|hK}Wl
zV{dZ9=0EJWf5wZ*rnT_>tZa`Pt<;;r7$LAR`c*AT$@KkBYi7tO-zoJSLHw(KNf$mM
z(<QLG-?l6?S0r>{#?pK6YZ`Iql&RX%+xqNNc1iRzpuLAxjcqk13pf~t?DZbc>OJY6
zBMla|@p2XvM33kcbgOZAO6jirnJ#U{(Yf}vSx0U?>uP&#KT@-SW`cH>6=+j&*yWUc
z)9yziv{WiorsF*y=Wd^gE^$)2GW46VsoPw{(U#PswRDO>)<woJeMqbe38%NzA(8;z
za=5@z$@Z?w%G%dWzF2HgOwp0{k2GdgRvlNi21aU2i^aCIn^2Y**_FgDsDWN4<T(wD
z^T8il(c#>poaJX9>+ceso3h-?*E}<GCZ^L_DwyXxwzGvQ$Ed;l>gM&*t?eyi-XenJ
zMQ|8kNxgYLPEIQNkds=cndYSMW*J+rn4s-HQm6E+XxdBf2V5k?wZtqyW7LEo{(zd+
zP>dxhL0P-My3XG+Q*9*83nVdkt5ov_6_F8t;8+5v=q_!v=`ITuOG}v^L7t;#G5DNT
zjozVdw$^tSY*XzI6UQWLl0tyrH@0f7ucX}C=+}|kDVyyVUTZ94kex>#TB#=&%?)jL
z_v(b5^nFOpvR{8>&11e;P1{J>9HvNO8}c=ACyM^&80{o;9i`zif`0x%JHDH;DRgjj
zyGwgSb$JcOE=TtXLf9Wn3ZbG{-dcEuV2Wh4nGR+jbgOcw>q;r79X=~x%SHV#eSC_R
z(KC26Qhuz{gZ05*@vWgGmUlW-2ujU3R-cYaqGJd3rdvl2l^w2_$IiKxWhyrQ?6z_<
zo_eShS{Wqq51ltJX<`c#{r2Sl05e1*$;!Iuy*j_ajl0~&)Vw)&HTj;^L5k%0h$V2W
z3FM3(;*SzS+GUlNmm4vSP{|?e?oD6Qq?Sz$FJ>j~-sRTVw<mMqbNF(93coDT++WY7
z+r%f57<Vho11xR;004fx)_%sEpxktFx8tq8b{{)UU!l(EDH>_ojQ5eVSp;3ce-j1-
z0sec|RsHnZg~^s&00t2k?xOYpS92_}KA6IFgxD;bBz9e)g78=c?pvqQv!Ky*xbCy|
zY2GkU#?Jgm%mE9Gb{%Uvm}xl1oMor{KjGM@)K_hyt<qXWYhkG0{`O;Rs+RrTfjDON
z#y+)|4gKBzw`nAfO9@mWjul2n0Cp9-uIVkROmE?xVTnI>MB`uzINZL}-7~||Y0CPX
zjF&AEZ-FAo-f_V`)J~0ARppBJcfWryQi_e<=55ZC=3iaiPb%8kdCj&*>iqOk-mO7-
zVHSyawwAtfTgZ+L-_5z3BRfY<m4khMbEsSyu4F97pzOZDcCENHxfjD|WR^R4?q%~N
zmP5cmK2QfzPD!k3O7oYqT_5%3sd83JnTe%q(@UsDYcw{(-gXhPEFcbeAFWRE!{QlR
zO}U9J?_tWrB7N4!@R3!t$h42`OL$>hi>Y^m=CKH?j&qJrYJ3`olQy=K3rXRa&$(re
zUBHrigV_64u#~wJXC%{q)}%DAbcl4D`=1YLt!;D)#Lc!<J-rxLWdtVPD_eAE+2abT
z<lwpt7RTd?=DbH?BiczjfLhv87DYMV6CMZEPZfVa38+J+UQIC#YrX)v`_0?*{#DV3
za;G;(?)1LD*O3#nmoTxl!uXd@u!#Qd&K%4~OqJ*QQcYrR{9q(u<=a^V3)^#JAP@7}
zw7kDBSc+I<3T`D~aCc<kRknTy8T=`P{i|5B^5xvN(>lyC{ADsfA(31AHETV6@A9|d
zugH#W-HIBOgu0K4VR=c4+7yore~6Mu1K&T&t9YZ&)O9N>OIXYNo?sw<c=i1&RI+Ls
z#i@ozXzgyKNd|Z=w2*%Tk@!+xPG{6C;<S(y7bYpnj31Zg3!g#FMM`m$WUui*zhS1+
zUP!OvE0d$d^T6lrcROP)e}z<aAB{HYR`*k|jx}aopKX{9OC6(V{XbeY-8R~5iyyXJ
zNTdBy#-lAG6Wh>p)|ujK^t02Wip+@KZ{6-uh6tQvKU!5=PHuk+wx5sU#~o~z<*8(b
z(@?s-VZQNTUBj{x017=xKczAhXzx7Pi8l5TlH`BONt}G&Q_epclgf|%4rzW!Hl@VU
zH$uTeqWkmCD&)&7la$!IV{;)v(473a{aF4Ls*7&^fAD|H?k43?ad34jdkF9)2kjSf
zkKi4Yei$E0isI@kdq<WyJm0iAiq;?b>64Pj*q_h}vns2-#89KFT*!RcKZv66*#7{~
zN9RiABAPkPu{ROIsT5zrjKtwbzp3m6HlDiw0AKLh`M*JEM==Ib9PSB<6*rQO0<Tbm
z>U#SMfprO9+FRM7#CIplwYA4GlhK><AB9@`A}ymsbfwj$4=a<8Fpf(%qK?DZQ!D|z
zyZ+Uf0T2Z(B0OOL<$(1#{HZlAWS3v-Ur)uc>0%t*$vD$(pZEFmFD}RM6WM+7!1k${
z_TJD<dm3+yksMg%r*Xgo{gM3gX`I}bv4MPu{{YrrKJHW=c9Z?%-_TWkM(SBF;nTF(
z7wr+o2c7&7sqVjqIjM5xSNpwtFW0-=Eq7wA(_UW&)80Y$neg`*KfAV!9PRr0)%b)l
zX~Sc+zLjn=U!%@{z@N^blFltY&AigfVHw>#hy7*K`hUBcfX)4)i>YeI$kSp!xwjwk
z(Ek8h$$PI~i}dq-yZ3u&R_jfNK-ZW1wHuJB9!uLm-z;hW08Jm;`I=>%_LgGe`Xo1V
z1GHSoIhIq=P<ncrw9v_`MfR;pn%7QIx;u5?u<Tp<3b>Zg$7>mqDD4_Gb83T@L5!1v
za9aaD)Z+;^b@#pfe7wI+LA9~VU(F?y5?XIE>Ni~7I5{d0{Ieg{ptSJjrF6@>Ap)Lr
zGi^Ba$69l0{!^IryK@sc!I}PfoS%N*g-Llk>6VXdWoa+&2l`BfvQdAzpI=(we$G#t
zTBZGb+cx)>h?`c^rn_WKIpDapwoQ?wGKPG2Bzluet=lXf9<Yp(X18xHKzkNl*!(Jv
zi4cx=)MX`Lv>V9>8=Lr7@ilwIcLr@QPnXH^n&`E}fOIW@Gx-X;##E<L)@^<l{{TP8
zTB#&QcmDt%8UgR+N6-8Um&ZVVYoB-r^`hl-sc12JMGqhFEYw~+lNzk&KXTlEB5BnA
z6#ZlQ4SY-He4j7+*Z%-`(<xZx*!r4E`XhuWqKW`0qKW`0qKW`0qKW|ZKZNt<!%?@-
zDJseNjDJe^9}=H8MA9yYU<Q8y{uT4r!kdkn&Go-&AP@Md{{ZWn`VQ~?C%`tZ-WLP)
zBl?Q*aS{FPX!l9|);gg5*s_+bBE{l(Zcp5QDs1}@D{oSbEoA=LxQbS|w{sXoI1D!(
ztWR8Hk9y~IuijhfbN>K((NO;Yz)2OkshKVBEad^NE#-(?Tt>X-<p=Y@$of`Lmb3Lw
z(*1rzYhsn$))HDJ{5n(;+rJY9c2|x4@OpY2Qrq0<m-ZiEnn|s&a|xH`5g%ssK8A?&
zZBt6WkU<L1YbVN4-9VKOVhQV1^^F2+6&Fy)C)uB<aq~uf5BSte+Qm6IdaHk0enVWZ
zOPY3C42!4DWqmTFb4(iD<N3ER2a)VY6(lz^*u*^P+Vajez_^TJTVwvvJmc8Yyfdjt
z+B;i_-eU}dDhA>Z^dNV^?N+ZKU$-pVg_Ycc0!AOXxE_o<A7lF0Od}s>8Pop1N3W-;
z4ZdciN2ppRuCQg*E(iR3UB&*b{{Y!P-9FUo3u~F~Vr$r!?Ga@@(-91lCql1|hu)E`
zFZ5ZKdrMZ9&QtsAH9Nes>b})eT+{AcjbBUi;@&efYm{((as29~?%r-L>vi3C^ZfgX
zYo+un{{U`Y=$G?YU9Z|LRf^(HyL({$D)sf1^UW5oqREtKRC!tCfI4Hp(xry_&r#Ct
zPN4)&?hGbLSMJC=6VzmPspAsC1ZixZTEI*)+Rpy~>jC6#Z_fslA<V4hc<#HQw`aDa
zC5bh?5+#LR&f+<KRUm;JgQ)fgJbh`}X?9zPwOe*u#Dt`hsQ&<6AFmxqsinLA&9OIA
z8E1e>2hGFA2*w-N2iMx1*DA12soBVGEm|$j5Nu(A8ONs`N40L0d6b*gEqy!N{D{`p
zGc2XO({HWpZv#(c?mo+KIoti-ew<_8mr!f{8&aBPMxRW%e8|0a=daM#rk`;Rr3^FJ
z%koDiUKSkz>M`tj2CBn;x~7&zl#DJQY_w7x#IAW${o#-4QOLP0rRKlO&3O*`>b*#H
z*!3Gb*tJ^%(nKN&Ds{*iJdaLl)$Npq_QO@PP#F{>!cGez9S67s@lQ8td-nTFTZfMF
z84D`0<PquWr_<ci4b8Rv)$W_Uqq$dCRV~3QgO&8@$g64%yFK>xUB2O6j?|&G{@SsU
zYfQ-Ue6yoqg1n6SjDIRw(mAbS)MA!73<60Dr%ag0KTbfTg8g+X%ezTH6Ism6nEoZ?
ze_Fusl*VbVG|3o<r;MMW>Br!IN{LjDv`K9y{`GIvYA)C8Thg^zFFZAU9K^i#(Kg2J
zRH+}QHBUpinqLj-wu_cA$Gr!jJ%5!;;aFPFU%arKbLBFy>~Kf)H9v=KzQN)>PRWPv
z)-pzWu0}sYT=e<n?A)Jtzw7$gxmjM`OsAt<PcMaaYh>rjP|Nge=lN8YS8~nZYuJ>W
zz}rFp0AP@R#;y2r)opL}n<)lRGN(P%k_YH%d^utN01~}k#rl~V93Na_icp(SSKUc|
zW0P9?rdzR{Z*+}5`bWo*=gr6Q9i=h&<W?+yzwz_21niZM{qjHh)pJILkAvo3a<>8T
z{_80}%AwOkFOBcn6f>`y%D$)knyI%XO8r`Y*W4wem&}I9U2D?n%F04q01?}TR#TN<
z%QXg<r@f}2l0|uCbJZk;Wx-`U5HbdMqr_Je*y^#t0P>)>#E=C%5_#S3b5%7<bhwFi
zTUEqTpWdMV0G3jBA4AkvG}=#9c}IWvA2QNyc`^-OO?@{|k^&CGcShLz%6eBzqsI)I
zZMC+pzIU9(t&zdX0oy&Z*i$??dXJ|M?H5;7oJDUWfD(*Uo~NZ<)DuyP7^k$Eu7nv`
z;Bk_}IRuYfdV3LDP^B2&v~^FX^}qDVoSXMq9Le@QF5%Npf=CR2IkyHfV*Ysts5N9<
zz+ko16^yoJhW2m06OIEP<lmhky8+hr&=yIf-!vWFdKMq;uR=T0Le}eVapbH~Lim?+
zAKXZ!?IZn@&Is&rT`I}w{{XH2<3Cb6TRC+5`D`T2`eo9vjP>%#8Qblj@TjM^T}Mxn
z!s=j`R%{v>&qhP{So<CUtCrDCX>}9=X7bP%h4YatT}mHu*!ooqE4xim;TEW4x`!&z
z$lOU0`^pcuP!CF$qL(A<eLn3zTd%-+?p(N;?I*LmlZj$POU2G|jlgffkJgbi=wr6O
zwSy)rnM!Q~{Y&j9^3L2Jaa8ZML1U~wnRNhb7L8(3N6e}~=RNuURVKb~^w?}=vz44%
z<z;mpP6js*af%${X-VtLzkbi}K$FpTEd910?D(|{rdTB?konjo?hW%P9+_X(sq0n~
z#h}cVxt1wzyx=1l#AIZC8LN86m^CdfIHFX7aLYReI8x2S4EpA*#~6|}NFGSO%_MNX
z2?VMf=jcH-a)X`WF5CWMO)XIbHWJIB!)4|ih(bw^;9|(%pfwJWsoQHBt;BADWI>2n
zAHNtN;QR5P#+#>WPpH^x!5~$*RAvS-jpGCl$E9KTJ~I9xjDx}>vHD{l*0FV0JtYlO
z)9%o&S7~3NuNCdT_RRW3CkZpNJizkPXFr!1#U3QHdF(v2EcZ6@w7yswB^}5ZAAqiP
z5=(y*1dlBuUEq3?y1I*vVH?E8#wf&oU@=KJ`}xNhJ%BY3sH#(xYH4?G>(PzH#iofa
zts}P6<GH%J5IM42R%aO?o=+aQ%`MrsxLa7^1IfC7wNCxn5ChNSfsbl6YjJ${T1;RW
z3}WNVZi>Kw0YC1FcA(9q=sB}k+UD9Z9`d~H$lO5s*G!eUwD(f{xBLiQJB^$oy6bmf
z`O#W}kP*mYPhZ62^QgYfJi1Kw5jYnN%5J4&fEoT~{V*x^vB;hsg6mR}S1>uac*x5)
zCul#9H5QM1bE_@vk=n$Oq2B_Z`RmEc9_PR1Q=@4=w7z?5{z0v;*qSJzONcc1Px>8`
z4dnj-%UO>>_;ocB2_(LKR`j%1Hq3s{7kL}|*zQd>-tNLJO3P2TFLyFIEg(NAbN8J8
z0C@iZDzP+k$Qt3?d3MZ1CgAN?m%NSaI|@q8Y16jaeuxNlIia)CRj*?#^N<$R8vp^(
zayt&E)YX-NE>_Y_M%vYP!b`@<mH>3*@&FjgG}&XewieeDM%Q;s7+3*3NavDNemNxc
zs_$}Qg5p<SwcRs_+i1vnI*8PNaeMljZpu%a?*9Nk@(tF8XNU>BvWDiwNVYLCi^|!6
zq;z5G2=7(=Ij2h@mr?S;SO@O65CN07C$Q^XHHzF@T9?%?7)iU%l~nw(rZ`jB4`J51
z&lBEx?Q8aO(b`EC<b(~N9mErX^sZ{u;|J~Kzi;aH^fZi{_Yo92AKLE(XH&F!owCY|
zSf1ycVzw<OxP!&hTgej(d!#6%sAX08Nc;!uSfPKhbjD`l{^>BQ-YCz1Vt<uvctNI`
z7V}YLSR8$wobsgSa36;?IDTJg7$s+W{{X;$D~@-weGKmkTz!iA`J_@-J7$rTb@@m?
z<62hwMAp6`Y3*1&yvpY>pPDVoNXYHm2D9|kkNbC5Ss0`u3B!;xh0ism9lXnZq~6)e
zXMt5<npm@f0l>)m8mbH2ifZ<MJ;gVx^C^p%b!`P(QIJC7=W5P~Fk5KlhxM!O$~7HM
z*6v0&Qd*?HFHhkchxzSQ3~}okef6S64W-00hin`po>!-A)#P$vw$rZR2{g7wDA<le
zjDo*IfNMxy>i+)wt1?)y$^D;srs=l<UN(#OPCGa!1bsoQsBG^w9}drCs#;4+&y`Oc
zV1hpklUkZ)nJv|ZopE|4Nvzz2P(Ei|jAuTd%DN#6W>mr$<m!Py`jhLL+7umCu8QA-
zOY&%!H5aDlLTJEvg5LT`escy4cqelO+D>|OBCD^4?c>sKEkw6F8c@ggV<&I-M{)iY
zwl7mQLNW5(lBjX_KtkWrs?Vv(9hLN<7j?Y8S^_?pKdo-*QAxMw_^n7%ky2d>6R2rq
zO^>r68w#AbUUQ$VWn5Zb=~f!u%kb9{1wsyTrH)VJab0k^Eq-mb^oU4X(<d1H4KgDQ
z#iBGJQaN!Z3Xhx~PagEAhNmm?==J=p3T<w4_O}Kboi@fO@p9H`XD6-#953c``Be+Z
z#g>n4r`k%)(%lrCuko-0AbSjf_*VVqm{#`dQngt=*031S4@NlPkL6jKdwqxdCdH!7
z^Oli|j$>9iKZyhR*ELFVUgWgw{H~R~S)yxn7Yh!bbFAJo#c^;~K1MRCrG__q^x~=A
zSl?@w`eAkfN)~xo;X!8L56EyS?HcKJI)&~0YcpL;0E2fR<gnfT6=h<(yVkVn-aVFZ
zK$1Q_SkbnY;C@vNbNj7t)79?(0I#@vYyE5=+R-+peQjwH#}pRQZ*$f5E&%odvNS7)
zvC;KgxWV%Rq9b||O=#(sRw-erTthqDOwh?0ml#4yl6H>0y3+Vk6rV-7j!0HidA?xB
z1Aq#T#NwqYlc^ToubSRNx=H+sKiP9$_<Gh^<V$a}v;6atHzOQ_>(@0VoukP;oz;rm
zTU<pb^CM`a$w>!HgUAGAR%|+~qgI*kgFJI)DdY5CKs#f%(xAPxn@hbORIRX$@XUuB
zm$3%9x#_D-E89o;ekjt?+T=F&w?|M*c$L!NNwjt<b6u%TKJg|Fu*-jJ1aB<y@Zaqb
zo|)r4s?Dv{yOo8UrSwT0lQJmGpr|K3$mg1(8t&Iq@~%jp-f~5?%X8PFG42mcS6wPG
zqPMz#hx{KiIZes-9d|T#+P$n(z%7EH7Ska<Un7)Z(;c!ss$08ZawOBFa~!XUEoRRo
zu6|N|Msf70(r6w7YjYaQV<Qw#F!Kb1{#mi?Jq=AgvACHc5*W;=8CBQ`Vv%?bJx3Tg
ztyZbqTmJxG@X!2+*oHH8HlC?E`C60{VHl6UAQ=bTGJ-z}b*-?u)Zo?Z*eJMGOPGnl
z1Pl}S98rCGQ%ZSnqM3?LsUji4iN`zC`W^`S)V3l!rk?LkktL2)G6g&s=f*RR+0Q>p
zX(uHe_I`f9qx?f#T&A(XekQe$?X|u`a}xpnu2J{L^~FthB$l#4EP(E?D8=!^#>y4(
z><w4ZZ`W3xEvJjgySJ0h-x}aHIABL?_opP+u=twh(smM9Od3Y>KIlwmApSz4GENFh
ztF`|C&(V#idls%>v3u6jBc3>!t=>N)2N`3y5PrR?hN-8!c%IFU{{XVZ3bRR$08Hnf
z!}Y7$g_o17Nv*1eSYTtbA2*mjQOBh&t9rVAjJJ@LmOFqIB7RVYC66CYDyl{;OPyNI
z{{SVhqTSVlQ@J{Ql$wZg%w4>YdN%N+en1*+k<**Q)8B0?0|zoh58W-da*wGWtz`I$
z>|OYOOP1ayOLi<albxh+2lJ-dTfh7uw~iS6(uT*dz^vt6`&lHexo`Mfr5|-)xuvCC
z%d7>uixJNXNe0FHtDF=#{0RIiDeZ2*;WdWp+%%B6Rx&90RY%IepTN~m22R%Pe=8|4
z#}IbMsLnr3)|QKVCbXfK5Udk7?xW#$vK(jB=lRh}O076^KY6?T!6f3{wkGneZ72H;
z#Om^1Ni&#+e|f*|<o4iW@u?s$F0y23^0vsf$Pj$0>@viA0fAK|)6)L{RI}8P#Bjls
zA&)QRlY+ldQR|amE}?5@r$+HC$Ifk?S@(03?cTI<a9qu3nzg$2{7JRlhkc$aZ8>!7
zX*WrGGkNoL`B(3e>^gpRV&cv#%~sap;nggy;tvdY``l!lb_0*)OxG`B(quPksXW&S
z<wThI5l1Y2@=Yegb)-Xkd5BhM$J*p42g_1$pntWIMWc65wY2GFx8twpuxo3NTbWwk
z>s3gLTucOZvEw8mJREzRpTeWJw0kRf;+2KYr*$ux^Bk&?{72bxe;O^d7&RC#9@I?)
zF|rpc_vB0wwLts5fW=t1ib!svmU$wM;%}Lw&&;u?$c;zgl4+|-%{%%0^?sqYgbjRy
zUbnEcgxpOJ%QVi%3J>2n9sSSJp0Mfm!b_{`OMUT4@+>j(x#*|WvCcbFQRB3ZOM67}
zXOMZ9Ge~mLA@0Zf$FhoT(_KjL>AFfZWmGiR4c0vK$^P-`d(yvGtL<;OdH(=kAm%mb
z?$cJA?M~7bIY%P^spMn)D@xx<p5H($UMM8IBYcxMP?3&6^~p8U7PUuFaXGkI86t&b
z0fynmMtYp`O>kE&d#UQp8#7HiNL5E+&u>9ob*V;-oVRkljbkSzZLDl)+DDUdCFQ-{
zy~{w2wIe4x$RT=x{zXL`v&-Q->p9W4T1td&9H=Le{Qm$tsi{vLq%rB1l4W6S^Gc`h
z$^HYNu8bKc@TJ7_#)4_Bi%S0h#Mt|U{YGiiQFnxNvUlyO{WJ+(S+cH#W4Z9yv6~~$
znczn3r)XjNimwcJ`X-Bb%F0z{jnUWUNfhNs`gG!xM)FrfhDokg+@<(v*?}V=dLK?Z
z)z2d9Ol@2|9&M{Hn-a)3M#FbMLxWcxVHtHxb<<9wd$da$S>9_F6ZxVGr?plvk@7OK
z5rsaZ(x9`C`$tT$isnZ9R2K{)-~P!2sr)*9DH_;bOQmX-DivZ?Q*XO06<d-$K+Q|3
zJeQW!i&%)iw7d+$G0S!hkESzM(YC+f?Ed`;{=EiY-5a|-W+JEUcG7+I>d}YD{Hn|r
zmzSEpk*Z@TZNQbYj2s{5n$xw?VvACq@zsmnMTroBv3g`5T%YS#Tg!$R%-dhfU=@Oa
zh9_vi?bf=Zhi&szf6{kP?lW^sL}0<;xMS0`8#a}gNg!|Crb^?G26~(tu-Xg{E|$$C
z=j`eNf`b?w{NA3Gr!DD5y-=Suv_by>-pD8VQxf&seLV_{+{RtbI$=TnX01`6w72zt
z^A|MV_2gu}hC^!-+snRb)T*vF?I)5le+tiQd#g|QNA%VQ{a}_w1EJlY&}O=YypC&G
z4AK7V%wXHscg?n}Yz-i6uGCxvz{;M-J-DfOXiHc-f5Y5-?QU|#qSbA+7$YJZ7-med
z>;YzW`jh=B9KF`P_Gn34cx*_GSp2EEJN|U*{T6$DEp2QPR*vT2G`qg?FBk{$sV1D?
z9ah&*fNcn{v-fs5UcG<-*E3RDO>6n??7WeBbSS*brfIr;t&FQIlT7ROfWLI)2HXBM
zH`t_)#5bD7;8cbZ&WKOW;0yu>r%q|nc{+W@k*0{Ext#pMW6Gdr$sl(;b*kdlR<zYF
zwHeykE?re5mn4<kP5|rBaZzo&x^zu0rGH<EQ&_$iejl`CiDHP(`w$+00o3<Anwt9J
z<t_AE8(7@3#*-CM%N*o?U(T7YTHD)b8e-ddo>Mch^FHy&2Q{s)w3fO!p58FBgh)Kl
zd05CCk4&B_9A$aAJ(PC)$91K=%za-&15%aE^`ruJGDea)2M6%ST#7ZFHhDC=d-e+Q
zMxr^IHVmu>-E5D_s@Y>!)4#La{{W@Km$qa4L%M%aN#W_PVb-FyRv{#PlEmM1j`<aZ
z>B-qGC-^`3ACY>czQg=A=dI+E24%I43tSDk4!_;Ua%-lF#=u<K%VTM3(ZBB)x|06@
zRmtpek=mwTD(=_*CD&#Mri*MUpen15c*jHPDwVaw(%Q{!sHwKRwLV~(MmXubdi(l=
zU9_pjlvG~5Z~jlFpLvv|<nBLDxEE7h+LUW;KsT6Ub}X#j$j>+<f;~D^R}e`w5Z`HF
z#dT|#<+UfUB$UT~ryioLeW7Hzj$5m5^vhB_!xsz`{{RyI0C^8_+LCD5WR~hV7Hy1T
zxma7~C=U&eq1LX~jh?@Q_4Qpz>PXYa4b)e7{{Tb2MN5Ql`DVmnN&4~)L2IV1t)=~&
zN*c~r0wyPzoSb0#VB(VZP_nnUipx=Fluc{{TrWlhoDx4=icLaGohL_IsM0xQcSz-s
z{L3U@9i)$OfkTvT<n^`h<#n&${(6E>Zsf2kYBK4!GPjp~ZssS*`^A3ppL}vZ8gvWh
zUR_&D4q?1ixDm<5(g+fMAoEFR<5JTvFRed!HN<5+quNjpDt*DIyg6|_)ue||jh;((
z@{&gT;5Q5p(~5CvxUTx&zLwYI4`<|BwDNTu=&!A=mQS<EAYeua4bgu($nfp0<Wp)g
z&Aut*1~d*ZS@~m+z<#xRN7GYE-EAX>YnzNmA|3|LKt6{#<Jy~Zsy3IZS=r9McrMP&
z=Pa9;g~9d}Hdc*Fnl-<xvi!9lbrKy?_B}G>+FU1_9puj}%1<hp!sF2KnzOIm+v%~}
zULX=&Wxmc2KwAW{{4rer0E<kA#4~w-fE7Z0G5-MTt6nR%cx`l+Vooi@XX*g|02;z|
zq?J^c!)tkK{W6qSyXJHVB9hT=%&fN82>B%RG8Gv74r?Pq(PVo)PRigsX(Oy)k$}ZX
zCmy{iu<Bo7@NKu90?N%J2$lI95^{ZTdsesGg6Oeo&c;V=uCev`%I&}(UB<UgokpcD
zito{_NqosPyNrhJ!KJ;NOqVZi=5c|5gKp3Vso)RBp@z~+oibYqSjXlnO>r(ijoT$h
zzBbj3Gf9I_xW9R}7_M98U+$-0o71SO`c(Rr_lU0A;mmNr8a=8$P;<xB_o}n^RMxKQ
z%k}vSy}A-Y@c#g6Cee#~W)_yq>gVsDz;RF{66x|>UpWt{-biAF0neA8U!cW9CZKIK
zJ6$Hi0P{m8*P21eB;|<o&vREbH?-3ymTS2-e1<z{qCYm%%QvwnBQ-aRP4<5z{{Y}@
zzC+h;<aaP!J*}>trjlAf-fhpK=jJ*80BGm(t9IfQZzd8J&doMSG5$7Qar7A^`|(l6
z^ITZjrIJYjo-8QjtSO#fJ;@lwBsP(}H!wS>wMAH#7^E4EbCxc80&&e+THSwIZT^4o
z;(KaT({2|2JO2P8+A(YQjMq7B@@MZJ!;G8?u{?IDjbUKFXTG_MagsRk(~uAMcTgpc
zX19(A);mDhwSyQEk=9240AzLdq_TUPtMhan?X<|-AoOd7^*zo{_*6#LQQiLlSGR9p
z^BeAQw$@h{SLtYo-fOl9Bd4h~xvS}b%N!4RYi)0Af;iSmGR^A54C5xX^=sJU)9&E5
zmHyidL7rj;@CyJ}aPQ4>dS#N_$tB(66|;lpmCsf^lzW=tl_=7F&3n!N0AKLts!m?^
z#--Jb&X=J;ZQM)y@o@6Qcu)ox-`1e<B+V`Lh3HMDTUg}$a)0{O9iF3gcj6S5H3!dO
z8$<j)UroP2D?`ResJ0;$RTUXiX~@_yigL85&QRG~@C9`wnSWchk6HUoygMPdvyogE
zYzGdY{s%bxY8bBXEH5-mY0zwu7B-GW`>Ys%!`}o{v)fzGs$W2tBkfaL2-+4H+`$y7
zQ}_z3E?-Zu(*~tzWN7APEhpcMf(Rh`ewEcXX}Rs^(?{3jX12HWu^UGW8g8dPop9xn
zXxyO~c#5$H>N)FLQXu<X-luCI`$AbCFdy%246HqlG5AywSxu$tT9w3GCWctuhB*L(
zyK4`oY4IanYc_W_QL(YPwDP6&P%<!m#}q~_Sv9Y3o7H{b-%`8YhPcr$ty9ZM9g);@
z3{T8IQ&u4G{lhM^1jHnBxM-Z7xFqKlucv8I>GmSo7?Tv6gt90+@sd3_<MXS*qg$=G
z0%;VS<Ep9u0PELGFt^sH^`)5(r}CJ8*jDmGq@OxcZNLiAr{4Z7ob(^#Qm%ynywv3q
zOTOYVgtG8AbH}Y*8jCbGQz`&1Ci2KVht2*JHThrdCNYhcnA?xyJ41gnS}JrmxAkxG
z7c~C>uTutZ4^DKQI@;O9s3!9yamNQ3I6i`gxl^p`6W$?vYj{L^dmcsy;%lceBiuzB
zrez3ZUOw+Z{c64agjd!R!6P%Q>^@`zAY^0e1!pWOO7!}EipUjD<}vM%UQ4BFH_h{H
zK3Wd$SdsVuKb2)i8){lj-1nCvDB9>VO8syF;YV}NO4ORxTRmPEolo|4jiK7(xyBFU
znyodgTwV2BlaJR%K|ui#kWNV@rJD&zOG}RKM!Fe@pmYgHj_!~cqmgb9M#Jdb7$7OJ
zecpY4egA-6*S6<6&pGElcdV@El@}EOO#<WB&M3SnlsgzflKZ*9b{BK_wc(|(R;4gB
zt)(r{&V~9@>{`pqklB{sRDh3(Twh7czct6$btZ7M=D)9g=^C{<MfZ1@Nv)0jX2oHF
zN(;ixRR`npW^H&KAQNSfsS)AUJkG1+ubQX|P0F;lzdFRH5bAK(nMXRzm@T<9y`CF4
z{WmmE?+$3gBPrm#olno$G5E{-U`Kbn&)LEgq$I^OVIQ-DyG>;2g`-=1#KbgK{jbir
zwmg<PZ8TPEqr3lRcUt1^lR8{4XIcG}c45?yYt>25Xk+LMLCNb$_#aNSAWDKknWf<G
z)1N-~Xe13VF!~?5%kZom@mxe*pt27?H=K9n#c&gv*fGHVDs1vIRy)>`{DX_lY?V6q
zvCtob=dbqB8KVgB)xS)?uC0~l1u#+PEEkEr^R0xrhZ@Ni&{w}&A&+bEdJ~uy)K~v`
zH8t10_eC}Rfp{+?g#E#A=no_crq07>H1JRA&n2D@>z_M4-M?kP;8n%*lb^2w=ps1Q
zD?lsQtE2zW^Jj9GNVJ8+pTU+ZI^qc`+E0d`zh$hGQ3e1r-%H>ly1NE>JSWSMkGG#<
z#Z?RA5z`ry4;Jzovd=7erLRX`lMh);4v~AEE7aQ~!8)qg^a7r@cpbcZp=T=Jyow$6
z<L@dDuz5!2)908LYnId%nu4~OIxuO)MXeq3D?`twbW$nLdT1TkM(9^?2Rr|H?rnpE
z({Met2-(KUI=risCi;#rIzR!OJ{4$sO?;$U<(yE6cnJ(mHyIhss~x4`^ds4c|0E%&
zICbX+$_IZwKDEB|Td4E~N#k{jz4>Aken|IkxaAojqQWYjW%kA_Il;Q#-C@X>E?oSC
zfEh#aqMl(g|C{@YPhB4sNt^Nns{}XLDwWF#l~}#?hn`K0inM0xAd06Id6W`qu-Xx8
zQVQbreHh#yIYqI#vFf%qf+Reop*qx~;=iq*&?@F`oF&$_Xx^w2mPu$MdcAMMAoeRW
zQE^UxItD#maO8jQu%9jCFGcDcWiPHks*yU+J+#+N<L1AdJ-RAXdR}7M+zy>W^$fr7
zXi}+n0=aqDf$YWvnH7ix4^sWMBCe(Z=~U2#g>L5HSI7WAQ#BIqlqg&ny`fYgTk5}z
zIr?uGP|?svt@C2@n61C;v+)@h3j8}?0C}Eh`>^5s4VTN+%S(}6(}i=%(4f&07#}aR
zA;&+DjAUD1Uk|N8*&?g-&C1(fEQP&95PLIY^69~4T}jhhSXeY|iX71rBWN7!Pd7kN
z!H@?0Te{<=WOf;d$AnNeSEjd|=;K8jZSNn&)g~b~7BLwus_DD;(svr2ey$AlqCnvR
ztJpe!GASaGh0;{I;3lUEGkbB~5B2mPEPvrgUjDY2&7;RxJ;RJ-NbvLSIOr<LSqm;*
zZC4*@ubCf`t5;0EHnzR^&YGdv%N$Iv<KRmPalSq(e|UNH8R`<_T6b+}VWxc0#>r@8
z0|`V$jh5Bch$at~4BQvJ=j==dQHCMHIO&6Qog{O!7fQVvR*IHy11*D^Y~4m51d`Nj
zGyVM1`rY`D)kl1IX>1OA7tap0K6gbaZf=){iuO!jAuky6j*Z%)UEunAd7TM@GdFG0
zfpwB#&y=LTJbz!JAk&*nwV6QyZhC^xgTVYyLSNZ0B^}W&G5bnzc1VW@=pD+~qN=_?
z@$_Q=%3zAH_C30$(t%Dwl_3#FXYFsqDutWKq(>K)V$F{%$dt=SLAUgcp46ar60*`+
zY<UKy9_5E>hH?W;N!N}Nv(5Kfn$uiUSRU%Z+xXoi6d`Lr#KfpT(j(#0jsf49I>_$x
z_e)`{outy)QT_7go5Oexjxmo$#SghmKP@($Krt<g<=FH(z09-gjK#$vhxlg7|8S%d
zbCT>TIcM{)Z?oOhrcru5cMz|&{AFAU?}5c}k<zARiNqD<WWkCRh6pBsVRH!BK2o&-
zGxGyfqV{~H5Ful6hBAHeY7?Dt<h*h9kG5>1(<O_~r-$6As5mrdT;0xU#B<~C=%n7P
za@r2fwk@4;nS6O6H79moc{VORJ4siOL5*d}<XdgoO^+ve>lQ`)eKaiB6*GLFyD+}4
zUD4vTdUwfbznF~75uM|Ay~@Fn4XrzKzwOogqFgVh+qIeRW<RboF86XI<x^mUe>}-&
zL9WUsA;*dpjs7*P7%N5oaU;vGUD7LtYI$SJj`>rcTPqd&Y?6#kA~MnF+izYnq17Mq
z?=4Q;%J1SXSz9La))RkWHPN%mY#)(*t)t9L3X{S=eQMv*0D{Zc;0$9y$96|ox&XDX
z{OJ;>>jv|pW^Uhvos^NWcCcnott{*V_8K5Ri?XGx_THC+o{DjbU$atp#%HVjkJ|fB
z>KSA%X{@z%9<usmYW#cWz$GUxQ{KmXCcnm61B4EJ%ZVJ0`;_K;G<T6AX(Q_QBfqE}
zw!~Zv1tEOc!+BpAy{5@xM{koXj@=Ea5q}K57eQ0|VKbMQ_E$>Z@K>)0!!M%q1#2G1
zhxF%lLzF<o11k)WA9{k6;0a=um#WNX?~jJhYfm9e(6tYr!Vna`0Mp&DFIjFO94)`x
zI!uoIJ(o~xPVK_x8CaA4pFeivoqX=&JYKFjKL;P4nP83&zR259<k<x*tjOfXi<z65
zw#JMcQio4oq0ExTkOJSFn^J35y)Rw>XbZ7vExy4HTwmfG{j0db6Q(}Pym()Ou*&YN
z>^Xwmvgu~8D9PLri!#^;><%7(75#)BaQMxnE9m6L%c2hF+YbDl!mFG~VqpD<4J@a>
z;KYOC=c`AJ!{KY&)Ft#}U4k-Co#(D=8KJ&aX1_=ko_+ebRYK>ND)UtJ0hwnEVe4>O
zH8>eRvH^siKno-XX{&Mys^ZQ|RI0)KsS>qx5{0lU1~JuGkyKlGbNBwwJbviVP_C~j
zYlv)(ucCh4AIa4AQdy%2-U$x3As3o!P&K80KP^7qD{D<+<KiQG_jHYX4gFS6cRvnz
zRE_F@Uftl;I)H=-`<s5&i_oDu;tfuA5Gs|tuI|2OPwn%*e$aF<wihQN=m)8R`$)M<
zAKVLP`i40)-<3;<<at+ObKoONGNjpvtY2aSy_3o|%DD4I6R6dKv8zXawp5#NT)R?+
zzlJ;14=Q@|wqZawWDFGb>vMoeq)6!?1POd)#U;8%V&U9SX-xPwb$fo?MB}2DSvtw)
zgu5Q*!IC<)Kp10WG49T898S0FPtO;eFZrqOhjWiTdZ8P%n7o!7iaHT|Q?qZ;uo2Zd
z$7?;B`hkre>rpP}Om|B*;e?bXe1-EgaepbVVKiS;@?{X3OTE(F%~wFE4XlyXn3`w;
z@9v5Y4$}MjxBp;J+VR@%+Vn#|3qD`~u!JqJwv{O<0AleJc_CmnT4$4Jw&2f3;GSu#
z$N$h2M&};-td}X>uqAPGS;MY^ER$65`w5_HdSv-Da`?~O?8?y0YH#wd_Mawi*=~Qn
z&`-V@3b-zt=1D$+#)YJ6TIw5r`pky+msuuJ@;<f<;&zSZ_c%wkW?H|--GG}QJgub;
zZC}C_b3KOfFVV6;cJ?$tY+l}Oq3!Ed=w-d|uoCOi+4WVOcJ&-p>A^RYTWnjs<~rzU
z*Lgzjo1U&5weD}@9ZrHxA3CGW<yi0TKCQpyKLw<L&J4f-SNCyZ0;+E1y{=IuE=C#q
z&))yGj`x!7&{Avoe9hzvk&{%oPMB@BrB`7y>k4MPGP!n>UmWyg)97A6I=<<DgR|BB
z6~}oHlSQ#mY!~`ckGLprOtLYeP4q6d)>j883^_;M5JD#49!fvQOH7p8b`;Nze{X3j
zX+g1MQ;55LBDboqNOJSr7?y*|=h`IG*{)EG`PY?Zw=aiUKf+F~`*M@4iEW+5#)CKK
zf*qwx$WiH3CzZ(I7L|&$D6zN7es$eyBhKfI_W3cqrKp6#duxuV`zQw7CzeK`a?@M-
zJ~@N)SZ7+Tx2~nKpPWH^Id65qpFO9$bk43i0N)^)L`pU*036kdPD)$Mnp?pS0nz_(
ztgu%nyXTGWKTI}2J$H8E^?}#?NQ2BqWRTkcP1YQjgj`-?iTiZ92`m?QbaO5<`NyEM
z6^~EQ_%Uku*C-ODFAUd!<cw~|grq0>Wa*3Zb^KcG3a0fdF5|1^ZB5jObCQUGPp=<p
z%4m9V+u7%-1;LMQ0dx6Pf*dPKr7l#-l-vY2fjZ~7Z7anaxY>y+8H4=YlN|TR@g%l)
z7_wlJ0twEABCHY0glAv2k9%!^*3Z$KRU90d*8LhpT3wdM6Z8;!tI9)Zyw8Qo?N4w)
zRa&f<S^M4f?K2B4L8)3%shP6XXOEZU2{tddaT5V7-iOY1ZB%4y&T`&Q+67INicj;S
z8m@j*m`qGp9##jwQ?b3>z6e8<$f)98zG^W^s6B>Kt^}sy#lFPDd?%QiS&hHnPyOMZ
zJ$qL#BYfX8uHAGWy}GLUq<K*?^G@+<=c|g)F#hY%=s?+Uz4}uP$X;!{Kxn-VaaRl*
zm%wSnA>g&HB2m7p7@6ez^LMeY(z_kEr^Ol6p|y;*em8=U(w;lt8G90eJ@O9djo}~v
zqJ@MEaNOz5ukPYqNCPmZvcA?Wq;>jd4r~7-#PD2xWS19)or*ZDsY41l7O^?D$pYRQ
zw&pHu&GvytPpcbbBS7oTCxY*#J!HRLUsCwoQvP}r>a|EZ^o3KIZhn`uI|%IFS5(Vx
zz$fL~bJcSwK03Ize_1OS&>VQGG_srbQKz%+6$?}6G9bBFd4?4;o2cId$$cL(tg>`{
zG)j$(Ev}pN_N|?EHwN2Ai|?3+``|qHz2M8VLg&!oN`I9Z$Nh7y)!)<QX`XA*Ujm}~
z4+sCC5RwBtaWtOxxi*1E&AHPTYf^lJON?To%g?-MwtP{<ed_<=B>ocdR&a9n;mF>i
zC~;ip7f70z!2zXt>OT-XQ(q5YSH7sLdWS}F2EzdtLTNX)0L8id1G9MtCSkRx@XOUc
zOjeaSZF?(a`{ay-6=|CPeSj;-q-!hAgIj%`)9OOS82<r}>2H~n==Mf0RjLiKwEMx)
z9}uhNb2oX7%QSp9!y>K#`)wCDR>O9t-x29aH)mL+g)@rt<<ZTJ&|?Gm*RfEeYFq=w
z*2XiuVrr*km5nnFYV=!nD6L0$-uwP3ikuBkrr95?Tp{(h)*Bn1EqM>{=tB*@U#$6C
z<Eq44$p^pQ4sRuMEfnx@w*HcPZq6i9n6!UOMLp`Fw_drT%n`S_8kaYq;hhk9UvLJX
zw}o{|TetjqS}d`>U`(T2$@SzD`^iu))EU)dan4?Anps#`xvX9>?c_{j1<_^m(&AB8
z)VZvZ>~p5gukjh@omu683Fkdx!yP>x60hbCNCB2XL+-^^xLE3S2U7i#%+uNY)oC!W
z*5rQsjK8;UG{fvo!IeW#JVc(YpDfPbg?*3mMf)-@y4TY_9Nn3^UB|qnDa9bJX;2#%
zr9G*ke0@VxE26DE%MApkQ9Dn1%0+k#WnGguM&EwZQo;KMGPFq+WBf<IbEMVMhJht=
zx0X28%$GRPDvVpklh`4LAxz|HT87YaUyK!`dFjg#Uc>B3biuT@gk9>E5|Aehai5<X
z9BZHD<manX;q2D1Y$W#>OS2L=(JH`A8mckg;Hza=qa^yv=GsvgM2UqaAMg=xE$5l@
zF+dHOkB!RY<a}W|iI0=awJwUd!0o3+tCJglAKD|k%M=G8m=3Wtd$2uBfsCg0Ld#EP
zCDY{Z<0Gi|s#8Nn-gokk{hZ8}k1i>y>Ag)FYcgf<vpl81+3!11a?6Seb`0_UvLOqq
z^ow{SMHbobyVRj}6ggjOPddapP)Dm?b?vnTMKIeORY>+<yEe|7Y0AKqX^r7ukE?T3
zZ98NC!_njZyo+jSf=WdzA4RNJa3L7k7U-XG0$FyiUh7DC!o+Jkn!JUN%8v|cJziSy
zo@5a`k8A{AWPd-O^kzG5xd1JOK0V3nDN&Z$8_2ZNR+KpgiHe17&jqEys|Z|)z5we{
zBoGVJp}+FR1iGFVZr4Lf0TfbB0(~|uSz|zlw=OgjY0#V8yRa|K_MP|7h0yWJ^a5m4
zRD0U82;8*;SnP~k3tSVtc)78bBG!^3(ZLPmeL*gBHKKk^t+MlI1rXu`zdF))vu*6?
zdbxa*ACjo*<X+0jSo8ijMV5<`f3^AT=W12%+y<Gh(c1e2mb=+MOGnoSf}S${jfH9G
z^wFt}1JjpYxgON_)nh1ZTK$EnpO#@Ii)>B}7MHi}#Z~kmr@@<{f6IDGM&kZ^zdE4G
zklTSM<<_<1dKf(qk77zLbrU_%Y=OdbIe^vsj6SVfh5#R?IhgM}Fp1o_sKF<N<+;{p
z7qvvqG+hJtaSZ<W)hoA&+6IX@P=c#l`|UH@|8O?mrkS1&0H=8&ZNm=@(9ZxoEas08
zPPzosuWPKx{KIN(TqeUf;ix~5EFnz0d{552a7il02_tVJb*&seqeyW|AMyX=7_81_
zHS+ltF%Nuz6ioVMdgk;d;UJ**_3%FT0e`fCp2oJG532_Ub&mH=xE7AXLU$sBQ8}E?
zxb?#J7W58K8c3bd-S{6)-_-XI!nv`Y+fJF11_V*{t%wildOt;8v2>~eUok<_<RPmq
zokExdQ<V4Jx6v&$JBi+Y&!!1<eE^XmVBBpJ%^gr0tKHVyyVkv%v}ZaO*aqgiPTIp5
zDy2cvA0|}xxMrPbs|CXkY=_gx@9zJHg3bXP=PtSH-;DJtzgC6Q)t@sjv|~4oBI@mC
zmz?o{zTxZW6?+}bX;38^YA4gawC+^;T4{6mH7`@07>H|1Csy@hwQ2DLw74m}VFOa@
zZkgjTaRGYc#V`vgQp&mu!2U&CZs*+3t+PxOmo*GzpeB+r_~5>*5+}-xICgmL!HQd%
zc0TZB*RUQ!%BPawTp*}AD9Pq?K=d{1`LAO-z{p}jTUWOC|H6rRLvGFmU^#N52SzNA
zY7tai<pA6EC-ZwPy(CRYe(L&>Vaf*Yz@o{ga=a!=fk*_2Jh#!t+VacnqNnkp<E@5V
zB-Z^6Xs#+}s2?mx>MV}_;D)N9;?43=3JiRK{4l2vao&jh4~O$6@JpNTzB&@xVnbK9
z*3}tHU>SD&Jvhm^;4YzT)W=MT5@IdNeZtc{Kt957TT2+#D!M!9;dZ?Qn9s{n8nz6o
zysml6hw4<tM1@i}&Ar?fm3f9ang&Ek!dyOFg<gl5%Ta*jW;V>6bQy$9v}C7r8tkPX
zddzpOUM0AQMSFzoa)fe$GBp3`Au%#Y1+5F#xO+O27&EPxBWpF0Fxg^=MN6}&4&=v1
zPoq04|EM-7s;i6m<C`|N(-t`F_`a}>9qsO&Y0wnljFD06jn5F=VP<?6%;ce<F;}aZ
z<^Qy!tU<K#mlyuoL51v4yW?@j`k0F-V`wEl7J(szgI>(%l@zoXH&=pYdCK+Jo0xVi
zwk;|yEAttrGi|TTwH|)Hy~1P*iL4qz+P@7@5`EN7Pia^JA3Cj|I{JN`w&~<Qdj0Un
zmh|5{#`LDL)j$I=TGRfih%m<(ET=t1%%cJ@n`h&&=ahDo$<!6`Yzfpu=LI00-c#tm
zSYPpWIbz3Pc^jF#IvwH00jcALkxUNlmZ?ng{WK4tQaKUuwN?VJL%j9+QKHNvR=hA<
z+T|}3c{D!v(bJhf`|l!dj6!8i{3=}+GkTT9L?=?qq*A7lBM;oh+MR)^3kVC@igX#b
zb8a~Bdx)V!K=ED{<6FQwZW8R)KrDv$<ik+~P>7qyHMKF<!D$HeQm!sV-@VRu4KzOv
zF6L*d`c>6(0=;7xD>VEup#O(aA&UEMQ^z1R*EASjukV4}Cr#53%7yt>TBf?>9IjG%
z5-j+di}B-tXWKh$6GD&`Migxs5^{PeNk5p7rW;X2<VMbviv@JPE4%NG=E(1!2a*MN
z=oqaSq^W~tji=-f9>nWHWK`vI9eDNbVT&M^{j@Z7@3NK_po+;VuIu?o|KHI%>wf<S
z&P*1eFDCD`w#;k?B8mHdofq5txt>wEct2Ff&XiCE?H300F5nW?opgO-LISN_OEtNB
zHdBPJbnW7}NrUZK=2>5FW~FZMQItyWNuctt<U$l=nrDGs>Fp+IE$SXTFJzt}!L_Dy
zufYT6n#HziTx5xjvNMztaInI|5uYXON;r|`iVlPlIKLe!x6O~hu6>L2KYI37p$_F;
zXutbO{qDsFfj`4;L_tPLAAMWM-}t=f=(ZUl(hN!z&?#veC0SvMUtaJ1n&yAk!q9{$
zUxbj$iDtRE+cZ(drtpYSa|XYme<?}2*y7x$X7C2iu-_ae|7*P9ga8mgG7-F3?B;se
zxO#^sdY)-Wc&*A;0_7Jej*+fiW#qZq4c*$1L3I6C@vFBAOU|-Nd{6WXH8nK7L5)IQ
zmV=yCU1|w|hb*b<9;t+1Kibh1$b7%5cF=5rS+{4e(7YyQJP2SLe_TTUKk~MC&HVle
zMD3{B1)Ia=8k@~qdJ?_(mIo=)Uh&#mDmFC;g^c&sZAox)t02~7Va*(Oda88-WfaQq
z=M>%wbf`Xp@#T3oUMikHItSo0+rR)*O+M&A2(|6Z75n*q`bQT&feTQxjJIBpj!rc4
z`0l#ZMDz4ibp2IZ3$(SPSqm-@C`SMD?Ach#oNZXM(=57iutXh_N%mCm(Kv@UB(tHH
z^}NpJV|UlAFVk_(`G!OCt!qu#p|qV=DXAPFIz;`IlG45K1eL#oyytXlWg@#1p9Lpe
zpgolT(BshmI`hcOhE2sHSpGmts|u_TaajY$HR_lv==zn6pI6|QsId44_g{AS63FUb
z-(2}a@Wg=?XTxSvKVYoZWEo`luTO_yK<_t->Vox*<%ffQYo(Jt?DmRIX94cZ{qOZh
z|IET6(V|NHMe&MD5zOQ~L=|Uy&Fz6O>B!_W@K(%ZaDbIird^9_F4|+C%eY1wYq&l9
z5OVB@{*42kn~mb6mfx_)9@cJ|y|88^G#P*DA2<zl0c(*V!{^v$Hg9a1dN6Fqf`C4X
zxx~dbcCHPuroaZm@V&Q0EY`BS?(|5b333nk&VOngnCcr17=Dtpr%-TG^dC+(HumTC
zG1!8oV8OoiZ-`$Cf9B({u}$CPa3!sO`fc^RX#>a?7wi+i2OguB4Dl{cRQIuVmh*~J
zg|%wp25IBd`&yR|i1KI@p7oAtI}?vpHqVXB^kw<8xe(~RM$d<c3gm9Wq`Xhkr)ch&
z0l#xF|0n{MK^J(bgVg<~l<7g_H%`&48p$ni`_ch?^YgOKMZPHmgD`W^@q4$L#<7p#
zpvTCkQg-}Rs$y@IHH+u;CVHsq2J3zBB(Ae#u)VxQQ(f)zeQ54p&BHSZ&5zkP>v!){
z@_Gf%`U&z?cE$b`#TAY)gbCJlY;Ai|ZTqFFXEIjvu8=z)-1E}R#pJ7>q>%tCL$|xE
zwG`M2NOiLyAnf<-Gxm1x_44~W+e_phrZ9+qu`Vxv6yU=Kf<K7w)GM*R(&(r?vX6H^
zf3L`Bj@ym2P8N~Bd|jRIykrs=Y@4`NVmYS8{YW}hbuZ_SewvMwhv)Su^H){sTeF`{
zcslVrixhcf2&$kTji%~$^nT9=Q>1G;lU8X?PYrI1MRVp+c8yn<&ZuG&G8N91WD~`P
zjhj?cO+i-te>u`rvU!zvFcUdT5B3B;hZe%Uz+BS&N3xx}7rI)0k3)-gg^%f6MSnf~
zhW6ZiKM8sseXlN-EnKvz=)|4E)5uNsRPyOG=NG3@S>rbd>@Z5ack=~qdT<Qku64c{
z>4rw{Q_}b?y&ULSCz7;TZ$`PnMG^$1h!`Z<9aKN<N(@m$dz=eK9Ym60mpT86c`?u_
z-2{nCIE?X2?a{6yz#dkwKarXG^mF<5voO=3)SyKMZn$^He>lMhSki8N>w>w3r{4Q;
z(||}FXbzhyQN=&xD9(J2qry?DVli9|N(nn%<{#;orkGYp<?4!qd`sX^RoW1NKRtN_
zzX8c|t8LHrib%zU&h~nSKD%W)5n@y#v8L8hlRe0G^9!^1UUEgbbDWCs7fpTd=FV?9
z;Pyv?m6f&WDN};UtPe8A6=gdI6Emm@se!%@7&;x9DRpX^^uWt5ab9dGxmC<zdokFs
zm@??1?$glhL2ZywdR}TZuO)Z4872Z(%LaAk=UeP|X8kCgA){ecPa*rlXlGBny7wCc
zdD0{mXADMLDaC5tbYQALl8NH+I=2q&wYF>D=3jscS<k9j3G8qSteEc@dqyz6e@a$6
zFg?|R&$|sXDGDuaZM>BKkd31i_1ls}vugr2*9sr{XlL498)$nEr1T(qw)8oE--Ei=
zWI(7q2OYLrwCm!b@aVx4cMm&;56_E{7oY?c9p+TP?SaQ540uL^m0{9LAa^1KLycWA
zgmgdR*2JtBlA@JC=xi)o@WPtqi$Q>!RqK<otd9waqC4O}$y{_u;`33E`*(f=R(d{Q
zB-kRX^=>YW67I<pqPFyf-vcxOzTeMys=`qFCBn_^<pwKw8;NyD)X|-F$*@?wY7H#T
ziG5?4*f(^}(b|)(C-h-BiuXYa87}#$iLGxRbFY&-=$z85^WlXtZb$(Nl>(%?R@+ub
z+9jceSdt}nDt7)NWBb&(J-Ajs_T)S9*RfwXBnoA4(!0C=e&G`90~Z^=@jI@EUy15!
z>6}6GYAYIAVij^E_@qba($~6v@04-#t5f0kt)#tIS>^&T1Yku<YOv1kbe=1^EMA*0
zlu5_e2lkAnXD_tGarDh7QNr~kIiovX#8a#~L;vAq;-4XJ4aoL<$=t`L$2DRNA*1dE
zQM{|4QfJubzB<Ez8Mii^|HkhB4tL3wAgZh3gI1NR3Ov%yc7_fa$}%0gvU!0nl`X{#
z$DTkH|C&YOn_di=WZEi)zeWSh9Wruqd0+bUor%%ol(cw;Hq<1ko-al7qJCL-7-&BF
zxESr|Yys&TC%W!+FI2qU(ti|wd<g2xI>>SQ{*}_0YQph3dJF!Cai<+-ND1W_3Re2^
zc)6wRYibpU9)<PRBcJqTBcY{UM+n_lsy#0Kc9!zM148SscDUbR_lHFra(<m|*fF2<
zL6ehZXOf^wqWnnkm-29B3zN|6^ry9DOI@YoG5T65Y+1LN0H6E;kXo8nhlcg+_P9<{
z;#-!_vu~d~8b!#w0OhF$EM(KI;HNqka@jn8`fr3dC4cjxmm>W~(H^%KARSxef)LGd
zFLgI$d2hKh^91bmQ+co2X*e92sHjL0clg?-aiW?nezuTVMVpAYyA`SJlG#|I?Hpt}
zD$<_NI3!`-hL=?548cCVv$Ug1Ut3x!q^!xiKy2Nh-{fwCxfWEN_B+Aas;4vAK}9Ae
z{CTe`on&Bq%YF0$OkxvKwm0R78y%oyVO=4IL<4;cUFh0wYFR@~N#?-a#|1Gy*~LdB
z<oVA~le9!wnV^MZW_<5XZ@kziW-KBHkThQ&T_IHEl?f`71$zAHs@fQL+lq6EQ%`wK
z#&tU;dwww&hC^!HK7gwFr@L_S=BvxA0hPEvOgbp=fnI<gY#Mf@!E&(oxj%C0a(e%X
zMxngLhql?er!;kpl+$N<ZTJ@yIR{ngm%0hvjzP-1WBbD3txGH$Z~Ox>7aH#?(}CX6
zfh_s`8zv;LLmJ~|ynX`LXkxmZ%RBCNx}T<u13g%ry$p7oP_?A+u9wn1;n;Zb!Ffwl
zW5@!oj-3MpBzO(8l>2}2gpqY6pTV99oL~{8I|MkYG^1Z@4)QpsPz5_qboN7$KuXah
zx6<0`I#J^eQVc8&{X{PSGrBoiD<9s+hTUKSSH&M1^hP!ddE2Zp_b+bRPeva^D!cZ&
z_6Cu4ETLn-sP{_mWLm2w8P*K9<y_ARHh*L~+|Qoi9V|IOA=b_Yk?LnZL^s1Q+lo$}
zi{ev&7jNd6Lvj04fJ4Wbh8|gJ`JeIOXhqU$Nxy@|bhC$Ri)8Uix4EUSausXR_@nI^
z>y~4!x6FD&k1#AaclM=o3sR8Q#-AP<MIT~C(L2e?a(`ZI)LO3I=2Oqm?#&Ud_EBID
zRgV+BLa{%1u3b8*q@S;?;?yD6HAeNegflfPSD$NajNHJ(aJLiNhR&(@_0J`#QA1!{
zlV$l|9r6=}O7h*Z7Xmlf7kyUI;f77;eJFf0!(YkvZ3bcQIQhpJkCUso+f)9M^W#E!
zQQWViJ79Am69EgL#kio+GY%s?C;eL+>o9Gh#j?;SCo0Wyo_p6G;Ij)Q<f%|I5=nSJ
z58G@GEHV&Mm2R{NWE%MGd$7=);p9OOvp?98YW%}Z@Gk074t-Kq*yREsaVk-^A<ghe
zv&KTs2NDMqBDpvAlZ@Nq3x9u0>G%=Ae%Z{CxHrrH4M`2UYJ7NvtfE{|&#IG#f0><m
zI-*@Z{r1>%?$IJeO5J*Iky+9&-~iOSJd17DA#xbEV2azgBzc|A(dJ&ipGfQTE$L7X
zoEoF>w`S5qtx@cqg}G^H{v5Lwo7cdL2+vjOQVZ~Mw+3tjde|*T=<Tcr>&!E!1RF%Z
z*-7{fOn)qM0Pu<Ey}Pbl_I(PwI;#7Yp`uS9X&Dr38Cx4@zp|E6m*wlh-f7DIYm9oh
zj>N*-gk@XmC%@0n42SI5nORX+%tcwi9ai|d|D`)=+G5`il&LlBg=MlkI4vwd8A-G1
z9%kspq%J50#c{;}CW|eqCGC(_NDfMrymwD6VMv9}p8^o={OxPL#Bn_jmb>(m()?a!
z#q)AI-EAPlTq%X8?|jUwPlDh@_*uUU!AMo9hXV~e?7-(g90o}|sG~-Y^RM&Eigm(!
zsW1C4y`j>gv!HJxbH>YTh9m*{A@@-_LbyZkadH1n3NB0$Dh1yd&2E2~9FI&Upx=R|
zXtr|rXHPt0v@vG(T#H0wy#P_A>M7ppAjEpMqs?2350a|aeaNS;fMXS#|KWJYW4>LM
zw8oK|<03ei!kOlsMkpP~()-qw8-|NtY?v3HRc;@Q!{;iMZdf0(*Vi@{uh#Nnp``l=
z<SfuN)U)G3(Evh|qhzyqjJ2;QC^f~Simc?ttqaR>hC~uMS>|WhVq&ys_c0x1A`R@F
z7KaNd;O)F!K#thOAWzu`RU%F@Ew5Lil8?eciX!YCBwX<CxUO{5EuPqz`|^j1nI@lD
z!DE?e5Ss9!N*#{rsoU-@o;BKU%_N+_x8H%WJyt%iVK7w5bB(8UCRjmOF1`llGQI#T
z*8-TKDeiDFnuFmwFMRYB_Pfn3ELuA*IEfC~dHp)5=J%MUsm!&}@fyFww9vXs7C)uo
z&C%{~lU$pWX?`s76U)88b*@U9=BNsd1vCPU5r(=N-u|BZ*5p0nw}CcG-X@Y|X`eGN
zO6iUK&FbyD)s~w#OvhMSj?xNfrKG)y46bTJkjRcbvi%{^RUNH++gm;^f-(0qb4}2j
zJuKXI`B~RI4q_J_W*A7}pUjQIv9DVrY?%|DcYIiNi4#%%kxSfq8za+@?7}@D*fD5j
zZIvh$rF;5{JG^E%YPgQuK|7s~ElnX|S3S$xfEWDZo&K%tSCWYZ!~NV<(D+4Yk9>>z
zzO98?JE6Sr2&=7Um;0{vzE-(a(iEhbF3!xjq&qlZXO4wgINVk=IO^)RNS2d(wr|sl
zi`YBfj*IJ%%oMu&ekPxV{BOl<2L4(e(*8PApZasdpYJBX2_!CyzT{NYG^1AUPFpqC
zdMdqd`VcDaHdK^`#6Rm^S{5GDF$gSOm)8#DEUa%Urif7wB=&^(yxD-e`X4&+^4aH=
za8NdN$z`#m$(lwk0v2!QXlvnfl-4f6KIw*WKRMnTB~GTy1up_qb@qF%&>=H<b;o)d
z@<TEjJZ#ZGRn#8$tHPUj@|(Z|r^}ntu9*|o1)vVBZb8tlzc{bl6Ctq~Y4Uh|-1G~t
zsvE8v4i_PXYvm!Rl+`)NhxY5WVVX(}kab!oQS&{XA4Ah@lMl?I(|Pjn`jSbg8!T{F
z8r9N7-|eMByYX6$k3Q({!}}`=k&*!WU(56vf0bC3rnYj4s_Sj?UC1tsy8if9itW45
zB>uyOI_{zXvz3TO(^Yf6j<T`s^&Pxl$MEOB9^PtpvaF%1g6{k;6tvxd<qBc*g)MWu
zm;YA8)e4+=gWUn5dz_W{&{ENB%=)w;q`4y{GQNE(C}bd^Mn)hadvG4Lp${uuM8%Lr
z5eo93r3@+3Ml~#ih<Q{!<@bL4BXd4nCJf7wqRlc$)f50acmA29Ot=dfZ@+HhORM|M
zqP>7I@=t0a8#q9o8e`a^E&i!(rhFTH8$T4<ihorpBBkGRR+@kyn)IMnzR~u)qYv|~
ztop!T4BK1Hgl15QV|F${0y;WsMX4SdY~SdVHiUKmCj83O{*|tL*Jllg1YJ#X#+6<i
zTVF*VZKEI6x~z(JbSB(==g-jk_vpPAf{VLW2-W*1zG5x}JJ$L;PP!QUC_#9ktHbby
zRJ}F|v$h>)i68eZ2MzR62cxi9fh0#4Sn&+<1&_%w)0_1dHn)~UVz`djZ0?v&C)ja>
zO*NEb=dd{Pj#sW$-Zw%0V~gDP5r5gy4w{E32VFAV+^r5({@<QXC0X_egwPgHm4DyP
znDk?W)-)gBYiPh|b-mXjEg4+NfSe_o=wR<#Jb6AEJE|D9qsp(rF>cLEPnWi06l{w4
z_3o?-7i}_bjG!~Fs^`p#8d;l+yXdD}dj_8Sv)9drIb^X|H0}OLbLx`wyUJ{Xcup{s
z<h4a+#Hu**RGSa{w4TkMsv>QY)F=4^mLPxgT+2%+c65QSw81C@P)5oA3E%F1LQDMm
zf8hVDMR`;+1U6#;JYclV+WUlcnR0LD9~UX{M}g+Qal?IA|8!N<F4S7`9`By(+Y^{R
z#4z`6g}#>#o&(szF5Mn|MX^=x*XL^6Oj$huuxjThtx{7u4fcB9xOBrjXhrg+sU;4e
zucQSEo#*MEVUb=qZ@D<g3x9$~T;M~WUsj*4aS>Y9erf)ttNG9XhSiD;tYj|JQnD$K
z3#?CL#_Ht;jqc?fQn&4#?7r<8740f%eK7U4S-Y;_zasq3?{+!KH$^VU=kGc;L}GO`
zB<S*9MQJr)*NAn<Tv5C9?@erC|9sMxCdu)J8<tlKG9*6{920eMVx6O9zc9jmT(J^<
ziQNkW(yr<ZZp^Y5_SNaAEu&{?o)g4d-E8h~%0lK$m|8y8GJK~@rtdpXrB%k9;os(F
z4~Vv#Csb-WbQ^Z?d<5?BG&pqFRMs>+*CgHbGaHMlJCRhk`!eK`BW3qZFO`1uamz=?
zpvJ_3M0nM=@7vjQG8__`YO9+`Agw*U<)a%)s8-FIDdBf(J?2y@_&(GMA#?HZFVUBK
zm0vy4Vx%3a`wn?^TC7L8+ig|cvl$tFt7Aw#l?Rojd2-E`1)ln{45LzZIXknl&-nPQ
zo3V-Nfo?VY+uh$#84Z9e(v8&0+?OQQPhY%s*J!CME`bV2e3x(H?!AGMq+jHV@0=A;
zJAiedoee)Utc2zG;^=WBB2$p@h96VC+_}TngPhwh?OoiIfox5PYv{rY+lJP!yuD%g
zV*=AXYH&#7m%j1izr*(xiMuqTuHI><*}QJNK1*Z^%rP_`DOv_HT62HzK5+}R#U2eU
zv!oPd$!$Ik!V;J`kIa5-R#tayY+*O0i7BldYu}uyZ1UV*&u3gRBo@0MHI?K@+sSdR
z<_{PqbOP7FYkBa+kj5zH=s%pRlz*R6Up_jf)CXiSZM*1)Zd{>_zzU)&*TB{KfYX21
zPo^)0RVgp3nVG^IhxaS>OgCBIVCa_q!_h6jgY}aLo|cR0)E}nD#jf5h7uBhAj(dB)
zLnKErnQQ&ivw`EC{jUA)wmFf1P=L|UjTcBmw|QRuX4=vo%lGlB4~~)U`A4vciRh7>
zzrn8ig{<+O&a{EVB%@x1dDNSmJ6D6&rY5Q`)xc5K<JlUkwQmxS!iQyR(@avwX2xaq
z;d}Tgk3oS=)BB$Rn<Dlqg&ooAs+~}KZF{-Xjmw=Q<FV)ERS%#|3!U;YuOs?2#{wsv
z9J|(^Cs`Xr+Mm_M+GL)nD1qH7gs09YWiy>$g})1rh<B({72%yv>#bB|n=J_vNyVjx
z4{Z$*ocMpzW&=6s*|;wXT1=Q2^XYLnGg{yljP8gGj=`Et>S2v2Z<mcbOgjZ9Pl%`U
zhya*B{s7mq(gq@yhM;UOTy@QqD*o9*;1zZ_T>*%aa{*j`OYHn7=Qy9l{F%a#rrd%x
zAaMrJH1X}YcJD_@LtC(HXsF98m~QIgI<^o(sZ!sL)|wt=rUK<`o^-0H3G;+!Frw!6
z+e0O}0mnT6twHdLcEiY;e)|h8OS$WsXEu#(&FUJ;x=^v0^I>VrUpnYT_pb)Keqyxd
zY0g$(q}mE}>4?H?tyKw;|6&(kl$ET`1NS?dS9d?6?ABN=)>)vQIlytN^n8&q!MntP
zp!yxn3=4=H0Q@r5C~fLx^op0Hpg4lyp$Zrn12wLV?^d7}CVKZ*?6c4usOeUpuFFJ2
zN-wGmnrJ3-8~x#<aNuUrUy7NxN&+20Ad~-a)aSnD1U)O=SaNPOyOnpeO=aQycIvT1
z7Y&HJg$cWfo+{7Lr0$v;H!D6g1B8MY%6n#;vEq9-%WU-=7q0{s$)<h|f@$Um*aH`#
zjI!3ewdh|{iVj;lT_hH@&(C$}q2S8P4J|euch6+F4Cx@wQE6!Fj?}xIxw(xWlU3rL
zGV(PCml~ggnwzhH9gZc~nZ<o9IjHg7^}$7rjMRW$uh3CYA5)G%7Qt<Fz`<PbJa;fQ
zL5>hnv~IvL2jvPhFhy^j8l$aKZ)%G-MsEwx)je7f!uL@<z+w+Sy0pFIcQc?y<#PHk
z5y~8pLtwSV`)8`^uN;5wneso%ge4ZWq2y;hULXa`R!4>w3`Z=3;?K)U7hILH>Q)fi
z;LE^L!|5BK1nXb=*}FlN`al<|`eH<6icJ0<iq0%w>*bn}npjDy3X9FWKw45c1$Zl<
zBywQ!nfO48GRJ>7b&8H=MsfT!%kVyczt@56WIR?{3?Z)1+E(S0-*R__1JP%_Dy7sK
zqux@j<7a=|s-=9DOy6N+**7GUu5?BPG2CFJ;;wq&POu^Cu5Y5vB_a68B*jF?R6PXk
z&O;%DxYq<JmO&y^v5%6;TVtghU0Z(lJZ$iMnOCBY{_dg1>R$})%^>OUv)etRzI$7P
zjQX0XZniH&Yp$z2F5E8~eZ=p)4HUDm0z&h~T{%3*{FC2rDw>h61GiU^w@Nn9G-qrh
zU@D-HoeG)GRDK)we9PA@h-INV)Xl99tF*EG@iOK){S$bv{mn4Wr)<dYri|siwwHZh
zY3OL2z8@BbN=V!-@Wt4Q@CG6Eb1*W6>3OOr%Oejs2j^9HSa%w>h24%;KhYEkw)~&R
zMb)dC>Tr|MqjSXINCx^vwqvGx<6A5GcVwzOT4Tl77H=*|0&<QLz9)1lo7V+ojilJS
zD^Ccj)$a_q)ez?7Y*09F*oXgUQbPUVze(ycp6irj9c9ccE?*l^=MYq-59tP*c#vwW
z8_a~rdW_<;wIJu3s-2)ggA+okfaRJ2H555GD>O`J9b9GZbjQ6?pC;6<@ZARg(NnF-
z>A(6N9ph#kLv+S<s_oCK{D{xVk<%ghLb?eYs}s?x1xh~pD)|mP@TF8q@>CZ?En}|`
z%|#C&`6T3jxs5F?I)uSKvD^AW((VIar~h^^Dl_GYWZU3SHqd3A$a;wCL=E4p&V*9^
zt#E^I=V@u@*p;Z4vxZ%*@J@0_hN^DYPx_Q`WbFR>A`}Hp%CJAKO)N*J{F|YoQC2R8
zUtqf5pZr|iYo^r+hG!;t(4;63cYH@EN!dmmnKskTUsnfZT$uFw(mfP0@emg;x5o$V
zw|{F$!w&mlGwvCUYaC+k<18=UdyE&<g+2un=PWzj<?6sy&qt-JK8a%xP%9(rz}q5N
z<AX&;$HRD3&3#7x^jPaJ=&Xthp!p<2(KT=L(!&y;;z^zI0M#03uNq5TqHKUhqv%k*
zOK@n0uIQFthr{A*>Mf>sCn{gtfW!B7l6>iV&f5iDr#GXAbLorL#q)uJbAA~*>&~L0
zhJu6MT<(ftRIK|%)P9vEdAz`nt@D=L@1D?Z0h5*KukDy&^-uD;(6v`fsVn;4gn~pv
z?+*!(U&?FM%MQ=ovSHe9d9z0t=ZzZ!WR#(-v4`<YVmyYod{xNP*ASNmpGg+GXvFL>
zPeu&iy{$bmG8qIvx?8}S$m1&QX`NDkF!EvW{O6D~RGhy#Oq4)YlG-21@}eUsH;jSn
z_4AHtTJYLhMTXFl7zq6X<GV~y<&wd)c-4^Ru6b;+E^hT2&ffK#EA$h#v;R!$i~BAY
zdj~k(mb-oQuuv1u#@>)5DouI<K!Zw&mWcw!2UAXyu%3>N+qD&ShRKgW0ho+R@Z?d3
z-xig|$B+hK+P^L3D`8U=GIiL0IGVA`cOKQG$<*En$+)*zOsq;*1N&jDSQTF`WhkWL
zlTWIBGFs3Gq(-@AE+#~hVH~fMqyxJnH^|vF4Hv8q=W2^#5lEZxI|L$@kXJ(>$+GO#
zI}GHp6kKxs+!3p=+*vwR=%Bx2a)085YF}Bn-T@j4nW>Pz#($Eo`B{caye|K#kE0u0
zK~?tF4!<aJ^@2I<Rc3~0c4WUdv+}#VKe?Oahgc&UBmL5;wqh(XvxrM@Z|3I((6qbI
z@tL|h;Rj<z<|U&3eQ^d&87JWw9?NugD7o5QR6p@~NRK~{3T}&r-pZMruPjtL#@8>T
z<il&Qec*FRoFM%juA`^{KNp75uXsGOe5ND)CzW^ko~8|cnWF0*^_d#v!ok2hOr6ys
zq0oxUThhG(amFrCne+ClvbPoS)gCktL@!}PxH%D7oU#~kyImdNrQZPKKixMx-?3eV
zCQOhJUSe|!PKHhpXpuOV^w?*wRM@kwZ<X(RFjf2I4{whASI15*Qi}g&y#UvWpyo_M
zQ8i>Hlgv7_%o<<M2nKx?$C<y79RH=C8T=22Zvclu`9{m0DbGgHsm$4=tGQ*dfqg|h
zQ2%Ash}@K+4AR7lhoAOs4MAfb^w}1VpTtRj!wtoZoQB**M{PYites|R(SRI9@~UC-
zabxoi2aVE(6oax1J!oehsNL1n^bWx>vrmTQKa@LBW1ec}VI%gWQ`1wIv+OJd=qCz}
zJ+{^X6`S`4VPFvZE;Pum+JQ_R8cfz|$cXuO3e>vwz`kyK7Oz70{At+JGav=>yrrok
zWK7H>Bq!51B+&9L1L6O0nvdFpOc2V`7i^CGCu`xBI3?H9toc7OQ&t>XGET}I-R75Y
ze)_%+=fsv7LxPZDhnS?7h2zbm3A`+wz_k+ZR{x{*vN7V(2UXtodO5`9A=eRT$=o*E
zkI}fqRFNA;?S)$938=5enb3iu+M?}Vx^Z|nF7I1V+VBM61tisje9%M(^8R&C<jwbj
zEg-$8j+2<4%R5uY>^Sf{J{v!#cXr32&N3yk&s~(d))&##x8|p1`^SqQhqHV58rL}F
z^S0=%?bOrFU|WZaDmNdNGas0dDb@Ke*099L&ztw*8V-)nxXjHDB_lj|cbH#GKbA`B
z2lthnU6n6E%#>9-XpC7;XTnc!X(^1SGu6$+?*z`V0=+N=j*c|rv#4>dCmGLh)tf(K
z${D&q&;1f;r#Ht}y}}$)#?bouJ*8R&eLgpH&B%zhkU52vdEnkOg3F9{v?hgjEu>*%
zq+I6t&k?5CvRwAJO1khe@P?%u+w2wdS${+^0q9`cU*SZ$3F|gpdZyT_a<cDElluYi
zD9zyV9=Du5wMXTI!{&13H;5}oy(#!v#^ZPO-qIW4ef1X<rL?-5IjR3ZpL!;;RE1G<
z2c4|l3`*z6@%?x_7Pm>eF6#Z+&Fy8Sev2On=5dRBjIjJ*w9`rm!0PO3o1%a6Rbxvq
zNqY}iM4nq8CQaojL}Y4)x{KnBxP9zGYdTl_VpKwK&q?ftPSWm@>Sj^fWaPm0iy;>4
zW3sN2BEos|V|Cqp+IomPhKfwtJq+<OkVo0OHI<u|+wV^&Kl}O)!`}M5E(upTc$%in
zNoTakDa}QQWJ9IflmLFQhS4vo<yI0h<9kSMqpW4%y;H<yPrdmyNorQG^)n**r5`Td
zeopzSLRksnlZNmKSvw}7V0W2tj044#<Eh}9>Nc@z?lAT1XNZY_z9dZzQ<w-4?hiEN
z-CgRvAJP|RTuln9uzvmat;nfN$7)Ze#Xq)I;o3iDLW-I91~LlT9mXYmer&caMnU=E
z&nYoOJG!Bgbb;>KfuK;KZurt2h~RR&d1sD?vjYg^2$YUm?|Uhl>w|Z5@at3~g;$u4
zs?&vfU_!KUNS)GVl@nT7s26W@B4XFEF(;7|bRs>?)(Gj;!;1ksrM|;|cqF4K33X<1
z%0I#*;PtupP7?SwDR60e5r1>4<CN*IYZP<hwxddi{vg1t8-q|iltCDm<xA`&ienZ-
zc35dh<;%N4^?D|i96##Oe*fWwYd{+E>P>-;rxa_Vf4hs{u}*XM?NqM9q!--2{)e+F
zZ&NkMltR6>=v+uEboBc`Hod&=i1K{U!_!l81=#z;YSCW;o0sCf&{S8Dq#rG%L3_f)
zA!{(-m^j=)kKQr$otrmYy$ycoF`Kk<x0vgBW$2(i_w!BS0=E$TBTcL|E+0wQSD5s3
zmDqoG6w^pOBUK8>ge2i@lCVw_PnI~Jej|R%vj-PIpJ20?{{rv12AhMUyR6mf6`HGH
z&P6Y*2V^B<y;ulaU5Qf(8(*sd$M~^<xccUN32J$nl%Y!5TSZ1VNiFz*N)d;F%%;#r
zIzqCr<+pn203UA*M^po3M%ZPCFor*sXPi@)(C5xzo^ADWbgWcQ#`r{fS$$=M8@jM|
zy@p(Eh#F3s5}+*<ZyAhxYp7RKFjrfHB0m}TYQwz`Cx58s?`=TAP7l0DRdFOx;a=XT
z?1cuO_Gp)8@y8A--w&&BOp^+pHucM2Lj1ipW+-&-SA4ksL1?$v`?bPDW+y}=4xa+}
zoU(_&Ic`Go&6`q`-iK6`fEbamH6B=h)kgs$ZJ}XQYueo#raV)XzIDPZfqj+OaFCDh
z@V3@2<j)aTqAtjJ!~cO?)*Z;Vku~We>Y%;gdI@x`p`0N;sGC9F+FX<&u4kRw;oV8D
zDqj}f)xa|owe})_3#5bw9bG@jrH^f`*4{92VJs#-1^ED$TQbG;`0guJGfaJXf|&1Y
zNh)jLPq;5a%l!{q6yL78gR|ml<Twf|O%4q{)KFGP4;_mm!Xj^HEpF2$nZ5}Zg#7GT
zRLw8%4(+LRk^iPLdyre7Q(+32P?jonkCplM4|W;Me|%5#6-OiJ;HHr=-@y|sr(4mc
zZblD1H)HA1xiAh23!R9YcX^-BI1}MykrShAF>qb#q}Q)QNGu}@tDJaxgDVv(j!Ex&
zk_=;ZL@DP4ORSyuc%%2P8Pkn-BIOfGKe*H?dHJOZo{L?Yl*{Yf)O(;Ie&*JCT3Sb0
z*Ndcw0;-<XQd$*jo41xHua(~iKW{x(YY45J;mOy^4m9$xGanI}Pbw3y*=^L|Q(6#N
z{s8^xuS_5z)pNIzT+7RKjx-|n_jM!k8wInyS{u0Ay$hod&gp3i@-qts(qnlp7A!3g
zP@vD*QMToekH4jBUOZ3yoxfgI1|hF)U;e#sNPNHAHfpzV7>?cs@NsD<7`h3+iDu76
z?4V7tvEHD-?})G;DbD1*c%GU?JG#=}-R4Mmg2<PG=GSFspq!xb@p&}n%VOpS;g}u&
z$d9`AfWH?NT7QCeWWpjNbo+QSScdkUP}a&q9ihw5=y$<g$M}z{%*NKO`O5YYTWxV#
z(EIMyE)Xr$-%hmH^4jZ3OZp$Ov1RQ?_pK)abMZtl!;U?m4_b;}3VF!6@74b8JEPX6
zo8bS^be3UF{%;#cQ4u7R?vRr1jtSBT1EfcYBP2$5O+e{JKw2b5BON1DVsv*(!zgJO
z+kVgfFP;~Bw_`8v`?z<1&+Gb}=ZV|O;D2JLbwH)4Xk!v+JK%Sx+jQYvGPtGlvKtgv
z$~el>bMt19q|B1r_`^fC>l@hes9kUxk_P4C=nBh{pBG~P56|27!pbKnvy*f5RtWwk
zgnaU&X0gSfv(pchSzZ&(B0c_4M6xY<RF##Wf9{{4uM&rcU<f7Ize@K2sS8}bf56B;
zHbNJqq6z+|RwRLiPeq!BN&j5E)Vh5fbf#?7S%8gd3b|JB4?_s*Rv!PHh;cUfcEwsS
zT8Zf5c?;d39!FobzlL%FraGhkfQRQL7<}&+Z0;lixO-O>13Dx)Jo-<rZ-|a6+N9|S
z?k2U>)iCS3<lUY7{w0+9R%Zj0`l@*U|DjsG1^%Ky{uc5PxV~0T*G+nbjaX|6CiyEQ
z+*6MHnXwx2xQ?+vx#y1PCIO({FmY_6Hz#a|V}SL1exv*VLmf-E<vQ)&men2Y?EXre
zqe3`Ye;SS}(IrkPNi3ipz{4}e4GXVEt!9PTXU&&Yr=I6{yLBd#bx(MDX?l1BZIaB>
zc*ZG+ip^Xq_T2ZEYnO)}EquH_r39WgJjk*`ZMFQYRW$ev9%d@As=qu+NQJE8@?w?B
z!pfYkQ6X8YjJ(Zf`3NS^#V7<xJx>mDJU1QP1})aTzUca;(a(_Iwwu7NYRS8#Jsk5x
zd*g*IxzzK$_>}oh!*Fdgk`XD?lx~X_B|72!=Y287uRcdw>C(NT%)IJ_jMEk+A@5-`
zJBaSQLF6N1`F>S<Lhg6r1X`dRJ_RdW%8*+l%~k@kPo-P$_3xXq4V+Y|JEa#XU)qUW
zWXm%%n!z$DAQjYm;F-s=pyIO@0ZIb`TNJpg+`~6?^TGse+&%w&+GM5eyD3r@GCE_T
zA0T;3Gs^Mp6{-KV;<xI8Rd{Ev)N^<(x!G7TI~1O;zL8>PMcY2(;o%_uPC8Nk$AILq
z%zc}J*nS9~)ybk;ky`eG1#ieA+k39Kb7?>rny->Hv)&>TCz*czhbQz-25p}7rSOTI
z{-cbe;!UaKaD^zn;bWAM_-yskrX}-kpFlB3^z3plq+pot*u=zcgpg=e{vJeZ7cIg(
z*6}>#wn9w1$jQ%oah^|hMa{SWoTQ5EyW3f{{gQTi$sr^-#u#b+O^297q2vdq8jtu(
z3~A9%_S&t{_l@n)m>m(V0-G6=&mTM)7A|oMr?vdWYNd{ri;@h92jLokV1ly#XU4>7
z2UeUpHYDIs#Vtui@O}sm5s6nl`EgvUK0kR0j)L}1HMF(0D8ZcT2;$Lo7Wqb<4-}F*
zfz^_QV0*!84nem2{Vle%bzH~0sbG_U07+N%19)Tq<6dVtKBn*h8&Iv$^bE+UAB)NA
zpZUtzuU-iF6O!QgOpBDH5q*QB;RXZc7W#jlB~%Ttcc_KIHAIIC_RN#{?KkYBi<?us
z(3K8DnKMBw7jtb5Zlp1_64f)#TzP&2Yod4xWHa6<qx)LoQ3sv^Rk(-@-MLwNlACpZ
z9n1i3oVx1~c=I1#c-&W;5b?Ijr(uo{-BTZW%2qPB{)eZas!o%mkei&V?wQN-di4z%
zc&=?f*u?9@e|QeF{EHmKqDYaHl`S-%F2tTzf+4`%C`hiP*9-rTFp{ipYv1{YbgY31
zaDHglm0WdRbkvS9MR4&4Wc0=LM&>y;%NLE`p|d12ke<?c=E@nCUj;LB&Q8xDK0e?e
z-aj11AGz&+*(o$2`N;SBo}z-~v_skn{g{fjLlFhageCGi(!oIMb8Ht_FKuD}k3>G4
zJ!6C>Rt!553n*hL@z5-{0$C$zGEyjr$M)U3c~f-(^fTS_aU4>}^5#vhHw0N32F1r-
zw{wWkN7>Wr#$TyY9Yo(>A>7W;&iU5IRFph$^Al|MuK5jn0Ijcvx7)KdpmzyZC$oiq
zi-FAE6<0|;V5y6!Ez&ycSo0O|=Kw~OkEWOYYj$EKpNOJ`i-E)?KHAw??LRz~f5wF#
z+z%~>vQB^Lqvj=e`ewYh{*~bt69lK?slhEl&34TVA!P^6xcCg$(S#b4)Z2Z9ND<2?
zSxhy#DF^SfTz8D`m0#}oQSBopysJ*hoZKBz65D^s*4|u*f8O%oChEdAr30dUcnV(r
z?S;2Mq94<tWwGK#=HfF>I%_&11B@0qvBqlO=}{~EQ&qys-^;>HRFd3ES7!Va8EM`X
zXIuPC-4lBHO(brGdGmYr_<eBBFmXuP)-m<=-@W_cBd4)UH*k>?ui&W?oOkf^20I5h
z^9rT+qx6{5zpEN+9{Rwy36#gQvrzx^qGVakU#uT6`*RCs!RU}1n-hFW_zZxW!OZr8
zc?tKmuCdlykj}oo30`panku74O+81!-api&tP>6OIPp7mi0r3f-sfs^;beTM`LdkZ
z$|eldx_nGbyFjlk(b-aqAogP<wKt<w>v493>CDL`m^g{t!n}1+h(Y(%y4PsG<fHfP
z?#vq3$H=`5`Si<29(Qw;-Ht7Jd-eTA#Y515r*hYU@xEo{-1LrIr|T70mO&zYTqDZ~
z^eQT|muB=DVjaAg+i_SIpH`5DJg`&%Q?uYh`>%$8&Sn`+0{YotN^8BJdfJkVMa?Fi
zU)t<Dq0NJxL#_u1zS_~I6K&WsZ#5A0=hI0zf4s3&cqg6?>_Ih%?u5y!7WF$=^P(u~
za^opI7VdF6GrM2MK_iwgtbRjn6;Ywp5vl^!S~_Q2<-rq=FJuAq$~nv*YDwJ@sSgc#
z{{9ay1u(zVZp<Wi;q2qE_aEM);exs>KiDV~{5-{XrJ}05U?UyZA}(E7>k{X29eIc^
zR*0~F*BTl;vlsV8fVF2wxnPrad{+j|6Ma^s8`d&NALXOqmDrugXQa!sj+!vBv$y6Q
zVk&PJd4=0mPfK!;4M-^Z=bap<B!b;UMHP#12MZ+$twZBTCa!*@7&eYSj1lUiAs@;z
zRdD^MOHi^lFBMeDJwpyHuWH-)(fy(7=1Sm$wbV_4X!LLxb`Bkeu23e<d}Zcar3<Cz
z#f7#Zl6Fj+&3gp%D%Uhf_Z>n$U5`CX8ZplG+qaqCNZZXm7Q>-}wgm^eRBW8xS3yF(
zx&kjoZFUc=!Of6l+6;xY-kqc!G*a$ZX7{I#BH1da;gLP|$axT8;B-&B;~hzJ$C^y2
z=KsKiHPp@t-0VH}ccML^E1}?Es(dOw&6>?i+{XIX4Ylw=M%*^2b>%pbJ=#xk`@-nz
z5sw{d6fRz&#B!=mdXeSk8!G!C4?nEK1I|Hudw^?@FrU;O7^sk9I!?P;Za%d+(3e*@
zb!`uZ3-%bu1ocMsTx;9FA_R*(g{NNKeNxQNpS7A>0}y}do`D7h{=L)V*$Kf_e|hUI
zJ)__p(QE44hGkiY<8G;)zFCW8#<duxR)4Ipd=NJj6eTDn_<kiZEGsCK=LmrdUD(H(
zOrz{e(<D|gIaZeaY!{?pjrrXL1=NN9+F&KHT%alYj=JnYhTm(yz)xi6h4$wlOH8*_
zrzvh8P}aP96LK9pH}j#RwK-8vX0vInM`!@j^$A?<t)}aZS`9fx*Ss-KUaXmW#k6e$
zfzUiQ#AkPCCRiPZS(g}pES(h}P7-8@vlb!t;DE*Za3n7Fi)tR4ylztk`R|c55KS?P
z#|Pzlv%Jf$_3_)0`ucln<+*KJ#$T?`yz%MS^5at%&TX%`Y>PlcH6<@wRI;>Dsvb4P
z;mNFI8fm?dzN<XEQuKZ`t||;@5ziQ5SR=k5v0Ryx$7}CsHrydvvxZSRxSNq8Zl~(V
za36&0Wj+j`38Ou10@jw-3P|W&m`_^f|A)8dRTLtdZC)jEXpDuxa@~#xg(%~ib+Rz-
zj_vj>&OZFl4_`!hxOz~Y$g*62ad2GY>T1eom+uOG{b}v}@Z-~nxh9En@wh`oOB;!^
zC!WYkSevEBfWWPhTCv^zf<hpy;fR~Mb1t#M%r=Ey&X?KqvCoR42{U3H)}$Q6Af`ci
zM<cHlm5_uxaaD!<s?mKiA1qrj(CyfOB+5J6nt3tRj5}gbIJOj5jb1w>+e`u5fn^fw
z#D-kQ0H14n!5nQJ{W`dfTJlcvohOT4Aj{5OcD%-e1VSuVST}z;`V$%{CAk0W;r@Di
zN@ns<=wVW604h7!*g*4QEYy?27tj?I$)ayb16hPx&)=oM3`%CEwH-zDBU7i{uf64y
z=DxQ(J|5lt<Ua3P0wwR>01dm*$3H$n6kI3jkhoEZd?@0KU@1Fz$18|~>&DUj#VJ|D
zurcKop7!({h465mGs_R+$%zIm;z`%J=%T~<i)w=Am@QkrPrt(u_m)nCRS}9fE-gRy
zs0*$>1dyk%(L~r-ihPQ0NB?<@k2zpKUHpfaWa##=;{zdWfJX3gqyp^~V!C^R%sfVZ
zKWXI42viPF5k0=V{{RzG2Jf!_sj3Yx`^6$xCgb4t9cQDMEB8#O6`;AoKzkC$P!xSW
zFI%z{J><Sba$0{Qdxst`Q7X#=0KriAL8h_QN>+<D=1+doTM}Vjo8>1b#DO|Fjl~dh
z(UbQIpZ*&0h_Cb7_-!)$p=*0y>6+60%S7O<fz!;qRL){B4qjzf1%f&sWq`&ho%p_d
zJSs$LZc3bJo;W*c7q?FD#A&qLD>d0ZKaJbAdOEaM&J3HYTsxdx{Ft%XKg&juN-jlr
zM?l9ull>>6mnQt!wmp6Cb9fS|dkOFno;1|}a=L_1#&X#24r(mE<7qDNqVkb!1RdL)
zIgh}uj9tbCe&LmsKguY9;dSb?L56>gF-SC0ghMAoW~)V6cFqLNp5z`n?I`a6d=DD)
z3XhmbY^x4o-W^*SQG&g_7^W=A(~geM!cQjCM`%^>c-4MvUR=Xny=+1Sg*m4;fr|6j
zYGO;PiIgMw91AFS;PjK6U{rB32g(bQA(k1PJpAe!00SFGScp4{vrV*^!tlxf`U9x=
zB&W!aO;6fd;Nj=5w)m+*el|Z*8=sKQov>j@s5#VnE|T7&4Zmr&LsXmL&q<sAqW>i;
z&K<Dl+QjDJ!4*@jQiooM^`^z?6T&_hWa?sofTNFh^VE<S!*-3x#BQBrt3G)1)!P(@
z=WDgBAt1Dq2zj6?z-le2rCiSvTAQN#)D_KF4lRb|fTaeGo)|^dD1=nt0+&^1D2%58
zLAE`jy)Ze$8|I=r<LaiSzDB@@0?1BUygEB^I#UGc){0RcK$qHSvVU)YfQR86JZ?nL
zo*nD&R^JG!IfGU(l+UB=E&G1-l_9DQdgPzvOZ?AGnqLLzS*jZSu)gGu)O$Yw8_rTk
zH^pDNl`&$eij#XNszhq0+Po2ODF&F=W;rJ1liT?oc?y5_Wlwf4(KE*(SYnD`z!3@N
zdy9te$Yi4!v?-~5-6HI6rhiFDQd19-wI)LcU1Hf31rVhq<+6q>+b5*wDQ!Rbn*_Tx
zd}qD<hThticH1^4=e{GqTiNmak1QIuUiz~9EXuDwFGC?drA-;onL&VJ=}$%RWb>ae
zgSDcIeHp$MY&$-_mRJ<OrZfJeRWz}U+u-|4n79!mX@v65Mqd`*xE5p}V`jqJ-MasZ
zXThaCf?V)cY<<_{T!_|ZzlbmQ$u}qok6GH=B>vh^$I2Nd{`f%8kE^!+^Bue*_yCZF
z*fD=@@n?R%u8?74X-Y=^q0%oj9>(cwA-5Y~LPy-FbsAU7Q_}lMbon&R;imY5uwr=S
z%0YjKIbkWo)T;6ySaB+|b_jv_w6#E0k;sVhTRao)wAMZLmEBT1um{~Eyw1@4h|BS*
zoFY1*R+(&JL4H8vRbR%|Zc{U6MFY3gOf<zjIJ~U5p$2a1fV@O>Bp2>Js^hqbzNF#W
zChyj@^HiAYD!kocAt(sPjTvT4NJM2)+&Qx@-xm%5Prlz=p`CebraQ0T@QdSf9*v#a
z-le{!gFuxam+#V?{suvH3dj-J_&{MxcI{|O%Z5!&;OaWY17u(}&h*1^$y1<S7_;5I
z!W?lw65`BMq)k3&{ur(kaAOB&ms3y+#J8A&@p|rc)z%(Rp|W|nsxg5LrKZK7#iwMx
zRt2lYeF7SIAa(2(#>+==0lBZi(YbG2%bq#h_vU}Q631{X{;9O%Tw1l-8%fR(y1?z(
z(>J;^jU2PjsK?k+9zg?eA?4#*hw#++bPNR=L)_f{65jo>G?7RDggY(0IpRBW6>bud
z+2n8=q0v5*x;lAXB}1MS{lIHb=I?V^j{{Ip4HLa4i_3e5;ZNbCN1*wGq-roSFt4p4
zUqH$Hk<W`_P2rTY+!MYD?-OTPq#%jTKGr(vYTuBdy{>>Wa}lCASYo+EolGX{C2az=
z*$2?WVS{B$<`z2Te~tz!QpTT?aS`sN%n&<d_cAkNzi(K!P~}V+6l)p&NeT}ubG@=|
zxHE1ytnYJsqT%j7C4%hlxO%tP6~N~^4}_m}j<y9fnrHe*+ctGrx@mY$$P9~;wPJoV
zg;kFd7*4yLFxw@t&Tt^U0lKj#&SE`Swzm9(YS(5hTLZnnJofmXG!FCA4V)oTrr#uU
z|HJzL=gtWTH3DM?kDN6O^_@z%gSx*Q)TRhZ-Pqma<&2ma>yMT{=2o+yyaCJ~X1|Q?
zk9#VYPnJ#1eaa2nL2Nr`L|Dv;t35~hj`Oo8jL0Awyd~gvRi^8|sOL6R20T-=d~r0V
z!-{VW(m&RRDW~D+M)WKFr8v_kvYm_8fXVxm8K}@$QBb<Ny_J!<j0tA`4tOPwxOh9n
zo)9@l(f<^|#H84<cXnM~G_C&*oLgoR4{g<bjpl;}9I3^5*4W*vu#&aOPo^9x*<sUj
z9!-^0!_#GSB!MH(`C#W0B9J1E6Yh0dtl=c&DV_^0VFUA8x@aMH1Ge!$Jht*8>8?fY
zBy8()*x?E`!Jw*A%zcr31c-hh4Tw}fG$CoU>)9e^2@SbE9^WzKoL<!9fSiAuW5gBR
zdu0NmD?GlcdJmGJlpzP#X{jOXESrE!-h=`2kcRj6_`^*=gP?ndJ0g_}j=L-^enf`+
zql7?WRKek~;c2jX>B7M1ZcMR$6FIYTQZ25`@3YbNF$N06(iZ3Vsuh#h{fDO(@N9+G
zZq;N5r#bS|W6GUSp`Yq|-bcG~d>DzjG3o@~8tc#aRJ(ZxhBSbd>o~Lg$7e?+|1j~r
zg(u1YufN<&8)@7n&=$O#YvYdf(tHCv1x#0p8&0jCP-wQC+oqY#nijfzdnRa>dxO7J
z>jX1wwGEMck|?ujoC^Nz=@Bo+2re<0m)G{f6mn3zrXXIt;vjlPvHs{DWyIh-Spi}o
zQQr9c<>t2s+t{4Kn;`lfAD;fp59>Aaq3u|;-1^W9@#5+3#%ka7m8HHA+COi(-tCg9
z;a%NSGf@CLrY;A`{TH_#MEPGS5##j}ZhOsy@Z~A81WAY@(*&wm|31FMJ*2DnciG5l
zA94R8>N-siCw-F}&ocjL+WU?dcXO>i%%P5z+GlsQGg)hM=08AkTi)@IH4C+#k#KOc
z#(15AdL8;8b=4_jDRq$1&C5mxuVzJ_yY;H_t}P}~Yy1U5;BzpP9c4)E;beT%P~Ep}
zBDrn%U}IiE6z{-tR9n>#6Iw7ADW!7bv8qba+nh-MT1uUv<~4g6i@rr}J}?$B90$>T
zk&tj>LALD-HatIxElmq#n-Pe4$aJqwdKfWR@y3m`QWz9npgYHY7g2Fc{$hpn>I-yD
zI|Z^_bQwY~NY9sk>6MISnFF)S|FNzKd4M%?({2e7L_+9~Rhl#L8i`kFZ>+&ssuIqx
z*$M4^WlC|;K=MA6D9bL1H8t{IuV9vC41qiCV}u%WWJNwxWq=DBE}~`6m2StC<DrlX
zRj9g4Wm;cj6qV`%qytM2lHLp2L{m5UQmBv>ZX{!=YKmw`&i_iu906}}IJ6o<gwj!1
zP00quQmeHl&Q4i9b<H{2poq`{X*;ysPtdWvze@PEb%Djf$YAZS35qtvFS)kL{+44%
zG&xcpMfznv$nyOO;NfOJm%$qLwME?<IO|D{BuC*WUvg*))<;V?A(d*GErBaXH^t<c
z7=KE0h?*f(OPTZj;oyt@+lc2uX)S>7fIK^$%8o87=YiiBQ%2<X!Zzdkyt8w-0+vhv
zB7(tOv3%Jbe{_TCy(uU(?hLn0jN(hjT^-iR;()tvd_l>k*d`)#l|=c5td7qS()SgF
z<9p*f`XHxrfs-;jIhzJv(V+KC{Z-4W%Kv`5hpNGi7GULD(&z>dH=)ldR%P)=XH!aZ
z{_a7SbIi8jwpSC)kEH2~3SY_NQh~mim|ZI^;)WN4boX^hp3YW_=5pRqBTww~Y)?E9
z95{|W%fu1V+C$!ZkF&JzXzH6wOka_La~fNcG_(_R?{8X0qyYDi+gWcUjOTSU;+NK1
z)w2qOm7$-n3Dze}46X-;T3=hzrV9-aL*rIv8S(^W_L9a%Ci^b<)lV``PLUy%bT(D#
z>BlX#e(R_^^ORwMgtbmDE?DsHQeVK@>Q`TV5WVY9RP~gZ=@P&3iwB*#4m(UwWQnm7
z3Ya3~vv#a?{Xz1@&fep*Ra_rv)z)=fpK0S2L`pq=XV)#c^=fc?UiNdj)?p21{qE&S
zad$P~Zysrp#B6n1j<juSoBdK7<HI1#V<pGy+m}Y|BH97mB<!z@tX2Qobvgyf<(M6x
z!8$zEiH-!l;=_K80c5Kks4$H>0;5NMVsF=9W-QZ($QAs7Th$xrEDyWga#`|=xMm;^
zs^8OyZN=1l{bF=Q<bfg@=$@dqbkc?&mTfkDJ=Ghb%1MHczYUyM;%NB&G<^;fLwIMT
z)gN~{cyKl9)!x`1`u(T5g{7?J6Ni<AJ>ImWuPK+uQ*9nZ^7+`>5O1r3X+e^8Wu8ov
zpsyja&OWhh&94MbC_gFuzMrk+&)A%M#-uCRe6cZnl=Omt8xVo(Ks04pfG(0;cj}eL
zkew98Z;!01PZ$A?aW$2qZ(H~uC8W{qD1MXw&_?BE2mP40u5)=g)!)&vOjGS9BroQB
zotd236dd_xGO8l`(0lQ6p>bUFSC~sj{r5qGz_j)M@McYmESfqejCIszw8DXcZbAuB
zw;D{XSfeb`9QRa-o2ZkKflfU}jjq0+xyI7{rX$SGbUV(|YR3$@goZ6@B*-VY@x?a;
zG}nhsBzoM2exDh{%}f1<TSgf;foeENdk$Th)p%yLerajGSm*-?F?kFuw_5+=P3ZG@
zlTctsGo^p=kwwb>0#XDUXyU^=gT%3-TbR&D(a%L~k{joh7pXRB3K%h*SY52>NP{m+
z(}^m;lWyr5p<+7cf`Wceh8l!2_NG*1aM~Wti!xWMr$KOzd<rBNb~Y>#h?%6lsb#w;
z*3)Wio)(%&29(IIep^fag`PhhukUwu7>xd|Q}po{x{b1u*h!N}=EHi-q4vUX_6@d1
z(axDp-|{G2Mw8%1$Rp`GugiK@)s$?98gKho9Qhu+8Gu^PswA<a*uuxX%$cJ-3HA(&
z!<{`j^t){W@UZAa_wG+m;<Whm+HJRAzL-s2cu#uFhVA$dZ)=vQk5?*<;(?b~Kqfg@
zj^I1?%>~R2WG5gWoAQU08QdtBUwyfEB@q{}31{%n=kt~_kXo}juVmRXo2k?#y70wz
z7fbhbCfw04>op{6J!l>z>HhLwF5(~`J3EBLvKmJ_%1YZS%XbdQc`tQu8NuSr=YCwc
zu9z(f0XpuUliAG79y6b+*NF+_dTQB34@wN9J4kzw9u`e}Lk&At$Pla3Nni1JN}m<q
z1WJ0=NW$Tq`=}=xTb6w$Ke>PIaaD{ncVxc)lVT21-Wz^>NdMx5a8DxLXH!RQ=Udg9
za^2wbgf>)uDePnS#>)iTFP~<Lbn4X*%<e3`3K&(-`;S_RV|ka$CAjiQtH|7Hxq*hD
zLV@$DIiO1m5L-XXWk7iK4wsTc;4tldt1`Lrw(cc@T}5OkS@GYAIxa^pw+@FaNYHZ5
zoP>{6J&hEByTO^)zxYVDh>rasZx95`uBwX;R4L#Xzs+{{$;6tuv^y*lpgOv2y@G{m
zSet05L3~03=2DmREvO!qq<?29Ym3TW(Y7mBwtUSc_mxo?EjJrOeQvt8BCE<Sbh4L(
zSAO$uT5++s;a(-sgFd(J?SMAj2aX-}Py&6+SoE+7DiCnEYgZDBs$M-waAfLLa((%(
z8PY?n4o<l<k?|=`&}T5392|s9f%eE4{Q4YMC4R$$j_K_>o6@j~0uin#bk~(YLb2|D
zcuTVE0TiTMjcK1kl3-1qMoG;De6vvVzN-thl;8>sw0dX~K^E&>dQnFWbCGO#5sz|M
zz^3zykeH|kk*E?`EHTCJoxZ|S-!OOQIZ4Eh1~8#D-nZ`GvH1I$unf$e5kG|7Vm50Y
zoHkzHP<03&9}21Owg(S*;U*5mA9_CA1PWdI+}>>}zLT<mdLYirp$#1H$)ca|jqm`~
zPP))Tva)K^N$i;ZYjvgv+Yb&dVIn>1+}|i|@dyv|*N3Sp3K^W2*4e!3E6if#3*=5q
z2gUZ0!cdXegcuNE4V&dUAh-K%r7(sBWX&Tu!g;~2#^8AJK$`skOO@qO$q~rWk}ULM
zI0^{N*=0$(f=SVquG@3^4rhvpV!p94YrQREIZDU%i8l}t8_*e0yR9_;Q~!?l0G+gF
zDCqXbIop7TYt3H+mng%2M<gJ@j;X8`|9<EDOPD##aPOk*I(fGxulrfzSby3{Za<SG
zo`K1Y{NK>`h5}Bi#dYSw3>|Yq(|aG(prlaV*lFW;C1w`D2!WX}st`>ux?&|<>Wv-6
z#<Wc`{-oyM_zb>ru6+$W_=>u$P%!u30n7XP4Ko!voY>o0z*13OpFa88?wZ|tk@U6p
zNb$a42b5)|wv!y-FT;9sFn{sApB}(p_Efl)3302puX?<+&T0^%>uN`D^)=fylP;(-
zw=8tqTQG#c#>o5`l-Tk2*2@sxzYsNi=^N(tv36LaT6&hA;MIe1U;H2UMC00zTiQ~u
zHl1_Qe!W*b{lR)fP+r9y<+vIs#JRJF30z8*sg!$A^kudw1I*<`NjD4+%-+8Y8t$~>
z5!{P;A9d0bmT@BkNH^$gh?IdgN+9l4Mtdbw&Ix`pAzzUomZt8_^IWQ?F{<T|HUuzp
zsjj#)zRh^G+e|TEqdaH`=an6pp4pkT@`p4I#5?tPr?tnwy4>s3nx_5n-jX$ubCsh+
z?fQyM{p~&0@US_1PgejoOvz;+sddN5T<kG3rPks*A<)`tmZxUr@Y^#4=g^O-X$iH*
zdB}jOnBWl<)$uo^zQ*JmpGP1qwK3=%u8u_gU6O%wLF2^cwDz!{LeUx<W`$hqVfoSM
z;bl$Y`KGpy@RyVbvNa2B*?v6KHTtoa$#q6HwnWTvUf?<zZ}BC%{ymtjoAhchT7O!5
zFt}?=Lux+;!Zy!*DmbyaJhC-vEn@qY;vgSD)KrNeZA=5H?^dHp&82rNsI4}D9{sAe
z;%|EDq<vQ_w7xwE{2x!&X;dAoTDDZr0vI!rdG=~GsZc(4=XxUi+DE7c1Gx*l65oMb
zs7y`!l!e!1RsS)UUVu0d@T$L7FYy)dU_da63`g*WB8~J63wCZzq^i~&X-4VS`p*LD
z2-(_zIS~sOQfI}d5_wdQ=H9j#LoVzAc~5VcRK2IGc?A%gmU9QVIYSnCcm`aoR%d5!
zXF_1)&2XN&nzcR}vB~>OpPY&@I&uFDvku$^@c#aJW|_WHA*jA+&%#H&LmTMOvSq%r
z?2tvuse$!h)P2K-Y`bFWCOU>0=g$5;#clP(=u~0$K#pNr`+=n|wgi~8-+-|qGqNSH
zMaW`47m8{HP{QwP8=mMH%Pew|5DpM5_+s|_N9r%TxF_7}cn;@O6$T&L)rjjg*wSP3
zy;oSuIH2Yo^!ohpsI_x81aiH|I3--tfGD1d@0Q*}m4p0=()iXpdI2ATmu25HU)K0L
z(qah_7kvt}8Wlh_%vOjTw7@A5^w{=Qm71P<f$A9OOyapHAt<om+g&2w*bE~t253E2
zaSqg*F62lNdqU(pD#dXB16nXM<0$+|#6sPU=+SEe!L{{)z-&Q@XCP_6)fIILDgKf!
zm%s;eZOiM_F~z3d!(tq9f5d7$PAH8foTp1F1F@WH<e6`R4B~Wvg7<n0)r2FitLn`J
zRydCd6dJG@G}Bn0fE|na1ij=cE&#Tt&)xJ&**_gu;TDyuFFP=I05$!b$kvgaA2LoG
ziW|WKPDPk-@2IODV^|YJdnNG{E*T%-JBxiZIqcH>?f~Tib&~uSsW-VR=^lW}_qsLq
z)~*UT@d0oi?=aX#2BfF~7U}LZsv6Hoiv@qA!#LSp?p{Nb6@+<vKB^nIH60{I&M9lh
zFg&4{i9jkG(twth7fY88n)9<)YOE|r1>{~kL!9K`a^H3vllc2g#e`V=@Vh&mb4r@v
zAesDKLd{+ia=c;g?~2_?idRX+nqV;H++3!R#N3sq-_ti+@;nNGmkQ25G+ntrYsH9@
z<;oj;LWbNbC?Iw${r&sitW2J+qwYsaSFhMQu~V(hHV&+@yIf;xbR0|w1+uzINeZB!
z9fhS52Mt|Mjr0IEveN2JnHGC%GdyugW0_pdly)8IQ7{JU%AcZrYcf^LCwfduhz<D}
zXreWxtJ9r7j)uRO>Q^kPc;?(Pbp^6@<^jwOM9^BT1O*xE*LVEuLs|7<Q|wo0tiAxj
zCQztL>9T43x?|FaiT1@2Q=+;=rJb|D=MT~rR*v;anE)|0GVJFj!~k;W)ThPga5W%%
zRTXNUl^N)s_|a#Tf|zXVOvqy$|1P#6z$Nn>bV&cPZz_z{D*q!R6)G_u1}?469b@H^
zwm1>-dAh##Za;)~KAqUDPLD0+CS2C-^b#<hy`RXU9wKyiqvneHUEk8P<10S9zL`fF
z`Sogn<u^zG#^(cwMH02N?;%dAw;gi3;EjHOA#oI5qXQ8={l&hH+AVL%;{2}3@o+~N
z?XEjL$c$jAb~#X$#6rb^VsxCvuD1Lh?h{W3vDainP{1y4|J%=zNv?D;fMYxnl*4(M
ztDC^zNYKW`Gf!}`AB*t#?TnWbZ+2&Tee#F)m}vHSI)d|2xjza)p@4tNqwy(RY3lsw
z!E3u`*b5$lyVyE!4t>|q%Sgj`@HFoT^laKJBQS-ex*;ibN$2pE_yKMO9Gj@1bBvaQ
zY28UtNUL1!v;i_Ns*G^LxFD_0qGq>o?ra!m`*jy&e~Nb$H-F_+8&q0-<X#m2I_+-i
z6&6`T1$`0QEcijTXE`Zb|EWD-6%Ut!oOWkWoRZ^^FB3T@kVSasl}m98e%S2sxh9LJ
z(GD3HWCes=hvoQt@kax8it7G+N7v~)`3jUfJy*iT$f&gZcJDr)dNWC|aYwZ3pZHQ0
z;CGt@gCbZ)rc&DXZTwXMQtyE_r|<aX?SihF`imz=k&^X?eg`n6`$~ql0W|~+|KYVO
zXfPTv>513ZeEHFfOX5Dw0=_#5sjRq{rmla=s5)yHmY0Q8uY{UcG`oQvuPr5CFxH10
zSm$*gi=3>5w;^qo;URt@kVPuGg+Gx<p=bRr-<5pIwA8<;uUf0(fS$v7BM4Owhp457
z)R*BOf)Bulmj@Qx8UGFp#OYl~LMo+%<VcnYPlE7GyvJWIOD=sut~k+<T$G;QBG~*7
zv?AOy*_Z!WnII7oJ|5RM^d+-L^()KYT;A=NzJ1>TYq7@uEEf_QZSQxuU@FGdAvzNX
zVvl-I9#`eA-)97Uo(5O;wlpfWO)B1_u9$e=PY<VB+I;p^raL>xkJuNxs-8;EhF?MF
z*5`^H+fr(9wy*pg`u<Xx7idJx0z^+um?7*J*5_LW56qnQ@^DzHBgKQ`SopE}jmh*O
zh$gUDMCnyW!rut+%fejoR9o=L#a)`kpIe_(BfDt_v*W=YIz_c4%mzl)eUp4|x3pFW
zaU%KU*x`qycVPvnDhc``oAw8ovchPEqMs@<#3`fN)s<cWtmPNL{;S|wlp0H~`b7n<
zmd)m&=|P$zRm-S5?1|d-HC2$x8Pl@0DkOk4RR-#78A(eqopNf%+qmN->NXz)uq4_^
zy-9KVb22ZLiRxTjJA+vSd7+4^H|{4xQR(T!AGCKkO>q%z`2g#wYJWWnOeG93%r@{F
zZHQZvZ9hm|3l29hU9NRk<uUR;n9jIgA1^{b`BB0n^hQq+=IG#69L@M}dHvY{e(hg(
z0PlKTYXF)Z;^6vlTuxlxmyR<Bdx!ODD_%`7QH|9M9QtArbScrlD4roj?kJW*oFv#I
zmiy?<O&#|7u~XrZjBSbkAZWTex?5qkN!?DOJ}1ahhT(>nW<;^9lVDSQn?!@^L_)78
zS|DuieoPIZgg(r5qv*l>tn^Hvl)R6m*jvGfUE-IRH_i*J4Q+ZN$N8c+nvCxTj-Fm|
zr0V#pQ)mIzF+#UouH+hXEy*3zYZ|`G6)7(i5XNqZ_#h%}8<BA57{mUlmXn$IuSyds
zn5{unieb$uM`QTh=+JPP?yqPB@8^6NCjI!b>`I6V2Tuw#^17BPMY5h1)K<T%{-0uP
z*&Wn(v;Al(s3Hs^X`o`2kvTWH%{g2?yq%RxdhQsg@^X#lB44Bl99J-MIcis$S9Rzx
z(v@@MTcdt**4XkLaXT$h8KlF!D!!_yFz+W#ipX5@M>IRr&6oW^s+##he+Vc`?YQn#
z^O?>_tZGEhC^@r?a;;VGKZAa8v3#5DMMo~#*7ePXk_-n}obmE@Whd`vh%8pzWxkb?
zRUd9(-kS)@j@>fN4C=9Q5frkHJnuIE+~l;eq#H7P0jz1SLFEDkH=WKWKiXR^REaVH
zd;K120(SDMpu-1PFLQHCbo-3X?n1F_An~g~xuo}a{puTLCbHhfwV1+9zFJxP9mvFX
zOUv{@pR?&&p6l#q-v-bU;zqeupACD8Ut*`Nm9d18a+|%p<ONxy?#Mc3_%CDVPl9~R
ziW$I0yK4BC`p3YQEXdJj-tlADH*L|zuFi2f`|I8BGw-LwmrG`Z7V|&g#lG}=jJQ!}
zBnxaJuG6sT&=(QqVI5={At>kAFj)XgOyssLK>{6b>c#8uDVx=Ec@O^84FiQn#S310
zs&Azo8#SqZJ)n7Uu$ZCQOpd4cQ5n~x>~;Iz=yP*q(0Jny%@AREpvW>Y^aO>aLrq^j
z8;%nYMeb6OYrJ0Oa3V^}r3gz4LppKP5`<90p~l!2`c>0i{tkI|55Zb--^m9l6a)Bx
zTcUht@i|w6r%iJ2Q_9c(#<18rDV!zs&Oy4;%8@tBwsEY+G6A~-)+1Ndph}RloN;~A
z4CG}(_q>+vDo6f;p1VTj*k=>&-yiQft#`0$$A?|T;gdCjF050vtdiFwWP@Cc1)Cqp
ztp8Pnvd5R4J0(|sca*Ge-LZuBzMuKGV77l<PbWdCol{mvaR)hPLwd|-x7iSzN9HNy
z?ZT*5c$(6~c+YaT08*~bR=WP@3Jmi;CCzBU&O8*|#VP}dIf?JA)Y8iNUtbrSulIY|
zZ9zq5{^3&HQ})&}ZK+&a+$ff*`dlYP#(WJc5sBic<l%26xCX(VhePXb6L$VJ&+U#i
z?>?Qj-2W-ml>6h+ZQKr9g(ffIYUOqVfbpRW2p|3iQxyS;#{hW_8xFw4{d|hWGSI>O
z`bI?lotpc=)+73RYK9yZ%3lI*lpy3Q;lw9mI8ue^!kX#!krUCxSUAHz;zST{BdYL<
zWvG3B(@s;+VU%FL;@sXKJYz|055+rI2wOSut2bNi1!s$elR-U>jhyF%iC+EqM0AQ}
z@z<~(YVSk`G$(X>F_3cDtlX3BS+qo6nn@hHKI0sS&zt&*rDTHkoYlh6Oohv;&)ZX|
z<rp|0P+sCpS*;#Ewo64ozwT7Y5~{P#l%i5o&}|S9J3C{@kipU(eZ_)-?il7a-O2XX
z?;YK}eEQ&b+Cm`NJ7B6ujrC~xT52|=mZ)IuQvW1q*2v6fxlQn-V4(gpo(3c9QLJ3{
z1t+K7Qvq2)oX`$c8&tq`Ak9VmjlAidHv_acL?x7U^MfbVy+9e!*(zchKh}mgEMw1w
z1L($;Z^smTW2?)}*LxLvO3Rw2xAZdu9=dU-YRYGqwSSO`+74@arnIvXP%kUu{(zS5
zSM|$083iH1Qy_dmr(B3_$wf9eGxK?#;kd*$<b|Rp9e3__fxg)|>_F=%%E;SJn(a7=
zrTSSZs4_Ciw2>6XitZseujV@zR4|ZejXW7y&*#AT)iYNdXeFZfas`HJaAUx~>E8L9
zzuoMDJ~n5X=T!|wJReO><*p-^v342_p)mZJGuA}Hi=UpoT2Hp4*B#aLaobSRAXWDP
zKKlh#=a0qV;_9u=BWKZm!dUsihI~!@8lHaAN-cMf7Rzp7xAc!EE~XaN+NH`qPfbQh
zG6fB(um`LK|HOwo6+$Pki^a^}28b=A&${o2v7wDh6-&rxI|*vbqc)9|up#V%3(LTa
zv(u7yNuhQ$jf`E3qPIFSYM13ppiaNOwWA-ldz99x;KKp1kzbVVeJU7{9hT`g8TICP
z)Im2}u*s8E3Ua-@VN0Zcd*q47VVpYbET=Hq@jKe0^@~Ot05|ATCb9eG4e|X~uPrV$
zi5~gwD}o4S7E{$R&>F+ASObOCzVt;b<NGnTK*T>v-SL0dN!$U_RZ(ZYo;%SRNL^fM
zIm>-ze{)<g)KVjmy=vRp>>NXjr`7YSx2rlHEHU168g&(y+TvSpuDfbCCK_^vi{F=5
zP1B#WE?PvRM0(ob&ZM=aA4G@CK%}|HDe7Cl(a7zW3k~hd$GG&q23P31^`T+aCFYH;
zDs^VLpEFwIt@~>n_ZR7e+tth0xy9PIWVXJi4P}RIidc$IYt4lwS+^yR9Gj@%+8u!Y
zkouYed5u7xOXg3wIXY|vwU#_b#;#g!c0sX6?16QM67Bb`O!gWe*Kc~T0q6BNE+5<9
z#<%gf^X9rMNkoXk-k<jQ;NkB*=C1V7X#I$Hmfp_8=t*}-B_M^-95q6c0e9t6l?xvE
zpdx<Q`NaP?zTL1JQlE1xn;gU#m}J!?*#zsWG81fq37RIYtH_4S7L-+4vY53_3BKvq
zRz}>UQ1p<U)$k0eS)?}s9erAmF6pxyHw@QnEMZnFhnWc+Q#LO@$#5TBqC8BRprp&g
zl=^=lN7dlF;xxArL<;~DdX=(qA34*ZFL2xwGO+fVOqCH2falByn%$jsv&@PP(|n<x
zk9UQdORRo6;g;!Vx4I1H&TtLNKI@M3&LFMkyd0j`;wzYd$~Kf7X3`^~e|Y}jGiCQ(
zBEtihWB3yAIf%E`+7%R+cD1=1r`hZ-Zu8Ien>;YH*BEDB+L$3tRWkvX_H<cC0Y6cj
zrZmIZY(5`cOCK9MCMCbAZZl}$Z%fN01a#w$XUmRD?6B@{$5|Dlw11`xFj*Z>MDSc8
zSd_9iN`5+nO6fcNL{2#Fq6_PxxT&d;mRO<IsvUg4;|pE+@C3Znbg=xR6!j!_zxao>
zNdJr5{%5`~OBHEArWx9>*4BZsW$6~O`~5TXf9j4QFi`(LO?iF6h2<eumfzNNFhuF{
zFE5D8OSgBF1!zlWMt%#U*~?QD^f%{>AJ4MoqUl0_@njq~IE(s3hETCU6c^6io+%kv
zUG-<9>clq2&oz<2g%lGoJ~4CT^8s$t5zC3g-HgYPIvOwM6#MA83LoT(2%f8c>iLQH
zq1}c~$ae`;kDIDbL_u)h8yJpK{~0upy|io)M@+h7Sq3<*aoWBXF}KcH);JzH>PyOT
zH@rWa%DZNIJCfRc?KKd^miSKzjRR*BK`R5}UN$aO2+qR1Na$bbKB6?O$;fWM{hk~+
zXJ^MOxr1rrLM?wT6rVUbFap<psrR!X%=K+Hq<4-+XV~0AXlQNWL@~Y6apRVs#V2oe
zL}t6peF*xH4>-8;N&9}pm(|O>LM&&u;A($1i*b<eC4(s*SUmZu>(kyZWJ6dijy;rc
ztG#5Mj?(>BX8AVODE!L_nGDMmoP5Vv#Z^gRsYtdrT>CSfhy(HP@u6Y<wQ}f0nSEW_
zcKXwvKdYqbu(E2FdPJR?)K|IW0Z&6r;EZP_Q_q-b%hqF$HtRc<{`#->sQ(4QUPfk%
zj(%ANje^Cu130vuee(T}*0x|1GvyGu^+jtDLXVvQKM~TyaX?rl=}QM@$W#ieur}?6
z<xl8onx1lV*b(Ts>b&=qT#gwu%digHF+Im^UjO3kGQTlIa9*hWQl6kT{;P90!Dq`Y
zH~z!~`>H?>AD6W8^1lHYpzn59gBDP8(+^W<xM`|IdAlR)-bt$rANrt@E8X+qd&=&t
zta@mS2$rQ<HPze<Y91<d0&ZP|2;^EGyl8#0&CmjUZ2?s>ctg^N`jUVWeo@6GXNx`S
zfgTlI6*^4U+FlqQXWTIpM~uym1BNeQuf69ohBR#PUv&5mFTNhz#qg9+Pa7ZH9o%7#
z@jGKHOIK<VA?yVdmb&J<Z!y0@|Bcrw-Offie}Ox$nz`_2y6BhPl?H=h`w9nhXQp?)
zu`Q}aD^q3MS*DDc+|#TDy6N_uCKlBvdpUc8PY3lelM6x92@-a0g5C2b7f*)HoM=QI
z(FkXBw8|u|%Bpo$1qEeK$L`W?dnZIR2FqA|LOINRg13mg`u&TRF}U06a@vl1h6ru|
zfYWYxAzvR_zIbQp`o=K>Zfr4kp)!6=3)ZyGZ2PvyGJ_3ojKn5HAaDnQLj%!B1~V!A
znfD)R^bM4C5p35%&OvD&j3)G>*wAZ$FYIvo4od}d3#mBD(B2n-=&r96X%9=ajVqZ?
zsqDC?iaXr*JWBd?X6EH@)xY^hU>GQ$U$1SE-(L)f!fIc+OlK(!xLm>&rnKwXJa|RZ
zAR?|s`LNmzv$KPCpVqs}<qa<Xpl>*H%VX)vv;F>lYtcVLL)`n!W|rePD^iAnoYAKb
zOFEJ(&^o#*O985lTWDVF?giV7#IqpvdvXi2Ki}~tI~#Kgew@X^$`tZT7+-43#kFPb
zh=EiF!*H3dhad_>Wx(?aC#?p-;C|Bw#+S$XDP^+9t!;_=|KV9x0a7S+MboFv1BEW2
z$y^!T^V?oi{)V)3rmh|7;Dk))9UKEi58Hf|&oJ=v;|jkpzcxE@z_$~Hwwjd2N*cM6
zI#NXYpDi3GRl2%>kj&>dSVBs_aqV^A-dpy{HIaDByY0lgE|*c^Tt2#w!t`ecm)fT;
zcAYz<-&ku+bW4h=WlB*GOH{$0`8hq5El{`0D#E@PwwWW*!N$;HOLMPHo|~?in;w`*
z=i;4;f4Y?UODcA1rbbmnYKCn0;c0F0e&fh=+<hvppnXg@^GkQ`KfEq7f`8T8)^wCm
zcEhHR#f;QS)5y}cx<aRcHv+le6F-9`%83Je2Yw>yovoCmpBPZh@2^5-y`APFQ*;4b
z^LO9Bez=)At~#xD`>_rY)#$v=SD*2%lsCz8dd@_O<>40`u(w=(^KkNBQd(lk(R|6u
zvH4;|a$qO@)0LhkAQ|I4RT%#+4W@6deIk;_$5)+TW}o;pThmgXrc&e=)u{FD)YL<R
zF|NGsu23T!Gj5SzTV>%i&p+0yOm?!xM2V{$;!5WKuE~E)p`Vwj=;#i9cht6bR^zx;
zVFb~i6ohxTHmQlsso3NGkmgdd7zSFf-0yb2vz+=>ltW6DM2iLmOS};er9I1l_lUGx
zgEiB`o70?c+`--!ct!iN?=Cw5M$>MglbGytk`j%T2Y5FGbv07sJT<oKIXYODf4kY7
zMM4(N(1nQ{fAUA|>`$akwxf`N4Wa47I^y$U;tg_|?D=Minl;J$lIMB-J@2CPzl%!f
z*!@7*1u>0ytY^k=6S67ea55hr<BBOL+10-EkcgG7*S;4rc|mg*;iB?VjB=fa_JqLQ
z32+3`Cd6xPni2e|wySYn3NUcCx0D>(HO>GL(yMJZ^l#%b--c58z^;HveK!2k_sRd^
z9nH>OeO$Y?F4(BcYz(3*nca-_7G7CYj+U$#B(8XUiO@<#GD)7XwWh9enVA6guTNW3
zW+G{~ki0#DP3$!i9IE4Nkf2bR@|u@(oLM7MzFluvGGy3g@Yh;)zNYP(+(EB<Ed{!3
zf0e)vs6#EM?xYTgD=4db@W^Dgx@jw^^+*7t;gb+*$w#o$VY_=<mV>wSb{mNr#Vym!
zJQ{+cTfVP=M2_{frw|o^|M1@K*|Su?fN{ENAiJ!;%LrDL`zY+pgsL_C5c%w#O7;!b
z+V8ZM^XTU<<Dp}rqjp;Rjp=2;M3}j6yGO(87$3QQS&n!HmP9e*&+nxnSuS8dI+i5!
zIZCFx;wyCMRre_QcD1eO(xY&JIyJCWq1c~$GGI?^-r3J>a*+vx+`n6COO?ZJd(SO#
zLl?u1ub80N!>069cE57{t5?cBub3eXlG87t!(6z&249w;3JswXYG*=*;np|1<|~Pb
z4^B@L$>y5ni`DH_RUKHwyt&uczJCDoo_faZB;`U0-%X?}ADWJlLn*M`)xohk-mmVY
zfI;9;f=o6b?=Fjee%CFauwu%Q*Zcln>RW&m4MSltW}f?`pci~rnX2x_XlMSfuqB!D
zLqL+kgR6Hqo5xg^e4vN+OsZ$udCghDl_zt&f><B;6`ve7)EJt1xKg~3$*f{>fs|o}
zq_=4r-V6}K?qcJP=3Jt*l;z>GLFtOQ<t+2(<tHp}HBU-Y!W<SM?qa{kgn@qp@83P1
z%YwWV#t+F2A0-WRMc|&FbMfqi)g^2Tnr1D`!c(GTw6C;0`5{d>8&VtcC=_oNTnd@4
zsZI^4*HOGL7rW6rSA(u%ePnTG`~H;v;>S(!r3eLEw|@dCy-CMY%1KN~^I)L-3QN}>
z3->f^=S{3L$a;R*`tYY!PxhQrAQvkpaY*F)qe)dlOYKH3kyCS_+c0aUUi*Ic`Pd_7
z*cn<!Hy9QKOGH<tNq?69y_mG2e>k{@<{j}Txv%_UtH1MuqJLwayIkT&WINP)>i&!8
zQ@8XBGStGxBMXb}p`0i^g#h&9k9{w7=m)Zv0&T$(&%>C&CW(@SL%AOC1%v2^0~X{K
zSN7W&0vnL3rmJ=x`}Yjdgp`zlcM-Au-7U$>-$u?3n)!b7B%ERhkj@@nN#F275*_2i
zzL9qe?=LXw8)Rocg)^2ErU8w0C^WJS)&n>H9<SbQB@NZA%HJ3#FRjKgjflyL_dU%2
zh393SDJkUr#T@CMd}SI<hxW)Gaw9ybi!W(-yM8(4**(<8M4w_&w|rvl`L^q0ry12+
zg01+%hgb%jq!4JHdL6)?Htx#PENN~*I>K-JhMWf4_-h2g90l9vbvvs3`dNvp^jmV|
z3RTv^-c0_LxN&>0Ya6^Fk&5+eqNt~WOu6B_XmCLkTKKN9Y3Nx^{|!;-s{L<&qUNb>
zGOe*pow^ypV&MbS=Lb1EDeOZmAu!k;s2))nm&Gigs-haB;_UJ_(3VJ(H5;cDw0MLt
zaB1vYKACAR<NWUVN*+ytco2|y*r8li1fDQOv3mr(f-yDYY@psp^9?d@DCnL+_D%BB
zmuu2(7^3Kd+z42Ubph9b<>d$3<(4@yMO`F~g6v_hf1#S4Gn%Q+&54$7+KQc=%e8gR
zI8tBp*Y4Z}a*V-$UAqS+g*K5K$-1`*ul<^%xH5Zxw`sEwHqWBffU6e1s`t89&;`1s
zK&w^D7LYXVpk>g3K_5xiamh9@LJ^xkD{2%VAmQ6Q*?l<oH`lH7bMuYtZVpY3v+Vkk
zkdNFi7GOtHoy`^>Up(hjQ)8ZJfc1Ej=TAr3)v6z+0<Z*x+8gt78=o?Cdri(x8&1wP
z^2RGHI6P@AGVbtBm`{UShaRG4-o-QTc`&97g=;LDF(eOpl4x34JCs{|q|ZSRZ~9aH
z+t4*al-<-!Tg`PhT-GYCXK}ob2L4MGOS^^2UcTBYl-4qsM0nBZI~KQR)?PU)NJv?X
zlmS&4>(G1|9cPVWYgPqLPy9)^Ij|3Z^0Q+9kFvK8i|Psc#!(Pd5EKO@S4x!bW>-{N
zL>fsEX%?g<S5ZKz6_76J2I*#1N?La5RC-CNrIz(~2$k=9J<t1IzyI{QID77yx#tu2
z%$XVJ#f%v&aT5!MxY-#eZWXc61i$A)>l(jur(S1}#d>&CG)bCTwa3!PwQC=EHMf0W
zPVI}Bd#zrpDqQG=(II0rwN>dkC;pX7vcxN7q)W%ow5E3dt<>ERgktK=z`TxG1+JT}
zQjfdYHu7neIKE_h`D`dwTD<YQ^XuESxlt#f&U0)Ml?ZKM`z9B7G9kZ;Fn?04;ORbV
zYVn;~frI|=U-U#}s^8;V^7TaDO*c5nw9=Qrt@^=q6~;~V8A-pckL(2?GSKar7a~Oq
zFFrV18FnS<bFL421kFZHCfH}zCpa`wl36U#gmu*B?da~Enxq{v6Lp<0nU)nEX(e@}
zsnfBuOpiqNQ%VWLpVB($P#BLkvHixQ(hB8aHi%r80cAi(f8z-Yp-2RuuB7haTo^m+
zXxU}*zM`&YRDX)3vWtaqtF>$p#hQ*srI#Xk23I`44-z6NjpmvxhBNZGsb_kxpo}jj
znGcJ&umw%6Wk@BK+!~Q;dee?WUP)>zf9?RUqs1bA6x)XP02unbdr40O`6J~1hh5VI
z%2|Uq=0z>Y^v7lAH@B1|JRaYCSDyD2I;8SQVR0+VNFi)ibh4)SQ>17!ReR|7EWlMM
zdU{_&z2+>+`>rTPDE6*pN+VffAK1kTU#A!VhHuuZ?F&r2J$rD}azF_=3)Yq@hIRLs
z=jX35ummhMxl!p9T=ipkv%mjZ`)NhwwTlDf$|0*kxadx08ur^4<J`LONN}2E;*_pl
zuzYt&r9b!E7eDaCTJ#gGsAv7gh!Q_D)7ct--iwW?cz%u4V=nzJ*LOaXzLH9^>Iqe3
zwZR^FfPj8Cvrw(|^jP-T6>pOdWU$Ohc0`O5G99Zb?!Z)2?k(T4My8Ly6VSW<!2Zn}
z*;gvx$e7W~JDP4x<aS0C#?N+>*=47h3&`x3_1E82BNq2i9cev@P7N53#S4Iny9Z0W
zAkd+lRI>w|WzDX86}XtbW3Z<D&AVndQ+8ReT~NM4alZnKS=D%y%d`SbQse^?N(O&A
z6YT9!ua`>JBEt{DSWBQ!Vf}Iw;K`Ed0N5|j6+~gEwyCpE_mZ7eh-8A6Y#2Y}O$32=
zN&;737TY7wGa2%~*h6-QQ}<9QQ1<IfNa1f4?^cWfFACV^LbSrHrGU%~?^&^^<?ir#
zX}|y&2wLy;c{Ae>h3~^Gd-xYz6mIOxpxlZ@wl7zJGL)4lVucQTI~-ssUu+02l5xue
zC1zJp0yDkvk5RD?Ev#deky_mxmp`|ZNqW6iEN-!%Db~fmEX4>9v0r$xh*p*rsZW9>
z08V%>U@7Ol)gxVb6JyN&kb)~469wo8`{$~#3j|M=K9v}akBU6L?gD}vxyQ1U-+xCw
z|2El3#6(2xp{v+l{A7L#9Udyr|G60_5yMN;zDF7T-9Uo*Y_G6!Pd{I{&0?{^7}#Ya
zL+iDDcnE@|maq1{xR^ORxg4!h;W$1@Q0{`S%YDM0@8pg<;qe3a-6HqiFMkhNI6qCy
ze8-j=y!0%{d>|1*)6lzoe<@QN_-t6Kt@mouf_JU9imKZ^f}CZR>8YS3Lw0tgI#4TU
z3(9jW-`34xzh{~zV{MkX`q2K>f~<^!E7UG$%xrN9e$k%#aTnH`h{AhAR{1`(y1McO
z@S$t$C(Q#QA!#g+G1*?=^)%+>SQq?ticWS-@)@heZfw|XMTsq@UZ-}E`m4bG>dMqI
zzwtDr@8C7_l3K3SMaDeczT84lVDyw48c#8WP=iUUKqXYowJ)TnGQGJ=5rQ|*{=&HL
zy#gk1=VIxz8v#7kW5J5PX~V(wM!z1drWcsqOt-Tq=;`=n&~if}wW9pJ0K;hFneDtm
zti+|A4qn5-q`eo)t-HUhfr%%*-zm*v<Z<tSPqozq__Abe>#Xv^eR8sc#Nr4Zizso#
z&z-U25BWv@+)>;K9}RCgR|{18Jdudx%>?f3{*-UK!fF0Ef5u|ka0*ehRWLh_9B%3;
zFDFlnZk~CE2n~<@1|$8tE)ZSDq!V`M9TBcmzw8rg+W?%@KO34=R>j*#rC-4^(jfJf
zq%QAuBz*@I_zZ(xH1Fnnh0O7G69=*@U5zArM4<lCr%2|K2s3}>Uei$0nK7nJh_Bfg
znx<@QdVomf8GqH&+#nL1V2+1u_y^kq(5&eCraMjRB)z#jdu#+E;R^c3>Zb9Rg4Zf*
zqzPF+)$F*{f8%jZyv7k$E=m|(etb4`MDZ!ao$b-LiC2^92;@^?azll)=z;SBGj1=_
zl2(GIL003DOtln!!v-Lr&=W)c286}$xmCdSwR&?Vu?romsng!vlJ$979jjf~mS~WW
z`r$D%={ji|!%J<uf$V*d^$xWMwWC9vIQ*U9f#3%>&mlQ1u#p0s`LV#kh+?5SsQzIB
zVaMjhnvspX11iOeIv>4vI&Ev^=ZZzOV4jH+iWQCwwLRClY-o^!z+E|_L`J#JLSH16
z-HT@X*m~@MJq3n-ZShRY1097@p=7g*?lBvXxd4$EHdK$*a$32I%LG(Uro4O}ev`ox
zzAyIEyDaqJRW7XiLsGg;_p`m1L5CNpw$cy~UZAoi`Y6Rgqv#5i?d}4;BEa&gRX9><
z^%s;`!rYsTjjAq7k`-oe=ekqmPCPam`gqG!lj$i~wRDaE)2aI#?~N@!(6wbkzwyc~
zU>LxUw+W$Aiz0_7<xN-$cI<bT?PGzv^NO?P)PY&esA#WR`rz5G?0|ELvzDytSjx~{
z{|&TuUS<(0-&7ttjx-ZBs|oI!*~^+jYcr#`7$rWIUa80qP?_I)7OZ48Xq)m5wm9_e
zK%pS|k;Ya)#nkSgzr>2PwHq`$cSK(*xSgFmj?uA#p$gQWEgYWF(T?#@mKA0Tzer((
zbuUW^)Y@mx#Jqt%H)0&8!>dFGIcFs{XngQXC`Cup`Ls3c(jYZP!)AjgGO?73F7AAG
z!0F~2%kT5J9L~>LwmC@oDmZ%O%6`K{@{WG}M)Hb<T5Clh(dxF~_0^k}b~exl!R-py
zR??C(_|!*sZ2LR0?FuW<!7bvOa?^4`DZa83OvPRmSXGhWGJfbXm+nSaxpnZ(UHD$M
z_Ou;v5IjP0emU9Yy^^EtJBQbVI^Cp@q#suHSFdB*Jikoba6H_)!OKf1m20J;0Vza#
z_1{#hbe^in64Lefpv`wn{W;-$PuJMQJ@w)!lFCP!z2*>ARj)8E-|Lk6D;MV&RVwWD
z+GCa!i{kg*EC<HDh(SUkCx`r4jO=l4S-$akB}1*uLcU+AZ$#~+NVyykscz=WU21is
z6yosz^2O*b*-oEhxk&I#ok5RqD=8rz!z+K2Rh-b9WNi1|f*Np#$+MdGmK*IisQT9_
zSQuF0qL2)-Iq8zpcg~l)z?~j9;0LXw8V6!c3e$s4*X-lULFQGo7bKfiekGZF!&(-%
zq<^RiPXF5Jf**7+1l!xmtJ03@+||hqwzs?TsL`$ZzO?`Tofi1)EvE6uEFt`oV}_LW
zxNlcp9VmnKg89;_%|JpODM(w7mv;nn9W%T##9p46d_N@jdNF{Db_MvXWHaIH>K?8p
zlr<qOX(%M@jGZa7EMmF!ed-oL4~8T9V{hzj2#Px$Ukm`|n9l&G)`YA03YO~0BOkOt
z#R7!7C!#{U);gu07KI6bhTAXL%D<ljZd)Y#ZjVCx66_nb?&@&MVce#|#`|<yG9Swp
za{A}x5!!FASjlfGz3m+}xVvB`0nLA8`fUrCr=`MetL%o^VOqEReXfxv%Q>!UY0&u;
z6rBC(HoYIN+sw0sSj3&h#c*wtb7YMhu|x>u%=EbtZwXoD#NB#ee0DjAzUk2qzU>y>
z1pI<)Kj5m(kc;DzV+t<ws+GP-b=Lf1sdo5QapGkd<g*q5ro7$BtWsc+Di_IOG?u(6
z<&WAdsPfZ3=Rl^aDyUp?B^;D|ed-rlr!OV*0H(BBr5X`rt+)I*zHTeMF26c^kVZPp
zgJdqiG{HA7D%XQwFD`$mv$m;9s!Lg?^4D1YbfW3#02PTiQ8@lOen5fX^`)7|oKE{P
zp$|1@V@5!}PkyQjbreK-8T|;Tb*ElTx5TW>LPZ|A5d54q;)AgYIjrnWJoJ-zF;`m7
z{VH0j<mJ#N@qt1%l}aD8!>{rL;-Yp6SvDcg_X}S;7<)DJF9^)C+z19HuZAq??e*pf
zo}F76D_droqy4TJz9uf<1QY-BP{tP+crJ`Rnawv+hva)FYZmB>doo1T0M9_lcBo+L
z18g7{c9)$9#l<R-S@M{+?}<II>AYY4V~#Z|tYN)M(PbzeQ)kVZP!?RI<>V)@{|l_e
z>F5jg$w7;c^@sDU43=_jPqMw<+!X3lGN;0LMn2Njm$`=UcqWFefKY@3E^iE|!A6S5
zd0ipeDzJ)nFUrbP0T56?zKdHply#}!6+mbY&FV5XGR_wY$>3n1W|O0PkG&!$+3H!*
z+|oKde3yYHzr~d6gL-~QxXY@bnXu)w{uAJYdGUS`3}K$w{<WlZ<%b@b?XEM<JHPQ7
z-axJO=ksfg>@C@bwycG<fD&pcPHs<I*(B%j0^dq`j8Ta8j(@NARVYK%%v;+{OielH
z3z#1q+^Y%IZ4!*~S?D+OlM`Ei@Um8JK|)(u(!k1oHZr$c4mjVY6BU#YIhUbM-FLa>
zeGZ`l+bbP$!dko1J`ea-`>i*j*!!E1Ib@a5<weH@?XbJo^Yd)(eq0Tit>G}q{u-85
zR^M!&&c;Cxl-7a(ERAd%Ae9KA+Q_??XT8^BY(>HgR8-~GeHoT4N{~!`%@SGA0kz7|
zd(aI$`GdDz3ONHVi8t!LDnmsg!AllrQx5PZYxl~Eu4*T2p+UeI7XHFPPs*{fv{3Qk
z2jgR{Ue8tbavht!06(SJ2UQgm1uMOHT4f(m9^{a?E~4g@%if^amuHt!MdK)MVzc~|
z*ZQt9C2cm1g5ZH7n@MCt>c&pLQ{Vl#H#UH<(5SM@t?Du`==P9Mw&ze_c9p90wF_o~
zD&0plZ<X;;DwiZAuRB({_kMceeT$nphPhXSnefcdyZln#w$@scZNnH9;mNPE@3*+F
z!W2X^<%l6}y+FCUe=<TQJ?OC{#4a;w;tTAB9QGI7%G)y*8LnRO%2>&g3z`z-`A(AG
z&!|0Uzb`AVe*!0EEN{O^;{O}ZEK|O^BVH~`?)q||`hlZ?YWfmtT5EG)t=i01do%>L
zbRav-5%bjVd53C;)`}9y<O_B~8C6;%R23_~ymda6k3W>}jJ)I%^Vm8`@tR8E?ea;k
zkI+c4LJP~(_(ubAtlb!8^rX!2E{Vv+zJ`fedqg{qE)H$&8<8e%iXt{G*U>i~93>wg
zA_^%poLy86)tyl9q4ZGm-Xs#;22E@9?C3p=fO$O&1?dz}`!DJW$I2Hezc<i#GfA`k
z;=dr86U-j$Fx=jbjlJs-GHV!P)Bh7uTuAW!Hy%ZL3kjmvTeHTT;F0Wu=hsCXdN4$T
zq!9M^_whNdjW%T7gEwxdI~oXP-(q6rcq{9^F2x}Zm1PO+2qx)i-Z#4lwy68I*rXc?
zD&-y$HLO&VChFx)zsxRQeD2as;V4ORsROH-4h(rw#O=z+$50lrib{k20Yz{0!kIm1
z!ju<0=>g3%T_Ypf984kMw-@31uVQ<jw+Uc;)ne>lHSkp8QgXWKD<b%%hA!eIJa>a9
z)n--}xZSJ4dc$6G@m~;}M?$qbqYfySWjB(x>`;5J?+!K54Lc|<VuHc+9kALs#ou_m
z><Yeq`x&v%+b}=6UZ)nCgAS~$!3oxE!wl*yk&z!I%q3E#E^HlM*i+dgf!^Moz>$qp
zJ>!$gZA^PE<l}k<3%N<Qh((XsB;GQJyJD&CcJCnN8riJej5Kg3z}sd#j?7p5o)Z&Y
zkfik#*wXu`A_-%)`&Ds7xmVvqq<4GKP+eRZ7G-ki3iC6o!5L5D4*2JNNZsyt5p7|!
zAtgFx5v9;z@EAeb>yCm8H@qZpLac3ra~fO@ZOHSDOJrl$KdY{|0V_5+T9j+u0{P=D
zevD^dw>2f%E<J}R7RUqf#=$ZWzs|Yb37fdzylxS*!gerLmy^hBSY@)fVAV(!MnqZQ
zxf>3gblOhmwU(4=*Od{%N3Ee(*G@%3U1bg#hafX9`v<Y)(gu$t1(9r_aYA{<tR+`1
zylQ(?80JGvi11#$^iJ%%P5U96#r*rmqd4ac$<GgeqFfo}KFzZm*Cc!<Yst4Q><wpH
z88-C|8<$_=lH-5iz3(Lj&Wvp-l|fCL^=ys=w#L17gtTR%<F$3a(Na@?`6l_?sumOW
zpypg}5f6-q8uG5S!0LnTZj{QR(tQ17Di>!*Hd|fT=X>svw<YsD8!gLyAC8eKWTo}w
zMJc>^8lW}0uu>jI$g(-*Y86_`mg&eCpfD{N&eHhoK!(>+paEYRY7QX4`^WTStt}4{
zw*oUE6}0FD;NB*b0kvU^GK%sAY9IW}JI^+mC*E;D^x&44EwiZ3YF?y}T^OW9DRkE)
zwu(NZ<nqX+zMxwYEYE=Nf4$nQI-QWxSp;uiz3r@DvhNn{)=hjYD;!YKj=M;Yaz`w#
z@D@UCggBZlHuryZ`k<s4u2nb!hY<wdmt<uhYbeL?zFBDqE+&DMjP`FdIrA@9g^AVK
z+f429=1dHUd%Ftx=@n=Jm8!`_YU3%kj;SMdgmUQ5b!A}~Zij8OzUcjSuepIBdogrz
zJY!8Zwn(2l9qLzBwHwHDrv+;<zzuc2kQx91E4}rP3{881?b3;zmz2nO7%Lb#91Cad
zZoTTPI)Uyqx%e<IUCz1MD+x;;U!@irNHP8W1-RcsZiKb0yBpq8SizJIb(QOz((HrM
zh`nryjR)?|#V#l~1qRd4>Ak>>WOnhf;9-Bj-fk7BEr_N>=RKH_ATr343YO80ut-a?
z7Q~>krmnZE=b$z@*y=(SmFxT#gdmavJgmTxB=MRD>UVlNdOq3}>9;0vg};<PfJ8ih
z-^o?m&dJ@%6z`}0t)Nh&mZtj+bM142?~3?S1DT7V+OlQTsIX~mzy>AMT(l1hbLF^1
zq%R)yo>I*DOhKUeZB(Jr*TeyLZGVSIi;AcQzZl#C$PQOAr(x@<>;{gYc+aYHskk*!
z-vtyQ_i?`1Y5*pzH7pPV+9PxCPLx~_b#~dSPfVKCOemBJ?qs+2_c8F$iij2cvabG-
zt(Od$@N@CDGe>J#O~;BE(-rgzIN_W|ZvkP2JLmGWk{5r6Co-u9oiu;WN&G&>(yC}M
zt^4eydP}2vuaZ`r=8%jmaPKeLn+K615N9O<q#=Pm@8?iS`>!3{9dCp$02iWG_fdvz
zx9x)?Ea|L71;m$vVPo_v{iT!=RTnG`OyH#o18a7_TKaRwZf1(zwnE$b!-elf0;g?f
z{qU9?u<4IwTOVz@PE~D|1jrVv{zB85O56L2_DQ&k8C_xZn<Y?OFvW6Nybdu91+epK
zX{~!8w!N;XN3e=`fr@`(EIcf(W`8Pk(pp`mO1!g5=Sg*WX^^pJ#YNgd`=tKL>>&;N
z9yczd&e-;!m9c&?86)FdxXkA+B%G?EyV~@GM32}frRsM4>_obKyW6Ps2;ldd`Boe?
zg`_whJdLUjZpc%;C4Kq1rk5X~vTj8+umSb)BzJkw4>BPV`>Bx(*wuh>c9d1C(W<wN
zf3c}Yu3h=)a#eNY%(XR3E8&ko@04J_<*wZdc*gL6qsV1h7F46+2^`C})5j5$TH8qJ
zs4rE$R*d8g-1+vR1^I?@_&)8;$o^*GxpwusiP7+Z^^90GyEPo5dz#Feu0Ndtkz-Km
zFrreX(oR!wnQUgKFHnkRKpEa$TU{z*vLeHh#01i6VMFT<P@!`yE8a1rgf=GMt(1F|
zDMidsRiFjMR}1cCtxBLXeda%_21ZO7I_un0O1#~50Q(s{xstbev&yG!)-`rfPdg$+
z?->a!k$sx7+O!<*F!u<?jeeszdlk!O|G8U8cc4M!tS0oK{L=DXI7<Mr2dR~T;xKKt
zDy%f`NrkV=J@P7O?yiHf`Sn&dF=@6r@A^DwW{O!zIE&d=D0oDzqS|Dmfv)GW=(G>n
zQwV#eTXI(@uuzF!ljLvN5VY9$-~ZN-g;`YY0TzvVrz({dFA&_Q@g)K4JN9a5xwxl)
zXjT@+jN3Yx1Uz@#QrE>k3W)cf^YDg6m)my8Sd{&u7XFf(d84qcWNKH)>ajt?B&`;*
zOnPQQE{W^g7Z#Y2>Ui$Lp1Ay?^RwV{=pYr=q96Ma+eBsRZjiF&b4zSy*%tUp6|b4#
zQw&peEHe+4l?)Hk5S=hXvoKv)1MIUX&s#8|c!0u{JFy9s9V)}p=uN3Qj;}1ilcA}h
ziq-M_q2Gisl5L5%ze`TzSy46+kWB)I76U-MyEtj?f3EK9qSpM~wh?Z;rLnj*v_Z6D
zeVbLdYfxF>0ZEQrjH9z&qN~g`?W`y6+h517HKmndI=Ve>e%rxaehv|c#UyyfUE*%J
zTQ;kJ$8WNOI56MU7Wf6MN9&j&IWgGsHA3c5ZdiiTO?&$(j+%-YE{Z{X+~>~+)?XYj
z@hF_DU6gupfALa*xmDE$bW@M7>WPG&9k%qt76e(iK;w_0$ghurUi3;~C1dH}$G_5Q
z1ar^)S?ZCm<#vxu^6pAd%gdIaqzq+?G5tIJ5UWoiwC%a3SCj>_!%Io&Zcj06#dH5;
ze>a3^bs?$_6exSk?acOC^%ZNZ#2f01#5T`)8%Fw5QBQjF*f^a=-Z6%{C{YLf>;?A2
zI9I$YoQjWoM`NK6eX&siw{e0fhUt04rCA4aJgTgO=iYtBq_G#Yu|<(oCFUV-fLQF!
zSDW!5>6MhSzXr1^39#gfO9*<S04f6YYKi*U2|bd<8H;KTJ1FZIsHndB#lx-oVUwQ$
za&d9<5^xyqqvA>dnOR9amv70Bk_=U-&wjYwlP@8=<{d@*;bXxTF&nV&UQ=&qN{yv4
z<8id0<*U-ORX4U4)f!Rqlgc7m6_xMFwzRK1Zj#_xh2pyv^s8G|klko#9@MfkDSZ!E
zN~z$F;a;<^BrnD9Mt0YFC;c=GuT?8=AK1_~a_df|b-ZXdmc0W*bP6SZ!`{htL0O8Z
zwpdfNU-F;ff6&Tl{+(RhTX3h)skP%#e!C~I9YI2lecyplZc1azdZbd}v6D^#qfw2(
z)tf&TV<V>sW@D|9zwrX@_00>f>Ux1S_qE`R5oGOxh2cBAbbV`i=qSp_;Wxi7D@}C}
zS2p5e=z0OOL^Z5mOe{y<cqdG>d8(oaZ;K+;#F4&(kdLDATonGn^%l7Ilu)|x^uf@W
zQ~~0rFPDhSlTStavH@J<vaE>$%o(en>Aatou+~>Zx)`|LUv~sn&H6|oSJezHy;*(R
zb*(NvkC`H&@c;254LD#<+GO2|#<Swe_7emzR*tYFer%Zq*j!{g4jJf3E3J0jU9bSY
zb-W@sXDJ@O%a+9XDGbt{g<Tk(?E9MEIR0Sz34hVO-*{($&-r!ptzl`St<^Uo2jsHC
zAY6zHn0S?B*h?)Bib%r!PU^9p2xds6bpc&`;&T3mHSSD!-4;a{M)aaxh>h2PQx|L;
ze;3|XrE<9=sK>7~azc}n$_ct&oG6eqxmn;dwZx|vq{8VkmrPqkjWKTXB4g-lkK3VY
ztao1iS?SYz<?3>)jT4<mVtrp{K<tcaJ<hcv2_|d6n%^m(;K`MdUTR;~ocvrQx>+6+
zWjCiky=R;2DltkgF2n6`_pXNb*&2^d7h+{rA<8#-;bddY6K-_^%OTcpYt{%e-5AZP
zUknt>y1d%e7Uok8c;w)s$GR7*HtXub)<bU1rTVclKwh~+<@|V>Lj%0`V!I#Ga+SPC
zd%I&FPbyfytanQrtZ&DK+~TW_Ij78>Qnb)xb^DCp3>|f{)P)tfeqd?D^;WtoAPI@8
z3bKp0_6Bz>wazmsCEN*$F{Qq+$xwE;t6O!Aprc#DO<{XFBBT!kSPU)anf7r*<>!qn
zq3w=Zc7>0V1DYv0pch|iIGN*af@@I`I*Pzn?u$c=w@PcfN>qOJC(x4dsK?BLHkzLx
zKF;PX#`;DkWJsm0)5au_Hhv%!Yaswuk!YHK<?#)nqpC}DE(B5NV?NJq{Lm6qF>yhT
zTDej&S<)qqePjly8vx(A%iNM-;{p5W2e)f`Tp4Vz<g~FBx@sf+lfblOwMlRPW(+{7
z&A;&wTsT3WO9Y#hy<`W)y5Merf4jZz;SRW-Hw$Z(dT-;*I`;xG$^y98!N2jm^{^KI
zdD8C^fpcXq5%44d&4p=wD<a$wmjrju{={zJD%Db~`2i6v4qLI)gE0_v8ZbKiC(<hk
zSV2qN^FP?rC85Dvw9g{jH!EGLkz0k$f`A2|67&?#WF0n<0W?-JkZkWduxl5gf)ng!
zmS$#}dIbDONiH-Q*4>;8gcAw>07PiK9rmWgFp(+R1StYM74B6(hWHh(zq|?5_op<2
z{=USG<^mdg^jNIjJ_69Dy!*JxR%@5*c31VU1Ub?sN{OSWIR}MTFSohk(ejCiqQ{f>
z!LNZm!8HGkR(NmZFk0BC{P#id@-Wul{#*&MgWSFTSm@@Yg80UC`Nn?a{&<}`$}^a_
z^r)%e?!Pfd)TVADHppt9m!n=0SQng!{@CSeaNk;#=Mrohsn9nr4Xb=r$yVrokMyPZ
z=mI`&C?9109Whsb6nUWAaYv<~9vD;(T!#{H->?-JsJm5$x`St3z?&|&qW980q<%IA
z<3)t?79!i<EWPdt79X8}1HJs%1rF@->;SJ#jy%N2H-OcY94L8BJgmDtuIzUmX4mTX
zD07?Z8$FR>1ZZfJXLmIVHj$pXv`2--T7kCF78S>x4V2(gOyO7-N6$ve1C(P(0=ilL
z{EeO1x$y9H2-`+Z28ir6yc9ScXQC{9AM6Vpuf7F@QKo?4sr!u=Z8^71Nj&liZzpzo
zDg)SZ*&J<B%uLj%4%!E1*p%w2>;T$N3P!<zVeXF@!5JMs?DZSZo-N!MSR^JuYy-#R
zG{c!yfcwF*N!w^dGtgu*oX5gpq(`qk9yP7?lQt_C#JVpQz?K7H!Jua-$h_#p_6(vq
zZhD@&Wta!3b?Ns<E$xwEw|gP0$R5*S$WeYY{U_VK!XE%{n}SUMQk+JmWFE3Hag>k>
zr+y^xDEs}#B~EAmzv*LnYK8&B3i~sxM^E`4$o%i`vkU)d4zfgaA2{k7{d=`cl*Pd+
zwqcb;k4u0WSTlMF-+#JEdx@`p`>nv1?*gP`-smJqdB*P-T88a@<E;(@7nXt!yVG-U
zEyH4nwydnh^A2zsfOGmi*7s$7<f2?9>yn%gV)lo?lf~Zu5aCoB=8!+%(a`P$*6+BC
zJi<pU_ejD8zU1!8w=mLBiejx8Gtlhb25xdl!i@7yz$zAx$n?H!DZ(76M4dD^J#B2)
z1egXKhD+f~?zViuS*d4$xy|!npCKk`m$c$w*KRHCX!0FpPif-Am+tyTNk9_E8XQj_
z*CD~~JyMawKTQ4C*8sfS{R1yRS8rFI9!^9S;@`-_i!GBj>FoB`C#IAy&l9CL?E(vJ
z)=C&J;*%trIeHQC{~i6vc6JWmfIRPX6*-9o?k^EaX+K0w<L!|D3?;%0g_xK8jdzrD
z|K7oCaSvyBG)wi`jx(-hmlCuI3dbFY>>ziAL7TivzywGFx|Go8qyvC%{6EmZO_VZs
z+fzYwPZpR$DjSSrH8^sQgogSSAWgHLe3#P;z5^R!{V4qrwEF@ux2!oeM(se~Uy?k8
zzo*h*miQ^rgOTmU@tB#x_h;4!(#{Rx((6|<4I`-j;y@a&1#^BAP!2CwQZiaO%DMe_
zm+BLxi3}Yh1|5kV>J!}6XrV%{2?z97@aVpdzCzWBeETjxIrRvFX$58^P+vVB%6#uo
zfFJzFIdswaH7?b2hu{gI$h>g1B};<yJFePU!s)%OMdfwDEB#ZCK)}Q6g3QR{pE-db
z_&#^+d1eDozj3m#36Ft7-E-yfHTDIS!y{3bD~N#q+YN0(j`8a#?&go+qI}8|Bv_ZJ
zK%s2M+?qR<8@Za@r(zvip1!)f<0CViu6?-zZwo*6jr7OFs3XijHPcjVkHdZlZc8Pe
z6ni;R@ir+l)9}OOFUm_m_DXfh-7DHTu*&wArnlv3=@$aJI|=A+AURMqxYa}472Mbl
zyoAx-A7`nAXu#GouIDMVu90Noh9En=uzy(azTqQj1=SRQ`&>ryCmns736soG-3Hz&
zM~O?hM+uoaVa2~qPPe;t^w=>0AF*!FDF(O9pvQBrM1U}zmcZo3BppH6F^+u2r5v2b
zIB;tQ?7KZ;wH+4B_Ae9GozC>nVnKVee+Y$V;eSUvfcB2$1OOg?z%In-FuwouUFQ;`
zA3`d0U?Y?n(N1{wn7H3~`<O$__?zq}7^!eBBwGB1KM2!=rd2`4ty=#$Ft&pK!|o$6
zwmU-fgkyA^ZC!RcAQX$3>%$KA&OQCw0138ecT5{g@70b?k#rP&(fIrm-(_CD9s9?p
z!i4|BPHpPSTviYQcY(`Duc$?-XQR0ikc9=86w7IJ55_#n(s)#N#R=^(fdB#w2m!43
z8oqTz`(5ovD9659!(t5pH24M^Zm>?^e}*d+wmV%XeCKz9>h!0E?Z3h+>0fuAic^l~
zh@xSt-v0*fzhp;$t`p}ad77C24I<C~hN#ki5ETfK?d<GtJlsJ(<$qupatOoelzY$7
zh4PR?iWNDO4aZ!1s6>uw`FQriRB<x?2ShW+x-Ny|vV-KkTL7-8;Dj#w-;v_x={_hq
zq_{uCr809wR$eo{)=vBNtd&M7kR7D|%d?Q5H!Hs^2ty$GTK{B5sSiEgW+egwB=;B~
z+yR+J<95*Gx6eH1`gT_AMttLeoOhjNh6K5Tr}Rx%yY6H72>h2lf1|au+B=e3uu(}p
z^p9+sjo>_;r<6YuGxKkhp=3v`3xwxv84tA=@4b%<QB-qi8stF|;I@vX?O)jej0A~^
zzU{TFgNEm1ssouf0p5vj!AyCLAr@#4@gq^zM||{9Us*~9pM-94!p}y%u0u}auu1pP
ztb6;B)9%jb&*{R|*0x>MbI;Ep97bP#cg{HY$9Iy!1SE06huZxF>Ub99jX$xz8yH==
zQEqH2k507wV)NzO+O;a4+N9f6c7}CUXHK)qpZS?|LPfaAwz}#myLYyP7bIm5RJ=>=
zUYax9tePwQhQ*a>eEAqsLGu!{)oO9sg6)JoAFj3^_ju#9?$z)~vF`puL2h?iv8A3O
z^&|HH08y)@^@-lXO{y?8;9dh4flXurPu_!OGE{FS9g=43jqh-5trh5vlHC6SbSF;Z
zl-9~PbSFnZ=NU{8!Yu?S5u3<kf%bouT7b0slY9!(7WnziA0f-Je>5Q?YxSRUkoz}f
zGTsW3^K&0@`6<u}(L8S1f22o*O=$ygO6w%}QyK4<Bd}kj>6x}*!|5HV*OSrrnx1%y
zvWM@;KZGm>qDbS?u7($6gMSGDQ;QTbaQK&&B;tU9@&<xK72|XcF@Ls`Sg^+iI=Alp
z#MboQ^@wB}ro>8yQiGfCJS=U)tv>4CP1K1nw&4$nVd%RfedzU0eAGWhsok~QZZR@|
zyCB@Z4b*(hEJ2&}M*F{d*Gw`<6B%2OR9QiP-U=lA-4?9pVe(o_uwqX1oa1B5*Eo~L
z14b*Ae;uXpSMyj(Cg3sH+O+_aoaR3m@;^wqzrb^3pN@Ehu3i;T5C7NUv-H11=LPsj
z$krjl{UM-Z!1}+*xl@=L-uhhtUTQRlt2zNX;=K?+bBJ3P9+_av33F77GQh!`6H^aP
zNt;vRlj{Vvrm&|>>`(fz%{7vSBgO|md=>AN@+Zo_wi|M6vJRROFh7As&9BOiuX}A^
zYpETt@nBz-?O&k)sGQQQ|Jy9KV_N`#srB*fqcnusi|O(6dfvOe>#}jxX>$=7Yy9cS
zJ?nM4f`(|lP;~$4DR?SkUCgml`i)oVsAt)ED9xUqIh1BGvwr0$BbR08u1V@+pBn>k
z?B}XKUIcdHFcb&S$4EUDTo9|kX5gS?2dT2vJCtVyCvpwqFe*}LSUPcfg3S~B&^J1C
ziz(xWL+d{-1ug9xsW7lFjlAw#$(Fr%cf_)_!nS(K_U<I*l#~Yw7}GyR3V^Qv%7bHP
z?8ema<m0)4>Fa8#hhmN%fV|J2*RFkp4mB#HP=$&wkI@=XS3E<Tpks}gd7=z~mY2**
zcVjgM=zcwi;{@ZDzX3jV4*%m(Ap!Td&u{qOVG9i0*bKHD+w}sJOndjr&D&<~I{_w1
zduG7!D6iW<=AT624j?<IQ+|&v^zSGi^Yr#XW1?&lP>0!ttfFASjAbYl1Ly98BD=K=
zH}NxQdvDls?0-lFajXabQ&~BMcap(GbjMUeAb#Qa@&6ZUo%UGQ1+M^Bjm8hM820b6
z|IIP|#eBdq{o(h&v}N>f;y={m;tc|B>I>cS%@H8<AyhsD(=g;)!9!a}^J?$@AN>Jd
zzh{!cP|w)iPX)|fGmG6h{X^I}l`8UwRwi)m5X2Lr)>{Ckq1rIZj7b|A(feYWlXv&F
z=bX9kJ6B+<x%Hwl;R-r4Q1fz>M2uu4v(%dADFy%p)1Q>pnw`$;g)RasbPA7GS}utw
z5HTC5ZobL}j?@1Oy}h!R2uN*(0DEc^`TocmygGD2kHU^1w`Id5I5C<OP_6*r{Z}ua
zWEbE-@B!zv*Ib%+Qsw$z3FInZa}Fz9|BpUB%{tLeSNbQhuo0p3bwN5<%Q2k)DMI|O
zitevR1{59rF&J|m1xK|7!Wf9cI-G$z0igPMLIE27egbssg50Phf;uI){@K=lUe)r4
zE|1EUE^sJfr<d^9Yv`ORuAmH$jMT(7rRO((GAzrs7(G~SYU^WN4P6rXC^_j5&x*yx
z{@njog2YFS4l7tI*m}TQo6c=tT`F!%+L1TiRp8jqI0OX(nim%dYk%Y2Vh1n=zt<TJ
z;PUG~mh%+K>203WgC@*?5ndi>9!px#TiJ6)%R`-z=f$TSl2uk{KQ0fXi?n_xA_TPV
z35)ze9FCI$Tn6d^bZFo@V0AwORu@rr$vUHad3cJxk+S1bm$>WcdF4lsFS-xxOF!7x
zJ?>=Ciw$Td-_zm6gw84eP`%u@(l1;7n6~bIk2CW;E*ygYg3bQ`aqKNmeHC|nr2hb9
ze>}qUPO_vN|8f`K)gbdi_d)=lzX1508F^@+{^+_`yOh5OUs6pLg=4pdM`eD)dY1-4
zlU83u{;bbB<QCk&iq8?bSRCOz_n)38kIvI8d}|8PNy1u6#+@$E{!J>$;FB7PrRQ<2
z1~#<0F<^95)Ib4(II$X-aYsco3;!d}lLUB4AkhB<%3u7?*mEQ$j!T<~D*mki4;_-9
z;{RB787M>fkXMh86XCbo!cN!CPSuc)CkuR)=Y^a`aZ#AOt&8mXmExy}WU1V=UMD@h
zqWZ;0)fe5b@)GZwP&7q5F{QC~VwUWqBg;#*a6`Xl`V;Io6z~puq~wS|p#>dWdM$&>
zY;|SW4l6lBC)N62qy29O#GwPj%n$WUJQsJJb1>qK>ii>CYg`>%EwK&Tq5CU~0qtcq
ziETg4d}Kppq!9TMk1W#a+!!Ba-ykb>QoF<A?N&gg#W9|dKV}<TWr*al9_GO)e-%`7
zi(C)>)>4R!5Ba{M_w5UhtNn*ZV(h8myS)MnvU_dKT@G3tPh3URyp#MX%;q!^>k-Rb
zhR7ieCh_DhqWxzu_FUBLhvXFNjZwp`FjI=2G7)M$>TX1&bt=+X0h(gKqfsRMOJ1_*
z#@&P$b6D#*xOQ)9xch{@?e_bmIRjV!T196nO6>(dEfDjRKZd!#{7bbVvL{@5duaEn
zcI<E}rP6sPFY_f=oKyMz-OwCRy~i`x&4T7Hs|omJwOZe&t~9`-Nk`z)n`f&K6joXT
zI)P*qTWPg~^uUD=!IqZVkCf@u+F@LMOF7q5vcX25R6n<57gUp8TU5N_4%2l-6@6Hl
zj1$roO^p^B8%Kjyn)NP1#(-rN_1KVEq;)#Go$ffN;|z%y!;-uA-88L`n@q@_jL>@Q
zn;+iX?l|g<@ow{L_x2T%H5Zs#ZE*C!2_h>|TnWHeTpg{3a}s>toiKdE!@{YqD@sB8
ziAm`e!<|`%jR>1!zpf7FOU$>KzvIa*K2j;{o{27n-c*y2f655MJEs;h(lnqF6)XQC
zQK>o$^s<1|nOgTk*)Sh!b}x3QtZ=gP71(c^S67Bcd1gAtmsP#W1o(=kt#VB!zjH7^
zig%3j*;|~=+$cAnUVo9Y@w0O?y#s1Rt)@X0KR=^2KlU*O=)Jp?*CRt?>taD*GDtcd
zJ8Y$;xFE7_G~24RZ0}<+86YvzC%n!l@wBq?bFkOlDd2d8{DW}Gre&v*eA%ZC27yqv
z(b!i)Lw1F=^QE_D9h>DjCz2FLB4<S@saHu<AINoH)lVoopdw=XmG>c4)1og*3qha1
zLt#!%9}5qwhhe;9tZH+XNg6gLGm0x^t8Uw6$+*-wa<uZX-dVYJDV4Bf+JJq}NXVve
zi~9Wj5EK#9vYwl$-wvHF^Yu%x8M}{M;o8Ed#wzRU)uF0)5y)>Uc8fT=sWSPkbJb&6
zZo$m!c`c0oMQC_Bf4f2*B3kZJO_G+eFR-xny~;xwY{}K=%GW@B>#62>+VAYsxU#0P
zo!9C$;f@B9CdG}13xNrSzU*obp*6sgnUCFtHpNyNDq#^}VLM|JOJJ|*Z#)nc6SE)i
z-Le-V!Bj5Iic8QwP^>TJB|-9atW{IIc-b$0u8y9s;7w$kCefsdkQvlw5MWr}(GB^D
zMQ#H)_#2t@YJYl;!*;q;HS9C6lBC}*Q)LFbEaaC?Unx^nQLY&r=(XIi%Ac4T`&wNa
zDHQF@q1jYB7)mI5<6s6dS4U&I)s@Q=0lOw5{7rzfxBx}7w?fx9rtkyN!()3RUaC5}
z!=m95F<BJoZT`xFbSp$?OmCCzr%TbL+SZhv5ZdU6oP`>q^gb1KpZj^>wGa~I_+x%}
z$++y}7yD_y@m|g5^X+T<hQfI)?Mp!z9rN9Q-nBFPu6}~;Q|<6j_|NWz(!x$fEwm+1
zuW%S5dHqr&nYANVZ7TWwnd=^}131dpjQm)W8n;n*Nn7b44`-wy1r~*dqSX&?kIp%z
zd93=h0h*39zH#v2Rt3?%lHt8=Y>Yn+ET97-+j5Q&v|gX!%*vS?4bI#uD8LAzYR$&Y
zDYswxfxCENx@+iMHHFP^mD!MYp4uw`;Ok+x((B#SUr^4mi!Xm0+tbL+%=BOJodNF3
zuu%znU!be8-HqpE&3}QlM+g!BtZ{}#y(cOe+hl9i?P%?ZcBQUE6-;>QEL5ROG0a=(
zisS8?c}8OkVn%Vj0kpw1J7VR<<$g=$_gz_*?2-xaymCtSBF1B$i=ZjB*6}0kn0M*=
z{C<^Hw{j4-yuU#Low|c8@VF9dBR&=!WH#}wt}^KP(<;-E-6xaT8-<g)Jk=G`h(bmV
zh`(BGB8!NFU$5YZ!sms%5q8}|efJ|BTdcTl#85m^xN`R^Ut(=g5Js#(dl?L>j*hV@
zfNE?9+-X>6s{R@Ye!wTg8`iJ$Ib<~A;+++N*GbJ4U#pa2+7ykFW*pcb>$WxNjWKk|
z@vEdMUSEG!`rL6f1QG!zj^hxep{%OG3nBki>fs$+!Mu?b5_c{>?q`%n3Fgr=6_k+U
za(`HJQNsNg>6z{G-IMt(XuY&>+g3;vmaOSYHDh%It~uYFKsUOjgC$ym2mLLF2KIKg
zEP=~Tu*dQO%h}N4Wwyb-kzH=iA@gG7&zcq{ryCWM*Di8O%CHXYOEu+6yTvzWG8&Dr
z(5ZdMSM})kj)g4tT6)yzmocPEYG1k*>pX(zz!GSAZ#5C3+tnu+r#E0Zpy{DN8%|g3
zgXj+U?$IEqLYbN&$XnDPh{~8~NSe`K?uY-}z1c`p`KD+;a}IwkrN&lxCn|0R_EFl}
z3qkH-M`|7E;D*uu6~9eRC(>&|Sf0PKH5dh*O``kk{NfoNPPW9RR>I3BMH!;EOSY{&
z1M!p3FtpywfWIiOn7q)NWz6oA25-Q!Gg@7l4f~*-W4%SYJr)u3J%(XR`0dQw#4aMx
z+fjDv8~r!Flves^810%%8b6c@0IpP1Q<l45_eOGC_$OS`J9Yl~B{Qq<UXd5L1v@P`
zNg#c0(@CGF`};V!4V?>92Ub|+^t}B>_kus`m&M8m^R@~=$#9DyWZx&N2#QL3%ap9G
z&u0*X+0xu46`Q+01)9>Xg{0~&Mk1A+rCOc5@<g7)t{U*75XCk_P9E|>onOptK-p5b
z2>+7Ao9vE;hsy{|RS_blRo`~%my~k2O3k;m=C7SuoY?c$479dp9qSOD2V3e{<j0f}
z`Ds`6^CbJ*bAHkD4Ds@nPi;r7lvzCGz4LBb_x56IgUA3i_8`|UUF>0Q{N|!<xo}We
zaHvp!9ceHb#{2!d50eUm=8mo{`HoQ{QB=jdQRJn?PVHKWQE81B{sq?&-#m!(wI6Nc
zF-sia*{w_#7S(&8XTf-%_qK#6GSyTc+O{s$`YW?+viHSFffpY|%UBc3kA0&f%U)JN
z38KrC2A8LZ2xdm;*tdo9FD2&xJkW7dZCkU$`=F*dAhjs2p`U-7t=-$VO{>RNzyB?=
zRKklCe^!~N`?l&pJT7yS!Vt6H{cBVF8I2dR)WcyJL_}|`q)s@|LdhTE*@sWGM$tRh
zJ5WeNnwAk>Y`8K;stwjC-4LxK(!#Z&I%|iWQAO|TwZOc0w)V6#v8<}F@9Z16gMfL_
z)On7KYwTay`4R(LFV9h~^fWH+W%uQ&ofq8C8hS>eB)8<n4!x?2>p(G=M=961swtSl
zLzG?UkT@ZbR#uM3Lob&>?;eNs!MWdfKiLCuue6i4m$XFQIt%wLKMkM<qp3mmTp&ZK
z+^VTwq&J1;EzN8yY8AQZTU~sv^3$ckFD&=;g^SSxwrf7boSqB{xH1nMc{FhF3k9$>
z+`Gwc1Ff`!3T7_~2uK{4f2eAU5#_mJRQ@S)l9)IeTdXh!(w{<>mUepTpvy5x%P5<k
z4CH-JnuVRMQ~)U`)2ze;+!2h`?+Wzje&b<T`A*vXd5vOm@sjP6qAGYhkwofZyt_6G
zZY73EDPTy~Syyy-XKc0)td`?3pA;%9_8~&9Ql|!Mgo5-h76EHt8b+HJ0qcc$T20mr
z?<&>EWwnKUj=ELvpZLOWLD_JY`bkk`5EGO!b+Nn5cH~6_W0~Jg<SH=}dl)m_4{hZg
zRp82W!6^|TDWms*Hqa9Ljklwi3aqqi&K>MibXud@b0*Rog+;F9eAE~8+yY0;BZ5J`
z;+0krChcPAdC^`~SNS>hCO%H9Or_c%XK;Dyh@b56<Br#sevOtT%eQRR1D1CQ<ODq!
zoby$<({uBuwM5Rpyfxgj(d3l$D*|w5cXGS;F&rO%Y~GBT=MXi{QU8#ZnLBY82uRrm
z*roL=LhjGsMEBl|+|b{5*BL#(&0)hAzZS6RZGpAO^~=^|y^T9V6Cj@Up9gM3PKDEw
z&Lib(y|f5}{CGDDH|b)FeJpujh@!aiid)XUWc_nK1IWK@oS3Uh4QPv`Nf#b9udktC
z574SU>KveKc+xp6NH|cmv54b<b9C~Qw9iq@Pe{vwOEnubvTZGw3%*ciErq~v<bbg|
z$se|VzkZbKM&?I7qXP7dqq$)D@HXbP&ggY)Gt@^Q9>|bjr-@U&lRO&^ghS~Ru9}FG
zQA~-PKb_;+BIzpJN%?VTPFn^6#LShAPWPK$=dKHCG-$-9-d2H@p6^u<jGTj<PMFYI
z^{dQh(hVK>aCzGIny5D^3QO{_fM{cjm4Zw3+>CnA8@r%K>wh;5s<S&=t+J!|x9Q)X
zY^Mfvh0r*qwqL-VQ%ni3krRWwn~EHlA5f}2_dN@&v%-PjuuX1B<)ADT(HMX(JqMo{
zuOntFyDo)RAr@19sNUyxK|?_>v>Pb1YEm7XErhHNX4zupqbS4gRvY}Vyqt9t97BP6
zE;T>hUl3uI-@U`=C|C6Ph0EHeo4MtZ?KARQ_%>dATlt6i`Y$e%{tzO?E@04Zt>1Nb
zr(h2SBIC;1@wF4&T@HUxqs~M@V)8@F$loqbj*7u6xFgYwuN)lRo$p#3%eP<=Nokvs
zHJ7t~PL;LY1RoeV#L2*^^$D%PGE|@p2`<4*KltFUI-Qdgd6o6E`abA>*z}f<xRvP?
zLe(%F+Vdk;Y>E3BKkpMQaJ)zV#J>Tb_)KrnsVpg_X#eQVrs2I0Q*16F_jLQ4(=(Ky
zlyOcW)5fu2Q6Zy-y<{Zkw4WDvLDqHjV$1TXLH(^CYA+sFC!&&!r1xdo+o2?6r&=6U
zun62&S>H*T;7n_GsVa2}p6=pg(x2nR-o?$Ih`XyE;3_}4Nw1IAbsfq;6{JCDii_5|
z`^#WIZ=cLkEu7b_FM{gHT31xnd)#g~2D%nCS?^U~%6vu|GRI`U-WjqufTt^^SeraJ
zLfz`WsC)53wvJUIYB+nbya5v!71?r>UXT+!DyqGgO>a1U{o|*qpwvj#)Ww!ESJBi=
zMQ7eEc9}2Te?ZqM!O3#(834K!w)3Pqa$jZ(VSf`MA6Hu0qMOx|dp;|BdHPis*LVxj
zBnPISa#Y&bA@Q-;3Eoaz=88->R~l<NA}D_?6hv5^Vu3Go<!hIKv)GpRorRlK#~AV#
zXYd=f;dxRu(#DQdk>^kF_H$aM`X#kIH&!XBvqH>NP9aa*8?CL4&()v-6mJH8RsUki
z;pBmxw60=pQ5qa!6`_%rxx*+XS2UN%SQV~a6JWt<%d7#nyaY0I9IjZ#D$@z~G&<FM
zRXuwIw{rbaueS20eB*D<X6CNn?p0>#ZzckA1gP^JG2m?3;yWR|ofXES%3#g2?|U|S
z6DM>x#UDvo<ohP*tarJ)6Ik7<NpozUjQ+|FSSUj}5?Jmv#3_{c*qzR5m92$?eYx7n
z(2`&+pp<Pjxz54y=D{)E9wG{S_naYYqR4;<6nxY1vHI68@(-y}+uyS_{)BVFOS5(v
zk*kKd?@AoLaChMbkfaHgqvvI+lrP2elAI5wQnfxp*PP`~!w}Gre}q(lc6ZJ<5N}_`
zolmsDNX|Y^haJLYAjd1J*g^m<@hMQJh8jDKd==Z4NaIw{yFKtUU5Kj(sPz8(u_~uX
z&9w`?$_XtIb1}lZo<A^!a^1!X;{nmS5jHbYWrNH@^r8QGBI-2q+HFoFug3PN=iw%f
zp+7Gpa-@+fODdw_{xjD><~btB)Digq8HoveLGw>}*~aDyqF+50i_~Hx^N%?D(G*Vl
zP*i9Oq;&#->s7AD;SZnPz3;hU7^sBGr{FD#3rd&L8YZw}iB)nu#E`$}FI1~etp+JB
z6a#H^XiLWf%^euhDlfrak?dJ=>v}C%t(7vsKR7Dy$6uobc4Hnu8;JaakNFErw}B%i
zbU&oFQ={iKa&AkMIu`FFium29G5EomhCc&W{QPUHBUWa#M8(9OsTz951l?WdPNkC1
zO8&JszISv>&*EZ=LayzTe|>(0x5C<&Z^pdH=d^hly+_Vxz<ceguDE7m{1FXsB+udK
zYrGg9k9*KYk>A4O1OT_-^(kDmLv8{`E;VSRGsvs_V%NNuFf3-E)X3qHsbUjrI$WBi
zaTRp7L{h?gShVu$pnmJ@a`WJx2^gWfdi%~+Iw$97pPZETd-j0Qa$d;K+lO)uvAv|p
zrDsUv7bBGC?mR5`60aFdbYnnAnbne=!jv*y3LDC9{}4?F@h@Xe)9bv3q2i~e<K+N7
zlv*@DitFl;P;;UOmqrMF+G3=*-YqjN_K<5V^?m<VQ8wCPxGB?sxk`;#u7!Z+^%2-U
z^Em`tH)5Y6%x8LB#K^1B@5(BD84LUWvzWB4%A;3T7XE}DP%U~s0$}!@wn=|f=GmO|
zizR`t6LIp2_75?loy0ogS_v4-(#33AH)uPE?!a2*KmGP<6y<yI!(>WkMHrE2g-Zxq
zBMl&QO)C6Vs)HjRO_zFolC#SPK$lqw0NuEU)uDaSkvcom15Y0U*hYLoNPT!?aUNn(
z<z{ngK=bS_FPLkW2iy|ej~+Tvx|O2yx7joObJa-s6XD+!4}~OansurQ@@HB2!y1>M
z%a2WdOoty>9SPFE*^lmI6;;i>mXevWe%B$;)#9h5OqTGc$i;KMZEiB}4sjQS)^)dg
ztJVF`XKb^*obQI(q0qh4Nr0gsCKgidRqxxqHX9E$0an=F<bd{$07r*`sn+YMo{LZO
zEFaB#SGfVv&4RtC%>D!$A;r+?58Lb4tYo>-bWQNL{rz9Z4}aDoMT14I_vJa2Ln!z|
zEEVWGTe%umO?pYc?#>2!FnCPTW(#>loBDj66}mrsPi`Q|YW#I$Pm>*;xl%3b<=aer
zgWB>BEdgC=CHv6I9l?|U=-k0Chk-$k1JmzE2v(Qvjove{r^z!uZ?XH01+zDh;*^$B
zK$&jw4|dU$(R~yTBiuf>>=gl(&cDy=?X=wVanxnktXBDTe*+)`@ebsIE@FhKxbps2
zY(7X*`>+8IbbjN#Ka$n;gcfX{@_zazh>1`yY=6&G6%0Ri1b>{+Y++{Psu7Kk&M2pJ
zPx<xTUHhaN!*@!kMHw5;g|u|YXJ%D7jUYe={88%HPU~pz52UkY80V;wV`ynawzIvJ
zP2nscc<LN(7u7{5dccu+7(LH%>kZC`eI)7E_=L)I$pnP%?QGk_U;eA9+FLlYCz-S2
zBwka+BcbcNU%Dygr>9>1|A5{-q*hLXIj}RI;85v08w-}#Gl~Ze=?ls#&_01DMbp8=
zf&Ik){MrtEC&6JnY4OGoseli?WfsRA16n_JI#me_mQKqi%VCf8C1E0MMS$4lr3RD*
zyRo^LOw|HFOXSL|RY%GabgV4X>?rPQz?X8n<ggnQ-_<q&TAJwIVRB0y+{nM^=9Dk9
zVpdccN`28+XLtJb1loY-AMj43x8$2D5sUN904u3y(^VD5Qsa{v*V+j}gSmfEs(suw
zsVsmsZ1Y=E6$4VYA-CnzIe5MF>Sp1+n=fxgQaXgiXXdPvXN6fZ|A!2;>(*%Whg8m@
zqpXm!Z5QClOx2!K>1?_^J^8HWkT1ls9LdLG*OtM9HijSoZv^zf%R2egu<2nhiubBD
zXk-G|t8zD8jo;N`rVMmB{r{uuz2ll_+AiP#0)hxiSE|xQK%_`96uBV~q)Q7;Kzi@J
zTajKhA}w?XMd@9Xsz?vLNQcm+H@^wq@AE$I@B6+#_>pXOXJ@aSojvC|XJ!`Dpr34T
zr9J^T75QUp{lpsU%vD+w-+f2n-`-acD=VBzn^kZp<+y}Zn=+d3f~Nd0*!B1Yz^)xF
z0K2S^3$R;_TG72D@+`&hVCSEFdC8Gq{?L3TW)f6t%c2|`5uy1?dxOK@_lgt1@x@^`
zP$61s6q+ed*r4^Vc-mCg83U`(SCt>fjqypWJ}}D?g0&NiP`uhRS^GeD(f!(7biaGY
zx(=Px&O8r=&vMI`h8<q5(+TjE<K7MbgH?^|K<}$6+6#K$%B{b>uT?ia0s6_Zc8Z||
z^fV@6_G3RtH0a_I4dr7VgOQ806J^^!p>|sT)&06N`D#QXZaqSa;cz9FSd|~6+G`P=
zp*2+KRjE}`{RfnNCoJ#}|6tnQ=fE8JKe}&Z#eqH?xh6CMj(hO}nZNF{H*VIDxv)_7
ze=tXxKMwPb(Weh=#Gp3*VqR&uAXZz8LNg20k0k~r);h@+*I)4~cO_=5GiS1{?eg8S
zEgw#RdbR#-tmxB_{s<~efv|1cojbk)>|ETSek`v`#`O$baQ*MICHDZgX!yXu>7z<t
zciPPyqtE|<Y3sLKjMNCS>ABEWjC_iNIOr?qL1kF^e>rQ<Vfgyqn{@BHj^@|%i9tEL
zB{DPasCdjrLlJn{Ldxzg<KI3w?G5Ev7d^}4I?JegS+9?0w4?vGv!Q8fM#byo>%b>2
zP=Y|lQX>xh)`sihz^_V{aDdM~`mkPwQ5|-pf0IO;R4qx8bor3l)feOP^~v*z!M#9v
zi8op3vi~N3#ZE>@BQ14<clM5KG9k`=zuWs8sG=tNe@}&v{F`jJo|m~1`!hG(?1{F7
z_7a3*&kV>#{{_hp*OhyGhet90g5MM@)%UzrtPf3Oivs>dFRX&=g}rgT@FqxZG_{*5
z?};Sb8{+Bg5}NM#+Y2B3?~}jiw2*`~I`P#vyz4hqN&nNk)mOS#V^0|H`+_(CkRXxr
zOqv(r{ZB6po`HXFVsY3qkJyGAV&{LLc*?_1Rj-@M<r4vbB@y-UpRN7xi1xbeX3b&s
z!Q-4WefR$p|Gr*Kd<Z+sv@a$zwh2fz5ffQHJ(!KorU7iq0O@B}s$eV0cJZ?P_nij&
zFIurIl@q^$IQdVX_kkz7a=59Sx$75ds=E}{BVL^Lf6`pr(@0~r3ef9m#@SL$cjQ0O
z^hKpg-FZuY-c^rFHPxU&2RvywrEKoJ{i{(sI@PYvo7xSB#p4q!c-AX}3;y5W_f(64
zS72XziH&8o)m?lSh5fJkbd%1i@M`$IFLGqpd6a(Ff3Hv!kvZm_u@OP}#lh3_Q%7~1
zOV5%KCV)3-JC^@0-zzZs^Y;-2)=>Lie}<Bh@-HvM%{E)tiYh^W*>poaBe0ag=dn6k
z9gUCg*X)SuoM<}p9`>&6yZq>V_r)_(?T4!Z$*DA=Ww2h-BWGpHNNlq1%r^SS(odJ1
zm%=vAec;o?SjySZj~~wP7}+n3VFt%RZw1h=qp)<MOD}a9=YS(A(zI2mWjx;Llth*V
z?J%Y<TQa6H|4*sywc_>s7P!>MNQ+k<)J^VdCti2_D-V)h1UPnGisP*#ci?}iPBG(%
z)sK0+KYYFW#@DtluLgB0Bgv{T2T0d>_}l&0vTN8jX~u!p$kd{5tq(oDnrHPme(BdG
zLK_n`a~21GW&eRlRf1IX6EsTTFcrgNRX+4B(4wd-^J#9HV_-@kjn_YQ;oPKpEwsI5
zlG&13PEQLvPi@;?ndcjfePB3bMfQe;HHk65+u*5cq#DrS;b*g%A<cdr`H2WBWSn3#
zxVXQi)3~y{IXrLL&EP7e*jVDmy_3YC7+}FLFC9D+=)O(1f0P8fU*$P+KZuY8Qyp-l
zM1a#<SJ%$E?kFxLc8xbrZH-svdI_rywSPC;Ci^*icz<M&9dl6kdD>P>g1AxBqe0}$
zOa(sSPWnF(Uws<bJV}vVx6rraoPU0QA%mUk7sg1-xM@szS9K<LmHzXA3vcpW*x^&s
z2C3L$6WDodVUaD2moi5Bv1N{1q+c7qW|bW~iJ0wL#JJPd*Ic7sXm$(VEX`j{CR^wg
zr=*{gW-q&rJ!FIXVrI^K#82hj?pxn9DzD?O82L`s@uc(IvZ{PLXXGDU<>y8nUkT$p
zrh@KE!&9I$6Pg-FlV@X5zSyQ2u)xJPft)Xl%C_AeT-^&)AH${zN-A{w7wb|r`>m7q
zyV}9fyPozKSGz|6)}x5CoQ<D~$}ZHBVL~kaV1%iD=_>MNz66Ood)z(m`}5ofopZZ|
zDaqx!9|Cnwcg>VlB59jGzsY_*%~;m#k@h1dfEu4r-AF*K`a|~#d9G*s;i9DMsb2V?
z4d2}yW{Vbu3?KPenkQ$FOG7;0bT{1cr+>W4^6aBA`9a3=v%m(*VYQHpJ%5C-H?Z>v
z>x^B0_U5*9UHIht(tws=X(7XnvV0p1BBF0>#k1#5B|=G@p>ErtbaZ_5PCLa%%l;If
zIEnWxBhS(n^lGP1*|u$|ghOWyQqH%{Zs~djPTJj7yPun#Typwg`3Yb51d8j8<HkOW
zFEJ(E`L*d!sW1@_+Dorhifk~VrLiq{J^`&#p7?0+p53uUxs*}mN4_$sMU=e2QH*so
zyc|QR{BA?wR`YiiPdv2~tVkyv50v94nEJE*9Ix=x%CoCpxwf8#xrq1ncut9m6LHMr
zua~4h>WT7ZThr~w2M_bz?7YQ9x7ZT0IXL9QdXrb~YJ|e<&M!A644!dNH8h}`>or&E
zu<GXl&iEhixZVpbv8SZ)K)2&nPs<W=8s^apC92b2vX1=*)J2C|m@GB9yD|YjXoIHY
zU+eE2bBv`obBe~ZL~98X-?22-#;=n#?C)wE?xCfr?|tgqoxI2Lp3W^~P4KicoAA4;
z%5G%iflC8o@8P(HooNuOzvG;AOlJLfYbskcGtVF;u*7@D*)txf<DJQ7R^<j4%v2B~
zxa78~40WnLz!JCFt-8Zf)6ae#G6&r}uuA|)FZ!#CVQcq#-q(<!>ZRXU6IQSS^9u6$
zgUaqoy?6Hx_DfI?DdsNchBCni7r7YtZ}r^qi_Tj|%;pzpGiGn81#wMurPQD-Y9AC2
zpV+C=_5Jp-&*0ap<6Z_%Bi+*n#rb;fC!P2O_rTQou#?<@k%2v4&Wc2lNt&>hKM>*9
zs3_m<l~qX{?S<zO&#wmM@Iw~;Ob;@pP(yaHCva`?q_d#<x{|?x$priT)3*{)uUGQA
z#yq}?v<RACsT}p$$US`3U&Ol>BK_;OpXWr)6YtIxio7=Io7uUmqQiaJNd@}wZNgq@
z;lOXlI#YE_yHW;cNqmob+a5SRPGohJWsKM>c>Z*D^{eA}36jcj_3qbu-mX5cqgFR2
z)ehz^1x30a3+s69b6#PXbFX`QzwqkJ_3;>;nsFlm)uCH)-rx4QQ-nIcWD@sMg(;h(
z?ijw|6B*aI%`BS2(iKjw9v2ttwfeE?!SSVj+u;Yy;->NLh~n&PJxUHg3XkS!>`lhL
z+kKkT2v?H4R*;6;)>6BYonR?h74mAz&)bXlf$I~3R;}>$xp;@gY`ePwr&!m>qupYl
z{f{?+m$1Vz{pMLvGwt$sJNggsvdZe1Xr%m8h8;sIu#A<!b;FJphVLW}OXklx7|dDZ
z+F)3nn3ZU@hZL6U5jp;)LVE-v+7(8wV{ZGAf}B-cFDp2rq@}mA=4X!*is}=GXC#df
zt#7Q7J7Ycgq^2Y-q=o9o6V8Z)3>Uh*RhEu8t0Sm-l1Ma;B8JtI=_nK4YhIp9V0;sk
z^@^!%`gakN<^e2fj!uHQYjh#}$mg^c<DF3BIQ9opm3%}FroEq+XjkZCs?x`5vA;@J
z(l*#>vu(>yuNaCN$TRF=fBLR|@RHTpj5J!Ks(LG8WZHq9>#SkA7digvyyGzgi54`}
z@cL1xyb8Bgici3#--9D^Ri$aIw0`$)Aw4Z8F+YRlY74pG^F!#FjaA<+la!_M_wOIS
z_e0<H3`E)4Y4<)Gv@*yuG%(^)qH(F-?<D%XIK<CKZEzT-OqD(ZFCY&9GuT+&5zIl0
zm2f$*peuQlzFX}G@t?vL49=nzUym6?p-&yoX<pRoTl_SdHy@5u@nEspdUMp+%`H9o
z6%0S!iXB1V*D54rJ`O6fSlV3z)7Zsmfkg-mzMIt0(K)^32zc-nW;HJ2MO*p3Q&$XF
ziYb<ihzcA;OvnuRQ<hgQ6KWHy)X%Xz9_IOI@U80cl^bxfbuL?hfvIAf1D36*)xP8j
z2gh4--0hE}mt{|R5hAzftMkSv6sBeq47{AQdzYt`=mKd%+qm?8-(+gfHB<Xtq)@ii
z_F-pYLS!&(lTdtV3yi+7Y?{^E;KTH&^2bCml|@7~`{~#y-rb$#JbZLhAxR;gYm?A4
zMBBK6OTdMzE2%_#$K<~04FlbpoT=M8p@`+AD~@rc+OflNYDb&Mrq8WOOZeXWczfgL
z_@5m2hA<*mMQF!6udC+1{OJm-@M_0YeHC!v+N|S4=gvGn`&KT_K2Y(!+w$kexme;;
zwnWnb@#U)?!It4Bzlx8aXtS@4H@WdBb%-(VKI_*EiARiju!;*m_3c&Rpnb|8KzM^Q
z!W?}A)oU891*1-=-b*Kt3Qa~nKGx{WY-RzQ%rOyBEipuDrpi5NP8E9Saw#!WH>0mc
z>y326rT(Y@8&H^+FvJB5V|sCeIpJB~Q#z#d&Bx4(QQVN(=yVjWG>CZCF;Z;9dagg1
z9LnRfo7K6Sy;PG<kP1{XF|bE4MSAvPl#SSi&40?NAAl^zGv`G3BE`}PqFO+WQd^RV
zYtk>Z=cE1}Lx+6qi!`<o12qm82ZcnbK<M{`ow=Jgtb5Ya3E~x?DvZc`l1RvXVz{{Q
zGf!$)YskfKD1sUkTPez!Tm^7ZunRE)BDA7#^~NssQ=}gRh*+J%Pf3MV6bYEipOGg#
zMS{pdT&<fo71V46v5yI)aGR)~A)yd4YAaz7o{;`vGL0AsjZPHA12qUvEQpCX)(EwR
z^kma>MiDpM;CwO9I-`-&7mWZ_A)?<yNhN^tn5_5kB>J}``hYlPy?2cY2|<M@D4}`@
z#8#9r$;{<e{n0XH=IBd(f6IMJWDU5VuvxSQiSk83s^yTZzKFgE50tPk#F>Xjrkjye
z6w-ci06i9#*G$$IBcZMWvHW|481+Z%q2R2=U?BylHD@$C-as}7H=zCs;}CNuYcAoB
zHZE9&@nAfpP*ehy%nj7wrR+9|zGhID$YxD9uz?=rA$%cLjHGaNAqAKI$V$ixCSDwc
z<`=|721C+QTSDDrsC`N)L5?uuSknU)&<yg%pnNxl69|=3ME@KvD)Ye-?pfIc!p;&J
zr9^_5P&cK{Y!HcYm*5*Hu^Dw$>vlAAI)?y0*fpZBah3|r54D~FkqrnYNhbr>nvM%Q
z6AzDzLIC$Jy|YBGs&$+7j5=O4f&>+>00EZ`0R^qdg8LG!PKExrpjFnNpkPLF5OxSi
z^vr0)S?|(YF>zx-D0;HN0=gkE&In&{BcKq$sB+5)Di}dFXiOLPX~wT_6)ysW64W9D
z6iTkbNP1rl4q6RVMjTv6U&<~BjUu@15G<%vI~sC>EBoSDb4)PVF-Spx#s$4-47dXS
zXCr6{_tX%$wt3GFS9qvzFW$w!|GzI`Q=p+mfW6W{isIiB?NXZ$f?5ksfUUBiz2DeH
zF_%NEdNtbJz#eT9y?C7~FoG#uBgt%L#5H6pq{PKXa9)yb`gYE@UXb}cT)@QB-8*v~
zXXwGhlg;S{hgw%TlX(eS#-q8h^0j3|f}QCpy}tcg%7u8oWc^mcXiQw(27VNg4G)Zs
zI)SfQ8*BIn@<#ak_z@q+CvB^cxBfqfb0p4q(}}6g!32qebDI43M-y*|)uG<s_pUiN
zs@z^Wd^sik@kyEv#@(;HYVcuU-yO#>x~jmiV_nnmd4KtUv$R>T2-1hs>Nn#lR&l(q
zs8sr2Nqm@e+&sKFkStUYOZ@Sd-P{}2xPG}|NHE2(*khf>7a8Lt(+vyRV-p4s{d6x;
zlEYjKPi(JY$Ienu)MIB*JmQmsLs!{!J}5Sk6}91y#68@C9S*be4n)fHun!%;r(Xdt
zqpIj*tT34IZCf?p(>bQCK@CES7rk?4Tb!S>GIiUBYk=SE#O!QgndS6&@aEF%r;TMN
zqA3jSOZVfdS;@iDZ2Dd|Mb=Z|Cq|QY))jSP4X&o(E1s^d4!!s&217omJHqB>Qk$J~
zuKgIVQ!W&L_~CU{<SUu4(JjR*wP*Y9X4qdU28HvG%d+&BJJjn62E+2lI3}PE?t_G8
zNPghxFY$A)&q<=vEqLcIYfM#1erx7C8C_-YEYExdd$~tDWo*Y|P*5;$HI6n6x@tp9
z8{|+|T`g#Si~bVdvf!}rh)2Mk$^GSHxo(%!ySnT_LON9c3|8p(Z)(Rta(NtyWLO?Y
z=sq#M;XuRV!zUF$wlQpQJL*l=*{78X2y-7n;4kxN7v|GYX(~i=Eni`V#LEhIy!E>U
zO&MsrXx2xR%SDPrkl+3l?Y$yTC(=mTlmg<Uog=!BF&hy)a*5-MW2YpGu3kc^11-H`
zS^-`U9wsmb-I*H58qgFvdt*oTllaGjg!tcV$C%sGhh9C}VX#!k0JpTSA_MYZB?V<G
z2PgX|m-&gDmcU?-yszB9A26H5d7X@`8jnpc!lXWPrr{s$Kjv_G_v?9b&)^)vR`-+2
zrXde;(JAX~zDl=~SzVSildhZ^jL0?lhL_2AqjGIx=eW~?d-n2OEh?r9IgqLn4tGGp
zpz)BVE<T|sYpuTgWKBNKfb#BGK+5LZ*SF^uSn41w=|=?#{olQA@uF3=q&@rln$kob
zR*9Civ3+VNjoj{hMjph`oPU?_$7iB=tt9&({PB0aXG+xLi~eu7g0^($`6|wvZuQ=g
zwU_I0z4c|9Z}iJb6bYNtf?*=&W4b|{fi}`|<F?GVb11L5QNQtqTAEf>Wu;cai$?Xv
zrKwL2{?b<L_J1H_ARC>=Ie2wxr5a2!yYS5oZWvB7UU$ZCcZI_*9?_Z3Zff6!?y+i!
zC_NLSG2T?e@GqL@P25#i2*PxXM6;}g3~%M?)gVo2qqDf3ovl)QUIZM?=u}o?5dNKR
zo_`>Ab$UalFB+Fw0~T2jowBMQ63Ue;-=0%+c-iX6VHUrCJ-$o!>0yMju=4F+(^6@Z
zT9}$TF%#`Z<oVI-s)(a_!OdmV#BNsT*rs7k+{UUyjKF<B7Cng5&qGV(uVCY0xi-ta
zE2WH|Q;UM?r*eCrh)Wdn2zc1n{ed*|a4;OK>i5k$nCO4dtx-=ZWz2&TNl-Mq89GHj
zR8QJJ82g+`ZC@ofv8!<wB!TspFEkh({R1%{5mWYl$r;03y()ByUF=~zM4k9)UNaCp
zxmt5edIja>1kf55vz5JWnTOW&ir?sPT`-(>>FQ)tW>Z|cJO7zQ(>kZmc(jY=^RK4s
zliqF`bk|O|swi93$feuL^72!j%+B$>8~9u+mAYjWnGrYYSd{e}%?_3XC3%=}>?!@T
zwq`f0rmf`HXk~}Eb;68Q6H9-iLf>BDI_a*F-uJTF`>ERP8BEymdYWxgh9jDFixUwr
zqRyb^S9?|7nO$e0!V{Y8O*s^nDpN>n9Cq}vuGJ1L$=~{E@XJ>PZzZ+!F6)7c@pW2-
z&o#Q%vSWRMU%5_lDqatq8aOpVE5{PdrA@Y3@`_rb^OFXghQANa(7)6HGeEyPC)(Q=
z>E`a@Q~fZshUw`%I=9F{epZ-Vb6G_?)R&F}p}(2ruJ&mSb(-lHsd}ADzI@qxUtadx
zy|ZL8tq$G>S_;dcmN1h>`P+k+GuJP@dRFjtBhAoHS1rg})7*l(jA%rNrqhBl?5ED-
zrAF~xG~MTKuvCM!;k}YYwFcs6rsLL#sWi{4S=+qiSne;!VdpfMZ&lN#S}wO`rIfs)
zmrTsV3`=`&*TsIe@iS+A_&H|#+=}?9AC_w}GEp*Gfqfj-((vWRG1`cBd7aK`=~!P7
z-oNVfW<=@aq~X3t567^15Tc5-EmNl~?zX<S2T7S);{=t4$*NMWUORL!KMwE8^~uE)
zFvA%E6dUnDeehJyW8a&)=-IqH3n?)e!$xH=RB}@w*=xLH_3_h%61lu+6J@bU5rz|m
zn1BKMD=gpK3tqME%ki?QIe#2%NoT?2je6Tsh{2@C_!-H{-gtg%+PZx|2v1{5IcrR{
z)L{7&e7uw_JK1HQ$&T3II{lOi#}as=W)d>4tmON9=l-J=n+>L|$X0B;KR~si*YWOr
z70sTEpox=b+DLPt`6B&LL*bJ>%R1$qE0w_=pGTG}b(6k@ymPDeyC%WX@}W?NSE=xr
z_^ye9ia;b9ep>nYvtMU<VB!ZCx5C4WB(cn$b=j2^{(zA^k<xw}4W)&E4{A|cxwIQ^
zD-3$8nSiZ(tYPte?yJViN`v6Ts$fohkh6eFl4<5G@ZIT|#9ADItUIs33tRT<Hnsf8
z?g;LUVuul8Pm_e2Wz@=4Y1%is!*RzIJC<i5_~#8Owv$X!b1D@Tv5{{l7U!>d!Qz`I
zQ~h)tlEQrWODp64dDJGSIJdF3M?9emwbH0=Nt!Y#(Nf%5op&lr`HJc|q1E3&*~Os<
zKNKu&<#`l|#(U3rM3DteyJ{DT_=vn+c$fbqNiwf1B{G=Ne5+Nx!AYnk`qq-W`tLsw
z0^jAd<};R=A}glhj<)(xv0bRBwmP#M=VCk8CA0Ed@&VFcyH;-?W@Tg<SyHs2a_92v
zTv&ng=XchtPJO(+&Ktp8O1-TvU-&)ifi6(_0ov%aC*rSU=j0TSb#$+t85{C3oXCe}
zkV4LIGrVc;4+I95yp3M1=sU9;%Zx*72nck{Cx5+uxs@P?dmf;_Y!Aa9a1EI8RVMCf
z8Ojh$GMYnjf)HxMqxP_0y%G;bAe_+jMd=X)t2~fR(7?e^N~$iT1P|a2h#_+6j|<np
zD!eA32CRb$3FixFHbe@-;6g~_U;sI7c)VE<!jLb3;rz6b7}&#egK<U?-Vknp0FEQH
z%p-_2CWJ8JjB(ve){xl<9Ip{tks+e+1+edeZa{j{0Y(lWWJKP@3z_JP#mQs$B}pOT
z!T?3a0f5W^dFHDT55tcDJK)%$86Yo^8_>Kjn+huQoRPsess>KEn@(`4ua%xNf_xDG
zTvBmi0606-2>`2-3I*FDj!7Rt=KH`IIswzd(a9(POsR3~iwS^BdZumwQ=Q4EVE9og
z;0pwNyVRE^3*!tX2V4o7cd-`)5KVx*Lvh$1S2eH`Q7~CZf0PO%h3|c9Ky$zrYG>|?
zc+3N4g`;rXJ=u&%z{)PJw&!02k0Wb1`o?742}nUOSzkE7zT(0VXYTpFU>x}Zm>-9y
zae=)k4YymgIvL=P)*VdT^Eki_C@y)q<%@Z|W~{6@IIV;_UO1phuApMf=@$$VoSh_{
zK-eq_L>Ky(aRO#|tg(z2EYYh%52zVL5RfKt#d|o42qOUX2ZUx7f@3^?i3zUqxO?_!
z2ZAFgtvA}?e`_}1*9?xqQ8gt1?|p;+y*zplI`ADd77*IMR1<Mu<^PZwTyY9Q|4n8z
zR`EbgFSsa<z5wQjI}$`C8X@-Y#ooga92I8J=KlR1d?YV_hP;T<-@so2yikS+$DIJF
zp!N+0F$M?Y!nukESQ4lwj(`#a^7}9O0gRd)5ZeEuFJFWqxbJ-_K+lvR!to~D`TlML
zf+Z{+JP#38VB^IlvATmc0@z<l-!fkF3XZJx{!a~SE+`?m=LDG00B#Vv&UCU~wQLBk
zI6NfD8rT$IJ>Tz<{Se&Wi;tSS)b@A-SS3ujahUMMCwcC@+{$!dLrPGW=uK9qOYi33
z!74r4z>h}2O@3u%c;Uei6bL#r2a^mBA}(P^NN(a%_BkNJE^>H0FofWWlEMrRbwYYy
zuysQfWc8l)7Zedlo6ArpvjWbS2{IwgdteLq9Oi8)xgBzdO{v~Ar~M9ZM#O^NGv*3l
zi2u3DvLmt5wD$wIPU-h>4DV2&Wx_$=^PA{;(R025+RK_E+)9_zt<Y{a|FIFRvttau
zaq}r@?3d!t27e&2O<?LPXE1f;g1ht)eGz~-r6s(S$yLfH)AR0MXO4p2+ri}N#*mPE
zeDeh7Cy2?InjyYX1A99Um!)UUPwp&92NyYzIS%d7?7e6|m#WCy$s5?~R65G2P7pYy
zxN>%9*+%VndE@apn~=^>1;bTM#i!L*>>+};(?`@Jq6BqzBjMlGU#?1yUnYRvh<RrY
zsa_7cJ{(?{Z{ww9outbk*L}&4Q(N3Zu4_Kv>VwBsVX(R?<hdnPXUlk-IO&AN?_Re7
z^rJ*Q%<!*({o&(NV(aRa>dmzVn9_TXt9LY99KX7La)lq?A6oXePYKBRDKi&p9y7Ni
zT#3w-%~#5XIb3Z@_)+<D)Lyz#O>SKi=0@4lU2HHi{$qXTd|9aUz(ma#!@RVWYcX8V
z)MIAcL|Jod8y!XlE&2hytfgKRzUzg}`5a&lcj(V=&|5FR0(-^qd_FRwv4$Q$TjJHr
z{%0?h{frL3mOB$gupE@7ebY(puUO|PL4uh{T-!6RKh)1*{YJYpZj~R!Ug+$d)BWoy
z|8S4A*UyM_7DLN2C$7?}M!gMT?g+>G(N4F%Mr%Y})lZWfaCFdF9K-ChJCYA^#GK^M
zM?2e^BO0df##gDRi+wG4;P9-jx-_;pxAMK-DcX_x1@lSNRTz8Hc5u??71SA6TIh(M
z(3MJmRf3AIyXePL^N_nf1k264$2XUERRTmf^$hGEz$rQ)SGeXvWzjrl)M=kn<9-is
zQ)gKGs8B%1zK@#oW9kZ`Y^9giIF3IWmM$9g4&6$$xfM0Sk|dHKz&yW~U$I<4vaz3o
zwsCO0M?<!t*0_lPrk2ZN!e;s<91YO^Ve+8+LD_e95(aWIcYjwMm4+%$)o7pI-!FZ$
zxq%V;16hd^&fT3YSw8kBniaQqUs)h+KFe9zzjN|}$yQlc;+a7b%|M2ukaL^TGv*M9
zz(ncS70=7dcG7i~-{yV2b~JgDdD45gxyW2KQsn1u)%4*XNE}a>%1B9}ck<f(?+&Ki
zNebrg@8P$vr8}$D6umCe);fXdC$=bhvFo4BPtQPCY6I$NY0aNB$ll_j?M<6A9f~eR
z+c610Mx(Jift#D`4$}kCYO?w#dka3k*?s(LXx4JJiqeK{^0rv{)MUB|`5E)^!4ss4
z$v4rlfDbmua(C5PrJfy~ZUv#uy-V79+buVRGkerj@s|kCh=@(nO9;1hqa62UF_>TI
zBB2AkBQV6!8}PHK6b|j`{-f`^|8(YI1*-eE+oOWY{ksK}W6t8mkfva6+kjV9zl-t1
zd52I6)ES*uqkNP)Ctpx&AmXSs<RR3DmT^<hkaW*t$+Z(^!X9S^L+gGWL~;(9kF$qD
z;lpHxLEq)i_od~G%ZeQacm0f9C+w?Vhj31z(w2ih`d7@n-7NL4ZT)V_ZccUblK$Mg
zB(GlZ{6nU#ugiSm-LQ%1ZTx!Q@+Z9T1kbqI9qW~d5*q%z@59<wqP1}l!U-Q|>812v
zg&8WE0&9|zCm+1tJyS5SmQsR5ewC`%eV9Jsjd;@DW97`STqJnfYU}N|_cGo+lru?L
z-N<ZhbyAjjq}xqBdDFNOtdjf(qRVeLxyzw!<kR!s&OI69b~;*3K!2b!A4nZ!wQ|)-
zWOC4%r|OG~9h-yssI!9jzK9Xpaqs<0RE}{My(mV>F#mOG^X~1!!=xS4d7Dp<IpS!p
zN`@RvfJxsA6HxTx6(0S^xhvyM8tmhr?gV9fztUn)j1n=73!E1WAN}aK8@qp%atvmc
z-tD$9Uj}_;sv!q0eua{y?jv#BP)wY23<-MWRpqY}^xCO}yu^jdP<esZ|22Iuk=X3#
zdK=l!CZDnWNt4`IMCYizansEoz8nQrV?RDA?mTX;)MdnLmmM5L5ETYGA;tNb)ypIc
z;9eHN9oTMJ!lA)hJkbNnER1WCq+X~--T9@!@=D{|<8F*q`<;>sqg1Tptfw%Ow&e2g
z{2Oi}ReNWw3;t+5koU1%T~j;to)Y}2#7C93SYdU>_4TH&V*aP&g${n_N9pYZWj$y*
zV@AKE2bGj9cR2`$76R&^vZr=dkNc90I2=Ss;uh#PU$>0cm#qa*4A8je4Z8Xwj9Ao6
z4!JqRvKv1}DB7=k9K|V$j!z^p`-}g2=>t$PsX-)S>UhV1ccf*EX!KIBf3JCPKs#gj
z;HyUiMf`!IONMPR_Y=HK%if5w+`B>WkTJZ;C)1|t!EK$-WE&4VMHLkkBtm+Bx6dJ9
z6x!{|T*DVjD$1oex*qRkwQE&YzIj~dkogbyeTFF1cJV7U<O3yl?_4)%7CXrU=QY_&
z0o0|f)}s>!6JrQy`HS0A8u(Z1yu}olr+-i&mNx!L@=f~S;Td9?m^w8R5<Djc#x?7%
z4c+k5tIKW5Nn1K3J^h}z%Qvn+dG|z=+BEC+TWM03QqF=^+Qsn}2C_Gtl(!m%5~U?~
zr6X;!zhA-T-I&Y};wT_;+9wf76kwsa9#qG}a&)avgysgvm`VD8mvLU_p!B?Pf8Zxz
z5r34E@Ix4SZG7n`<@e7_Zq;TP|Mgo5cq6w*zY4-Gs-2PPQtHN=Oh%uN+4cE04Tf4_
zSTqLyKq@W;lMGuf5L9>ja;@^FY@3`00hxDi`%I@+x_21;GIwoN^+DtKG2?)L=e=W%
zUDU2{fL(cqYJ-ih2MP;QbCDs5nvH5gm}GOAn9GD^q({w0o5R?$??J5Ds6AE`{BA;s
z5fntB+}JOuAD5VH)DWr(4e}5Ef)<UAR<cXkOdxZMU~ayJm8aIi^CgArV3m|09@$)s
zq{NSGxF>@(LoR4ZFv)IKW&+R^aOnPml}z9RZGxQ0hI@h#j9#E_kSeza*>|B8B^ZM5
z;x~7IhKg{%0d+xaMcE-32ONPskvZ9{T3(GyHY=&A)8Ql#9Ei_e21f%#4mb1#;PEfi
z&qArw0mR1+K&j9QK!N~>Q{&_bSRN4$0bBLQqah%(k3;A^+04NJQnR{eVSy?FmAQ`t
z*toJG0K5N-I)RMh+ZQ_qr~~;0dIqOOUHS{_ow>Wg@i;L4A2QK-fw3(kZeGv?psavm
za8MqnF<fi{NcMj*IDpPLsb>bzrgUQb2vB3N4}khIe>EK6;D2#5pb-}e0#Jy6h=OAi
z5gN_u1b|8aS>Z3Jzo0Z1SonhDS?@vs0s0$|bOPK}|9b&ALSqS#^S{w*2kZm~n}KG5
zzLDYcf9eaO2RI^gI*xw`0RWG~<Pmr{UINsqZh91uJwR~g0E)-S9?>%7Kn)D${t4*K
zMdT4UY;T5>9TqRnhlBP3+yuh^UKQ>dgTak7$I%E-5INvJ7bF4H+ylklON8T37lZ-a
z96(_pq<}Nw6tlk~3Q0QYzY0nk94Hkyc}zmnBb~4t+`*7NlsHhrq!RFuK-^FTvG@rB
zl}<{s3$}t<$D;*Q6YTMtQQ}$ID|@J?IGqfPRwiGJ7KIR_FM%TngnddOLZG^wajD0p
z<mEN(a0(z@J-{(<EKGJ&N!gjyI1NDz2)QF39I8S93P_6q=4w*7){5L(FiAH-ypnRS
z`mW5SeeeW$pq@dz>9ew-Hrz4-vPigAucmsi1}0`N+qgWz1CnhE*BTIpHp4Y~`!&Pl
zMlPWmc<8fot4V$PHTUR+&8d^0;&rrgP}lSzMDcih&#c?CId0w~6$&@(YXuDQrl10J
z`AfDlx%`bi6w)va4pHR>jA08E4cgKs5MH^M6I?bG&3?nA22=d{x0kIUOJh+1d8b!d
zUa*qeMQzI&@i$r8A25VmA1!~jCo*zQ^V3#(N5UrUUqbOVT12?6;s~kbnfOD}YH<2n
z60sH~iTG%PjM$f=Gm3KsUg_gC-U3Y1ykmdUgfynci0WKH61T0ZkQ`p{psC>;_Sk54
zI{64`%*arI{k0k)y>ol$Xg7aYWf)!y-}%AF4s&4<Rb(3`D)3hEI!xN^WlK8^P%$X|
zh<PAysV~6qsK`1qF97^^^78#~Bd2qd{FD!i109w9l?k;`8TZo!4vgXPkw4f7c9wRF
zP4ud49H}&_C?7sB|3Mt5@wqE418s!xY^dntd&c(x9mz{IxP>|%mdhnEKbt6Axb^-;
zJ#QPEMnu}u-tF>45u;kKPbMFR_ev9L=mdXasSIooDZ|{f21hb?E_Z~5^whERXH-|b
z)p|LtSNEaw4QkvOHsxh}4>cIwRjCs7zEFjI=i8@F>JJ>TB=W9)WC62cO!*#s{4IO^
ztyTXx^u9BD^QjePSmGq3w3v_wH|$YJ{od2FeHx;|%b&xPT2ytwn;nn>%k4fXe-pUF
z+?~1vwaxE$*zGsbeixP&Hzm+G2NtDp*VVGf7+L8%+9HwaZO%*Vs)}>zToWtyITgq=
zH2OiiI_8tu<a07ndhk$3gj-v~ux~MW;mmWS`sahbQ7X|g?ky}d%g!=(;_~c>tFtWo
zvvV4gN7X}|L#DB*tJeCJib`hb%vaU?f-JJXGJl{cnCP}wT}to|>CvQXn$xiHO<eDu
zn=&$N8eLcK=*qQSI(&lH&YAn+piC7}=unk5IZu0F6l=pZT(l6!@YZHy?JbRm`()xi
z)K{C&?w|7>Y5THR<b;EnbokvJX$s#?18mm2u4GD7d`e-gk?ktxyNjJeKC3yj;0@>I
zZ>yJkOcWK|@Q>EjolTs_{%wPq8{w78IoQe_qiK8rzJY^kvrHKY!DcROc!Ghgv9Y_}
znkJ>^d%h9cQ~jFL!s|Cx2uxT*b$CQerQ2Se$~&$~h!*-e7bkbw8!Sa%4SqZ5pYGP4
zZKG1tdeXSlHx9$PJ}WxtMYfqUtsyMFcLsPea4M+s9j;y>OPv~ek^g!1oMVT&>i7$O
z{4fE4SV9KJfw>H06V!B+U#yttJh-m15qxY?vt8PKz@=F`2vYn>*OdgN*O`e|t&0W|
zZUr!$(k%_EM@4=*tG|vl=Gt*Ne_<(Fus>EGm{a!9ZT4M;@`wDCx4icrv7WOH{N@Uu
z-dZ|l4#{6t`Fd|GcY<PD<QG_Lt|S~7@9wl8e7d3M`+}Y&|BR=FKl6q3l2_nIyhek@
zcDxe1gGSaSyAM^8zOZZ3cg=f)A}uuJ{bIwz%RR*noOA#;P!A2~PRIZEkGPdh?mqk#
zS;P&s>XLkaVl<3zD00Mf!T1~Xu|+LdZ@Oy_%W}n|=YE$8-!zrMgZC6CS-+21mJI0+
zg;5B})^nmkqw#3Bv8$g(50SrB<6k>zC%W}IE(Ec)S}qTxQL8`VX(J5;;V|uk)2j})
zc4sx|vIRgsXzwol7UH`-d}_z06=ADmQ`kauPPtCJ)g&`5XKbNYt&C(6F^)dPtpapL
z9`%dQawtQN_fcioI?=uAD2q1b2(KQrn}ltUtsPo;rq&`ihTN4{>{OM|dfXPx^_)LR
zoB7!tzPb2D%=!^&NqTvugidb3?VZ<Uw+`6d4qdc0HS)!z(x{Gt5}(J12f4U?qcC;K
zf4`CG_ck|Dv5LzU*6udFd`GfDM>+C7)1xZ}a^*+5q`ieS(k-q&ZDM%~1H~c^oS0*n
z9)d$qnSIIHg80tVnakq=(~7c>Awzr|;ToT;-`&$SDVFHtQRyC+7f@^JIWA>KFTNbH
z+jmi0G_;B3U*KMM+6m3g<Lw=aK2%soat*Q}^@|iIVq0qBm)%ydPc}{;xK_dMy0|&8
znTexVL(cal%xW(?I+S<Z&5S#IO=c-ncK^j!#+XUj&fUxe4&JufK9BKprb|dfa}reZ
zCkB}NY%)TvV;=pGjfe;k6Q3DaDvum}sw3(ZV=?31-lf|}?6GG&INp$|{_<GNsxoGg
zH^M(c?cnvvs|jZt|8cixWk%(dowkqSc{&Zx+I5*f3LOnQd4E4`DqeYal-b8VUbJ&Z
zg}NYcfYQHfWTy5HMB_~UF70=w%&&I5LXS?;`F(kATuEK^VL30zXKlQx)ss`Nb}#vd
zz;!|^`Y&Q@0k8_u%flvp533YDr@-~_Vk??giF2XQ)uW1vimK`5R);G@l9wGUEu}4#
z-w@5VKTl3geSUp6$LOqZ{ifM>8|v_%ZI<p+*CJeVE1gyJqSgEw_$8Tisj7cId;B{r
z*bN(Ah8IaN_Vu1n>ov`YQO6WYY33pS$U^(_KM+ZS<5k}G4-idBNTYAcEXiJ?&lmt8
z+wSoV(+nOzlsYB?53m;(iySN4u85}5an&oG6;s9B(v;*Vps-&`0pbky=J>Xl)~~m1
zCbQh_=f@g`!*0*#|3H$}ki%d_InLzw?Y1mC0yfh6LA$qf`8o_(C}>&nTsXlLN&f$>
zE7<ULW8P*oGuXuG>vC1<>85_r^gP%516j}6v{(i6ZTWrsEzfrzyU-E+HsoUwxi|u-
z{&qbZ<-~m+Oya2?$=x4eS0bK<?~=c4@V}dVC*DoRHxS16Pl9$BG*Up#MF|rzTX*-F
zK!0>Lm#REdU^%2I1BF#u1H>TRbZ;I|g<REy0B$@9;MrFm9_ialzXW87Heb!%1M1Y-
z5F)>ug5eT-SQs1n9(fZ&^<^?sD--aP3?t#jvM3+`Fe}*b_^QKP6q=djIk?5rqjoV!
z2>EkO&9E?8rsdIK@^a?#gj`G%@aSx5YW{%`{x6jv2I<k|4EqaHh?*?Op5iI@nuP#}
zg!06L1EYv99~mUIB`%zMgb+W}O?Edc!!D0d08ae4U!$7HIx{)_AY&O1Xdn`Ob`W#n
zdZ2-fXlhgwa^C>?Toq<T0>B&OxtY3evO;hORn>;O;s64MdokfWK+{jjjx{v^vQucj
z!2bX@;>ZX+7UbOHBK58yah|0B9v@b6kdan`6Qda%@xeKO%S%bknGTGoyGSng1K{eO
z)lFSb0V09J{F+w6>6Rbsf&ux6Dz{?d;T{SG0xuREe?eTDQNjse$U7iMzy}0sB!~=5
zr>;hYD1kIJ{t^?9M1Kf4e{wo7I)Sn@=Ww!uB@j@uuxf*ZKdoCCNlCf|aQK@Gp$@L;
zLM-S*!VS%VssI5yUIGvr=MkI3&65CsfakU%gUk3+T~LihfPo4AbG_9-R)CNJp+G7j
z!8f?(FNV$nwkgA7b)vtiad2_Km4z07Uzo&z6%Y&i0BVjCo0KqVd4#~n6_t?Sh#wD(
zXkbj=Vsac%6+q2^*{d1laE+J%t0XU=dcpQcva<2ha0deq6~N+r2LM&~UmUz7Y+i$+
zpTB_YoWVjeH-Ik;c+FD4=uF@XOKryG*foJPR0_eJ0yxHQpt^zQ45aC~N<np-d3-f`
z{Xl~t6i`)xc!7L>V=!<df!3pzP4NlB2^6yCZU$C@c6{)u6ZI6Y8D#2#vQ`(IuC78H
z5)P-W4c1H*OZV;9sDorPlJ#pMS)NiR02B_ID#cUEa6o#W62&F#Wo1?31%<{XAM$X^
zaARe$iW2>)<sNuEU|WLwUw+J;gP#i8dMpyI{FJT$!20mZ8{8u}HjU=s7M7af;D+X1
zz<BBi@OXraNevpIn}vX-jQdO0VsbhmzcsK)YVAR0PBfz7_n_A84Xk80?^`bdJLKbN
zxL9`QE@~?a|EX_Zw68IgM{HLZQh(gngJ$%-2|kmFqmZi5s{+g~gUJK(mN4<)h~3O)
zfjQWmQtXNXESvTknA#<h6PC@W@su2D_hE2Ut4+e37VjS`_7sZQ;&|qlH7r#6q8YOc
zyxPt$6<<#%xO5g9n%g2>h9-fuaL%W+=VPASiqwxx43_IkIUW`Snca?7t3ME<7dG;!
z#>iRa%c&L#jRvgdO!Ah?K|6x_V8(t^V-<b4wifa;nC_FUfQP#dbeuv~EhamHCPCGI
zAjj7VMGv~og#DgfSyU5}EHnIAv=p*;o~Ya6103?9e;`c$RX}fjVI%S?Z5HdnC}(c}
zqOpGN^h8&MP{5pyY164SC^ljJ$A*+a4gbarZDpy_{FDy^@*bQO5(kyI*-)d9wf$WJ
z{VhFHfm}}kuMJA_aQ>JSjRNlwwYpmOms3O8l7c&-#F}bNXhhW55I<2-!A_4v9--{R
zYf{VWhr>paojkdI*c~BXYtgPLF{JcuXk{$r?WIjdrk?=;#Iv^aGf_PAidmjXIxN=J
zY>S=CZ<m8&vMUETqIKfc2l?eHXOlW8E>p0i-YJfE%bT92RSfLTZ85kKWg)FKJS<#d
zCtoPJa_0UA!n(1cUmGgq%u$zcMbeYxYLWk@<LI8$^hY6$#+NOfFTOq$GE8}m-d=Ru
z#BLsG-P$2+DH*>-l^Lfg@J^0?wJ>U_j@gE0=EQ4^@U2vafM7eDMV}wlC^1%ZDr(GR
z>CER=_C$67O1@~~e8nns#Z->1gMf1_03$usjzGEi<gDntdTiiX8_OajXqNX=T9eRW
zl}`Dxfw%`{a{M)VgZAoTKfF|_+;}}C=8c<Ap^}T)rS0#xF6D0BTV?34v1?D-$tvNm
zgPt}CDN3&Jz1|%^aw<vU_*@!3sc@uNrAb4qsgz^5itsE1>22G}d(YORW~sVDnkO0#
zcMG*f$MkKQfTOrFGV7~h2Z>qx35w~3?ts5k)q}Ef-O7V&Y>o*Es%sQxlDkDW3$vjo
z>u1(RbK7+O`Zl$fbH|jweB$&ED$=aEdK7wx!7>U9D{DY*ub+Qg<m8F_A(3YiIK=Md
z<y(>S*-F@<n&3Wflos*EATw=k6m_FM>NllWYfA~hFUMGgxjPfzZ3J3_zETyusH5|T
z<+DpTgUq9=5x3VXh>v;xPs#YxLN=oIuX-yYrzsT2z{zbZ#`eJk!=C!9vOVp-jpS{L
z^D3JBoNprCLF@9OdI-oh<`CVD=v7;WM4#XMwE{!niRt<jTGbtAXMV!lQi*U<vXsmM
zSYGk8aM9#7GNx(Uuq>ksk^bCmI{!>nn)HBz*&E5NdGN&Y><7sw8tHGo6hDT$sU9Ct
zbqb?vmFR&9$*zfnM&f7Yp;=K=3D)gSWFGs0Z)~4D%}UBId1`gM|Nhf0k5mm{c~aF>
zCH+t(PV(Lc#h~_09uW^q;z47QZHqd&t7`&{T?;aaz6nmbdBtJs6%IrP>-*uH1CB)O
z(FHU6Ak(|m^WwVNye$=-)90ioPkI>2I#0`tv4!y#Gm}!iX{lx;!~;p^nf2nZ(cc4&
zF+);QFoeUHQI~JIXJswf6^mQmj>Tl(Qw#9tY>pW*jgh4C=>}}CKRVJrDs4Kgh!@v5
zBs{ZA!whB&tWo>-j&rk}RRUloh>++;f4gsUPcJF<mu5I!dAP#rYvm-@kCjRWnBg;p
zp?=-_vzTIq^xsDD!mb32rD?TVz2qb78mkh{Rae~X&plF_R_B?TMx7q<+G&&xp!7Ys
zUQcvZldR9g*hh9OvAaba>-bCE-eL1*8$i>JsWs7(OdiJT{Um)5sqgE>BZ;Nf+luV|
zrt772&4)NfPd<g{DQw<%Sni=lMJ!#ClttDnH~K-R$Oc7Y3a}pd)wq$5qLPt<?3KSw
z{4)L5Jhx;o&6kws7>o+jUG+j4E0~$TM;peVh9`rrw|e!3y%3=QUb*<`A8jh)CT4bu
z4rp|179C}$on+ubmIk}eMpjgN?;O&iz~-RPEmz(jLG<Y1E3L-+6kG8lzHXZJ%8Z*H
zm$nRe-4@?ax8FL)7W<xrzjPqy@wn`v=NPK^4c<w)N&dBXAQpqp=jEVYKk~8VEiQ75
zH$97qYiFAM!KJ?aN<sTbt-HrOx;-3I|Neuj-FI20uj!O`;;UVTFL|}<I#{;#%{@^4
zVktT2`Ia7fS!_eXz1a4c0nNO%dh^MPqAbafhz*U^BJM=Rz89#1ok^e2xAAo%3_8gM
zmHN9?-U91UOCizZxh0tN*u_Efx5nj!0_dpmce>RqXHLIcrKb8NXOKT5bQsE|>x0u0
zqg~dKV-->2#V=9zWNNIVE?3B&MVlzF<mE?j>CXD?V@FFwhOSmHHI>}vRiu>c<O=aZ
z*j|4lI3leneNAmaW&3`@R>cpWpS{5W5BTg2#<L5`UAA7l1vBe-L1p%Peiuzs@%ux)
zVMYaNGcC2NS_>J{3Klnvt!F(bj_AtMikiUNsd9RI;n(!>VLVtEjYb*FARg<dbo~7f
zB!l!5m$Cz|Z0h5+D4!c;!+0;e%WPDtPRqbLRjTcu_JZ;oW}6Pr`v6UtJ4U-(Z4A>C
z+IiMCX5{dd#?UV@R256aZW`t9mY7qB{VZCb^T?fd?G~YacL5(X4pcmaSc$^g;c$?9
zr%;gro^fY@hr@MBi2;TO$Q_Kmc99`2%U&6d1pt38Opy>6=vOdNDd7@l){tW`Z;Pf?
z87dYSZzeRp9QSQ-V~5cYCNW|2YE&))+6rOv?dw2=!OC**B6iamHGnoifeFTkaub7t
z6omSt)$s*opn1e)>ERFG;nAnx#9IS8fzLgBK>&NAyoH~eA=jF<uu5<!4+S-Uv%prr
zW;9%`^-3vec>)SejAoL7YmLPv>}G7>YnCA3+8Jy38uHZ5AP1_MI+&2u%#Bs_?GJ}b
z1OsP9LT&}wrOa>*%&SZYz@i$DWB`Cq>FcxMM$`ps0>ijuKMs-sAckgOB@dedd_a)^
z%_BCW(R+dRK>_`*Mj%Kyj|@n;61xFodP=`~vJM^q_cAk<agpF`@&dAQkd<bTmL&r~
zlA3Bo7W#sNVHJ!wXy*);M3Qtf1OxvRk1vI<C}d^tuYQ3au}@8<BwtcZ2u2hzy4pze
zRg(e^k-efY#!8-s0H^C_u!Rs=_n2N32FOd)Vn{nD7~tScozf4eMaX}4L_LLYbM=SX
za93TVkR<|u7J{EZ2EaO3DXJ4<RSM4N0>CNxM=-1+!6S20kCe#zrx-P}7&R`}Ozb9u
z!@iNtB;Blwz=A^UkO=|50$8lj4Dk}C0`=!0@p#H)<Lk`5%!4Z$_^i0Ogq_katJ=VX
z6B>wsTMQ3eF*OPk8AA+`(VA|6Z8fWNbB3)bJsMUgHBP|kGdK-rqMuxaXE$RX!X+Gr
z<nblz-NoG$&8TwwU|i-q7tL{{nv_W8(#8ELB{dEW!GvL672@&81AeF8EQi4XW>Fd9
z93CDu1e~^+doK&;d$~r)lkSnehsq;?OZ>|MQ4Q26v?v51Z2+2+KpWE3jIL99bYYx<
zYr)hh6WoPCW5Qu@&3iUH!8vgWu7XNRo_H{vh!j|E-wZd-j0<N@r`FsGEPt0dBVa7g
zL0!*WZVw>`{8b|y{$K<@8930&UF1)KovmBxQL)OsmsXV15cjP+c7Z`ETyPUc4aPO$
zg~5cM9{2x-&u|9hb?kzHMSu^Bp`sDS0o<qH(_Z$ejWp?fC^ufvO)yaDKfqe5JVm1&
zO^fFPQt*!{5Q3WuVRT6GtS=~}=e1{j@d_$8_NWay2t2?br>D#b3Hp#~rhM*f#t5yE
zOT}L5(%Xpt$+q|D@)l3Fn$G%Nd0*vYbDhh&bJZ@HzCYBd_OzR4bxox>sAC+A3$G4B
zyN+?4Mu-OOjpz&>S5%^BBP9%6Sf3E8Zb$hP;WF?HxD0$}3HQ%W2}Z+UfuP&&Uql$B
zrWYL!{|Rc9^$)n-w0p~lX@b9W@`&K<_IfDKE`3{IFuq;tR<QIqGGvW9`qZ~hQwAHd
z9Dwa@{sMp1{Z8BSedm--lU+?!zo{!SAe^Y$e@khJ#nA0=z-*ASsoL+Qn;l9&m2`V?
zeHnV<VsvT$wt=~QktP>=7i=m><M0@xG8sEG>R>Ky+3#>%I`@NZV8pjSUqQnw+W6y%
zfc$W^f)W@``GviIPp;Uc{EaPPIb=Oa)xc$U?M~}pw^((!c&6SDOV%gJ0qe~(?o0vL
zq=vfG^BEfiqhr#Womr^|$8iC?j{R8WzPrh4Co)M3(LZl%&ezOUEnqS~2HNFAB^u%b
zVivC0HqJ6I@ej*=uBkrn)qZ!r*<*dKy%dA0DWp}gWuwwpx%-BV=F&fp<CLQ7zwHrh
zQBTS#pAYIeWY;HB(zW?#yaMI|KXQquTG^FvwAN@3uGec^&9`CvVk|ef>DUyUlRmRf
zKgw4(y?I{Waxl3Hv#_yo^4zpwm^O}koJ=XIdEa+O@`Ma2VzXh^=M-ydZ7#3QZpc5Y
zXGKauz+6B0*<eb^vJz9JgTbsy2i$#T8Z@ddVLq6Gy!-U?i`(H-R(9&}j&?jw%elC~
zgHmeOI#)h{<8y)T7ssE&Dk_jWzn+F%>1Yp@{%B)t*qVy~CV-L7nm1QnB+?qcW=5Op
z@>k>u*L`>keW3Q@_N8_<r6hqUioisg6wjMKBB}HPViT2xx2ihQy)2;81jc5$^d~Wi
z3%^gLe=NH?>6DAsLp?+$k<c#@hV`NBv5mVO)psdMn6MOZ?XXtLF~Jta{_(VS*1+mQ
zU3ImyGVqcEORvEGsfrWrcsL&y;Ja9WWw3t;uZsEDr-*fa?$x=pM^u&1iJ}wubRqNK
zrW_j2=T)$<=yfmF^>nmqdk{M;y%t`DHvXEqVwX8mwMid%)^6;3&UK_Ya@}+;-<)ec
zrIdK^-UM&dVVIR`((yd)j>Kb)DN*7SmJck+)Ejd|n8-#G`FVz>Z#xvPjX7^NW(uF^
zc7H5nEPbeW*3;{LiVe>U-(S&;<mQGwbA_v_u5o9E_sae^RF<a+QtI3Es2i#%d)~2>
z1jUcmv=NP~yHu<Wi4VT7X1ne$y|tu1xZjgUWnu3#2HT_$kPMVg^koT?V*Fx$=W@o0
zW4Z#ulI2c-&;S<GAS*n{_Vx8=TUCC?vc%V9A%{U)#?Q9n3xmwFbjN}+YO_$=P9qDa
zw`M{d9IjR*ewH_5aqGNwa-KUetXx<+<gevm_HM^vyNL<HShXyu1l=zz`quAcB&o{i
zWM0LF9XzK==Gc4joJuzLZd~^r`l(e_F{o#W{mC$O_T{$WzPic-&$TA4Cm(_^q2u4r
z@@EH=Z|HN85udPbACnH-<;@#(b9OC6&PVk7G;eLF>eKa_N4KQ?Lh~z&J#FwFe7MAr
za@KLyG$!3u7!bG71ykXI$N$ijtxdsiKkN0TasMSI_rBy!-NENI&H+y&vUUFNx)sUm
z*JT$J0(DPhFGop+rDmchtwj&wcx|dgGp!cZpZ}^%+gEeZDHaZpLsU_?QOO0|oO5wD
zPY5Jlkj{2%|9|Lu3#cgD^?P`bQWOvcX;8|crKLluL0UpuN<z9pT0n<x=@>c$q#Hp>
zKwxN)6zPx{8s7gs`2Nm0YklimOP4dxJo7ZT_rCVNF4$;Ro%TS^=A*aFc%GNm<Q-F;
z(qHRZH*10(_wRZuHB2a_cXhGy`I|O`c@**%H}E-)xvzH#=5;bR*YBfllb4ir6aAEo
zC)`fYNSD@bX$+W6@S2+J0<#F38>qgu8HFz#{BWoHkl&Cz+4shq<g#vqys41%3j2z#
z`L?u}#z<bIvf`CR*RCs_j=Trf`0?G6KmD#%J?VNMI<m|}Og-VDFGfD|LRa8kJr^JK
zZo;#S!Y6Bu2v2zjWPbd5SrhTpv?=%qBdYQqX5?|mcR5tC=i7;dKa6?#Y%=Th(soI+
z!i8JPzn-fdeXP3306nq@@Eb``><V(D4;1;&`vc7ETJ{!LJy9Z>`bAbg<e!?#FSFZ~
zQNiL#H&I98I<<w0*_%6$<io3%-WBZUVf+Iz9X97{C5&WRBCW4j{}i#5zTk2}ND?-a
zrsOjN6E9-7r1T*?<oNo=YJ@2(N3P;yokiqXz35Aju_^Y!GR1XO^1!;>%|eyTim^T(
z==@R;VL;Z|E`Hv3!BlMmx%jRdag%RNB>)DL@veKu@+?wCdcW9+X{9{Pzo3SE7pa@r
z@*Q5pABy;-t@k~ib|DQ5k9j!5OW+<YEc6c~!;0@11pcsBNV@w1gd=?8g<@Co1(w@c
zkg|jYzCF!3mu6_8M@KHkn@1v8GR|XJlP0sgs3GJcbXs}b@bad{jNQrppWVxMy#Rf~
z|16d9XIKE0Jl|vnNK0xf)j3n^ZfCEnKV-!?G_E{;O4o?D+N1%-5lo9;zVp@i97>OD
zP8E5{GODU$c}i7j)5ZQV44IAt?alezY_K8;YX<ll4=w$<<Yc-4yqaExIUP726F!9J
z&g+tSIKaq0bUPKGZpmeHKL^=QI8I*?(UQcN>G%+urHCp=d|;tpACGhZP8uQSOw2$O
zLNpwR?Qbe_Kx~$Z7KqNO6Pp0B1F2JW%VPQOD$%kyVMn}eT<LL`lfz+-(1jt0G~|fa
z5e;89ATnq(j%YX*czwe;cLVyvotFp>K{EnsOChw*eTXO<2VMmT4HQ5>AZb1!Myf@)
z=VZBJcml!kDKC-KFp%FvN{N9a$#2BSyvB^qUIHDG1*}&k>IXwZGz)A|Y)0mDGz5bJ
zKre)JLjaK-fU%4Qs1YM(DFA7NMwsJh1r$j2k-*-(kdp-gxIJxMS%(H_n#)KvI87VS
z@`=?Y&}dJTnVDmOxEUK0@Bl(DNE|_xT0~NoA1w?9&0>Whz?S}Sp|yUHVE~l@TY$lH
za@U|nz>NVo0ML8U(yb0mp$?n*Fw=Pe9e7Zchq;qoL(;!MR0udO#$(=t7(&hw0ywYH
ztAIlXnFv1^G?%7I^e)DNF`6cTvVo(8$Q?D6>d_mCnP>o-wXt<WEkcnIx}ef_D<>Py
ze;u&MiwOdt`Ah|PH2?+%=cqnHEY`+IjJ`^DF@T>5eh)*ol#%ngMgflH|Dfzsa?q^L
zS)~o^mD<7!LV-T4pmIE+`|=7G#BmSt)FpsWj7G9<Il0vMXe0|H;$)a6T1(c9i3j(r
z7Lxn-@}r#~;L@O<Jen#rA|AR8Hi3wS!{o53EzofgdS0M5%fetP_Fz|WYSEw$L41bh
zT~b_VP^@#alabQ^ACN`#6T-wLP3fnqkc!F-Q?(~R5T`+N2SJG<t{I5OFc_~92ba7;
zG7z8*>u{XL!vI)T0_Jl(z2OWn@MRP;PzKtag}@2*bA%3%^S+t(BS4!=;OO8yP6Uvp
zIS5Nx{gTAu-b^PZ3ua>dLPkJ=HZ3;V_7s6R9tQ9+LgkJZa^Vc=AcI@_kQ8@3!V-XE
zd<fNWtSqnTNI8yo!C*Bxf*u*_0dZId7~B;YUMw)+FlHxZmHWK)2y);E3&U;`WrpSg
zx7ZCe6u1;S$z-?w{*;p4((9_WCRv47ojleb7Lm38!86|A2O8giKn{Ig5|}qWcr~C`
zSCx9tdt${>*)e=2#U}5hSTSN;6uzMy7CXonnC<(oa_u5CaS`5Ncph>#!Tw)8+k<Zj
z@d~<D-`cYtXiMtd+CTrt?IPHPHveis--ET8IINa|FyD6q^;x(bE8IziY9TOoW>-ty
z^E<namM_O$9{TiL+1IEt*&Ev-tz|2(HN1XD-IS`Elk0t)byQM(PF^NHoRjjs#;%3_
zeBbwrD6z&#e<J_)R}_$+@q_)i`PI*O?PsO>KJp9TzV6yvPwzW5Z?Iy7P7YZ7a6LOU
z4zG$N)P3Oe?aOnX$nJ@sV>UwL-5s%^;hLt_O=gcGSD1IaH<fIpw14pn;eYZF;*I`H
zulx-qhKjz7#7VQS^}L*}te9QS;`rfxS=?8UA(ZM;`<?aTM^JUf#RF%lBSk4%{%I}0
zL2_-4rLOs-$pH7m^_RQ@I5v!T)}m);VL7<$AAT9EiYj>rS#*@>=*@gwGK+xB8B7_|
zdztv%1Q{#s4!JRg(d6@&buIz?vmf*->?ATBv7KL5I>hJ=wo0##2D!LYn0~l7zfGF$
zmHVs)`hYz;fjV9|(n(E{{j%?N;{XdEoD+5TeSgxHqt6;`koNtJ`#-Lvyi)}RS~gz9
z8(MTLcNM0bKd8IQk;MlF9pLPTW@ng@(f)}2vS|mp+xV3AW!jp}xtk@bczotq3P8&K
zWQgzD@#qq@<lNdZtvP3kDR2HH`1;QGU1ro<Ul!&2ItGJoZ+mEdKbPX<=ZgAqYqo8@
zH*ejCqVd*IV}aRA12wFt9)wrlS>Y;|%Z2TP6KA><`8#=&4bLkrTw{OEvlZXYU}qo1
zPHDVz*tV;>In<tPkjB`Q?)<p_rPJu0Wy~FJUzTRU@f`-c8cTTxD`g@xdC99j%qXi1
zotJ9ss*^d~3_LuQ4D*|GA`saEEFYPwm#GWu-PV@QyA2n#3mm2yJc8%FNu|!sI^w8k
zf8vngs6F)HnFrAv<xy6ePzJ3Jwh|uVAwG2_avV6x6FRn8Z_WHu?NlbsUSGhhE|c}z
zUYud?CE;?uy?A<7xNs?Lc8mEjIqTeng7btSce3?M_tp<Bq>nrpk$PXBJa(y?n#qvx
zjO=Pco+~$waOlh(%`U|G-j4jeX=sH13^wr(WVl)mJ9q8$S%lyj(8ly?L*L<2)s#}B
zKzFr_dZ93GUlm{2R{qCAdHoi5w~gi(X-{iylJ+l2Mo;p;3bfFgI6SaryS1busBBI<
zUT<}{J{lx<AUR9MJ5q@U%`W+i!%5hyn`+&-blZY{#|O|wEDvE{VoEmd;bhk&ARtZ*
z@9jf3tk>+Y-RYq02|qgTxUTn4+!1uTR8;>%8u$P?N6kN<L^$XqCX~K<hPQ(fZZ{Ao
zv?#8Y?PD#xIK47&vKsR#Kh6Eao_N5M$F)3ccY0f_kR+HlgYenP3ndC^^3}6TPffkN
zL0EK7{p$j&=gR?85j;D-A4WLJvXG0`_*`FBKkkHRiG{8~k%t!W&{-Yj%BhH#;`p3H
zE}c#=$3hP6oz_2OK<^(=lh^+T^3{}*kKNNeS+?JDT%KU^7j2K`N?PXn-4Amc=5=n^
z@p99-61{I-y6baee!-HFx`_wNl{JryKVVS3nDsNrIg3@9u`YFQ2>L#yTQWRzQLpwb
z%uiOdV*2yl+*<~ANiAnlKa)qE@gILX3;!1O=+oDmPoIaGVAk?BB)1g5<r8*&1N;Yf
z1-WV!ClC2>FBnJzcNo7AO8es;=I4K`mg{9^GZCSB-Ym|t>VjY`im|;i{G%wSGe!Og
zo?7_u48AGCTCfpe9(o)r6@4%33};KgwRqZe&q|Zk$tCyOlXKieh%e9RFLH?IN=ctx
zVHZ7-_O$#Rn+Cp*)Aw3KUQ8&_-dV3!<F@gj7aS0G$&#M_5+D2zMA^-^6{|nz{(8Mb
zM$d=<rP{z{96Q77-~_Vg!{x^_fsyTnebhNIq%D7z_bN92gm-|NV5dP<H0Z2MiSyi4
z>f!wD;Ad-Yrp67UDXw-GS1YmSNhz8vbNJ@+*%>l*gjO9i+IS>{_L9`B5(W}ACAQx<
z8SrS_m-^z~UM^m_7rBP$)zG*WJKWY;UDa=#yyTBy(cO0K>V255;Fi&^*Ub%G|7n`K
zI;tKPr=DWtAwGO7@6gac(v9Hb((U%6TAA_1hL87eKSFJemrc!Vddl4uo0(BPb`@h#
z&hw2oXEUH0%QwF_U_zf!H+d_=PWea8cGc#k2ursw^;rFHwM7E1t&XQ9%+lYLTu(c%
zEE6A_+4WD<a+cRAx6Y23__l@k7UYaF!6~I|P2#@EP$S5vcDu#HU&s@6JyF`-=^fb<
zwW>Y<oy0x#B+Lvb$o(F*a!8iJbR<8qzcT1GzngeK*Q|1@HpP`Z<XHRc{K`ek(5QuK
zQf9UTgYoI>Ey99JY3&DJc~5bVR293qC8+|-j$^6b?DHvi64pw;<d&~aBu@|tK1(&z
zsV@>%jX(F*O{6xDF#KN~Jo#1n{Ig-Ea7p*y@o_ZEPYVA3)br(B58l=U@pH@3BZD#&
zU4~B6m<zRtzSIZ$G}yKpPmHMbP~B&zPKn!>v=HC!Zj{ctI3DUxc^r!px0|Q+zF-kA
z((+a(5Yqr;AelA>*lQ^QXmY>+kPP!I$AbcE2WdG50J-u5j5o2V@fo3Oij24Ii9OW-
zj-#n^foyQeBjM_sGX0nZK+*2R9Z!tHxOTJPV;M(2B#<WCL1S!ZV2&1{5F~cVr0Mb_
zXoe1&$OyxM-59Nx(}lf>mOxu#eyXN-MMy)az<TyTspW;3h(f_XKwcNz1UX0WC0V)%
zd<d3t*lH<xH^}<|BQ;EDIK3-C6bcL)YQU|$DM^-zl}i&Gwi+l&mfsSFC88E6<McI$
zp4bk7A=mkE6GmtvNrve4qt$__0QH^YKL#6iUI>sA)zW1wru@>@0hnDj4gpU64Q6J^
zuK+)Svn2wcIFlHFagi`|h#2ir@KjT&{a0JPhNM7T%?>HQg*NkpfFe>&7g9WqhNP+h
zDxU!HR`NQi2taAdBm|A>Et%Q<0QAqLbw;ZAG3%Bxvbvzv+^V=@U|!CKGy8#*G7Q85
zuHmW$fUFi9;7EdjVFJ(yV$~PeVsU8om=VBZq}p{Z5`9#M#7{ux87=;oV*m&b5HW~6
zOIe~_74I=%mS8`G_Gn6$ODyWAbf_x*gcN;jv&3;xctS&-L*VZ)XgdV%HClXzL9;*M
zjmDun%}ip0szXi|5YNFO87^e`0VSD{coOZd{;%2$gFRRv2FJvyicV(|1EwPC2SuN0
zCh=iTF1W;rM&Ky`C%*yp6b4(!V}@pJU`R8sM$1dNVE{lLm$?)m4Cfz$*jvyy|7-E!
zCA!A0pvO%nfZCikZP%p}@W!@{k;9AP2_fu-DgwhnULjTWE8-<a26#4Pn1$31A-MzO
zh(KikzPDwdom6lGzsGcmVpXQY(dcIfCrs6UQw9oI2C)HN(_><E?)v&i0X%GLU(u+W
zR)+&)fLtujNk;ME9W(?N8#VP*hx{53BLtW}QU~(H+tS|q8izk5u;@i3b6ZYgqSsN)
zuzCu5{h+rmicba*er&Wfhvfza2!2abQM@ot@Z-b@;F5>oi>lmGNCqr};t6rYQcRqh
zN+Sea>j4ky^-U1P#*F>Tb`Co+{gZK-q9D|38y1^wxkto$pl^KlN&1E^wa<?wk~`}}
z4~e2jCrn22byiSBz}A|cG=B_?B<7!A7~3Yx&u9SOIZ}qPrO>J9B%)pS!x%YtCX^nW
z;^46OvN3S)eQs|EH#O;;HXsmtc4?hB1p3;URH7F*C0E2*74*&?*d0@=T6R{?TnrfA
zDL1@3m=?&^_CN%+hU>IDY2I+b!?vKi%QE$h`FwkG3)?}AHulYjoQ|khlaRvtl=Q$M
z&*ZH!o`Qi7k8S#blV&hvkJbNyl%7twVqa~{y=|}k_UsMa?ZjaD^o{NMPnq9k#2eRe
zYt?n|S6UV;_@n(w=QpoNQf#Qdaofmcjg-W#t~~60bhe6#Dy8cfkl|2T+`pJK>}z&K
zwz6lS&XSt@t*1~g$hO#j?4-Y&d~SFQ6d4|EEd$z!$;)EhF`N}aGv%a=$u}3Qxuf*W
z@ki4GSkz7JdGg{I5v&<a!&Qx%mVEj;mgb^T3-wnn9Ut?(YRYVPdVTV$=24>)<zvph
z+eg~@aW%cizoke>H-t0F_;gPBW{PvK`rMZ)9z*x)R!3`n+cQTlo*~+!r*thx;@R7#
zOI|fAizJUVBrLhQJ5Obk!hKxbC%0*5XM1o8<u&qc?JjVYqe_0Ux9mTzlM?Z#oR7&e
zpR(nmC)nzS5dMh2Jr$Ycyv@SDC1-i_68E5BOG`8O*6-2PU=3xIA!kzXpkdsbNLV4~
zkxhS|dd{qYQg@>EEI9FbnUvTs34?>m2fiP4vmBSsww;T+N2bh({C^MJFL|GOu<!5R
zU2U(f%)6swsXv*naL>BoBOfVIX-y=4jzemuM-SvIs#$rwB-DBSD%J!m(I#P@x`imx
z=#~G)Cf+Ec!F09VW4oaO#b;UV>k0Sf2IK8m$gV8SA7hYiZf<MYHp#o!=9c8g2)nn*
z4IRW&_lOR#4}NsPPL@MNP+D{twO4Rp(9}~~5uV7o5Uk*wwTFo3+82)G)xT!S@bdl2
zUunBdIn0r=L@g#<y!czc@{^AC5AOMPQ9+VWr|h58!h<GUsn30El3vk^ZH{Wpu)kVC
zy5OcG$HpIq;l>d^cue(+3RV2TGrZ>Wu5br?GpfnsnGF;9kjv(1<THKlBaN4Kdt!|O
zm%1zF^$4FX9V^%Am=7+_mkW!w2->G0I_i73l+s4#Tw;o3m^9fGaf>dkgQok8!e%x-
zt+aE+@*uO7s>;;E$8K>%9QM7kB|{-bLAXa@rs7-8KH;b*t><9!%jFcG7{fB({$gfU
zADo2h#Tn}v{#K;afHerRK751Of_qq&A!4@>n3FJCHOg+Pyh~5@DH60qxhP(Pa+v->
zeRFel<m*au^rRi7l_4G^wy3F`rj{A!i|JZ6*52zDn+vWDl2vS|8cRM&RB(G<l~ZrF
z|E6bDOZFEh0WG05BR$r%a-x4TuFC~$YMFWJFEtj`snk;5t#&xH_^wvwJC5P;U#fLu
zjC!TzQxAMwJTuySg$~Y+X@ib1uZW7t+Ez9k`+Z7lPcihgPwR#)Z4ddf%S4qm{X;^U
zm{$**n$Gj<s9PTm{(9vo=N$gXL_Ku#_dLCuT%;rl^pXD-xSdWva=73?flWrUnlYp)
zGQY>SrwK%3Eygwp(YsW>j|}wPzMnoCnKdjH2rk+ktw(4-vt%zxgqFF84^oKF!nt}~
zFEH9lnoZPVUyd@Qecb>0&H8ezlu{SrU9zFZIp^h}Nwfx8AZ*iMwc&<tCmg87XZhDh
z@X<CUt_c%5y;9oG%Tl&(?Wk9fb*sBHd6Ju+LiRM6(GB7f9jtsv!W93yNashb{M&mX
zB)(O5;om(2)5o$3tay4YYR_IebW=iK<-Ejs`MSH`n=1meLmm|E+ev=K=rsE&7FNc<
z;$(I1Jd*j#jgtEIiI;L?llB%0O7BMg#CE>w?1s=-&!GZ7!-HhXlzLhD2RGJQ{Y0+#
zbR|ZDKEn5R1gG-VD!Qpm<JG%Xx|LUT@U539oxZeFLXE`TzC+$@Hl|MK3pxB=J@P!Y
zJ|TxG9o1t^x1@*`)HWqtynP%O`MvG%A(e6QOa{Kx;!;!ND_q6?zB7Mad;anQnZhF{
z8nHuwTn`~c8as?$tddSg9%W+@Pli~qz+-LVVhL@9YmPKb9Mm%(8h%=|Kd#`Nevx3~
zeiJ{@7<MG`E2F)r!)_@dE#12F11AG@X-0NILDj65X7a&+u7a1fw0H}XIJ*Sc)IoBs
zQxQi7>C8i%Gl9o%qr2dtTi@=i?&sy->Q1XEosr(OX&(?~Q1&RoXQN!agY0I0Snz?V
zW38LA`LskggDf<jOCh)YPemU+m*9oNcy>ycXIvATW>3cKq^`JLa;44E+MfsBEKH*P
z+O%0DaeJyMRaUP&9~4%7{&n&Ze=uklLTJjqeCYVqmrop7d)O$)9+F~4>GAl={pYT7
zZ&7$l1@`DC_}mWLk+rl7NJ@B=cCwY5B}vsD)9<IC_{KuQbXSIFisZ=^n?H{B=nDHt
zJ*8~TpdGJpQDI6_JC{y)iTgWw_V~#~xwXuSu9vl*{;d2xny|rOTKIvsilT*WsLn~c
zooVV0?a2|gwSm=l!o!QCC;GnqL+OnCL;l!Xdjb64Y2Q{{;bKMpC^{*S<870uXRW=n
z;bVA00eVKHufDCVu&o(=50o}TTl<ioiytmo%0grLXPV*|2vGsvC1S;MUrH~S!N>Wi
zp9L3kE7kvFsQCwS?Wj5Z|2k@twSOl*8>WB1q?w=+@^saH*FeWL))$?Hb#6{9zEle7
zG~D|K0z|$EG&v9pZrZmIfB9w9`Jg~fk9V_@dv}M&ASgN_esj@$Rn5_A#u9J_h8X$K
zfyaxoG*wM!6R)FERXaJw;!-_T9-_I!QUtT#8)Qr({3$@<U_u^oQhouR@@si%4(KEV
zZCA)_1FbwDXafUKgwYZ$h~%-Lt}(U@Gj#VEz{&*xAR?SGkckDynLv)6S0P4wb0kr~
zRkPv;u-`gx!Q+mDtYfQ=ATbeK=nrT`;~?WS9s%6*5GwdnaUC8w*H0CUR2KwI+#6Ag
zW$+S(z(TurdO#fkO*wMOf$&PcF5@sB=0*%wfpq6yR|!D5K=$8Pz|H^(Qz0~waR6>&
z6oj4_b8-kDR1TKgZgxWc?-g(j5kTqd^1;F#z!f^N-b91`oi4yg0s@iOX+yNF0s`1j
zOdL&D<db`#ZwVkNR4V70_kj08l6oCF3qf-!j~w7}0W}104fOpCisfMh_*klykZYaV
z6HXJcz{sfq6mJW3{eYQ_H|`h%DEh#x5rY978rNBX>srJMmGi&2{0Zhb;AQesli1)&
zs{%{PzeMFf0m<uX1ys}`??yFx(?CAg0u_$G;yRkG$i4vRAL!?BBhZBf=8fhm=v-w)
zRoa@apBnl*fB^u0;}3WSHX8EZHbN5#;3T;TBFq5s12BJ`#e{>cpji>vj3OjI4@91G
z85t-4D)4{L3<}BtAq8L~z~+4)!xIi#x?JZRK*j-FwNbRo8<c5a0umt3nM?J@@@D6)
zLkx7wOY}v)2cD9g^=oN<Jj^)M&jpy=13@!Xj83va7=YF^7B}LkRHHnH;haCg9S0Ah
zx5XIb4d9q<qR>uuG8}wH4n=aD^kxZe;5PwXLZM%Yn;|g0WNwQkkdehFJ49esp!*&X
z$yoFfzZq4*=*}ghsR9qh8U)x<o>+jcOJbv-6>7nf-<@m63T`P`_QGFX9t51No}y)Z
zhjj^Dnkthyz#O=w+n!jgL`akKg5qL^70<RT+R*|>o71y$Iw2hRRB)Ky$S5XL*cluY
zoZvbTBh^4qTJZFXtLHTV`u(t969q6<fkF$j<RDHAoC1;^-|#Od1$Pd3=>bW-0}==N
z=n@k1A*knYJ|PJ36CR$3l{L(TP%F~3N4{3rVupC(i3XuxOLR<X2^IkB`Ffu31kXQ^
zN-fzf)`-35q@)y=shTC4t{=7^)f|g%CX)TM%&Q*rF&oi}4^0Lt|Fq$G{@Da8TIKJ)
zcC8!MR<>5|QNs;;bYyzfOlQ0BRnYw6Un23vsVHZxdAsFT5zDZ3-$h?C%|Y1<B3nZa
z$MUp#@+<mDt=A4TF4{9&6FlVxx5XyG@1^^v6XZF0myUYvU#|ZA89B9{Xe~oF%qpr6
z`sdV+GA$SjYl>-KX^aK>*88+hC?9Z_?%mbv#@o0dnQt(!7uX>mO>xQNf2O%qwQYOL
zU(Mv=(O1m9?!yurm<AVTN^wnU9jJ8P*rknT%0b$0-P~UoW2%q)^Ww`rUx@qX9(fr=
z#Khr0kdX8K<c50B4gNa6uHnAOrTyGVaWQ-+$7hSh+=~6GJdukLZ{jk_B=w)F#SkAb
zu+1Ng`O`+xRdViP7uxYL+6#SPYq(;MRv;pt;He#WeDy5Qi|Y7-!S#XG4MhR@kM>;6
zgZ)0~@d(Q$L=pGYWzcZyFRs^ZX8~Mr(-zjM53hOasY5(8US0)M>UNQ~>yM8g4RIbn
z_ZS?Vz^#2bzsI|kZPPn&<a^)qj9SNHjJL0q{WYZ?uaCjej%1fO3mnOA*Vk2kv~8YQ
znMC%W?O3PSY{>&9`(Q+y)agP6B6r+js?pfkH@Ou?@pAlFnUeM?n{|{h1QEDn?IPrO
zxvcABnERnBu>r|yV6f(9QRw2Ts$%o9#*GDc#FnKwZ6ajL?A|l}%x_eF+!$xS$O{i=
zl~z#W)B2B1GEQyoNV=X!wZTUtx9@@pIfh~j{21vsqW!n4JuWur&%1w=9{YZ!Ja)c(
zaXGG2?^`u9`_opOEnvii^Wr8=hEA5tqJo!ErF;>C3Xci*<9^YW>U;(RHqO);A=*Vs
z*Q=_TP!b`hR|dKz_w}AKZqu2E-(1rzKU|7i@3O3a20Cs|ps<;0%x#X+c&19zV=5G_
z^1Z5@SVh7&WbJZ|zu8t5ujRStz~w$YA;>XLa<g{GpA)%%BSyv{dj2QH2$GXep-{Tc
ztge=-hePI2dPiQA)xTOOp;GOt86Ty(1NUrFuq^I9a@4r>%7nh$h|E`LE`4Q27rAZl
zhozDB;ZKZy#|Rnkm+-;@j<nLby2?)-_I|Py^6hfOMmD06<3%^kYW|?M+-|A{jard}
z2>S_MvTC?1xsG#OC0og?8#)}_qonLTER`^xGoN}W-Zq=+n;u`dcx-LGSw=YTM3oXR
zi8?xqu%>(|ZaH#zzU1q^Hq_${qaj=d-i$gIZ+Z>fRa45rVtSKPW4P0iW5YQ=XzXdI
z{LRLR)3ATBh2g}0FvoB@p2?b@yWL@ecBy*71+^NUsk}{Q4kQHHPoBR3Nr#{EsMMY_
z<+{8Tl4gB)af@Vq!Mpb*Vpvq{ji|m2T{W?)!N(6;L$r6847b?vPuk@$E~q93QJcPa
zs7FkZ4knHFW)zxzXYH=)#MA7}na@cWhx2SC&&PMX%*)O*sHc18UBcY2G-C5GaYO0D
zPv~5gzb*UfjPB9c9hQo}3fzU>enbt(koM|9NwXn4drhTX`#|tpUo1qyC69rPH;W)g
zxWe*4R*B6%dA5wn#Jg^DNt+g}Zat`ok0^_c(rk6WbbM@8oBzt!3;Ro4motsY*9vLR
zwxf)6H@HN=grgU~>9fw#GjvuE30?}}!;PKXRHjsSt;wfT1!)Rv&t6@2vg?npbbZ1J
zzh_0t11o)eR&4R(PT*McgZz+AuFNQEeyBp~ZtWv79|j7a$^xBUmwWS59tD47)<tZp
z|H$}+q>kH7^7cj8RC7YpKRT!Qszz)67P5<pi%*<CxeEA_@J05SqfAMZzV7UXBvU)_
z`v4-pwGMik`l9`HSGjZ3J^GNH+oq8{$TcA`ME*Qmu$*Gma6Cs$Kt6o{u4lDN?vykz
zWq9hv4qR@MkuhI7=)>-%di<t-w|nNs)1cHF#Su+uG_#qg#o(-Ms&^$_q^AB{?(<F=
zipkhV+w|ei8499Kmrf}X%85URNEaChaa#?9yEOkm+%-yOAC@_9Us{Or#UY-cJ8|1z
zv7iQ1-Ln|Lz?NKLvK@|xDG&xux@_@ZfrH~E`qt0nt8n%Q-tQC8-=U<x%!3eiBu9Lo
z>sOknowmtMOpw$fg@n&5B^C463ONn3Jaf78{aY;gr<z||rQN@EB}Z$%$hU5qE2y?~
z3(&$}%fASbsa!oT4m@2dqb2WTu{pm};XA=h{11e$Sg3q>+vdTNK1owI1DpHINd2@u
zwn|{<(b0MhH50UA#02A#H6`6Sw@;|>UF!nHD|vm{Jzh4HVf7Q1<UuiixhsuoI_~z*
z-^~UsPwD^QS>w%XH;gKwkQ`~g%}2rDH*HO+d8j#I{GI$0<Jf+?-}-S3Ikm052=ZcQ
zCJ(0IiA#zhJ=&c|M8MqnrPQ}d=XX+*xb@A!xdURN6F;X@&F@(jaPK_nsDB_2BwwEp
zMI!5a6O{ulZn@}7Z5X>pFg?ytj?)-#sBHaxme)yb8ycf<Z$mZEtI+oGr(a=lv?seT
z#M19D8HL+-zd1CDSzff3TI&DgwZRZL(9NQ^X?WHkLvz|&<iqBBD4GqftT2{v>ZR_9
zw29$~y5Yp?m2}6FEYJUVfb?trfke_00G!{SaYk08^Ir>4-LjnXJYg?A_VaY9elPs?
zrpXICB&aA19i6t0&hBYl_*$%9rHdC$NM~3rH%S&u8_uswjW04X+Y8ui_k6Au8`~PT
z(y-$DJRjZ1J8EJNY`}2f>-~jn2n#x+5X@N$^Q4gA9945zR|wpc6^py01Um3V79ilp
z1fmv85x@n3?oJt&{1mt$crl<|mX4y(-u!~=q$9CT8!^Hk-52G4vaVm8Dhx+a1>;}g
zTonmIg1n&XIRLk^o|-^_hj^*D13NX^m;<mp4Ko@dL8$&%tXVS8$~IF%(tLoYh>_E<
zl-*AVIP}$=^IeD`pLU>wrQ`rB(gCm+=W+&sy&Gt_0*phK7K5Nzkcr8l8g_^fTo?|3
zLjKk*E-jWRAUx?+*Pfyn(9aMoK(8ZK1w`v*VEhj|17Y4=YA8L`FmQ`tmcfKnB(F)v
zraUq(0Qv*iqbL6Ray&MdnGBecX#BuY6TtzwI2#5uClh}2FW>0|2V_!r{TgO~m;>B}
zQM8R&a?4^9m9q|79+KtY5@({n31S7*o!5EcrEou?Fc8I^0MS&)QUD+(TNd8eR15Hs
z@F8sC9mHIU)F`%CRb1wf3{=MgB1o2#oi?gkjt|TsU>TZ3Ab~<HvvvdSrn;+`^@MmI
zM0Np<3Ci;WE+l|QN4<s)L7f0yAwfqqsVD#e0$e5sSk3|LzFiJk2i}ueY04**Fb_~y
z!Ua`{IIz+#*d{iB?uc~!M`T%Iew?ZRk#lo{Oy~8Um(W!goB&~@Y6B?PfOKa#mht<u
zC;wqmXy3}GPGV6Buvc&=`N3EOVKiR=0Sh$b2bU`D4Y6(!Bo_yLohbcsK&2`W4k`qH
zs|IwjxzMNCvp{tRwI+NlBAGBuP?M<dq@v)H09{{zsT>IczzWIS!l2M#kV%G{%SZ(W
zU>rgPDhr^BFrpxFhe9c?3C^>@ya5UgPY9pMV66XL%zaG{R10uGa2wY|me>X)MR3BR
z0ow#DKvk9)lm+}jAq%<^o(IZY<h<a0GCEF5r5fo8!2h&G9S%M@Fsl8_CuGqq0|Jt%
zfifeqbdjHM>B0ad>DhsvUKc9JaI*lT&BS3AQdNjmR=JbRvjJT=2hUj*1n`=#Il16x
z=$1mPEKW=~+3l}6UC>-y5ehV8$PA+ZDP}pqRsjzKw<#C=$n3y@>kRE+dp~r9?xhI>
z0bjI3&A%7zBb(BOpfWu{vO?q!vj@b5*O?5o`^o779gheEd0m!~sO8}aFsP#p83FR*
zE@!F}U=|1AYuR$dq?#8V4rh7JdK)62xEaUdZW^{za>zx5=bK9>@pC?BBhv}45@nLw
z(5m%(`{<H4Y@P(w18`S(tIKKfGl#SJi}15+7ZK}!tVPa3L8$6~An?P9nj|v~wOa<=
z$*WcWZMS)M<a6?s-PQB;;3&{<lPT?Ynw1K$a02Mya8$CrxqWH<WsKr!X9MqXl>O7H
zu((TXM^E9c33Db@GVZ$y&sLaMTl2>o&Zj=K1oMrWRU1E5zsV&&1e$_vzN7t<yLss%
z<Kn}>*gdV7eVN?rg4K<0zaX&u@@4Yd+FUFr%iC6n6GXJbDS=gb(YU!vt<$`&An<h#
z+Y)6sjB195$&-|u6e>8~CydVl8q|>A;HG{>V`0l&#&4&`e?Ht7pnO1v<JnW7(W*g@
zDryMt&`I~L)+YE<6n#;2wfs?cpw2iyKP9~Nc$}4PWn<~yAWqx?^orH`i?8GrvBtZK
z`Lk0!`eG;{iLBM61*hpzTAc4zwZUfB-JhnurV?}eQS-=rU-B&+=EHV}3yxFqf`Ydw
zeA<^SFYAV5_?`UrVr0DAIz0|bnZ2Tls&`r!cwC699WE3oWZ|Wu-suY1wexKjr1X1a
zg9pVEZoXy&6UYJ6z)Qn;p^8`#v_B|TJQ7y$xFJmqFMOCtCps@BSkxuTbk!qCUfY}`
zAmWe`n0maNI-#aP?4cLy>vnNp-1WFZ{oH3zn`<gGbVhTqk1jev>?E%jAxHhbAtCo(
zVRsU1fni%hKEp)Ko`>eyjjs1bDIQ(QOM-c_Zrt?G!~%VJUpT5snUbT(sWjOOeMz;}
zhIQYGXJM{;y4z)Z8vx9%I%88UoVSy~KqkLXuOtNTXp4XK=gzOaY*uzAOKxXs89Gnf
zkKcVl_-v1rnic7Eb@^(a@q8W)J$5%Z?d@gyfYfySeV%eD*$1K`bYOJm$I|UwFN;Ni
z06wC`_^&ebEnI`EFB4S*UsdZ8urWMdCUO8Sq7b`Mb?*nPTCBc>x>9}PPkW=g7nqBk
za;D19*-L6;A|mbW>yK0~6&=4<YjMu;Cfc3YC=#34IY-RPG$wdFklv>cs$fIf7e=o5
z#OIdkOBbvS_u4T;Bskqn$|&(GBk-kTsr|Ui!8m4ci_ti`$Y+Z-j(<2^tUmwMD@Fd`
zn!U1JI}VwjN6&HDyuVo8Q*}aMZ=U(k&oXmY5B4q=-}P+TuRD8}ozwb#Em=got6jFc
z!d5(9Y#pbtSa*F~_DOp-gY7qhSFK6Ku6ucvO9jS$=07GZ3>80upukX8|Fpgh?RU_U
zV~Mn;Y&5nj|DLvt&;B>3GvA<h8D$N<OVrX6S@rLH=Ve-A_jYQjNGXE$jEpNk6dVID
z^5#U}=WY7RiaxGhzKw;;jWMR0$<@Lfx?m8iUHcSdbE2##gwu>abAMT2X9e>-zjblq
zPYI0W4aw8GX3+7!9yJlfC&v_Y*ceP`<6Qr-vYY-4Nfr_6C6-ulW1N&K<Z2fY=`hzM
zyto?noRZf@O20Vc&{F$QeD?9FkH#T(aF)%IFj3ydiwEnnJ1aZg7v7B%AJ)HfPWCMs
z-d>w9DO&$*R;&I{-fgjO={?&x^0lA1qsEqO)|H0sei!ZC#<}(9w|e@=ckHK7)Zttg
z+Yi%twB8RGcXKtMl#c+?gB7yJkH^zlQM|jdX>pA0o|y`<%lhn=?O?UH(NMOz!|AR0
z4<yOl>vnPYLurwFvL40+n4I&WGZVOnMLHs?9*Lyt52M+Qxo-~2yj^%R!&JRpUDNm#
z{%3O5O;#{Kd2na^yDslc<dI9Ad^R)NYp&of*?zJ87@>&x5(}xExXfL<b>FW;i2@|%
z_K9v20+mVm@kx<N?y76JuQj*$W@fOtSWnAoD&%`Egd^M2j<$Ii#Ndto%eO;l2l;&X
zkfh22wK|r;{7WSFD=d|LxJKscv&fyCWUT&yi0|{-=nPOKkRnu(lc0~NHFxiMr}Dgj
zD51#qnR>EtG1I{6#~WqNrj)I0$={V9gu2HF>+?fZ38X$!(nfG)bbYqe2@lSFgfl+(
z!xTqePpYH@QT90NVzY&$@W-%PQ;VffMpj^0Ld{SGe^#ymZRLA`D1vu&rE<peb3NVS
zL9#ZBmmHQ9@@#hO2u!!#9F-@cmC1Dn))68-IU|`>Tj%>+s7yr@2IZTP+as{XH(uH|
z!MK(i5ZZ9-K62p!?~VDD-bMwfeu0D?B<M2N=X_U^-<^tp%>NWGt9YJ0t;x25&3vzG
zH~C?^cp+x&7PE2XFmE97NLNkm3n#MpzWC#|rK<4D_HX+gZ@<hGt?=9rv5YLI#x1q<
zfU(QxTvXR?1ZBI)kksTa>A$dnj}wRaQc4HW9*@~h%X(O08qA%BG~`%(5WnC1*+uKy
zbmz#9Wy#W@a3w{-mHFpxlN`&K;#mX6vH9a%<7HY?P<KEGzEip?o$~IKXK$s?;|Q(p
z;~X5p{|d&OAqql=1im`hSl+li)ibL&q`&bQ(Uh<_BuCzWi=iZ*t2Ra#Ag3l@O0y$*
z^_iHVP^=~6W0_Q5x$9NSFOvG(vyUeqyd0AY<EL?Y@M<vI^}@fXg?VmT4$l_8-K#-H
zt0j&slR3tjdXJo*`N^_s6?V$JiMj|<-6MPTPUy?sA6bqRZ)Q%Sf2McL)fejzC+4HZ
zz~qfY+K*J9feJ`>6pKpy2O>pc(xY2SFXjL7HUqMdzD8Ta`+u7LxBgGle-Bmp-u%A_
z-+Xk!mnk>%E5eGxGFYDB;0<KAn~bh8m0+cQkOUNMj-o;JgLce1yUYY%=}Dp5lVOlL
zsHSvK4Ba2zN2)DMn1u!YM%><%ndU!7j?~@upBxU{l&_sjv}=aY@{yx-o_JfF7DAF}
z;@(x&i^Z9`5x2eIECnd*T?<%(hFbf>z_Eb~hDXuF*@Ee8!~18$nYW}l`_^T4C6yK^
zz1=}0l~}>-P&Y_+9Hv6s`go`x4Gwdas+1;B*C|V(3#KC$vwrF!v%J%8(pi4f8k>Nc
zyu}u^#Ki#$E${=CZptfdR85l_QF)N(9p)Oso{a}h;?l@SKYR)r5Z?TX=)tC^r;7qb
z1vCw5LIZlpuXPE~0%$3c2?FxTqTv9~3;%`s033s_U4J6O>`161;mZP=qo5$m6b6)=
za=__Cjc#jLn7i0g<%i}65N>G>09Jt?>LDD0K@ZmhwF=2idBAIMsVM%w8IO&!fPf5i
zmj|)^ypED&CWOjCA#5KCHjx@A0eSjAAKYWMCxkr}^+X!MA%ZxG!Dqu!p2)kvzZIy^
z;cfB56A5;BlP*zk0SW3RvJSEZ7-VSo7uXyqtYFatLZfmEL`%~wP>?nexDDq+<TA*a
zVjMT1fL)6Sj<E&$P2yI7QcpMRCOS{O;s<k^I~(@%RQIG1faHRMT)bZOc-W5!F5v*2
zUC8STb9*9M5s@nlj;H)4+U=FI4nC4i#t>3(Ii@dtL=%?=oqve|mVv{xYz7Tf(YB%^
zQBcImzHBpW5?!xSud{8on8d;*Ci<x&1H~ow$h?<I;Ld9TjuH?G<0vY%z)8TGT4ipa
zmenot!G+?-!01Nr9dNg$NZuRj{)0GSn8*|~IRmE&N=U+>_<;7_SE+v?M6ZqJn*ld-
zen1Z-(A=$wrb+FtH02Js!=UiP>@L<7u5v5&j|Dw4;AZAM=phF4)SwQC7Q81?kb!6c
z;(HH$zdbYW1dhkr<@4I`ngVYVBZt#CXmy`61I$f0^Dvl!G>6lu`Y6`yCb;ChpALDA
zz)DP9FtXvs@x;Jw;DExNj<rNsA{bQHAh(F?aSIR+QN%_x!C+>aT^7i!-$XbdRPehJ
ze*;SsO?G%oa5zM<CC(AlM{IemFd9eIF7l^iA0FklZCMOqfxXg&5y||L$)s$y^ikiI
zL9?Jz2&FeZ6F#LPIi25~WC2e&_+uD%uDTC7^@+1N<OP2|0cwMD6TuXgtUs3>F7YB_
zDe*S~>@h`=0%CKBh?YktI^-AN{8EVWM0fW|@fOU@yzS>n@q$QRA%+?F;dXfIaZ4W=
zDp^{NVlSMlk?_W4Mk@_w-hzRrOJF=IOtoc!6L&fa-5zKY8LA7?NcW)NmRqzrkdqTn
zgXG8Sx$r6s=6QFo5lgL75Ss_7oIK1()?^#u6XvQYyk?LT(Hc*YRl##|B@W$`A02Ll
z<kP}Hayw0teG>4v`yjnSj1i$ox&e7g4i?h7BhT?5gqet)ON;fkO<5&n9SLedQHx_<
zuVkTpPZf-bSY$*iOzilYFF{<uK*32B<=3*aV8S6tr+W|Y%AphYyxT(%M@NgtOd#8%
zxGS}T*}yqoPkZ-OUe=N><ty@d(+>e!1<MmUv(~Ag@3HfU_$H_wPZcMUlCW5cmHL=R
zxki6F6VVa>czBW({qrfCf)8EAq4K|z2|nlRfwl{c|2MJVzZ8n8iXQJf*GvldRLFQH
zeBSPW(?S?bI$bdpz$9=SI`Gd}qV9CX=eio_V*kZ_D<ME`pUM;b;zvy|E>3<+r%U<W
z$6A4HXw4}qYb+}5`lx%FgZwk(xkw3|hkUE;jAE-Tf2+lJ!i1%jNKKIAaf69T!83<@
z8FRWypUf^CqEFysKk&LVWOg#COfIZBo_?$ST4sZr-nwDC*rP?W>@3y|A63(l(r8ir
zN<Jv|tJ-y>IRkaNeVoMI+#!<LfwjU++GIu+S(MyS4|*LXd`rrDqW^I9gT!0!r+g;r
zHcUHql^fWq-FRl|l!ORpx-UD<-kL~y{@6kV2OOSi(>{!gaL0+%6k7q;E!25vfP(Kg
zvzlfH7tfD{>s&9=xNDZbTzPyBU)InH+P><$x&FldgY1GNiLC4>>Q$)@YcV<28h05>
z+&!=RlcR}_>jGXjF3b-#AB(BlC4=C&JC&+@_3e6t%dr+Ms@lnbRmG8NFNY`WPHcGe
zolOfd!lt#J`4sC7niIOWi{&SBChjIdE+SZd@+SyM#_KAl-BXTVHZqq{KDqU4k9hwq
zEKDif!-N+zN80tvxo_&rr^N@n^-b~rKzbuCg@~$Wt2fFf`6f##X}Q@XCB>$`Ub(PW
z3DhKFe6F@!d4FT)UG(qmV`JZVSqBI5YOiofw*G|G<Kb_iObhN*84XUT689$EBd0I(
zN&!zX?-i72m3@9H9{-}K{hkuy;vWcWK&Z9!>D`|vG0(Y~GRT9pGv*o-9Yrfg{*>@1
zYsU6l>a{r4Rs66<)TGFb<wo%*N6!gxb+3}h6XtnQWF9A*D)mf1(ozqg_+2L+?}2)m
zYYDTO1=ol^n_q`P^tVt=C~qw--&m5K!t7A0(b=!@q^wt`vDI4zI&(8CEI4khe+n+F
zy=22}o$DEDM%b6+&G2Sw<@h-nQqz?@@i@!E5z*}3lQvpAIx~KZv9lG&PWpHO$5sP}
z=U3+*o=FG0#HJh}UM_64XVK>j*tI?TE*H2uu87jhLbVQ95F*6l!(A~qn)J4-YOD!?
zxrb>s+e@rBs7j13ig)@wGn~{)hAhR`rrpjov%$5{gZ8{QQdZx6rO$B68#;^f$(ShA
z+^vJ*gj$V1NjnSgxy{2Vrk1flv)XKht$f?!j&@+d>>Z3*-%G<Ep{$g?1T(&t8(}ni
zUrZteA7*TBcxk1a9Cu?X!xakC49;GMx?`NTfb93#_&O{tPOIfm;mgiNPea1F%fZvZ
zk5`XQ)un^>x1J~7A++tg^kq4qNLX6ZZA{{L?6}|4nHK42#d7rI&_pKry(iU3O6q4|
z`6~Sg@*sYAhmklJQWhe`_{Qqhazy&~zn|fVk2lT1zgLrKMzRg7ri3<#wT*}<SQkv?
zrhh4BW5el-Xq8e%5uYB0UXq8;MGH*ZP?^Q<-e~!iMYGiM`p<m03oYT7j*P0QH=j(!
z-7ZIFPPM8}o-I+4!U$5_Z@a`GZ4rM!6QiQ4RfUu3+^U4l(X~*u6Q5t%%(+(i%dhkG
z(+hrn>z@1vg3mJW+1))dSrYec+FtEQwRI;`=#m>zFQ%>`(U|a+DB-V{Hd$WO#@={K
zCX7uRCVGchVZ|mD15ORDRt{ck$s>lmS^~1iJPPN+(&KaitJa;O-QtaJZ-Alng1<!f
zUL}8fKuWq5V?}8F8-wB*W8>?W4qf6xZ-RHyM>Hwkt&vl_F!~3A73kM-s_{W{Yfj;H
zu`Jb5RH18vQb8KLd^H1B3mwaA9&_C~+-RKCbV&HEU`IHumlKm$6in8o-_HiQP}Cpc
z!^earT6rAwfam(hcYZ%_-26q2&nxAlixIbV|ABmYcDH?Ifc$oben;WisOpK?s4U;u
zWsc?`Qss1T$RYW|+&!f*^;!^e(Z};F^GIXd-O(@=(w*;L<=QuuHt2rrzv;)k$u@6d
z$>+Y!ZqmK8I43K1^7MjBDXFw`gs-_bq(4mVfMs>L3*+ZJ%V9Spx!8<9&B?XT1pgb7
zu+{yS>%6_LcxIVoBWz-R<cj+0=GV6jpsQ<^<HWJU&zoa1>kPtlVt$x|zjdC>-V&+E
zm&GcFeof*!ucmD$E#%86(C#c^Z_cT$l=%Mh`35y;CuQO1C{7b^OX+39F}O9(zqB2H
zs?wHrRk|LTdsk7uDn{Q>^HMyIV1O*KeA5$kstLDN&{*)O*HGQ?R@AAz>KKBRIHoir
z9UAxurVb4{PDl90#!y~C6}2@{lC<;hY_#kQya>jqOB!TDRQ!Bq3Tkot*7ApF=6}>z
zh0AhYBpYV)&hcLmjq1Smzdav%>$=>f>xFSOyndpQ$j+t|Es$`DLC@&D_e#fW4(nWT
zPr(_}v8{=PP|J38x`q@#1b;uet-I7SE`wLe!=gV;kS;<#D_C?m`11F+Zl+hF%?_KY
z)}T)j@!@%j6O)gtUX0U^;hB+1&7g1iM{#L5N6In0-QVA%Oip~$ty({jD~Ejkc~3Gj
zKzLsq_QRo?S@w(B<6S2E>HpMTUT)j7J9`r>d|sqN*6@Ta21));#YQ*ifueZF+TXcp
zYch)l40Z#ozHGinBc)r-h8tq%hWgejBk@L0PSp#4AEZWa>(4sQ(S50@YDK=d+x-B{
zObZR$XDy<(o@{6Cav_m*%U^a<%!?0N^hD+K0)y4((J(2v3XejR5FW=3qchd2;kx12
zO#t5%$*f)^>m~DH_*ij!Gjn^d^{JKL&QL{nJp855I2{VfU?(%w0VSSOFzE?oSTV;V
z6M(G+0yOOQvwsN`Ej!1qr2I9RqJWqt!weI^{OV6Qx4@WTO92WPpAoYlu<6*9f<B@=
z&uB)`O-5HRKu}t}W$if2F9aQY#^~4q5G;Gd@*%+?h#$l^fK)=hi(xK*YV(>Ae`-tI
zG}LN=ICE$g1dJg$MneS5o@D@XZ>kW(F*>2Efr=pJk>f^;iDnY?IDgp_AXxy>?;8Pb
z1(u_$1%D~llAi-imK-!=x*M_N=WT&YT!$_Pq2G9cPzwi7&tJwutAjz87&rnNgFXVh
z?1<O&n(Cl10P6yITuC(1^7MP}2>`$BL*$=%9Z`uF=pCWi(GiHVh`=S}5K)!@xkErf
z0+6c!fZ}od2nZ{3meE85INC@7et(GeuH7Q$d`Jqo6VbYYpQoBBToi(l3li*Kk9g5M
zi~-%A$CRe(y|EvGWNweBB@dujxipzrL}-E-4ZZ^M?L>e#g53c!0d}EOH5Zpdq>%c@
z(hnqYq_`w$;%<O=GQ<JBF4%)3=vJ#<nT}6Bs3RpRc<p>6fMUT72$h)6{Omnl09joI
z`5aJV0avpQ6iU#H<1x$)w+!%-uBZU$Pe=fuN;l9969g_Ghu2?dMEkH%x!t);^DrfJ
z8roHI6Hrb$Ep#`mmbj!&4moi2?s*v3)DepUT;5Fd$$1w5BoDYGI3ETyOQf~($)uvS
zlDe5$n0b%c69Nt$cRK7Z`LV#L8oEVn3fBu9Rfm9$0sf;<JA`xut6eWtZ5#zBNFgf0
ze@3AsO-2{qm5!z;fV_&SZ_8I9hcK~JfdUS0g{lPZcke>}GqnYp;8-jbkWO+dKse-{
zDp!Ny4Y*l3(-vrw17<ZuqsfTkTsE2+K>%U8W>L{#Mg};W9p=9rM+F1yR51@->!I-@
zr%QAz$N@xbKf_8?0=?f_WO!aI7@NTfjwih9FCDwyIR#!a7>1`uB%??f4o)(o07r5I
z+9rzs2un@XwvFRv&H&T|eb0Orn08eGvCBKm4t0fOr$wPVh=m?wIHgyi8wJDJZTzln
zbe*6GwnMq8n4RiDjxeHB0#zUzVm^C3=7Av!o13_tx%_cxS7yO2r7JwZc%Vk$eNH|n
zXi#t$H0_G_wwQvH4&mA0#wt<WNd`@*{NWPZmO{yHfUUf}aeq<;G}0np32?Lrl_45M
zPO#K_z7%2-D*;-|QdJxQkuR6p9Soq@1SKHMQs6afMCD){`&2nE50Au-`wuet5i})>
z?H%QucLjLifnN&?Du7Knlkdt2@@iv)T`J`TixwDEdHCh~!zKTYdN`86ACGMYc0yoo
zw5{$ri8!&GqpxV-O2TruUquC`RDZ?|qgbi7FiGj0e(PA&WJC15yhqeJmfRQ2Z`wTI
z%eS?8QBm@_a>+)_?0xs|fI9Y66kj|bG5_Y*os-i_9<;EIXx>y~G-G(LXL_JF7XtnZ
zC&{>UC0W)`(@;xk1pP7S^Z0+eZeN*q2dM~r;HV6&s(_TWngHzbVnYA%r*gTq>^Fk#
z;&-$fR_c9k5}u@OP<ztm&wc*9LeB&JG24Xj|Ni9ay;iQjVO_({56`lB*7fon`v=uY
z;f?QlDI-yD>dw4ei?O@L<2t^)FsdNG*c*Kr1NDs+rrgER3D|tsGyF_EQOK!Y#sQ^1
zO0ikX_BQO;oP8zBNKeQ5!61dethxSPhV$#560cG`Ye$Yl*1Y-;RNEi-H&0zknNixY
zt{G)hSX#@9G%$hlX8^WG=NeibfAmJkA2r%LmXh~&A8TvH>lZd_T=K@8Qr{iv+ZR$$
znAvO=Rh&y#D4b#G$#N8L5pY0}=<N5&j?KxtecXw9*JstnLzuNN9-uGUA<3J7E%4~k
zPm?}TyxMnOSMiY?fhN}8_^6g_oA?<=Y>Y%P{{|nI5mf==7RK?jcm2Ptk2q%(?dVS*
zAhVT;U(?;MED4+nmXSpkCvhk)eMV#z8ryT&#Knm23tn1zbp<WPSQoQ~zQ<h+ikFwX
z{4FYXM#FNGqs07+TTN3^X`Ijgt(WzZz^j6>b1V08Y06bI?debJx`xuDv^TfDj3Q!W
zKfRmNwKdB8qd-O5k^EKhwsKQ#%*vp;n2ux5pO`h#wk!8iYHR6;tCcxc)`I85&nrGK
zyyF+7kL_I;*L!d)XZF^cG0+Qsa5m^g_+hv5k9yVvSpF_us+Qr2fK1evh)6YT;6nj8
za^~5?<+uKo`t+7U8e8QC`W{{KqfkxCJ7G^B+ZlMGN=|o56{{K&qAk)rdq3((_c3{L
zmr2GdwKO!1G>H>V%UjQcyp#J`WhK#b^cenf>?yN8Q|+c*=MG`gbbs)<W@F6ns@c2T
zy0ZI4ZLK_>si;j2@h_!Yktrp!#?J<)mTZu;g=@_BWJg4V$|#BJTAU6r1LzI+_=;_^
zEt3s09w3S;znfwNn9wu4p>ny>z~e63<(QZ-Z6I|a$-j7@UP}>N)oM0klknpk75^N@
zKM;?Gic(Cb_(eH*XK3m3uzS8C7r3=LT@y|A<vRSmbR%0TCJsioXh+sqJ4NL8xaDhS
zEV2;l9r|)&CRb~sV)@C_ab|)(t8>2nM+P5$Xu?K@U4@k?FC-(C+$?iQbpj(}Ansva
zXN0z>#j{|9OOZjZn+J2u8$pIcnvNk2H@EnyW#b>+jGva1Z9LuI@mg#)rEj%6IgVti
zN|PWZKvP7>|NYf^_2*dLM)uqAi|=!anFp^z6gzez2Q%91g^mY<=cxC2LvO1znm5tC
zN}&onIAeGCWmTv4J7RyBLM{BaPj`;H2R+hRIL%xGN9NQRcmGm(zhvg|-EO8@cailw
zpZqCLmN&G|@rL&pzj}pw<8;a<(hOI**|vYF<{?e8%$K+_)+v-VqvDB8pg;8?Sst@`
z5HL-9re#>S9?{U!8qJ@#H2AID5ZVqisi%F`d+DU}|JZsDa4O@!5BP9G6jEf5A~U4S
zY-Jp>vsWeM5ZSVoQpw1cy+<5M$KFL&vbTe>cbS>J-=pXMJpb!`-|NcN>F(V3x!w11
zd_TX>8i{N`KM-D8xWB%7$qhw4{nh^<(Vf{QHt2KP+gquWoGAWKY3kp5dMV2jD?YNQ
zstAh+?v@m;w?Ue+*|NOY%p9FF{cAfT(+l^96<uC!#xZKuoN{IH>+X@!xzTrxrG3S4
zr)-dR<DEUL<9sTZcnOB|T17@@>mqDDjD;;r?jd=pUFa5!%V@jNrS-UBquR{LtLZlp
zuRO~h?Hfqmo{bN{8f^VVoPN_U?P`VNC2fAWVwrq_Lu0vvI{ec|=4bxO6|FyuP)zOi
z$admbs{^6NHs)GPmoI&R50`PQ9y+ZrDcCVg*2RyTz%vh-E0Le~@bPw5ZFP*ve$Fmt
zW#DQm#RSj1^migp>MVMBC%dx8e`Gl<IePmNM_ZW_w`2Hi$-f0rxC>pN{C&+*Lgr8I
zrWuiN`S{9=$?GJc{pz>0wPQ}|8vHpG6&9sRw;qkg)BSlZjjIdZcX^LQ^|>-T3fT9_
zKcpw-ZVYnDNF`7=37Q4R<*<jx_E9C-o`}=zN5{NQD`w1##E;l7v*KTymalc4o9HR#
zA87wP^{r~uF*iIqgyN>3?vmMcb>Xw#rBjp@)AuHq>nG18XC4t&bpIF($>}f2yPf(C
zL;X-P>~2a=cJ-xiIm}jb#T!fvCCL--Y#L2%PL6yn;%%}|5k6CPQg(#Bt_<^d*!1<C
zbHa~;=BBT*zI%Dkx8{Y@+fIQZvC%D|X|(7;rs1yPHVd?uzUM-@=2thPNqOujcM`IF
zIv?BH%<Bic)=gBcPFM};zVREJbY+=Hy8q<mjxS5i+_O032YMt8e^&4Nn`N@UH^i?N
z`*n(J9*DE*>K)u}eB!hmwoP&*#rGcDo55Kn+wvWvqiFsMgdEGp1pj|zW4C*-`DybZ
zk5k0ecy66eT%{`_l|<F8HvdJ~NwVZY%i6rR!T$wC1-lkW#ZMWe==6TgE<_}`J(jEa
zYTH%Gu=T5i#;7ksf7I_ryyFZCti-wr0|{pBmQ>A8gY5WRAs&eU8pS}3A_ftlwCo=;
z95XZM(_4tftjC~CSe;cciytAzAjSY_1h=AC?Jwq~eH_d#0NLyWSMjvYKW@jn77KLF
zKXL~MAG@8bdRQo510}w+H9(lhHH<#<<s|J8=`KKm;UvK@Anc(dnja2xg;A|+AmnRA
zh@6|;f_i!^I^!lGKGO4-^ulq(X(aR^(C2(040V>D?$V^Aj*4|4bK2xg&;SMgK4Jvy
z(-hJ~qKUW{qF|sl2WvNEdxoZ7lBi<%H*F>L`$hpz1kUg;;Q{JW4EU%~2B@(b!Mh!V
zkpZd_blKh0gyCa4E?FccC+@)GEqdy4ut`USg3L>1XCR@gTVwyr`0?Y&w9FjWNqiSq
z0N(YU#8ba5{D=Ui{*z57?g5yA$#O10MTwieHw%~wIfNHpwFO!rf+oNMXq8oNpkg#&
zU`70lMQmmS?)5l9!VsVw*W<BWiO2tpq5#bAlo)_cHF77L2x{<Pi3Ferr(_VpMZiFl
z`wVwLHpRu(1(G*tCJPt<aKPRJybm;qVeK}vfCZ7D_Cz3;@KbEVQWNLNRAjgs0Go%>
zXtF&mggmwV77Y0?p96gI)Q;eu)&XLu{vXQVTae=bUpG0P(#Sw;{yZMjj{(q<(gf^4
zb_@l~DNAIv0Q2yi1d=6HgvI~gybqx37L^LTSmG9b7C+{p@DqLLF;N280WG@c42O{b
z{|8WI$4~`T)*Fu?izm1kj34@Yj{ycA2Xx@w<S^C)V*=br<YTx3Ky@&|#S>UF_Vl;k
zf~%5-Kf|}rco27j#I)#oe);49l=8{DV$BOmv47}fAQBE>+4Gio;)e3Y$Z)l)0X#SX
z5H%0(6mfupVEzcYs`&4P4#A<Ktu%21z(Zt~pd4*Duq|uG{~($-P%&r#l-HC~PXTVh
z2&`#?BrX=u@xU4I$X|>jjdz1>aPt%yTnQW~Z>Y#qN2P@@_`hqCl)xhl9;|h}si%&%
z#&^%|_XL2%0E!;-BsySJr{Hl64_90%KS_$e+oD022^1yQC_U{+{U?v(6{3E$G%+GZ
zw7kHWvPu{p04!(4W_FJpZ?dC2n3ZOitrwAKAg-c4L0|@X0P2^nFdtBlIR22sKWQs<
zD~m}04RI1#kMYto(U2h`@n1s9IQlj9Me8vlBqv}4-TEdr`aPWuC_!8RcH~?#ksuCq
zmOIKdZ1mGz#2&)c$x!;IQB7u^2rbu4WHM_5{uGJOCo$a}IvZ-ZuSKv^8};x5z6zrX
zM43R&FhN~)MdnNh0vQ=8FCk71s}P~Y)*A>&HzVk{B>t-$dRu^gaUjj^4Z~4S0C-|1
z7mfDehNv(Qn(7iXJ_M#wJPWtTW8<$n2N502!kv4we%m(l>$TC%Ptw)mw)Vw}$+w?U
z4beDxCik}n$MOrWe6o0#CE{UNfl2w3?^3rzxm9R#1K5_p&Z8=_uF@2pgvJ>1y!_Y1
z3XkQg?+p0jfd}(H;1QpvhvGB0n08e(=J)V>S2wu<_85#ZgdBb{xPODZ%A;XUy2;V}
z%wNP?_$|GUfzj8%Li(En(Zl^0pU*E>Og{WQ^}9$H(UVr>zMHsJdsR+UpkDsbS%Lz!
zSLuB_&D0^bxub{Q9omn$(Ho}pg`B;~H)y6UJ4$2sr^^0NjTdv3Ums(+j~HDN^=RX1
zU~@$taOdmuJB=KfClu**X}=i@+qdDv>{+~G8)lQd*(S39-h?3GC1wM;x(RAKSIY~#
z)frWM!ylK_RScR`yT8kH<c$`R@_h+&9AzCS*^Dc4S&=R%jFAYoM~qDVp!8<Faj+DV
zXr*JLu{x?&lp!36GV*DvY8T()Ugb|FQS>IZSC-a$X}LE35!)d;rR4RZqN3D`P>AiG
z33}OWD(q|4fQxN@m5TaX9_cFPjE)}-b2A*<G9{NqcXW)KFEu`<NPXGvaly(-`Cc34
zH)*edUekVosrSR1zBhBMN2bzBy^Lrsui5>07x?4Reg1O+IQbdB(|xa*-grhd-+gT7
zV0bwz@<PK>NyAsip`ap1TcU5L9_Gn!yOZqDQu%z__k;CsZIRAx*QlPFzA`bl8+0Sx
z(_*LUWW9*r<gTS#4B!sMPMJ<`QC+@X@_qZQO7X|B39lkztX<dv2Ws1B@KBm|$AG~1
z4|B>MLriBQ)p+~N;;+%R#(R>1ug<<4qe#!Uao<bAhCG;+eA3c#zKzP%jV(02y3<K4
zX^pn`VBa%gakDh*kjHM5UqPHR_FHYzbB$bI6?yieyzjgzug)8ew0%{&su5(apn-b$
z=r7`h*+=XVF6Qe&IqJgOOT7<czKW*gE$Hcr9f?YQzileS0hyN94vEklI1!>xZsuWo
z2dx$~6AIgD)2+UhG~e!0UA$SAK*#$Bq>ZSbDL;0}SF*;RdhNVr6?E5Y_$rI+u(G{Y
zgTsXU{=SV?TD!B$`aL^&1yh9C+P}&mp)q_r*v{L#&9}z+_WLZo_MD>;z~d4=qkaZb
zWj}obcdoOm=6?P8S;0uIv%S0SGV+f>u)(0OVDU4(0G$`|feVgo%_pYz!e%Tk|B1YH
z)cl)#CXOzI<D1`Vvhsr2A9^ndHHtl(8u}1Dmz=S-^dP=&p<@aJPlNo=*L7AR>vqhO
zh?5W02Yv@!&gi2E_$^+PD<x=06B4zDtKYpxWXV!n_rqNMSM!$#6SsoqIhQ)*LaH}!
z{gTCa&b=DpmsG}fUvOH_qrAWxw!yVo#89Hg+mqkJAgG&7h1FTxrFPk6UK4b!X#4u6
zI*;qf_=@<crQm)afuCy9SNB#~V_crRm31J6>&(V8QYlgrlW=c>bEvwNwmWWT=PRGi
zH9O8c=Tu>;FZS&pFX`>J3$jH{h_q7gV!TBDBC=2nr5L}(mITvJXRXU<sWzCxn7g(g
z&^?}|oYHgg+IsWF{VH$1=7W=Zci(CcJ!J0<Fdhg;9mWeUJv$k5zD%E)?r9YJVh$uh
z75aS<2w!wR|Eam=!HX$wzgMA-P-mV}Wqj4xna}$#B0G5CqwPogwh4{(?-&9TG#zyy
zUm(GGO)XsgPC=`%<Zc%FQu0vjqjwBHuAmNV2458<kB_&Qe4YI&UTeVqCvJMKYxDg8
zS-k7({!3cDLOeFX;+^gXvPsSz$_c~YMN11uJnPo^%?ED{^rnCK)jvDB6n<$e;I3hy
zzKHn#Fh=4*-;{rX<db;YSjqc0DrmffEc;T{`2q;NssjAizs+$WIpS9@+x2wbda<fK
zvNz7;A#~>Zd&9()t+^tbiBozV;)=$6d;6_<j5b@ANvF^MMOb=}uT0%T1&8dHY>s<z
zZ?0*lYf2}Lj*xOzxl&=;5B#Us*-6r$qWGJ}=a*gf&u}?#MB|)3&LyMvJ3?oRqGN8W
zTnwMKerjYNX1YT<DsxEWl9{==c~pG>pWV{ID_j}@H%h81t1Dh-{$S!BqfMN`<?DQ3
z5vj6}zS~rn@QjPTMZ1q8$%d5QF0(g7Ep9;NL_$UoXA4)V>DE0Bl*px-#4-ls;oXG?
zFMvd*av&s#$X{9XEpd30U2zYqX1~^_j>E00yIa{7941P}mWITwyb5_9Dj}Ofn1{0t
zaex1XJvvOIM9%VsS8`5hKUcWp`M{VFal;gL+txw!kzn4^pT6wv@gXDm%NU12UeF3Q
zIy9#E65Wov^t-TQd-H7NP)BdcneDyoGNDPaXtEUf7VRw#y@|7d7Nni!5sk{_dr9qv
zBk9)`Ja4HH$}^Rb>}Us5q@LbO)GvCKbMA@#fgld0M>5%-GAI(1u&w*%$f7BGSbryS
zLqhuhWMNxn|72nC_U~%a{;w+M!qG&-KQ56^w_nR{3YmNRiY>4nV&}cQCl>Ag6dlQ8
z{r3JG<(tt@Kd2}=*AnKJvEus3^z`Ih<)GS*W{KDBx)7ali||&#KsK19d%^=$eH2|X
zu1NW#u`siU#xEn`cl(IDUUrv131^~)IJKa&I&`HeQl~mb-f%-8;>~Ka-<Dir@UP<s
zv~fv*G`$}FhChH9>bJ5|0W{DK1PfwV1u=+!*a659Q&{3xuidQjS-2vNcH8fEAg|rD
z+X0xtIpHZdO8}BIBnWr#prbC1q<skwJ0?7DQ5p*)a7qAbFaicWAqYDGa>g1Wdf_bs
z2NGk*Z*s6Mb2uC1Ce+uRqAECqe6iPSo&MaP=e9dkvuWPFv5e4A$I~Y5OX@jzQ5xV7
z_g}i`jxI7f@>JLK(9L>imsZ8$ecTQ+D%riU7||EyWEAA&0}+Y7^J%L{G|pf_J<A+>
z<!rP%_=X|uDwsje0o@$kA^PGyL35uj3~+CMS)2L0kF#u!@HB^qgSli|`1ze4-Iwgt
zj|h=a&4o9EuvjCQbf%<&6oi0(@X;deNdi5XR4`sV<&p#BgUk*IMl1`jq{34zA5(*M
z{+E#9p`V7XE}&7y1B2YhC%Zoo!@LS;1+4eo^N3^A0h%ld9*<NYF21-dDIs05yUS0t
z;3Yuxox~va!AJZO1K9BQ022>11SAG&L@nd(;Q#Og90{ltG0&c<9=t%SC8LX|6+~#&
z;1B<&SMwjo9&;EVp(0p7wFo=$ID=;cPg(TF13Dpvx&4@Y2nEsxRCFgV`uF|!^C24c
z-w2O(OvV=!j7QZV@H(u4ka5615Ci)-Epr--M}Tz}A(H^O3cwps3;yp(5NrlSiL{(q
zZD3?LN&~k9$*nNTgJut=^BROukd_L5v?su)SN&(MPr(x=0FWGfLVzOZ_P5)djR^jk
z1X!gXk$|T;Zm2+{07PM(2r?VTzVLylv?q8W84C1KMi_rpH^{2ROVxsjMj>R&Q3K3O
z{Rn>mWD89fz!QY?7Yf3=huEnh*4788AH0*t<O5z^1soYD+$4by6NQ@vbN~`P+)13E
zNN$Rk)ct5_$nJ_GgKz|99-j7v8@*bL5NU9U`q;1Iw0<(X$IKs8ku_+ZiG~|v#66){
z$O`+vx2V&m@Cg13(!{2^bd@=yE4y|Gc-qH$(XcYWdWR95V3#CU!#wFuLPg#E9^Eh`
zVF*_4f)uz^kisy?ugjg7jXLdwMy!H@3cBxFh3j0rx`BA`cNazwB&(m8d#Y>>{dOeA
z2mlJf?!uN#@u0}^r!axyb~4gV!v7EzUh#-kw1nj?WQ+`+ri>iY0+AO2FVX_Y;R-LM
z1wVIq-XjP)QsSljHL{~?xB=(y`MYP?V*@b9k#2a+r<UUlKt6mBK(LC$ivS@%2rlF)
zY&W*YSuFr~SD&S%KB2z|(!zIPyT>S^bT58R<h<VR<aiX~<ad<pnt=e%em>rPkJ}@K
z>AqzGTnUv>U{MJL7H&{rVW3@5Df`ByxbWnV2Z>Bc`+Ul}(C~3#oIcl|r2~tD*Zq_M
zGe-|PpVv*_tJwsqV($!QfnLCsTp9H?Y~m)1)P5o5;x$8=b90SiU;0_`Lf*@ts-C=5
ztY)?fv9w&2XZwq|KK??(m}=`l^zhbfk=VQppNH!T=g2D0bK@7`yhi2UB|ry|yj3Ln
z?o_*7Zd@{76R%m?9LHA6DlaB!`HFCO2buikosg5(FHeL%59|G%@9?H+U^+rV$4vUE
z*}GX$a|)6^w=K-V*YgJbRTi7~QB^Ufmj|`SOnj0Rf^}{js9tBHniv{*WH4a7NgFeF
zrE?~3*hu~kiR0q6kvD2IrTrlt)n5fg6(UFL*xj`Q_JSgpOMfqFckq9t4H}J6IkFJC
zepXpQ$%EOezl_HoTU&dtn?7D6+TA*G^t)x{$M~ziUrppw$TK(OrM*?=9lK>Vg}hsC
z)%c3?*R9%=6}`a{m+;IGeLd7Q4o4Qfy4vKI{a$^vv0|mVn3>AM%FpITa_!1X0fQ{f
z3x?~wj^-A!3xf6e6;~AdE<ZjYSF)WTi#SW4PO=;HMyKl2`G@L#W_HjgO?<ALjf5?E
zl2!HN^spJn+ji==ChrTn+jq3(=K>C7mU=+=XEN5DZ>lbJIgc+Qq~Fl3VNd@_P(+r-
z?|x}X2#c-fB}FZ&IsQm!G3D*FWxHG9c;!TxDU*IkcDz7=Qc|v&$!o3IiS{U|fGPo!
zd(wLY4^r6rFtWvS?BD2ZQIuK}V|%P~dcyMp-*e86G_FY5Qy>-sCVI-#7n*YDaMEH2
zvMv1^A`iB&t21h0&)}MADuM>OPqdk=RRuIW_D$5+cv+L#CwN6I^E53p?mNi_#s}19
zE4<r$E*DnqiD#w%BHkc}PW!q{P}JLPa#qxDa3!8>U{?9zr=$79jN+=RrFz{9u|wYz
zW=<6X8JRb%9IetHlM|FWi!Yu!qv3bj(Xdi(-z;Q1k=}b)p_;du@tr1{*U!?`@XO{K
zhH?2S)Hm!-ZLEi5&+qxG-?h1%E-iCJ*F&1AV|0&ENw55l<ZXi;vkA3@LtIc`{@#SM
zt+LRPG4+V>)cs$CmRv=;2bBh|4|KYo$2-}m#+8@&30UYnhXCG#4lj1o5W%L86O~b=
z<yxb$8N}Ktt##24{!GaQK1{mLxLiWS71{`3o649++^KJg<l#bBg8A>Y-4q^e16RB2
z>RfsiA7f))w9WOo$-a88x60+}{1z%P?m%TU0{=ymlWM)bRM}DU+?zxqysk1Jub^$y
z@A-C%eF<Z_jFn<AtDJ`BI!z#FewM1P*{SCqnc=H4Cwm6ydzJ|JA7u<>Rr-ukw&*}~
z)%c~Vy1TQN`8XC&POh*DZsu18Fv~WGIy5y@uvIW`v>rvjb6By=GBz?vDmG_}dB|*d
z?uF^zy=s(kq9w)n#+DZ|-?-huE6h#Z8y<NU?4~rXjAArn9my!>a*TS+$T!<OllE=N
z7P5Rk=JsYB#}>0td_e@dQnJJ9O7cvScU4FM4FO94JqODc`ttH4X2Hv=v-^@ESu^q+
zk0|wgs>2#}av1p}We(TCJ^o9X6W!9=*ow?<aQJNN<f(jRI@^a*d~Z+^^L3k{&Ehi|
z>8p2FWtRNT$lfr~WDQ5GPw(qTOpD&LTYEJA-iOG>W<;xhQ;RA*M|)QJ;-)2h#1-cC
zL|cn659IG1)J@XoahEu!^sN>-6MxK!F%)3e3zusPWIFRDn<xG|hDmI~%JvlMIT`hN
zg)5Gc_2Ns~*4Gn8NL^aTZqgSA%10Y4l)OyKmtiaG>Ame&!rynb1?ds~qx;jcN5Lf?
zjmSi+nj+u5i8X$XtOtP$BTbF^gJMk=o{dwLTnxODj-r&))FCmR8~C|s(ku1&LWSG+
z>F+-^d&+XmI45p=GKg6<G&gXZd7t-yj%hASAS_SuFg<*DxY>@3Pi18%(;-8A%*Q8R
zqN(-k*_5TaN#PZ@@EV#$`A30A3zl_H<gTD(x`ZZ%!h@_!BK5FkuZ!5vob{e5nPzg4
zQ<e|=Ufx$yJy1AX&QA8t7?t?r+@h_%?Tc=#@KJkG;+U$wNw8%!Gi^`h-Pg0~9bS3f
z6T7>c7kW!Obu%7BT#6f!v#Kc53q9Gg%T5wn^PL!Vz|%F_N>gyf{FapmsfS5X9L_Dw
zURKj{)&(shng43F(3SpYi4oz<w5){eXA)0Ak&Xv*1`$2O!S_|Q+4Y$2?DZGimbg9Q
zIUl>V<9l;o%!@s<gmy=?xaJFW#LRXx9hf79_6{BVv~P>>E1m3kIczso-qaAp&bD7Z
zB4g@z-F3B&CDzf_*7^MQNO3y{d5Id+T<BDdK?&BQTH$ShElu=u#UBzak`?61yHZCq
z&PjtD%;T?j){gF}<qOXw^SH9|V{VAljPNqgA*lC<wwqO3D<Z%B5?)U(9=qo2q@Pt?
zYUh3dh0BWRez?I=uRzOJHMBQiwaGbJ{}YE}?hZH~QpVF>dIha#_f@maBCC#|*>zn=
z<bQ*=@-m+mV%5*$40$4qZl4>y%**`$g){f@aK>Z7TwQhsLbvQU)%uSz4H!<3h-T!_
zKSW6l_mQXme#X~T6XKlA2NwN9)}vbR+AB%Wt?~_i(Fx&=eD2l@nOmqfo)0X6Pa7IC
za(AeGeyo`VUUU(L*ryEUd6vMqleJM%HRL>V@ji02HKMS{3jG=cl09Wv_`(P%j^oau
zAhv!4kfG;(kG3KNvLc16DLp~<)eWkz9_`#yW%ytsRqjs&4##{538+(IzafzWV4VTT
zBD&x0cjX_1LH2=(S+O3r9D^9xO90?ZB!s0>;!%$P;awlJuZ1dL85s*>gxUDBNKVl6
z^DQVP`P<QD;Z~HUG_}aHW1p_6chCu&l#`)^qpH*ek>hU){n<|R{Hiln7>|mw*+HZO
z&}mKIMj)Bu(bGMV@v3JR381OqdT$sKY9ua9!?$sTsis3TsoQZ$J+sPRx9(YjhBN{^
zHzdYT-Qj<%7{fbmX66+^F^0zS*Yk7?^`c?eB*4zV()7Qw4#?a+bsL$GjR%7l6BL$_
zfMiB^Iv~&Z1PQp%gH)aNwD$c+juFqX+-zGKpKEnY&Om}d=o8`bD1mPzEFO3#0iHh@
zg1`YFTP{hiop#T-a|WMV2CL`Xw(kje#=wmLA+I5L?>^f1*G_hKZ7|WlftqRzQpLcu
zqrRXh2}uKBT)`78&+kES71&-tG$jwf2o}Qe@C7fxVpWxjI|WXdf94YeBrHG2(?c*%
zf<*`5(|@cg{&>UC33q0Yya8%Z2bGW~9GnrKc}5j<>n8|@@PJJGF-D9I(#N31LhD!$
zRys)!mI}z)Iv({C@t&0{lrZeW=~BOI;ug;WmPi^Om!*KG2DnQ~!Jh)5S9m-SOms0K
ziU|}{QRbum4+q{JA5*ak5d}eRzd%L?g@6A%F1}#KVMO=?&$P~ibpf1#H}vCyr5FKR
zsDxvBL6iWy3_`y2z(PVO?QodB)9a}fM|N!L$w4NQGuj~0@=X^eyP>rsbTewwivc|e
zsDhv&2MksCg?flQ!1HfX!M*7At{}ThLxhRA5YeOq>MM+LOVFJNfLOyGJEC@n#<RyA
zG*6<Tsnlze*}VxL{&}}Fm;|i75HCTEn0mjvn7~tTAVC%2#)B8>eIQNhMWZ?p55hzV
zpN{ovaz-U~kvOY$_@`P%qWZf2L4toUK^<`xjcO+JCv>dOL{?<MJ6glAi=dssqN*O6
z(d+R=-B7Wpd>K%Ns^(oeV%W60?uo}LfKw23ot$qIe{pk3ky%ti;@E!1IFu{OU29EE
z>>}ucvK=B;7q4E=crgOGHDE<@dJ@LtSCKD~!Xx@iL8`P4%-z1&5yyEREE`kJ0`|QJ
zxc{&FN3B(Z&B-M#l??7%F2tLqAJ*GDs+IS^FQDcczEoQFo=Eo+;7KbiRD}^^*1I9}
z(l6+?g#E=?wjgr2V~g^Pk#WY!5tUb`m64HVfj(gC5B2*Y+zZiRQpY_ZEqS`yKE}|r
zSEV}N_)<Ai>G!4QI&H<Y?N;(rxdkhfM@oG7R=vCdNEx>8sT-3WsIY^oz2l9oc^blt
zxyn|8>(|rA(nmpIHTazJ;C5`r(Yv~%K;D5QDFsIA7%H|PkKy~c0Qy_dkv8BLNHIZ$
zD@zwU3O4Q!rMry9sj9ux%Ro)vxqIgu@}TZ%VX*XJye;4*VVLW#r<~g*uk8EjwZiHX
zrD(6(Ua=8%Pp(C#nyk;i$@y|b{WtcgVu>T}86^FI@;Xh}&y(zSLgw8=tvM<IC!G8t
zC~b-LdqB~REJcEd{+Pw-!*uKJUj*#*>=X1&kKV7}_U&HCsQa-y7HX2!hBjnOrztu^
zKjlb&x5s6X&MUMo>59BFd4J=%)%b4@46V$~&oixT?di+Zc)dp(yxB&d=acbHI~!85
zD8G~USU`kXQ|(iES(SBRu+_-8DDQp5l*5)xUkz68$HON_vU7*h&22mL9UhO8Rxk9~
zWeb^#o>zE(%PDO8rM={K?#Oya$hT|eqhBgDaj4T1qCP6ieo4-rocVq-sim}6)uhDe
zLlxaPa+|fh?!7mg-&HQ}wc6J!PL|t;RLE*s%>Ca6VbbCgm46XWj}&=5M{cDw_D+cG
zD~rXKE<HW-psk#>DfxMFiA?N!Tx+H}nyId~RF}i1jqW;SbtbDu`t$yWEKE<6ER*iW
z)&IU#6&)2EmPU6mR=K<<vwvlT&np2vT>4yzlD_kVa|_KgcT5Mpw?)w|?e?RACh9>N
zv-?NiK5kG?iz`SRklR?)rsXbD85{i+7r2LtQ%X~2k7#tA6G<G{<1jd#?7F;CXB{f6
z*V=h2exkpGAl<}6D;i~dDU>d1CN|V4%=;l>(j_iZFO+qapP3?`nN!9&iz*)jBQ;6K
zxSw}V%lT2wYwm6q20mnPGI@U?LQ<IOX26m0w=b-zVDPVI&WLE%Ehi~|&T@n?W(c<~
z`Wf1BVkd|)>SgpxSx;q|>`ER5@6hV9$iIldqw4UpHV1Fglr~f&R;}$G3p}^3h)`m}
zhWh?)wn7G{sCJ-T4vl}i{8=$NFaAw`<28jt>RXkCfX+FC!VAxl4-ZoxRwVvKWD4`%
zkGOHzJ$&28CNnH!zTme~*|jkgJ&I1H;*GSN_*cK{ZRrM8#b%F-+5!JPyY0q3a=xNV
z5HrEQ?Nr?8R}~q^8tSJytn$5VvN4F0($QvkbOI^mtGroo?+YqseDAZq7rKFwgDKIW
z?MvFy-az)d5V5bPP9xrUWt|XAy<6_9^eKJ0&kCxPrFD6I2J<HCsD;l)Dr0U^uu^GA
zpM=~$U%lC_&6kZKqMRQG`9(t#7!+Badw<y~N?7Wv*U(6KUiRi=r;&hdVVWYff#ci%
z)nsLOb4Azo=P4c#QPnYpn>&NQ;q&X014Tba*GoR!8;`qtB+?pc@THYO=TG-0XWnb?
zQ+GM4RSF1wGj{d$Go3RRu9nfVm~c0{kgul{8TVH-)={n`9qEVs0*{OkYg=*AhY^Zc
zKIY=0cMM^ABoYT5Pqy}fy7IMNe7V?hD!RwqP^oY=wu#_fDyyJ|nAhIV0%Jv*s+gV?
z->!lypZO-;DP64Q*58+%MF*AcFkmSLi@6`Fn9!R#m`Iau(xfqt3d^|YsArq7R*v7a
zHko%aJfgu~o*qvr`o8D+cKfJ6;iHnEzM;#ZntFm17B$QDlds?d`S#t29H~{qwueWA
zp8Dj`*az}bgV&$F`83u!vkE7t%vmWY%IIYwG?uA))u?sSS8CArJX2ZZQQZyts(I%l
z_FrAKy6z8BO`mRX9Y7x8(g1NnUOn|f<@BW=y3gH7T$FnUY0?V*G$o4ECPXuzZgld)
z(XhsncND|LRp`3Gqg|}^Cxy9;n?yFmq2Fc3s4ZZyX#JCQ9`}gfFEuW;kICJagEV4h
zzP<e(%6wH>9rtOKPx2eKOEAzSKVpj4+(VrAi8$iU?=>Cfvum1F>zga)7cMlM{BHSx
z1s9)V`7?{fWY=jb_wnT(^jb@=S;U<hm;Iplq{6J+7hYofdaq@xRBm%?-pfeaNgux3
zof<Q7JN$u>V}kh6y`24~D%LEUtid3u64v2?<<x0Q<gSRKa4kpNOIyY(x3_pR=Y9)c
zchpScvFMQWvk=;lG*R=6+9JQYp&cO^_b?c}SP=rr2sF$=@MCb@H|I%6cB@A=jl0vu
zs&cX$$>MBo#052LuPqOk&<-sPjui%u&676LVrC!otp%1-KSht84X16J>I%)+O3O9N
zFRyUd{B=~is8PCRDZ2W3PB#p|@5Khp%||#I)w2@P<xRE=l_771tY>GE!c|F|apAAn
z9~Tm@k}Kyc`Ur%$WUF_5VT+-^fZzyc5o%^~EtF@@2shK9S7F-^`sylEq%B-FK9jrA
zxbny@yo40vo=+$I!}fyi*L4*8Za>f03F1eaq3pXYTb>f^f!2cQY~)Id=Mip8bzAR8
z-g}s{mcQA54Q)^@5e7FSw0tArWBJdSvi;!ya@Tjg<HuqMJ+2i?%si-HrqeU~KS<K{
zIhMgZ;B)}@MoWS88?tGGS+^rYsQb$<vRZ@?%+(@{(c(y848K~6fP;zCR36QU+f;6$
zm{IrgX3Y&X(T~Nuks-tPJgLlLJX#jaYZ*tpQ2Xkeqg}Ik_Im9fYCM>&ms&D%E<$1U
zvJkTKVn7T0i#>~30_5MIPkQUgpu5NoJiwg`lReP0f#1a9C`YP_a|Ve>4R8-T1lXw^
z#eegevaaHBC~#ybktnpz5k?V$Rs$-med`6=q!+|Mr=sX@3XRcbbuVDUeC0e6ni#lo
z^W3dqSq9a8BxjHaf!lr%0F?lIKGQ70vG|Ko{g`thCc)sjnhAXFQe7M|?Lh3zR_3vl
z#h-R26Y7e=$g<u=P&E?im@%`N1(9acNLZwW7yuhF22X!G;c{eN<}@4`Xo59WRkLj1
zbE3P*v&hg+B=RaKplqB-2on^!b(LP7$N_6G6Q!quv(n@VfGw)T)<Xo!!sjCK4cDj2
ziFmg%fv$m?y&Dj<%i}+@2J8(j^$2wJ;qAv$^@M>)Ydm@5?3UeA1|5Ddt3pW!n3ACj
z<QViYlb<H;#t*Y_Al6DAY)rj`4-Ym2Lyni3iLYN%&k@X`EGN&>?YKleo{EnSo@$#-
zKs`c+0glnz%#;R32Xs3p8$dZ`kp*#GASQ$9Fm<x49^k+Yier1ty@*5!I$_8yVBQIo
z?6rmg``93#dH=pHjNs(Zq9=cl3#<P2{&=+zenJ-(sK=Xd0MLL=NR%M;XVOlfvauZ!
z(rN)#<b;EC2BvoCyud>wh2CQ++Hu|&BZz4n@XnV2)N#034ia>63kr86*IbYB(edH1
zYc*Th-8bZ@U2*^ntEbr@Yw>_eLn^rY1Nj184hK90LL2_wYi;cRZ`{SB0?;TOW4Y^E
zT|~@0%>xjEhEHD*#V3<Bq@hzuVUHj?-ehZl4m>Iicq2IeDlG-U-B~8U9}W#%#wy&B
zpgYIcma-C!eM=+(02AK2ln#vGVbZ$ZOK{xf@;{l%5?=9kr~ZqK%VI|JwBz%&s4DSq
z2X#g^+Vn#-w!kBENrAv%;O#n|;;=ie1V8POwV%PffPI{cm<Hra7*;90a6R5+5kZVb
z)z_yco+gvKrW}W$2T>C!q_l)uGdlc%;5Zkl%+YfQJ`7g(B^4k<q~d|l@F(;lGqsFV
zKDCtz8xY4}Lq+2Wb)7qOXyTRzBLAtVKv#tTazqVuRe&sd2*Ak!|Dge`>I<sCe0ccd
zsSgR^Bs7ks0swCE=NHTiJaEEN{t8ZbpFG$|9@`@D$rq|M0G?Q|_=Xx`@YAcqZHFEg
zYeL=PlMQh13<%ufZ!ug`EAP%FRTP-QCkN2UMA->@e~o3yj;_BV2_bA`GTLiOfQd-B
z@|sw=cQRPA!=k*p2<<lu4a};8+M7ga&&90wT+|@e^js|SB%3K|H!P~w%NhNCO6m8R
zdM3|70U@>FLbKJnYsPM~eHh30CN|?dy_qEfdenJi<#X|0AlvJI!imf5vF&z(P1hf}
z<?5NKF_n7Ee)vCE{KX>K64U(+zwq8uPE~HuBy!_RvwelP4?8S9hM&)g!POOeD@=*+
zTOfyI|02xaTj$v4=dr4A$U;;1DCM8MV&=zOl?czb#C)nkI$4h`niV)!E_~e^_<AY?
zHABffbwOn?X_AvHMFVw^PqwC>qSdFrjqB(r`Ia$<jB4F4khENXU-{!q$K#x|w&6yq
zkG&o<b-H_cVW*Xy1PTT2oE3|tx^V8#(65ZWBbsx0D>l4WjXm6#_Cl0nq*}_zzs34q
zto45p(S!?L;=<{fi#`1KGva5Po%y<C2aD^IpJcDz4Rt;3Eqd%|th=ZmZx<J)Wo<7o
z?ALQKRHU7yJ~@C!byTZ=?u}LG8$uKNG5?!#2kQhF)4RV=<9iF0`_B__6y-I=XVvWH
zUb&K<YmfPLQ{m&P(CFc^z9|FeCp)*0M_EtWIvGRawr~q3>VmI1Bb|*#&ep_TI4Thv
zInWw<yu9T6)E}H0%em3weeMx42}ZJi*b>y#d}i&Aa?lr*bK32;XTL8z2-vZLEIDM#
zlKwI_UyYu<TFq-h>KVKL%H;~WF(08db+os}{mUQZ&$+X)9on3#l6Jczi!BkioAM3n
znR4$oz|ao9Ybq`68QA@ch^sXIi+J_PbitG9;d1E`XS(OL)>#kV>CMg$2aDvi3g!KU
zM60P5t(GZq2R)E)P_x*BzWyMtfxPkDgx%>pm!>lhbLf_q)%7jTEP@Ms!BeV<<9zTh
z#7Y@6k(zdJWYMp}H&#otB5o<1bH1-Wex;%&()K4o7zh<)NM2PLd~k8t`q4^f$I(V|
zNlCWNc6@=1Rdvc0R$;p@f_=BIC!R6&4n*l#?%XyN_Nq+^@hpk5>8WN3q^h>cdzKc{
zpH|j2Tk3zf%QAV>WU=w#R>1=1K$gt+Fv+TOtSq79pjC@ck4EnsiB2DTLP<?e#`!(_
zUClY8orw8bn=f9LuBRJn9~#D73rpo-{aoGl1~)JvY4S@fbcWyJZWUIMS9m40VJ2*n
zYj)|t=)0{>zutjIsr-vKulzSptsh0lzUQ{n=@~9nyq|WHQ${&P!`*qJ(AGqq<#CvR
zRKthn@{5NE<mT+B9E`=jhi~1>ds)8@-Zgrwl}A6SmKXf}+!Z;RvkoX>-s1HjMWxs)
zj?s<t_nSXD)V0-m7AXt32T$z03-L{U3a}yd|Ckco0k0d&#VT;m*{HE*6#W?_H5>e#
z?)QVEl5ST$1D09q2P%I1)yJl})C&8Y{S*1)C+%crir~J51U^JuUwxADM~BGJkML<l
z)^XE-l<y@8vwxl>l#g<?uWh6p)!ZLPj5GBbm0Nk}Dd)D#R;&I+ko`pv9(4DUA3ey8
zALb}dwi6#)bXKaXq+EX*%tsZPNfGU9l2MWs%6C7CNzIGX3_c93uC=q~&?wpIkV{*>
zHG1dDnC~)v${~Ob8S3%XQM>cWh<$s)&rgfuhaGjlOu}?X{A_TywKXlwL;=D5MdaHn
z^LNNQqSKqU+rMzcQe2~pTa7;aeSjSOi|9AS&8Fo&37Tdz5L*4*Oeblubi^4iypNH8
zv9<Nhq4`4RJITop5O(M)Qk6S;EBq_Ji1^B*SHv`mRyxvZ1g(1mPEm_ZnDk0l-$$8I
z7Vi|i#9bbeRo>cpOiz>(>u@VfPSPvB?COy1Rr<+Kp>C0}H=~-bvmCH6#Hh9Ry|$`G
zC2}{9Z0@d8?tjTy&%IyXEyAr*S;Z&&OXKd)Bn0i11?a8jHyPuSVt@WcOzyogYpM*~
zQ2(TV<*-UqcSnHzqKZ$Aa-XAu=|b(rb<BOE6?<(*ri8M!zleuiMWtxVvcAo{yLU08
z%WPK*ic1GA8t)b24vURs1}$B4P$wJwu032$=ykj9smHO8?zcXg^9lkUX-4|;sENn6
zqb-N<*hTDPMvj1-vXA*6_%~lWKlI`cS$^uw<mG>F>f^lU!+5*KYdB+NXXd~pSNF)d
z_ivkO=+2<S&YGt6*}E*|dyTpg9V7-|UG63`ju-MYnWS%x&bc~DyPiGSIIw2PpEZzl
z`F;l@drT|xZQaX9eQS1>MMI6x?pKs6jto*24(bjSC#!7b>X^J4&2UVexSvRmc`%7w
zBv{!jeAcdBf(@Swr4IV3x%I;H+ywnf{6Msf55MbfVN7YtGfthE!MyhQ_~(_E4&s%v
z)*DS`IDU~rmW#S}UsiG8k*)2DFe&>ZkC?TYRpw9$W<IaRQl9ri)!iBVxLl4rregQz
z+*Ll_Q}=&U1lC<K**9go=QkkuE8rkMzJQB$3}g4cPOslHLj`*{w{ePJ|MSYq%FOLg
zK|OjgV-cE&gZdQRft&%3vkL~n*M;@J$)0yMjS8>U0p*K<ZlI0?aix#)k-Whh+#M{*
zy5*rQgKL&JN-f<ll2;p*Pyhc@C5{5waZuKOc}UbRuh^x{JEsR)&qVu6x7^iA${an$
z9a+*kkoeVw7jbR=6LGO^7D=U;R`zf4i<{nH@-<yls#kJS&MQ)o!dpcw^|MgQcCzg8
znWj3ow1EmqYqp_e7p73+!!}-LwN$>bYz=9@EP?(MFGs>EeR8*jy%-RbBp087e>;Z+
zTK4c7@Rv1g;=(KxiagWzwFs#KRBNLspev5SSMCz;R@P%<`GJrwQbll{Wcxc#5~$~h
z+1OqBKqR>u>e(Y`Oxl{^gCK=DI`u&uDcC|{*&KMVC3hreST+-C^0<$EDXrip!QdfD
z7csOo>#S~4CxFP_4xiDq_rFZb6(8;q>s|kU31g)|oyZBcqoTnZv6V5CdIInVZUwcz
zr!(!TMQD%TZ*@BpR$&pxbWL|>4PGIX9Tqzf`H!a|!p-xLa>hQ+%iQ(FS`+H52v^k*
zaiVf^Pu1^aa^VRUQ2g`AaRTe2V*F;C;0fgB1_{NBBJj|J4q0UUf7k@QjL1lY)$0@6
z$3_;I;sz3*(ET6dQVWa8llKx(?uZ=x<oiGH1ZLsGZn#!i;Bi6L@VP?SJKn7iS~9S^
z9Jdh4F9BU6vyk2U@`idQR2}}W<_tPVm=``!|H9W2LXjZ_69(w39+qRe283)Bx4VFT
z(Ua<dvO{*_h(r$r<N+|@g?ynPTmyh3`F^e^0VYkTMG1haLtO&=p(Re}qS>hNBmFU^
zVV1KK2d*T|-$fX2FH#`D9S{7B7{)6QlTM%AQ)EncTu*WfumBp1XN)422?GLd!0}%4
z!L*N-Z^(oiL?v>-Qx(Uq21pc$04@QJ%)5uL!o)Wz>Hs{mCJ|%<{D3z!Kw1Hdf$)gK
zel{M#1>M0re#8$)>^KnD@j%WQsvgPz>k8pdUQWUjTtWEA12V_`^mzR9@VUGI>?mku
zuvhSg>?kl{|A&a+GCo6Ai)B&gfjgqG3f1kin;9U9vSajz7=>m}5+rBB0I*FHE?!;4
z#OhqSN|VQuDVa4c3>QatIcZ-nq%A;76&lgOMuE!WVj?4jPLNgWV~2(G3wo{~b6OC;
z3AN%q5)S}iAWWy8$}x9<y&Kie00=^D$I~@6(SaL~`3XEa|HaJ_i3bjdW8?tj#eEPa
z_V^PzH{k_R6vXNmBr;l%d0AXY!q9;61fXqB$CI{Z&DR;*F)kA3f{h%ld`dkd7kVgh
z*5+8~7lmA|26z`Jfh`?+-T{nVOgPR*>nkO|riMe%Uy7=LKRExj*L#j5EK&i>!w&|q
zm*DImSl`o5kymct%HaBtikua`<1Tz>N7x$}l+#bUbgV)^UC9`79x(z6O@Oqyr=BiB
z-Fes_b>VM*oxo&#GPq&t_j+~u!{GAjJw^A>iwb2oS_^MkYG-Hei9nkoRG?H2$_V^p
zFU<Z!X(*5zPZ|7XeqKh!@#vk_8LIG3%tO2m%jj5#rDz<Kr6;~TbEJG*H`o|T&`Yus
zEo^dnMl=t}ZK18>`}izsHp*k$xs}6V$EmH#@AO{;@7Lb%0$TwKwt`2`ODJExJkXex
z9Vh$pTN`!TWgh1ai=Iv!D&Cc$3BoJRober!N#AN6NmEQMWdm(Jmkf_uyV6vC1~In3
z82{K<PL(&Wnb%z8+1};yWLq>R*SoZvC;ZG`MEfoGJ-_Q8(?*j_^vnC#o&<7@5iC@F
zI3U@?a938kIIR!6-isA%J-5Jc(db2OUzc#$MkLSfMHWnQfe&x<$X#?!KT${1>cD#1
zvrD}G;oZ)CPbX-))K3^khpWBPjG0=MB^lahXz1e?#5hum38D9H-Z{JI>&=oeC^C9o
z<||(~`p-nwut{I5=DS5jJEoWc+H;qJ8N3S!6$a1VPfUqR8pnN9kMLN*?vfvUqKjW}
zq>}sgKB<N5dU8~nONY6fK3~O(-8uUCitW{J>esnfi;B*h)UXVU56cnFF}+|$v`!w;
zgqEtx@~_Np7H{(PeSg-g){B|ydsq>_BKA}Kpyru^<Ye-*6p9Sje2b601rZXO{EkB7
z-C_5hSk&u%J?g29du5^)da`!DO(IBkAVk3{KQ?r{)8JFkB}RFa!#b-DwePcx*l4dx
zLG_7zcjmPU(**~G4*o`BCk^w}?Hdf|mg}DM8Mw#92QQqyu7)%D{7fW<zir~BxeRvZ
zQ?JYDOFQF30sF!9GvD*Kwq*J_jKfAbMy<;Rvpl)Ze6D-8y%(RrQQ=~+kl{Bt-aKnH
zu`p;X^36ar#oBQAMn?37$itW&%;B}hm_01(y*_>6cjfw4Z4yU;c}3faJNw^1o_1y;
zIB}wd+VcznjfFvX1k7mXore?N`l}Jv_E^+*Jvrb}PL6cSDtp++oRwL&YE!KC&~e)#
z{pYpLp;e9LFvG;HJr<kV3}<V*aDhj+N)@+X>$N<g+)<HW3)2Yvw7jJkA-jyRGO<Zi
z7GjlBAIXW-PEm`-xT>6ACp~A=o=B@PwsYV?V?H1trqSMEKCaom*JX;i8k+rTq$8`S
zohJQ+VIuQzaN=s`l<|nfhPUgJ9`b_P2mO0zWTUMX^QihC*>y!@ZwD)1khuJOPB!l#
z-$40rF0?2(g^%(Ya`3Hew4&^k;BUdDnXU?NS@sTJZdDi$!<LH5X0J|$-D)E!LKOM@
zN$vcLIJsTvcJS3+IcH7Dwm!d(|A+}9p@0))*e{a9+d{7V#|}caazuM8{7<s=&}6$!
zgKt_C*fMNi6~@-Pm5Ip+ezJWqIvvUJ^6+T`YpCO&0lKIpdamJU5;Xh5{9i<`3~Mo$
zp#AP0+40VGk!XkPxi4-`IkHyaQ*S9oD~L;_E+yDqJzAXn*-6K%taBY$Q+?mSpMB<w
zr^$vdMz5QMv$IxK@40q7DOPoSv044-$V?-18CQ7~x7AdesH@Gbk>PkY?x%wg2_5c;
zCYn5v((W+hy=lu?{R=e2_oG5{xKeWrbGE;xxw<|vmwVNFoon3NMSEeO#Lks3cZy2%
z>BUj*i?RY2jit8OK1g(^mMC}dS6c6^t{i&5EYOSjiLDeZ2rmyN?Y`-Idn4{w##8JR
zjdbBVDI5JZwRSl#TBDz`v43t;dfhjnJ$o^9!S&9y-E3ac6>nK7uhc%Gf{A64`?62z
zS(EHseeDDnBadpW!vz0aDt&wg9hp?=ik*3RRgrR>W#4hHFJ{};k15&L|AX1#q!F{F
zUwhj7U&F1L>Ej`G@#hyUUt}prQ;Me<DD@X^fAMfV{oJQvJ)^7?)!c(|iya#|kS(f~
zmeuJmxb`j2$}9CziN2(X<Hc)BtqYskmugm?7Z(_x&}4iTY#9|D?)$t?7iIsuFvTN#
z(dlI9iGr*1(yy3;u=fJgN<R;e;|x*XPZ1**GYPZfQA?wRu@<`mp9g_ac*!m*I&$}o
zcIn63SCq9>#Rh#>KTP|O^B36VnF@~xWQkPY2@@r~9c{YjcEBqwL-*L88N0u~MDyl!
zEBBbc59-Ku;L#{OjxG}2f~3DExlNC;?$Hx578LBxH(BL$n%TN&h<S9+<Fw;vQbruD
z{nVnPc6;Ry=gVl3D(3F?Q_QV^kOo<!#oIbLe@MMO_ZM+FTfS`LF9NA?=J^9Z?#AYb
z-%J5ptcNx$6N+V9hb~u7ex)&r(+F5?A^BEkVX@KVsFQA;%<-i2z{BkHeU~8|?0S%o
zbz7V~&z}FK&&Qx{$#mzno%&IPeN;xxC!gsSNlnwdd1ac`H!ps4Fi#cj#_PDb`P@oq
zEUm1tHB-9#*b8a5k7B*tcHO?&+dZqQQmtLu-mtF!9e=+pj?w=}PiNzZlR=6$;~nPX
ziK8sP7j;>p%}0udhF+ijeoq~V%v6+dRtn?x=fA%}AG$OD7f>)On{ED*ag@w~mrUvP
zQTu%s%98b2ryRhT_%+AA^jn(MJUp$Z=(TnLGU-wIl?}hVPd~HtYP+{{Sr?dJRt~D-
z2nruJ`Tai3fNO^DGo&0VdJy~jy>}gZjK%4jy5G5>3IuX*78f6o^l1YWIJJQ4>LCCv
zPDXCSlKkYfmIpmG1afX=40ZQCtYLlP)kV-7pp290bET8EUTR1^!A^1!3jE|Yg;QL*
z2*XrCZvw{b!yjwPaU^<suoT_^`U=|*WFE$L_(k|*%>`8CfvjZp%@*iNO7Khd$jDnn
zNa2cRRl05J5fguHMQ-K}Y5!XflFIse?4cw(mtq&%N@|Eif%7OvjG?dkpof?{=#eE1
zE(F+e8Av9+zt^2h+^aO<sd~k_j|dMMAjS1@jUaeQ7Qjn_Pc#M`a10vS0D?f?vHz`j
zi5-Y@#Yd_3DviKn;t)B|Yspxss%Hao$Vw%x>e7x>Tkj4Z(n6x$;>8$l_4biC;Hefz
zB}y>6s52m<EQQyiyx<(uCj}5oDo~PsqT3$2`RMVfUZk7phyJEddw}(ToT0Oc#1g^|
zb;fA0?Nea2RY{zc>fzhG0KVOL)iXrAp_>HpP!7R*hrvTwTiN)IgbyA}G>Jy65@;~v
z{kC|O*YU`Q*L6Kswc{Yb=Mza(5`cV5TiFw)X<hU&V)*Y_v0XifpYjf);&FIbFB%^p
z2K(Xd_h4{2R)%F0;zw^?G{3(dG#$$QYdcJ=If=K!{Lh~Ff%D(0zW63_f`+V%R=ph(
z1BZl{lc?<dfA6}0omsmvbj-jw>_?5@EjP#0dxD1j=a=Pp=S`GrHUexnn*Ycfz&1a+
z;_aB_c-p&q(KuRg{vUrscmxIR=i{z-C?#8hF_=jF*m?|=j*ugOSMc3o2j1(LF`#z1
zrk=%B!Z!Qj*d6VJ)<hBl1^|ZQG?~miFd;x60Te*gw`M0>j}a!q{0~#RiiSF)|MOY=
zy#eHRfg@fF!NnO%H{JdD5G}#^mV^T@z!SH?;0@K_n5aNLRnfew3eQI1NrfTp2z9|z
zV4X%dfmBKEL=Si&2ofCtF`(sE(WD$*2w)Sc1qblX2_)n?8TJ5qcR~6E0vs2q?!wQ3
zML_$`cX}e=1T&f9Rq+v0+X$`?@Z^ZZC#KpTPHI@g!z55FNuL2*2NDC&C*wX`JA6x}
zKOmw6jm4-D6(VM9do12xk_LpK4hX~UK-e=RPeY9(pW%u0BnT#kY88jGv0MYeMOhHx
zfZ)``FzxpM6t@aNaQ3P_9qSGl>s}At^uGl-U?zl~`30x?c>=fO%{!20-HqMTMeJGw
z=LgxyS*gTpHfG~}BRs>1<$zI|jzwNs&^ZxI(}B#%jK;a_FJk>VI%Vq{EME6_1eq^x
zS-f-E@eL3uIrVcz5JCBNlht@;^FIY8h54qy7yNJPuFHS67xA4ta6J-)-jbIM>wghf
zzotNR#`VENPY4@KBa1P@Ry5TdejB&U<PEV&4RqHI)w~;gTU1I7Bj)!>MOKVPSNW4k
z`;R%t$7inI8V{0f&T`I^RN^uJi<s4mDd_E6wP)0PhO3*J-F$gp+y8a<8Hz8pe3;%x
z5nn$us%V=V2AYM*&E?5#eY3XNE3I?PQ}HiAdge1BJh?mX2<;gdFl9TIAN}zn|47+*
zxHkB!NSU}0r#z@QU)K@W--{!{&0^p3R3rv_6go0^Q6820bQn?+wLD?|ne_SR&BeM`
z)4D1f&EGn%{zW*+M$5|lMWp<=b*DR5Q<}feCG^DUiS|7M&)(j>qcWkZCF(MZ!dDf2
zFAHyK8FRCL5iG(j-PRgj;-g6_so9MAo%o6NWF`a<g>l3$ru#`cpENQgPs`L2^E1`w
ztg!iG`?7EKZdr)ZJby2Tui?~^X~}|-bF<#yp68`?;pdfC6GmGfGnKkAoDO@`JnO-f
z_cm;hrJuvi3EidWNc@6vywvGq#l;J&sHM%^%l4RT3wHGnbyvl|jM)>s+ObUZrT+Rx
zqsRVB(_J6eD@?Vgc*SyC8bmr*N8kCzdwNyI7ETP#q9~FBNh)i*0#Un`!Bs7DeH-;V
zB9tQ~8E3F%UH5_rpC~;K|1&+cky(x{rt+!WThb~+GdjE;qIKM4<~e$F{XKt7Qf}vC
zKx8orxYv81ru$aXyLUz0|6Bmd;@$m)k<<WM-L{}FahKU|PvOdGZld?}KG|1?+|h0o
zbg#Uzd7IhhQqN|t0KF^oBUOVx?5zi#B7!5r)*Ad)CGw-^!>*+?mFKyQqr67|N4zZ3
zY{_>%Oe&g?l;`L&t0g3L&{rTPVSlS3*~j2Bt<&g|bSs6els&eZ|A?mOFi*;n^5cT@
z7^?q4%&?YVIhicRYQjX>HK)UKK-0?kRBpI~LTeSoUKC^(>`vtm>=}vd`kA$v#qE!B
zMjCzUv83>RLG_N#(xLU<gof=6`HO2!J7o~*{~j2iy!!WUv>O)IvFATV({?pIk7T{p
zbf8LEV)|>rs9MDD@x$je4P%=6EmN$y`5A4CP0e;kE3qx_ETVHD{oup~We}|+2wlYT
zTPP2_ZxMRU%K5z&nS=sD8vfN3#nPCozMa$)wWjXuWPWi6wyk`1{1z2;Zr^OZ-C)|U
zL9(R>af9NR8&PENM=$$PuYCz&U3Ic1kN6Q43=*<g9*RDczuFoMP+fPM_d1HjYBkno
zOzDGDinT1znRd!Q>nv-2BmEv&pTB;~`&vlPRGr_fpK9Ac*f3j3PjA=-WXBr2li!6V
zo5i|?afxSR>*2)$(*9$%oCDVO)moetBi*eMvSPQA-)%3LTe*9b7cTO3`>BjGa2!2|
zZ^|1P9Vra4D;0ae;qf`RiY4{qJi&^-cZa@Z<&wr()ZvmB=J^r9N4<|f4QHcg!`VaP
z@@OfZT?<o`u8pb^Fx^0>tB$|9n0Ms*-mTkNP$1>f1I;lM=lktfisK2sT5id5i+*ca
zB07vKWZN4%@lxRdy>0j8WEO??^kVCNlP6xX?7bMu4gjV18*AD{j1g`za@51!P2HCE
z;Na#@!n&uE-R?ZxWjl=~d`D^9KKkt;f|}U%ORP_bzsruC_RG3lW`ZGX%`--qseK)y
zHv;Oq<zTVky0P?B`}w*{jp6J0=X`(dpDyJo6B}?cZzdmj;duE=V0f(&;{@3io83hH
zO7G2Gr)546iCN^OMs(!JC#-0gR2dPwH#0K%Fl*8%(BG-5Cbj&@I5hlfC?ZfoCV4Bh
zYw^qow({XHf13Tr4$7E`P!w@a&xO9H9s>UlSMME2_2U1JpMz-ORwBD>$=+MT&d%tV
zMKZEU2uGT-iL#4>;uv*oqGV^!?Ch;%WZv)db-MR+-@o4<-OD+z^E$^lhx2$mpO3M8
z;pMv+#w#?Ul0BX~eM#Z^dLK$!4<t`_X(b9>c)-)APHRPXeAma8BA-eB>SJ5<M0|J{
zQ|ZAK{l<@m9|x98X5XoN^4(a^W+P*{lb61uad@AhiXy9GKR|`AOeQCv#E5TLqip})
z0pav{k?ep%$#pqhPWl@Apmn=v&^o)3E#Q2UH9+m7<@WrsK!qNO=tJ)Gihd&LPJ#oC
zVT=b<QhPZ{Lm6?)$6tBf8XO8&XT{**H`~UBegFAmw{4aeua%`T^L8G-nh^rhnrK@3
zzJhE>;YR!jwaS4CF1lGuR-^Y#d}P<9!h*R;&i9Z#czL4gud&a9{4ri%tdFPX<o^zt
z$gHkN=#o{xW&4<Y?KLys=X~m%rq7yH5X!#c@t!)_{C+F=5VlWy=I_jN|9W#RPV1Di
z+L4ol_YcobCf71`7m3~5<Ii}apFs#kuXBea3?0Z-%EF5y5;%ABMLt*R8WI6@Y#y-r
z@jeVbFFh++Mb))CueA$l5`TIRWh^~W{rhiJCurCvckrH9ruuUpX1wi5G8i0-YS%Yw
z66UR4LFC%~9>R=7y+v)LGIc3xHUws{i0lL<#}q=Ho#rmAMny$=mM)(yqEdctH)}9>
zfv7Tq=7nI$Zmkp@#iAR?V^$KN(E%J1SQ6O~3U->{;NXjAq-juybt1U2l`W;m2TMhe
z#2o&FW6I;*#twRT0_0n$);L2P%}y`=gY0x=0lVmo!04Ao4{|WKUKbok_eB<Fym^iS
zJZ687W#%~+drA{4lW<8rBVCs{YCs?Iqblq=Q82tW_y{6~)r(3;5FwI^4j#PZr3gX?
zq|re#<*V-u4GI9^0fIvSFTi)kFxIojS$!n{gG<9yl4#Ai%BmreU@1g5y`Ju!mhSQv
z5WmtXw~VRo_wu}w3|5R<0u&zVF#yyVuw|rauq+tT1YL$5h@$MhsXoVWrKBN<-Lxwj
z@~gDd0JtOhRmT_vNPft40V3Bu0%h$)Psk<pH(O}+C0>Gl5Dc1;*>Pv23|J3HLU;#A
zW0Y%<p|XayJt(r0Kn;SxLXe*Gz*xE)rPm7jCJ>|}AYP-&<KNAJ*v1<~*97zjKs};s
zl5)-H_62VWHFSc5u)Z4|_#hGSrJp_O;Ykun1%6$a>+^tq<Rd|dd{G@%2Vx}o7-}R1
zOd=YvY!&bW=tB52RYycpGw^Uhg9C+u<XXg~0NhyH62nr%4qf0Oc96Q2JP$w{Sv(-`
zt=4%2a%-d~Sn<M!2gl6?9qOvc`9IGfEf22ar;t?!bphp@5JTc_Lio=?D5eCXbsXsa
zi4`xTVpy1NJFr5Z#PL5^R*1w83>oO*&H~i9?H{8+ganG*jvFxvL#_}S)hhKvhzBYm
zv=&vyX;wkbzgvxQfw4UC>+b=Cq!^WPZVVV-(!r_Y4p`kwth9kEoNiIQNetx<F5{if
z&+Ch7XfdobSNx-$4oEA2R{(_~&h9S}<vmF5>N)9gy(Te0;#exWd<>Wk$hCL@hSN8Y
zL>^!JBcq!`{Q>qs1GqU5tY3||qgAW84M6TAma$25Dkw;cDZvk$X8XVcTnSphaE}sO
zDe&`Juf0L01haabV?>!!6})0Ed`}^SMY<d~T7@p)a$vn7NbwDLY2bN>K6k`T(ualo
z0`#1{kX<Rt0eV0T?B3MKg2Sj=U6}z}p@n21{CS@rr^Y~HG}TN*9F}tQLBvbooHY0A
zv2@6a%MO{>cc7!@)l0j^eY<Y>+jWq-rE?<^K5#N*rBOC*;F>ld3X7-X(8wZm;BZR&
z^9+#ppPRVne7k>Xf^f5h^2ESpCwU#;MQ~jIZ*>MEi-UvwAh;G}HD)-giqjn@WKZ{)
z4_=P0$bcgA+jD{cjPcF20r#^z#~*w@C~C3$_fiXGj6<?XooD<uv!3_!0LvMZ?tcHi
z{J(ZvodhWI&alpFRX~B9QFO7qK%N_C!@K++`5W&d#M=^cS~;%XOprd~xrMi+o)=w|
zc~(_1+>zsa*Jayo^u-I=)?KN5Kf}48`BnMw^jaCH681bPz?nGfsyd~3K4C$aY4_z@
z?$<G%Pkvmi!8_#NrHEFSYS<SSj`(Wa;m7kiA!N?&mn7eN8WEYPXNe;}g4dWPa7QnF
zr)Q@iIK~_V9(_&u)$|8P@$kn)9Q)6Se4kop@1}OGDApfhm(=l}GDVw*&fYg`t}Tlp
zU29~;X<sflWO%ww(wTm;wADDO#D72lw<FO$qb$>Z?`E}4^l8N}Yvk<<_F1c@;KkIv
zEsy7`Rea?(am4D`b~sP$tjit+UZU&Zi1n^QVxSMll2BL6DK*vZ0({PI0hVulgI&F^
z&iDk_HAnjX45xBr=oRm~{Xn(5OK~EUM=r3uvY%2-%CJ-3KTvkgkv8ed!y;Ta=j_wy
zo8(tGpKy1?MDpD3o3%Cdqg2pT*FJpdXzE)sL(O@@B5ykNYq|HNEwRFUthZ*x`9}(S
zoc6X|1jGj7W5ZqFrT+Nqup-X->qdy5r_QfCIbH|VB$Sur**@JJwtuujG5QysNyEfQ
z;89KgyS?$vg<YA?p6u<ODBaiYa@Z(LX&VrK@g?EI@)Ui2@82lwZLYVM-~E27_ER-8
zd)Vh9T37KzNZhtfLf8JA)X9U(nEc-y)A@~K`>*brW=l$D1iU)U)X%~Ztvq&{sd$e!
z$k1GPwMj8dJiTh9d{Vn>!lS2^r+vCSVQk2q{jxRZ1M-D9cecWP5A~A$)%ZOTO1aRM
z5_8rsd7DWWL`diqhV#3#@r?F#YCk<)PSoKC4*5$c>NLU{DGLvxf)BajX{FT{wmI&P
zTAmsCJ@d-9-u#$mIcosdJ&$#1*0!?kBu+k0Li~1sVh}Dbe)#t9-HYl&`rY4@!WTs5
z=Z;JTT;-b~*UvS4d{~O@<ENk4Q$zOgrO*Jzsu-!*)88DxQ%sw})AO1%NcP0<U;B<d
zpA|HEdGRGeZ*$q%xk7mIuhfA58HN1gn{R(SB1Sn9(Dw3gRJGSHW&~vKYrjZqPhlTo
z^s`z%Fr1xS-*jK*a8X_MWgeV8pglF4H`}nkE0vp1eVXC<cv@;x;D`7*j)s<fM@vI!
z$oScFD&?e#N_!!rmd#)tW$Lpp#<E6IS?n`&)OU7opPsp9RwNJ8MMg$`>ou{nENp5K
zgUtGDI(q>x>I28GEpMgPx}~jb3eP0befenf(VF)mbG`Z|;hy{_0MifrutNq0UDknW
z-^mVcI4awG>~B9{N-gEIq&f59*o?rKEpNo$UEI+9!gD`KufKGwNwPKbbDD`Z7c{GS
zSlVki$*g1>78rS2{!!d(7iXJzUB4dIwN>=>z;(eNIiZ}b1pLg($L|vOj@Qnk^pb+p
z93O21y=Na-x9?GaSV?#yf}nEF&ypj*nT}C-T~Yk9i;r-{3$`Di6DgsxF;i)j_dXG1
zn4xvTi}Kf^q`MHkqOg=gV$H!d<qX2z{;Z1a6>8&s;jLOV^RdCgV2|M;zKH!}Ar;^2
zx)oa8ooF|78xx;zEY?eGZs2|u$>!V?YsyU_JK(x|msNkmS}j%gb~IzMM%_r{(=NG_
z_{E^mkii6tUfBRv{05iS+CX=YT-8%1^9?E5p=$FYeX)q&+Bu+}x_wZD6BcwS6S!X>
z(}-oAO~|KW#I;Vn+PF&HZkIP-Cw(R>t)?~N#Rm26c%Yu{)nAj-2R-l`#1Ys>_<X<m
zuJsaZZ2I4A9j?rIy5kvb<g#}+Hf_0-OCag?(C%1K>dx;I!GEK|dv{*nWK%gG^==ne
zadxjAQ;q5ReP!#^=@tj~dE4DB_xV7(_UqQ%6vM$0ZSi$GwS!8<MoU+I9WP`y4BXjh
zv6y@R&3@5?qtRxVtPuUx@3BhY(O-q7$!6ymhddmv?Ua<go;Y_`EK#wzz&^CgJ!_gh
z)Ozq0&2!r1@7o+!*(E1W>L^JbeXf5u@Yp=(%V-8A(fI_o5;}~+BT`|#3&j3A<KxK-
z>Uo`e6VAmJ`5WSU7qc-IP@_F~Z<^0l^3I*fD04&C{v9%mM0)1S8K3*#YGkozKAj%1
z0&pBVq7nY)1L6VZyw%Jp`)1#6T>n(U@^GWZe;V7Ic{Se-na&QfIs1mF1eL{0J9;xD
z;VP78rKH3F>qaFgA>x;NQ@SAH1`Mop)MpAAfB$nKy2lFoeHp0bLKJ>%rIGDsg7H-k
z(sW#1?U31c#+)5->@C8BKI8pbn-VgAP6X>TqCy!cFc#^<26jpi#g0IAJ0+qF#0%qe
zm^h;o1W*NLLp{J^XVBwT@M#ZmMM|xRDqvda7{E%81fDlFG+sE;vUG18-4e<2hL{c2
zgG6Oov^N7_Qrx&-XBs8$6Att(BK~#|o&&fy1NSM76bXVQqF|WM0Zaj*FcAcUwjbm-
z&|Cp7W*B@sAsc@Jif9U$#x*YSprt{E1LN}qUu-FJD=SaNCpbw4x}qzFD;b%58?2*+
z{CV&0BwS6<)?&ae1$9M61Ke<>Fwj(D)FdDi#8&{N!LAIKe-f*Jq4-%w4Z8jiGngZu
zgj<x6LN?~zF^rg!L^4*UGYQg(a?t9n2;Ls2BG_S-L^S}jJ)DV#2EnxBU5_?!ZBjIr
z1r#s|9fW6w5fzJ|LO_Cpk}!|(KDP0?fEpy<1g|#_(b{1B47HBY;^qp2KcUDBR{{yY
zln5v2Vi5th!dw#!ja`rGia?|eNIq&*<lpk79q%kSO0M+}Fn<K-8M*)wDF>_7sVW-C
zvF#o>GzWK(G1aB7L<19e(x8}sPJ&piNgk7&A_m;1ThX|R*b_2lqTzu+vMpeLc!)R{
z^TJO=e&{&lWJZU$GQ&?mMGl8S9;clW@;cu@u9W~0N{u&h<P7To5_d@Gf$2ZkT$@m*
zz}^u~SfPWSa?p%)+bwF>ON-qBJFFTg&cy&r&(xq=$pDT*3J(+ol8R+aA~R_v2zNp!
zfEwk$uY+nbK;=P=kyk=-A-b$1OCU?ZEuhf<GsgDCVr^qnK1U|OtD(h`c9yvni2))`
zy-~v9T3qU4?pgwFHED=Z-W`0taO@w~F6iakyB_%S?x0Q$c&1U!fCcwRs~`tT+g_=r
z2~53^{1X6yL-8x2TYtWjgR(++QA2<?YBA1{7=R%+IOZ~ooj(>F<^Q<Q)A7J^uA-qA
zGKCNuS0m+#7!B0!iGfp{n8Zav{+L8hn_VshQdZL@;_1P^4RlkpJf3e}d4LiyE^gZ%
zO!flkQfO{j+v(aP5YR{#vRQ<N)@aXttb#SrO_R=GC2}w(gPII}8LIhFT&owM#sxx>
zR~;0T;LW<~00(cNd9s{0)6Z_!(IF#s^{a=7=6Ba=dwCS7nf~pA5dZ4XUFS40B6B^%
zWYQ%3dN^v)T--h7T%q~pFLAVa)3j<&FHo>YJH{{!W|n!E1CSm{)a?=EU#&FG6erA|
ze;292H2%wM1<5oemMP@#N3euV_$%;C+mk-{Qcy1w(%7l^k08G?B+vPshtd79DX&Yz
zc_Y<d=aMHhvE^SA+#)4gW>hdrRVCIDZRI((LCfim9*oKnu?=C>k9?AhBHk|29sYH=
zel}X&<hDa-w4;G?MWRw)K&=OtlP&vk>X!Bqw<X6M>gUrhrdhozEc3rM<7DwHS!s8(
zoh7#wxf4@&ZkH(LpO$oZFqa>DSzz4XT0rrfMP;#c-^>*!uNmgC!Lc8lPgrpnBX?;h
zC4arZw9Gmh4Rz%b`lX83;`h&yo^e~@;NI?+JG)$_^{Val$6pRk2lMRPH=m0?H51%>
z7<~Hx6VLa1Gsm5$UejE4rCM^Wl{4$>lF^F&H81tQjt5}7r?(<4FMZ7855x5jDs+}K
zF@EuxPZ1uH&QobWI8ilp)!V{ue%2;p&pTnUh<8Tw`f<s=j*3V&d$*wQk7eQ!4m$@J
zH@B?TzjoW}6@PXnOn<4<cmpbSzJtuzkvCLwm)Ih9rSV3?sqrmj0e;)>%AbAE9UE$4
zw6G3#I3qcs({i;sMzx}LctHdTKi8P2K%4JRrFis%*qCki=HSrB!aGVVHeE+ZQn%cq
zOw_adovWNbt~|<L%$hJNk@300!2K<H_8{fcFVQ8P7Ok~C%gvZyTB-UiANJ1gX?plM
z(2kCpGX=FA?m4%2&*3%sGrU~1CRJV-VXrOz__v)2+-J;n#a(aZtwa5m4Z0(5-`0KI
z5vg_)j!?ug7R61}`%5Qwb*7ITh|P0WKc6n`%>~J6=8sc*T?v83gIqB>am}|ZGF$%=
z+7~s*+WKgEV7(g>|9SboLhZG&+3nh;3CrqmZ@)>LvEmvJm+yY*<b1)k^3EjtKDV(_
z#|_)zBQ0c7H7*TeExp2a47Unc<-Y#1UT{@>;n6-3AM3l??cUeY)BTfrFJwn$wTcip
zC%(27{u9aV!j<eUZZDbj_pk`D9di<CWZlsFwT<4Vyq`7U7v(+SuVLkWe2JpNZJ)2Z
zR(1cKg}PwlXO}I<o+i+pbpNM2*$8}uNqv<$Vn1E&LzdzYSRS}DxslJ4msoSkTzO(w
zxtRVJDMxy*aLis#JfqgN*Bm>JTXfoHAFl5Bec{{BN;6r29^0_@)+H`8ikRlUCxhRM
zd;hZ04&vI3x~KSZrf84n{s^mX$SUg%QjU}ckiTfOccjy~T3**sD!h>@-X>Qvm$l&7
zm|gYm`GME(ypK<=`VZxey>%813_P7P*B^AhR9~{>q!W*-L2%FQq~5+@lZdIZp4DSp
zw8gmUpG#=7<@7Li-Lj&Os)kX=Ma~?oJ-B#W@qBM_S5N)>mON2RDHrGU<9B|K@2`+6
zGQ2ZzH+ShbHJ#$+3#>ialA-KcvFegPX}LN=qpL{r?Vao8?-jC{A{MQ##w!O)58FRV
zi{HSnmxkXmy+DPRpHv%*4zVdI7ioCkuBKV0`t#`k_b-l4PO{aNv9{G8hy05KTzXcw
zbZ+D-oec|E`TR6}>}*6E?p_n&O!50(0n_OD>38{4?tvP3n*Q<v&FchZ6T1DZXEeT(
zI9^%?^S(tbmIY%{7FUBu3OS{$ZADt*t^Nvu5A30l?ODmCiBE3XwO}rg7i@kYjE&OR
zR=mPw$a8a-d9ca)d((5?<|ffd)#|j2gsx_uxSchvYjRJ#quY*^ZZ%xoHq13$=o@-f
zbWE1!%u$jzsV$sgvM}TJn+|MI8tRzm{}$?i5qo+fPWRhjL-u5dP2SD>Vjs%n9;vM<
z$^~L(?r_kG5HJBz{%$lGE<SDOtxsq67IVgCuYA$?OL&m}j7^|$!Ya;qP_;GCLPaEk
z?+~~1{WsMcz1s%_kCGFG4L2AfX70T^FlgX4S^oAzv0sNv^*aFX^HE&a-N`cbrPu^$
z0u=Xsdlf>B&fZt%;YPP>t#pBr0vl4gb%eR1{oMJdxJ1`asB2V}H2N1;nV4AXDgs`#
z-Fvf)zjI0_%<xv(o%apVmv&D2MmsXR@DF8b4)sY;xk5+sORutTrC+GVn=K`DtfqRl
z>-B@{0-ol!*G)cr_&k+r-mqt1Ub1sR*Iv(KDnjJGcWgK;P9(le*6x(-c2Mv6RDZ6N
z<Zf@?mEHN4Y}9q|a0?c&=jSaqx^!lZ_^T&dYO6PXaYIT(URv$Ji7;N-)yRV)-XzT2
z&goj-8_=>wabM`27O&*~0Qg>CJ1Mwq$WWg~s-+|TR7=0kgFINv2uzP>M`WeNwFT{&
zHg{$3R6)Go8HcF1`Wfl(5FoBx&nrwYC`K}HDg;6wcf+SUC?$|OfLJ7!W(3Lme~TC~
ztL$lhX(%j9JSxH(e8S0vcKDcekp`<BVhUxr_zBU9Ak%5opXoJ4Va9GImM*(-QFRp5
zCdimuE(8U&Q`1^VE(-N!B{Xv#X;g?#xg9%G2ucP??nlr$Bxs^_0Fi^`vKl&Uf1&B{
z6p+6TPRJfI;-(zzo*+aZY8pV={KqWntqdrnbudvKg>)GhBz6JNOVHrSME50s-nS!q
z4olGLfa!Eab*xT8QJVmiAK-G(-;m+5J!r|FpM_B#YO$4T70DvC$8D?nI?-ImE`@&v
z%d9;JLbUi%&S1&qb(cM=g*0x#gc>gqPmV>hMZ7>xBG>}qsYj5JHPRGU+T8;usoBU}
z1MLaQ3^@y~X2ot>)d7P_N`O(guU?FfE*%hsvz|0B5#)Uq#@~zDpp=0}5P)SwGK6Ac
zRJw_VTy4S%1)`u~!NRs5H1JJgR-FqdlP-e-3ImwLtEL@6wELc!vtp%OP(-Glk!3}d
z8RLy(!TvWT2l@Ij<hC3@C)_DCoX)h$qP(E{0R<X}75if##3-e}$aF1l;M#$@pg}>A
zF$2$*N)4y%qs6{Z5W;}pcLv}wn2Y5f!4Z(>0vI2v8Bn5{pqb__Ktvim^nfM-jtdSP
zLM|YpUlQ~%;<prw^~D-sk@4?80{xj7JV<RCnU2aM3X055qNs+b%Ldst)P56<#)5qb
z+7J{3*f{~!3R7PeH59l+ooH6zED}hX(j||J(g2g?pt%@Pe8bcj)ye`odides8Cip&
za|Qx$&0xO~4Gr9YsgHNTTjUh<3PeiLB-@ep!NZkDfifJ1(tyE(5V#EPQH}%zcY9`_
zu`*pJwU}Zw;Tgd~sOBY)KLA_lOam93aVp_oO*uybGQ^%&B1a)-vWn4!)1yE#q^%D3
z2+9!@lVD#=G;jrg{75JcqA3xDQS?<5qB()&9e5mak!Tof+hRq)o{F#u0O!YvS)dUd
zB&UXoP{d$R8Xwfd87#1(T3Bf)v9t8Vf?)p+7WxDvpp;z~>%K))=_g(ScI5j{2U_?#
z7!HUk6VN1q@%R4>#f|b%{-C^z9fefc9(}7FeZ6$_0CN~J!ltzn=vL`gk6F}=Sw(6T
z8MT<ee6EBna0C&rImoS)xQx5vVSzK9&R&p4)&wG~`p{GitZ$$pTY(VkK(dU41as2B
z7h<tx3WSO(yB_jR4Hbph*c#nGo`XXIX%b0@lY+PcK?FqL#+5YFtwA;AdFv|v#Qdv9
z>0GzOyDOZlGMD`lC#jA5;&$>H(v22F&v}MdJ_acv@U}5Q@^@VR$=~@`!EU;HOFZ?|
z{4dp0D(r_`8>AN;xvzk1B?KubSaZ}C&BZa7RX5IuI7ongz3|4D@@{Y1F6!1t5`w>9
z&Eb#CEPQc^=zX)INJUtrvh9mMNX}4<IoeiG5&e0SFN5r%v#Kp~!?cM9N3@^p*y{QI
zvN;Pz_~;=JVg<e>2uAA!Uj7|Y;`$wT)K#7=C}!<Oojd0Kv-EqRpF=5MOa#-*g-VVn
z22GT&Km9`WeL8%c>GdA9#^#TWTl%RNN-&~vZW_ks>gh&GXc6>W!@a$o1JCrV#_X|`
zBm?ymd1^M6tK94$v01z(P;W!U7BZu_sxok69sHdk^Ui~Tmi>)Eqc<8aZ$5oCe#@J>
zJ$2S#x=+s8=tfTolW#X$MDy{S3!!R_Cl%cG9qCNUU&VeYw~04eJ9|=-bUgJ&xZ6f{
z(teUp>c&=JWLHI@<#kaV!PuR{<t3M&PN_>b>_KxzxAr6UUrU~46Xh49V>Euw&eaD0
z?vXH}EzBRhz|qT|tb!RkE1~cZHI}TR{VLbuj^ZF~j5TGAvd0eAvE8>N!Kh-$<<rnF
ziFq5$(_tO=E(aOTO4G+=U-FEHSLAwh$aAkoIOPr<GYR(~30HXc=1qcHoMM65JSMD5
zWq?}X824@lRce^pX6m;fL9r^{Da%!QCbf@s_AdQSTRJ~9{zmoHT&pVUbh+8OF)80M
z*;exGaX{M7Z9SJa^UgW^DOqyu^Czyk{XR*_y_sAwES8Y<q(3E}$%gd{3t`VLo<fN8
zv0?>#<po8#kcQ!;ylu--crISNGwLBkE*x1?&2}i<WN|8V+kW7{n4|Moday!v;b7<~
zVgDf2((&2Bh^10nt>W@1LUQ;?(YqWf+yxEd@qTWHUW9H64>x(c@kL0ekey$aC--Ud
z>(1V`UNsl|833Qx*azoVbs9tFjj#V?#HTg4o<&VEm$`H#bQgz-2h!F@9UsJ?=(-&|
z_gYo6=GU&zpZfYJkRZUu#q(@CPH=*KIHc@*SkCwTi@ATJCU+^MmxSvTE$iQeNz9b(
z?6yyLxZlNic1&0L=W|fMbvP6h-Y4>GPHjBkj^hmN&9B$P)up+ryeE?4HPe&||3+o|
z{FGizx)peQc0K=GzN(;E#|z`iS7H7P5mtcmJN_#jSW%!=!B03oVdvyGWqr<bP*mIR
z^&>m5PSf+797d9*TBct@^!KTCfz<klHy3vmYnQUFPt~3{0K9{F@BA#d_O38Di4Vt%
zpTnVO%-6g3Wv}iHO-&BXDt_PT)A~LHR#$4yj2A)cQ^$>;n|`+(w@i?EUH!GU`tg{a
zSGW3*KbhLO7eo8^2C1mmb6>jXA6ERZ!KV@}^>Vq^>E5%&h#%qwJN{vRqh2^{oovW9
zHGO>@)fj0lN0mjtGm&0Sko=ip+{$2n;;EqSjP(A?o!)B?6K6~hsGGL)zvwyI>hN}Y
zzI=UzDKX<BTicIk-lX#}LEG1gcW}c$x8sbqM0w`<zdWb0{$WPC-LDWIKX~PF^UCRa
zhVMJHgP!yRZshoG&aAE8iK8`=jH{vMJA6Hz<&ioVI6N0d_sUJ*U=FGyll&G``g}j;
z@TqeZl917}(aGxitFq$xi#FntX`XsD*;XhDzHD51w$6NHE2}-rqA`ah&3RU;J?hRI
zDT9TEh~}Ka&L!Qq-QQE@_8YCEa1FZ+S>vMDR_R(ltaAO0(yo3=@C{JT@riDhDmqr>
zyI{hU9Q86}RiU&^Et7w61Xnld=$+$2-{SO?ZED?c7B3>%?{(w^t{Z<N)QX-9i+T>j
z@7dGxJtg_>#l^<HHo6Z;(%;iYl{*ijr+T?p=8`}9R#)FJwOrhLocWeKw{w28!=l`J
zW<;Vx)xEXp?ebJg+hlX+dNlvVuhAOQmv_TP6pAQ&hd3+mI^r*%ZnU1QwDYDtSXgG}
zxpDmHpn;a3k2fE+_~fMY!N~?GmLd)9Ef<R&{}$K6&fMaJP=TBa9(m*RhVLl~>r`D?
zSZotpf@Q5ApWaUGxSc;Pype19VRT@`KUL-Z<530DR^gdT@}g~g&Mnu9D!s$$`>yNm
zefOo-7agp)VURcy7x8O-;cJr9yMch8rz_MIhVDga(oiJ%Mk{8`nmMP=I?9aHXWqO}
z;6dYG;(776m!d}em-y)!8S_NBF15c=ADwZDa@-xhhJL%X>GnD4rb*f=i?8V56X5Wk
zRNisrd(FOk!h4oi91n|Cemh;CQErB3j=4~B^;>B<yKK0R;pWz=k=L1MStpN{GwLjZ
zN))@-Aw2Gdk@X{eowU<E3v%;xVIYbU-4S<#vh!O3@q4cbFA@&Q(?xaRL(ETohp4G6
zqj3~S{=Ob{ncYn7Xv#z9(>niqZI#pCC>90gzft+GpmIQ4k#QZOJE>g~_qAA0m|(t*
z&8v)#N|l&V4v~vC=H<KKJU*WPFS=7Tc%c7-GEZN2Tw;Lgg^|e<1cMTmbsJw}^KX%Z
zykmlR=m!uWMI^KCht7cw4~EjQdRHj~FN4pG2CRRl{dsv+F^qU-CB4Qv@T!sqU-n8v
zKXKFiSFetuC`?~TFlcN{a~HBhDZD|%F37AN7z0YL@lzV|W$2$#{+v6n8XU(`4?-A}
zuDg)E41>Nb@ha4s2rv3m8h9jEc(+j}f-j}?q(jcioZT8)?bB=DF3_|i0WILmMDqV1
zl13;&L}v2@m?w=PQuLo#QCL7|TReVJKq&`<{Flg_d6OpnQL9AU639iAR<EJ}+m6P<
z1X*JQM%D<kC_M~t7*HahThr2G(e^y`_5-AN$btMLp7~R=2Gf3f-XVWb&kUL|Aft7g
zPLRR$bVkY=*ed~Gr>qYJd<x&o92J{`3{$uY2{HXgHV=>=bT}B)D>17Cgh+6`L~gql
z;p>7i&qQt<u7%ihVJonXmO#$aWs@Le2Z=qhN3Z^SS`6x?Sm}lsatdFfpr#2H1-M4$
zL;R?#r$9g4<^10@2pOR#O-m#D1gSuHctsz;pn7Cpy$?13z*_(-YkefZVn8wm9K#X1
zr=)QxK+VWz0S&q#_#Z04f})B6c?xQ_#2$gu5}_n%B(Qcs!ccutmDF(7E-&CHggYc?
z1V4k2CkBt=mHy|T9ykWU{q{<&g2X4&mN)=!MV(U3KB7T^NA?v-@J5q=#EsE~$FiQ@
zL5lKPRMUny)dC8P1PD_El#rzo3ZC3kcv+OYT_ZEEG#3~*mHue^TY(t?0bH<Gf+qpW
z1Q5MHS13H-`M$^_;WH2Xd8QD?keYp%+}<NR_F)XTM4>Yo5vg?1!XRGE7Ymbh6cTrt
zfl5GuSs6s<kuv%)WQUl3s+oTzE~n;|SO}%0F_56-3t(QC++GPtLsI7)Nz8ygIsx)+
z;Ehv-0^@*^DBJ_tOoS2%!e3B`3@HE$?>>a}kZnTVsnY*_L*sLncn~+nZQM$)7)v$@
z$`)wMONYihYEaE9pWo>$IEHLe9=O{vCHzH&BzuBV3Y7I0gi|q^oqw`pp#zy1<qsjW
zyvE=aAnl8e-2j)k`#NGtr93X(Dv-u`KBXttzzWG&T6!R4e>6%19Jgm7s7M*BpBWv`
zp}(?0<3MVcb<3Y;+pZMkUZq{%{h>4+I;g#i7^||k{q43v&Ej3e^?wt3E-hAZ#xQ!Z
z8VM*OSx-XJtdzj0s@kFs#Q~ka(C!~&ZG82uK(?Mn1(J10wuL)GG&YCXqLZktRk9KK
zK*<SuWu#^B;-V%LJv%>${A1823Ysi27n{IxD@BillgcF>rB2I0_skY~Fc5^z?p14t
z*cgYUOB*q<6m_RwG@E%1qx;O4iu12v@0^o(`u6F7#a{x9?~8G_U2aXZ3OjvQdl4J`
zmo<07tQe@<mjG!O<mH&cU*2lXzfrCLUZy>Dw$A|4S}e%t`ztyx`oQJj%EBMnd)<@0
z`-_Sji{NuT-#YU~Y};vl{+xPl+z46WiQcD8R=&ZlM%|B{i-H!3R#>{H!OXVbi<5JT
zJi-;`a($9`JyiW5*kvgxx0MesWo9S4oYcx(C}P?))}rX6^V*=*6GN3LF3-;)K=$)H
zC&g>|aQVe&o#Icr@(x>B3~F;m^!P^jmY@0UXYz|=yWGE{afL;6U)fXliwgfW(>r?=
zBHZNrW2MVSY-8&f#qsr$huA%x727i@wTgMXb<Q`?JQC#y4*H$&d^xVK{N`}w5dOiG
zT7w)*@K_!n%i7ApkBq*XgIiZ4orIFeUCd^yyQ-vnLg~Es9sfohVp`yjUXTe}T2QFF
zO}X*xOjNYxt11-=_KkP^oW-Fhclz4a_`IcD^8$?4ZEoz$B(s^!{c_&rTr%oEvDa9c
z-x1t+c8mNKO&AW$p^k4%y>&lJ_dd0e|1@P=I?FZfBOieAwP>q<%V)<n`swYFybBwQ
zySAY&b`))H!&n_1hx?d^G8saH%6U4>1KcNlWW6IUi9YcErIlR7=M(4WZ=faA6!$1&
zFc&^M@55{8wP1OQxjxm=+V#=JdwpUajQ*;6^9DYSS$R7<*Ta!G%ExS4Dt%{gA3pZw
zaZLT1DpzOp4}6_%aJBN@LI17%SJno#wD%*jXIaAphtf(TGb?Z$q9sQ}RhkvYVF=1_
z-`B?Oz$wGqXlno4()20r3588Q#fVnHYyJ5fzgWh)E^r>;rw+Dhe_jjBd!IzXYPh;>
zsQ1pk-{5dwwBKXvl9uRilC$0Jk@m|hMTb^63JIyshs*D69`}tKkH8u9Zp>&_72h1t
z);*HP77;zNSvbqGKC4$}p|vAky?t;N6qZBtgb}KPEANZ#1q?Ex6^z(am1Lt<4Rf8?
z9<wf+tDU0tpi#|TK4969kBcn+i9g5=uWMg%dNTH^ssU#jqb>Pf-4Abm*!o#uk1`nc
z8g8vq4B@R_^C~!+zMrcc+sJ?It*IHi!C1n84}bSc-BvlWq2ipYThNlyzN6-4)>}XE
z%jIsTTqb{#8Cm481v;9H)IVwR4C|sjI8DJAsMA;Ed1LzC!nV#=)2~yTQw-%gTP=H<
zYx~NAPo{h#>W<y}8}*&JFTLS})|%f<CB+x_IQ>@Z$hd2F7FHB5jQG3p<dfuI=0BjR
zvYfkR=`{yE1is`@c%)1GXFmHmqy4G#RQpH~J4@LuNWmFj>`<VoOTKw<Cp8*Xy3ukQ
zVs7%x9E(|W8oT1_BhrSqEveZlW`1$34$X4!1Qf;i-mj*zFN}&_<-n%Yp1oO=_cXYM
zHaozYZ|c<04A=Yo9|^SaXvXBNX2#vLB<uCod%c@~qe|#z!m|T%yV!N8Z{PCq7L$x*
zTP`z1p;Rs%&@W;{zdVa9(c`b(|DB~(Xhv;$bvO9BF*WWB|I&t~gyYL=d`*YzdmD}h
zRz+Ys2!1zClyrZ8yg5=m{V*OJH)9v7n@ci#2fKe(4_Avy4i|3vIcamg?>QHJMCpr#
zeT(33e&>_InKJxkwdxK5BVF}SAzl$rMN5tOC7ZaBuhf~A%4jClFNG29QQQ5O*h5U+
z!&p}atkT2BE}K?fa67Tgi5Nw(ssz^n)l_wl8@bwe{@&J%E}`Lv^z0lv9(8sj!}B`^
zMH!OrL%H`wE|PP2ESOj06peqlJBtozL}t3r^M20WAb)G-7&&CxU{8YI>-@o8s-(23
z*As#FP}hDQ(95yAwHKI|`RuJ}?1xQx9Zb<NhD1K{+1Z<`f@Ld#FEGWOY@LSAY+-rM
zM<XSh3(2+?``#b4<~dwVy;CJIp;N&WQIt3roDi~lr8_s(sqOto+kjhYB`0<|lB*81
z{EFkh7x<X<e<%?W>psRWBYE-VlO*O>yC=W=3@_r3c5p7?+PYSv8ZA=z(Cc$dZ-H>*
zY5lQUhAW$$R|T`ao%{SDiX{LW?vT70^Lk+9DQ8tx=++1|YYN4@@#-gD@vPs`W1VcC
z&SS50oU*>zKNov%$^T`g;+U4uRnnf&lMZ2!{cP{J$<M%Z(8=ArcIhE?T06&XPkJqb
zNwFlGW7*knl`@g)EG?lu3AbiqZdvuaUX-tNlQLj`WE;B^Xb@^Z=uOX{8{LC<eXVNV
z_t*A?_J3)<UAS_gxuUp)pCRS<23G<6wSBnCHlXgsUT7OPp)aDd%ZG{Yi?*=8(C5uI
z<Jfe6lX6Y=>^Q3Ghlg2fQEoh4A?DG!k<V7)s^YB{+DFB{Gb`+t{JtypKzr@Z0-knE
zhn7ylXqCQ)+wk1>z^mztTL;%hZe5!9P7GLm;Y=~!cD}d5|NV}pQ*PnF$Q5gS;i79N
zQoF@<^a4d|-JAC3zAOIT?Z1Lw8Z^CraJ2pBIcJ*%)-^$UMG%9XGtlT(eLWXJe)aQp
z4XfKAxxXg!WbgT)PM_ueVZ))o-#>q>?%!`hLUyJ!)}jxV0yn#j-$Rbh@qXW;He6Pi
z7So~RyUwA4ZYjNU_c!yr!4La4>K{YwT!AdZMnQ+?!nNn#L&kINts~qwJdpBNN_zHe
zXsZ<;w&9}W6l4n{DgwYo_X51060yg-rtZ=_j8RD=+XO+i74y6){-|`?nmxpGAnX9f
zk>IX$o3c&Rws@$!iw!|i#x=YRcZhL2AQ!@pcc{8)Hj=I+0Q&$LK73CC1Ou|^&z+e9
z`)tZOD(Nkby)+H7^A+aP4#BiFk_qDU8;Ih5^kHH!Jn2A}dnOj;3LR9iNeNN%)0;t2
zQIc78sPL+?)9lqK!8PR3$vxIpELIXpql7`%shdxR$-CncHDrjTvoOxBLF}1e@B}4z
z!y^)~XcFXWoM`k$U;Y7odAz&=;~+^#M#wZmkk<}i>IiH|5b+7O7>cOw;VC%uN6qsv
zMtK*ox$h+{P8t)EP+Nfeh&2{Wu-0#pEyW;Di7OpPmqGCkAYHwH8sH^BLaxTBD;+D3
z{<Be0Nk-@d(1fcA8sfy=N>dsysGhnyfJ^|b;F?s|(Pajjqg4-yCPAy9LV`vHJYy9v
z?*eHlgbsxf_a1Rrgj*ma$lZQ{^gS_ww89_3@OC7?fe?n%Wza(b8tUN~?V$y@;t&h=
ztihk{21$av(h)8!BDU(H1=tN7hHF)u2RI6B03e(Npgt^Ln!q=_3fcFtCJ;-k0_Nlv
zPDrfcl@?n<1E*nZLdXeR4oUW=U2rbA(J^1WIT8>(0T&>e4T$_^zV#eO2W@ILnxo?n
z51i^CneB>+(G2y<;Gc&TL(L*!e^{}Q4tJqRcDiPnkzgYhf-g1+NKzRbqeP#Hjz*}F
z2!#f03V=+&o%w=?0h+BRgVY}&^7d4X|J_e?VG*xJQs*B<{9iyx{du?%U44Y^U$AHx
zKzI+36_hQasMomxd6_8Ul0rpk+yKed_u-01`-u6E;X%fv?}4~s(Lvy(wL>BLB*^@~
zD2;3$;2f}RfVBmS8W~txnG%TBi2|bR4P;VbSj4>$n*`?Pqv=TIjU03d{PFARQ~e3L
zX@TraR!?}R5|ABYz+7fGSfABV28o4`n#31!2J8sD*vUpX3zC?s>4efCwk<=AUUck9
zUg&fyB1YnjT~?u_yLzZmUKwoQ!>k%S1+ah!%Zv^Or}&`VpxsQk{~WSw8?+blpBuD;
zj9jQiS0_O9KknBb+beW=K$jt7)muph%eaVmXd=`?wiIUhI97h4Q`~(ZmU{%vb;=#&
zI(Wt~PMYhe73v~ri-4FOO2}6wHZI_i6ko9FA|XEMSS^Y0G;ny!B*4yvG$_HsiXtdP
zhT8XHQxk5tVGxV1X$9Gts=*S^f(KZNJ8qZd$=01TtIhu=pT;$Q<?an{maL+?^4eM+
z2@wjS-PHS{io4?O)@;*Sd_#s1#B(?5k&D|~v)|!$MI2s{He7R`e+FL@1DbK?5B<OZ
z{iuN1_8<E3FD=RE%4IsAT@vUQSh^5gX^Qx6`(i}{-$j`ED6Wg+=ZCxozrC!j_4Byk
zLG}A+sp1n%T_^dnu|7)y$ekPdis`F6H)M17`by}|Y+gt^+V|wg->AHu12UZnp;gwa
z-K)0>{dvm2+<kTYi>%*{QESM&Z~fEFBYfFUW(*W0l~a<|*%jLgyq=Ew$t&vFSlxQw
z5*gJSj}1H#l3E+*LBBVDSNXOGL7+>bWA};jhIHL+Z6~9tX)Q&8(6^i|ehXSR0=>R(
zCp72>Wqj~>aK^^pxR9myErY#e@dr~?&i5C2NAXM*^d_F$jIWoqiz+@i-tC%6(EP@4
zSi*jV;w8n6l*u3OXfYB|xvCs}Q6u$+1=bf(^y?f}`=X|G>YRrMH9w5CnmxIl)6p67
z*-uMmhSBMUrm)eIuaUP7FHmz>g*?*VoYZ+Cj?OYOQ@Qvkxtq+}LO23{%iP}gbW!`a
zw%1-Wq>q)KyHRwf;W>ZA#nuaNRy?{*e{|{H->9u7`YaY71rt1>L?}59e?S&FfS*n)
zNU4{)X*<lqhzsPe3Q}xN)1h2oFk6<0cbhp;t9*W$N?xAQwkc!o%~FlH{Y@*^D;+0-
zHzslwp7~j^J2GQLD{bY}bQL?+6_am&%%dy0*4sa9G!lrOG<tN)?snWnvyvNUWz%fk
zHjA>T?uV}274}loZ{yd~PaZxO8oWW4f?gNv=@(d9`RuT%c_BoI!>%UE|5H7sI_r}m
z)5={l3^t+nU@z>TFz_3DU*^i2>5!QKU-91u7;o0voKAXgV@a8j9*Mpv&FMEw;qpV_
z@+LdG{pwl21NxO8Ij@dNmL8mTHq<Fts4u6K)g*METf<u)ORa2(b9tLBexx$8^)$Yv
zdD!K#kj{*+@hv%q%qqP3t>5gD#)%{0^<ohmA6{j}ED4v8`xMTq$)5;(Xy~uOEOF+h
zW5qM05vn;nyB2Q0&8KNYD(A?o5`#y^OY@H#t-T%8+mUX+jSRo0u&R^A9J!rTY^Kb6
zOVP+m)a07Is_Ffe>hFJ}@XaAT__vKYxtKB1nTtH?>|ybY*O;6dzGDUzSLD2WSVzZZ
z?l)w&F}xR-9C|xw>3kh;gMMRP;rh<4gt;)JuUqHap0|{Bsb=W|->@1XpbPae`)h%t
zmJ!?W2py@eJFK%wUcoZC)|9j}q2yS@Hy8M<Z-@~1mvYRf+wGmffg0NrRmY1krz}Tp
z#kVYw(9bvjg?>Vo&XMnm_B~nc=o4<gV=UY(p8a_9(?GZSgZ1NR@hJbzB-UB8my7!r
zMq=qd)5kWhULN;XpxaJRIi!<ia2@k>2xo6J<(%3gK>g-}t785nW=qXWhs?Bzu9fq3
zZT4c&r+pzu5oIS;^^&p@>C*QRHicUQRF|o5j8=v$tZEk;t#{2{QPiJq?R(`S#{1TE
zKW~$BNVMJ+&5WL%VXrbNE(`xHT$HlbH=?ksOykDpZ^Dp%q`OGD^kd~?I}9hK=#|Mk
zq5ct<9KLvO?!@L$Rz1KGj+MTeQZUmTUOq#%uikp?Hhv{{b9A-;;INqV$u`H<Vom?-
z^3;UunS2bpF@5E`B(&Xbc6Y-)&YTMr?O!w-Zsi=-Ym!r87B{&-+e}i_a<`EgopmqA
z0DejN$Ob=LEptseWO;F~`sgA~U(EV^L{`hr_A9Zeo~x~XW~tXJXlWTk8H=%1w-mo?
zKjXj8U$l}=#}Jb@trTGLq`xmU{oALkc}17<)TZd^;&Y^eA4)Af76-1$^u52)>&*VR
zxkp5zo8wtkI0f^)JaviqlI;E264U!(`nx9vQncKb2?H+rZQq=o&1-Jr!asd#;^yYc
zv5%Kv2%FzEN<6x4*A@5hMO$Z*QyZn)PP$gwCpS(UVS*PUty>Qv)7EDid~IJSgbzM6
z;PvB{HVzxQ@0?*3HljMIncSS=Kh>8YzO{WQH|3!Wj3RQXrjy5pP*b&G`G2h+n_qvs
zzT0h`@oYnQGyD4H(2yGXY&brqgX(4OVwJ>}R!@l1`$B_qUN*87=BITod8u9#{JhE&
z{s}8w3Z~`Dzf|vsSBGhdOG=9+q(Yc!J`5UPY>KX=SCv;i*X_>dOps<`E0D5NKR8Ko
zamO%BL(|;WwtFI`rL2VG%Dp49fpnzlr*yi+%r&)pzDAjw671Y$a!$I<8Pm7p6t+IQ
zB^F+g9K~o1#fq@Tm(A`u8fxSO->;}L2#k{J{5YdhHZwT#?UJO*4@|w3)Vac#orHx8
z@iv04)(;onk}oDvC$2<SKbsV{nUDL>WG|}})0QTf$nL(7{`icP+~g1OCoYmvc|(>e
z7UDgZ8`z|q)Y0{daz^hG(+yrNjg8DMzPs|vgYPbPQHmv@Nq~MTM(sLdnJv@pMZ>(#
z$sc#WorrpH<!Het)=J-@knaIQUUV-`YCMfRqHDEsURxpfbd)!H`?z@AZ4nI<K2fG<
z(j+}8936f=vKt~r8Fl|>rBdM>*l}NW*$q)&#le`6Z8K&g9%&F2ixh8r_NFF-{7*?5
z-!przexgfQ+)vPWCz(3rI($H@){-7X4ea7Q?@3KmZcbh*?c89NYZXzS(N1$}Kf_i<
zit{_8uI+VRnonMAo2mDtI%oD$R9}2>cZk*~p_C%)^uSG~2wxHEBBl^2`Fm+d&n}4j
zarA62k#KR%ioq}?Cy3*pR8ddYr6DR}4E~L<tm7iJSH)<^BB|}DamZYR#LuI(<j@}_
zmuF9K##%gv$e)W-wvkK>C@9~8JV)kvRd(|Dm*^=QUBEoBqk&Rl6xfl;tfP=E%~>fT
zzlrL@`Y~J*atD=G<D$}$<^+8a5grOT2JLGdB*6oaZ?B=^Lj&RVN)#aP3Jz913#|ys
zLL{P%85Gc9eDO?rBl?N2h9MMqS#?yPvVds4Ky+T0mPqp5v~WxejCn`}Kw^<Za&JJa
z5RyC(x|RX-za`Jev=@fe1TPd0!d5`!B6K3c0VG~nK&H2=*uufJ88^;J13DKl{t9Xn
zkk055a2@E%ro=+;8p!5x=cF@mjw>)0S~>)sZ%XpeZlH0=LtVK7ds_@xkp+b|!Hn$K
zq9#o8Pik?}u8>TDm6#U}5*#2KLM{g35pm7KJFr1?c%YFj4qQqM4uU=DAEv+n*d5k6
z6%gc!hEBL6@LwXYBFeGUE4reSOZviOpqaVCAGQk*Ak<RnuG0KJL}4@xr9>nzC$*5x
z3G9XtM%6_NOO8WC?xIiJoFEJW7!8QLxG~~rZ(uaIdW5h2|Brgf6^|lv5!in8ppcyf
zaT!rb?eQ-$=^!}-whbAe4J121p@^9Sv3A^M=B=_rYr@6?+1hv@VkzQw12!?95SZfy
zdy8cIfd(!tP>xwpUBO}{y@zbUeps+C6!sCYX(QH$VWq_$B1;W_Sec*`z{0Sm1e+NH
zUszXEgM15&A;TatlZEJ3gyu9qfYXTi6rhN%62waJPuiyxJ)$j>qMC_>e9cxCa3&z~
zC!#6jlHXAcUZtjV8<PFbRidx?AxTioMQO1rFi3-g7yL!`gqd|>S`zFzB>peChzZ_G
z(|=Nl{JXUvxKtkdPeVd{SHe9pgO5M9a0Qe&3i4=3gAIjFx7#$(yB${}5qpwn&<~MG
z4YN9EWk!c4TtFkgk)^(Rkbeqx9lm)mCm=bu&R|bq<>yC9>XifQh+zlf@sFKB(ob&<
zEn+u28de`x|B{>%dIFpk2>+yDA(nc2F$XkZM-L442qj^_#u}9Ph6qt>2$0&fA$;U}
z`9|jY8_0S^9wM_n>{ss~zKarw`;8u;V4(&7xt%43wuaAD_|i_7msnPZ{u)~0C$bI!
zsT~rkilW|9rr3QG9xOjMCpz4L3M}VQcn}UTLLGh`DBp2o>9<z*TC`?SDuJ60a}A{8
z^+-(`WkB1Y<k8g==)|<CelFo6EwOxCs3HhF;et6=X^NYqn37jy_%9v^e^~69X9ReY
zFT7<}k2~bC!l(G3@XDcC|6S6HREaUSZkkw(dG*)MA9EvlW7H-Cfm6ykr#PGKEza>X
zX1KUAYaX|uTi&@AKx;nAQDM1x1|(j}cv;iggux#=&ng$6eOBe>duSH4j?b=>(OBKC
zZrKoxA$**$8<j9uIaZMQdE~~ni4A&sjpC!5S#bsDXNQowPgvAuh15mXALB-SW%ry3
zc!j~g-t~VCD^k6R5(;DrF!XKFDy%4??HbyS9MrJ7&S@Qguqhlay6>>?sV|^eaCQ-2
zb&|%CyYg$!kR4&!!O3X)8~Z5B;g0XPJ0t<YDGvO~g5of(Zw<j{vcAlw>UkJZmE_BE
zu<`nx9k)sKuFep{g}qE(I=6`KEG4COvBiCcaeMVF`z^ldi(hxwDw<}c=OY|mbtcXl
zZFzU!g-`H>NqvmtTMV<x=!9kAMS<O)ERFdi<kzd@-3C~So{%T|`>_veo_ltp+Q&n5
zoOELW3R*q$k5|Pu`MZhfpWc3bCGg|OV{N`u2L70x`y-}b-!VF<u%9y?FghK(P4g}*
zpk?DAujRQhLCdskeO|1t;$GWp@rtLI>mosGN602)LcO!slkb>~C}(NjvMYXHOmesh
zUBRM*zt9(F#2{XU->>C(RJm>S^j6CWEcJ~bt<F_^qJ9{^=iIr+a*b<^nx%&H+}v5;
zjaxbOCGDNO_5*T_%yI)a>yp=)CH0F;iVLsBiRi@nddda;?&Z=_{X7`bNTpZ()W7MF
z%FbRs-z%pJ(_znKF(~R8>Acwe7{hQrb&j=^nQ!JdoG(RE^%?Zbxyy#=7CBi9`rO&1
zSXm)R5|%G9Yqttm$w}(^zFij&%6;>p%u$EH#+r=h;AQhS-s$6hQglSj$sW%o6{5P9
zLGh;8mC_UQ*{8q5NB^*ZI@_pQN5LXvpvJOcRn@VozR>oV=l~U`>TfBeT&ZstoLgEh
zmWm4QkxeQ-(oenCi8C*e5NSUv*LdQl%l&1!-rc5AL;Kn8^xa$4q99n0SWOqy+n#v)
z$`kMNE#=5WMYzbUqrk0(JCk|xIdLvabvc{%i)(%&{dW!e=(T!r&CCAskI!9Uy!$Q%
za`DCAI!p*MKVzM_eqh(0c58Bd;{6Nl4{{QHoyYw6ZgIrjS)y1KWi`MgTnaO&bMpC%
zt?!#_u0Lw9dh&W#<vVVc_m+?UMsY~nGy5^Qd`UF&Gxud~xDZ}*K%bxJI9L5lhTxd#
zXq@=b*eFc?*ILMSSJeg5@<da!`Vt+b|F6iaDt*DjZU<kr2mb0N`rX>nJ!QQ&F~&w#
z{<p@RtkgYRiXaKaC7qJ6-eeZ><82&G_nw~DZ2|TWujteAC@Lw%?0nAOHzp)fYImiR
z@U8Lfr+hQ-?M1BT-|oNU@R6yg_n~#0KJBHdCua{z_ZC0LGO^89jjvQuwPf~GyzF?n
z)VF%I$4D($NVdZ!N5IdULj0ZWb4}rS+P{vh;BMWHyEQI6C$UR9hO=D=-I8%m_KV)N
z7Alk5YxZa#chu*-Fj-mI-*+qN{ECUtWxkR#irS9neHE_lI`+R<XyEq>>=sW8!j*;3
z_|W&UPn$X``b3Pz9;mW>F0+5uU#T%B!S2njI1=V}aH*VH#H)j|hubBormb|GB7j`s
zc|=>GoJ8l4z-xaQmyk0OlRbqstYJ<TU9o33eXAE&xfr+(l$YH<^9r&jm}V4pPd=kP
zwD46p^+h25a!#O)<`f|0@Dlbzlecu~@5%k;v)Y&A(4v56PI-O&>hgIX?WnxF<tZ<B
zZf16i?XI$EG7j<fb$LYY9uZcwZTOWtwVlONFQZT$-;x#C_e`R}{<4aT%!o@y__2or
zKZmo)SiT5Np6#XkF}-Hi#P~3rW_J0c1UuirO!lbBu*s-+?$4;RQfCeXFY%QXJpL}$
zVlFc=!XO#U-D;(FC*^2Nk~Oo;wa&~OznHKjzksXm&J0;)@^OtfW%PB9J^gNWC^q*M
zJNFOi$<r(@Y!9R_OiNOtc{xP)XXxis+IJY<dRRMpcE0|FcfmhtHlA@!&s6-FK9o@T
zZYxUJjVwytoz5m&b&Hkt^JI4WyhXIrZdGx~Mn|nyU6gfcu=Q#PA6BmH<Kma`AG!V!
zI?Wjo%WjyQ;n)O|XW?2^Tsmff_k8{R9dNDN@4IcH?{TDv$Ji9A1=#h3zdAUV@;FvY
zzAa)C&tUb7oPw%aG@D}T&em-HeS_Js_0h4uWUs$b=dMQ&n#dPrL}7-HoHo;PjA?$L
zFb}O0>w6A)85f*aJU@wf@U`;ES?H2dOt<~;o9*t(^*QA*$Z=Cp<ny9W4AWljk@ixu
z8G_uKpUV7S?Jq<rmx_dkg}eICuX(7x;1^pT+c}7|Xq&mSX7Wisw}L~_sr+Ql>fDeL
z1xwQ8>13Z1Pd-WNMykGWhh21(;?4$Uy+Pth*2r}+yo;mj<!1_OHo@)r{i7vvnhXu!
zb7m}}Wh7@>OeEXsKX&f*Z@=ja6BLbv&<~5QfcJl+<}T$8{ZF(g|NnHQeU00(2o`(z
zP<_hw?A_yh4<rmg6m|iYE#AnorFtU&_rbpzMm{Vr>J}MV<8rd?A9Q{T^>{E88=hf&
z%c6}%FBud4yc{eewh5sI%xhgv>lts#muv*t;?Hh?j{=6aSRp?K(FLAQOLpzqX{6H%
zJx=RlRxFQW$gz}}p{yDrcEkSm3+R86gShM<k`vN+zy}IYKlXb~(`#%PQX7`WB*Wk&
z?FZqMHPGm_s<a4rW&sS~yj7GmGaKpIXkaf4AomJoki$aO5$soj8b4)BF(|=u#=l#`
zhn@zzDTabJFI}p8V#q3noeg{Hg;<6+4b<#%pSMF_gu|z`c$w?yL12agcn3s?_&w^}
z85~n6a<hk4-H;b_&l-tM?e=AmL?N;5NShWTRzKfNAGnP~SjW+OP(KDU?1!X@X`s5F
zg5Y|fGnmVLv40dP|GHHEFU2##2}$^YbRT~R2;H(H#=s+hRsJo~#;bW3$O&X+VynSC
zY_Hywkr9blDggB^@mPTZ2!wSc$pEVTJ7fA1`{KrVrI7^v?g12Rw5Vbq!T|{50iSgm
zDa7WuXk48M;U6Z6J&ug^U4X?L8uvpIogf;?1neM-h^GN@`9OB76U~x!479r;;;pg_
zuIMlmq{=!?AHcmlN{Fc3icJGP@{f0>FA)S-R3qS_LC6+ToF$k~1E)cVz?%^$TKh-<
z2^XT$I+m*81U3(V`XKfi?o8D<0#*k&58@{$CNUl2ilK+IWNd=4iHdF*%od!GtjdT&
zyck_zZPtULY%u(Wx)UGjsRV68nr*z)xL$D$6Fg%{|JX)+*OAUJ4|P?5{Ev2!=pTeU
zD8YUGYpdX-`CbF3g}N^-V(S1xIg(&OqW))X0TytCWI&Q@EZD~X7{Cp|#*LH_z@mur
z@F8LzR5%SW>$DbBfqz0+5jgIQHL!2h$|y!LLxwB2uhF8a?#WolYI=DTN)Vu-LH!O%
zIHYoEAXRM&<HQ(Ppci0|X_U9WLu!ZPQ@=`K!$NqZ#VMeMbFSf}Ssr~85%(NBoM7Hl
z;ZMoct%4OW?m}D_)HvV@s0#miVh^A?BA!BYQ^9j~kRky2p5Va9>VjOM|3}wbKt;K}
z-`|6@5{h(7NeCj{d1&cULO@U$5Rfi$Km-)&?oKI@1_`A>y1ToSW`H^W`@wU*zq8i6
z-nCqdff<<bVLa#B_qF$DH&B6xfSeIPY@tI10#VR?Yd0<{UU;)XU*|(}6lVoU0aK76
zA^->?QA%6lCz$j>${MX&3wI(wAmn=QvBf(Fl~IVpxtf`Uyt~1B7ZewOJ`3%@TZ!a2
zo<pU@0-#PK;{>fiRp{3vsfCx}j*eDn3g~=<+6r@gv})MOQs_}&69WGDO0O(vz=VbQ
z2-H-uqkN^0h+zb3aEU{$R4i6dm;jR(8yC$FcJBwasuJMHcv<qnrNq#<KH$0(Es{a8
zZwbrWCW&;!G-+de4UYems~kADTw@?)QTP8qMuycQIVA;4#R7(UFLku?*cHUaNI(7?
z&R!XhjImhSgR&m)tVu!EWAaznWw2Ww>biz`^wU&x;?or4yhM*TU#MVMLQKftzPe)f
zJ3c(@zv4xJUG+y>if@`Z2I=Rv>H1EaUH1=#F1M`(bux#x?HfuD7)<UycqW(2JeMqB
z#A~R=87?m`h)0)nh;k{W1&H<_ZiY{e@{j!IN8?dqZ(Y=tNTZ5pVt*(-<x=_hg4&)j
zGHXINtgO!^ZTHrv$g0kCIRb}@h%UR?URQ1PB^9@UZsQNm7t*iRCbN0UyBe2F&Nr@P
z!c2uhrt!wlhm=dJu__;>pKu;V`-_$%w9mAj2xK@Ebf)T0R-93cU{Sz7cJ`@@d*nYj
zR<Q|DoSJSOjuBn2kz_BKi>LKDB4PW^R5h-?jocHr>(NT8Ezz4IoSklU5})z0NL}Q;
zywC}7vbS~cpl&(MTk%T33HH1#E~%|SzQ^^$UWv&!$^Wfb|H=HI!i#;~l7)&9F4fuN
zjmW;cAC|&Iae<NKj>Nm9D194*<o1ixk4)w^1`nzQ<@dTW<9jH7{+4g8QrALTd1tM-
zV_VU{pji5lXl`wt)*7vLRAd+C-2Z0muwv|Y!)#@=4PQFDN6}}Qldk)rBCMA-;lF9J
ztB|YhE3dywtlU2<-#i;9U`V!_`>bz2HkBk@>s3u>i}lIHiKgPw7Liy;g}{+X2RXkT
z>Xxz06{5WKT|ex}^2hesX?H5aT(3d<oM)SLUP>fIUrmgFwWeuH<5(E=`-+1HpZ2_T
z;hiD;`5`s_&uo}z@)ZYG4tai!{lU?At*4+@;xmq~xO{G%0`-erWEWp;v5)DxD>;L<
zssxG|V+?Z+dP2+k(p(y|30HMXU2ynQ9_suRj7x92(Q~Po2fLE$U)MY{kd{dDuzJG5
zm|gY=McRjU*?hU3Db_f9u$A5PaPw--?lSS{!Lu!WkvHMSMy*k-_FNW{&1YMAgMmVu
zW96%;-l08h&1!f;Zg3BVsQf5r#5<?yR1Wzi^@<tejcRo3&PJDS*^WN=)9S+!PslP@
zNGV;i-z_d<s^kkj=uO5uAt6~Aof@xp2HO)a63i<P0$<7=srppS%F>%1H`A72t6^a4
zl`wl`k16%>!yZ?EuWuiL`a$!hHF347e)}`oDCWwVoAT~I^68KyW@r1Yn$6>GP7XHD
zvl&W%-*z~UYP(|;ZYO%lacp|ER=VXr-n#3sK5|zfc!~89Q;qnOQ0xWC6pyQ?BM)DU
zxZL{G)n}2=Q@yNPIGv%Sm788iT^`3<qbWyHaPMDB7x;)Z|GqLJ<1A=yPxc}ze)Vsd
z^XVl4;i8GAyE2lh=EcxU21PENidO^*YV&=KGNsOEmP_{p!mPF?YrmL=)^1^||8zJX
zPYMkyPqryl*sxWa6{7uUc58ZTypAK~w;~P66Bkol?H%iqINbWOZ)JMADRY9luG8V!
z?}U--zlu%nw0`ZdUAjd!U2nG}60n2Fd10L?teTn|@t%x6;l>d`9`@!0ihpe+tlSn*
z)gt>oG`_g93uz)UHkY$;q0;0comI$}>yk{P^JfWrL7htOo~wUHt(fmCeHYpjQ$nYJ
z&(Am`Fk-*7PwErCc0f%#Tz>YJIarsg9!xi>rL=cJ{T7$L#J$}1P-P#EK2e@W9Ca!k
zWCxuj?#NBG-Q9`hDQUCn{~0nlae7)**w!?>PbvH|T4+VcDS+mKc$?Ln)twHuI-C66
z9p;wSp&L*9`fh|evP*kqDLt<u<2CyE8Q~%vj7~S4ygXIAO3~#w;%Z}yC>G@zR(TTp
zMzn~(HL@drH-U4RmuU#UFP^b!S-+%WTjh+=XI9L~?x8Jj)xzY8&uqJw3-PR=@+T!}
z7n=wAFJIymsr5(IP%KoB59LPe@4m3{mY?3Oa}NBdCz&9T?x}Ap)TOOiSh{>#dBsRN
z&cCEY)6jZ?crk+KWNet+@qovdMO@wk!|OOZO0_n1Y;Pv>Dq}>%Sl%_zZ20xg$RL%p
zdysF*dm(29$ws+jc@+N%zpC@Be9O}d<Dl{<k7et4G11gDWIc5oDnEJC9owHVJj>}N
z-->uTBmG&H<Fo%{3=t9TcMKOs<jc~!X*g+syJlvU0uguM8nzg<--N?Z8p${O*TU=@
zIFA)^EhJ@=JuP#bw6~A}A)Y6cfk@p#ytjvi_x1?SM!S{YlL=;eO^+xEH{d5-!Of~Z
zX@1qIufo%_ZSp`vnaJ+y*trOseG7b2`7-Kp%@4J}Go0m!iBb0l^KzhJPiEXeXZvEb
zUAf?xcC-|p*Ji^M(VA(?^~)m9gfmRN8I`QVrkj5}eB@2Jm!>)O2-Q@qSX9JV6{j(5
zvQ}AZBEmZjUqBh@pqOXG*hH%5G|456dkh3(5tac$7FX+$iXX#_YZmBQ!hRIEr(3pE
zr^Xv0=4I;ct3<wUptz}@C{+9()$pfbIbo9NfW!3U0ejVd_aL4CmHOsiRO&bPZGk_m
zRFS!PL1e6pH)X%l2w%&q60xrK-QLvq`tTZ0eL=uV{h!Rx-C0~DA1xp+<dkHLwXMnR
zu%iXuZ*8lRdI~U-OmDy|G)>7cH0#GeI>K*61I@=%vlDo__}=^o$J*Ca=#iJcc6!06
z6pE=-fz6AX44yN+1->hv09b`^L9N*nD7LW&_kqrWb3jBR98>6s7%)+ZK`AhGur^%3
z7!LzX^=yO&Xx}q@qM=${awjPvJ{Y<m;4I>CTWL=WuHEp9@Kfqe{3A1bz&axxq}?HN
zR!ue<*nvO>Fs!H;;HK(_K0p!!tU%BxR{oV9AoQ*#4M`LqCrF~0!miC@*K3t@7`28R
z2KWx}G?4e}`MXETgystI_|%k6o<TDIJim5b=}>qukUQWd7LEl_4{6q+0r)=TPm@7w
z0i6J#p6i#Dp-=R6+4Lxw(4cCmq;#mC0Th_sNOso%Own!GnLkkfMW;W_X0RO1Il!qW
z&+vH<YMkY`q3)_3wrdsg`X+1M!(#4hRMXukIVK;rW>X8GA%IJ01_mZ_fb8dn@k)#P
zLz2XYbz8x}ZI+yvn*dzqZ8>n&|45Y7qan}{4M~(_s4fAb6CpJKY84pHu2bSpQa1sJ
z6U^cOF#1n+n;<&+2_#nlWb{iqCWv#}f@-=DpFhZ?b1e->30wyyK$JsCP6!W_hy9xY
z&j#eJ{W>1c0f2IXo|nezPbdNc9_0>7tw7u;V0r`LYt^iue_*c`0A@sJ3{$@DB7lLW
z0b61X9}SSbW{Lh)lRHrFqYX02;f{dL&rRgpl?hN&6F76x(V9?Z=-$e3;4I&iu@peC
zMyci@F#q8Y{GT6hFUVH(Gw50X8!2pBAJE<q5d^h2h!q3F6D8EoMh@DT12eKg%k<8=
zpNc7!9Gk)a(EqH@*&y_PxMz?+X!|Fh1co@b{Ol>K??+iuWVg1Jsv?76#@Bk<+iJ#Y
z1S5+j&H;4nN#RCq0~k{MRB)KGgcJ+tApRGObbT8v4d+IlfS5K5w0H0Um{;TWIJZg|
zpe88*FBCu}K@n|le1Q-cxZ|Ik2dKX$U}YqRMW-)7rFCY#%n%eU+edTEZ_NLnzKK~_
zHYAP!py3~+EL5`$B`~NHao2A||9YedJ9rKD3t<2TMva#U6Tu^>a3%-8AxA6PTp#c@
z+W_em-z_WZ<N@H8YCs<uqE+PpU4brqkJe(`F^1vCXgvdotNcBRrQfv8Y=u|^KLmXL
zzHe;uOJ5N5t!(BZ#;^O$xH#`)q`5#2suxrtT;s~W)sjd)f6>PbUF-j^5E$7;90+cj
z?9pu-RsBaD1cg{+7D4L3&rT4igQ;IW{U7YZY(Z)?<K_m7`d5jpd|MXFThvl63osb6
ztcVT=(dngu6h!$OXUPXkzv$Ag@wREgB(T0U8n5e`(Ah;Z>t7igXgY285_3JmGyi^6
z>im^;4L^S>l9Q$Tp)hCXUG<0T8J=lQ9oloHJ#Z!)-e$ChS|Of0tu`o_>z)nm-p@9|
z6WYjxL@CNO^9ipsgtAuf=5Dop*F(X2b5#}OrK(xJp*3Zsp`lTI{K5VzVf1pjU@k}#
zmBBY1u##-5q^Try-)dd?nvbj;mAHDHU2+$j<zXgnHjV#m$=HDv?}|*B<($`L?;MI^
zb1>p@iQv(SZxxKXFfE~&o8n?xmtVXMu!}SMT&V7qUli5#CHpmnu<$~f)FXYfidc#<
z8~>0g=I-$C&p!>`rbVq4TAxhC%x1rSDzDSoR)UkDVt(dEjdbcDz9pMGp<q*q9qrcT
z!rdJxIcu^+?_4zEK~uC-*I2p-;uTbGBf*<{r-NIRy+gdDKS>87&yQekmy#l79$xnF
zyxEF-FTVMlH#OY5{Mt&GF7YFANXe4?f+Tue<oz;>lDr~zJ?$sd{<>CiPU~2YSw5c@
zRd9mhk7(3}l*qziYBaOOh@khI`7}i5!<og^k%uK|JhQ5dv~B$d#W{_&1AJFuyyC~r
z7_GZCf2A&*@*RaK3~<d_B&sCkkmE&!l+k5~C1y`Ki)8;iF$ha@Txa3%pV;vZlYQoF
zu0;l)ds~l4610_+wU@eJ{;5y)+K|tdYuaN`Gny*wLF0tDsGh`!5YkdN^GHg?oDb#~
zEfJTW`=>wxPF3`A)qQ6kLZKrfQByi#j266C(NA$6{F)NMO?UDHg!s4NN(T5>ah8WO
z(bb21&rGWLQ|s^j^;fk^JSi-ef*ifk>B*Efe`*5aZTf@4DpsRVS=yS@Hua@j+BPTR
z;tKod-QN|mB*>0P9#p-&&<m8Q{$XgCmK?epmJrrtop308UV6or8B@H9B;#93Bn(K>
zqOTmC?@rhqr(1qT_FKVNw=zsIq(_wl*HU<+!55i|xOt*ZVIAAuV@ZWkQ6}3^e*;@G
zoUX6YV7!vI$R^HhW;a$wgSK0UF2~huvtaD&nb~=KpQ_Bh>&rnol5Oh6|4i`Upevn}
z9;PG)V@2aAJF{h;d3GO*oH=q%@uw3{Sd4;(5;ADuS4WFS$q(ag(Tw*8Ra>ujkB^Wp
zNd4+F#P?g6iF={q5^Y$oVOk2Mf5VK%Q$DnQj>}SV5<F$J8g{72$;ewAQ`MHOA6%hV
zl&~sCdC{#uowEK&sY-PI^j6nJRr_N{=gSc56ic-su(aS)k>=}IJ$#hXah|rSTkc@)
z!d3ja=k~Wp5qQ-0GxBKk&M<wvXj>AmnvHoC*V@mGjV}y~<4~NT#B0n6_e@Up!!~TJ
zcY_T2`3B`AGVJ!nG|IYy1Q;VlBZ8O8zdba?AJIQWi!YDymD-w}xFB5DEQ&?Sr;o?E
z**kehKGvx2>DTz_d4<VtoA1=4_7Y|C%L{*Nr;dcv1#am<Kk`?c-eHxIi-qJIm>yL}
z_(YSWzWyi`FF%N6r@kV0<u4GQIec=J_17I)%CLD^VpGMyadE}dB6t2-E!_9-PAttX
zd4x?7=ugxmxC}xX`;jv_-b>D&Pi%|{n36mDd~<B9nxFrEgkqLdFE;pEqY|H}N_%=U
z>mmHL8tg<||JPDUFJq4*lWq{{RPo)P#D(v$)nwUrbzive=8=(!JfAi~k8q-l4Zc!d
zKs|5Zr&VD(GH|&>zBzhHRx`<zx-?{HQek9ZEIf-7ae#~3s<~)JInNT=swuwo)2vFE
z<6?Yy?iT9r=x*Ph)l~nja`<`OFwtlRenRZMZ|Ga%*b6v?b>2(co}Rr<HVlfP!qk}J
zDN31~A|H+C=2@Cb=@A62lqF&Cf=Tv?9`ag07JhvU-&uFbxSZz`TY$p#(*2#li#{SH
zd0O7%?VyI@4GHJ=3&ogcW<MiZTL3&4obd7t>sB{v=DEKcdC+Xe65*QGdW=0+R&Z&o
z&+#{`>&2GQTiU;2iCmMDvsT(XGP|I_x$7p+Z_Bf?8E+2PcGkt<&#clZ-*qm(otl_$
z>hNuoRZ7ShiOM9WM_pN%$PUI<k-e4Q%{Kp1DodyyV{6aVe%Fm!P2_lockC<wa#Krn
z@Dp3M7>OC3uPP@AF&g{6NmRr8a`c;N_J?y>zi~}=ZuQqmKPGt1o3^g2XEd@3Ooa47
z6%j4}$yjuW8d@b%Z)GG3zc3|y!=2AhcurQ4R@8*NT{yNtMM&_D2fsB9NnVP{va)*#
zunyB|9ni5qNqfCSdH&{-6_F&n3!|M!7j5Nys7=am83q%p3tf3TQ9L(;O=73S6YhxU
z`<kk=o28v=`NPVcz{-Bv7!Bq|efWo+Fl8PP#$^4^IpUO67qJC^IOgAi1{frzg!Zod
zysQ*%XU^;v8;^p)^*9g8Ob?KQ6@Wvl3gfzNIfX!}5Ri!pkej|>5^MSM0SHV+7+*GE
zt-`N21chTsFc5plD`v*Q23S@IF{y}6piexdITip8UCH(dJ?)h>UR#;<S)r*jGK5oW
zK#7XM6_`9QEp>RJ?Z64Kd|-;ul<vK_uSkFoV+91+<bw3jrD#yK3<GdV@EBoj$jJnI
ze;fYxbS#{<{oSKZFsVBLN$?Q=I2#)qM9+Z{>Jj*yRXhX+TQMD0C(eEzw~t3#0R#Ri
zfw&B4+z;^q!r&h#NtWpyHSj{fxha^Wu9GFod6htWJj}UA&X<Bu<)f))Z(z%Z9>&gA
z0V1!UmSGK)1=H$Kiug=vj%aC!Kwd6p(Bhn31<?LfAg_Mi3qZ30d@IdV#moR$3pwk3
zgQTyo15psLx^R;;uvLI71<jmz|CsVYv4JDpC(AbxWPh_kXryK2PkjI`s3;6FWhK5F
zrR)y6h^78yMs5X><A5-THkwoyI9!j*yhyYKEKjMf>^x_aVmw&tk0d$bW@ujilC#mc
zmZb8B)d~ncvS_%wO8?x)*Fc)22xj_3WrsxvaL4sCf$c~3$}o7n&_oRK$zH>N*acdJ
zLABV8R7k9WUozN{G_V2oS22y0vL+}&2A#;){RgJdUI^+Ma{(Kf01(j$_|u#q1Z+Hc
z4;`Q^%pXw%4)HVnzJud=>UV4v=?eob4N#&P5RM*Wih(!}IEx2{er&90$lQ~@bdB=g
zRBdOixk+fQQazNUpbU&XqHa)(h|dTEBM7`{Ap$Q_GyRtD#E|VZ&&V2VvXoS6K%aG%
z22~Weu>wVm(lKV>Zkh*xS_rjm2@)y;swsD4g%x1@Lv4286LFA=W*h=jx<Hr#ILS}P
z(jS6?3Ax~yUW#lrYxOw$JJ_r>i=vN3LHHzC4FD$9^3|7*0FO~-3V3l~4V3%~63E2C
zTF{$n3iMY98)?IP=Ki@DU`D_0uSRR}XMqam<fws?1q3B}3O<klA24r#-4hndfyVCU
zu5@r{4+C>Kc0txYowZ0ZL9`DxD6Pm7&lmdzrgk5~Z{GQ0$r|qDS?Q<gXklj33(q4w
z*ZjJ2Z~Qs`&mHh_Sd;>Cvl#5bn%>py-+d;Lwsealen6DzFMn}DmU_&i5+^N<H!pJ8
zU}3Dk6fQ=)f>npVy1D^sljMiCK>egApkX+&H6ps(r*^%x*z$iJ1jh1TgHkz%e)vep
z4w#SCdjHFG>MEp=FVabw7x)|IFiM(iT#ra-0!G(!JZls6tN8KfGrLq}e*I0A4ym^p
zFYGm_E&M_~E=I?U;xG+pjT?1^&b3EFJl)B_sE)D}w+~KoIOsd9{J?}Za<ikx=EIVJ
zr-d|&Q(O#EA#KTgHY^8T^utPan#8*UtzS*_VnknsL;g)|#1q8bP_nBcH;I(O%*-_d
ziVk@v-j+P~=Y;$p>PKc?+yY+j;|}|E-6L<2b=`W(fKo>96axJ|Ap-C6snQv+WZp0<
zDe*I&Z{k=x`04F%$?(-bwqS{4P<(IOOS5nNTvLBgdjFZuQuK&cLu2>lO5gjv(lf9n
z9#vu3Nwl$X5COed)O0**EwIC|xA8^BoX4y$Y<BgQ7G*8u?B6||zWP3)HzN?Mp@8Sw
z)o@R{a{1o-H;#xoiJBrI{uD!v(KnxLT!Ll^$a^V7^=qGdE!BOl$RT6dALJ}Odu2(Z
zU6x+z@xXq~D2c<FB4XwBLB#%~M9j0HeYM1w0+BN<7)(n1-(k2oVp!&f)X29nOpz19
zHae9m75WdpOb3{y=?PC?{??<g3?(5lG%#%c)?rUOv~p#5QxXQZo(nwz{a=wLN$8<<
zLoT?-1&fLlD;~G(G!Mc(`n-h;??w+WSaJG^ABKE2+NGBleGfv^^-JE*P@*3=mm^h7
zW;yDzOap|M8B57Odm7J`IzOrGviWQ6DOaPjCb&ZEhdGoE`HQ#a8>&$CNqP5)=h}*~
z4tG`7w(e1iijkLOi)C5*->=y}(^bDctxi&v#@voKP07=|!mS-Hee}Ix@0gQOL-zTd
zodx}w$iK481s{JMtsd&_^Ru@){FsZkHfA9#1Eb^evP|~oP&0w64u5KhMY);$>eR0&
zIihf5uF#TR!ZlKQFi;vrR+MfUwZm>pDY+BEzHRueKaKlp!Y)s82@zvH`KoD{>T#k)
zz#4_ybb=aM|D4fDG5PVVib`8*xy`zaJWn%`LfOX1=17=eMQo~f_G!}wo7{8^Lh-=<
zBd<x<;w0%5ZqDIqZ%aGwRD+tsmQ9<@&eJ1&(Wm|;&QC{83S~ONP}K*e%)i}Q483Y!
zSead5r3*9K-9e=z9wEo&DXT}HXK2DNdvsJ4FBIJOCw?olujS;-!O22wywCwh;>c`^
z&_QQ=T<wDT`+r7vjBshrpPLwWDk5vA^0Sx{PwX+?h?5e@^8LP*qKVp|E;3O^cz#-(
ze>d08y0`x6ZI&}E1m|y<PG0rMY3U2ss$a3G48gdSY~!imceRZWIVdBU)mtXB;+#h?
zIm=L2*}L9(3U4I!w|l5OV-gV^j36AoRMo2SnuSY@7Z`ow6r+nlG@!PQ&G$9FG6y2x
z7NerPANJCe)28mDNH8m_vX;DMAFTLa^u66NA0XT`a!egrY5<*IU6KQ%4=d*TFa1UG
zeZ1r3s<`(SdP0V}P;}CIMc>%G+)=hGKW?jw_N_|>o{a??cs_j)VPN##mRcoYowLqS
zl7QILEmK_fF`_~hV_X%#=)N_(Ke}7D;r+;&V}8vns?t{|Lk6R?N&2)lji(Hg6O#d<
zgb~Kc!OIhGy{#LI3udK$&pv&C3x6$`Rm7_1^-fXD@9Esz4-F4W(q{9}&u>;@mFG&^
zaF(9D>BmU^DmDp2h6?c~m9ot$!(A(nE^n@=Sm>+YweFm}o9n%({;SxVN~>(-rIT0Q
zkNf_Q=N#`FdHTwwe$3bk_o(`6l<5~pNRNrTIbw=(c{y9;te_i2mE?*|q#|BxPJd$R
zPNzH;%^_Eyrqt1I@-soG(xQ^ncv{-SHmOG#)Q@!WsWwDOBx7|{;j<)<jYU)l#Ep}&
zyWi&hT<48$iXzb@om)ci^tT?esL3e*4O^18Q8WH(AZl#DzuoL#?ZJ-GB-<|;<D#J7
z7uT;oeEhg~qe!E1wCT$+zvQHK4+EkU+eT5s$6R7GpNL}+bI~J9)Uik!MzGbAx4|K)
zIEFuHs58vP5G>g9kcZvd&AG7p5xm>t!ev5T=(%EU+^W3{+I`vye&=}}N44J<#fQW(
zDa8f8-isIc4@2exStEFp<(D6&seKEoB`rI7PwIIb9;*H0TiKfsARvRX$O8A4YrR4U
zHQ(uIAH>A1(RNhYN_&6Cll?rQ6q@?#CN<sXL!>@GYbDE&LsQ>_TG0~FRhVT-toQ4~
zC^h{W|NJ+?Q^Vn@qHdX%Dhe$&x;?wiv>b+4K_of{%X%wsa-=~eu`YjLu)%K4*T|*G
z#zT2D3yB(3W`m%W>@ae}to~lPX*KVRI&ti{a{WskjO=u0hwaNNYjKaxUnALH)408l
zjS4L@BodZ?=NWdF!4txCW@#OWhgg*9_L{24Nw7b<aeW|`N5?$>7T7*>yj+*Ko>WQU
z`Sz`U&VE+(f6PFo;FZwQQvbt!(sB8pC@9EznkGA_b>px0r!u!+JJpyc9^9=+y3Sq~
zW&&L>a8`<vJVGGPP=&_y7rEc|Y`mZ0E2yJ}BjvGNCL2}3a%Vgff$4b$uZv1fteQqr
zm+L8kKqtqyP7Pit01Sa>R9@4>905Btgn8eO4JI@I76WYC?C->2l(9yu8M@2^=aHFV
z(F17J14E9$RIM4w3hIH~yflGo;1;Fig8={xpsPaG1t~H&NEdK>vqDFpL_tQNR|z>>
zgL_>f0NA8p_JoWW&%ivmQ2`A@vuIG>Gyomm5(BW9o&(Lwz?>6)oDDJ$z|`Y4Fjq17
z9aQ-S01q`WZ32|whJj<w8XyEf$U&?bVoM2YOOx{fh!i-?zxES3;&Xw(0~$^TL)^YM
z9JH~4S_v4?3JMNV!V6HAo0zseJXk9tRgNCWf`@Yp$Kbdhr;Sy3VE_#r_X}p^e8-9l
zKwf_$5El*yu-hzCLa=kFaOT_p#v=lb!GV8BP85h30hl%vs8E79ojz0p!@xtLoL2_U
z|5w3ZBA8Mw08}P`@;EtxM6`|=tRyuPsJU5+bz9a2bjs=ZP=TBT>;B{Gx+>s4fffGW
zSuHSc0IL=EKeQiURZ=^G?v2wRg6=5=C1dxt<!Cm*Xa~wJbipJ(as%>vKyAXekFQ0-
zKQW9tAFWVTW?^t;<+q_(U$ZNtZlD1!It1)GAh}U`?MT<00|+l5No0<*_f_&Sp%SzP
z_!m%urr^nXEo5$uMS-cD7_@7F`Q8f_SPaPxh{(l$oD2OV04M4h13<2QIq-E*hy2jM
z7Cd})AG$@`ED$6*2uNcFwyX;Svru|pAAEnaHuzy46hOtW3h{BTMJ5Y_6~~_xZ}2c&
zx{ZxuMQZ|U2qad35CDho>BymFaW>eLtMs;NrVsHuHa2O<&ISg0m3oj)hjKUaH^6%}
z3Z9+mLxv41=fF|>7V8Ms%FrHPt%<UP0Sx&0!Dx?N3^q}eus0Q;!fSdT@Qi>^*alw(
z_8r0;7$^f17y^7%4S+)ZKk)$Wp^&Js<Fme@sWxNPxyO2a247=hpql&1$BwVQK~5m(
z0s0q0Wf`389E>1-&}(3NCqgy%55X01npkdVLS1t{SwIo`f-4R2ke<B<Ma-n&y$>!2
z)URTCZ)GUVK#B+c<Rq&Tgf!IAi3zY&=_x=Dau$ew15XaE8YUYs<ajR!5vFIQcX)!3
zKsL;MK@;c%kYtuR=7VfgQVSMC-pjJoi7=oJ-d)$F$!)9u#JpCQKsh#8ZQKw9?<a6s
zfqVm$X7J9_7tN<W>wo;OrzfZe;Ke(fxSC$ZzUq1XT=Ztu@W^S2k@;$F3X~*Jwmv9x
zg5XO3OE*{in{F;V`L(6t9@OS?KO$S0tx<KxbQJ$CN}fX!xx>*>C@At-)o>0NeLk}f
z+VouZB5pR$-=1Z?zc$-!lx$hMBZ(Xx?O*M&cfj}>^OvMZD}l_35i-rrqeQeNC!k4y
zq&tx5@<PLDw81;D*p)$+=JLz=Kq2=`1jFIpuJIY!MUuqMkJ46BN9C?M)2dG3o8)$=
zAw(eTMg{kDl^Jf6W%;HhO^;lR=>~^~$V=nIqBd({S9}<yuLiulv25&}JTe?V*IYCx
zfjH?-_IcJ7qQ$#iOV3i&$tf3pmjW|C_IId^<<FR~0<qm9n?hTJNx0ar3etrYj+766
z<Eg67<8FlTdxoO8FT+oQ#6O<ZZlCGV?4>P<8{^hSQdx<dzkJM!T$U_;{hWSwxzITB
z>v_4AL{mcHi=2t+i4HtoiXSO`3}T(AJnZzNUfnTZdo7<4NPb|j5sB{MlW%VdTi;g7
zp0pa{=0i+{^Z)cCQjGL*xEd7?+%||4RL`9%3ZLqA{B)3czt{I_X_BQ<sm{Pad^f*w
ztPX|o_{S95TKQA#U}xt^+#^ljsC~buCy8$p?IZ><1QUZNJ7b^SrZcKSyMj*{{}en>
z7lrf4F<Cl9(V7cNI@{58r{#ZSablV}oiN|U`4KLOwU$#UR4}!jceK+48x_5U5RZ0^
zQgX4X=AF8na8whd+rKS(a-%lxw?w9PPheNT?YB>cNa)|1jv=>5>0TQ0)u(A_O@@nc
zvLVcdZ^SoJ4dr0D8rHk425WuM)1_(t&hq8+=MkGpB`$#I;WIKa|IJ8*Z?9Khqe$E)
zTH7q|OMp-wi)-D?GyY_?`#h0Vha<kP+2rg4&7;KZ#FDT)kHMz~Mnd7Xya@u0qP`tB
z@~`sb#GNl9j=&pxTVJG*-9|YMA&4aFPMaK<s2gM$58q0B(?g{iIndQk?y^>nIhL1&
z$b9yFZMypMYrLI|<fP=H0j2j?%2k5o<kSh8Jwu-%dn;Xihnl$c(l@ffF8+{Su+H<&
zoZ2CgQvdzXxc0J80jF=+uOiK|$s4!cKs@+^?em(bT?3Mq7UyqC`u6dlU*Ut7UNU8I
zZZ+MBYwhiz6`Dd8fx|1p&8JgofvXk%F1PU8Z}aHf?xh<D&6>*!I+!<*s~&kG=Z?it
z-!ABh4YbyWZk^T6(WK22lXHY2@la&l->`SV>Xh!3YzqR_zt6)3kx4P+?1+q$eG|#E
zPc3n&)J@z*_`d}oJ;o-G%s46id~~I>o9#_#tU4&z4W_4-&HlWMU8CxdODepogD1vp
zUT}HSco*3TfFsi^-Vr~$q|tx!m6_HXoU<kzGLv}e50&s4tJzS+w6wd6$Gb94j8dLx
z*VPHjfYmmdvAz!<|CpG}*T+f4#n_3<*R0L+OOBXQi!;OAonNPk*!uvED$%k^SAq~(
zX&-gosH*m))C%Jp68CEv`@L!Kcxv{?>K8o{$+#`+V50aTW6!@~M7@j=wp7k9QKtiX
zfkBRRs)NO6y6B7}so2Mt+Z?)duf`UKf&D=n*U+kC`5i)RJWBu6HIJ@5uPDtVVwlcL
zfBb+Z58nUT$h%x4=CameD&2cCX}}YBUW=`3Vv3xXS0-Csmn6hmW}@bb6&#tyxW0ul
zlvPG>j<`0rzs+MB;|xu5c=M#4<hgp&gFx&1BV*dO3X!S1Tgdvieg^fO)o<p_hKhGI
zmXt<})Vz|fMlZ1?L!`5f73>|Dv<vwgevoJ1<dG7`K~hePg(hJBbhF2Z3*oai7p-dZ
zc{Ck0R8D2`O|xp$tU_Ip5r*=H>uBa_?HRr~x~!zOTmEtphHw3-Q=<Qtk<2n113}gd
zZCZ#y#jhgY$BDs(SRyh^#=B=xzS?I_7cxsn&(vKQ+5&WVI$!UH!Z0pDrD5T#;6dZf
z^0{sTyr|}~sH5gy+napC-dU<9jq_`=(fi$>%A~SXRJ<6?2*w}iEshzb_J%v8{m8BU
zWTHV)S~PcWl#~-xPtcI0z%8@4Oh0do-&Rz>tp4yfY`<hahW{vqeVE9k{nhur*=obd
zMxUFTs*_5#D^n&h!AH|ae8+cfiRJffNNdAfTW(jv{6cH#srB?yig)VG%rfpo1>o!`
zUOm!=i}a<~zvV0@LQ1pUs#BQ3Zk!rR(^e6-Kn+IAQuHx;kbEN4$Z!fP_^hga8j)yx
z)U?!MOG)G5U~|X4l11~?WnTP3)Dg^bs*Ini3IEx2$16K#T9Z3J?|hWr>}S$?w%tfq
zQ$^Zj8ndL=y^AIgH4<tq>V?2n%i>kNBcA>I(G@%U=t)RB7pKSHFhz%unAwhLce@#1
ziIie)j=txrKP6#KhOrXPYNUH7Y`>e`K4wH6?mu-!ss+Emnts*lh^O!O8W3fJ@TRBF
z&0aiq79<L|l4hxD8PXi(@Dvz7zawmvEMz%_yPUxkj7lC8Ki;u-CK}hj;A|FaV}FzP
zi!o@-q=LWkZue7B>R6Kv8-^F7IW^NBIZtL~M0gs3K5s0{Eq_z+unUzKL1mP>1&<_O
zPF(Be2wcbt&Tjd=^0qQ%sn}07<mNP%Zl~(>6GV+yn04)g!bT1&u8PseKDNwLiYMff
zLj`Abx`y}e#E^wDy5nMBjdhUp8>6<|P)((qWSIMmiT}|j|9@eH6}5=XIogN`_TpCm
z_+*%1&>_Rs=_cJ(#irMr`7K*WoK*Y~Ck#gnwd!|F4CYKWW#*RHlxOg#si_?~K0mA6
z)wI^N=3hOhjv9IdX4?VJfd-qxjCfkGJt)Y|MN=ld?!2OhPFt@TlWsi<JzxO*1lu75
z!&f92wLFNS3}-D(8;p+aB+EV{3wD}4<)wl4juoUlui2L{04xf5*aK!fN^p}IRKJ48
zwmP)yDh*$dFt!De)nMNNh{*Hj+?yC!bpD*c=7X+aZM0s%$g!)KQZc254sW5kmqv>C
zBpssEMkI>(1bI>7fR<?Q#XVLS<TA>DZtsI?F?X*aM|@_{eLSEbZtwu|Z5s%B1K|O?
z2X+!bjGzbMfNuds8~DS;uysGBPGD&Y#RpEKZ-QgtM9|h_Vdzef78K1cOUGPntVjlR
z8!K9VsrWEDuWj(~+tNAUt1$3vsvB^R|H&4hVOA)gQ9<oyAQS=JaV=JWAqq~OnF2%(
zAm1*%d!#f3P@Pivd35nF!$FpU6^%{j5Nu1BK^Ftqfi!|mj4jyTnB-hLVcgO&@&q4W
z`(pqTC^Q;e6|nmNuB?jin<8MWhswjG@WG-3+yiV+PM#1`82mnm2r7!lK(jKa^U9&I
zGQID~23928P^|YKL6dxaGZ3^ggZ0R@OaMly<D3z&b};~+sf-;kIs<8g20%sE9(SN0
z{@nC}MMD*4&5l5WKr+Z!N*THdWD`-49{5p!0u)&M|B)Pk(4~k;1HAIr`V!rWnvym5
zMs+c>5Rj5MZA_pu4II<6eYpwUJq$O(#3sH2?Dk%iFlDw@H{vN%(Eud)ohWO}RaBv|
zNw;yKZK{4J1}LJkY<4+jRwfOg5C8;;N_qp3R)H`9(V8SxW*FD7lAk=>jglXY&Cwfl
zV=rA-437ZR8PFc{o_qj-)O>vH97@N8M9GlTbu}?a5rDWca0{h_Tha9)T+8z5EFgCb
z{6B#?6eh|rK<H|Zy9IuPth^5(xpp31ZzMXg&Aj0PLz+@pIGI2OHH!-YoLcZwG+08Q
zP5W*uDmVbQ5St-%$$`7+hM%7-!BO;HfzluSB@Xq-z<@Bj{yk80fh<2*ErA6ew2*?a
zLkWJ!D}?Q&5D)Qd=_#`IDFGW7CVNP!y}|ltSCI{M1OiPm2JAxDtR=`blt_6028emU
z)V~3VLky&fVpj4nn&-nmRDd`jfxzA=2YN#A?+*`aIIaOY5;#F)%>j!bQ&u7H7r_?@
z(nEV~lQM!OX7jI|NY-eqkWUZwa5yJXE|fobHGYAhviH*vZX-a%rh@3$)cj=#(&Qo#
zInI%Z=xhV21!I3_&y*Rm)Ca?qbMC7e*+juO*#9BNmfpWTT$1=7LhM|yrpqP`s_#bU
z>*4BK{bn=c=6sp>idd;b7}12$TrZ+8F5bGdZ4!N`+<fvgB8}Up{Vt=+jwt0$sfCqY
zRt(nzPTjztr|3k2>p}AvyGp=pZ~S=s&0lU&J@&7QJqlW0*k5x0;ORYPvOFNkE^lLE
z;}MNUQ3p_5K8ku8cZ<zTA|=<rsB`91fXjD@Z-@{p0~*<$S<kA)4;N*Y$1L>))j!A2
zQC{BdTw@e(&ObfsB2q-G*O-T$VVcft#2I|xbSqXgrw%t|^*f~3SNy6JN5F7ihcnNK
zTq<+H=W5rRccV^6crNX*(iP;lN~;<dUQS&G`IUvx<OMp{kJ@|!ZtK3*$N3Ux+egJU
zmEx32lr~DECG+2cbsK%Yw7qOhSyYsNQAgFl7~gb2Vt_B(lIXJ3gIU~~<3S|6;q6<(
z+BN8UN_1XjJuc{EsXt;@v`Zv7Y*DLVJj7cillC~j=!$D;=xPk70>Pjsx&2;7mv-Gv
zxe2Qw=W)o%Q@t@b!4t(Bq!PRD*pRWsS82KV->Pe71vGXY!o}Utf~M4X-VUd3dfY$T
z`=GBpHj-#oz;};ta>-Z6v|?;kNuuFV*pJUsE%|b;<<I6e!zxy)+6cp*KYGgD2C5gN
zo|cFm4v8iNtz5m9GcqP<pTkbvR*v?0%^0K?)4xyyd&|%6n6zes)UI9;WzO5suNkoA
z$Bx*Y<+OO9Nb9H=a!wsK_LZ*1vrhT$&Z|iwyrP?FZ`LaBY7g65Or_Gf9KAI9a{0Y*
zoMByK(4;eU(E^Tc*unF`BsAR|Er26c$7-bB@Eq}7<(FK6vP1yMkxJI)&=ZS>krj#w
z^h&7}R`K&K>(Dr_6RK4=stiP=#ZIT^NLTSz)k^Cr!2&g(6RR0mgJjl!8F}%<&UrSn
zwmGu@o%%(dpHX#iZZb{rSHv)1xr&xBOWgoJJhM8XD(h<Ktv*1wBPmBl_@+6v=BOIP
z{}Q}=&y4U_J>j>k!N6^eGrz}?HhDD_5nNitPgZdpw{*~A>HM`SBRT@}Oxq0R)`S_&
zCc>prvIoTyxXQ^f%Y`Oft$We2D<@%B<?yQ{r?wUPt3>&&iLF4SUTy^UIG;y_P1D)g
z`<E<s-<&V&ygBG}oz|aj4ZI0?T|Z5etsQXXacMnrdZWKpKqQ;-mA>-VFEm*04wqY-
z{jtwZ8t9Ur^@EnSV#!<&$=1JNgcL_rjdzx|+Jd?|n0fuqX%Qm7r;r^T1{Ui1{dY_E
z?C-U_6~=1RN+qqXiN(Gctd%{+CfPKl3W^~+F<CHw`fPYl0kEFZpOYLBw!qRRJa6w9
zS)wlZ50Aanf9xtC0+w_ozm+Ekds%R!5IG*_kyk@;FGKR*=!tvjtaprM)ZK``Y-<0?
z7pWeU$$9#1O)^aA%Eqt_e|3xUZ5bhJcb>$;%G-diE_7#c?*0!M&NJN%<NH5HrTr#Z
z*FUwcLV{Cx7F&FC`+Ieyho$t*tkbO-b+5k9f*E`KXXm|87}?`?+smf9x%I2k;wM1^
zvc<C>JVN)z6spZ;?j#eA=*fY7Z(_xhr^RXe-|4&4en~8qx%x|5ausi%zQwfXvaqsh
zd=(qXywvJkX`hnIWNUwdvo7%??;Rc9>WM0c#9L`c<-E1b?9s(9HC7Ln>o4v{5k&{d
zvGCSdiq@^C9!GKc=4bAQ-f^I_^nLGx(sf+R+siL71lsV|{38x=!?L0IkNTa4ihOz1
zI#`7K=N*nb3ZCw9ZC?7XNRu4eaTw3X)C0Nh8@7I_ujXOcbJzQ8m5%1)rvCb{9ZPSE
zji5k+81pbD<AMFAu|`y~$1>utAztggpDwL)^c<h+y+!S>_|3wuZe~}L5lv@WlOi>S
zTi&#p_)E;B!egsR>)ctq5xc6PcRsS69rsELWMs{?mstyPD}GFSxbs^vNg}05*)3?a
z=UH!Q>w^o*M;$MS9#2_6y-K6|=Dv#HM$FTPv*Kp<WCzs09$N?x;dn%kWHTj4ktAhX
zA>Y(}NK+pv5%^1%Cq5`rT+qSbR7A(%eGxw~VYMie;uMeHurU4Dm-Xm}-A%XNV$|QS
z7w%mAl@Y&J`)zvq_3{x#F=6?cw&fm^e-bLOd;5x=s{hvJYbiVV;;*+Sx->44z;-h2
zg}`Y~h+I?pfI_YIFThHkv^%`{8cbGtDVzo0N_uE8y;<K8LmE1BnjD1;nmT{ao=vRw
zV}z6rNx*@{kw)0MFx_QID`HpWX8$vB!<1odg6B&DY=QVu*sAe_*V7#Pn5M;_xpMhb
zk1SDXVi6q^<<XL7`)7LiepWKSuE75bHD*&`mftS}Y(AR^+jc32H(AU`U3Q{kV)G0P
zgKLI&GwzQ>B4Tu{o+;~HK0KSf`A|Mk3BPBq)uLiJmG|_S*5mj~d8enS2XL`CU9Z`i
zRXuw1%dOeAME;+S9ogSsI|>?o3o1NrSNc51^)ayn5yQ)h{($8cC5mQSWb=aJZ`k+0
zVa&)-(lrHM;0JEVzIyRDY`|Y_z`IakV7G^aNR@qk_yIfq{{<V4=zcFR&LhvG{)Wkt
zthU`}`6s*ZtY;LJId6rVxg}!5)O$Zk#4o0uTh7hGbX@qq(S<aRw=p|r1??%y5%0c&
zIJC7=H`^DnU@(#v_7l$q)V~S#2S=c58~9Mu#7#D6>=1Yl9FNO@m<kg>CQ4lILf$k+
zzo~$XQ$LV{)dRy;nay0o3Jg)e%bf+dKXLRYS&TJVH@%j8@X!Z<;iO*O4lYbv0jeCd
z_MnqtN}nmVN!n=eQ;e_%)y_dfwB~Ej-aG~hxj;jlHRu=s$?ACM(0wcg3{5QHa8?<N
zq)-wSvef`HjF2Nv?r>Z&9yks6Q<@7h<-h|egB*ww6@Ig&0k#z5v6M6bSWQc!K~fH&
zQR9xELO2@GL(q-{=X(~Y%!VWb*mhu;4#4E`AI>2Mu7lG9AQ)j}86kCE19_`p)LIcU
znx~+sIUEG9cfc?V_9&2Kfm8?(8XPlP=o14se$9FUQ3H@uL)TWUe?&<R08GJz?2GTq
zN@M(^PyEJ!sE{U3U-y%OUF#T}HrNRuy<UqRj<6iqQW)P2h~JYQ%EQ*c3i8ji?Qv9f
zE+F1}Q=W~jdEHM@o)r{<_j}rc4FL#=YkmQN3kRAufoR~%SI$es`B$j~{(LkCWh{Vm
zpLhxEekQPnK^Eh>9swgW2EeRLg$`<ShYHp}IRZUV@(kE7^lZvPjl+IH%BG+#u>$OC
zfCUV)GJ(30&bB`x0Z77tpJ}fQ_EbPMI37F#-=iUqPuvXM)6?0;7fh-01yksNS2ag_
z3X~@QX*_^-8h#*{(xGe!iv~YTAT)XclX%CDf(Bj@1upD$pBnI=!5~=$>Js7!psr<T
zy0uFIF=Kc$Fsdms1i`d`r5|v2VGs&Ar3Lh6NYlVs(G(f}!L9-Y2c`Mh;jA;5)0;~2
z4r<ri4zTQK0x}rBEAR714rhO-DPTndjfiY+l*V(JAySXi42(y>yV2AW7@DqqP68K0
zwi3}+H+GMJ$&VZejXy@FKMM~F<j@Kda!xT0`P>C7m0ghN8JxKORys})=)nQc1UeQ$
zkhwzR#=?*m^x!{r6L0dS!V8dtukoN<5O|L_bImI&^9H%$gEB%YIgIB3*aX1K*UEVn
z33fe$U_JGE)!}-31pH=n&cpDI_h2UkxyruXxVDvTS>+L6Sxv$ObAUWgQ5Cw(qS-(r
zUl|I;Qe_A}obo#apaED{dh#zeb@Us-wiN#^L_jD;VGd9au*DK3exIa+lmm#7z<?a_
zYi@=xOT=#1k5tTRz*red#bSf9HmPL9K~TuV2Mw&ufWU+U=i*HeN}6(5mHuZ_wHVj{
z8u(PAwiVH_fh{bgV+;Um`O!d=`^p=+=XGHpAK0oy6a6J^${VUwQjKw)oF4w)mc__I
zCp{Bcc^;=aIZHt|(Uaw#r0&lGf75KpWKJXZ;{VK5YSsVCQ1^hZa!>vZ8#j9<XC+S(
zZT>axoJP~Ot$O;hM?^)jZe&fM-XwWtTAuuP-#9dbIPAnVXspjwh^nNS@Uk#;aEZre
z_&J+Vp!r3?JMQ(;1{Y*VX^I2EE<05ldMw;0;%z!OMa{!XD~l^lJLeT?BBCEP7&X0B
zU}R)iC2aW8JFSPfmw03HM)#g&($G^X$+#OOj~{CBhp9&P>LOO(Hz-s|^IP}q?vhT&
zb1uDd3F$#UGewAOYcv>6|GKhAQq0fZF8^3ww~ol7pFaPb*gJBs(v4G0L~n0RNx6E1
zLznUO&ow3)$q@2L#0?Ho<i0Xod3I*19KADfVEu3@<z=)>bw3IxtI?mi`qv&}=<Saz
zRD9n$Qr9b9i~;Rny#{-Tvjc+vnFYRQR#VRM%!`+l)ma=kQkB{6{yJ)`v`N*`g}fVd
zxRP}GJbnKZ6|h}zOG!yhOU<)3Ii=!zD%WAsY))dw5UJ!GJEsFK^s{O$72jjL8WKDS
z%AsAro=V)36IXgbeBobkY%HL%`^aGLD&yem{#OR{hjo@>`hVTi;yVti+r2_0BsthS
zd?E>Y<xRvXqB3~ur>G|Gpz~K^P0h=odF8{8=Rq|y>PwTK#|jsFI7{MeIlGe!e};a}
z8;2nb28|8I)`W>vwQy4U-fR%J&xa~Vro7Cdup9D@G8yeIH-5OKw02f;6fjOxi;Wyr
zn%1}Rx0&E8<@cm8!IOx8HLR}^yY{$aN&Eh5lD_3LyMmIn*cL?|9(Dd!EzIi3O|)03
zISRSrN*S}cE3<Klh;X>~1C~P44|X(_jMQ#&Xi=RnIqPZT+qC>`v&!8D9x)GSukkf)
zM<c$7yfqpVfqUj$hOky8^dwh=a^oTstL@DQ5=4xQw=~<BEMJGtoQI{U36b>dz7TeD
zeCjrNb=51ZrB|Esf_Z5^%YZ^+$S|ZqeXRP8On#!yb4-6X^`x>p3#!$5!^H~4TaxAt
zsdGPws}6OaDUt10EfDZdmrCmt5B3LgVcnuA$x`engejrS5A*fj#W3wREl!VkP01J`
zI?K)LOQ)EpkAAEl=gqHQpex?rC*&i{U6d~oE4R#PJLIo3`*D~+z7n>=-n&|zR<t?w
zmnFlbo*-kc(#-lLQp>?U!Grm5_%hHtt&r1wxFl75?jRIUVkKMeDSSAlZ;%+ik9u#j
zB}r}a7e7l68cDX~qoX~<WBqP2?aI-Was1Pqh-B1#{%tdtR-MQL1#wljw%Z_0u@R5y
zYC_;rIn2Lo!~6VJ^W9Y6j#<f{Z~5DY-brIn-x&z%E9TcCAlee@YMZ5dzEMhBn+}q1
z&FVO_x9HU7<J2>XHW+NS^#@B7;=Eq9PRH(VrH$yPz7hXjXwBW0AY<+7V~340Al!c|
zzCC8oneiJGx)?aznQsf(Ai!lrA}N1Uzj!#?<@I}LcKo~~(0FL{)!#5I3%E%7*BH)+
zqwi!{Hs<O0IOl(fxA7VceM^`+=s6wJy6paaaCd}GIpMv*=0RRtV^JEHp??}pSeCA_
zsMfb%SKC=xwtdY0XZ@hHc<zg>W4`+02C~%T;GyBH{e<D@g=?6NXL3W`Cy(acusQ^n
z<jp_@-`u*Fyj>XF8Ik(3?}$CUQey^lW{5f-oVaQ}lV#sc6+$WLc;zoPrfbRO!Xr9f
z#|{~NDA}DTdXGi-kjYgvK!kF5>vC924Rl4OA+&^dieAi|m21Ft44R^D;;~AK-a!qD
ztE$*9DOz@K#cC+8XD^Ywq|@*mLrgd)zp3k!oUgRsOf1LphdU8RwiRXs-HUVe9U*Kz
zJ;@LL&1FLLR^KG1+d8F6&|Kx^aO~1phw8TntI~Ihq`kj*^e?Md$7wzwL*1En?>HTd
zanN~HdW6q2n-R2Ff*$_j@ZJL|TAu~NvEq)EZ7S7<tC=lBe4H4wgN_>Xh@+B?F43pk
zll&;v_{y1jue<U1rPExTO82G^k6b~2&<gcil8_fUTlnrj`de?STrDs^P&|DmCn+L!
zH$HvPZZ8{~DusLnCAnxws~ONX(Q}phLgsT(nJ-xrdDo??#FLSjd9_}YCw+a;mpE4e
zH}oqZnb?Te!5h!%PlY?F)2!PXhr~qTcGb4x-$VL4KeU{tJq});=g-L6jQjK{V03D4
z{{E@5AofWQWw~>m+|S5cHCpn%2=`URJEdl68|*o%I)S`Fs-XUnkLlbv>QV9WF69i)
zj&s8MJRg~o<+B4D*Y>A&<l>{r;rCW>_mu9V(1vO!T#nxDW(@M>2Q2&BW|!-YRv63_
zF*ns5NUwMLk~tu&?fbF_HLET5?Yfvx%X$ra*6i}pe6er3>#m>ck%Evu*Jyi^6T%^F
z`6X+Umir}#Rm_2I!dK#jH!CRjE$fo}l9Qa?-{sYs2^8A+=c#EiZhAq{l8a5oc$quh
zr>?nA?j1Uh#&pcSSNRa`bwro(S%O0j)vJW(ddY=e5r{rX>>_b&O>PS&rJ1RjE?i+<
zH}+vVJ#mNQ<*AI{fF=Err|cl&WcLRPSU$UWV;7Wob{|<>lx}BoNfHSg|DQVf{-@yk
zMi2E+8G0kRuJ`}lHKSM#Z=?&7!wYesr$43g_fWp<oA0?^jR5#;l(oo_NMBYiPDUgM
zblmr#UJ2T(6D%uHF&Qp?;DXOOZI~^$hqaqk%22o1`F)FH{71p(7!n1yycNfh$~e}*
zfL{D9&_02kpKY?2xXXjq9if^-$Dz@Jm8L;_)om;6fuU_B#eTI#$PyzmY_$ax&1W9C
z55S5NyYP|jh=7#FPAPPJ3^~0Z9}MJBrvVWUTfQmQ5zOz<LIs>KH^{-Le79K7)hnS%
z(rU*FHoajr1s6z!)D0LIfycfE3B^Zn{Wev=pBhk42k|hqc8~dz!it$GeRi9ja|h+P
zK};DfRFw=y$G&#W=mEo>8tBPbRLby~JAzsV8X$esAP|l%3*{?BKYN34bjoSmj5b_n
z0kVXh2e6Twf(CQ>1>yxqZYw*8>C}w#JrBLc6lx573^=C2lp1b$P_OxBwB3yZe9-_<
zT^?@=ioNk+)CD<<buKwzSQ8Alf?@b6ONj+NBljBi02vbpU<*@eArKjsX19XjPaFZ2
z<D7+7O9MxvAGi^)<Ef!vvndS&+$n}IDPlqMp?3`($~gTD;Y6T|Le^EB_0PkJfn<W=
zhvl#t9k4drDHuGyejXK{nIN!)QC*>gsRg98c*EW8i}~KM!WfCuPxx*SVuhDLx6%Ei
zUb$>4>(^wBK!7WdfEcc^F9r*m6TbJ)qsa5nCyvswhEae+6w@&jl>?|&etv2|b@fHt
zp?}zeA`#KR42LNmrY!SFNew%g5@sv(rUeT)+%#*@$RR-L_iac>LF)|GO?7Y;s9@cQ
zIg0(q0GbM=DbVpkE2dx$=K%`9pap~$76pwJP*D9pc|?X;!9#AcP2hKKtEOW^S2{DT
z#T(qK4ZWT_L98(Fxy!aHeGnHEzgGmZ?R!0V0jxp`;7V@xg5Q$Evt_V90!0z_VAF(6
zjG~$V;wJLizxBPI)@q7S77%`C!x-YM#DX5*QIf(|W}9yK^JPKL!3x@d@ONzBT7&ON
zCO=&Zi@wl+{rRX_J)HRXj=T?>wrWlnaeWwo$$|6-P&nW*n&A6FVBC3)5CYbg&yf`d
zavC|nv*-!-g@TX_3X9vkRx#M!-uZy4B#`)+P8nt#5Cw-G=M8=oK*Z+ES<L|JpehJo
z=V$#vq*<W>tK>~DC{_a7Z3GX`hETE^;3_W9g+-sV!B|v5qIq66(UuYhin^iK0i~rN
z(e`M+mkVtLlK!~FU`2K*Se6?Rq>KRZmMXMp@Q;A*G)}yY2Q0$~u_FI$xSBizzd%@J
z&qN?ny#SFc6Z}IBzX|dnb~Q&C?tp_ef?kj(c<mAsEJ(*hX9*Bn9*PE<Xp`77YA6h#
z0`L;mo(!lhE5FtB9rFQogeG<3n=p_h!3X_@Fq&RE_w`EbH6a?-`yrX}Xu{A9^c!(|
zVNQx!wb>A<7y7uG7!zjp7~`TnriL6C(%=9%+$}n+)RiX)y9xG#1b4w2P*94kf}T2M
zvtngiRUG^WM>&t0HX8gbl|eCKdW1^-h!*G*_fwnQ1tjcr&`9G?;{nb-GQ0sX+bxfz
z%RS)Od7o%vR;0WL)P=i<MHt&jZ5p+gVYo?f4reBE|E{oPpCvR{X}`ZS&UFgXD56f*
zmI7s@WlOdaR+;XtrUm$+o@4TX|01LYtx5GxBshkNrZ7G}Rl293-Ro3GcNwgQIG)gt
z&{fq{w%bp-49%a8nXW#Mt<ZVOf3B0wHD^XI8g19~L&0+=ullKrTuhPQE(~`mjv#L^
zK;gJVMM`7p@_W!ir~G)BW3@Q%<^6&2=lAdnR0Jpce$_nHJPSv-1m>TX{KT_YS-*0A
z$#3#aqp>>FaFnc0wn>t+x0VSd^u5?6gwdCQNU4AJrFmNar43h`W@)y7K96CvWMg@P
zBX-StSpHI#Fz+%&^A;}o<^QAWETE!X+jl>-B4L1Z2@)ddNJ@#cv;qQx3MvEA4HANY
z(v8wei-1aZDJcR&N=t`;bhFR>;{Lw>|EzV+T6;Fk%scbWP(Igl-Pi9Dqg_sq{j$2S
z@0qFPK|D}<1&`i>E$wr3Q}eugKf#Ym%0g;Ki7Ru~(wDiJrEV&0<ps@Kv$y{=sv@7i
zqeSPWsYg}ORG7sPlRYSd<_H<~)Hy86f3B*);Hc7l{rGXcVcvNci@P;?eZ0?pR*<$)
zhGjk1`AW+kg8x$AGIE7=$Mn%XMTozgySv%+XL-5M(Bs8<y}j5Q7l$OIS0rQdY%O`;
znM;0iuxy=qdW+g|bL-<gHYn_R8pq5LHzgN(`2(kUiSvfR>(pM>!r**%lFYLmBXcyf
zso1=kLT=&h*6L;hm&f=_2Md1c=?0zTNhB3@6;H*TxJbGaxAwvod^OE+f1JMU>_&lo
z@ehh;Qd-#ku<Tt%hECpwR|Z5Y)qlrX`Hd)MGN6spNM@hjZyXHv3b|XX#LIh^w@S){
z_;b^ww#`0?{cWGN@6x40TE;_-iQ+URr;guMgk@p~%hU4bXDcEx{F?bBB2TpE+kGU9
zMq+vrN;?eJbSWz@CGKa&Jiv066jr`DPa$W1j%ra&>5yAww?Jo%`1Y$nmk<*=g<{pC
zfUNsh2QIp0t(ed}Hq)yJOPvmTepl)fMmE2s)~|4YKxtA89T#Oh`z%^QMJ%MzeBa$T
z{Y&oGdMjpL<>1Z7oifY!_Ep2HYwvn8hwVfO%x8=B&n9IJdOaCs6Q-h4u~{H*C2I_K
zwvF2FgP)9|P<L@|xmc30qWgwQFY&#|ncNwDatB4*uCpJxjULvXol`=GI^8KBaC9{-
z^?TEH_`oK&>uFEmU~Tp1?&Z|tLdWDq0%rc1bDd+>PMez__6uIglpGMI6tgU_WhV$9
z;0$^e8}+FAw-MC#y*QWrsAPUU#Y+Y%?&C98##Y}S*Z%T#D6jc7^xQ<f)bhz6tC-gZ
zSEO{kR+%2^yHVh&eJUSV{bK4Usb`f3o6WDYe_v%E;8n}Yi69M@oly%aa$@v$>*olr
z(zTpcvSr;9v&`NjQf*#Xbi>iV+50{V%Ixy<V5!L><vP3yzsoOnlO|cM(>urxN6krO
z=EAG>{z0iXRp}SskjYaoSX>|bVRL$z*2|Vi=APryFHUz_C--XOoDMBRECQm!N^8nd
z;5=&Eo>Hp{UF_EhHT!Y*MS;T~zOX1wE;hldw817jpDr|pPP>K87!hg7+$iZu?^5h;
z3AoZ`Ba{D3jYdaTU+G!<%aMEA*Vq##Tb!F32DCI=q`n=qZhbs>oBlE{>=jRv&l&^P
zV~eqQ*UzQX&y$@St+QXbccI|4QzEX{P_yjnVeU}TKd6f`?q;9NyDxtyle`!GG|c$8
ztbjM8x7@=0iw7W`#dHQjbJygb$KUNs=0pEH?nX_kTB*%I=Gl?bOKr^|7JmF^DwI#R
zi-mkt&-txta9sEBIO*5$QJd@f&eWgI&Fivwcij`X+Z88z({8q`g=7rc$>0S?+*`ks
z#@#4?jM<mkIA~al95DX=+5Q(_5sv*s=X3ssVr*}ziLzMH9l9#DrlD<34BIv&q@n4R
zJ0_im*j@cYCA5&XI9tSL7iz{TyMV#1>~ofmLH#9>L|<y3FjvV=KN4Fp>K#hs<REy;
zC)Jp3q_otPUPIqE`sr%Q8nc)FaMz~GZw{xb8XwUa+4BvNArmQ{%?p}_21fVv_Qb>z
zUOqnB8d0Me+((IO>S-*v1@GXZixa+cR78Y5kMEF2KZ*CX{<DY4UYRa_YHM%zNq=@u
z%UuuW%7;Mb8nIsqY)8_RMy=1R?`9SGdqqXr-;gvB*fdP8mC?0&5N?S2BkLf2=G0pX
z{0XmfGv#wHG&<-bTbL_)!&^pp0P@Dym8>_A#kN;$Jdg)p-P;#>ZsuoX-e24geA)Xx
zP-KAn)FU>T#XHV<g8kbIq`|8^jWI*4HuSXzs`HYWUsf%xhrU@lxTG4E@Ur<xpOPAF
zoj!;!H#uXr|728o>+S2kpy!QDBZga@pE5|<M@vVmtFIH4%w8X>oH0&N#qFnHTjrye
zj*}egb7QzNUocd>gl)|B%NX)Kn(FyONm%+(HnU=Q!Kqu;VS<LiM58@9Xe)CFbBnpR
zO3ul)?^4X`!{$xOA4!WMr5)DMnqE&1JfEsRzHvbx3irzN0@{LeioGU8m(<HcMOj9t
zc^VaV?o5P?hiGC~b+!&$9z3*?yc;VMGS*V<XF<?t!(X<PGP7WmB$S0mWA;5)lT`(+
z>#TmcC*Md!y`6X)Z+tvYci?P+f6~q9!Lq@ZHsXX*u^y`T%|bGM?DnRMm$oSIp#!`n
zW0+o@^ZLb9^~;9JS+e}tF?#AChvR36lq<a?jALH<Pb-HTIW!5*{o5p%_P<;pm8+58
z-kW`qJ{|KoIu-B63iV{won`iaP?aE>mQETwm;(PnO+jS`<YdAYi?Los+&^Y&`uMK%
z+%V^CyXg4yO^Gv2!L51Q!GQw5><_((198*#cY*?yUO)w|^(wJuef_){Jws;Y?ORsz
zW(Vynob>dxl1m!6T=nn#NlExI>f9;Ho)0d8Y|>T~LC-G1WY>`Mt$o;qULpQlgQo4X
zzb3sWuL`}`IG&oT^19fQEIea0;5rcrwSLg;cT&6TG=3BKoyvx=8;qKEgFSgrRA9)^
z1=uRU{2Hu0yKwxr(#*EfFfgx!O#HwMkR^09mxSp{Y6AE)2(>&0g%g2XgSdf)7lz`@
z7*wgCE}NUNF@vCzEP6<q;sowQVUvyo!;vg?`;ICUBL4bMgd!U#w+H?(*$-25UH`rr
z?+NUuImwfPLVrA&`jcQvj2bEA+hJv|`p_40_H^FJ%03-9ya|A2B9#Ial>)lKY=mH%
z)|mwOKaFE=ySh&F)qdBhhra#sGKAh_cM!$G%;HbVf=>%c8?|56A<Qgg=$GfDiI}m|
z!bU}i*a_A^$q>fD&4j-(#8VMiZ`@PpRNwm46H)bzF%^Kmq=Q((Z(OK#&Mg$^s&o)k
zs0bDBQRFIwb=YV{VZaS|!8T(}QQ>CHff_#{4Rq=T?ai{(d`{9p2^5|Q=%^b|z;G#w
z4d%6+WNpmgrLf?G5W?3W<NB-DfKv;)%#wlYC+PslEW*DUPf>;fSB}y9vdCE%^aEkF
zqLD|?x(8Vf(ophC(fO_vZr)Y!KCq|Kvj~5K{_zd;B89iHLop-_i~DeTZC@ue<%(!p
zF9Dno4cQb#23f-^a9olxnuM<<7rvI3e{(fViz#HIp8dfP@7pT{Yx$g<QrM(}UKkl4
zL-CG)0DMZZTn7dUF0LFO>2HLuR`!j~J3}!&gG7$^&eo(is<{?W&54Nqu|#ocadF9>
zQ;Cs~L*Z1rrV+c@!YG)MkGN(kj<ymgjT8UzMF>2Q;-R{1AP{9yAi0!^LVFVf?>9rE
ziL%p_{DfPer1m%k>an_}JPt^FcYAmS4V)tEgA?lqJW4QuRwU-zlHUh&&6}bA{RmZl
z@RA#WZVTCZ*abj>^(#c#ppUw6Dtk3!B(jIxwQU2@IKwjYuxp@f7%>Lt19>NJ273x9
zm}BEz)l|H5gyHNW0<S0}s}wz?p_qEY)520VOJqZCY!qfa-;i;`PJqm%=wPVd6!NwO
zo5*#~-@S(mHU~iHo`!f0#EEncdZXu-fbNT<pegIINVQ5#x2g$4gdB#Dvbg}PgQ8T^
z$;d<znpB*MDQvtbT05Za8qgo;y0kc3({eHpLr7i}X56A~hR%jZHhJU3BCuno=m#2v
zgsLbe2X`=$r0GIc@mEABP<Bl)$acD}F7<gDM;<fPO0aV}9v-{5AkdFnGf|Qz%FUk^
zWcK96<K@7ETCJ#=jVDwEYpDQ=BdIsSl;PIsnR!(P<ct7|CX&*(6s@F%0w5wcTe@<J
zf4>Z6j3;>EA+B-047z}aa&@=={wZLelGZZAamMM=^y#&c=-}hXsY}PHTWHO<*6KWD
zkALDd_ZF#1Pa7dpo_Y>j{<KGlCEmpiU!72umC1eW!Erp-Il2qJ_s3U#H0-aPwgRxu
zh!nKpLQsbe3F_P&Th*vqyX<Su*?wu7*JQYf^yz=my+(5Sff;u%_Zv?;eADM~^?F<I
zOOE5K@GUEpRV#zoCTq`le?_U@r2i~NSU%MAX-HY~Q|g6g;|zPFv&Os0=A<ve$t8}r
z9G!9M?!J27=KM^8-s|j<MR&cz4%NmJO5+;c;=pIKD{OBkXSt*Ccx$_k{qtB;38uoo
z@V97o&a5sgM!23mwcLd3ATLoZQJoX#m*(rBv&71H+jN;{Q)(>#Yx$$cl>#eQe;40-
z`+Mapm2d9NVLGYhEaRrnt9-@F6tApH42K1p?mKgbfe{yCrpg#IN%G;gWikFQ=a78z
zcgH&$A5)ekR1~T%x@8MroIY%2CZq9?xjqA}y<5wkxz_Q*J`20o-hZjW>i-Z=&`T@Y
zAj2-uhJ+kpZJW$9Kc|g#+Hdb($FoWei*-G9%HvhbH%whWaZ7Ay_+CzJd*F4(M-jcY
zkqUd1K^Kz>?wQN=b<CtC)+R7F@|9TyP*%&iaJJs}a?VOl8JM{3T+!3pSN6h+Rojue
z!exrCL?(rQKh4yBIX=rI`yP7iZgPgbHM<RSIbED&;^yI^wzc({x61`4UqXh@wNjLa
zguRn(^7PM)q?x@dd{*D^npbZ5Ys#>r^-(W8b=avtava~h7|T*q;=kDNi@jRUw5)+#
zOrBUdF_GI&3fCegs!{*FUF_tYPI5XQa%@r6-K_Dd?F|aofwsHOaw4NqhZ1Gq?qV<X
z{Te;{CDH)?UA{*#e#K;f<K0gF)te#8RZ+e@ACBLC<V|yEdA6DK<j11;D@!9`*~CH=
z`RBO|%!rF-0pE??C;q1{Ys@%X4Z6Pw6-aUOSyk=X+!D4kRB^QWp(FC%3TN{v<gv<+
zvLnpS8r`^bK9awrRQl%UDH0Fc)_tts6-_nDi$kl&idI@~U!Uz4*9JT|ZYz3asKWTX
zmFY#)z>7T{e%k!1-RXvuKc~`|TC{)1o_fa7XZ`L#wy2Ut!NlJxJ;hKbn%1fyzai{K
z4(5^kj2w=x^_Q?E?bZGw$5O@oG3#S`HwELbX>@uEYUlgp-+8LxEq^!j`pNXwLTy~G
z$<g@Sh)LP&FpfbGFz<>P=o+(4dZws!_3ES7iKdPzXU7C~L#!XOCRBzM8@*UJkasaI
zc+8Ziuc<1-i*YjG)9sBN9(X*mSY<H9DVNZS_UTazO1(j~IaR)iTjR2(8<_uG#Wj*d
z$2Mi8F*$i|EXN|5xprXX@ZhH%(a39;JB$rqmU<e089rXVQrW(~$)C7Vt^*tZ-G^^L
z0HOYK(KVhRmDQy^s`g82Kcg$28R9=fEEX=#w3dIfI_OtGz%4Oz<2M`5&z+hhy03Xl
zUFe)Kd@~f`N9E`~U#-d|S8nFE^V0IAv02{}Cq>KNP%=Dv`>p1!Y#u9Ebs8iXysZjy
zp}uxjRKh1rOU`gWUxM{!fSg~@?Oj)at<FWSn8)Ud{jnEmAMTmf$2xY3zxhMnWwKGg
z?o|<(by!imCbcd`Rkb?4&bU}%9TZ-0?u?(K)bCQMmi~^f);z^6N4@%qzyGjC`3kbk
z4W8$hSQ7r`v_QWdc}wl06ie8FqOJB~_^8FX`5tCw<%Bcjzn-nD&!jZOS1~AF_TtkR
zWq+)<P?-Kj)nWZ!qm}K|ME}km-QM^pjWx=?ra{Z}$TJSVJnimP5AOHn9(kUg5wbTp
zlS}>SbD`*YdfQ6p>PwgkzCq9NYetQyMHEN!P5(hTGgL3}-lykmAJ|{si}Cy-pZuo7
zHT@gf=T3RVZT3a}(|Q93U&DzEpB7MF52?ENa6qZp;x+Zdm03293HM`)4sos0zP$dX
zwlO*{F5go#bYGHM7|xKpB@Jj*yiKoovoPeKkZO}Z;TF+zeVj~}x@>7~Z?!akmUjm;
zfBv-P@9Bz2?u4B8%(s%26#J_05<OhR#9uOBuN*NCZMZlqG825Ea)7CU=$E$Zy5W7+
zhGl%a=daPVt^w(o;iIWLQYC!Wj*mZm68}8~@~&5MX63sonPzZQ<+@7l;UL@4XZJh3
zzl$o3i-zUSjDA-PX(0K$GOj+S*H7!5>{a|+#-{zE-D|E!rCm37;svY)Mbhop=bjL?
zUSj4Cyw?1j+$cGwwf$+fOOR&d;$xSqy-_trlxN-CC$r9`2zpUH?&%AqbJ`H*xqc?(
ziIV~K&`<+kOa|T@<QO;ehVNa9zxKJ2K-}dZjp4;=nEuTBs$*=d1e4NtA%U>*+aiyu
z|3QiM6;}IWZtJ`WQ!O+eQx+jnc(^>WKOje3vABBdX{1t~IB69_8d7(jOo4%$^*-Hm
zakr0>cf-ykXJv7$<;KSO%o4mg%;EN&X3TJBYQ{gh5*EnB$WTeYshN^XJfFul-=<P{
z_$u&uE4|MDC0xb<qbmx2=XtOBN7?_w^wPDgooa8a-P(WxLhgourXwI&lq3~cCmgBP
zQbJ?zb{IT{sm~$}6bE<Wn(m?3JP-rdrQ!z^cJ!-17&qmtABHMD7ob|@D@%h*`VIPh
zY%-aG?0xo!V1a0P%<NEP`6f4oA7-(>OGVk0y;CFOyg?sG?MzX3lON-jg$=7JU*XjL
zAz_A7v^tT_N*Lpc4?I)OX-IdE!Mf;155{1XR{1Q_A5Nw!l4!$)dO(&LTmVd0L}v6_
zZG%S>PBwxR4QOL*JfOLG9b^m=BuFKKS`dgY@T%w0dfQ1Lr6A6<!eo=)q_co1g&87<
zP<P?kAo2f@n$2fuGaRT_s~tj601*EtZSIeZgT`mGE|`0R{_j17Y7jB(Ne#hdMSfw}
z1Ze_buHq(+pg8f&S~H=I`!5`T$qvFc6vQVGR)FK4&;exXk(P!=fK$!LKrlh%d3%_$
z<&{KQY8YtCBJ`(5NB`R3g}r(+5i|^daTR^AF?#^H8*(>!YP9c(Z3N~J`FFU-3OB-6
z8K$rBW~n7G)i6)>jnk?LLH@GB8vk5a2B%eX2J<r;H|V;?hG|d~*kTbn8JA+`r7#U#
zoM|mwnN)ghkUJ=LJO?C!1GE8<8K@JT0n=R3!Y0y$GB7VEM_}8sApH!=$o+qtagS(v
zyHa>ZD5Rp;v?f4afP@M60cXlrC47Wd_^Gd=Zcl_XjuuE1^ov&zb2w2zTDWq^0i!M_
zk|*4U6C}@ARrfqDVYB}I)OF4w&^a)wCrYvWbE3P9k(9tgG!<2lg&vvw*KZ*N&cGEp
z0>xAT3OCeWIdSqjHBff~aV~j()%r8m6sAGqzf=#0;h&R!#JPzgq9`ZIW8wyITDk^q
z%qAFir{R`tm~<Q~vLt$!3eP_l?S@K+qq$_=0GTmwwuOS_Jd5^Lst+eVs4%tYWq6ga
zb`2><?rTU6pzu>n!`C=Xfl3T?TGfmf#yc@a!ZgUE55S$FWG$wF+LsJY6YvQ%*Hg?T
zqy@9G)2!TRg;Mf_GZ?+O@SW1wG^hjbBeDpmYzOgTkggg8Hvzf-p_9=z2-d)S8yo@m
zKpi7|0(wXB4pws>uO!}*S8)}2^6b-*a1>zfKy{dP5ws<zQNVkGAAfH|>ycnQwU?zy
ze{c<ld18oDz`*2ZfR}SKT?>R7>N3R&-5`8lsZhWe^FN88rJqw$1J5x1VW@&K)S}xe
zftA@<wxF8DwX7&l%7&|z^Y_P=Ffws8L?{xKC1q|YdZ5`$2pOelC^hsJ9?QfgLuUyQ
zA5zd^h(x9U?@Yb1nQ@T2f+<3!nqogMBQgR&y$WxL)5;eV)l|6|8@%}i%{Fj6=XWxp
zzx*mj={F~e;|4L%08Zox%5=I51p{wa%{Xl9QlWGd1;A)HI30e?((!E5akE!2P%>yT
z=m4ilo_%ww84uTwng;C~1*!$e12^Ke*YhPX6bN@2by>6wrNuY)u4W7PZq9&BZd{@L
zyBPwbjlvlxTGbm`Y4{MT0-%YtKh+dHRxszqvyFEeH{u*|*Yt7g!iixJ&6wVr(6XtS
z4ZaA|a?B2C1lfBEYM3(@ZWA<wRt<<|GwtS~e@M-oD3^EnPXC~e6;!Vsm!}-Xmw#3n
zHOk#UXH{-KvPfAM#&{t};QWC9xIKOUuN!9`d4<+~`v=vMbaq$Lc-DGX>R47RZ14EW
zZv#Bc<3+D4lZTAz+bgN!mQwqaP9GQ3aR+(ocCOD)NO@Nq&zcxa(G>ZOOvIvsLnpsj
z>o2t*SS4NR2&=`JF~$1_CG${+tvce@+q@<#OM{(HOp^>Q`=K%)Eh@1QA=XNdx}%Px
zaOOQ)etRtRW#=6k56tvkpsoy8KZ=`tRY-TnQb~b$jvy?ncH_goS{6_7z_v~?<8Hg9
ztl%7GKe>-#E6{@VKwF;ZJJGe9WHbi7I<s+Zr9<j*A8rwRwVq)T5{Oin?WB?VQTERD
zZcS&c65oc9lV<6m*wxWG&sH`!hX}bVYp8Q!5taGwPd;y!U#H8_@6`60SD|L->Qnxb
za&wg5W6{zGW*gK?Ll?h)-F;Ll{t&gc<LpdttHm?5=yclt%<J<e#mo1%V{DI_e!EZf
z_e9@UVeh#wcKyhSh5fx^j!k$A@3WBQqLigmL8i5T*yfu@?pj#Tof7<Xz2jR_Bfbki
zansj72D{N=8MhlI7g^X-ysqkoliavQZ-sZT)FZX*oTIZc$*HSZ>%;BEc}_^-`}pXf
z%=Cr9ZnILS8n5J92=TOySX9K6d`3t7&^C!VhZl{q4fdqu8C!N6UCB$2T0SMLYW73V
zt15Y{@1eH*z)G^5(y~>;RTHgrWskzKoRFKH%5M_R&=6qH-x$tp)jpn|tlIH#opF&`
zQor_ix|rAO;$s&0>y&HhARS0UMyo*NBSG}+pwH{<sLJ)Em-d_rL#s2{b#ffUL=(j~
zB06#whnzB=-K$!lvI8=IZ%E^y^M{@3#bmzqS9`Y_&Zd3IsXs2(#>N$fx${ZZ4rKEM
z{w{SlA?X*|zoVwJ-Oq$(Szvis9&pfSHKaYsN2+3`q*D2SKey>OnaIw<y^5`t1CRV%
zD_q4N6A>e651861ZwQ}G+kI=bR`O%bnb7EsmHM=WoXCd|seq^R+g_KRjXdvU+YNI5
zFlg4@ku`Ed!1||c(eptG(cjmar;LP@*dmoUa;|Slh29Xw_jkwKk%(E3H8vRtdsolo
z_q;KCur+g0_oBAfN1vMkfAUB0G}MBO)(>wlaTi}Nyz+NwjY1Ro=lQ=ET3W^!_TrDj
zn6*ULyba-<J9g?b#+tiK3ZY|)85-w*G)SbDewtdR9|(EQ+m&={=zAJYy+4`Q#s*Ul
zQ<D3)KORi=;X{cEwszxHG;>5z`ww)ZUS((9Fa6V_yO(q}<lStWhFV2Hpp|utpe*5@
zE^9F7o>#`5Py7`|=DOVpk)gg19|?X}7iFyL$xr%Nq#~|Yqf<$Ud9~OmqPaO)(3oXF
zT~K7<YHBh0VY&wQ8Xp^<=d`^cm$KGI-{DX<?R<prtGt8*A&lD#$2obg!EmovIcSTo
z#-!*kEn~Nd*OaMNpMSMv9kDVm`nYpU@6M(1`rBueu*O>AxqncpDPQ}^{bR+WJWRx+
z1I+~0-)V<?5zj}><YzDy)iN!9<$2IEFE$`8!#YMoFqU$Dm5{HR<@ZZRqW(g@eBLeY
zFYEF@4{~U88p!I1v3;~tw@M2?`8)}g(?*9~FtNYzqO<Ex#gi=0wRTr`cj3W_Ch2GB
zke@Qgj_sWFwU0ln9=Sp%Ay4a}a9S(Hm-grHsWV?S<gg5NCOWL@Uo%?R4nI9c<QVeZ
zsVipa3|X1+(VGoJ$L%!xY$Lk2BdeWlIKPM<a2NMvBu}Xp)t1HcM|^cgf55xgI%i8y
zVv=>e$1jJ5LoI$dw>R*0ftzf{x9>W}7FFklItA!%VJhT|SAy5|j&DY6spPs_B)p~P
z{ziTJndGC>A_Sc~)gR8}9;iHuBik@EG9(|xr?$+>>^>y+x~9`3Bp^%AufXu#yX8;L
z5AvOKlOIF{_V<-lOQK7TtNCX3<{w+l7rc`!u&3A&^ZnAKd(P)WKmkV<9%Y)%AM=tB
ze7iWm5mq#Zgs3P->cX8B%gZ%A`WKwKxoZ|OqL?diesuq|mku-_J!iS;{sd$CoLf>*
zQ1Zad-IG#dHrVz4P)W4`(UTRP6@SlG#+1zH5`TI2r$6p_FE3h1PN}`kXYTqK)8BSg
z;(ONa>$#{SZk1)N1+gpbtP)%OlP^Q<zOG*zz%9~wa&hf)qXJ1}6P4BKR5LTVxmAql
zo`mGeXiQ_gV*8is(3O?#-$}7fO4H2?p&z}N!RgiE`DGAb^^sL%b1(K&{#U08f{ctH
z<wuoek|r(u#?%ZFQVk`Cs#i(__|7`Y%SjpL92duDkJ4mS*P_QK{A1GNSM0<B4ugi&
z`;CuI-T6{CAjTeqdzMz|v4(oiLrrt0bv}&LJ+Doc|4VXo1XiX0n~Gt4?N-|xXh}Aw
z*z2%i3rt8TG3N+AXB4m#w_rGjxF-kynkU^{^##Ufl+jsQ=YATji+)gQW&Z|sdQue_
z^0wZ*pMK8Nfl?J_Orz+4h%&8Yc?C^Hl$QgRj11}QV~``7r2zsGQCn{?KW5z3;~Vpy
zzjzM{@+cG&*qnM;N)v`L6H=qetGEzL#q!Jp%9^dq$o?iQbfDFOyaJXsnsQfy;~(JI
zt3cG|=FfdCEu7(_>=775GsT6}Oo&h%5jKdK%5^i%W)ou3pdkn#Hv_5!KKJ0naSCk$
z3M&yd)C>hzXJPOj3FBPgK<4l7k2L_X6$LSe+dW?(x>FO4f*n*I8e^C=vZPpU#D+8%
zqnNc-8V=%bM=8P54=O4s>bTm(<8gP;FXy1l4(DW37B{Jz3)Pxo@&lnxA=I*C;{TKa
zmTO=@YJt~sR|E}HE_#rb54%Dt6p4dS%pldFLk}GbM1(N`Ua+t0N{!~HQ%9T=*r-Nb
z7J(E#Xg9<-s86N$;8OU`?*_evC|d}ONZU$_>}xdAheo@iU=9oRfo)ZGU@l7tg)dB$
z2Mprq3H$oA2dL2y7DGER4S7x?SlHtQ8sfD85G@`8{0IVIsUBehU<IUc@U=jDfT=>+
z%$mWN%4IYap?Df>4qi|$3fY8s4nRXA<zVjded;SsIN^e(+?);17jsC3*)|k-4PaG(
z$H6a?iWiP?#;Z?rf+G-%1Cbcs5z=g0;Ou~ef&Z~+abA(bd6m|M5&&|68Yw+oSn$E`
zp&(=(^Zx3NonVZ1^9IjC>nz9&WopQI<DFCScC#^qWO_PtAnFu|5m?|GM<38iNK0xD
z_#*3b@Iyc_5h`YkkZU3xGB8huf>=G64jjrh)<!U+MIy%s<68~MiCUDGpbG>1gRzro
zBMHb{5lZZx%xn?8gA<@pS3HZ5yAV|(E&Ww%8a}3Of<pz_l`c10gxW=7){BSGB506@
zQA(7jNrODm0C%D&HA4EdN~Ab;rBhQL4wjHc1dR8|qu$s3*MM<J#m5ibtbDP^MI50d
zA4~+o0?z#Rl@elokgq4q&{+{>BN7TW_}@c+;BWsW2uW$$pcFGem;piz7e>Ntkg$}m
z^l6Y5J!Y98SC!P5`0Ekc^Nd7@Q0V3$&P2DGXVK7E0?`9#->e|MFAaq#fS&H?(#CZD
zZ820O-O17QRuu|OrC15tN=GKcjsWk_Cfb>SCW*JFCn2UjrKWlXj1H1`9SJ{1X%<m*
zDs;!dxEBX|7&Dnt28UT4f*lSgS$ER_F`;PJ6rI!zvthx&fq?r`VYCdjf)O>5KGRNn
zx)ayO<*yZj;u~e$3>1%-7N*sa2vA1dbf(o_4<;sRyQb9J1;WE!3kYN*Bw9F8fj8<j
z8)g&Kkl!zu9TQOp2?W%EE^j->bO|%#YMDi-68&EaiY}N|$hQky24Lk+-JiN0@XWF-
zx6sei#)7<uoO;Fsh22QN4naLuP&3<0SWsxInGMwsCpxo&In5r2aztBgQq&2hWKe64
zqu;VedNY(cQ8v50?^l&IE-VR&(N}zhzqx2pkngMkShN3$=-f7?$jPqB^L$b?nqhx_
zT&WCuL+K#}mbGx^g_g(vaz*Z|m4h0A4l$@XY&T2!Z$wAmHtX(9aW1cj9vV?O$mnzw
zoMPI|E(myZ(pEBF`J{r@@4djiiD5QV$9Za|@8=A6UP5pBgPP{U4W!GkmG9mSgUpe4
zN29&Op+wK8Jp(8Q0^&pPQ*;K#-v#&09^scIuS|;boy9DaH#{qU?b<?=EG31_Q^@d$
zJ(jrHaQA>`?8dOG3khAalw|Y~h5oRNBXsAXb_jGtZPNMa{Umm$?`Blne-wIaZ+=@&
zR*s8?{Ka^QS3}9mOW5eK{Bf^C#`KbHV=Udp1j~#?3yC7F)D+HNqPMqO7DZRJZZErA
z*b61uFsk#NqV(mo?Ue1>{!qe`U7sTo5z_Z^rAbslFYFzI^s>g!1zUY{Ra;A&han^B
z+v|*?3qDfHMVmz?ro*)=t_9z97JnM6^f`)t`xdiNTs5Ek==&O3bGSUe{FO-~b)K$3
zyAStWUwAusDFnlOkW>1G6|+Ekq)3p{xoHNe!KkI5es?S4+nVNnQ<Y@WxzahDe<x0{
zA3Cp4Y?_!x*}+qJTsyZHljg>JU}h<EwOHJivhE*LnERX88e?xH3Kv>3NA+agGe$ka
z@hi$2D8gOcf6{S;zTLOgH4<Gp_pY=eP-%iW?7HlEsUgO)`NllkWajGFDT6Y01#SvI
z6QYo^&5xfcDMch5-4~7|=d*dAzEd_(sZ<iUdj9LgTFj-A<7TN>&z^6+4BF+-|1I>f
zeJS}Z!=j?2#j=W;^`*sIH6?~$e80AcPaQNAS{ApjE}yy_KYLHpcvk+I4>`Wcf+3fd
zZ=q$A@xWM!$J}CQn9PAh`h_7`=jvbF=ykpk6ysg>E;|eIThTRzj@hM$pF{5fy)V&A
zth=gbs%tap_Q$mE$uj4!B)?LVmYjZ)_NU`L^mZEES59yGo~^Lsb2xaY)_tExB{@kb
z&!TpnRYla9;-~DkI0Nqr$*2-Z<i~_p0#Pm0tBLmaN)qx9rQEG#OrEu)Jz6?RcXdX7
zjq6qP@v59LPz)9y$dw#nsC|9i|C>W@g80E{Hh$%FzbKlCU(r)O++sO$<C(cXhS(0b
zuJF$G$X_2PlE3s|M<>PAed1|Y`<`y6*M&_c_C*QvvrcNa>`5G+*?655*wyV4Gsuja
z;<D8A8U7)Hzt*;5JQvnfw#u}N$)D(T_=4|gWkkptT5kL&FHPsp3~guHOk8^oudtdF
z`uTvI5?auplT9$^9_yoz<d3e1?T|rJI!rD9d&$YO%&e{m92z~-!HqA+(3)*gwQG=d
zxvA9N{gMyQ`-Z250!w>%d;NDme7G|*elv{`!{)BwU3AOGQmlpjQPC?ZW*bGOzT8LK
zG9O(&Xo@p^8Mb13x_j32*yYH)4~kD8?8+_+*g87d(Dn4J(;P1GC@;7fC$`TTjW@Lk
zGnLa!q~sKk9)xSg8M_|8S{f~>K1XNWpBcY0X<A(DO`t`^LiFdui~ge7(zmNq1L!6y
z&GRH5(n!Pk$GPTGmhOJs+zM=Sm$<nyhG#=LCGV9)?ZAdp$Gnq!QQz`7?%J@p!VSR(
zU+OtG&Tcyr5lQ`s5m8ZlT(kPYLn;@~;@!tMWrNViuY%qr9J|W}Gwq(GXG+aCGMx8h
z1;5VhAll1K2v~Wv^X##<w$>Id7sZRb1hGq2y>Wd8UCEm+S<1p<&vgHM)l#G)XA}j7
zdcRbLwf^};`m`!XsJi=ji&m{ON87O0NBq^J$UZBF1r{A|-{NQ!CT=fTO>+~aKoRs@
z?BZo_YtC%CtBp4jw-~sFF85OHt6)ks_B!!gBRFBRfBPUzZHuuu4ZUB5m2)+}*J6D|
z30DN)b|CMmFjswVpxXAHv#gGK%)&!-arg7q%NHZtNh_=)4FV?IP-!_F{U4-Wt(ulc
zypiwkSPyz?*hKZIc`G+BU5U^qT*($=^(49~gsl;uvks5JEjfnqEhhcU?!?sr?1k7z
zLbtr_)N>Z@73+@r6nT-t1mE4M+>wQ6x31l~4wIFXsrL&$zpcl^H|a7d)qm(-ZrO7n
zIr!S@O<||VK`OnK<gstD9hF=4^2&StekD!&66#4dOQSj*gVr1)GkwK44X+}@wz<}j
zVRlK;5w~N?K9buUjvrK<kDRYL3|)U3%k8eZBUm^zoXvJ2HmR^)^5?wx5rGm(oUl$r
zVe_=A0I&2vs92>%4+93tn!XnqOQjY5ndf;V@n-o2Yp5s40@&6<`y|sQ2O~EdDbti$
zJSw5)YTjjatVl23uxdr$a$tWj<tg`2Q(kf^M{&H0qR^#JK7+|$&Lw*$Ay8yTxx&II
zRrjFR&h-LkK3VaqogQ82+{iW2EcX2!UX^3X`s=G!Fokv(i4D1x$I@w*3rjj~E>GV4
ztn9RzHgTVm>LPZ0x{|#zT62(9y7fuU!v4|XP#Y$Xd7~sR37gpw5X&7dm2V-ouPy9r
z&CYR2CH8?wRp)WB`Q=KFib-byYtzuFHidRVVwtHPiKUB<Tz`%zdvo6k-t{Nv#oVpV
z$S8{YWm=2Vob^HQe-)@G2^uWKlVIsDsj~_+OH<$dUqPMD$T%?_U;LAPM3b&h1<=hN
zQyVLFfT{cmim9vL(Va(I1N-e`#&>5tCyij!F#X@$!F@$4svMfwj)J#uc~O=~HR2OD
zXjrM~8M?Ebuu%H0U27ya+IGhN=DNVm9f~AUr#%|tEF!|Nim_h)RfREQTj?`927}#j
z!IHmu^rB@5gJO!F`<(j6j!R)jmHBuf6~|v*jt>r06cIst^k<^765U|sr`(trNd6rx
z9Ta^&ERDd*c<3ul3=tUwazzLvt&<$U?7{oL6%rK7sdi@23V{(#$18OsRt3`q){)Z)
zHA+dv$6Xr*0R`Kwj6n~xAqk8bF2HI#=oEIchoq{37<B@Xf@X_P`>;laerX9a$oHf`
z5(05^-bhB<OB43U_bkYtAg7RQk0$&FI4Z;s0@8uRf}jV6vzO?hg0}pG81(Y#5kM&n
zKgKEk!DVopekmAX&M=N>;V7XV{AC<KXd441u<qCgtc+t&Mw98yHC_+#frtO1rx5Q4
zWERqelJW028xdh3m-p;eW=};H7MW+0$Uze0!punL3WQdG(RGp$vP*8xU?rhdc1PG{
zc!3ZZA{7cJW3_2P!uZOKWuThu0PqD5h0sv<r&D0*w6tU*UJ#<m&W_NYf~yF505laK
z3m`GGg#)G!Km<<WFVd%wL9>(bFDSf2G?X2Z{mJaY!6wpuPGhOq0s{$^;T{@&B8?D_
z2W5&#BYZ7~EW&1^zlvv61Z_zap_&Q}-r(eP(Lr^CEhsTi2Gg2qqd;{-X1GwBaI0!s
z7v!+sL8@hRunWls;h{GFBPS5?v|jod4$Pc_b1J6)Kt{kC-Dy#XFe#M)J;udZ`hYC@
z-K&hzCHav}w43*1bt6vDKqrGm86=)XVDf-n1WyZM$4?Pq7K4ESh7g!deu}9Ch@k_M
zWipq%&&QnzJrFh0XAt#N-HaZ>`F0V7lpbO!0S*C5tPXxmHQ{{PFFH>`P52Od0__6g
z2wzJZ)Fl!>f^ob0%<dDCGiX@YA_zaN2FwUciaITR4A(y>*hUZpha~K+E$C#h^nj)?
z?iTrmSOlGi!1sD9{<6ued=k_=8=$Ej2R=l|tCHA(O3;o26b9&=cisUY=tW&<&~<ds
zS;L?zs$j43fNG_nJX0$wN*NjBLgdL<rf(!>9Ok)jFBCn{;_SqF3xb6rrh$7QnLvCc
zcqg5Svvo-k$3z-M2c<@HFQ7n^$-#6hmEf-)GQ+b)2m@fbfV+~EhL?vtXP2NE&K+m;
z%UHBPCqs@xo1hs=inA_VGfJtqC+tihGUt_x<YZ99H@vO2)r>&+%%|v6lcqXCp^qrc
zn4SnXoUz2l6BYzA1P2Nep-V?=ElWmQqU&IA&O?=nb0@=wPL0@oO@38I{)`3=?4C$I
zNt<Du4UWQkli&<QDe4_@Iqk10v`Nh4RK?%VjI&Kg5=vCoIcaAQa5jVAR=%!5xqtIF
zeUGo5C2X%^nV<Go1kN}PLusStLrbAmUd319YUFOyP4@2B+pD3(U2SA2e00&NA|(+0
zlgE@dJ45M;!j1j@i~luXN^LU?Fp``-?@Pvu>rKk$k}WRCf{Y66Jgy{OH{UqW+gR;5
zR=8u?wu~sC)4*W!IEF#q`I~w7<ScE_nemzoUoWV9vSbs{QleQ7CDr(oyS#S!=Rc^2
z0mrvA^)Kp#^6;H`Bvg_-!K&=^qU-^Ea$gOTzAbjYwnM7xhu4M66~{j;jzrkj)6}Jg
z(gqU+L?-s1Qf9xvPTmS>On;FPz;Q+CpnY#+H@<GbQZ*zw!Id^g==Lk+MBh58PN^ib
z!EwEx!&eI&eCXcBo5f1YGD}Dw+V2g>i4LU&7yS(Hn~Y~Nfh|d^yNoQelct>lisDCf
z?+&?gZ8pp=7$^rZ{AP~kc$s{4Q)({kNA@Bk^L_T+VLFAF=$RS2v#kqV4}xtwls;J4
zdp(u)z&wc@ZaWo`fgdeFJoQPksJiGprd@9}YwO6Bh<mx*Q>Qv`?uTMWNA#g8p4}Sb
z?iOQj0jjE`yioD0|HX!Hb}z$Ht){xRC?hg<qsQA~1?%Yr`M*^Kp22@^o7m5oCRF^`
zwq$W}Du3FRWoT?-^W$8gPncMx`k&*PUmvWt-2_((^Ca@7^at5&iWEOpwUDhw+odMg
z_4=%I-oesNuC%DwTS>p2vJAcRhiQBq9Y-bR`7Xm?%vicX$AqM?F{Hk(h0Q^fVwACg
zqBrjMzF*NF<-7|`9iQ7iHIGVo5zkf4Xtidh{PHMTM|Uf9P+D?y=UGiw_`A>lq+?O$
zI=mKN?9P*!ko~*one&Kh@l?!@2|PQY0=1*X*Im4<5ifUiY?!6olm_<5EHdpe>GE-r
z&9m*+&mz+E>YSQ!6bf!6H^gwNe#^N`=XltlYOH$O>!MNGXkMZM`?ZQEOyAg1M^KG^
zCrs^gQOTR-&{4@gJCDv$<9x4}hc5Q&QM&!4y>&&lrEggzXbQu*Q~SO;VcAOWncYf$
zD6^9l_vOV=A7wEk#{Lo0{c5R#-naMk37y`@RU``BGibQea_dWuh+f<-MT(J~M~8Ox
zCm%=uhW<UqS?r}uo&d7L*hc7O-_przH_y9Zc;lw%G|{8T^Wrw{k#6Nj++v-|_qmSy
zTs_PSZ&+^IR)y;YTd|QP_V)VCe5l^BR^i(?t_q+s)pk|ONNc^3vbOg~cgNRfE$T&z
zjjevg4@cwEL*|#A)z1yH;FZemdt0!NJ4M+2F>3lUG@9A(GRzVu<*NQU&yrxMQLn6<
zm#(8Yn&Iudogn!nx0vKkxm0o5)_hxRe11GaZ8rWI!l=S@?)rLjkb8X@|3Vc`nU`@>
z+0f4FYd6}O*B|sF;)>Yy!Va>eKFn4TRvVJ)iWz<x6QkcU!5Aa4nn6<vO*s^Dp<FON
zooRec%Xjyc!l5YTZ1KGD>1mk{i|0~mx^l@=t-Rjk-*&5EG#=1amZFt>(JzI)L6!ME
zWxd6Z^$+X5j#0WZW?yx2JE(2QLt|@SCu4QB3g=1p(cp*`AgLUqJa2SRsU)el1R{}a
z3tOp{fiPo(+Ldqcmqbd(xU8E_H-_(FvIy-e@1w+DFIG!?-R=a@3%x3F%lK_~E9(>^
z*IoD<<5&XUl@H<}LOgdTdsR1`K6UsFOA*)z_-#?<Jc(>P2%_;S5?Q!D1d}>7gf4jx
z3BC`79y!;xI<r&@A6F~4+-oWI)hOv*ezQi<xE$_rdiDPOH|$*sS5)fi@7btHoSwHx
zE-i{&*)c8IzxnB)onHQ?WZ8tLW6$u{PYs{5rK!TgA9&uKfB0x+__*fC>jG^EJz@2`
zj<owh!-5UCKXtUfKgDLe$a}6u$vbm#KajUCoQ#c0U4Q<1Csgaq|DiN^`>OF4Io{FK
z5qB)@-I|Xi`?9~o?fSpaQ^Itd+eEI~*$-1HW9lydpyIadU6jhk^j+haZn-B3ic_yF
zC(riFKd5{qPIfI^UY=C9hv!+*QrC`tQu$aOjiSsmE9xJ%FK*Lj=47=5d6_*HIBI%(
z>fxqs2hUh>hB@i1;R3;9j#-zCda11IQ89EmJZu%>$1gCJU6x1f^VsT)n5>@(Oc3R8
z2$hg^z+2G5^yg(`c*xS;@bv98I<quUZ_#fN78vXX$@}+<+gb{JedZT^T41wv^24H7
z$?I&xtJvW&NpaUVD0ed3U2XID=OYXGqf&g`MAgM0+A4ZhOnMxaFqfq38*yUGSi_YV
z6pHnFf0baLibVu?e4i8eYNJKf+>xS1E~CS`CKN;YsU(!{&BQ6)c0<#r-GvcqJv``y
zVJ=JNvUsyun<kDcjI2k$mKMI5y`vGosZ^6}lroUy=TvOgIH0fc`XjFrZ;yVax?Lml
zadGcL<@WQ*%Y8;9YQoR!rNz|;R_6YE9IlN0j2(Tpj4ymqa8E8{Z}e_C33++`qp=k;
z>#54~0x^c7k6dqT+;hKsv*23)!EvobbK4vpgJrb#QTCNWw%l}-nk$K3#BQH^YkETc
z%xpw@c>1kE`ly5E+>+tEV)3B&zZcwXiJQLLM?XvSWVn)?nyl;pIOrgv5kftT6>ND#
z3w*oyJjYY4$PT5u(tbPAcU)-=%`rv{|7ngX{-5TU^u(e0ipzBxO@Esv^F@j>AWVa3
zo<c<P%vat02gS56b@ZHkwz!+Icy5RGFup${>uPwq(Va#4eh$$~)p&XC)cT)uwbFl;
zq(pRR@d_wGf}|Ac9M@9^Ft7MnDFSWG5R*enA4T5wGZo@$nlP}Ykp-yY8^Iu9u8nAs
z$9z^8wKhjVF8>=7G<dS?sVOLv6WPEVn^3&WdNM|R#}C}3Rq0cWgh=3D3zSkgJ!CiR
zozP$|=|%)Xn*9hA0@<BFWa>n-R~yIR6I9r(YGas*H3X5Bqk~C#CN2z?gnvdyYaxA<
z-l_lqb{f|Xgg!rAm`DK==rMRk<>+$BBBTi91e+V@nl=L~q7!QFh*YI~_g@Szm`srH
zeuz}rkjHg($NV*)aO`TLtr+~EA*2TkgDIt`C6!OzrDGwelff4n%^_qD8m3)F7rqIL
zrV^P#LI?Qwav*{J)XaLLgo5L(wUwb#9X6iqf}zCE3PmxbWe3-@$jbnB+wkIF`GfT0
zzy)|?qFP)<(~D*gPCDWd<)fxHnV^WW!649OK4$o0WN|e!<P>Rxiv+Z3m=T1A&7)r{
zTuA@-r`09tQ)HyvWRnSM+JjvuNHL_Q23FsMQ6gEuMd)$U!a3yM$<)LqdOnQk5Al`;
z5W<PybmBX7DS!a6p~#0E%jfz9MR`#MP8>Tr0J=f4r4AA}UAAh!DgfQ}?J|msI`up<
zw)WCwL7EIqjQ@mRq)#jj7DEp%gjwdT2;m;kF$>bjOd8lC8iRn7wgMI!EO+U=ClOVl
zaq<Wh^CK=Bx-5iWpn)4McUeT(L{S$EF;wM?B^hJ2zitf7q`@#&4*=!FArSQP9Dvdw
zZw}q(5x`N%?7<m1F`%GihY$n_DFkN-Y=JC|<a)-UwF@hK`(x{bqJ=nF2@&{O*}n=g
z9S<XG;){(8e85FL?U0_u1qi(QbX@J|IbX=25X+NZ28tY{sc_U`l9MZXdI`R1T<Y)?
z#98s=gfIGI_OXl5jTyRGXTL=;WDg{2X^OdJ#VVNRQh?eXdDY7zHszToH9VXU3Q6<p
z%oB<Ug?<;bw_R`|_QV$<Hk<CkeSyqjA?XnUxDSQ%_nHVbg*Sxyy(!4%GQh04kW8ek
zxgMNcgsOFL?~%T0HWR`HhoCMDY7lluNy9W(;^$O6NU%&i&`={JK!LY|f;*JjX+=$x
zksI*0DR7Xe%gM7roFy9O#EdJhjr54cqwdn61zIz1@NyNQW*CmRfXV##^Cg%*yK;mD
z_f|V$B@p?=l!o6)F7MT<nn{GV2YDp`*qOn^XZ>a-E|B25eHUQ&K$>t0*)iZ9*9KLx
zV20<`Q<8kBSqbSCm<;=mfZ6nWok~#0ph{Owz>dWLnx_lTKA!8RCUj5vcwZpG1~Vz&
zZ;G=03tL##KZS3qfoG8nka~w6sin6_+~r-q?AL+3tX-eB1r2e9b1X`AH{xfSTIJ)T
z=0U`$8tL#rpS;k*$?#aof3-^**=P2`NtM&-evi0faMbMUKQ8~LucjqO>-v?P=BIq?
zV($|l^(-Ghi3=bbb=%#SZ-zi4k6wB5q9v>Gy(g~c#lwTj=FG^uJY&>lEh|dWM+MHL
z9C}#Xk3K`HGmPi>eTPJ1+glDJC#*cMx;uJ~FKC6wRf)Ne^e1l9)8G{o@3eL%{zIn$
z?!3!iE7}^?_H08w4}VB3h&vRKSQz@g{>>z7p_5f0kY^p&?cy|f-J{GuM~6+uSAJ<(
z7?@(#m|Mdbgpx-l-{&dzMW$~a7g)>LHt}-5DRsZ0Us5Rf)+RlIz1=nZahgQ^mXQ>3
zkY@aba#e}{*rjdE+1E03k<ZtE?#K6*eEAaCuc|B;*}4)@$l5|4ORjZoq>r1yUJ=V|
z#$#ILm2&x~4AK1Qsr9_ebQYrbs;&D+DJvpV9@{Qt%3@fJ^lz!|#MOwiKhVGAelV5I
zU_l7O?8Q75XfHFrgxS(JPgATWj;<UI`TJfUAChc#3N^47R06xc?;q65TqUxwX|;R0
zR<qK^$NN9bX|p(1I^@U0CTd#>T&?o8tBZTmdbC=8JY#?Rtv>Ks&5u)H(ye6|C0+Pk
zYP)!TO#k{vw(unmg3on_i>I&ikT3H{ZCif*uBH@e(wg&RjlNVKUDU&>l_)RtR_KW6
z_Ay0y_J+Muo>1{Ws9!$V;t0NNiI|thL;4}u?`JM5zQ;dJmoMlRnA(}`lBRtJFH4Te
z?s`swLTv^6fnHK-P-Sa-%7fyJwB0b3PtijP&$@;$eEmA}X1|zNAUc|3Meb;IVE@zo
z498rt5Mi|dmCq_>3TN7dL`_Eed2{E23W{z)p|xK{l?^WW_Jz{kz=cb(qG|UoIXXNH
zZ?hvcG2gc<v+xUTt-jrL@vub-TW#KTgw^;-|HpGX^Fp<c=k|Sl?%~c~n3$hu4>*ag
z>v#|@?g-nN3-FuxY!HR5j}R>woK2W6xf)yH*5KBG5eW|a+JAQ}j9`g7vw-Q%9OM13
zi*tV-vsVp8uQK`ngK|3@%UpAEk1jTQsjZJWUAcoFCa5M%#Ts$kff<(PSo^NYZflNv
z-u<_s&Xdf9)n}W7rA4t5H%-GWuc|y<r<p9?{0B9@yRQ>GEq}^n$&c7ezb(Gnz{^c4
zKs`eJ*WR_z-6*Hmgw?`-KB}dJf}<d|msu0In{dPHrx8oU=b{zOEe^b`f+UOX_O0!(
zgYONca?_wK+}K(EQ)GF6t|3!%^2|3Wm!U)tVP3Bc8^_V-SGb|H^>P>7CNzGqV39y|
zc-oChWlEu2@Hrr&Sp_zgJiQKn|ATt<F`>)2vBDy2L_UJ)=r`b{3ZIXY4LtqRx&bfS
z>-a-!RlAF`>f?hTwh!a0re4Zx7QbujYSE6eUT@QQGD7BlTCegwPhh2Oim()4PsJr-
zxHeW~sv`1E@evi#cczLjrN&oVBn*#!yGLFr85O%gnBi<wqxXU!o$d@}UA?$x`Sz-+
zN{kER`h-MYP;x@y^`Dy@`I3n`YcnC+mB;x9d`tIVIX}tsUeAkHdHcSkIP9ZSvpM;r
zBfTSTs(WiDoe7p`>WA~DcqHTMGWVSKlllt;Z@&IQ!1BmPs-h-ETQ{Syv^$Y++w$A*
zwQ&8XB%ghM6B#$X*L$tTi%xo9>NT)6e;q$*rd&&cuH9^0tIB`C7Qbow?WujTln_gE
zjgfDH!#~Y!h7?}R+$?{^zr5jKvfJ~-<C;!XXJG%3lIhH3<P(1lkJl5uDL;pTF9u(Y
znSSkR!ClrEwtL1w%AcztGSHlOsRA+?>WwQz+$*dWRHp@-J+77rOOrOpZ7@fTGt?3%
zZ!A-t&1gy>Omh0_xy~Orqn>?(-oy3d__BffE3I}dY&@s4&Agtgm$X-mczch7gc6%>
zwTAp1KV2nQ>B`>uaNmNvpuC_~eS?ap!rZWDCMIu%VAc<nMCC?axJ*W**^?*9Agf+e
znkZ{cnf{q~`+@;Cs+wFaE#fZC!=iQT)c%!AB{4zrAs57gnJR3&GK^dcOv?@0xm&Cp
z_6#g!Sx_mfoFiAJ*ke-Wcb3v_tMatGRC3Is^66Brc_a1x6FXMp_!fO1_bS=!sa1z@
zA)3Gyp&yEltl8R&5?4mshvxUA=#oUzFK}sIFK4;0{>11lV_!}>W<Y1A>Y%B-m<>%l
zHET4HxGo`}KG>8y9XYVRvAP%Z_S=0LH^Q`w1^Dq+sgzldhpWpl6i%Jl*I!E}WVx;@
zQ0|pRQ0K}y1^7q}83y*R8AV%KUC{ZmC-^fw>rd&EL-W{oW<yQ!*WVC6#k2fwE*>_?
z1U&ho$JS4;yDF^7f3}!ZYdwDAR~qAfG3n`JJ1aW%B-)$ucw7<+&xutnUtm{nCf}&E
zlcEYAV5R?ZYdFnGej!HWdXKr(I$<Sa?6%i|K#rdmMooE?Y5F(End?W6*Z!xKGPh)c
zj)@!>s_GM&cD`x-e~M!6$WD1iK!d#s(gpL(<vr(A4OU1#HzCw17|QColh%w6z05$I
zuN~=BT-k<93~g5Xy6ELUUr!tXF9L@`fufb1O#p+Hz4Hd8@et-<7QvbTYb5n~BceT|
zxHWLYR^o|>Fz;$%)C}~71}=H@#Aez`ia8=U@Sqd&lsuUnQAC6^xGm4K2)%JOpkker
zi%ylar6m;y#<S!^(77<j{w}SB0677|RPG{!eRA6w9Hao_XpwGJqt?y07v{M@eL%FA
z&{cv<#fd`TH&>B2C+yu)AWQ&cU1Layo!Hk}*`!DaK~et~j<(;OO-P;r*8!-8)Cbzb
zLP*>-%^8V5=cIA;VpkZWtzhZ;Rx%U*Ei^o#vLUJhK7m_@xP}9E%*L0cfv^S(Dacnt
z8%Xw<(%x=ZHd(^ne;6!R@278PLg~m5(TNA6i$am9vWTWHA$v4xXGS(NQ71z^KJH}E
z(eR3);r#(00yWT^KH}nHCbo0V><KsxTj$7#8!_@$u~~q+g%(J7^U9h#e*Ad7Sgq2r
z^i%@v4kBMgv7Qt_QVX55nBSS`d2pE`uRqco;8i2qT>s{=)ouV_xeXFHCxGMn^h~@r
zFz*HiO*IR(NILX)B6$gAyW}QsI*=!u;03@Mx{)G!MwA-;@&WcQd-`Nf?k`C!H5l4I
zxJm59w6vqQCAeTwjv|wcPIqPi_}SEgG~~bkKH~!s2#B8`%uG$SaB#jsQ%esb!=xYw
z^cZ!*8vX`P`v-%9xjN_!jjpq$Ing}I^73-bbZSJ-gb8x|K$26o5%(uW{{ad%v``{P
z*kDl6+Q^%DAgXSH1!;nm#CTgmeCY&=1|YSV08tpT!nC<-|2wi}C5;|JaW%(u2qjjZ
zO0PRP7FzE!kin*t3d~hv<+}$BZ}2>(l$6I^uo}3b?_+AVF8!^(fy0#4=y^|=$0y%1
z&R;M%DX@&79zgZ#L4+JoULAto#I{Jt9FSg+pOPk!0+g{dzaV7LQ}LJ7ktP;IB8(}e
z;zeTA+xW%0cjSrmrLVOvNTX<`H^IaZ(@=9^;F2B^bUTp;{ZX;#zfu5&WZRJ$F93x>
z7M@HG8wFm;QTL1fctSUjC?lINDCRFZ;gEsE-l^ccW;AF=^wc^sA7(PBkyZ=--3SSI
zDpATcHPJ)1zig#Xsi~P6K^LieJoTxOcwn4E34MYZlMSR^hykt*A`9WweW5GRznK|R
zr_5RZ{>>Ti8mFLqlTJN@2PI4kZX>Xjfsi5Z&A}dLT|i;AIT?JR-<u?Rp@RmoK{hW+
zDWim5^mdn#`9wv@_ekSB!f*}$AF93soXW=i|3OkH4N7KZ6CxvIwCpW=RT78n72=RI
z$X<2G$ll7%COhFAqs;70_SXMCdf)f^`(Ib@_407W^PGeGbAOhMgY@|xFWS3eP$IPs
zY1)43l`&WiBw3@41>&Q1?)M6(WmLUgt2ZSlH-i+W%w*5PwqdZ2%>COi!^8F~C}XdU
zV{!iiLq3hn=-`#hoX=k^zIE&61B>84l`>9xQ+ok@e|u*BchprUZY*~hy~1`!f+7mS
z#=-(*G$kTe(9@RsxJ&v!7K@3W_e{Ec2ujc#TmH@!hYRFccbKu{J$O;b`1(<ZlmENA
zya2yXs!!R>r>IV6&d(SPqP4()QnD(G*&(By+qN;*el5dg-56QlSR`t<o}DQ<Uvd7H
z`?yT7QtcbBZzVI{Kg^)oMu|a5YkZM~du%&7ti#R2Vnv4SjZ=N`+lbFzR#KwOCPCji
zrPZN$&H&r#w(j;Kv~TB9k(O}mrIKBxg*ui}j|>%u{Vu9cR;e{ME|+s6NOf<WwB~70
z0A1VkwPC7amxsgmR|+O&S?~0pT{v=aQ9OUnV6g74dE8I+db@O^a_@<4zf6WYaapQv
zPSTg3yEhkiozQle=-7IHeSe)_rKKhA$4z{t#|w+-&e)2GD~ZzfTSjyFzjGAeqV8wd
zx>peBW=o=?7wT>$e~CCYhWko0ZL%q+Fr(B-6`~5wFR>tkArrH5zTZOlko{eh^}MoF
z%0Oc3w#8n~4w<yfV@wi`qXc(_o4b*hsXt?ZF+jyVvyQS}eOrsKw(e1)`yZryt9p+!
zV4%<BCIg0t*YtGhkcrf@shOCt?R#(gTwbLb=j*mPJk_2&`3ITJU!%9=aiKEh7A+f|
zNYJX1iZs++>~US{RnbCZtiON%>b!l_-m~!Br(`|3r{26)@ulW9p+Xwe+;h`OJDUEy
z3ks{udDWO_y4w>v{_;cBv2rONM8E&^ALzU6)2ig*uqxbn9`jx%Rx~rUdw6H>42|<+
z!<@wQr}n>Vf6dQ!^0nlxGmdiQ6?SnuWtwoue7<d;cqL8h!8*xH#wouk>!l}799Z_X
z_o>Bij-alv_z=vCP;Usn_drR!@t`Zh%4f7N``t>`A^H)d_f9K<?C0w3l{H$w*qv)1
zw=b8Vti64>3x;&}5+y<}O?!UKv~Y8dw!0X#aNO$I*C#etvh002mP6XpQgvrdbckAm
z^)38LNEn&Nc9R^_BFB`=0+l3HHB33fd>=%}tZVEs^(Uj)j!U<+iRbRaANy=MxfIoI
zsyMCud>ItagL}T?7X#X2MR)AlEKwximIue`H%Z><)9+AB>AGcEf2ohiv)!~yGG95l
z5G$$Zp!bE3Vk~p){2;^QrEh4x?{UjfTT$x=rmZ8}3|7mxWd9&}PLl`c!iZ)cQRl|Z
z4STZlqie-;!U9rkq7Dw;YI|#Y>hFm_F4@6L!A&D?aL9kW{~wnz_>Aj+m_l-?Am`i{
z6+%M=%P}%W4zlf}ufNcafhr@tzq9!GCKFl4TYL(_B;wG~BLkksf5C(qoSv?5sRTXl
zg2ZTfLe&t|YUGbduI=;uL6qOC1WPaMhsXUvv@FH$=uDoE6gDo;lQMO^*-%?S?cw&Y
zT&^+ps^x<8u)z0%`Qflqi&^Xs`7g<1TtAXzi#oX+c+M~GA`X~uc4?NIN}P?QswP2^
z*IzwoC;TARo;!P)%Sq?g8#|gXUq8Nqo}^PKVWHDAaeZcvci%rh;m^hBJQo-tr1=QD
z<zeNrkJctz$#&U$GxhmP{%2pu-F_|wdoO|hCKPR@4$<&XgtgN-Z^apw_DH@Bf3lb&
z@#<d(_kvNOKPIeFy0W_~9_pG%J`cO|$x`TD=}T<OjN5id&8I)esjHSLSiPUQEV(0p
z5G3H(i4Fg!G-8|YgOpbEeIsCH*1Jqa>87gh@+GhLSkdiff?~EV(n6}P&CN@Nj3>9f
z-nzayO)lAxRT!I`YH&UeJO7^a50Z5xg(UH)g*@HCs<u(!h&$>)s#qOjuc?Z@WV(6z
z<XzQ8Hkfj;iG^LyvpNjtg3C_7a5#N})|2b4Ti5e59bY$!`V7w3lm_?}jm;)8NQAGw
zZNlD7t4U7&DY7b|5w{t2@jx)Q%5i6JVS7<IuKQ)JAa$y&6A5lH`_XtjCq+IY)pl33
z@J-}*D{2KR+o$fT&T+SWf@vbnbIG|-68<N;b3A1V!xs0&xhxg1@wm{NPgYNS6TT8q
z!kf3S)qN`_Wm|h}+oI5zPlP3{jY;;PU7O71%JL^_KZA!7`{EYkQM5_sR<Qyl8YPXK
zA?5Dq*KORb!h8i9$J!;Ha5q75XhK>y&Aq;FQL?Eeq_gP8m7H!W;%17uo$dEULs|C=
zpO1>fn}55ddM7XTmE_l|QLbRDkq4V@33f;+_Q8)VHygTy9ViHOE|s)B%PMlZv~O-r
z{14JD*z&aKr_Sv(DV-aSWOzniYIH;6G0j+gV<cymOVC6YHmq#IL$N>mss#^DC#BWb
zs`y+*XITV&@3v-zTz7V1;oFIamge4!^Uo!d)w;=)=qs~{sICQsQC<I<m^&$wHecEy
zXk*yHxaV5cP`>ymX*6=Css^~niVwN_)?)vczlc=3W{zPmZhF_s^No&fkvheK6g@(V
zjVqdwnbYP5!^*$TdUp90%UyVz^-FIU<*r}E&>L|>&wUr_*tOiK(oM+yx;Z7-zLj|(
zx%RhklA&|XsOTIfSv|?dqj*gumFLmBPDm_$AT2eclrwe;KVQj<`rQYa{Jm933$o(z
z;-H3h_sY?bG8(`HNQOI&$`>e7k@qxhLr8o=ZXWzjaHSR?@&PH9>jg@vdgPFpb654$
zfFLV^CNOf)(NO$LWk};)GL-oAVf<l)ay3Zr)>UZzh+5)t_e0K?q;#A-Ap$9?=kXCm
z>Kf6X64OqkvVl`Xw4)j|2Yr)BDnY>`EPHbTY=;Tu@NMptsz*^j$a=%1jz0%+l`zAA
zhCS*qE$nI~G}93LFxLC;1EC<`M!>~S;2fj}#U2pS>@y=p24qF-+B<+H9fb3ni8d9i
zCs?8E9N&Z~vzcBZ5f1;5D&B0!goYs8t8i<VLn&E6DmLmtq7;ly=8J#*`vnO~JWDra
z<phu_&Rxtccy{lIDN9(RtYL2~bq&8-CN3kjx=6~NOe9c^x6kxr-!4!?^~pcjgMCCU
z1@~?P=nBFJPjCf2J%YP`X%@x)(Tmh!J&E4jrUI(b4?8!1K(rb3@qj2uSn40U4c>)=
zAFORBz-)u0GH44xE6cHeGtU6KO+X;B7f0hHWInaH;%i*wrB8DFyP!S{3h<J*g?<&(
z&6+kKi5%Q^aFAvTX7{Uhhu{zSKaQS8t{{0+W&~a<km(7<q!vQ~PpACT>wsq(p>PK8
z=HWW&FeiHyJWq$|1Yq-aRosE(ZAyHpy0Xz|7(oF(-MV~P37RhtPfY&MFLYQZ`W(b;
z8bJe;eJ;NttpN`u@LbTuZVI0Mfh1jshx%JXgZD$Aw0&9e$72DRj@aSDtp3S=D+QY2
zQ*%<np;df}AspBMjOj&E^dJLRJIFD&?9B-{s$uzmXdO34pt<qnq?cH1_=~9-DFX0(
zxCjso0QGSAvDF1}bFhfd0ZD*}m?+?}g2Z(7oD?1^93i?98;&O(j<*vf^A5syBL95r
zzkC7^4I~bK`Gj~RR7ngV!A(5+hzSF*A&})xN&x@_eC$&Hv$2Eu1kt1($7c!S@$^Ny
z$^zU!vBJbgcngb01>V6jf{(VV_~&INO+ES?1Y=N=g9U2O4`S4O6d|mcGF+9Ym_|6x
z0^Ytt7(JvcfE5^r4p9t$VtgCIdOR8OCk9mHg~9+VK+~&zR~7qaqTK>S@_8t;w*>x7
z>GY90Ie_8^m81tdxXq4yjDl!B%4&f4h^igv2bX|@RE38;SpcaTDTGyeW6zX}RdRo3
zzkgu+P>eK&A*JlxZufUE>50t5t$+K2%y&1w4H6V&Snzxt{vp}n<Pf(q?`fR?r6hj3
z`GNkDnhctM6Nxpm07DEWqf5})_Fvc_rZ^5CQ>?}CJtJTVg%0UH|Fn4Gz|@~&Yr6+M
zhqnf5`Y#9;(!R6lyX)7vFot5Y_LHh1>Kb><=%G`}D&7~9l@y}7)o?s_G2yd}RnFkG
z+Q6xmtnDaHAML6syMF!XVmH6OX<Ba8I;tAJ>Q_sYjIR9yv0Ro?IO(`VF4+V9_SGht
zp+-~2sT;jwXX>+_zBz4MBvkiy?R4taA4G4Vvqr)q!0+i9dA`Pvxqpz%<=orH8C)S$
z*MI#n6@A3Zq^ieKk8~EYDIZW(?lP|ShoUxxhMyFe21*wXGaSjdIx8-+AZsG__EY>|
z&^m5|0T}LXr8ht6!cmKZC2YQT83suv!VLFCjD~yH6M`@zIKr7T%_y4(P9Aom0k}^W
zuZnxqS6F-v9?;RRr-~7E%I@Fa=10`_J7YpEKbCnJ=rvQmoeg|vb0xTL`mO_OeL-}!
zz`|vPbkgTMkHeVaROH9g<*@xW^&ZVt@3Tz5@%BB&{lah!YIWM^JfP&!;+w0Ta^fG7
z>ozGb?`_pPSKXH^9H;z2+@iL>p4>)ou=3sJiS~#RTXf%Jwl&IbznP(H={cd1H4bNf
zoss!C?!DFH9MQYS*r+zG7D^Ui;cBX6M{dDiquG55&H0>YWM5p)GR(;-_K~?l+RjOm
zDLwKpZ>M`U`oy8?vq>{TmSN%LWavuw6(&vpn}MU__J)^jxIHT7*hrT9jTRI@$Tgaa
z+k1K2L%eB~`$1(1S!aqJIn!?=NxdgBdZpzyTklaTQ8)VD3+LhxI@MyD$+VG^VaUBD
zfk&JNN5<CDje52cUMiHmWgvGJiavj^GbYeIo}0NRnfq11@U4}xOe9%z&J#7gpU0lm
zj+EyIy4hcKP;ZzSy?*2@e@ZI#S9^vd)y@*@o<of)os;^dIg8vMDEP#ft_9tqjO)o;
zdUE2+AH-Z|AgSlTjDnieL|p3P3RkSHtyRCwm#VS-CweZpWwtJpaHE-?ai6ClALR<B
zPLxeBs`BaWh@2QJYY19=sPtneXihWnOL58PFnw7U3srVGN)vN7Z&t~6L6f?SD+Ofx
zx+>AOx5-at1{pVEu;JQ;O5zf{q5JM(Y>NjZm}jbx&-B9Gkd0Pxn0J4lI+rllU@P6@
ziW^Hso)(vbkm2sL^08&MwOpp0y+X-{6N5!2`lERuY?{9CpW)q2xVD1Jqkbr3E`)l;
zWUYCkO3~A4N^r@T+_Bz}Nd6Vwpd2i{e<>YM=g`$!3%F{nI17Hv<*Iy@G7vW}NphEP
zulRh-rzM}}{i~8RO_h>A`?xEfFAFxE9dH}l(%$JweIto0*ECBFDv3T7l*<O2hi_H=
z5^N!4^KvYl$LOg%Bnga+m_}`b6z+Pa{O()oip9-~UXh%se6liFEnLS)pq2-FL<rt`
zL;hp;it__>nf*$l=lu{xLl?QB%TX$3r!V@6jBAGc7JbCPG2BPv@CRvaOBr5lPNkT(
z`1mU#%-^`zov3ng{L_z_q!H^8u&P)LZCz#bxsTIOtiU+XN4@?SA#+2~#q+ixW&YF0
zI_)v3-{yNh@q4}qkwcj!G<h#DN4k4sFQlxfj5JDq5W8CtQK>u}Y&o@gE{8W;>u6zj
z?j+_OwU!^NjB$=F#VC7WanYyO#xp4!d#87+LlK#Lo@;(?L$jfS%<9vpn?ja%Yf4}3
zohV7?NsL7$>IjY(a`zl{BKG)PPScBacehH88yZS-MH_pyT5^ePh73!^_Bo3f?tV2}
zrkCW@A90*5+Vo^VbzawH3eP8)|It3BkfvZmZlsmdt09|6c0=`D`&0}~&}}8bMU1|O
z^7f68N!d{P%mTNN29BQ~bG58EV64{>HQsCcz$RPxnRsEWq&V`?kylgq+f@{M!sowN
z8hGA`|J}6EyN&bTR(&joV`CN@ktvj}d{iD{b#<K%9pI++;sJx~^!<M8`A4e9f?COg
z(Y>q#aZ&IKGx<96qeiBaN0oaRr+%j+mpn(P=P4L{?}`PK*#1~#I5W1E@mW@wb3mlO
zNYS@l;q`$Ucrc8h^4>1hKbzBC?n2PJn4=!MDo+@a%z7d_Pp5o);w@vIWXiZ%Gg>ff
zLM*V<MO)PP4)y2)kAQ#TCo{2o#lPi68E52d&h}4#`D&l8rR{r6qAX}jE69H>(aKHm
z*v-@Op7xTye~_K^Xpd~#!5dN?oZr4>3xI|vtMBUd^;|-`dyhuMyB8)gVrM6{4dvk1
z{J18zYAz}6d#Z1wxMbbpJQeZR7x{FEFzIuMYPoC3b?`-QZ>Ei;ufXc$K+!NiO8fdu
zB$eK(82So&qhn?jot{4`)~cVmz^p%Tm#5$RLm(|(ko>HrPeq5cf7(ov!G&i(yX;FE
zj^(VS=jtEl_!2>X*DQ71L5Vry#YaD`k|qxAC3UA%=p>Ny>Vc?Fn3tSXV8>X2m-+v-
zo`Y&0lt(lgO>HET2Ah-|Q&3Yv@y?_qLFG5*_DUfa`l%`+q2YrK`r?u9`FoQR8Y`p-
zs6{9lr0)_1g?Da3CMl#s33x3CB;6lZ1zilNl1L;9fFB^WzlsupvJBXIs}4X2sVz)Z
ztvw+xPZ0SiBJ1ErFn}?#b?6`Qjvq&BuS9sY@t3QjI1ahyq<BI<4yiT-dgs&YFA#Yv
zB@tD^26O4=VgA-+m|apL<vf_)t)YGe92Izr2ADKtvZ;;r1dsvq0rPE->1_}8!w(PT
zN%2SEs0Yd(R7)fKeR!k0yz`QUu)8V|%>5iL80Z9-0uu+cS+Mnl21q$~4s=G)=i{~C
zB^#sB3V#b)VA4wk^K8J74<%x?KKlH}FAaMod|Kdj-dxIRscXt3F#ajQQ4}0wKY~Mu
zSfK_&h7``}@Caz^HGe$@`|c0C5{o@qEliQvx;9$Aku~%M0p7zQQlk2gZyv8|!k76W
z8e!n^{ea4&aqGMZ`~>Iz2tY3qd|E41w~KYcs0?oF$!TbmCl>k7VvnEsf%mZzaialP
zVGlwl&D}1T-8H(P6CV2N=cMN3_hF-6;Bu&>hr!$C3;rIiuY}_xkpG%w@HZ9#s|W(a
zTT&|TP)hY}U^QY>poqjN*|WfZ(-)>qCjy{H>``9XePB3%mUzOLVMo%N&B@jUfBpX;
z*oTzXLw5>%2obJ)ux7_Ax`0wSQ4KwhDL}3uln!z7pqMf7h8LPZMUuVIO-cyAgii^m
zKAgl!9I(ML9f-0LJAJ!6vgoFMHZB=CGTs5i68pbHHgdcj8xBGr#6_F~KJ+4VSW6}<
z#qZ;9DbOItnQ?iPkJb}?!OEc1LC{L0ehU)S&U$-G(YGOpS(vQyQ_8a#Rs5qO6ycB7
zlO_V_KBYpCt<#}(JBbK(<nRQ4s1owQFwYKJA-`+w7Ss?L1y5>Q+8w~c0w{eD7D>Ew
zA`K5i!6F0NC0sPti&nlIBX92nIwt%Nq0~wIi>q9Kt4SgNJOnYk4j?)^RAZGnbilZ*
z4xE?<0+CwaZbzI~r`d;4S3NkKVM31%fEN1_wZm1t*C`Hx5~6gd1S!K;f;fwkDl74V
zgJHnk4h%>`Z`qeH*5+WIr}w386Y_H=aADNL8;|0No7a<1%)ueVj_#2L9`arKg@qr@
z!z}Cxe1m*~03I;iCa6$yz?6Tg8{HS2aJ-`vsQVq68~UQT4w4~f<30(d&xO4C-(Cm&
z_%0&Y9AKrPEH(&J`$AjVzWOX#F4atc%?<UmTgL<H2zs%lZU4sPYC1kRtZaPDzwK2d
zKSpoKb>~0V181pddYkSlOz&juWzK&Pes>1bo_kJ0SjJ{wX2#_!okqWw9o)$6+_KPL
zhlAvw53T9U=C>@neyVy;7cxZ~K7JY#a&GLaUhPFyKidTD#d>PUKyBeyVqx^ZSLq?$
z>k$}TgRu)zj$HVhD^g2mPl;atgG8WKiEAz}m~DEYk|jIQ5vV#+{o3HKWone1K^D1g
zrBW^tL^+T7f^cC*YwVo&!nJP)v}2TBU#}CrA9!22PBQqHXZR+={TkFb7=-!q7#oA8
zRP}GjOIN>NeCQo?Ag*oyl`*8f%Nv6gO%NyTl<rwtsX21`Q|p;O2;aVBHp_aFa8EYn
z0#n^Z<jA}Sh?3XuWz$aC*T5#PV2W)Ut*2v3E`K4xW$o?S-nF|CrA9TLsVo};I2+w3
zd*XJsO|~o%Zy41YIJ+C-=$d-nBEznPUEel&sU1?qP@8QTqF<3Sm#sc3_+laW_CTz(
zRF=5Jl(Zb*>8g_GEk!?F^ir^8Ta1bFv%sEhPc31kLiFkta5|go`?F$m=B+fME^Y93
z`=7KRb6pb`LY<?Xd&5j}Y=y(T_cwK$L8;&F!s%AY*II+dTg=8+ybmVrwmaSJT#m^U
z;+QH<$Lyzf)5WC>MR4m6S!zz8Ys86KclP8rh4hk^_w(jnhlq?Mai40;t0%1eCQaVg
z+fTi2T$p7c$**+ww#_pMTy}q9$b;a9@kPly7rVL8Thf<<mxR?<YeGDYn;djoBjgwR
zHf>hWzvZ<*nKfY_iacE_G&U}1=JI@(Hc|0=+fSd?G4|M0f2Gp}BrxV|j7DXDQqa2a
zIknu>A7sLlUvZCm9ACWlF{2-ktM&Z;iD26SijHllHa#&11ZI<F{nyOh#%|i)u0P1R
zFDiN!rVC6@NAxb&SB)9<nEtll(rNefJsGNqtZnTOnao>{j0?oL8m7c_2s(Bi#<_FR
z8Zv5V?0z-o4*J3%Dc^8rL*2^iyc00?Ng4*NMyVXjv~`u9(djca_RF3dM1fDoJxzid
zDxc=&?pcx+wk7ukvidU`pw|PQeaPzb@X@a*BqHP(l-g)#Om=(6JJ^*j^RfHcH_q8`
zKY{;G_+zZ}Oeo-v5u@t$bJOVMmhH&O&@GgG3a$=2<wJ96XUt|bSCX+pcz@hR2IWQ{
zYy~^$cd^d-CcoeQL3|%hhiqd)N?hr+e$tHid5jh3?eugv?(lx4dc2zhz5oUTv|e*3
z7<*1LAKN7@V;VQ(ycQC;O*N_Hxy-h=v?gp!(M-d)6<Y6ORUl-4?aU+Z)6MO>wQ>8!
z6k3(waGuk<>-TVO=b^Rilca*}K!zjIY;z@Oy>}LMxpA2-;>6|m(M)=r0sCb;=(^md
zK;z5VJ^6_W47jB2_WhMRGJg>IOd*#dVa`veU^1@Q`s}@>J$LAW^II}}TVK3O^+<9R
zJ9|}Snpn4>GU{H@X)-Q<c4Rxbz>daKgs~?^&q;#$53<lNS%v;e^SOVSC9u^vP%dC_
zp1(h6-EXXoTyl^|vL!z$t`2QQFmFw<S!8-IZqp%TyQ`?rGs4D|iM8ZWgsZ0RjqJw3
z9Z$^^mfoRdc~sFuK_ixk;zw?a-z~cI^_@T<zIQd(X112SD=D8VNzRJC*fjL$ZAeZS
z*BqpqO}XHU?K?-F@a*$ZY1i+=7WLhx*bgfGW);`aXY|Xc_JsWkN2aiQ{;%hMRaO&9
z^E+9k77eXui{x4)q8ryfoiSQi*rKN&j_LHKD!*oy7V(<|ut|S=8E>+V$DJ6khfzIV
zp`Li7(0^m=24@VKpR?SVZ!CaEU~Tx~!TX%qH>GIf@ozY-gQ{=gGVD|HuPF+q_Bbo5
zqfwXpp2aO1nQX^shM8KEw4<I>X~fNFntje6_lRvOP7O9VxRrwHKcL<77SPK>`HkL-
zu)V&@EVC~o=$XH^rOtBc@*9%<YejtMYkE|LTq~KOn-@!-bEPp{2)<!`wR$s$OZ9i*
zhphQw%Mu+K7OkH#-ZLSMQ-%`7nXDlXA74jNF9c9H98lG$WX>tJI&Ypo7U(H`B!lrm
zU-`U;{CPD@*<KZs8(-|qv|-Ogar7<RLF-u=Qn}0Q4$TcB5|eROL3vv)2bBO~JL-iE
zN_QW7rws6Oij^((T_v+UzK440REQOzeR(9yLH_H>@~b%<f(y)hiQ8X)@;dPf??ev)
zixsrMcu*;s(JK=w)=QCY*|USM8oV5FBfUm!`Md0z;NS!ORB-kP%6?ClyE};5rt3bd
zCiez1JKZ2iC$vm}pT4Z)VKjsy;kRG*YXW_)BN7EIvcz;WwAm~oUx=g#V?7H%siDyy
zan$Q9WY#9An8+S(R}qh%WT@IO#xK%UOoqHD_v*x_8Lu|F!7}}7O;bF=I3nPIlb0TW
z((#vK9fVgKFGnqrgX3~gz&;!97B3MI$P)8YTP1g)M0_R<Ky#s1ll)*nm7rT99KW2s
zS`$wUGVZlRANesbLkq=J!DKnN3A<7Vx~>*I%(gk@fI-d468eGoL!J_&3hT!gVY0*!
zKT8{Af%hmkuP1#B=fGPkcco@g{E0=V|0~`BtpTkP%qH&zV8c!$w2Onu!-{bT+B#rK
z2qJfAfnUM*Wy3#Mnd55|g=mBr)$mRNV%j#Ib~mNW{aFD5VMaZ9m*zR>2=SuDw<DHy
zsN)4d3j$!4R%(V}yo{ds67zcEk&WaZ_=H@Q+Q5`Bn0yezo#mTPY&l9<{SfxVBe<fm
zNP%jp<H^kI)$zp-V5YoF8Glys$ec2Mv@|-Ost4;{ShlmiBYYc|d}JK^sk%A^i#Hm8
zwEHSit+!G#+u=xVL?F=TZVMicmcK%um%CjPzs@QqcL6%NXPWMn+ZT;@-2OYfBkF&b
z*MP6$I^ora^r79ZJ~v0!mqaQW_`oc+F7;wPO4D=-jl+d~{39HJe*C|>_oZJcxVX2Z
zpk%`DwIT0oV?-)N9qwZhRj^t+*7K4GubmQsKD*VG9FB0PF9BOaF%jj}3qydFn(MDp
zLA@Q&1mJK0EFg_<_lBGz$P=>BxJ&sP{1o@u1`S*U`e4vj3zH>~_6+B1#{xc4n)@q)
zxvqvUg(S6w*%o4rV8I-Z#9&lm?@c_$dN_T1hR3^zvy(M|R0_Vd&mpzwrh1;}e_s=b
zC%zzn#ShzU>;%$EyrkkY<%fd$#q)DFYk!O4ZY{<mgomp6<MZsAV{FOD;jrFzWHJWt
zGe)3$9CSA^80W(=+@o_zX%;1l!SCh0PJz^3>d?C4<k5yOG1Njg1m*gOi&`E&i8cBz
zxC5$<pz-Ig%Z18wog`aC497kTt(j~8fFCWqdPxlT8a(S*AFyt7Y@O)%g_Dny=OI)B
zxeO)jzj;=bl55tI<H^c*)XE_+so-Qv0HV~`6L>gTgHr{eRlx>@gB2fR7@JCofRqLz
zm_b)2%+Q5IEAey=fY=PHN>r)G5BeSUJbXa(z@gEbekJxt5?3IKqs7*)4`el5V7tH1
zKFe-XaqAG#0hn{JjfYkZ2#rNZ`OR+>UblU}o}@O=feesqi=@4M+OF^i$pOOraZZS<
zSb)96#R>(AvpR#aS<Q5Jf-BrY3`&X;j|@v!@y}#__OLmSUf|uY+qaDDfGxyB*j44!
z7SZaw(pi@NAi&q;PtAFIY+xhH<3HJc_Vw?d!<{D~kST*B?dQfH<eFMRG`-%UT=qms
z@s%kzj}ISiwqJkHAW_&eLnD|IV)Gf%9gYh5QoN;2=9)RHtru2r$=sPys`Jq+#ET++
z)-vID@9W2q%Dy?Zf6>h3^z$FH6cvsmoE@6Z-RsxVFRUyj^xV6ae}y^z;b2h&$@*wY
znsxAvE2Nq3{5Fgc?q_~X>A&ame-$28R4O9AgfNC;N<V8E&>H+fDr}Y116#iFaa%n~
z?au0x?CS2$FKjs1(-n8KaV<xO126Tt9DT=LzhwX}mL6yqQbPYA8?13pqWD@@b^7kS
z%Dl@8x`)QQOghpc2kqXKK?j#ZdwQ5-80ROw8!r_<m%P2tk=CrR16NMQ$!2b^nOEso
z@%!w^GtbHsg4dsHF1&T`p~~2LH5rloSvF`$Q)+mJgl#ojNjKX!xwGW?L{~=QG4E|}
zk!^PmC3`Kak%>|<eT~;sZ$pCiTrgAh%H8Lx0;+DMXExeY$L?4W7<i;$T}lR53phJ{
zw)iqpl)XZMLyVzfvUaOnU)9?8$fqPf=*BAP{tC$A=FVB@`u*t2($-Q<#+Pt4qgv%`
zr~SC=ba(Q%{m{SYGe0!+I`4^~S8Qe{qYjGq2<m&{2!)F6i`7EDJ{)e7+#IIfn-dhY
zI?kip@M>j)RUN&It2ghz^~JOVQ|n$K#}}#dNR4_2wyPO@bDjI??+a+v9h!6w9_*my
zzuQj~4pwLjkLCUn$lce8+qDP6CJi(C1MMs(8#E`kUuEI5+3xVPYW2JR(+HJmC58Pw
z<_o81i-6XtCx1e6AbR4C)12(*V#X)1?@n>3JCnZiTZsWXY_qdgHBDD}S6upOp%T6I
zrC0ONpBVPQSEcz?bJOM+#{0nLn6%1oqX<SnA}vA7*NX!Ba!*F}-5*EPRVQvWKHL1&
zbzbtz@4|4iEL?e&7lCE0%~06z;4Zw0z4U&%VLX}kr(Qa`QmDqG#}fCrCYI>pgBsj|
z=?C>!?@IPmeq7dG6!5s*wLcMbMZ%9{tGAVb@14r%zEan?Yd`uT$y%-g1v<NRk8AB}
z-0!ILS0I5&`=0~`o-3KtZMIjTSBEP;$9RbceUr?cFyb?ORTrQ$bHJjn)$F(Y?6Wv+
z8os`~F)(FT)p^hYC2x=~gN@}foKopt*pW?~q<=k*Hg5U6o?`BF-APP~y_l0NAS&O5
z@q?wgPEWarQ?lH_XI>1ecz)Bq!xl{&u4`87EQ$hV&C_SOKW#F)qG?t#c~M!OLz#OD
zj*c=)j4DmolAg;rJrWOb2L0D(q)Xo(VR_x$ctpM4-NE)o6Stu2&6((c%x&Kc2F8jK
z8BFtg`bhr!FKvaky#ht1-MSN9(~ZB4deD=<*~Dmvoc1hzqS=rcs=T{aJZH9jyy1Hf
zk6`cXTht3s)5j}5@lJMlYxyAj$E9WZ-o^D}7cK3Yckfu(t&ufnOj}bf6qn(wVm9($
zHx0id*~ak*NWbyKx#m#6FKeO}**o5*Z|^pHfVza5*rdQrDdKWAWj-ne^G!u?60B=J
z@#Epv(rHMP$aXg?Til*oJ$=xm5r<9nS1m3sI)&P)M#bE3c7)#w!%Wmv0(OQ;t^1$Q
zsV!ypX|vG-ZqKS8V*Dbbcl27jQ+(Yiip%(=x!1C##oowHDtw$D_G%!Ov2k@VeI{Ap
zG^grk-^n>8F+ku)IjhJV*sF+pSm0bo73O`gtbXmz#$|C>`wM9pxJ0}@9%p(*WlGP;
zS=~_bYt&#D1V_opon`KPa`pld&#$?LduugRG`ECLagSFYaF{kprf0Qs-x?+C+4(RS
zQ2xUEOhX;lyo{n&L1*LjD<-Zq5`@+l&+Y~FlqCqN3+w03eQQp6fBA_@)M<`cP1lr?
z$J;l919xo`SLe3xk#Tq(iTLFs&J+|WsbbucI?*e3oZ&MaMN78W^yMs5^|7??t^~0f
z2ZRM>kJDt|&eVye&C|BN^<)Z_6m9J(l*}`?=NEm$B4OZ8nYPI!{&Y$Ai(j~YWYe?q
z?@cvbj}L~I&tCE<a;{#qt~tLX3@t45ZQEUI9x@X@Pn3sHpK`oAVYio&HN4E-d1g4d
zZIL;wOJ<L0`3CL@dYmAW@u|$g4a+(w+AtO8XtcxUZF*-dTmndE_WZtR?>mNVcXfUZ
zgMRP8yW~MPyuBA;3BLCSspn2UxjTN~^tk`vM!6WYKJY_R1g6Jkj}LS!w^Q2=QeIZ1
z{G8c&8E$o7r+DB*zxxVT4yTN=<=<9_v4dFr%)Uyx!G2dd`!2oEULdMyjP^CPpYy$S
z>cj~f6D7{OPVZ0R`@8aRD0>fc0%sZn;<@IOariq;7zWWN5Mw&ENNOq$k?jQG>*J>t
zLFc066%O*o*ij6Kj6tXXZFk8Jd_sm`c`f2<pf*W>cin>3k)RKy<3c};Owhcf7V|w!
zB}&~=LOAfX&?FF1inR~8P5!Lbi}?C=fm534D$owyadN~*iikX*7Djz3F({JbgT@08
z+;iYFVHrI<>ILvlUi6TPoorpnw7G_l6v$i*)M0|Bql36u8hM962Yjz|?w~-6+ddXQ
z2Htyw)xaeP{5WBPKO02dJFFhIkmN4$M80sIk*uLG6MqaRg!Q|vio7$G+X{*-c0e8Z
zfpSipMU}Euupp9fF|6q$@x6Tg`>-x#1=)PwCd7ln=o0`ju@;*a5-M(gm*(2L1vVR$
zNS^_C3nv4npbbq4uXjm;<vIufx=7~N1)v)pv@tKe=vOG*giqE+!}5Gy;$r|J4B4?m
z9|~M7ByKKAktf%Pr}w{lAXnZ&kheJ+MJgJDvsYq4#L)5e!r45yLv6kne>kDL#%GWt
zTzUwvoOc)Y-2C;FPDt4P^{R@pRCA^|)%FyR>kU#e<Z6NMn<N<Y*^jKHT9LJC5KuWZ
z&)gOQr8e2wHT)MSe-o~_!AkzHHUo1UPch(E&&;?tu%GWB<eL|RxFs*rr`y`%ZI^Q$
zupuBMI`hw9eN@>49G$6r)qVI24zu>(H7}tEs7LzP;|XJ*8mO~FYG!jA{wDVx?P?Iz
zO(^c*IKJ6?_~KPJxyUD|9q@zLP(-+b5?&&|`<y2a!e5L}#xxR{r>G;T7n|FYFJ8Eg
ze++hlEbuue6R}ZNYtl{SC7FaNn|K#!a3C7tF5>Bw&~I=Uyc33z=V+;Dm%q>X_C&)w
zR{^*Ye9OV;E(QijHyk_}=souilRAR2yGTxY|H!ZV8tkcFaPuDsEX7gahYgd@j8&0G
z?i%3UmsBTl|8Pu#sx_p!UhD<K+8N6G8dA(11kD1!2w^F18#@^d5*JvbdyzFKzF<f>
z{Ok&<8b*FwpDvuMi4*}#z;y(g-RLf^3&4&Ykuy;qA*r~4XFtGei%bNFy`ZKy2S}FU
zC5OiWF`#?8^u(53vmJl{Y3WoU`QR)03;ESEw{l>uk7&Z0|C-s1d|O;HDPDa~nn+{^
zg8kb<DutYHV<Au~t$F~JG(P!KM4}6lQ4vkXulN@L>K+S)yyy~RV!K|9<Dw@FG$0c!
zMk6k7EkP7-%S}u>uB@DdL(Oz_RGYa0tfNp)f$*dg@^vQ^(hi-ukZK`56CNM@G}Tl;
z_h>LVWT$RSLdiL}a~GK^sPQ%xRl+3!8;R#|F!=|{oS?k3e5W(N%g;F6rHuv|h|?ns
z>x;6bCuSY}`=*_cxrwp<YtTguFgC0oBIu8r54nTVAMkM53D&VWIq7&w^MiF-?cJ^x
zyfke|Ex!XWH1S0!z4$d4Bri=Z(FN-Mk6sJ|X#y>-yU*XtA>+GUuhLUbp2C=ENKqJ3
zV!%u=`HPs6BEn&ygHV{;TYfNHwfsbb@3c+_Aw#t`Usiv;!|0&s@!%U)r^!>R^k#NU
z0~|1~_5v{v#K$Ce1?@+%wsKGu?zp*4#k;nv&qy`%ssGj|E)Hg1hc<^kP~JG>yTCQG
z50y86kpHAN_@fc8{Q?}LRzb6WkA7qYcK6>S8@Lv<MwA(7UFA=A@m(a^!5Yf<YIRs@
zO<8?aJTqpq`ATNb{L`eNxy$a2S1`&@X~>iY(iS}*I}o?lZi)KA@ap%C9#TDa@ec>P
zus6-|)z@lQz}c8|J-JjGl$guZu}Ntd;#EqtKXG4jDFIt*Ol}~TY9Xw5WBg^a`PRXu
znRU8exl>o_yT-b{$~NvcxuHcjrn{X`TuZ&(bfH04-XusLBVD?%7z(kN>x#N|tNg3`
z6AdU5k&9fh6P{XWMz*x~-<#Omo-u7$N>w~4tPHucC^Aa>w1{z|dHI0yQ$~Md$s27K
zO_wV-_u6OF>IuioBj?U0H1UbldFt#1Xm=Gd7ik5GwLV=myhfw!?7fKIS?7`G!Wj3C
zpR>86+FeL^?D+|MT2x2yNY}Hk8|_c-si~y(NikPdevbUPBU?)H+m!0~^8-08B^8Cd
z(txUoq$e4T(++KlzlU}6Pw=$V{BqiUDa$F@NBhZuN5kHscX{v2Uci&k;%!QX9-Kzm
z1CrM~%#B=RW_FVEp;7`rm$IwIT9%Y5Djly6N>FvVQ(ch!V90qQW1I1(^ZEF(2YjDP
zH^gryE<_da3s&Z4^iz3elyz6bD4s?Y7Esu?TNx)-)sYE*p?}xXT9%CLO20BC*P+YG
zi-<s<yDms~-iX6r!s(-Y_Ro!ky<?Zt{~%_%v%=)u<x-7bl9Cqp_@yoCZn{6JRQwX7
zE-lJ32+PjnM?>wmBCsnK!?tVvYmYvwcpjY*SdhQrw8GO$(d2V)`0HtaX-OEz%_oht
z)-mTueh`00=?v&6#B%dDjGWK>DL>$GD^`*-a!#w#@UnjNJCppF1%-#_H($8y{=DAk
z79|w6iP=V1%bqcOTj81#tt)hTtmVz~+h^Db90IS3b^Ax#xr~z0bMj)uG<Dtu#@J77
zcZn)mp)4heMe|+Fp3uH@k#*lEHs7+~Lp^ZMZrg1p%u^MSNIGDninzWjw>xa9Jwdha
zN!+}WE$aE$CeVpGOf};DrxP)fd~4Osx#8A142z4FZzT3|3@ei+D}qK}mU376b(+5I
zd-39$cQw8K>dbbpe{ZsvvcY;>AKKg3iu+^@z>D~Y|0(Q$?(rAs2T@%xAli6Jb9ZN)
zcU`bS+vztX)-p#y)^?u|tmTRHrs|8*ln4D&mlLNm2_1)t1`Hd&;!0JA1BaKhT3w^%
zJI_s?Et*|u$@<WJK1U*@AbN7kIeM#~t$ArR?x5n)(B2R|PPfF=RZ}KoobJGBwA-3f
zXolD(x@$Htd$`nH2iMkhYlHszI+J$UbBWB5&8mhtlMI7_nc)7L>Bo3JULpN%&vInB
zc~SJ?2RpNL*P@*YKSr_U+X5ChO|LIjzHsnMb$D<tlWYjJJYS-0%`KL`ZmhPTY|t4U
zt{J_j?KCwY-=-UFnK~zZs@DY<Fuc;zDJ|1oLYN^GmsGpEj#Rr`Gdv1%90Doy2UGt{
zZnaDPYWz1Hy`*_gyBsC*E^*uK$r}E#bIs!e%W+YUZH6CEB9p)3t(AP7$JCN%@ekrd
zg~6>{4ALklE*(ysPEoXFw*7{tkS`<l8){^kOi1MS>EJ3;xU^&Dy@=A#=wdEjz0#w3
zi*F-yhLC-SmuS0N5W8r7MxiX*>5gS<Q?lOyi5HqQdAzhdD|8Q?%jZe_Bf;aY$>*rs
zv3=dHqv{zX>D1c+66{HZGDV*{%yfSI`i7f#W|&H23@}siNKvsl@%DW2kj{<Qqph+B
zNntzp!qAUr>{=h@K3i!a`M~@@f&E|-9m|p4=$<XQTjgA1wr@}&7!i?W!Bm8+#187A
ziaFyFCISrnH4oYyi@S42R%4!jWNGM}9<b%QJk-~&;72y+A+a$!s<^FI#UisANW#!<
zeJt6pMWHUGUw@#?bEzHu-ox;H(2QQKy??o8-1nYs7H0*yMMs+poJ-bBfm+q8q-IRL
zLzxMzj|0vryg4<J9ObLA0C}~H0VXmTm43C{TH84(;V(~rEnV4PZDi=~XeAx2J>vV~
zk&l;Mi5mluNzS({QtQ6V?3+Kr1&-f;^Zh6*Q|=}u{QBtqog=CK!D;FA>taab=_53J
zrIZ*c86@A+Tj(mVApX(tQ=4!zrRCo7{jsG5-E%5OedG5(I#Rf}tje4|n4VTCa@`y)
zS=PKaF~9V&``|SYI|jpc!~@Q4wl?b~7q7()^flPFe0Z})oziB0<%(ddssg9NQLOuO
zognNdYqrQqmsm4irkH%18No|`kTY$!lvi#)Zd_s7(T+PV{S2#6m6IM_&>gk@<v;W8
zw|m&uD|!rXn3?#QKZjF)R~}LQKTUSojXM;tRQ7K)!^!xaDaRblgLDU9y&c?^HtY5>
zF*V@UWp6gaxH70?c00G&X0YT}1wXXFX5kCDJI7BqL#YG_X#^9SN8vVIAq`3}zU<}%
z3Subxv>|(+vBI$7W`uRQ`V;X$bB>udR@r!>BTkgz3zJbG>p)r{%ZDwQHr$aC@vCUN
zBq9<Ifj)?O;K$H#C(3G=Ci)!qXQ4u(nDc}H0EnoF%kO1Lt}lvV)7x9jjqdrG-IgM2
zDFm_h$j$920Y7(!mtK_5T7A0IIU0`!2V^TV*$%K1h)5?t*t_KgZE#Y~G2pPRdgks2
zujKJ0CREdmd>xZ*{Lz(c<p&`psuIv{9ZV0NVPeTz2!g5SB8L>3DnK;|BR;DV-|_&B
z-t609^!5DEq77f(=|Dc%$v(Xf@CIA5G$*4<t77~G1wk?R=%T<i4T2^Ki(B@n=Arj^
zZUP25f|gQ{Ru@0OMg$)1RK(BqU`ixax{j0=UV7+}j(|F1GN9U#vIQ#nN_MbnKxTm7
zc0WTDBTUetUUC9ZhcgWz5oj4FaCXD|wE+AymKQ$RD)-!7eO>^8!7gAjAh9%YoMFuz
z-{NeK>W|7xbOk{-)TTMp04M_6u^>UexDxfvVSyIIRIC?$smx6|*cf9Mh|)p&UlO|p
z05aIUvx=S=5k|p7GE4?cM#GQ?cFXAfqa0UNEDT?IoeFis$a_*k&^}Ro{83-FLNVwp
z7r?)QqX#}<p-tLIwZh-u1?6Mz%L-u6#K?)86ZCuS7JQrZvsL#<BPjTl1Px((P<)pB
zCZ6OR@&FaC?#ue_xH8#b`cq>Ng2fhiUC3Wc`WQnQTTXia;st@lQy^){BO=3JIy_c_
z5U6(ut+bLr4CXlVs+<(Dh&HI!iD9+h2Fi6Q@}IvPQ#$b%5qX4r1OC?Fqs08d#K<G8
z7l6rI<R=TNDVkuy$HNsrM7aRQLh)%B`>$nlSF_K_6R`QY921}M@~Bx-1Pls0ez+Gr
z-jY@G?tzyS4iSJ(huhmXo|uh@@crEzJR%lC1XS*^;n&Q(u_4hQy8(2-B1s^vqIX@z
zK@k+`#B8iyr90}rjode%Ecba4{un_a%*#^hsIR^wP%0?iCJ?Gb7p6P{JOP0%e;4-W
zj;b8%hk}#(EAdCj0Pm1F<1wN9`7%{P;&yC|4uNkHH=HWr<_%Ir>Uipz^WNKdm`O>D
z$0Zku1Fi={Ug;(4x?}=Clv2kCOq7{<34`Gs=xYEy4}^#g?hRabxYxf(=At@E!NeE;
z4)rzIX9pMxr}x7#Av$kHHWO4!oOp2a7&Jt9v?B$Pr<%<h$@tH?=uUim4=4vO8N-I}
z!DI4!QIf}Ky!&NE$=gyY(1LJ`O&Dwnbnx5BPqE>R?)K!x*k~1){GS{JI|I;;un<6n
zukXHu3mfx679Y`sfA3GxP4z%;<c()_B-#9ai2AWPXyE%<nhZM;*`sR8Kk(tj_gR&A
zAaDp$iy?Z54Dbw)9{^}TaTJt&C^;GyDD#?TCn#Yn<f((+2#n&{IjNJt4njWKP3bxX
zUwS1(;FI_a$F^FBy3HCT0=5}EwrK-wBOT9ECtU~mUm(AQ1Z0Wu@UquS%1zcM5Pm;(
zuqAkD?4)Af<A3b0UI3o%5kA|MKrvNhJMHFo4-Q8HV=v-kVi?pmCT8HoN3T=Q+T=YS
zH$IRVG<LxMCq*z(6!_d{Rfy!~{|;?O)BD;Dag>x4EfdESWqvVzy+G^YBA)pPDgrH|
zyQFWJChs<&H!Q{*cq~wCR@xAC)F(|}xBz;f*YgZJ{DGyU<nB*vviASwM>2W>Zx|*s
zZcsoFERgyC#I$nO)Mog*Y!>eZrj^xK@vdIcK{tK}uEppxKB)D>ess#~g$2|1qvaT?
zaQVi~`^A@J7aBxTW(Ef4hz>rO0$UxKunaTqn{WO<Pg8o5atWJbCoT3R&mY{(jPNg>
zbE4GRoKNPxGH};!DX3)l*7Y1L^g++D=Q0^b-feI0R<ZSP&AENM`*OK&LAKOeImQUe
z)Z%#fTZ(?Ql!7fhzUKc%$lCt&>n3fO5)Df%I$wl`ZJKULZn0|kTMVl8%5kjJy|@O2
zf8v)UMGxp91*RqP`p<5kZ*1OCoS)g+wswNjl3yast3Pj~|2Q>5(K2-K2l<{aC~i;Y
z9(EtwY9+>cWS9T7N^fpY#f9%z4R8>iGEmPt81isew;(@QzYtqz+v=-rkl}W&ajQr7
zl~YrYHjPu~{bM0IOk<xGLR4P%EcYpJ-^|L@w|*G$`btIhgPNLkD!FrF^+8HiojKel
zS`r2sy3ZM<WPdT{aD^tz$qgB^<PK~aUz1HL;(qt&)9R%ntY`1z{m?0U#;xPuDX<@v
z#2vRrt3G3S_C{r&mXDHpQg8dJzErxV7&?m8aU!7I3vC#YpXzcCQd8zKO&FG*^Khez
zvKOj<I<C=M@t~c4*9|q3;Ee87??e4IX2wDv!8_}k!HE`KwSyP76ondb>K`8JTecB7
zm768nuz0?8)A)nr|LSH?2;kL<6f{yiQO31~Oi>ADf6qN4efox8I9K0=WlorT+64+{
zl6R6m9LP%MBoRuUG>YH7A#tx_EY#t`-ti_u`(eehpGDsn4~Q2gMcWuBQ+G7Ax}TWY
zN8w~`Z95J7UOt$=U~7@R9_ybnko0Z!+vkgsVpe5O#f8s)mn4m@=dqGdiCQT;D58%Y
z{;g2!p`ctcoMCY_NiAmEZh@D5t(u+!T&R5t*~86tc3dnO^eb&lW)F8BZKhjg<&@uc
z=U%8gmhJs5G?wa~Go!E02ea<yGdtpCJaNZ&8@(3xCk4ZEq13kV<6zYmF}FDSvVP{O
zO-2nxQ=ekz3)x;VMYFf7ds3?!TaRcBE&d>~;fuaL<P76<p7A}8(+TS{bbekVusL)2
zir4s6HkMbTN|xqR=)hdXn5(N-B~M94pp?}&TJ~9NDl96*&N7!u$b{{w;=;GAw`Ga5
zridvzH{v>aUujqFsq+3oj%|E#4rs7>=jOTgxSX_XWq3sJXTB(ma%-gQA1jFd>#4|D
z8qr$Xl3mP`F#b&6h?~+I;i}wHXWX^k@?IgcR;e5bnlt#({!5_)8`Th$pda@NHEDY%
zj;-oD;PkMk1ivR^+Ul-^W&~+AO|535su?LRo_Ur%X-bm&4V_}ixn)-O#pF|83zjo?
zGfJd=s{U!=hVd_BjOc@^Z$JIGZw6HCXR*ZUXj*gY)<z=tuTE7_iw7v#ovod5XLhJB
zSawW*!?Y2Be(mlDU91zkeY0Bj{+3a9)k7s}WvK@$<Ga^fFFlNMdwb61cBb@rCc1)_
z+*2p#^+E<3Vvh|^H5g6X&Z+LF^tS{qyp(%;Fl%EsjW(XriR%;AvQJJ)x1yZ8fMhLC
zM0iAJJMI|RMf;4GA7^vrW+7(WpKe#FEfhS#*{@NwlGCYhGO+yg8VDu3M+{|Gaady?
zwm$nZ1(WD5*7DNmg>!lyAI8}TIc~id3amp(a_n(f3;Z06T9|Qg=X^V_e!1AcpABMZ
z6A~<F=xf^vTrZQ8HdBv#+%@XrUSRd*Sr?i5j8S=??c?fOQGGzS+bd>oZ7|#3HnXk2
zRO*I$Op&Iq%kHE2xhP7N?bUPsQOSfGVLO`9tUYJcoH7QvvrD$0f4a9yiwm>}m$>ZL
z$7h*@GNTvfV~Lv!T23w8e8WR^Yo;Zm%F!dn?hoRj5g<D>Q*0fghpr(x-@nA{+cxnv
zUn%E%X9M}?M#M=fu}E1We9qmUUTbG``-=5rOUEJaVJ0SD)sJ44T*rf0k7$pfbY7xK
zHQ4;eE*+7-*1;*`mo%)?3edAEWx;RAa*11){`Pmw%EotWo2`7LTIs-A^LR&Cj;|TZ
z#KK;&ecLy?s~6AC5{!FzaK_%yy~Ic2Cv+o1>y64x8+X*p`me1LsrJ40XJ5&VliUZD
z<&>mX=G)YdspmbHROS}XDrD~Z^-07DzjhMt;$69a0+-LY81z8ZqDaXpO~KCH!^)~;
z<nk5W2pQyogI`s~&_LhxCf{ql9uDRe?oqPmX(HTP%LdQWT}Y4W1`^x#hF_vm?scyc
z-hYBR(qG!CJALXlr%=Mh&<o=_+244-`d0Z%JkOf#+}6|V+qrE~6=Ju~+3}K9=$swQ
zXgMEcB+6duuTve(7<&B5j@NMcW_xZsi_QEPsnuOabYztS)BB<vlmCN*KuS2)_)n!b
zXC!2KT;2#<2PelZDuF!lhF2eNUmzHd)KpiwU82qJ93Ho60*&98im1$eW&e8PWyov&
zgY-78>rF4meX(q3>&$ihAfqCzp12*BW|*aNOWd-flxqF~8%I|<2bZ`20Hrf>ENP`&
z_)PzJ;fL&8vG;mW!EyZ9MUu26a+#x1<~C(g$24#l8+oI9JL*g87vk}1q1dgYAMP|f
z__#%IEP8Nwg^$xsVZCBgo)6r2OoH5%!-SQvC3S|B2#McGHsvTM1afK`ML<~6&H+J6
zcduVxPlC`R6-j=xl6WGJaiyf=sTpkEqF4t~M{+qF#9Lr}5W?7Sf=L$sudJ2^;3;Y;
z$PJMO-$d%vg(cZkI+~N3X^6%iYgmMZ1CT-9tK{IjxY{(pLAfD*0*L_07SzunpzE60
zjzU3n6G^skFc3I%t32#B@2n|1Y#s0sK8I<giX_*!!O)DSj1&`)wOLen=4RT1mjYkl
z<N*KSW#^#VS9Jr{L|pplm=ax#dMVHrUVy4#`%MfOAf6m!cl{US;)8PiU%H4x00~c!
zOEuL_WyR=Vr0~E5k1_#Oog4z92gOlC;mHnW(%*^cZLE6$KciKWdFlqR=YUV5@tS9!
zHE#)g9t~X@uqt08gbd2$ACSLK=_HaU1&xDYN8=6wQ^(-~TwLj&4LGUTA#@u!+ZXj<
zN$TjTT&O!PFEKsQKJd90Er7EZ0yYBg*(zwf7XHFH4O@UwufUZ15LK`T4>>?`Q|bh%
ziiI<HSWypA>;$`B(;NVdI0W!F5FiNu^<r0jktjYT6xb{mXgh=W+kwX)^1DVsqECr&
zzUO!WE&%XWe=kJL*<O5<F0Vs94-|EvnAZVeHIgYNBeCHN@g8H+)dGZW8hPh)Spf{x
z3wcq7!c~#mNNzHU0b6%P-}Av&gu$T@*D20Uz)|DS>#g8b;VOXr+Ck(GY*mXWZo|7(
zmFQNOGBbNET(=p#4vSsg6Ykr-%Qt^5p7;t<i(`ie+asRq@%l@1nfNAMQ9{mQz0Sm*
zrz@o6ErnCjL(~DJCBZi)I5huKk0kO1=5JE~D>o+trib%kQpe6q%Bxq~7GS?(eHWin
zB3@@u1H7e4+&@tWs~4f1K!RPXI%MufhXQr^<o9(-Z@C?fBJWlWg|lmL#zek*Gx29o
zw*VgDF%E(K`BYXQe+a{r;rVqCKqDlIB>*`mFz-9l<AvZkHaXTnxzzi-Y}p8b9o&oA
z%uQyDEeOJpi$;^rp|<jjTq<#OE1<7`K<2HV$w2m~BAEkg3DGxB0`i-YO=R_=(w3CJ
zP<Aq$Z(bB%eFwx8_%GBUQVAHH)HrZvBs`@J8c_r^Nb2@mn8y6V^<;<daIKTZvB0m%
zyZt_%@-IP0l8RtVC6my2-5+`{KSiUF-TXd3XdQ{d(kXE@$s{BKlNV@xF9QC61;fDo
zwfJ;Kc`NpZ91vl(lA2aeEA#l{FMdDgx;g1O<zL{ErVYvlP}A;q2$0|tu=;mB^BMA@
z1(b7qK^fkNhrDJd;377*p@9Ew2=cq2;pJIpJbAN##!7`R?LINW54D|;tn3<pq-HHC
z)keT(9q3h#Ev=cFl;E3_@4(ov3g-C|e0(l2KG_$~#8%njIQE%#I;u^@#W1Efe#fg;
zn`x*>a*p+ckcg}$E(s!>a6#@~5E003CS|{Ye1r@)A$L-VRkOVK--Lb?MCS3xv$k0H
zwF5_Ky$e)5H5;>GMN^R((-rs(^>2cc%%=80FYTziu8q^K*i)S=L8nROs%I_3sQXed
z+TCFGSP!w$2QX9&$~0T>>`fF%Zc}GL0aji%nFr65!ZOucZGJAO{nKK5%c$4hDfy2O
ztsL{&KJ$W{?yA)$y_($J<o>-@(fe&1S>jg70Ev1E)=%(Y7iS+Z@eiq7ld<lvH29cH
zG8d!e94Ktz_Hn1?B9H<-MZ-r&7X4o8i)BVlb+I?j?PW~Y%YVSkfoLn_jFrOe4_2oi
zqB#xazjGz@u$rvI-TKjBX`|X{*5zoP;}`V*=z7b5rvHcgdxWA$h=S6fbSu&|Lb|&_
zBu96QGyp|9b+p82M7l$i5`m49mXwy3+V}q+-{1ASuKU6L042si82CBwbI$A3cQq?3
z5V2^_GqrIMn9Bz?>{?UC?my-wke;Osc{bKgWML-nBbd)m0b7zX-oT4h{A-{$E2xd~
z7+J@t6?=IeusW`bO&r(0gZcT9Ui&dy%%5?OKHG9l_cH4bY~PsskHw7aPx*$pRhyj~
zZo{v%2XeoZm?(Pjw4@5VWD9oU$iY+Ca*s=j-4;!ahLZfqKfMa~;^fah-)KS?lQ*K_
zuJ!eZCnpwDcYb6$pl#B0P!=36keka@YPphel9C+EO|NvS&u!a~f%ePSVzrb-51*4`
zs0t1wEGY@A3ejlCo;XxY8~5xhiUxbyX!+D)w{xIKJ3_W~<?0dVeNRu)nu0tgH}=#6
z$T|oo`70Z&M)e;Q&rOTGvixMsbH*hB*^<huLQ+X+;^(B3+tI#cl#A=u3Q{gI*|~qF
zlM>oO`1$(9K8M)508#l<q#I(CJkU7yp3vt8#MIA@je4=5*V|{g%Q}PCKc`tSSJk&_
z;qeT7{j@au`3BUa)Q#kA(OkeMvq5VnuVovE=Er)+NbPreqqXE!vEvToEQATwi4e@5
zYot^yafN9?^ZLY}iz5cp5Zf3_Q>C4}eV(oSCZmp2_w+w=QJQ9Obj>{J%!bZoyFsFS
zOq&aGxBV~S)JO}D3(^G<r0y<Cq}ZP=bEyuq%zIDyfl_{!tn2QPr~d_4A*J!aNlM%9
z0n4cBY~-BP9KYs6*j~5s-5q0TkH5WNa*m63T#j@Je!9df<h!H>1$cC~y&)AjaxKiH
zP2J;SALZeB2;JXxVdKFZz8_lAcN4hOz%b*kg4IV?NOD+kpH-^hU6;bK>3vMydFyQ^
zaore0lbX-*0=|D<$C$Uj^%@8f6)er8n-gp0kB06F#dU|O^p1`xlsY{>UyPXHwy=4H
zAH7_UMvS8{ZuGNM3f~5{>D#gkywDhaAa*cq=EN+2F5-m#=B|czK`Sou{L&9d&mEsw
z;91HBX&Q%C1xe#xocA$J`wy*KN>1daUfcx>hmR|pu4K~P|H`CF`M(-8+fxZWeJhM?
zdxC5FV4$MF{4B%ro2>A!L62329TcVsq5XGcSM1F{kf=Lf0;W2@jcks8t_24dcg$IJ
zJ8!JloZ!42LL<h;Uu1V8oJaN(;%TN|LNjeQLItyuys!Vp$K{u#QtrjnE*oxQC^3jk
ztxMyOB^9xnKbDsj;x?HCeWFtXFXEE@=u<+N8*3~%tQ*@b!psIK<Ni>w9hJQs6k0NB
z3ry$um34m^k6ri9+3i45$7Z_n!VH~TPSc?^LO2<uf_;(+ig+99PQ=X1DJ{G01&0r|
zoe~GgKmGVTYveGl5<qXo(hfl)Hny1Wm=r^-tBm^b4haw|QbR7+PEwrG(~nM(O-<sd
zI5Sy4%VRVR%-NnArz#`{C_J>^=sBO<5?^e7bf9-yz>{{gavJo#u(2$`v|EbVTvEND
znAlVC`|Q)uOZb|=EZ6qeT4IBRFOC|1y^}D_I+(XQzv@YnR>NB)&Yw4$XFZ#JnBTjG
zLDJsqK6iL4moNKY8!^6n-D9Ci(Icu-zgyxm;@n=jX|0zWJeii)jNaM~N15L!`|=(o
z@_?(gYPRiww7;mKVZwFHYJ4O)<NcqJZHvEjBvQ3>qhe-fLRr_ghM$%{ER`_*{1bnt
zN5w87e~|c(|D5<cSe`@6Z_@{=L`1P4BRTq2?wxr5{0GuGc}H1zG#FD`1mou^sPU8`
zvR{EktftMgMF(@ZM4S8#{E(m6W%OoVtbHe)4axTEu&lvHJpEoESHst@O;v_3Ej$h-
z<4~3Jopf_Aa8OU<+{mL*-HP8S57{Qrg2|4evvcdg+4~@hsT<S&y(+ZA%-AgbX1RHJ
z-4?5&l=HjG?Il36P#fcJ>&&ka^IetwwbRGgn_;UTwgt^J7~$(q6FR>CM_{BZtZVZ0
zBlJSE_O8jMm~XXU*Yv=H0Fp)W&%HN)2gm59XVBKd*4M~Pe$1npo5$=wMRZMuBk&w6
zxpkr=c#<xv3<b8SzuLVsm}UDJ_2K#JSpDQXp262ej*4p;NQ2vsrxukBri7o$k=&x-
z6g7(#BlM|VPT2G^Q7ai2enjS4l~Jrk@_0u<alAH0s3hdXDZjm9epNNm<3#>bBIOZH
z<Csd>u~TqO#<r{186wZ!&mZbn2L4a{-Ba$*y)_Q=U{YO~<Y|0eto!mw-;vZTm(=OU
z^iGSQ+i$F&=P2A1SMnW##+WUR(w!?QZ=O&#{ddt^e>(K<{-52;peui=peVGrHUAQO
zau{x+tV8@n8euR^4YvEfxeF66y{no3i<MRBl0a6e?^1;J9LIr!Cx$Vnyt%;W3A*x)
zag$6;Di7-cp&9W!6Om1vws~-%NPvQmqeyc(lqnTf^!4#S5RT*gDMc{ic9V{)tk-wJ
z-%3d@R-Shu<WC;HCsF|NqL~a~o^y!?^U{xCgaGAq`=uC4_f^&f>H;|xM$>RM0&JIL
zsENxXa2^u|Y8K$a6jD4PfF94%7`aL@q2uNGGcp~X31viP!2g|Vj`GZiDU4jkQ~M2r
zv=WP43}h`vEW47AT~VdzlgVm}tX`>L-K8*GVWKGVWfy^AUxWcz|AydjI#|WZ^Uc#Q
zCTNI&tG|%HC*)Cq)HgUiIh1Dj!POvzz|sLxYz+t45)?Ja!Pf=DcC@h(DZuhl0;?N1
zpm7r)O{=9qEWTUWfPM47`VPz$u;U~jgU<+A$yiQwT{mf0*MXM$85cm0YJ_}Cm&Gx}
zlBlTfU;PQv``9GWdGQV``DEi77-hp&oU;oaK}7m;s-P+gAft2zlEnox8yWX$tAI!#
zFtK6=_|p@d6L|rw55y6M^{TL{B#fFoYjiuuM<D#|aUlxl9O$m_L7`-<*tjV#ZeRSB
z7YLOCcWNBTYd~@>zFbY0CdC$YfY<?=Z5wRPp<&Y=qbO|b2x4~==`7$T*^u8S`FoVW
z1$2i~=&tdDCJ&@}2$jTqa^)~_f(ni6&213+TLd;$67Z?8QVjDFfdi~7c!m}(kad)-
znV{&PzE)2TahCjB06w5Fh=)mDg8){aOq8qgrpC_=4^?ck2?u-<*!Z535yAxm1@#;t
zoeHoH7I=S%gAQz3dINSVX&dMr623_fbtL}LVj8Cy(J<~cwyCrg;9C7Fad5lA-E&;s
z_?T7;cN=e)T6Q*)e6D68s|D2dJH@j&{Qmvo4dd10bfLx2FO#-aQ?ArkTMN*6;aG8`
zm4B|iffvA<aldgf?E%~qmJe`7v_>TNK8&JYW+9`@JA$VmxGx5Du$E6olE$rAlQ8g=
z<-n4|luSP@#^X9bxYgNp;D0#Wfz$(H7~;DiV&Zy>TB~)49K2J`HQ+P}BsxG4ez$fU
zaB%mMWL&?zP*P^iASVHL1!Se{A2HOuA-oq#<Oql;YbI6&-Xna3Ma)7HVVxcW+FgMN
z7&GEZ#^vw=d+64S)O<ToVJEK>F_FG0aE&!X3GbHlb!=mOPC0)AcENa(gZG;Ds4!7E
ze^V0+lZAl37D^c;`edWC9U=NyV+!QvuFN~^Hb#^eFqh&Q0DueY1C?g2CMalV$|&`)
zhFxuJKzEQ}4(4%RPXU-t!P)FeQbV>=lJ_g&X3a2?_Xi&5T=m2PgFDrbM{(<F`C%Nr
z0X^kH*wGJ>d}MZpjZdK#j!Jo40Sh@~KWD$@JDH-2?>`W2gtSmph~Dv6KxN>?V@JAx
zSX*sqt9%FO`CRaoGqAPZ#{v4PEjj%X0>ls2m<8TytopzDUajai2bRbX*_eYDu&oS!
zscZw5&wk)AxF=hHY#`miKDP@x9!c()ZOFeLiFIBM0giXD^fwUTZCm`Hq1lR^95LMm
zbsJHsBS1~-n?Z9x@{*zqH{(=p`yJ*>V7EJ<DzcuVOZ$c52=Y*}9Go`&uXtFm?bWI?
z!m?!!BzPBG1xRqLWw6E)!KyRK%P^eTm|L?k1W7eoAZ7<?$@~@%jHwyo8q$;}U`VEi
zZQX3=<KrbsK1^fwC8CLfO7OdrpVrU6)tXtqj-Mvb4ZidMwRjH~cGmOC?+uPUo0j{+
zFv}f=O|y!(poBw_ed$Zl?pJKG5yFMGsYxGvs#E5h@M@^2jF=RoAPzm-;_9np;avYZ
z>xGTn-PM|?KSfYOX3H((j50!(<xAas>Q(lrLvJ@RGMuCn98wTO=+(ceB==MJ2Qu=`
z<OMglTs2|QtmaPQuX)95g#2#G@XJK|op(*>;3>b&<!-~9b)ouW=+C!JqGkQgNkuFZ
z9z(S@1I5Jmwu~ngtNYwpKcub2zZx12H26_101rv=5G<`$FA8vApzME*7x(3K40d=^
z(4jm_c}aCen|$foXODyoZ;?%nGP-T$z=8eWt<LPVEp=QybY1?1dym^jlaAvax5?0W
z^<ngq<|-p?&snp{-Yeac<L+^fr&k!G4Uu%zyu+F&Iq}oQg<)$gbA)&f1|h1VfB%j6
zzJfY~VpYJls$~iPw=Mn$I-XB3!`tiH%!|vZspH4HBg9TlN53_F?2>jyd6}E%5>6|h
zvkX+Wn}uIG2?iM!o$i%4J?xg!594r-^BP6GlZiMEw&J5~h~+ndf%^I>TLrA1x}Y{)
znLdGjuzRP`;~@Jaw24bpKd5a)%Jg#g>^w?)d`MSgr~elbJZfGUnRoejE#Vy#93ski
zKDHUGLnos%?C5+VO$$xf2k8q=f42QHe`mgmnrr%siK^*w0@Zc6AERxOHZ<22Qjo^e
z8{?fvf{6=CH)8R*q4(BJzIo}GmGm35&aaeMdhl>L9<w!~YAy}#rKx3+`RDNv;^tza
z0tgNZe_Jr8tG_q4+;xzdPGt}Xy>u+x%uAn0<T_6ezz<LPE|W}qPCLF+TS#nz<3a9-
z4v<;OdfeUOi5xzmI@5WXIjdrzV_p}^==;~UYMiSy$NNEY^h;8cRiC$aOyl^dJ<=o;
z18A5Sa(@u({0aFy-CoU06Z<J?ddv~i0P&qCo#shfMa;HcfRk-%`i6@23H{$*J!hD<
zkO&o$yVYDpt##5dd8S{Q^HV=RtpC+4m>rngx^R%L&Dp(VyH%Rq@lsx6<Yy<o-K{;A
z*Ymzy`P?6N@JO`VIdcPkp_u}voJUk|Qu#dL+iA<sQf&3mSN}G?y5Dq3R^}Zz`N~K=
zEfwxzH`w&%`)4B8z8|5pU}dAM*Nvg=qVRjk+TTwN4A~|<qrHjZw<uTc3qQs!Tkl<t
zW|!Q%bTXMGniH;nDvr3O%|xoN#xM~DAh`k<hkqbng5HIa_GM^xcRoO005!E@8Rzy7
zL_cWBQY}ca@vYTFfyiW)Sa!ussMu*%D>uQkg&jrPP!1N0MfqPWmfK%(GiuT|Rt@os
zb22OHTluk}xHuPFxKSTEHF){#1h#hKK1px{QXJJF1Un9R)^zsbL+@e)4Z4J5541++
zPZE;To{NAHvM3UiB(Zxoaf|ZWx{xsE&&JOWISeJ@uM@1+u1hh!)!q)0vtpGPH`}`~
zk6V9baaUayHAiasC)2MPUAbzr?r;FB|6^*s?N;ORgDOel#hF2Pc(Ryap4t51vW4pY
zM+mjN#WJbx2He0G^b1qd;*rU`c?Yx{3qndF<=Qs(dwSI~F{!>eBEAf~V|Z?dmrk4>
z)yiD8AGgbAd)RVwX}S1Ptch@Gj8q1^ar*qAzWjk%AIkX1X2FQ(yj|p~QE!AGJ>Y*?
zu9y=EmmXhlj8W-i_~4aF+a{tDJYa*tZJZ~PIgZf@Omi=!M5u3%C@(=Hl*>2I`vvlj
z+gUDym*rIZ4tX6do$H0p=w6DK-6-cvl{%-_2rl7qdfJe#m+F&<Z~SS4`Ga0YtUud$
zS~om;zCl%4sWywkW#bXbI_~|+I;zAZZabK7%Xo05&VuMD0iJRe`|)$pFOL4K%K8DD
zHp>8Qb(V)?6$$VupKqBG+`<fEbMmKY{<IZ}MP=dv6=geKczxvk9{Wc_1w7?Pv(f40
zYl*A`@uUoIDo_)>Emfv3R;D+SzN}I)#qrcLyW;&>qaD?K?etUTXXWOAPX3JW1|!<}
zh_d_SQ|{<%&i$9)qr8SQ0<A^Xbxnp`^1irIkCZbdCvfq7FS)G0`{Qx1AnjnO9JlcJ
z=UYWTA*u7ea?hT94u+4V#xv7Dul!)kzml8aIefM^tLQOZ3)lYar!weMhY4NvYTi0#
zP1%8>S_<!&xe$G7{FT=BZSy7cA;<G()rRu5>q?`m{6-fe%F$NsLuT+%(_i=EU43dD
z(w*;AyXqz+)HWB>f}dg)J~x9OUsqbgqcwgp-w-u>m6WwqNNU+%yINPie#!4L%)PVo
zu_kHTeLHnZbKb>*S?<F66mz}E5=KhiWIst|BqPor`Rs;{Ove!&96q-BZs3h~cyp~~
zJ+C62XU0LC#kW_;PX9BPZcl!mlGCCJu~KiU<Bp<a@}+@h^ug}_g+#x`kHz3ry;0`m
zfg4ZeI0!A1DAk??9%L9uc2WGf`wianm;i&J_ATc5eh<Mk^x~n0Dur{zw?|%wrBjy;
zb${kQMoAgG2i|bU2h9W4s!T*?Y9EGkg@^j+BGyt1oD}}gB;Y4T(@ZYe7YB99`MR+U
z+?;Ly*S~^KhUWbBKAX8xV85a?T%ap)m?>8*Q<rVbTil#U3pLmnf0`6F{R2*B-ZpZ%
zvDyLx7YtKiC@@sNBC0i7fQhh{iNY4S>^WFZK6#lHkz`efT0WbwihmY6imRxiwVK8W
zkJiFzU}$0Qq$81M9g;(6=ndn2E}wX%q!$M_EA?3ziLl57dwfi-ya)3Lv*Ha7Avo<Y
z?hXK^E}!IMYXU|Dwvz0;fgV^w7Pi*Uu?{YD)>c5{`#sS|FgUi?&)^8oi^0Xu;W9;`
zw?NLqD%RM_xyHc1m_9sALIN`bT_zkO8&{y8=npwMkAcx8jniK%67%IDFsS^<f#iZ<
zby`xgBPAG;Py`JpKqJ6BPywB$tJq%z*nrD{+yPVrpv){mivp*Ipa8-y9zkm2#tAcW
z5hVxF!C?p>8K{F3cf1<lnu%#azBJ^6mr6kP5cI1c*es$N*pUka<9pI14E)w8?6h@C
z1nGDfwTQslCc*_;5)7nSUO5W@CxLLI<T<r1Gmhpu!}teHw<howfR7~%I0YoGr@-5b
z&&WUlL>0ImT*#wxB*(I$`tos8*^r<!4p<G}VA6vk@hya4|6qVx78|<bFv2Sb`y?k4
zx;Qo4pyS;f_6w`eP&hxehwXr0G{rHA8|ALCyofD$Fk%@@AaIB<0)aos_T+C6ESpOz
z$7(ccFqi@Id$vG>0V^u38E78QyqrR9C4&2a#Va=t$|B%WR+=rR0LUg8ujwdPuPYVz
z!0Qle<urSMF*g`6hk%uU)kEThVhD8%n0^2{O8N$f0b*?~J#Vao1;O68@EM_-i8~l9
z$GOQ?jsuLltB>n|GpWDXmk%BlN>@_q{971RAJX|qB+pmsHy}qrwmX7Hupz-*(hv^M
zQZ(?2$g>^IN)DINs&}Pzu*wJASI~drh5z{*7dFp%v^<P;u1^282XO%lml+k#R!NTK
z8^b_VYx?EolpFR{Q$TZRL4a2U0(4Poi7?rv)ExXPsRR;pw1m<(fqMtk;jJ0epRCoZ
zc%$mos|)^3>X|?+?#`f<nNdCh7uS}Lav&fcD2sKwm=RYZ2N$A_{r1Vuh6|TN=+q_t
z?H`?hp3oo!KhZ%S01mKm#wWnIf`Akr=wQi1LAeRy{%Y=nyr=@uS~z+hN$PB@Dd}ue
z>C%MPH8{Sz3q?t7oFi-@<VTb=F#<%uFWnNyj&cBv-pe17++lEPNZxNC3Syc$Hj61k
zBA{7>qOSpdYw1Zi3jnmKT?=hhF97B-@TuAzZK1ntD9|DTKZ47Wad26Xcw2~|l!Sro
zu1W%!mn0yF@|E*hK(pr%kV`feE}&j2%Bi+sLA@s=S0oH7d2z0F)s#b^!Zg9^rgHnF
zE)JFlmaTFXV>JnD20>Kqd4cz=SfA-W(DK4rT``g4X~2_mzysJX72mt#X&^KU!hZc{
zIxE2T?&koBS2K>^9xA}q^3ai7uj$~B=}}Q($N2{mWZzJzoBXSo(yAD8^)C_)IeJ8J
z{tb{W{D-e=u;a`!fnwW_fS!UIqM))yeo-1FkNrWr7}RjRJ|cbd1d-C-#LmFE)(HH$
z7zn|?_L7%0W-rInj~asg(qf+ozW<cG#x@6bPPO+d0*6~CQIGpN3S1#35VtwEa;_|o
zb(PG)C#?|Ra4pwvD(zl?o%P37v<bI;v*3tLxZ+WT8}>IiTJ3+R2xcZaFEyJk1{t@$
zuY0ElGkrC2HdyIz;P%Tn7<}%Kz5m!4Bn+&~HR^%93Q58I!qg7@_q7)4{t6Vy&&wLy
zPwy5IH_U?S_!H|cYYeCOmvtI&iub$%mO996@YyZqdE(+y$Z_ZMFAjL4d-@Wrp^Ld~
zQVH#t*BtwAAC7s`JPO%iWrSDX36(J!f$6*po?m^F_HE**>iMQ}ll{o;7InJ1u_S)T
zlX(B5UNE~I+rR3N_q?Op%na(;^ARHljcnC17gPOUgE$O#a8uiel6y>vqgdz8`CYf~
zvgO!)DrDtms_{(5j@9%bgUTk7g38Ne!s()2PH3l0v9Qmxx6NDj9zuP%<GMr*opI}r
zz#|c4!KS*G-$UHGD8icUK0jK>D<ng4etlbnx_P;rME%p$6!eZ_m^*Tmbk$L(f8x>2
zf>_p}GYNtU@w)k4Ymvi}cPBcU_LrfS4<wK8tp0t<vwb5`^(~mp`EGdm*&lD>u!Qs@
zjC10N+0XpPPk)*xKDMJ@stY8nnZU98kQ4K~F+NVr{xn+dlT`WdkEOG8vM~9G_vN&X
zp}~G^%=JO^YwNnYsV04vb!nKEV>v@p2d_5ftUu<bBrDEcukam(D!zO4l=H^edeJ3M
zz1Heu{!z&F473)B<~m4@(EU7l%IVt8ccz}cBU7Y__%)Ng%OHblG!N8nQC;79T}b0#
z>L`D|KR3{O(~P3{Tk@>2__2BW0^o~eq;Wm~$lH(;cLOJHuMv80qEMpo+6zSN+h8Yd
z?e+wsn|I^+V->YR?;4xvsk+cOPB1-|^&reXg|S&3(y7bAisyTR+c=D~>`(Jt_4_1m
z>>4R(At{^+`(bsa6Fk|f<9GH+nBKqr$W$L>C@<JupCvz5bloRzC@eG>u1s}CUAf5q
zs|8iD9HF&3ZhH*^MlL*RUThCzDDFqv^E))Z_+IxU;Ei}P(<(#i#%6Q?m&z^s%Gpb3
z$6#}(RQG40_Xp%brlxZhTMS1oyO@FE3oiZv)kZYmYCy+5Dbu$s%q|HxM0zUxOV7$4
zZ`|`s-Qzp6Eo-w+&fCQsOPh>ls2u-vr1|6=s&?RaGboWTt67e&Hq$O?)yYM_)fs)7
zLahH*z*nda9)4Ex_MyB{Ms$ju$kIGjxeIsCM}JRs^W@gSKF-&d8qie7{PA*+VpIQ+
znH#xk5;3FI6f@nIqPR)lsH4fa;m&Gz#{0aO?shPS%3Q3=ooIPt%<uor0){a(V7h(T
zf9)&7ZRcupR#9P1&pGFdL$l=&`%}YYgUYvpn%mj8Ei6eJc3*?NVt1&FvHq47`#H6W
zB>XG`ohDELN>bkO|I?Jh{_QhQa%78cQTf#W>v^*r8S`Fq38p1P@UShydOS$fBd-}p
zAi%%+G;ZQ_qUTu(<4YL=#;7y#U%PKoS0_|Qr=)ivu?r^zJN17jK14?$we<rfsYX=i
z-o?3S#7;qLr!))9idEmK??0V&SDcgE{>neKx@bu<uYl^^h`Upg+N%%nVp?39X5oi%
zx4)Jsq;Ic^$BNNLKe~{&>$MrF#ZT<l4|FOZNlz0sJ7he;H_Q}i@^m!k&CdIYK>Fmi
zmMc@Fg~ycn&){o`o_t$`RxTM&DP%IYQMc}kHZ?x5He2E>Yi`dJ|N8U`xqEgi&-dzV
zkIcM73Okz3U~yH{wym1rceT$@**D$$&^x5RO#8l01WhrQp8y>jUy)NjmSFl7nXb9j
zW82<RN6hThP;z$`hc?@!U)@f`&VX9~Be^Jz92efv565bwxhcmOH$o-XhoNZ$_}S07
zTzBOfN4GJfE?;W_%-opl8UFk>P8Ml}6aI#JU_!NpWu>=eQ+;4uO+D&D-QRZVc;eQ9
z>Ya?TSB(U<4zqMBx0LKZ*VR9qNq&?=LinmvcVa_qT;o;YfUUs3Wm=80;nrq$$~&PO
zofl%`U(08Ng%xhNvek^{ohoIJ&MlpHxX)V<`)H5fPfZMEy9}Oql6vMC-@B^1>E&m4
zPuTA3*L)=5;8tjOD=Az%K)@t;tXsoAaVFBp_5Mlxv8`lp4?M&CyDLh(iq^tvYW-nE
zlojU7**SFqNi9!B+qmKJu&eb-{s28li%FHDYCW}UXDg9IhnQC7>R<vR$+$O%>F>O5
zb@c!GN%om6ZjW#CtHXMorj-phn};9$B@){8+Wiqcww1%G+N>dJYM2Q(DF9Z_ElR+Y
z)he@W5a{F!&wm0-i#kq&y5ASY>Cp(O^;kjLL!-vGLwURW0-YUqt40vFbh>Wj^L(P+
z{^51f>{G-m=&*g1y*2%QkD?2QyyK|%8|jjf(6&TkCaL+1{?Lw{b$`7x{leI!Ko8>Q
zq3Y__ZqY>4(r93?cvOmor$J#^yX8tqE9L2(`LlzEpU}}$8hQEZK$6@;yS>i#*iYE<
zI2*5gYa04`hh|hEbZ@2fUVP0q#rIbOO-~=0k(zmB58($=M|N-i10i4eLu+jX5*KL~
zT$=WMvIbk2ZI=^gm6X+1jVJ$CLS?DGa{B1t6+ZJk)o?n)o`{oJ4kN$Kwh30bIJY>d
zzkDg_xb4b}Pd2eev0U1CML0$mZ?#%(2<=+BIBBC(%E$RQeI%s35+zI9DxA89<%y4z
zR=VG&zsM}P9$>QWG})!#QLL>#yM9Vr4J&wtg^_`nnNvfrEja2;jOHr`hsg_=7Sz_E
zz$_A#8YT`o6!>6Uhz8EoFz!V;7^db@4VxuqH3qY7v?r@+D^jCD;I#!xfK*11n?DJw
zu{lHIOoQDtQn*^St}?<T>;iistlT#Ulm?Ix5V&8VE@lJ34Z=7st<Q8hHcymt!}{U-
z1u!rm4uU$G4E#$C`5r%lVK|+Gj3f~mpc<9$G2@r3L0StT1o|faWnl!Rzyc^zK}dh_
zi=jBS;5wd#*qi0xGZrs`>>yM5|6~XCjs<S(p%NNww2(}&97qg!)5AJoaIL6w&_u{X
zn0Td<b9N{}Ws6!?2m!g#i3~nEArIc$RbK}D2>;VGa<T>+UGRB;@1O|O!~mq5_`@h7
zh*_Z6%%U#NrS7^K@&TYdzkaqDe^b+~fg^dZpKM+3N<Ps`{Q?oGvue;0l3ren@(kX1
z#+B9eK?S%}kSqFuL{M?oYS?uV8hH?+0$vw5ZrcIX8?k+?yK=>w$b#VUfZ&;=KUP42
za?+WO4vsP#&}_LNT!sU(Z-CI|daDb4bC8jtnU=lqj;0BRG+V)=J6AT>{qhGu5lLgW
zDAa+ds?mN%4kVcFOZp3)6+^5CsSNz5tFU4itr_4mW5as@Y~g^Da~B1gK85j(+aQql
zA6i@v);J^3l_mzV3Y*(gvP4H=eJQEmSK&Ff0&zm%$Uuf~BA<cxtdbg?f_Q+B?jph=
z>5mQb0bdIEUEmos_y=IKceu)%plt*UB7|)B;bPeR6^j<|92(XcSPNkUm8xfaCRn2i
z+|6_NmGHXC&Vf$QwGInFsW>K|a<^D}0h&br<1&2)By6C!@UP-|SRV?~cnh6`)n&<l
za)`j4n(h0O7gTitQKmc&5EWY2O=7XK2oT!p93V;3R050Al;jW__Kr=pj~O6FmxE*2
z_%HkdTmH(y&F&(FOD*(ms%<JP(82V*u#rzMT6cCFY`$)aqhCC0wBu?S{YPPP2KXjx
z@q1vA6IxRGLtfxPprM@vVA2wQ-X9fqIMITPEZ~oTK%HcRG)Hp$HA#ORSn@xRQ~Uos
zcrw>PeNPD}W)8*cU>IKXY&HGrCj-l}D{+T`(A@`*-gR~4^&V83gR4wF9(w`y{G!AC
zIY)@@wi-CT*ajygu*3WUz!ZU8ZSklASGff}3IcL@|7PXDr1{+|_yQmXVzDFFe(tbO
zwbjhQfGU#a>lL?4bKl|sh(S0)05S&yH!=r&K}+ELQOQHWc}YK<`Wav%>kgwXlEZAt
zFLMqBQ2Dypa{`D~x9%H!8(ofG_mG+}7xFS}K`F1OAhcCUEDH1~o5H5xet^L6>oFLV
zNj_S*S4g5R*?=Ptc~Xq5?{COe+@qE`0QozB<NzL<I+v$AJ607D%)2>~exIbfMzCT=
zQW)0+OkTXcDR#G=D1!dR9R~{>YiT@pp%D<cLy>;?3<F$g+?+M3D?W(78XPU%M-Ex)
zx++B#*D%u0dmGX%sxBe@Bl>?UFhB0rKzU>-Rdio=ntdyL#}@59=0jBYBwj)0e5@~8
z9jz=bUilrB*;vcZG;V6V$Mbp+@@}AiLC9-#+!cTq{`H#Bj(>Vc-w9OFI)vpibH3O#
z`|;m5EssU#8F0GpreDMs)hupLUkqm7jQ$((7yb=IH|QxETt<ARTUE5ro0Xozj;52&
z7{;qwz_s;*&D|4_4wS9<ygI^b<)BH{dm10=4-XMx2={yTYfwgTq|Qoz%3jdcUqGGA
zz9FWdxh=l8YAtCU6TE5XH2U(EX@IR#MgEjT4NYud7__+L<Tl$h^H@caXNQo9EP?Li
z(r8vn;vU@{DnZjO<}p|0ed`S-whQRl=qXa!^y5YIS^XztRg3nCWp5|Yxc*yPqcw5o
z-iL!Y&w$NCiVxQL@&)Q%MHU)pGZ*{$Xcx-9Z}1F#@tf1iKak}=wtYAk*)_TEx6_r%
ze$y@O<oR8vXH1&f<}s%h`n5+R^wLK~t7sfiuCu-N4}^qE@VEWC$)~nd`KTXUfvS2i
z{KUjb*Y0c!Os(C$)ZZn7-;42ZO<*J}86^3n3z~2{WN~K!?1fc*O{kRIN_UhH?_B;_
z2Buvl$j|FCg63U2uXuCZsXe)L|N2j9sWxPR?Y*Ss<cjgiGfcZIVj}_H&yPBD%Xi8p
z-@~ZG-9C|V#_wBjs8|THz}T#ZwKViRn<sYf=Iko3JI;32jD9il;mnL<(i@(n@cNj~
zMrV)dG(RmC^(Jh<ox9kwL|rFbT67n1i@f$r;*xzoDtp%Qn2rzqK_lHBna(;`oBw@z
z^P(nBrH<@rv$gR}XHq0?1#IHpEu1ml!@uR-8u&anMSYKT+&#uiU~SZmDHqd|Q#Z)%
zt#4PdeHuCtyk6JzN~LgdaC<wC#wwaLL9uE*8~$sxoMPLNPaR4Z<8tp*ySiYVx%_xD
zB@4CBQ}rGCwr`24>UwpHpa)Cs*F#lIbssN5>4TxaW3#M_JP&EORA0}WB$ic>8hs0q
zI~o#H8GWZo{m3d@nD;fqPMzXWx#Z-zC=cD%MFo!~zg_ZI(l=YXJn!GQ@)+$9<PgeS
ze1dX*L;KFCdlb*NB=Hm(a%!k1x?d0G96b8^BR$X5IPcmFI*%?-+z+R7JIj%yd}?Z(
zhkk~NkJsEL9q&a?e|v?xykdZ5UEKl9ICx1_&Qw~L(853VG>nL5;AAa(;)R9Go}B4^
zjc6VpCLxsf5vjOWDpX@W2Hq3J9NVMz8TIg4Q0+V`RP%eH)5<>(8pj@kJ;?#?@P)9`
z$6g(H6;epS357I42lP6zW$BaT@_XkPMR9<I_~i9pQ;A#~AdtY5UpA3XTHV+(YB_Yq
ztk{O2I!?1_XqhWxIOuV)e?)Lyg3D`KiQO)~rI~ZWV}=_+BK4nBh-({L+UV>(x`M^|
z4l0OT9D`z$#x+0AjAz(}xJDM5*c<)PtLsQ@sBtdZP@;`PGyN$`clc47S6&k|XL4tx
z(l0tAUb1s-uY6kyHPIDyFgK4U@$MCQ(AuAkkQM{=7xfK$_=xD+t*x02Pad%q5@>cG
zS4!neT?1FVP6K(TH1a#+(=ijm7XB~ihCJ+Iti!TH{(%&i^XSY?>%0_iwCt_@oUrix
zK1(uL4c`XW6Y2VNojrnS%AkZ^+l06ZPl5?S_|)R2R+hC7b!WcV`(EG4B5?|~QhS8n
zwjhV#9(2Gh&7+k&O{TPz*x+XwkJ)7Zqfb>Kwpx!U(kq<OQ+RohHt!|89xT)6j1P`Q
zq!mzpU)}iA+nkWsrSN5PUtO|xR_uHr>RiK`+}g39g@=*B;wVObsKA(o<<fhEf=-Ge
zx4K|%*7El!D%D2r-u=V|y2lN|L{O8gLj|Ew$H`*7o;1JfO7tIkzPA?@WR0T)&V_6e
z2bsuP*zv-58(ti6d1V}Eucr>!H<tN4@vsXyWKsPb{J0ky4u`2KsaiJgZ?xYf7M829
zXRvB$Rej+8o@Q8sUiAL?rC97GF|}{5ZRyWlBkQ*dIHU+Xe*4^OO&CF<2?J`=uO3|e
zL_H6-^QIE{+&BD(Dy}<jm)B+_1eYqtPCFyldKYD8Lw`cUMH)qa3a-|)7iA`LZ6s|>
znV0#w2Y8n3iR^zP&D$H2yySY2Tf1i}FicT5svqLe*Wb58Y&up;XD#1&x!Sj7^Gkn;
z67L*Iw{b(DnOIwDHqVSkwFqN<tDZ3QJ^j&;{<%u*E&Xx6P`!cJD1cQyO)bmb21z(;
zC-+B9(IM-7o$k=4x%MATx0F6?FWo0$bx2=Mr(~lW%H493x|g+wPn}Y97s+&98MheI
zEL`i{P5$Vcry_G~yCr-lm!#5iXl?y6V1-rfaR$b&>O%2t5H#pfi2m9i#<78S5yma=
zdv>KsC?ZK(ZxBp?aZ!E2m0Q22zmiCkEwTLpjxZW2xcv1Rj4AT}46s+qfd9s%XaSJn
zE%flQ-v4g47q1?~hUdNuI-PTFemo%_!PTLGa=RK-)cEmk41<(eZ2yZH0eSbOvvTie
zHj6FCR%N_-NU#eO&~Pv@FekI~1l4*IK2a53yv?R#P&a)>i;hW@d%v_o-cM@6)zFQ-
z-r$fUn*&$O*tm>pxFiWjvd$+$y(q2AIDr>$0D!6pAZKNM!}teebVO-~X{uJi0WUmC
z=+*E@4SfVc2JDb9)v|!<wra}>E_SUML}6$mPheqF{$`$|=|fggvdWuEII-$10F!`3
z!fhqoU!S4=tv(EK92V+M>?Ek=<4wdHfN4J90C{DbK(r5dIWmdaMMROn+mXgOO=Bt-
z1PX@G9Sgf7hG2<xSB_5tn23=jM1TYy%*Z}L^`xhv5G*~C5V&{duc-g`R$<qvsK_~b
zJM;02bJIY;ZbcpVNlfJspk3zlhQU%G7s*lqR?=Ll8yxb5bDdA1`$W{R><tLn(l@Sd
zkPG(CQ@~5a$m|bZGrCHhxf;X}7Eut#&W#|g6?#vIT`b%_;Dsea4u8u7v;+Y1IZCsL
zg58zAlj2V_@*H3-5gf)_snf}GU2cF_61WPDx4Gm1Lwb>9mq5|6e|!N5%C!Hkc!&;J
zU6Cb9_+eosjm!VGQa}ymYS%?n(F^q+0uoj_sXe#UK};(#{u;S%3Sa}M{U2k)g%Q+&
z*pb(UB#XnsfG7!Tg%4vxXG#S3*pR?w>hv0Nd?rk_t~o`(?Z8a{a140w;J~{BF|`F<
z9Kbvf$AJ%<((>@flW=QlaMb8_fkF-l)?Jw~x9+0BPzr9MItx2Ky5WE8M&z%7`U)e|
z%16J%2HMyrwQ!gDG}N*7mF~;6BoNgEQmDbw3!t)V`XM^tk#QZa6L#gGKptVkZOQ`4
zIe<yc@%L8WrXt`rWWpf%Ny_8N07K9qv#W*&tP_;71PaTq19cpv4P(cq%md)G+46J%
zU6=!I1`rX25CC@LkJ93Iz|jX^6*(aQng&aSVH_KegsB|?lNy8}A%J|B808taDA1w1
zUja%i9HOH6IoAO4ZdK$|{#FMomJI=%7hN<6ru~Pqca1hd<sS(AH7LRCQvWA$8S?Ri
zX2>@HL(}bfjIh0WK!CKDQs-BeN96w!MbwcTOR#*<_~VKKz-1AE9R@)ECWqvcjVET%
zR1=}Lf%eB{(*$N1RGx{5o}pGWwXqrm1k|uIpUFBn=aRpF0(!-J(x1Buz}&T^1(8gk
z1cI_^z&S&j)nN`EuxDC)$<s+|c{?{1!dMSLSPflQc~UH;sVjXmX;WGARFb_PuJvzl
z%@f37vDlUe$N4{hJ2Vh~OvdJCA;{}Yl@HV9A);x~vB^`O^d6f^;6V*ZCaKX9L*opM
zr)z}NOx-5YY*o@w#zNn087UOhxo8ns_XGjDPdNm9fRA^%3OZ801pss4fCJV~Zh+@v
zSHl^)9T*;C2kcJ`*~)Kq%s8BHZ?Qw4JoC=M0Vrv_Rp+ea#~3o1Q$yUa+ZTg!Szl_|
zPYtDNqWDK4?LLx&f(j-Pq5><wZsuIC8qh(SxJZgo({~5}Abiv_$p9TL1o&m@jfQT1
z_y_W{^y9i&WE9ZQmuZvr!Fm1SLcp$B`qpLwI|U*H(NbnQ4zS8DpjSTw9dC32VKy#o
zm`(Pl&*Mc^oDwRDAHHsk8PCoPLjG5O=x0mnbD7Rz+0>jPP6HQ%y99B6GacE6K?5Pq
z(60NUS-}r}O!3WM;vY!&rZ&|EDZ?MmP5ZRI(`j)6GoR=F5X0gynAJq-#Si#A<^CNt
zrTZRg+h^wnJbiVa5{^_?4=UQ0mBctO8>E)HraBZc!jCx{I`m8KmOWD8RU<-iZmaRG
zGHm4>9SOGT`+z74Q(7?V;+f%C?N8#?hP46ALvePxl0Zq<bN%MnFY5KNQ)3D@x!N5`
z&G!E4r_b^q7<qY={HQbV@O)s<r@aBz(M&d3=R!aIg->!;TYtBm*=MjU2=Kfdt@KR-
zS%m_O>W;9*KBg?T&?btbUSoW1fM!&}F({wTBi1t*ZlE4phM3*%l7F`MZQy+1bsA}n
zH=Xzyo=E~o)_cbu<$lO#XzwTL4P;;MI4WzbJX9)B7b1IPKIvV@z*L{d&@vzHGwLER
z{dwyo#9VF3O~=mZW<kuo4s)}vW*z(_xB_$v>djzL>n^!r{?vjwfGW&k(N;euSQ$KE
z;2zomcNLvjT5FfxDV!zV-PDVQ^Esa-Dwi1e8a(1IoZ1Ljb7g7KdX(2j`3I`2vagAu
z3jNaFAz;r{YN75|JR|X0{J8=lsa4iB7%WjUZ|bsQ-;hi!n{y;KXxEceX4i!J>s$)b
zQr<IF)yIebreF0%WYJLL66*7EE86E>%Z$k!^FHnM2+b#dIx#7$4JAG_Yb|Y|6TQFN
z1zcQirNUe)HmWT1C@ZWzxc@xnrZQ~G?tNaoSxv=TcJ$P|oZnUI2a;h}{}{cD=3b3d
z$+U0fCMux3Nv6nn?d+)NNIqNt&&B;LY31@|4>6pVaNDY*&7*QQszBj;t=kyC%X`a(
zjY+>%i%runJ$MVdV8dP2sdzESRi+J7LAFT6DIc0y_;2TMVV5D06VqDSEBk4O_y^MU
z>9wC*m2#a?=LRx`Z5>t1eI&`Ihq|7^B$x()(7X(3w=`+;j4nB_9JDOm-X~AeuJ7I7
zebdH_7*J|zRu-C_?OW;A)F0B3dUa;_%5c<z<InA^;htb;-fcy$ha|f5qlRz&(|)b&
zB+{>G@B}!BauV#`4vbxzF;pNd<FLpyXP&pn*MFDRN*Bu+#a^km_HQm9o6QGLI}#5T
zI0Su6w^f6LjQbgXfeIduj{mLBJUyQ=!5as5G3P}?7qwP1=cMCp5h#H`bIx8zMBRPb
zuVi$RB1gxSP_nn4Nd?MN({0~Ay{s3g<8YwA9l^z%x~?;z`PQ@O`V63qJ#qTp4Qr#T
zoodA^*$?jdizt>j$zn>_;kCVoaAqt1EtNgzSS(cN8~jQ!JU9FY>dObav+UnoKaLX$
z+x<QUhoBF)Vq*>2DlhPrd0JCmN0@8)wzjab-k1*yopSrld6Tb}$MW*dINc}Tm-t<A
zm6b~dE;UBwnesE9=H|kxO3=v5<L$$WLMA^ui8l)oB6%^HKi%JgQ^z6aBi2l@J6UnF
z7AEcKnAU3?1*^LC>U>YD>mn9+1hZHVnAN*4F8lD3VqZxZ7<?YT6|x@e6)H}mudT<f
z+uKveC8bUszzkz;M}MhesW+?e3`xm5zTqY?R^L4895MpwzRSI^652F37m<M!?Maa5
z0xfxbW#(N^E*DLO*s*fvsAE&#WkuHU$zZ*s>)F=7X2td5CA0EX@Y3EceR-kJ(1k#3
zcf2^coUJBJU(c$o{P>%H9Yw|aJ-kqkOx2_LnPeXwln|j+EXqEH{CG;D!C}EYlHyuG
zQ`6`2yfJ#)_JL7v-it&9nXmlf0lX)4s+y`!1yrhU*z~wV@!~@oi(GA5xF0kPQ~RUC
z6Kr`Wk6mjWekM7xm=@<mQu$ZP_P#xu@r2@;&)*Gf=le?>qBdY7FFa|Ut~q){o}&3s
zRQis>{BA7g*S7TIYer=*W95@8Cz(G;?aeL<OC@7dDo))5yLHSJgc6)sZ{chOl$N>#
z;M>s{EyfC}*X=Ji^Ht+bgHRq>Gl1S8#@@Dad!0=EKqBV^D@w@?4F)fGC~?w8sjJ<P
zFvINiCc*D@)kyBr1Lw0!vtWMC48%^Ji|6>+Aj0e$GR41xX@>TBjf+c-x~zT!+IYKy
zK>T@<Q{3O13mA%l>m}-?^Zh2u@F$8Nx7VwhpC?h)i@x*oBI}1XFmyShd#%Fr-BB)U
z%d|`D+KPl_f!Vx05iaR|p)JsI{-Xl25>xXYiViBh_?HZmCl~VY(%H8|&78(|iwkPe
zyv}{|<R4BKT{paba5Nnjw1|3lG|rH^8fLu?NlslTZ|z2{AIOP^Rw!wbVx|uIE*<ON
z<m=|JAKZ~O<TS1m4~)~@kg6RNHHmIzIGU+xUH1IH?H{-QpZ1U0ixh4NsqdY7W=hIz
zkf5%X_d#wb=s9fk__Td=de8DA6a-k0_AU*Y^molF-}2@(w4o$EET-MZ6Q>mtrB4~H
zoU3$vr%|rZ($17<Nu)5M0!JAdzt=qu;~#w^ex?J`F4E$j$0ow0J81Tg9oPiQKFE)e
z8xc4k3WO_dE2~h(9zsBN%@<n?a+j0`D#Zau=!8JPm8qPKOJjy~jvNw%oQlsq8>yEh
zX5-qH2Hll_ohPa(l2y_~AG5=c@&NEw97Iv3!DUv6_O8l;ASiqrh%R`O-(v%pKmb||
zE-ye{4ckWmtAJq75X9G_D2b58pvsd>Li`A?^Q)wW0$S-Zu3RV{D*?V>w{JkI6q_!C
z;L0EYP=Os_>2&oLhH*=+U!h(KWwBeuDyjg(=w{Bf^QF0XkW~YwOy<eAK#*kH5z~3q
z@C?NPLTgz0aivwFqoZ($uq5xouxqY81z6i<5r>LA3NU#gT43Qa|Jm?Bl=}maaD(8?
zJc6Uar6&O+y6x{t4i5O#)R_p#Gl`+QaURk)kOXuwOknlH{}g*;TM2B(=>rN-@POw*
zOFR7KdSV#uQpOn?wzR6|2g(-^A0#MIN$iJ#ngjSsNL+&UMV2+Tl>z1;YYu-qJQLWz
zA~;;NH~f&$|4c_>31YDt1TrcjvRAq$w(vcPHo%?%C!hcvMgOm`0qAI|>K;eRwHGKb
zlOBb20g^jFeMQL>3dR`!gUkl#=MI3A1`ZC`Ww~;H7Q=u!04UCz(gZhm{^R#>V4-}u
zSDr&iau^n{R---sp1>sZ#uW^XKXrivbe%qC<be?y9RI#tfOS)FMyLQkpz%x#e7@<Q
zav)%*2mCYHftP{pxdeBDDiu&=SyI|b;GSma5BtRc!2-HN>Lm-#))5*SFi5hthW5;H
zA@1eZ6M=pmPcHzk!>%vpW3gfXgW|R=4qLhs7+kcqEH^-*1;PPRTEr(Y0MrdM;Lwe0
z{8^X9z{QXV{sO9AGXhu!nJx}cjiB6x(@9<d6v4(-p#;PZIg(efV@k(BPGG+ySi6ot
z`3@=h4$UNL^18N)3>`2F0IvCAnuA1fp|&(3_7&4ZAuvy59S6ARpEj)4{&W`Qhl58p
z2O9rY0R6+^fV+Ey8#8b@rH({_{8kLa*ANw5S-|>bUEvFuM@l=dX$E>;h{4f33(yDw
zdfg4|oSqZ|ZXp;wmBM<KZJKa3WC19^_^$kq_~)38JaGV7F=^tDnT?^%*dJYKfG+^C
zQW)i?8UQKg5M19H<zE6WOeJG6&_CF({04{RuCAhq*HO-OROK9b^5KrdGr_jKd|Cv@
z=H-&~jmyXauqZ^znt5VKH^@i^HgRS_MJ7r->t$TaD1?0nsETcsp1<-}7RUeB-nhO5
z&Jhd&%5VpW75U}mkrPB1h5u;`<0&FiGScx%!$1^7MGgxXIPDv;q;x}xC9nad=?Wnq
zISB`n9RfrLK=bRqQV&bkeg6#Y0I2{+CKyHYC;t{~I9HF9@9<H=Dw#?cqgUQ9kkk&m
z`+L9SVgT9RD>!sYQ`3F|*lnhAATky;glQ&R_c6|G*mF&Nh7g6w-c%r<3+6%qK!J5N
zh?8}-WT<L1)nCD^rAX6G(=F~i7u*~czAa}@Cv_5fFxS-hJ<&Av1%7p2itGiu>+4Gb
z!EgRPDM2!#E@5tr_nn`uecGAJj`2BFW@~;Mz0WJ<YZk73IR?_UJ>|X&wxEttO<g+I
zu*qR<>!3aN>!V13X>Q10=r0uVp%>XK<4hnMLm1oX*e#({Axq(bPc@dQG@jCSC(s4X
zy;!CPx{aBU-vch*Zb_DYCfUQZSGEl9See6Oik{FZT*y0-^+nv>uRQ+&M|{mTsYd7T
zd(+qupQwM~U3DvT${DTMRQ6!a^J4pn-pREhcRHj~E)&o6(yYFmi$wOUk|Z_R#1#fy
zYz}twDh3vv?((HsJ2<VK($p!J4A|4wI}xRk{#cVHQc~1ROH?-q<hifto2*P%fDSEv
z5^`YQpcR^_Tu@i<XLDfrQK<~-b1TOz+u)Gg+yUW?zO2^%?l!J)@R)`{GaWJYLrW*B
z83X2lpu?G&>F1Hbi5!tr_OnGn%^wd~wLXV7wLqk5I_ayQkk;K2r(u!!CfiP*v8Nf+
zHZQd4^q0bL`Icj8s}{W4lVDiy?kZ~Yl19F<B}MZh$n3G`nLQL0>11gd;B#IvKS#Z#
zSmIDOmB@2o)&rw;s;W9*9XatpAC?U`UEWoVK~2soKXG@}hcJd#XQk9jW=xFpmyh0^
z*7TOWsIb+8EZ@y;9<nl9^4HY8vxR$I$GvhjjAnhVvGkiqVkW!e+2*M?FR>tupCwKH
zz^~L%TR9_gCVy?bDZlAcO!>2xw(B<P=Y=#z5nHpd3jCykk@mS?k>64CvnIhGrJlbi
zgxuRQIt$bn&*Tj({lJ!{i_TIeQ9f5HTkkJm3DNgMpKa(R+nlhp*0c}1EjN7P4^B8$
z)cio0)l<Kw9gI{RBjIDZXGnlC?UIrWowAq@_okKs_`9dd%QFF<3uQW`c0!x4Hb^VW
zb;oK3?6O@3n@!Vb@|wd*zHDtyUUK|+r@b0GlsCQn59HVDg7WM+nd`YFfBl{%-526J
zF%nv4x=fm0H(*7158alY5K}D^X0-h!K{`-B>S4^qoBQijP3Kzbly+j|YLxZ{r+&RL
zbkRCjX>Z{EAWNO+`VO?EmMn9kI<aZ%#3I_o$1?OZ%W4T4sT{~$ZQRA<Lw>%O5FUSi
z#sJ^jd>2s8%Us{^_9Nm+?MTE8!DDXSpZ;}2TPHZrMy)MVdP0%)wE>E87lc0KX=FE!
zR6X{|P};wPgJXQPy2XTa{a*b%-na95nL7343p-Mo<_p)?hbi7H#+q94Lao*r;1?W(
z%k&HU$>!AZJ=Fv%aX_?X2gQKMC1b&jdBU0wMDX}W!;>WC6}I!dq_b>P<DPzN44Z(t
z$bm{vr9V`zP6;!@>_iun7*-mW91ktfl-OOAlr=4le6(Jd$2JKkJ&rM%0P~>IpHWte
z$_lnUA!`S0hh?os=}P5?4q}D$&Y`r(3o*kOozc9ld3DS5K)wW2>sn~@uydlh(}a@~
z>~`$<gY$--ThwP&M<=D*JeA@3kEKg}iYQK(Lz@{sQSel=gioRuJ7dR%8k(3eCcW2X
zFLAzl?)R~L-)2hOSNh2|is<(|R!t9RYi)%-Ok73hqSVXgI`aZhs&#>%pDKm1#}F8F
z>}XPC<~247r@FB1x>`+BS&zNIC+(pKHA1l@?g%6NUCJMZGsP6RDiMmYFCQR=7$)l?
z#dq9j{mh=WkB;dbM}1s_^9Y89W_^rl^yXiV`IV5Dpdyw*!Gy2>PEu;)vVU6Ek|Cgp
z^HNjBoHw)NOPQlGQIi=-!Z(domgNq5WN|r%&3Ey8J3Kt%rUT?^Q0~<ze<js9ohD54
z?>j}~shsPlBQ+lBeXRCLNw`!g(ipNy29p<dBfBh%-!OBs0g3GW2b*E)rh4P3d#MwK
zpA#SV*}M%kBXquxIQrroyQ$uIL^y+aUon^%li6$x9UW@Mv_A~3GB@cvFE=<AsY+n!
zGgJ#<W<Y&#^FmUwzT7|8OdB+he*PxcYR4-okw(6S*tS&O4(WTSgcKhLezLA@;$R{?
zW&Yr;t<{O@59Vp0j|oo4Gpd`GRpwkUPiK8tYe&jl*1SI}8SD%7*9@&%|G_6yEtz&I
z92ey-)JySCWdDN~TGPmoi*y{HaC3ZnubBKkWMSb=_pAD#ms~ggTAKUbp(*+q`Jm;P
z?Nq1OA9+LOqUPeI*v3!0x%2Mvc9yZ%Y1&!2No)rc#jbT?ufzHZ(gS)#QfG>Xs>^lj
zs1F$$v$Z~bP^4i=TD|DFUY8qPMsE{6(ku3+5T=L0XIRmf<@r7BblxdE{fC$0$5$db
zJ}p{cTUY)acdf4JW@<v)G{1s|JiNu$Cc^Zmw9CPONoq}m;gME1m{o#aI<76ZpjTQ4
z3+p|c7$x%4qe9fpDOQtRd@7L}_T;;sd;ZpFt^AYi+feR2mZf8>(YPW(!>_ueTj2(o
zH1L;r-M)=S_`&GEV*@{<ByO>c&3M{8_kYMLd=@LOvu7%{4vut}ar0QTD5p0s(MIE;
zO^AI=6JV&?epys}{C{`{8pps`8Sxeob~&(1@rwNbz<3P%d@!hS=-~sy@*zOsRxJ3Q
zeMVWy$+-{v2f`hCj4rs!mmNrBzK(jY9$X9w`7roVc2dmq5piYi83Ktkf3y!pOvuku
zZ2f|L%T$Svm<mzkQ5KaK0#_U^l3-3fWhxq+Lk@`9LNUgmIRjSR!Ooxx*uL?VJzPe)
z352OJ$bs!Z-s7XZ03?_X$!;Ij-lw0;$0d+FEjTruymD#uVn-p(O3T{qRaE&z^5UGc
zV6K}GP7Tu$*GZOa%%72m06=xe5xJG7TolBXd^@rVdto?(|1k}Am<I#cX|Pn8W?x(|
z1L;CRu$S=QYK<Jrc7yw1mnBWGd7N0SI2Bt_&_gJUCyXSZuZae^m9<qfuv7wyJObF4
zmayUog3XKl_XX1T&yEWB3zKq@mmoX_0f{l6d;_3<7)1oII4lSgk*Ao>OUh?Q`34}V
zM)pdYfD_hjW21%b`yg)WN)wh(9s&qBk}M%X2|Sx~4gXQ+ruvFH{xkFoAex48zQn=Z
z7)SaMek4!k!tk&dh942hcZmOWfCyHp=s<EV9@gzjMGgU<%l~8RJ>aSS|M&kRMJc2x
zn^0CF9b}X2y~{4i-kXdlD|?nLJ1d*4q_X$k*_-Ul{*Ra5zwh_=yWRe`TYWz7bewZK
zPI_Li>$>h&FFsa)2Y?(rNfFb>hKJM~k#|B@GBd3aA?58YgZgbP%3p~@*(j^C30q*=
zG?xvD>3}XYV2bD9Jf|qta0R$;z-E9e^xjBp=f6>x?bBRkxahvsfp`VLaxh-%>jeP?
zzL)}r{6B8PDjd;);(&BOp1_EvawW|2e1z7<97U%I!1CI^o&!@NfUyZ$4{SHr0llUa
z0hJKc+5S>zO9gVp9g$Kn!KB>S@?fk7S@fYLj}^L&?0GUY@1+FGmomS~2>=EePq#co
zeq>O`spme3D~m$Y1p4J?VCQ%jB><SsBibbL#lP(zK_>k(R5oIV40_745kTW4qZ>YH
z@7IMi@B<p}B2q|{jS86@b=^Db?N^`s7s-<Kgg=red6G-$$;@s#+!zL}md_#eFxMTd
z5ArMUZ4h}qvMEbO6s&Az&hwEnuET4I`ma3?h(UO7Zarv%e!m><5In399y17N1dTSy
z>`Drv!uk=?9<j2WjMa@iQbsNnJX>qOb8$^FoN=_BnoLyCBP-SBFUsL8d9{-|`|%eS
zJ&Z~L294k7+hG@?Vc<uFyatlaB8ylyYTiX}ga?A4VGnRu?+I!+Dgotmbdt>#t9J)K
z9p-nc+R54xwX-c<*9VhbXMi@OG3SVkuc8QlfBoGD8#)s8X_+A(tj7Qrm#$mQ$S4li
zBe*8ekqhwm2BmuR4W?XYL1KRKR33eME=)`w*?U4E15AZ5z@!75L{wq&1(26%bFon&
zzXNoU$QBZKq=NlX96>)MrUmft0!-@^uuyIt!~wvYYKjn*<W`fVU-3&RDav}{EqqZ?
z$et5YhRJwcnf+w;gaHHDZ)!eN3W>5^kx9nRw3XSA=M&$}P{0K2Bs@XZ2}1Z^`?Jp4
zLoQ;z0IgeKK7k)apJ#naS40}(mzyVY;Qr#V#ZT*Ij)6gb_!hbJe~4{&*qK!Nbk*t}
zNLloJxgR5T`V-<_0v>Vm=Y~fE?TJ35z;w?K!@nr)xAq!?$3Y`%9{)4qlLR9^VHyOP
zs$#s19$~#V#x&jP+A32jLcX&{&@i%Jy%boL=)#(^pWh5ui2dOZJ}q|n8_hI&U%xAM
z#!l>6K^sxNn066M*A2dX`sDnw!)KH!IMw@^w0_iqGpFYpj!kneFe|y&4Jz~GOdMPl
zpS_o+F)=WIxRO#4_f|fI7V|ez={CgQF*k6>+$l@neUiy$Fs(7pd%iOJI9YI7_)fu-
zv0-hE=}UKvJewUR9{fd}6P(eGOpA;cY(2ev)E3(_!@;b{KWS81_B8H~2(6UIg+*q{
z8RfqIS9#2j!!ImSOw}Lzp8ImOyMu%_S|MlHCK<ez!sDP9+6hW5-$pbqKIl$=U*&GD
zs3B-_Zz2w=%2v~d>^@1B)7k5NvetA2hIcngHdmQnZZ)<C)s?6X=c&wHCpJ5bZX!8m
zPD*MxJWc*)Z22sv%U@3L$`#chUa9`O>ob})+B8Bo`qwS)^0S%7#)a=|(e*A*?!1di
zEEf&C5tRP4NilEAHEO0!pTVHB+(hF0Ae%?(@^bSC8FAD_7)R9ZLsx0~jc6`Ty~iVn
z+1I@Jc|6f1J^w@6&{x*HH##n}V!c}Ds!rJPnAPQ^w8|u1O8%m7&&QS?hH7g(d3wQg
z>XUX;!|f;0n9Jf++1X|s%*N@Onolh9^vtsT%{Sxs$MA&r)9AIlC^qvG&Wk6^KWf-U
zk2-U#eEY_)_T5v!Jb)Pg*r8ZHT7!Pyy<BA6#J2p9qK{qn?!9t_)T^D>Eoe`s28x(#
z%GvAh84RwrdH+#jcr7qIo!Vy*aQSA<X`^Q=;k(K?)m!za)at>d&C1v};v>pu4!Hir
ziscN)?^c@|OdVxsw2&2L<0R%{G+U-iCz}*EGC!$l$aSP*67cA+)8AP&`qH=4uB6Mk
zH!{z7@#mlPG3;)6DNp13T31ILQV2V^37U^Gj~~<@uh5OXNT9c?-QQvsOS<p0;v;)#
zQD{!~lRSsdgsAKAQ03+q*$IC-#{paC&sW%`sTA;KLPQQ!1nB%{21wE#70?;2-#^wA
z^Ux?Y$ZEae7vTnIZ`s+Vpzdiax!yk^19`2nHg9DII`h3s!>yOuXUvbOMh=~}ERt{K
z)5x)T)YeXvX4}wiioM;d_<D1%VIK2OO&w)_$Su-4#S}m4I*r+V6+8ksmos;%-f9<G
zr~Jv*4=Ogc^~@|(JIegcVK<vU!=D&3nEJ@{(}73WFTl0E;`=O1S#0tCDPF55_NIen
zW9FQWt**S&kx;O0)>687j4g@NiT|woWA(PjM0Av?-a3irY^?0&s<i`|Z@U}xNilq^
z3iPTuntEFVAoIn-8GpJlkDDC7IM$OcZ^WDuwDZ7pW@E_@%~9N>S<}w8I$tUkOOa`J
z-|Ur#6`MceS@sov-aj0W^>!=xk+o$T=M%bs;GWC<B#Jf-g5c<;c63Ql#QRX~5jd{}
zKfK$fXe&WU7Rl>24JPPH<^M&s|3zIf$M==1PitRTu@z_bXq;{)uzWO*zn~<G*1#mw
zR8_B4^tT{3e6}NeVmxqT?OFchIYDQ0!aS-$a;m2J6wMV`rQ5#Bcewk^rAtX>K3h+&
zJQdyg);^-{K)KNr&P_Ww6ENW{Wpa_T@xeJY#l`XZ{bVP3MODLu6d#U<ciS{~Q2kY{
zyzMvTC01z++3zi_e<b1CQ5+XzP72stA8!@4MVq-q**p-HlR)R(nLB~6xhHeo+eLfc
z)oOu4&D)E?R+t^%#wsKDi-+Al<re?Zc*<3x&Ktr~Oik6+Uqh=Fqy8js?u$|WEhVi;
zwQI?T!T2?hD_y=SaJ^x(+ASV+RI`;zH0acFQ*CZ(z5MVmDynT)uG2#)y*7R7i2mAB
z>;RokI<ui;E}WvlvXM5$;Zc(iOB;CI?xrvlxrxI`I8US9-Yz|}XXFQJUiG5<uXIUt
z5yx(O@;jM?nfFv5)>&E}xZ$x~FeW@O?=6zm?NyO>`A~Lvp)Ahv%lvjn)gw}L!>5J9
zyBHkl_8H5hLDA2@1P|y))7^b+<C=(xx!bN(<Z(^heowRMb}R`VN$ZT!E?x~&dw=P1
zms^}nMa8@G8(cV3v-^0iuGWuf@x&rE021<BxZLfjHzW*v^0yM2sjAT4u{Bh__Bn)O
z91>HC!v-F60c~#hI%P35WI^9g7AFO>IPy$C{`nAjv(8C8we892hkOl{R5!+!)4Jb3
ziy}^6JT2vV=9#1^=_{LO_Qd^#+Vq$AeL`6sJSBSK2bi%f<)!^BW0&k*{jK};OIg78
zr({+WdinbCXat4Mt1G8C-)fi`({?-r|2WvT+B|JvdgB(Qf6YbC3EtkO>_mf<zv6Om
z`D2cz`~(N`Wumv9hVRQ-UR~b24tWRLz4njk>q7+`Wd4_ybN>iNU&>Td3m@Fnoh8r^
z+(IWVbJPXj9=Pq_JdbhJpfj0QoJjpg_O0@lTlY9$pB7rM)ddW^ZU5e-^+;E()ayau
z<KM4l-C1JWH|-Qpk~-KlXM^dSC2V&zT53)LL3H(>z7?6)9XudkhkuO!hmmdAp{Y$P
zoKVk9-cxva(1%F#|E|`Qg{2)D`c8#8(#q3(-o5bFIpDZsvX$zjWD(gJiss;V8GO=*
zu0L;kE5J(rJ!)Azg=371nn25^GX3e&;NjEKH;;9GVb#;~1*|k$nGSyY6p$`&TpQ;?
zUR)Z(kkdr-K}tX^-P(IMfBTj=1A=C=mgOV=pJOqse!%GxMTpSJU^M+K4Fl_)SHxWa
zhb#FR7zEf^sYd*`T-ZI~o;Ra1EwDFmgl1iPj`P+eFyZ59FJ7f6+H?#*xU9S`P_ml6
zd|#}~g%o80%OH?j``n`kg%ITW42+aA@@HWHvp~iXt;ebZlQhu1fU_#<-xYf%w`DOX
zuwP3|fbk&r-yn;?=7E$=2?|*_3H@*0NC+Qse1z-UnG&sBNX3ZJC`8I|Xkw2<$>G7`
zNds0W4glaH8CQ*zLA@Y|12S3OjX=s0%nH3;2__@d`RvTA7n@RjDR;W0fDHw%58?);
z)6&v}X_8Yy=^JTpS7)aiKunF{79b1AAMR&(sdNb|%S|=bpw44~tVs?vf}oox5_CKN
z;srdN<ZBu6LeIkB!C)KKfPs$G8X|9O__cuK5*Lw2K944z5_!G=ireKTlSQ#73K%qk
z?!odzSl^=j2o@n3*>PeAY98fIAe#{e<64V1f~U)dX1DOKX(%Xdr6I+IzO&y13!~(d
z)i+N}2s+KoXLMm80U|i{!$BMY3PZamGo%6nb4tjyeo&LBp#AJKP8JGb3->av?E{(^
zoPrCA(J8?i;5j8Mf*fMNIJv$8c(7+O$>-v|=QDZ-*CT{*>F<O?4=A%7=K|WEuwWl{
ziQpZ>|L}b8KglI@fobboczlwJC$=C5XXMEYI5m8~y%1gl9PW`-OX!U3Y`|T@YE`5H
zW)kSLjXqM4A)BZ9ALQjA=7`)1qdrqm>&zh2f-DuhWB#S2aBrVY+rX2BH5mqs7FWv1
zz=}g9Wp4*)_m?QQEJS74fiw+{+=!|PLI!Zsl$3mE5-Q~t5g)Qt9+rW-&YgqOJ;(`I
zr_nnkML9OPWsUH1z>OUmmKmTLRw<C-iTlr>Ih(|VUqAx$kW_nZMQm>u8HU0o0|5Ho
zZra#H2@387e*9B5s484C+&l8wsq_P$H=pgLKHJNf?T!HS-P!IAyPGV~qfsDi2w~9+
zlAWOcPZH`uZi!jL8~?WmaN&E{tP$S){J$^Ue{lL;TDKWMz}Gn;5xHcna!@wPkuSQ=
zC0?g2LD&RYQ0ehJi`GHn?$VfXBhowZBnXzfz&fUD`v`(}Np4vv#bdFM+KIkg8;1b=
z7FcCM$<4eLIpZHJ)PTt8!hk|b7woR49kq*4S^*>wyR8qw#IeHgj;vyY5FVnOfu#ly
zNU!9^fU+I!i4&fkN4CdoL5L!F4v?wvP6wNe0fQlP4geM3T)Hr!>XnQjDkNYb2{nQ}
z!O{H3YmXWK`jA#rzJ4%`gb=$kN54Hs+lpG@xKn|gmmNOYcgK4!yZJJPT*X>d<G`L?
zYtI(lb>c|6zSQ$I{9`iHtFIWH^o1Njh{S0;lQ?!azqpkpP3Lj2JR`_qq&p`k&(XQ~
ze>ea-{Hh$Pwj1rI;wt7X&}nHUmEv8oy*QnyJ3$rASY3P4Za<RV<lTgyEv+Al5u|_Z
z`k!qr_n2$a`4T}C)gMBqUWR5kuZp{@ZY&sOculZKjkJ4GRYvn497_`QdiMm@c;ruh
zh|=}H#5$5zrvACStZK&J0+0AatXug>*=H-u=f#gHZqSVS?tJ2Dc$%hX!anY^_@Z20
z<+w;xP(1jn_?J$_iVB4XbJcHVPB8-qH6r%P>ZT!samU=)Rxwfd&I|wQg1rwOQ3kpX
zUc|XQA~V|=H4Yb~G}(DX#n%*coo(4KU31q=)pV}rgP+gV@{o($`-jJav0q}WPwRM7
z#BGU}4%;`GDJzOFNAD$NFa=KF_itB}JfNJFuswXOQM6cl%YOVuzV1-8$df@0dB3(q
zt!8^p7lM0pr}p#x8F?GZ5eHB#j{B({i{A0TT^`u-jor<gp-|##wzQN=QY!P>)nE}$
zDOaKUX1*W(V9;vR`;V$Dv-Dster)f-)sPyph&$p(Ik9yv`+Iw*4lx(T@|cNe9G*Wv
zWL$NVGkqe)6jiCQo>=F5e4nM(yv5;AV^K%7zoURgGveFh%!Q54@+r9_?Vfdlsl*rI
zSZ01b<1tiz&thZb<q00Q^6&f-;x?MqWeZy+G~}?VdtW4NNw|N7?49#RiHg0u)qhbu
z)<LO8_f&^->N<C>yQ~!KF6yBZud^i4EP8yA6HL&M)s*zVHqkNDRMw%x$kOT$m5c|=
zU;JWB{+J8zFeVKWy)^ZwE#``$+GHglm>0g58jYQCkwnRDnI<})6J({vv4zhuFeE59
zzUA?)9-0-tPk8K4Hp_;+eE+cTa@w8HY{wki30|jzdv2XVu$GZGF*znN?@a3-(t53O
z1Uvmn_lrI{kK(-Q7>8i%yR!S%%K*7uiHLpk$u;aRinZ!+hohv={yDC@^apJYhJpDJ
zG5TjmkVLO=RXL1G)6nss`@tGp9-bRkNGzZce0qS^ezG(|F`H<6@=4E@5cN!m&ugKs
zOT~6VHhYmvS(|e{cn*i$s!|CjMEGmQL3pGIZ>w&Mn}{sA19g>vr7!vb|H)kV-6JdU
zZH_z1KT3iq7yk59vU`kM2qrvGq%!O-8C9EVavt)i784X!TE1Eymbz5Y7RSZ559yF6
zS;j{bVMja6<!yB{3Z$-#b^g-}$EO@y4wb~dx_z`1H>NgWyM^?y>Sqt@=vp%Ni3;B-
zJ!JQF@0i4#TT!d7P>u>W)N}KHSfGo0x~*D38=LuiTIFK^b2l5#j^*3fqDE``w5FkL
z54W3Dco&Zg57guP-;p(!94%V1jGA>-*b7V-epgb>t`JBU)5>2MY)kqb>Lg1dU|J<`
zab4&yiXfz=r~rGfEQ(_1)!0Z@z?^Fol|8IE=2~Jp)iS1dD|^mg5^MD<Zb_V3X3p<h
z9hI%rwv@)%i@4I_9aX=4aYrzv;D+>waHT~__zobIKlIfMX0{&t*~R&lGQV>s4=H=>
z!+14mcatDka0GMvhu$(L`_f>~s1%;UapqA&VNQA3MflnoFTD+_wOPb($8@2x6j3wV
z<<(X;&nUsXdY`E2p}`(~Phq&SRQyhicz0w;znN(EnAYO~m!PyBG5Xi4AIPY9g3{c*
z!bg=W`!c1SbMq|eYy*qTE%WDom?W^b5YzYGuEi;$V#nYyXFBn-ctcvCpJJkRf71Kn
z12UVi_hZ+?#oP|nf}?cYI9+!KPcQLxf1YwqUefTAB)rzlevYa+!cH&oBFTydXL(t9
zSkV$!-SfYwjLYXN1!WRV!+8YKGUG14{);ker|u~w-!!m>cd1Ofj5X2owdTz5@@b!`
zn|;f4<uT3MmVCmFX6XU1@48+(yt1&9rG|S?zGj-&*HYw`e4n=lscdu_y4y1Q8rQ@7
zbFX@^t%lEI{OM+@$@LWeIQ(e%TkC_LRW)CUMwS-S1}EDl=MCJ<J(}#So6|<B2SVi?
zc|*^UB^>Bf)ir&(>J+f5O_U^N^?hbvqQ3E$$##AArQ^|@6P}Jo-1mQ8o>?C2f9Lq6
zEWr7D4A&<=se~rg(XI>4IVJg#ngKe}r{wC|_9PybS>vN8;REYNv)HV3VMODJLRV6W
zDf{1yVEauSxDPluT9#bJUeJgp4cgs)uPd9_SIL`C`*3vkE|a<R<H|l3S|1kSaDx3e
zN%zBQq%k{tGVEra+Wz1?F+T{B{4qR~jTLSlVZUB;i+_OoTS!~dlE%PIg>dTfsxlk5
zdot}>Eyg^Qard>Q6}QuM3dJ(1{Hab%hI>nSpK3PupqJW2a%ggm{}j##Tvv=rh>2SN
zX0mc9E|gwBT)*Eecv{d=wDF=ZHO5tYXlP{NLfpLm!7sHi{kfDYseLhYhP@NTyHB38
z-+h<CvDSQ)QagPj`Agkia|?1~1<@JIHryW`-ydtRf0>;WyR34-ANHJ4IO)@6@}HTV
zL$U0Cy)T#ei;`at=#IMQ-bVVk@Fv59O5au-_@;NLN_G8#WGa?qx>a+;Tw~Bof5@{n
zt^UFF%%u~1wD0%e|3}=^SO|8#dg!q<Eq`)FmEwPy0md)Gaq%BV-}-Rv=~J->5f$o@
z32BpOt3e5@2Frg@${&%C+v0yAH<97D&SQu9DcL3(E|ZV1(yf#eM0H5)7Cfft8!UX2
zLt4rt$7_5*-cK_ft_OAd)D8NI6qhKp_neu!v7hHZ5*la$xua&lBq>iOXDD|v;382V
z1<XiCeg>#uTwwl<`p*zhnuT3aA=trj#OzZB?`29}L_*=jxFk7j!t+WPMBfyFvZ^RX
zxbrX#<E*7aku4P_WW(qg=eGf5Cny*Ma2lqhVbqNT%^V>mg7EkFlgLobh9si1ke~7h
zhWNsPI=V&8?1Yg4m0ClXnw5M3PVi@ED)2h4u=PdmFT#dm(tgC)zq&GN1bYA2c^n`~
ze$9hU0-Htz#)V*1(g}eMP?k`Au;J;2F%@U5g#E@Es#k_JXh2${qR`Xq><qM4O)Ik4
zppNo_@uf(hp)DmQ_FpMSxCy36RC<c`DHw2n;-c<}fLfYR>4_SZx`-gT@yK0!ZT^4s
z53euG$)3Xm*JnaFH442>?t1138A|C0XIjlnc%uHDZjI`(;?M4f07ROP7FbSKh0_rm
zij7R33JfKQR&X3FMTD@Wu(6UF0)wHt;%dW%W5E62&4C4tI9<w&Emp`PDx`ysl#MVJ
z=4IeRO;*sOXuyIOgImT0xrGr%iPGo#G`R3?Ewk}Il_&V7I0dgg_vtQY;#d|kwYhNe
z1j<p7H2)6Wz1e`oI_?W<0JZ`mS58FP&u(}10>3+;5_&7n2+4>}1>?|YMczI6EVPF@
z+nRxU0qioshdCpyL{ShuyUpFm4SGzT58h^jQU5&za<0FW1|oI{0DNb1hpJy7vc)Ez
zl;rG>1%wHxiMa*?(iqG*h1L*Ad_isy-iY|fS57AVy!Q`Y-#s+c+0zIlWw5<~--Q#l
zA)9^$u@{fCSAHNK2}(#}Np5nPF&z?|LipbjeF@`mIb-M?lQGXbAloxlC!#3!z*sO|
zLc$T2d(Q?MtQk&F*{HbA<n+lkqyfX}+MSHGc`^do(C*KNJ!S$QgHYO#VB=zipc*MB
z>3_d~44Y)hp#o-6ZR7`CDH$p$DLp~PCGlpNkDgR-ApN<D*fgWKx4;I46kB;L%AD||
z#U<cT0zfOEpmiqM*2%%4RO|v~ARa?zIW-46Z2j0=%utR1BzrdqBxDh1gVg4C8Vn_6
zBHAZ_-54p)1E=FCR+M~pFHJu}2nDVVV#6H0TQ??rG24ToqGy5jv@p3eX2mEu!p49>
zJPU>m3<@Q`N~O=kd9Y22!fs)A=}P?*L=U}v;ypr?+g?h@GwJ=CV?7M(Fllwt55YHf
z+a(D(*@wVCLje@Q>OdKmXAxK&jB9;0KN}n3Kg0lu37UChsP~`$`t3gO8{i#;!%&a@
z<y!|sKUT_<0RY@1$q3i*qzJ8ZsLT_g{~7zzW8th#la7PUqGcIiky$#px==3ElO}G&
z9KYqNPRTBX?n@E_qsL^c&{kvS$B6oo@8KZxN00yf9ROc(xrF%NrK=63y`w7hs9NuE
z;H*+ZfsmzVRkA**Dr*~n`cV$l0HdcgHS%;klJ{$JlNf!7O`?loVSdY0tgNV>WbPQ#
z?5HeN8-E{stIdh%;tFzqUO<C8do8EZW#`$_hPJKyzM_rBgwe;JA{mr7b}2tru}Q-~
zCutplj--WbXH@1g=bHjeW0iCK6$?9gDqNRQtmMz-mfu7jZ=NtSPCHwwuN~UivOZZ)
z#-?573Ftp~)hGLh+U~9}*gMdOfq#t}ce<LxwB`4VxTNo1%sh4B#yo|~s4HsZ(F22R
z6FNm*60V|7bh=Hy2BK44_EO@9+xhD@(RZn~m9@qjoOBhG>L)t%$MvZV7ulJUt}E({
zxbO?iYh53^-OW)NW1gS77rA>~FC?p7qjx9IQtpGrotit;?nXZkr151i6qnqID*{xi
zi~A#t=d`aTG;{?H{Fv!{8Nz3+HNj}cQ9H+!IavAQnUt6Gh$P2$-CVX!(y-i|wz^t$
zv(VA)_O2+$lrYXW*yWhqlsoN$$~CnitNT3qqoX`g4`_+M?k^mhXmcr4)s|EQ4rz@N
zk%*8SjcsALKTvGO?ak<1d*`_8vqo##=4C3~T>7xAcgf&zSvI^oDzkT$CC<Df&)O8G
z#f>LCs2QVwYsyjwkAB}LYyOt=;+k8Ls7}O@=y@xhC&uN{Az`ZD;$5+F9QMqT>U_Fc
zw7kw^(alv|TgE413b*NYH$FAS|1fG3$zp4Hy=I_*=TYVPaZLu?RdyQ>oc1pRb|i46
zdf4#l2h6JPDO^-qYHBGNE39_&%a{FixyRTWehWlBF(!RyS6H!d`XP2E+b`$$Pbxs)
znUY$M7e7ChHs_#ClK)%+l-NqExisz_>fg98PwJHV^Jz*SR9<6K4H8hL^2{TnAX79a
zQ}B{Dl$|5Jf9K{rc0^~X?6dUz;BfxAJ~o|}s%Mz@R48*%%dR+b36iCI&-WMW^6Q-n
zIQ30!=?>fGY2SDG4N`pbtm`SOE7t$q&Ek{%*!t$t<LqN4PPQz;D+|5o;a@!^7o(L5
zY~7t7$9?oDQL#HDZ3$wn7IEp3z0c&$F12up6pl6N%r>&)IyOtAeOywbG_EQ<KeIVb
z7MhLmI~i9A?SzkWq(y>C`Cl$*e8FIuYQ3^^9uNB$)2HwD#`-<zbY=sB@w;hm+b8p<
zUYVOWQn8X=pfzt?CfDEZOzIWv$d6Uf>Cs5rSYh1~TAyV4i}De_w0ZM;qF7wE$?ZbA
zg8+=lMC@7aW9Eg}<zxG4#r)+7*{b=Lp{S7V(JGI(Hc`vJj9L-|jE|N2<NII46%7Lk
zK-=dT996J3-X6=^PSuFC%hZ&-zb=|o%`aY2@Ui;V%thRf(u7_Ma`CU4`%?Iwc6W)k
zewaCVe0Q9nsNT-gwKG30x*^CM0va=fz{e)0G&3z`+W6A2O{@OOrJZJTsw2&YtxMF_
zF@Cm<*1<EQS-Ba-MFZ@6yygXh!TlXXAxG!`qL}9SZf;^R_ix)Blt~VlO3LqS>=I3c
zrT&Rq2&!$&a<LopDA+FG`1asr95%wD{-V|jQffv9Gd;H1KK9+q#VD*R-_GmXKHqS`
zW1L^qF4lZL%=I%zD_u*_HUA3pH~PjFL2DDm8#hkt&-45Utu58LVZ9&e%BA~tz-+`I
zcduvMI7Up=-;s|!pH6XQ(ez<UI=w;O7yiE}Fw!(|)9E<ZN7Z{XoW{nPux@ETErT3(
zm2KA8(v6SZ76z_MDkKT<Neq;aLOhf;HLwc#Px7kycpp8INt-HjuwGddRrnG+y_Qy4
z9MGT`LKo#~J)hZUFQ`#qNZgPZ50@#d=FLYW<|gKy1&+74jyh!RYKbBgY-!%GYl^*1
z-4<^u7{xB1lCoskS+QjQi<0d<?VGtj+K9T~HWoj#^fdJc&&Q^>w;u<|K}zo)zd%%!
zfYf!R_=F?YzD(yFIy-TRBFB4QWMZyIM6)no+}<_2en49Gtnb{<%76=U*T^1v7lrJ{
zy*^M;@4nm8Eosjm$YjgB7v<N1c|9U<hB(W-hgsTD^D;ft48Eh&5hnh;crVf7u;?(e
zi}3;T$sw^xS8Q;Ov%XcVTYCK9V_RC8+@sFqz5P4_{oCJVnX9As*&BU5xSV|Z82Fh5
zR-W*Pew5ih`Dm<8@W_AeXX??=N=V+5ULA9t3Et6n#xzVr65VwUjYo6xnFH~3>0CF~
zj~sNeWYPKhTE<`Qy|oh<=PM6SdM}paDL64-Vs5XQC&M(fw5d6gNolq)OC?HtzMuDm
zRi@|8kwdyQ%WU|4<{PL9*N8P`jpZ*HB@;SH=N%mU>mw|rLWDO~FFeB^Z*Q2|g8J59
zl$U0|uE&F{AgxjJmyUYedgpE&y5I!w(TDdMeK}&sIBL{McD>%aqVUwrN7#JN$G9+h
zVszHh;dF5?XB6`#H|o{44+;Dur=C@_IMnd+g>m<f+wam#V-DH4gEA~$T5eETdi11h
zUS$7c{~@V;MBpWEscmBIF>pAmQwEj4cNjzqIebhCCq8k{%rIebXXE3yxg;NEQ^$(K
zixL1#?CHF8b97R5F!TTI?bJY1@E?5O!~Y8($SIrLoST|FJb+552+^#_j5}!RQMt_W
z_S1~XfI2|$fHhbUvRv9jDfDclvJMhEji(`yTEINWv-6&NxN16@er%G&+B6%}aMeO=
zO5{~*n9zYHMG)qknFB}9ODbpnA2iT1mfqJKLAcAeh#zLMGKu20cuQpB3gM<xhz~%A
zUU=X=9>8poCJKts9@-cHgc8E)64*>-T#{K4MF}F&9ti8em2!{f74UWbT{D;T;#Cai
zg~KE2HB7xDf=FeT7%_>caS_zg#Wk@WMv*X?^JC&J+NU28__ZPkrBJN7b%q0e#ws|R
z%3vQy8t^lM8L)qd?8l`2S66hwJB@rTx$-q7E)XyBUyB@0eo25Y+dE4B=L)#mB*SSd
z5>D|h<i{DY&<g^eXn)lR1K?9n^k(hQBQ9H<u_z-1Z~%*|3Ao&Hc)<6?^p-=MqbGVt
z3VGf_C?o<$LKw&!92qc#_Ea@<V=w?%b?ca2iYAp5il~Y*l6@wu$46%-9cSnlMBi}3
ze9klyeDEz;MksKG@HLDt$THvKreG9#@hl6~1X?LpSXtyAV|@`@AL_+J$jVV?r!$A7
zGw6wtdR{?nrL?O?Orj4tolH=e=h*ss(v*s3mV}VILmmY92}>f#-4PY;B%{bltucOz
zYv6#r0oa90h$>L}Ju?w2#?y;3XzU4(heTdV3^-k=Pd1#;`+%jEvnU_tzmsUsMZO+P
z?^r!T<)$%qo?e9f>+JS}9VA8Xdr%;r27IqtL2Mur2^trOD1p~=3#S(!n^3v4jU7xu
zgyofd0U5)Eu_VSwl=5gOE_-6;AMmcgiLnNKp`#LD033;QVBmrIm))QQs@d8H9GriT
z<%t8Mwdw3ofdYjx56;&J%7&aO4=G7`OzK+yJ37Nn`N8j#JL5zkl801^0i%sKcxS{W
z@n0Vc6*<QrB4tj9LRek(74^yaJT_qb%vrD*mnfWzqFs`d!wtrVPL73-Cy5+xNcyew
z_8<V)u%j|U#Wkd?JQNY>aSSwM359=XK%9xbHUd%9!xVU`!n7&ru%6Y0X$0<t31{}A
z5e8<gHgNu+ygy`Ybne)9Bq(R77r0}faP$O0*AKa6m%Ql0EF+c8><LU#29r|=t9Q|;
zekXmxXyQzv?gP5{2;Quj>r~^Z%uC>=Ht%M>iiCX}1x%YWN9bOs2%??NZJ?_<k-uE-
zbL%Cqd~1=v4`nXoJy*pwWO}_1x1ryYs6r5htnXZ+V1!E%zmZB3@?r(Mm!L)vsVdkH
z3!xr4h^9q=@W^Z^cxUn6@o?|p*Re+eAU*k?rfIa51pveK2stFLmWFD?G)hw(>%pk#
zDeOGwiT5=7$uDz4H|Sb1oYDeH083s2wsO*-^dmwZkAo68a#eux4<iCzCj@<kqKdKx
z@90kuSG0*5bbL^9PqPuU_RZH7y*#mc+%Qy{Mo*81%^iM(+Oclz8*#>Phn3<ZWyIM$
z`|_hQH?XsyNrjIP6oS1zh@yC%*M8iBDPBhOMwDASidxAn+vaBat=rj;-p*yCJa2Gw
zbeI77;LZPnp#ux`Uu(@nhODF)Qe%9br|nupNj?HO+vv=y9ew-4q?=13C*CKfQC&bL
zcz#v@`jTgRDz?UY((wO$v^rOQbMOx!qCZk$1BF2T%AE}YIU#N}{V21m50=JUPKkz4
zYji!IM3}GSnz<{lX9mnw(_xwprmgXc5QKG3ta@~6EEf>*1%<z0{*23H)#UNEE{0?H
zwOWb?r-Awm<C67{`ReHW-}hGKjb`3hTFTFwDmoqnlHeC()*thdzQqWj9(+c!Svsp&
zPvO6lR>5qJ^)miEy%GBsB*za2U)-dVNz84pi%~8QOZOsP?{-O13eVc3%{o-W9Z3IZ
zvS2=!Tc-Z_SBob(l?SXiY|!+tDz9n0%9tl;E`NXUeqU`_eB~*wTe_3a3!g2l;xGEI
z+4a2KaGi(zdABCr!-o$aINhrYE6iBDtZ#g0w6W4hf$aH|Kp>tI2VP2!?$XUH|I810
zUr{oW4xt`3Lr1Eu+9bJosbvqwT8Q3>(tMUpT3z6-KUA|5xTEiU`)wc9v$4^~VY_1c
zO+Sq9X;>-#p_<$}O<I<!j&qG=p=itCPEP#A{F)}O?^eHj=1XM-t)=d<<~qfmYij(4
zB@qSvPJ$ir8q?ev!J1B%kwHa%wUWdxk$hBHpQ88FK94z%*sra!v$7hsM$`71>I>#^
zKV9sHa#yE(rPrNU#?_s;*O{Yl37(};7dNHFQxd<bc2UP0ync|ob~o`E_scOGS$op;
zQb&CbU|P`;@VPq-&J{`iT6p-AN9Bgb9EguTmb?oMZmqta1W9{!-_`MGhx=l^qVo1h
zzip})ipUNul<VWR^)#EZ;&CN3pY|kvSDN_oN%Yk~x0bdRR)bhmn`8DYY4?*|40OPV
zT8u?lQtZ?(4Ak!VL=T)%U*+LUQ69N);Tv;_R&hd?125<*$K%*7RyIc4m`wJbe!+}N
z=wTSv99bIS@i3FS_A;X5zJ%j7@ylU-htq}YrF~Cl!@qGJJ@%dd5_6%mC^$eM3P0*z
zjkCRnEsy5cH#ft!9(jLN;EgRbXQ@{5vy-O(Qt=m+<UjauUv*I+BSV!uT%p@;9nKd^
zL82@=1;43%rFaEKbK1;*=~v;lg`Z&W0)%T~L+7%o0sb($qLcn;0%BhTIr^eLL$GV_
z6uj-4_*k<z$<iY^*YfJ04hAzVI{#;xKiQrJ_lRdwH7Tpi$hsctW{$YmgyzqcA7g4N
z4X~i4#d__$`0BqG@78a0+8*b8edRp!+KR5nuG#Tc%a|Pg#IAxHzpUY(;_35;pG{fV
zs&5$jx`)vJ!I@g=O7V$I`!t|d)>;@iA3hf{0hdu-?%V=Vgz?|c^P%z_C9UXdXq%Ll
zFXRL|QB#6`j^*mnBNizZgV$Q7t~pg${<(VkvHE8X)s&BCCpvblb?ctKr%U3(p}T!!
zuu9E4`x`$aD=YJ^FH&7v=7}0xJD-2MG{|O+x|!0GYV(srj|hFB?vVh^K+(0}Pi$2Z
z4OE#fWi2B&y#vad?H!y+W-<Sw22Sn6s+SJ0NK@UsIa|!OOpA?jr{|cLQ+o64QjPwG
zz^TMI-Kc54cgfd7!+;rYYYfBtTorsCZ;dYVn)Bz|=a{#JUCYM6zTX;u)y-EUb6R4q
zwBI~G_<RVC#CMNZRvuA00~{nQX`kJA*R_~sn#3Nz?W7Jqjk>Rx*-qjXV?U|wv%U%m
z+)=e!#3owPt8;ir`NHWLglUPV^R&i|MpT;gdZ!bY+)r=648l+D)F`yM`z+X$O!C*~
z+E9E!YhGvak9E(UGEU`5iEPoyc;~)jiozV^&JNF^xLJL)VL7-#I_J6=oH21~dSu_X
zHZ4i^vXhztci!<J<o6DrBH`d~!I9m#o!1_72_;SoE5Y(Tsb!_bMZGLD!A|Sx0gtMt
z<k@n{lRGeGvNQ7LKAGH^_&K~`8FEca;^5NCwnO7*qDhBv8<)e~9nC{CeS_{BqHR78
z_}ipdK0>I(F1bnkWAah$a2AWb{pOV-%^yT<INr7rftL)Z8rG6bqL<8NLJV(zYM;OQ
zlXy5VcydBNDayU1v2SOMWu}*=%xIkqm5X9i=VzBB3*sDc-ziy{Kl0Fc8zY)cnVF(t
zVJ@y*75d2Yg1^eW?qTseS(+xKiACQUrTxuvdwpJ<6737rNex$YE30fxS5{VTP0>?(
zW{9m%$~A<f+YTP4g|*oQ5nNHg8h(G^tXanqWS89<H}!6<%41fGf6jdJSJ07TanB2F
zfi|+Za&9Ypx_v{7hLQ4A^G%<blV3bX0dwX*>U{H}dpI=n)MhY3$$uSESuSWgY{ePt
z7d!JEHDevf8&GC;Ih^~lDAyXbH2cNb1;T?B&Gz@&EsC$$U3mQpzZTmv-Ebu>32)+s
z=Qlo1Uc2d%nW)<=pBMDa>C0RPbp4;u`&zPLkCPlfQQOU1O&feEBS05S`+p0TSfjM0
zM_to?)8f&p%JH@pDm?$YRk~t(`gRJeOnG*X#pl)M3+~iaK}u~6NvVZ)rY)0Nq-Mqq
zt2T60S<MxC@tbxFY#jy6AFBcj376`$R(xAyiHFK$k1aA)DqTXnb&LCxWb>T{;1#DL
zKiA7#N%32TS4~U4BcF#2i|7o3%!Y-@$9Z9Jf!H^m)R-8ZE9j?G-d3560o|R*9scYz
zz3KOO7Am9$d^T@flo>F@6{Sv$VY3t3A!o-U97a_e<KfF+2~l9f1m!IOXtw9YVJr%U
z2iYLf11s;y87l$cYB4s6A3aHl0~~(21h8eoDbE!+P!8T*y$)d`fdnI--yJhBDuQ>`
zPCo`gmB$>YQW#PEqQvqVk9^`}u-E=gAO3gg+ve;f!}uKP`)32Gu_&Yz(5e(psD~^m
zBCgZmIvm@qN%rBF^5iL$U<BC15!%~379ThPlryweU>(4Wswbs@0i=cCkiN>!g@Y1>
zgD^ziA~(110b@WE5iJl><BZQNToO80CJ@QKPr*p6*OR0FKfgS?0S){XNE|D$6+qvB
z%8-C9M-)@Je$Sa5Q?yUm4|j#3T3Ej%41$MIXGIoV1ttVX%{*q8PR-WRE6iksAp(en
z$O8Lh&juQ#9fUmKbaG%GF)kQObFwH@sPPc|r#Sv9r00?`Lyf<J;xRhUg`J1aCPZBo
zJ-a_BnIsoj17o@72WR9pM&uJ@P*)q^HeR^&BJx)*HYi~v|LXO-0-8lCY$utVlF>8r
z(-2}V^-45qpwx7L22Dl?j~jq8DZ?*iX0`5#lT&MiGC9l$MHX1gCSxP7LdmBgSTcu=
zSB(00WZ(#d&RNw3g9LOAQbPJ5^bmbY?%IO^>LQ3Mo$xD!%NT!ou_3^4)PEwWML`0M
zid1g8!VdBWN$sHnf$v}z$bmw1R8Lf64=l5SJCmX0B|M$ba0Gps_`G0VB{;qVYYhIF
zFtUrl10WDp4}$Wo1jv%8^%A(-CAl%OtYj?6sYPaHqDN5fL|?4nk<&7<Xn^u3hzRE5
zuCB9|*|#JUq)DcL89<c>y&EAqJJ1X+D02on$4mox#D+wJcLU3;{GxXnhI$~F=IH<*
zGvg0>fZY?I$NOw2t$qg$VYMo-U1I3_ddm+3z{xSfs6yWT(p!pecfqRcQv{BH7^srZ
z-N~0Dp~sW4CJ-6<)&1r`kasa+f|?1Gm<dFVXg3acUID8I+Bp@JAHh8noE7Mc!?yt6
z4epN~wA<*3n6bOs9)d?u36Mf?%U2LJ3AQH#9VKHMyp7K|Zpm2PQXt)tRN**mkh*mv
zdH|cA5VigN`3E`oWEb%GgqnXaCr(7>e7%c=6VLd|V$j^7hdtDP0Bc2XY<g9|>`|p?
zztzgYOxcjmIz~C~dCnmahY(gs10FOd&&7J8xX2+RXT^vJ9Q-KTG04GnzZN1Blcfoa
zhu<(lVcOb)$ief9JkEJN09<GI%is<MlMxB}esd;kOJ(wT+aZTE#ptxm0vuU3(nc0Z
z@TT^T5ICLJhes%wvx29ae1S>y_QU&xz;iIdh^(M5MPQA0wuMm07!+t3nA3%X?d9uI
zgo)KS$OrC7lM3B~ty!V;N^}J>M+@7t+VxHVI{P@`+V0*#OnkSK07qJ%JaHGczMb-I
z6&sK5#J&{#XB|b55HXps=IDM%=Q7r6DDSmIZ(MsK?o93Yswi}>qJB5`<p03evIhnK
zm&kVgKO$RGwyg4}<T53My2jGNQad?s`A6_ngfxc#i^ta>`_+JT;+aqtuZPdH9KA<R
z>0`YPvjzX`I^-tL&}P!E=;UK+T<$+L<hKlb9zMx-l%|)xYI^VVkXP$+g<pwBMB7hQ
z`F(9S{^iwuwg#N0AvW%j&S6*Ewb79xi;bIdajS=32VdNpM#&o!>Q>9Mb~y5k(_pxV
zH7Sfh-QaSZ^!OdYawEq(nj+h1l8IzjSNBr25elv!*9!H_HVUH&;&T)K?0(w6v;S>>
zdC!*QZpK0C`8jeIDi4=|(w>qvsfW9+*wF)ejzo_xUf~I(+T74F(b}GsHlO~BdRXlE
zv2Nznpm{)+v#XO?OMcJpGBwV*wwe&-rri|<4U^5~rTLMOuNJqc_>^a?byYn!iC88I
z&Gj~GhANr4d4+{I^?j5(X=}N&NO>=F*Fv?MP)zZCK5^mO*A#g8t$za5WzvmD*t;#h
z90;!LK9H7GWT*_E)978>9?`-4a-ZFEQeK=&&dB%Zx!%BFx9~jceXY>kv_pcyP2!Bn
zPKwg_mow7axqb&<pSKh2lB_KX6P8W?oR(ITBz1bS@iv_-(7>5mP%%VA+F9f9aCG~)
z%dRFcNLsts(jK2?>$~(7L%jszoXx@C9Zp#Vb0IP+N%FmUq$BdXj(p7r>x(d_DAF+a
zU_#dR866kr`rLja^?{8GsaqgpT3UAYxMrNQ7+tB@Hc5#7>#qU_`6N8~@(G$9t=nsV
z;_j)G9K9_LpZPveG(1+hJ$<rjOYoHfC*ECuNoHVTf&%Z`NON4%z11h1^8~M}sI>aF
zwFQzs4QmWDH9qg5O$mu$kLV9^pCMA#Qc2SCl`H#;Qpcm#&E^)&K4Fv{iPLN~Jrx{m
zGM&~gr>iMSocuQMj&$y6^-&<DI^P}f3}y@7vXF1g0)d4-{z8#Ntyl2m2Wws~7Y7M`
zR~%!!_EaWOn%?}~7W*l2yJYg`UOsW#42iF!?V(j6*k4YcmuB=aZRN49A3B)!`Q}<~
z^L755xL?uDGE*5%a&I9%O3mRwB}Df(Wz-Dm&zh{2asm6@1_At5;;HM4%oFa^PO2Mb
z1?VEqCj1W;jhW;H^A8IW(t@VLQtg=*r9Sif<>!96ujr_A=o0p{D#r}W?E;yv|03^5
z?ET-*=#dG{s`q)n9&NSM6NuZGE+wHB&tYaPjf#kyyiTXKl9)YxS#3BK9BHvT%sRoY
zUn)}SH{(2W@Uk}ev&X6~w&bgLt#Qsii<vB{rr51bWmRSdK_AlMkFh1J{flb-#HKnd
zoLd4cQ@7=d3RsSVln-`u=HFMVl|@gfI^sv&e5g88`SIEpi%3gy%c|-tVY4TFi|xDU
zKP4+!eEhFogjmcFCR>nwe$Z!6AzZ*+&N-@HGkR1aHgfyVjboV%(+7-H=$l2NP>#2J
z?@pAG=9j-?&ObukGkQ1ZdW0uAIm*2%@|198lQMnE_>TN;?PHtIyQB4jhgXl8$wZtt
z(B{fAeg?zm3q!2L#Aklkl{f1gZL_voHg&qV2e!YHud3=B84+dVobD-!H=`Kp8$1j&
z#`xS@6dmC1c*+=(y|+V@X8*FdTQ7KzwN%n3)9ShE8=+sg4T;ISpY{lr)b}4fELrj;
zi?8`fKxj`llWuc_t{IY6pV%MFJc!j^A84qiv2dTX`AjKuMaZ(UD$sB@KjC>eg9cqV
z*~31ISQVjMcke&qmGhM!svqCA;7gz+o+=e<KCm%3jObuiHD4`d)-)KlC%?8{8KvU&
zp+n#$-`+2E9a6<Ww|I(?1J<zkUW?Uoqk)gCJdGXU)PHc^dGoqNTS!pYe$BeOw$p0b
z8YFbL*jY+P+Mk>~=MYGq`#D?$AI$d%HMIq9e|=N-ZRVu-n0c+Q@A*Z#-Y4UowF7$h
z=WxS*1~_5z#V36q6fM<Y;W(|X%j2T9h|3;bE^gA34%@T4>sW!|KSKv@Ia7&Ulietz
zPn5~WwMd4r5L*6yDye)O*$0v@dUJ`ux+r{%@lxkO<;l@ZslcV+4{0X_Pvbfh=<Z_K
zsQOKbo54L;n+zoG_3!O$U*CEl`lgmbw?uEkr2KKN-nmDINiKXV2{ib{FPd{FKi?bf
zjK;@|U1Z_75MIx5x%BAni|eJG&z-neI@7N<7_-#(=?mZf9_k~$L;UsYTC9{;(Vk7Y
zCEdPzF8AcfV@{g`$IF?T<c-Ex+3WV>e`B0TW;i8yJ3U`(9Jjpdz0Ad;&#bk0c>dJs
z$L{ego{gALv%qmuM;V{|+ux<%@TayKd*?N{53*$W(W7O1x>mQ1Gv}=j|5v1B%}Jog
z&pjnGq1$>uC0wDZ{lA&B#?W#exwn|%Hzd=Q#C4vie<0hIIxE^NArdCmWj@C+TX*Ss
zk2Rz8>na>EZpb=dZr^bYnA(-a85QqCH&|@lkG8_w;w8}j5>M_jSn$@KLMk}p(0tLR
zV?Zm_7m+Mf>}%*G>m^MuVs-0KJh9%9*G)`D7Htgh1EsTUq(g?~GmAyYHdgf(g$~M-
z1LsB@u7y7WC&QBfj|>Sj!5Or@#U}$3v<$El;^aZzpbQ9+8V70~5UwBOz_3X^2LT$`
zseI&?ZIz1jLjXa$2tP0)Uj(>c9|+1B&O$C@L)->J-I9ehjHoK%MdW}vtK>sl!*(SM
z_*CnRjtg0-7hR`Au~Yy~z;86<Y6}sAKGa(3QJ>j<2DI8&_YsI2V*WJoFI`R?gG0{Q
z0|UBO0oF~%V5c7A&sV}0crMWXh?5iERyc>0ursp(_N(jz>l%F{u6t-yiwot?4?+-H
zBMc-*#7qYdm4*T8tn&gRHP|(@SI8AGUymWUwdwFgcY{vgse!$bW&kX%%<Rq<@OI!h
z5BW64i}gR4KzE>C7s@dMl>mv330Xm>$6Jn?ttlC3Zbo#ZLZC#(1PfCU`^1pC>)cib
zayG}nL-1|T|Cy8Jy;Z?)bOj$*qD6g4=pyubkpCttM9dfR02B_$4ley3PeeeRH!#A$
z*(ZGM2mPJ|&y$B}lpYst9@km>=js>-3gz<)WQtUaINbc#76S^52q~q?IU}Zv|0ENS
zay@Q+D#W&WF0Ke+C^0~Yi^0swnK0dkz2xgd4}EyOOA>JT*!Vb5=znTRLYX{Rlq($t
zrV@eNc`mHbY_Ox0Fl`tk4GDjXSUDwQd5Q93fLeg3nbCDF3_hQ6>h)AM4nfl_;GqAh
ztw;n?=1GQB`qLRMw!qdUs1e!p|2i`8P&~>N@ZfM>MKLNdGS-K<8$0+MWq4k_PgsH5
z1h$Ey<UhDs{Sl?HgZDl(=PepzwUf6pVudM?PXdP}({h(2{aZO8Ere$6=VNfjAEq&g
za(a@h1OPpNx3?U#PXSYyHk}vv049k(p(&I*p2#BQe@V)&UJN!-!nK8(d*B=<pT|S8
zmWrkFVrfIbdw@zjyl+V@fHEL+0Z<ui#*VP?0#qiD@5mi10`CkZJ0D}UUSfuws$_=t
z)D1mSEOjM?6)+`b06OE|X^@3=86#Bv&ROcM5zMAD4+hK}&m9w_n<ia-sG#U;0z*L{
z`~%^Mfp(|(yf+`}#S<VCCWq&WTo_2&Dlbf95(Qi88V{IT__&G0N<=fv@Ja?iRc;mw
zAywcgAU+xP!*yOj`$f|BKo$^58$xwQ;auHBMsLyvsX2;awx>?xs%?_gBO7RY$q7&P
z#K~JmSwpjm9*q$ZAO-Ud`)E|KD~>1$+8#_3Amn+9@%su(A>|y^=7sbtFf@a~{W9}<
ziJsy<c4Znu{6ne2ekpY;7y8<hUrL1|oB@DXI}kk+K%7B8L(jDf;UE#WyM6aNF+msU
z+6rNk<9>V#pTr?HBeei}$Mbr)ar;*Og^SQ8>anqvK>^`Aes3oQ8`h)XnW2>b@$<6I
z<l7k_4@|)ywk=>WrPotrvq2^3V~nYba+yoK0wyC2#<m2<_uRPSc@tS&dh5UR0|SPf
zU_&<a;?2tG$g+nT@*mpo5uMpO&gja^J+Yv8=#w*0lKiGI0~XIpHg%HtI<C?Atv`Pd
zT-pyiw)xWEZ&>U8N&Ge<rWgKLn0YWeU&hqE-Dbo7AXd4YGtKeK+x(R21WxIvZ$5oe
z3B6dqFz^{Ie?SZgl$FnUA7Cex>IbQv0y;4NGR3TGz)!>i`i}wUl5g>8VG<d=8I2k(
zKZtX`D!8eji?3pNa#3B@*=}=GOZH;xNUb*ZCaaPlZBkag?l;3zrpwd3v@jU@sMLL^
z&?#%QoK1H$d#?jeP&i=yTW7SF_NeY)+qaL^P5Jg0b2s|xHqbSq?v{`B>jgtxa;Ym`
z$35<gO8oY6)Lc;8_mA^wl%sU-u$^%(2ZQQNz$2RHPOuwjH(yE<e(C<RD@TT})orNW
zzkWT)?_R2yv9KXIa>DPZlkjFX`rY9+yImg5bc^I&R=%n#Z0**>ERS)%z$3>Tb`9aw
zQLUP4_B4WN8`=nNS}!(Ng5&Ig!>HQS?3(m8EV3%&%c2!q4SntupYoFgvMn73VwU#a
z8J9bAQ8~N47Vw?OX0nzPX{WELPEy#9>+{n#j@^r6a(>V}``Lqzpaxqed!7H2=`C}L
zPa2whohIMkr`>+4JHURCxHIK=scfK3ZSdaj`r9@2N)dPELsP!+c=y|Oh)cavTeUE_
zs`b_K>a^<5Zmy#xFcM0bXwp-o3d)iOcP&H5%S3W@uF>&me|tYDV4gNi=4PE#br_KM
zsnOc>qX`x|n3$MR_a1-XB|T!!hkTCY${V-JHQ(<(xX{N%5H^26eg9Z^8Grw+!Lr6`
ztoCX&r(#yQ{}7MlHg>1tDzBc3YBsTO_EN9BAZurrwQS85GTcXQ0v_x%IG-DSj^%_r
zV)~hCcv<L6ke{GI=+sPy4C_hn+LDI4bgHC2#g2yS`{q&BnEO~<JJbsyB4SZFL&6Sa
zT~7|Iwb&#npK>MX2gj3c_oM3^xtaM99a}y6;aHNClB(2W^~l(g`tI*G+|Tr(xk7iv
zlesy<GKeZSU&OGq8Pi21B{x&`<c~Ca7?|fyj`N~DopIL2ivvTRsq%3dZ8y9+7_B*f
zE5y8UUeL>1bA73vrSz!m*#Gq9-8~x<Qi}Lmn@f#J4F1KHKW(fJNDI)J3OyG##;c1B
z#O;3-QGIbw4peKKm7jipt31Tap)AdO5j7%*KhJ!li!;V<Pved5;=U2lu;xROsmNeF
zTv3U%<1)+k+lKqWtn%Ln2m6+5NsIc=%|9l4LG7^Up?Emh_7`<^$FTR6`0bv?cdnfi
z*%VwJSC0>lLCoM4YnV935_L~rdF|!ho4HFgPj$`iMrAi^UfAV!!&~9}sS)MW&<clL
zXOo{fE9<TO*Jhk5_WCLDVfv=T=EDD(ygB=Sb@kszV%nPD-_f;xxh%T<p7L$o8~0bI
zL_~M8>)UroWvgh11StNPQy2Eyb-mV5xLv{DOv`dgH0tE#%)zfiLE6P6a`^(vu7g`p
zNHCAL;rEX;qis{=f)3#)>Vm$@9#IN~FCW(q+=~~xElK;XKkeD*kYS#a#+HU=`}iS+
zo83}oo3DaF&6o0$&%u%d1A+`!D<{1qAMWHa-qV%c^p<@{b2;=uwRNfIGJnWc?g`7w
z2&q2W(usR)1yRdQ_|)z``Nll&v_{HeT;4q}w4?Eu-qju#-r-2#a!6R6$SI3aBM+;*
zVpV_Rx}Ta_c_Qn<Jk_B^J$83aOwS8*`tNs0w0?4-@xIQG{G#f_Dt{cx^UhD^jaZ#w
z&Fj-YA<6W81$hda7O~yZc*&VAEh*ZKkG@)Y5NHm{N2&M@AJ-N1`B}CcM*Q&_m{>o#
z6}_fc8+@CpnmAZKWv#=61Z{exO=6y>cTL*HQJ#ip#^~r1o{M9;ro^#uYQ2@AN=-S<
z&3jhl4xK6cxswER&3W>*T#t!Wn!YljFo_b>2@}-HhchQP22&Jk!)m_|B$7p&z73dP
zpTM&Gg-3DnhbW!0PT%;lv0CR{wx68o6PO9ZvopO*PjAHKp&2s+uUk8uKDx?%k=wHK
zwWQ(HN>y~o+68m{P|pk<lG=BDeaew324XxlCxQjSB}v~qqDm?(*HfP6&qfbijD{B8
zs{<-$|7FQzllJi+HAO7#y>36Z*493v)-0cOmDdSBDW{|fk<nePGJ17nBpj5G#?;~Z
zE7+^V&h+RKdbcXNpM|!xg|>1setRpT!&bX1TekTpi!MMc`eU*q0>i6@x&tfxZ~4ny
zD>{gv7~U!#_g{u@Qlu}<Zx;nk`QLjkDe;DV!FGpucY!Wq-ITvn7SPc}=E83rucW9w
z9J=1g{hX(qD3zllDO2*wWot|9$STeo&4C0%E{WV6C5AT&>@8!Cxjx{c={BE^kF;J`
zov``(IQ$KrxrNiA!?`%V*x-|gnm@1c&uTI0o!4Pwcf&Ydmgc?e$}6G&|8eym@Kpbe
z8~2e_goetd$R3fs4$02mE6K<qdlN?q*(+p|ak8^F$=;i?vW4vJaC$yp-S_=}p6B)Y
z`PJ(Pr_*tKug`T|?~5|UEX_;kG_-G&yTkVJ3BmW#hc%-`yw#kKsY-kIKAn**cD5s7
zN=ovA?VDDcRe2lx=N)%k4H|}W_MDT<p0u-c#g=pkzC>nomN?qJVMB6RR8NY({YKke
zKwn=Q+ohM>${4&R$An8jBc4pqoe;DGd+BqYm4-gCX8Fmocc`*6SmBj_Y#bEz|Khb7
zfdiZfE@Cjc-3q8|dHVmSzyj0$fFPhlm0LV}VU=J%nGTM=Isl_X#I{$ZhsfMPcN7MG
zV0U&x+h_fm9<Q2m;085V2o3yMpT_C}-w=4k;6<=K6-m($${{zJt8Ncsj8qj57D+#$
zR-PS`a`o0(O7)8&np_%VC(VRJax>f?DiI4m%4js77Ey(XYfpMo;CKG`V~O6_Vus#e
z=&(PQCVn6t7f;<r*g0tlvrBLzxN)d4>n|vx1Voqw7L<)+mL}@F&T?Zu*LM=aM?u**
zU#d$17E=TgEE=QNZ9!h`cn(W~$bxANIsjIK-W0IJa5>vSs|bQ0)KP?mtw|8pAH#+|
zipj9l84QPlt9REiF^b3x(n(dh-<Gf?&tTORAif^Us2+jspXPOt`x#aHN)sjru0|y|
z$Nr4IJ}`mSNcIN4WcG-E29X%}i>>bwk#2oJhk5vXdzo<grI~RKNMRpAB{UTrcRPAQ
zGo~PA1vbOPFzaAXuuWL1|KF)QyZ{Nn+Tt4kl!dD5^#!GwwP|p%ra1?7oE-e321gJZ
z`<&pf2HV{)0&K9$VITn3#<~OSASup~O(h7(4W>6E5zyg12%2RWfWcBKs$e9s7!f@e
zWuU?<P~N%pZqxt}&IG`?OJkvePn1I8&sudrA(kNMnRaB!YqQj5QwGXt5T^O48>0#6
z3s`i!fQ^umjx&D|#``Yk-Br;MKah)q;o+F%lFO}rf%0wA1g+jIFt(dpED8b3NLGRX
za^vo#P9OmtQNt;b=QKp*L?CDfF4A!oM*NO!rRf|6MT6DT_nKm1xFW^8gL0y(*EE#7
zo1POrx*o963@+#ItAlVNu!gX2Dt~WMCL$v`b{GE$@^XVPz;l)YUr6dmG?)Op8`y*a
z=z0nSj!R}Fq8a@Nq>)~VwQ&Ng#*!sfb3_Qwm-L<RAX%`zPhTIUByhlJ+0cOc#|$)G
zMknCy`9=+=fax&i?^Vh~kOj7o(!u*5?`N9;s3x!Bc>@&QJJ5%Doc&LSbwW(RK^W~s
zB7eR!&{IH=16M)TO2OWd#j$YorSA=)?LN+%4PThOs7B=I3t=n}oh{?TZ^TqH`a7^M
zfk8QUF)uR)hNcK^Zp-0L0w<GMwt@d6H#Ni|=cZl*_Kf8z*sG-kzjo97$b6O2$D2!?
z3)}Ps+;=k9oMGsE;8r|vnKoCe`^crh7rpJJzKx$Z1gSG-1gz=)QRWLViX@<ufXS7q
z{v!M{Fh@}yflWZ?8%E7S;0168h+vFI*|Q?SPu_ch^;2jLC)2`{!kiQaRg)mNJak8a
z=aW`WTZ_oLIjRbSZaYPPho10ORWo3)6KG6)Fq#7lG0`vdY^Tr@7>^!0gTRly&eIh8
zzbxZrn~EwBe?#gzAAjn(FK}NVJcTeHPim7x7*J?$yq&-r?!^yGISi;Ad1)aTB^cL?
ziqkWc5FoVy{RML*Spa78(n|8`iL8}XSi3KkU(Iip0yhe$)Ry!NSs=4u{G2NKmbhUo
z4--E|W?~n@u7j`}Y*K)x9K_}1dn#bCdqTVgPT$s~AdN*Svv>k(L?BET{CJ<{qwhT{
zZQGXgbR32<NT@}$zun_h(NKbwsbWVWZ~kWa?^k|GE(D^c=pX>DD{w@p0=@Wx%{~M1
z5xhUzmv$J86{KE3lJgSoN6TaSpI(~!J6Q$DdF$i)<emEwqzdgo?C}Z0K7RtRI|x)1
zpzT})Va!PImD^o&>M(YLw+f`hx<l1mgr_6+x`WsuM^prsVDVOKqbrM3r2@uz`RAeI
zo*b;?|1W_~$}r-?c2ilsw7JXjX{zDV&6&_WS^cGUd6~qRpL{@+>BL4^1L#y#l_J=H
z2g&^9av;aR@gk68eB;U$3yRmmnqroh9hzJ{(<Jp0na)GCk(X#Xhg>ZM5h3Ir(=!b<
z#1ZJ3zWOdDe!r2XqzNocyKgeqr#)>5Q!G$fmXqD_H+^SS^*+rmhzn~AWTG>QPsWn)
zq6MFJ|M@&_ojylHLQa0JWFyo6Q3HgWc%K&c_H0-qP3(hg$lc8wUPa#GUQTvBS6SA6
z%KsNO8Ew>acj}Xytuqr5IX;5EiOO5r#ERo#c`eaWX>>^*d)ARC4HElIN9x6h(tQDm
zYo@UaIvuy#Wn>S|8#eM{LSp<Yt@qBaFD2^GhnSU3rIaXVR5f!i2fM+}iq~0kh2QK=
z_Rl`)3evPUvG-s=Iv>-1$UE9J0hql^dB@0m@qM~xJ}=L1Zfu7WaU4wACi&PY4Mg#^
znh~Yfc3z$TaKvXg9yX=eSciO${8U&N#2Ed<iqM>yzci+C*aglqU~-|8@x{e}Y|F%8
zjk?fw^Q?~`P96UZvBOz#oXDn#TIt?Gv`{a-*Hd~SI#*SD*@J@n3-h?G#l)$ko#?Dz
zk8dD}eaE$|)D?eO4V<k_EoquE9`J5eR3CT*MK4WvG045~f5!Y$=yj^^VVl|WHSM!#
zBm&IzymS)^pIfv(rmXdGu8oVh$m#i_XIK#C5`RPC#|tlCuf^fKHGAb4Lxhffy|v?e
zW*7QfSh4Vt-6DmU<kc?0SuVQ~<Hx#Lu_L2p*$DmEiY|GZ_mwdboHnH_xGD|<YUAlK
zGJZ<6reB^v_$<&vD(f6B;ti*0BUnCSEqT2N(|N(GyH(6l%(Zm$^Avp-`TVCZ%>(Ik
z+M1v9+K0ktW)sh&)NMI8Lw8-K9@b9Aueja%L;KCwS$sJN?yoy!Q=f8ce1a_Q?8)XP
z*~Zy*<hT43HLeeDq+*g4PT_y(fX!i~big@sdK3Q9Tq3*nD#t|b5r+|P*1Be_HKG*L
zRM@*z^YXLBhJgLlno|K8g6rY^ENVmSebbBNIg*Tm2Ib)uF(&01oFw&Iy=dioPG;9H
z;3>9Z%l`FY-lX^Es;&r{IUIlZ9ThQJVZIhGFyR^7w%MX!(`q|{osxCKKHb|vZ(Kor
z+0L8ycU9A@rfqEd^mLg#ans9IIe*gx%9PN1*y~sC*tI>9@-lr@@IC#SuRMOEAm*vI
zMMSA?arsfC%(2{Ox(mX9PMo8{lxxu-vs1luvHm(*tewa69mzgkEYs%8Im`s+V^go=
zu@Txwwj1+!ctU<xdirM352N}Y-+p5|y*&`3^?#vL{zi3Bbd$#59jLE+B}dIT1<+3H
z6yGa0#y6N8R@y4}L2<|dPYcL6wf~0ku%0LEB-x!m8`#Bc@2%ALH{70wpTFnhI$KKX
zouDznY;tYnX48hz01CvCyNJTgzp(s8S226!*<pO%;-5){Jq}Di3H9UZt#c>+s-<Gz
z*Ah#QL(`O%%+_&=Lb9L2$4W(FFheg%_KN9mg3zZcJY$SxEUrSNP<i}Ny)TtboT%FG
zz4;&ab#Etq7B81P*3-%j>Q1WcR`Ot#jCM^7pT1Y0ic<Bv5vBJ@s_7k-Vhe`h2Jm_9
zs<>74R3o9YG|m%H%Xs4y(O(gEnp)iFd<s8#Nz)@)b&u`n$MY5Z5x%QC`P`?UBR#pd
z#5S_L<SK|5rc@~Mgcq+m;%8{Atr^bLf0u7{JsTVAc9SjRiRj=P*Zcl;ikTokRZh2?
z1if0}I<NCM_E2Ty0PyI{H56%_r6&UUgy<5v8D8_(($=ve)4D6SIV%X4?@jU+^VO&_
zRJ|Z;|Aut_3sabxD0pqhPBz>5_5HHBm?r3iWIJH-aS<B^&A-@z%imrJm)tgVLG)ao
z<~*gf8Ok!tV>{%US@%q|blsO}zjjwA+$PGOF8StE_@RMh_|b+o`e~5J*RZ3`xn%y4
zaBGF0*0{ZA6pFbv&1CN8cu(On>rI6`XV*9x^<JM#Q!>Bkj_#>KU}X1l5%PJ#hU1lq
z&Zii^$@Oub#tzdQ>a+LXSLU26-<E<O`iQ3Vd<`Xm54>67IFb%F_u&?yFGvNO)i(7@
z-F+t1o>te!G1Qu(+biw6F-tUoYtO1jP$NI2v-`}gvgUgCvDthW?8W?Pb&@r-kBx19
z9UkKg`{XE<l<yo2)z5QsRS|Uy>Ea{vP4_;p%C=`axp{C--N3wv7wsmY<I2To)jKOH
zCfxNHCNHXt?xXY%nyQo#x?oM|kIl8J#AEyNAb5ePuSQ!n6qV;oVq1e^7yanrVOymL
z$S%cn8afT#pcd$4?O`#_(`ASM)6_XgcN2C*-(ZaxY<@VMIRA3Pfzrc)M$R7Pe)a}M
zt3Oa*Ru-XDmWo;I<DdK1W$R`~w{&Hunoql@wX7rezPWVSYuP2Nz0YW`J&&wBW~~OD
zhD0O3xZPu=DR1=!Js%e$$~7O457&u)(nlz>ru-?9pDU#c=?Yvj53T%TAu|B?H~4C9
z^zxM9gDjOb^+(0zbClru*|_)QpPd+{W7ELDFc~o$7Ww9xU-Gx2o2Jdz{|}#iU(1Vx
zgpJu;;MSF^bLR`W|F3u1G%fbDG#&0UVFK8~X(<mPFq5yLjiIq!zVf@rXR<NZ9aiRE
zy?mQ0?IHzEw`+>;{I`fiJ7%37G2D>H!aByWd`cB_@{$K!e2un@rzXFv7`Gtoj^$-(
zc`+i{j1t7$pN+(yMp}V<A2kuwOd{Op907~yZo~%y7NlG*yj(cB+Y;DsS^&8LRh|B(
z&~I?)m~zq=M=Zh<2o98BbLY0?X}nk)3?Gt!-HudLp2Lrt!JwxH5Lo77LbxCxgar`5
zpvaD|?+id>5ZVC-NY5vl8(kSbnlsa&0n;`x9OH1v3oekB&JqP^H2@I+5WTWzL5&3a
zIDDNMTn<B3gh>=+DNKS(S>NlI!M|+Cofxx(?UTHr5MWs^Hz9cg(pi3T*h`=ppZ_zr
zPS-Un2m1(F&iun$8Y*)PILM4`LGAayFyN5YY_@?LFJl1Nu+(=czV)d}FamHw{|SuT
z=!H-yT)xlqq8-f6pQ@4oV~iAl1|Bkl3;H{lUC2NHQ7Fy%Ttkya0C;l*dqFI}J(>YD
z*!NDr<t!>4D1ShOnr9F&Z<V%HWbg_bXgL9IObTc>%<W-c^5Ha~%&f0dse?)ojHP=f
zLP1^NlC<E&DYPkf4L|rF1`l*bBB{(=a-9Fs251gocz{DOt`0n=b?`AT>6hXkvn7E5
zi-L+rzL5ZQ9*Ou#(!8PA5+U`B&aV%Mu;Kiu<|S3yk|p(zTlK(Ad&dLt5b0n==TG3=
zjwNiGG9b&Geoam@SPOhI7(V^9`X&)jgEmCnBOZ8>cvpGnE<RcK&h3nnZV8dXNVn?2
z&Ayj`xq$OEUt9bDQt%ESYUrcnKqm%f<_G#`*O|Mk)coXB!;=C24XCVH$%Ay@aaG}=
zzkh=H^gfpP=Aj{}yqNfkZWs&5CT2&mHK`+$M1IKGq6M65AW}f*Mor=+i!U^Jbq*wy
zR&6N7lfWuoU!(Mk5hYgOhz%!Gh1ZW@VbN!x>;MB%T>FUE|LR&F-91aVGcW-sqm!v3
zJYUc;IHT~z+AYBy0v;CCFbs&T`%+VhPp+;r<Aeu%x;6}HG2n{zkx7jN!vt2L-wZB9
zW^DEW^Gx-h0R?>x=#yZ5ockj(3{{X)19@R~0K^FF+J6=t+~g1B)_x9+8XOK3I|b(t
z?*Oq;6_{zLj6N9UfI}ir;FmUDNTq>C0F?5w0D5n3$?LM{1ZIb!`vj9{1u_ql$qSyU
zC)&RqAVW|P^w?pOEGOD)fC(ZAFeAxS$4ijry8Kt_|M=<-6EIQ-ah%no{J^JHl@lV}
z4<x6y5(cn#kd;h+u{xdv4k3haG+4SIP@p=5t^?h%Ee@VECKD*+rv;6f($Hg%Cn!7Z
zn}P@>K_(Mvkw-^17$p_!1L_8tVQ##182U-D0tG0De_;*)$qlw;5f8&)uv>`MO)_eP
z&jLEp>K!n-iaf-aO{?devn?<;hkg04r<TK-?7b4Lpxa?JUH@*r8NT>dLAm+uctmyM
zN|dB&AB;6(L5$@Z`{?6WZ-+m=35gj6nZU70;bFQhPXY--KB0k~|4<+9iS<3Wo_s_a
z>IeZDp{XfIqyg+i;){pyt&YPSH&oXTRcvNzOMty#n$6MpRRYzuh>4{ilEOd_`XUVS
zBD)ULaevHyY}5mEz_Y|>gV;x3)-9*;C7+>i8GUb*h^;+|QQQO5R_q4BFymNHM+8qV
z;)!XTV0x7~sV~1jx?=|jGwintH&W%>$fbWjmLLMJB=II^s)k1kF$~8!*p<YaGPlvt
zYfhW&PU4D-V6+O^T1j{Cx~Y&hIsUeeydmbZ)1uP9HKiH{<ds9?1m|NPe{cP(Hs^ZT
z1>6iTG8i7bO|9s&MDB6xfm1ybBjp+p4s?yj%wsBg{&(wh<%bWA9-jX?4;mx!TgF(V
z1%&^)@tpRlDbRd(%V{-0_`-bi{@%mzMckm7IF5Jrp3Vh@u+4G1fh=X@-h=U&soY_{
zWw`g2nK`)fx$$c}FC;n}s5GxVvo21XHz96Am1TD`P?bXrJhDsNWYY?-@b};;PG<qR
z4mRw<-m#<aL{x7k7=~@9BCqeTE+18iRYqA2er|DduUocvw9mApAEDFo!Yds=yh<@g
z#wCRp73&!Nwu=dkI`~{ZChypc9@v|q3ofnukz`Qfr#5P<6mc(#cDCg&;8~)3w%1vz
z9_ve5zsj;AaE!7=e0(!lNA>mq`%Av|q*BZJ1VxcaHD$t_ZZ>VbPs`4>wuYR*(6z%P
zvwI4QjQCm>w43`88!A7QmAYj5F2?_YGXt}Nq#qq42Q}pl(srmQ>15ja+Zo;6BDjZ4
z!}$%%;RPL=c^sTU3k!Uwloz`f(zbm>zw2&1>`y#;YIC>X8#AqP%`po3oh2v9KeCQB
zw&!W-72h-4jfn5@W2?3b*2=ly;%`T`zbY!mA$z)I{%bm6Se3zoJMnILF;lo7orW{v
zg?xpa&E$dxK}vtA;~iP1Vud;<Yu5?zfw!$i1WhSTbuG{#2U|WBwyWCZWtF-*x*ocY
zdooE`$QPc>=WDE1k5`&lpIaNZ;cgW+bl=^#jxXa5yc<{Z5VaTgD1Rf_Q<Gw=JU(<h
z4)$r9Ri0~CG2CxWZPxl;Z9Dtx#rQ6!EnD{Ot&TJ2!eXM|<JwiS1J%LS2dh2!58%7-
z?hpG~KK;q%UR9@bt`Q9k#ykCi7x9*6DYBE<v;t`Q;k=V~x}w{hTT;|DFP`1lXJ4)K
zzFS+MBaq*I)H`se#o&tLbIMzPd<qi}tcEpzGfSCYc#yR#Yt*rbOe+M5{E#)bA#0Ur
zTTzUVe(tvs+%;NJsIPbP<vr~|)Kxqwfx4Tcm{@PdvRJ2!Iv3HVX%BrEl8PdDTYbEc
zp3v^~(36g!JH6<pxu=Qy>+;pV5~g~Ld!E|dDQb5uTk&w^vd?hAQ@4P<Sfn?hpCG?r
zQx{w8xSNd}kJS*Ec-5!p*?6+ezBS2xXXy(=B3uUFFZ?HrO1mL`>l_K@srGa|Z`HsH
zUy*=F>eLXX!7C0!8zV#;bcG{vNATxTqfZ^Oz0smLQ=E~R!tR62g1C;*K$F60e*=4y
zF(7!=_p*7XNdQLP;G=)I8BjFX_96AVXmEFXL1?Qpu|m7LTSQP-?5~)1%ZOj)ZdgZg
ze??y?2B(2AdpGlULZfkDWJE))@<pSmo=z(&(7E$05Mj(zCD>+F@^fcXcJ>$3@_yP*
zK~hUui>H;#FNWfnDV*y%A;#ty+|$e=%JZMOVcPhWBjvHqVWxW5)9sgh<r#J(tVV<Q
z2rYZ$hI+fjJ&M#!gT(zPBi1xc${XUlzE&l=7i=!*B+C8Riu&{ld+K0YnUd31dzdaB
zPy9{#&w!g3Ym_H_&fj+@j5(YS6wfZ6rRKz?IPtaE1}#^2btEo!zem<)#^t)$-7;8X
ze#y>M+cEtdc6O!%&pnCgl&Kg=u77V6y-GGvO5Ade9(Ny}uX2vjZqzmU+I}N@iT>Ac
za*1Q82aDBN<A*!EGfNCjlb8q9#6vv~UcvHGf-cxzO1Y&=J*-GgV&6H4)+_zp(MW2K
zKOV1BuBXsln>?g{<GRRw#yivjn!6{#!3II;VVt%@%W8We8`tbr&@CC~4!U2w1Q@4Q
zwln|2M3DNiUfDKv#MVZXnv#5lNw)N>!PlO21~zrN!~J!d2FvTnG7}X;MuU~#e<vo%
zSo2d?NYpO9A?f*G^xF5jr>4I!M}h;@`TW?brS)jB*$f+}t0D~H@^4wTusyXLzk9Wb
z92&eCCafrXY*X${u{Ddx9DPMdEU*<4N%H1Zwn0RTu;C7G+{E6DP5aaP*T|3h^yMlP
z4a&keyBF|JpGDznJfNw^zF;YRSQPKgSDt7XIc3NdXG`xoNqWFQH5Yt`0^v1i9DK0#
zw(9^Hl?D%dy-@MEVY#g~@Q2Tktqe({h}XznBZHRD0^No`ONc1FPX;pZOA4(YQ>XkH
zSIQF~SN}{|l7c$XlkbkwDbI9sjM23ce&g^YjoFM${_zizi3fSS4<?t6jpJ%h0qspv
zsIfLve0Fl;`EarR;Hi3lbK>1KD!)eWt9?!a!u%Q5y>a~-W$gki=h9Y2(hl=VHWt2d
zl`&iI+|9R8)0+Aj)g>u*<>(;Ovf9%{=2n<jE=>pDfS!!n@mMxBbra7VU;>eU-4v`C
znw8UIj9%dqO|5x;kG@hC?k`;kt5upLnGYwqAXfPHb$qL!h#|JbVdX|IBg1)1<S#V?
z;iULs+k_g%+0mFoPGq5FzD%}|LD_lQieiWox#$0UFU``^mZw8L18E|C@fO0X_HEMt
zf47Vla?79%qk;#;EL>Y1e_=Mfm*uJ6$&RD&w2Ryo(*a{HckJo`g#$kH_nHAnYaKz*
z2cWgGjO*Ecd>=V-%BB2eb3u&gNniww;3vtz_}a}XTD;l+=$F3MvclkWy7<RIdnY+u
zjfyWO6{ReOPHFo1y`O*&W-DQGDWa|--yiUjM3qeXk~B6hyain%HOW&-`izX~`~EOs
zkRh-pfAAIp3kWW}TAhw#;-}za1`>IIJ@+L`qXLv6AejM>+yE=V44l%oN8~C#|EXYs
z3n379_5vt9jipV%dkzNcISan9tOJyZPHx}z8E|+_TjRw+36|tRY7h$z{c1})1Iey#
zq-#XvSuk)2E<k#5Z{W2Cb5}a<WJ?9pgLo&;k*d@=RcyCM+sd<EzQDN1gw~YgupN)}
z#Z??+<GgMl_(5ona};w(c@I50eF-Cbf!WEl0uCPJC|ng8ilxQ{I?TaoD%j?-Hku(1
zHfvS1I(jX?7e80x`&0qD4w(a_(0&ksjhK(tKp~7TTz41(_WgyOnm<Dwglt^4*0I(A
zR9*RUZ3m#p2AA#tTL+?e4-Tm~^m_xd@GlHJun7vNe~%N`J0ga>Gm>_|c580_4Z1Ri
zcJpE^0Q?5v<^}wT684C7HzHIaFGxpXS33YuHgMNGp!g!_c>QZ_<&4AvC<NX}^YuqF
zmgbA}**w0axf(#QK&%OX!&bdACkU!kYoOJ14(Ti`Y~W$3r%XgC0ab?eVNK%Na4MMq
zkqq{pAn*4_9-t%@HJ}CwD6J15<_Os-Fmj!Z=A76EG1-DbR5a4S>jD!%XbOUWWkd=K
zaBb4LK_oG1B1*AbfbAJJ7`Xy7!C8>i^&uSx1PeEt8+Xnvfqey}(0C*<%e2$8H7#}*
zHm}ucIa)3|mSAbI5Ag27E*{z2T}%YQx@i(DER02g7Ufh_$548Zm@R3i=>xJdZh_?y
zC%xl0&kRu?BRK1iQ7-zCKa6$pTdj4CsITYiCfc_Hg*}PdP!{^Evid+M6<If*9V8Ye
z4;eOYd`ON-U00S}9@#7GQ@{`jf4A-mzsuJTulFKQ%_nb3OBbx*RG-}ei^ebD&f~NJ
zF0aOUBg73oy8jeM6v_UUwpQYG-Kih0mK(IS5cAh$%)Z0-H4*Ux$^>HH92~t%@!r$_
zqmG(c2VLiYep!V<MxGL%Gl!o$++FP}u(7h`Hb7tzh_aYV5qJvXk$`=HHQ-};N(q*d
zNhe{KYf6`X-CM}7yY^2BQevSmgOxB5@Hjxm9iaNjdcqWVWEFgt!RIck1)%)P#WBjs
zgiseieE>Q!VHkuGDIl$y2s0<A&xS*rv;cSkgSMI;6%Njg0D1>_h=6w}yvO1Sd8aS{
zrgzR-1K$pgRkL%$cj&=BEZa@+v>H+|C+j|dx`-eN3mq)PBS7wU`VuRWj`KN~8Q>NT
z!MTek0Lnm9UC<sCOmv^@C`aQjY&jNaHb-wTs3zF;k5mqfWy!cK(>UJwy&NwPJ|#Uo
z)p6mIQDRGmGKZAPT3ujbmx**mL}ut@@XBK|v^wh+h(W$pHZ8ZI4TI5FnGCAtgMg#7
zQG0UV4=~hh(RGxKZP~Q}O#{coTS-vWsh0rYAGA{Zq?i&MOpxMIhB0xD-ZILSzY1~A
z0ox)&W~drN$_i@hYf3M52eEqigu?NLPKF^<u8lGbCWOCB^DeQ2F?sdtZ<ZTQF@yj7
zItZ@51i*qhuwSf;|2Dv2U2QOttqx$y9fQ?cfZGIA_NH0h5Qql32vVZp;aPX%968aD
zqnjJnXjw7|0K#2kCorRp66&FLvz(~t^JJ!{<N2ycD*s$}kgtbC+aPvn{-8x<2``S=
zNp^Sf3^}jw6*o}=0j%%A{4qULm%oAWrxpO2I72!t4?VLOQgfo?O+7X0%QhkBv}{_P
z6s`~0CcyP~z%UCKPaRqGxJ`;?mRYXm7JaXok;2ISSMhO|tmMSIUJggq1lhVgUJ#+(
zRC(OHYO#Y)CLWuX@qfcn!mH<DwZ;%_kmLVu^|)iwrOn-NvArk!dHe1;SdPk~veM5u
zc&BnfWNl@9dQA%Nnqo-O`!}9<o+AmGM~JyxoYri(FaZ_Ty5mgcbq!@<w^!c;smw}r
z3t%0#X$eR9v-LD>AO{l|mos$qDjI6X&BED)g4=N%n4kElJ|a0RG`c6@rRbF(@>82=
zmu#=#S}5|S*xL@;FsJcj{gf$LbE2^pI}t6MKw3=R*k}=hxnIkXkO}!UHj+gjz+AHy
zR!8-2@cy#X8FW-H{ZLq7IKzWDd)O39^&;;PxuZz(Q6CR2aT~{!q)RT>q%Zs0Epmdz
zn3xSC24VXhOmrXOT1^eMQ(iJT$^N$ih4kaclG&XTIyVqi_eknqJ79KoehaayI9lgu
za=bFonfh#0`vClmh|I<J|FbOP@vtF)k20i>q8+XQs?{%kw=p@7r3~Xv|A~5sU+HO4
zs9>|n;nQ1r?D>A;?Q`j<4=>V}okF8htMl*iSGmURPX73P)JBCL-}kx*^UW-DA-)u4
zLs$OGt+-PNh`frCa<3l$0LuIcS3$z1h~2`+8Hl*(l)(W8`Qx0LNNL*nc9nT;Tk$Cy
zRMt%;6Km&Hp3+j;<%q3Nr!>!uizM9osF{t#=-zMvnYRf&7v6c^$)+gQCb!SVUZyK{
zxja?{!}8WyYvShN{AEwc$s3gCM|KNlWTom$Q$<3^Y(*>8=)U#HcweLKFAh1eL*4k<
z;^eNg)e3jILgGT*nDdEawWevGR@<&T6zk5%*Yo%$QNFk=*=l+lljGV4e_?E2pKowj
z&T=i=REU#E^1~1AUsz|>deHoOW84^2L!+5Qi@D-SJ6ywIF`!h_sEHX47ip6yy%(|U
zdQ9)@ZIzvaLe5X+l-H<n)GU8yqVt<kvbnCg=ChSwyNxlcwbJi!N)K3H@L&kOr<l^@
zDKsi;pZ2LaPoTxPOwz$xwAi*VI#nT`YZU99Seugb(ed4lF9zGGKRxST-JVJ-cKCw`
zyE8Klw;i$VQK9YCzk8pt<2a_w%b9o8wa^X8bYXn<^EaW?J@t$J{8#P|ezJF$iE^BC
zq`HfRKRy|6|0r5aWAx>;id;x^Q53>yGO2kdwxygtc{a~zIlYQ68t&zwKPj+P@A9T*
zrmmM<OqOnfk86=@muq9iu#q-u6@I&!f~HX*3f<C=TuWa((;2APZX&&nVYzT|qm8p|
ztp2F;RwpCw{5DYUJjJyKK>Ib^hE_W+--<To)mK~Nm15d5NzT2k{fo-x$If(5N*SWQ
zR&ke8oh9Eq3tnww{H?^<HsTunYWR<6Q()BbKErvV6Xs5gr>nc0l5*Xw&H#$;WhJi!
zpE1F6gl~i}eGUF%)S2JuxOphP)<{zs&#k>{gx_hyzFjPz9T(sI>=f$Z+1@iIrZ#cU
zVtXi_Q~hXVfrF8JR>a!<Ucc*W=0%1yTYKDBzt+`0z{{N5%*ydskqe*B((J5C^4Ezs
zXksi@jM;JGq-lA31v{uEHgy2HWkZRDsK8#zy)|L!Q`m0AJoX4L?<y0SaUUk+Y+_J8
zD+W1{@C>n*BYTs=yzQ_{Ix0Ee!%~ILVZ2Du3uT-#qCaUcBXHKam1#chEd@?ws**G<
z-#-?;H?KlOH2YI_frR&`iyTKp>=(%|He#l=Ph*i+?2-CIj%|p~`^LrRca;mH_16ld
zDihp}gz)KP?MqvKjru&u)T@_&y;W#(eZEoK<ko!0s41VS{)v}bU0Xx%`0JTFqc%)G
zR)b5+^bq3aVM|rRt-toV<pNhwqCTV}+O@7mqvhxV+VR$7eJj3log41nx~U8w>hkHm
zUd#m}f5I!&CikUcIbVie-DkNXA#(TdZ1nDq{ts!IOay<X6S<(7DvBI)7w<y>yWN|v
z!Zh`FhO2+j@1ihUo){NbouAetN^bxqXq_83<&WxGRigKD<dZiE)IpOfJ4@jK1qK7S
z$+y;;Cd;Otg?*|&Ir=F6evcrLaqNCH-`fh2I>k<m(TI$M-En->$#`~7f`hQ#*zowy
zJ5iM85{bI9;88w`7~z%Jh%rh@`^_T4p-_3I)t>cff@40CQ8f4S>&M7nV)-tg^d<P8
zZc{|oshWK`bHh0QWYlCNGY_*RVU3Q7NCz1ZO-hN6ot;NzY4z)FGONFU&*o<o`7W>}
zfBP>C|GYQJak>y`a*?0YMUu!U(<9A98P!0tcUa`~q(+{-m^b7{XmE{-$^sesn^$<|
zZc*oXVDD?0j)I_WfeA1;(BU3@jknO1S^;*YTk5<)fH-p(99)J(&}+pj(Pr}IY;S!^
z3{M_cXQTJ19Nxd)GZc6rK30=^9w(dy-|rTY8yLmbD%z%0tQCLeFo2rDa-dQV{W5^c
zzz+`MG^-yv%ny>|k!NTBaaQ5c6HTmUP=`@Dla;C~Lymum059`VUh-!>Ad5m!gN<9V
zv(F7947$c}aO$ry3SW9Y>{I#|#;wuNG+Ay$Jk3ACP+H`WZ0=96u3ohV$v}K47g@7_
zSV%<6?PZ1S+CQ#%+reg}5PGG({%k|S=C=AsLJ`jF>vh3rrZ`>`KCOvIkD`<FG@Z0P
zePr2(<#hqJx-K-Zm|2=9jaJ`eLxKcK2j%28XG;Z~4L@p8y;9vgP{;yVXxJ;y+(?7%
z5wLvV!97Wv=MCkrlx71QabK*x$`QzS`!RGp0sh>oAt?CcQ5rl5AgA<)a+4YrUoBy@
zJd4#ieigaOYPp608V3s(8YsMK52WX5JR--L_nS7Em4ersP7)wcXwLHh<iZJTkOD)%
z{R!eD7-{_{5Sc%xl48ZB<M}hDd?hZFGfabeIM+60yVenafVPub4p3<jbl?y5C$;4?
zHK>{cI&7E3j@;~7fc5|wf|RCF0-nGM7}F<&Tlj{|4S+m2co2!Ffi8cOdXPjB1BP|+
zO~jPQR5YG7gE%E9$8`fjNIL#@holm_il+kfnrW1E1TJsWz8(u^vNj0u!dMsMa>{JQ
zM{j}A-Ah+aI1y-B=t}Z``ATAydKTJk3TM;gGYu6`k-3bT)r3+&3&K!BEh6FSL5@b`
z`7h|g4D}9_rTzoj17fh~(a*zlyaQAk;Is#u3lWomMN|mDr~3j#<o^5<h%#W#muC*G
z3Im7^XqO5Se$8tVM5ugMF_wZlm5PTjp?F#a8!>~DH6`;&z?*A+OJ-%wq9L!My+{Pc
zbl*_{q;}~h*qMT5-SEf)jWbbx8Hy<IF)%}*3@=5B3enG6RctIE8tiSsyFkbicu%0j
zmZVGq71+{4i<c!}_U=|sQaT<~N03_y=szzrbwb>i+52E}&i;5X{IDY3J#j);BH^YH
z*8Wo!V}}jH-B!s_=h?8kYmLuM*-wi9h%?od*28}%ebf01OMQiXP*kLt72K~F)|{!^
zvxQF&v#1X=is{?M1Fs7QGaX9~+OO-SU2HOq5QPc%qX^oadObEyT#6{%SIHF~PZ>~l
zhYed6=WN`gu+2aE-S5WD!{~0W@}Mr_rgfzJyp&i$0{S_<vD(G<$b<SN$@?9!SEHk!
zUWQ;*pJLzsx(b`1W`DN!U3JTb)k=v+i3elDrWUYwdtb(bc9y!$8N;)CUEe<?yCQR$
zL5=s*1=fXi%*}RV3qyhG4Y?9Le5^g;;1A=;FV+g7C5<SrmdS+SichxJTA#VfW7alK
zUC!Aw+CAq+?W9xcRwl8#@B@&>-)nxc!nu5m$(t9mi3m7{4d-jARP&WIoX2~qZpU+v
zy5p;%!R$;DZJhHo7G@7zEtJWIzIn>ED(sz!%#=a8x19VyN*WH+w=i?7R7wc4%88;!
zm2iT2bT)#U3gp#}<ev9A?bAffDMpC2VAO;jb@!amAak>K;lUd6Qr1>dvyaZ{kHs-#
z?Uu82py_T${}wBHj&t1hgN&oY$+&2=Xen<rx0`94g%HDpRD1PMD1A*@N&S=;%}|c=
z$eL@6(Dd+=(AHyy>tjtH_mg$tS?jLj;<rj`>pnhUm-JYdTZFk4=_7B?SnD5#a<5Rr
z%R4?aFE^STH+`>L4)Pb2LD!M7+A5_+YKE5s-_d1BecoUznO0$g2ZHQq)$V}M=Xf-5
zJj0VmK<HK(3cg~q%wKqbBM6XntT5P01i{-ZRN$X!Fq%c)q2TdsuO68A=>3-KgBn2U
zLZL@c!aIf1zvgV<B!?uG0-W>+q8vIwi1h(jV~Yi+HNX-NR$#_D7X%LIBYOm^3OJbY
zrH3S2_Yd(=;l+RPXBK_XuvL?Q&5ituqyV$Y_kd*%0t8n;=N2RiE_p)jAcjf`rm$cR
z3*668HA^H4K-ca=bVE|J!Bq}GR8@-sq|6X76HT?W2xg+iF7+pjHp&5D89_Q*2%t+&
zKt5f1!0FjiqPjfq+!bI}`ijpT^9~YH2$?EFYE}aK2Hwz<;$51LtjA(3WO0I|uv>=1
z$#mZ~WUq>?k=hCYQ&VezDf{|VIKBdT*|#+Xyk@YgOi~S8%CHW`m^dpZ5I^<3nIua5
zF81;c1lI_O;a>kKJ_>sujp$f{oYimB2oNa!bX7<YRYgFmntY}GpV112`8-E7&2tTx
zfo}`#kH7I&g7MXuLT6%bsOo+)4VLxk7vQ)+O_^C%8N6g%S`RGtDpsnOsCyVwHvFn^
z@}TkHOJ7(@R~u!l&+ja(#Q0@nCpqlvGoEU(&yy3M=;gX%^-#conad2oC`NPMLrOr`
zej+}_Z=k%u0|d+~Tc)$n+#FO_1wRciXRFoF3+lghhLuABxpR}8y3)K4{fbmr$N5=B
zvaOY}s=K&hUm|79K7_TtqDow9uguMfotaocs4R@8X(zJO>t%mhlEu3EP?uJJ#rc2z
zK;{FBp?XCVLS;rC^U`}{>uds2;OBVo0H%&$kF{GpFL^9Y;FMZTUK;cR<9PqVPEN;>
z8{@_oS2bKZvuegipM-9Ts@39>_iL*EKz8&4wB&Q}WB&J(gu4~)HVYL2%&q9BY{JFc
z{Hy->Rr+1kXg+eJe#wSc=JSC+7~0{j)hDITv6jj4>4Y$M4m&i|PgInmUU<uWd90w&
zYWz9;k2T{FHs4`tAXex5O;_qA(UNmvpF7i8YSOnRnYi0Cv`G(WXW_u-`NJ!;>V+V>
zSFAx1-ZSc5j!x?$VrY~6#Sb$)L!RaNV<HHj9giR7J9wAh*(dwM;C3)jVGt|870*@z
zdtuPrv4XsKk{UyX$0-`(F4u~vTlotk`KFWckh};O!7XGtBejq2o-GXY#^{VL1}sI)
zOtsg&dsRa?dS;O)YiF86X7`hei*t#gjVc%$*%a=unYhMz@FS;p2T)Yr`E2RM*bg+l
zL66^_=`wW#!X?Zkq!|9H0>@k62L7_43rjT|x%6wpt*LXEr?J)b=!VMmiILy&j1oVk
zJ;=(#wjK!{XQTPr^L+q$>O&WLxQ8t=-4iCetm38Xa_hLtO+VD(=3WUFDVlW;5k+Wy
zk~uOLqEQtfS|`8f`)iY%FP?SCU~giFb)LO8i&4?$vGmO;?%%shRW)6x!hn3fqD`5D
z7Fugva(bq9ckIKwT#szT+QW*9w$;=QMD^Y=H%&-Po0LNq!gZIU?eK82EcrtM{->4+
za=~*e$_+2z-gPm+H(tJ|)yl-|iQuZ8-=AENId4>ZR#P3J{t183mMD)|ZpmL)m}?~C
zOe1s5+5Jizs>O*iRY3L@IVA??=LN38?O*MmEemsGFyt<Tjj3oyT*BCV#=@oI3-3<P
z!e{rqiitLezY3X?p?lswh)TYBG8XaygdSbO?#w>KKi<h$c?{Nh$Fox!vt3)CPfr@_
zm0WCZW533)7Aw(}o0z2;J^qxS8O>jPY7U5_*JPuteY7#wXXgsan5G2IZ2Ms=eu@yH
zK4FH?umM(kBr#ln95CKo7L%4Ys^z=R{8Xp)+nl`be%&iRdP!&g97`R({0Y0!%9!|7
z|0v%^M#a_FuWFc>XwwUG+tB7d$EOeTPh%KsRCrG^Xx@kv6{++H7#k|EecPB6XIT$U
zrAcJ8oBah81-=7DYQOki(Vq&R<;Kkfos$Amz;wjB4_<dKW28o?79%R-lefj@hAkF#
zf#_A#A>7}=WfMtQ{yml2&+=mV&vMzxCT(~1?idwwo$Uc{HVq;_wJIBT@SKZ3YmP7^
z{J{XqZrz&mp0Gvuaj(i0mt)lJF^!X?bx-a1;4ZHoB1Yo7e5&|0b3T5D1q~+8kBtln
zrKi8XwYzcV0#CK>E;tqIyhyp1Ka+BELT5s~-QRM&>)}lAuKu;pEI6eCy=03k*!wGm
ze_=1hLQ`Ms$Id$qBoWoPz(3ep#tq0dMn9|`m7Sz}`@nM1{!5$tsa^n!>9Fa0%mTGE
z{&7ZK=$K5RJlpdbTgd&g_KH4r+ZWhcDX;VSzB1BddJ+jw;ZfZ5<mHdH+!aQ;b+b1O
z++nD-K|kput`cQJ$E$B%Xobn*=9E~ZStseLFzm>2Jc6r*Y8NVrC7u>foVTH(Y;0z&
z#dd$_ukC+XbD$_~8cda4R-_)!MAfEf@Aa9ueE&km3jfJk5zpI5*-#tWJCd2!#K2a`
z;}gi>bH`KC!{&A6xc)OY*NE;i1q*e!Qn`%x%cDQr$64<uWZ0j(v=)oSe^`#97rJ>W
zokY8}8+D>#d#H%$yt(0|KOIhatb8La16^U(QF))EUR&S%`(GGNJ~<Bh(UOm*UR&Pm
z44aW`_RKeB>TlO2j@pc}cZwRDR-HKnkf_spyi+0*QhdvOl^Nu)mOYXIS2p!ma+07;
zkbPEfX@I}STk=Ko*AgqwyFAh>u72NuvedvycoXG9TVfco@%;UR3`+XDTb(1$Jzx9o
zbRWy#w)TNz@;+iy>^8zp_qk5b^Hib&$fI^I<~wtEk}bqez}DI8tF&+PDw>Kn_6cKu
zc8Bfa5zfrr2P45d1v47Y(6)ZU1rDddZ$_D~;)FM`ptHiqJWP0|!`7nVLGxxv^rm~E
zp+k6+{=m<?pxoEuwmKOr+Q?m=q2&_MX#)#OF+lRT1@3-$2S!4;>7wK>Y%okEf3hdt
z-LKDY*=Y8)Y^4}HTl~y`>>xiL<Pp3ca0kM9y&UDle~Rk(_jFIj?JB`*rp^w8x4kP(
zxj>0sYq$w;9{URnkR9=X$c+_fT?@Pzo!)USK3ikj&lO#+7<Q%%;!$Ia4Huq!l&8c3
zst$2*w52o1cK(8<wLpsCaQ8yHmSUm8#&JZqX#}^lTePOxW*uK$Y@?#slt{3@P+ocl
zbnix#q#42YrYku~#I}ZthO#ng1=K;=!^+X<;En>?L?a;kzu0dO(YzFx_y2f}fQlKU
zI$^X9xdzK3{<PkYr&Uq(2mo)S^v7QXegX^d8NJ(&vS0vmxX!HMS3cN+Z=Vq`U#)uO
zhE}dFkeA+v9e|BOMRV}&#=ak5pA$2il#fL8)&MsX>Hq><NK6K*iS7{?^%^)U0b{w`
zQU4seZk|!7+k*nC^S?bkreL>jP?n=0g_2Y0HR7WQ;^nZ-)P=CLO#<LLg4Xu*|HNi4
ze^oZQcurU!V0)8fKNJBCsKYD1lrbBM4Gjo4E|*LY{q!YygjQ?%0k{)<lww!2u<DVn
zVLca<D(q-AAXa_r;?d=Hz}nmt4+ujI4r150{ALlTDr6+d$V32SUjkDhX`M<&Hb{km
zxE)$dE^`S4?*^}}DHGg_OK(bV<MF-osU+(X9+e7Hi%W-{=Z3E&D1gi;q+BmUbOJZu
zLKUWtY;Y+CI*b1nc+u@i3cuWkftMrN4tVW=4}N)VOM>nK5ciV-!NVL7+=D5ADKTn@
zyH0Egc3TC(KNG(%4a$BJNnkR!049l5d?Y|v@6rPTj}3%n$pT$UR$-WDa#&7c3$Ta$
zYV4t<S13ygBD$Y_sla3ve`?`5Q#M~bA{`eR_`2TEp<v^nlgi#Wc-WJq_+@<Ihxiia
zE`bM`*amAwraTiza41!|%y#gdsg^3G+dN%lx7b*kac)@054~|=5HT5TjuO81@lDIR
z$i&myt%RbrsvDB_xAb0`?}45igHMychpxJTCDoZuN=VVX;AqydFpH#Mbr*F+1n1^<
zK$4RUYZoP3XzrQLLs*odLbxe2$PK?38KRd8qGcCx#mi|y@hH^6>%uFVwKH=C9=prN
z@zc{OY_lMRwO{tdgvN}Hz7t^S*ecm>{*t(?na0US6L^PEZu|IC^0*Fr=_Ve}W<!U|
zB5!-m6Q^bDEhX*GA#crQ#oe_?e^vCvjHFq;3+4pFDOQo3zvA~$-d}j$GMJQXYkm1V
zXYg2J$@U5NaPoD>XAI#=sA{qGSW-hG?AszYPTU8irnT%C<gP`$BVko~S}J@oPQRPa
z<`|xBW@t;spo*i>W#2`mAwn8zLYhkIrBz5sJ2g%&c*RBN9DzEvr!HV<-d<BJXO*)|
z!VP$mn6=5!IyM&ZWW3%QVNy%UZa7VR4S&hFqiJ6AoYKo9-^#5j-ibH#LtbXOVQR}x
z5nf#rp5Y`S@nPH8^lmFdJhsEqoGbO&M275b;jxjVQd!ZpFH%bVe*m(E9>V3!^TBDq
z%+Ms@si^R)od=#wnB;&f<)4)+%RRlF6i;M?L?^P9>sjU7DSoVee0axI?;p`#yOkIm
zH9YtTihY;UW}v&ehkcnyhTxc>6AJMoCGqjV({6EE(;22Q1^}AfU>N|Mfbge+Co1&4
z?|bV%3uzAR^UqKyx<c@>1Y)Q_G$dbUrJcw?G8)8CbIU=X`rk4eSb*~-aQ_R_2B%T2
zrn8qa4|{PVO#vY!g!2Az0p(9Up)#OfOt6=Ioiq%Lln<+^NJe}bg!xE!I6cb-T$H?;
zB~a5-1EhPP>)7~JsF{JInU1AXvnIu_QgQv~oO6bbXet<HXc$ni=3i9kOUq`)l3A31
zf&VEjC%#kU6M0WYZHWbWl_OeCU29LEw5kQ5w7@Qf-SZo-z|J^1SRpS{z2d7oT;@>j
zoDn`$uFkp&*_2-(0T;(x07P9Lh>-*JSG|QuH(Pk;=%fq@P?+i4at)BXh)xyP1altP
zpu(6#tjvr`Uj>0{IE*<*Jtihm0p@9c4ZMJZo$&N4X|%IB>Ht0qBf%N|&lUuf<50bf
z2d7`2nt>$)WIB}Dn3{}?_DqBnUlS`D%xwIpH^|=iE&FG<?jTIJ>PlF;WBa?4c^Q^^
zXb79@rwmI9VxGh)SX^=&C~^SwnYzGb1hd-Mrr-tF>KWKjP$`7r{-+nZ01XPlx&b=(
zj?YduvflDPISY{Ta#&PiM~=|{g_Y?%_2V!^ec*afvMU|d+Z^i9>PTvK$k!E$kQA8l
zF(1)!WgKr>vKwxihL6`6{g-)ZW%GPWXICbLqqOr5mPS3+fcRkuSX66y^%rL3@4>fB
zKCT{83&hWo@)yR;S5xO*f11XvjSri_2^F{68bM`=QeHO?2S!&C!$P9cQwUd%emG{A
zo~RYXNgqeOWlx$a3IFirkUV-p(VM@83kS{$icK6;hj#5>m6&r6b*c)xH%wnO0}^_?
zeyDHVi_f=ybcrb=iyNFD1=7~4PLW>xh&MA`UyVCw?T>w#Xq!TmHy2CGeQ0|y^&872
z=4BK5_ps^j%;2LhgU(;FCvtmO_T{59u2<_&BI{rS7%+vjo>T7g+~^jw{04iV6Edwm
z?j}7}-2nYGE7l3ImGO*U-LXlaqocI*LubkBJOK}B^j?88_-8wryVz%m;b+~5OuMqH
z52{shoP_b=%CfYDD)ga$VFf7-naXfcq`s$3!lT{FF}k;OtK#K)@{V5{Dufto(H!G5
zDy_C{D%=LS8^7hKw1Tn{F^?Va%8x3CB0hf7)4`lEv0H8BBHW+!y)u2l@H#=?1^46G
zYDS(tWnC&C;S9f)G7fj1h_}$UJFC^*Joau?1N$|lh<p%xiX0ma(a)|-%Wn}Ip)s%4
zNIqk3ho=ZrDz3!IjAB|uipBMxhJoh;yXH%S-?p8lI|phVbW;siiNN46*Ojtux<MP1
zcD(?tWxrW4`I~Rz1rirTPqQ{X#2VDk?Hsayl-gB@2z~nb`x-$i-UD_dw=(y7F?u84
zTYR)iB$Z<eNo+~PpGzB+X?4x+>e`K<K@3M9&#z}=ilu$U{!`7mtLz;+ow>(J!<%mk
zFT7g@<qL}Vu$KFBpLeItgtx`QKaobSy%giI;d3FgwWW?-@b6R)Y;t<%{a9TdB|=nM
znQt#rW+;<~)X>TrI&e4L=j6;THy0wXkSD_s_B~5Kv=u(BI{VFg-mS0bbL35NKpH-`
zN!hfVoSA`%&7H3iU8>)?_}wmLGhjN6)bE-Y>d&~yB>ix-U->fn@x>q>Nk+ba+jALk
zYI^NkwX_HK#hh#PUzm7Bn2?u{^^x;o2&U=QQcZmEibq=OCT!sIG`Gq@p;*s#H^ccR
zWhB8a>)BKX|INzJy_#f2^QVEure`l3RU0a;MK(fo(1V?wNbKN)uSCuLerPTgsnom%
z)bu+*zI@vHU*aX(no2-icjYWi2-Ve0r^Bhb(}_NpgN_zG*_iob{A~%pzc8vckCThF
zzpx<6p~>fgdfaH)*86pz#gW?|2M!9n$#as7<VWnT4=WhX;b0yhvGvh7#y1iS!nRs4
zXW*F`X8PMdMhh+Up|gr$P%eFLQ_SP29Z9gybS{ltMP}5V_{fbZl8|)OY@*OoaqzlC
zBm>r|lLGGsXFxlt@iu1`OKy&(9GR>e^=NSG9q?WxCsJ7L6^e#tLM7BQMV9FRuUu^_
z6CBP4AQSHGo9PHE2hh)46qq2lVpfsA`E1*}2}y6SP26552`#tpE{SMUVazkqKS9tB
zOq%P#>##li_USZ_y0Vz1vc>A-jl%XH(V?;0ErWwoHt+mC#577wRjFGW$>?pHsr<Q3
zT3~M$z}+B*F^O1Kj_zMXOClGtZ&n$FFFK-MP**(Q3ew9#J5-@L;qDJrb!eJB3ikiP
zu1*=_7$~A%o4l9UWcqPCaj43??^ki%sn1J;wG%6&QS}+q2m5k0b@2_~W#|VMvPK(e
zjkrHoN6!wg<9!S2dfBleR&u_!*W&fcCW$bF@~Xk--T?k{H;cmGrAD6^_YbWV6L<<g
zzG%jOvq)`i<#4fAdwy@Vh6tUL@@J^yh8{!8<H7Ht9S3-MvMx91IF@&gqNmeFQHS|%
z{+VG0n?bK@mQy4LR;=nB<H?NFvi`yxZy+O!y2HRdH(m)H|21)Xo3NEWDN+`#8l_oO
zl)jwmMIWAO#!j-DSdY^ySeu49e|z30$?m2rV!Q1VM2Z|$PkU@UaT=x%l9Z<;!z%%1
zj4Usa#+()=r!=uBP4=hXUh34Cf(f?zri-}Z@zLU*T%PIf@pAWy5c=CUO1Zcj#lh2!
zVE^=uSY8YK<Lf1her)FMwDtzhqdh`O+3J+acE2=@KVlmn>UKlpdG4S|Wu}vDTtz;d
z`L%h}_=}1}JGn+x+!N7zEn8&Z9V0nn(;K`MKHr_}J8kAeIvT_@!h6+>GSg#8n|z&+
zz{ti%#vj%2$vjw|!M?yzGucdIbNA?fG0-CZ`10sAON;~X+JXP)WH9`?d`3!v|LdvO
z7R>Hb@?3=epGxe(3BHA<6U<P@g(y<1D7fLZs3}DSsa9NC)Byjqsl%)u^mBK_(Hp_`
zwbO~;9k9<q9!Ok#AweYq><#^!$n_jnz4Eo?WwN+ghlA7}wuUBPG2#mH7Cib1>X-wC
ztmj}0$`^Z|6Lg^d#XQURrHBfnBnZIV6ZX<;nvc+umd_bF7$&vHFRMTXq!|l{hmmfI
zfC81b!?Zffq@|F|LTrG{yu{TO{K;5iNe%Fs5F1KMwAq*2WA{%>HWVPPJuy%ma?NcI
z#ZIyOfk)Wnko)lj9SjcB)fDQ#rsJnY*$V@kc69|T=w2QL32BI?;&N(vULVAkV5;D3
zPp`@9I^>0I1DORb9xPM}$<y&YUQLFD$;WKSsN`PuY?4$mGMzk!0S5tQOOg$eIgnBt
zC4kwg6awbI2uO|cqy_-4h362EbM~n@Vfh#9Fs0268BhoO0k3ENi5X1CnVl_9ipWL1
zJ|+eKffN@SK1q5x;lzxZ7qjdp_Tz>1mqR13bptPOdBHUi%vB3Cce0{AF2~HW36x+D
z<)KMgGbUvva2c6+xh+iKxs#onR~IHU077n;X<3$w2WKOIe15!02&SSw18YL(a=^fE
zn?O(e@Ny~_Kh+d}I6=j@8jL-IZWRDJvL-)D#}TDcQ+C+*MwG+y>=A}9z(n<5SOYEa
zE@Y*^k^RwWJXjGJ+>g))#Xr?6THaEsA<89QxkHnJoztpjzV3axU$*EJlRW4?S_qNm
zlb9;#lvOTjH)gYOcqxuP;wYxKfPd?-_K~UK`oQmHYh$Nrziw)}B}Cgh@z5Lb(Enh(
z)cYhk_xLzh-7EhCZv9B-c()s_MJN7by?%9vI&t!1?gW8o=}HJ|d+4-ZIdOrP)<^2Q
z_=a!yZwc|v6^Fj$`{1&z+9SC909-j^7ur+fMDRR)#9yA$c?ZC*Wv1Iv0i)H^tAuN+
z-8vpuA7w@qg5fdd+<$SGc!U_%+^cM^xbt(=+n8r~L(1IM{W>Upf=B(DyA#1sC{FGQ
zV5H*Hm)q1>eeaB}z4e4A?c0cr76W^D`Z4Lx&0bmh*u%Ul9ycwbB8!Icq&&yuZ)VyQ
zPND)_*-F|qiB-~b^(2GTpAai!M+|==9%9G*D%3YvWF5ZpYb#u3?Rk}x7s8ZgBk9BZ
z^Qoyji&0%psDTwJ`qmRV;bbaJ9=W|559*W%ZPRG$Vv=CZ2g5qA+p{^{YBp+Zo6K`(
zx^QDeKl4rR+1&R@9<PJR%o`5)@os<p9l}=hutwa}TZE)1t-V%DaPENb&(OzZT$ZhV
zp{#5({$On~-q`<#tG9rPa(%zQA3#7bP^44okOt{gS~?{~Ko}Z^kVX+uq}!ppL8My+
zLApb_C8WE?|2=rl`F-DaEnO^72AE-<xvy*Q{n`06;H(ZuRe!5IzF=(pw~q}MMONj;
zz%>_jSO3fYL9u+~hXHF<v}vLL>X!}pG-b})V#N-DcU%GoJi#!o44f&iLQvv0;|#%s
zhr<n34E=2~1z;ZqCe2^K^7wX+h_^Qf%vPklG5dS$!U#xKP#iR}EgS54fN^AkpUgy1
zF#F|{cb-~JKYGE^xoS@ewxj|uVdfOX0abmAcg235lIaClbb#M{2)91GQZVsER)O@>
zqhgw?px%|Hg_@gya21m-71|>Ksba0<MCta+o2txXH$oKmk8=vPfc&MZyEIttO38$F
zrG7!+3j#zY>OTU5r$DklMlm%=|JgsZgtVq$-P1t|B%9>2i>Tf+C=X0+1R-E(S`i?Z
z22IX@z2YW{$rq-C@`XN4!)EGI{l#{WP0eCai*mxQQI7(=zu({I=--L)U`rJC7L1)J
z-HTAS80FTz1uW&haVYaS1Go~2<@gbsfXi`CV)O>+$NNXpO1syuQH6FK3h~p23NX3~
zWcmoG$q^<-15ng$0(Fx_1gZ?+ffJDO9SVn6-XQ%^W0pK)F+KaxD$Etw+8+hGwjE@F
z4C>V*hNcWW9YZjkZ9D*>;cSaaLP4q|@RV0RqP}MYmNFAs%d(WWb<AjSdOaX&+6&pg
zUlfiP0Oe#;N0fz0!!jZk06sDXRD*IIc4o$FsQ{+=*eP@-(K`24p;Fi=2OFg#XNRE3
z+34-}AOT2-YLp({FnCq}FVe+X{2#(*DNTc>H9etu53r9WbK15T&8{frS@N%W(n@0V
z-3)u`^n@QB=V;B4IIw~H=qU$>COGX)dAoY1dUVFO-i7Hneb3dC(K6VIQkRFPs2H*4
z^&hVCy$cT5E4kw}@T)rSsCcJhr?(1uZ1+|(R@s==qEgcJ$0sgV+@|bKpN!m1)xP@9
z)2FZNZ6;I4f{*CSx~sWp>MLN^pZ&(c4hf7vzO0a*u>DaZ;rsL5Fb?I+f>O^}_)#Vh
zPabGXDPt)O|A9gjFEQa7D~k3T+sxx{6kFT*<7tt#`uF}opAl^A&-qD+i9ho=Tr1-=
zzPyI(S)bQs-044a(^o<98JYa2x(t=Dr=A29J{0|lE5>8UDPh>9Z{+P_%0xZG8wt6w
zQtzMXxY>zm4DAqh>r%3<Fi_&|srqc-8{oBMyPWweRE?2y(D>i=D`miHW6bC4n|M^p
z8_2Pl{AfiiKoOg92jgr^jDdMX&j$x-Q(!-hkDOQzv2jT^t37@0C8O#MUe|>5J95g(
zX%u06=CtpZw79}^xP5uFT$r5oU#hvAI(`1NVo7WE_+ZL6R#!S{lINA9N!UZLxpaJ_
z?bi!dyh^(2JvU!?f781s?k<Xaiiv^;8_zk-g4HN|gOgsCYsmE@2Y;N+u?SxWcUgO#
z_S=k?npCvsL|k7jXr7B!je6*x7?zNbcU3A+#)tQj78TG<tjITS3yat4AF_xUzqUT-
zS5kZTLNRjv>`m!fu*&aETGHAuaxLVUF%I6cKSHcMbMg4@&!>$c@ymEi5}D`Xa?gE+
zt40eiS4*oSPo59_sAEE=`f{ujgR`=^s5TSU2OHisuMN3ud#;4}>XeU^f!Ks#!`8S{
zT$oa3DB_!dl{=hSRW^_r*!Eb2U)|2VkD^q%-L5u|?o@;xH}w?us#p9P`lr<ItYF*Q
zl{5R=+I-#WB=dNJDAK{*lnUo851b88t=l56dzt2^kx;q*_LdMIZOYnZ?3gd6q8(1N
zzi{>q^{QWV7wIEie=00Tyr(Lj?V)RbT<aU)6Uc+aKNLIzp3KKd|II+tO(a%+C!R`)
zg?fr*&2wz2OVY2DJcz&b=swOfSaW(r<g!oOcO0a4625Gpdm^ajq~ETg$39rT?v1(N
z_46dSPhB#`p*V6X|JT8H^BFnkaQqGtD@y*;cX%=~q)3^{<|W~|9paU`&zn=Pk+i4U
z2ASs?5@F^mD_`85Zf{bXo;a7XH+^;rGIsZA9*b;vRDQtWYjNU3tW$${5~Vw;`9?-q
z$L&6ms%2YDvhQbf-$qtMac&o^K%y&ek|$A)ALoUQFwGn$ZL?9OnU$W9Es>disrflc
z<R54|$5fg97MxwPnY#VrYi?DhdBe_>W5no-1?3s33e$at)ZBGf?$`FFxd!?QulCu#
z{rCeV-VClM%5)`mX$(D_%}vC860~Q$p++8lFYe_Bm0*Ece-i2T#hHqqInCFR%{%hQ
zYLY6~IKB7Qp+5EkAqmH^HfKCHUuz?djiTUeAw)b+ux2A$C_Iz=)tV4x6YlX7Pc(X4
zmV<jpOfOfksblG$udCe<<n3w{`-x?2`c`tw3CmZnBFTFs`;2vVW#YxaMlF4BGJ2cY
zFmEnmKG1dI^etZDz3|RZ0?b-2+4*0Aq*y=cBHy2?lx$V14{j@dO89O$w*OR_HX>*K
zgk5%>`RwhZUG6ULg4u@RzKAp|YSr7AbPK5>wmIiMt{47>sq3yJu0gR+A{@|8{qodb
zPHC0Q(>ZAKF8So-!^onH+GdoB2P+f^cw5NZ$8xNt7P}=3o|ZkyeCTTS2NGX1N;1nO
zWCD{?q`$VS*@rmeW>#;R*;N*tMUCWnK}z}v@E~{{WWT@o8vASs?3pD$`55@JL_3h8
z#Zb*-DQQPZmKhD(#M@Y=gG>Fx&5N?r=)QS9!jF#B-J~N}o*f@aE(si!nuo(uvlQVp
zpUg=l=FoKy=A832RF%)~SIz|SE$HXF*uJD>8D2KE;ZOHj0>yv@Is@ZfSyS0bOkyo8
z9LeDbiJ#X}TOC!uY?@^C`24zL*{N{6H_Wlie~?$?yMzI@IFr<u*T({clJ@NMJNQ?N
zGcJ`Y$=QVNfz8v8!ff9$dGX|jpF8Z+SEJj|oa3}rWt<-4f)|>9m8?Rd_RAYBnaC7y
zm-K%pvQy$%28a@|RQ|I_rJ|Yjy0{b$nlLVkjcO~xUb#cQRZsYjmD=Y24bEj=3yWQ!
zf54=fPb%EVcS<or2IGC3ky@+2jr+)A3$e{jD$PDhnfLV|?OJXwgphc9u3knm@%I2F
z0w)D)XD?8k3!1pV?4$&uZ+XD&C_`ce!NV6QSB*cqrc^xm!2)Y2^kzcSoSW<SkvYnC
zjI2?;(zGCx3n~Bo5?M8=B+8ud8em<-Lwy4C*RSb;x925K#{k3c0j7SiHhJLuNxzu+
zgvTKBgo7oT>XGPL5vQX<m;a{X@z|6ql=LR&s;jq`XCD`OB48y$Vk!?(cc6(XDfN{G
zI1J!I<lxK(zg!1J&PxVKDQ^;0L}ajwA=*biF%zh+0HzHIOoB_WnGFS&8;M&JDprP}
zVBYy>m>K}H)RhSKaL~remi=mu8cx(73~e7CsBN@_CcJNvh{e=Tj)npZyR>+>*qhKl
z&~M<(BDh>Uudp-T0>{hTE#s{LP$PxPrhqpx%g9ZL8}L~`9z&YIJ<yN5vXOaGRGGOx
z5g5Oy_wYQVmd>vl1(?6$9D!_GEY8u@PFbq8A3Y8-fyID1mOx{~vCBCP?W*^Q5$wFr
zG%QgQ0NM}kZ$W~l3e7BWV8@TT+Io18f_3)Y%YOvFQ(-c5F=f=egc^lGSPuksVlEdC
zv(nH3r3MyDa2AkUMO#z%hLQGxSp+lfZq|hU>!5|IVOtyRKag_Gt8VcPRVUoD#fe&L
zUn;Az=L!)|MaN*5to^s9LtAZ0YpWx5@3eGd(==r25B7d6l(%`yYqs_Nb+6_@DG%AY
zhR<M9g@qC!Df=@TC1W*1rwhXmj&_q!^sNZTnZg&$V}+QK2L#ur#pFg@fhUIFBY5F?
zOP5NWP~=QQt$atVB0QfiHj<8=-XXXqR8~dL%ptroR@}us_vdYj^P%L6`oIT@_?aYG
zT*vtCjub8;xV`yH&$7De=J1S0Fd5Jk2+F=t?kZnL--7$elH{hyiqqVC1AZHLS(wQ?
z80iQJmZ#h9aO_0E62FjWVbEeB<V~ZTEYY7HOmo;cDs?VybDjF?nG>KfXe1GD1{=J2
z6|*<}2TGQH!?i69Ded#CmPSX1HE1}5NOVYnL$anb7_n2xQ@DDd2QsQSAU^mg+X%j#
zQcJFq%`oCy$Jy#f<cH6{x1@bgOhcr*JEE(tHa9nNvf!*bAf~xrnJ2+LDrOGuch_`v
zT8?}E)uQ!UKm4(rx<Zl;3-;UVR+*42&*fa}<;hdyp*NmdFW!(2D`ZF9k;5h>IGKtt
z@v<P7%vX5-Leq}!Mx+EK!HjsrIR0qw^%wwCvcVfHI)Q7BR$gklk3FsWbg_4Rm`Ut|
zfrPfjb+m`d&~d3w|HDmZB?bYiS8*1n%k=FtqRqEsS4}LmD^)!7Xb}Y=v>C%QcB*9N
z+Q^Y1zX|(Iw|jmf%N>_iJ)StZWgRaGGT$&WQNsMz#10>&GNSlBCuazAQK5TR(>#>h
zJgufgk))BefqJ@tq$}#AF8=V<A(%2GmKK6ha#J4U(=zyvxVsM9{({T&kGcfWvxFq6
zyYPas3tQu_l%uAiwdJ7-Wm-=8;sVtwJ<%~;$1x343yfbce+#Jtu}DJ#%s)^xa1^34
za^Hru6v-gyA*?lkT>H(Jn`|^CJ~2>mc7FFbxptr(XCo8p_RxX0G#F^JBZQjW6jaee
z5D<jRJv^vLhVu}HD*C{93mP1Vc)_0)n_Gnv82l!K0mcBLLJ0J$$KWCZg-nJD+{$zW
zi9BFm92E|Qu0_FtAu?qp5_^{ne52s<8XgIs8ob}pXCl|m;D?_AoQDa(gjm}K#!#G&
z9;T&*D+!yh@4klyvwj?k8?&?yn%|ctf#(oxGyuHF_cp4`JPm{_D`Iy30!qPzmb)x^
zixd<hm@{2F%C)DA0|^B5-=e)tr^GXf9mm<%J$EJ0K<*bky5kb&RM>Aeh_B~IjB<Pr
zwhq1VNCL)0u*~VtI?A=d$VU+{ANf(oP?pR5fh16oVOMaKobpzpCxGh1^RsUQoGJkE
zLZMwxb5TnzxfalsNRO&~K<(Sm#b<c^%ohARc$X+uvZ34V?b$e>zOLE5sp8jfV9b<R
z=_nEY&JTZf@}_rTS}RK~tp7`dyIAZ`Dq_kWI3l7w<N&xso}x;u6I!QvqpMIg)>$E}
zhRPe7yY&9kt?xQw(KN$2y_GChQ~v|CR9=Bv!nde545|PJ?C;37IPxJ>Gi&R#`aCSJ
zVqszv#G{-YDYehsGv(DM1YeFXvb0j%L^5Q%k=ZVnls&JhidkwC4`_Zb{_UeVvK%Z}
zOMzRj|2vP2ORaoGe!{g{(s!xz5zgY_3cVcCg!T0*y=NHfeTr`^x9-bl2uBWcr<$r6
z67B5}d=m9_Yw&s218=(B>`P-SWb@v(gDKZPWKSI9V#6|=+p8{gI!=0g*8lb`&*2T0
zikNtfDAncIfHx#T({h?A^@Qo-u?D!ZhKoqdBn`=N&hAc8>c~@IS6M5PGkBL!ddXwI
z_T4f{PDQPhVc-u$EiArK;Cq(86Hg28An@BOCR-HG&ogn0?Fd^A&OeRP{Up1WYt+rQ
znH8B9r71!3(3Czr2a|Z{<L0GDP-Jp3DQ3w)){U|U-Rb%{LKYO!x^ddt_qgya-Bjf~
zxMtQ;z2Hyd7FCAre@<+xeTwZ>{sYygu4!*=%~gK*jYx_=#+BX5y6fkY9$R~1-JP_k
zu534IxQWz}>EJCAa$LA!vLp$6SykA(@YBF^OT<SD^CIqehh=(wV8X!cR)m5PIGdqS
ziVG>~dwL3p&E}GyH=nK+%-#JB@Lj)DssbmFFfwC2(TcufGv}8ot&YKZ9ZtuqTVowr
zLEyw4B}y~S)=@ufo8Xl_qDOmR8pZOKEGQ^>vUf0rM&+8I3w5BhvGXovx~1*IVr?p<
z6tnily5;tv+8xDY8eMQ8kBcj4_yc{Bqe<VkjoKzh(t_>ywe)&f`$OZOW*!Pr>Bx$x
z$yXk7?^0epkGUMO+*;hdrulhY`*qc{64Rk#vMA5li;U>=TbsGVwnc^$vzAOtSvIYQ
zZ7R#Er$$rF;wQJljkyDB1}0($Z5Pdhr@M$vqiOF59+Bj8Y>xkd%+_$lU)>?53i&0T
z_Feipx#oy@b0cj>(D6``<Ld$0vDbP{l#hLj46Wl0q={Cp9bf}FQas!I`uQ{1QF8O<
zu)bH}(Ek11%5NVgJ+)|U8$`~5mRp4Bm0W0e*{su0zscLZxT-?9<%=)!#P%Rm=Gc{?
zj)6(W{a5$^+z8Dm1@l~fxOkwRBeGBDNe0S)_<x<!hO#Xi)YY%*#-pSr3zZ$b1*r20
zyT)90iv4ye2al~Eho5g+-_%U9lrQ-{q!T4OkU~YPu(NzrFjelAmz&;>aVVbsa*aDD
z8OEOP&}4yVBY5jTLEWHI#c~e#g13h($mvd-x66?<pY6eQ=Jr}xvkR4`eTgJeYe8B0
zZa`DFU8BB`dcE6v2S;)Cz}9^8(DdkpV-sV$gzwwY;*zxdob1b{c!KC!^BQZ%%FM5G
zi%Di~ghm^xd$}5La;5AUsUZ7fPUzJ8I!!ryv0a6``bzIIVn+Ez3Xfk)|M|K4%8|NL
z;A}i%&vysg&itiKyJ*j#`$kT{<3at&9M)5O9_4d}^n5(Vb8XBI=W&r`l85)vP7&mq
z%_AnkN@DA1oT{Jo74mEN3*spJHI#CU5_HZL78aJ@bv=nHQY$T^+dsiwRs0BZZCXC@
z{Yq<36Fj*lWY|xvS22d^yPPE0=KX`uL501PwZpo&@0uEi@C#-#Jb3CaRo2xi1HRaX
zeczjR$`#;S?cqPvi_Vr?eYBcFZ@T{MZ0!%hE3tYp>^+m5>58<;Eon~v@FDMXK-waA
z<H45h{=+gJF0rZSxVn{0MNd9B7PmXPl9TLpNCPB;jQj<RfnWR4ZuaN3LgyClt{AX#
zNOKX_lbbji?3q|tR94J~I7{wo>71Wpq*_fP<TvULtAEud#~=QIZW0sig|lyMYc;zu
zIy*?-)fSiDJQ<xy^*H7tvKF+}t(HGw+X50i?yot1`Kn{h(cuXUzX$OB>RgQ6LBzMg
z6R})JPd9=0Rjp;YaW`BwDN@@Cl8t0v9j?wU)<0kLCLK2T9yNGR<mAg8T1Y&19hRYS
zS2H&AUG;P@$H(x~Gao(;l@Z1i8hhKg?}})ok*B^k6cpzpqt$}06?eZs3_b67=H$4!
zaZy;st!~hdY&P!iD70*+cs(OJ4J}X9Qr{6j3M{tI(%UKc8FAP}m6dWrSnFBvI0v>r
zm1kjJ7xwF;@#MIVQEZ>(=<fGiBdg;*Li}aI=J&79$B#wDg%-anDHSM=oN?^)<`i!e
zmK05D)p5(xxt@8~+<8owi|e?yF29nY=+4ILZ8f776sD`WxIUt&I&9Vy>u}9McJDjx
zfh1Dwur@#WNUx}Qe}s)rJQ%UB^KdGwdTh^kP>6CQ8d)jhlh%&B+r#YnQsZo-%ga0H
zA220L7)YYi97P|-|AC|kdCTM<1!c(Mw1z)SS9bKTaZ4ALZ@z-5T&3vxPYOZ1fbZD}
zve1yRbEd6f&z4{P({ROpo`QkMM)h$(*^eF%qTWTs;Z8I>UtL{$QYErWjV|gbZsaIH
z_yJQ=yrrGyn0rLx<Y+kO`Bj-Oq~3b`*NPVmIs1A<9E$5Xd-w1(LImJ!0-Bm*X|5O_
zy+WMZS3V>NAXbiZ_KM~Ehx)F}iYBOm(B<noGq5rC_dA7N32PLYo~kXh4ryK+Kzzd@
z5e~p!F$k+*M&6U}<gbKSl3QRG%vit&X}Utt><yn%MF$+s{{Em76^}cAAe>cLmMt%I
z*FV_F2^WFaTf4>V2Shz|PDg3cHVG53&u+d?29y9P6xm;6He-l+^O)eT2Ed|x2LSSJ
zRu4vo0lpqi#|qF%0I8)js~-a<!I+loRk#HMWpAozW%*v^>&)QL1A2>p|A8#k$}iKO
z0?ZwFBO4FggsK=9<(u+l`4zRO#kZ-4x{bX8;A+aO0Beu6hg!uM88AEo#AezxFg}t4
zvm=ny?13hy1d6zUMUtN%sBtL4Zn){$mNY-(@SrM+i#KeJZ3B*Y*xLt?hT^^9LG`(m
zVL%pq!^hq)R0-x?0?=zGgbRCNi8jmPiGaQE07V9v1nK~;0GhQ>LIQh#L)is0>H9NP
zs3#gY5P_jw0iZykj)kmw;;DXg!Qa9fsAg_0QWJR<<5)K`NLHL5Bz6cOjYSYZ+}%qD
z#?Y2g)V)%6A)C%nnG=zABk%J7|AAOru@$0-Ou8mznVu^;bfCoXut-qEH#^{)q|@xq
z9r0rLXueD@A!!z^=z@D|WCJ&^6SIy+pvEv6;ts9Umh0BMipStsB`f92OLjKfr8hDQ
zO06c1c$DiITX@IlZT_U9)?bn|%?90Mo%OBN1+Tw($lxZhRIR5k*Fqa5w5$3FHX)BK
zIZ^cU50rOd<q<=lHo3x)o{xAU8TXt;yxcq?-iE6eQ&Pn72`3J__bOWX6shvayl*lm
z<VRKHZa|f)M_^<4>wapzLi<bjai2l31g(ku6!$Mds+hJH?Q}~Bg);i)c*w387~?2z
z?v@{@iVMA<l^a)!)>))pO*1VRqUE^x>JG)RV8$1z(SUn!0g|J<g-|+S#ZA$g4doPh
ziqJ*N-z);-4__yk-FB29rmxl@TdsObX;mOo%FusuK<AQwYrw_aaW5rdQ)?C7oy|-#
zav#siOwGMSM?j$GS+M&jw0G6b3eJ{3{l;A^*AKUqzo?s=y(s=lF!yzbWNtU`AiqSl
zveQo}IBezay<5%BgJ@hem?nYkU9U$|Z*Jl+wcMvliN*g!Yfa%>xu*P8;F`%;8ld$X
z5UWvTh3Dm@;~Vl|L=^hLXlp|Q=^*}^e69JuPStyBPjPh=tKeZ5!(|-}_Kd$Ie94|c
zal5kS6vImI*p+2FeIv8br*fxbWp4_ejd(O*Cm3<ePvDNc5=qz^+LY_TukOurkUPk=
zec~#HyK|f%Q|OvXlRCvrse%f`buK;F-HMCIQnYX+yZ;4Zhb}fWp6)7z6*{wRX4Y`u
zjgFbaQ->R^kU2jfysoGboRO5uBQt$9Q%H7*#ZJ7S1$!N4K|!#*NChnbK)ljO+6UN^
zt8r4Y*ZZnKz()(%6G0JUCPSi%IL#uev^oxKOEUZjQ2!lNUpE7ermO^}pbq0iq>f`Q
z*P<n8Km7X)*+FH|AiM~(!<>83Ae<)1yKM9;8@dwbP`<=}JdGeN3&za+?kN*X)Tqhw
z3*10~?$8H_vx3JlU`-AMZGi|Cy_uhV;;aY(>Kmaaut8o;mUb;yH<FDDb*VyyZTi`?
zkG8WPyl6{;Btd`;LVbNOYYP6K+6Mti?{6q>#t-ZMtqeqAO+R=RcRPUk1V1crb2KH3
zn{ud+xQ70dcmvJd%*<D~Q0TVj?KdB#1+h?7-YT8I9|;N-;6Rf5_s$XsN&P#h4_#qO
z8&|XKNKl^X$B`AF`4U)9v7%C_X>awQ&^*8-Dr^co-Arf|8dZGkeJF8NW5++ghum+q
z;%aQP#n>j3S~^Z+=7s9NoM%L@SQ)S!E)5ck)&PPP_6)CmJ1&>fSKhgx+V2o>3JikJ
zZnB)gmQKS0*S31{!O)dxxJN(wZ>vXq3@Z7VjDSXp>RA*3Z6B;mZ6N1}dY}Pz#v5k5
zt<Hf8C58etOv3}QicZfRbl}3?+)E>P#|>YTJVp2s3Sfrb=y+&pmo9w^ED|7U9wJdp
zxX1gxP~MimqopCM1A6eHmzKRFy!7W|%gL9PVMF!y@R?e!&;nStx6TSo$w<1<0x7e}
zdf9Sm9ozq3YhLN(`0TS+VP842IB3oC_xT<DHUF#IE2Sz*TF>XR_q4BB53bMyt|@L$
zypxlEBXcwZ?4baA&_!BfwyzG&Hcb8uT2>kQ11<gnA+yqFz6TGK#>}E-pQ$i+^4^un
z(>(YV+>>|C$BatM^_c0U{GOcsxe>|HCEg{3Hqd@k{BDoiodg8$tLuA9P@YIWc8aKY
zA7RJ1X!ASX^Fq@q;W5MC$rv@Oi~T8qMXz);?aRBedlQ#GFz_;73)|>(GzuijczZmk
z?{RqE%_6hWzeZ(p?=83c!&hqeJFCGD432!bAx{Q{aUOWOVThS=>{Xv06O=I`YH!n5
zL@Jxc`aJg*M9RD`i5sP*Z0caVyCMu{AZ-*HOFL?)0{s9ty>W6AWbX=l&Bg~9*!ezZ
zMZ^mwPkdw;=B<svd}4Cm{3XPv@?McgYxi-P(X-iawbCI;oRq^<$ZtvPzLhj#!j!N8
za1XlcanXdU4be{26pS8)O$)LAfud`ROgo?1O53(PTNldLF|KEf&}tuhL!zl>IQ7h3
zhuCBI-h^UAYMn^<3v8@J3(-kB0GdgDThww_;n}m;#_O~Zu>0N$q~9CYVV}RIrqEjs
z`)~M9X~L^5N*8lW>cYA}n{Xh>f_!Gw-efDkiaohgUe;$k2d?&ct!<8qWO-GkygthI
z$J{bn<m<IatrsT6x>M!jKlK#vo_~Ifd(qNAH{w!1w4}nJIcQo@!+2@><SY5!SL$MO
z{v)I0ZBMV{PD4O}xg9QB^H~jUTKw`6wY%C!JOI#ywQNS2za`@D6{^f?6BNG>rgr_c
z{)WV&Cvi&$alOCgnuC+bp54<guloZj4%=o{8%eih5YdjC3Z~1(S|W_}O4~1*Ogw>9
zDD`t4>#!&5OtaVyZ#!jO{o8}7r7&@!ueJ4cBX&gJMtOC;x}|S2SE|%r2qU63hPU~8
z<XUWAS|$X9-S;?;JRAP}13{q#v-)NzrB(&gNaeT;I6ma-6G~biJJvBQUHYIflRc`h
zC__c%OxuIeQ?o?PdpTPW7Rw*lff!Tmx5FAmd)KZuj;tw4mZm$mOElBx=aPB%OC*r-
zz7Hv3X=W-<yIWYQv-`)3FG!bSW}j15m+Fq<rY9Yq&F>e*2@bxUVW&vqnTwIHDi574
zG&nWxFZk!}9M#Nz8*)791W~$XHv934vq$E}i#2M}gsUV0;PQZp`s-$ln}COJ$gxW<
z(|&nW`EAT|CzpCB!sw>gths;y0P<TW5?|nW5GyXq_V?_22^%)pL<7Tf(;w(;;j=xO
zFEEfayU@kzUoL<_w3uCgeo0t7P$dz0E`Dj%(TLd~oFnA@9R}2unIGbv4SMGsI~+Zf
zs<SJ$>;=ztz4|}H+&DAxnQNrxAW3SY=H!PC?HCnzSx79Fi|M@DnUDu68^5ivhB<!s
zRE%;xoPf8bztHU5YVW=+cndM0<GG<7%DWszyH5@?-Ah&}sCtyzKla3!r}EIqI6fK~
z{a_V-78gXH#_y`XRIL$py)`0LhI%x-VhxeCJ~q&0@3e#+M?qk^F1dE1qmt7QDMyRX
z`}QUYdtise!L5M+?NJd%%9)L1L9dS<3E@zxy~?u2!-uu*Ypln{%a;aL8I9S;v8DFB
zmkb)PyY*F?b47Pq%Fp8&>8P#DK2HO=`y=n9yX-T=6nEME_T^_>>l0zAEE6;LBWX+$
zN@zidjiH*ITCM42<KWED4|w+^Azk>-4<4TCq0;I{%^Ai!zN{Fb0Q55PC>GanTD1GK
z1=pALd)>#A!+6DFgZhSU8WuwGj>lP%%P$CJpJT5wcRG{Pm^Ic51<Wre!d$Q?flt%U
zOC`6%E<zS_f#wg?N32`zW0+^uD_jw8i#*Qr?6Z!;H8xbFkk8bUwkE#oo#pg?YA&@s
z`{@{!%VfKKfxe`vUE+kWN!++l((Bi$rn(UuLS{Dv6v?B8*xOuF*}_f)w$-0mBcwx|
zvh)-qnOe5vUAOI|1;%nOy83*h1|A3~mbsHFj~z18TW;HF)3N#Q6};|eqKNXTEX|#n
zmAy7bmc*r}m)8B9Ist7we9s!E;n_V26MtogtY0_S`$d~n1@fAD@;5RFliJN+D$_oF
ze(!gq?)k{K28~Ak9u9i@=B^b+Y<tfqk7R0gT`TZK+F`_xf9i~_TisIQ;3I#H8Boz<
zYI|Pe`hc}vBUM9h&DS==@>ubCdI<OR(U)MC6-CwHfo4$ITj=Zh6S1y+pgNARL!rax
zF2z+bz079VOe@DQlSt!v>-NeKjK+zr;WNR<*VJ6AHHUnq`T5~;^|yxgC;U(BK_RD5
z_wxZ$_m3-qD-Q&=<46t8<{VWw7=0pL?jxB1u%dsdn2==XZShZ}aXPzFg{js5RV~<p
zSG0c%6<Ff_cW$*4RHx)=*^`sXP<ilDG;m(GUA}pz{a*%XViU{Cxh!}k3}3GtSV}K>
zY&2Z7y?sz-?eICKhP>)mn6xX}XU>sL)u>p#Fm_PbLN}xq+JbiG0Lvoe&6ZnoVt)K9
zu%w(5?`NRpMD7*>*Np<0Dw)-V)lrS#fHw~;jH)1AHq|_x#qN1i6}`H%UUu;*5YDaw
zGD`qQcxOimnp+7vZ;SGyT1+|{eDJlsm}4e<?P(e&co47Z^gxEJ0FW+mbFs10(?W|Q
z6&7n&EvdQZ4%5(3vAwGimta$Xmvh1isG*C?yh)krpQiY6vAaRzHUy?%_3&f|k6^20
z(0ld>!1^UzD_O%9)3Z%#><Atp?@6Fjf#eU!r(K_b&3b!(hiH=cZgbA+*@|y7g08Ep
zxZ%^>^j}mUAi|6?k^XJ@N(S;Q%9BM=7~LoN7-fOgUzQO4H~A;4=hNR%y)1DP9KZr&
zK(g+ySM%$1-Zu}_oOzLQU=D_4RgArq!0_n)e?9~tGMxsf^1gecA&kZRu!F0lUX6+#
zXG%pPS@^?#^m$PwYQ{#YXGf@-KEIo}>6uPIz(S=7AK`7QqBZy9Ds3uO`Zmhk1DKa6
z&p{2OiU&714g)7?yLl#1P=O#CZsppij>!+assMB#xh)Aq3ZTNODG;O#Zzil;0{%Zx
zqnCBkdU(rtq2B>>E{8cTs7N3vl8D(%cejF22W*t5Eu{658I=oE&CUa!xWU?vFRRS*
zxR0)UwQ}%^Si^2?4DfBx-JO!@?|!}L7^u-7ypMP9m6H<DTo+{V8NOF-7}P&{l(|^{
zfjO&+%p~lIfEaxL6mPf0Q+3xhKkv(qf{CtyNu((S(!G?GST8`@E^j>>H_~m@bdvp9
z!s`Hvd;Mf_k3Ww`On&U68z6g)o35^ywD8eMv8zl*D(p=|W?o8<uainXh`B$OCsCi}
zhcx4YI8FP9i@M0->@Yc5dg$i)Dej8~=@n(dog|KV*Rr{rJka`8(XJEV-#EPH7%agq
z^E6QcxxVPHrm-ZlNr5&gm{U4yaL@x<Ck{z|^jLA?%gDZ9A<wJMnG-WdY6d!@vv5v*
zf%^}pd=WTZ9}m@ePC}X^|8TcN_kI@tTmR2uDV2KiMjHFn-#++-{obq%Q+gE4A_2r?
z2_=F(_B(gOeirJNI3C~e;Y-z~t&4FCo$bx%WTW9?*~3eAVj-V-$8>JF6||ofdvmX?
z(??yL<+&D%#5F+Bc_kb#*uvqpXVo)z0~ZpaVnLK?U!zb*>&3$GgG9@<GlEGou<b}3
z995sA>ueQ<ylG)byc;2Z-rTshAwm42`mUTVmmtYXdLxDtwVsEe*QB{&?r3I>nDhL-
zB#l)xg4FsS)It$F>pV*JN}snV$r9}x*}0OA@}Id)9G(XC1WN$#&6Jhfds~};<Z#B%
z;ToGp#Tk}WXKWFH59(xA<gYJ>pXkJ|d5mm@^^V$oXeO_|FIW;dyKrk^&fr-K<N4dt
zlQEy$#khKX@RSM*Hlp@)jlRx=EvvX_clt}jR2PiCYD<gmew3)yPeH*_7$3c}6Q3>M
zggTX|RC3`q1H)%0{E^BhVBuB)I_4nDUq`3{1lrH#rA0wbP68c}JW<q<ms23ln(KGR
z>@W@TXDsH8QdWYlEiLsI=nfYAT2tt0BL<ncFSiPxZYZEJq9=dD(~!Wrnib_m20H#C
zR3J>qJfF1uAd9Xn7ZaCzHWtEdoCM<~xD4DN;+;#E(cinu=E<RiO_>+Nb7?m#A>0PD
zgDli!OUq@d3^8^2XhN7@y3~1yc;CkTbF&bEd45(LC|4h<0l78o>)akg?xx_fi+b<I
zH#`pux<Mx;@vWPnxSaw3TAr?3Zm6hL*zrQ%-~Y)8=5afD;6iGsuD_?*rqS{MiyED(
zAR`D0-gAUeTvQ+>QIDb|(2ilef2Miy_3zxNqa4}biiY;J2MD86z-!;>R3#wFtY8rf
zbWp{sN)MFd!5~!+)ncPq7H$P`d&5A8SeXe}P9a`&4_wzijbO0D({SjKxZPPQiID1s
zxxPLQB?r@~-<=2B-#LCX9Sq8^!<f*P`|OyrqK60Gc&h)lR{+Lo;1xny>(x*;j%5^t
z=P&M+;6PLwWj0a8P{Ahn+v;(GJmlR|5=5cBpe0l*1|ysDdHxpc4k#{!G*CYy@v>oC
z^mZfjX`<yS6J&&DDs{kaDb9mQiHW`P93W94H-_5A$KpE(*xO?e==nV|kfMt=Q5$Nt
z!m2_H8+tlVD;KsRS~tedmVIs3<uqQ!H)7KoDRcS%pG)g*Ng*dyca0E7<qr!ABw5Gz
z4Uj?q3ZY92WU<a;`=DA-lQ11MmbNAExEF@&!+a0u3q6{``Ie_Qr<@qns)}T{#YV`>
z4tjJ3v0T_xJtjK<&#l<@hvK?wS51NbbnljIMnNjFdQn=)F_~4ddHoO6t!}IMIIgN}
z<T=-j{>0R+T&KD=-(FS?wW`>K53NKB9S`nL-KS_<%s=xD)g0YoPaCCrRg#0lgx~u0
z$En<$4<)OP<k%KF{>sFr^jF;v8C7UrF4vA1%CqwGh1e>Q)_F_IcBU`8biMWEVGp&%
zt7+yl;C^_eC)!$5IHH+WWU+5|W}eK+)7Q4iT9E$W(}bzqlg_u)F+Kjse2;>^?u<HH
zi29x)jOVgY$vi&tzN{JP;e->9p?Yz5RB3L?+L2F=)gzx@7x?>D414`XKdpMOqu(Z|
zP+vQuyScc|R4e~1y>Y0hVlpKF!PD6>d+n}fYU`Ozgd+JG-FrWLlQ(e~DRSrq(uHfB
zlS+07n+4`i&z_!srM$lAufcLKvu_**>KEJ6&WX3@--4Z`rAj*Tpo*Os{@~W-{J6g=
zTU%slgTvIr(V-06FcnT}o_>7KvzLh$3pZ{EYGuAT)pU96SgSI8SKC-^XC+I2Q%&Sy
zd(d9hXC&*`E}=+&+@Ri8s&R6}@6okL{Yk}~-u|DnCHmWXM(N?cLuF!fgUNcV?h`k{
zt0n~mEJ<({#r@%@nvoM$Ui7ik#fN@Nyyph@kFg_9w3KvO*~{DFj3i$zULU)0y+i!>
zuLx#A7RRR9@afW}-#Bowh4rcl`s`M?h?`_~h#XtQHH?j<$W(>&<>`~aOZ6GdC!ta-
z;kEd;Kl1r1?o4l$@=t8fJP8d`6rc6Y&2~}$PL*ta<f)tf=I(J;d;oQjHlJ!sXXP*Y
zF1+u+-sd2gw_5p<q%ugM(z2LAx67;CSOEC>%1O3-V(+BfBDx<JSKAo#g5I&t$oGA7
z{qM}(!iew8HRqZRqAg4d>uU-bzO^JP`LkAIt4fUlNpE1}D>dh0gYB1~UNFjP*^;$b
z80K3KR7WC(dRHF42XqtPW2l}-?Gn<)Nq97Qd)H70SX;KrFD8zL2T+-aCs6l(c2U|}
zA9X}8_97&D`4rCJT_47(FW+*qx0`XE**zVGBBYV|wiz#gC>BC-{*(%~D>;O`yXn##
zkh2(mX2oTMX)JM}!h9J}n&j1F^5u9R`>-^%u$c`>(cIc?z10ZpXr)iS{AZHwN8Z~+
z4h_SP8)DmsL_o#ee&<2++s@kI*%NT262EO7PPG{ne>glC-WL9<x$olsBYm;$1b)+X
z-(qtsL1fz?@KEKCpSB+#!_Qt+x@4H{xW)l<WZ{b&reoKDOS)@BpknYjwrz6+b@(>E
z8`&NgrOvVG8KvswvrJw@13za@*xP5ZSRBk~+Kb8UV`F?~Q*FA*>I<yyo|kcJUB0ul
zH03U=(^B7d^nPwtS1Uiz4Z_D52tR&btZ2Wfdq;FE(a|yF-CaT{FiM{+uCnSX>^bTT
zt;FXVOOXvO=ozCq5%nJHB&+Ns#I|n?){Rr9Jg5;c85ZL?#a(7cPM8H$lDE{Uixjdl
zeD%#gI4&No4U!!sbI+6;!9J_G1l)}CF;^;Ok*P_J4cn(LORWjL6xm~MeQvy9<@G~u
z@&t;9XFECGQf#fJp+jR^Tn*-;czgkiEILD`^Nmbp-&aA%{?7bdTDz%FmYjTmTjgP?
zFHEmiJEIyXLmQ>+WF4F}^Pn#7*pqEGze4@Z^14`G%joDHbkt;3I-9cmh4erZ`xIfm
zbiBshZkpCYVD6{Gh21wChN)RMu$}s(yt;aC<;6B#B0V<T0)t}zwbsD{cZ-4wyp`{?
zQuB8|b5AM@WG#1&@DUSimZUBbHC5MEa|D|XebevESaB9_;PiUe)H0fImW<5hOjL-Q
zFrY?|(xN}14p-Z{WpZPKP4U<xhK4j;F^`zy4^+_z_HyNJ6ca?@*gwtHkGb)Wx%joH
zoiWDUGB*h6678oAtBuEcuxSkW9%b*+H#j9))c%B*TPp<X5!mNA`BW-ws}CP|i;!-0
zAM@Wzn1X)f35Rh-UlfE!mXB?jC^mjF!XkCxEDxJIdn7ItW@yrz>4JG-{(C8+P)e4|
z)K91X^^-Du#}%j9Ctw0U+sDN8)UEaQgwe;wmZW3N3W<wm`Pq)^&QUhvp%;$7vU@ok
zQJ?wj0lxd`shLp?)dh97Vxi@+PW33D28HHSaXu;Q3Xg|O87h9~RG%xgy|3<4w3G{$
znTyg4V%+bWm&)zaIWDv%PJru)tybZRS8jh?#;1MT7+MxmDzG^DT9X}IVR3+k#DmHA
zz;rZ*%&^s|Eb^^mN!)#I|H%4rx9{rB!AuvF3H19JlVnASj!D9<M?Ka89g@?|k<5jc
zZIAwULN)!NU(6`=y5k1jU_Nc>Lzbrh{YMXA*GM~Y_Ao%bC<ZSEHz0hws4pvi{%$m0
zm(RD<K4Z_!;l)>E{3y_S;Y!=D<KpLT)D+uuQu?17ODwK%#5ugEoGthL8LHBq+)*hQ
zM?=wXD(n{8>-lCOsVpZU9auzCey+KGDVE=t5dL3s8h}j+VO~E*A^nnL?Hb6yDtr&r
zvQ2@;Xmpe(43sr!!2a(1|3TIL%Qztp1bgy4=q~_OU1M@Z!kY=wh^!cL*FHn_;CY4s
z<|!5_c@QYk2+iHedh8FR*%oV62uEfm7PxZ<fpOO}7#xRi0DEO4au~&~$yz3h4cf(p
zBx9_!Dccpq&K7IZmBlm${m@X|>6Y|*F>gY@v)*cPNJDGiy&Z_i#YzHt?PDdAihdM<
z)l`Xs%;Tb~Vh9fl&{6$BeoI+W<0%TLza-8_dy@<FJ`APi0rjyHTMsmfq3yYV9*vEw
z9*rMjHlXC;^6M7t?b2XbM-M#+OiDup>H&<|!T_*`>Uq9`%l`vYy)L{G+9||_N+%_F
zqRBVrSEyoC1NzM3y5(2Vd{;gQ=nTO6oBR8a<|_PX4t~z)nULIU5GL~h#$9q$GY9DN
zrdDuE@Wy0J0O6!ZsgGsa4p16yV&W)}d(}@ZhBcgkFAh~uKWu{SVa|@14GA*|;qsr|
z)NrlN23bw0p6X!22Ph`rZUY%b24|J|JjR*8J?IlUIE9|6&x2AB)HJRDxnE7bb8kUC
zU7LpnsvT`MypBr(dJ0GqmqF+Vc~KPh#t&yr1t&~*!H*0L(0s0oDq)^;5GEH)PyhT`
zG3x4T72zT=4mP-h(P}!T3R|sYqXE{%`kM*1A7wk3C`wPlt@dwe$kz^X`1Cko7t|e?
zZ0L~%eW*;VGUM_7DEU<`a8R78GPq>lfK{&hw+eljd?_BWUaZcmV$bB5bf&GY5A{9m
zPt?8~g8JsBwZt(#=JROEpEge3q6I~GpUq8&8XXhkd@Si75IZ$XuEJ)Nw^Lku1;4Da
zd{?hc^-&XBUAIK9Ay0)|L|LR{R_uJ#{Kyezj~^;?LwyG7N$>nln@m$p<*sR|3pxm9
zzF53`z6Qj0_79QOFcwd5D_+Y8hXNG}M6on6`c!mKNE!>;LEa;div!AfO=lpSvx}Vo
zRUMA}<dU}v<az_&B1&ej%D%I&qnSXmFLOkG(pYSD!ot6elV_QBBhc9{9Z$hZp2Fst
zYe?9~f(kW<husS=xYwaPSJW+muS|!%bnQ8JN@LGW1qDiZ(LEU+dD5kjMcN_W;%)^W
zJAsZh3F0!!*5{ECz6x^p?-J21rKBnp-V;GHF5uT|T;Ygs7H8*qdUN!YfzH*cDvj8o
z{nBFkOpAd&p==ATZF>KD*1BT_uH1DZM)xNQ*-6Q1w^thRT8!|*y6IQah!n#LskKyg
z`Mwz5G@x)>DbYRg*Bbi7woP|k{B_v!MX0mMx<;;Wk3nyiIlX21_{aL&ZxRj00xPFg
zv`K3|X}$IB`j(t_iMDZ~^Rz&J&FE4nGM~yaiTlHca!mEMBvd~{0$L?3)+|6!M_d8r
zVO2miO`s)y0zY~R0muSEh0}HFJQizm-Mak+N}zbqfqClwAukawXT^+s8Wg3%I|s&0
z2y^K$Cyq@57d2c;s}F;Zy_V}4cVI$O#3V89MWC4~6sQcwe8RYK+K=|lc?pb=66(VX
zUuB5*fur`Acjm9k3Fb!$Y@96=*2Ssqf2LfNBC0%(ou7t*hNYqhn3)u1$GHyvGk&+h
z#GJF&7A6ngV=TUkNA4+ITN?7i<tKv#fTRkBYo%*ZPB1li$0}IG*^-Cy0+LNR=-NO7
z5K~Q5LLks4)k+&=A;GBW=~Y;v>R-F51n4$U%o3>;DDzOaL@RO{jsayJf04(U=iefm
zcK_Cato>kpDng+O0;fyZq~JmoqYj!!6d-0v+H7Exy<7<ep#TtKJpaqUBIq=@2g1$`
zEt^VHGZpE0KFkh4J%xCpm4P!?vAO?6Vi!nHyMd8302F;(_e@gT<7kBVuMJgE{UQhe
z^C`EA9^`t*t%v-}D(Yq@CqR$uRmd9b-4L&QdVT=O_O^LDZF<ho*oqW0Fub5%6?P99
z{Kx<bOKm2}KM7nsn;|xuo0YT_Rj^qX(H@AFvPWT-Ws?9jO-fz#)EuN?Y%$iRdA(0r
zdA<M06IX2C;!_&rRS4eQEAd2#ouA|4^`2}>pkEZ|9s}qo5iIW&qHRLkT%P8B?8fkz
zUOOX3CA=>FA`GDmcyhpp__E}wo_bF7I^d8h{haEurMgAidgja}680IrwMq1nl^h%)
z{?bO*D>K81*DNmm|36}D1EN2Km8sp%9{FVLgB`zjb9ZxE=tOUZ=nKa`P<XLr<+ocL
z#xKNPmC)Vz17QgJW~=S=PcPgUX>$tU0&8WWid4mCHhg)T7W+AIUZ6po)3(*@a6?Zm
zB$>nQd^Vav32wclUO&K4H(;wyN~B*e-O?UHS;P;C%3&4id4G^>^zXx3IN`iqFfIrG
ziVeE*YG3taO8Vx>S9CDHlL|^Mx<@Krx~wY{7!A*J7YdCnjC88ck~Xfp-2Lq_Sga(u
zFX`F!E5lV~?0HB@(M({7Q01`DbX$yEFfp7$hU5!Z>b#xM`EXZ}eAbiEv&sz>Va^Bl
z&j-R?k+F(K&B5Q0^EP0YzNdO^=x(<cTEKx=&PQI?XxOMwNtV1L>Ek=+L$Tt_XQuhN
zn-;`OZF+@g^nW18AU|tjYN)nhI49OF4e_0KhyUT$$1ewhzuYPrFBn|Qx+4>oV>L~3
zFf7I9S*evr>`D(UH?venqmiqVOy5|}Z@0SiNV8QXXa4v$_hB+kd0g}2J#u%;JAm<h
zzMY5DP%&syUte6(mnW+xMtm@AfA~ndE}$aQ*)Hx<w)VGArIq)iiL+@lWJj=|?{XG1
zldQ3W<kt&nQ<c1_sT13eKf=9#$Ys8@A-VAba$VAJ7UfU}u+myi?kC1K%^$ci&+WL2
zs20Fg;(Fzg)c&{iSvO6N5%gOTnW~?n?3tWoWmQT9XlF_-b<SR9`;_|H;u`~JV#2o{
z-i|{qTGizvHuluNHClKjdu_jei|9%Tkk1;curz&HSEl_wR$KnL2m$s<&?gaUg_vx-
z87U#Qp~;b3KUZhF4_JO3CUz{6YBz_8ZQJ7uT<k|a-KnZ^VKudP_*wVPNoBXRbToZ5
zQ?8US<nuFP8~W~>t`-AhV>69Hm9Yve4jw!yT+7KHQz=K2y5fdQjf}UZItNNu(uUo1
z^!8fC+K7M8?Ti+${91PxPqzGV_PI3L^;!Zcv39!d>-8TV;n^nZ{Cdl83rd|=_*VpJ
z$R8sgAMpJeiKla^JJ3D{O1z&vq3h$q!W;D>1tn>!q^+jZVz1`h+IaLv1^+;Akt!Us
z-R&i_iHAkWraoQd9kh356>i8CJc{<;YZAT(ni(0)cE6Y3Z|N);e7&x*Qk0%;eC{DW
zR_c`6vS)E?m%j_yvx|4^0668KbkVsq$A?b#Zn%+5Tg#2;!^zZN#ymRN@oSsJ#~(xO
z%U4k@VJx&OGzBo08OFERKI8oZ-Q}w&B4TabYx8Zot#cOMRx_dXQs!n>AohL#AAHGr
zR#_C(YTtiOQ@?;=iNaf))*jB=nVe=a4hd2Z`|y3VM#h>uW>2T%>(NDhTP%nrWd);;
zm-y~A_~Y#LkW(FrXzItI#b^75+GRHpjPC+7-Z#y>q&vGK+uhvT@Tl=Svpu!TnX|Ca
zPnQuw=SHcmA=yTR;F6fp_@b24J-1!colC2>kGBpll=6%e=>}vR$rKsxR2RBVh#SR9
z{ql)?6{V|EH?uCfN(zr<%*1FXDZUYqs<}%8OHBOzDT0)ES);-{Ovnj-I;>$Y*SR&J
zpFPt}?QHpw<#YS;(;?&O(7kC>Dow-Au$E6nv&6<Y><dF_3*_d|>*;sM)J6UN2CnxM
zUfqK{PZ!hV+FZkrBqy3K#yB#boTW64-A*x48j3~k{uUR}KHToim)#WKxcGTz_TvFZ
z;~vP(R+WX(pPRmbJqz^u?BTc(-ue0PB-hqz?Wn%+&bou#S5m^_g&RL?T&OwqW!VlQ
z3wb|>{%G*Mej$ViRMJ;%8i-oIkt@Hc{Bw}UPxEs0%S9o}R4F3b(<VNCV<eWmP+>BL
zZKTwh*>+6avK-ERdl_%$qJ~%Z<jvkdCVnIw|Be>@QfdDoA${rll8ldLHNiLDh`;a0
zY9H3F&?AiPDYvTH5$R%@iYqzC`n|_9<)Nt&l4~KOS9~c>9$L{vCo3LAGaP@ej-xk&
z6W?taV*XL(6Q#7}>gc08<2U#}+GW;uzosLHhY4UeQ|!w#<i!y?HXPX!7VQ?e=jjsM
zH?_XqN>&EHNsL={tazO0UD^HQR_htn>&7~=tpFj%=os~8V5TVczL}IYlJed6cO!Sl
zawE|LZ7dS!m$tdJW{lO;Db`Zfo{AkW;(t_qOm+)oMwVlg9rlXj($4JS%=?OIVF|{Q
z>~sBmy$Z%V+!w`3+McwI_MilV=;gP<q#aQ~Y!>g0SKpYQ(c5n<FFm#mD{riBstSCm
zZ48=9ioXW*k(|N9TeT?<_{m(hq92~dX-3YwV+#+_k{*Ahsj{<UV|%z1cSKEZVM5Wy
zw>~a%DeV7b!1(kGF3Dv1S{%ka&`$C~^vk6ci!9=iy_RjGj!OKBKt0fN<qpY<q!##V
z!p3jqqM=jyBn5XR($4Rdh%IGNpPyJw&y@4WXBlMHotEEaNwr}nxrDh`!)@mkPr`Sm
z%)G&)lx!i)CuZ~>`N&-6SZ6B?t_ogk|E=gqE)na>Ty-ONbB8NT!b9c*B>$(X(I9{b
zK%+AA%&p&}T{ELj&`BlVSC~c3y3?pxmu;nqFIiRzeY|B^Id^-jSMI3fLhO|Zpwa!_
z+_bNVwzntHFTrxXPrBrxqh{2G&!fe{61J`KV>wZY6_0t^J?o}+1n4IJTs-D)*d~b@
ze(%#OVJhq^kWi6>GvTtYDQFwlQ-A9uNPtc2{{vO77ns~|OqywFUx#Am`%%{7X=N@Q
z@S@IFV4aVUXGC0;SpXfSV^~9$P9qCdI_BX<RRLNFB~g?Z4d7?O*_K;eIRiZtKsFUX
zIgSIDA8SZ{?SXJz5pW>Erh|F)-~nj)fT)EQYqB)_{Rg9Ct>CCp_S*eIGxf+CGnaH_
znISoDlzAEO7txr8i^SilUmgNDPDpdB5K8>rkORVS_Dz(stE@ScU}yO4D*P%}T+xpK
zzLqG!1IcyyM*<TwN<YRLY6rcP%tf4*8vcN6A=q{sg|a!ma#Y9Aph!1j8yd`O$9h+k
zMl^*?$E@7TVIa5gm<E7TI*>t8>a|p~@)slh((EgMhAXO8J2MS+9At-a|84n*`9}@`
zn}dt{+X#NN0ZX(5kY&{$OkSb3vIAyi%yF2jN2F2*2!~>C8gHw;Jp?y^*Xf}Ksw(-h
z2SMeUD*E;TdUQ80DDch%!!888;n9qv$!`xcnS??9?CU}9Hf0=ei>qRQxmUQ0cY1R}
zK3W2ABC}8p1j(KP<{>z>0=j+ndypa@+{7rn3aw$=3^W{(q+Pr26H}u$yn@h8If#KS
zFJoRLfN>Y)#I`vUNW(%oo0UP5?K9uxwEF0n>&KVnRf2*Y#wU0lA3LNCLs{zyFC^!u
zc~oEjsxzxhz&l*T*gq`gxs%1;L-w?s=HB~z0%8|Km25Id<b3GGAdmksxnFaT)tm9q
z&B(SP#10o<y0%V;jhlvl@JLjxR>cF4dw$-q$ge9cwJP0sDtcb+kNjfW^p~mLB*GZR
zm^}F4WFJ-(X|78=sN*`yPT>ojVp>;WD4w$r_%)hmAQ;<WT-Tt1&Pz?3gwYOvymQBt
zn%!e1;5_`;m#R4cFFc;yXZ5_o4>%gt|9chv_to@&-eP3-CDim8O~YD!Hfu!q4GwbJ
zyFYvtIUrcT>JZaDpY~?)tF$B1w+$L2Bx|ANk7+%%f=kzODVEi7{wRFw#|?X}@Eg-i
ziv&`a`fB=6Mj<tRH*W<_7jRC6DZ~-SJ>J*-DBQzP!ew0SMf9|F$xdkyZ+*?^`ofBE
zKDL-t(zUa&+*2KTw+PjH(bb4R=Bzi;QOsogMj^S^v@5J+l1{V9BL!+%8BM25-)lh-
z3z{GFofSkPYqoD%on6j9sjb>C_Wjk6`hYro*GFp{l3!?g6RV{z@?$Q>z%U_Z2WXHK
zjI}vY@+*~e+An-!{P168YcfWE$$p4^1E`Ch2ot&#OAz6l2ZIWla5Z{l>Zdt%AVt1$
zvjWJ?;oooPoM5Eqw=rq*#T6hy(+%Y>$|?+RzP`E|IVI2lXod-c?Nkli5EvRE)<>^4
zrApynvT=c?S@b;*4UlorBLSlnlgWsCIOOMICB$swPyu=<v<xnp6`z|}LLfJabneID
zh2(Sb2~h8Y5mjjkA%p;HmsJQLd3f?OQa}dP5={c7jN){3q=ESo#r{FhL(&c++8wiB
zqD%-C5FnE#{i0^d+~T<6>YxnwmZSo?z=f}hA%tMcR*NG5$NV&Kxq_!65+yKEMLNvC
zE>-_#KGWt_l7Jayh<RO-TnQ|vwAF#nAu}5YqsK?Iyk0>QsCHK?umDA^v4D5t61)MN
z(WjZ$K>yE{+5n6{HT(aOb=F}~ZVj{_T1f+>OFC7$L6H`Q?oy<srMngBZct+AP`U-_
zW+-XtmKqwodpzg+?suR2#|a<i$jFh`z4lt`w@?VilCZ%r1)3wYnfZlxq3g<ixSAXQ
zCkfwaR<d}q`Aqg6h~Yv&-Xb?{G7d8<o)XjIn7|kV!U*oWj)n{J_nDfJw_IRc77RKf
zpS$26?@k24Qv&-rr6tSu&tHXL#`Q1Xi<(;P)o*B2;lBtWfa75q@<5uqB1nF745r?e
zB;}w4DsEOD)`peZQJHWmR$o0}w%YbF+d@=c9PpD7Hv$eTn#Hz-IO`szBF_9EPX8lN
z5Ef@O0qV3ca~=4p_>K-+64*JJo?6t)!oW5Kba5Sn<m+M1$1WSBt6{t3ApT;VH1Q_V
zj@YuYFKly^q8K-Dvi{k}2J0lx@`168`f9GOue{|CEsyWuifOY2%zhic)HM9BV>)J)
zI5O*2{z{uRl7U(7PPTb@o|6alb-1Q4Vp=OkLs26v4LK4)SM+GjW$)IkH7LYO&OOtg
z`VT}>_nYxoIg((NWP>>aVj6R5PE232z;>gfr;F65;NvfdSPh_-j2}(Oi5~Q>_h21j
zn)rDaTk)xXS#-U~5%hZXNkylOZiIa;BA|z`x0@+i@RDG|fGFNkQkbI`k3Ej3vdk^)
zDPI))VnV!X(dyxTZA?xi&R8TA4WwAIK%CNixYod6k4lnZ{3nBok489JwcOqgf_Fmx
znd(N%sqUrrkYe?l=5I6GVdk;(=J$Koy4eeG6sBnK+o;P)VTO9s+x+F`>@3{vDN?Tr
z!cj)k=1z<6T{z6Oi@OqI*eq>+htNlhDv7hcb=h{6v?KS<$Q>9?uNv|Q@NE#zYSTDc
z;B)Z?R$ICFfY$h1%~Y2R)AbHq`@7Oz$+FMC-);#q%}!Q?2B}(qROOJk-8#7XMMKan
zz*uXlXW~)&^`SG3uni5g;n|$8<|b=Pp%2H39<ijmyTjS%@Mu4(Ij5+Nh00>3IKxX#
zJzs^^fr37{%{SW~-?nTUoD&*4PK}k7wsC4aVzyEX^W<1Ey><6xVr-IV>W8)nu*J)N
z8Bh*IQI$Sb_+(mZv7~YJLi`Y=2ZBJ$w<bH&j8Yg%F}Ebua}|trp6hI^5z=DNmVdZW
z_{7=f(sI@MQR-LS^xNL_q&piTu_$E~*1kWdG&Pef7(VFH#M$@Lz8>C`mQoo*aLDiP
z4vOx6w6^6RP~Rh=^rIY>4^VWs+t;^x6f=lZ`CS8t-lT^7+L~20g85il)2?CfEP;M?
zcck}a3pF@_V7(Co)~79SG$zZk)apK_4Kp*=vgR*yeqOd~q&cHxO$yuXpJxB%yE30Z
zbQMqc`3zTF*C$jUNv@{On0$B0W*sYIl)ro==7MYsMy!-uaN<$EbJ-wmb1WrG4@VC!
zvDtqW@T_4$aXOab2<uALTSk6(%vn@n?`Z3c_@P(NrUKO)<GVw?*p($Z@$le@^zi&X
zRlksnQMoJFriUk4Ug36<4NRx6tiYC*g$*4gx$yf&xrn-YY*2YoO@p)1WMEiBrO~Uq
zBDEe7hn|5}0g5F)SLSF;V>LV^r)lN)t?-|P{M`3kxxntP^PACQjCzM#o5UU^sM7ta
zC~BCo%1gEvW|62X^pp!%B>CDmMLbWDVHcj>GJG3<dKH$`{AK5YO6O46@aVllQ-xl{
z^FG$dw)EPq?iE8y1O6yy=$<%{{yWE!+1oWtH<F#p_4-sqg?fe%>s7PPpr-y9NXaz}
zwEyjU{bhn=6FfgRC}|RkpLrGQv+m3VZs=Fa#BwgQMvBOF4xov-O{WpDLUACPA$h6Q
z!$<tha_YcPujc1#`)!{D1eRa*TBaU(uCUGTXiWXXIQWr>R>H^p&qgWN+?qZxDSo%v
zB6f7L%m}hBnVAwv)4NxP&OMhD6Uhi2`qAI}UIk-2_uJvww6lUc=Nv-IJYymTG-+!!
z$u+VR==Q!b;(6+!w+vcZWZu_!>|6=rbS46Vnpp5_>*2F(gv-2mLvNbJ)Uw^;%T&7{
z*`DLfdAjcWmAH%J3r(@`INeRM%pB5=1nua^rkJ|hFQw<1nhMk`QGjV{EJ}nq!nz+j
zI%6^8K^maw7|YHoK~pb?ek(6dwq+^boS0sDeRA_^GP>2pye956gY52;wJY|T9#_1^
zxz6;!Dn~)4Qq77i007f@)6_UDy?BRp34v~&XD;dOYFflQ5Uy*}X{vSmY>q4wTo*-Z
z<9~*k?#bP(dh0&i^lrv;yn1=FDWkFIE%XPHlGngr?*YY^DbWA;-hE6@+AfU=k9eF)
zwv?~o8=SV<iE<!uJ7h+>3kyr&EnSP#<kzOhwc_s@Jnd2L-6L&TdKYef#0xJe7p;GP
z^yC-aL%rfqw%aXHpU~s7CJ_^6r|&wgS##!m@NeT`a$&j`y-YJzKV=^5EsRD<tDPkw
z2){cJ>Y9+(J+r<CA;I5Vl@__5DNWEK^+??G#i({Ct0Y~-EX96s>x}fOIm|&tSAWZu
zxK@*#(LWc1YX0E<?6?R2ngQ{wMp>p7AZqOxe5hpX9zSuh;kza^iRN+io)R&!zB(QD
zh`mFtI_A?`(z!ZJAA}bE$XMX@toTq)1w4B!ymE%Ohaaam1`We>!;->L+NZf_XMyoE
zY~a#hjJL1ACMP{+x)4zmq^6a5I`Q83;N{{Q1w~PluZlujodd76%_Ia#mrTm3sw(Gn
z^E$Rh#S@$;Xf?d01-}1|IxKUyTRo(ILva(QUeo`wPZn=mRO(5BL-8z5Itk(vCdw2E
z7fR1^o|dNJpiynAUb#9&)ZVj3PUk3sz9}sJ8L!oo?=&dU-j}x;-<ID|<IL6FK4HJ{
zF)d_YUUWFUa=w|ElN@~IJw?@8z)Srx&OC&3#qiVGk_V*!me7-zj5}@$+S2>;rY&Q=
zSxNYR1!(g--w_cZQO>tW!h*_w7a})b<i!s(FoxM2Z`?Kg=^vNTL9{M4qv|^kkVo&E
zlZtPYqB>=6#Qzf$UW2NH9oOeiGK|0f1KE2{gX(;AmTkBqis3=*fjFopl24#ds979Y
zPj^?9JoTV}%hHuHIzS1g!>8Oo_<uMfY?O3tO(2)_hAVzolfVX6>`|){(uys_zTdM7
zHaOJbftlAM)RpT2en<I!xNPqQa+#%g0))muq8I@CZ<Y{*UZLYiDT4%}MgoQgGhjg?
zQ6H6n-GOvxPuB?H;4G&B@JXRXmv90s!hg?mBal!!%lu3{8bGK-?suU5F0aeg{C*0A
zr~FEKWC-ZP3R1ElGr*6*;6z#<=)>0F6Ug6Tbz}j%Ak-1qj^Mm?XO2r~<bPaQut|v=
z4MA%%M&zOwe$U20y1hW}vT=f+OJ?Y)#|Y$aLOH&v5cU+Lk|7|L3~H>%w}kBBqDzK+
z?jlQrf~5@5@H)SYd6lOYf(c^L4nUidi&f1)SdN?t`@AxwkRVb}#XBPgvuj94p&CLf
z$b+<F0h?uoV+?GJq`LOCtj8p0Vxgu1DeCE<_*brG-aA|NBb7%H#Smt0IYHLL(C=6R
z%{u;16z}5sERWsE-?_`?LVjvp2#|p8<}DaVPj-S*H#{3SIq{9qJYhiM2MW{=FGAtl
zL}9&HRXhYJTWRI@gnb63TN3z-n@GGqIJr790|ly#2H3zX|NPv9ka<8kaW}8;1TV;6
z_oEJ`RQfBJmofw5>69Vh^k2`I1vWXQm0f^AgMI=-7ne8KsOU7e8r!~W(XALFXnx|-
zCEE5|Ua4<Iez$NLM-g|1)Y<q`7g0C9Px9(ivd@xXpG|EtMA&P<mTr-VubisLcE&(e
z@JHx*u3A(_jaY)}^s@7M6Rw7xrFh6<%Dg;9v1i;XgHkkp{Z%+ku<3{65Uf%$#XZ}#
zp852Z5p}+!3st8xsO}msW31Nwi<dqJhX@$S56y4_Rl&>gbFG;<iub&Rdq<kI<C&KJ
z8bShnk-{U_MHCz1@4HykN!Dj%DL>NjP$Yl2h=iY`$YMgE5*DD3%<N(q6p66H&@s8%
zC9!wU#!k~483mQ)nvo{=Hv|2{O4ZD@<kC9d{4*^oNUy-hs+;jd=L0Kn9pWM_TL5C(
zZ3NW@Y`c_hT6%Tg9_9>qZ8-c>bk-XgyNJ43ffKrezfbW%kThaz4>BWQ$~0LVQ(txY
zJp?}lcDiP1(xB$tV6=>+Qtaar)FeT4=igF(Fz|^$S-QB_w#{@^JXj;)V3m%tS!mRl
zlw=^#&j&`ha$77QQmcO`n~d_YTPaBGhi58J7k97Vj>IF~XS@wu2W|G2{<(FiB1CAv
zQ=N-#IB=ZRI_21lu|a&s1KU`=VTMvg8a3=O`#lW(Z~T4UtdHm`ImR=s257@+(1MxP
z?Vwf?3`-rL=U@h^R(JKzJ?ztxywA6jD8-lPKHoZbFHrPhWf%O4v^3T5r(7LIL18*6
zwHQBjYA$=ZGEnMCwOjz%@Do-|+HJyKYvShrfX(g^FX%^*D5v*;prdugKtgH5-$+u)
z>u|j~@~%w6w8UKzwF=_6-fUo#Dncqt@1g=MkE;l_nEDwY^o*c=S_#hgLuy|UY@Aa=
zW(W|)Jh5GVIApGOfpP+kQdRB^|F&HExWT`w7qE=tPV(3xK){CoIGhPq1#lvOE!w~5
z@b@!Zz$NHMP>|u_@XRXvz;U=7{jmfJeWoRHi9`OMYAX0IxXt~?V$>@ETM5Pu;VXq;
z_>t(E>#{x%A_Ywbpnqk?$KvAR<cs6>B(RIGW%78_9P(U-(X#VLQ2pb=oG5cFt}Uop
zfjg{>qJ)h7+WZxOeq`N@VB8R8tBvE;w&li$?q=Y=0w}MIAV56>Ca>JT+dYQrVWxoI
z3*6Ss4%Y$TXd<7cORM(ogsrrv$lIx-;WsRNynIQZD~bwoyL@E-&S(htgG5J>P&HQ)
z`UxRqH+z#?`gj^e_TCMPeGc$k`RM@;30lp0{hlO0k*P2n%LZILMJ&B19C)aNoFWST
z_*)M8b6bk!IdU6C99%Qn{(o$@Y7l4v{H4Fsw}i(7?qKg0%!vGjU7_r>KYRtNy@LTB
z_<@C@g<xkgeUUXd_jw$0xFjp#+1yAVh+#+`SF=%tA*-oxPjY_OR%BlnS2^<_r!v9H
zidowxvt3F}WI$A1%Rk;Lgycj;@~=Z(O!oYk7s7m@hJ5hWj)e*e`~~(-f-ftF{yK;&
z(PgImf#?H#k^zw;6|;2#VwUkM-l_lnpVf{YnG?McNgTYKgFa^Q6Kii4YQf8GlWu>3
zm1qm!qo*LCI`vxj(b2Z!dE}4nfaf$rgPX(vUpEYHPgmc3`vWO!ZwmW%nqb0)?6%Ss
zv5s2zUk_&8-MD>#^J^{#Is91d)6Q_H+t+<>S|SjHPH){yhVKxZ7uZF8;lB-HgEdyW
z*4BklCn~@?1a67C?p}wkTi4>?Tirbctsx_B>_|A*$>8%e8E|S;O;KerWn`cWM$3jc
zuUEa1&55x473kdAp1<M6LWfok8`0Dl%D`JYV!QpV08d&!aiNGgcP%PrKf}MA%pFL)
z$G2l4WGCLysaweG`BkgdXz<eIVHnUtJ(GcoHE;wA=ROm+fqswX<BkNZifiEs10g&m
z&&kGC-*2<+<h_CW<@vHFR404nY7OISiKk04Hl}0=hO<$P)bbf+kH@9@CGE!~)Y~*M
zy6L@_yGP8Y&4PDV<8!KK6|65>N<>#@OcfLwaf<W9NZ0DJEZsAC+Kij;nSVKL+fnUw
zV5v{A*~=!5rCxlx_8OF2|3E$f-YzS_H%kxv6z=_or~zU0CihtUI-}>mI~7bBni8MQ
z>&^}mQgc0S40=hq$}}~%I^Nm0&1H49b>k!E`>fIS!xP(5GUu^`GTVK6<8LI%oY2n#
zO9ao`iacrpE;Ei7b!8thIWky=j3lqnjgyU6$eL&hX%tD4Qa3e5KWv<`^|(>OcwQ(v
zxDZirCojy6klBb;abK1uwwq*Y+CfDX+uqg#0q-9!&nkdhZkie>e33Dw4C4QmtiB)J
zNz5f)$W&X+n3QLkMEqi%y!)A6^b!5x-f;GOx}!B&2Q*71>#YR3N(#L#5mq6uiE?w0
zM1yyTPd{nD;10L1+m(k_W)ag>Z>Nq;>&4CbT&pR!*$~HzE#5Soc;+M8WR{KfA!*SF
z&4cE#_N0Rze(5*({o5!VK0%XFp=J7(rxo*aM3(uevvjdV&*{X14t0c#^?V=ozjKR}
zWAMAdm$*$B{RZQ?u0H+)4qZNPt%mSwKMv?T`0i;}AAj_f5{7k5UHaw)xlW@bbL33l
z1m;Z>yJglutkr5#v3br<1)f)DVR6sN6Msnvth#o&6=mwcuf-qt@y!`=?MaSH3l1+^
zvC8qUHD2V7UG;^1y~eY_5=#28Uu|ZPc!-K3ibaBUR4#J<ahZjKXHZ5ZQeTn#!v5hb
zQ@A&#FYAe-#-hwYL`G~Dr*-68v@)Trbque?LneLCJ-aJje2(2=8tSH1M_-ig4Lx}7
zh9-{@)WfhOiA}11HIgP)4n&UfL6Z30Dzg3c|NMn`5<GJy0?m=__7Y6Q96s2HIe(bd
z)zr?Mn<^DaZ|)+1okM?1wB>X6KrHWd!SkYp{!<qTmo`B&bQ8QSeeE;obT$9hwxvQ^
z+PvtBn%!RO-A<pr{AILIW5I688@#vrn9U=5wrU&<DMzN1ZA`4b$)$^TwHFwg+YO)B
z^qGP(VkmkRET4^A(eI~QLa7Zb(poKx=VtBM3X{0}G3yI8<@BT<B{v@2UpUzEMxYO0
zoq6Py*69nie~$O{t`{HBXf{!bT{}5}AJ<Ita9*^%2znbgTV^fRIjes7&S{UmR6N;j
zGY7VbVS&?V^Fkrx(e%^EH#+7UPdJ_8Zowa8oV<doxA3nQ@9+=58eq*;$BzzrnxgYh
z9r|x1V%aGfXtnZ2wlIv3w&<v6HN9cL_O1*|q-6Z9n8B2JghP67)z+)^=7_sfx4vey
zS}v)#H4>-hYNOvYVz^wC_3d`Q#(v9G^&g1dWrSlXLb|zmB5yy%hB<`I{cU_jB-7EE
z&|$QP`Sch^UT$jC4EsL)*H(&NG}t2I!gFJKd_-FjHp`i2$Mv$4-+jBoH)U~6yko>c
zj*$PDx^jn4&N1}HV8D$;?0nVRx@9mozxrfny9P1cwUccinr+^kxYK_>y5+q^yY}K0
zEK=)c+uCx*1x7EF&Q%pxb~l!;Qm5-#Bh4P~<Jksj<N6ez;V1huY&9rte;}sa3#Ws8
za2W&KS9F=n7VC8O5-8y=c4|>pUZu@%N~e0yh{k@#>hH+qxjX95=)0>?DJ^yJ?YAne
zWaSwfP4mEO%Cmb6MfRPeLL(Xvw{$%cn{65txiu<dOkVr5R=kTG5TMResR6fOWE!C8
z|LABUlve2L<^5Zt2zO7J{zEC31;%LoqAT(5iKUv0hW>Uo^ES@bUc|;v?;_|%CU@_9
z=UeR0aND_){A4|Sz3DAuZ!JV?UMSlT@tJQ*-hLNrUUX7wUv$R@{b<TU{K@O|y;G`*
zi5J9L9v5ZJS#h_`Tyc~X4nOpayH43<-kp`SJ}9umUoZwMF~dvkRc3Xv(jI<oVgz$o
ztz+L1OERH$Tqq_~dX$$=21KR1xk+X(#ps8q|5v6qf<Kq23@O2NW{UX9GxchM3*xG*
zlGe+6#fhsNQK27cP#hTL0EAd8kRaj`s8SnYszv_GG#`N1j@qNXZ4ob;lG0xcV~AAP
zqk9`RUAJL5>|7R)3MJYb^=&CUx{lQGdiEd;<U=vYvCN3Z&A2kDzd6Y&!|i2sA?_0H
zYKrKExnKqQrtM%c147MqMP`Yi$RauJ$c!(86(fPuL`9;k){s70MWudAxS$RqUM7?l
zu;0VD%rgY@JfLVPA2SpC?{fi$q>%U#)k(0#uM6@3DR*OX3CzWw$9|+x$qA^3DM$oE
zRG&I10nIo9qPfZ7@P)BT=5R43+KJb<PdFjK11SQN;ap3r@ADky-t({^z0xaSq{b-0
z|9Yhk<RRc~OOq?f$h$6*?z0fJ2A$;6<S3&Sn*@$U2f!Z3M|9XDEmR3?ABUL9)Y7Wa
zKHk4sVRX}dA+q}w_8w#!w%z~CCz{T97ZNVP<M+v-zZ8)H;j*Vr({RgeS3KCk-vLM0
z1*ii6Py&uH9zcQ274Y<V90dU>4s@oM_ZCpE$bK1+q=J}Gfc4C>GK~2T8CSI^@$aD)
zj3_|*%E2@V0FwMeP?AF~>LK0I38Us-&=Pi#z^Nc;`mdqt6Awl!8AyiZA<VEKBwZ79
z&Hj~$sz4(CQ>*<)r*b1PQLQ5=$h;o}*q76QzzOPPK|pQ(#hwH+RSWlvp67Co&;7MY
z3v(PJ15&{4Bk)#0-VfNM^5DdZbaPSSk@E?)%$qDYsSpDIP@x7Mu9@79tgDSMrXB^F
z#62tG#6(Ryj+Mu4ShQVEdy$CMnbMo;eb~l~PPg?P5msFDxzp?7&r?;@54QOk-D3r#
zy?=x~52BU~TjzY=cqMZ4Wyq~<TL)iU=<rzrtK4j2uRCSD3CWJP43`%e```(T%2T0q
zFCP6GL!K!|4k>cv>?QTav**sP`NUDbu@N;}%|*LmK)j3Z+n!&OEQG<dPF?z{s7MZt
zbQO*oG1c!7GX;UWJ(&xo)QhxoBFS8Sb)w>rC|Y`?nx1GVBZ4g<wUD3_Q_J$5@a!Vw
zaLD7(k5x#*Fmg}(^{v{@Om3=jMWR~z!847O0G2q~uv!PDN54sobA@7hL^P}*#&}lv
zV)oqXJKEkOqQ$(+rph<!XSr>W{~1atG>#gKM;mdpdU{s?jeeqEd%*U4!;%IKVHV?-
zy_hCRTcM%F%GCh(CJTcmdmiBfl-1J$sU%n59yL_KGF@nbkH)RDVQ%u{n&}I)LPUOc
zzf(BAJCC2w9gSBpb*meBVh`}91t3mvn7r98rcclTVfdk1Po}zxz%AM!M9eL1K!=X{
zsmSP>`|JGZeS7X*R_`|4SO}nq^P}9pylNgUeafcsLz#@1DIAs1RV=@#i~Di7>w0OM
zv}yF^&9>|vdiz?_(-4$z)eU4P!#LZirihBju?050U}_P0$Z(x#r+Yfz6fyJzZLH>r
z6vuV(o9+&wixkEHAo`Uweg@pXu`b3@%@Z_yRv)3=rJ!Xp`BzgaXmD^iqnH&JTu3k3
z>(X_2p6qDds&Dm{`*3b=Jd}9YXwUrQr(1q3R987;7&SQv64xobrqq;*WBl5(DNX_f
zFvo)S-3aS&dUq7rb^R#x!Z~<Qp@c=bz&u69e*N$t&LL%`926L?t*j8#!^EwB>!)48
zs$G5%Ab3B5@y8KuK<5RyjiM#f0*$u0@yRy;ZS-awppSrU_#+r>ME>1!WQINdXZZ1-
z+cjXUp5~80z)N-k`Y8B9%OT&H2clZgud3GFmjY;OPH`vsqf!vo@M^a7YIbkrrX@HZ
zQGro!O90bF0g6-}{|<5{bIu7+kVIv{O<XhxiXgGtAiyikI`8&3Tq25Z2|^OFNdQfR
z61Zvc{e-7+CSp(GF1REyh}c51!{@v$P!<5Yja=Q?3d!Eh#xlivp30v&r&4hykOMjh
zp!jb2;^9n^4-(ksIf7P$GCm62RZH->&oVm*=YO2#V2wq<#{3?HftxGoNx)$Ll7#L8
zI9JFEw!b@{$m=;I)=mx@jeNHd!o%AV0JCdH0aKDHiMg=yz94{f>-T0+c8Z%x8HdlV
z8GP|0Q(A}d_ccmkKjkMQw0)Nf!Ri4fE9fGRp3P1x`<TrLVMB-uP5$P73Hj-nKZ6Mv
z39Ln5D{0|0)cEU<k?X-rk9Z)0ZP?6z_h6z@3Wos77sBJ{pyV_p${Y?Fu78onWxgsP
zR|E&Z`Z9B5;x_<fs1v-*^SPgD+)s~nxY=Ioyk?v5G3{{O<kttU{Qoyp%CdA~=nriZ
zRVMr-&y>8almAC<mOu}u&RZ`Y=2K$<sksQWWTq9~X0Gqb#LPF8@Jtxmj=p&yP^Zrd
z9cIg~?@SpE-EU8~$9bDcsFmY47J%>tiN){`Pi?c{H}AYNl-8977qe_{5pnKs8^SYv
zvKN#x-tp6m^7~dT1deDf2NVW(J<I5>FKL`5DNE7ZelyvBocz7b<Yoih2u)T!)blm;
zc`5ZXy}EnWOTl&RXV+`^=L@ZK6`8`bQau}M#fmUdHl;AVl)JO_5R_zup!ly>&6&qK
zQCH&9wMV;2Ywnemdefd73YJyBaR%Dr+`Yq}DLoQ@cR7`s1`~UKwg5c}<FB4*B{=3Q
zJ8|R1jAV<iXT$MIPGUGd``EMOvNIc2cC<BBOZ~R0K2rL_8xm6TzE}8iZ5ORntRwEu
zI7VC+`!+MnTmtqlSv^lEvXm6Hs>WWA5lUIRV$ThTxtnzzw1j1?7;r_*FIRcCv?zQ|
z^|0z}sSVj4;&v+H(UkC7rB!1&9k!D|$@81m>$fPz(fd(agApA)q!-|VujH+pV6$4I
z+4$(8{z6<0UxvS3;cm{fs^rZ#%$-kLzmBQbBBvA7vBooDn_QMQY_moRx4yB|ibI|%
zhj`<}-}I*0H75`2C1PkUDm*e-74A-H$Qh|u`OUuMW*93^-1fwcgw4Rl-;46~D<A)U
z@=`_C^}~GyaZz8~jnr~q3ZZ1#cg}1YwNW=3-^`whKODbG{S{kG+T!ZVR^DH`Y*nud
z|IH9P@f+dE*2t&B{^+H~{e#!aP9c<y=@W{UE45Rv$3b>^Lb1mAawBWpr~1tpTNLh$
zg1gfrv*Zhv&h$dV+*pBA!a+-$^--RyPYiZ6AP94-6Z?ENYbbtde|AQ1_JHg>$>yVT
z0mf-FX4bphm-UX_`4qp+E{$&!I1>mxy2IA%*&1dR6XxM)!G9oR0sEKI2NP8XtR=Be
zewH!ZvOjr#^0<cmU4WaeHc!g0)OD4sZoEjS%3e1bZ^>hr=8jSIxkU`#jJW@Ix8qI)
z8@zQG%{+y8qd%5YI>ErP5#QXLoU1d(kHH2V{l+X+B}LEfh-*6MQXP))ug$rmVhAmx
zgh=5l&#*&LBgt_d;jG7(^Eu+}HySM=4PUpOAM@RuA|8MB&@&MNlJV7l%csZ_6PwnH
z0}wO*U?=iP;8x=gM2F3LoN66*&>d3dC0B6qY>i`O-O}MqCi{%{1R5kl4yls0S$TB%
zUfjE}{`aucZ+*9Lg`fl>t0Q0kT$Xt!(QpDxFVTR3pb9@lho}XBtMm~Kttgi~I<doL
zG$Kw~*_6-Py58dCb#dg0!k6?D;41f3%i6YP?>EVLxVGCeE*_@2E-+ks7S-$?sS@ba
zyfz87i`{;&)68ekI#BDx2P>A^*d}IsZS29)Gbfr<tO=0X8F@`Lmv5h>Xqn8(`?yfH
zq4}{$Wvs)}_T+bZYsHUd3~&38-N^-b>3dHsDZWyMt_~Kiqdq@#2TEc9-AL|oHu!Cg
z@B}dE+iJ{ll_#MmAK$SrrAK^Kl9YE@t8p>1Q?(Y`Cogu1U6|CP<hv)!G>i(4{O%36
zL^1A8#a7%Rk(?<wrYe#)DzjnruCTf7(=Ue{YkEE7cXQs-4WRk$Y<o+ITa!x0rW<BO
z*{@kHysADG_Ld%(^e&iAOP;!~-~E(bCMR%eN2m4R({_l|{U2YYyHVBcwRTQQV6~~@
zt+<~Ms%-fOCAvW%TK%RrmaFmtwr0NPzj#nmc%+pYzI>y#t=2>Y=lyMZpEhBy?8&k?
zdtuk~H11m#Qpk!RX7Nlf-W>k>tMzu==Dg+K*r4hB3LaVcw)Cs0u7an3hwaByE}sba
zF_8moT!+w~Vta*!H}|u4)R|u3IoXMA?taD%?{&uQ4KA-N%sHo~+@eCX_2+t!nP9?M
z4#ECLnRo&eMn5A}rKv^CC9m_1ysPzb*8U^Gos*)=kT_3oCrU)d>SXT07B`oTSkCmN
zX4s;f-9xFzy$()<zCw3u?l#NEO{Txe;b$zlI=f&)vneJ?x@<`)>U&o$Y-vLuQSo*4
zLFnR4ZuJ;Kk+f-E?AMcbi*Y3H9#Q2i&XE<0<$c+ymE5aPFn@aSGVCYT%|6?US-A!{
zUvtE@7GJF6oA}pyn;kUNK5Taua_4TJ@a9~UpJRv;)g1A?3wIKq5gY2~<f}o<KEC2V
z3vD*S<T2PqcUxH(C@|Iu5`SiKB(`#I%_p?(a?GgbQ1^k2;((jj8<q{KHpHb?A+-y?
z8G)vnmf1wjK#Tfl;Y^!XoXi%2Dn9i(<=|$N*2lE{dhY4&^GkJ)cQG<=e%pAJzEgVq
zAo7jfe%zMwc~J7TkV?E%omYQEe`ejVtq0jge5(`FJlEJ+Oz-x8(MoD^C=H|U73{yi
zitWqJ{P|k>|9(gd=+ysGm)N?)lvJS?z@e$hfSLkEgQ{=_sv@xpJUouR<=r;s1Rcra
zW`g}PEHxlaTUTkp&Fxgrt+l~J=W-Jqd7dKmAU^n!V3AxOOC@+V>^~!XAVg;GG-rkk
znqki)El|GrXM_+;a8d$cU1^Pm1551tza>yqVdACC_HM6b|HBX-fdFv|7g9Zfjb+qP
zH!-82#VjPbiE0L9d>`Z{*#Y}-1O+*F0de*(`$twg>$T#)w^&}@id>oLEI`5{&uvYg
z0RV*JZ$A`^b_1)KC!7LVXH_1DfV?i)K_6552Qmx@O)Nz&sQ?=yh}_{sBUq+n#<B;K
zGHfP+pxJ7f4S5hD-+%ogs-@+xXqCXe^Ez-c`ay&w(jT1@ILk&iy`>!s79>}EoB;zl
z-n!NIApBbhLuP#aLP@|Ld9gCe2s~=2o>B@OlRTJL2`+ILip&dt4n4$=9|2^jyYetR
zCBS)7V@4VJ2iyd!%U4E=z8((;Q*~f@1w@mPzotb8Fu*?W284VGRm<6#Q9zNv6+mME
z=Jc;>WkyeRFmB?&TGhwTN4^HBPqQDm!QL{V#YsRU1Wlx`?LqPxltRH!USTfMT-|}*
zosVQ*z`|yRfL58zU%m+#;X|6QazNq!!v~fUHxoMqTJt}158Z0A`l&V$ab{t&h>co8
zK*$1^68g;i*sO1qO3Z&P?GaE~MXuK1WaWWb2(Vhi4-T$<_AdZAS#;3-_a`s4)7VSr
zz?eG%i5lX*)1F!;C0l1g5ufz*3_sai3%{F_J=y7WC_gwo@a~@`-_F&-e>NGrnqReV
zqYxw9o8H8Zjw{<Mneb)rsmkHF6QcMsF^V(TnNaIt`yNfNI{lL8gqCzHqvqA@M<WMA
z_Akp9ru8$aR-2``jQR=2Brd$Bx^AIEjok%1>Z3D!b1-y`>HX1jyZGA#W|LnA6>ANd
zisp$I{U##oRe9p|j-srkO)nH&vFexL#!@lq2O16jql(h~RV#v&QKf=<mdqEknG!s^
z?`7y}@ZAXgBD4$pVhO5s6ecNz0{2-f(W!i~6N#ht`?4du{5WueV@McXSNtqT3#^?r
zDP?#9?&z(noX~(-`tY||rBAt1<m=U@mt*tl!F^CjK_Ns%RYdAO`Bi&PE=HrkkwWGi
zcFIS+jKz*`aa(ehx7pr`vZHKS$+4o`oyzyBw+R|@CoDPX;{xnOF?6E!UJ5Eh^VCf0
zKekb|$D!oJg{6Vsw<dRHnZTYbVc`tsTao+Whq4ZSpN3>NDAxUmCQ?OL#IyyJt*)M=
z;EOl03XX6Ts$A2knbb-7yHZJXVLZjCA|anon<<{VGf^Wg<SYnNa2amD&OsDi$A!JZ
zDgy~@ahBo-E&ax6FB11QSt@gEAtq~AKTh*BuAEQoKR$T6Vc{x(wxdY<=!C=8`@!)*
z)DxUTcK2VQ=TpVghI%0JHus&zE!`n<p?jf@_uSL>S}Sp7EAEEPv*VVcd1Qm*=1UaL
z&AHdNz<qo--W}r!54%K_Ghe#I;-G4%8tlomJqv{X@Sg&yO7Qg#Trdzt=*TkfV=j#K
zOq3Y~6->N5K`X@tVcrx8EM1RsmnCITUG-6)1RAmg%xUH$vT@VZ)4_TRdK<D6D#yea
zot|l_4x|loloRZ@Nb+G$Afu{4eOmsr<N~b*n^7wO(*!1$&Ozh6^Ng301&JO;u7M(_
zGjWc}ej{}l$o0m8372t*;09VX2t+`BLw(v)TisM!7kD5u$Zzs2=l^c|N<l<@-m<;Q
z1N&La{J3Etix0k~MZ`&Lr9eg9XT)bKm${>wFUf&&6Y~8e7iP!P@*3EeeNVkvZo$8}
zhtBws|G%<xR#Z0Uj!-(B<wfP51pZvkmob1BFvx@vdVzK<d8`FC)CxdBp353Uc|eTV
z&uCPFC>4>P3WOx=PEf(KT-ZIw(*tgijRCHxZ0&UAK|p_aG6_7<!POOE06rdr_;2K+
z3z<<zL*mnqTnPIh8l=W7`qzu{>PwH1n)`3Gxnl3db#WbBVs0F=N<tn%L!O#2d=NQ~
zq(DiaQDl4x0qEr?eT`AN#EoPSf*!yk_F2A4mAZ&r8H;MU9fyFAMPPHel9BAc!zK>~
z!((Dss`a<`XM%qzkeRE2xgf%7uFPvlRUgD{nH%usYwvskk3>f?#;-zAAJ|JZ+IeE`
zk%X_rT9*M-8&ZtE`i~fW^-jI8prsVpo%4B44>+h4$$uo?>*eZu+mD(<vdt#^KmF4Z
z-*$sM^Q+LyDK_Au_H+U<YY^;C#L|_aac4L0Rz_VfUJn#dXAeH1lr5t9*F7Z_-vg_l
z3r*HGE&6-X7+;ihh7Zb*mg_(tQSRFhH9vcu<kwpC$2-%m;_|yFF@|o@oj9?&PrDt?
zoQAgy&WSx99h(vP2uHmbYk#!+rG;O_$_;Jga!mfC2ztM*NYnn041z|2E%mB;lVd|+
zb?b0G^F}AXy}g}tdp6~g#*fFS8(&uZZy6gOU#vJW<p^H&I(x2N@nzkw4LY!8xZvK+
zDWEPjxk-~dK(zO|axWSLX0bqkyqerYv=lnfhTP4m(fpNbw#Y_cEVg;6Nja4AdGim1
zcWt~j39|YlnN;is-27%3a<%f->~JJ~;SbdFkw(;fJ*zpKyCA-A`=;_`w%8xY>4!D}
zY89OkH`CzNq%-cDrsDnkU6=;VNA|1>8RZ-|xxqH{H6b*_9)1@m%FlWWobedJBdbM5
z;h3l%@<En))c+Q!2VIb}RBz!w^ZEnHyNoS=H2Gtf$=y8BI{Do_ud(D?cgP8+8})My
zj^8%s>76j01^K;>g=Z*!h`F|vlhTJA;~W&4r^jDu?uRtQKdwaV4_Gx1<tC2Bk2?oN
zglcn`Y$0r+M=&-Hy;{Wl))|eoVf`0FBd8ritegnTy&&#%{yrtSA@1}IUcAJQc5m}N
zuhOLJjq1_kARquz<(pmVo}YRp*C6EGV;YBZ2PLMLA|_FspDLlFxoL+@`cRf03qwAA
z3ZL#LJT*1q_nBA3>p=$V46>HbryuFbS~7%sd@QJpm9K1g8!^*1ED!ZA?&5OWT7H(S
zS8@m_oeqDiMVoICH!qmD%wkggDM=V#?<Rq=H?KKOE%B!8O>IN11`3^qCOM%!hLCeT
z-Jn3N?-uy2`9h`f>zj-6F9!NswTU|pwgdd1>CGugp(bIO3xfu?quEA61A<o~5jD{4
z-S%o5&QiM*x1mbAb=j}(9BdIK+<mbgD>c@vzh4+tacvzxtyA(Dr0rOl(90pnQ^+4v
z5-Q7}Z!J$AZxE$kvXCj8T_mV*3mBmf^k<wS61(aC1&qD}b;s%YXAGyAD<a_uRIN7-
zs+{>rXuGN79E^(z=4cPP5eTZTve|jV^Y^)xvQOUkLUCI`O7D<qrcgb6VxzPHVc6Vh
zPT8^_I@H2`K-3jZbp~B@c!RIw(PU(#@>}1)`(xo|Vrp}am9E%b+qZ#~SBKMATEn+O
z2SPtfQp=JaO>3nrsho+=P%Y$CyN-0qbE)q*|2#3{4zNxYci4FU-z^)ppEHWSo_Ki;
z#Hr?Y{5(<vnjii$i~Tx3Z}pY)rDWfyo0VSiL~)_6W)11Iv`uxofnAR*|7&WZrhAq(
zEBB@O=M*Eg&&1V6v<wOt#6H_MJc>otljiGL@%Nu%y2?Soh(QC_w_X0>T4U2{<`VS*
zphuPIUD3%Zs4wpyzKpANmK^n^%5T!VNw;Ato`g=lb(UH1@M;}UXq?_#z8xHsBr>Vd
ziT8q2+u2!V4l7oVxy)N@<4SLqhO#fLdT2y2-l^(citxL7`@t*$3>K-}BLz;LMN~hp
zf5Ae3!D7ENi=b26?dC2UDK9#V!$@k>*XUr4<Gmgw+jfl&7~f%tep9+O>%Lc)NcCw1
zWlvdqCpBVMH_*L^Nt+**=tp&@7qO*|P_X`J%W<+}Vffqz6|bQF;zK|6z?hz8t&mOo
z9Msd!{4vF^MJI3UGGErw@#10AuZ#K3zDp1L$q6IB6;`g_uH4>|JukM>t81z66+a%C
zT>iN!RC?Ksdz4#t*O!%xj^0srm_{?AG^0BH-TPu%&mEyT#>11I<$M8;udW;L-o*n+
zr?5?EzTq}Ue#xa@KUTY~9dp9I9uv9`;ZNMD2Z1&v(?e}*Z!(k<PBE-Xk~ocz%DqHg
zg+k~_-!4dd<FjJajhTp?d#v;AzA|l1DVtK0dUSgQyC8K$)UI0cTz*XNcFo_KQjKg;
z4|H9foA~6mZ_BX}#4r*4mX@mkmA`;(cuQkU$Jx^?a%kCFCx>ps+NSl1Vtvu0ON^fl
zW=XoPF;Lm`M7tl+tiRb{gsWMpAWJ}$WPsyB=8Xuf8ZLyoS6okydd;?c{!obEaP$_M
zWXY+pq_xe5#&<0QnS>d<*iil!y5~~k*t6^KSdP{v^OyPx)=b6X4=P%h^^v{(EHiqt
zl<^3n-be70)^%QDCYQ(C4ODr;VxM8j3{C@;l{7cLHyV|%^JZUo?a?Wx^^0oA_hh|j
zA}hu(Niwln_v`xuIUcp?i0X;j(R;*K>02H!Gxu-{=S9Z_{4)lN!Ox4C0mj`%AI6Vr
zYuVVL;-1VB!zU#-s@gxoJ{6|1W&N7-(Yy=<tH_Fy8v{MxDW6J<508DdTNzJPj54+K
zeg~arvL+Y~+bi}_B;L5RGNJ6gFQmJdz;jv`7oz{m%xKg1nfmpsvQ*}~ggr&c!qmbt
zIruA!)jFvVKq?Ozn(l%QTJy9%72l1PEuvz3d4)>A`JktH{l~{YkWTFNa%XwNtSL!Z
zFWGg(|20|Jxb(I>aL3HwI`s_tPd_c13BCR_1D!OwxucO6%rtg#Czmu*ZdH@COZu0g
zy4@g~FT3w4JP%n?HJCsYi|VP21s4k*?W5TAN9Jmo&09xK@_gcWqB1sEB88iT=Axgz
z6s5bXSL#V(WVy%csdzFwvQ}uT(Z@ij0-C8(f}kH3kDN2`BMsa_PJWKNXJ#v-u}I!m
znu8UMf)tnpRv)kmg5{5&zYyI7D|pO41KiJnZ7WUGU~hSc)dEFOZA)n}tBHAz0GF9%
zUJ1;I!anCR%UIdTEB|l>SN&P7<0|ndpy&m?5Z&y<|Cx;$Ob<`?;|qJSk-ZG6VBnC5
zEfn@X%OeFER{;3GBOtV@8VHQqJKsB5)2XercD(_5a-D>Swj1kn9yON<IIy8s%vkoh
z;^q4ziA?5_5;%R;0>F6P0b{G8oxFOM*;s5YqAYh<-SYk;b|Fvjx#v`YNFGb;;}!7h
zpaZL^obVW>U){}*YY#HxgNS$_ehED5`VsAs6y_kN42)mRZlpdId7lTYTjkPgCa{$O
z5S@6qbpXZNs3?eZdGXW&|2AupcC91zFCgYUj`Dz9U-m=lWU$iXgIwt;X9iTwP&`EL
z>yT{pJfkKS78!JaDp}x}0l#eUB@hISF+~_mIvcaH|DhZR0ji9TLY4NmBv6Dgv2;!U
zp3G6hSR{Ho0ip&ekOB4u^lreH1$5a!(h!0~1sBz?9<V5^1ZSgJl`rrRpOAnAA*R#h
zznec`eKqf|5nRaw`Hh^S2P`I=e<;N9yQ~PoY)oVWbsFqgfW$Ho^Jge$QaqKSTcCOi
zjGKb(%UmJpEQay9l_102`CyAZjcsct^^x7`k95|pyg??|VdpA4ol;6ZTD|ou)d-Qy
z(<7S~M+(Iu^Yo!iv(ujH(G~V3dh6j-qEa3&&iN&ke0rc)W3}f~D8<8X8-4^rgH39p
zR!Qjh5h7E;MtDLBsWw(F?Ozf<<T*VeNX~L-W+g;P#}vS7)>nm{ncV2S3b4xkU=m%p
zr(ZH&c`8Tf6^n1>`QBn>rXzhqwk-2m;4z1eUO`&nEF!-Io#R3EEbWR&04pCR<I!rb
z{zfE1n2S7lUYp{;((d82ko|l=w)YVJfjiVd?Bx^EymcgykBP~V=yM`>CJe;&k*un5
z6n+zZKg9GZH!4q-lYzPmIvKquFxSZC;orp~^3|a#Fnt8IXNzV&fFe`I%DJ&3ni&${
zLG~d)C~!xDLFxJTY&=p5_jg*>M0;C0ouBx$5jzrZU^L6oz=-EWzxC<-`RK)EW_}L0
z?7Ts%kVs9JY!{|`UOUU}1=azWogzx3$4^i72!Bv{G`H4xU;a7T0}7ii;&HVwYWmjs
z=VvnD_Zpd<P0aCJjUZrraY)TPjwFs#onf4=b+vl^fT6#Kj$K#{wZGs!tLKDEZ3sR4
zPXPo^gqsYN3fA0&yQ!s;_6-JJHc2-}G~|?so!Ma>V~Bt%fsAow3R@^nlaTJgk2tbh
z)M&IgbQyZ$xVk+JE9v;E&(mmuXHaOK2Vcss8#HbB=f=n$f@eOaIwUr>E2VbQLB)Ju
z2Ed6^hdQw7`RR@WY_9e4mE`IhcV~doFz{2x)UBXB@QJZ@p!|WuquMnaUjhp}pWLF)
zw4Uqe%6;9h_PJA~v+;-Ky8{8j8J2U<K%HELDCclosOfxCMi$~BEKBGhsQVw)>xU{Q
zGUm*Kl)^j^`@p$zZwn^IFo-gjJ<AW|cMDRHMS?{r@(2cz>ravEewd=6&yf{#4N{&m
zM|&Y`qlV0Npt_hz1#)5Cb6{C&Bi%!ddD{Y*ly2dkaF*X^ntxmBsO5jxS@@epuaKxZ
z@ce>d@oZ46y5_4*)P3IqA&7J^>?jXzxw2!%Vu2pjXb30c1KkW}uoNR>rDQofJDCI?
zwIIB5YhIBva0*1QKDDIMF+q0j0_dHC(mGgb2BmcXZv$m@m5G82u$E<y9CMbyK?W|^
zyPJiLDRrZwf!oSr?~NzyM)@etJsS<Ib6uF%6V7)dx0fqit@vPPh2Y}xAhYVVDDnpK
zv~Y7gn84Pu3cN4i#>RzGh2(7hGqrq(=;T4<L7Qb4LF66S%-HfC4sjB9HrDe;7cv1f
zN&?OPvt<#N!*fAFn0F`m0!KR93#)>Q10I@v4{T@)c;7|hA4bH?z)<YJdKf~TQ8}&L
z&18{>Tq?>%=A?Nb&)Q~~kw5$_t+XQ7&kJG2MeRyEOWRR$x~8kX+s1*MzpX~be$&R`
z-FKj+5Z*{_fIi5^>YYh}+NzV8LWugUlN_|q^V`=QUs~Sh@Q+()NL@oTYTJouz`hIZ
zN376>$Rf&K+3|nVZ=46RcyF*!cSF5q!b=6F@J_pkMXlapm^TzDfII#QVB7hvng;VQ
zp6NXk=CZsG>`;-*$w#3e{EL@$<3hBmv2j|Q<zt)mpB`*z=vju3aUom81}(W20&HpS
zEi|Hj5x#JhLU-uH)RpP)^M(wgT`$*VP^#~YB}P8Np%qLu2x~%g`{uc*<uK-c>&E!H
zuTTE*ZSN&>Srg99)bQn|iPkc$tJ@PoBco0m>g%u7wF1NAD@+HSR@W_70<U6)qUF#o
zH5ED>lQPY+^4drn<_2j5FOB1L`)a8qbf~y#xBKo;`wb(?wzV2HK{3^6RJ%8xmz;&u
zF@Im%_?E#R)qMNM6t80@2|T`x>PY41+n(Wi66yr!GtKpNj@WM8FrlO&@!wgu&9D0%
z%*~VrY377Zj&^GZ23Du|7_rab6FX;*mlirj`8&BqVsw6P$<==OBDmynQu=8k^N_wa
zOd*X1f4v_2GkIi6kHA@{)A7#Ca9RWW6<_ZrM=#U1gVy^SBfZuXoAnCeyBE1AUuHy|
zw8zR)PaWfY*?e@9n7wmL^x!-@jX2gH6|bi}L++c9ejldC6d2@^v(<3@12K7l?>lA4
zW93Vsy4|2Y)gun)<j`c84v?9n2RdPCBg-R732w*!g_xKuM}PKlqJ_#U|4<k&NG1lU
z$vHRN$TfJ>$gZfw(4}slDO7)OB4-V0JLTwJ)8Z&6Q>>73NwVvGcv0v#@2?>e)>AiL
z!l|^A!MVKGfO*9?Bq}tn47DcwqF{#$ZK5cCDnk8(EJ1_C;tz!H4}>wa-?=iT&`NjQ
z)sbWH$Kg|fncSjVstILlve=W>dJ+H$%WouUnQ$U6os1HG@gtF#pY_F6cz9I%H_j>>
zOcI}|)54}08ZFsmu`y4xx^3m+Lup@c023qaHv7QNoAJ_;ENE=5F=)Cn<>}%xQNh!~
z_cuDu_LFBd6@%|TrJ13<7P!49Be|urC}UmFP1%xBpxbRj&0_m2M-V}e;7wx8D6~}V
zb{r83GVXs&+2384yR8vuWX0xFe7Va@(#rS_>X2tW%Fb>$dE=uVYZATC8EVw^%_R1$
z<4n=c8Re<mkLXqw8U*!<%1&jjM^hBZOl;9W4%{BFVy6w{g>UfZ7NfXm{y@wVT0i1*
zm5JkSOc9n3^SfGdHs8FMRQSfm9`OZARhTcB1Wo=G6E!b7(R_mkT^8k<x$VC)>y(sa
zzPU6(bRQS-mEOb^D&{X_oH|{{dffBbi5i(q^ry3IXdVi6J(lECM;l4^Rnfvx^c1v6
zt35ZpeMLFd)cR}mm?_eW|0b|Fg=6FsTdc0Ql<3qoTVnZVF*-N9VYoA;NSSFZqc(w$
zAa(M}VR`1x#COdEd9QEhIXQwwQcTX@Kxn2Bx4jwu%RB53q+Jju6?J}*{LOQ%@;cbf
z!1JsFC;0aJ=-Zwjj>fn6*24p>q15VjlFL4!x#!{DwViyAm~M12dM-14pX*3OKs!5p
zna@bNuV_xLgROumRd+a%TY9G79eAlJohjD8TqP&a*&*%wKn77R)KU$oK54fkGt~GQ
zAK!73fuL<`@6FzTYKh4rDH<5&)Sj`7VV_CnQtEKjW%=G+oVh5^lk62?tHXeGgDb~E
zmFGb)OvLcxnf0!1sW!v06GtO;i??#tnvRsyi#<av7xK}IN57xgIhTskS0u!L*~^@y
z3k3X^-DmpOeEd%J+BW$yp~?kHY?{m~BXnWQ>yIx#MU1xp@V|$6=PWi(@W_h2B(8*8
zdV@iJ@8&t7`f8feH!Gv5`SXB=bIp*lxZIZLN`1w5V{@-^g_1Px(_SKYIR+!H%a7aw
zm{<0weo>8{sD%YFB(_xQ=Orh;K^^+C^f`+1a7bEsLMybrQmli0w<EA3onS=EG>1f&
zZ*8mCD8Dr#9AW$0SJG^ft@tgQLlOCO&-afmt2ZPSj}ukAZOj<puVZ!OE^_MXIQvgX
zznAoT^LL!Z-q}@9WZ8_B?*;vWiIA@~qhBKT7ZqZygH3LW%$%WxAliyuSKIHC0k>TY
zWSCiDkNXj8a8q<-`6h%rQL%nb6!nR2wUe_qMtwcpW}k7$^;4qb;T8JH*?Ph3&S^u!
z<m@LS#=RcxIbzdcV+oqcgaufEWsPKiwL+mg?m>V_6lD~B+=a?r$(U-!DeuK=h~=WX
z6PI-Z;z!-XArk6F3b)%A)i%|`4~ig{@8bwG{o}LxzJ-25ILBAIMHN*^0&7w$=a949
z%U?Q`QSA>zWTMNLPQR+C>ry@8M*P>HDe-l|cx~eZC;dRG#yI_%LOMZjU8yArJ=$>0
zkVi?bPovap-A`S{a0^4_;RWk2tpk%Y5tRis&WrOz*8@K9*v7uhD($rzoxgSJn|k0{
z9X7mP>-hny{_$1LQJKrMMXb@IfJN2nB=NQq@kGV<N8YvI3P$?qdQmS@{Df@i!%n}$
zZJayoOV-ki+_fO}P=>{V0<;6saHpC2;**mdZ|8uaSsY$F?i;f-e5^Vevf;z`mB}JG
zyq{SGB1SF(H>LDrC&l+jRt*@}rH8riR<!Ed7A<hNUI{|0<O0MeI9is(N@u>7`<ejC
zg;BtbLg<gy@?*hL$y=#Crky9ZL98d#hrfOeUtYw4hB}eV|7Mp{<z{AIjxtG*<|JxD
z&S-<(V_f3XZULHcFaI~v6;}IlXmsrh9@U7$8_fp3tL&-FIqM{$mK@l}U$WQr;}O}%
zv7*)^-OpmS0L7`qYP?Wj54P&0{wZA5g!xN?&%x!C!-tI}3_$1wOpw1UB4m_A`Nw;n
zy``I9$N+2wmHKF1IW9~5!A-K6AKvGdt$g4GXMwo#m@QohX*Qah$kQBS@%N(@{H&IB
ztN>3;6Zs`JlLEk=R_(07@$r~+*9p*|RDfIrtT`#d&vMA+3}mWL;1}472V;)lgh{YN
zJ(dE6)`2&nAz-CNVpqzSdo_9$1~CTRT7jN9miQC#c5oV0UxKIm-UG9-#>?qJ-tYy#
z`+5{qAt45^nV1lGm}7K@<ux+|UEuqUB6_j1V}4dgIi(bY4kG;v;F0rV^eppCR~$h;
zk0wVon&Pc<o+^orl^ydq1gV=t^c{uNKHzf+U8-qRf>SOwDCOoytB-wMi5W}JeL4fS
z4N)nK5kLt)$50dxrQQS8TTsUh3qP=Q$6CnpTcIle?c3=So=Fm(1e%UA0u_n-U^zEs
zpCt&q*@(bB3A``qJAu0Z4~5Jxs=?C>fB#KI$DeFk#-9%lBETJjd<U)+1BCDv8FW4c
z*X&h)on~y0>mprnec*>|(Sl52I@qXut_ZBGvn31wuKM|RArqS!RsgXT4~C#fkXlJQ
zdI!_e0|~+WB_34?1HvGJMCqs=fTrMG&=kby^uWhJ+FgHzb<pvMY9i#duMmVUcrAj~
zX~aQsM+#WjlezySKi8WKisVf4y;JA7_2<?InR{{O01}|94#$^Z`;2<~<l?~ds||Ij
zC(b=R8i=<i+#un8#s|<%$!xFNc}-+_tfWi+qWtk!nP@}HGhOv!OV3KOmvazf`5P;y
zaG@eGk-;YZQnIe>napAb7pG9Wc&a{7LC}i$j-nqEm|!P=$kabD?jlU*Y4x&C{g*#x
z$#=pB_;T}e50xA?9z}e>g|T*z6@9I;RX>n=F6~$Q;XQORbElcqTgseHe#45J`rUZ3
z4Y&7t_c*-n;jG`}mG*o3`x=ud8&$7lR{}LZ2mQD+pAI)8H(<Ek`hKa5p@SZsQQAWX
zxl+TS9qv<KGQq5R8)2#lYn9X~%cCgVW_e1T)m&pJKygM0^MMY8t`p%AqVNyL^burT
z-x8ww==VX;BZbv@l+jbdZHCr&Vy+7hiu>&Alrit3mA?G&*1mXr@&gXKSew)D7pS$-
z`KvU&*j!zCjo|-wF`PrGmQ;=QYRE|`kti7=N3s=WEGUlwdD=!*HJQn~y>d`AXx0(E
zLWR)w!$%pe`?92+y5shL$a?R1D*yO@_!v<V5oIfsO;)x;vNMl)kc2p7uaHqnkv+5b
zc8u&@*<>9D+1Yz<4&ColpWprc-oN_~59b`0Gq3A9@8|2e#{Kco!w%PP62g=VjDBl(
z23^$-x0h6;mx`{&dHnG7HZ+<p)>Lspoy#Fzqn7B}Z}a1<SmX4}$BJ96d)7qww(7IS
z)-$4I?syI6!h6UtLKCA^vCoL(@E!_1!o~fY#iJN+PamD(*Cw#b!GY&a&Vpt=QETFt
z`p6e}-oHsl8WTiBatekby2MKKyRIh<js%5+8l3!+C(9%^y}<6aFaTnF!A||RpY<-p
zP7vkfER7>7Di{rmaA!0H89;cBIZ;swdaqK%hybWOU~Kh*fmx8~362~D8~6(x0Fs2F
ze~p+aGhEL-(Jm0Jw~<%wOF<j42(BahQB2eB8MgV<1e`!TK{GXR2H3ZAQ_Kj#Nd=^n
zgX_^iZvr-e#f$@>h#TSWucQTz<{d=#)ii=ZtSz-w3lp;O7eq322u>kal~igQtpJZJ
z7`?d!!0bDa{7sq-28i$eCZqvSN=u81^U?yWE5tn(sJ{qxa~8mJz&2pX{}$uED=!I(
zrzhV^Uu!^_ryOhsiB&SzGhl02p-x9|iGFD|oEoWU;JwBI<^TGm<=YQ3ojnJ!j|;rr
z_r<+DQKu<s0D@CK7`Ctfevm`vkIk5)(7*-bL+8+sBk}6cwGV$!34|RZUp$9K-#-BO
zUb0CW_dT`f278gySQ<WE5^MqxvNCULhCE)L4dA8$IEy7`K}im_OBce-I7{)@v<g0j
zbor%8Q1%1DoFuI@G4fbum#=I5pT#xHthSWBcdvMG<O8i9Fo`?At<b=hBn=1)iOKd6
zT0`t%hq+J)H(7Af8BBj+$&Wk*!$vWP21$N1|2@Zis&TB!NHv>S!4m?k<3?K<S9f#b
zQ%{$CkE~aYD;=j<8zMVeZ|m{pxhn<|O_4sR<%`tJ$vP7{O@Qged`=i;;6XJ{LPu(i
zNiXF&p=TSMkLlswCatmL{p9jpF*wfsCh-12=>KbUjbYX*NOA*>X3Pcb?c7o`OR71F
z5jK$mjbG<v1Cp=f^gkCLwaAlxnQ;BnL66tcw~O^|3eq&uVp%0ORVS@-r90cCKf^te
z&(HJ>3nl_D`<D>=)6a>!=o0x(Ue-PI9E>YDoY~_q+-0J-;3j^)27T2h8id;hmB3LS
zv=};i^|iG2t>X8Hd1mMi7aE0J(Cv)npBN7voP4M6BOapqLdXx&Xd`c;UtW*lER#D2
z;?xV@-_$cxWh|<8<uM@<=90>_FMP6s^1bhGJo$p;<xzO0mPdNA-)qcddlIQ|^O&aq
zs-dt~)U)W+u`%vBwU0IiWk&^ZnwuAH<rMC0UC8y7M{SvPX7!w%zGCflBX6Ft?BBQf
z!Z-K^nYq`7NLJA+yC3z$>f3hhFJG}tXz-!#{YNrnTlkjH{E|mV9edBLxSmU@X|hcU
zBh;a-+i62}^?t@ByCENts=X!FS#Lx0*e1~P&+XDY;A(fZ;Qs@u>nJ^#%U_wkKWxWB
z*7I_dEJe6AQ5lq>l;<0LH&3xkW2(_(d0cwuO4%r@8v&GNocwdP&&yHW1B~x%7b5?a
zuzFmp7XNo&J7U&=Soyt9Mjc7(E!1Zg-F<cYdv-hzBFsCFuGC-(d1iC~qKLC`&Q?D9
zy|YvQrm;5H$O>*;Coy{S)8=sLeZ$ySmpG~--MbBp{96+yx$}-f$duI4JgMZoz^@X@
z@%_6>{--aIy>@$W@6h=R;XdZx6sAvl^dfzRyF~$EKdc>>jTs$CPjo(2BtLj!u#t9a
zVwsdH?utZn-nXK;V@+VCu1>^ob^G{6e8{tk8@WS%@0}78Y_B^{IpQ$?z^d}<OutGX
z*XGS7CBqLLpa`DPy53_h?%iyZYLHMMg?!{AB@W5JHtD)L>$TW~68g*<H6ljGfuM!O
zbefcfN(><8*U_kb$6=ECrlHE7>Rb0Jqm#?jNV}z1=-keNf^3v3dWp6;v&T_JOu3oQ
z$rTUjLal`c%&Q{h(dM^DcFSn{4frm;PZwDWJ6e0P##6`(eT{z+qGEn(?wI-}$UZ(_
zIisTT^mssUkUOX@@Lc|L&J=^O?6;0FMdkw`A<SmE0{S~`H>BetZ-N?ArZE-9*;4n$
za$AWja(==O8j-t3q$fYP`3Djbv(Qm4%-Ee?z3r*6Jy1Nue;kql%QI9XByaKG2EzW)
zlE_1GM?}H2;oG+qef}%gN{|?9N1<TWZ5CiANd3{IHfm13e&$~y>u>_9XF@zr?2i-j
zJ?Ms^A8$$ht=QolzNB1xp~}Cm#(mz&vajL$b>_nHY&2T8IiNCkz_pWC{^|407=_(?
z>zB|E&T}j0);w41oEBsH3lD$0N)q+xeT-+KilcA7c;ZtTQ-tS8-&973`y9XK@|uE4
zKT>Iy-g;W`vWqL|NVqWi)ovsdsVY>vb8#@DXN_8|mb@T*3D$bM1@I!t%=OGY8_Rt$
zy}Hc{{S>r<uUlR4>ub)`)%CzY!8H|t=Y6fsnY`_O#WsasQAE|%1Ez|_(EXO<9-)Tx
z+3=U5gzOw=j5~#!^d&)AytlZE)9x(EpGSK6j|xT4Z|d<3soPzCVC^Z99(F~T#o`Fw
zoPw*^(`Ixwgg$g=iRctc1rd2Fna4b@CJ(Nk4_^jUgnssR%n~XpBS`oa_wLE_@94v)
zp%-m0S5|DNw>IZ5HjD1h>(Nt%<6s1IVB@02u9;g+e;|DFBLibYE_oH+%A$+Icb`P^
zKdNCnVIDX@ikkhT9YNjD@iJ0kQHDO`^ouok5R)A<HWg~{Wg#J<U!$(nX=I-t?>MfY
z8tozoYx{9MM!x54+l4%9x*EL^a~SX;qhheg?9)znWXbwF_HejO)$-4Pe$}c&4u0RK
zLxLlhzXrQ$6+T2hO)VFWEJ>L!lNu(C$Q=9W2sm)26tkemzog=E>je>NThsYI0p6pB
zrwJNUpQVq_DynP)u7*&sI@lKrpfV~(1??-vWtmz#a!wu-fO8S)x)$yE=iHxg<Ac(9
zS{}CoZx8&`zRc>%q2O{A4^vap=<F%8=vvJ!$Ty^DwoBS@!w{zH>ze+sot<v4d6-hr
zoSW$HYmZ4fa+HL?X!P2%N@_Bp48oN=UC(_v#;ZoScq}a|UNh{;elTF(JN9&br@kzo
z?_7Lc5rvw1rb`{E?*LkpzSfFj5ZZQ1eYbq?`*t$tgis<AjcQwmR!8{oFwVKqIQV#V
zL;@p^oF$O;N@QB0eOQ8)ZHq9PZqCl0M`gz^?=pTPLRUTVd{gjst=Calea0vj6YdKy
zAh*#?Fqtk@^;I0X**Zw2T+=^2ZlHc~Kzdm0qr&}&cEfO`T2JfN&rn1ArH+Kv>!cAs
zB6}zAbuxx2_l|_3$&J>u;D-Lkrn55>lD-@(C0A>vd(_p@ecY3wTf`0b(;D6JUtDFG
zpz&7xR?x&{K$7~cj^oaKO}`M|X-N?3jfodLIm*dkW?c;N!89!#cA$d_u^Op4t)hXq
zl?pR)i?S<(yFz9LK5K597cM+da?z0g0k?->OPQV3!<zp;y2S=az4<=@QXUQ`Gg*N8
zP2b%2%`cxTyG+JvnmZ2Rt2g(<;L8$VaKLy5y?7J0R5{2P(-gBgcqybFx8T$>`{`i|
zne-Zae<v|}4Em*%dgIgFu1*-XaE3$f6z1*;QT;+~7R1Mx50Xl|KsqkSdHO{vkIf(9
zOGSbts308X^xSKtKES4l#kg^7Q}XP@mSw#Vp2@v{kmXDwOAc@L@84%XKxpxtauPtP
zy-2RBAR!j~61)SkHzYG~BW4#7K~%8h3eKDFQ&y9yQ`mc-Y>f54Cn*9hVi7L(hn$zJ
zEN@NzRD&C!UMYb-Kw1>G5CI~XDKeFHI!6OPWS?g(G?g0YqlE%U*l_+pyd~Qdlyeci
zAXiuc(7?x|lQ0|(=f}ypg3FAp;sdy)#KNTQ2_c}ald>w+S`R>28i+g=$i5|clv43&
z=7*;i|E3_sDManA$Yi58+dpXhpPx4(&Yn42)X%gQLHQT(UUjTE%(<zPZ{W6vy#o+6
zh12SPk^U4vKQr3emz)^HrQD>mqeuAt9=HZmzx!|!T&H&uL%XEKi01x%CVp4M1BOmu
zSHFMH%7>2do<H`Z0`(eO!aTDlXqSUm0IGxJC~%8`TdK7!L`r7xqo;*pDu0X+_3t@9
zqNpMhW$^0Pny{!>g6==w+-oO?q~cWUpWKopY#Sxag%|{edGC4P5(Mjf9Bqp-HRsq4
z(<g6m0b`8Kn9)vkbeu%Vi$#rN>p5|-BMtVo+J%Fhf-S-2S3AHrC;w(g3}ywC>KfNX
zDEy;>!ZH4MprGVa2OS8lO~PhT7r-mCM$cYVg)1{5<WUQj*Jm&sn-Y*r))H$iW#ylU
zvB|}vhHKdqkWqP+So$xUCY`<^=C2o#MY9z{$h)BwEZyBf1YX3Kl{4f@T_s{8E=ZMD
zDdrlR*Q62Dd$D?_+GZt^r~S&m+q8n&orXe-#*-3b7LG(;FHv2;+u1JcPRaiLlSihc
zf0)|vxZw#;k6K0S+L^2~i(`4ria#C{W<=+-$s)|=8ML=HkjzqhmaLf&+mgb5uf@OP
zCB<QbgQx~#ZRUa5{o&UZ%y~HyY(I6OF&|%e2DO%+KSj|o&989CRl6@4kPgrw&wtU@
zEg$AfjqyM~?xkHX{4_-U8)&TLtD|QVQ{jay{jAe=lI;1kiWAz-YQLY_URx5@WrPP$
zbVL1y-<OX&p~x;b6_5GaA6|PQ$yQ3yN}l>#aJxL>vTPX2VEyA6Gu^|9ZRL?&m3?-J
zV}j3+@WuvTj%wC?rd$hyJH-4P?+2(HRB&&|e--l{VcyO7ZS*Kx?L~M=CEsES19dd|
z!JL-VY0eeIwGOE)6b?$2B}u?>g)Ni`Q%2O3b(qT~%lKnMed>nR*R<1I9l}zW^bOi~
zsWIeI3;PM7O67a)xFv5$Dk7E5ArMLhY0jdZzPGvSbzB)1<~5;O_<0`RA;D)O(fP_n
zwPv;akwNtjF``aY<A;Tc6z$uKHKq{(bB(vb<XlYX7wg9K)7+C;abLC6Y{!JScZaGX
zrz0n|!F2wNGmIZk^wL*HA8e~t*F2Y%cwWk!zI`^D?Vp{MuM^k{H&o{89(W`9;DfVp
zoa@qrveY^c)x*`Zm(?q|Y+WVtH$z1BI?PhEoZMfeeVg<pLV#UR?^P0L1Jb>l3ozDr
z6t>j`-wm5Z91Tt-iat*|oK<CF&$Re@X#OSkQmsu#16-}XdS@gv4L8~~D;o^H#MB#u
zEU+g;kn_ekjbV>2aQNYecN{hnnS8een^O*(hd#nGrvMNKDMthxPJ)9Of)%GIv*A9*
z3l6QMXJerY^3gflvBDK&Zvz!(12}3V3XP8d>8n{6tXawsf}IgAR)UaWK;{b8gFv_c
za=}y@8?8Xi7GQe^P$1h$81!}>0k+q}Rw3348&eL#^)CJc#qqs7z%)x}uQ`ZKEN0sq
z5937#K~y)_Rl9OGpKZ!B175Y8{WNS~uoha6wct1U*2^DWZek<l7A`lbWCuVXot#9w
zg4%z_Kc0Vt7Gtu&q_zvTM-4kxdo2R&xLF|4M2B7x!xRJw4PxH~Koy8oh;C<Qo5emz
z0+CKKAk+Z7u}?K?<^seMK_Ny>%90;hzX<&mwo`0M9`7#0yHMlCJctZN{_TF1*I(|}
ztkMmf7lYj&4WeSO2Hd|}lFkW2njQHjQFpN)r%aruo*m%dAu@5+dJ-U~Ds$oKvEVm;
zM`=>^7!{h()O#zLl>&_rB~a&xb~zO%Rknbzowuy3MQ!^~bVoFq6N_u$12H5R$zfyn
zAora?>eHSWBK7bmwr&<>d%cJ8M{Tck*omrOA9N9fM~xN6QSOxJ0N6Zr##cAWz>DgG
z`u%~x7hRyIR3K@2y|lQ{kb2iA8v5%$G%b!r)7`CqAoRYUf&N<T-VTsA)@E=fd%k$L
z{87}#jT%q#`x+;*>Ah6ubwT%@x2-#hj(;GyCYO~?a5__r?A^VV@C|vEU-K!2>j%Z%
za(H@Nx@!-{A9jufnV6;EV45nMu04x7WGXyvlH*ppYCLRrfUpbSU2c^z+j9Fod`_z(
zZfMj(H^(G3A14CZQc`yc*ansIW8NLD^({D!3^|2Lz7@fQ*j9mOr$|gXE&dw33_T0B
zTvl-(lO5pUi}KVjro4A0R@BeV9nwmALgIX;t2(}>B_Pz;l<K(h^)XnZ1LZPJbG|X$
zZjXoOJ^sN1-A|W<=|vtDy?O-3yzofZ^{-0qjQtUq0#0Z-rLT&Sqp^XqJ-JOR=|Zm=
zon`4>AC$zpJ-J{_xH@k%;jt36$o`vP3Wi$21n>T!=k+kjit@I>n0H~FBW+VVA++a8
zNZnsa%*$NfLBE49g?iQF&-<K|T&!vhtRiXitYfQoCG@r_pp$YJONSedL4`K?t9k?1
zIb{h`zE#+8H{Ed`Aoi&k<cTO4<I~@K89C-4(Z+Y>>F$sO>}Ibm;g+B;x9@Ug@TbkQ
zcdFKFN<9gyCGs<~X_30snvTUrEnj&zR%hvKe|1Bd+xVv?-F{ZbWsO06j@pSxN0+kd
z>r0zBc+H2oCW*<v<v}(0p)y*lXWk9u*Xt3*ThFESJ9+p?#BK3d&S`pi5Gxa>m$7DJ
z*4%Yng3S#B-1y1kqGl{!n}SpFY{gvgPMez^k)5>$)Y8(>_gChT&cX?c=yv_|Clw#Q
zY$@uQLbn-mz7|Hl?#%9v`2!*C;%yz&@=C0RKa0=qU3@k<*>iW<T+^2D5+Bs)JWeRm
z5K$FS52C*IqwC(jiPYF{A8lD?lh;0LqJeG|Yy)L$I3k<}g){^)4k~K|V+%KZ^PhSj
zZ=R6U7NMLHv}2-1dnq>J8uWHqkUW(SEqTneA3IO7^{*#XTI6)`e57O9xO2;6PuxW@
znk?!h>J-*o`u^&8Xqi(6{}?;1od@j@s?eIIZMt;b()Laq&W|iM(N`}0$Vbr@?C7bD
zy0trX%8~><e;~JdUvheBejOJgYggZCZ`8lcso<J7wr^8>!MGCpYhty`)8}QuPl9;c
zix|uEsmJrz9aj5hj_#a|WPcC)F@9$Z?Vo29s(48TLZUaf;jqwR*q9A3(EX-!ADHm&
zi<&U34}Keu&CvI7D~k@B3?*FZI4t?1AN!&Mw2OQ4w$9uP%vQZUwZ|;JeD`>xd33Kt
zv_u`}8k<<;wAzwTLNf=p<Hw!q16Xy^ANxtX5L~^Zgl1tHo;c>eb%_i!+wfIByQ4IW
zbp1@0ZT<c>GnulwiJG@>@*5B1W&egZXZCTqYegtH33Fnh+=jQpUWqtaK(zT9O0Q|X
zw&+2^V#ERdpwSBPi11D#k{`AgF)^iXwyAAbQC+R+o%7R<Tc$HY#Hv4&By(N20($$q
z^NVm3{%88indWI*-!3x`3sF|pw?CfCwv0->;^H^E5f!HHo4(X=tR}?#+B#0Xl5t-_
zLE!V~C7uBC@JsQS>SQE*iX<)^NF}@#Opva+e;_uEpZg4EBWNBeT(67>6>(hc*AeRK
z9DkXy$df7Ny5#Wl&habn4xK!fujm7_qff@~jdQELJAKJ6tg@eJANuTVHJhw2vCBwS
zm}QORhRTQ9T*qBgd^Pd5^Gr9e>D`c;;pZu_p1!1)S9Q4@FP4suw&CGQIX1dgs7Zr%
zROhr|4OMIM_YR3rIg53~b9=bqy3L964~bVr!I^Kve&qjf2osC+ZvGu8I8~(WOS$%x
z0>>^<YU!6k&q2TP@Sy9e>m5GhK)lB}Fcw0DgE%F<FHyREj@4Iq<wA)UW!(;gs=vp9
zCVFV2K`wW-n7MpNF*r#ABv>~v<s_{=R@Sk$y7cv1$QaHDG0bY5S~ju)5{1B8{SjPb
zm};YMvcb9OIa`SB%M?1(#Rg8A=23_K-&bx4p=DpjQ)X4)*cT5kFeA*7cTVygB40%M
z^JIF{_m0ipeRp#a3K2*x=B%H!cU}GixzgN4ZTD%R301)#C`hK@HqSDl5b1Yb`RrV0
zVUQZhAZq3^Wq+GUz^lw|rZ4{|7xPQBkffAIv;%_{ais9Me^8lyzIWqoL)sV>3lWET
zo2aonP_}~iMW=?<<`pk&RKAdASPSc^Iu=c3e+8>OX{93#5>9#4yzEepzTm*IF!y(>
zD6iBLvfn<G^5+U@-fh+C5((X^0>`Mk;tJ234()EJsC?zL%ota36?ZUrJ#}bTbHN#V
z4VLIuoj9UCNF!c3Gh~*l>t1!=FQkKu`q=ht{#08y@IfoEe~T9Lz4w4<q+s?>h*YRq
z_jY-sO(Z@AkV(G1WY#q%-j#UOOC@1JLLybUhS3x~dTFi|S6vfe`&fxJ*yr@O+O3P2
z`I05;+)o<5KO{mHi!AgY52x2RBrnwMtPdm31)H8&aU-3-QZg?`)K^Ou(7Q1;(ba0O
z(8_G@3rj?L;f>TTmB{OD^r)c}X#ZDlkGh~!SNaM9he<D1<2{{ojah>K|K@`mU#b6+
z5QDBRsb3K5g~lx2zxV~X;9S_4XEXYp4ZT*s)=*z2a}8qj<*NHJb%~s548ET5T*=8F
z$RPN(T<{etj_?e(`Sk;)U7-CAL|0iyIw=Ju<-<dhj~QZR`n+vwTA!79bBMjMjFkMV
z@+HrT+RDpYQxfBbDEy;uL6Q+DtySNf7!Tt*1E7qJ#YJ$NJHKAvEsc<{pIAVpRCr2=
zo&vHR4>Eq8s)?aAGWS+Ivd59fYHT<}44DbiKg9?4@8#O*p0|J^#%a=N3R~D<9^Wyc
zU^m1g_yWYW3=CYOzrh1miv+*VG}ZS>D;Z3WK*(@MrTF{xuADft=|pKF-~#+B45pX6
z&k<ajMyPcB5f!iIybrU2tT?OtNLyPdiUx-%LqfCE<CPOaqv_}da9u=lGu<R_kdp+9
z53%7GxFt9V@1z98ZRdywh5Av(A#&OAZJ{4HlGgzYCi4%1T;)Ju6q`4Ra7bz-5lQ*S
zz<ZpN(oJOt7jf-eV-IRmg@^+7IXbxBgPz?0gbRLn<p4@{-qG3GHRivku-3)maDM_?
zL(qs6NSFzLJ3^5SF{vm?<A;lPqvxqEhZTN$E|!N*!-)o9`kSIC1+Ml`cK~fH*x>Kt
z`@R~soAOx&gq`?N>W?onganaUR1pq7J81+U>dWg!PmPb@kB1HjO#uEOwjgUY+Z9_N
zIe<6mVmckKF8eP!8ggH8vYj+rK|S~ohD}6ervj^CLRMlnAG#sLcIS=1bQ!MPd5GrF
z{F)qCh=Q*Uh!Tnysi5WC!vQ3vzz4~~$mOwREf%R>mjUnvAfX9!yR*Y)pMtK<QxTlM
z>u&lLoE7M&1BwyxP(=SXB6chmr&ooTpQM;Dx45G$sl%RQ6d6ZqZru4%ebzKabb7nv
z5?-@@K);UOLe8e#qZlmubk(+qpI;1CM@+PU{Ge07uDVi3^P}+nt1yAxXAw5($Y9;K
z{$Fd|Sz}lAuQ|zF%x!nbPS<TSD%@|+HpN#&DRxe1$}4phPSfwafN#{HW6V<v+J<54
zYc_rP0Wr#3g2Rzw%$oAoI_J!A_RHSFFx;32>3oH^C$kMaKhV*n!qqvAn`PR07#ZVp
z;c)9aw_#IHvL+^qjX%w=NUAzHHCa*)jI52ae{o8Wcne!^V+v%7x~Ha4$(9-w4Xa0r
zTBs%}IY2+s7ZB0jZ;f<N0|~<g<5h<p3H9~nu4kw(sdf&Z!*XswV7bh7boorkFFXFE
zG>mou0VdJ6_|qAuBs8Dj^%Z+@4c76L$m;#_m1xfe^u~+30?I0$NM_aBlUI1W;eIq_
zdCw)P?R_$`ILshjcgKA{+N#>xcz7e6xwA~_t00~EqlA)Bjy{%@tW@Nq1U<^GpDQ1a
zHQ#Podozh_xz;P@YV3Bg=@HgEsP}^27`MKpEF&+8b71Ozni&zPE|pPhRZ-XrT$W_U
z3VwFCY{KeV99C>{^btdjQN!ZY1wneos@^u=zP8nQa|Z{ae{?J{%1-B;cs}DqK1S)7
zKc_q@{Z7>hszaPr&n1{N9T(ZY6r)a-8DiGB=uCCA15y-tEA1qTys-XU%3tP`tW#l=
zL!gg6SJCH{=fCi`zYf*Krs%T62l3PYc0V<;kpHzef*2@AL=3Yt4OZ|B_D)9DyEGPx
z&HOQWXEc9REa8~dl)21o-En6%i~gVgR1}o@`MEJSx-WGAs0En-t0O@^JFiXUzxk|U
z5u)ZtYvuohFNa1z$xMj(h}JCg5(0i(-?%Ndy?$U1hWG-e7hDo%#WrUF+?%SY5O+C%
z9rpcd91mti^2Z?#1VLc&ru^<0;*oGRZ!FLadwd+w0t~MSI9)y>*<iz|l>*lMO5a9#
z^yMKI!rmGI|B1Z-t}~dV6JU=}EpfnBW0~FnFq_=Hdtm+F87w39?us`!+CVpK5Qtko
zNyE83%|TU912kR0{|%NUYM*`W8y6y36+(IM^cH<D6N!^2kqv!^AOtk#Iw#%8+|6cW
z0y^bk+Qd`91p~vhs9UykRD}!BF#mQ1s%PiDAlM!cA?$HTVa+8)kT5+6jN-t2t~nG8
z0`^`KfPS4ZOnxNBD?rbjmVF+$g}7<Ha6kdju4Jze!4hDJ%hk^#&J!RuRfel7RBIiT
z{8{!f5O6NP6_ud9*!BnvBGT}En-CR9>>L8*Mpw;bgK<LC)hQD8N4$Ua+<X4h{`WT9
z_@mkFq9MsP;k!@n2&|82!ubpXK5g8qO37_>^W|WK8I5E{&8t5AM;|Y=D<mX*{##Q!
zuJ>>gDMYJIuKyroWABmjR+KN5Q0o6Uf?eT*9iJ;QFTY<_cCV!F@fm<Qv*|NQxOK7)
zCCX&MRc@O5)HgnRwpDkR_<I#&QaHV5(vf7?{!-oH7{#%ca4J>1F@d7##bSrAksjad
zL*MEW(%!fABCE$h!x7>dxgA8Hug`+wWBclqT^Dg6F`E81Y|DP>Cr7hqo1vy)Uz0=7
z*>IDU-NX90Utwz;docplA{KO^@{$*%BZXsfbdD7fnG^A9aOOdiCc+cf!YjFC^j-TT
zt6gV)zA<hxa4{ew8;y^e>_Asu*Ej4&Z!X;49vs7uNOe$PD&2CCl-fS7dyvksk0N|?
z>!2T+Y%^_L@>~&J^rY%59d$Y*rx$-pKv}ViH&iRCcc5596+KaI3)M{6cf6fw-Tll^
zWpQ$v#=}RxFIK3>@Ie43OWFSzrZ`*bO-mS|RyT66QY_Vxx1_MLzW7qeUNgm7g<Z%B
z$rQAirt)E)<a8faJD>ccP;%*Wk@yp4mBQ>l5WQtmUf<H^&}3V8D$sHJ2jaDN8Mh+8
zwdvhD7*?u$r8w2DyXCcwp7F-VVSV$k^t}5I*48iXz-!8*Q%{a-9`haaL6J|ZHClc8
zMZ6`hOx%el-vmqHub6jI6$59jTvDS);_J7e>(@DU*ZV2N;ZqWI-Xm6~j$Yg`!C#H~
zg<6klSg*d&!~cz!(r`@K$9UWNrSYjhWKpl1$|TowVpyoqR_JyY(yT62XW9*uUwSd=
zN`0nlTp9YYfVr`zF37QeECwA39qWfLm9Td!Q{)x^_by?+gA!*KN%_bu+QO;?$$jN#
zl7fI-yBA=iXmTA3`Vo#S<cI`MCF*g7h$NqiK$74g55(<!mfCN@_=G~}i-hmv<2Hpi
zM@bU-*eA7l-6aVK1X66o9P@Rd<aO&8+}(D3UN^0N933m~e+!s0k7Ml$)ZTd3GMTcR
z!x2!JZ}>UDtI*$Jz17X3c5n3J=#u%MK=^ocd=V2na-F^M8M#P11>2UFkL%5$gA3s$
zbn%lR(o?tUSAQTgsuMdIu8Cn>kBpzqjLxhOv5Pm?1oLFhT`z|G^1t{sXR^S7Ql*bL
zCkeXIwvfs>1!P9*GTXX$D~E*^^fLlqRV+$y1oNJh6*{eXS_aJ8cnj%z{dl;SB7K&+
z!eM%y7r|<Q>36@RJPYZ`IB)*xa{H)>qWoNE%)phJu+#704+JER=!IdNT+k80?~Jv6
z`)rEKLmL#*HaK!ae3-J|N462a+lKjMB^8;N?3B>d)ukLQseF!y8)S)EnnkL*X|&Xh
zIO*n88Dqwxb9>6`sky$Y3-oZtMf@t~TT{vbp5YD=ED7-64^Hju9|)!OGlsYe8r7qP
z#k8mxsJiSH=a|I3U8a#expVr#$~vg$IIP86TzJ1Eb)^{oOHt=dkCMB5c;0-j?8a*$
zTh>+raa-j9IhO^F&gA~lJdAab?#!6y!T6J}0&rv2SP(uZ1v?~Yh?<S9lst;yy4ANW
znUz*3V7|#5*6IJOV=iESqoNniL+ytj_AK+T*CWd5xb~7wsKmt%nO*hL_oLl|p~Kmi
zCu7WCvS4dsjK$WQ$i|U)384M|qLP(y`q5!B67L&?;iFJ$p<>lI=FV<dtR{W;{7lK(
z4ePb?@zpW~OTlN}m6KrtkjXsOMb5JkmrbgQnI8wIn|t00+;H!o6G(-p!$IEJcDB@a
ztgn80{q5)(pO)0eT>Vq6nKkZ3k;$^F%AE>BNjmRQ@^N;fBcDcxN^jt9EZt|m7w@@L
zTN~2b)*~@(_H#MOKhj1lqy=84rhc}X$svZ}l?4Y$MTF`IgE(uj;{Ls>v{gf4@nKXQ
zlnn7syzbnw@kd_wj&mk;QddKjFo*=>n7-7EZx%CT#C^NTX>{|npB*v}^X(IuE3B*M
zNkd}8EeVH2P7@DGltdAth+`k`2Bh<iM^6Oct7n;Q_DtebB##WcqC>pm%-X#jd*Sc)
zhMCS8KHkrF5gAv*J*z%9Nmg*adQN=wVrN2LdV20=S$p#&-J#@Jf~v6k(1E^t_7A~*
zR)bHE*H>^>qt+j5!3OV7t@=Kp(a$eJcovsCrPV1|+&ne+AfO%I;kfRt*74M&bfv0&
zZ%I8Sn>heF3-?4e6&6e=AaDYN?Ch>aZJqJbU3lBjO~YU73pEyePL>W<VyDtRq72d5
zSQACwF_63<=MXFOVO+8wFRJ3Gh9d_M6MoI#Qa3U}bEm7K18gU^@bDRiyY*XbO)tks
zmdu>ykJ;pv{a2cryX&qiCELymbKFB1E_@Va{&kkJRBxrOA_;}+tzURput?2KR$RLH
zt}9-pu46i6AqC@DU?1@%nJU$iRY+pYTdHgq@bh#n3L|^LOKL)QvADc@SGO`!dkGWI
z=d&l`{XabIf)fke<YQLEy9^^m{gjs11)l$7)b+RHsR$t=xUXxFt)=j)v;@Z_LHDl;
zIoAe@JV$m3G7;Xs+1G8}M`wSVsyJBCGxD*(cP+l9F<?4a$^8(->UxytiGQ2N*K?E7
z?J#@RPS%UgTjP|3GRI~Y)ymm}S-nOxKjlH%o3POKa7<Xr@T9q*gHQA-;bZZ^yUWat
z9GFf8M`<#2$j|3!SEhYxhG-mmFxnz2teHzOw7>p%=RF`UYX7Au8KuGi`GBa<z{B)w
z++h4aRTE|j2z=K$KgCrwat6!*ghlf7FDSi1CBOPTC)#vdnt+<!-T(LlPUr7^l@E3w
z3H)vWS@V!`>86Yp@B+F6ouK-3?l$*-bOW^Kz*GUdyaOgTL(RpM1r0n7Iodmp>maph
z>B~?3{eOCA^{`ABhvFGu+SL`nLPmi6m{rZ8@Yy`a06|EQThc!@a|{!GxAp-3^WRHZ
zrj70-l_1vFscHxah6xFU?wyV@=ViHm?_5C?xFroht`Q3E;f1synS(=qBot{c`CWOD
zlhl26vVwoX&ZHekoR8A3V2!=Z*gPzQ*OQHGdf*y_qtvvrSqwx^V*|0Wb@6SjA<tN-
zB!mQ_1&gxP4|B27<}^H9nTYQ>xY`3UF!ec^6*QoG&0WFu!EPEX{fot|!J!p>GMO=g
zm}>+I1b!qe3?Z68OsUc-6_DEMKbVI@)(irpvBA$*@BSW&c}oj=Z?$}jOpZPXMdu%7
z;rmBOUsI6PdPpKn(zqrDi3nJngwlj2g;bnt)y;!WT|AB_r_o3Sz!3x5Hn*l9+ZqB$
ztC)7$b=7>*zW6ORTrn&feP+g#ncMEsffNiTXZuU=Mydr_i-qq~NyX4ZC<>21jzmVg
zQb1Ov4*3DK4ydnxOJ*@>vozktylS?6gHHvxZJydbn?Eb85yJP+hIcij;lY9t75e8L
zD<@IB0i91BEN3td0FCAR_6tjH^cSA|I2R2aHow90<q-1QYxL!rZJpKL>W)15ty_0B
zx5O^24=F!LNZfNDj^hZ`-ILH7@Aj&1tq8pSbhCnJqjH;AHupr8n1jZ~os{LvV)=KB
zn2*i?f(D<)VrpujMO7kLdw%PlC`7k%xX$R8iv8X0?rimWqi6?qSlpwH5!aIYwqX?2
z)sbsU;;*$UA|L87ELAtC&dzM;BUyrDLxx^`yePYbqN*{Bv&&x-Y$hsN3wkM}L;dJ(
z7yBCy>1m@ZD?}z+*wkOrbJFNPSgE>Xtv*~bDug4r!`M+pj4<@?il>*mO=c^N{fl}S
z)%4^$nyt?-Vm0fSygb8x)Y;>%a@$jk?x!2jeF-P)gzTUFfpDz6k;%#_%WACs7XD_C
zZvzec?reJ6G&GD~2+yvgBYk&(ZXTgtlHO^d=DOO+vO~C!DQFI?ARM%Jrh0&aeVG`#
zh%(Og7pxwt2=EBc8d6kYr}GnG9NkBT$p5&Z)~#arp<85qO8o_=;&b%QsyDLB6$$HH
zZoso$Tp3bR5K#8L%XcZH(w0I_M5{40{|91irS0<y`lGIqQT?(9^}BqMwug{QJkl9X
z?#igVs&Cc(E|(c<g`SL%RSfGMd<CPw`}D#ss7$g!n4?h8dRCu*!G$@UlA98h5$*AG
z8`(w|&W>VCWQYztZX-SJ)d&~_Ym1Z1Lm?nJ9?AsTR>6z^gb27#&XNCnf}$w;2@MEH
z7Ef$_7pNM;>OX#duolyBa8@_1v7`8R1|uPnlkl5&Sl2|olL1B98Cj<$zlMln)<Fs#
zRsI}s*G6I6v_am0t%xWEWSspx2Jo(B>cC46hH(8@;x!E-PIAy>nMaW5zk(12g|V{3
zRu?nrSX6p3lb=ZjQq(CR7}n#wR-c@B6%c}qGgE(@$#+I$H?)Fq6V8V401}n9!-66a
zD4KhKXG5Z8g<YZ@TN;}Qhz=_aJojoOwNy@WsqbseGT%ll0}Fo1w_SoU6nGLBRGN#G
z0KaNoT?4hYSVhM7&f{EDlU#z#G&&lPNAG~(kUx!bchnrfLR!53v-GF=v|E2QFj7nL
zT8yz0o&)$UBx-EAY2Uc4a7;cBvHO|Ny#s8vNrXGlOq2By44w>p#(Ewg<*+0WMFj~~
zsb>5j8rn84HbBtUwT7Uu69>aS9iU9cu>ZYGVq7Ywv3w#2!H;`I5-oa3rgD4-(6N`y
zKtyxv?}hOwz{Y|oFo<AeueyDVTUdJp0l~Z~7-&KA_|e!f=9a}UN#IW*%H(1<`ZtaE
z;voouh0nGD!0H^#mxE4HY?}K51VP}_1#0ees-rXll%Kk?TboIP6>liT3qOdTQ~SG%
zkGP3FjIjT5wB@usB#4%T0_UoC?UDtHnM0VwzZ}rp<g(Px)$)?*XCDW?;%0fN^E%YP
zGgQ^djCW&{=h!4ZTin_D{>5SCanM0Wb^LufEvoz#k79ROz=nqQU)B?i+R|_{wvNAf
z*u8fR=Y<KwVFVWNcKme!zdkgY(yuL)vfmTSw9~VjS+ai(y_EHQ+aV2FYu@S^N<4G?
zHTKI}tdK;8vg<Wib+)c+Fr=koJnJ73E{;1^kJgmHAW><JCQHsEC+&*2rODoM$jkB~
zwd!8;=)(nnMwvO?oB&$Riri*YadO1m!wHpT`_b_-yAM?vn>i+=57xI^=QA0%?_IvA
zF4#cMoRuYM%I|A6p{TwW8fGshrLx8AUHMqEn(&i`cl_m@X@*+jys^Epss_uUlwskc
z-o8YERrsU{qWV0$-?;J9;iaok>}U5}W1h_HNd=+AJ)J}Z`-*d$huyG+E!^aU!nc?H
z`jp9VeEHG(myA%uekQ6PFJ9F=V7+i6&4u^IcF4vL!9Mp{OvOe13eTI)ay9u;X~!_V
zAlW!EQREzw7H8DiSk~u6I&0uYW8`^%vq#38tDrED8^zTm&d@NACR!^<L<qS~ZN(?q
z+WoA18LOhiV~b?2nRMzbzpbQ@x0$LTr&-?gHQB<@#^87DGmCPqhb>JMJ3dJ?@onz~
z6z(=XsusA><q%i~%)PI@QQn?9-+0YyKRk0WpnS`FRoCFoBxAgjxPK5gpsQz7F#;I8
zCok4-*Qup@Q+}QPY?v3WP@3B*mgGg33hzniQ61c>nlyT*<VfAAp9xBxw0t$SUA?F`
z4n<M=$v93L5opVIHxR24>IGwo;=fEfWzGw$sP?=AB^4??il3n}jbh_~_bmDLVvzel
z#dz>IGI$RW{@JU|bgAe$HH+*w@w&rx%{6&j=9W@}K>uDx=F^`f$_L%cd;O@`LF56w
zE-ed;`)6obzc?;#p_|Nwb!_vU2uDOt`t-m9+Nod57>;Fj4m;KJ2~V3dWS5dNOV!PC
z#3fyzMohwK54qT>%{RtCq^3pIYabN#_B>*1%IRis@P(L<E8Nhve%BlMZvRG}BH*H^
zp~W_w9d%#7yL-E+nSFil2c5!C9r<AG=u|mw%{f|lW2(vg8SCy@i*>KNOYEaBb3#yo
zbH^?WXWJW<U7Br8y-HLIe1d_v_F_J41qz?%+2-Lbem1ve8LKDCwHc+Mm#;z)UAxwV
z@F5^C*tA;li&Rr*8I+?OH^+{{|Gz)R!tW%cgf?BD^dzdhQR49w&bWkj(ga0?h}8C&
z3nscL*zWYV#Odmm<f%4Dt`)RF==CISZF%WcS(k-CzYpj?6FJv)m(Pq8?O!3`ASM1K
zoBOK^X`Dya%11Q6(|P&0FtBNqt8Obt_zAM=sz6J%DHxKsI@u~`HL;h}NzSaej&aJp
zYUZbhPixLzaCl^zKc|uMtxqaBL>hY0+A64^wsKxoRy;-BTc~4~AZ;b>D{mTdELahX
zj*9H3=z1vf+j8+6hQpTT^2yHTo^0E2-pnnWNXk!Bm;&}1FO^1E*dmC)6ZU%Z2O>aS
zVs9@b;CQQ(=e}=T4-4aSPN!|7+9B?yuA|fn6UM{H@T;FM!o5;qT82jY+^I)N-CVpp
z!U}YsvPUH+dF_?E!xXDhEOds`ot7b7cKWF~9OU^|wv;zdCw8`4ro51!FB#D<8)_27
z2aW@2F4ASme^PteV$O8iDzhFPb30zC7!?ctc)ytH1syn8LUE3$h2rd8b533!v{2d9
z`|tHUJbg^^o5UFoqn-F{HD8GaW^LscKV<eO!%DT+Q)-2VWfjNO_DsZmO~k4Dy^yz9
z_h`h^B{#|x%|s)W^zlDS;<Dx+3Morc7K7N1D(gGpV2FoQ)JWQ-7l`<lKSH&cb~{!?
z3ii^lmf$xdnsnY?X8f&%MAaSL-SldkcVrgH<t)w9W}yo7g_aZ>35}JfmyOMZ<jHk$
zObrJ2na0<K-vvaPQnRLfgGf3?p+^h`xDWCc(c6o{&SCK|J3P_V4p^_$4|-@zokiQ|
zm;KvJ0!$(4{l|I}(-ki3UG}ehW*jp59!`9^+{5W$O<PALXy#kM=4R@id4DMKp$}&J
z@T2RZx`aR<tbD>=E3QqIHhwVl*Rnz`jFbdeCbC=FuSkAub~eO$<(he=OQ$CA`YZ16
z+CHgmpX4>#kO$()M%H@#cA@wLY>q>CqR<ec;JFgj8O(XJ+NU?G+ZP_U;7<prY|X{D
zrie!gha`L@a5gv?DHu<3w!ty^+;_gmfW{|dVAV6WO!#bdaqOz(j+BOEfUolKF5B3w
zDEf%Ze|w+Xq+&T;+|Adm>iqZ)ch3J^BWnk0WJSSDlizpcMc)79A;aR^iX+k|`D4j?
zId6*3e(=ylC{<(1{y-+w;=UgG<`0|{UP3E;&rU82jqlP%(YHCcpJCvAnK_?kUpM5V
zlUwN)g0{uzThdF+ZfFT{Xh+kJq(<~;@$e~qJ|3FXJRYKNBV4p?Nl(KdYg~lJ&9CpX
z!&G6Fwb}MD{v-#$bIJyB4CqIar6w{|WG+8-r(~3sCc@e?rPKhs2vGux{{pcHk6-{i
zv7;s}&_0?}0GUKnlbQxW?0}UE^kW)tu7iq+G<<9v=;_Dtkl%-Jz?i-eA8K|3M8f{S
zlHVPt>S-#$00A@|7HLWYG8OWBLj;QC?VN6p0@m8J91mCm<neo#r9`zJ-b$VwEcd6i
zaF*aUEP3OeJi`Gb9?%K@Q#XONhh{;!UT+~N9eZE~)&JyyL~oKqz#P7&0*4-ugjs+v
z!Gdc3EJi_dPi+?*rsSTAONt*49i@TWwx*Mq4JYpx2!bN1SFe1O1*>&S{ozN0#6q-V
z`Wqm)85V(+3tz?F^7WXWof?RFwXxJE1POG=SoN{SI*5nS`FB(M$f{zu_PGW&F-FJk
z;S?K=ECDV2iwsP;r#b~)@GS%hBAgxlN506&DueB`3UMD*LU?3@8E!m$mlG46pG!de
z5ELiTDT>bKgAl8tY*mqmrU96hzb@aW9NPQfzlQ#?toXW}<5TR^$`@=FoCn!|VXu&W
zey=2!Tn+xR;F42FDWQQ28w3zF`>sg$;X&RC&QI)XOhHCe)@kv_NTDHlKr&5Z!!x9$
z#SRqIjd{3YPLD{-vhD)Ipfrgqz_pdwH|ucoDY!-YDhY|T0yWMD1$9{rYdV%iYC*K!
zhe%1uz%6Biz&c;e5hL3Omd0#p*BGM-GV^c6a9B$P_z`K(ez;EoSw24)k2uvB27nb?
zbtFncrGckT5ab*zJOV<q6jL3+9S83zV7VdKcW}RyteCHPYjTTM{|ys>iy8ts$~Ocn
zX)V{!tI}jxWCB}QV+X_-mDGO&l7@%5O2_#z%$QCZKW6OOywl;w$G`S!D8FURzdO<q
zd5%C4Kk`PzFkt}q4Q|Z-`+6ZFqWM&Iv>z0di?j!DHMJ;-`76P5Eof7{Pl0n!15*Mw
z#dpnGRVN(_0NQ!j5vTW%BB0SAwi2TB9squjo6_bIgtvP+Kh4GmZOFI)AF$8K&Ljxu
zuK`Am{STyGDkCJwQwS7#x;%)(x*dIj0nwJ1hWFFn8h{WstjK^n4+3(7upvSzV9Zhp
z;f>#5+n4;n0IpP5LKv{Yx*?kivEFhF28R@o#EFrR&2<&<^;N<4t9d$&V9OpRub!W4
zYqG6b3GAW(x`1B*x?q_%-?)_@;Qn!<wZauNm87rmC~hGD@fS$ygK#Jr^4A=cCi=^`
zgG_P`vA?upq|{tyZpU#m5dz>dIf?}^J%Df}f8bAA<^pQk0)F%|AmG?eZ~cW0pxdU;
z_q`h++$?KzKphTl#sXl<1neYyD2g2(g|){>YXXW5f=wIx)ZFT+f#cSd9;!CHDow~Q
zTuI{l0ipD(hF+EEQAo#58r~LfZ5Hrw4q!K$V8u&I!>4x3cDp1S(7I?n7DOARno5)W
zeIVkpGgQ5u6ncRQbo7w*K{Uq`2ox#aFD#`px*eq9%JxaJM*}L34Ob2rj@vWy?_3xX
z{UcF{=YhY~-Wq^KU=nJ~&;E6sg|&x6q8A^}D7y_mGmKKT<nE9GLB$lN9)Nnu?o(xZ
zN?b|2up_1c(Z_jvIx3WBd3o#qFmkJpKTr#Go`jyhl29>o=`=R`gh|`;5bF9I86r3%
z-z=bPz10@-YQF6Z=rW)GA8l$8R-20S-E<jgP|xk5v%M*;N9>%E^Hos&l<M!_N|-9<
z#kw^o60suH7YQM$_CQZ_?+@hO`X9)#;UCE3;^L)E?sNe<537^tKM)s}{@IRMqp<gV
z60&d9ttLUl{*S6@7jL^`l`kQ28iCCH#gl->{ZU`)yqFfbHqMt<!dHDOcY+0FmumHe
zup&{y|Cc42Atn}8Re60i?zvncJkm5OXHW9t59I9den^H*0+XCGbBo7|C7~#~(D|@^
zRP}?eN^_Mdijg*7su=l5MhI&O&uFX#ib@7AIjaj+eymC5T&b)`7{#c#=4FNM-Tw)j
zkEQ><VI$u@ZA>y^s8=62FHdgqT{Z8u#KC&dK<FIpYB|D9052x~(K2(6=;|S5BBD^P
zP-rC48&AeTC+a!$jhAJ5PWn~BZ4dFR^RuAMvzu!PuEmAfMG?m1?f1ezEyCW5hshs+
z?^p?R1iY*wsBcT(qP}|hjT1!#teoJk3noMtb&x$YEg!Tcx>>A~Nv53bbP*l)Z1^Qx
zPSsT)EsJhrlu~(vl3A|+^wznyobi75BYTC>v&%+h@2Cf{xVFJG(brwAFvwP$?(<Um
zKag?C$1ha{o+f>#>%X6|Rh{5Ob;a4gG&FNvD~mgKTEWrO>t<Q4=xdfJD~4>P?ah%4
zbmeE2*AvQU((!7(efYid=Y0z3W5JxcjL8ZwlfBX1J^bVYbo-EminCoiXBSHXA=PAu
zbH~=TOC6F5`w{J1(@M^^cc+LGn{*k~{Lse<H?pqN1s2LJcGqWGhWIhB@eAl4{Bjxj
zc+N9-VfVhIjwOWXz5Pq6Mln6o`v$xgnrA>khd;9WY>zS9u&uDg!rkc{j?%mpH6jyH
z>h0Wt%7^DpG*~;i^Nt&Q^`-#v=dvopUu5&dCyH)YMTBus(s3>arz}gZvpykVMwdw6
z&!~EJ6B<|p-ma>-iv;+gFYk$|O@3yYa_Q@@zo(Z(v$!aPj{{dv^#tbaNqb%D0#aQz
zKD*b(YHvq{`$}b0WjGd(o$~n3S=iMEp8w1|QLovAS4EZt9vE=hDc(7nXY0s6z6|(O
zg1AD}X#cutyTIr9fxA!eDIRR7STI@MhBJGDOVxix;e}*~cFFUTxY=^o+^V#Q2zQH!
zyB%Ed%X{mmqhX`v0mX$dt#$NLK8cb(u*t04#d>A__Ydb(6ZMIA+922L_0OM=$wfP)
zJ$+<T`x?|$%WY+0mF3UMmGe&%&N{w7azt)KZQ^q3J2d%M?-4X$oR_27jy=zqt>LUp
z%b##+n!oN`<dU^hJd$*rSrNt9+<`@}(FD8cDnGq>xr9%Dp+4tP=vK|uTV%t1yradu
z(&u<aBq3NTbK@w};pb=EE4t5W?bUtwPDT@jH*;-kn-5~D7wj5`S5Fh&%0A88l3#!I
zjhWrip#{>ZAhX`biPr+F%=vn>RT!^1$8mApjc}I=WAn^B)yPnM*69^)%>+fq;tNsY
zrrdP{sRtEaH_VNnP~Y~QPH%tMQnKDZ57%w*ux>-#If1U1IGI|$ZptpXx$3OU-J4`m
z`|c(&k<+eaRK&?)!R^z*iss6Qs-tCg63=%3cQdd7-GFrZ>Fg_2)h~XsaFCmleb=S4
zT-CG@TfAt>z2Bf!-1#_dil(d+kCnx9#8sP_6{a(>JZw9(MQ4W!3_;|~m`HJNW<{~a
zb}$AOxA!88igbHiglV$)D1I^8<1eJy?-UuTYVE$V6B17hq)XpJ4kYpH0gdu+UG7Tc
z@I_xIvq!dBRM?WLoM?MU66FM@xqq8SsmD8Fd{VBkZ)fb=ZPY`*9*2jJ&MxgEdXAwd
zA$H8VdmE-t1&e<nygfE@Yq!VqZ>aS=4YVz>P~T)^QQ&&Vzs5Jf_)Kgrx8mIpJb-*O
z%$@EjTnF#D<%T|kV<@CVnTLCvXV06rI_`AExqj=2YwmVMHCLdEx$S^_R|Uz#M<o_`
zNvZ2f-sW+-45|xzS5c4mqM=@Rx#!FS-t7C_W9M4q?aVdzv_!Kca3<Lf@b(`h+rQ-c
zT~#e*-hIspKn?v1r)fX0<Bn{b9&eg~&l6gr8@V;8+kImnf_6_>CA_^60hhF7IWiPa
zcPGQ{Q}@f!lSuBdze4huS4B_#WUz^Md^9pA#P|&wH)jL9)w;2;=PrlZ`&-mEzXoun
z<#qPU9312&p_%*3hxRuw>=(53-0lsh*CzBRD0T8ne#d9~M$L@JsN6Vr{jKwCqYQdc
z*Ay7gzZod(6BG&kEXh~77IbT2>cI$m=i{W*5~^OaNvUm|u6uMnqV||T1GPa|`4sfK
zem1hvSAh0^D>`c_5DyY((XPZu$GaBHcSGj#{|5o-A;Zo{KPp^EfaIt2px<Hb7t8>n
zCN?(N9||_eS=iY4W?iI=v#A&npIY6K2vc6avxHBxgaO@8f1Q$~OO+_$?lH<u4JF;Y
zIAE1j*KgHXpb+G}o1R`Tl3t6`<{JO*SoZObG7W7woyH7*02pN6J!SYvC3=_*6|<~K
z_c0&$41(NR(yFBANJgrKKVKg4yLujE>8T@Psyu%Kh<Z?YJvd70VcQxw_j=4w@yb5C
z|JB}MaY&F6qp~u@!Hs@jrPgqp2rMiv{4R!6Ti5{_3cR}B3&B<UDWFnjxRoF!e<X+k
z7{~8sKD`{yrxnEa&h=g_1oFG}Q}UajJ#5&DFQr2eb#;vmXAJm&&g=fJQl`#mgx?<P
zf+7TVmcy+7&RiTyA`mSm5W%^^UgQo`pIC4P(sjb%AW=#ycZLEw1DYM)SQexlbb}ST
zG!76$($Nhq(9@2@OOp%#tp5lHe3XA^`$r=oh^QKH^Zj)*N}Vm&q~Xh7-a<vhA&zp;
zLD&-0H2i-|+jKI>;&oKR{?+daXg|erZ){i+OlKDWCERK%yXas*yQRm`g+>>g{60v-
zF)3S>eE>Ex?_kbmsx<-pTr+l~FAGlW2K@XLL5r_9rHM+$>NL7S6_^4v<QFmdltCA4
zIN%N!G`gldC@AqQd^zM^<bo8>BE3~*ZL%0lzH$JyN%xm)Flh)213L!jOhf4$zvnoC
zW<uPnB7%!P52x5=390OwD%!OwAVt{6s#tvE;6YIoPyH+!l7=nEd4CfO>!oFbh2cOs
zJ0}CQZTvBUz)mH7ZD3H#5$MoNsX&M9?mkF20=yr9I8NY!pyPnckR%0K+V}ymX2xP5
z#ea~FkiZXuMM0oThkfPOZ=j9qX8()0{1`so&Bulcs|92+doH;CBSXmlnYI>QF`CI1
zlhT7ySfJYly{@F;&Nc2i+MoUw$NmjLQIicg1HBi7A}ug$bx;KaG^u}Wvp}P#3qDXl
z71m<c?CdK}MBsA<rdZI5tE5HN=p+WDzC@mkvy!X8^;S9#Zp1R5IX6LsEq*SutrQw`
zS8RdLDhCz=-fFGreokrP%yh78Mcr#BCHSIU0#|<R^KcRfpD7=Fo6OIl1gTFDa#D(m
z?wQxmfqP2>?<cSh3*ftgY}A3FhL*{f*vOX!DfBDCOprVM{g-?8-gshVBWUXQe%>R0
z^SDib5QUW(rU2+O9<LI$W(D~*9sL~CQvw{bB#b3ie7|^KVR(MIf@NE#o2N3JeBJzL
z!G@FGs^Z{sNY}+U#BToox~`s|$%-DTW<AE*k<$pw2mc?o-a0I*?F}0q1Vj-;kVY6J
zq$H&UhL9M#kya5Y0qJJ2K<P&5?g15s4wVM!l14hD8;0>)gXf(0_rBNn$GJQgFthhw
zYwfk3`?>Guel)<p7as-p!*M<i^VqsTLnI1WU6Svx6Qdk81Vo1_(f6?<4mk3GUswv~
zpGG1|*LVI=MJogT^;QrOyHj9pc=?Ic_UT{EX0#NJ5Iy|p2^a&2ZpdziRCx=HXr7YS
z*9~c+Jf?*+LPs5Kk@i|eP@n1EaY&vI5D%ek$$YR&<#zb10MhU!jPBNf-KMoBIq<L&
zyabkiNKDMYE0qd-EEGZvmsY3ag!h+g{-t{mH?^I?pJX`!J68JcmvR@%My<~t4CN61
z@mfWr2h=AKw$}KG$;-!zGSb8>pSvX+Kxv;6w#rY<A|??6>1Yv`3m|vT<R6Z(wGk6b
z$14z*Kfo&8+5duKUn>Gog`HrNofm}n_%FWAz;N=V0Zgg=mMuNcL8k9nWHrbbY`g@U
z9`Bd}a7as;cqvT``J9I?*tEHJXvVJF%l$PS?<9G!0rX|f=53|QA$+szNe-EYAC%bX
zzY?o6&utO3V-i&4Y+^hpNsbhy=r&J29#!o{@4?Q5oacsTV>TNFR=0M!*4#fCd6uaf
zdosT@yvihWEv7feB@v1a)khrsG|(wQv`^(Cst`!$akhVc7V{2n07r=YfiStr%>p@N
z*)LG}#~W1a2#ylMXgQX|*4Lhmt$26+h9VJiTAoTT=kE9Uv;t5=U6g3wrHEhnTp^gF
z<eH;N9H+=7NfMzPI&m$HT690z@ytOViXn@;xIuny%PwT(t*OEY#KPuiA^0;9kx+-@
z?HVQ#?pvQkmz~42Dl<;?{YHvB6O5R}Gv%F&mWTshHHV(x*U!mn^JDqKNzo-pMY<f>
z_0_R`eup7$R9#tnvHtfcK<{|nMO=}JR*u(;4&!F<`~1qTv~@5#yb1q$dMI=+U*&`9
z=Qgg(KW>Vcc&N=x?;qrsx0g_|qdOifi4ivOE&KWn*Yk&;?<n8BQ&C$(=(|oM<H(Yd
z!?GqEv%WE1$Tg+L4cdXPZ{3`EVNJ35jB>YVvQ;tV8oJ@pZ;dQ(zQQA|89C9$frYyz
zGY#dj^GjPVe-76s;U%=!d3ff9V2odpzx@Mw&T!?oo#a9HZA?G$a9>rR{`ZZyFSRzO
zc77h@7j)6HY)pV&qdpm}TlOkCaEAtu!;~*_HcZ7YKYmhSXhGCT$~%vb#QCu<jCMfB
zxtE@-vM|5+wz{9ytnbliEAl+)_fH(WsND?y-E+~L{*vXy9(yUVY<QNAP#M<^nOk4Z
zuawXZQ^0F<^fzWsf7?@ZR>v?7<Qn$xCuP0Mh1EO*rLNlUFuA_LyX8rHUU8w{84;;A
zQo6DvNKwxSUFz=dpXtYi*!EhUn;P2E9_HA;XQBKebE^b?awDpTphVu{%J)oV5qsap
z-X}>;-YXh&HcaJ%cLJ&7`JF_chktRZsvKk?43YKP?<O);v^#t$k=^+^em9_1`gBAc
z>2{~G<SyUt%Qt-a`#ty0?J{cnC(Xw`I5uB%q-=ig8TEP8x>u~^L$xlFGt!8gGzl&*
zpS)CL>)Ne+zeqL2%SrJ1eUG+Z`b#yG-fvT@pYv0+38b$;kJ}EAbQ4u>^_=HMY{7Fs
z2}nh@=d1ST^NUSk=e%-5cYC?7^H`uo9S1%q>soC}G87F{ri|pI(X8$Wbxtt_R@Ox<
z&A)Q$T_V{ljYD+{m4`WOHtz?@lAo4pBJLWDr0w3^W|Qc$o=JzzB9u?&=Td@VkmJ+&
z-zVi!jng_9Jb%5Zz{GH7wcOG@Oo^qCr}r%iaxJrhp8uN~GM=W}&H-&WH({>1_w`_P
zDM7eDy%Rt7@R<y_%fTz3+WHC)WY_I*PRB~gC&oW(qkG3lvV<T!)lh?uH4xTSJ1{JB
zrp}_XPDk&}HsUwY*SW_>efT{m7XL)dWhQk26W701c@1fMV^x^i_&%axeltKkEuCUs
zw{Q(Us^VsSa*_gfF40K3$Ajpv<F_JFsQ#Gic%+DXI@0oH+os{x7q2Jx=;9HR_`M${
zs$c=QP^0D{OYz*oNW%ht#v9V<h$~yi2PHLzbs;e}M8t;=b(tq?@ko8secv1%6n|Qu
ziH+%JNjTU=D@sQD=c+A*Q5>9hdlh*-lb>V+>fx-jsvdk**Fl#j;}6TK!iDf>tD>dn
zJu=!rC)Gja0f*e!Z>~q9bXA5bOlbveupITnaWwIQaR?WCuk}X**!zW%!fS@2)8{C_
zOCN#85s1FF0U;W}j>RuEHn+o);-TJb&=w5yKzW@EYpjPIcWZJ?lR%)#ho@Y%qmu87
zydwfj+=wObM9qmu^H68ZX-!CB4uW!ljSrb*9Gb!Mv#6)3v*u}l9S4WDS!ZsPk8tU(
zb&idc^`=o(_293*-_!Rm$KQ#Tr8HEhs9Fy%@8;60su|LPC_Q>_WPXQYyjYj)-sDIz
z>BE_}Lr-LSVt3My%T%|cK2Ke3XQ(QS$-#uUmfB^0EzCQ&<%s-rde}Qq(CTFCapXGY
ze)60v7dg}xqFPnU?c>K-@$zSx3NL=+6g|9Xw5*LPNYh5@iE()g&#knSaM7t1Vl_mj
z*;)@TW3=fPVTqzly)3EM5~TY%fs@Cc<p`_P(>X2F{BC>D0hGUZm_v4LL}LSyZ~}Uo
zoRF6%U73x)wxO&aC@|lt`YT&({dd+#itA}bM#-e{$!<x<b^j*?wBgHrPfDj(v~3M!
z4>noC3_VbFuLaWS;}o@42Qr5o>2wB6R_7k<K4k6WV|W@8%EeFbA3G(bBwA02ai$WQ
z`UA-}9;%bMlj3IOSaCmJn<b&!ck_wNNuXq*im_svsfdH#bMDzG2hGQ_kxmg#J^pcV
z9yuC*R(X@v#-7oWig#n^Gu&gs#Zx(_lZt;9Z?8VSHO`|g_F>oX%T?yS<viOFA-aOI
zQOhjzQO9Aj`OUN36x8C!kB1NX-`~ZXcHy@`IcG5s>HF=rk-WkqRlOr``IwQKfM=?a
zFij(vYG~6wE`+;2am<04=7~DOWSH({<+m0|=6Ca$aY>WxN%}J-xZM#=;(rQ9-2uUl
zOzTp}oyT``AT-M_+9<9A`2^Ep%s~Q3DN?vkU?hC+|3gt#WtMXAZnph_*bDpc8k|OH
zxD`#V(RvQeyIyh|tKm**wd<GKogb)fr1%4A!$g2jL5J-!35d-aD6dm+%GYi*W^{?T
zepryy?Q7(skOXm5`<5~QUlh|%aTo0KGSYp+!doL6Qs*KXK5Vi>&LV!>T=_Xh&!N~;
zB`JSxk7sa5^O7j$_H>;8(>5nrhJ2eW_I=1Wa0wt7h-wp~CnilT#M<WXoUhqXi)N@(
zYeHr`2XvBs_s1a|(k!#ux~~_3`vAnZU^E84#PC%IWV}y61|7th*aDXi_mMPm6Xc!j
zIA^;1wnSEyf}NU5z(XIHx&}163jVsic~3#BJ|D+}%kLMwOroG0RIGH1#7VY5paQ9L
z$t;qs)@0tH{cjwC$RU;_TEW5`z>**98-a^1+kk(r=MYeI!CFJ$2v=tO4?~83Wk%Tq
zwCNE14zk&x8;bLcvi*fytR^m~bb)RqIujQ@9P(Si%8M?^`~W^N*%4XTymic08wm8B
zZ;6Zq&|!^oi1>zLAxF?=aav2s>;5_y2CIMJ%D!Ow?1Iiu2h*lfZ;1T!Fr=F0xDBT~
z*04tN64n4V3JcG$0H_ln6#(rf_JLb0*WVv=QGiGfRQyTgKL$XH1{C`xUL{}(fPkL>
z<5wj0bpcVq9$ip;1d9C7qWgjuPzhfRa;soJZ~NR+@bY!ODI36DL2l!#NnrV_RoqvA
z)?&URb}JYH7%L9FGZCh@STIK3-q{DiBD}s94RS6DK{Ua_3v0+%f5pq#^1o0Dso3pr
zfpmN6cn0lF+5#3)?HQ4!RT(A`PSV6Hwg9;?5Z~5p;yTe0*Sr+R>6K1)U0zg_nOF&n
zBLnDxM6=*8#Jl*8D{I&fl#ggPf@TgJc(-VkBQNf)IL9BzE&(++5Cv45xr4*UO|Bs9
zEus+1!(I^>6@_L5F6OW51t)spv>G5GiW*o&sg*LQs#H!?_WlGe*lw^YO<W)vi74k3
z2ZFG4NGOAKfdH`F9Qsa}Y7GHOPz^@W_WvV$n^RAweT>KO|MQ!F1#u8yMFK9Th?SKw
zu;VB(?!mPku;k!vS?nlU{vFp?P29070NTc81P|^aM_)^m4!lxSb_zXQ`Z$P$z(FE{
zh*pkf?Yd1Y0BC)e9)*|dpnJ6v`GOkQabkCFGwgd=0Y5b?jpeR+K%MnSk`|;FBwB~2
zvfTwQGgs$%VckX3mb~+`KtG)H%M0O4Smp}z`-my5Xbj6$p%|<RgC!aj$i1w_1BkoM
z#|2Vj0d@5mKt6=Wmcq@EB+vv>l@@|6_oAZ$w#(pEBRG1?U|xk)>|KcNY%O^-3excb
z4ouR>0G6NwTfk-1p8OAl@90ukr}ss%7(kBLR}a8L?QA!4Y^^0QF<tN(Y%n;)mfr$V
zuVC!Kb2N69J6%YTA;5QO*BRG)kW&tmuX*7o!oK(xSi~G_D+tUeD~MSD$sypZI3G~s
zhe23^u)RTm7;fQ$S~8Ck@eraHn_&B?31C^DCT^^~Y1?+LbKB$v*))5JN5cr)7m{9$
ziN{Nl16XGb)FQ5c20yG5m*U>Zl)Gh}gTkM3(4KQo1gq0im_OErn11orgu8#uc|vXv
z4TCUOs1qogV<8~ct5gh>6Ek7?ve1bLlvq!Hxxe7MYB6Ab!aJ$qqPk`SnC*vc`jYuL
z=8Kw{SvlZF*}HJ0NgU((ByGiggShvx4MAh_b9KY^82{lyu?}4L<T|fzN)zXCQszC@
zDZP_;@o=4a>S`i)m)^<(VV?Fc1**Mt{O@^eF>0*I18=xHa_*92t&#Z(x}0r_febJ?
zX3gdsWHAhK59!Rn=9BMs#=%XIIQzgI-?Xh@!!&+dRLf*K6aJsE=|U@yt&M#lx|^d`
zd5N{|G_39YT{;~__+{D62uEt66s%6K<wB?DCO!iUPX9o#4yX42I-Ir_5fBz~&rJV;
zEU4$#wlwnY2}$rx_{w`uzneMbw^Nmji~m@p#6qPUQ*GU<Te4SPg6LIl-#(c@&Imib
zOJ2r|a~nmEio@QSXPg-_`fypD(2j&A=44_VJEB;({93wg@f!vm$i}EO@@nYQm&0D?
zoowhi)X50P9eS$r!M$FxHa!aEr*0!C5g*#Mqa2|`j5`HJ+l}ZySb*rcC!dBceNp(3
z*s^Q-v-6e;qfLhU$$ZChsn(Wy@r=+a%nM@*oq8<K<ugH9r&`%>RzFog8F48kTjA%f
zMh5QaNc1jj!(RCN{g78RF%L{BdMM>PzDkAqXv>bmwxebyJ8HOu?hc-W?0&fp`L>=q
zq>`8S&eZLiS6Jbuu4VFLgHJ!bp*eDOlZhkek_;<$D&`qF(jt*|FiSTl(#}amwyCS(
zE{Wl$;-i|}JTYv&(<5?$(9N_tDDwH#<SpSOp}3>?c4iUV>ZqOdwT7`m-0xK1e-XK~
zEs|C#ITsV0)w^h}H0Y^wedMi2m^&#eA9-J?OgJ>cb6`+<R#C;b@pxFN=ZfSD#dVcz
zTlXXJ`l=Z9w^qC_@7~o}Q{FG~5HZ-5a3{4HFq6CS&93UbmE)Eb$}~hhLS4R^)|KBR
zQs#~`b0}#Kd}|+h`)V~CRkpoP$y6mP%3gozQdh3fYT$%&^qjt5A<Ku29zV#c(Kx2C
z#@F5kFTLjp>F-bw@SJ?!M9Anlf;zox&ngDy-l#T_NGM6;_TB6_?f(T7Tpgb4UjBsN
zj^gNw&ix9XEKTGnch`^WD>=-NR}f#*NbUTwW^NHZXXCHLY{r*YbaP@nB<%8VXZPXO
zryt!vJOqlM`HahZMU{NV!S@rcNoKV!Un1)&zusiCp_-;pu}f5gs-t|a@F2dpE$!%q
zyv=U|Ha4EAeX~mQC5?Oan<f>tN^V#7#~w7eu$!Ym72zy`WRU*4UD5!d(Q(4>jb?`}
zT&unX#9IeL75bc4*9c;?!{9s<0nwy`?Dg^%$MLwA3n+fmz40I|F1StI<$?Bww&vFQ
zMirn-w-46WL>=ZQ`?fPNM>+$~W^1BeuL+RsLF2sGnm5SoQm&3!-0`7N`SP-7S`Hz1
zY>;m<Dd9ocaJ&4L*d<r!_wy@K&3Z@|c#vT^W^^zh#v5~b*V)hW;DB7dD*IPaV8iD}
z8y^0RA9toGR{Z&n{aDL7@~w9g-b4==<8=Cz<{y?yls*fy){hXR>1MC0<;x7_(w4nQ
zd2{vE;m>~d*3loz?5+}fMG0LeIeNE`af`F<&ms_`psv2pL~_ORlA0##VIh+K<04ZJ
ztvP5nS-&T<9m{8!eUx!`|2Sdsoo_X?&mZNXGQeGKe7kV1Qv~Nj26Lp3(>l8F>QdF{
zJ->Wad)M~f&aC5z%<$#uy5Q*8g*;<}0ZFPPaWc3O%<IXzP8x7Yd2bd*74_^j3ELE%
zU+?47#Ln8f$}*JweYGdQj#KAvb@~yU!Fu9KN`wqdMN}&JCalhl4jd1YkC0WrT}z3+
zveYL1Xt3<uFm3T0f-c$d`lA;8#2Z37D6(DAupbc*J_X64d^X?%91A82;a+-MUzdem
zXk0EoYiPTt^qRC=LiO?K1_ACt;rC5@vtgEj`S&Fm_{JM@zEwRk+Mb2n8J-bZY#Th%
zJun|$+--`+d!f1<iiuK5=s%EIQoGuYv3RzMp`6I?r;DNd;qS>`LeQ5vRU8SLTkfO+
z+Y3UkF-l-LtZ*l*a@#Tb+g6SZ6~=4gHVcNu6*+7gUu1VV&F2<8GF9v0wp4AIo_f%|
zB_v79r`V0`hbK|fLT?OBIC*iOt}`e;dNC%1Kb=CES%5zrKos)UJ&h-8RAPB2C$K|X
ztt%%Z(%Hx-r5Pb^*^10lxD$xkxK%a&Bv|eajFHbS*QDa;^ym-dRa9dAzSw%>_3>}6
zOsL`6J(urdO(e~_$gJb&pG0OiUT68`;U1KPxAv;P8Z#Rho+IO6ZJ%I-Ms%O(KNw$1
z$W{M-rIaly;s;CAtI8n}^UiA4pd2+9`0h*@Vo*>grr%bdpt%r&=?j=Y8&p7~z<y&m
zs$kr^l=RV-(9Yb7;g+tG$m6H?q4T=XUVDdc9!{JaiS0(Eb+e==dILFxX%6NQCxqH|
znPL?oE!&}6yy3H1(4FkE9krIaqRU0(!JRXL?=l{q2^^J_bp*@pDr@BP0C(RqeYSU-
z`|u}xChZKCcpUE>Tw!KuFAGyRv`uyjj%st+JK$r@d47+DGqO#)h`QZKKCo5zHGlfu
z5nhK-o^N>Szt)N1oajTnFMm%hD4=FLxzWn!C$A_~V-<%!d&pxk=`Ps+>+6vvQ{8w^
zoKnGb?<uAxsYRK)ByhKv+L*4rcT4D6zTs$JDe>u$c+H77YqQ)jb5O+bEnqxr9%!f~
zbmhC;wc<}#Zocb0#O)iZ>0T2m`W7f)(&W&dZdDtDZgH*o6em2m@(02@9Mw4#dj5Y3
z-Zm;J%@}&oXdvXv2yU;bvHFZE^BgmpY=9q0#bvM%yJW6Ja^c&s#>q&2`CgsD)v4xg
zo~%aOZ(e(@9@IjFL}WdF`3C~0C#e}#Xd+lQ^K;42$XXM3Q4?2LQct(<rDh(fCp!P?
z0vc~<$0>)~_NqxKazBXGR@K_Ob3gcjsHo)X4Qw6Q>8Mv^qtkhTM*A2&F~PFx5jpRV
zS~Upqx9j4xbop3>XKi*>P8ydeVD9x^iK3P)8d<(CnC5gI1`6}L$_K^tPjx;#e;yty
z3WR$Qr$}l*wKx+d0`Qkk(8x&(6h2F`K(<A}d_GJ;4`-AAo8D&6OfE>(xD-Gq53e>z
z&ju2!^vjR>HTLNGw3ZlVK}tVw%WPf2Lh>Ef<5c-Y<k1pVsfACsE`4oR<a0KE)F8H;
zj{GunMmppk_kB;8r&b-bjvd&%s6ps7_eIlz><cRflg5HaPDNW~&#3%80#K3F$#E8Q
zR_?!rH6no>`R_Z(^jqVk-yBH3c?<Zw{D$O4Yv@Q5cGs?|{ln+^`cV&ZYScoj^Z%kh
z#RXigp_C`5x`1a0+hczWN^T@|k3eJ1C}4sj3uqpo)5BKFT?qAto<5ojU^!b4pUYaY
zk@?o1_i3^=$ZQ`HJQbm=0J?@GX(+Uh4?%|isi7M&&3*eMHvj^hSTLZpO$l39*9p-k
zO!R!zL@W&$AfR{yB`x~edE;^BWzOsd^TY#DK=%{-mrkSTJZIPE+Rp<*xyCriUmPX_
zTwV(D&|iFLAyNj1g5L=ffvwE9Z`6)G0px$d)*GK-8h}{X4VWi2Atj2yUN+ysU^o2&
zX(kr{&I~YkX>tA}mqP=8)tn9*5&|BOMtPtp?o_*I{&jnLIy2V^0DHth(1_)+vLb<7
z?Q0^DW$8-|q7uP`m%zOcy>S*J?^D96ABVBD)}s0AZ@FJ6fd64EmPZ68J`5Zu2D97N
zIE5|#v2z*KW(~0;vW?2tqM#27fSmzgKxV%MQu_;%Ge@<j<99X^yjHX1Qp+of0(>Mc
zN9O`St{WNEI>7st83~a{2PnBvD#b>IaYtj4E)YcbiW($QflIG~@)va2aTf2FGJRC0
z4v$3_xy|<Bxo*#f3gKT_1;7%w(?cf;D;JE#5^4aYY-7Kf`mCTE81?qy9v1lxs)AlJ
za1Aoj(L}72R$K=IxZ^+paTn=pSdv)|>L!-!ngt9#@Gtt%fHKc4cJEM4Tp3`b;gy;t
z_?%!9bz6ZxALm67a4<S#9AxhxhvYnT&(0%wJe}~PR}U;vKv}Ok2UW0-=VfW)EO`f5
zPX-nCFQztYKX+7ynB3k1J|5j_-{=e2aWIC5*#M?}lq$zIf&e`Y;2L|h5dfxvb`feY
z?<1poG@y(V5Ou)LDCau>mlkE3m%PGMmY^~~vseHuLV%!gEi<fZ3fp?(55(P19=tt&
zHF&&z!D?Zvpj$#yJ%k$6fC2?^)#cDEH)<>o$Pct_OTdd5lu7o8gZcysB}FqEe}mO;
z`77!8oCZi%N%JySY$0YoPC58Ba0AKeb<!G&Iv@E<wc;xwh6%&7V*)a<vQSN|7o~aJ
z)r0)iU54QMV2ZH)H+r|jhq4w-K;O=E2vM?bsQX3p2T<awx)=f2I0Zo7Rb1{@ei8C=
zXaI}V(s8J8ow66l<HF}(4kWxArSFCi$%bX^WLyXxu^LBhGShq<X`V5`dsd6|91q{p
zDbC9VWI3VPf#guXaf22Rf-wUz364lfK=t_xLPoJBsL4|Dpu&sP8913J+P94d+>G`w
zKRhw8&Xx&yc!+Hr0#S~_=v{+TgOaUc=jOgkI`aTkM@#KPnmR5_qVl-x*9Vfo7y&Ic
zHU(AB;UR*A@Wv0-Le_?++J*)|s}}i{dulvt!l^fL?}AJUB&G#MnBpb)_V|0KHYX)`
zG)S3PizvIgF%th(DDScwp~><=I!<!sKrEa4tTvYKdmG}GPLM#zm-zt>T6eNTN<6d}
zJ-bv{X1xHmdsY%$O>)z)9`FKpky$UoSRP!KBmmtlkcBomeg;c68gtxs51^E*o{Z?A
zym^y`_n>731-3n7*7Ydih&h!jxgRZg<MCbE%#B*VRG(26P>ghAbdxHUk)8)j=b5p?
z^;^5*>GcylGfTGCZ4LzmmDyxaw4a^*Hk*&ctl6YVo>YzkSJL3-TV%^nSyp<@%Mk%Z
zyl9erWQw9Ls;nltrp(Ov#}=fmD?xAJoX>V;C^)YOQ;K=eEoDJv8ihY+*z7`){p5z9
z(plSHx5@TMird|osTP{4Tk?;&zw&tY_ywxz+Pjvgy4W15z3|^h(y*kNSka(4(W$J}
z35sWeTAicBDSM9|%luAvoe%E39)WUW<&}4=%IofW8Zzh^%*{E*&6H|9@!=cMkD1$!
zrP>7Ph1*?owf##E=$R$*+20WiG8G;>`+<s4*27;ewXc~hZ}|9}+f_5sy)~TwsA}J{
zXwf@&rDU8mo=L=|G8*wQcKkIeT(21Yu(2+B`wpz0^CeKYPv7YkIXt2N5%sJlFQLO^
zA}<+H<8U3Zv)0lu^o(W?Ej&Q7^+*)`wWvUr&-_-y(J7OK@G0|M!{fxos`?qs#`m2Q
z+ES_4;y<!<haZO}<sR|a9`8tol#Z3So@`i1J|M2#!=<RVq<`BTTx@gqaMOLGiUmYb
z4UIXLgycmwH0HyNU9!oG^uwWN+?TsFbgP0{>Kz6o(%Ge&a;&c`sl<QyIceFjd!A1L
z+a`0;Wv=bpZ%rMi@-ck4x5QPt;PkafTY;C+@M#&UMty+04VKz(%BQK^SCK;5nDz92
zrMuoxo!E6GELAn$rINsXge3d}PE~Q~@7iv$igCNcuGe8m;hDk275n}TYKl({6Jrn7
znMl5(ET@khX0+|Mvqvgf7Aqh4R=_^CEgR~kr!`(Vn?@p{w9*vz8Ms6F{7Mc*x1Qa~
z`q?VCJoIJOKaP3I2E$mM*uA*BY*8Z^=l(^+(c)p-_r&3kGxnTh_gil3oX(YuD;72D
z`#pXn{P{-9vStte`G8pW11rH3%gZq{rPHkgQ}?dZIJnY{**j#+Tnj6couc=X!6=l<
z4z6^cXXPk4xGux$<c9q|xJw;mQ08RWC2f=vz1wW-5}1u;J462Tq5V<!X-I<CV_Eua
zBQ5M_=O@fM;qt<Q$+k!E7;+R%vM#&jVb!=~-J54K&GxorfB7M=^p7YJ8lVE3<7$_%
z+g|0(Nwj97OibMERG>63ZLBI)3l^+*tXTPBUz&B2I>gYB18U`Lzd2dW73tV{XVNS1
zxr<Wwo@{a{RdR5A8%MlpoPFJIxYkJS>*8i78TTXph+jfS;YIsA9&KR#a$5sFX3&t?
zx>-CK_ek5_X+`6OkGH{F4ZMo74!oUm=hg|sht9;_AD$~07w<<;-5Lzy0y{ES_UrWR
zprDCn+Q}DHFw2mmn94J$v@k!RU#3jc)O0%4dMYZ9-;LgS>f=qg2MaW!c`Z|M8#W+x
z6&IQzYCf3OT5r*8znByL(sHHt^W;7a#%*4|XoIseYgq0<ZCNgVxi)AY$CO=0@33aC
ze4Z#N{_~e6w0<RP@<>SK{C;y{a1$YZ*kw|Jt7JN;_cB#M@baZ=7K@>XTR{crW8^~3
zr|rJV&s~yDH>{pw$b8aF+$nx!7QzeashZCkW=0D<7LB;QZ+NNY8lmdT3#=TIReab_
z7A3#)nrN@38h0O_aSP78C%2FLS(A>N`|aEox%3)wcXw(n0Z~QpUYF__{im$FRXyer
z?($q_)$+$|=)<b#mFK&n6wYb9wL+aW9w)r(LvVAwBGMAKv-ySA1j2fWDvO_>tBuL0
z?UwCWm3*bc?dwVgT_Tk<EmmQU#<fXD9wJ1`$4{Vr2IhGo>&EQ*7%LlN9^muA+$${u
z6WPxRdMiFqyX3z0X=#xnC$dbS7w^Su|D?+U6`f7tW6vP_`ROQQon^&b6DsKLz}f=I
z8X}G#`6ik&No$xV-2XReoOz$cL6QIS&tE@%vvDDe2^&-|)R=<{O{07VR`)<D9erG+
zi5Z>lv!Sp$EhRpEc<4ulPI5hNsVy0wU*{>0dO0N8qh2(iQ#p;#La3EXQ1nrvD_5g6
z7Wm<LYva0S$mhSG8bAIKYN17a^hAyA{t&#wccgLq()8xcf?>R=SZ=g6WANH4-P>SI
z6U<ZpkHsNKACtXTE!oePArh*~d&oPDpFH0UG7m0Q5#YeDo;-CibZHD(NFz)&N`1vw
zt2nP^<S@OCI9xkdq?p;^9iQ|pd`?+`dJkJoZ(F%;r$FO4k6$uPmX#mQl#clN;iX~4
zsp7k*O{TU>cR{Yn!U^-LOhU~`D408VX0n?l<fBSe>x?SSbW#DQ?#XiZp0${6O5A&%
zytHPI)=_mbd555*vIJO{Xu(rVPaiq5B#Ha?`q8rMeVNmFXq@)o(x`l}T+WymU&M*E
zu4Qk*oxH^P7H{8YKCf896pY_KB52@BQ4`vr^_@C#HG7L1IQ5Q9yJfmLHvnl!9&G%@
zI3UDasXh4M=^sd!(g`e=WUq*FMBkt5bM&k%w<EKC$xcLE#6a1?wpsQY%;BixGl3hh
zIMr01PL-LEUD`t*Noup>M{tty{r7K&s~6H?d_YvWY#_)*qwgi;r+p{<zV+8I6N~g#
zr;Uh_0=c|(Z@e_SN-Y*d+oJFy^Q3;y=OV=dPi2*NqIWx^dELZT)ss1Lm*(bKN*%(d
zWYskuY^G_Ce9kIq%=;$c89e{Uk}U(z%BJLrj9>2gE4nTk%KKs}TUwD{Bfa-GjCu3n
zZnFr1vCduxQgfR{_o&{*?x)6{Z8`xsY;mH{y?!rri^PMKY7XH+8(Wmd>8JEOJ9i%2
z)2URXS1z6NT7S>Aq7wf0lJ+h#B8hkD`;%V{nC+ahj^j1%EKU5bwA!q*qHBbjBL)1Z
zWXh^`OWio8ot?@V6h|Q=`$f7DLh?3jBZufKu{z~$`r?bJRQ5%8pKCn&Ivi0Cttw$y
zSE(5A)yi$LHMfgwbLw^Gs+4;jVYHE<uO}88m-x&jI1D*-<Jae(eg2AbQGs;idwaP)
zKxhsv3nl?#OD(0KV-0VdpU0ByIR2+T!2~@YHaSSzPk!4NUlixz_*()E>H|?$H7<82
zIbe9HiL1muv<!-_prAJf6A<#P;QWQr1AOC78fQD8XJmM`g9WzODwgSQ$<sxHh@SpF
zEvSyF<V8DhER6{MGexdg<8T0EfMp{2{D>i<N<MoEfcC*MF+WMBY;E-E3xH<Nrw>9O
z<ZZg<zn$e=sdeEPi2Ee1X6P-odp2hi3g?3dFm3>xP=IwO!%u8<J|2{%wRp;h{oe~h
z=b{lNC>R6|fb45SkWTLssb@KpMMv^{pB>5}_Z$Rc|7j3{_1nz$C&zjta3=E!0!**~
z#TI4(@Ge9T0kwOe8763R!sHC7L`8LdATcf1#GQHp+J0Cn1-%$Y5Qc`{(!>k)2+KqA
zy}C}!3I`oSG;t|{6J6Muod-EOCp1tH;cRRd5T$jrT#i5h`K!Fkapu6qbXM-4&p^Zy
zLQ9pc0okVaq)}NPXiwAeff)>thI(bM0=4Ahn!ZZ}c#j*!6|l6Mf_7e_p0lVVJH+5$
z;CowB!C*J{l}tKroK#>cHD8n4LHdn(g4e2+T+)Pq7L=`Kn0xCCps5p<sMLh$iU7J&
zOlMV*@st*evrqbPs*MBJ*VUdfPilW5ZC}vlio?oW^;32mKW7o1ivkc07(@VaIKel?
zimiB&=g2t&H7>4gqdKS>6c4__c&hXI&_N!;1pXl9EhxMv#O=KBPfdhitu>z1bA0QS
zYsdQkX#A4C4B8ujK7dEr09YymBGFOV(|5Z`u#x$U)<zaAFJ;`$i(JRk@Yq>w4^&#}
z@W3=IkEn%}E<e^54~95}9uNrjU>U{1%GaQyi}e$6TK`4II)3;kXpK#d(i%HXtJIo{
z8kR*@TCw@Ap_K@+W&w0M+cTP+?;>)+HlY#T5ceU#nu9JftK}K*wy^#m;ejdGq{?>&
zK&E4{>tnj{*EAbgD2%=2p;&GlP@j^C)4p&&1&qHO-<JAhUSU6qL@pS3cueAAS27TH
ze)@X@6M)Z`DEs+ZHK&7q1v1`*Vio=C8v+2YY4^H1z_@c^`QF0p5G;aaC{j#Vk-q@S
z7f3iLOGgab>EV<w8|YV6s=}87hyf!CO04+vr%Cj%EBypepJv`StZ}ND>jB&a!wDQU
z5g&Z8Z$;LHqJaE-B%8enB^=8SykbFyN&oEotCXQ7kO=}#m)JCu@Ah}Vwo1l?V)FyV
zx`Qb)bbosXUdlHAcm)vsz6fvd*IX}JfpcWERG8M#>vtX4f<=%kawbAucOF_i(X2#*
zw?`?BGamMq-@qyF{?l1ka!5~ZDwep^(RC2b69Zf-1j{ROVmmrS88{v0xc|mBg|Tl<
z<_n1#>Pu&zoOvsfU<)CqazM};IR3i8ss>mfTir+qfn2GUv>~SyljH#AneJafgT!Z(
zFT}O~K#I&=WW#`0=7t)Ldpf>+N5`ttMiuC_2>wJKv|WT~?eb{os4k?r$O+GD$e=uE
zA=DeDSv$GFoAYW%w>W<QC=#sxO2{d$?d$>vZZTanQmBi56+r0VYqfMb$WA~Y2+4l@
zF1z5$bpi3gD`5IT3miVsbT>1ZG{V-jP-+Jx!oGW01Or{X0!MbtNC15mFCmQ9@vfiE
zxBIF1_+P2Dq_3fL;ui*0D1otlhKjR|2j_NOBIFW2jfGN=2JTC>4vTg5t5f0l5P{?y
zX}0c*<~1<d$4|Ty!TO|Ew}}wcBC6JdZrsu`$qT)q;*#6E@W$iz=hdi(bDU?K4mKwF
zii!H-FI}FuT@&;@<two>s(IDbBJS6`@h+O_;mb6mSD?%B_D0<I2@N+1vM+%IV$=)X
zKDseBv^)_Gm6c_ZOIruZ%{Qh$(60xVuXP({7Z27SR=Oy)a?F@28-;&9&q9t*{WMk+
ziOja=8roYuC=w@mn@gqQlg}uxQ+-<^`E1zG*XqUPE)`Mk`QQA}u*f2R%Arz6lyOo>
z^-o|f*1TQRyC6=xn8zu^Rq||MV#D&>+J=?ANsXA>VMNk)dUu2sYFqxOV+;5;N<@6G
zekaJSV^C|AD*RIV65Nt{g@3S7dAJWn>M@6uop-<O8S-@dQUL_onK^Vouh@LA!!DQk
zJnTA65Dq49aJ;beOL2Wxt%q$FvI2dHN9#y)Mx-h6_Qb7cm|xzNdcC_C*PzxT+;`6(
zg%L=@VZZbezMaOr_+k`~SxJaG)sIVf!(1L#;wFZdDa7+6LR9oXa*gq`{W$5OoPTdo
z)r6lvx4}X~e`r@<2N@;TsntR5)T;B!f~}E7hfspSo3cw;Cx0MXTHla%M#*8<qa1JD
zXzSNg?3C=7%iEJMb&O$o^2?_{j}aKw!_`IN7Ea-cr#06E_rL5`qwETZWjicC*{4K&
zNPR|<fm5cbj$sLNxn!s;8C!sUPtjpGgGw#=R<|x{`CR3eeWl~lecJUBK|jq`BZ-sK
z-}ML%puda<keq$)^&^Mw=pTy|lutW~kHfFVs^xMC`$(%JZrB;!|FD&@=Vs4mY=28|
zQy4?D;I9{R*PpL4mh;Ep^&d$}=knGQW~PkLiHbw5P(-nn>C92DSdOyxlC6V2W_NJw
zR&+)D3E7&6x8~<JljBKA&Z5!$^*R$CMu9-etYRsA3a^x%(&~D!jKP1Mn1WIh9_iZ9
z-@ZC$Q6XnX{S~@_+g>PqG)*5bJrZdw|Dx@s3ys#vF1`&%j^IhwDf%OaO_`vBwsF*=
zsZH)PP^Nl!GjJBRGyV#=La-81>4#wj({*wi(@2^vi=?ASucWrga5u(?N76#-cGjtC
zoo*o_J^rRWjk#+Dtp1jbscD($=2{9NKPEN9#H9fR<M^}f=+0sSSrMGq56z#A?#DzX
zXys#mO*ZDryKA<u(<<<!9_%$OD0ED)I*S;v=1<y<TQ;=_O?BwO?tZ-g(0i$BNB0+W
zdM#<=++TGhIq3*)Kfa~&s4`I`E$!s_`-M+Oy&65Jyc&UNI7P~kNdIrrZcDC56$Gpr
zvi@;E!hDsrrCCZLgUqyLQ(0t*<4OPA(90O*=%-N%^F-^fq(Vi}JBG5z;exZ?O~f_=
zDw~W*k{;TBU*5~B`9;7lIr)_W!<~KDy!tcDXu!;b|GG{k-J<UN58UInsx4#EwJi1U
zQT5?$8_O5IBWt7@^04Wn{bG7qf<B?<=;1vmne14*rDXkCu-@Y<KK;kuB?Uk$w?JyY
zawHs)FxPz}8Gi^FbbbIDWWajrpmUCauba+Mjts0JSDn+{=yClNHU2>Kd^A!M6{_tD
zjCZWuYdgcgo-d+_^>!L!NG4eEagEIt;Plnhjyq^OJ#8)9+T*OOJyYsxog;C{h?x8$
z@06I;nw;U7^A%QWOqHZ{shh1cRMV68+wGxZ?f@M7%&(viO$nD4+n$6${&XYkDcsZr
z)7!~e`RbYe$owPEc*=<rT#Z)(LZ;r(x!v5h25RW4`F(h!CDr*7#{ItK4otQ(XkN#M
z^>@1^<yTRe;mKrnbhoYT3xq}8XhpwJck>s15hC2XxAxnP>bv!}lT<)k5xfwq50CM$
zB}2ZV8w>LHhpPtax@C85(&e2qZ@d^3{VlVxW}RcHEbi#%1KgX;855d2PZ5XplLIC)
zZg=gHyY9E^5e$uF>=5ZI>-LPt&P+em3x#&w$=8@O<VonN`dl7=qdD70X(BD7D6%Q9
zn9C)9)%`HCl9T9*BjU(Fu%L5XJFR;LL$`I6cS)XYM?KdtR0CTPPUM7R>Z&uTfqE0o
zJ^!FsYdDlYT2gv_25*#oyeGv@cmt;R#v)5qC9O+B{~-R8P>7`$1N#Hfo6PB)&F53u
z+xNl`8p!hM<~fslmrs8NM-8k#)E9V<81$8eZ&75roIb_GSx+nXaT?3#lbiXr5oVto
zg0@>3ai}G+u;RPiKEkt;2+qp|czhpnhPn^F%`a45C+K6xJgd=-uHUSiK~o{V_KaSu
zsN5a#(;w+%Pdc8e>wvD769#hoz<;<43p=-$cq+|llFSaXeH5B2Y>0KBMi;Sew)ZYv
zwh1X%so{9k_m!7VUmhjvv=IaE$m{+Qy*bjjaNov`if!b#R(3^sDt?XG<%K8d=ejNr
zN5!q)^U`%2&#obsliw07w%9)O3>+>$;ZeOOPbjJtd41Q1ow`s&I3aPpOg`TvTkXig
z&PpElgjUa}hyr=Wnz!@^A|1Tw_lkt*Hx5ee@!k~0&S~0qk(1%ELz~myMs{TK=Evrs
z)!;63!f``*t?p2!?(g6i#(PL=AsCU3CuPR9h&iP$ezcmJXe;!V1=PS@O!&|~k%MI*
z_wHgS<H}}fIY~Mp%&2FmoU8Vj))@K7{#L-v=N1R&w)-AmY>ibZ4V3D$<G@<6f~99C
zHYpoMl^T}t+=~l`)5@h;VtXq+n5T^@8}=@Lr`D3Zm_A(Ie(Ry>M2Gd8GI+pEm_9Ds
zik(7}Vddyf-dg-OR;Ld?U4gHz(I}wXI|jzR$o<zO12#_6YEVs}Wln5OBI<iYxnZ*9
z&0G>+1A6`K5d(Yo)#KlG&}r|`<Y{Z8;y&Oq-!F_q5J>-pa~L^kF#5&#*JG9aG0upZ
zFX4JY^ASIWdnvy1WR{KGrU|$H4y?GcU|riKCS=(+UMMn-Qs}P?Ihm6HqIZ@~VKD48
z0l8T!s4{lbfi5<hjmCiCjjn-!VW-MB^2pC?NtL|6CjC(jH6<~{W7*y{A4;O!-w*k1
z?QK1zikwiqcTFrikreHaWNX_NFZDYnVlIfvqp*ytjk$@lgO0-Wc5HYnYM-6E6lEEW
zSz&gZrl@HjJ1Dkw$x>K+`1s}0=R7IHJHrDjx^ctdmCZW!5yAGQEN{BV()sg6J7~5J
zgq#uNrsFM3y;&NxR&*b?Vf(bX@DX3Kr!mV_<raZkfK?vB=;0-ZSD-Q!pU2;xGtKHD
z?%*;jD-!KgPx9YgGBV#6tJZ<T?K29ff=f!~_Za)FqHtOld_#e~vk?2v^>h++fCFMH
z3plwA6GP8j;AO)7t4ylZzGd?zu<zwC6j}x>KQPISaVT-rEuG}-v}45Vjd{A2glQS4
zIneTlOe3?G>}G)J_Psw4-@%L>`KcjUB|-Rt+*eEA*MA`4!;<D_E{0_fp(><>4d|lf
z%0CdZ?17w7!7g%?8oLsCOm!MTjAoJkVf>PB{Rv{0qU*Y8+__5QcH|oMw>}>KTA+)*
zsi`s7m8A5os(&f$;Ve}QFnF2~5*x0Q7GEj)13_?!7^=A#Rw`u=pizpGgbgmOoP~OY
znUkz{{y>`kKp<M7j)mr4-Xu58)NVv`U!PN&$l_XnqTN#^<nkj<0!-%5=dsUkFFbEH
zSbmJuQM&&5k_gqpuEs%;oZb%3Y8Kl$x-bl0RbtZ#Y}UX|f1UG`^(bz6$Fe1L1l-d*
z5w%?l*zpD&`rh%Gd^G*_Ur~W_7gs1leQ>L{d2BF%Ze))Zt`h4u`CL0%{5%6iEBmFn
zRz|?tPILshLF?>W59LMUR5c}7BDBAOSy4m>@VH=hK;GH5Zkji>%W+)r{gbIai4VP)
z`}*poa}clo1Pn%Bq0%0?eupwab+_)5^!V3h!L^aX3~%Qc1okG`Te;T~rfqrOmFCDt
zOI`-|q#HCFakiA)aC-=+_YlALd>?U~7(Q}lR)Gqha&>!5hKJWNdMO7px<hb|1HN9b
zu&kmi0fP%h(4^?gS!bmbZ({%VNgJ}}?sk$pV7kMH*5~Ms<e&DHD1U0dT?4-Ri%^oJ
zonfL__8^hJ(Z=^rVoRvUL#P$|`8U>U53I>=vY8O+zd#yx7r-a-fO{4skJ`|X>ol78
zof}0jT8XC`cu4+%><H=4w~~#wGgl2fec#@05JLcsGor0%P`@0UcC`EHz=zmMzs@*l
zQ1y8smF*`<juE7x!v4YpXcvZtgg%+6OPIEgxM7QTN$^@U$(bThHf3SRh!rsbBCw-=
zFrwCK#^w+7Fs){nVIw+?|FgjJPzifoe;_zu>@+xkH|%Cl^Tm%la@un$EnwE+uhE5l
zU}nTus1z}HVBngD_RsCKhw#@|bFL5y2jV#yr;U&Qft=$QfQivv*LRLiPBfLAImQ=l
z?d<TI11FSX{vSx+rDe=146UXY)2iJBi@FoXq!KAiBesme)kmN}0CRe&^c-Ex)kXYl
zPyfuvrp4H~;%n0_Eq&C}gt8b%G;I44|7-tUb1%RTUS$BqL(+6<XIp<DpTQ$as$c@B
z{&~dz=1}XrbdKZ{m-ifv^eb*mH9sanU-B}rJc>(d)ke0BO~517lD(d(yX;TsBYxd(
z1OgZDzc=_;<uOtPNvyQmEE*}*-E>QT`LF@}T3Qdg6~u`TC;9H$Rbr>GKtbG)w+{A;
z5&SkCEUH5=HiZ(8Z&#o34P@_?Rd(%(^$yw_VMa&)KvoDF!34%P8JRksX`G2}?hz%4
z5NT<nEFIt?GoVr=fHc%Q=O`&{JJJ@mj{{ai1NP+yvCh@YS>W2&O3%Qqy(8E-j$s5B
z1B$Mh&i~z^O8=h;EcEO&s5%q3(H5*`eiXyTyj`T&Z1i&d*IC-d_XxeUe~dJ?1r{XN
z@+h5upIswzN!vlrY?$9b^wGe!7A=)g&(g|c%n!HFmvX3i-}2VU&0WKc6OUfJI7L*U
ztf`1Q+?<LDX;Du*=1XlW+_0adKx{2OwmGC7Nh_oq8Vvb7wHr^p6dYH?p%|@J(y)bw
zXoaN=oOL%ID+xhQA;4y4=HDgyfC$*znEdmDJcQlxYfJ!Gj|dJr{n5^-^UykgYyO{E
ze6;hXQs6|>M!SQNX8a4tU~{7W9W1)PgC!J{y?Q#5;Oh{hF2Ju{YZ$O@JTsn(9X?L%
z@O6gS_J|bR!EWjl>@6@i-ny_ldH+Jga;`{72WtfMc*CG_$G1{ldj=k_kITaH@hiHp
zxhCQrYp_yJXu3dL@5l9rr;@3aStf8nZ=1*(`zGQ0{o=#11EDE3XN}u93X~oyTf&IS
z1MsZ>K3X<{)VwuxE5oEPzk{`g<ZLPJ961L)y%ce_nOQX?bQa>pD9(530jHAxM~b4N
z`!-^TS=jc~Mbm_7Mf<t2&8}<qOoqw_V|SdeI}k8=JB>Jp@ccc)M)X7MN~{M|cUA+<
z`5+#m)Gf~uw#Px3fQw^7T(7WdI{V@TqhN0ZTX<y0-2D{`s~Fj;2U^iB$KYuNMqA3J
zD1}cS4BD@MQ3b~Wedg|wS>2b!vGRaSdCrG0<&4ZG<Vu4_LatYX!@cUyq1th_)BUV$
zUBkP;<N=@B`FH7>9rT9ngXOb-UUhli_q>ena}wmLlt!a}9E0tYzM%2HcfGLY?MQw8
z!*1JgCHdG#pZw)*ILowr%i{i?T*{oMIY;4@J9^#YWyaQf%H*@LF`}SY$kuTK=+pjv
z-R(r=)m#(;AI=Y;`<XAZrconhiaY~S1uu?m!F4?+b?4}dBY`Z`G1J_O9K&AsidVp%
z%yZtXxc4Pk3WN4&9T)ev8~ZjnnlF^4ULdv-Lv+$ihJKq3muFBr3w+yEAePG_c2umi
zzNxZ@+wi+=9;Jdb2I1!J(IR+lr5<7*+Zy4x2Hl7J``T)CgYe+No>jk9*uAhH$Iw$^
zwf{DwLfZ1gO{B%4!N41f7xtYes|MmIa^ukK8L$qoDu@j8)_o=kb|~rVa?I>yvZ9OI
z#ReBcjT5Iq|4sEUH!Et2q3d@+&eh9vV^(cOjsJanCWWnN9tRw@4Q7OZdgejH?p3so
zoAt}({=D}t0X@ewU}LfA_srZ}<7c5|*$ny{4HT>sBi9b?9Ph+36aLyQP1_s6hAFNS
zAWUIV%7;&y|6gGWNxVcY*J=D8NaX>^|5@7kc{`Tf9}GZD@E#kdfD2)#$`A4PMdrF^
zXzF74N)*H?pXnU%&BY1}j0!_u#3o^nE*u5^h62CEW3-xw6Llgz*{^wr(9%f6&Nu?i
zLi<0DZ7;lRHu#&V+>}K$LiEWoTk>!jnCx5hG+^J+<s5P{8T@DMsPi|x_gnNrn>szC
z+7N%xAGq3}3Irzfd2MqlV_AkweVeqxH2NfwisyTV<3r*j<xFHYsRjwj_Rp7v+*|id
zzkCTEa}8K0+raDSD4sW}EVt>{-S=(WCUgqo>BQtjfDH^h`4r+}|H|j_HJ8lSa>-U9
zb*%k+ogxDL9f+v-#V*}8f;_0V`DG*6%hicT#3$A*jw;MIOTL(IJPXPLl`SFW9g6+W
z#ZfB;M4<xIFg(PJ;K9!I%sh<rKWCaPm&%m)_yCvd0L2??a<X$L9fY0dKRYDnu;GN^
zKS#GpFgUuAy&;RJM`f!5-+u_;c7%e+B+s1Gye80;aG`((kAE2qL$TkpUZW8Q=0r8Y
zRxROx;_F`B&*k#hcVuqaWffe>a9Q#u?4c+ULvh@9JwnWq&tKzWJp!lEn-DEr0_kel
zHZwM4REePKvS$qUyYnzP^sN^k*pYmPOE2d8V#A>__%ed>DX)rA<ByZB(kG~fjieY2
z$2zKO|2@h>ut#}0h{qI}WvajZ4SocnH`a(j{m!*W#54#LIM-4c^|a1It8i)d*#A4$
z^;1X8dwJ0W7#s;~WESK3UB#=epuB)N<_vj<WVgto*(gw~&p`<op<?5yw*@w*BYF8D
zm4m^;<n~1TEe>Gp0*EfwjHNotii4vgXApb->V)1cPME$udO)<3Zu)m-3w!6UKB?M;
zDo5RErz1*U*q^7cJ2N-`_W)_C8AKIzo1aOqwwQ=xV-*WDdy&x>m9dUW4D=X>`dgzH
zZ{3s>(-5^wy2<iIpgoBA#W;jm!F2&GI-!_5$!>@nxIMujGKknfV2@s~knJ`s(b)YI
zF?+MKmbVTJ=GD*+mqV8vr8_+mWo%-nPl_ww34yJY?^*_EEeyu#aYx>|_PY5vVyq4E
z0s8D$IP6@n`W#sbLN4ryjD1RfFQEzSL+WPH-%Xf?f*=FBk5ltckf9e8x_IyW!>Tq-
zrTs3tH%aOPh=~3tI1Eg5D6bhk{4n?)A=p*s*(R9}p0bi9X=@YQ=9N}@?X&KtIbt~p
zYbv>m@Q~o05b2=Izu&I%-`<pUX5I|lzifVXVsvJRkZ9b79^*NebZv35g=R-1%1UCG
zyQ77#inXt|j(_r%$#?H_XuLpYBdirENMkz!ZCa;iJiVVjwRMA7rSbnPHBP-E!Sn1y
zupc32sn}bdCrslu)4p3x|L6TI>^tsJd0+Q#zknqnE$-=Z#4)kq|Ab_q^N-Qs0j%;)
zvT1{3Y*m|}F49n0BHG>!EPXr+y89p~3u>l1FaIZ~5Cjq08gtt3YkvbN!L9!$?)LD(
zZZ^V#ml?XwWp2m2{1-l?>W%p=dP-Qb4h4$3eq{Bvvh9cg?_@DOLQ_)kzZqPm^{>pH
zru(ozc$-~^=&M`XvHsR!MdOS-7%W3Aq+#m;%OG~A1i@I|X3kNV)a@Y(75d8y5CL^?
zP&W_zI8v**ws7x%w6vtT&C)}#r~@yw8&KFup;1_5ma;-VwXQH4iEv`+x0$waod|ry
z-+dElsK(wgQHqUY$t|p08}?ot2Wd+B!v0yBS^q^U>@3lf02ufVrHxNBLig~&Eoqv}
ztd9zpNxQzt)P2eVQw`M*FW$(;9*1B>u*$oedr?$|<kdW*1igRaur~zq!2tYTWylm?
z5n;PnBrW~+sCr6xs-#Hw9{DAjfL1QYGlOOV%%ctv_HlCP7teb~|2?^Nv#^L;QRKZN
zQ&_4R;V)7J!;o1Lw0lMc0HI4;W!8Htm0Qm*Vgu`jy3x|RxhQ)^rp_D{f>mADhi>)c
zs?38DGa@vTKU?o%1arV{4u|g^fZZHN0eg-m&isv{{;svbr#q4xb!vBOSiiT{8>T@J
z^W|Irtu#*5d24<CPqlvo7DX{6tF|p~ymKS=?3OpzZP?lN{NmH{tg=5hmg5`8-!Kh)
zKlTj!XDvH~CN72GMcqkQx=QDC_h%bL&Uq>JO~t<YYU0Bt|D+l4E*@GQ_P&%mQ=m6f
z<CaCyJ?ukAPqY{qD4ESDrs@*lWi41?PV(L0sBZ1=Dh2}&Y!~P|Pb6*)8HpTDN7x?j
ztjbDnHQqh`O|W0!R^+4NB4vhd+$Ok4GN|z$D;?Y%Z94ip8-epJRQmm1Wh-UPA6u7V
z!0sXg^2{h-nSWuAoPLby@bj?pM5Rzl;wmW(3YQ`+`KnH}Kad~{4kz~bUf2dv#S%<_
zn9}Q}=ww7x+SyVLW@ZSsg7eRcDzFi-t5HiBi%}-ynVa~yGXfs_zd)b;tx-5fr?v)w
zd6)lYSYW{=NM<q<>%rzX8~8K0u%m7%5(?AFW|p7_sSkT`;&wqsD5n@<zb^b98@F6z
z^etNc3<ZHp_Go!6UO5O{3PIpPuWn0WJ3TPjo6rcd47(RuhAlLU$REf)FBX7+sNj7*
zkA$9!b;k0)kqfw#x|`#T>opfJ;m3$VW${ECQKES~>CvUq<elKcINSWntMEo_j74ri
z2Qm$&LCuv3q<259c#zP!{>}XirTuSk4iYTOrh~;yC^cs9)+<EjG0`BwVm^NQ4`|j?
z$Wf%|7BdG=kJDlfg0^cBl#^p`MQ9)NZJyOGw1QA5p7*A?3T+2N(2JEO&TqR{z}{_l
z&nU!bB%UG$<Ulf&#%Gs7cud%6=~g;sC}&$EThshfjz)aM2?VQx3n$)E=Et~B5g>fY
z{sY;LvLz@D+WZR~hV9a*)U0()Y{<SFZ*C=A1a6~;mG219->`U|2L%!>+90`}Y7l#c
z`jJbbo1LC!z1Y8xe-XgMG#l(@b}+ns(f(E7lm8XiHm&*J5b0mslfU73Fk!63J*r5=
z6sAdb{(>KbF#m$Q{|#Yyu-m0^1h}EjN?O&=_lN>6(o5<fP@s|HdF`wl`igoFfS(bm
zG8?4by|%lFj`0?z>0G#}c4qV{X2C4)tUG1dO-@qdlDYI<Y_;82v4<2#tFXSx78HvQ
zFA@j;A757;5LNeWF%ZQ-QIH;KrMqE7q@_z*qyz+{q!|$jNomOu=|;MdE&*xjZmAhy
zfC=9n!0*%dd++y`c`xUjyZ72_t$psfXZlbFLMm@@FLXgZhLM)q;0Xm}hSv(I2Gl5A
zCFIdlw_a$zB_ha<A@MnrH%H#(*+{g-fBG#p1ca6s&5`F9eK02uix_nS82(RaWfbHW
z=J;aT6#t9iB7I`GU^v}fJ>nd*jR6|NMu71FJc)Zi^898BMf=Rx0n4R+{Mb&aDI~?4
z0;mrsro@TR0ZfU+^gf1IC1=bz8;;^)Lzlm!&qBnAMGIseDHm>bN@O-Q8_EE=d}_G}
z=Yw@>M=pJKoG+l%eP$FE3!0PE8ICaM1+ser*gD4<bQtj;svTIzcRnfr6~aCB1e~!E
zqmShqj0X(?;MHpYsVO@s#<>2YU^T?JqS?H99jin(Cp-Wmv)9Jdze@yUz*WSlbz^m2
zAFLCrO%^^FV8qm2@~TZr0L|=vO1Ms_bXT-xPyIhk=K2|vq5NH%dDUH-q$-gD18Lkg
z6H7;lD}yAtknw;0lCKJ2oiH8D0GS>8avYxx$x0a!v!>=^q$hd?U~A2QPYM*nQ@aJQ
zmQL&zNRxOL0M3_AjUg~nw?&}u-~<+cqeT91!j=sRrjJ?pxx1#yGX_{MiJ`U6^9gQR
zKHUAyNAj3;uUn343q`E8Cf3w9HG}vdZ55DzA4j%k-rzxm73P$$5$&WS0zD+Wnv>42
zfVTn8m?N=pg^dCBd>}1C5oiQ6hBf6wtTq5V!xF2fZZ=8zYvZvK#)H8jaF6si6#an3
zbRQ;LHj2F+K1WHlp)0l$pO{L2&eHq8QW}h#X8m8ZyU3+pH~ZQv3oe;ilN^B2bOCc*
z7id4g?ZiW;0*qvYA<{VCf<NCr-Yz^2f79$jHr_Gdqm^TQG<B?xmP9t3XsfDlB2<}F
z0=?D^UD|f9A7`6=FL>k~Ax{M`hC<u<Bb&+e`bd_%OER)t53%-3Oaq<L?H67A*+7by
zg`{d*3Gog^X2hGYC2)Mhdj&~<Fp`%MWwQClY|GFMS&-k}BlRvNO0M_#dei6N2*Wqv
z?Rdx^)*ew0rq0QV2Txj=?$JB{wQwDwlJdw?78gx4=DGOFrP{sC7Eo4QS`maN1_@9j
z|H{&09$jl&$q4hXCtOFLF2r0Q$%p<ECX!6UdhDtv6%Iej*pm?1k+w^@$5|TjLhEuM
z*SC|=m{74*)~d3Wx~5+VnK)rhx-~s+2VGXiX-s)p>P3+mmVQAu%0B1Ki*onCftT68
z1e>EQ<jQPcL_{vF1096(!LF~h_Ibg7nNC?tyR1t9rx~Ygk~-xyW$b@UTUVuWwD2cG
znKd0v7iT4yHgO~(TSXGqt92sH@8<&bO$<alIsJg|SY#k4kut&@FpK2>TvfBx?1C5H
zyD8iZ<LREYlq?YCqI2hQxEujft|9tAO_*!b4{FNZb@IIzc_CCIhKKP{sMu8)9={8)
zrfBiT`$t%h!je+e+Cja@9dJp0vl_RDqde|X-aHMQ+K446rT?LN^>AH!6_nizsBBAE
zVV)5HxYW7cpZ=*jjJu*!d0y6SK_V83Hs)V}Ot!QG9D~H`Shl4+JOfag`fh+cko%Y#
zG6q%+XMLVDJ!_oEomdiCB3e#P#7NJ7ISmw>JSmAu=NEyx0*K<<>ZN|8jtR8ZR8e%~
z-CO4EfIQSN#Ef8jCxG?*ryq0s#Dc;d4cyBAAZwSZ@NesAc2{Akg+|_!(Dmk?lSdf(
zQnnSX-teaC6`n6QwWgvy4zhWwoTj)MS&auC2fj=CcDU~FpKT)_K=cR-;R0328-R(F
zD!`5@&IS0><Fwy)3}n;x%%wH6k}cS{DSfBfFzQwXmegpd=4%koJ>Um~>-k_~PgP|1
z&SCPw3r!hEVSlOB^&>p2dji1Ny~W>603XH5(L5HKQiXd$EdZk-UEwwULmOueB?K-f
z76P}!nJ)y4H{8*n0@g<fNmMU<Jf}`dx;(*q_Vo8AL60g;?LPcNXnb@>RN1-ZVehot
zM)3r551gwvlcM;#(=Oe*r`&oxUlIa1j+u<z{aA%e9&BCQkj;O90d(+hgPa$)FKD@R
zyn^g;(H7~s6Xx^<2u47^aGXSA2p}ZghCbBB+eR;)$I-+S%+xG1y*ha6L*WD)LjcJ>
zqIAo!BXBK6ub88Q`j8fLlnM9}tN^xkfUp3ZTHY|anQ!z4+t#@WP#Gq}e{x(WSJ>)b
z%T}Xu*Ks727;s2F2A|THr&P2JCb*7QBhpN6wnI^`zw84&Bb~}nt-)aTyEa7LeZ2X^
znT3*s?dagl=e~V$YuZg^=6valHpzewpJ;4qQonnqR?euK1<Hsu@2%io9IZWfSz04T
z!wRVj1mLN`-8`Jfo3FELW2nekq+Fxny{1@Z*~Op9fOQ%H=Lx-t)qFuJ&n|ywvkSw{
zEb^~rk%gAVX#X9^^8%bUkFI~`Xz{l{k<A}WUy;z6AQvGhaHR8u3W8tqCo~wXYm$wm
zXJ2g}4CFX%6*Zi;im*LAY^x|%<j+<SP()}me4I|*k=%yh#Xty+K7(ZJy_a0i;D;K}
zf20`mrLAV2n&JBCaXZax`9&P<AWRO^NM6K&z3oZiycJB2h(PxG0KFk;jPF_31JLf_
z>!P*4C2rV1&kghkOBfyRJ~~sfw9$Z)RX*%eu{(G@uz1_tHg?$o`s8`uFPy*J-lt)i
zR<^)jT0qQ_FwY_Z1BTi8kH-M8mR{6Z$EZq5ln@E*hXQB?<TtC(G9>A+@#?L9;`efM
zY#9#C7%w@Mgjh25TsqTAHXmXEyd9S`ZRF|eC-^ztvTHKJwgD^LX-NS4kgqSmiFo6;
zXO-e1k#(c`Hwwi5W4Xu!jfM+@SU=%k^92T&FHG#g>1T8W+bK#0<CpwH4}P~%tTL@M
z;~OU0615Q}FIhNy0lotMZ+s;PxC7B~s0i2|JSz<dtekL{Hr+UntkP_{NWg*VJPFg5
zi;xa13>&RgdzEFZgI_8L)EM~<G@mk-tpCnfC?P5r7#~(GoN$f7hO%0$PzBhi=Kx=R
zVR5t&6O0p6{J-d@Pb+Ln#@I(LLiz%|<`d|WcJ)@eSUPKdi3MyzFZZo?0^LgJN6OWK
zm-|UfyIZ#vxolJ`&CVCRU^&hVVB42ZyU?MBi$|@bw0PYfK9WzQnCcw4X)QLtNm6f8
z&ams5p4xb4a57Kp#m6hbM?S|6$yOo2p&`!$AJCb}cwbIKPr_B#`6CPsdmLy9_1{x9
z7v*dPzq>?2cj1uA%ICJWM%EIM=~2R97|YAnpspF@Jks;#wfF|U9LeyKlAxalKka|v
z@EJ&8`Z3YTxmDE^&R_e8`hP&0_>IXXyLl?qLN)oqa6p+#Bhe&XTC(ZD&Y8jv2Mfn4
z1sYF&$r)<SZjVO<DmT|5w*w1ZbGo@$>#8`k+c?6h+dL<R;=|O3(udh~<_&~tZUojx
zRV(<c3nlV(T~Qr#SWV66XMEr;q-(uSmsgeMIKrvpVk;G<QXSS)`_c5yKItl6CZ)n7
z-h6j8LUITLotnR-vbJ<K9wSIxLqy2~Zl&$(ENSkGXQR%qcD#G2xf~}ls@!as^}{B*
z-lc$8<c%;vY`DQY(;j}Q>uEJkTNC>nmfdl=<z{PQ6c!Yd61kr{1b^X3<K08<p}y$j
z7o=Q-)K~e<vS0ixRIyM2?uv7@O`n`%HhBE35<`0RPG7(OrR4rTGYJ;%DX9j>_e4Jk
zS}q)qY6x+r<%1d<T1mSUb)(ZU%~g}Jg_fqG&Tk696c>&)q<6OBxFDa_i>1(CIE;=o
z;%X&R^~|mwnmiJCV27u)q8%&5=ABKkHoDu$x$0X9_FgW@?qv6sG8E=)+i*|uZ^lsj
z=}BgBigy?Z<3R8SD~3%5Qy=6_O>}$1qC<kbM4p$V?hIq%-fO9Z3uERPA>TE7$}7m5
z>8`KzINUM)NaB&oAbL&|cr7)2KM3w@==6PYds)({;Kx%D)dXi3Mn#7AcdgvQ44Xbx
zKp)q}K}z!T;^(S3dwpe(UrAXCc*v*fiyv53>Z>H!5w>0KL*X^dsY&DO;zrEKmLxMS
zKd_#(p<M+O09m0$?^as;-tg6!iCnJl)pemBW%+GGvuUgpIpA}CL^|_Nrx22P`ae1#
zZ|82zpxjXwow@Dg0<{tAV-snSy11st92ajLs$JM%o7h9^3><^E1e9k!<v1v4^ZmjB
zH)hZU$sy!l=xiM-fOZtjNm;}yI|?A$yEn3}aujTeao@iplJo0m#|xjX(3zLHGpXm9
zJpDrIXzsnHlqqGKASlGa*^4psz}|+Z#`XDBn>`4$jo*G-<vxAyJO&b`y4JRJP{rF2
z_%8g&S##s|>*T4sv^z8@^<?Q&HS!kOqMKPu@64_415nJ=LMu@he3kjKSO4_Y_xkdX
z>aoTg!}0bf)ijhe)8mc{thGg`9tYqkUG(Bs4PdfI*TV+15X#jWE#t{kLR-`Fm2NCP
z+s#|#gFlARW^L4|(l&Xf5na5F38eww#M{5mf5P;~8Wi(oGmdTFWnF5ArC}O&*jJRi
zZ9eTd%~mSp$lSu4dmF)Tw-#@=^vZ5Zdt+_z809^U_|c2ENk#O`)k^n+`Z4nj=*N8h
zXF&~@EGiVbQ?5Y2L4KA+Tfh#@m5uwCLZn9{bz&Q;4?Umf52tsav_lj`jhKJoFfQ&<
zR2XEwcL{4&nYKb`k>5r5Dk&XE64m5vaE!03J!-MhGl$(#Z!4#!&(<sA6C>Y{XGlsl
zBu2iGWG@#}J9f}t&dE(bY-5fAts*2=M2n<GfY>;K&v}*KtA)zM?UZ=ID1Ziv6DR<q
zvB%{-uXL5EkiT5-+*A=b3oYr`mGEvw)&|P+WKiLOM_l-epo|TE&AST44<sJ-p(kPa
zs1W^8-plj#NZkGS$!2_}w1mJ;gp`cUzTy(3Y%jgaz?Su{$;Q-Ri5KPd7vqz<Ryul|
zlM}9k6K@KO<{u_~bPH2C9O0--5~wlMSg!H#LoA!vNqk<jA{ylB6zSjgWfW(OU2VBh
zKm5qb{c3i+c3FFblt^sFb4ZfzNNJ;Ut{#t$@0VAPj#MjR)X#k-ogFNl!iRM|C<MOM
zQu&0n`jRGjL+vZOR>F6QRd?<(?V~~aMGO&j`_u`K23bCZTGdG@gQ5c@{f+h*!`ceQ
ztj6ghJd?-A=jlF#z$u6qQnt0ZU&If8>tPw$8W8N}=2+R!Y@bWmOtx;GnD}~wOgdTy
z6rN71@vcxVsoro|O~q<De881M>FQL_i^8EqiE8_$x?Z?<*b~)<yvw9d^BgzqChrS?
zx^i{9Q?#|)%@0=7!%2$ec4IHMlP+Wk?B^1g5;ewHWo_Ah4zUkrz|}jz&jw!VwkjFT
zhpw19oEsG?E4>z2{mwz}0$k+P6*^m^P#n}c_1y`Xr?p_4nuevaAL^{zWl|R9?b@%$
zGS~RVJ){qlq#h#nQ8`O3u;y}FPl{M+v~jBqodc#rS%7NsdqR9|p{)`|9`(WcGp2q%
zee}I!!hNqkD^gGYCE|^xEYTytYAlWKmd%i48k_QiGQGbA2Z3ffLD4cFih{mD6@wr7
zunb7$(-J()63864<ku<*m>ry+9$+iv+N8S?n5!c>v^=6&-$^a3D|z@4a3q7rI`Zw@
zSvRZq*<Y<;7=oCS@RXt?Gsk;8?S;g8+IRYtzG~)=)6(i~TsM3EZYR*UYo%Ov<4{wy
zph9G@l#D8pLbCb`Wu4MP<||T357=}W*MJjcAMn!`qAq0mZWm}d9_%&(!ZOCaTkv=R
z$E)-<ouID##YsreJC*${2va7J?@a89<#@OaMu$I^3@y{h`-*Px(dY3wny^n!3N2wq
z-#uLm4y$-`oR17q;gLm=lJ?5%6DkZgb6j^I#Z_oUt8j}?11M?Sq1*DJH6S*Ngb&}m
z5TZygjlu4NbGCH0)#`YN-ls|J-@_4MNSY#EAKuMK($D(fCqZacuIn)Vmp6txgT{EP
zM;lPM>lR8S{7$SA3dQ19?pJgzMycPL5)>+;H)5&=c(k8(n&(N9CBK%94BODDmL+u2
z?=8-GIf~YX)Jj+E6>u$n9c8l)AD}>a_bM_ckZKFGsRmm7tS+ocNx#27U{+S2kdaV1
zdpFFLw*35~1g%};iPZ=Fo#w9d%vMHZ($6A(s#B6r9xo2KXc7pkRN{kO$_MWJ!g2RT
zTismJrM%4BwwQXkQ&PL3V_?);uYa_3Wzb3cGjqU??cf6@NOQWbzmopzF{**bx~m`P
zimKXnE?ppK&Zn_zIv9Sruj^o++w{brknwQn^|;bF+qr@Li(Ed@vR4AdF<|eUrFR*V
zMDxclzZVRQN;!&=4f0ZoOzIlwp0g5yIs5nwX4aV)O6Iy)%F<TENS3^w480`1uxjPj
zG}DTY6TgMyQyWNvfiB4AY>d1blQpHAu}PM^-^78l5}KO1p%2T%m9(4(&V<k*$riH-
zT>)F=x&;2@)~SX0&PD}Octx|1*8--8$X3I4AMmNI+#eSF5xR@|-PV!eB%u<AJ4~zJ
z%Py_u^z@;*V^Pd8_$7hPvC}V))YcHUf*Oc#ym$VE;{`b$^2}|8z<akbs9!kyId*eX
zGJC^-^sEPrT6~wC`m8BlP13C=Z}Zg(e&Hkl4cy0YiS8|?gg#=bY(V#%+@PfOV_SC~
zWE6xc1FVd9T7Y5psS@x~LS#HRvoHAM0hVNWh|<_|a2?{)vVZKP`rTv}O2UnkpO|&m
ziv^Dw=r&=eP!M)y{TmnW%P{3_CE!NVYQT+}y{s`j=uleZjN4rik@^MjrWZ@EM@{W7
z9PH0~P_t_!2m?Ixlj}>R-#M`zH;1Lz?qdC3Dd6>97-=jR_?677`8IkRbp;Q53y!J7
zqJ8;7Bw);sq;4j&w29Q5j^2X*UEx<@r}tOdNhbwS>kK;uS==RRuRG5v!UVRIc#<d{
zVQlO0ctq;wKh*3#Ta7hD0NWGtWe*C8phxDXt1<lS(DvzMimllZ^aXt%zR;JIFe4QP
z@4T8vxI+s)_Lo*{qw#jB+>g~^S{TIiUH=dLuJd0xi%%CLTWol~;b`S-T_rzT5%Lxx
z)i+j%*H@NQLX||}D$VJZaL-6IgA+f~&vOni-~E+3rEN$Z;usPSs#%m{LuuZ4?0h;b
z@tR$2K~A8l48@d5+ooG0&JX1eHE-UkxmGn>;39&UPYZfHVtO;&i39%GjMSl-U`}NB
z(Lte&ZNu>v)%FLd<*p$LUJX1(Fxv93aUJeann^xlTc$FR9Cava4$X31Xb>CbI<$If
z6z+b%>ym!2wCE7L5s{-@aIlPQb#W!ajLv^E?yhM^+W}k9Re<ICh0`b8aI*fn%}v$s
zMb-<>(UKZR2qQLB0kKI73FVFBhDxm+4d)2>qh<~XZ@h5zY%@O#_p^r`R_0QOaRo>s
zc7hhr%QGt>W`-^Nhl5J*oJ4l>_?KrEq>EYrAOM0^ypMprvInUZ_zPzxX$B2cga0**
z{0noeY7~~6(AT!R8T`IZkCEe*hIt|KKjwj;O~HozgVQ`Yi`uhWjh@^}qjApjNpOgf
z61vpV8ATIch`xk}J{YQt!3HgM=&hiWvFe|W6@*<`7@&u-D_iQpoAY2rJrWl2(F2?n
zTAkN`Xla;}k7z(N?9kl>l11XL<x1T&00>pGGvp-ll!RE1_lFsPJ2^mnr5tObH}X2f
zve^&S%QT!~F&F)}jyxOxx;!0e7});!>__|NEgIGpgzppn!tv#qfF6^m?YiRarT6e2
zKrt8Jb{8Xqz%O^rQSh_>F5x^6NNpAXZQ8MD<H|hKB7fA0xl^y`Vt9*MZ1Wx_swxu&
zr15$2OjE>d^a-r|pUZXia9@;lp39)-%3Tjzik7#`DMjufQseE)A3OR;K5$%n7?stv
zh@WGl7U|CuY4AKcqAon)Y#OIYn~pRO!rM7pPUA_-3WQo|m=oKw=!Fk>b2_SPh?qQL
z#8Y`^TH$L2?R!}vvT~^6=-7{ws#7$Oa+i{Sq6Ty_zq1(6Ut&jJJDHIy>DoNWFPys{
zAaVtOlfeymcONXqJX@jVE)~GFCm97?YWq)mcw3WJQr)|VboD=0_fe>{iJwT^Ym&#@
zVN}@%9)r)+&-yvwWO3{TXKSfcb_f_SxGN{&qvjXlHpOcZHXzv0l*~i<cyAcM-g<ff
zf78kO@~~kL7CR~V*K_<G2B(>>iRaHt3%s+d4c?9eHzkX(=0J~tNS}E!pRI;X!S7Wm
zONcv|Ke6S{V9wb_(TrzeV-{s;i=rh97a;3e8T@7``fvOip61%g%+GJP`h3<u`K=+<
z?ctjB_8oI9+WrSx12_qw^`G%7{dWeJHq6}|vg<AWg>#5F1dewgsP6#Wm!Zn-X2`BO
z+K&;5&3qRi^R@mebZ3cwG6D<Gm6>2j%e>lX6$($s7sZ}S6Ty3h#J88IkM+k5h??v`
z3;Qy%y$4ADEF08QxAfDDRsC!J+9JYvZFH@ZJw^9P9N?Tk1y@Ba1$kIaFSh7E!DveY
zfA^*B;mW5z9e=WJFWXvn0_wl;@bh--vz@bApa7K`p+QQqW!N%24mO%tVGT{(BfZn<
zSf@j4hlv)xZ2r`q0$$T#Xm>Q!U|F$@{Do7{xOGJM=Ww$A!WLD&u-sf3v0*XV%BN4a
zMS&B?-RvJMNQ`j%Re!Xuyjf2fdS~H=;G%=#a6=u!zh;r~uch*Fo^KvLE3RouH#S&a
zAspD~?jPE}66RP5SCgI#(SEx<L?;nJzQTz2g#t#fqMkhp=|KeUz?e=G_>>p?9@8mw
zYQ8;GQ=wfRo>H8aS{499<svb+uKom0Jhs#`?r%8EDU-N)$`wvv_Zz<#i>T`9ea;Hp
zDf1WxqULgF>V!4~tJ@oP0@k5>B(^;bZDGa%7zB_v$yA1R$=H(i=rr6eZMT{%wx88m
zk3)Hl&D`7jW?6l{`@C~y(RkBR=|8_*J*wXm!$L0jkC46pN43@h&k+xUS2@7j3xEN4
zxjg3*q^tz9AqZRxnnr$iz(PGRb?9$O1WY{${JUsq_{{Y@aT+#R7+2cKpuC_$>7)(W
zeh+DirMKON%*wC>VHT`^Saj{>S)SYe9q`GHR>K=P-@u!RGjl3QTytIrr3+N2cx|%;
z^g*bR^@gt+P73eY4V))Lo=V}LPG5^Jufg50eFy-SWbth*LTy)pn=<1e-vB*AN30(^
z`Sdh&qE8=_YEU7OPs>@U(5MAgJLNq@5ZshRnK*ibwtO@-MoK^(PAQ9Or5Id$01Tg{
zhQ0FRw97x-DDAI;sp;tEm!7^(FV_Dcf^odV@Riu`_jOylv<XAKuLHR~G)ytiJ<5zC
zgOQ6Gj}%pG<8^Ga;!DcH9|G&)D1Tb)KTRFx?T4P$gj}|cb)D$(iAJXf;l=g?9|ShE
zu9ry3b<bZO_E)Bo2pjm!OHc2(WUCr4FV9{H{R>Cr5Bi7+X3v(W@L$}<1H(Al4@IDJ
z8a?1;$RQz7tSN$6VKlJs>2HP@`PY4v^AjqjM&BP_fi$I)>32Jhn1CP0qV6lEj&%cN
z>=DA9y;8+>zH#7;t6+x@oIJyPI+@H6!lP=-NXSeT0NWzqtmOF9+O3|djYWNbmm|*>
z@LwcqY`zh7_q1|rO8b@Z36SMMqoM%xlXTKEM;gMNbJRB)e#3Ro40hP3y!iL1PvKrm
z$#<V~R2zt1Yck)Ra)4bsKh->zX$vz2(q`Hx9>|&}e=It-SQ4mXiyR1TSt~-Hvyk+3
zWh_1kn|ztT#wmZ)1j+(QA&sctW5d!c=f7k2Z<<ALd7X4cI}&zAu(4a@Z^wC7+U{ol
z<OBo9nScG@(A>Sn?KLsqw{=#Z8OKq7sFcErcl#`JPR=5`F-Gl$Isu2qT9cm)yWh4m
zx*n-Ji|mW}z|+>A--UZFoG69Au@GI@YW(@^wxW*LjS=nz%gT*$u$4uXLEzG;*6;ff
zv{Md3G4In~RvqE23hnb!lr=OUeCHO~Cp@&#-G#_qfb(aZLfaYV_K_XlrLr-{%^$bt
zhsILgEmUh?k%>1bK%NJ7VU;5vg#e#b9mzyAOe348V03>C=#<LZZ)4Dq{p`DvBNXRj
z)hI`%-8@#7MNHlHfwv|6^NPMXtMRQq&W4BA0ADAc4IV7B-S(W@I>I{}5LSfzHJ}`$
zxhbOxqS}vda@JyLUx`W^T;Ah-=Ax@Xx1ttFN+R6He6&vm&DY5U7J`2ocw~3#Pb&NW
zA?I>sJ?OpcYMw^fyW)m{l7s=6MnO6(pP<Qq;RNO!kU+7ZB{;W)Abk#R^+`K}3Pt{8
z0I-48f$Zl#Jd{>#C+mh5Z0}}ZnRyQ6yHNvRosx-S71>#NhWu4?{w&W1Vz-C=ln%bM
zXFF#=nmDt~K@-eSCC+Sj7Hqiv2Trq(qn--UpQ4vWACMMG$5+FUheIKAo*F{yd5|eK
zNHqJuQLek0%!(z$r)eR3(14X;XSIcM=O7Kd{D2V+XFpWC;hV*-uW18bOT<#^iW6!L
za4PA8LSo2oAp%e;7T{)Dr}-)87}Sa!FHPN`z#_Gn=|+ChaUNh&BU?ud4+%jvONbkP
zfukxAngA<0CHPu=Es$?tKOy7r_EJ0B4R0~d4uICwP9f<kTlW?Vx}>!M-g_2**MUSw
zm7L}037E-ZX*F*MTvtJ~Ag|&9{?@BVj(c7_4oay2u3(Az`~R2AW!F>H*VX_>)<;;F
z_`R6OrAWDO&u2(=!?_}c@8I>V9wx>Jy4RD=!c<ja!+=(=IY@+66sqV>FBMb%|BIpi
z(z=X%!<Efz+UPCNwv8|&;bo5yK78-+6EF(!qXo;{v2ZC-{Ih<(Zycrh`w6N7(*(-s
z=`?c+BM6jkF?f!PqaR3Cf#DpP*hP`%`Gpe)yxl9~_S(?y*(tmVpC;+q^Eiu1mHc=4
z2&X2mAVAy%rA<{#4KIOZma!Ch6Qm6UvB7riB%rJQRVx5P>pNOG3x<2&w<j{P`O(M(
z)PsfQ@$g?bAJd?SZw+%A-MZK)CR$iR5d9x(dS;6J*l7c75Upb<hg!oN(J*9{4ImF{
z2O2YQ&s9NyS`&%=0eAdo73K`93H*4e0j%B+&)%3*(D2jJ>Nt3v`mYtD{8tqHEsgU*
zhmW1W$5$%=B`YUFo9#S2>3J0r0>-kVX<w|O?fq|8bIy@tj=xnMT*vT$F3-FH&pSL2
z5Cj4G_|Lq53*`Opu>G4l76K~xVU>cS^w)(OQo8UpjGc1lT%8fWbzO7^wblxlbIWZ9
zFJC@0z_175&m#ipjlXK$pJL;P=enu$%j&oWH(I5{km>x<H=GLAx1V0ztWGL%SY+(=
zGV0YWybze63EV1l7k2xv6$CsD025AWyE<e{sC*V6!(^)yKDF?$`HjIq+5snX&gJ!I
zWQ!ADroHr>H}<p9+lcxdgopp1Fb~kU6Y+m~BNeLmd7Qz#L*3P8?=kkTZ++iiwb*?@
z)_vq&kfG2Es1U)U%WE?!3sASTT<|g$_(}f~p#MvM(e8{C&p8`(y?c8@50wX|@*h&~
zp3_$@&{Yq=V&L0%eQk6<M}3#zsD9T$x+B8|rK$MjEUvNM(Z6O$KKSslZ2)*zFhR5)
zaroVX7BZn7yL%nOYw(AA#r_wCkw0i4J{NMPK6DtHgpyrGDA4kd5JnV@P_n@A1RN;U
zKkZJaEw(bB)`~NS$@345p0nYirlAru!nyxCjq2`DN5_adn$FUo`xbh;jsVLk)J~nU
zQw9DvHPn~^u-fnxtJ`*Zv+A6*P#68e%=IDsr+h>g7&8cVW-?~|AqaAe=g=}vCxX`$
z$Y!H{_I7<uTO@-2P#rd6*n{Q7(_)6N`pW)L?O4xmgYt~yQnIai9elZWoCe@@S#U0*
zY=Co}9=H?W)dITm>j(FGL%Vx5yHCOEXI$z}NtB!50GwNd@5Ksu7s)b|9*^S=EC}|p
zm!WVl>IyEFJW7rR;mQ0akAG1iEts?|fM?&JbILQi>wGsQ9S-0ugo$+F-`W`>69?)}
z`1}|EYc2qz4t{xNGT_bt{>$0#%hE+hN-`hW&_^Y>M@!Ir!Tqq0N9pe66qI8*iXeN}
zx)Q@tpkb_e?>=SDikQp;c(;BTJ#&pV8N&uv2A!3AsMW3+=hD;y1~6Rrb1J{o>$;fN
z49AR_DX&tQ(fRD9b{QU%M8YFcOs<*3|G@NDU_}IPojMsOs_IM^Yd{!9MIJ+gWWee7
z%UK6o@Rh!N_=O`Uc;@Sv0wzdUxy!%$M(Ixvj>lrKsAJ?Kn%HnBGlXWh+Hw$-2KZ8{
z2ZdM@g9<=sYT(IH{2n<FeE*279F<R&cp16;=w0?h)vz0u(wOHFkQpw(n9@2`R$71)
z_UQi=@T)uZIWur#TJ-#U*r6nFSmHGTfHk21^)I+x|JA{N@)I4vw=h)g1($1yB^#^z
zH0gZV$fa->9z1v&wtb52cYJ4p@P0dHe@*uV<PSRZY9};3)F~FEFteb9^$f9rd&-3W
zUv8#^Wn%<~NwOz)N5~xW?%>l%(sk!+1ifKK@Bb0N34qoyCTIKd3r7zy>!E*wEFgd`
zw`Bv>>^5-Jd^tq~o((GU$bAT}dAupOY;jUbe`j%_Us@zmb!}7^?m5>(Km#f}#CoPD
z)(KE9|225EzLy0I2Tdu!9-4Xx3fR2zNmc?}3u^=VsJfw<>WbUoUbjS4o!hSRuqkTB
z1wBJOb8_{W1OtlgKeqKS#kfHs!8o^r*fVc4+eF0XXazW$C0?<R1c*@Cq+pJ;${SwK
z+!m65fTP&~#o)e;sllsR{B0DSmQAdY4PHt*18X+_JSm$;Q;N&<T6%&<Ln{I+S?zM+
zwW7IxQCF)zQmbBefTwH;u8T5NSwY;luQqoW)$ST$uAa)Yzq$4Jp|R$qgeBpeF6j+d
zwMmE3A4A!5qB09!1?%<>e#Y(31#{KE06@KiRUayMy_hL!&gLiqgwV*D5In)@qJ~|;
z*h~@r!vPQ=iWamZf8kL5+i19oH81|twdDK_)mp$-+*?Dyd-fbN36K!HCY?g-r_fwp
z_LJg%;(R3imx`lB-ZUQXx%rHJL<*4g?{u*pmo9*Oww<{cNB?2?H2_v80&s$`-fceU
zs%2&0K@nKm;fWaeP-Ek;2`VjRumJF*PW+F1NZTOD%Gv6x86aC_g12I+)lDJ^#E;Zh
znvVlEasVXpkjD^_uU2&3aMG@Z^a0*wdRy@ZJL<}fT^KS@#Y$&sA;73IM%soiCm49y
zeeLrA+g{&wc?-+8x}7D<lwXZS?e>Vm=ceSY6KX%J4}2Q`2<#@_hF7s)@YXJON^*J4
zEhO&?{}cmf_#q4|H*xjO>=MHgYwhT?xyINSGi_8@^WB>dDu<?6^VMR6y^Vk3Y-?*d
zc$TB5?;rS68;k$AfrEOJUneg!oG#{-?}>j;gePM6@IH~jI9#c}BWC<=O*MuzT|cXS
z)`_=OHBoJ;f(bse#TT56EVj06<Z-{w8Rc7x6WhLWY<{OZ%dsZc%Dqji6yB)$!f#QF
zQruv=)@?*`X|omGt*6&vAccCfN0fW*;vv_%7RA-*`;dE(Bz(KXv`?iKi^LYpb&vg}
z22F&adKEC>LtxYmwECA4JX6+mtxMtb-(VjaXqG;r6)!RS6wEXM=L+!I^F}f85=n$J
zn}d}sCva7SV&2Lkh8x0(G~;W6cVF(tRt#)@Ki{(~^QCa<D@ws~?E{TCN!bvYE*B?>
zZLR-z{ymy1YaYY;Y|(G_*~7HYb*`v;EL7r+R3`{-GH^XPV8?9)HN1~{>$%(SU+45a
zK3iqT%@Ae)4djkr3VYxhGG7rZa>e1+>e?F!5%~LHuzfp~HO+g@VG<%d*xC_U=w&)R
zSqta-sj6F5lX%GdAuqu!lhV+|im}2pzd5&$P+)(ng^<_V8a7~ucVQ#I@WY|mmYSbj
zg{C8E9?Z(&IHAb1@(w*jKhLB@G_AWT8M10i5cCl}#~^hFZ|0+G`A0I}&T&EuguFBu
z;@A?h3lmIjtu37Ie$$kJhrJS~(7ID)slJq4SfUB>`ZjF93Dna!N*QwF4p)hNlrL|>
zMB4^F9h;cr49lRjt*-CAcd&A}`hXcOyNnB#7~IKs-EtCOC7iQPsdSnfU;qmpn1To6
z-wJ9etBD9bcg@9oVf*}}XH}y}^5szKizdwqr|;3`xsrl}<L0{EluT`~aYcb9v8@HX
zKugP!5m@`3e$P<em7fUWulL1LqU??|qLV%)vaEClBpW5;UWF>Jb3*gEep-cRta|li
zjo<oupF8Z+EQaXD#&jqK`q>%PzSzlNt!cDu5qnTk1aLuqjSiGFkfopf#^uwUs{8Yw
z)m(T$BXBM(v&)%aB*m|nIg1MN(<(@~V+Z0u9rkKpZE%N|eS)W3KA>kG)+rR6;&^Qr
z>TE!;AUWuqFxazpnEMH4I65i8AHXvqgX!alSWA-Y$YuPPBYJ_Kp;)zBd}ynDLSMn8
zr=MO~9cmo^vYtXWj%1C$Xo`(XBat~@LyTfrTK?Je8chX^w^`LG4SlE&(O1b+*X(T>
zTq7nf;Za==xf3*OFjj(EU++$vZlnxZPNjp{T)l%)98r3%q_UqLBs)}CI$By+Zp%kB
zWzBsH>L}J;W(F}*0P#C(#x&O-d4nUCBZEI}le|FA?2a^7yBAv&u<Tj22aYt3uQPm&
zS*mz;>`S4sO{hnwxm9muvF%Y2eg*ixM2efc30&toWk_j}<?Z$r*H^Tn-+b_0zK+-Z
zK<;fk<y%1Ns#gxPUz&It7ROjGwoc$MP++O77;mLt8*9hR@71K=va_b+_0flWl7F1i
z9W{9$mGcWHXi;9*>N*>D%Y&*07J?1cRT<lT;UqW2q9380`6n>i$iR8`ZY$VyaND-~
z`TXLMGP_;4_tA|POLbyTw}t6ft5HqIQ+udB(p|9}L_Nb0W1z%RTwrFUVHAXk`9>hZ
zSdmkf&Ys`dUf1fqHQVPZ?=Jb<cv6%Bg`aEBEzs9g_^1Y;e!#X;@KUxhH1)6Y!>%8`
zU1+ZUJS7?X-f!%4-;IWar_Zy5g5tr1KdK#6Ub}OzZ)%R^ZPAXFMo?W5jK))RTXdts
z?8iFc#oT>5KpDZZ)UVWY!3}g^nd#$U^m61qo&D7iu7z!ON6|yf^9q~2wbEG3(7@%G
zF7Y_pb-v_Jp$kV^k#sqXboo<GO4YC}N9NWs;Gm1}G|lAu0lhF!sA`DUtK9H=l)Iy_
z4EfY4KA$_9g_PZr!kkFqm3!WOYXiBwiO$AI2}v_qwdIH(pk(g#`p<b!H_GjKva=r=
zyGC|Lyzt|9FFp=akrj{~&j{IH1)3o#Ifrt5Zj|WOpRXpx?e08Yn)?0*XG7KUmZcVq
zMcD%J!2IsbmM;|N);;_3ttQsolFE`6bf<YcVyF+EM|^no)Zwj*KpynxFPvKnOf4Jk
za0=7OSx-evdg%xzkwU}uX4RUy{%Zzg!=}%!*MHk16u^V!>x+?7-eNNva=Q3B3TNk`
zY}*ZS;6p<;JZQNA;*vq@G*Xh}Eh&6G1WshrFu|d;B(T+2zQcOX=AlI0#9A28FsWAD
z@ypGf*t=n4nkzJHB^)Hl7aB&9C~+(5lf#UN$--_Hbwva}Y^9p5%i%yCcRUrnFbbzh
z9dKgh(|ui9tQjh7R~4`KMoT0yY)MtGom=P#5oB(nv^7`Sdj!78eWaE8EuDzIFk@zC
zy1~vj{x#2QJ>E8i#7)`|e>;`6$gik#$0OX`1?xf|-rkAt>LK9bI11SBT=&d53@B+P
z)cHuG76rdk1E~vrgZ#ocUcy*2>_jQ?lbFhbxC`R?YFz@P7CHC>pQ-zC5@Kx>b~#mZ
zO^1MM9uPe*Z=FM?OM;(72r};E(T_NV=q!C2*c=(BK*JKf*OipI%C}M@hC~oTk?mIJ
zy_X8E^4HuRif;~6A9337^H&6!Rp8+wy|<<t<a%r4BSOX-Bx{al9t*ItSxRS&{ji2=
z)*%%-kr`$kc<AVDooh5T`UP-b+anV(O`~;p?<4#!A0(qx6#GZSc#vH*`6Se)sg%0D
zilw7GcP07B{jssF?Lo2T_>suB2uA~X!@7O1$2D6oq-gynFE6M+2HmH{fk1WUjovB|
zZoouJ?v}iP{b<_UyHIW=(W2w~?G;;MglmPfz$ERQhLR-6P^a9{Vw302;HEw;+_fqx
zYy|@nSJ6gV*wd#udD(tu5?gQ3bP&5YJfT{xYXv#nd$$>KH<b!7ukdTqT)dc-V~@Mj
zZocJ{q;6!KLEYEQXO=Lcg5I4d45M-&h*koCouD^+T6=xmckk8|u~l~4QV@83bm-uG
zC8%v(ekRtm7*j)Q5TiqDIUyG*yG!S+{2-!jHu_rPyQ%M>mkaShEmU_R<m1>%cQRck
zcg-(?R8$_u_lCLBXF%`Qg%Vw-xz%J|!B{wuW0_17zk4tK{&Hzm@CR+sk{z(uAwQD|
zKl0uDNJYhp`IiSuaXjB-H`%Opty>6Nnvv_0FD>3!amZRQ-u=QDXDfhg2Q?`{EUO3t
z%E)zH=!TvJE|1Jo=C{q`8Fo)<_JoF;jfa#MW_~ED<}|qwDs42ermfs8rHY=YUQZ6~
z%T~)880!7*bWs0(FBd^0dne6)B{Do1<hH!ExwWS+IR_^bR7Mr}lTrp`v3<-)5oXhP
zmnS9cpwE|gscbID^U1lDMp&1pw8Zf&hL>WXP$2`oYQ3rvMeh|{V(Lzh4lMH<qYIHv
zt^kgH^OP{ZgY*mi2E4!by(JC=Yw3mP%~wrW4<1@>-R~s0mdkw(CFg>^u3k1=_;d6n
zKih3&urvFjOYZT2ie9%98tCm`gqpwp>G-nRdfle1Y=qu$`;p?zxA;1u^rY6et#%gK
zG~;izdhu8*;Rv@OGV4jVf_QS(K!IB%H1f4=VLx$b<F)s%yet5hIBqg1_u3b-_+Jk_
z>Qic~HtvWOE`!Fd*<j3U5JfQ~ZZBi|n?C3e8F$GqZ-XDYq{ok{m)MV#$7_^Anxwdo
z;yt6{d!~*fv$f|gb4g#m?%PM3xu1K!$tp=vv(B&S>Gy4XAH>Ja<cFyBRNVW>?0k>d
zBcIo9;Vh%CS1=66KRG^dFE&=Z2D4xum2UD9Rh@hJIr#;$hngD9-HF1La5go^@A2T-
z7F&hg#YJ$gZ5}!1MbdW|@*CD6c|=tQZu=Q+S0rlI4x|ClS*W>ZXve22Z4g1bVtlEw
zv9XUQ@5W#Wc^!e=w~`vL8GJE7dn^YPILS$sIk+}bO04m!l8%_XNLm1~SMZ}pmX!B-
zS_L~<MIw&x4bvF$GP~8(>|Z#dmZhT{p3pv9zDpki=0UK2|IcA_z-|$P(vMe2{DX;9
zFEb_r8+pVJUYN!eM)^l&{1~gge}HlylH+m*ZyW<J?vuU9>#y#knV7sy$1z943d;t!
ztW<3rsnNiP^S-<`m{PBiaqC?XxG<58%8q!kRSq)oGlR3yU0R-nehke-;R=k)@xE9h
z)fK*PM+R{Xz`XrZT3E3UoFWH_V19IeWvJ<CYBaZkpzAN3ABr`em93IuxvoSpDX*yY
zzv~5jUiiFt0pqzI6?^xC%S&OC$(c!$bHfr2VI5v&X`}Zs_le25FITX2hh8PV4jm{~
zTh>&_o!HfZ#A(9lBj$J3@0Q!qwBdeoA@A>%hGW!!6tFW`3F<esvf$d>xnca0kbEK~
z?@N{f*uQY=CP-|05kASbGn~4t=#+3Z+Hg<z2cHn|ZLnDYM!-6D+1~~g_E3gv6`urt
z#1NE2QsUU6x=6A?%|dn^h<0!iPpQgy*YcLRu7%4p`(5~35(pt+;`mY0%#~KL(8a~*
zYFFs=Yz7y?X$o1rktTOHklAq$E5i;=I<~j2TM+S;W6DurkgBeP!c-~OwR<o#>dy(n
zpJ#sI6ekW>E>?!`bUb%Lb~Q6iuQwlK)IW^t>fH6kdAcP0&cvf?J8UQSe*3b1<-}LP
z*^!;#>SEo;iJq1Z=qIXZnanOwUp3|>pK2t-dp&;jC5se?CqcT2Wd-MBB3^-spFbf^
z&cycqGZa2s0zB*LDj`jrHFVX(tj<ST-1-)9D&J~Q%94WlljBZJcTv?|*vviCgJAP7
zn+k;MDnjOFg&Bg4&r&`TK-@;dWCrK8iJ8F>uZYDX@Umv1OFee(`?d9Zzi_T*Sfo9f
z(C3=h-_BaAwi!r!ujZ5J+^(WNTQOkzDk6>keH$y8CdMh-+zN7GvKi-#?|C9Ae>(ro
z4-V?MBQ+OfZ^aDk#|qC&UA=c~e5oYL_)a0H&JYEiRkhv+WsARTV^*=s>nLx@a?!en
zVa(UM{bHn2J68FvLDOm_Mk-%-YJ5XQ*3Q9Pv_wiUI@2_Gp<Eo)m9;TmJMPi1qw_VF
zjBPPqe3`h<iBUvdJ&GntpLI}aP`s7zNPe}#mLTa_%s?x2A;tuJxZ7%O6`!lqRNiUF
zWSHx<)5zj|$IYWXQg5?$e+eEYHm|Mdf?J8gwOBu>&~l67``!XqxL#}5rEb35E(i_<
z<1fch_Y#a1%nV@SEQu|bct@R-T^bV6hP>IXBF!?U!;kH!74gDBF&6{CwK9vIOjf$q
z%;JVz2Xp52ASW8~7V{(X4V7l6EX&&^7JO8?oJR$Q%MSamXFYN6x7q2HL{F?W%uQNn
zY{mGQ=+L*vFx0yIOcB{ioD1uBi%(__64t)xW|}ZHnH;GYw}OrWjg-yqOiGzWYScx{
zn>uMq_D$RP*lip-7JP2&?HUj*|Ip?`N0=HJN+7!7MncM;S##I`GmN{P6C2m1<6@{h
zw1qp8&rOq@qo@}K?5Zw)JI?Ix=y$)VounyiQ*A&iQ~EkS_{Mgj+7*Rvhp<r*+7)4a
zizSU8OP@u~dp0x`DeO<h2Z^c<_W8P85ulDmkE}Bf?%4H++u7RM-IAS`y-nK8W|dri
ziM49Lqi~0fH(oO)Gr`kGsh+f`7M2EvHLd!BeH_6dLQNOa)~(R#mMWxjxz#orjHzy9
z(+xYz;rGI4BjjJ}=gFbE%c}WA!NBqC8CJ(~#gDpOUyAK{2(%+J!w<EfEF#(6aqTv_
z8VK_2jC@FKde*woR1`*cs<^G0vsU2p#yY3QCT~qyZAig3TQbg!5K9^%SZJ_(crSa-
ziuF<d=J#X``>v36JPoj1Z~gc50Meg{`s2xu!|k=k{4IOE1{X4!3q~iFeppV(K3xY7
z+BC_Vv6@tTAPl1`&NZGiXWYq&n6mi5AM4S#40+8iK!LR3_0Qw3)$v?>*~IteUSnIE
z!DUPtWkUe({nyza6?4R|a`|ICMv7Y{<$Amt{Gi!P31$7|*473ZE_qIq7ZOAL;rUm)
z^@Svnrmb~dwMX=(T1^W>>~gN5y>Jr*aW7jum}C5X#|LP}&*$0K%~dPe%3s@!N#gt%
z(5pHJ7UMo7TPwYn&n&zNI9&>2a8ZMnayQSiZ`@^d8Bme;-eeIdx2>rsGW&-aHyhCj
zFBM;X@g+eC4cCb}x#nla6>i#SO44xLU7Xr(e`1y~=(xLBJ4!ra%ks6odT7>K)ZPJ=
zv!E0w9nE{_rFA>H(7smZ9q}yrrsJe6u(f)&je89iJknY=(M|f=d-lx@ve(U^W|V@7
zfi7QSc>8CIKpXnSuFfWc?3|rGqPi~6;-!7cCy8{o5<i0$#mdqw<r1q*f8ku%c58V2
zZa%FbwDe}z<wdeUYor4?F3IA89SZkhEGsA`Rx#P5;Wh8(Ca|kHS8jcb$sUgae^Wu0
zRHx0OV%lINnUJ*7kAq*PeUuWH!}ZcJvuQZ0#gI$p!wx}iGN!3uiO8c}g(8^GCm3o3
z>?g>vU*k*w7dI^f-$GZo2Nn*^gt~R9#411vhtm2DtvYRQUxgXR*iLst>w3>Keqs#k
zjc~|{s=f8?BCLaue)F0utsUatZ8eCQ-;ni;Fw5pmR~7b0(+zL(I_DbvWhy-)U9)=c
z5Nth|CFm-O<<SJHyF6+d>MHlGhIfBmKBp_?3Gw&BNa(z0&3iN?nnkOE0n;=sbNBYd
zQSmOy7}R|Mp21Uqp?%v@uu5IZpd{6cx0g4UT|0g$)#Dso)jX6NJ^VbAh%4J{fBYAY
zUm?mb)ysFoee;nnGjojO)IlU=(?ZT-;i{c#jp5HE%{h;jMA4ep(K3uiXz5ud;yROI
zM^{48a)ce<Tqr*uIlM=z+}UA#oe%dw!B!xCti6f_oR6<$G6CGXVd2O(c7NR<iYsUn
zVN;Yv0D~r9TDM#0>|0TSTaUPS93eb2M4ZqQMeRxwPl(lIoh-6K$z-D0K8upvT3f%8
zO+7&EC%CCgU`{<5&W|b)-QApY)9m7|4?3Q~;Kio!i(emud!)Sy`q)M$s7N~GtchW7
z-^(p34TEzED?RKki#n!ii{K5G%DL=%j|BHPRMfNG?PCWq$4~rVlQ6mQEBRyW9gw5>
z90mIgszYObd;z1|*PB<t$9pT4nhqCLb9yT5FHvypBS3OrYpUPsmQW0e#b)21YdoUc
zTS)=w1eV>=gpRHuLYWo^Es0A?ScGcJ)k3p5W<jr-kB1*f2T<f$GbA|%bEUui&^#KS
zJRn@t8Q-TjxDY3Uo@)AZ4+HEg&DXMV3=nJjB5rXLcJ4(;BmF~BX}!S3r6l#Gis^>y
zD$XjexmO0~gOuPlKY6+>eBQJ>;L>6)bnwJz#y<%*;EnwD{z+T~mvPvW{am*AuLHNc
z;s>UpgD8FMUv73@%1W}*D0y$gW>isEp;p>y%OG^@jUggDcoktEnhagSNV1ugLIS!2
zHZ$uZmVP?T)oux^;e+wjYx)sK%C&3kk4oYkpodp-cf^hF2QGA0zLn+DykbMD{{`J&
zU6mx!;=Jw55u!Pmcr)w5?)sF2wnmf%n}x0+Gw=#sV4!_JB`7+(ZSLLcx7TYbTn84}
z2L;j0iNj8v*AE;wy3^j_2u2qv*`E_-VkMLh3VBVMmMl>eM;HDv@jj^_MuV~-+9_L4
z<V*YF1To7%C+u_Z@u;ZWU^eh=;9OQoNn}fTe0_zTP&4k(Kn>NMxrQY9Jc9B*TWedw
zNrSe_$+|9w&)w}tsmfdn9rbC(@~yAMs&cdx_}c(GyQb`Zf`zQ>>MOEZ%ct+}Aw^80
z$<G1(g%%4KKgeuxamL#E*rRD3HS#5%C*Wn<rs^8?FPw~9lrZQjnCy$Soda<E1(DBV
zg6n+zGG6)p5d85$57D$Xl`T5=Sk9wQl}zVXa25*1_J`W<ylSI;Po(UqL2|zO#jMGG
z0~2f*{R?N&T&R0!*-`0okj2P`vK`CUt*7lw1lgiJjum`G)4H7(JIDktk*E)8Wy%vM
zMhViCazrgLzIHuGowGs<8J0ff?j}pjmO!@t!Vw#mEfcWmi_O&`{_x8D-OCSvx-*Cu
zD|_?{N3p2x!lts+&-NDr&E|u=&1&prQ;fEZUrMch;c$r@l^TjZiMRgd4E#w1UM>z$
zbx{a@RT_7z72uG^jAx)b%z{nZ#8&$xw9Izu^7_avDpViC9=Hs*<KcyechKZa@)bVw
zb|ROoD>sPX?+Hr{m0r*jYaNK?)`aU6!lh~_yGFS)M#=&fUo6#Dh78RXyq+(75kE+p
z7I?hAEDJhM>`IYk`|5_}w^%Z^8k;XY%;VGdn`GI+-Zl#xJ!TU>CRdMJ^D0z8^roOX
z1LZJfORds(Lqk=m2=v@mnOR<MRBM(|&$rh>gcO{z4E7KldoWpsO{v9X3o#53pEcIY
z<}ik;?(&+!GF@NoMOjS=c<xQz<c1K-)#H8CX!pf0S5xl&_@P{EjGjYVX}k~4>=>@o
z0Jb2)=o`}=<l0DBw@6$4N{JtHCN12%usNhU^}~X%pg*9fyKN(k-vTA6#QCKtq>$B`
zY`?!l?8&#TkC+`gpc#|pB>H^**1d><Cc)4}!g}qJ)f+A-X6H_#t^wNt;L!(Y*{l|i
zTX_bOzT`o3$&wJlIOuM;16npUc*DmoR=KFuo1nL|A`HH*xl%EFDG6VRH+YNWDCAY8
z9@U#yOyg_BW<9Lt#bM8${k-`hJ&g2%AZo)@wqk3_V(kbLCo-ZFy}7R|Few#VAq4b>
zrh=eL-bW)XY7x0BIW1dW>Qj*zujt-M$cy~u35%lk%%{?bEz0vNLvS^ViknA0HxlY$
z3m9GfE=9aUG_Jl-k9;&BBa;jZnxfRSgp>+bG%{R`g`>3_1=Phmk0ZaUrhj|V2l`0*
z8MzsH4tOQVGO7l*EBm>U;>Y7rV~c#!<TgkW1uVgpc8XCu*yN|mYR}A?GHFWuw0nTf
z6wya1hISk`De#ly;kC`#%HZ+JrmD&HS{vZZe{j;H@t5{95_G{A`DR@?3h~L2EfA(Q
z6=>o9F+}qL&!cXqJ1`ct^ZkwG)8`$MecXY6$aplW(q~!k5_5UZEJETJ4r`j=S5P=F
z`40n0Q&+C~4P@KZ#9gw;H{f&egwu{AJV=2~ByS@5R70%{6S#0g+r2X%1gMy9NM$|?
zAM*tKMg)T-mtIGkQRw@(c1NIrRH$05F00(UfV!-;!%}<uj;TGkFJGN3DpP#8P+!JD
zm_-`-$=5(E+Qw>FUqU9hJ)qFo7%+l~Re~{(iVtE#BRs*BcNentsyER#ddc!L<pvY9
zEH8GLb-|`yA5puHcqa!Q_p$ZU7u{~D<x%i~6SULr5Q&qm!$j>H?HNMV=;)A%-p5{L
zW*4iIt=ZKjx?5-}#U}ye^3K1Lm>i2qf=(R~4!?hHrt*AX=8|*QC6K+-CRD0@BVIj*
zj$4u>#v)&rhHFN^@IYyopl~4JMxZxaUON5Hsdpc)!EdeH0~ONbvqpT}TuQ2#oY-M7
zto`bCyy!%frd|Uv9LcRr5GUG>PuPs);A}HCOd_ve;&r{SiJnuPPEA2Eadhx?66RjH
z+|91Gy{*LMYn?xYo`Klr+Y(uiU2_l!;TObD%@)N~uBk%`FuXA1xE0RA_zI+F4_1+9
z9qc?8)33Q;#7xKNCzhJ*|6>Fvw%06DybhMx*JsRsL3D>esi`PeH&znu=8Wo6sb7k%
zj#%_bx9X3(GEaH{|0&R;0pqQS3!K!oh!s~PcTt5XO6r#u`>4K=&$94RShV(|ma`H2
z6zG*=e6La$IGKemUaFb=tpxEwV`G8y6*-Zu1DGw$85we0_D71lMP{QNS+}hbe(|LT
z^$N3yw&}~cH=B*DUm%FT&vY*PTxFr|v-!ji&$P77o0w$jpB|UIf^#tnhu=6nLez6T
zd&H)8=8L6{RfqXGA6*&6x%EnL#}NNzg(=;o<6Mk{mKElTj({W5l-<s%fa!+3%w<pp
zQ%~)P)|1;$!nJ{Y8D<s@A9>BzJ`Gs2F&2kpMqk1w9YfWI7H|(#UD@w><OplQs6!@w
z9}x@`W&aNVH$lk0QZy``zVFvh$f(87RCR4V#f)z@rXq?3J4e~(m7Sa0=D_@GlWlKO
z^BBi{auA*Yl$;8l$hznni@9b=nInx)Ieg@wz<)ZD!$J8)&Z!`@wjbZ&-{?BlH78Q9
zDyOGk_;;akQH}YDwB18iy=H0d$JpcMX(vF+2d5*G?Nnv6msQkemrt~0w=I#z)lu$x
z3e~&StYm2IG}{KbRN^FXb_46Qa>v}%he*}0);84czRd$LRf$JZdH}1y{As#=(Q+o`
zZ|irm{KEFvV=L^sU57V!2J&J504%MK$Ud$96>=+WUt5epZEUudIs2+MC)A#;T_%^I
z=@!Q^pq4<)q2%W!df;^6*7zKBuF5zT*SzezFV&e!w__hf&@J?M%LC@l;|(Dnp!TUX
zjS}Bjw+Sc7B4^8x4oCk0TD533=&BUeKWA+WdF6g?r<%*BYd#&Bq(x&9;hhHLVeUW1
zqVu$!NBw+FV>$l-mXM6bPrCIVg?eZM6^E(l`ZVCQ@T_f>-0}RRZa4(?>t1b4y}^5r
zPS5<!<68T#xZ*A}Tezb$L$c}*`Ri_X55#p9sP~smrpIxlGQ%857I;wx^dqZu$p_Y^
zZw=hrNhI1;^9GIfGCA_tA58Q);-LQ2y0E)bs_Ers90}tdTc5;ytz3$qvcEOse!uWn
z<Y~>#wx&yKnxl2Uxcnp{x-BPAlKR9&Zstqm1*8`;$%Y=FgMs+fOU*w`)<1uw%!zV&
zYj+zrA8y(DRZTwH;wxQB!bs$X;o%OUh6`;uBl7-Ksry=WHGIkS-}+$rWV;;<yY1sy
zbuS_{VUS^IoAn13P@N|657}+?S+UgHmLMO**E4IW-r0Z0z08O|yPS{9rF7ahq;)GP
z;=hJ8hCiF_0QqPM>~@jK_N{5xg=foadau|10WyP%xo*zZ)>}5Sp3hZ82hQCvJwWM|
z{#9G-+Gn1T#}&BTz!7jJ4UgrTn(Fa1qAm38GFeRED$HeKub=LmpXMp4HoJ9lu?<Gb
z8CU*Tp$u2+!Txo-<kB{~USF%R8tzMXVSQ;cJ%x^$3_y^sz-~WMX=0aAk8A3h-L<T2
zGN}&T%ssL{mTJw_mBr?%<=iENmgE9AgXR!A^s6)J)(qcjn@<u+8hopb+ztT8O4r#+
z?Z)fpW%v`!t*F~QPAR@i5pj3U49-YF^(XoY)=5=~P|96?@CP`qNXe*3Jl#_0X_h(p
zV2=vyJq9_geKO@_fnMGbZKub`c{nnA`ww&0wWVFRXZ?J-FE+`PI-3Wf#y55us&Y#@
zlDk#7%R79rp#Eh40G=v%?qZrXk~5J10CeN1_4-oD^PerF-5D8TdLL|euBWQekhC*i
z^3cHdIcQ;wY>HAa2|dw!{b*DIdsx<Kc#O;BmigTJx%B?EY}(u0+@-@0FvXD=KXp%X
zJ^kvD(`HM1sbiOQ_0I-Uc#TQuJ%Fqw8E<R<0AJO=5|cz|FANao^c~ZdxRi7lAZ%a9
zkItDq`k01tgn854szjgj&ODKy#{|>PnBsjt&L$$#)OoTK{B52;T$-ZyH&E%izM~*J
zrIX8qe|1JwAJo<|ZYx`__zPd_xoXd1^~L?lPpfT>N?O9L2?O}bl27YShW6#}wDd8m
z#dB=ZImbu9IsX7YwNdU2SDG!8p(c3AxF6pA-ri{z<*p9BZV>N*TgkxXM$Nb%l`m-T
zzhC~_^3XYS+xpnCZ9by#*t~>!sWU}$9zOEtZtug7&Y%93<bTKD%G_oN58aVZ@Hgr|
zDyo-PQ^BI@QLk3=ryilOGx>_JnoN!Tqhm9-*`{GE4mzU}N&Jo}#mVh={{RiA_1sR&
za%R|Nyog-N+dq0@Q;8!za=xJYQvI^kBTJp8OKFBAnMPC*-Iur5^QNwwE5~hfEP*fJ
z`CdWNMF)_5i2SPRTES~`B&qwqIDqT?CA%ME{Oe?<^|imR=|8}h&?L7G!3ynQG8hff
zxcc=6{PR}-0H4>TMxP<_(lDr_<;PE_wK4AEiZ*!(P@jK4!|r{(>vf{llfJ~SBB=|x
zLy_`=ahl1z)ZvKiz57j*9t5D}573N{%u%Xbq;T%LhwT;*&zm1DAHN;F#bgO}7}w0x
zt`}9)$@!vuGpO`A=lt}pTGiTiU)Rffd7|SUq_WAWxM$O~i)*-4WtLsJQSZh-l@^+P
z?ab=hhMT6#6CPwt1|Ix%tt)*qPgC}&EDAKS;nM|pJwXSL!l1RXxU<y!yLhZ)x4|T#
zK42ZVHJ7rL)0Nuwy8KaG%Gw!TMwBOHnJsb&7`ACke}!7qE$w5pOBn67c_UIJ4FD$@
z9WsBFFwd{r+%!h&#^OW&04zxe$LZ3YX?q^9#tYp(<_RDLT2+~Xu0OnTKdoZ9HHEC-
zmA@TI*K(@9k!GM=!>T}geWb7-p{sEjCyAxg1-z;TNs>vI^(P;#R@Su>rdmM-oC@*C
zH~G$d)F;t*6UeS&>r}qI;^O8<U+(7%`3@@zmElS9+wNBUf8ZAwIV+tuuc%37V$jVi
zL#Q|f1-#N>N4X~l@UD4v-Bo&D&-l4DYfyrDZ8W<zjpeuymmmy~82qF1{&jNCP1E#%
zC)OrLoN|`S^ALa9#b-BGrB8L)F1vmHWiCjqbrEkaf3qaG)yhj8s8-%5jBj>57#w5)
z>sgliE!@%h(uB2x{(9UUqwwy33e^76y3}r&w7odI$B#Z>9f#9DD%FAE_L@hVS=1e!
z6U=zmB!Ttm_zG^9wY9G#y6nDf{zzQhzD82XrdcpsSX)rJ?DDQ72iba`#<XDY{;jRd
zv+53DgmhLIAbKkHuCGtiY%ElZSP>j>$E#-<#%o8Mbgt@n1#jLxJ1xJ>nM$|vm8@(a
z)9n)8-7y;a^(WNU7QNwA)Ff-GMiJZ|Sx?=6@HNxXUDYU4sSjr*p_FGRyQ9oJ{YOY&
zvfkTymihkxQ!?d$;3v1?N7;0(Lz_#3XEFZ(mRBd_KSuum8uYnhj%dnCis*W)41-+0
zq2c`=W@8X|U&}HB7a)Lec=q(KGNuAiS~Vr-zus>e$@v`2Hgf4YgcE8OhD%`CBn`^L
z)E<Y{u4;GswV79j^ZgE9Vv+?4q<U~TKGkFUBU;kbHHFID!0WgokU?Kvhp*vHwbpE-
zX)SdfJis4`QZRNOeTSj<70jW?xf^i5^}5{}Ui$82rnRW~$kN|jvH~|Kl#Gh%(rNGF
zNwnW3?bz)ee6p*l^glO0g>(1X60kQqOrq}G@>PENeMee~^gNmkgp0XFyF4;4O|6`R
z_>bjEoa$2MQ`fKjGYKfl);bG`>}?pPq`_Obht40CO;?iM%HVIevewF<;!cEnXElQc
zxv1Nw!Ej`c`;!3U^{%=Gw$&}I=f8u>o<YQBVx~+Esy7Y~y=_XQYuzh-->$!r5{ri7
z&ugdL+bz|_t@1Jf5Ls2h;B_H?ok3+|V?5F<R@O6ZLRATqcJA5Tz!e|%t?`)I*lE9K
z5Db>NkbtAq^N;6N^s}qnO(gHBTF(##N=5-2vB1tfYjoi`t1JA!&fk$P>26gp>z2}l
zw~I@*+;E`)2leKxrQg|dbxnC%P;g<l#|P7apXF0&)-rjob$11flSX!_wiqD$l5jfF
zd1n@x2brenVoS$tDJolUzD-<VD94>&=HKM3CewB_tuKwh-4qigxEb>&J9G30pU)L_
zU0pXJ45y(T4RStcfz|cP#<{xB$z=~99@zteeznlYa`8m6UTuWPLdOd7N4L59S4}G1
z+CS^px2EQDjkYdGA88R42i3U)@TxLih|oR6WJC@ZdgbJ9+f-HX;I;wj*X!v~7EJlF
zpk0{?$EY5@*{!6T*@+p_G)*ipF_t-JZSNAcT#xpTWgdg+O`OPKyOKNYxqXi(@WO+r
zU-r9wPqkQ*zz8R39Hqs{`KNEZ0rdI~f}od2R{I^SM5T-b$s&Wyjh-|3<eI_8eZQ^0
z;J?6WpqSpnCDD#RO287@7UZ$x=Rb)8h^4(3u)xf+!wshCU;cVY)A|~%I^J82S5i4L
zu<~t_(LumJnaxJV;@0Cs(}qiZ`AF}8bNtO_=F{u_J1@WTMO#7eYFAHdq`a`Hd$%b!
z9ao%whcvQZY6jC$k~C2*t=1G{??y0j@5Mz8@0j}DBO7dnU>N(PAz$fH9YRIZbZg{N
zOUe>_e-YcapUSiLp6|r}0Izoc0Dh%%>$ml}r88bM*T^mwIHXi-c|Yfyi~^_e$LCK~
zo=J$7c2gy=GeD;djs4{Oi2SOnTF*A4s%g?O5M4$liT?n)cn9^xJ#4Pzg2L^|Tl-_O
zL7(-BoDuken$<Zsv;Lp_9XyE8k!QC^EpBGKXGi_nm-rlWfa9_E^{JNWVw>!%4#||C
zC(S2oulp_Z?M{nJiW`~sZTmgQK4c6&UEZL3_o?8wh6vWxa>6f}1M)!agY8<zGwY}I
z{eQs|Xmk%Wt&*&ZoH97W1MEixRiCHlQHf8NxS<&82S1msMAuPnNc_-^DE-@ZZ>PVt
zY?@0}PT?%fBVz)ISx+b!2K{^eYa(q*(pE8@Mtwfxy2>&7Hb>-YJx1aKaIoqO_7_9_
zP1Ho~VfFrop|}3fdxW;tE#tqlll@)FAZ&UbD~_dR<;uUWUaRsnj8a!3m-~2y*>_=g
z3z89=ZX5Idl_&OLTM4AT({#vXPzuNiRXIH8ZzJ%nBcs|2HnoDyN@Tiuj7o<bax;<m
zRcImAMw>KnJ(Lf)d1fD(a60EXtlbu$y?3Xt=D$(%Ut*1wmXUKR#uw*qhS{aS{7ohD
zTisoWTFYGFLgqBUAaS2sL91&Pv3at6miib@T)`$8exQGaTetfTr4ruD4AzY92k&QP
zSI_rwMt@4mJd=+kQcu#~=8AVt?54L`EKTJDcNE>$<jJ4V)wPRK!W(F<8Ye$1G}9>`
zfjRuE7gzBG>{rheFpF<2Yz5FXnD=9v%C(a6{{U3C26<XmkO0MrBc8Q`#Ktq^O8$!9
z=lK??wys_A4g6OUM+LmHw#<og>`=G+A&E7!WheY1x&e~s=DE2$k^*{h-}==(GSV$u
z#kV&bN0AhUL&pqrf%%?mCtlQBQq`uLc4JerG3cZGdenPIPny40?7z&bb6Oobnh?m-
z+FWazk@MMGWxP-KOMN{BVM!$SvzKzxNZx}#kgmT?(!aI5FJS>~k*ww49ZKb?ZZ(Lk
zF2<Lk*~HTZ*jWDnd(+?QO*zo!gk?EdJ9)O)l<e9_#M8Vjs9!pnVm8qCc?J$Wg>-uE
zogmV!G>twMA)6%QfCqLy<kvm@vwi)pqfwSwmI)5%VjwFp=s4pUtt+j2S--S-t*ySx
zXs2sS)UP=D{z9&du<@rTr0)Lvb@D=zo04pv<HNdqmT9L$a~kSUrtIhM=dt$wRm*L?
z(DfB&R*GoOMtTwbL9Gkj3g*V<-cxnDImp>^xxjPl{xx;=IU&ZM;yW`c54$!#VeSa)
z_*Qiz89igj*Iu4i{{S(?w70nJUKG_d=(X)XDKuZ}l}{>1f5Z7#NuXc0p`^zvNV3R2
zRv=)4J$>sdMbnnn;il7WlIu^LZIKw^m*4#2sIGi9;sX;i3k$A{58da3^#}B>$VybC
zs>x{deXr5{%-T|1tES)Nbj@!BQnbnDKwRav{l`Aw@DJtns<$xddW4=$!<eps`AdH8
zLG&l6{OWlw?x0p#_L%<whT#`-{T+IbsN$&H-`GnU+G`eq6>s%#ozb6lVbZ#4N*1%X
z&u{o1rfD*j;MepVyi*(7Pe~VX1K+>vR<!%%)-BptZcUBUV=jRduh)^Bel<?w9a}_?
z?OJWwyRhrEj{T$jJ;htFzZ&EQSTA1A>LHmU+6octgWK`0SUXhYyIxQ9cQtD2{{WBq
zq1v)*cFzsnguZvm1du4o=hP2FSEG{R^3FM48DWu+%@ly(A5cNu2fyiAy0dFKZNgsL
zJ5LONdC&~9srK#x{VMXw=cT>eD&?DilcNSx-FM?7@yIp2T2&;q^naTF03$ZELf!{<
z1?9N1m<)NUcf{Xb-<TBJNE!o+hqg&%{{UAdyqg5SRXk_&s3e8{)tfu1EG|jr-fm)(
z>D%(FGG4`}+daj~L<~TA(LzbXlflPMeNHLeb2&>(e_wyeFzIAv-(G05#dB!|_u1x@
z1!*?1Lxa=Md*ZNU@W!ICtdV&W#@}`0lwrP^#aWiaOx7-UX_tOP?s9GJ0U18W`c#&h
zezT{SfZHwIsW_Gul~{fp<R5zTrkz<{ak}px>Hh$kx_qlg_nDFDdc~CMELL|(A{>T9
zC;3&)M@_lAhAl?k%4p`0l%5rgj5z)vJq<qhM%67RR<IY141;ojNM!#2WxeX{g^sx<
zpLrDWPaC*TDW#Z<9p7AzDj`Q#O~sAR?Ohb~9WPOfREpx_31WsY%*`jtIv-kfu7P83
z1K#R4sPM=95FCa--QC>#3YJTY9UjVSJC~C7@<I&3T<zncmh|<-QCP0^zx12A7S~UQ
zjo88<^ikZ?<);LomF3&FuT3l~$?LKbNv}Lfd9y1OtV1|FBuVOh@m3>*>o+lJT4-d`
z;5(i|KKbs)-_TJCORO-{G?<JQD03u@)&Bt6WBi3%)U_*Z0?6rlSq5@HdoOT*$N5u?
zRh>$YPOra`@&@&?+^^z|UfRygX*Q0r+gq>ipFA9PC-pV+CycyC-XYct#!uMb%0Q>n
zyM8s$c>e&#pKWP0ojOur2NTK<-#^_R-_E@Dy(}deH|?q`K8vz2oRVCz*eIfk?=lJ~
zqJTF%HR5}}4c_^&e)8SV?_no~_a276f$(RJVw%}*EM*f~x&7=6eq=vR$NAUHReMX-
z@3d>hy0M+2kaZoHdJ)`LC44tLy`&wazpYJSQp=WFqwA@(n|(|TPe7POI-Si3J5GP0
z{VP4p8l=Y8P>1Y#m)%*m?O7YJVc4HhUU}e;AO8Sq%eDgcnv83?(Ro)MqttsE^$lRI
zui=Y*TVPv=n{0(gz7OkzUSy+wWaDWqTIl@OW@@@?p-)AgNUtQ&@ALL~cSca0ZEn~-
zvPE4>7PQl*`wh`)u8EE`xNwfD4j2GWCp>XkI@1|fPt;W6NuV3pe|=5~{#CtqWgf3}
zZzQs_J)}z4FoorTUEeM}PX?7OQ-<wr=>Gu84qeRqJreHT7QDQ*lIC!63<T~O{_}f(
zI;}Q~tm+dz&Dd1_^UELs2lN!g6YBTZ7k4tXwWMF`2;d@)hzG4feW}TM7S7H#iqsq=
zOUZNU-lnmWrOUIoO?UI#`siBbxzlJ->9&hCt(C~TyKoC*0309T&m48{R_6O}+9X>z
zmeMi)w)TEl{{Xw5-(D()hoMWSTFr5G6=j`7YK8Xg2h{ufb5>`O1<Kl_X8!315f7FK
zexujxlU{{8s!2(5`7i4F`D^H4?BwmKZaEC86fj9FtDO1MIaPD*-M)hYv**^YZtwp9
zvvj#PZ9l!bDhOX(b^ulR@4T0e-z#%}kD4oV9X$y@b$+#4O;RN*rd!&<HT0+Vk;b@+
zGv9IViqdk@+}8fKU(;es$hjjTE8Jb)D_TSbN0y{H9m&Te`U=8({X@i)HLjkYX0lWB
zzfL{K{zAG7h4WTJe3rt>0g|i<B!Sl%!1f&1IM<h2^~cyWn1!v9pPiI#<J9B%RAL*_
zH{YV&{{WI4dz#vGT6UQy*tGRGH;g}dBA%b`H}H>PTDLbA`evUbk_A+acMzkg{{ZWn
z%dl%(6aAT_D4OG}(w<d)*!T7Vr_}V=uKbH>=aIlW+BG;bA67k-R?%)W-y&E17y0>;
z?B%J+X}YF$X|)MplIro#?qWf}C;SHjv~Ddmjb2FCQJg@MpWWLhQah482dS>6+S12O
zjHD6A8wK3kN6bg_sy36mYZ4bx=j`1kIS|MEC_magO>@T#;}r^$z23|9?pvvMc%pqb
zN7MAvh#}0Y)>q|;{{TLowEIyE*Oxbu<6%2mQ~Y~-5B5jub4@ZC#oS<(d<AzO^2{IM
z9^iBJB8OO}uxmJ%Y)H!-fqM?6N54V%*J9;KD6JRfWvkqdIAL8P<@XeZP{hgnP7hZ4
zp5KKw;>BdQv4!Ic0=D4?smIE{ha~+f#Nlp*vZ)3rq}*}$S(ku5fb;(V0j1rYPD_bS
zA%R43`ffb2{ZxK+E)li87wS8+GV4u)`$*eG8gHI5s){&{KjUn6B;ZzWhc(MhD@~dk
z$#BUr+Ms0M_5DR|X^EXnQN5Jqoyte-iO2K)Rn6IG@!gC4PW3#yR!5Q`52-x<70ER?
z&NHO7cl(VMnrdD|UL&xIOltNlB(=CdK0k%O`t^6izc+-nRe!hxo`2l`0QFUW4i>r5
zHESZKMe@TU<3BOa^#ZM4ul6T~W75~=yu3MeUcB}GKvopezt$46Y2Vjx#J2S0^C|dy
zT(z{f`wjF%$zpLXGk|)7?ewYV(6sqA1cXI(Zjv0wDq={TdiCl!tG6B*iL^LvvZD4i
z%x4`*87h5x8mr;mQbw_!&G$Uk(MZuodPp(%PtgAWI;965T2<Gl>V(>NlnQ#Cs_HY3
zvg%epXN+uy7MEdF`VrQ&v@0w7Ckc0X2(z6EMy62UvFWsT?^LZc-74u4{HeE6#a7y9
z0VHwQH>Fm%({;Q3Nj&>`7m>8D5u*DMz!jWt8GBw^x7oXYUPF4WTb)(a-IbhC#2Qrd
z4i?_tJ+evLIO+%GOLt{&b7r<dq_*=2c8)A=$8g@>=BB=y3lwRmx=7bMJk6lE<L<8?
z&pm24NDYIH^TM|)g#kyHf0-nY$a+_&C3e%d_4DdryOL?M+3Z_AHb~w(f0gl*f%WJ~
zHHE3e4v}^JrKq>s?<H^DL^wpp^c8kHy*EplG>bKnE+xXVB8Do*`^UK-rCYzXu!1=?
z3zQQ}1YanTw{SS=>QCxxIj?C>+Fn0$`FRw**?O6<Nai)xHTi-l`JlBO2cgGvQ|Z@p
z>P;r4HXyQylL|4wWBv9$@m%~mZlkSTHTI&<9jfKs<lqGy;YCk*sL8I~L!{}*VzUG<
z1E?L(u&!9vX<et~-cP&oG;rztBc`*}P4rSsiT;jBNQ>}f$KGS;qODup!FK{Ov1s=l
ztauI=t9>*5E0fhV6`kPFw4Ng3CXjdb9^SsSV_LZTKiTv<7yaytkum=2^vBfoHPEqE
zO}%ZWtL%*Zoz9tFCSN)^K2}z6-M`*G-jyfK9A!t&6aYc~?mwUS*Eg$9W4g7`;BTIG
zjUOMw8uTBJCbS<@G3zl|lg`;Do1TCJw0>AMy006w`dNJ0Jg&vr{HKoDrU1NhDO4Q;
zo&fwZe=0<`iFJm&7&1v8k_U0Ll7FREj_nPrtN#G5wt;RO`ZESNspm1pD^8E|z}Ru0
z@0CBwtC>H0`u?{Sn$V8k-rCyE@vs^jhHHjj_E-%603%lh*rS3dz+jkBk<*L={J%P@
zwiqHX?<IpQE<FRDKlCbJwj<s~k@4ip&^Y?8NAeU!sM&4*01gi9w%KVFnZoU5IQJle
zKU$7S5n~Z<4AO22tZ};?SL=`ESVHn$Ps7v68y~bo84f|@Ivj)ejMOt+$*cHn?_grL
z5S5XFo>kX^N7Qp!yh^vax?lXtQ0{NF^g>u81eSE)9`EDFQU36%uc)Zhg|z!rPPvJX
z3o4)CK8!0CONH0GJo7}`FKwI7D!dR!Qaz7ftwt`Q@h*<m>;h^~W<<vu&wPD<on<Ub
zZ{6#v^X|P$P`2iTm%~WDYYk0&+ew!ZPQxc}_gmK$O6uz8L>^fJ{{Tmre4CDTkM8EG
zTIxetwi-UA#Khtm&sA>0zm-j;!FQu-A7IpB-(_%i42{w5>}#Lex!aNH(f0Cv(R{Yw
zb6Y{v#0~bnKIe6n%IC>(${+r*;-=IivelVv=D88x!SjI$JAv<v^{Lj@+Q!mHv1drp
zjJsoP+>RJv)d4P(t-9(F36gtv1)Vr`9f=&|S6hmN6)iRC)6U<SmG1eAlN)&Kmg&6d
znh+7DhyftSbKmL@<xhr7JJ_MPNurg3%1+S?t~nu(V~?dJ)y1qU9o(%XK4Hh&Bf(MV
z8y!LSAC*U_+O^i1b#G|#d9p?uY#=WFdj2Dh^=-9#Yvd!H)%4v~{^{nDc$(3im`R;N
zZO<6z(w(Q+B=(J_UTPMvyXLnMzV?l}oMVg;+cgH0YpANdrQM@7gCE`rj=>-MN>4*p
zV6(B&^(#LpNqsc(0}O+R)pLyT)Qa;X6y@z2-+RC6{zpT0T%+`>4JOzd>0`Js!}AM^
zfw4;i#?>5}it}5&)~7aFR4p7%eqy5x{-uv$Mz=h=uCEr4Zy{w#2xe}ZyPu#OR-6(h
zl|7w?m2KvUhWVV2n5p0#_U>y$uX=HIiqW;ZeUUHuo~(;X@V%|Iz+1ugnNfE?Xyf!A
z=C?$HV#^8-EPR&HjsqX>eLtr)D|s4?v5h7#4sg#Kj&ONWf1N=iJW@$Kk%6@NHnIAX
z#(y8=E6{}~QjMUr{=ctN7bhpE*N@8tr_Nx=LVu2C?tYp5Po+kwCAks8#|mS&QhS{4
zcKpAUTLEKrQgW8aUCHj}{FC^KHW>Ej??oF(-|x47{R*kW`u@MI1#&;_LaVu#<tsFw
z@Dw;7oku3H5v0yB8$b{I4D(I9w+jW#WB6@W75cF`{*_Mh*;(~603W`$1MtWA)J}CG
zwEnbzsv1#dp}#UWl@P--%MzbPQN>hyiDmuz<SMLJD!=UDtB=a1Sp2!AZ~5nX8}M}l
z{{UvG)+LSO1aOY=H~X!~{{Y!VSHCUa_5EC0BC^1?`N#!e%8+^83v>E^LsP1>O|d>{
zVqC^a{{UGZr{Vq{w5j`*jJG~hc@h)ddlUZvj{at%VJ03Jxw*AF;>r8ydw((Y0MkiF
zZ|nN~19BVtI~_$*TZjY0C(0yM`QvV!<G0tLtP8yhQqUzgnq<u^OZSuym=AH>S6>uy
z+lg*|XvCm9s}Y4b<okR5D=y<!lxlE55x&822Fs*5`Hv$9rZdJ3VP1_kxu>MMHT`Yt
zu~3w@TNEwzT|2}UhSKWT3$MJ9=V*7wX7xVxQqNA)?IxP>jP}oOz>e)Qs^{*Uj-&9X
zb=zxw-`aX?fn<h2w+O4WqvwXlZbe_a)nUEx{8v-ky~J`%5_AoN8wLIo`u;V^&3Qj*
zXDI5Qe?2=I+RNS9m~W)qTwM97sM*gews#AF7@wiRuCGjnRI@hvwDC_gQf~6NmA0G#
zp8a!KBT7v*WNkF8`hx&gIZBBkQZvBr)ZY#1nu=<&UR|uPs-td_P6;G?_4T5JT{?+!
zyS??$Ci$bex^As5ul~e5+ooO_V_ZcS*RlL_QQq2V^W81&)yw%7zyO&7AVK4&Q|u~f
zr?rmaJ13C5kJ1=dmiKZo_3il6Z)~kDnj34Ek)wc@c+dqvJzE_IpzB@IT*<8;_1F6O
z87&!Yq@Pf*cCnceWL!rs4o9iS@~&J=njO*8^r+3op(hV;<2XKmR_33oTIy36Y`oav
zwHY8NR6T(Dcg0cGRvjAGW}6Xf>!&N`51LQ*x%K9<uGFBa#qHPpy>=Wle6RZT5=*;n
z1{OCG8{Jl6^MG<k`#!_ly<1y{(scg-wrWmH^7TdPJrM_Qdcv@<8an>~YwH2GXZKLI
zEbr=R_7k?TsY$EqY!b@Tl~eaY><6u53er|vH?r)ywp)t+za(_;d}6kaORy1!8Nlqv
zqA#m|p7m-;A{&|5sbH~ic?9+z{MRR8bti~CLH33lEbQ|lsp+1?`}h1RYb&SKyhH>i
zHnu^TbJ5)Kxcy1b;aw2LUe?y`%g?(Z!pBdvaH}RhbBy=E;16N_DP5Qdjsq@7&U<ij
zf6uLRwl|V$I@Q9$#M|1$Vn)waVgY~VYSpHsZ^Y{v{ny%(2>$@wUP=5wHLP(Fmfd#w
z65!FM#@-vb=O28<x<lxzoPS@+sxF-bdQHxsxMD|TX7pz{AI)k+xPtyPbo-ZT@sdBf
zyNC6p+Z@t`N6KA)q~|?>j~}3>?JZWn@PE%iYKdAab^8=;(gJ+8AKq2QKP>)LWm&$`
z_&`S)Z&A-5f&O(%&xL<{hjJuF>M`}*pZyA|Uh0P0&U?5{<PQwWJyEa-{S7x#Fjs%p
zfy&vcc9ddf$tb5Iu*t)JpGs_#NA{&%!}n|z{Zx_1;B$}4uyuRZu{Ju4e?7A^BYHe-
zh6DNjRR*ze`gPTwpo}KBnLMdRc#(U4I6s)Ir-@O%n_B*lsY(|*1ie`$nGt|>V;gSj
zjoUx$p4CPfj;RFjM&{n?7W<jzCmx=vYbRKptgbCJyC)LEG6>}dqvQMD`29sit4t+W
zJVB+qD~u%SI)mFk%kr#eiF&8gb=^Lwr2_Of&}z{(oqPU=sKVd7aBu_qulQ97uiANr
zk*~#u4TQN~3i=;#X|qN=RS()N)J3Smqs@;v4m%KiYW|Vs-r32g>u`Sh++|u(gRq=+
z_BD!fsM5asK8<#MW!Xhv`bN!#t=^eo<ViYB97ihb2tHqN-;vs>2(<f)_0{b!Ty1T#
z`Df&B_lIHcR&Ot1(PNHjUU!5KD5%47Iuqz|P+3K%Lv{AcBO)!*e5$MjZhP=Y3_UBh
zT(?x!wC}p?(UQKblIG^mPPmM>n`$QHOsWh_PiDs%{{T6s+^WR{?PTynaU%I@b_5RR
zkU>3o`qJ*Tj{gAcA-t&=WJ5CMIY+AY2kH4%KZ-0aZmlgOv)w##76oF*%jv-M=~Gfp
zFq2C5?fCxyRtTipMkU6HsePo$d2??ZxygC16d&iB(7Lm<zOqZJo53x_7>;JNUFJ;v
z-ni$sXokXVO35PCz_yWaw)Zj+9lzNi^1`iYFK1&d{j5>V3c()f?qvJKf;a=9?~34s
zDBjI!F8lr3f5RI&Kbjo_>3$xwGf8VAPcXv8DGej1xagxboD){@T=_VL%?})57wPJ0
zwvhh-!bhx4dw5t|BPxUklaqx}{cEDr^-ykZWAaiBHs9q*v$PU8$Dz$>1ghFC+8q+>
z=KO^H-B#mty(>=BZOy{M(n-5)a!NjF5Bnpwdsd5}a?wh_mK*LE9s>4Xr}WRQODsxH
z+QK}tM2+P}7+{}K?tOjg2+@N_YatCZpS`&w^dC&|^ai~M(@<QgY5jj*h7I3VM)3xb
zT2GgIdGh}Nvl@NX{P2G|V4mg}SoLuh@(=v<k-ky*Rn9IGC!e%F2mNy&(2V~8-&DR>
zmO#g(lWspm>H2_a^7UWW_4<YTiT$Dk<p}wF^AJBo$v>S{k6lv&NI*HXHyHXH8WtVW
zTd^H{`H$nk{TirR*@uS7argAsTzznVt!FBgZ>ROQ`He;<yqC;w85De}G9w@MU3fp4
zs#|8bRT41YBzpn$nkG0ukMyeurbK5Pw6^iczwa+U)Ks!44KZFyvfL-~BlJJ_)mu(l
zzw7#6n6yMI5ObLRPdNF}WPhuaec|~30P$5S%CUa`02qo!+baJ6&o<~!)7SH*bj!&U
zWCH&HzJ&JO-}T4+^l6c|+9XM%kA1z;l%6yEEI7&jNARjzJwLDO@?d9O_<F|vXNpL^
z&vlK<ENg{v>yDZA6^tKM@T|UE$Sy3H;|G;LPeWav=xm^l2_-702^&b`EPD+4)+Ab~
zyIaWhYjX#Y%SE)1(UXjk-yWj5Yf+|}aeT7x{(sh{kd&IU)fF#Bm9E=;x*J)hkp|gB
zClVm-^7J)R?3T8AUzKZqkWF|u7P$o*%l_{f$2C|m@b0veK_Pn^h03xYyodUV)72uj
z)b(hrW`<qO3ba>g++!rL>5ApLnsRA#?f3P%?q1q-GAy)RNhaT6dun7+ozUC^$M{!e
z6We)fbtJGfo?kPnhE&=BZ=35}z2&9Mb^_l<K|QGh&YA`c@;A5~f$du!8`EdA(#l<r
zEXgL}6qq1@JA>2L@U1YZ!hDg7{XRmes=H;&8;d)#_lmPJ#(258zzzQHdJmu#UfLZu
zO1f*QuAQ!~i3(=>#1q&KK=-RQ^IKosIEH4Kq2#)!?$g<G#(nv!vz;>D=51!_q?m#h
zHed>a=!3pJYo)yuw9~IoH~oF)eQa3PH0iYqbW4k*g4!@%eSqb$_3Q;=Szb@6H}-y#
zpJT9#{cQgL#7C}uO>RP9)@&YWUQus2;T?kERP)oZJxyS1VtFqA0I~FYc32|=%veSN
zWBudw$6Ct~WooNu_rA-?6%XZQ=hPzeV$t*<8G-q(I)wFabMIOWd@Sx^(`~<bIqQ?1
zi{0G%`&I~^FA3STx&@b1nL%@o5Ox$;T&9Vq%c$OFTl=tfM*T|qpJHkwUB%hEKE0y5
zdX2*Sf5V+pU&hy~9)4*7V7<Z*;y%Z<KYRz|5*2-|FJ3@AZa<$N{c7fPxjc<7?_0lO
z&v4iSy8wRZ_9yfeCY5sIOuN=^8$N4>$EaS4KCQ>$T@b|H*IV8CF620NI&P1ZlK^c}
zr>Oq`>zs;kbLX<Mh51K6-aq|rKRV|$`}tteB-L(?OUU#6P6Dd^I{sC9El10@hT?YI
zR^B}4_?|=m0M@Nzh>J<>*W^osB$CqJ=Sgc6A!27L8`P_1kLYSi;)3Gh#&d!8apteO
zl_UA>rEw4MAuLo!CzhY@y8i(7RK-}Czj*jqiMAZ|CuTpD4KCfk04*nwm$y>qY@{kb
z&;mjHiTtV2moTnWMsxUX$<N?_tyF86*9FK8b2D3$=tl5ArBZE8h1H#_wm#Kwg(Usi
zRQ~{v^rq^@Ki6>OY}iey<>Erv3^@KE4^OE702+hsQ7m)HGU`*!1rOg&<a>|staxu;
z+r*a|e1{7&iJ&L55t2V1MOC!C8eY9NmvnJ%Wi11r;oaNlLC4mzc$BTvTY56N4Xc~|
zmL7CUCW!|2*m-n6#HZACHCFO@&5CNaF1HG!_sBX*p1AD7vS7Xc0EBZ{n@_qM>|L^i
zjO-2Edv+qAYpMJ*su2h8Y$y5ANy@UHPkQH`Cr^7$kID3Yg{pnO;mtWN7gUS;Peqr@
zzKwr*0qY?2Bfr+ETQoi;yAD6lwMf2T>-S$C-lD7A=~o1%v7&A;Io=UI{Aakwaa|>d
z)Abd%)J!WC?g=|i)46zHeSaRtrV3SOX?poTHQ9}|6?Ojr3|+ap7MAMTjF7Bsp&77n
zTe#`aile9L)>cMXW4U>4?l4k0FjLnmPX?QHe_<WR_C}&!MU?!lA`Q4bIrizAmde`R
z3uduInU*}UhEk=M*n1wt9<|wZIrMh>)9huk65j67?j*1#NZE6nYlPew5AOQ@e}z=l
z;JcF2D{UfZ)N=0{5gP<J#~pFjuG>#*bsI8VFYcRf@6>saH`M<CpL*uCiw#;25Xp6G
z9L!y}M<QhL>Hh%MtSiZ?TU|cgi-Pxx)>?hupLDkd`pN>Q<_~ZV;oJ~2nz=rUr#134
zA8EN4Bg~2$bpb%{mOTb(_ZmgD!kf#%_IrrXy~U-uR%XZX0iT!NtQ}!2{5cHv@wKrf
z;<t-A&-+C8$3Ka#NYaE;jMj@@@A~!XXyo3gb@sPoqCmDfbO`gu{{RA5*!AbBHJ=8D
zd8m`9>hemc*usICA3Xpas$CMs-p<JCw~OY@<(XrQjDgMpKIHVSmrc}VxwMJz5n#HM
z9gyb*fbIdU;ZNJO?Om5e)5_$@@_avdmezLmNVb-6Br>|?*m6;QN%i#q0P9o8+&sv*
z1NT<h=abd{0H5GJ>C@WCo00;>u4K%!6Uwik{5T(47F9lE(PLzPxPW#ooD=!+_!{oA
zUhS>@e_t~j-%_jF{p5(1Q;S%?-3Kx^=zl7ebqN!6ugqjkFVPc$`Sq#Fh<9x{Fh{jX
z?(N+B^!(|Q+Ng$D*Y5dgZofi#{$ui`%Hyj3zpYSRJ;a+<SjGqegF>f1u6ZAoEE=Gd
z!eA0+mLc_Ak@{6j$V1B`WA9(Wzkmz=CW~kUcLnkHbqD_d$B>WfQ|&5q+o${=@*SgM
zX4GbQmSq@EE-C*2;3VP4;5n%LoH<#3Wk+jybKWQA58y~2omhh1e5lZmlzEoyKiSF0
z@*kZ&6gZ4Y{{StcFiHOM=l=k*{VKUz_`k2~K)PEIfKged`HBxJ<3Gf`pYr}^(xi3s
z5$xp&BV#f7gDWEXAAeuK(;8nWEyTR-K25;<cyHJ8YIJsv`GQcvA#nEcsplS_hfi@-
zyD#hd{KQ~gcv9N>BXOpdx0Oi-C+HY<_Nw+?AiL7%7FxtC+kWhYa?9KC71HWA@<D4a
z*%4;EjdyuFxd5DGf!4AvUdLL~p%-!(X1E8+E<e@EI4Tce>}!s#DASebyG!t9k&|oQ
z)f8{Eoib_Tcp$ls8-hHmh(379J%~JxY8_I}Dg3)DJx0wSw)uRiB-l&$W08VtZw%hc
zZF<^8!#b6al*eWrRQno=8yz=Ol1sakdk-pIvnw~q?0W)v2Dw~gI9@4UTdlU-((OHZ
z66jWXhMRL7@?Kl5hT<f|;Hl&J=C`gVv(qhpX?&lXVGzU><!^8Px941@rDLpK+(#1H
z5p29bketQ`u16n<uDj*1u#K*6V?zW=rQ`vM9Cq$W{+%nQ4BAqJQ%QAy(jum<HZn+|
zlTRq3Ye%_Wg9c;u>P~-3T{PI)f5fv-nI2?2oHj}KB#txfO9YnY)vppsqmET7C6Ru1
z&qn8;pdXcIrOuh*(2yi^8@qv$NDU_^jQ;?IZselW-IDL+<?2P7RwLH!A%fwxT~c2;
zRkqvPAizF=pVZTB<d;;7`$JZdZS>gAVt{b1j+ynXne^)?5lMZS{D4UFTO&P5Bc^}C
zxeu~xek8u%v7@vH<RoDuUt!<yu6pUyo{IPB-S>W8TNehJ*QfQNy=8eOxq9+MjTW5=
z=R6shbOiQM=~t~af3?jwk~hH#*j#_hNe}R^u=TED`&AOf9*LtXc|Ypez~#?>!l%@=
z81$<I(X`{f;0>}$y_od_+|e9QE#2>J-*?#qr+$Y~Z*djGaw3r7Tt-SCl(%&r!~AMw
zXl0jrKJ2+(Iug0#=sEmrnAGS00EBx;wy=T0ymTXv;m_W0uVGKrrhOYowy}-B(xr$*
zxazs(+wnYp6~ESbZ_Kt@{)mrfeY%}ISpXGq`2dW2o=^Gos`nmDwhS&51XH}GJqRFw
zFV3h>bk-MEHY#x>&WJsuKtGwyPX*L-%l3JC%f932s^Bl?1#RsU_kKk3y~*ddiS<i+
zrXzeH$B%Z#KTOhF!4y~bcSu2b#tQqULH?Bqb&>?Q3`D{)a>LupAbzy+(c7%E2L0$$
zI9&e#3u8a}4HsAD`TiFCgI$TO#1U!mqzk$}9Z>%Obe#U5(x;av?>J4M6Y1BF<y2+4
zjtQ38I5y22A9P|@^vzU)<+UMwWKL#@rG(`F00U=f{0IV%XqUU!{DYOfO<5i|m4iu*
z(rg>L1|xy=Kh~g<@+hH(Hu*QPjBh*#AHsgUjbT_!`sRmo12_6qQEYyBC3!~vVxzFQ
z9wE{0Y-Ma;Dgrb7WqLQ)v8-Mvn%uospX67ww*3v8%}hae51sqCrukAv=!`m}`yX1T
zcY7v>dZywwmrtMWo~9Cdue$qIWrm?1wWmIjenQ;i_fj|UFzKIu-t}6~R%MO!U0qqC
zC(90g^k=u=E1p=DD@i@}eV=A%soO(B>Us2a`(B#sb)`&xXphXXlhk_(pG32YONG@m
zxxA>H?V8!S1Jnchip{sQ)I2k&gE|>>`3~6`c|xbT9gTGGY4(tb&4Dp9oHv%-1{{n7
z$NvCW)liJ5E6G~jJ3lWc+hI+lwCmUW#%e!ez8~3_^CWY*+<{34*n)feQ)7w*(?D}I
z(_1ej3`{?f1b($m?sUHp?v10H?Kb@I0?CZ?kEf+yo_k?xFC5HPGq=x=1(1Ju<D7be
zKMLJRNxA6!{Ji}?s}W|EhTF|$soMf1S+Ls|&WCfx-v0pS@vJR+&r{T{WO!$Z>@osk
zWeJ>fo_gms(3D%NXE09>nLJIk;{i;(aC6s#Ty~vltJ&O10kU~5+liu-VF>lf;C*Wh
zOKm7gHlJ1fGU@KxENPZPC6dPW{>a<he7;i4y_Neg#{m8{HHM9*rOcjmcQZ$BPn$fW
z%ZYL6+|(Buew(E--KP89@(~Ine2T-fFzQ8G@jd*K&bn2*vplY?BK8F1YLDh?nMM$e
z=9S~J-+jD`yKhdTH4hQZdpFqhcvu%ZOscqM`g#hNPVlltJZDkeJn!=ul>DkaS-+)B
zfjmEJ1X_K#y1tr1j@x>L``Gr+719Y~yNXB>Q@jGQ7~B?&`h9Dvl@(T8)t%(JbY4bs
zmnyV&D}xFl@=z_TCkm)B=0BkI=k@wiS}>%Ux!QdB@!h|LeuE#N^`&(d?pfpV?ClVF
zYyI}eU&EmHH6kN3MHHWXkDVy=^dFu-@0#qj^!~rE(&l9{liMQ@e|V9zoOhZ-f%$)0
zxgFyy!ZsPq{z{)v6D0n5r9~3?ME?NGS2H)zec%0-q1m*={n9BXKkqmH0IbqU$5j6S
zulQim?nfrLzDr1e5A;@?es~pU`%XVFs;)qqG(Sff2lF+NEudIuTz%avDg96Mt6~tV
zIRoy)1iy+C{{Y0+aj91N{{UN!#v;7eR}t(7Y>yiS{{XJBzxAaNWsH!5dHYNw)E~Z|
zkM*lkMk0~qAM(yoAo?)Fe^W?DkR;pI-S?088<Ibt<SO}f*ZTgo`~`l)Q5WS%m;iry
zZ0DfQRr-5+eJUI1?XTe9b8IDzK3P+5&l&X?=l=k$%}XNgl1oK!ti#T>e?#1Uf1^~;
zMt2LxjiR`C!pj(8f=Bpz`cviR_kXYJ^b6ZlmA&xI)}0`|(kFKV<_ZtY2e+uH>~-rs
zS|+j8U`XYY3P~GP*mTM24QXmx%iBu>+n}1pM%y&#+1c9z9WmCi{6k}Dc(YAt{{ZQ>
zqcbKjU4Omqed~s#RVLjXx~H@BHH&h$Ki)?UkEW&bHN<yTzh)k6k<0@|z#hyxjMWRx
zK3n^jx&G6!nVj+a@T3mI2N)Hv2Cw$N4b3d^HN!*^Cy9x{T>apC9Dgc?-%GQ%RlBqS
z?&U!C_P0y{Uw`(!s|izt(okAGdq47j=30|aQ$t6#y0^EI*HyTROo1d(77{U0l5jmb
zRm+>pL3167iDq^jTSB{4NBe%C=ZfcajWbr8UyADPDVJmKc^{9$x?8)OYf~Cca(7I4
zSQqz_{v)9O06DI@5^k2(OHF$j&3oO*wF?Uy-!3U<c<t@7T_YeM@ADDB`c>;|p?PY}
zr%4fsRH88iVY_|+RXf{Ddy8bTb1I{-e<~0cBhdN*+@AFvuA^f;*Y;MQ=0>pc%^HBD
z4x>K)wYAhIt(E@v`+SJq81pn<9J|D8_U%?~OEBRH^c`|)_njV%7u)q|jQW(Tgo#fm
z4`4fcnz5@3O)B1d_+k=Y%D^Kx&Q*`6rUi5MI$WyltLuJZ!5IySIcZz4$E9*lnw0q?
z{{R7bzU<XnO7H$0=xr_~hQ+mANrWMX?&9qddI8;yT8mOLSpA}PSW(BB^MA`Y`xE}r
z?f(GQu3%kB;%!@W<I2;mzIIZ0RUW?Pr;_yemtBU=-AdU;+uOGAJD=n}wQ$7Qd%E96
z=K8-uICuX5hC08r!eL99Ga87uoyYEj)A6V6RosG7qbM>@Pj9LIwanbz9Z$qi>9*~g
zc%}0vVf<x#eFgxjjqI0RBZkf+y)AdmHV@u>91p;dE1_aje>;5ok;u-4%ZPsHkmr(m
z1Gs*J`cogsYxpI`=}NLG^c)g@m1L%*(ocPB8}1N9u!28|RyZf~HF++gmHf!Q^i%zq
zA6`_q@-?EX8EySplH$;o@LND{WZ<pG@1NO7$3OV>Hak0eeKOv`@K!feC(*v}{Yd=j
zrYOn;h4)8rKF$9Ce5`=}wKy=e(Z-FGl1APB{AGXmlSw7p`hU^_$#T~NVuCjH?!1hT
z#D6MGWr=Asm0%Qg#($Wssr54UligdLzGbnIJ((K}KT%aROZgi~x7Do=2{KEMVhXaK
z$NAEhA}Ke&Uy#%pw>0sOEEzX!Rdzl0{{VP@Uus6Zi|vmVet5v#4^XG04{uuM^?QjD
z#>ZN+Z<aSBAM7{qpP|U8wMm4!b(XoOF%1Fo*?X#=;Xc6e^fi?6EneL${a18Sh3sp`
zaxU&}H0hYda;K0EGwC9KGAe@VF-Y?0`qGHy&&xRBSoUvY?^LxJ(^%8v)htPh_S6qC
z5b_t)dkSEgd|7U`@&t=gg>sM4WnSaju$5-rqpRuKOSh?N8eRVY!w<W@xUyrV>v8?6
z(ZAKsKK45>J;<%?BTl%}ZJszTQhR2@!M`Ak_T#aveGobsG>vN9n8KHc$}^000R1`Q
zw&!Rxdl=?No9xgG6hpr%-8%XnhP0r+<?OnB>$-i>GyYUnxr<NLZdUFK*Gr3H1DJ;(
z1KoP#-mG5SS=w#8Z#foI&BOo|AMay>_=8n#{{XV)xQ|%05}|yn6(Ll&_gr?*uS&T)
z+gn{n6Ei_1!vMO29H-EM#(yf+Y~`ijU&;RfUwJQk4s&b&03T6FZnAk~nTiEj18_cX
zt#P-yHm@|^W%TgwBO#`pM;_etu7|`reD_*GOFTc7Hd+|40*rDnI`hx3HIHRyb#q|W
z+Qdd1R3Eyzn1yJMpwA?GS1u`Y%h|ZT{$DdndMl<#Y+$|9e7ns;8E!2G?e_VRyuU-!
zI6W%WlzLu^YS;2XJWfGa4EQembA=oa#+ju<Yo==^#u(*k%uVK9KiyHcAgJ`|$*M#*
ziS^)~V~aQw?=k0K>VBlwYSBtbE`7d#@IR(j`gAUMOyf({q)sHpMnBy+u5V1!=G5;}
z+7Z{5ZpyvQboK!}J>qGs--|o78worQO#Y&u2A=v2p0>&kb`K^`_D+9M{VH7!c)~LK
zH^1ljkDkr7*48dAyQFFM?We&o-ESFHIQdHf>+71s(rrU&LRpAkw9mC>J!6n^hdzYl
zel=f8(c#qeJINy?-o)Uj_Qy}hpU783rdtc22}xlreq4y}3HE*22lFDegQ;DoB&}y}
z@*&y_PUY|H=wQ^XrGg}eKnQJv0o48B^#=#@sV%M1E-z787DvN65y3qC*z_Z>xHSSi
zmzo{91pT%c)=}%YWFOB2el>1I5?)%}$J8zkKZzKBL$v;N-4z|;y#D<Rn|(_0Tfr`p
z_R&STV=S!$9!EJV{s-w(l(W<{=**Feh``!6kDEOR_CMB$*#*?Mab=O?`GWrd7CIlV
zQTbGAVvakTi2isbQ7Z)h0MLijexjPPU)RV+72k*6#_=Z7uA1GY{{U7QzEXd?pMKe@
zn!Wwp)&|pAvuNc*n5RYHpMKo?S4XJMKeE;50pKJFB#)|t_het8#an_=HIa_=M#N!Q
z<0#<tVeD(3Sa`PK2W0;5yZnt5-i_*H_)Aw8c3)+chn)Zl3H~MR`E>lM{-V~F(U`Ao
zL9&qj^%+$@<M@7}s<w$`W2r@P25s4!102TL>a06wwOPEmI&u+qhHD4;S%}<Y&t~;s
zdeR*5rOQ*NUH<Z2oUaoCYa6`{zqB-akF;4gEf_n1ABR!zTDDr0I?M)ZC;KhbW9LsT
zTR+r~rDa^(T<CB8rK8Q~>F>+OoytDG-u<gm!s63Vw>R2ly|fo;#DUWvs`mG;dRkAB
zY32IGmn~KQ03Y)q)O9^aOqnj@Wx29&7D&{8sy)CUWPUYvJF_Z7c?^c)7aRm^Ke#K=
zi1xv#?zKUt+@!abs4ebP11b!aK8^k1=xM8{MQ+gvqK+#@ZPCpfV8Z$6Pjzb9Nhv$a
z<=g%PCf8dHklhl`X(H-2g#Pl@fAxv<&p(|_cJ_&<OZL=~D@jl&G9Q>^{oEdM4?V>}
zeK~@4p6)-~pY?b4ycHd{4&(HxE;RMjZ0EKzLnF?DM3qhfBcm1V>5)dh@{X^w{;y~2
zZ!qn1mXpJ>$V}Q@%vW%Za;^g})Ed5;W}&J<<X+oJ9o%dCo3HO<_*{?B)-$f7;rssp
zm^4xk#aw?;R&HWVLecL4W<i<0wDQr&gEtnzkIVkj`+q9(;^3~iUHYs40KhsO`~1xf
zFHgTn=dr(;V2*Kw-!R-H?SY)rZYGOD(m&9ol-*ppQ!IlA3)F$wXNn+!bvs*qV&&Qf
zwIEL})0sm3(mhXVt*tBH_^BXv`5loEe|1g|^);-YB|E`uvVCm-04}JNthFGww6(Ie
zj{g8s4J?y<(Axuo!~4v859eA?X_wmRTa8J@t%3}q0kj479loZP$~4uyV>37g8*J@P
z*j@nswa@s|#v<Aqn~SMgEMR@B8V|kB2h^HTj3XUY)$Ee$*H`{P+i&{N+ts{DZDVHE
zT2|O?&>u2#agS0D^{)f*r;m;3lTOlPVFBV>fO(VIeZBkEABntaf8rKsS2p$_{IIFz
zzurCTnXg8U5z0!Xeb&pOF_lD@EH(-#qP+tUqKYU0qKYU0qKYU3uJ~+7@r*d=VvrxE
zE9qMfd;@)+(j0zkUpV|QhkuG*PSM-3{KysbbU(QGdov&TYcC)7&>zygoKyb*XqS{3
z(GP)onOEQPE$LtHOaB0&R>q)bnk_afAkocusVtIo#>D`0=s7iysr;HIlOL)({%u_*
zp)7WQ*<8yai=0Dm<)|$Zg$hru7}qT|ervmFAIth*Gg-a9W^DS*_qU6uTH8Z;8jv?k
znKCfoxu#!hQCJ|h)8e*Uk^ZuHq5uQvx&Cz{*u$pTNojAXS;unZi-}#xU_ZJ586Ndr
z^sP5Yjw_q{mbrHulHN7jyWHoTQ72nnb?WZ4^6n+dU+~-BJa-rOR}8_3jRcu($2rIy
zNgc84SMH=SL>0)>ZCvpjOPS_BLDTuvT6VU#)`nMKvPBG`BMHcSjuVc0`gW@+Y$CdA
zgbjPBxXF@ll_4MdFVn4c(@WW<2Y)~7UzVO`Quwte2GdHlRgT=-#N+pcn+?zAS-pi(
zGU-}80b#b0ZtgzpO6ScWo-%)jH9U`Jrv<&eyjkvC5fp@O3V+y9&{Y`h?6i4CwSRRa
z(n*#?c<{xKa5GgoH0-UXr@DlffB17wZ!Yuw7JEP}(2c~o0iXM-1~+rx*0MEQsV*e`
z#?au~7&w{Y7#Z}>r>U!}s0+~z<*l@@G^LglnSe;paL>n2O!cV^!%3sgns<_eca`U;
z2^yc`VeC2%r!-F06G{EcR=Y3j^BU2V6H>R(t=CJ^)LmaW!?^pq{{XMjt=wO(gKM$h
z?OL_T1-tTkeE{q#7O}SQ&Xm_M0X_SWh|au%eFttcQ0e+)nsu$lwW*EwVGNPSA;|}^
zKKaMevrepEF3#U5uhoy;dj9}SxpRDU4J&oSiFGTFn1j#F{sN*GAMlRoK4iy!rFKh@
zdX_%FPv=nRnrzqizuOwO@i*>~`<~o-4%J%5-s4o%zqYj;t)y-W1|NHzC{gL0Qs=3p
zqOE-wlIthtJ1w8j{Eb=ehljj8o6hU$ve-P6A>@<vq`0~|4~C(OIlY`=LF!$(C-Bem
ztm9{Ks(6ax^6MhT&PE%Xp$dNJsT$sWSH=%C+507<jI({wj(~klH&TCLe|3JZ@D5ei
z)&BsIuR9AHEk8>``}s=8?icvm`Tlfjw+eMVKTM0PviY(B{nh9BkJ6}E`PaTEzSJif
zg41+S{YR(allav?4_ryAc&dBpe}x!<{n5}5%B|JAQD14<dM(N2>)Z1;?lWyPR?+?W
zQOU>mRZ0C>s+OfRcA5><o^gl@r~9f^KU114F2<qb8>tlLD|k#v`HY{>HJ_+iOX438
zT-(7q#SOA7ZJeCrKi5B%6(-ypr>)yaBDL4lqoQh%XxenHqt3gyAS`SAAZL^Lo-0>R
z((ao3`%6+_^T;q0{&|vA52p-xq|kKRRJzq-iG0r~mL-+IBxDfS^sOB#^X*obmreH;
z?c4qWpkw(8&ksx8iksT@T{PYKl{sqKG-N^c*kuis$;tG>k^O6t)1xWlJJ@4wjKXC`
z{^>k}TQ-;E_)K0o`PrBQ?$3|wSym{G<BQgFgikSv^y44auDq1xO|Gp!zy27QCX|M1
zR*T{bm7dDs76=KBRct7T0#5vT8p^-b2ieA-U|lTG@=5unKBxRD-R0BxdD6zo*UnSE
z;qj2f^iQB4&Zb#(>w6W|X46tTnH%>JZzULxt+%kQDf`W<+Fxt_2lctS(%n}>ql($&
zOL^zFif4)x5j=$Oa0zDYIrhyhywJI8sHJ<ERkk#NKn?7q@Dz18{LN<DYDZeqGjfyf
zmR}*3-LRwqyC*+%VDf#c{m8brv{7-3Z8jl+80#tY^~bk<_31`wu4wK3eqS@4r?V?0
zmO5Nlnv{0z>5gZ1%Sy!bU-o_KJs(lL)a|aWB#1z&Q6p#~%P`5xjQ$@?)Uw<}AdW_X
ze$2p4DY#w4c0^U^2^|M)(mdDF*j`6&c3qWCupt0Ig!ez*#!0O2X)8SvdL_U0{dFHg
z=B66v#(P<u!lWXWPo0}5pdEb%O+wmiHX1bcx@>s4mM&S3%y|Ih^c_#-RdhQQ(k8e|
ziJEJvBHbX2<RXrlKBu)-(=YFJtwupA?9%o$Y`=9vo&e8t(uXwKb6)hc^Izl^eIAIH
zOVHxebosRrGS76exrndbQUU4x@2x?g=$Bt;ZC?8#L<U5SzVjS)K9zF!U5dw5w$tH&
zO3}DhVbKBO3OzvLu3TMPXf~m4CY0}&a6MjA)RXPdeibpNMK#(R_PE@q_niL#hvT}v
z)*o59Q{}`R*@)_Pk%9E2@bu$Q@eSqG*8$*>ocaz2@~)!LG%?PPu%RPrC(4NtIA6yZ
zCbO(GyJ)mcN(*IUCfA9jaf0jzVc2G+VdWl6JMQ0`2Q=^Z6m&_OQ@qw0coVV!Jr{OA
zl@Q*%)9b1UVrGo5&_3Vrs@@N{TR-g^i3iCPK%dX09t|sTs$EAfK4g23xeN_sN^Vi6
zudJ{7{{We!m7Jez8W7I+ej?SNRy=KW9`Ul$Y4=FJF~7Bx{If_3{{XzakLy{wee%KM
zX=G-^a?I#Y)SQ1xXo;oq-rhzoOCO-;`cqX~<&xi<{Qm&VT)VF#O$Ozyyhn3qpWR%u
zp&o~vAM@)@(e3W^zY!faWc}5^WpUY;2Lx8+mR5`6Z?q(B9mG+YHt-T$@tpQK;-9Eo
zt*n#YTru(xYybh~M<L@VPfV%JYaBa*yr06~-PD&my%y-hx6&_kKM-4(iI&z$1Z?B`
zr>J4ttZF_TYfVZU?JR-=i3}j}Ip=Sv_N_~q*X)g~TeC>9!gg&xEV&r@hq28?qiQy~
z&8qK>VK$@_8EygWRQ4T4D!qji{g-`L{01(0d|!B)zLjBm4eV}Vo;N$CjdOyhox|JI
zR*ch3(8{Cb3PAHC!*PMm-(%EzRuzV^dHt?5{Yn6mG?`gZcD8$a5Jw+Mj{8l!lT({g
z(yl*vvSLV`wvfZOp$4nkt2xt-`>mhd{d$X)?Iu{h*G`eGG!j{$f!SZpP(f^tSaz$P
zO|7P-B=K6bcM=1)WBjuz>yF#I;+uVOiJ$FD6xQScD!gHhvk)+G-Ay)0?UL17QH`Qq
z!Y1;LV^Tijj^mDmdQ-bncY8alt-r79sJbH8`Z~^S;E{L8yPgR~7GQgh!2LfFS)L(|
zTU`Z~1o9$TR47t&wB+FDrVpnTp>u2Yn?+goPSO1K_Yg1+e;%8^Ls@#xzAgNSe2+Q{
zn8cGT-EeroAHsOg){63qgt@f;0E7K>922^+lNH$4ZPLo}Qn!dPZ!tVS`z`P9TRId?
zr--aBB~g6rWsWkS`6Kwb>{w>AF66S()+^0A&v==06!Jdshq&9>hrVj&iMLt3wZD<V
z+}gI=gVW4h9j*1x2DvEdRVMF0)BNmdFNeslp(5OPw(+nV0#X4zdB^pu_V<^!w>p7^
zmK!)@XyM2Rg#FM<cfiT4%^ba^xvIQFGDUAOUNe#i#a{9*Z#0OZ)vk@Z+*|^v<K`*{
z0aSaMbY%G~ySM!@NoqdHzp>`B(=3PDKGXZ#hva;xjE_JEHPb~UwdqMvq^TQxjt+3#
zgZTddjdQWyOLu*#Lt}1{`7s!S{{Ry=-2|S%44hG7MwYsDjhijP+{n*65y1n3N3h3V
zYU-m=Lq)8A;MrT}xtybaQ)EXZMhj^OX=jzCl!3+vIR609MNb=vLq2$xZKK>T{{XUo
zIxVm5?(N>@Igy~w(7+sy$3KlMcIF4Qjepd{gaS_`xC8XvU5PE@s{X&=nZGhCo?@B$
z?zoKy;L1OqYNgu+hgELtJb%e5K;@vZ1Q63*7s3Akfj9K3w`3bFak~k}=!sa=ca8r5
zt(*NyOH)Q}CBF7Vm-5g5025PODPc0N-eeA+?+@}S5XyCTi1e1#PvpdZ?9{eqNnx^=
z_=H%HA94O7wNCnfTmJyTBxz{pnN*M6Ucvf-{s;7_qm0D_a@_1|h@;x_XB>AwrfC<+
zv$T;CMGFQ=XXt?Q{EcJYYD;seTH1i8Pt+n{WCNBs$6szgI+@K=SC;<(*XlHz*lwYy
ztk;lQ6%D3eCf_+p<&OggwlFxVf;;UuN4QHnm6%$~xe9>UQgF)4*n`b6%-TkTKh<5^
zM{&k^42Shr1b!K-5W^E|ChF4cM=j;CkibqGEW8yx4<fi*a+Tii<!kotu4`*AA(KgK
zI$jmF^5nX(Yl9$Th9j;=s3NQQa_T!x0^)g&VTygum<N790DgSct4Xe|bX`O3(S^H$
z2^E>+!);~A$F@PL8YZ0`{{V*WA$de)?g1=M@Tdg-gw*@q(lU<reqYw5Y0A?en@oxu
znRPqck3P+g_?b`5F+IJp-jhqzuJu0?+DPtIRftH}?y7)zsN~lgTc);-*(R_!jyq-@
zheACV`qjzx3r`PBiKp72yC8YSMlZAdfPH;yoj7xIMplY?@2mZMi)q@;YIFq!lu}$x
z<XTA~%=3(spYE=DpVQD%P4-o=Xjn=urchfSD|66#vp4z0M~i#=xMq?InN|qaMGSJA
zm~I&E$Dg3ZI_7AS@-@45d+CnYV2ht59{KEjTk@|-wP)M<{Qm$S%bcZssmI~{HV7cH
zjya?y);2lXJzLeQM^1aEx3rQ~@|}^3M3L=L$>g7=IQ6QMPEveFZ39Y2mutOp+Xq=4
zk45Tz>b|3GeXH8pLuYfo1`K4K&d}@$ABgLL=~<~tEw!z-OXO9PMZ4=LwTrt!cI*{Z
zo5_siee7hnPeI3ei(k|J)o*8MYSBSw6R>tX07d`+btkPf-NU2!Wm?~K%?yS(-G|E0
z-G{1!oP8<UDY?C~Yn@PmA~}{8lY*ldVh5n@L*$!qYu=Jg{{X{+y4Rv0)by9q^l0p~
z!6VCYC|Ov2<`_I5K~PC!H-|hoJc%GTS1hRPy%2N2HEPRMO?v+3(kP^Y7EtCyKRX2=
zV4lE^D&@ueGF=@qGaFucUm`k#9Bw%S>;4rSl%;vW+oJyffK}wQeyqc{j_X43t<2IP
zNv_>vKzgd+@_$-1+0x6ww-Xcl)|rw&sZc+bYkO3J8@(6HxspQ+LwiU$XWDRZJ^B2_
zW%!=bH1Oq-f*&a(Vf(!Dp@)BZij<{EIY(&6PoGdyQqlEeteK<moEJdj%D0?n-Jb*c
z(%4<F((LBv5m?R-AKfGW0IgJJy8AzXtzah)aO?p80Ax8Q`hIn5PGtW8gc{;g_v4OO
zv;OfP{c2F3ypnrCKg;w(YfJf$(w*k;;G1@QyLq8+(2A*PI$iiK?lwQZwq3vQ9l($4
zP4MN=Z3|VhKX^oBQR*>+{VGodTdb{o(kN)mVlu7J=RAIuH00*##eJmL_4f`+*L|5D
zoVOa+h3+g62A0{?<Iiw&$MdN)dpWhO4(m<0V;fsYzEd#ePdp!Q@vWT_+S<wsnQc}=
zk~?mV_-OX$AbRsim+@)0a9iEZ1k<xHl@wvu?xz0$e}8J$6jD%?N7B!;T?le_Y9?lZ
zrp=4ZCsB<3oTzl?jFXJ1sWhD~O&3+U5<1CX(J*)HG0-sVd8-<=>u6ELS`#YVP3AOg
z+(&>oQ`??uYpI&!N_|I73fB`S$_UFc0tp0nBa!r~jXH6%`%u@;-MqoMJ$f-A(yese
zX>M&KF&PnumPS#y&H?S%;MMnOu39qD;be`2MpQbt2j$OWpTLUC()Co-wENGsMDV;Z
zd2$Fx8%V}L>_;_UMboeJ%}IQ@)_p!zB(j{~V3j!RbBfXvj-JhXvVA&yiD~P7(ETr4
z8k5VWU0BAl7|N;=KyAOmbI7aq5!yuovxW&0BHz7@+jhqO=?AgwYM{7(GBf1cTwO2k
zAep1Vojc%;jy)>KmeH>xf+^&N?`V5>myqaxhdsx!<Wi>HmovNmwEn-~j!UsBBo~mC
zQZAv5zELJbkg)7~<MsO2J>pBd+Z|@sRDUVNA%daGf=S)=$@Q)0jx@fG@WF8u(w`<_
z5d}_o1p9h0tVy+tO-oU04Ne97Iyp$D-Sep&WVfNH#I?!F-J5!UTd&Y`_rB<(EwB6}
z2kmw|UE~SiEz>{5x$W!eTX#1ROQ2tQHw!6-FD7>jgCqR7Z2Ds&v1inz(QaDS&dqI#
zH}4Cb?I83g`={Ep8phpp9ZKri@deT>u}7X)2j(AvIIe1Kd&)c6-|l;UrOT!E=r4z+
zTR#k4UhGzQ<|Q-z?Vu0+3Zxddny!^+9reJ6&z!Rc8%P6%RbR~24K{oDd@`x0t2ENx
zu=!VU18A*TL@;0dvgYVdHI1h*gOi+KmOYM5X->|ZQ`*Y?7P`M(1ufewX?n7m?oria
z)2%TSQ!yiv^5fq<Yg%h_Exd*;sWjn3wsZ3II6q9{xrRwKT?*IEG1^(Q#oJ)ORU9gh
zQci11-&9+BtL2m`SlR4`DG12~;1TcBHPuSCoU_^W^-cZB8Ol9TqSEY=>Cj<qkVP2B
zRv;hhqNm8WR`h}&^ZclFj^;QLM;nP*M#IAu!Ths|hUiF^_c<A9WJLgTg(X+~YpLEh
zf7kV~p5id_r9?mS%GI;_e}Skhh*>m&>t;vjl_c^8yVOr;tyF${jaRn+09~Pb+c5tC
z#}=}0-qZTkBA4~|7VJncSfBc4(f<IS`{tj$V|!=xa|3@*)DO<8z~oq?082%9%0Ty!
zkL1;G+xg2n$Z-?MvLOeNfDiK(ac#w0`u?mZxeRf<fJYe%Eu{Dv=ur0m0KQM=D#Vgo
zS$*>yNi+T8*xcv*X|vy3+xap{DlBsysz^Cvag2LcF>qg5iuTg!(%M@o$Jx#>pdJ7|
z-8uKDsZmo_j<5Rt2N?5juw0hbh2^dJ7MB)pz7{#aLUGTi>CIV|>h>$kCA!-!t=f50
zE(0iUx=3Nr9t{&-I%@XTSJvp?YJev3_mHr|4EGrs{A#3WcV(hTx>euWOjiN6qUDuv
zav4v!t~Tu3yT4xgYpUy}hP?_p*OJ;KUQM}!?Duj&P`>OOWZ<6Fvvo9WrP|p^bLGu>
zZmSF6e1IzC6X?WMFA~Tm&~2v)8hO)+2vxx+XF2!IMN54Jy``m|ry*80w(A<id&od5
z_zdUpsI!dcZLGYs{{V&_=@~!|4W{`3ZB56@xyr)6r_}pZ{{RcM)!n|OxcS~|AaNrc
zVCN@}dU{noKJ4pL3w=i2ZUO@BbGu_ko$`B%zoqMNe`+R~XKo|0b}Fo-hbOM$e-4$E
z7Y=yIJ4a-?-RZCSl{?w1YHZ@#IU=!eu*Bc$?PDCj`%RAC-<?H!4ZZ8Z6tFz<Mt^k?
zZK}h&upJlDon;t4W$nBY8>^l~mmO7oNF4{D>S>YOS&1hW%`Mc>{PM^T63Lt@li!|z
za4XPlHD_x-%lg-ABOawY-FipX7fiFXibV{uxhtID^MU9qY)dpIX53^3QlQC%QO`l_
z2Y#g1Qe2d6pg{mfA8DQlz})2j0INgPpHo!zEi&%wRi5`ypUSd^Pmw{(GK0WT>T5Mp
zalE&8^h^F2e5vWNqYjf|+LhL$bk94ij7H_ct~&wzSp2G$=7jpEh@^YD#BlND#-}dI
z2d81~YEKaA_g42X+E_;-+|L+hJ95Bw1JL!&TbkxQCruiKzzuTfvCI*^XK*k9J+a9&
zNl}w<Ye>7l>!>beuX8I`(=PQ5QawJ@Y_Wng2*mu0k=H%VL*fg2h}y?PwGAX`7+^8W
zF(;Gy*2a@L)NJ6?8GNO;Ef|a(MxcKmJxE?YwCj8L^%oZwl5SXJD=V_%M+D_mdMPI#
zg+rrGacw<k`F3B|L8&zT3=b1LmUgxpM;L|`c?jsu$o~Kz&aHTg;UNCavWxG79Fl$j
z1s~3}^$QzYjdId^lxZX+#E}kH<s|N7^gSz_@mwsPC0Aa2(1mgB$MmeR5S2L2UD{rV
zs5K^$t>Ouu%4>Ef9%c8Pk7Wv@`BXaP)Ry*Blq50KcPaWPHBZKOf=y~TRODNr&-=vZ
z`C_g3(4yJdZ2th3uF@ZWl|?$!{x2)q-{cXG!+xXuOj_GdNfEef&pI>pT>k(%sp5H3
zOKmRp+~dp);Ev2lC-o+iTDlj$64PY|J6mJ>5HbBLLf*>Q_$nW^M$CgU7GJ!8pS&qf
z^<_B6XB7VcP+say_bBVpU0+$*YmlKBh<TfOs{_~RQ)+rm#<!+gYO$63Q$hpB(|2A+
zzqM|d9^Xld#@)bpz)0NmW&=1Q(DE>92rn%!<hj!!WBalY#s&aU!DK$i2k@<>hl_1Z
z{7HTOM5()J)AA@LkTt&#K_%N5uVPkE>^Z<B0K?OYpGdGq(Z92GR8#xL@_Eii0m`4m
z)Ms2<J#1<7q4`l_7c72k;BwxhG`iKz){55eWdu@Mp(a(^xGNK%_z$%U*+=)A+eiNZ
z1qZzJ@2V|nFfNrGw(v;O$LEZsgKH*7Zq3;7P1P<gEiELv5Q&}{Rkk`G-HaTN!x<ep
z{0%{RkZU?EqAZUC&imml_XCgN&!=2br>3W8rcG~kI;+PbtP(Naublj>eKW_lYWbR6
zk=oid_x}J_Cf#1*CEcfpG=-Xb4c<%QMMn9f9d|FN_N(tLyW4rvyoiwF%b8B>4$cVe
z*pJSuTS~IZ!7UO6auQ(>*(6eqMo&Ts=zZ#I8K9iWC5hZJMa`pt2tCLh0rl)^pzpg)
zzb)(xo;W<oqqtZhmR128bvP2ndY(AXvHUBHO<wCy)bAp=W||o!WtuYB&nJ=SYouvn
z(e18;G2Cs4dGR4{-ST$e9=OTnPo-o<HIBNIPjhA)P>gOV6YLWx>U;7lpAzokqU|mJ
z0I%y(;icPGM0T2Rvc64D8?X46DDyni)Q<6y{o~T5@mr(V>Bcg?OYV4rjBP>}0;=0;
z>w7=;eZ*12V<_^{G#o_Tn?AYfYHt!*8!a<Sg`6|StdE179uM`dcH`_P?DqX`zYfLg
z&aP_ecUKlRHV|p?kF?DiF6B+fYJrYBa!n=Ox<RN-soh*Gjb#dmq79Nr;1=}D6U9ig
zYEP_M#TjVqB83`90|Og#%YRDGl6W-DJiJCb>x<ixcd$DH5B&=S*G%NKZ)Nyfvg@le
zNa%E(MoWu3f3>Pdc`z&^ErQApHv!v<vexSikh1MdTV!U~KfV6|)*1Zk7JGe~+uz;H
zH(NuPBF`<gd1L4@YVMb*`L?!^T^OUixL+`#7~Z+YexwTOr&H`tb^ibZe^zHG^+mV|
zbhTF)d6>@Xdk&y}1h3^&WH^WZnoL{p86)`$RzT9rJSTLjhA<C6dj9~0M;h$9wTG(5
z17!Pxqx@@qv?Qq`0wO2)@A3H(KcxYHH=pd@q5Sq#LHAl|Z{AzN{{WeDNh=kHTW;~p
zu0I7+Sh;C`>uZ*m_472z+4htF06gRpei#J*09uM*<lRLdF1u!od-{HB`qP|-zmX66
zxoyDCIL_if_G)}_1p74eowF=rA_qcFIQ+$I)$}7`IO1EEX@=Idx`b~--2VXe!N=iH
z>Q|=T)_AQ|Uh*X096Pdh^v*l?;+d&xA}f2ypfO2z41Q|IjO`qA^&NjI%e0K$>KcBn
z45QDUJX}Sb5<cl=`W|suPOiL=-S7E7x%4SVt0K2ScX?;6K`JEkWhQ}}8?o}X)9a3L
zNiD>MH49x%544*$62#weisu`F9ZoS&w2^9d7q-`%Ehn^?J4}ni9PP;+yJr=3?r&hf
zu~`VX)8~N_Mhm_@#9;I3(AOGitu}wIj_cP`Q$9yu_)e{-PnBl!+<(B3RQkjRS&&)U
zPOWol_?ZqAIXDJS!0>68QE&0ZoMbBOSoZ<YVRL~{>az_FSxuy)?RRn+ywTMn&OrQo
z)Jn=T=J<J?{{Y~8%3G^%VujuMSlhOpr%2lg{rvgnL+Cvh`PWaSTQ$y)r~RVcE@Mdd
zF7k7`Cj%WY201l}43-x*a%y^po~l&sQyY~NKl{JVw6yJNO;1m`62&4iVkBEmICG8x
z<BWCpqYmPyc{|-`ytnEp-r6HkB!X$=e>l%P9Yjl&kNt)1pMJket_75L*BY3B$s}r8
zY2ES^f%j9fJ-w=Lv%_g%AVMuHV;P!F-!mTIALf55tZpEd&0g9S7V-iKxL@7J3Z9`y
zsp;!ovUauYeg6Qj^D<sVZ7W#1)vhj2+0qDNh4x61?_?y8%=P2FY+Oqx*yM$n#2OYR
zM{KhG1Co23bm>%~x}DZ<A$*o=cWYZ@KnVbF>^l;1fmHNOGEF~Ij(hpcw{xomjSlP%
z?8nlg5}HanyYBY>zcQLzni_tWX{A_`Z5uV*k+#;5eB|Re{{UvFXdWAdCi`9F%QVry
z2&XEq?t7YwJzD<zT@YI-j=~8DkRAr#;w*nUv#aX%`Wi!HZ3;@uwUKl3pzWVhden1J
zX-%(oI(+{CQQCWTW_FXKUh3MA)UU}@4j&Eon+JdgVNJDy^IP#-PV4)tdA?$LDyiXq
zwb0y64wr3lb#XMxv;5nSFO$&}cEHc)Qdr7Nk8u!BCS>y=i7=xW1)06_arjWM(7a&Z
zTfaWv*Zep+y;;p#-L|LWl##eqc2ypMRQ~{lShKkoUMam6{Kl5A3|RC4e_GYjwCg*4
zR{sFYQuAjmBMb%K$W{D0pQUrY6;o~EDHZq;M<8;00a<d+4hm1=lW+1a>8Eap&@=gZ
z_5Gk?RyzX<{{X;LAMvI0o^KGxW=`KW!^uBVnf`U1qTDU-i=>hM?a7o6p$Ga>>X(aY
z<8M41M+}Ik*lhs+09uc0?sMNxZ^Llq*4{<w?$Qq!#*-XJGzk=$Ju*1`aaB#*X}&m=
zrz<4E9D0Vw_|#q`h}?LrM!fmHSW-LW3h1>xKF)n|%12U@=ge6Ye66#R8`F$n)$-1A
zmoM3nu98>kj1vXsiQ=_oTtjg-0Rx6sZl79qrJ~*GI-=iL<>NAM`F`?b^dr-@YoxuK
z%amQp7s-M@GFYDnoMl;k^O2g438K_(ZSSq+nbzG)1{^sca*R9YkIJ=pXln%e-FbKZ
zyovUYb2DG?+PvRw)7esD*)it<n16TQ+OKLlWtOjI8sS-QB1H~kA2=mJ!5!+pkE=nh
zMJ1&1EG{!6s6Q(X<a!WrY6*3FyIpDRZ!Of@&ma*>gAKPoDOT@_FG9{~d$Rkl`Uk&z
zbw<=PN-U#^7|IqEB2*(S_#XYndi1P~Q&*Qqx`F=8lgBhlUSg#S5ud;u0o#ghx28*b
zsXfM@aAUfGR6K0k2_1@_n5&cA+$3-{+AO$)HO;X=NEst~`jOmvRnAj)j@H@kzpuoU
zmg9)BYv^?)x7#F&8X1;Ns^pKl-GS}zRvqC>h}k4CTueUf%Y>8thV8g|_4?I8J-l{o
z*D){I;{Xq{kKM@=9uCv!eL7VC0B4Tw!^m^?yD2_sCJpnU><RVsKY^=@-qybV0N446
z`H*U`J-&&1_E;9(Hg3X`kVzYW?Seas<}Gy*e`vaHp)&=~?q?_cS@dsF{HuFX*Cf-d
zE&RBok>w^i1<>rA9D&^DueD}Objy24^*b#;&D?NSNivYXp<m_AapD?tyk)Z0d3=pv
znp&dPk8385?QeT3EVmD~-ZBFK<D{O$JPM0%pYa3(^A(VOB~$+ZtxeOWJ|UJNb0Uk&
zX#|2!o1)Jn@aie?ua)ruiu0KZ55+V6YEw=SQTTb4hppZBv7#>S=J5ks+b+vXWhJ(Z
z24FLS-kXh6iJwG<C$(j~zP^{|+sfb`K>SZyRD1iaGWJbU;M&D0RFBMD05g+?9ZwZ%
z8-WhB7Mp2qr|hs{r6cEX7a$Kzlg({@W}Vu;-PPYk=!x4yd0N`<F)qm#78{1_>~-V=
zP)?5+mw5(DxkO2~_*4G?)wupO&)WymZ395*bA5MoBbW|X)UWHw_pYAa`rhJ6mN{c(
zw>w+_a*R6u71>UzsI4s@_4<9rQjad%0h4r>1%HEVE9_5S=07TB<^)%SbW44M>w<s6
zo-M?2L?bzi%`&?al0nOVJXKqn57@5B;K_0jXX>l{D&*}Ka#rDSkF@Fwf%4fX{{YbH
zOMl+HBmR2Ye~1476;RwC_?YUW(#=2idRsXFZ6S&O09kCw`YHaE3H#sIdll3A>|IT>
zM;7n9G&@NAKl<jYtmih9KR#w)m;LYm09YgOr$8Ozk7&ciaQq(YxP$r{o;c%!&qQJ7
zF*227z$f}-R;upIorvJI@}WhMRo(_;3C|&U1N7pu^?hf^HuAu!HI%MmxsgtB+aBFb
zCZVmWJ&e}IIc;W?!*L*A)7z;vL|aRwY5JJ9XzneMgN1RC!NVgDr}C~^m9%lEvg`7?
z^<51k9<m(;jmDi8p>L<$heaNAU=UeYe+gdTj{PatcMx7&SkFDD`c2$&LnMmDa6rKY
zdUVA{7uoK$4KGxR;ccanLYQ2fFb8P?y?u>a(dNB-*{wAQ!$|}AkvxgXUO^!G^yaaJ
zxsqFS>bv~3x+(2*AHtFdt+f*F6(d!WKt^{c&PU=nrd`-YsNJ@$CD;5*m~Lj{dLQ}c
zk6Ju8Xt%bSq+7zY$Rk31PDuV$1<tYd3y-kcByw3oJhzR;R%853e;$>}oK*<>O}|^e
z!?~`!?%R=_Qhh^JvW61STgNIaF)7a8M<>+RXCxvCX1jQxhHR1ch9rbegRgvc99K0p
z#h!+c&u?I<sK_^Lk;{lw{{T~3>hS9@S(}Ki3Of1nAaC90J9+Qhg&wuhhj!*tcb5ME
z*Y%;C^|MPt+DUA-ttvc*8PxfcH_Ax<`6r)XKPu0b?%%`uKKLvGdD3DvcFQ>HxxGG>
za{72+Xyv{;c>>zfFbU5<Na#<eVNqO6A(=t7j$nsmD=6P2vYt)}=mF||t9iR#&dqsk
zauDq*>hki=8;N7`o=J(=k>EJM!6&fm&wiBcRt43ghTeB68q9u3z-D|7r1V~-^Hpz?
zP`}ca+S1@jBTiCxQ?(b5x~I?_3U!x}qUe{1OI)?PZk31JE^+dYVa90YZE{O%YS``7
zZa-Ml)B79j8h4irOCtHK&430ol22aMT3sjm6F{0v2YD|h3Z_6lZKRHawHh3ky2qU^
zqys|itpIU_-ZFR{$E`X&ZFL=KwEJ~nts6#ef%)<|$m|AdH|(csma~?N{sJGowC%ZC
z$4j`-bbHNBn0=_lwNP`k5;;Eg28kWknWkTBQlZO7h_`iOPu}`x6}>&>ovgO{T!-e6
z6j+#LaDM53sUNLK@U_m2_E$1xoE4GBK)`Ooj^K3T(uG1Pu1D~v_lG;{*YY{v4NR8$
zR;hbA$&9NmPgdlQ*A;KWWuHg$n~@dU%;(n;{{W3ie`jty5`M`WM;=6@civ%~Za-1Y
zP}6S3pMtNL@X|_SPjW#1m5gsnQH-`xZ}lnr$+g_Ipj@=JHYJH-m#?423I4S&hUI&-
zX$jAjc+wyDSx@z-d?L~R0At=Wb%D&I@j^ews(32wM}Ix5ANA4X4^|)jY}2DVI#+w&
z^ta-IOX9IFho?#Oy-Ll`&m3|*e?mF^K&U)A@?YuK`Z&Sg5tcG~1Cjp#)}-)sCQW(V
zkCr&wIrrka9V*7w*Hyiq+BQbt<g`t|Q`ahcf-rGQ4+&I^B=*%mG!tqqqYuOO)7-~@
zq1}d#GMlhRD8P<tZ4*qnu+=B9yj}KF#M_TlY<JINT615+r!viVAp+u2<jAX+R2U^&
z)C0vPu{&vYb6*7WR^^o%B7b&AKQ|o-82oERN}M8_dc*SU$>wd_xlYqUn@I5#a@#+d
zXmTVO`H&ELk578JE|p@Mou;E_A%wew@{FTrxBEH#sz|QaQ`1{ev%=j3WQknzuZ~yW
z)KzT<Sd#AIOKYodD&pN4fQ@$U9l>8*;MS3i7_|kncVE{*Hz%)SS*4m^C5SPPH)|CE
z)br5#0z39Kjc2a;TB*`*EMti`G)P83<nfSu8m(ccUfJqU-f7nYdpV@})V2sxdCK~V
zzi}}$vPib`mXQ6Hd86pS^BWP!K8A-<a!Ok}`ltT@4jidzxh;$~_D?muFf=V8{q$S+
z1s#|IIbO!5RJWhbvrs054kWdde9`-_xA_L3lH$zC0JwRrCYvu5jChVr;glZS^#_BR
zlJPvV9rX6{t<|^QYixY!^gUPGsI3!8Sz62T{<ZA?04eHY_^MmGNc8tc@`{$m#yv(b
za(U^FwVfyYRFV0Jaj8bXG<o7->b{5Cw6#rY+-gsyUR#N5V_>D&lHm2+54LKB_0s5f
z4HlhhB4-<x>Dzf^Jqn(H8sM(t=O*QN?AKfQf0?u|WUZ;UVCw~xw!dgeE^Qz`XgJPS
zYheNZ0A%8+cq$O^-|@?Zk3U@0x_!Jiv0dtM5g*!Zo;QddlH(^H#~G#YA2D8nIx-*U
zTT{EOO8aYXyZnUojJ`&uxu(afAb>CgZ7U`-w~`O^tYp<?w}NdSS>t?V66A6)M+Ewg
zoYuCDb@r<}i3!PuS&;n++$xk|H4h0%JgTf#*o={qu9+G9v0Btz&)PxRwEY@g84FDr
zN5WST+qLWxxXgtUAo`NIABi8GZh~QvJj|k9%mV@0%75`oT*Uerx6)(Ptge1fEgg}%
zgOQvcV_govH=p5%@1WqT$1>xw&-j|kgOn*a$$Tp7%@sR2U3DbClxbS6gv5aq%<(^<
z+(G_zYHO6S*6pKyA-O`S=&rxw4nF}|J|dAdPYJ_&A7)oL?0E!!W~<2aYkm${#!c0u
z=Od}x-||1DZ7STelw;XRexxYfCjAXNTd(Z@01;eivk)Vk`Op*Co}=+OrfHXhPS&n;
zdyEL#%i9y^-0iH*W*d!1N3hi4%Us0}X*PY}KfU>bPu1+E)vPS<?bx;CFe6H<_lP4P
zkH<9*tkd^a+OIVCUoX(ERQK!omh7jF&rrC~Zw6qKKW8n_tA7nerQQn*>2w`L?ue4G
zJ9ksiel-pKq`KyrXK@kEp%fw6dKVcZk8nrpPx~8qi$RFZh18)es#svQ-k|<t@ua0b
zYe8+Q^IyyI9hJ5D`u8lysQrfWO&eA|WxI?+Gyeb*o`Ju{nI@$siF9=ROd0HCAG(-~
zoxX?H6<)>%*Yw$}H4tOHv|tiP7-61(`t<%(X=x;_CW)=Zl|(HIzfcFGeJE3#w=Z3r
z{{Yfu`URG^`Tqc#DyN^IUVXC5H#$_@ki39B51|#jqRtYx+Fhh?B#F4HIYQ~*1EC|*
zq0+3U(dN0ejfKszQtE`^l=>0wJJVyhhT-86#Ghl4_d`9u$nnel)*S&oJq=Yj@+&<&
zyFVw`nLDysZ}j7J_Djf0Lvn$Uq(3A5NAR|3_D0gvb%Zc5Oy%Nt$;YaL!zuQvGhFGu
zCQ)G_mfG$%`Amv3Te#z|=~7!Qm{ig3?iubQZ``z~V|5?wxALk}ZdX=oqtoscw72!@
zJSth=8+#dk&h5|HE;))({=x13c&A=PEykB|X>T9dCJDJBQHIDlAx}aMJ7S-40?i46
z{{R<us&JPv{{XCr{{Xd*=06cf+D(*18@Vnew~eGkDgL=J!6%`|sO?V4T|F1|{b{4^
za5-Bq5ZuKehf!a)TW19(P+5J!HFoPzlT38Hv9z&kd4A;S77x0&JQ|IzG|v#ut8#|M
z@woF7lymRzQrg(Zr%yGV)}d(jvV5~cA!K3bz!BHpxFhWv(pOy{Rrl-tXl(g=e2E(B
zON~y_>0U`}FNfLMF3}UgTzhpD21EGrH2~r{RR(|A82*)V#yfo)Pq8iAOC{jlZy-;R
z4hUAs@7s#0ce)Q4Sjiy7kL0wUQUEn`zbbOynP1EL+)H+sV#kCz)U_5pcAkG4@xO{p
zf8iC2pS^aO_xW1Am%`)8@h+nQ?i_wiUP<vr*#7{+F>o==H!6QpKdltBbbVju68m0<
ziP1$B?;L?e6i@+06i@+06i@+06i^4F{3f@}&Zlxm-9(HZsU-gZAzt^Y{{W+SD^7=@
zk%OPq{{T^5E%2%>x*g=W<?b*K(MR~#ws@><x6&;~O`SjQkzOVv_?4yPm*jOpX%uDa
z5j2;YZHj&6wuv$R({g{EZR-q{vq`M^qGGBbwgi322166{!9R^=-8laMgx)ZI>Q5Se
zSQUNmO6pgcVf~e6yCjX&5i5FN_bg3k3toP<^tWG--Sjc-qD?y3YIn=#TuOIa!u|gM
z+i!2@RbsW&wVS4qB9eI={LXq0$Dpf{>+@dRsa-bBrfed9=&|+#Cm*F+)U|u7D^q3m
zlJ|}=GbalW{^EhgeNAC%O>X&D;{O28@-FgEZB6YK-WwYTU{y<*W0AbqjO0ex=kdoJ
zRUJa*<&{OsG;kC9iwKYJCO)r@f~aVgH?!!DES$wG*BfM%wl<=S{{S=kR;`Yi5*a?r
zD`9xJzjN~+P=xgNHQfg((~M%QzpuaY?qbqXZLqSnU+qPb@Fe<%0rHdmU9u0;KHvVj
zt9zwf_=8rFrMreDL4}D=n8?2P;1l(x&fnTa?KIQ&Z7vg=i=s&0d-L9%rOzC)u(Jzq
zrrHAA<T&$W>{$M|_NDGh)Y`hg-~M**_aW-F>L#JD+Sx_@m2GL~c_2htn*p)xIXvfz
z)MbtxKGyR7Na2z=vavA2Bc5}#bs%wy&+;_i58JKWh}T#19L44g5`94IKD^TEdRUVC
z`$tiI(SV5^x_#*%1LgL~s!pQ2m7CK}iFu0Adw;{4T63dWtkJBpJkqlXr(V2r{{ZZa
zbQD27z0J+!$X@YL0%2Dv!N^hSN#vfC%|hPiRMR82Nuq&6;^%MOMFTrWt~mUux@3T9
z(!phjVDjB<<YCK@IgyWHn%zmMDD?c__21BoX>nz|w{2d|-Q;PmRq|qs?xPWcSo#6R
zDZ1U&q$_J}Jk2Ykh8FP*G>!Z@$K4*(%{t24MvydY)6P^p(&HqC=&C(Q=jbUHOt!bw
z=e>DE*K$rodHb>VC)}w201AfcI5nl)`<Lp+?%cPpPj3dF<=tGAN0V_yA3F}aK>FjF
zn^0D3G*y;3<CbJ*VljotILA^+{&k;sronxwuBSAG&_x-F-2LK7<350&>r-6YG@A4`
zml6-M!y2q0avD-d;8nLK<l52MFHY=9D<Su?!*6?QV{W)N5=$fF_>KtvXY{Q7D@~h5
z(5~f>`FE2>#X#zy43EZ^eO}@GTOFJh@u*h`B$&&x^*r_*)tUVJtya?5MB*Kj2{_>t
zf~%j)^{m^3q~y0w%gXjeYL%Ih;W<9Xr|NoxDIzogd!A4DQ@k&C_IpiRQJCa_7?a%c
zf0?aGEg{qN*z}kV<8u_ek;^vRgOAFo+v%TT@U)h)j9gwLNw?6d?gR9!VNP`1Qu`_W
z@BSSW<fVTyw}<Zywu7tQGkoQS5Bo%M`kH2)a$xW^`OhsejD8_={c7c|njr9#TF3~v
zybUU^x{bhoLZ)3PCx#)?+Y51Wra_<Yj2wPn%9JV8<x8|*-v0okHsgPp4xbCl;Ol7m
zFq}xM{pAu2{{T9xr^u<}o27B`$nv2cy-)P5yR?qR8w;dzEo@?tHV@z6C?AQge&$8A
z@xo4cib)Z{K8y!HtvajO@?WEh`CEU?QGD0)xaEf1#J9^UNFcaF{*Z)VIuGIpvBwn#
zp{8mV_r`014Wt7L7?M@OsOSI(pTe$c7Ab3MtKC|B!e$6medx~YxFgen_!`F15fbKG
z*;Ev?jLU=Fx+whXo}ygJ6I#7n{=V}_?R0KMs9ShjcAOeXq<@-eQv=H+Z~~sSWuUdx
zE;QL1ON*%dqR6heOoQ_?ob~puS{*+B08*9b*g~-^^U8Lh&vH#}okVz6)+<YQTd8Co
zYnCJ`gU~P5u9a5P=T?H-@BB%Wdv0sqTwB5BYB$U_z;OfvsA4!L{h~W|6%x$nNm-}1
z3iD068&&He{vF4u^(6XMZkwpu>LA)hYZO;TPc|bvG>TmHKU@y=zT#N*7#OIV0H>PF
zF&M}GgvS~571s%SMa>td>ihoymd0&z=*sXyEpH*WmgLEGCh4U_88WsH-t<w>3W-eD
z5-cea80<i2L>o}ddN0v>lTp|}_HTPJlkFO$ghpQnYBO{LJ#p0g3Wo6{lTNkMwD%?{
zOEt~cKyYxxpF(r`QoW<M%kp1-;cZJd3vXvU*U{UFZ)I4-a_1^!VULi01d~PflLh>i
zM(%ln!b}G_CQ=4T&tbvm+N?+;`+t~!<JV1xDnGp@-2RFO=TsoLy1LM3xR*a@y}0u2
z$M-=Sc>Fh0l8xM2y4O!l{{S5UUvxKHlIu{=?Ap!)v8N$YKBY!N9DWt2eJHZFj^gfB
zw@k)JMci5PS;js6YB;5iTiNuhf8C|5QE!z_3EIOWKA6wuYa0Im%+!1@CCPGF-8AZ-
z>}PNDH8YndG?uR4Ei_|F_FvYf>~;_xF80zG77;LSEaxUcfrii2ispPB46Ut~T!oG{
z-hR9R`Tqba=puq-&@JX`kqgIcqkOyt`IU$0G5JzKa||A3)ru&ylzELH>h4?u52iWe
z-igzToF??Pzt^BCG@9;m`fZG@;)w0#A2f3oeEKQLuCG*EIIeClW>EtO{G_@7oR-Rv
zSGgGLRpn^b;zMxpTVGEjLllQ2d`kUKp*=HI{99`>Y4*sB%)e-I!yILfNA;}Z1xA$Y
zuWf(J{KnrjmCJhcS5oM*8*~zx9Y|>TZ!Z9!{CbB`cc)nC+JtTU>wUr0{NhCb<LkDX
z>nu8jt%}arlFQ0QR>mYlpXrJ&ZvNP}<|x3r)2>9LAI77P&j9|Fw3@qb(%zcCz?HH<
zk+zqkKrP+oiXY#*V+$;7NMVm)L8&6NwS-(XrLwBrx~rjXB#eS`p7=S(wKjXBZLiwK
z2JJrn5g1<C?fl2*QOji{x<vYDlq}Y=t6Iss8<gayKbWIMqFZVAE}p18dX{XOV{n#N
z3bIRRc9v!NjAVSSr`NHno>+TRc?12bHD4y-Iy1&SNB7s)y-1f6OC5#WsL|?ChYcAR
zGNO<eW7h{G@uyqch`d2H#f-rb*L3i|0D>|ddmeH6(Yi~2&sC@0)ds_FwG*Z_oUV&?
zr%ecq$&Z+RJ@PTZ^s6!3MfPX4TwPgAnTQk01IS$ZdLGA$SZ!yUOqMSq6yA3mdGN>%
zer#j-Pf_S=27eG)SzRyKZ3`QC{G@+1f|1nm++?1#r!`OBsPuo+^<JQtHi)|g-M){d
z$0518SkmEwMA3lU519`*BR%Ss<WP8`IWOUvZEhg}WR6zK<FU_g%9i#&_(|;}zlwB*
zc>e%&@W}X5dX1;HYc9lGX&Ry}+z%X5e(F_q;gIltzO~6xqq>7vrvCt|`Fa{gJ$jm2
zW{-X4PhoWkHj@p>AZ2Ao9T*UQ3bCR!wwb9%rmorNn4h%B2Me?k6nzg<T-D{gmKv0{
z>Q3mS!ja$5*I^aB7J8M|sWv>xAoF97x_qN?KAAiZ#)=l^R#tI(-(5QP{+Q>sy-YnS
z;f|@Q-NsJgZ#;@euWHv_K4~vBhPt>^SkYJqIe8=}aR7c?)h`Ca`|I0=RVa~!ZR3m+
zlllr~mn6E6i09PgC2ipj#zyFa1SqFR;Dz<(f3B=j-P@q)?>^b0+@_yv<q2+<Fc6aR
zWD;_F)|_%Jgezu|6L}V%Ooy)C`$xGa^c9x(aoTuzu8?I-_dZ#6`|^CfN2lRhQh}%3
z-(9Tg*NbMmBF1(o3NqgL?OIcRYWmq<w^yK==s<~cqyGS6*jq?Mvr5l!2O#nRAAry0
zTXx#by~)0mKEZCnJjmZ6Jb-<&YbwrFv^qOZtk=`2KpcI=EK4`k=BVA+wYGsY3Q4)R
zx<-))VA<La<)6m1jY(5ihSuA+x~#oPaZ=y<)a=Pg8XeK)m=;%2kcS?>iKt#XCW7!X
ze(jj~{{SiE;AiW=9V-D|;vW~-+6O*dR>4Yx!2u6Hom95eHA%cbsofiw4w4Orx{Un5
zeqy(HsOp@1{s@jo-0U+SpC9hnmO=xC;0_K6s#n^aR`yp{4BO4SfXM^%*MLuNdgtc6
zy=L(A<=^KZHc9!8anIpTj>vt#T(r4y98+y7-LlQ{pUl#hDa%MN>z3$hnp^(>T9zlh
zlJj4;w`m*f7q*9L_T@<@>%~`z(@C+mw!e>jQC%{JUaQfShqqtOtXed2T<KbM<a;h6
zhkQ+rLuG+e>_Gi1Jr%FC6|}ye$eJ6UE*6krWDmN=x#cIUzSF<x?Ee5l(pz*VXfAZA
z^`9~olGW798oA0a-ZDLo4LUd?yS&lwtsNp|Kn1h6J3|m~Ph4}wBV0)ix2(f(jU}nK
zGMHH4Ha7A<4D(sqq%ljOSzPJOBf|r@Vn@vuNFX1f?@=bAowZ8(b<$l1lYiHdX4dlY
zWY%=qr7sj#@|6rSMmlrX7&RV=sQrh-my!t9M~-#jhZt-F`V3a0T-)k0M(+?3-P$@N
z%lu7@GB>|*Sl%0GUf)x)xyVT(3~)IZJfFik{3&Z0$Ch8sXY#rpjXSQzn+-N466%_1
z6XasrCLlC!dgncM)hk~O++1BSy}5=4Id{v4e03)P@%Ynq%ULWebo*R~MOSkoa;#ap
z=ja7R7Hs@J&Vc#%&SMzrBVNCm{#Asz6uD&`mEO94T{kIS*H3eH-^6xOyc&9$;DRSq
zNdX7U1B^Ft4O+9diW}?ep%l~HZzyD#Z5cnpJq9|rrE@kO9lE-aKF~#^Zg8ev8Nc0L
zrnGOoPJ@1)w*LTVv_a+WX$W`6e2&Jqr(RsV_4Muk01f)shXs2;(!05a%WNo%d#PSv
zp2|mI{_mixS8&U5c$RU=nT$bal|}?{_W*V*e?d@b7ZGYwt=*bM3nB%$+z$Q*6b9+H
zj(gMRhV88{poFXeh%Y<0%;TNyfs^O}^sc3>Z@PP1`rY+xhoi9Qj4cfQOp&~Bx+x`d
z915VGJxCq>O(n0LcQ4xJMO3``F(Jmta6nQ1(;jLSiq<VE+R+Ooj}uQL3>gM+qy7YY
zdJ1~1_kJVu?mu;9W=h13z;*+YJ#p9Yp*QaQzpq5T@a{6$MQGO6wlF*(546ld%eoJ`
z3H4*znD$oscB6Tz<)*vb8Yoy`D?b1e-1YhjZPncNT3q+YKhrPe3m5~GOnjs3kLOnk
z54KprDfuj*6Wlke1;Xd@CZ#0Rx~p5t`+u1A+=6(oU&f05QF~7-V;|rMM?bAkd-iv@
zYYVsYr<xMN*>V9Piw~Q(rBu1UlH<e1{WB8EuWuYmc*{Nk`r|cQRJEJ_5{))k-I<?a
zmK~W+8m3c8Hyv)%`A8DJ{Xas-itR&aR?;FW8+HMa2MdwN{P9#Y`#Y!bP3cf}yuM<t
zI;h4^>H1dgqaCyoMlUW=ZKpDZjq|y;l_MUQBds8~yMo#6(iKS-IZQC9$l9esk8nnR
zI&~>U)s&xWegPRiRFRY5m=rbT)VK%~Ml;_%f2ZeKP$jLk#5RaUob$8DV8J1Y1x62V
zTzk^nL2E4UV`)55d2zp;3X_oSjF5YQ)7q$9K_s3#S!80dMxtHK#uP93(u(#};S{f}
zzWx6I$Q$O9WcrkM!^E0n#|aUxH!^+Q#GUyx?MBMmSh;UCjlI+ph(jpIWjwBaqrE!T
z=HVjLB=ZY3oU`Q^@Zj>fA6))*Eu_%PePeqXZMVIP%VqxTiT8hzAB9z;E2p%b?Ede;
zitT)Y?Uq~Cx4DGN1<DkTDNg|OKnuU!kv$J>!v{3qvO3yZ$EU77&ls8vpPd}!m2YMT
zAB9%5Hy4)Ix@66Zt0_d5?%uiiNA&z@_wrnM_FBz|CB$G{KsxQuJbN6EYB`f!@BR+@
z{m)RhLUVGHS;>98K^wGgB~;`bkXAw51IN(O9k{i=whTbFl20<)ML7|%`^lf~w`!AY
z0`m41UozI@m6jpZCB}aZ!}S$X#tC53B!vjQvUvxTncCrb+&RVwI5kf9SJ(X4=>Gr)
z9RY6AZ9-imQBN*!Gj+Yf3=)5Y{ePW1Q-Uk4Ia=`?$pO#WEyhkiz6Yjyj>fHODI77u
zd41%|4Y<j251F`fyGZVPgT-J$;?%X7%oapPEQUz~N?ViH1E8$xP7u5*z5e@jzo&7<
zH>^!dy?#9&;KuSxb1{uK#z0V~11Grzj@5~Kpb7R}*j&XVcNuh!M+*Mqo(UAXrh_!I
zwcV7zYFUSyvp>85`*-{*wSv9Qoq49rtR#(1#36<VVfTmPKb3OToTn!WvD2sgKbfRb
zO7VWCl$t%w?w1>C8*OH_J6dT7JEHtMkLyouLfTIa-@|Pl*lpEeiHP}_G31}A8LXcU
z?tNV#!DN~@iN-U*Q~hyT8jLY%z7-az%JWHZJl0-?fXM^t!2IZhuT9j7wv9XW(@)Rv
z2DP&tqj~S7SzE;;Ae#7x+Htu;f`1Mwc8)73^=s?hlgTMv*2>(dEx=+wl{(f|(!3V4
zVOB{4d2Re#nBZgZ8LAdm@Z0!$S#={SM?C7mRD9Bf2l5#`YenwHG3#sVveQ9s+w(3w
zcRHT0qy&p>2?TRGAi^d|Kg$(8&dp}dJ8MPRZzbavko6!8vmeCq_);y*^6U0Cux2}0
z?bZCD(SLSvxcA0KT8QS`Pt)vdrWXq>*%P`Bq!lC&Z}6+q((1bT?5w<r>|29Ymfuv>
z%a&^!NW!Fkj4%KP-<sI8zJ^#Via5;Ua9LmHEA8upip089yIogJv0ct(R+Y%=?EL-!
ze_BZGgq|hR(%rXPTiXT=>@qX>oL2CwQVz>if6iL{$d?q?_1Ng&$z-_S69iGVL$~j)
z-q`9nqzP)TY4ZHa2!n&b+t1UFTH~#C3+2#tYo9hi{(6OA$K@pRkJ7H(-s&*6g64N3
zbzd=ajl__7{0OR8$Tfam&+)K(CwpJ|vC@}VW1Z0iepx4UpDL1hCq9)<ZC2V1M#eB%
z#n{3!pO9z2xhEBd1>M%GuUNA&-w`Sp^ye#&z|$=44c42Zx)N@!q~EahG4H|rjww7$
z<)jz%ouA+(O)dWbtp)_U)^yA0t|TpaX>-0Xc<gec@-=#SVbrd#EX+YJrnCk(=p0}+
z8{8iC1>MNFvem9^(U$HRlgtP|xXp(jhhL>jBuRIui?o@3)%Gvm+vAgzI4kSdrC_@)
zZ@-$mUwMDm<X4X6tZg)?^$Sli#LSsvhm3|8Ao_FCm8@m8O=e3wkm}#O%x4W7t7imt
z^{TPmK|X_Ox}lM_&hez<mWY4|<G82KBk7(nTeFdCa=?fF7FGi%@Fuh7R!!}vs=BtN
zS=_0p-_NLcV%A%h4<g*MZUY$`M_+zxM*jd%wtYIn&gpjB+}o=(pk$+r0N(h=KU#}f
zNMA#^NTCqTZ+E(A*QQ9u<@P)pd={{48U~jcbxGopk#`&egUbDJf<A_qzs)G8cGCIT
z*fg?!V<*vXEi{$0vQ(L;JLj2P0k`;9lheIHW2Qr-r}m}g%yM}SHbVnvbM_m$R%Wzh
zmt4BsgcB)MQZc~bewAlcic>TiRjh9ywm=zCbGk#zAL;m3E>Kc(QTTLTzMqLnJ6XNW
z*!7sTsBW<>%n}Q8n3M(zGxHVclZv-zYOrb0+S;RAEW{R-{`d#~0A@a&g<@%%QPNB5
zSF?m`QNPHIvc#T&y))@Y{3VNVc?|bfA(|#TN=Qb~csz6`2D)KgB&A<TKg;wX!umsF
zV$S9pjZQl)ItBYRr{A5q1KEAa@79q~W%Dk~ik6n{StOIBlJ}7MfzS$`-rRp?$Y3#x
zIXQ|r2G(TmIsPNlIq6kztz^7Q0d`g^MZ*1>E=x(1h2x9?j()YfQc=6t^78pFy^*EK
zq_}HKXl8+Y$s~+N14yIHmDrxXfOVvkPmQep$8{f^vB->y8xJdzLoxJHPvj~`nFaip
zZo7;zIJAU%FWzi>o(Hv5vrEV{+o|Vm+Li07DxR_DIM1dAPp}j_Ue8sp_4DX~Y*~Z-
zI9=Prxh*6OYYNB0uF!Ws=YdSoVuMX+ZLH6n)5g-gt~T&ETn@mKP4gZ-V@=WR2^RL~
zB$bEpah`wAdSsWWXARz^<*Ny%TYFSJ0;hk>6ZlZ1ljeJ?>-f8VUof-VxSkugzxy@V
zo+5?j42>rTCx;{Os}}8NcXu4o;_gdn+&rubh?M2Cj`+a<(#<2muiC<9ZNI&_ke2AA
zU=N_hW%z$inKdn1)Vr!|F%|=<CxiJ^uW`njSJkiA`t%#t@?|d<+LYIfh%zToMmv$g
zAEiy=t6P|CbheizQUM!#HV66qD`M=#ZmtkKS2yr8O>GxHCj%h*p7^P6BsYPfxK(>J
zcT0lD8v?43!20Juoo6}`m$cX7{{TL})`)6ta`_PH)+oLdg4$bgJI(vU5jZ@s<Q~KV
zD&2{<xSCikXIWu^)+dRSjj9x`J^AK~5%#E_?i;0%3qP0TgYtr)07q<MxxF6VXtYgQ
zee9C3*rT~C^Ec^QxqCMRmX`by{Yka&siUN}qiubx%`7Yq(;!CR7UvlC;2N6F#?C!W
zwM$lzhJ(&%6n}rXKAm{>sh?98@!8zUH^F-{u-t#u<py#1=kqlLkxd4dsail;XS9>d
zg_o|vcMt1AQHo1@UHRX2_lB?LD%-(%BHQ0WWw^DtSj@oTiW8J4)E<VVmRYT*7tgdq
zG4f_9^Cv%YPv~ha?!4ot>nZ^ASIN0i>6`}q8~M~0@V%A&?WD?O(ykUq1ac6LNcKH{
zN;Fn$uV2Z($%pm+WvQTwM}p3G5VWyvFsQ<k3Bw`m!1L}6G9|hZ-$nwBMPnP(u2yVx
zU_HkMpu2`EtsXcoW?<IrJd3p%`A^(q?0O$@SCC!(qR>o=W{M%3g<*}|)w|$~9-JDb
zthWBP``1o_=v1=2hgDCuK&x+k00}fqepwf$3HtOsjXmw)Ul2ibzJ0W^sV+igBmjKD
zzq&{N0A8Tg<+IY7;N4qAB-bFSh)Gh>lbp9~<aVmIn)>R?{gEmgXr^B-IYfn+9@!_Z
zdRA_vQ&5{+->>O^Qn_1KTMvD5%Kj0gNi6LgzbLwL1`c@0?mnio4uh!J-*2*br;--P
zF}Ms5x}IvK_KA6BS(QZb1CKTzm=CX^`qa9EeX~on)Ia62AG6GTNFOQuzm;)La-IFE
z_m<r>{7sTe;d(Pl`%bm9yIoT3EOEFFEk`8F-FWCT%|qgA(RpR1$W$xI8I`~t&Ik0U
z^s7(p9TIqEaTHL_viYshDFik@A;m9<_D`$X+1sgANMngtxX*9MimA5fw-se8efR$W
zfJ*q1eGPdQ?&eGA(od2*Na9sy!l`u`C-BWf16tTNk7$V<+^pwp=kBO4f<W$g>+MI2
zZX_)RodW*yM%>95<%dPjuTSMqg)D8gT`CEK$$1<oo>(|ok1R<&&pj)p{{R)G(#r46
z-rv{YLilc0vC4mI>bLR8*6);Do?k7{dvFC`mN%19pH+}5EuE+C!0!7uaqKf$*3CAl
zrC-Z^b>%{5j2B^m6?4LmUYu3=BsV(FqaDFvr`y@>+@qi&N&HC7C^gEzt##G;1K;}c
z9j9v&N2Te@dSrR7rYf$d3=|#-_2-YJbPI5jO**Sa;w)uRvcbBLMRTzvdX>hNd{jee
z0-dTocVQRn(zDcEL8EJzdx$d55FGQva(`Od73WQBs<+^m>dA0Yf7f%bDQo_Tx-!2o
zF)35>wh!gOH0_qf?!ZD>ux1-i&GO^%;C8NL-s%fBfo_w?o^(oIobKnp;ZIw=MYTO{
z)XMG>7ih+Q@1{QkTK#G}a{eAyC)vLL0M*Wo?qiI>yre>Az*!C(C!hn?u=O2Xn#Wa!
z&81t5Rs^#gk_&T>Kr0#k({tg?Ht4Zq1<6u#&I#cDb*nlH4MS4Yq6;h!5e}!bhEU3W
zzt*yqdDL2Ht@t(iGL#ZxK^%>!Y1*=U&2ew#%sSz=oD=ME`c*51H~K}r?wbooEv)Qh
ziBBp{3ES=8@vCu4ZS^f7taqC!qA}%%ZN%XFilKEM*tA(LEH1pnH)2F|`^oa28_?Dh
z_+M_na(6|o%?pVwZuK2n#z@i!^0IDJbzTq5JN4^X*OFgo`evOZGmn(KWs!p;u5v$_
zttV?My>@trF<wh=upi-@bYt=(`c_tpGsA1BX}31sVL|4YBpjT5;5`mGA4*jn<kj_e
zNv|h=>-7b<+)HzDx5oCfwmyF=Kky|3`qQtL-(J+@vn;mPa7bf_k@CD?^ge`DO?F75
z)$A`|C7>}z=ucC$<MZOSFKr?h_xhEi261Y@p!>nt3@{#q9Mq)b=NGExyYyq)&&bTx
zbgS!$(m2v6Y%SMhO(e<}9ow%{)~s7kZQ(GxnB81l09YZ~sGpBhSUN?jU21Wx-|AB`
zOaAJNpYW%&7y8}ww-LbYy|P;vRUNtL02PF4TlbXX?>DDk)8t!^*>6Lnm+acTott^r
zmodEUn8JWr{TSy80R1Zc$hQE=cFPr&s0<<l{b3veN2YoX{c9R2M}>6pBy%mz&Cf*y
z`DzDK@9COtma}JnJkU*Ki7m@14I{ImkbT^axaPYfS}RH0ng0NmhE6Yav8!)+_N_MV
z_IQjIk}y<J{<3a;efneTPFPG5Lf3N$uCC-<#~&@UAC@)rQQXy;qM9RUBnv!|u+9hx
z89iSf!+<K3Q2n1<y1u$|J<=&?qd-WFPYN^Yas~&zY|~ax`tSb$0U|vKCi5qp>FXM*
zZZq5@OOKO3DtngiO}SfCnRPq35=r8KvlVQ{q!JVlR>{ZVP+S|R^w}V@CR_WN%3MmF
z6yqdkumFMi)wQ!mI(D3_t#59EX`i#7;U9^~rL3K;uj|w9-S!^D7kYWrbm$|$npBc0
z14!7;=6~T|ra<<lY6eL>J9lZP#C)hG5GK=>br{@z{$opNsm*l;tEtEdg$kvzcE~(_
zq*Smmx0c^UkBf%2W|CleRy^_e^Z8QuWUju_wfeq``tl7{{Rse;4GJkQBo><>+biwd
z!Lp%v^}zjV#-A0Vy~OcCsTI-(^NHol0!a1)9V;T_HT{OPs{a5ekyaJYUo3O_3bCQu
z%KjUKyrnjYNZ-PRAdbIYYN0#SNh_;<PT%lBuXN{hODWUEF+hNZf>XTu0oIL9#&_{t
zmd+08rvx8RPhZNqNG>A}_S-WYrIE$l>JKcb#s^?eG?#Y~d9qzyv~Wm3OF7>^#(<pT
zuqUr<*Duwf?745&{#O3K9SuFB=D(45QCl>+itcDe%Tz7rj;Ka32=DiS6<TzjZx2f)
zs|%9W>ajY481{ZXl@ExmWsk$s?2x!;joWV{0YdfqjMPvGEUk1%45TZGB9sG-ra_hb
zvt2Wv?<E$jt@*ou!81!l$!rUM!aZeas708r9KidI89~n9ry`3>C)4z~Qo>1H-P%~&
z7{N?@j6F^meiZwO4dj=4Lyz>ht<mF`JhLbVpTz#AnRls6Z2DHE7DN*dE_59MC!fbT
z{Hc4fSA7+))pUP%>OEfFNiCzbGd`nbZjsG2DpPY|A8{F9X2>J)r$S_gWz(89bygGG
ztgD>Io>$qHhqFbGQPUaKV3kbJH)QALAA@7_s_-?`x@=KiW-UhAeUM1~9OEEoxFaL-
zr>bdNU-&w&p6j@`CwN+RnoCJU*EWvB%W;M(Pt6;8gV@w}7tN<>ws)4P=UJl_c-(x^
z<n+%_M<SM3MEdQu^_%%O456is_!1{Z=hR?=51^~I@XasV0>>O?Mqp9!$sz3c_Z$&T
zMYhy*eg6P2_$XIhNUeU(QDwE;C5^}|VQ=|ldJ+ewdXC*{gg<7|Z7-Q_E^XtEW&PVA
zB_GjFaKMk!s$S~W8f?&8!Dbp;R%RwCSy5d5;5(7UI$4K`^!6<(TF+{7QJeQ{4*>gm
zRxYewk+YKN^4GWAT8rK6E!5WDEe)~S+Tz?2qC=H*?s({Gww0w{+gvnKLX+6s4U)8S
zD=s@XUZbsLtXJ9{^j8u<=uxr`K2{z1=s^^ky}Da!GAtkJBmzjk-C>bja;tydPCoK_
z^!+|Ysy}5t4XYTfv<*ounU?1Ac?3)V;yB6vWKu;am&dN_&`7|33P<#-x_z8--)Xv)
z(F(@hKtuPL*CTQE00WxN@aSvL6i;-EyJ(U?4^DUh{&l}AP7qoyYp+k~ke=_zvTWwP
z(=_vQbP_pcX`WeIC5bpt2Xlc^UEij4wY9eqylNGt1ebO$7w{g!suM1+;?(kiHrBEz
z<L;`d<ojn8H`{HktaW+x)^?wIZn$Chi#hwFupIMENm<)%b?WT8e_t_M`uUeMu)172
zWwg;Bw!fJs*8T-OPuBw<ol%foX<8~z42-we*FlIKK*1n>qw}lQkqGD0uC6El07+X$
z*$Z;)-!UZnb5(6_gnDJRp?s|O5?wn&tT-jMjo&~4#ap*6wzAX7S$-nx{dt`PTCKdA
zt<|y0n@IBPPsn-`$81%hB25Gi>avL#V8!z<T!ZxDxtrTVZEvnl?Td?oN+*9TFa-WJ
z6aB8ze-Bx!GT;VfQb#4SLHsMD>obdLYx-`>@FUr$xAmdctaiqGpO-QeRg{o<TpWFR
znraJlg4fH1nm!gX6#SzY$<ING=U}|lr@q$!oz-AQ^4I&PoMZ3?v+i&2<?zLo%S$6N
z+z`#Xmh{i-P2%E})O-F66*k`IU2}I7aowZHpu-;Ru{ZAm<MgaMt!itFts3GMWVE?$
zvM0WFkWb@Hk{>U{S1)o%x4E+{#Cl)@`BNcC^!r;4HuQXta>hAVu>=)i>~s3mRI5@=
zt&;s3x869#A*LkJ>~$M?;`6M`>f;BUjggRjK_8_`(N6}uJ@iYy&hFT_BxOkv=jI=W
z>rpW>#jV(1%3y$8Zi(4`?&l<bz<Pdk=*;$hA+onEx)-zv;2flwQ~CC+v`u!p`D)kP
zS8}<I4O2?7p4-c`nkm>MEZ-})1b|OZVOH($Z!NrJ_6;dE^094=&N92W^sLF@wY>1$
zji)T1y0{Zb3FOC>!NKl2R-T!E1n}uo+{PJ^j2>|N$m5_spo38d@2za~cUwDXHne{;
zFT*#VWVO{CC^AP6nt+buBR{QAWn*cm-L|c46@m@#XvZJD>;XJro@xyQC9jAtEhbIM
z=_Eycd*kvH%~s3%KSGW;97_!MEhm`0Hh=<y=y^4iE~zIabsPQn{{Vth__XRE&~*#z
z{nyh&1d~5I<OPZLP-{eMwpx5ANQviIqxntLWD-t!!1VeW#?w#Ow5z>9f39LJ;XZ`@
z<N1F&ipxX1yTix?5V6OZH_8vtbtmar!g7VZlJ}ndbSb3%C!#v!x3_J2YqGQ4Ng697
z6~Z7R<qQ4dfBN*xtEe>eH&g!rq+Z-+IH8R2tNqY@Gt~DrpLedVjz6*>Pqf1dl#)ks
z8Hwrv9Wm0Z==V1Iqe8ZJ@mtSsHn#k`2(zD%^am%ut#>Mra^!>ezhBngraY}Hy^FK0
z&zECvp#}RP*r>Qj0sG8Hu;6>q6fmRQS=+kI(L@u<VU$u>Wt{h7dHM>K#n;*{*4<HO
zmM$(G#tU{;?|?Jgtx&as8(kUTf>!<eH`*>(W8`1HN4H__Ye%HE{<i-BhkJemt&1>A
zEzQUFf^9Iye27{8RSFN!C*#lxgUGkClkB!Iv@=}J%4H|!5vj|O=sOA}j!W%M%GM<@
zX?DtwlfZI7Dm~9n)}L{A_H@)WlY+o`Hp+Vp<9FiOKZPf4Tj|&HYw|<>zsPOnm8bTb
zYWFQB<$zAM?7cSdGJd$?nW_H(XwR(a6GZ_yK<uOLsVC;o;Zh_sPh+LpPD@QW^QSG>
zU^}pX5-I-x+JffJ?)oF;!)Yv=K>jng0H0n?X*Cv_+V+1v-`oo1_omt#h;6Q?2)6~|
zNKtrXU=(xP7!_Anvk&1$i7nO!gAxc-=V;0A+~b<a)@^2c4IWi?c~urB?p25kKTqXd
z9;6b`E!EA+q&{Ht1A~?u3Y7!CdeP18In!2F{MYCfwXAdg8MV2aN!5&53nW_?{iebG
zpU$E1ZNBYg=W&ICGERL@82*2ibT+Q`h%N2aW438FTb1W<F|%&Za!DVRL22b1xFHV>
zwd|+Qx`&^blpq1`&PeyHp+Yfq_4t3!r}eQ;ZS#4ON%lJ{((Q{mZmtvp0bwes2mS+{
z!}6-WBZmD`Px4|c$u8%3{{X+hQhy4su2{<Y_LpuQ%6V#mi0QQQe@xb-6G<+yeF&Mc
z9Eo(8KY0pZkEcq}`~1|}wzmC6wWLL@Tia@K&uw-4m$y}Tr9qw>gOS{Bsct{f9@gGq
zUd$-8m1N~fAQgYlBCEl99o$wLqQt1HBU@Y`>4rUinZf*M4D#xFrjK~X$(34YUB83B
z9^c?<oRfUZd3F3%{{SzLtoH0l9fAubw6%}PS9fx(*?6P}3d7Yw82o9`+%?s-*Aova
zM2Mu%8vgPpQZw}jtyaDlli1o_+qT_G(U~0wSI6GtzhjR>S7Vkx?G?F=ap%T@?i1T^
z`CIxLYS*&SY59JgP(6zB#Hg{{?^m<9V9z9dBA2v-&>n<Qd4C<gt1X773bm!q408dD
zeSU|(QB1J5lFcvH(5%*NkS(P+Ws@T*&ln>-)w`QzZ89Tru|2FjxSu7_J&OMT5b5tp
zDLCC|{{Rm^li$cRzN0T~7HvLTTeWM2gym(A8^|610Nw+r?kcRB#5z5-nR}ayhc^EJ
zEJXtET>Pc8oFC^|=f!bbUQIonk<6q9GD>j3a6Vqg0-LI7ZL1X3Eann5z}@6KeBh1<
zUtCr*teSG6te53~#H9|C*lqTg7ObDzmRAU(cRQk)uvPnw$BLE>7W(T-Yb(gaO#$C;
zGq58c#JqOzS^82*=S`(uM$xUxkQK%@$T?H}KN_v1Jh1Clr9mvRfL9sgI3l?epyZ_E
z@o4>hKNDL!Sv`(}PQA2-#`ezCZ;IXqlg}ds<RF56oZwUZ3PQzrSdLi$`twoGX>X(G
z+Oh{%npOyKaugOjSL=+E_*48VYbn#Bl?UFu4BqIgjQ(c2sdK8-)7>ZX=w~Z9GCvDU
z$#tsQNsz@^uzL}Zf1O9++pYc`)vVa^ki3iZDs%jY=UcYckXm?#d!WmU!{s9X0JJh+
z{{TV#YL1JgrG@UH1i*y2a|B-MRIxvnD&b0`To-O-_v|Mm?)?gSP1o9d9jMu{%fO|8
z{{Uq3{K2D1oZomyQL!MFfpWh?&+`VXcz;e7Q(szKkM;6>oO^(**&l^FM74bq<?ZJm
z>+Xa@JsCnV2lW*c<3DlBYdF8qa%)?9mHaA#_eH+3osX9*>_B@lQh5BcQ|Xb<p$j{E
zrQ7D+ylu`yDNq6Y@l#8uofO-fQ11uZyw@Oo#4EQ4+mp>l;tfXP${RN@B$2bYm1JCo
zU_b}h@t!KwRVr!E;)msQEAu@zW~?wRwyPT3NUI6A*kRAizcC?(dW@1P1e(?_5cy4U
z<y?6y8zCD~PBIGm5Kl^vRYuh9Z05H<UGl2jM1!v0HvoI~q}Md4HAgMxtT!;I*)Q<0
z&Imt4`D9l_`I3CAW}5!G8Kk<7y1BKq@eR11SB7PXD3yoFB9d|sq0f4kR=BsbxU-gd
z9RZP<Csp}Iag}U!1b6nPYIgRTw2g0ZxNR)4$Op`h21xe=V2`1uv`~#E-p1st@FYrI
z$4$8)GN1N%&#|Q^FL^6lbpHU){Qm$^t7urbc%-noavX$JWVwU_Su>D9@3$O}Z+e#A
z;w#jNflHX(Nb?YMY;r%@$o~Ker(ta_k!Nvj1;Wfc-`p#XgpBQPO!hwFt7z6?br0<;
z7V_=n47WDSK4{o;f%wx?mo#+Wf4}kk`ijcTn@wvwrdx4v;^N)EcC!4krVlEAyefsp
zx^#_V<|~^8DqDw7kh=CHbU#{lp{B>IUJ{P5-i6;3gM^tqeVBKvcaquO>L1y9tSTI$
zm}SlmNEsRW=CN*kwu?!pqv-sfV%4v%rgi>_9qAg?o#Mc<kth-=8(Zo+b6Q%0MSG@O
z$*D%DN6Yq@ST~m4n<My7=~Z6ZeK${KvzyL)NeM8x<)Ut?%iMR!s!(P%I;M;Z+y4N|
z&5=3V>&J0Xq#Inj?!Py0^3;01yA})FTiqa%;cf4+`>UM(=Iwh1?VozxhH&vh_Z9{c
zrM$!1BZHIv=^e#qtTvbSK6R9SeVcPFq3VaZPe%6WYPG(TIxCB7rn%DYA$8i#%x46S
zJ#ql8A<qZy>Yw$0_&<MgU7qJZeW6`I4aK_o_KnI-7b70ysHtscO<EPOykNHoF>O14
z=nd`YdsKQpu`ZnL1dSlIkm14{G9T|Ry<608?rkmry0^2ujmG$=c)t4fIT+@=*!w$k
z$3@kDUxB;ky_lM8GT$rc(}Nw%3|`%seZoHSpJUdS#EutRx4n)}GB-tKY<E+G{J&bW
z{j+m_rpt3^BZBe*8gUx)Bx9k;=Z^JX#L~kxuAMX^Xq6gLzJ#2S`R28sFR^^C_Orjv
z%kCv#pHlUi`#+E5UW+d8{CRf@;Jzl=Z__pSK>MNPAA#NctF)FvJWZre-bkS*>x@=c
z#0zmH?xh(VOKx-crYhv^9%a&Z`@t=3<b16~6j#1+g%nXh1r$+01r$+01r$+09?9^%
zap7h-``1tWmc5h3Lpt7<AN!-*?^lg{E`0b|*FSdYzmnIo_^j>Lbh-Nw59GlA09x>>
z?_1S=XIy^IqbS9P@yyIdc1<JW-9aPyRlRC4eHvNEb8ije;!BuV><;BeIq8w<RTF$(
zKKVMEqxl@?^fcM@xhL@)jd0toT(!eYKI=v~;Qp1J-z1`y?<R-UKO)7BlKM@n-CR#?
z4daclnIr@vo~|*RpGu&IOSY5<)=f_7j|G8P@_o9sP}FZ*P`;9KHmUhhf4ZZft-Tvd
zxPrm2<Bde}<zaaa)rfa;Pw833smqd_bX|A(_PI|*c{5fk>23VTXL#8nP1j@$BxAHl
z2Y-663^#hPRlH$krvbV<booml?tKTjsAaj2N?7!ZNJZWD{mmnCzG3$6N4-sdYG8xN
zyu2&s;jS4@>1S@rtJy_$^ERyYOMc#s{(sUku<)s^<|u%+(JhZS`Fzqpr7g_xFOuTl
z_Xu%iW(GXw{`(J4Ox5_TVm5IT8;fWo3@nBVZ|n2=pK8vuwY!@3^7{G2H!T(*jR<)W
zd+kx*91pE&D9Kq{SJ(R4E{ne6O%AYM_?onr4zu0HH{4F#$8NveUw?kpa(js4KiZdw
z!*MHTY(DWP_`lvips5<wY;?GywzWAtl#q;W^^v{0;+$X->IU>HU9v<xhRE{N^yAd$
zl6wl#LQ!13cmBKE^Z63mZsmJ}HR401;bJ>C-a2q1L(af`PxPljs3eh1EKm=yqKkWU
z$NKg>eqFy4L0esuY0_N8_ZI{+gpdcBx{y!sj(`tJlJViNXx>@v?ba0n7})0n_?Ql)
z_7wGA_5T2_-!1&#ka-cLvc-7@oe2+g?dRRi{lVN1<UOdky+|OE{{YGk)3=jp4nFWF
zllY!~n5m)`vRd5S#UyKObo-ujCK-otN$LI2DJ_}{=^(jAisD;kWgb&}k(1K{sq8cC
zY1!<a`+r?~`M*JEJ>^s_HOr4G&LQT=I<%PS_yhU1Q@gs5$r*|grqUHD3iJEv1{8bX
zWYvl71orSOgr&SPywmO&X_<Wop*cU5P}Oc_u+!m*2l{>VrJ09R&H)4P!v1wNWYTTu
zzpwZoa~xIKB(cM$>T>E#eCwIrEz%%ywTg`M>-6=iw|7^!o-&TiO3Mr~h6p-f43d3n
z&HMSDA_)@iTNq5F58{-76n%c}I`w|V=Ut#9Q<-9fG3boI1CPj>%4+vZM4jKB_xs=E
zQuE%z>XX}8>lTt+JI`>ee7IA#=KII+zysQ?YOEr<w7Z@|6}_uA;(0Dk6c2p!S(lbO
z{9LzgNw$V1ndB!R1s~!my6ki6TIQ7y59CW4zQfy`u|I|?r8y-%I;($}B(A*;ZC#QE
zw!D^8<ytd45y5sKZBg~l=}~L9aM;+vcnN!fyX@h*?tkL^1yk`9a_ZNbTz1EGysX*u
z;EbQjv@UHe^@(h!W>B`%6SSYaxhg+4QCc@CImRAV{5AP25|T+aCaq^Kp$(KRBx?dT
z`=tjQ01pGx{6%B<ve)ei_V^PYXOO`rJqJVj;<lllFtJSP9j-1UfkFQ1bDz;gBtl1r
zX4PmXyPMD4IN9@O`Bc@X8nJ7=zu*L9;{6P*GU>G)KI%(Ze7#4>Q0h9lUW`3*I5kSo
zSiF-;)TG2hc!C^=R1!B}=Z<?+8pextp<WBSMt>uAQbp>A(AKV>so833b87<L$fh~h
zcEc*3rB6bAjdDg)=Js=ZvRC=vudn86(zi0z9OB+x>X+8>U0g{bJc_$X;AHxAsjqEr
z^<8%J$cVPt3YI)7D)2IT0fAZ?ib0^>F3lZI4(O(NS%LgG=i00Iit_GfM@f&^Ctorp
zL50t7anytBT=Ig9WU4!~_5Ppy64Sd}rHf>;(saw~i&=d8$ka#YuiZvtj4$iWbAZb<
zp;Wub?Z6z8Yi~!>u5Yxf>tPu{#Ux221SVAT&(PFH^4CX3k4|qo?2I+h94E35>q?|~
zqZa+x+x7feN!hi#HLta6%@<6yvX^YPj)mRj8-P+s+wa9y(lv{%O7<%Ym}8dOM+agq
zz?kPhFK?|?ds+33F2+k`GS3MxN;`l_D#zQC%~`O#w$U%G?O<e<N01At#~=*-)%N$T
z{iNMQ+^r2i;k^9J`By7e)VF!!Ej2I5SSOhfx*wbbaNl_289)7M)p!2@Lbtn$Sc-*b
zwn+$#0&oWh(R2CN8y=A~+N}1Z?2Z>cY^~80cQs?g(-WwznlbV%V_4%J*c{W2CZuC2
z)Lm@4YySWO!gS)=NZ*}d)8f`Hl3zAksJy_-_f<*S278>J(w}T2v5!r%T>Y+VR#jus
zI<|4^yC0QM@alcPL!Qp**jtI0X&=G|%yNA={c8NsU0isJO1qL0yL`o9Iw%C-=g@*H
zq7BL_q*nI)WvLHF)Bdy~U-a!`SGAr)<(N_|lfZ5O{c4wol`Zt$L3J(3Xe31-=NrN8
z`c#&d?|FT$;ry}og$7UVg>p&%0LN+GA-FSW^Gc`v8drs(0Ar|PbMKnZr?q`KzI*TG
z{$+o6(2DBPORpNY+6#T2JWaUt^1#T)ws@=hWV1f2s>Ed_V!2l#xf_0Lj(-Z0a@Q8p
zK=Orowk5VlIS8&seF?|oP+3O*0PvIRP!1YMNdw%0{xzbHEkxH={{R&9CijoXj(Ose
z+e+1K_aY0k<|#SbxctLDoFC4u7}D1I{{9K0%&sFb%)vPfH}ZHRAI_`kHZn<|!(lo)
zM=*H{k@pxd+BxoUc&vXGTuCmjBP97r8kpA@>H#O~S<a)UPujJ;zWaZXN;j7(IxG8|
zeICl%S0dsS$bv93G7eR@cEID_s_B}RpQ%ADkhhq~B4UXwncvRsppQa0tj#Jv?OzYv
z*-bD*1gh5Mx^8TZze0bVR?(uC#{TYkRL1s@yBv;<j1Sb*yhPmLB)!(Z;r{?3@+&pf
z4wJ<?iMZdk01*6$(FWP{Cz{aJZm#v84?}ls84@y5<|N=`W1M#%<5|+f9=jR2wF;Vo
zjLiV!%>Mvsef>o~=H`7G+QQlwDRP;fQRrKuk@Osj#Z;dxx#ZkmU+eNKm0ekCWm#Wb
zSl!2Q42&61uTki0cU97DFE6ATbb&5N5B7IB5&|=nKaWbPEo}9-&6!JE#{1UnaE^Uc
z_WD#_B92(~X9hVDBUOzUsT+cTGAlH>DL!pub^86q-tyB%J4=pK8kL0T$XeZ)s|*m!
z$TeEqS=24iM3)8Q?2-WE@-?qzs@+@Yvs~Y8xQ)k?Zjz2$KYO0I#ZRPIT3@SP4I$%5
zzGTG2hhfkR_VqcdjW;e>)0Lmj_W2U!Yq=qp`i1G&R?g5slDI`@5ib0d8Rrz=6W+xP
zw-%7e=1(zEJLm4Ifrb92msQrS?Uq!rjv;$7CTZhh+jG<gJx|k$k44ZYc%M_ag``;2
zyilGDt?%vp>sh%@Ql$rW`t(cs-|itKl9SMDtonA7Yo)}cZZ!fPLykg|fVE=oVQZva
zTU!Dk3@su9tdE?#d-TOt)3w8KsKA<(UTX=%$1Zl5i9J4^)hgUO>en(n0ywnPa}*<y
zyqp8>Njaq%MaSHJUW(fOtZh5$I%ku^x-G055w9h7aL1o3pg8xf53{wtsi<l*Y;E@B
zMGN!h;Xx<q#b?Q7_T66E(s>V+WfGf)&sSrTKBSye;*qa>UwD!^5TtU&yRsk{trN3L
zrP5z^q_SH{67Jtj)vxE~DIE?vvzPft&}a0b-RHKCT)mb*Gs>GWvwwX_8T>LTyuo#i
zKH3`y#Bkf)d2yda+mgrfCav9EJ=ckT!?=B(;@Oc3jt=$C@63Lb)7knY`?jrrkPxNv
z+G#f0!F|^+8rvv6cyd_&U(Thuk_&BC-%E|N1=7jpANuR}e=aGJ$7QKP+Hx|jzMAU(
zVg5DedHm>Gm~|k!>xENeyfS)`%zw}HqVCCEbo@Rq>#%=c<WFrp6YB4#u_Y{aJQyA0
z7-9I;6rO!c!gr1%-8@beoE}O8yY$UH?pE5`ZGHlxYlKL`{{VJO{Qm%;{b_FJ`zg|-
z(~zupb2P<RahAX<^y^8>M|a=uZp-cjwbS~sa7P^Xwzo|&`)!?|Gb?`(C`cpdPwP}q
zov!$L0?waoS(vEC4BJ4@<AeC(tlT5m>zDeHl#(HA#xswU5JHtdO3u}u81#E9y*RQX
zTs(je`DEA`U(8Wa*-HL*UG+&Yj_Ssly=#vUUTIefrDTngDG2$a44jXrwNTRy)|R@3
zgD7bu0$~~DWI@9Zp;Mp2rqvZ<)NJ**&l!l^f!iQ+^dlqisI?ZF$|bptu|0*ymX3dl
zCK+7%j-r&?QgVBy{^$Kay1<r}3rQBoS+}!}Gc}#Wi8Zm#8a($0^8|OrRMY{{d_XTC
z0!w*`kumpKPu^eVD&DE8MP`<!8zqYIt@v%kh(i)^2d_VdYE1)6n^w_hg6oTI+pXOF
z<$mOQRNJ0j${Mw*^78(?hkGt(u_gTS+US<II$YvQMJ%kWp@0PB0uOPLKPsnvtl!6`
zY4X7F#3V)xV~Iu>G3mz~VyUBFcxzE;r;l_^!=dFRTIk`6Ox7)Yt9wY=5KO3xAx1~X
zA%|dnM-<}cR`HAFm91@hb_ZzLwRCfuRm9IN?c}n&lS6FfS=%HN^5^xc_If<m5q+lN
zg|(RLG@btd-5p7-dkgq1wKlUlY<6B?F|)fDAok99#&O!QH5a~?`QyELB%Kc3r?=30
zS1i<H1m&%-_xbfSS8q)XO<s5{G@DC3KYVb`rdKR}XXgN)%cW=N*7vtMlxt}2jtDIv
zINCerwQe-Cai&;Y-bwa2p^V2NkxuRjBLlucsuJq!35pFmGYza#E1aL6QVw#*`c+g`
zsHam!rI+=vqqUKxt$3b)x65yB96}hIZe&2ju;X_%XG_)A?$YM>REs}nkIVB^k-u^K
zxapoNGV@0_I-Iv*#C8&oKkW_BD|3PBbCHUbZz9w*>-{>?KQ7)VgpjHG%vG|?eaNkq
zTB@Uz-+M0ozC`lJl_XrX*KBU@3=0g&B=YZyX>k5rgasH;&|<Z&W6bv!#&|<rD=duC
z4a@T320HuxHO+WyP5%H$T|(gOjy$v~ddR?Mk6~Ds7c$)4NpT~SBevq+^ej}NNji${
zzfC`;9?dyf9fZ)w<!HKG8=5t_CCM1wu>8j#QfmBnYvx}qsVXfdc9@<^lB`eAZpY<K
zgUpf(JxGHk;#-AOI04IYNcA|+=Twr~TR1#TBPj~ywh}t$C;tFu71pm7n%neI)A2@I
z{{UWQb;Y^7@O7;0<)?w&z$YZ3Y#-MZwP3(lSw}Ot)Xk&$Am=zeKOO~F(jr)FG`Xgb
zBxWaxRE+tJBb*PQz(18j($D_@2{x8ya%MJ%b9<fjls(Q_^=d2f*VnO6Tdz`{iE7d5
zx~1f-%QHmr#t&S9mj0Eg4emTWZ$05>x0WP<x%q+Iz?}8y0sJaS6|RtGK-0r&>v0}2
z%dX(xpa!y*8E-rjZ5&Eit=0%0ha>rsN-5G@vF!ePf0*CBtL|zaF4JDsA)j%#xwI0J
zI*<kl{&eeGVQXz|rW=?WW@HRp1`=)zpDE|3^Q)o*CGuRztg>5{hBd}~#UlWpZ05Y?
zYl&yNdx;#GS+^GVr(UX|t5>^!cJJ{NBhGdj)~jn_buFyXODxVoX=5TbMb711^Sd6j
z>#be}(pOZmx6IK<%6FgjMY@s)2RP5;S-Q2Pnx>y?sUvT>@&TGL)PP9bKdnP!c66-?
zBxu$}yPSrNhYuQzAJo)JwAD!`q*}Um`@a&D7b@-+ek;6!>0We(L@W%1L<2DTj`Vn;
zF8<yw9o_9^0iZeIK^e!fsLqBir-ofU{M$KS1&`i`)HkL*Y1cZ~8l}?tVtWY)Lkn~v
zMgbm&isy2lvv92X=>Gt%(P=Jg#R=idpEBxAKI1amTq6S+Kg0$>9*2s8=SbfZU1_dv
zZO7hRe)2zNAJkTsm8QY=-|Y(tjPSyY<|03Ot+e5B-=5;R^pfh*>wIQNX9u=H%}kdq
zII4>K>-P<7C(39`Be#dF=2m5r-gk*u92^`s^UYn*wTtQX7~-B)nlO%7$bpCfPkyy7
zrKt$*t!%XmNUrWk^Cke4D#z}Rm%cjIg{_UPg^9X*0c>s%q=ISA5;ND|C(v_S(}caE
zaF*7-{{W9d8(g}r%6=Zby}Y}Tw?%Jh0y96BimQ?c8OP`NR#nLwuA^(G*#d3j{nT0S
z&&=oR)}N|sV*S%k(;zY0gN2SY!I1iqSLV~Md^w^Ug-qSe@;s`4)T!(}&#g;tapk?^
z9pC7`uQBZJ)rHKl-Rg~RD&tPlkmf({?c<-R#WPb|tyX&r79dOz%{F*g!*lomxTop*
ztT$G-(zS{`+QP2?05{7f)*O-R-1_2|Oft<BcM~>bzMRWEo{>k%9>X<yPfOpM^1k1a
z^3<JI$hg<+d_yLiZ5pa1Op-E>npO#c_zy~|%`SzYLmE08lRhM2$%`Nop!(np(rHVy
zYC7YwS)C<#7x}m5K&UjiAdf(r?)VuzyRGq~f6GVP{yd+hS37#QX71OL&{ntLX<fk`
zk=A^vkJ~O{X~0wWW61qZO;(=jT`Nn`!^g5o3i++yVz%JFu4>h^FF%M*qWeTr+a^N}
zBz9lB`c(@#W7I5eE_EZ7w7K)xWA9{RX#7B`lhyL*-R<a|+Y<9Hv~Wj$+6LjW;bf86
zc5-(w<Ol0fT3*3@b9*F*<gu9C!aY@2Za+n)$#{{*z9hnV(nKOu^phkp{{X&6>q=hJ
zNON)Wv^u1q<NL6Yllr&mPn%ocPt)xFA#dx?sR7grczyLmVlPRK2^$^Nw*&Z$RmsH9
ztZ27T$K=BzZeR~Wa?C#}u0&dE+UQdeBsV*}(!89re1v^4KRTY);zO_MR*u3ubc+DE
z`-A|Yhv!N+x>9=RzI*=wU+@O|qO{VDJ5QTZu$L)yaEt?TMgwkE{7qbz)&BstPN8n=
zg|=jMUa+^9mHa*HJ})m#(&N+h2)}o8aU#gw(`Z~U{7p<GYkwP<GJKhlVqw|WV5FqI
z+xJ>_ZtN|+yvRqH;x7-%5hGj3CJx(1Jma_d;C_`PGL1_|v9_C-<Wp`K^@?Tthw&U#
zHujHYeR*YVAtK@-J)@50PT)ShMM)g(7QX<B6?<(&M>9lvD|cb&K?Kys`Z;d&e}DD&
z+;7X&mr0mvR=1W{v4xc)5H#fVJFtL{P<z%+mpHS!lTN)RBr*aR{{YJ=6!3nXjT*M5
zlgmA|lpa)1Ig!{Lw2hO4>^%i-UwC%!Qqp0%kSNquKX{}5S`OL&0BaR1ny2vfaQs(q
z>&$vb;?m?Az5VTuwy{Xj$!jaCp?KA>r1OGDYN4%b8j5OHcEaJJj7UHcfVmyH9G)oB
z^;qq})3tbf+i-BcV&uYqo-1cjvbVamI*8Mj?mz;cDs#1zbYYH9xa&>xR)m}-=WTTE
zEh5rr=ihqxa^5ry&vSCj*yOg*03WSMXQM?7u(qhh42%SJs(*O-_5SFqw%VMx8b!o9
zbTQi8Tc0sfF_tKP_6f<)O2e@?GHOvwk;^=*AY*`7o@<_5iN)`?r~DGt+I<T;{p(Mv
zOA;|#dvoPQ7(6H(arst{hE3IsH#&@_L1z*YQ#?rBus^LPrKZ_w+LZS?guY;RGDU3}
z`J5B{N3f`Dbtlxd87-$P99IxEyhyw(dF65VfmW{y{L_B*^k0?yyoB|Imct*#I)hw!
z$hPs3z}pbc-%RzzZOf|J+G#M)aRjl?dA?1Nzau;r%XHvz^{g0l)YDh(nyO=IK2@>d
zr6bqTYE5E!bxk(L{jkz*cw8vxbCn;FrwX-U896(?&)0Bqi)z~)28(|NrM+yF+fN*O
zSh(C>K-#3Yx1~1f+TP~YINE5%wUnXJB4F(CfCp}bpXXU$XMGpLmoMgRySQYIMIB>P
zlaHwtm!QooTHU9V*e@VP_fmNum1^+~DATC5d;b8#etQ$iyphzmm2s_W7dHg`o(pjk
z0C~q!KSDnmhg!XwO%gklV;pxc7R6Kda1MF;;;vj-pR!)XZW+be%QKUW$j1d#j>Cib
z)>Zs6E{mXBNTfT-%ATVne~oQdnlX~{e|vxA$c>vpty#$*ifwKz$tGzAO7#w>4f<8T
z5i~Mr_kzKhw%umv4E4wI&MN5N1<dfQ*}0PGW@W~9M9vo<hyt@TSC&hiK~RmYdN+m{
z1rGhd{uD|nHwE_Z^3(db)6qV|84i`D=<1F`3!w9WamfJS{sy*K$1bNHpL3tI80B<v
z##M=25%d7(+OajI-=v$^<T67w;FdP-0bFD7D~i&)isSwgsBa^Um?fEYz|Kwx$L2*4
zZY`v=_kQo`3F@!vQMI;BN5l5E61j?aZXH#K$OTSFKAaQzR?H07S2N6)5Uh%?8nkX4
znEI;_JA<A*>pxglu+gujw_>kzBD{lw6L$;&^~gE;*Ds=7NolNGNR5oRMjon82&i?H
z3C0p#zsVG%&YMQr@gABkf{RH+D6Jk4fUFymO5=`s>rdA8iFE1lr^c%l(yYxZ4c=}>
zIvzf?kFDt@#_gnl`Igc-RAKxro>cqRjqTmHn;wmO#4*B%vVqJ}ZRGtuMP==3+EJUc
z($D(oV!30ZT9fE{{l)C9r^>O$@}n#gMuB!V39e@LJG*<yW4bOU2j|>!PriHB#h#ru
zk3Gfx#yq$pK1_;ova<pgY46uHR^L#9?%gc)K*dmED}@<&{g0@uYB^33g;!~7YyQ8E
zrAEoO9gDWI+UkBEWz^lnTSyW)z{y2n#(hRbWnJmFT5F`(4-P?&c+OS79@VKfnKh4x
zt~|0XQsQOXBp|TZ0XaUL@mcyTx`*3V-p*30=l6=kDYv;G@zRQl?lGFy+y4Mtg6h`9
z`n}b~rm)u*vb-jANlwF#SwTOoTZ>t`eFo~{bb>|`BB6Lx<ly9<IW)80T5B4+!yb|@
z4(*Z29IS+>;1k;wt8_HYA_a!x);}g9T@j=#@;MygeFv%ht9V9EQk-Y*>)zUs+Okb*
zR)XQrhrZpa$O<%}qKGI^+jD>b^*w!sW$4@PbsMc_<x8coX`9`<5A*3zg}(7NslwrU
z06yePSM@uY{5^ATWp55Gqg~CvrNJWvpXH9#Jp9(E@5>&&-+$}ScDK5>W2_{e=256Q
z2KM@IDklE`o=86X51`_oV6A(vUTaVP03MJR+mrY3qyRq(j_**7Gz&)4?L<OfG7`nN
z81iydeRJ2+rMu0ZoplNVBZeijjDLDY!#VoZrj@SmZGLvY`Thu6{(~cHjeAL&HB^Qq
zxm~IT5+n+8YW(xP&aT>248Ba(Ocj8~n8i3_`BrA72-18t6{K>0`e}dCFnfRw-@_ub
zqMqK;`%a5)>$|8UjzYuzT5ZNYq}9Q@^2zI^{{S675kBk8t1@N{BGXQhrH&h>M?IO>
z1fQoSr<K<K0A9S(8~0H8MNoFmLzet`s*$C}nc+*K8AQ@JV86tO-!6X~RgbmXST&xj
zAP+t4amG}Sx}yQx`BF`3eKv2?YX_j?s6lmQcYX*BVA4kb$MCQUzt*B{MQt>zeOflm
z_a-Quf7d+j{J<3NCf`qg>;h2zvwJ)L0Cb=Af5?7x(*!qT{t>`XJ-VYK`pMPD<WJ>I
zx%by^`+NQyK-1;=6ST3}>iTtr2xPOkjFO~dA=@MJz^J1hT>9)<gS2+jN~@4~1&JZQ
zEL4!+#ea8p!3#;Ji5}Rf>VbCS^TDcP?HZqiRZA(EBqay&NQu|--9wVzI_}rqYkyy;
zCEUMnEVdfOmX_>~3fhhRz+t%V9`!_t^gSL|jgna8xmH#qDJ*4AQCbT%yxO~2vVnDJ
z4j^DY`11K*u1;$!MT}}X73GBTmDwVgOLSH_1Mnx0#))ss7q7i<D<z;V@5qx>Mq8T=
zdfh;SY-P|MW5)n}4lz>dj^bHwAvn9UWszk60G_Zn-6z)>#WPJUC5@~SsoIYAS15Z2
zIaBx?(=_|R9-n^={kWDpNX#L_ZDI=#lk*w&sJeb!+WgY~zTy6anv79uo*K8gf*&SG
zi^w4dKPK!k9@*xd;oG&nQ5T)%Uq=H%ji0`qSMgK&R&AZ_?f$)P)^V(R2E>Sc#E-Z>
z-nDbY9v+uZnBLfi5a)3T)+7EEF_fS0;I5XB&&_{Y4Wzxs8h)vM)89cl#rBAxlLW-O
zw+~)9tV^9z`uGH%<;rL71BLvD713#W-L=?^+`|v{jAIEaoq|z}V7IP4c&PP@D@`D*
ziKF?EILgT+%tD_+2l&*~jHgSQGrH@);t8cIHL0JhTF-T?EuFM3;s}x?RUH5W`kK3@
zTG?rhaWs-G#r3=`C&+S<9>YD(O+~G0H+Oax_g3<3wV6W9k&JDSbp-YLW~=yq(tDG6
z3dH*-w`3A+`9pOXKZPaAtNW_$?fO`H@@izuJl7L6l1R@ZoRUsSHPwwm_rv}kh+J-K
zso41|C(Y$3$6wE<y=3pS(FyX|ZuJ4i{C@5e?fv8WQlOt%(cM(E*N{$R$5v&01Njgt
zDK|~Z&);kM`HohVyAoOJ_tzH!)!~XrZVtwVG})Z@%JZ7l)b+~?8{q_TOzmvoos1QC
z0e}w~z#LXeJU$)Ts#aY^h~7sl3ikv3ujNqcI&{}wBAOd@-RHlYt=KDk*(cMQ(N(Jo
zc24rT^S6;av2V!hAb2ixsP15B($qfq;d~$rqlM2y^K+VHYaBX*YO+kS%`LeANAoI`
zUzq2oZ`Qfb5i;7_*lD)%@3xLFGb8xelg&@zZTB#07B27hc_RY~GF6!E$ox9}E1_4t
zRZiNk&ct$iyvCN8(Aeo(WYei>u5KG>CxO3$Pp==&o@A5$5;$$HrDBoTu$$225_tar
zJt?}Sq|==>VTk!w_ezm6@(N*a*&ptjWYI}^;@wgx@wnNtDfA>L{<Tk<Hi}y{^V46*
zT0MPAdL6N`)HPUcS%sW&GRj9nJAOE&*6mvV09w<bg_zmN5(t=d3*7!yds3fvjdA2l
z=39$xg|Ut9uBuo7SwW`0{urlOO`RSUnr|)#v`CSN<s@Ruk@yOaXB&GSoBlg`6?cAN
zW0qF&E#<Tl;U3uxL#V*odVMoc>T*SSrCwfJ23c*c)VR)hUza2B$K_77j!SPCS;rv5
zwVH<dg~9&-&}h<aC63<q38HT<>gD5+j{y_|^K<S+U%e#b-OJ_M^Cv~Gp=M~}ZB|WI
z3DP+d-)6}U&|R11IXq(@%Aa#By{3|GWo4Gs$XLLba9O$Ap4e`4SRN{QA^R1Qvlt_U
zec^)42~tnxQD_Bj?6nOx=5H?D;}Qlxz`%}w#-ZXZRntpXf4_3MJ=G&uOV;%J`^LAD
zDN(K+h~D9sa|{(6WCK}OULn1Pf3qwxM+^sI!y<3nk9OxZ4x6XXYvL$kxLv<zZ#j=`
ztIk36sbqM(LZszm)R%?N0%hz!-u`uit5$UFdrI%h`xVO-FC$6y3*CRivi+PgT|(c#
zSorf4=cnb;xk#=ix0z&$MoAFmNIeZ}KcAy$@u4pb<;22LIx;Hc4E;$onX}gj-pOmI
z9tk{0G57xI{VO`IRUB^p^uMo}QM7N^y{TGR>W1EU<XA7RAz3i|B&VV0vB;`gJ-qgs
z(6hOT&|D+J>cglY{{UJ~5L(S^_Ba|R0t<Cg`1wn9I6m2{Iwqrc1)TRc5^uD(LL*rQ
zb0HW3Pf_?)zE@w~R%?IO;@6WyD&JMVvCL51x0VhzH_X40;<j}SR`N5aq%lGEiC{uc
zlBIzp;0`$LOQhOaYcew(A)}23UPPI(pFj_P#;s~vy{(4#irx{aFxm<>{{SUGz~`oM
z*i)w&Mw64Bmrefw0ZFGTTT#0G*Vrx6H<!%RWVcvY{{V0vSp7-k=qiP)O``aHu2D$1
zzipAWKI#tt08^Sx4?(!qr)#^A<^XpR$C*!{Kh}~>aoX}|H7i~4ZyRCG(+OS%-}B8m
zNw@7~?%zoN0H5{x0$*io+`fnVCdTR*&egYr_s`wuaezL68iLthLGb%rO%lBKGAWKX
z=Vk#Qk@)8oV)kFPc#G_h5~Z9hZk!MKYx3^ge-0|W<a25-VP`9Cl3n+A41a-7Psv4G
zw7)M+7v=qY*q523ZEr2crKf6FG6272Rm*ji$UF+E9E+;yjdOb-jvGs|?5oBTZUQgj
z0HwK*pBGqKLP>($BBFnEV<+^cPvu@|x7uxldzJ}fD#NUfSb~0?Dw|rR=ks=7<ST4m
zj7t6@)h;AMHL_cV0G<y4l}F@iovrVkq_(d+=Hk`mRR_C1HvU;Zl}~$hC9bEU+X)rm
zz*l7cHv5P2sM6NjQ9p+uW!$Ug8BcjZ86Sf2_*FLU()0V?s9iN3cc?{T)>m<#`2Lk=
zm=4MmDIb|?dHXzioL(Ph&AEsGM`<^12lC>hA7s{FU@DMll7c_lgbseZuj@#+QQjl?
zfNe>w;&|DA+vtb#KcyVkcfOye+Wbdv>+&B3%-WJ`cIy`TBQNBW)CM>!`cY>DclNq0
zGfYL?IGF<;8Zi8it^lgnmzdEb)a^q@adSEuh#Ut%dHhc`p>uBMU$ei$Y>E;cRB;=G
zEsxfO?)BGixx1(G6Z?v(G@9m{e{C$Nl8b<_yLE0!2v6sVk#z}db!|4r;vmtqF{oA?
z#^)m-)f?%cy71)JmdmnPE)dR&I9CAjJ&#&;r5U}_Y;{DCwbU^yOX|uS8T<(6>ru|q
zx_4<Oe(L2}b=Y-<z0QxU-B~M)+(b>gj*h_Pe~|=KGESCL$2?GPv(yG&-#FPKo_3zZ
z9+hWOV=cYJvAG5^m$uG3D;zNV8k=*gMHZc7cP)fw?b=CDZaY-)H{;(K#Y^RiaZbr<
zzWaZlt<WpINW4o6S!*e&+P4h(B!3Kx)Ec_?F8&{q^GcU)*?ieyz&m#jm=JqskyU&*
zZE>qD<aZ-|oWC=(brN<f?^GwYzwpMS9Z4up%J}(YUqk*Bxulb<lTnx8`;N)`y-{vW
zX7p$f+(KbT`$Hp?g-2jVZVgk?E+@R!;+pDbo61&{Z*20Qk^0v|X8K;S3quX8N|TUg
ziC=4@4ulSbdyiVnTevh$T_b%VE%4h~N0FSBJQ6!mIJ?4fo#Ur)O<AP1GHrC*y-D8S
z;y7|zN#!_E`1h?#scp3H4}qq;=HgP1G2ptW=N^M5sB3S3_V$A6W|0);EDRx2(11AU
zSE17;z3}WNVl7hMW-Rjp2F3%C>&;_LS;`Pv+jsqFQ+qeDjbjzv&E!$q7c=MODsi{p
zJ*%YGJV9|~GU@Rwax_S*G?Jig?SOmMJ;tF0t+QHbVU{-HTZR~UeZ7aZTfNh!)$U-w
zg900fgG(zMENq|#$?elLQ*wkQ8cy=k_Wr*Rm77jm7xYbHO+r>Wf~k(t8daHoUoVVw
z9DOP@@eZ2zOs3XvDnP0G!Wm=R_efs+^VXxXyS8_iMzSBcmKR?zj%AY^A7RG=sAxJ%
zUS7v6$IG{lKpBtmHh59*TPn3}7(w0jf7g*bvDLi}!fn>KaY-!jnH^R)XK;i^gOUO6
zSpJodcWSnJ3u%zKd8N8kk+FbD!Q<N)u5($tlJ{1)nnusgRegXw3hOkrYt0u=xty1p
z-+ROk0CGN61p4O~`c|>5tIkl0@Ao|!E-nc+Us)qvT6+sztcm4IBa@y10D<Z9{{T9{
zR63@Csg{wNPqj3$0(}NZ{Igniu+JZfFK=W<3niFhSYrnRkNkAjc7_CcL>IG5<--lj
z$miGP3K#LotDACmYfpRbzW)G;D@AqWTk!is9+hA(nU+I4eUvtRKbJK}L9>;$`^&4M
z!bn+^7V2a<$LX4%SCUlJbb%@5ZyXE^0HM?X2hz0^J;l|uFDUy=b2QAj#`yO#4ttO&
zj8l|j{FeFXhTW5W%>5$zNc=tanMsl>e>Gi6<m9e7>N=X8JiASQPnsRgZ*yp48R|e8
zAEqlZ!YLoZ+QqslW=V$w*o^-GD%!WTEd`QJ89u@zbYMAum*yDs<a0$QDMl;FKe_(^
zk`%0)D_UB?X=nCvaT8kI$kI2M;Ta<%<v2aT{#5OAQHM@{F6|A>)5W*s`Ald=8x7wi
zbgoNTnpyRGqcO`QjDP{a0N?>y?`-<thpgoiZoGqfDju>Z>^;R|u?|X9>8)1Z*X6lx
z7HP=QO;*zDNSf;2+1`6HkFr+e;BDSY_2aM7u_N(LpqCzNtPW2HbVDV5GuITlMDpoc
zW%cTS9i1Ui!>P_#AHY;|X=$i|ccm$1as-yy%S2D}UwY1UYR)lmdi6`!a+G45Ph#(h
z+UoK<Z9+34v6TY_&j{V}KdoozH_vaXMH8`WdxPam8R)?A{c6SbsM>y_miFakg5DLk
zksFkg8Qq`6o@#A7OtjQ>D|?+jZHkT_TX_%6fE@6Dh*Zk+ugwSVUse8IK(vLP#e3Zv
zIc1r&wlaBaM3(LTu`%iW;q<7W-rgO%jkhaW&W^d@uIz*Ss-^4PN2$#*SzwUJSY#Dp
z&2CSsNpGUUnv@aUO>%dXf0ewk_emq1=cPn>9HjQ&)63AObeB@5k*w-3sM*`J-f}dm
zF)D^2XPgtr;<PmD``h0Tv=9hlw@F!~Xrfgm0q$|0YR;EqZwv!dT{G<O(lIT;+5sG~
zByc?|Csx&<^8Wy{^r+S-N&V}_4rD%_q<=c-T-2bYIr-aNO!Sj!B0Xm1Zf;jkvOZ$@
ztnSPI04*eA{D(nZMZTFerN)@B%mjAGQgBaF*guX>@~S=@(2az!-Ce}S;!K23`Q$K8
zTioLnr)46Tbo+S+%^)ls^(`9=56d;thotZADrn!~W~{#=CoYjAH;E^TMU?wMO|x3C
z9m<`<@yYzD(irYF*dmG8Ph{KKSpDR2&OV$9g5Jg(iFE7NkRw_aM)e>uRsCwE;!i(_
zw9Q7{N(m(Lq{m{cLj&~y){at9yH~qU<)`HB_Y#u7$kV$kKC@=9&$?@O^PW6oDEw#K
zf%;W_Uh>%LRuJ7Y!6K0~a+C6g&nicu$6nP(!~x%2vAwh>ag)d_J36*8`qTVZZgm9`
zK&)l7lgpHP1^|QfsjE_4wJfzweE$HXii%fP4;35DKkQdl_YAvBN0mOOBR;%;Dz$$k
zdb}3)7eK`G+pOs@=L`l&+w{#BqA6~t)2~^jwl>0O_KcNe`CA_RXB7srWwtTgsvr25
z%8eQR^h}^1)PA(5qnx@sU4DOnEo{1zPV(C{YzE<Gk<AmYNh8`8KtG*ZmS|*o%rXA@
z*}T?_f6GYNa!1sDqN>S$w*Di6*~n`fxL3*tqLMH%_38N3_SP~-e{U>u0QSsaU{CtU
zPb>J3=xa#bwxizP*Y&a`?Wjp`E;R|PBw!k4S?uN=@yPs+e+p#Uk++WC;%JB2vSGT9
zAL?JZ`f`5^RLgG^me5NyZya#R=ElwPv?HkpJ%I#$2%_EM)DqysEw#^_q&#8xU_R+1
zs5s#M6<+s!Uf-Yf<Sho~duXP#gKNx+B(^Qcnlbz*+-Dz^RZF<mMb>Rc`ZS~^<Xz)$
z@BKwRZfvEJJ6mh$743i#Zf;e_U{BrzaB9TgWU#oJd73MBx=p4zALNz2NbQb6Jvph}
zT|F1!{cYyF#zi9~&D&VY!VAT3I?{C<Ke+rjBfUeZymwl7H+Gm<PRZ2=&jIY}dy26x
zp08lB6?s+`4{bCg7mOaj_s8lg!aK>SZ6PL%C`Oht4><Xi)O7V8l-yfQKEKw!o%*1?
zwMHsSFq+;uCI;<BZ0`R6hT%WB-~D=;OJdI2u9Ai;xQ;Gu4;l3s{{T6sY8pf$#_rlP
z<N+Xf7G?^e{{Yxy*pA(eO=AV!&9Iv1Hka@XrelJ#r~6%qtdu3q$tC@I_x0UwQ)<^m
zJ(1ob>Y6P70A;yzwn&fMX8!5y59n#}YVxh5toGhavA_Ckae}S^;7GsLqj;^M)us@B
z>82z}Z8^ku2v1aQne?VldnSi|u;0XPZCOZ$Q}@Cis!xBRsOE9iyL5f8-^=>-9j~EB
zQj*)x5$aHRf<d|~>tGbR`jOE4)YevZx0W(k4MyH*Pt5~9QR0709>?0O{{Uh%ut{RB
zlUg|Qtz-u+2|WQFcADfRiby7Sq*AgYVS(&La@BIBE@?*T{{U9MUsFihO39nn8g$w{
z`rO}K+uNdKI&TinJFd~|Ry<AvY1Zths}yq>;MzDblv1@q`CC@8x4(%?+=dWL6lAl1
z3w|T{Ri6+?G#W0KZ7hn-5M^)<cCg1EfZ~g#N^y$!bZh5t>*OD4H@M5Ai@gE+`B8q2
zN#mr>uH*aA59?04T;Aw0cM(PUwKvCZ2CX6f<O4scr&IV-^^fE=@h_S3T!Rw0^kYq@
zNOLQnRy5lBBZMfTiU260iU260iU260iU9RLg%=^T{X*M3$12H>Vln>!ve&rykeiJQ
zNxoiip-J~3e}#P2@Z(b!9w=BGfgRcyx#_#8{#g8L>0KNRU&7ZqZgV^bbYt}&u1Diu
zJ$i53)TjK)>(w1Fm$;u|mZNYjd`WAl{{YK5Rw?uBM?c8b$z`8J({9v+o*8ZeLXwTh
zP>sZou0>~TI*x&`5A>}(oUd~k{{RD4EN6o6!;(dMlFYW!gOqGEXnT)QpXXe$lje5P
z>9zX*0A5CoY3MUcz889gaL1=u#0lK;d0UF8<eo_#DUGeI#=0)9+E%oQi$?<V<L>d(
z(AAwb9WE<t`Qg5um&n-JgA9R)865NJ_|*iv(ydqvTNk*KI1h5%5BLcFwJpvtjpV!k
z0G7dI+p;<fX&!Ah;{MXs8&;jjTZtPiqxhV${D2jXFJgk=L#7tGzLf1Zl8l_6?gP{6
zYA+JrOD?GP`|%V2C`I9N2PYp~)Ser%lg*y_u@XZQd2>m^2RsgavsEgNbrm@D>-n|O
z2}LOLGA&-^{Mhu{S9e%W9n_r5Df`FY(y!QQ@o5&*YIn{a>J<ec&UUfsyWiTVKA~%-
zt4F2gOM)=>k`901Be&PBPHe8O^m{9KL2o(U;%OM*4t9da@HH`M&B<#ew`I|KjqPob
zmiHIhoxqKynrC+5HxtjWt&KwNO%qH_78b<pH{3|4x&9IOVxofL*1~wKwC3|AmDMJ@
z#t8)S6VQ9q+MTt%zNvM6sjza=6AiMTna5(svfxsTT7;T@_RaK5*ZT4sX|%1O9*1bw
zaLcY-C+=WUVpIHVcprx~o(1N;sk1TNB!?`=?xOnp0b3SE>sr&bHl5ZOh>L5Hh|v_1
zK>7-x*Rg{hou#AsF5pWhK6#FRLG47N9!RgVzngcr_1F`4eaSpSF}E>k5H?`8L7aaZ
zk&;j6Qwb;V_JOcwJKN*CJqjTHywtj<*>ufX=JIlv7mVb?0OeyHnZ5n0Jx<o+Q`I9`
zA8c0k@%i(=M9AEK9(q=iQjDb~@oc=8{5RZ6X{5Rrd_Aa`w0oPaM&Pu5a7f-vx!r(I
zxf~8Xs?0X_(_d+~cNd91*qER|NOlC4VoyLnoniQjXa%O7YiflcSWJo!Q<H#CxyFAQ
zyWw#6dS&gjj1oA;5>h!$+1>bHR<!E->VwwH@!Xk5M>1&c&5nh6t2qAvNxqc%S?oE-
z<;nc2?1=K}T1B2WG!P4kLH;HSh0o$DE2tv6h66mYi%WZtk~o|`^}q-QJ#c!`-A-Ul
zYgJw(1Y1IVF@SOSpVGG0D$iwa!tKACCx7eYOLx6=Sm26(HD)Vp8y|hkkjLr4t5ZuQ
zwT;cwM!7*Kjr*)%e7~6h)jdAhk_{HtKtPEe;q%+m^=gU>i8U=c=0lygcgqqFL<E09
zR;Bmb@>l%bg=13LWwW%ymD>zzKs`c)`H1?SDjNx-w}VcGMGZ9e{$pph-=F!P(yHBD
z$vx({S3X=&rMi7jU(}kp{hcFfk1~<v$7l9<PI%qUe=Jq0HrFRjKOgu6+f7KUEo68!
znf4Y)QRH9`R%`+K5^A2Yt4pNKZ((c{$s-q$h{z$BoM8QHKUmb7Eke^yx5}lvMzR$@
z>lk2uLY;U8*Nvok2kxyvk+c2OT>k(%=ACbK!k&)lU*)glXrry<T9)p4yk#^^Ar@$u
zmN(@#1<By?)~R0THrH2|OQy(Sn%%JQ$Z$Q1x4)sOHHqR&88ryV^R+0^LXY79eE$Hb
z0-NFol07!p5V}o#5$8UoQ~*D%XH~_ibL(w>{jK;iqkSw<8kVo5$RN8$k}>}PEUp)F
zpP@g}wk<qOrpd7+gj&YDn8ZrT52}&KKZQ$sbEpk6+BhSM=H&v5xL9u^AOXj3e0Qiu
zm#1Iet*6)-Ckva2ZQBvX-kjuqRN|__R;Mfa{#X3O+*-RtOBA=dicM$Y2;}nHD3cNh
z_Qyk3ZoDsPHN>;3&$uq;f+X4)_u9?ID<1Dh(xSL%V%AVPo<xzH5BLz`rA-@Jh82>^
z@nng<;fmt`{Q<>7*6MWc=<ohxUQWc8_m`IQeVX4zc&!dnScGJ|gU2oFQQi1yEaYp8
zi=h>cK?ID+&pUDJN-sQ1r=b%?G_iLQCh_@>e_D>)#1{6(K>AF7y%>=eRtn!$ITa1k
zYSl0ER=3^L?j5DPNws_9f2GB7W?603!dxi>docT~#C6COLtBDtj}XlqF|>~^(yF65
z1x0M>a_KV1BH3FXGGVrBX(z^4{h#k2#2Q}|&2?aq3sSJdDr{nlhB)X6JoLvEb!qd`
zbtLb#?eqTtKafS*T&Wc<qirX{4R0LE@=HF+_8u3E?a$%OH^X=G&VRFHxpm8|kmb%Y
zrzJjwcB%*F@TmU)X7iu>=Ckd*&$UJ60%YDch3lO0T<)`tNVT=L@-*eVT4!4%O>d*?
z&ZLPYxqYL#P~a2)0FPBm)-B*W5=TCE-1`Fftvy#%u!B|dFC(2c#8vhHRl|;QKE3^_
zp0N}E0AbB<6ku7v@f&srA=K{4&#p~&RY`Lwy^~+B`ItufTs7B_4FpG>+ZBdAep=AE
zv}wFUdhyHUiLF8N0mjk@1n1in+lgVdWS3HpY*u9rvk$z@uw((;1I<)>)VlDc@Uo6`
z<*-(kOl~2Yb9C+3k9xPtr7maZZn`UeI)c5GzpI#<wzECvqGXDBJeZhyAh%3(Z>j5A
zI_;FYnp^4+5hU$wk2EXyfd23u$6DqqV^^MAd!0Suk)x3;;=?Jy9B2C1of@ujo2jkr
zY~yCEHp?sF{Ydo7#G~tyf2C^NT|zXtH2qRnOPSC+%!&&tkGLPXtxY{1^Fog1_SzYp
zn9KhFJohl+OJk2*lUY}~o{ej$eWfiv*LF_lK5;RtdlEVPv0Z-6Ql^`hjdi}-y}o9A
z+|OXN&}Y*3UljXXk>K0M2qz@;W*tBtl^iK?tj*-=I#k9}{{Sx$FP6jo?C@&1*CdkZ
zrnJ)I`$HV>V)C|s6H_<*B^SqeHwZn*h!5pZojY>VO|HpZKfHF9?9_w9!on+qXFvL1
z-4o7?s~VoWPBEW)ucy2^W0cf2xaW;}Tc|Rr{KxXDE1+sO(ruqng`fMTV<8`a&0PNg
zggzT_y5{aj^;qKyKkueEtzxQZ>C?5lztES<w4^2HiEK7)ODJxgIE={%R6*zmC;3)l
z&8_RF%8Sfs`fZGCjen(d5b1hFj7vMg8)V@(F`3-|0J5Wx=Tls27ckoS(~q%QgS8-!
z25C>H953O`IZ~Xpt35j})&BsW$P|+JP|Y905Ly+U`IdRRC-4LPYo?8nzTpG`+w%UE
z$lcy*5yuwr68iJ^a6-TG!4FgZ@%5p#DJ_nu(E?+#Hqj{dRyq9nu9{V;QCzT%m;46*
z08hluQIxf8hsAmqmhGupt_E{5uVek{i%QlS<~ybPG%bDP?pX-Wnoxo=JCWBu)zI8(
zXc|daW;mE6;~ipgm2bm8&bduzOOr{wTl)th4cS&xlNt2-9@Wi=il;YLmfctCzY|D4
zWy>Pok{j$1-O9v=ovvqd+(tMb_tB-($hOh1?p;UPF5r@8W7%_nKN3&nRo?RJS<oIB
z0xZ!<zF1*hzG9!^$JeeZ&Z!$)=~2hg?xTVThkdG`lm7sH8i=%`%^gx(`M>M&8(P_w
zp!4+q00zw}w$pboP&<U=XYs+SA8wCN)3ohF0Np$*0)js3D;>x27!<m?nXOvVFS>6M
z-XZLZkLFEB;s}!Ew98v{0ae=FG2a9(X*<C_U$T;3x8M5i3eD@(xFEOFFXVz%1nP3K
z5B4KD!TeZ{%BtGiM`>ibJ;H%;ejSNF!bcJQp#F6ZzX_AX7BSn%NND3o+tUP(=}E3E
zt>XChK1;k_Qx4rR`qP}0Te8{P<oEu(!7JNRacqZ7i$Y`q>PSt(lhjGnFXE!ETiinW
z-}Xe@rKpXdBeSCO`SbZz9ZD$=j$k4}eAy#pVd?%ssSyRYjaqn)<dQd@GwYNm`O{6t
zR!eCp{J*czO<jDhL!&juqhqVs?)&4+K!3bjr{jT6(p4_JIBX?R``d;^WBf0-EBvwe
z(x>`9rKrho@`>$5+(3O*{{Y6NjTN<P%ScEKERkMYk5l)E{E7UjL0Z?<>b-aVzGHoU
z@s_IBx>{rst!pK$qx-IzWGC>bVAUEA4J+P36~<)|!XzJfFFg8znwl4%O1{=_4pP`N
zsw0n<S108j{p%(azVRLWaT1|WW940`68$PAHybGYPU_!>`Hd^@u`ZcmbK*@^=D1_!
z=XB5LKe{W?qK+$g7C692k#L}N09GUqZD9mDb(sMe86=RNe6jbO{dx+D>r^*45W^Y}
zuW2m7ar`6@r}7`IcVUz;@ol@w?qfU6`5PCuR+^Lz1<EUcaqg!bjd8c$6x4M2O!{<>
zDh@`&wnhH{AHuCJr6GdO>Qchq?mr@S2b7Uc1O0j$y0@BycdKPQ%N5=~buk%=;C2Ld
zKH{dQv9GL_z1N<@k2E%B1;2>yV3W$#En~U^kKZ8Pzlk5twg$haUP9pBNog_rlKBI2
z`w}ye`BkYIZzS?H8+f9SoG6)h#{U5BxWOMoRAlhxn>4K$NiC!Y2g#I52jG5h(y~#n
z6==(udFcNDuTq<X-B>iuHRowenw&TGvkXd`nVk9%I)W+*ygzNHLH3ljy3{#1Ol%AO
z@cY!uzX!=`zHE2#?Hq=Y3S;r-6<u`y01zVP+U=)N-V2c5rfWAB70Wt${pBZpREt*s
z0BzQxYYV$4h9A8H#}QS8j>p=o!D$bNE|Posx6gyN-X3=Y$IMR{$7)ISZDJ@yI-QrF
z82<pC(GmKLQVn-bp4BYww4>xH;H>17{{VM9{u!uqr*zx*md)StMOt4kBGL0(#9$W<
zZ!NR^muSL-C~yF*8yz-#`3~G9Da?~U3WMC&XQnNT-)BoGgs{R(MJbe)jgL^v!2t8>
zE0^&F&EUV9%2x{nPIg3#wQ<<sQHZA)!BmsFyW7s)dkPY5*%SDd>C*Dr+6i09w}m{S
zI6RKOUX`H*)S9M&b2HA(EEbInsLh=62yes!57M!9{%>G!?^{H3{{R82UJw!;Xn>`n
zF));4jC=kyFsR-k!=$wT057<0E=2nmb^Z31+9W7{)Q^}B&NiRxR<!^Jk1PNmFO~*B
z@2ZC1P}4OjN;1v%hMVmX#VY{5U>|pPq2ip&b1#WB%Za05H`z-#$03IQ0RFXfJ2%Z2
zbliUp2-`>IKTnXK8){q5BPhz*>5c%VS{BkYZ?rt6KF=)36F=)5;3z)aXYi(7-dNj0
z&3v;*e{_gvNJu0FJZJl)@J(0oWY2R3pE^d-!7OG>f3$fy_oXSQLQ+ocUH$L$&=R{#
z`p~DL>UTrLFv%pXBTnKuHyq?2@T&T*l=gBo(H}b1*zA>h4`b+Qni$TxWyXJczs{X)
zeR&3=>1iST^qWc%xnC!^HN>Q)Nh$Y#p|!0&3;4Sap~Yy$E(|1sI|9eAwgp(fTOE4s
zZEYs<XNNJyg@1P^az;MyIj!sHZLL3hJTS%#UQ0|QDY86tQO`Ng0CcWxb-gmcO$~;e
z?2o~jrYg)mIOGq;yDCC7z1hiG@4rRU{LEt9wMd`rx4s{<RI|5vt|q~nRZZxl`-9is
zi+vs~VmF#w3AFc7mXQbU$@Wvv<yCF9Z9u6_D^6H<bumU<{%17vW#U<ZX=ausJxr5?
z{<WHLm6D5+?QK5&%ClR$GeYl1k_|p6tgj-pwg-HYOj<b|y-ytnVNQosv9q+>bE+-n
z!r-fzckKET)cccEVDOFI;PWKEg@<-hWc_>9gz&YDGAhkHvavW^;xK-h$v=RtlC6Gd
zLf)_RC*9e*l`niv36Q;oj7c#$Hxfj<$@TWAVbZm&eo-v#CzgMXVnUCg{{RZ;k{v%y
zlghEv<DThyg*$?Kv$slY*V=%*TUgy^zhTO!5nB&a{p0na(Q<#jmHd|9@c#gab6ep?
zhLxe&Xvvks&TtH`*C(*_tvO?g>fPdzL&YNDf#^Z5NMFjA6S6sbeKi@HL;nCRW?_t<
z#GF-|4NhBkwvB@^eK}<d-I+-z@gp_aO1&tqM6AEB*Fz~nPg|V+p=Wd9tzBh+?uoKv
zW*H2<)YY5KMW*oFCdvrljL6W;6C|!qKnJijy>TV3p%d8L{Lsptb-bPSpHFo?y(^J(
zd*S=ZAo(6S061mc9IM#ZomxJ{zE|!)!}|P<;`z7T8ybvnZ)GG1FkND^fqij?WB8IP
zEpZVvn=L-sau#-ta5;7W0)OwKYIYN9I`*4>36jmW?ErBb0m`3FMMiNJt8WwGj-71t
zN&f&{4qN$=S2UWHwt6p3{{XK+Ei4+W(^zVHEuQVkZn3f3{7sx6<x@-KeX{F8wE>n$
z<YqYKrTf5s0AiyGKephWf0$U=B#oZ$jz3nVvV~j6H#51~kTGI?+X@HfY3k+b?eez2
zm*6g+A(s}>-B`YlY6DGT(U8OV*^VFeBl4xXwue{?XKV&+CRj2*iZg&u{qzs#Q21^c
zzu_RgB0{AR)UobK!2N1J3M8jhyHO^?<g&9LQa~TAL|UIJYvQ{3Ex)fJy)UlDkT&|3
zpt_t&sw`R7P&=Z6Q2v;zZ+f@h8@s)1{jUjcDFdqR$UoEYsC+YT<{e52T%dTolm7D@
z57ws8QGc?o?IltEk#Hb6>~^+4P$|Yznq4`RzWu+im^7El#9Erqf8lL9`OfBtazCy&
zU?2Q+Rn1aWacO>t1h!sFwm*tC0RDs#_|#fxGU;}<ZTDn17S25wfXn)dEXUh)NoG^H
z#bWmIr+vynLyxBvFL`OZOYckm3j9N1nz~7EXtTn^HND>Jc?Wpp8-_m`U29m9)#HUN
zppNtG;bfIZG4AAr9lHLt6Y3XQK8I^=`%S~SkrGr4Vouy1hdDJKi={TDaN35T%wP|a
zPgz^gR7z5mxhd}Le<7rjytYP%g!CQ7bt|R$LH)`%bN%n|uGFv{d)6t`m(6BH9$X9{
zjaQ?}dk<wF*0V2li9w#}0VxIgApZb#DFlB%&b=B^rG}@=AM4D<N>wFxYU;WLmav{-
z!cIn3RPH-x)K?)snXTv&7lGyS{{X)UB~R3UjcrFQ+F#A5M<`2(NtV%@q>-L>A8+uf
z?R6{Lfg!h1=EQM5l+CoSx;Lk>tSZKpSIuV`cVE~15~Af5ZPAZs;+WT)yHr{GT*DIX
z{6VXCnuU&`Y^iCieTqUb$>o^UzPRc6)yK86)c2WfqG^<7NTyR1tM8TSKMJBeD`R*w
zZ#>YG(>rBf%}?{J`EeHIO-VnK{=Q{i7rw-!L;FsYkltLZ+Yjz1fmzCf)HfX}mCcdR
z<pR@9n&NNZxR`HWs;K_7$-FanV<7Ui7!i-%EaoD9hLA(zdr~BhN#p~eNd$oY9M*Ev
zdTlk;YBlOjHkEm=+a<)1v=_;Qb12%fj>LP8^zAZBI|h?XhU3n=kmV(0{oHbag}^-L
zwrY&})yb7xQqvMiRPf|HOg|86ajNM0rQ$vHquWRZ1gjxAJ-2cC(o?6+%@^-^-(SMX
zj?%TB#YsHp&@Tk#jLCSWP2F-q9R4*whcvfa>wDXi<i;B?t96yJ*m`@{NMrMCZth^U
zh+Hym-Mh_M3jNj{iR;@ru1`t4xV!NkthX~Xj?Ij>(Dd}8bfZe79JTHDf|Hb8isM+i
zk63H*BX2TglpF>b>GZCmSOv|_l{(C2h3+JrI~<U>4TJQ-ABAx;jk37(Vk@Z8u0^MX
zu4TH4M}Wz(cAO9xVX;}^YBwoHdvEt^_>Qb>lSREf-Mo8xACSmE`VFLiAyvFS#9R1*
z`m(M^vH9xdjn%C3$9JZzlH3Cn6Bi&bj1iW=>zn{hR??%mw{1_!hs@o0BV{}SpEm5C
z!v?yS#TK3Qll#%1NAfFLM%O+ExQw5fCf^wL1ZVlxuMl6&roh(mT)3Lxt6^LHS_K2}
zB-EC=j*||jYh`FBl~Xq03~W1(EPJ2+wR4*Bl<T*ia3Q?YfPcH&^u=RVe$J1&?(|xD
zU;OM`Rpqa#p`y9I(KQV|;&B`!YooXDv2Wx~D>gd|n_Xhw+IY%HWl%j2Jx8dibnY}w
zS-WhEf8+I|;ai)_o8+}6W`ZR$1(iYAM@$~0oK`VPr?ZT={{Vu^caJkfmbXm~ud7{3
zLuv6y%_1<!XV1z9zI)Yw?0EIdhr6-6`Caoe%rMd9`t&ugsjii416$t3<;1RJRElH1
zS3OA`ho((p&EgA5Eu*!INI?u|Du!ktpHc=gezm<t2>X><Yks%C-J&y%-myiitBcD*
zwlV2XCY>1D<;@W$L;dXbKT4h-3|dTKxsp4pRc7V}UF7~FkUpZRE&l+BF5(ec+dL5V
z5XH29XZ&fcrt7i{U0(=P_L}Gq&>B~ao%vjsri<s;c5AJR_ttlI*Wzh4duu3^1dce}
zvZy)@xaOyqU(&7AD#|X2U9ypG154~lz{lZK;_zIof=TaHRP*viSfAxqZTvZ<q^zzU
zQll;BOb`L;Lh=XK6|`0%KXxf!yTA4K5ZpSunG*Pd=4pJbGS(|KZUVs=-rtB7Yftc{
z_58nR)MR*(xjW8eZ}9wUZV6UD-DviZEPusv>$L~2JGbXmmiB9<n56D(A<4PBBL-Z5
z3J$}!6qOjZoo40bvi`pT^E-R0$3bOjX{SQA_R6uYGw$88PkM`4(qh%@OfQ9ya~uBv
zbpHT_bCK#7FCDD%F4n%ij3N$;5-`9YjcQuzer$8WDJhHDAm9DMNhp6lE4DSMPCm`8
zANBcaWZ@+Fjy?;iw3%kIytY|l-V4PiW*rzF#<uQelJmtD;naPSHTz6Tqlfu-Wcr-(
z_*D9>oO<=H@D?pb0%Kv>n12cS^%akz>r>d?LuqxiM2t{0iSt9AI6j%}UTwXUl{r6k
zwP*S>e~DdgTX=+*wvgTY%V`tcT!Y=1?!o^6$3;r<Nq^&*$in#^Te<8o2OpWmCYh$(
z`I?em=W{$v^0DEg+*yb|pD3l$<}*&$f5mxxIrK#N&-DDN;;+lhw|D!r{{Sz%m)68K
za*a<{)uO$VY%(F-NARjJBlHzAv|8=FcTxq8-o|z;qm8j`1P{{`%^)IJUrxXoFGRsl
zqNpVPrmI<7`F;?-lX((OLjmfjz#r7q#k(u(bld#b_2xHg=v!kQ?d86_$QBsjX&pyR
z=x_()m7#V+dnbsM0g0{r)n49d`AGcpRU(d6@GQ(50j>k>{{Ux!{OJ}cTfoeBe4>5f
zf7uuZ^)z!m?X9`KVQ=y+%ELyrpHj5Pmw7B^5&q9C%lcxX)h<%X<4KcG%EgA6GC#iD
zkLgiQZ|3+i*|(D<G8uON0I*Kq=Zc$EMVrI+xBy9M3{q$Pm&iY;6iLgKrKX9mzVG_-
z1#9Y9xPh%abriV;ZV6;Q_#+>fsC=|-LSY6Gbt`hwfyUW^&Oh&=`qa9$!3_69mbAKx
zbU*Amf=A{mEmp?i?d?sT=ihYlTa@gK6^GLYHB(k{<yY4K0Dhn6_z85l=;XME#PGTz
zgu96)ofvR1GRN4039Ow%Q+-NSwY9fM;(3egk2#Tv>V0a~xvktubuF9{BPd0Q<y0G_
zz~`S#=cQ<9dVCr*Cs4iv&s5$J{{YJ+JwM<_pcR`=tlc<0F7C?sS2J3hULDZWNVUs=
zZlnOn-k!p>+2bc+AnrSGd-0rpRflz}J+7T}&Og!?A2IR&04&+g5r5C6P?qZITbqkW
zva<_lt|9*beL&CVKb3lFtvWGKg8sGqbo<OXWhZt^t9U*et<%`D!y)9xe&PChS3GWY
zy$OVKi9DcjvQfS^{-2d@CaG}NU)m9?NoOI&#7J=PKXy~;-xX=D?)-&$2)ne9WL&@j
zIR5}{Gr{~Tl62`!^V7UvmfzR(%@m}SrKz21;)@a$WwuLDNHQuytdIPNKb<n@E~j>;
z%ftax9m^b~rqk`f2CZCaT5ZBCuLZj#pLT0`e4>4}x67Z#pp(IoNQLdL<zMz?kDts`
z${2|*R+N{mzsU_aCw+@Iej9@Jb(Uv!xGB0(1ZQNe>ZI@qtkt=_(=G%$c9A4IPtIgQ
z?;!Li)9Fx+A5yk*mU@gOfx$$$*x!-GNG9<<os!Eui`+8#fd2qG&Qe$A<Z*r0qf4dk
z7oHl+8__4(Y}t3nvje^_Y<Kpj-CiZ$g(P}wI5wb1GdLb(k#;#9f$deH@dDdiw9;vD
ziHO6Mk&|%l2ssDxtJ+=WlJmUw*4|a)WPP4Vw#MM~0OKElr58!IskE=Y_xWk~4f8Gf
z89K^5(rM;3EM&BdC<7$*6{Bwqx*mgm{%9AH1Xn@HiB5X^^{e{#ou+A4(%2{2loEvP
z%c7oflae{lO6RQD$)ReSiDumsl20d-Q#h(sTKiUimqDk^A20YMx)z}#NhO4r5=RZn
z6jQw68?pBEKU(OL2ZvDCC;tGJh7lZo?d9hK@~#MHJaw+-`&5F(bi}@nbd*N3GbRpB
zHju#e;+_(saQENC`rUq_sU39cX4$bm0>1~eqX+8AMxx9-6{cgWKO}n=$MdU~2*233
zaM(wi2DdXTna=0lq=V={7{|3bFpH$x$A2071a|2z@^F03#DyNDgNoCU+m`<TX4m=t
zMBlHOV&VxV)-=hK{_(AzH}+te!T$ihtDV=iNv4@>qq>qvEz}`x$M=jnvGwM+Ej1`_
zEp=6~N#1RZD0jdhu*MV)oB{b)5n1Bur5|zpU+~|dRO7C_4x;+rZEr}hxDKy)k+Aan
z$e{Her`of0g=o`LXHvT@STG}@Bnn&iXtbRjk&3uU7!Ytr&Hn(_u8Ttw>bgYoU&faT
z?Xa9}cU9*Z7|%GR2&%PL^IP;Ae6jNX0D@;*UL~%B99ok(H$cY|ARc6KcR4+Y?M<`r
z-o_WD{?}@&=0uSK9$!I&)841mZ?t&sQhBXJ_ltq#r1^~i=rfFd0;x@}i<_@HEiNNB
zMK0|7eE=N?<y9w1G^W$G+u!G>;3dq~i*jQ%?x%C*YI;PHmOmp#g&hZ`dJ*-lD^CqW
zWi!bPjQ0w;h))^W8TBM&5-TyJ@kXJB3vn8bfB_gE%9;I%s@=#Vxzr-ue}S$yx8yTU
zFI)0CKJP(3*RgKY9X9E{->=5VPUeXTeaGlV1xb10JuoXqma*L+B*!0+6%hLK)czE~
z;KYS@T;4l>vlL&{oDasWTj=^dtR~_}<0uXT%P*Ko^a{Ka_?pr&#3jm-it~5>05LZW
z_b`97HH}@27OKk^{PMS5iaxmhwYQ}BHDfC_q~VToB2&lWd)3)5r%P6lBI(u<{{RtD
z=D)CBi=TR@KBapNqF%`vjJfjc?McbW{x<bL<4!cGLG#saPw@M{tMn6;nzVE}v}n~t
zafML10Y?C0xt|s2KWaw5wO`*L{o)Vf9=}mgo2lTE=GYQswA0CU{{W_pLoxj8QMG?E
zCAf_~bctu%{rJz{1Kbh(tE!~w*Mp}uZ|n3kQIs9g&FDI}opBYd#k?|2<uox${c(;I
z`i|87H7+lf_F1#%+)j|l-8LZ0KhR)eo3Cj|js2;nx9*z~GN<t8qYrQ7XtmVtwOuau
z$ypZhz;IDQw7`Afeeqs=Ta3M(O>KL5=x*%SG)vl4k+z|Cs;~vFBy@*A!iu>k^a8W=
zU$j~1x~8O!w6g4v*EtzKhHAl9vGCk;ND3dayb7m-z1;5nfTrF50Hf$v7Q=;#+6exx
z?Y+OHR;tbJlYch9;lwu1<|}UwTj~;g*A~wtP$?Ptn+HFKCaswv)2{yjw&V(a*dr0C
z{{UzL=koq_S6Yc+@bnfaqjj{(j7N4Uxc;W0@g={JWu`!mTgr^Y!~L<0{{T8tl&Qu4
z0Cg|FZ|l%$CjD+(wzq>smT2x&6}_C>u6sq@zcN26ZMCd=b)WWC*a7e5bliW3ZwP<y
zs;lC-<w@)n<lna3CV$!o2lc5uQ4HVOI(s~Yi$bZNMhBngM4E>(OX0WUzxC!Nt+n6u
zEUP88&7OmHKXW7?NI$zFC4v4!@uI@wTaOazwuSabI>;M8!a%@3l^U!HJYQpQtXXAs
z1fTCI+JBIt!pY(&?qm5y^}MKY{qPE()C#>+t=d-kZTkKq>FS6yHCua4O3vv9-!&qa
zKf(zspTOd$(;{&kc8)hSr1D!#zOl*Q>6(a@p71NML#kOQB=7{I{{XJPtxvY%)5RAT
z%vw8mp;x$Ua8AMU`;uuvD5&;M-!1<D$^GMc+^44A$!Vi%3w07tZwc~a58a97LG<G_
zMi_4VNvfg%sGtGzj4Vh!1xEKb+V#|S$cv4{tWl^{T=ggXO?B3329IeSjhPR1aNA73
z-Xrff(MD@JQTEnN`-}1N9G@n=S-WLt1&yj(+o)L3V0)ia?@4hDt@I59%92LF5)Z#a
zSrY2O?lkBiAG?xv3V*zaF`v)*Ry=x?(dqDBvKNXMYg?rCPO5(l*QqQ`IIdK*{{V*n
z05hFalhkgd;Om=d4Ek(^)EtB@hhL%ZR3g`J?4|NG7zN6&Sng9SK7`i$UESKv6}83I
z)sy}`uW^-e*<5t|YFVXuAIa3=jy`Z5lgxpS*Qy`JxTQuH=AztR;r)IcjZ~ejElQAh
zi%gvgJg;r?;xpu_F?|RfKMIP%%4?hRG<wVz(J(0_a+b>>>NeDqczaEjQyW6i$=5JV
zynS}JIQnL)+;}mekIjnsZR?jpxccKXNmq7qij})Ne_wFZheu*ryfbNTB)N_oyQEg)
z+zo_%N#u{9s4XYFzTKzIro38wgJ?)%Bg#FSJ^k}l(@xgWf6*_5%0K6g&_AYW&#7zH
zu^4Zyns|GOq9lLcLb2wIUHM#BrjO^?t2fr-4J9-?l)JvWz(?H*L(55n>(C0dadOjZ
zT2;(sErhNNNTUHCIADGARO8p|*46DM(p19dB?Rq-KA;@n{VQio8eH(C7BKm+7ZNhb
zDc=*0hi`G~gHDo!pCvY}zgyq#)e2Wy$sDND?r!xtt>KK8SsQUY1sUp3VOm=3zh%>O
z-9FxbG6h2+b>n+v{+((5D!IFZP?FFvj@iJFBx)2kdXjtdnxU$5rs+@r08AKuOlt|H
zO;m(;{{VuESCyMK^ef3VJ3$1qyG?8y?Pn)?GLiU@e?wKZ6l;G4SVRxrkUWF^?ZjrY
zd^_g<0B_oPN^`&F1N*)I07~DVP||Mo8>=g!G$Kb45OJ^+I0PTz^!#gTQdKDX&d*h^
z%lxcNmn^jPBiG!UodQBWW(vpam8q_zbn)~7cvOr7{_fIEMX4p##omtB5cy8GOq)j_
zF6G7#af+7q>ek%7&Z4gs+=}ogmx9JD@WdXRWLDDnr7g9K`;iM|y+=b2*re2_X$(<8
zcqU?}1(#_c53b-p8s_5GZy#EY^vcZMX9~w4DL;4VTKetR+dMaAHM~+J4Ix+Da!%is
zbL-N%n_x}UAa`;6>z5Nz#!-YGoBjHlQ;pMX+VKvQ>wR;3ZhYtrhs@j7Htq=iwFvW*
zLes<rgzt3i9^Sd&arn||H`f+^BE6Q@W{tek4muyG?_GOBE$uCCr?!Ag8e|>*TE<(K
zKA%oAR|-+9Ik@TH?-P@XS1~mwwA5ZbGFkka$j{9pr|#sGfx94cp4q0wrQT>3uRIX6
z_tIqp#5XJ>zJ1L?HGL;cx^}R#dEJ2qcaVZTcJZIbgHYS+7h%cMG{lZZ>gcT_erGh?
z>GN|*``%a6^lU9FS!`Riuo~l$b*9a0F#FTQyHKC@l>Y!qxY`q2X>ApS%0s;V{(FGY
zvjNaA9171CzA3zI%=Zhs`_cscII7a=4Y>aRXloXz<ES#37=BbHlD{Lrcc69O^)>A;
ztn96sZ}o`pWCIF@Ga|3zMo;D{rT2;LN#AW_47VK(%+RiX0sjEkr9K?f?QE9zOPTK=
zCzEW00DJOHT(`Hjv%g;_OM~n|e8#+$%jGfDXMlaHPv6-=+CO`Ky?*k2&G#_`TF$%s
z$z*@Cj!cra*wlLZepRD2q&^<gQtsDf&D)h8a}Fa62?a;t)|N}VxA8+-+-{QA<QUd9
zKQETUh9A!~lDD6(-)U0*?m6RFp)J^`8xQ0CYc&|8+PjtQcig7i^e*0bifc_u$9e;A
zJQ1{m7-CO+`&P7;G9%gS<lD~D7VWW%WPSjO<@`zI+*`*i0DqxMZCf6I3?IxIlULQ|
zw$$|NkQ-xKp^`Jv!Olf=ePfbR_KxdIe_p7LOQp(gTg?@`Zv?6~z5BzTOp@dEBBZtR
zHebMus$-r|g};TE0=WMGzKub7WcS)+v)b}ymOH2if4VXc<Z3-sIxeo!ADN?y;Yj}g
zWZ?e*=ry};I<=zwtp5PZ@gqiCwEqB)+o)uXSP9Z^oA@%B&*rsW(A-C=Dlr0Ui*zrZ
zcQkFaze<oXy0{al$J=!NgZsmu{hF&;T^qYS9{s=8LotG1_z>Iw0L0OCbiRKpuhE5u
z-T`kdo}iEBM7M0D{{XQk-UsM&`c$FC#<!{H^Zm(_bVT;bjN|k_g;TbMNu}2`XU`?3
zhuG(j=~j_pz0@@O^^`|*9jR#n;5wBfgY18uWSeg5tJQuDenmg)^F=tIOU*k^ONl(2
z%S)djSb{+y=V|;gkELiO>};Bat-aiG-j6m&wyF6>NdrB|$?5A+{LyJQm+H|;b>)YV
zQG<k)Mhj$doE+k~?Iz^gYZkMU_hlJA$E{;JzQ$2j-}2k<DMy(<BTq!trIuIIuV#{1
zZkNgiMlG?A0F2gpJ>Q4*eBh+9HVEv){0(Vp`f@Go*V=f%f?walI>f;B9>=XutK3^&
z>JnOCH<yqe-sc(FxC6DlSD(VU<q0U-PguPl_2^n^`Yjnx#5!5GxHr&z*3;qm{sP?K
z{{Tv{6U*W~5v@oKd1gaK#PcHb$JeLnPSq#4(r&ExD$NVpq;jd{B?CSG0Ie;Zq(5TR
zFLb$Gk)Ye;;Q5g@;C~Up=C74|StYaGemZ|z3jXT3oug|LX!lJVs>TO9WsLUs9`xN;
zPq@*qcSP<Xlje#<VlqCywKtn>ttd;UTYW?f36BXcvw9zTy{O&GV3t<8gg$ICTLqdD
zc?1#zDeQ4ssHaV)^jkjOPx|yK_Ljpe9xZ!In%4f|g!ZF+bFs<W-#(yLVf%iEs7BA6
zp~~}=k$t^E6`^5a_H9bu^2z?yV<Y))K>3h21TgK_ty7Nt*}U3y++ym@BxTsg1#o()
z?L@v9x#=$d0GIqYE#0;*UR}j(V@YEBPLp!JWGYY17J7v}h&`)IN{{UjO$0K>e`xEN
zmf&TgZ$do}Op2iPF<tn2WU!drtTKsXOn&h};gpZa<X1fm(^}55MC}}kcp%`4r&ZFL
za#v6KYtTwO%E;E#bx35kfo-Ci&g#{QU^zHnKzi_dRm<H~r_$|jp4QgmIfidGERf^A
zMh_yBS--TB>NdNuj#Qo$m1K<Ub;#$Qho4$4V$!G4^$6p*xQ-BGk-W&m6gkHjJm)y4
zd2`AtOK(lT0cm9H8a}Nh!`xZh+d*v7z~veRA&Y^L$tT{aYO3+Wr|IODofN#IIU(HV
z2j8V%(m%6p8sg^H&zbGvX7l9%6;3b!UgV!zp`$61@@-b|mWtc=tj+vy{3G+Jca$Rr
z?%&*&<Iy(Jq#_p{Hnp}+Qq@s2{^I2RwaxrR)D|PHT<0PfSx3|^G5Oa~;gDgAP}gp~
z8)-eyQ~KankNi>A3|b4qTle?VazEK0F+ZLM<6Cm`s7Lwbe~~w}-(+~r6j5IB$P`gU
z02EP002EP002EP006r;R36faYtD^=|I}u+-cn8Jnb#H5`M1E{}cQFpfxc;KPaIN19
zc$VYCdXSki_R@T_MV_P7dy3@6&~+lE4~jb)Qksji*`HME_RnK>n)a4M!7t4sjz>Lm
zJrDD$B|gr_R?+}_b{L-BhJ3vBRvp*gsCY}o_U6qU99-$Q10;3Zp1glCThr+Bz(%Lx
z>9@q(n3U&^;|HkrHRf4Vyr8{TRQs<k=-c7Zl<X$aOtUwiC9HQ580CUR+y;5du=F_V
zQA?mhWQlWesV9=(GCWZ;<b8Tnavd*Fawk^PZu5r1mW_|os?^rnez#_&wCU2~6W7U+
zT~F0d_*N>?R&nO^{{Soh0Firjv1?G0#|KulvHM?~a_=e1#NLGm=gFuv$?tWBy0p0S
z8Y$w~tf_>EgOSsKIG|tng4cG-0UI|A$!Y;VTnc&Cwa0)(Hkc$)*xRrN@Elf-adNx5
z?ybM|^A(+~`jt+J4wz8tPV!3JrM0-pZ>w}4g=;mm`lgo+tlM<8Suqq$*b*W3CnVJ|
zsd$)#SS?;8Pr8Y1!2HEYzr~Z1-bThfSjQS4%+rUnS5b_t{J&e@@)PEJv^p(1>dsb!
zOVgcYUK;Y~0gv~40r}OrG@E<b-tD0`7poX9hjKvdI-SIG^sKXKtp_bWtsE?R?z{eg
z)H2#MqZeKxfrp`$-k&l`+?sZFU)SOm^EM*1)Z>{h@0<4urA4K*MbxR_j1C9qOrK7@
zf(ZWru`L7<%D+64e6ug8CAtr#WXER|V-Wa;CH4i>Q=`*0WS8w0H_3GC-Wl@P`X02o
z?ybuHO*R(uEo#=53o2??v$Vc)fMU174IltF&(j&Iz9_$*O-@@)+ilZn2)u5}gOloM
z>0F&<T$69O$5B-Nih!VWNlQyN6P1>R(ICwjqZ?sJHv$6E(m9%qMy0z(cb9Yw*qCSM
zygV=V{`u^=pZmVA>-zn^KUigR&5YyJklk>6Ozm`M`_~oN;n{xbxtu3kWg55eXYRte
z4~Va$lAEu}-A1#rXjD~C0$bxul}(0b@={H;X$`FGJc8d$>)PGO8+Uxjzww2zWE+9Y
zNV02NAoyG)8$t^06&jD{!>7p}C$X}BWR!YX5V!0Qp6{9u;-1}3=_LDy!)p&Z38bi-
z{=-`<)Na*k287uqdVWVdtA5qD3#6uVBSDfHpPPfA;AC~*Pa(&D6J2sXTh7~}IOw@q
z-q(VqRI}BAPv0UEVN=bUv>jPr4M^pAM+QFzHPnd`G>d4$B!vrTO*@AW!|Ggaj+YPw
z=hlELgH49Ot4i6w;BX#y+`zo_2$r+*+X5aMVmq>(Ms-2!Bo^@0>Q<k3Bc{2tVI(p!
zRP?OSLQb3mZ<jGn+1uOQd7b+W_0|(#s;ydd$j>`{ogR60l~oc9336<{m0zeNXl{&t
zb$%!6yGp$YxrEf$C4Y}w9}JjMd1h7fjQQs<(BGUC|MyxJqO9_WT^aI4q+%3DR<nv^
z90TMP-voY~n%UJ&7b|@CvEpFZ_x?fU3frLWoo8TF?Kx|qm<BVdJHeaduF$&)`dLu%
zlDy?L#OT-R`!M!S!dFM}Eb^l}cXZFfr#>n+G*Relz3q6-BEXdT+HJ}2@)i1o)Nns&
zVZZh^sW<=a7N(q_q*_=zy5z~B3`3{b;`VK5t`JHUI8&e*WdwekdMe8kQbvvE87RB|
zn#Sg5`~+*V77}8cr2J+0HYn1VY7oV-NMDijaaQCzh{o{KqwO4JQ3XJe5L!qr1S{L<
zgCZ__WP@|ad~a`^)Jhm>g_?cX+M6#St|$P7gI*^c92~s&RtqY;f4YCG$DM7ZH?#Y8
zv7lTGQy0VlU6DBu5RJiq;B4jU%V8yS#F%sidjn~cD^uK-duU+HkViShxB(X7M4CkH
zFK}N#Pqz(u%{S~~xOo{-86mKqaWuRZuBU;vyL;C9B)JrPbUpH34&qR8?iy5ZpE&0~
zol-v`ErTAKmtUUSQh4GLnB7UUBdxb-V{DtL*+c=4L0J-<K!GA=qc2R7{^9-7Kj`tg
zGKb#MtK2y2hB{Aq1|3KeZ9#dWt3B`A@o)y@@Jyn=Ruxnsj3d6}o7d*#m$iW5G<cJ=
zQrp=L-E6*(_Xhr|LK+1Qp~b8Br^%xKiY_)Jx|!|qNw20E!aOpyRd^`Zwg#D({ns*M
z;rP{sbkbr<&|&;7xqnwn^r{qSA@}a1V{86}tmS`yr7lYj$Fl*N@L5NfiBBKsa8rg-
zY-4iSFJ8Vpq@yy$MXo3_;A?C38koaRs1t$~!FdngrxaE?Eg8<q7cN)GNqd#=a}D4}
zkR&5wFMEBT)XZwu)BqupPcznHpB}s7iWU!I>{V;YCxn~tM5({jFYTSV+*AqI-`CIm
z(K9UjaQ*mIi{=+9#6*n)3v!o4<5QKHD!NDaUg&#yhVl=d+D;84vNuU1HNTlqI=xVQ
zeQ6GF&X%OUqvugvHc~-y18Zp8T&w&8qLStPi^aFkAJufonQp=r>7uJ&MXmSGCn;?s
zbAw+U8{lHd->ZGJdZQa>Xy1Z0k6cvedowm&orBiNvGuZE`BI~?Y;yY8T+AIr1I(#?
z!IqNa`zkhE=R8O;kGceRlkbC>vGwNckpZ9hs9NN4lra?SD-;zuh~0fpVylpM`VlYs
zJycJA&9iK)yt$m$c)q%0v&};uvcQJ?n!!EfZ8hu)u^EHA$a~_e)n)1pU;D<37<4Ch
z5;a1@6pJO;Ydx|7pF%X{Gn^ZTgZlsQvBbU^RmO6e8e#o?STDACp<WW^x9gNP45294
zzKA-pC)p~lMIEvCvC&IjMp3hA`ij5KScuSaL)_AglAeGOrlOE*<u;R=N>pmfv@pgr
z=yVcBFRy3|s1t^Fy2exlY0qounVn$CVa2!=C6}z#r0LA}gavpQGKEpIQ|EKr$(;2<
z)!~{9Iv{T5a&WP~yPa@cv3g<9sbV8ZJ#oQlaqVpW*9_XN_ArGFtr;`fh>ZIC#=OI4
zPbwTNGN~@~0mJUMJBe+gYi!3~eRnp0uHXkk$7f*b4yS2i1@-8t7UK%?@D4s+mUz{n
zOo?w63skdU^jR>G?6Tv^Q~vprM)t42&I_rirMF^}<GBbkE1Ld;=qQBUb}3oD(by0l
zk*9~XD(~(~)-B?c(mcghwES>CQbYHFc27hA<I*M9-~!E4&x(WD*M*Fh2*4qS-s^Ib
z>jZ>_S_|?ByZVX-da~0WO-=PB(fUejIYGO(Y(NB?>BXpJhZDjIW~OQn4*DI*Hh@rm
zBH5Q@eMH@HJ0v-_c#2~t#DzN7)$2~9cdO8E&3<#Usakfh9#&XpIz8lQx|#EZIA6e+
z_#IN~!8JHjjIkYAn4KmQXx@7J4J^Fhl6)8r3bC-hpxMUmjJvnW2t*@F7gtunZ&&tj
z{J)fie?*tXtDmU5`Bv;Ew{H6%9d_P+>9JYrV2f9VsPdU{`%L2KwSNu-HPFR5Wo%_&
zp_m_T1H{KkZw_Djy*+5m^+Qk^ja{cEGMhmD2=YCkS_>x81I$#aPtj|GD$QuWp#!IE
zIv>5oPmwwGkDkrcFEMWq>;UgBWm2Wh@LB@@;i+dRz<JMGvZU4SXD&rt*=fe+s;rx%
zoQ@25Duj+!er~<Rl`na|bY~6<8^07rB=J2hk6SZmS&B6fBDtkEp2JXw+Ndd)rR#X8
zPp*cR$$8NmvHq%->S<`|UL)&~+YvJHAKo8h8#@NC58O)1SPp0=pkLQDIHNd)@E=}f
zG&LU;!|>t{D3c-lZb_@Lb;ZzkR&<VZkoAp=<P)l0@-q5{shcPf`)y@M8wn7NJngGk
z^4BPG*Nn_I&*?9zxhbL3h`)-?qp<vR2^%<wWQ{)Jy!b<UBjh1)I~Fes#bu0n0}2fk
z3Kybf)v}y_b+y<~1vNp6B^T#z5Xnj(8?(iWz4qMY#f<P-r>rU)<GwO>DRZ1}Sa4Wl
z$3gP>-$2XZ&|EultjCAf@h2aW%m|-;cD!@q0%Xfo?SAU0K}7J(to4`Bt4grk>5Vw6
zWt{I!L*6Ss$Dsy_G%al*eJm22!uQ+5Nv%LM?k>wt1KRzE_o%{^8wbeIN~ezgWsxW_
zVEVTSQ$B*Bm@yh$RrMr|o)OlKGNGnVad|-Be5mJ16gW{GI$+Dk@%5vtiF5=3V-JF%
zSwy8zsR_9)=Is{AyNm@Di7zSd2_ccq6-_#*#;L)<1)Rb6QA1k;ORNLU)yh1(t=^DO
zf1kDL68hO<qYn$*o@ZiZRFshAYeZXGUBWfANX{SRXNe|nY^t3?V$MIU`9@49Kz~-u
zf`ln*7D4@q#)Up&W6WWASKP-?NsqOSMQ`U$s0QE3<x}CFj73P9*vltL>oF@T?PS6S
zF*j@4nR9C$SY+bE?o&B3&OQ9K#GB{SQa60g!iQ2a!iA}CLWXl)G!0&6&*OY03|AB-
zj~2pn?VjY|7`D-KzS_Q41U{R9PaYzL#nZRI8ARs2cl&^{OkXZvpE`}_`ae8H|8y(c
zK2DTM%^j2(beGaS<293iD}7`51@U{=?J|+JmP=l-QcmV7tie@K!`;5AIiAlz01yA<
z7v4smZ|c|wME!K0ui+Lyo&R;4a?k_Dcps6h!m00GKp?aL({Y~Ep6=&s+l*tbFt06%
z-#WeKPU@-`^t(%(DTv=hTNlBuvw7PRgXO#51qTt|9^K4nEb@Mar!Ibq-!5uepx$D6
zjsFdg{#<f8o#*Q13tVQVLHw&<ymW|1HP_s#3(YbjCyQru5{{C*Duh<wXFQ1tu!gsv
zcP|`uLv*Jbxd#fTbOuAMl1fF1vuerp*lG|q@S1v>*uK<MUFqCwU9Y?8%Sq2=Q*EhG
zRjIe`HE-k@Pe}(bAUR}OE5+)K^KINY%zQ(Xd;W6&`9gTZg%}1c$B~|EsqwI4s4S)k
zbRsOCF`qERYOk4a^I{F>$6@J`l*$zawq*k%PM%}w0zIwN&xHL_Zfi2;SsK$-n3Gq>
z@4>o_y4%8S9lT$T)$WS!=<boE3yZ(Y_I1?1)xUy_TqrENCK}IZ8-g>$Q?IEC+u}kU
z|9ZW=U#i*9$u$~QdXiGMv`-m&pSm07zKE{A(W3=1$|HB+E$_$SR@s2Ik|wNWZESm1
z`*y)ZRTK{NT&CvEO9Zi{7h$RM??1_N<{r|07aCVWmmKd9>bC@R`@oP(DCd;K-EXkH
z{rfmTrozZ)1KXb@^G;^z?OS^%(hg_NrX`%uG{m6fqZp%TrYF%tPE-?X$U(`SPGvc#
zS;p!Kw*4`o(IodF1@6e7K4!rwp8QDfr~0v;;|2~>&_BE)T_%9chYcS%SW|naa@ySW
zjvG`Dmt`kGmM_%s-VRT_)oKWs8Jmg@^OT|$F%=-l{5%NU(3J27^veFADtfdxs_n;t
z7{j#0EhzK;wdhVVU1t59nxv1<x|O8nWbSZQT;OiU^WOh4vjDX?cY~E%PH*v)harqT
zQ!@gxq{Sq9L^_I+CYFq~6Uh>$UA;oU=nJj4+KwM!S~5m-D%5Fs&9`qIbiNx43xAvh
zG|U)VeX))*dKX{uHON2V6!s>+cH(lNS}jT5m5RZre{tF1a_qDJnpgRP^;<a$DUhsn
zn);tdO|C)8+mZA^_+^!Gz%7#@ifr2vVOO}=m5`Dj;*xy4xO7T=@Lt9oBaq!(WC5=o
zsa#f;x$iFiPqVG=Wj}q;Q8JLZGx&w|RD-q8CT{WTF!i0kLbwVmJO4CX-|-@H>%uwF
zz4y2sP<jzvFBU;FXRJl~9>22e07#@xShAZJ{CL*;==?zRj@53cOt$#Lyu+B?Yg~iM
z*W5A$J4F279a8&1awc2)rTK=Bx96X?u1ii2VX3FRHH-0w+~J1_-|cRpT;RQh-f!k;
znbhNv+c&@7vMg&{kQWwcq0hW8Vmensv%J73xJ@0_Tk&{;$1^}dd<;`Z`ZdAnKXU8Q
zj5p@BhH9R|XA$U6%@U97@SSgFJdzFjk052B{GK^$wP!DM(Pal*N<7smUtm&3;UAq_
zq9oo21m}d;>m+*{b@qHo2Lgp5X6wxU%Vu&QvNPu=BL&{5U~d+<gN*34YMGNl?n@q5
zrq8&An%MMwcQJWSz|h<w>?kZ1M&F-AO`R$acsnZiA3#o@*EW3fQ(N7nWfEs3a7fn7
zhF%f3b?Af{H{h;4qTQP%SC)|eJGJX{>n}YY$QnYhMoOcCfmxsRuF~0%FuS0Ka1A!x
zEZBoxPIifAWZWWCT{Vg?+Bki7=&KzS@9Ql(FFX{gX!3RQBzA5gN_6JDZ~NFHt9gy|
zFg96VT^nU=e#&zkI*Dw5F0f=Q^x<vPtC$Ljs0~4NYLXhjXnrfHiLtN##1D(rhAek5
z=Rdr8TG)po+`^Lge7qjJU#Bpi_11=(jvOVM0#<wZN^~|dE%j3v#jymzQ|yd}Q`<S$
z<_T*?J#=<?7ptV9@Yx9|Efa|6h0he;d&_2S?rQ8804rQbSspY|xJGCR%rT<MeJor3
zu0<ZhU_<iPocWY@zRt@-_`wtY@tb>K*$dUS2|nQQikz@O=YXKw1NzL#W}H3P-LR>;
z3p3#~IeC{s^Ch8tpiHIwgN8JB!g2A*-ecJXbIF}+pWBN@s&CL1szglKhY~PQ!FN;D
z!j5<HmG6wUp1~!P>#q@`37#t9IlhirvfB3?UxD)M3Yva+er`lyjg{^C4ipr6o6O56
zXN%QECFN~ji5Czo`f}Xrdcm#@MWSBDA+$>Gd_!?PXKAszZ9WQHmVp$$C>C`3*hT3j
zyQu>9ZhCaJF_A0RGhlT{gw$ITVZ4ZwdkHjxQvsVR0q#TV1x-=CGKC|m&t8@}q)y!5
zoUk-$%HUtz+E#$l2t7CayFIL&-At4h?FnAz4wih()R?Ji%uHud{nGl{ki6~hrB=e9
za$ey=c&k~ADfAV`TwtQGm04#)a^%c<iNfD7<<Wphk<48pvO!m(CFcOQcf%x!H266k
z#d%HB1xXV5wRLEzrQDUyAEudEYktqC+oj%}_htKK?htlJiF{_zsQ!r?(r~Izl)$R1
z!MN>uOD}0gUR8>*@d>g~IU6FkJ-59r8<W%6!rt8U(OM6|liREw119kX95GC5@f<sQ
zDzQ!v17{9g>6=~Jh@&g+)eKreMIHJboF#Kndh_&OeIuo<iC2HZIQx?LR!_|{|F#C8
zlR3PMbP;t(*bDrv_lJ+3`L)4NOZN{jhcaoBA6tAGJDZgG?$2poLsws8JxqIi+2JCD
zJF5OtzG4cCUmxKoHV_w1+29glyTPS>4GYJ_^+}H`r9CiBJtkXM%ASaUD-2I)TDtV?
zlTEE~5iSILi0<1<oa2PjewlH0>a4T`Y1KGmM*Hh`0idOcFu6ATeG``LcOOi9y7IW{
zN&`N}t@gZ|%Irm;$@9;5r14kmFwYV-52iL{qm4Hc3>yTG>L2vKKJ`5@94t%|S~P0~
z95$<Pzh6eSgvB1ZTFS1LAjU{vccvXYpo`UY7l9qMwPe*SgC_IzY$IKnWKLa2v|f(+
zvNfiDtMC4{OKkq!&DWMCh;zz_8doeCM<qhT=muAV$~@_+A^Pi3_N#FTNV6@G7x!C(
z1In~4`dXC`r+@*D%hI)6^Je%3a2@i~NxGN&h3xI2)^FFHW>aqYc==C{lRgTHA+Ja5
z`6Eu8Rn5S&fuB?)ov86|AE?Vt7AHdPO!?bGwvE5V+3#N;5w5^XT)G|@I7LBU4$+kH
zT)T;@=_rF0oo_*SZvtC2$O~I?BQDJxc^3{`Cl!uva`(7AnizN{oR~a6wud2pnonW4
z{_Y;Tm+-}SqB`>18{y%EBi`%F8aC}+KiuejZ>>M{Z<eU+7s01!HWuzChlS|tHrN;D
z##R=`zpgazB{rI}Rn9RY=7OyVD*AAmw#-74#%_EKA*w1;#QabeB=GQ3B%3RmKXq0^
zZwrm<Bz<?T)|I`Jp_tNcQYO1oCQ}%OGM7nQ9VYzAwS%(5ct@h-<2fONzn=w6b6-67
zKbwJp1q_x&+S1Ce5kd-L>QA;;#6J)HRn#&(1<{1Tmh`<WrHbN02!h|uV<ab&vK)-K
zmk%LFyR**Urn5Yk27-Mdc7_&S%CEM_#YLuWa<#tA8MC^JE>^F86aVw=Z3(^ah<@jI
zJ_2do(wg{rYVJ0=5Ob8H^7t@knlA17?m(n+N6L`J`BD+!!H;^1kwo?i6+NAF8acZ6
z#j-$@%b1IUMa@)wR=p-E(y)(X-(W_>9lQ`VtVWfBt-Wv4UL<xhL`akB=PDq1g*EE>
z98X+5+4rBhkyHNc-%K9Sq!Bd2EMzZv{elj$GHn5Za44#Cy-;24tB!>`Oz@f04m=xd
z!JaI*(B<t?KUg~Ww+tmG(LYKcjm#KXk`&D)f@jqJmfmz9pfv5&8RKY|)uIy>JyT$q
zRgVWqZmZf9@}hKPOBi7m?~@MiT8B7E|H%5%HfY7Krjbu*n<Q!mqjGY0ojRwOxLeyJ
zjExq0K8x^bjHZpaF+~|a`Q*u(Gwrr&gvQ5dcB~bh9oB;OB8Kn6or<$<2r#UYbDuLk
z(3%gcKNtMG%V>AsSOnsx`~Dv@`svFR&7{^QOQ?FKmzFB5k6I7zpDa4fG=CZ?T~e~0
zY8(@1ytU!Uq=Wv_U`$b@X!N&o7wITvRj~Qxv#Hh(Z4>`p0WR31=}^e@8dq2NXeT~4
z{txeirZS{zPJwr~PW8}p-Mb|H>t99Y%s2z|K&!X<A!a-|W(xa&&TY{_-*s`Ia&=&*
zMzhF;V8_8wgf>#=FO5@tfBCXaY^%T(OL1Ux<;8t^plFS$=svOJOWFYcvN8_%bVvUY
zL(z4q6{BF6i^10e#Uk4hZqbgb&dqYJp|S#3VZVTQ5!Eub_8+zeS{<L;lV!*Q?DdmS
z9}W5bL)0bWGOEa#)uTJMJ5#Jj{EN-{5tJ^=gmFJ5d%M8j1hR4zRccFp7jn{U7ru~O
z`_#obQ}fo=|CSk5^s5H@FX}-k^$+i2(!goh>Fa`$)$dP<8gxFDO1{wvGvC%e2^s24
zf~MlC$^jQ#ei$DKAmmx;%q)Ia*QdC|>aQ!OAs3MYqpMXeO2zj%3a1!9)8PT4O^GC`
z!nG8}KN^lnN+X~VzKSBOS7Vs9eS;vEqG#}|@h5#3{NX&;i)!>ci!d!@<x5=`a-_NA
z^2<w{L>sz#Mb5|9S-Xzt%;q^^{!R;`Z~j8O<w0Mst@b?4PtLf1v#vR=s|WDop%g>Y
z?@iey@A4#_7~nqiupZk|%S%6ODy5mkBAN~rj)HJejsC^%x6%cGwe*BLiKWt+Gwhcq
zMZ>z@Ts#qDRDVzyAQ}K%ic=tcj0B&rJbdm(aviyORv9X0MBfcZdHqqcHIa4<)TfVR
zxt*a*VLO4;1+?o|V+hj<;Uf7A>LK)fnELo0B;$4VnNpw{U9Y(O)B}v+h34&krG1x1
zZNlFZ{1XEP(-nIeU-2!5Y1vZNhSP3=7Ltay2JBqFgCDa7xh`!5>Uo>MVBftju$6r9
zfNp6JF9d_HLbkaykbzUAZM}SqIPJ(5!b)A-bJk1phfQ8)Df70>KS)qy&F$Bo7ZeN6
zIFax-u!eKTx6ZwQ>b$>!-LH0GsU*MrS>2udnQ+6Xk*$FgJvl8=kiI7wqsyCGVZXL^
zQM`DS!G}&DUg~}I^qVyB@84IVr-DCoFpQ&l@mhI%=ku#?a#Twm!;(xKwN_cgIT8j#
z@25HHjd4f*O#Y#>ppTbBAf@8~ozR!mzZc?qpG#iv&OWJkZlpwn6G^GJeCr~Ec*jMO
zHA`<U<fj^5MKRUYHq1ZwJzxKjWmm?E6Ra6s-<f3SwG7!kTs0R}{831?20-3}r3Uj+
zUMe{GZrT-!ywDpRDU2p9mR93=Z>sKmMX_6Ge$;sZQ?gXvx^Q9@H0o+`@>^DtgacZ{
zA6D$AjzOG#rOH<w1hZjuZo#^YCv>QjXk&$z$Q32q@BqCHLi&~$A5}=?7FovqfR~fe
zDhp6!lr!RTL;Wu>s*1;nM|s(kt((_v?UF|sr@eT9rxQ23;Q7Xr`wL#J2C*XKXUhG5
zm~wdL^Xs=}UA%wzihLr5B5PPlbCmz8t8-?kwfBU@O}Fo>IyaQ5y7HU94Ho+Q)-~f*
z;jIT^-_G;mAKqJ#gN7Z;5X9TNge+M1!jKYc_^B;1;kaf*vBYfNy!-l4ptcE`{)&!k
zU@q?{XQSL6j#@CitY1=O6`f%5UF;>l5ofp+FCTI(@U3vYHZJs(YD;m^%q`m`k1n5#
zNzGgajF1mi)aHxus*e;RkRG*?or7Dwa?oy<z=olehN+@h#nJ<cIOeC)m3FrNbT6PP
z!6ZlitFl*o*n#IsFVlYHlc~FK2{GhaAIWSl98hu;Y9;B*R`ykoYr8{yJ)E&mD!ugo
z;V}>2UBVuD!L>D9UCh}*`6h`8Ed(MgPzdLfe|Y+;tmf+%@0@=F(;e@61|JlITo<_$
zt`hr#711L=g7Ck>H=%dSr(_bNJx-m-=^nkDmc^MN%$%%V35G&mv;`%_3xUY4yrMsG
zr`Uo1@*p=77d`?4;qeQqv>U`dL_g+(_CxwB&T*Z`DXVi2FgZh=crUaJ1NtKOqO}n|
z`&aon-i7Fuwj|@PGj(NUvEd@fbc?UdC7b<qtwz^fW<agSkzDLd9VW-5EzD^-;L!B)
z@V|}DkBy1ETajr#=3dX}j(+b=j~z_#BDD@F3J5v72RqM4<?cz0rl<Igj+LslIxHfq
z^NyH3$gFNB6uj<{SAQ|NSGS>Q3kn~-Gt@$SXS`4^mq?nN;9)w4UuUwtg)`#6(sx&y
zfqmyqa+(6=Fu%*3J&t6-19`y~c5d;yza?%-(6Gg`vP&2PRxD@I=PA4;vgAiBwO&hw
zHKX~iL8&g}&w`9FZX-UuA8LcR<%U;nh3Kie3bDH5Q&Vrc($NLDDsQMZ^NILc3fA{L
zVbRo}#(%VVn2{<@*|lBL?6ate7ipnQI|Nv9T9x|<uh@8EoGB{b;lvU2tu+CaCKJ%Z
ztucpYK(u#O_Y3dr?1|3!dW<~MApD-QvF6BvE(LTW-AwjSal0nJ-5~<oJvG{~0q<nE
zjw=csUM|UlA&xkAP-Cn@)tsIcMlJckft!fy5BHo!OB1C&@!Ef{0dG*YIIp-9`KuHu
z`-WLu;m~zW*gJawsmivIn*TVHBrWhhNLlKLQDAh57&c;gc$Ycgw-69Qb;K-d5Y2}#
z7MSf@u~3}HR+f6KC~LJNMdh!^s3F8q(r5$H;>~W$=ot)Vk%CNgZWrcs%FV!G!no!G
zkyIz!ec(s=fMQivn!prh;{gZMELzTk_nZZn8=VZaoQ-Bp^%kHPxi}wyP%L*0lZfBx
z#XV!Pv2(3nwaNZ^j`Fnh$KpV!XACLjy(}|4e`?m0g0cclqM4huzYL1a`}(&3KDcf+
zg(AqQ795oQsdouqyFu4@$JRf^nA<f_peV&C(w_AR{wBk8jmQ7jW8_S<xTJX9{sirx
zH##}Ta`rc{QTqU*vh=bXM5=+PtfmCS@Ed9CaUL9}ja0WgiVWfeNy@x9<dtpuarMc<
z@`oP=R#5RP4u;0p9n)75lTzHI4k6oQj(}EkRDwnqx!mWvrtc;o#73{xKsb=Q0mtRp
zEG-%0t0-PFUS1k?Iy!e5;`ES-9JA6co;*L8y*-X_-cP;aRq35bqV+~Q)&~4p`Wbk<
zy5c;pi#nHyJzX-B@XeE>Z|MYnJD+6ytPXhAtC~%*Vw25VW&3%aba0IeYm$+xTZ81k
zDoG*ViPmZ1><r>?@_VjzWWBL4y=>n?m||)&OZ@FXe@tTIdd=uzfap0?uwm{;54fZU
zL77@QTDJ0$cyRyr`Lvo7ZJf5TukbmaMXVz`!=zo3Vkh0ym2gvMTd+T2XzKa&dzHv{
zOcAUJT1j9#_N>Zw>Eq+0JvBK0?fYKa==o`wY5h~D#QNvA5Ny}8Ur3K}{8iBUgq5S(
zlR$r*bAaT7(X6v{TB54cHI5N-PR>_p5G#hrlU<gVyyAO2(zu<d>c5d`)0nEa{F*Tj
z<C|ZpI|ZD88bQ-Acrl>#_v?+zB9JO)a_84>6AdR{nR5zc^Q#Z*KO%slQT;heJ1M^h
zbE5HN`kwsk7-u-=Z!}t@H4YB+*MIFKGw7G#FdCty^jTHyefQY4m#q28bEljF@qGgo
z?O@lknT11G=Nd(lUv<+$r_S}F5*vC}GNxY<%@mw)sJXPW0}%#b8jx&&udb>te4YU+
zvp`(eZPvnP;hl7T$v5}Kj)47)?LUh?!Tk!Mat{n&#Csn@x)UxI8Z&|4b7swDI@gj~
zm|BtpDnZAX<BoK|!$WNc=bguix95$@FHglq2qNJIOGb+d^Y+=h9QW7#_jqN}%5~gI
zUy@Xo)n`9%7Qg$4cZgJ5Tre-HzW0msU_%zY6&(GCcYabXOM>PgxYKsnzFe&vl)V(I
ztMf1G3e*#YfnCe?;ZWPCN0W&%e}tn8$$sJo`?;v;B1OQ$Xqm#9joYIaTq8T*ids(z
zSW33__0BI$7r_FG#uSaJs+_j9>Br2$Gvb)uxK-2-t5$on_A`U2We1w;pX1$=EmBE|
z6jGW{rf8+g6VIVCXEvK?W_Q+;Kd&zt*NqTBeXp9v)J!J}gavwWfL<{JurfyYmz&dF
zuPw<z*0`gGTT#8Ba&l#at+CNfkKoQ`($o3QjuCkV9BBxD%4%7=JQhhVcMGw^XASVW
zx<gt@@LX2-c=Q*1-}GNjGv_t9l14Gyb3NT`PLq!xQ%i9|N!^#*IMR2A#QXcBdOY|&
zjg}<?v+o0~orZ`!pNYWpo<ZOZjnFrYrrVSky$&21GP1lMhSjdUDY=FVS|pSErV<7#
zmW_u*Lx{7jxR#Y2Z?i4wE|LUrY3gT1t%#;vx$rJG5e$_tlTO;4ARdZEhRdV~mZpk1
zvhA$uQYJH1<_%AL;DP`~W3`r1HnHciB$g5k(;V5?i{zQgt%+56RQBd4ZGo|pqA~$o
zVXYn6d8!O0_-#Te9eS;`K&sIlhV1fkGtjl`up>(|Xy*f!U}7jil>l<asT|l^2Vd6z
zd8?*W&8T&LdGtZqldY!iPnZ$Fg#-t>3R`Z^s;2Xs`T3Qq%rt#eM%Gd1aWU-L+8Cw<
zDexRi6ZuVqSkh&>JbcZB2z3zS^Yzw#;s53U7b)sC(JsA$GcQzv_`=}RSM(~U?5UOH
zFCLE2*u__>zZKGE>sij~2rQ_2%ToCQ@S|^$(L*y;^16(1erBErrhJ>CsZesbggh$t
zaaVLSH)-toa}{exeMfQtmZzy+b>3M{8z5Wq!bIyF5(Q4GvBx~03EB+&Llt1+U0!c&
zG+?=qnrau7=fW1X$R;!%ECpOHiTMe6Pix(%#G^4VrnMJ<SFZ0uLULG1Ee1lp3peW_
z(Ykt4>>67zGBONznyKHrf0C&_QwvsVh0l1*=TDQeHzBAESr2PatnNX6QzEKrvh;j&
zrd{3-Kd|%$3sz^X*C)p&sPucLy_>-=X5cILSH&@7NsViHcuSUg_fUTRCAp4b7Rdy=
zn*OA@lT|NwV?t-!8lXjYI8ltH!|0*a^MllD7hy?VLB-A}j_)BXB<kW1GppZ7MlW+L
zwZz#nYD?U^t4n?qgUY6P)6L_ofr5#2A&WUA>$odhtq38E{B`P5pDT!I&LoIN^l(g_
zL}X+D=<15VwOPhnd!&+Y+_k@fyqT33DRSHKE>ad0CiX|UQ&T}swjegIBn9bI33dca
zCwxNBaedys?H^uI6C-!5l_mQ5)m53tJrSd(>X0`j%@^OaXMuqd|LIpb6jAHNa+Y`@
zux(#OD7FMIv><#t^Z?5dXY!UlY2Jyb+k}m$hiX&I6IGtZt|W^|3g2FYGHEKx_-&q+
zvQ0E{w?;WtB|>HtcqY}?-;Es_8GWPxc7js-+n2Wl*4Y<B$;9y9oLtGKXzHYB_<|<U
zi$m3W95(b~!my*uy^KSxmfELrQzSA7iQTG|pqG=)ky~wN6vbp4w&&-j0{|X-$t>NL
z=}kq-Yo8w@0uYqjuGDH>f`xiIt;$rIM(oQ{v$bIYUG;%0;e!$7^ZS&}%%hU4rhHg6
zkVj~NC!Ci<NlY96EAKDCmnRJ_+*%(0@LsO)F|0#a0DoZhjKPyj>eAeKU67~dh>?qC
z7V#@wNnr-wAc?y6N+VlbIq()5jUai><w8<o1AFCb&eED@zn4~89pLAi6D1br{L$9l
zlTq?OsMX$*WX*l1R8<82b7vL!0raJlf8pVp7<%(AdJV&S#xRImAQZ_1c3#Bf?5}-8
zZW)XGJp4KmtGjCsY6<<ny{+fRzc{)SF8YsSz)64pFE*ghyW_CG@9n|D%cqu!ZK+$z
zFP-B0&M}9YKB;}0aBzV3(}y*9k*B((OT<619v69sGzNnE`tLWEo97ez?-+<|mrRXL
z=F9hrsig)U2;}ykIzY7JGx^5!P(LUAjv)rh#qGhrpX67rn`(oiE5G5-;Ufb@*s3z$
zG{oD!H8oodR|Q#F>IR8FcSU+tIWE{IL(7mw2&W-w)`SrU-APX=J)wPss!K?P(a_k2
z<g`Nl<XL;G6qY8c#~VG;B#c7R*d|d#b0Zhs3atjyNeCDs?q<x|1sy0<-Rb-v7alq3
z(}ng8<@Qfq{=*|zdm*||=qwx{W=Gt)i8%zSNfPcfH6e0XK&1)<!!94Yj<cW|ew|*8
zQaXNDC->$T6tyW^wgcs=l%YIqi1f{Lj`IPX*i8-sq!oF6@roR@Smbyv|0%7!Bw*?H
z>)ftKSkEYCW7!zjf?t0OVftf&4}wNXh6%=@T-EEh)&Ww$2Kgn1r6z_=oZaG1I}D_d
zuc14;@oh;bCeTjbmO^R6pSR9<vFf#pdtyy6Nyod=&+z&G!v8bjol2iq+9CL5Lok(S
zf(Uaqn>CJpJF-3OCAb^!$2eLl(zBgf#FAcUIH~dDSb~)S+YsO;J1PjSFi+e6*`B=P
zuxnFlCTHQ!lU7x0Ds>dC6uxsF@`N@#K!GbQvWiTGc=>P5=Vsfbn_GBtt8>k$&vj+z
zD|sfQRqJACbC|Vxl?1tH3f{D|l)DXUo*C!&-%V#tA$^-6DxO6WqtT}Hoq%o!PBvyl
z_%W5klYz{8h9epY0whCVqlVTL`&2QttToZF4#%<uRu*|AU=5#zk;%W=cZvRWeH$dg
zf1NU#>+9*%YK^!s5EiW3mcH}CaL0+as0i(?_RpGu^8?I|{rO4N+?|;eJr%|G+=9Nz
z+dGI}`@svI6HgkiDnI{{e;m6l*DD#TRZ2+M9>7yr^L_LqsD;yoU{H#59IBEDoaPaR
zy;p4b%F$u5-71t+S`ZuH!d;!h=Pki!e0z&!*Y`67TN?6Sah`l>{RnTF>^Jz+8vgFp
zgIvwP@2VxK8g(G%oq>Yy11(A>JaOanD<Lbjv63?t&-&4jBmI=2{|Xr8R=&-rnAZD*
zlQS-pNkO>+CuDrh+Lt?y`z5}NgcOJ@X|Pv2lrg`MK2$f;C=XKH?4hh#m36fuzs|rj
z*m(D$8?TRgi>4?3&znULn#*S^&7SwJKq7c)7s}{TkVK;~5wq`J3>!iTpB%0p6Z&RQ
z(1=etTeXI77z{Dl)Taci?4nDuNOAG!<K`x>n&D~c9q#vkEZr{;0MDnxVtNGn&T|`H
z@2M*CUyQIE$Z`R-KYxF`_qeI=Jl`a%t%{d#<{w_j?ZfsH52h*SOM0&LU+(Tg<xfIb
znX4sOJx1j0T<(y62p7q-BUYL<mRm@GGPsmx87re`g+z}cGQ^6j(<Z>gvpCzlThQr)
zwIOXetr^L__OkF~+|j};E_o2W3~_Zj;t}!hU$5)<Y$+c`o@e<VogH&{!<5I7B>3qS
z>qX%=YRq>Y7s)pmkaQ=RNw?LDOncYSX@fMzA|345RHZr^y)GSsHCS}dt?+nNc;%+q
zc-LBVi=$?Rx0<BjJAkg~C0QUP3f?0;5y{x8+$}CS(&=O7NsnK^!I#ZjEGId~(4S>L
z8<Cz@2A{(m8yaQsaDEV=h-hBL{GL}_35ZJYG8Ot^HD~u$N6Vz`;>I6!u3A%dV$*rm
zOb{)??GIMEjCoJ7vSe#JMoqT~D69VQ#iknSd^o8_`x5fvJnzvJei=sNvZ|nOMU;|R
zjYTcZ?PW~VZ}ciIOk~8j-A`On8!}s3xiVBIP{x|Z{OnDBJN}FO=r?%(?}u;Kg=OnJ
zJ(^8-K<8PZ`wcMFSb~-Iia(5`M^))+ajWxH8mo;z5;FJaJBh)&gAZ^+T~d?A({JUs
z@H7t)O+42!N$r!)f`dUyVBPt4uk<way&_;V>=cL8TD-isX7K`ABx2&ev=;kpnoUk?
zOLYlb<*SP&j8z|+id6SR;XOQ21<EXNy57A2#}_j+-rsQE{vCO>IWc$l+{fL}{EB8&
z(Rt-<5e^><?asZVU_{|w!k@PH{4qvOvS8ya*&dCnGL4>We!R$&fy-b2@MwnS)u2OV
z&^38?{vC7IBZ4l!E+}lq1#noPtFdn1vT_(H<4t<6=F^Z%;jx5)r;S{30bn|r8^eI}
zKILz@`aejv-rTk2Vw#~61d`_9Q<*U|W7k_~)pW)OY}Z4;JCNwjd%kL+e|W2U7fY+;
zjiUeXv@F1k=$_2G=mL)J&KI4_{`R=0bqq!sMnO@n;%e3sQpUJrH))J{z4R(Q0PB$G
zLBxfjoM<FNJQL%h+{Gx)bl7M_Vp(;P-3igc-1pp*(vLSIrs1uEAIcW9hbw-0Ug1yG
zl9PkfGj=M}`DBgbl$95FSBEc6lq+~L0!|6b<r1IA{Z3~5r2(~4{<(7d9>TuQ!p(F`
z=6W7MpHK`|IbQ*g8L*d>VA4*%w!d0S0#xT!Hj{ep#nyghfW5fi^6ASWaK(;aR<cpQ
zchH)?#Nvc$0>v5ixLY!>L(M*l;(At$d1C?@kd=?O{>)3__3o2QciC)k5$J-I-y0Wp
zNFAv6NEDYx-qA1wG2&GiXlU2iN{l33BAtl9_dXv{Utw&g`8dNj-cU2h7DGm?8!Kj(
z9S5v$E8|}FI^2Qp@irvpT6oJ~S_-F{?L_$qeo~v^{pEy%?-M_JJ{50CS6L`KAi%j&
zpLOOh7|ogcx|{aM44*Z;{|{@k1$`Mv|M;_+$&$HQ{YdJ!?7VmD0eIwN?CXy?zZl^f
zK6e?s#;R7vIt{q)55>sCEN*gJ=i{nzWlY)K_MZb9(}Kn7W6SKd*aw)`e5;d{;K}>o
z>9?_nw3_na-5b4kj}@C)GBk*oBt3c!CW5}plqS|Nd?sNWguAvYYhxkiJDt^n{KsWp
zl*8dv5fO!nFQfs|p{MMuZwIc|bnAS)4pjYR1gJ@03aO*}_<Ytp#mV)RCi!jJGVTuM
zSClfjX=9zgU5@$_H>4STn<Vq$-G1qyljP(?@DUgG;gH79A);qfcZnOn#TYNJ<&rwM
z%$H8#v?IEtL(Est0HIK$k@(3)#V{w4|GH=6#pE6Q`17ErMU8R7F*Zmiq|8>^;(N^I
zJsg`-Py`yFQ>y~28wTESpBr3r+&#-wfvGlDuahq)C{;i|Int;Xz)BXbq;l&Q9;6Ti
z5!CDvw2LD`FE<fZD^16;7Wa?cI)u-VUe_a@0Rr($bRV1|(g5naxB9UTxnx%r15}2$
zUM{;q<<y;I(4Vj}9Z&kb-hX&2X?vU^j8T}xOLw1+m3gJ9%l>@)n@s#$Xq;QdZg=Tt
zpz(+;RfNxHi`H{9sO0U&iOIC{#Wn2xjwUp$P#n{u_w3L>vJP0LqdxS3A4GnNvz6pV
zrxP(GI=Df%8~ZM`?$vycutmP*CYdpd5ji>-b-w@thYER5t*)tj*kdaRb?qhY;!}-C
z9Q8*eaaRCM-%Dn3zp8-YPS39@5=X{_!Y$QGJOZHWaVmt1ViVO=!Y`lyn!nn`!{+}q
z=&U;~nP`;0kGJ}s%;<9MdJpdDp!ey<o+xyDuZ+QEEY~If!;9aYooqjz@rRP{cUrgD
zsJ$oso=hKrb5ZKYak<4@3*MxzfNN(xoown?`~Sq9d=V=r4RS>?Hgn;iT+OAR2q18}
zp?f8XZU_&(hf`i0ep-4(&uH{Sh`O7SY9Illi_}sMSReY6RD8om7qrR~b5Q7ws<KWp
zsk;GCbsnBvahu|f)b!M(C8JM8MoNVW{dBRUM@F+0Rz~Is(BAW1tSs+rIRf?Fo8Ynn
z8!&PnKDCQzXS_J^rb*Xd<Twd%*DY?D&1Wz&YA+pQURkv}c+93QpeEJS$v?2fw>agR
zTxSn=Gm?Mpe;dx>AwkNIdT@1B*<aAw@lBCzMCux!*VttUhAW!WpC93(S2++S31#B<
z4!$BEN)!So++R&WiD2bnQ5tA#&pXZiUL!bCKkce|<(ZmaYyy_kSV7P+S*zLP(E+nL
z6c-%8H9B=9yUeo?|MTeDV07Q)DzURgW<-)uqERea8)++Gw9C)!>3ps0E#kGZ;!L{K
z=j==kpFA4Hqi-Lppef8+PzGJ=Lq&P3Z|Y3>rmvQjucUgO+Bl<hPk$0e%S8C?O1o~%
zX>(pZU8I1oRdS9uAKhduo$<ATA=V3!<VxUM{u65gyv=IaoZ=41SxK~Uw`6KRby)19
z$nUta8GD9JnNm+^OskD)S<z_y`yq{M2g+>h9NBW;J~cSSIw5s@UT6}=5OhVpM?=tK
zDxSjYDw^pMc<Q8yWkDeIqqNMzK9N%&f&skGt$<2*t14%+i;xSKaR&;w=gtWrtO-pU
ze1&S7)={v%atx)L^&Bf5*m$mxUFjhCDf6$>c2G{9amW=tk(UvmhjxzjX~jDPDdR2Z
z#k0-RJ*dh~S$I`SL&nAG37=5RxoohcLVMwp_&MI`GKu-1LFgJs-W~8u8by8mf`gZ;
z6<1bejeG-6!3FY<-frNJx=v#kcWg{mrv2*dnwVhGnlRW}bViY0)?Ir@@vi@gG?H;E
zddq>4Xz5E4Vg+1<zN0Sw1K?pfg!dvnG)Fb=FQV<{Jf?Cv3<;?ZSfjq)bL$VC24`bE
zMzDQjSjL$U*L6y%xQ24Y&$PKS_16Lio2a_x+}tJWOd0AXHElhXG9O}+DT3R{fHZl)
zYh=lD$yQ@b$^IzV<bdIo^Y{JZhnGx#*aoP>jX_+*Czpb}#o4QZc^#}hmT81<>{Kvt
zDF1%-NCGF7`ildZU5qG`PFAuT_FPR54-7^o4^gA6#<q>j7jh_B?5?dd6$3i&{WOlo
zNQ^Mo3(DT~gkSr1Gsq=Ds~LbuGmQewGjGYb)FLLyq8MYT^W<L=eN6!WLru{To`S$^
z_s0i*EEav!8Y1N#+zsu+lEpc3PXU}}Dp=^`cY8m!+ts3joKF$?0{b^~G$raHo-x|E
zS+@DDfV=of$wq7mvT;Z$mGe>Ux7H7B;w~~`q#5?JCATzSuwfMomEm>*pTJZnAkHa{
zwtJ@Fg~LO6dVD1fY$&Jf$i}#99m`4No<{}$4!Zg-CPP+%M{=}b_rDV%3ZCXj3GD#!
zjUU1?@4Y}L&lW4_8q)ad0bh3z;n^D%@eD^6I`^~q|M29<X>XhsUhW)9HuECmmaulY
zlL-~bBvdkZO#UuzlpFjdwop<p<Z-Yl(y5ig<ReMV!8F@S-jh5yy)E@o6*H~gh8Z5}
z!#&s8Yy*Tz1te;z?1zgUyUT&5FyB-SUcGl{u~dO}1TpSTT@;`|Ztg|fICe1B5|snT
z4PZI`W{7WJ8Ja4}tGeeRHxlaXe;!L_^*~#AM^AR6XRyfAx-Ub;N*a0Q*mg$T%OdcZ
zqC=QK{<jm1=7NqeVt!PCyr5r`94~F9(sUDb(A7@fBty~WwV;FxV}~8KJ)nK0^JF8m
zL7HpVcPdK^_5KXACuT;LyX&va3|PiX*s{OYJRxb15W=kzd;y+H?<aLLTI^=UdiKBX
zNHbg#)a$-2nJ!o5xkwlk3}{0atdPL?lmAR&$um~z?1;uLij2pe?XOBxoOr(3Z+nTk
zx#vW`f%z7o5I2PB*VYsxRi<x5X*_`Cn^9Jw9E>_Zf(S?98_c~M3N`9pOIv*<5?1}?
zJ(y|7#9Y4Q*AjEc0Jh|`T5vXy+Zea|%^&h^<LFhXQ(JFPyUBOJZ_&A@8@oG~9}$q{
zPN4<HZX???LdAmlz|&Z26KE1tWkcj7YNm!KapjOH-RG_GxkfGFJ-FMGpZc&R-!bQQ
zQfQj#_5r5iNvl;znTSJO-4Q)$avAw)b=yf}ZWL;k*lN<k*uGWy_4D1+J%G{tjsND;
zlbrx5ttPwHCF@|IG{Q}`pcMD#>wnk%rojvAcK@@@78k;e-_P8b^CYHlzsDd2XtFen
zrV2eX3;pl4gJ>5P*B3fu+%<G4F{($i=JJ&}i1xLHa3!qEZZuWn-K?VDQyp)7P8-KV
zyx0wA==^Y}UvNMna40%d33>#ZJl|^*RlLG_?uc-uX`9_mR2{ZlC>#tyTBs#u>l{;6
z36cDEZ{7?ljxhLbVz}s4-?i4rT5{&hcUWf#B*xEQR`4YHeD&s=^OR>4WT1e$?ja4p
zWb-B00T&}=y)H={B&3%tEodM`Omv)LiQ*mL@RVQoxWk4>N*k;i%t6H47PCD>Eu(wq
zAB`inrz%e$Su57Mwwb&PlRs%4Pf+Q6gIpDoBML8I1Zh9A#VBg&F5u4jhZdnt@5Ik%
z=s4~#VzmaSs*KXW#kr?mgz)2N+(Gsudh~ZT@8?k}I%=vbD=mY4v4zTC@-I_3(#@q5
zH;rG!8TO^KXInTHR9^gwN*KF)7LPKs&jb4#m+^79HtzOLYwg7>9)1X=-7Q~kHClCH
zzm8m1)itJNDgYgwvjcG#2&bFt(j!g#)c1FvWtRmv7KEk=Q2kh4<N2<_ZbVB`L{{9m
zQBKKy@g>7_K{4n^3f>NbGn;3V|HF%!O3;uqQV_~IM&T@qt@pBLqDkkNzI_+=kfMP~
z^VsE20I#^&+yj5Ke$p5Dv(OgL`br%Ctc^9C;Kyt$RPKL?XBB-6g3<r6A)TTO3T`25
zV?6#OWhds64lUWEwWT8g9_YevyY%0^@aOb_4AC$)=k>m`fZ<(^$2+6-N;jG13zAj&
zQNASaU2u;h@Volcc;K5k$$TRR+-#TQE791{Sc!C?LWh5TD@SnQs<6!LmTmdqj9;#W
z+(rzq!m`B-3~1t!LV0zK;oOv)xH6b;@SjX0>{oC;htk~YsGiv(3g4(2?@QNCO2~RL
zzViztU$!?Vx4fm)i&{(f({RoTG*w*B*sh4E><}-j?z=;eu!y&3cd{&UB$zj<AyNfa
z@`)LgLVqxtHNK0J(zFoPsmk_}J%1}}C|j<`vTt}t(Cv(P;n*mCqUCG9WKnx_Vannl
zOEWF&zo-xYalfPK3(%T9uL9=rN>rj%F+<Z}=cYk_TEWHYtHQ)F`~f2V9d+^I`<PEA
z!gqb?RC~1_dpgY?JA|y$I{)xR5R8Z8J||7SFD#@N6f^pOWv0%u(*HX<YcBw}&D2QN
zn;xi^yNs4t#+=DDOc)%Ss#}{Mw|5u>Dw0>+=dGKZV8@cZQC?@5eP{!QZ&e5sPg1;!
zZD$zF^}(|2q}kn218gSdc4V~e`&>@xu;G=94!{hfHa~|kZ{Y$kwZe=07oHdg)OAT%
zZt4`P&K@O(NDNCBAUL2jCEN(aqJsdq4<07oo5d)YrC+qj2EVKq%0zQ$TD6I0doEcC
zyu{38-p7?2_9K8n8a3P2aNJ%#griI>j9&#&>NK3Q@9&gi3vx$Oq=o2m+b0@b51t%D
zMR3JlV2|z$MH<e}*V!*|R50G3W;DZ+=q>c25kYPc{4k(bq8Q#R+h=SH_BUijpT7$g
zz_|CV8?Vk|xg)|_l;2@5aH^2;u-Aw)koY_qdP9<)Yjp+Pxt5S2YwjC&z3i+R_0wSc
zn|N1)%UTWUwGO46JzjvyF`)={9Wu$7AH9t2KBHfyq=}6358Azb7J+7bHx+-csEz&@
zQqFmJ^E`JZA|ex2oLiaQxfYY{*!eJ&^2`t}Y)qN@ar>A}?I_{1xR&OaXiAyN)DT-w
zb{Ade&<>OAat}y(V~-avLbWDdTyCqW7y3Zui(H-=W_Ce+UaAhy{pQp@aHPu2a~~or
zcf#vveV?X4CtD^Yus7i3BHJwS(`YXWb;Y?VBi;JNYH4c*aa|pjwoPLl%2490F_Um)
zPRK!6EI|;ga(V9%kOJ6A*w7bl1^gPI@DrpPC|5bWpIei-SL2@({_76oPoA}pLIj#}
z>pC#J`jA*6WmlzNa;Uf<%}k67gdNmC1v;M<%yqTNUek@$W1b`Hf}WrmnxDO2^|j`u
z4SY=uvP$~%%U9HuugH_>H;84B#Kx=;JrkutFm!R7)PwCC!9MwZ*uwrj6a+Nh>3viM
zDBH;>`R`zxd~Xq*C_Qp%rK531TtJz)rD)^0>Z|wh^ZmOmWI~A#SmiS!jo(!;A^k!B
z*tiGgFnYFwy~~dE+X2n!Jb?kzs3M&5ZZ`eU{8bgJ6+?m(v&n_<raR-$JpkRzc=3VM
zR7hGD{Fd1Sb|&S=a8l|sDJ7+yO4?%srW#24ghy~rzJpt_J!;|)tvk}Rz6T&<jzg~Y
z0ME`wG|Z+&!bh(D))V)uzY4^U9<AzMD*|k)U{ycb9ckZa%^W~UJrA!f9u3)%O7pPn
z^tCcTQ~bt)q^+(O!2$1?WhW@ec9>RYPi1gM3Zo8RSOSqxFqHUUz>~p<{nj=C5CH9)
zEbk!ZBb?_}b_jbG2k^HIFoi9?7{7^70dQLsF3#be?1Q0XN`tox6l}nUv_jvcRr2Fx
z#gri!eMd-QNYv$GUh=9_K<9gIBkUh%lI4JwzLy4{-tPIDmf#4TB0Fjdg(gQ>wt3X$
zu~RjrbL((C;lu_v`4nHe_8IXWyHk9?|FHHRKuty8yC_x^1yq`X5RoQby3~kB7een4
zkq$!W9byBdOD_sRTIjunD!up6o7B)-=p^ADfB*Zx^WMBSb7$^*!|cgPW^y<=XYIYe
zwbr-3Mc&ByXtxEc5?ip}O-B|UK|VCLRVc~)-PS-^;0@BHjeHQ$Xd?G+urI7Ul4jU9
zm^)&Xu6^R4h9BM2?`GdnznlZP;o-XM;=bZfPDJ>i2K4+V#t7jpubDGCfVo;`v%lWa
zK8?{~FnS1z6X@$4_G{Q&K^jy89d;@)nd2wxQ>Qnzt&80-mb!s<ac0pm%?)rOc}fG4
z9-FHACaFb_p@BNI1I!^aF4MGrKSY&in<#(UJ%F=##_iTieOWBZ>C5sEx%aSKLlypb
zvUFs5>+p4>ogXo4`JUUoLR;(YkI|N)qSt<MGZL_%!&^KG?O3fkKN^p7g0%aQ0b_D1
z(xrHT`DMpjpHfO?++YJl?6JBaH~7&YCwWCzQ`^Ga;HfNKjN<KqHhhN0&y{Gc6?w!W
z1g>fDqm>v4hqyRZsVF%G7-2won5MxSGL;?}4pO#VKlxLUx$&)c{edT3&X{%VbIlJ+
zU3xihf}d0zz`+Z{xq00#t4fv}jF0bpRQpM$$?1q{*jEOaV6xoxnl$L$K>hMQB_F&W
zXZu#&Jz4F9%H&g>C=)qtmL8N29`bI8z+P6?S@2q#IC!Un?-;sYtTxohTsXs_w>fP5
za4?4Py!1$7qR(|DYRU1SjwvDxc~fWf&l?>2XXxQ%fc6eIq+~{CpHL)XOC1h#^zO<i
zUIOR*u7CB11*r8d_V_&GPmaNp`nDrI0j}lfNxt#D#7^xLk4ND7Et7!XzB;23<Iy%p
zQ<uja@P~L=XYC9fo@2&-4E>W#3u^oXOcTxH0NYXU(^UAp%x2d$L<GUz@yOe<vmUS*
zt#qp*9T)AEgMN%46_-C4uCF2$XwR8a;6piG5p9BH3~tpkx%+lJn&I0_dr8oz8d$!&
z16&o%dZMqcvi348!!-MA;JEJ2lWvRP5Pv@xg^x#ZT?id7W`}S}=Fi82;5gf0Unbgf
z6Rk3<{Kck@$f`4?Yn5Cp36hF8m$5=p9rTN*|8`5J?PNjtmXK)Xpfn}D6iTqkd{{Rg
zz2-*P1bTNMsS1R^B<(#mMd!!R13|d0r@p_%C^OqA49J5=T0qV-&LWeI5r56`G4l6f
z@|83%(`R=Hp84<@wZgoq=J%&Me1~g)qZa~S8KCgUMRhDG{~JFbI()nVUVQoGdZ~ep
zlRONkq<6h_|1rUJDYtbeYyBs#+r#fk5+0Gg;5$x}ewQ3qQY#K;UAHl-8b5Mg<<2~u
z^_`S{E;5l*_{LYD;Bcz62E6|ev5L!kyFZ>mgcU3_boDD)g~v;0m+Um!dY`uw!bC5?
zZEb`(^o^IOyMphC_}(Gd=wIIEJJW<$!w$cUX-o?aJpU}EnTjG7#o75zdse=hqin>O
z5<YykTbfwrliw94UzIN_#P8J|*X)6K>)WEaVfuGy=QSVsEzF%;OJ0)PPBOK?+UoZ7
zfmZ`^=NI01lT5=&H>>Y8X^x%9&(bi%rPc4?_%fXbU`YDL{lUZEi_^ZNI@lQe1JniY
zA0$Kh%1ph}h8#V=bV=;&<IBBWzdXcLg%|&@t!4`{Pnis|Mn(#NzZTmLjUdSP>E-JZ
zSOO@ESZBX)L88`>iQ%`J*^waFN>X&R+I3>?y;1M)xDyqs8e>%prd%I?^3mHd+sT~1
z`MIhEV&%<;h-@-D=%sE;|6vOMYntEpfSAFhX3Ky?d3J5idb1b7EB8d}iYOTzY&7!E
zA$*~~zVeYa^NY#AdvS0_!nT;{tDpL$jEhQbZREK^xhGddcS{cYzkP-`eMMlBZxS9t
ze;6vsxP35;9FMdh+rON20fYba+dWpwshxP{Nt528KeKP-q|xeb9@8}<n7FFYNzN?3
zBDHcv<<h(V4G#XviP-h+ywLJU<@z!*_It!WdYt8njnTC;z;gPf^knoEc~zjeYsL);
z3%~i#;9BSv{o~Nj_wR^3x;?y2d_7iW(U`mXZKM~+(O{pz*<anHEd-V8_Dh6T@^L4w
z?As$0p1OWZ>nyIoM4_d(xBS~tOCXR*S?5eodD1=qOUijRNs$+b&hF7-+C(beVCS2W
ze>~ON9Ki1mAtUvz(6fBodjJj(=5>JJDiat16{O-9wRNb5#C|u47$xueFg-#gsaxmu
z%sm5DXjDu-?6clhp%kN?jQ*F+!{xpzowgqwpRyp(j>dp}_lA$d1-#FDk@GnmZTojY
z6Is4V#+XkMCW75^ad1{{W^ip(<VCh*W6=3X+v2RfPRO{Vcu}*eonEh{55A3bv0qi$
z?i>F`wG8o`AAFwb%@SQWv08)=P;S-g${(TgRx<LKsxs4-`eGM>kIJpy`-Dd$bB}QF
z6m>U0R{0S(bAEl%K4-FA!U&MGG5NSiL-h*mkwMU%I;YFtvuXlLw?6u+(42&ayg<FC
zURscdnFPpeD2!pK{(T4LfaX<It?>+5uf@v>R6x9;&24JgRTij>0n|Q5?e#~V4^feZ
z;$u2Y_;H7fgM!st>hlJWVni~ngZM{v&%h?4<fm}!j+%HL>@}Rs0$MFc0_-rzNURa(
zo=)Z)0A!g=V$YEi_RVigFL^v!=V#f$-ziIG?GnT_R74%R{tC61uwjKvcJ{3L=NFJp
zb}%L?|55iPW~`;zu$<vh;iWkIOzs0=s6o~aMOj$?WW_s%;Dc_m_Y=L_P!s&vwY*GQ
z19JJUfp}RzlnV2mm$^1&oYS*&kkc`WHx0nr>R+<==&eS3`@^fbPoBVTUab9QY458u
zm2UKkd<&Jv-?E-DtPU1>8zIPNQ<Y&GDGQKJ)bpf@pW7I`v!@TU;#Zh6x+3ywO3U{i
z&wyo2!p&@uq>&3<Vwc!W+r>LMsQ!6LC|0VsOQmYN8W+~|#4}>b%#m5|Xp4n8YUqbJ
zoDm9EIiNG5EjSg%zNmH==U#c;lRvW{WYtOFqOBY}v4~A74`}qzY%2h#6)`k$2|wu<
zs~nrHbvF*<P@Ug)moM{#FBQhbT^jZxjUtM^#lqU0!L&#HG)p&3<Qp99kLjSbGk3ah
zO@+P)osX6G`o&;?*0CP*arpOsk<TmR-+uYlUeAYz8(m-t>?$f)?6g8>)Tta?UBQ*x
zOwrPwUmI2BpWl3661@*6IUiK|=ePFc=R7xV4SPf+kL$eMz$9~qM7~tmar5HVkGLuD
z<u)9Ya9pGmizN2`ao#r04*`ng+@ojP8wxA^gt)8k2b+eP<pSjfk4qza*{SOsxFfYK
z-N2^<oN^28I@KpzWaZZ7VNM*M&zEuR9lUq==2_$5lR)~j^<o0d%vNBID2gQ9*&W{?
zSn5u?j=-G?zHQH&ze8P^RWg<jf1eamy!kc%F<I-;o<RrvPSfpa?U|u3vq1RN+EWt`
zJ@HMXrz2)N&f5Mx5AxwmIw#zQOu4Eb(knSHEIjZ<sG>5qlV6CdB1O%H;}=#zCN2gG
z)2Y-qdTGt#2q*LKRBOW6e#!am#8rr9HPAjvz6^;Q#>xEKAT2TtB+Cnmb7lv6ob&G+
zLe?NumKeP%^kcZSO+iW2cT5=K<+WW;+bW?*QbXMS#=E^q{xJW{k>b!Dj2YEha=5K0
z$x9`IFPtN5dkN(=(quk;K8x_$vb0Dcb&$jJpU?s6;M9*Z%%IOm?ln~Q>ypGQSxAj}
z5DR>cSqE_f4XTuBY&o0mfq#yaIRX!%Tcr<3fe_YPbX(NPZ5cp8P_5+9<cMYf&?O99
z9H@c^f2v*WXgAE^-kp+Ko@L}}itxhOY!ulZcD3vEJYA9da6e<6uigG9jJlZa1I$-m
zm70Mw;j811ulR9wTmVTNY|n3DUmg(6uWzwu(rJn-au{k)H86}>jU4~QG$M#iaLF-p
zS0LzpK9y9l?Oyx^644tYq*X!I78d1CkU>YLS4594HQioqFu{WfUn1Y9og*zacL}Q(
zp{W<#ek2r|!EPkewkOdu>A2y?G?qi&zQ`{e#Z!X*NS)X;!b1lSxP(rgXCqx4-=?>#
zbG9dkKqQa}4;R0Lw4mnjKUuw(|3R1-EljbPe>G(P=1T29B*ZQrn9E;$YVZ%lWNdp2
zBKU2cI~vCI$o7VoDw`@LxE4f5pNjm86cB6d7c>cM6a@|OfTOaufqa1={1GZ^if~)4
zeB{^KjE-lbqwo6n!BNV5Q{;*l?MPwEuU*e6-F-<rwRuma<-MtHYRPL)aN!JA-z@3w
zJGVzf24c>Kw@rsz_dcxoTRK&je1U+~&;eT!QLh1-G?zC?xt&y@t8c%E(ibYT!``Pv
zW`vuzJ-v(K6l-#2#;?{NKLTX-dM6}&KQ3ZP+YH>&_eCDY5d3aws0ALL%j=$o>W=OS
z(X^Jn4fk5Qw*#2VHz`FaOw*z=zWTQf3A}8(uiWgqE(nc1*NwDmqT1%~cff9n&?g<{
zfhh)8I0uhG^k-kyH3G3+VOK<?HB%SIc)RR4l41i#b*y)p#fw7by^YdcgVVN}Lgh|)
zf&4vQJ;uw09~f-$%W=Yso^7+?LR{sZ;4+v0*Xm^x=RW;VKIYWSWTnl(+jp^A4v@a?
z@r0?NBgBof`At9LZ8x8c7bsx!+ZS#+_4`bK8=T^Wt?L!jtCF1m82=HVNJWm~NPQje
z-h80I^qXo2K`vp>n(@@BTex2XZ3V`T`N2C%+tszQc0M#rWJbBJ4xmi%<ca~LXzp|<
zVRMrjY#DV4+69?Sr;St^rrbXMo60}z&{is9Hp;YcKEB%az_S=a6aP&<r{(3wFRK|G
zsfB}zseh-hY$KAUE4t=S45($EaNPPz>5<0QiHzMkuz=R63OI>6Bdzc2PCSVNSJwIP
z5A&QOrs*7g=%A^43_EvqV0h$x@h_Zjdev%%GkxgLNzdngahfiJ=QRn^g?CBuf3WtX
z@ko$S1?O5Zn!!#=p&P4N>sJRJ#L`a>CyiQ%dp$R@fi_ge9<e1t903+ol8*;fO4-Kv
zqg`!#tSXYh>=ItaVZ&Q_Y;lir|CWUOeL9-M8_DGl$9c$3M+!Qmjz(wlmS<xi@jRP%
zvvEy4%^v9X%F;&k+P(W4N^_H#8=H2PYe$~`%@uVzI`w9?OBU;y5nmT5w^G~+KCshI
z*4B00kgGEd#ScjxoaPBnd&`1O;tTqi%xYgLo@2m6KEss1vqbjX{C<eQLrq<`Jh!=<
zDvNd9$u9)Cfg)}?^d-sIF!wihk?)lN!{sHAha`MSAKkW`C>qGf`9OCks3(QSdRwwV
z#muv}J$`9gF%!<FQVDv|A;K{0eR93xi`EhnwqLZ@bpB|M4OYMA3ty%#sYpGar0ech
zHXno#N`PFe9p)5Z$VN?;m-bSilhFs%4Ngn+2Fl%Kxu+i@C7z#v47!V<_hhEt9G<0O
zBo(oe!ent1>(B?s#xJ-;*mkN~!xa4882Sl9UFwEtBuU7q?sI-85BUab5arQ0=gKC(
zo`QF$qhk|du2{PKU^d~wX9?lzDA1D3#Cgd1BV<*5ZMomcgut8mQk3QeFrl)@|MnNN
z<q4hy;}kBimzu3KNE%v~*PUlko}kliLhRm|y!|fCj`!`~Ni-<|=b%XSvx(ku6Nv-T
z7~Tt~6#4yu-{oh(WE;UfIiQwQ-FVLRv6AsrOQe?#m;uh?zcub9XHpoChmG)ux`$Th
zZah+<#}!%?be{OEF7i|@Bjo8j8)VH~z(L2XmGxnjbr09r)a0$82Zgad5E?y7zfxPZ
z;`_u<LiJ%mPSZ&2`ZQv<C|%rs4YmlLWxLEqtx_ldGTtlSTfy~H3?onBQI%d<FUNk5
zyPkw7d#ReM{BgMXep%vaNV>K!C-XKvgW{?>?Twg~uhEc+EVVMU`6#VDuSRg{Si}^Q
zq}oL>w(wpGwOv0m*E=4GPX^N#n7+tb&>N2P*ioRW6SjVV2h#S!Rngv5+#lm7+DmS(
z&CLu3*HJc`5~vLIub(`2)BA%z?S2JneFmhS`|WIojlxO44ec~2%yG5;5@!Sn6IZ_~
zu%~sql(E5PNH$D8tc}Q<OZ54w*Uv&l8e4hfZFsT0tKq#+TIjyvwQ56Aq9Z&kNY)t;
zW4*i%PqAoz8h^o%`!r8|L{E<V<^zL-wy170)C&uav=?C)IYigN9K#|Hp`Pw6Xv+u6
z5;ck^R{qV+@WCh9_|0gD8~l(oy}nDZP)<@_y*%V%p|3`frng2W@GoZV_^JA>)F^m?
zJ&lO!VUJ#MJkisY6-<_Lrgb%SS-&SsRh$OvgIXow1g0AsTgoKTi=Hb!B?&a6tdCek
z?;wjH4O&b*TAPKu`S9`T^WaL49)qT_=<$KIU2*d-J}qzA3c?!hA*9zi=^)i19YdSd
zIUqLbVG&#fY!7rID>Z++$xFyjf6^d#x%9`0EJK`+YIzK_UMyh!q0RpN=dQ*XXYwVx
z)~ER@QVrm9R$5u06@cLe|0WQ-vf0wjrgQ1J{p`Ju)hBi(&o|_;6{8?^KvSkr&tLGs
zqPCf(EppZ7BxBX&XXGgQh-xtbP9Zdfbon?W{gCa$_s`GVyCt`5UFYP+9wY5%YfF`k
z^5@+T<%cippW*D2Bnh_QavVE&7R~Y<q0@<_!YcX7A3Q%s1pq{u0C<*h&{Aqe&}r3)
zGr5HYc%Z`5puv<{DVJ>fg4<UhyUWF<NIvxsf6N7KqNkO*`enGC6hfSQ3kq&Nun4-q
z15KmXfOGnTL&ZEV$7zBITkM4Nj7==`5VQN^eDo6fc^AGP>G{oX4jOr}c}27+k7JsD
z#`MVcFZsph@lxo4mGZ_aH0Oexz!62@+VEYXJHa)b<(c%rv73M__;~`Bx8}q~;^o&h
zv|BroTQ58~J6M7*6E_^xkm$;`1{%^0H1gH|N-#b`>0R``0Cmy+K})gNRhvf7wpt_W
z?c#C$MlZ*-8m4W$s+}!f9mfs29k4~}(8-DD^642YU%TPkzq9H8rCz2T{J_CY+ecEw
zuOVsi*Zv{-I%hcQpVQgvCQ+{7UGZN|=SXuFuZ=cVd0!w-g`56?x-8YS`TteV_<wgy
zW!XZ&ylV(K9FciCEUXn$C`;sb?=OVD@Pd0R|ITg(k&z+A1n}VZOhVl(Zr71)PK%%G
z2KT1D5(OGvW1ygoi-7S2ANsjpg_K>MOiiW7R6Fy;XMxFIv%6)hGBYsW5%CaY&Pnm}
zD*EACrK5%U`r*;L*mH2--in@372g2$sE!HQVkN5-AskXMmOaX2Ry|gj$xVC*=pY_C
z3$MtoxS6aQl5vlf+wIxQI|SYXP@!h6;f^pLtUy0>Mre^0<mDeevu>Bv-gz1YmqMHz
zuH$-Z{kMR0359%ReZ5Gs>;;!oNldSW_%c%}u?9!`--ub2TpOJZyC7%gAG!Em4@Po{
zi{xGvsS%Gy8)AtOs_C48hqHc<9c@ReLv}g@oO|&r*RW?{BVo~@r~Y=(x)Pxxz{z6?
z2sO4Ls8$%<!OiV=Gqy(i?{^x34C1$xykKgZn$i}gL~VRrY0-`I7*rm@{y+kAT|9hF
z<jza^<&Z+wU{AgNJY#uSs$M@U2K=d8(1eFwj`U*V^omG<YcHSIwviP}Ic;O9{^XiO
zi>ktr`pnjN?#z^Q=G*Gp<e(ZRS7E@Xw>n}#ml{t`DKHKfrmk(&&^#(q0B`fcatk?)
zA8`taA-}WsQq;WdkM3MRU#i7!_9oR;UJ-rjydV_O${G^rqc)Q5HYpk_3#w+^&OiCz
z@b(7{pa$tYd+zM4G@$(A9S<mtS0rnW!C8vS<WE}S3nkHC=397Ck2f*Z^n;bY2TL#t
zW6$U-qW&1Z8RUZ&auP|r3QR7c8b9k#R$ND!)t$ePzO6e^*;@$L@ac{Jv+>j{o%cN_
zPYCB!n3i@_&)hM<$xZwc@*?dzFmBz<zpWun{48Q@tMS&s>2#Q|F4jx;;IE97)0#K@
zPg9B)DLt92DU_UcxT5i0j!N?!$lTCYn1Q9rP(}Hph+Ug=1ixQXOCAK4v#$Qrr-u4e
zh3)r~8?y{~c7G)J4j7i2HAZzwog7~22l2B_T(%w;+wJc~-W(4ZGHQog%iZCQSKru_
z3aqa!jRox;!TV}2GSaz)cKzBgkWt=7yL$%?7=qrMZ_R~>Qi|)s!#BdMTm>m%9z>BC
zUEjfbwoQT|CmN}Ba>Iz$=bslF_|B^*9^6>(B?yK5_A|BG;Pk)W=zm2N@<K6lOW^+e
zY=Qcz2n`W=uMll^6!M4ujC##>2uT|`YST_(o%Si4+js?tJ}v<~9&1NS1_(Mn+Y*py
z%?tzQVh$;NsA#+@8lVD~KTtEn@E<>bOnPtOcp=+V!SWNWj#=I``XE%^G$z=-@S{nu
zszr5KxI**?N4^CF#Q(VGtZs>!x@Tcp_tVQ&ZpKYGP_osAQ(5K&_EynQg5>t+o<GRq
zI)=6CELAs$Tw}KS)V-l3Mfs)6a4?<cRArDo7~*bt3oL#l0NO8l9>O`Er9_$b`_}J4
zc2V(?^bpQBZ~i^bYS+ETThj)2cJ}5n=pU&)^{*eNqT>H%UdZB<Jv;>pZhXf1`9yv9
zIgr&Ib2^}C%OF72@TSoHBAt+KQ)}Lm#-)bLx)e4X+dNx0lO_}Rr~^!3{RxB}7lOZ1
z6VSeh3-d%=)r7b#IA5J0d&=mdj2ecwcr2N+UJ>o+4kF_dait*<aN4toRfQPs#2eEu
z0f#N^v!0;l31z|*)S1l2L)dkX%Ff&9XJO^t5><U>@v+9V38?9TiS{)&Qc>vGqOX4t
z&aQtwH#aa#clrCWsJx|*MPz&73!YnJ_~KH{NStf(D2T=tUqgF50G@;I7ZatUfP~>j
zaX=-Occw9yVZ-gfMVZ6HR(JIBdG&F-i$@dn^BdG+b|}Kp$a{Yo@IZZIh#gOcPtV?1
zP&Gn@EK>Vmpe`>^zV?t2d^m8e!ru>W@Y`ZZ(n?jWsy438R*VN1*>#}rs;iNuA|EHK
z*WX?3lS1c-ZR@L3%{e;>zJ@y)`F9UK)WIu3pyO_V^PM915X66O(6hA!mrMr9gO|ol
z)8UbxW>-W@wh9DB&o~;JCf!qOHN>h>17%~O{5j3+*Hq(yT2L^<^U%G)n+tm_;B58;
z=tEyw=bt)judeM;%7BylonzIH4QQI4U;a2>osD1H^y!|qOG>pd%&&W-A}dRUx+Y7h
z_HW$k=hdnOnh5NDTw&(`H3vERh5KMW<2>jO3&&!<)u@Mt>VPp!LlXnXk}0eG0V77!
z@AmtGIMy9yotGSYDl=0ut1Mc4Yh9(<l6xTs67Y|sD-WQ>yiZ<r0}JIt{R9!R2yO{!
zD<=LhmL8{PAd@i8ZeQ*LsVC+Ul8S_O_a^s6vWJm`UR?e}fv*MqSYBtYG}USy8S`s0
z`QqPr&c4*>O6^`YY^a#d{BHh%toHD@99FPF^$Enn>M#@ZIk&NO$@DO&rn3SE7pwYM
z&zs{rWFnM-STy?t1|R(Ms4Y967`qAk$)Anekr4(Lxxo*yr#SVWtf9_^edyym&**X8
z)lGkI+nk&N2=`8fojy-7`Sm5OZidZ<#_VE%-Rx;QxQ0R-EC%goM8J6uvip~Qa^5lE
zW@vx@cuoH{7zA${%56z4v++GgoD&Pg_W*jqtkuJRN70+fxW!dA$M3(Q{qT@#rBw-=
zWzP@QcKI6;KlQGN#$J>6VJ?8D8W}=hoi^-dow_2bfYlNe9<reU?wbiX-%ezDZV}a(
zSa+oTl!N@WxULG9#AcD9bL)Ynb8<voQ&;H{?}NFsP<6YXfituRl&|+g2~x*VvQ%4g
z91qnay4Gf2q=%#d>-Q%RWtsHz?)%|SL%YmhF&z}e4=xdZFMPl@L+wT{vEB+AEOb87
zQvJpHZ|;wGLPgpT4;5+@?Uzm!q`^hDx6gu>bX3yMY35Ad0le4M^@4HgFPHarWqlMq
z#2{x7Uq~3-Rv5e$2FIxg`Fbo_7-wkt`m}u`_}HbSBgTM`7GQ;_tl9OLPJdSE&w1eG
zN1(Mz)xCDw)x)?N^zIXgw$3z|F{C>^IYUuAr?|#w5H)J!FF8?Bl6w;6@(7?|h<~m-
z-ny7DG&}e(xdW(ObG-wH(2(K|O!Q@~G>P9J+aE3KI8CMQ*a7o-nlI0!bsNBqqe2#q
zJR37!6GaL@SGRxl7}rBOFQq{Jy!FK&FPWzI8o6!W0lehhhN@ri<qj0Ec!f;xkZfG|
zI$cQg*AQf=Fk0I3ylE-ZO*st}m&vsW!9w9WYNsAp;n6s4ac%!kS|{^-2c+o%q1uQW
zX}(~>H&WAKW2v4Ll$UnH{qvMPmvk8YSyCe37!-)Ffkpxk7J?JMxXCY%FoQ0+T`IKj
z29bxnDDq_EffxeC9tEIuM<LUR=Zgds&~xF7re_Hb3)Q?6-9W^eV>KsZ6Ah2@>k?g^
z-PT;P`c5Sr^AR(ajyWF(7~J7F>73sY$|n&5xR*H)w9CbWr0m1i;n3QU%g+OloJWe?
zqO2h=3WNU{!@nU0yK`0xC!M2o9GUEadp(xOB^+K(3=yaf0#N1e6sir(TXQfD-UqmL
z-z-B~;$Sy&vf1<aXiHXbeZaXckbc@T(%vu9IH^d<I!|tKH!7RFXk309Eli6H;t^rQ
z^lEmU0E{_(=WZkvWw>tAg3VB*wRn743~Q+=zJpV&sB^nynJTXXd(UgOf*ksBTf+%$
z1|~V5g?t_`cSxY00Gm$ac>UB1XuQet_Q|=si0+)-dD8IuMHpNv#fP$Y>*g8w`(Jc+
zYg-v<(J2wU^3{#=v8HVZxlzh^ZBra#(ekOkry#P`!12jXW0fX#f)FP;Pbh?)lRU)@
zi0W_W8@e=UqSJ|UBW|pTo(xLs6sGRt4F+Y(g~xZ=qGPZkm;E#A9791Z$)>Yd$>qpJ
z&`bPFj)=l#Czy51Ligx4+IjoU5AcuQaw*{8td&X_W=Pk0%I}i4>40ZHjQEy=8!PB^
z@QfTi5qpO1Y*n%93w6p<lG56FybVb^DKcvVp0tNo{DrXbOkmv)_&VS>3z*n&l|eX_
zIm^2+Tz$@pMLn<dwW}+PN(|+3eXHv7_E4t@5djmUZYL)uMZs{?TqHAEOWh=Q;J^I`
zqmnV+3e>wQ5sg2cMIC?f@-oJh;77i)kL<nd*TD0ha`1P$OtMyDf}6fh@3L5{tn}I1
zU=Qnd4HL~kb9%a<BHJfY&peagnW^24+->=Kp(`N!rez3f`X7^9U+7F_b^4kIUVKEp
zQW3t~M8Ur!ma#l7_#Z>oyr=}N{AbG+1D`=8-s!?lGL{J_R=8wk3h#Hf;3ADB71fO_
znK+o>fqsQHhv0IB?kpSYsg->;PGy{%NV#jNL3%E*1J?=4a-#-Q3l4wfqKPlwdUBt5
z>5kBfpbo{Kq15`SBW|7KO`jDojq6YoPqlk$UonBQ3}-y*j+<T`y}Si%@YmDJ34=jc
z<vq?BsjicId!e+Z-4UEK$YbAY=g}(87m@9xCM#5BfpkLPHYs=9ASlc6Nax3&p@{nG
zV~Ro%bmR1V-YMMH{taf3O&m9xJQ~?)!V>IWl+Os-kqd+KbEc$MyXH15H7*MQH}Gwv
z_yK>ZX<j3wz#5))16bX3xP;`pkAv_02lzn#=hAncHM^nPNnq2R!)F^#wlaW^XcGa7
z;xosNU4G*IL|x*eB8?CR+E8Fgl^*25d|056c-{NSUhCp})5UQ>?pdhr_^ZaocrC)3
zW7ChNvUMa0W!m23Ofn6he`rqQKWGj>bmU6=;7H#nvZQ=fE%xj8;w2?-fL840D|Q?P
z^(u_P`qPSl_>h#-5vKICIAW`0zcaE}P}b1!&xAYEr%c>BcuFdD3^U%M#P9avc+S;w
zKPPz=G4IDDm6Chr2klY!LV~#hJlGkQtI;}6l_PHC$>S@Neel)rPWCgAvvF8}|FeRV
zzZ(-#bFYc}Zw9SFT5|~6qd)iVZ_dum{1lDURsW30A*9!@<@V00&TDL}_ZPDiFNNIA
z+8Qe2wz7&W{qmQJ;3}0+)K^pcE7Py<l!zRoD<9+<EM;fx_F6KO2cDQEML)cBUQ}7~
z$L$(`yCd^^W^4#7?=jF3fm=mUNZf=j>xKHr<5!UOrk09lqm|$X99}(D-XDGQu2sH1
zp(kW#(hz7zL@TOAV#p$vCGe0Vs@}8wB@*dtV&N<9B@Yj0I)JwFVu;l@;jb<W7kVW9
z^h_Yo_7vf)qNxqxaOC<Vo&2B^VvrbhT72W6GxAnXZ?=tqLwFe*pfBE_4MFDa=`*}I
z*jcM#7#|WU4E~z~1{x1$Z0s2Mc?&w0#l|Vk2^&8Q+hj(Wo(2HDjXr-;m!%{E#<k*X
z&kX$$N|qE{@MC~gZI9($0r;O)Qmkj6c)-IhTdVNnt?=}+6cSC3SWR|SWlJ~ceyN0F
z4WdfEdt;>-l=apZzVx9zFsoYf+e4s~TDr(KM4439FW~eUCc!0LO8kH?27Z!(8SQ!J
zZ|EeCWAkU_uDjF*_&!FXpm@NlBmWl$P5aqFU`}yw%zpve=0F}^&ol5$FepXYeHY^V
z%=EMh!$r4AP8BDsk)gu*;y+vUx&gf1u<MWUn-+Gw3F{=BNB*!VwR348HqHO!V(9dm
zGx%WCgj?37_nLHF7VOQKO%bvQ**+%@qdo4r$N;+7>!Qx;vh793ijgO>@U4*j5Dswp
zB5vfe=VY)<Qs;81J*T_8B-Ik!E)YP_FVfUH`&w+v7{z9&5V`;7C44WV-?>7kVqc4W
z2h^m&qT@W5EbM(!_+GIR&BN5)ef^CzK-_`ur+WT$SlE&8#5=zOaLKRqsyJHbadpUw
zQjDQMIs-6|i-z;0B$wX6B`b252PvNY83P>zlVc4qFLM8DaRUj~r3k_wNGLyUMgzqO
z4J4oq&GrLOn^P&b)BU9F{Rl9ZE{iN%KpLUtKbU*VL5kTk#C$qNn!MiWJ^=;f=?Hsj
ziTz$KT!)~gsNlRK?Uryc_)QI#?uHg%Z@&3&9j6j1M4#xY&(0_e_tV{$H%UVasu9<n
z(R6O*R9G-mU;L86L`o=#M{P>h=>qOjTXp-;*SIQlEPMgF1XhPWl@W}`a+P!qcLj0u
zI7%14+wW`}lBn}DPh2sf-sQU@`h9J5le4EVAdd4=sGqnV-nAYs%YEcGXovEtyG3oV
z`Wsbk!W0Wig3mbs{61}XS)rAbWm4{2i274ZuhZF)kZ{bhsgrfSGb5U7)^Stj5jZM;
zUOvE$H;K(hlzcy?!XE`HbgCK6-LJr<hWlP5&vm+;e$=F9V3Dpg`5Sp+brUWYq5@Kj
z!JuKL0rFm$ZX7Xdg?wPep#XL5PpJ%?4Y<@-+}6X`cHRcm5+;f(v-b4z%R>H&`<mj4
z3p>jkEnvQ9c5h*xfm)H`4syyH(NW1b%phm4+2%o~=CWG4atVT@Ws7`2YTzTWq2@5}
zkeC1_)D~i-9@F0R$ll(#am*dY(>YfiT%)-+1y6aE1C5uu+-?LRoWysJa0AutsV}Py
z*?6B%+x!S~>DYE%J|{U}Xiw#=Ibd14ZC3i7u*Qo|yd0DCY4Z;H?odC|%}0xvYx(uu
zkGQzOTo)PCQqw!F?UAs$?lRzER5}SD@Ew8wMqMP%;&O|_A!Wb5klhiSesN<)3Us!3
z%=lDOiD`^GP{xYE`WS@PEgmGT4s|_nfmLzKQMK}TU;0Us`nuS=2&MFS2p<Z%$jwBd
z|9&-D_zMA%Ds%?FrOlLCd-wN0Mj`9<DukgO#o`Tfo9U;2kRX(x<^8}F{ihV@rL?zr
z{ye2a1YQP^jYqkT0k#a8v1DNzY?bePi4C;RB2=0p(mq7gZePg)I-NL+MC;hM&fDa1
zRsMujOh-J#VtFsa@ubd5Ji@s&8@wZOxeIf4s|4BJ$wIfJ476bWYQ(uyVwQbo)CSP5
zAWKj9`jh^}h!@9!VR6-D!U-Go?gOIjrt}QsSj;Hz@&{nwXr5fYpe<?IkJ0;-YTV0#
zpDj)#9>S_XblGM6^R@j6O=I6C-VzR6Ct*DIY^LLWMSjdIjeht0>)2O@`7zs5#Za{n
zcKf|YoOISL>`70YHocxk+m_TFyxTb}92$IlSOSidcS1sYWVUFNUuT?IB>4D~u(L6!
zn&{wNkI+I5yAY}3>?wm*yX>~ndU=jR9vb-R!R&>$cBx)@j$O2{xp@42!XdQyR90%*
z&XeVVwL8qk)${UgZ?xo?H+gQM;PBrP(6rQZ6xLGWd+=P$#@^A!o3OmCY{VG}AZ1t^
zd7OJIHN~m8r+PY&`)FOh>+7moM#;%(!5-yV_P99fmnYOS%GJ=MNV-zIWZf8u#&hZM
z_Ox=6Y*vV0SM&L=lgGP$`ItRQ&suC-0-dU9napL)HM}8u{3y3}B0#bhkRCmx%*-gL
zUJvqYYIpIBzPwv2{y1_sovrv%ejZi(qS)j?_^X^wbLXm=I=})8r2nVK|KFbf|Iw?e
zy!D*%<9zn6XNRQ1Aw)+IQrx@bNtUWITI<g1t5O$ud3Z6j&<7lZ^X0LpN=JpNRWcE;
zod=cfozb3aAS>%prHLwbPRx(U!s)1l+9hZ;FzM&e#Z%h6S_37_L?_{4xZZAeS>iF_
zA%SvbzrJP;X=i3b*m?*Q=g%O0RmKaiXN|~sX4Dmp{{xF27i=Lj+TljiUVvt%JK!fN
zEf%UedgQ8r1-I>q`!mhGOZNvV*&c0yc;WMWIq=1&BLxF^d0kzmJa!^L`ra-odF^d@
zu;qJk>LQTI0d88|dU15wYT$-MW@Il_fT&!4rI?5R$6TL$eShMz?j;ow<>2(;f(Z|Z
zQ0F;o{b)NtiQxXY>LS$Kh$g;H35%1;bOZ{{dxT(gcF8s7@mt;Bk0Y*?fO0qCVwn8l
z2olZeDsOiKCXj8$K5tT1p<VU#@dm0P!Tr_Se=a_!a0utnzqspHk1+rsy!#h({lAUu
zsyb8|a04ZNbcqRml+LkEBkSl~(rK{$ZDs9%h7W2r<2pD^rMMM{_XI60j}3ppx3lY~
zLssMOk+XSF$m-ZxdUFBg<ve=+%Zecan^<bXYn|H}%L@-|uf^=ZtpFCm&3o1VJZ%A4
zt(URy_Z|nMf6hf%S$!C2PdsK`Nw%ldmHt1noBuc4GZ1sA%d;W<d2h;;9{n^IM^2R@
z%NnEe-oqV1d2AhfFW=BE%#G;<WVLg{0JL8<0A9HR-Up(fCB=g2D2van-E(cjI>}Qh
z_=$F7IobBgfO@Ij_Q9hfGtC3J%KR_Y35SB_S48=cI5^|PL4h}?lBccU@iz@hB)h}E
z4Y%umEzAGYDgHlxzc4CcRkWe>h;BTZ5$MCTM%TI3g(H2huK7YvX+)RS{-Za2Q@amZ
zjYqJHMJksOvTo~sRyBF<sz#oR8YFa^*vUHA-+oe8L$J8CITg2C2);mX>P&O`sQKjW
zGGUjGigd1sw426Qu)Ia9DRnRh;vrWm)sXoV64%B%lS!%?bAYWFME|!R`2Y1)@&4gV
zPgyHx=kp`;4|i~OIirN<TPI476f<h2r_C|g$KVuaS1r|84o(##Ta}OAZ=uxLH%_O;
z#J#hcq4?Ml<pW!1uuG;~&=>|F7?g!zLpXn4f=PW23B0)8lhIu_@1Qmn|1-)6*Gidb
zN(@$1s82<(`cXx>!lA;P{tPogh@NVc#4)?@)`zD*|AnwhZ&9kh{{Lgpa0waWd7%6q
zyLxnu|K%YYC$!-$Z{2gDYUrZx*=9QgZuaw#o-7hK|5vj)1L{+$u~OVsQudS-n>?k!
zkJ0vt3^^UBsUCg*{h}U7hPKq7gtWhZxiKe?<(z?_8gkEijmM-F_fnn%@nO&p|6hoX
z66^F@GeF#uqfK}c$o;+fe^{BXrsB<fE}rh^PxINEZzstTc}E5iSb2AMj<fl?YVNsz
z{Yu!UC$A~C8u7Km7;wya83bfRFl*dpI;TBnDBegO&&uds(=+ZR&-;3a$k{NWXm;*R
z{krN`OPg1%lZ-kp9mNUc`Hoiyj>zEdI}-ne|3(%Ez?PqsjZ-4+3wm+E#R$RT5ZbRw
zCG&dCeBh2SHJ~Qs$WKJWuIpP!AXnI5DZ4KP^rHTU$;YZ4`>N3U5oc#+T0lHaVO&8K
zh+BZRfG?PP`ar~sD?t@62{$F-x4Q9mLFh`>@*po6p4*O4DvUvK+vQo7wLKU2k}1xa
z4?Y^gE<fGmjF{i0Pz6&)dZG^e8p6wEvkW@zA3W`4y)Ah_V6Fez4yLqEkCwJ$N5ja0
zb50W^318}~wGOBY3lK+JQ|79}U%!DqEtPH6zG7D$s4rfrkmE^*UN8009^0$@S?=N|
zu7nSIoiRi<CKtllz#JF#9dNe(047EBzZ+Lmq$Cy&<}R+z7N++9IfQ+%B_$Dl_VU?(
z4kRRawY(fHc=aG3Y%R=Oc{SZWxc+;uXm4s|!K-Uy?rQyv|D~uXuY!e*m9^_LK4Crq
zUK!X&n6sv%shI`uTMKs^GYffVQ!ic>Q&(3DL*T@~pYb!^H#V*=Y8K8iFndRsgN1|Z
zvsb)|4z3o?j<AoWt`^TMO+UI=@XFbI1U}-G`}fgX3p1Fx1@Aix2P@#83h)W=3rR_l
zlKl6jd;Z#<^LS4wd)0Z+pv-djF5?d(M(L0daRtrSZ%dy&*U3xQpnSmf_Xe2Z;lqd0
zzHi&eLT;(uqy%Kz+23Y)NP7d)qCfmQdBfvpjZbzh9fT83w?Jo{mnjW(Q-cEoeYOTs
zlm?f(QZZ`;zjckGwiM;;hNIV`FUmJ-iHK@ikQzVb=g++7it0nPHv!3p@J%nnN}@40
zD!S}PQ7H=ssIB@{4XIq>ag{A&zVDMnL~4UiHSG3r;cWbe&;qUl!-Oygx=omdaoQ;s
z_R3LRgMfvHhxP^u9%vgg6Qw2I`w0GER{J%7EQ;4>Ld!S<Xl%37c=jnH@|od9Gi)#N
zea<zav=G?2ReUGS<9mZ_tB5B6IJad{-g3I4KDoQnqbKk}!>yF)(^9t<=D0z}PdA^G
zcRr`q0A|kNhS5dxyZPOm(x{d+{M`ALhzNqs6*x#F<ZDky-Bn4v&ps`=z_vxW>0CYo
zB2Q2=76dMcUBDILqMNVWxsZ#jwJv@%bXbSIxb0OGhqE(-kHy^}3W@qbTty|kSoEy7
zTO?lqDILoX136t#bd|!tAvUM45w*)59hDau7YUQDQ0sml`h58dWZGq>KPM;c9Qx7u
z>K=%DCN(jY$rSq~_r`9aZgMWwo3q)WyvrPY_^xulWZmUevgB_}iuQS7@I#H|6aT$|
zIbY$^m28;4kRSR6H>cw%lbm^LM5~lxEz`MkXNluxTAgizhH+fNK5B8is2E;Jcs;Ls
z`Zv3{Lu$S%uM>Ia=F#Nd#j346oA4dSpQr&{n<D?~Qzudk>%-po=VGeHE@^-2LqmOZ
z2*sK&X@pM`Z<ryH8h-z&f8L8y0h8IOwaB}9$^L>2^_#(`oLH}PMevig8xVQoAD(j`
z4kNeu-TE7^)3*i~_p;6EhBT|4CSK2%#O?%AoKKAEtJ)`n(<9`?1NVb(`M)0c4l<tq
z+U}jTZv{bN@0u%KrA2q<33W;l3cteog7<2@i>UXOCtS}iuGi%lN1^O+#*BH&TrDlT
zewZ|TvBP2Xwc}v(qWr^^U-!tw0ypM3@`_6CVC_#vpeJnP=DSZ_tV)77_=NOrt~AH3
zPU&a$YMXtRMIzk2(QJNW;i*sbxYaLH?Aasi6leK=tNxG=IS|g?Cvzd6Cci($g-ie&
z#($R7J(DFjN%`w3A+)@pzoX2D{u}aFY>#T3j~Opn6mJzI(-43<@>^hVu1_8I_TGrG
zkbLNg-<v9gEkBc24ZFK+wZ?(q@tGwMmF;Y<eExtJe+Nb)69u4ia$&9pT8Ob)R>r-@
zE)-27R!O#zm-2(yi6bgVoQ|>GFvTRn(3rk;3Svk>`-^(mBW0N`*l1jmw-@yH*pFR$
zkk~k}uU#cGVKYl9GKA*ft~s)g*!=484MTsEF5_wK1MFt0**DGS43jw?x)FU1u(p?9
zcJFJB>5^^Dxveb)s(!nTyeWi$8(_LCJ0P&OKq*yrY|U;2qy1@U+$uGNl(4!LcYxnR
zcaPPg5h}jX<2HG}0kSwlI|~eJ!&8Kjw1cEcJM#FsmE|9UDyf}Z`GomrN4drW_p@2A
z&|i)zF0{RLVeh+~Y$aT1kFY2U8^%GOL$~{q7E+XCDZB6ZB3Q_l4=P7}={}A$EoMgy
z{`CqLIe9o2`AXkzZMV_%aPxp;ZF4Wx#d%EQFvL({<KpIQS<h6&?$L_Ux7&U#mmt?N
zv#v?3R?TK!=p954LX4`jjF}h4VgH!z!Y*neze3+!-fFH?<uCD%)$R8-SvrX26_fEP
z9)Cu!#6IOS_t}+}u=G|YPp$&_q4kUbgi$Z(G`FbEI_Gds7BlEDQeBWYvidum$MwFv
zoRYyH?L|OW+YbvySi8H@pBNt8<Wpr|{Q+&}oI%Efs@;;^z5c(Nzd3x@-`gkONK!V;
z<C#0_t1fchnSw68)rq9x$hk6|5DSDO%)<)QM0{7Ksh*oDYCbVDUu~lJ^_WNhRK)Z+
z!C$KNmWprvIO-aIBWD&HN&>Tr^Xzy=FCb*Ja@g5`@jvNw;!2xw(1kdxeKFvA=fq|E
zrPo7JF(b)rGck8jBY}6=u<m;kWe}WIjL&?^i>-;T;Y(+B2!M5V!%Zj&#(W|MyK>U;
z3!C40y7FV!HwV(QV(&i8qkC_yz9)9I`zv47-O{<~Ms^_G>?>44{P<tn#n-PR%N>5r
zR`8|6#@<-gHqn12MS|YfC?ft`kr)(2LtFg5BrKd)Ei9VU;;>}3x9hIUi-|XEc;`af
za~!@nC4HbqCG<v;u?kGC`V6`!Km~vFA6nUECr(pItQ8nS=T>;zBbIJ9u&z>{MjyY0
z$tfM*@m~m-`gZYj<5`7<<`u=Rj(O}e8xD$?&X?rM&%w?Zo>!f)<M6019LGw^taa<h
zu3_htI=0i1N&Y;#D9-IeU6Gy_<nS98wKVSKPvKpUb?+e*THWregKF?&#wLd5(#3ZW
zo*q-@{vBu3j}3=79iZ&nWxF(@e`y5&ROWh31n*_=3naebob@zBh%}j0I$=^J#D#g1
zq-w2t^H#sanmDLXS)!V_gDjM9#D(vZMix#Tw4XK^H+h||me;Kgo@)kq*gi0nv)BDQ
zV_t0N(JZRbq*JT*s^nvwoUy!$VZGDkYD}Ho=(Ik?ZTB2?#&<j1-d&EyGm>KQ`xQOv
zPhAuO=w_tw<05v#JGE72o;wHeW6zayb{=yOmd1TZT+AJc*|s^CCiF+rJgdsz1#rg>
z>YXkCiiRXk%5-?vJL`{mjBEGn^8zTO;&wqo9vLZeze0ZUrJGfx_mpXwFs>Z@?WoGT
zsQ%LdsmG2=%`n9$UB*LpN0k->HI2zaU!md$WBaMu-7tR#b*MdEOp8|fu^nI|ZEcHW
z>X*`8FE^41J??xBi_OF3JFfS~zm1JTchel>)#BQBgXXw^f(30gablQ@%R+9D=bKf%
zefX*bbuAaxN<AZYkz$U#PBdD+&Ua@&v^Li%|6{lV*D?()105YzHg>#??IM0LKN9Nb
zsXtKTXnug@?%BlmTm;E>bj030=GLq<RaH^3i*@l!t63vqq;F-}3O?cSsBa#wOvY4X
zs;;Je+U}5zMW0uH$(y^HUmNWv`}xD$av~vej3ZZM_+~(Rn_LhvacusuATs+xyVZDC
z87GFqzvkAx5aEG}_btY4Vgxhw`$?`fi-wPi7FduJU!iAjV4g<E8pNpL&Mhx{y!S>`
zOdpn(uC`p4;TZ2dZ!<(UHXpMo{DzTiwnV48d+FD}%)@6Rem93_`IXbr0Kdv%jIFl+
z`&cIhy~lkFIpN}+z#RQos2*x^@_TfnMV?^S&f~lU53jI(Ew8x5q`>hMm2XC&Dx{~u
z8@bz}Q_U|TXYOw%VKoNf<0-?jYK#FF4cs4nhC*eG>3lgBE;Cl^T=s4a>>5b;?Y7j^
zP+^;%;wRHgHIa=1M;qdXu1^HbyM9QY3fGlG#+zhrdpP)_zMk3$ITa2BaRe(b<hZO>
zQ%&zTex8EoE%=En%!piqjSZ?d#8*;sHRZ_Gk9#oKgpR^1w_U3y2j#AFZMI$GbEgH4
zB0LXg!9(F&UJ!u<j-h1Il!lY{4j8!k=r%8gH`MT|_ZKA4mHu!VoePs#sMM}=m|{yi
zZ3q{)yb{m6YS89^hp^Q3&Hmo|9kTj&mY`cr7U^)TFo4)}^8vo;@V9|<&(C4<atdM5
zbWn~djx?;>pLxQ0x*E~a4ucAIkDW@+vYCf58eUixN&dXE`O3dJa8~*Y8lP{~mkOe(
zc5m+UKx|8zkDzm}L`pQVKB)tQ4k_mu?#R_&(G1mby_e6E^6ndZzJogD{siwhuBO}N
z&HVN_fzs~3?wzT#y22cY8@ST(^I*!K3VRU-ot&ER`(qyPr-O>mp9BdH;2;7M{&8!;
zErE)VQ;*#1+_e~F?@4O^IR(-kFKAETouY5Wm@&}3blpUIK(}3d@_BBQss1TH6>&iL
z#RuK@E$LpB8ZKVVtQ5Pf6i|lNiPb>MHt>VySGmYthk5o(@K=z-Skc}OcFl#$!9NUU
zQiv-<qgmbsh++M)>%f?h&0ZeFTi40{h}XR|C!)C)_1Vtq)LUDp8)zHEvttqTgxD7p
zBaA%=2_u)4_)MDo%sPy5MwVtxK+AU@DIg51;Ies=q!0eycNDu)5%w_`D6sdsQk;Ex
z-YmwlMK<^M?Dne#Q2kkFnwY=8h+FE}#MBBptR5V9iKvK;4GSx1vglT*KG#%*7@T~&
zH*;@+dEdi&PIqu)zPoz&9v$zr(Y=_cc++mFI-72GQ7aM2;~sWJv8!Ir9S+%9snr?*
zXn2@_04R(<NZ1$XQ4;J0niN79+0I)fnQr;&X+q%c3D|3sr=MerQWOpOn<89mKMhf9
zk|U=tYV}54Xp@uX_K)g|CssA1J*_Pl))x8Z{1u!(ghvY<|C!WbT+4B9jb~^|ykrw7
z@^zlFno7p%TTYABC3TC-3px@!o(P-#CBau9e=%6Slm(X!o!oin(CNsYZ>G>a!I#Mb
z)f355PWcfiQzbUVCt=t+SZsh%ghO{9j}&h_9w|3-$)1Z?#F$Y1A{Zy<6;gYCo@e=M
z&tAG^&K9UVe&Y?s);me((j0NcWy3U!Q2#*t%$%Xsg3U+le3f+bq%QQ7|A~*kv;PfH
z?=HF2)Y1nzB|{PPl$X&pYygjo2|UInNJRVTX=Etg|HCXl2GfJ&LF{AwCn7vH`XrES
zc7l^zOQj!`d<MH2eG!%}Mqyk@oe2dV{(V=Izk)f9@udU-RDF!qgrL^CR)OZJxQ8cq
zPUjwv>H=i0!5T3NuIt;`^J|=Hk6<**8l{kE1!}6yqL0a|F}868gV}tF9mA(v4k;%2
z17L<%SNaQM!&$Rj=<23Vm5(NrYI=kF9_Xzyoa%OYjb!hNhzhiqABlX4xiqjkvAUCg
z^(&1HpBlx79akE7H(^~S?|7|PH0p_OPvyni*-L`NU-bI)!2OJ~Q!3xPqCRyLNi1nf
zR@K5k4h6U3<sF<Y8FZ)gzuePXUE7l2z&)#ZCQkj>@^gOkTi)ohARTFTSb}rDn#<*K
zy7Khw+lAkLEe4S$^(@jC)`@zUDqbIKk%k!Z;7s*VL!T(tC8hl6dXF2yv48%#n@U}*
z<k$zo4+BOq0V`Rj^0$Y-c945RYiXM|*4pWhhhRpreREscZsB*)q5@c{lu<6%atDXZ
zJ(pwdvBTqb!+|?e^&hROcz;f^zOm|j@Jjj!eRed(ctK_#vk}O0cygmgwPTA!SJ&&!
zYggCyj(%ssMn*9)0}Q?85L>F~)zsSTy6TOewe=!Rem{@zN1qG(+J~OW_yoFL{VY75
zCA~aND6w3#my}6kJoR-_!u^(H+KH5|WoUZq$4i)0^w<=2K5xE0KFaC5_%p~&<&&+m
z0<Khd)9YRtB%{=@9W*U-(%==EI`rVBLQAQ9U1Q4}T1xeebXAr_MtROq!PZVVYGU5<
zm{U%k!w{LTtoAmmHj*qwjB|G{McjiyEP8opx8MpE7HYWPPE&k;$JJ#lB+B$8kPn|4
zQ^O?ZpER@QE?F&0U|CkR@&26;#@qUOs<q5OBs!dzLR+kU|J<c|CAt^lf+yLDRdPRT
z-}xU*y?G#1-}?uCrSz_*l!!@4WhwjELYCe_kq9M(XhhZ``&zx5vWp^=HH2hevR0Fj
z!erl*F!pWi+wZy8=lA{n{;6~Bx#yhcobzn2=Q(!>t?8+EOU{x0by(Wqt1q#25PA??
zCgWJ!uOcN%%#AZ$xiN59GxNi9(bXuiiY8~VP06$=5%b5=?YYO+^4tgJ>p7X^A4N>w
z^wnRo^B?o=d3?KKcX#KCUF_p8_0@eXAG&jLO@G|rWG$8%_gK@KDqO04_(raH<KtrN
zo<`>kPNVPl<o=CLk}aPZ`u?xnS_}PsMIQx^Psw&RFMe*Z?kIIzJRmX~Yh--W!`Qm?
z#iL*Sf`4-~O%4@FU5SPt=rF7mf7B)S_So_bo0_M=c5<2T<U{$bG^$EN9AdmYzT+<$
zPcC!z6fX|mS6K;<Jn4Ns?MBT<aktbL^p-*QygGD#emnNu@s^gXOp){58rJEfOse<t
zUf-RXdAInVVrf@?KQ(y&eAI9D-kFd%k&4-&Y@@v!%i<xM>zjU&Q|JCWBv@|WFY~lv
zEPg2>^3}bG--<Rquh01`54wMA?D1-Qb9gMEc|6|1B;`f(N$KI|;V#ToGdaD6>TT1C
z)A7qmUa>9)tE2Ra`|X+Si(UDb^52@8-;^xlvT6~^-f$^-r^%RmdgbefyYiWxrmtLU
zd}L}0%WoIU&1JRC=G)bzOi{<U+vcCPhgQgUO<fGx;=feZRP9>m`J<_eet0@?sp+tD
zI)UkcpjU3(#$6wZqK52@HD9~#U7xG1-J!jIK6B3=Ya6st@R;=P$sCF}S);WkW<Na;
zVQHJav-tF6%Tyz0R)%%j!1#p)(;IK^yfPJVUt{E=*$noa4Cvk|5?NxcFVw9@^L$Vg
z^x4Ci>BwT9`1kSo()YIwEAz$QaIX&azpc2Y>fak*nCE0<=o0b%wu#%9hU}D~uf1_M
zNW)@xeb>`6-jsVrH95DpcUf94jVDay%gdY<HvRI5lV{TFId7fEsaTob=q&z|(?{1w
z12$9^1u6!|h0R?E4~(tKPNxO9ebdwmFx?v7*uP-!Yv`I>p#EM%z4Pp?3roQ&zP0D7
zTI@ojiYeEfrt^Oth?eP4ZNHT<*G4(9wpLsdLnBWXah5*u5p)n-a68P-`iseq^=w~w
zIsf;w3##%)9LjI(=0a9(KO8ABP+#hOF?Q`Cx6#<5!d0oRv2Kk%WAE?BjiWyoum9BY
z${DhCJTxt=vlwjqZtkU9v5(PP%OK;I?p7;r<(z}1yts22FLOk0EjHa88sI7)=Uj%n
zD8~Ejt&a#f-3}oa4=dihl^-Q9J=&Rk#ruKQ#~qf%PrrWF8&BGi?@E@tB6DWiZ?C~(
zc~7~L>43DxpC5n!vd--$I1QQ1|E&yGdr32mugv|#ZxC$E6k1Ys|FgY9l_T6Y^6t_2
zGrhSdqlmP(-1+_?K!9<Q7Ja(Tdkum{x=qJ8wmz0+%ipLDiJ!{%==J`}a(z5^)Hu6a
zv$W-A`tF{4ldoQDz46&6>^5CjLHyaVs`^x?-RI5N_c!u#Q(amFTHDp}^5sm=I*<Fa
zVGQkyEDGLlIYkz_N^CMZR><@wUM^W}$+~6w<u2y>)PK`=-yC$yHM~)OD6@S0fvH<|
z>Z7IGF(*@*H}<TrSWIkACH@K-=4+2APhQ9nATKDeJgsr}2nZfYS(nNE)jGfN{;z>!
z@`v{ldrRCiT;*>UpB`xM(>HZB7!&v?eW}Kw%!|)<ulK#@GZhWEnmkw4*vwGhn1DWA
z@%U<e7t0xc{A|>cD=yu)!lm%`jQjPe%%{Ih3afTf6z}{FPd0hU>S*gO*3sIU@?r19
zNi(^V%4g42KIyfTKR<tp>)iaCauJ82t9_D#luGff%otaL%$VbA+Hd9+YNW)=t-XFI
zj5kz9wJR=0_5Lk%XY5ff{Sf7KD*2*m+nMQ+v9f>X5(#{Ny@TKndUn<gUy&7`ox9Mi
zniuP}=_1GBb0ZC}VyCQG5n13mkT)%>`*JBIi(R|Hk=Q3xG%^|EdC6g6<-Mn5{I9~@
zo7XOXxNAU=W^_3C{N*q8hA^LZ`&071*z1kwnz(h}()!cbYcCkxx*!$CIV+TXr}qfy
z+c{CS#kKMMf2nGA-**vv85FrUMm$oTU23#5w~EYL#B9AQ?H6A;JbS$%{Gl-8_mB9A
zpCr!JpGNe`ZM|P}S@-px(>~U}s4_Om*Ps#8-q-eL@jEA*fr0U8+f@%!gK0^f_F$XI
zt&;VDwxF#@&);NY6GGsnVyAfq{e7D{KAEA#*=?4ION!5HEgPRQzRb$kT{U~JaoZlB
zU%LGF$<0xlZ+%QHMm{xRvKhYzsn7Vf1iyPu9uan`%s0|05nS%PZQ>ghDOz>^VRYCg
zms>*TXxU)JTA;PjaQe%*S4Sgqmde|Go$W5l(E@j;wi|89+~~=(57{Tz?s5D{szZo~
zy@7NrkHVEXiRZ`CVu!~k$g)|p4Jp>`Iku(BBkZ4h^!^Arbkt{Q^YQ-mwQwx^L#RNI
zfQac2o=5B|-Ba6llWf&WJx_@1t!KOn3bB|f_X+*-+oF1wfdwfy)``!QuQ)yYQn&hT
zcGX$E%_F})I|W`cuMMZIv<mH2F1;)q!iYmYt#MHATRcuaG9J(<Ikhg3SA#bnW{FsS
zN%qLm^1CD4O-*dqH?0-CvVXVVpHt#?<1O|=XJV3hS(14aql67oUxdf7{X5JOzy9*%
z=*E^;{;KJ8PYerkPi2)-B2ypG&13&xvxAe%zh5ug7t$d!2ind*Dd+vXf779^x8yK_
zxLxtmH;7eRQ&2HSkWZe+tWTXL6f9IOY11LvK?eFg$9cqF7$lckAc)dCR|~;H8khc$
zJK;N!-wO@rY>#l^4LzncU{ClzNU84C!dXP7+cP7`!Jo3{X~}zZm-c0_??RCO){1j~
z*B;E(caA_1zn$^Rfx$R$J?VcCr1sv2(x$HmSIWj1=n&+z!ogCjKLe*)C!wM<@!=$a
zAgI%O3_*^oeVgBLSow0m*f4@1m!$T1?OV(*pFfHq+1GS$nEzvxP$~oj#^^t(*jYBE
z&}s+$f2|v;>k+9LrKh1KPWg+A-|P3=<sToCPLQQqHQ^<u4J~bRe&6fP8bH_un_ViT
z?#|Ui2;$)K;lEe4GdD}eB4I-RaQNLm+~I4|JAvXCt2tp`56)$ck)S1-@N};~?s>f)
z+H`T@Ls;#>vh&VzFqmHdKhaw^HWJ2M;I;JOrvcA!g<2W*yAdSJ`kMQp=ZTk6x10W$
zU${U@&4>kR{;rlWJ%|69$8KpJdOmQa^(XXo<VY7fL7?gN;$R=5Uez{fIE%yhH!m<C
zNCG`0FO(0MpCH?9kHB;oe}lLO@r#nv3#^6Sd#kTsf%WeegAXIsuk{{)F<!o^)t-O1
zJ^A$u{?Bld2Qs(mGI{r`R@>s~cGK4jB&wobF+HqH@~74X;<HuF?S)MTUc?zvmomD6
zQes~DnN#pfLK&spFiR@U=id{L7bCB2Z|CWy0Ds)ZFTG-PZ(itWT_%={ByDeK!>&Mo
z+=9qE`#rE9R`IXCCOqN&U&TM6Heph)mkB7P?1qEd(JBNJG3{q!!S`Lo9)}j@zpE8h
za@K{VpG!0H55O(uMgc4LjmOJE2cZ$YVqm(9hgk*A5L&vkw^_rKtfE57h}~`yuNOQ+
zxFC4F_Xy1Lvpb3D@sYX5V@0rEcQ*wD309`>?Dqj-sbwX#q6W@JFpq@sR~6EL?GGrn
zmquedtFLjBNYx;M)Y$9^!oBf_^Klb80sGZ-{uYs{_5U_p_T33`1#dVU#3RUzq3b^y
zIEDW035M}z&l7vpxB0bPWK1(sVKO8WoBNL4H8FqgztPDVu{#jtlwo^Y<Ho1ox~^Bk
zw;As}U;i_SkI`&9JSKH9)-W0#YqQ_Qpqruv+X__7_$8CS^gP4aMP+{A0@75!rLh?A
z$MM9=)*JzrU}lY!x7#pQ$32X2=chxI?mOBh2t*ub7rOI|4iarVPU>&-AAat!eyrl$
z2}>mZ8u@lsy6JcG<H=Z%cG7!aNhe;hor`kmrJy$wzP6QlKj0%Voh0Z*!Ok(uxMWX#
z6_vUQNjpR-n!K@4;do-*`5PN_ZD8^ob(cD{%;S&FGx=lwi6!Y1>qXc-X4jFjBawLZ
z@=Guzl2$5n1?TfPTrUdr1n#$z=TlEv`8pdO7_f*#XmU4$)6>Tp^{`Ne+>G$vT5YGO
zu|IG+S8oifbX>x*_~;n3BZz27&@7LwmiPK`W9PfD45bD|v!ds0ULMbZluw0MB=Qd7
z$HY;YyXkPgbB8~-RmxZrj6xw^u8n8A>@AoPxC22*PKkFbYn#@?#=@bEZsUmehPA&;
z#y)6LeIZ5b3QpE!<jWKWI@x~Bj<sJP1!QJrjKiQLVl<PNBmwtb&ln_6^j)*ihf}0i
z@)?0>+d`p(iMeRii_}u!!do}eVun;mdyTF|!Kgv?vL_v+$jLu|iIBzW_S)Vv9#6*p
zg~=0x8~t&`oVv!KNJI;M4&|A8Y($O`pe2__A)E!TZm(wyia}IryoN5OP0yJHmPtME
zpG}uQMj(u(YH63UYa^o+NWJBjTp(L^tsS1?91K47j{L7^)cQFCv?211wSVe%D{MD1
zSWm6|*BK-=;UBh-YR({A3I8mgHQp|~N`n+KqRlL*Zw&wQ?{&!#hX0v&ZL24AXQ?@T
zNu{tT?VUfmGq($uO|!NOLD8vb;g(lqpGc-Kyv%0$h2xEI#s{?6w-{?Ztz!&FELxuO
z`Liv4Kj^c0QtE!)?PrlOZ7thNxwl4^6tW5)JA>|n0pH5qn3bUit<FG*vPOwoz0Q*9
zcEyPEH3!~HQ4ia_ydP<W$AWeB^nn1Jt+Jjy@t^3=>^Z=d@~0bLIh}mmw*Gd^5Joh!
z3#!$?#jFUm7Q%?hrOOE}Dw-w|K%#A)50{T5!Kyc!4z|Zu#$-C?Yr@OrID8oFQ9{s`
zb$fcDin9uwf#02%l?sIA2Um2AL9>azPJUUi{!RQ1jB!(BGjWIid4aVjV;Ly<Z{<hy
zMG00z?dcytlGyw$Ji>y%CfwcsM^7IPHi%3}4*Ci8EVunqkh`A<y&>m+UcA>`$@xA^
zb3C$36Bl#GXXd}LIT-BFjrNw@c(y!(^3yjN0-%N&ax#9CaP5{Pso1Ox8+Z_4Fs$eL
znk`S_W@f265Pf~j)$9o`gJ#)X-t2cfkc6`u$Mj2QK82;U6zH|4z)o3Qk)KW$5VJD;
zEnaht6)0@Uv9%k_6c@9K(W>dq7zgf97fg5f^@c4^Z=IkC-}WP)2CoF;oOwlwd$y|F
zT2<gY8}p_-_?zlr8N=7_zkdz$p1l;yI{4sL?R6(v0Y2a(1z}wA((v~$%Z!RyrEUoF
zo4dR8tmO2pEFA~q%)K3;Iga19kgq5c>oB*^J?{*3`0e(()*1XMtXglr9oK3HCl#LJ
zJ256f$~<GI)4LZGeW(5*dp-uuOwBt$Q>H<si*FEj;7aAGZ3DxR!FxiCxN-xtUFYiL
zckwV}jh^3D&F=$_u;6#x`JYwDeg}m2W@WI$N={v3%{4rsbs=@E4Q9Nw`M^7#`ly2*
z&e&n0=+oB(?{}q=ps_+|CMQlRYsFoLmApC7CrBU^C?uB3LrXx(9JH)BXLQ48Z(s2e
z#H<u1P&4B?CL}?y3Qf0X1WUxtqiRch2dV;iN$Jr7xA{rs-|DSGa2`zMqbH>ZueKVK
zN-sfM$$y?-(c_al?+kj{@19Y8KnQL?FduBtS~-ubm{pfms~vRvQpm!Ew~o{8<%f;w
zn6~(;MrwMJVFai5^*h^Xw~7lPHB8rvVO#%kE+G8}Ox>4J3IeY5ZuAcR`FZyDSmo`!
z(A!fCS-(_Ug@E`!H!Ppj`QsFno39mvr2Z4pVsgd2so<YG;I90ZSBS{Hd7`};pTQ2A
zYo|=hO+)jhFP28vq+xmgn0a67JN`ITQsa8B0?_ldNQde0<J5}q)Y6AAr{8jj&f&+`
z&7#MS0Od;tH7~>1@dX}ydd1+WmDt%`ssjm7tj`2jh<|LcfKV5LGyF|#%>wqGs-vEk
z7bW_yS0|Mw!m001&))5Eg79i=>T0hJkVSG&k$=vXclm#{-REAgUCz`i1{b!(?8Va)
z%9D>XjDU4|a=QA(pC=lHk3|9n(#J9eo`3zlrP#V3_G_wy`dl*7aP(&eJNl;C8>Zj>
zwN0m#os~h87%g7#I4-8=rsXUSHBUkLe=T;Cm_k2Xy4H)bLaKPa(P}LYXSQ?*?9mKE
z+dik*i`|l4X|ogHIfIhkDYJfEM&@DS6d&vMrao|V+ci7=Nm$ZKD|L(n>Lc-&@3i3Z
z=!H+czH{Gf5Tsn|`|H&^_aA;f20uNAafr@@kJ#mw<~{xP6HEUfeoKZ;hL_FXZBk?~
z4|wi|)_U6ewTGXVK2%{|Z0$>_s>m{bZtEVI%rTG@r0)GwkDVW1vY8L3q;ESG;)6W~
z_A9matqZ6u=LlzyTi^O;f+M@s1J-o9jpL`W=e27ydQ#6AK(J*x+uNUfJve`;8MXc<
zOeT&#OvILRt=FKhR@t)kv;5n*{#m9opo`)Ibx*uzzx^r;^C|uv_G}0OWc6GO^j<((
z%hqUoqxR~))>b%zYr>W9Tzmi9qTyPrp=!|}Z`t;eZJl984^<6<i61X%5#9b4jQtC{
zt|LdA;P56Zv|7NMh3^$vH$yU>8I(^Pg*O`rzpBE%-trJuaefY*_A%LRpFhs|K&CKo
z7Tc#7?Wg|SG#gG0kR*+$UnVpsX1pv<hVVgX{1SI2gaO}{Aq@P>_IQDQH@mF7<9TOy
zR0$vG?0?PeRro)Dgtyb!s*~Fo)6b%dHC>l*KKXi4uqGVw*_&Ez*X*(HF#f~$xV&h#
z%a7ehKwp%MUECM@{PWiC)+cbpCv$Pd9~%g-?Lbj}DzvR?niFodfakYmjM}af+0sh|
z!Gekw@ro~t=oqtrb$K;ncY%~=qo)t-i5u2sf1bD~+<FaqJT_p`79|wOekg_Qz9m}K
z{c5XY@dajgKHFy86eaY;r*1cS+Lj}0hgwyjQ!+OJxPZe}g(MuEkqLXqa9e;Nx&b@%
z_qNUI?O3<%p;yS?PG}T4Li>tfQSM7!P-)o9^Ort<O<37T*dAA;;~B2&#&(apcLfMN
zDcEztk?$P=I5Yo@ap+H)(@n^#{k@fp-cIv-euETkr^2AiWpWvo^Fg-j%XQEy3~QJ<
z#1Zf2Ox7l7>KlV^EgHr*3F^qMbnF-OGh07=TZHi9=G#)Rled^hvsb$UajBfFditP%
zaOTsRi%gGGpKK<T%0lzO+Y?|JY+OyS13V~o-I*ExNHO;vcGODNrm@{;jjs-Eb(YOb
zmwhMnlQUgX2><@ebny$b@<qQ>w+_<zUp{cvikVsNM8V$Og@r8I#}0gd`%H-Qf=G&8
ztRMZ^o%;(8y*~K-aRNWXm$#QsoFE;%c$_;dH+B5fFYgzr;TaoKg?(usjF&c8z2f^7
z^ji&W6xk{cBGla<Iw$f&w}vWA3U(r!ju%C$wQV<srl`*mrJVf^<5_G0=3l%i0(5>i
zjQgi%`2@F~>I;YT?Lq!qt$wS(tV~&KD5NOU`6-1~6r_mMX}2_(a>=tG|KxjJ=?_Tc
zSM|<4=^=<5BreExuin6^<o;yzqU=E!QYA+ghbT2$Qa+V;fHSGl&1;*|Bu!qE!Fe1a
zI%9j*)y=qCo4NbPJnj^NlW2TxVkv4XF_pBRl27ONKF+)S*=j_hm0Y`s8T}`vxwPAd
zADJZ|axflv$bhi%%TCJ_NDAQtBFR(FOc)X3TznZH16j3D{=?#|6~gw<buXVXnt6xS
z51Gab@d%<f^}LwT{v9l|_IaRJ>mDSgdzEYQnoSOyRM((R)mb{^=R~KLZMU1KZOdwi
zT#^<YlJRRLIqKyMA891Utk^y7(N4eAmW}0)gBp8DRjTBPC!2E6$?_*lvpS9xY{=_F
z6AL}RL&@oG)tXRpy%0&0B08DGLU~Gu@Ob?F@vX8tM}~aBB!{png(RHP5bmkS3ODay
z-mjMBufT}#SBtM5$T-6$CHr1}RRKw0=ExTiBn|Wjplx+2<V+3H24`sH0jPv;K!x!F
z*KXv+F!?2m@^})p8}a+q(`9&7tR=*R!<!w^j*(O=(u=?~PlYP%NBAkmW!H6Zc3W*6
z-grbiX-eeU++EV+C>1US<c0Ohc@}2!O!nGIdPE{>Dv%TzkBe9be>>*q?TC6UQgc%1
z4n*BmeY9GXT1t(Di8cyoyN@sVoL%Kb5+3+=<^MIea!+eKOQ$q%un`ijI3lq^p++En
zd(SN==>(c}L?tusK+eogD}TRC>eRZ>Pmk!CcbZx7l6S=4-{Cjhva!Jwf9F-X!s;<3
z;e-ue<aL~o<uXc4R=&oXIQf-LvI8A*#%ZG?FWk&mQ3ST!rq0KLhkW0dQj8!kM_=pe
zh)vwHq@6~To*a2OAMc+y;;L%81JQdoulu<EB1zfn8+zDz^y>Vi&;5Z4^vJu8p{!s&
z^7|o*K7z0qRXUKXn-*nIYVNczbQY;bn3WkNg(AqArS92aUh>1uS_Ju-?YX5IF|a`a
zrxNd#@Y$TrQ<=64QDSI!=++j)$vPQhH5*03yXVA?`8p~+;wKpAb&0-O6h7izL6mr-
zBxhQw`pefP5FE1x<0WBIq(+6=9)w<Hsk*R*$oBDs$2kP<K4s}dm|dYgK#nIT>qHFf
zqtw&+1vO|1k|^yeBD)bnsSDANFyWy_bA&hKTr@REQNkf62M{8yCi-rjXuUojxpmzA
zk5V0i(5ySp->tj%X%HJD@>p0T&QsxF#WAFo8YllN+-$@sDT*G!Z#a4x5^x6F4FN?3
zME)y*=ztHb&Bd6xwu>ItgquuQPmT1td+yle0zC9cQ`ukQvI|yqhlcZ5X&&f)OC3U#
zRHv_KlA_d5vennQ>yy~H&>^fYTN5T&uu^sl@zr5$*oAO9gxZ^n{%h<=ICd0k-h$@s
zlDajaAS*BqsLH={!<x_%7u<)I-R@Zvf&$?2-)4DPN&KA)S};|YE|{5$*wc8#ukR8#
z4vg?q{vrlDJ}D8-NaC#plGEssPC*Tyy1XJ@4>{Oz-MYFQWo*N9)9ZfEsv&F_O$5=-
z?sZHEl^)&5^Nxhe*d|MeN#Yrb)nJ;uPSI16c*Ch}LaekM2{(^aa3HnAe+;b&%+pf=
zoS>3^ZHD|c=U?<b>miSX)p13bzTyuUXjjb!Dp$<rnnT$u#LyPC5q5Td(w|Q#n{Z~j
zSSPTNeEB>SpvzPCizI!)U`)M@Pc}!G+0)!0cvo1%$4V{|NUnjU+>BaZs98c+J~!HN
zav>Dgu7d8us;!M7;fKcw4;dtk@>A|D54k4!DLo>S<>Rd*R?u@q9!_E`|5BZ(vop;e
zIiBem9zO7OKcx)xZrfzIHbi?Ks7*5<d1Gg}x$(R`%<}9=ZKkLF7n{iDEhe-wv3h@j
zkDOVSq)(4T_sSJ+63<F{NFZU|F$VBFDp?I^t4QA@E}PNrAjiuXTjFs`Y7Q`BS<aNX
z)rJ%Hbj6vEEUb|%4exGTMvtxRJo@ii1jH*mif^Fh2pposb?y{;AiXzS375SDJ;aeP
z;|&pm1Ma8LVsEQ6pYnYNY`j%PHshOzEAU7y{P7GvvI-@Z&TnEErcS#6Q#%^TWdfOk
z7@6K>t?{_#3IZKM|FiJ+xE6`Sho#~uwn&?ex+a&auGqeW6t|n=RA#3ZslABOb(_PS
z7W@I}naQs7h(T|J4o=0+412ASmq+>j9kiHcxy3DnKVWhM<Lk&b&EaM=XG{VWbTu?c
zfBr)yLt(P{a9|?aye-WIIUXCoUtN<FDY6`M7*s=JB~Kw+z@G%Q<aXHDo>FfQLV=Gs
z#z3>9U@ZAC_HlQnuWphO!5$ayPU9mNtR<oEp9@<LvABAym>X*;E#_rauCG!H1%6#|
z9IN5lh~z<Vr>ZV(zR<NZ#^z3oi1+Q0@sI^B2}!RLJ&EzlWt8c!!0vk=hkaMLc!hKc
zTR}LNudNZ6Jh1tl$*>mUJ9#|H@^|jfx#Cq_)Er=z(LRvFbDRGl^mUx5Fu#csr1Mh<
zL(lLO9~oP_>Yz?U;^G5T;$nyD;1~@#Fu|$&OYGPtqybdPJxrBsV9L-DRfd?hxvd*9
zz?B>YTB`yiaeI&X;hvEkrW?ByKnJLb0Qbj4#^7o&#j~2$LOd&tt?FZX-Aopym!eX5
z$wSzRKD+?Zro$u5OtAT~Q+dgqSVO}_O%fwEs_f}pHU{JE<BTmVAhP-1#@=Nw0_7_|
z<&WvgCHuQ|GkGakSI%BVA^aWrLzoWhJdbX}HBfm~r!XqWYaoj+<gi8bO7aNdzx8gb
z-fxq?!V?!;F#=iBSd_26-hN&J#-W%OJ)xg5U$-=vRqC%%y6OCEKiFz&lKxQBP%RMs
z-owdJj5*ooU<D^q`}e6)3ZJqV7$`5~c;NnQP$&W1Ta-iI5CAy8_C)#UC6al&T#^Wa
z5K3;FD+5z;g;qjF;`i<SN0jfo>C^TgN<*@yy;g*YnHnlP;`d!XM>n}nl$JC_J&E`Q
zI5%>%SrM4Cmt^=5E0;`@_IqN?WS>LcyAbVM8wSZZT(y`@awFK!!l_!OfW(e5CJ{|U
zNqjs;t~`jypDO5Ixf6NU^s86>G%4w<%qkO-@bC1QbhZF`ebsod+rxGA_39)JUk>km
zh<0?WE588Vn)O0I+Tv807oOPBD0diXDp))XUTc>~awvEQj&?Tgb=u{i%VZEGp6gtu
zV7ijCpH=Qg-hFkgUkPgV?XJ;Jrc1zQbyc;P^INCcJyY0&@b{9Mzk7w7MbIBn>)(mI
zm=alwyosxxiA{DuU7q=8c@c?cMKCvK<b?^YTH_qD2l+YN89l^DZrfLy+z4;AZoJ9*
zu0@KxeO;x07kE=chlW^{uj1Ztd9xzg87mf5W-G6wL_!sC;DrtD)&q?(={=sTMUSZG
z56BN~j4jODl}Vr;p#<ZLwQ(lj=`qZi^GeM#=imG&uzD7JMJ-MpW5N$N{#9A1C?3-_
zCg9>(y*Uu=kPl1x^Q0kOJ13vPePKw`Df_jkBI`$HRBpu^9Nx#k4P21s5PSc~ykm1d
zRMix`y|HwWNj(?QAQ|V}txJef^Gf~c?iYAmmdM&>Ddx1jk5x=AcTl==wmB+^F2O*4
zEs-*`ll+_BUI&LXmA9G5du#8h7F~?cQbAoT>)9%todg@h&+<FUG(4hI9k(*}mmzTA
zzun0Wz+KBj=Y!Afl9>{>Nn(Tq6xGD%&$GYg9g8uG)D7^6wBqAeg=*V-I8pge8~4=J
zd6X!%7K#edYgzl479Cfyg1CZn9@0oy=f=}EBi!Tu1tQG~tV#c*et+QMtZ8p44+3)V
z_viMu1!;z@mk?7Q>x*iibtN6%2&O|AGS(KyZA1%xxJ#hu<jw$1ftO6Hrs&f7oi&!W
z?M*X(HP=l|L6qK3WrvK_SMdxxt1#|D{+0K1oCc5Za|1OR;E`m$hbD<0et-?o(AvsZ
zlK``p{glIWem=h+39%}VUm8zl-GOX;%6nY=3a85z#Q6_G+ovDg`HKrLJQmWo8*1z!
z-Tx9M@=tkiB28L7r7Mc!xHsdWkg;`Yt0=Q@suLYer`|`Ds_y^1Q$@EjO1+CHDb9WW
z$xL1>Ru!Q~R-bD~gIk*%7h=MI&`$ck>bfn4D{Uf&BA@!-yBmepiB3GEnn8cZ`$k%I
zGv<omRjya;E*?9LzY-9)3!#aZExo`+sb=p$R-*?!`AJ#Xp(g0#tuAH4<&Od$EJ#!1
z`rE}X#Ey{x>NS{rzMdj-861!8*NUf>zYyIfGq5J7EgCB?S&Wj5_-zg|dZG@NKC0m!
z$Au3R`qVHXZk2Iy7Bk;=A~T9K+PAL?z5&==(jgvZgo&|nAbNg-`UHia^V<VnVXV_$
zSEHRl65?e(q!E`*DVZ>K%I&DQa5HsFnlO@J`qA@(7Oc{hQik~X3~4;}P$zZC7*ohl
z`#UPVpoder-w{EnN2^QnUbS~4u1c$58`oG&dyT7pniNHcY}Al8q;zrBCA*W0p{BA_
z&e<Q;@piI2gz5}So^2VITJrTzdbL`!UEkpB&+)oaZ_o!JPbmXQ&v{Ujay>^Y7!fLC
zsc_#!1TMBE#DE0@*PMOc8qk~-r7E%$`IDvSUJtc0p@6=BkPG9R-=r#dl<TifqVW2b
z2H(PU9J{x<H|;WVyk#(ZTv?2{+qjcMo*DV4WtNiY4Z69<j-ml9IvHg<aPmr{(<ft!
z5uG1@ufAP>jX8gSa^!{VU5NRE{<G<g)!Ho~9{e66$ic+55nZV*8$Ee9@@+~Wo!@$?
zLyV!8D6`7sjG_wa`;4zv9Ufn0C!20HBmhS68{KRz@OYfaZ<s1Hr_lj1kAg-n6JIe~
ziFuFy2Rr;8CJ%m@y#&ipuB?<rkxAWPS{qX!VEwrD0!0bPfHf`rKBOEDPptDDg28;e
zGpX@yc(-=Vf8=iTD#zAq#P811S3X^?+sm<s(pJIek|>;#3mF?{ylPjMz`Et8i6S<O
zxYh6f(ROpiTTYzLOhQ%p+*4_s03VxF#^g$tW%4vUnQ_~rCAMDioNx1U@o~C@&If&>
zWrZz(>|5|Y2icJr^^v68yQ4U8?E5`Ns|CC|0PU%a{Ay0qJBagL$f$2qiwC6qXVl3x
z3*dE^w=vBdQ96A+a;;-<zO`WyA`cQzr$QrXVx+jsbAe!41nr}57!%5K<uQFb-meGB
zH&g+T_s>V)1I*U{U<&%2RAQ1j+X_d#1>!eM@veSn9X=rB)5L_t)Wt~a>)_;iIK0`w
z0`xl=ofj+cAu7|15vBCDitI-Y;z7pD-bWDayeHi+<8e>dW=<j!u^}hHie#&Bfeo3m
zNns@~x~gI(X-V$I8{E@#N4yUs+NFFZ299Dl(}Uhji1tGP)fa|1p&B<b%z1U~btECe
zY-~CS#oG5r-V!1P-iJ^<5kK{U_-p3S=cxAqMEm(u4X>Di8>oWN%q-_hJ39B1Y6Rx}
z2fN{Q!o=`^8e(PQswE_VH_4S+J%S_<#_vSw;j*GGpk|p`pOwO_T(5ZUu=gHBJMmh!
zz>w1wx&EWx{~+4w{Zltp39qNbuOLl5vWnXOiUoO!uHujcbH*Tt5;nuWVujVcP#f=S
zo@vIN%nnf4fxPRvmV8u`bXp(@OvRaE+a-Y4RO(^G4|jAU(f_=uKkAa)vd_vTo?RB9
zumbEBR47RV+^s=_H1m;tH4@r5q3Q8}J^)%2XC3-!gDa)t7;2j41&26&k}^)`cezVT
zU6|C>OBn=@$)_9K!e+VTVt^YDrlMnTX&6+JmCR)$2|q*qxPn{v0A15!F(<654;=YB
zJs4=ER*s@j`WM!qap0l`$w2D@>S-FfgrQhv;p@Y@bvcbEw;jMPIU#)N@{>IPC67#o
zN8*xwFc?dX$pRN|C=h!|A^tkxiYm+xd=nmnW5tGBeE>+C6N3)1s9NoPiT%q09`RMo
z>-5#oBsFh$dL9E`o}o0z3QFQ#Fh8{5HaMEwkh#5u2qNYPuCoF7^?aD`8T)@uG!<J&
zox|k`4$MuxV@<GaW|0Rwoa#gbfE}rVdh_mYg(UH$2N%%tT`t(X2oyczH38P+u|)tN
z00&w$?BX`gHVegu6#+OCBh8E4`h7$0lng%ZSs!feeC_WRV#gWOkG(o)ia%G607fWi
zA)=-NcgiGhC$g&ae~9B1tnDPa%9RHW5iz(z7R=*4!si>6IMhX*M3kfy?KQ8E#Id9F
zO5%~k2axquLt!u6$7TR>^9lx`m^sgCjYhPRk;cGK=jc`xe?SEatK8pT*?i(3Y;CF5
z2(Y>1o)UfCOp*#^9{5FAV^dK1YI&7B*5{XUL}21%5p@<(5;kUSgTMyndwWF&t8bhn
z>nEYR@h0pQ#My#T_MvTLHHQx@H(<LExCC%-T9t7(;yC7^r6U$}6EBZ~Zp%w`_m)dB
zI4PjU3limSjKOZHx9gh=?=q7ufj(#NbKLk;w`wMYA!da<rbRNa!Em<F>l?m=W32Lk
zQzvty0pYGtlIi?<O7FDC<L0*^cm5`^<TQqhx6&2yoFRQUgeYA+WzM!_^*@M=uc-e;
z{fQ{Kw4>JB)fM|U5M>QH6!$#@eqQ~Qk3zPVt#4nc)fk8#+Y)}9t+?Y8qPNw~wSk_Q
z(w-_YF%fL0JwS;J`dUw^$u(cX4}Z@6$lt||AFB~&{b|YifKM>OFT;<pTO-Hwu@z-~
z2r_}UTHOsdz{+q<2lVYnh=l`9FNkNY>@Z9{q^uKe)-i}}&W9_26_!0PfE_Xjo2)sG
z34wfpt0CcXr98&o>xp;knpU4+yYFyWfRyBR7ZrebMMf=6Qd>OA(vG9+MBwRw!`Ica
zQEnkt0k^o6$Y7_<+PqZ@02^!REPiOt-w=RBUg{VE%)Vq}_`0V=6aHjr(FyGRxz5qL
zd#bK959D~nhtPtzN0jTewqr7_F~GEH7<Zm)0l7Je$&KAhP(K*ilTZ@JqHjMj0D1~G
ze>W=WkMSU^U!q=v>`;3EN?X@&4?;ML1)g99+kq!uGzLZJlKCIl_6KSE|6q0jwgY8p
zyyPadq`(1kzAQ|S;Eo4&1E7wjjzVm%`z<fo1QX)L%bKK<7%>&RlK5dv56NCfV=o$4
zNMx*m0~FLY<rP2(FZRmO`2W*C=Opn8+W`47kiU(#SwUFlFhcazQ8vR?2hl>WZ8Zki
zl@S}p!`GVNC5)Y)B~zeTizG&qPr)@f*HR(uxm^TAE8`V0JYVXo`v1kX@*blbCxCM8
z=U)b(fZHEqy{FzpM&jgpw<DI391w!(c!ZI%kMtJeG}kc_oWPsu*rqj5H^OYjo6-z6
zVoH6Z>H@{lLmv&aMTEeq@+#+!Y+$xzDkkP8;I|*t1pqIWZvp28Rmh_jr}~Q>`z2DB
zm;efM2sgyi+Ab29g`zH)!o@aG>5a~sk=F;k>5#C`-A4sU=EastTByZyR0mAGT8aVe
z4dR33x+cf(s~Et}Qv66!!v~npDPs|8PpdT&_*n`Z7{b<isg0{<j(39CdC@&be4Vx&
zr5Ui<k2bF6WpGLhe1tGW-ETEP4)t}q;EB0eZ51EhLL{<81T*VP6IZVjY%7jqm40@U
z>jdT+S2Zq(%nxOyuqcbI`crQM&KK+~Ehq9fOa>_cj=nIGrUArv8B>-Z>R#gM5nZS4
z=|GbQyxnJfM~u1p8JCNSDWK>N<7-AQV{z5b!LS2BUTPWF5GI-bk*7%0At`Gc|K&xP
zHNC_tW$)j|M=i&;W8nKk0a~5~ciZodQ~M%7>;&<RI3CDJgoy73KdD-n({HEWuw!Eb
z3p2z<S`MM^RZ@uWhqr72x%~@hD1y^CDm0xJ9}x8+s1mXsKQr#KKp3Tm6HAEH3kZ<@
zJVJf9yayE(rNpzeXzDoP7cSV9QVKC0ZyKNgnbOA0Ke4zii*EN`$`X)E-MrDM=(({K
zEIT$VNg07mj={#fe#pBMY}O*NB5X)P^!xSiQ$iNImFrvfMXsgo1ad!AbH!=fOW@q+
zC*M%?VGtwVUTz)+azceqp2F%0B!MYYxGVR)xs}`kBc&bo@}rN7&FSi#t<a65EQmz@
z;yj-eCyw0jQe_UVW!q-p<D(lNnj4(tlCn{*nK)@A&4hbwlBX>OPI%6uk%+o)Z{E;X
zwWK99Uid)UT0BU>#u<wfPu28`o=RscS_ue6U(TDLy)f?>RI7yaJ$*f?F(|8y&1K_>
zs{q}tgwA`jO|pSz({f4DV0E2+Zg+b;O0-zjM6tv_?7~M4)CdzUo-`BWxN40>H|--E
zuL(=V5#-sg&5r}#f~3TK=T>0Q_Oa&G#rjBc<NR|-!PQ>p>P_QHmo>AXX#?2tURz9L
zTQoT$e;9ezx)DpMI6`*OcUEiMi9B+S?`<<8c%AV$i5#3B^_@szTQp^oKLmNpBO#sU
zVnHjHXi7+eBK550Ol0^#{Cb}xl2i95+K8WY-&M7d9@*sbT-ux-y*cf>ZkQG=CO&*i
zRGcCIDvo6K`j^YI3p`9r6#uuz;l@`d_2woM20354be_mfc}z|C_lwnu|A?=}V?N&s
z`F5;5efrCt+X^;qhV3KX#@RM)rTtrvM#hV4Cg)dfwx^w_Z1)zE@Uc>%K_KP?=j7%P
zZoK!X`~l=$KuA7=YZUJ3io+h{w|l5VtEQNQ=~4Op$h$D#X<ocb{NV~5lw+-{q)G>f
zTekq9$JZ=nMdKc4`*SiNdf&HfGG5{aBh{wCeIF`yw&o$j*VBlfwLy_j7V)gO2fzif
zLZ2T^jw&cnHdin>iT~EmT(K8<_iCTbDRR*gitf)0XB?dl>RYQrfpv9H$-o%6q~+U{
z!lALcdsd!U@2P(K1>)Hg9?XcgB&wF57}njJ`HsEUqE2dGUO9=(=(ySzc@Wmed$7kp
z*z!FHZZ8ibGX(vj_i?z}scP7KRr(^N_oJ35Vh@n{s7fHlKLfO{_oJaO+^iApStxiT
z`#J%)P^E`_3fw6F#$|BFpk6D<l@7V~%fnnbi&)!Ne8vNklHB>O=?1t?0ZTOEaprHp
zQ3ne*)#i^VsNXA-;R3%_@WO)93|OV)wykTO=z0_dBss%s>!y=yU08*^4|XI|{RQ3T
zwQVcc(ArU1g+6cSH?=PbMET{tW>p(?61S;CAVg^NJ~gXJemITK3oeKI(#s=?zAYOL
zT=7m{lc@f1_o*yxQ5)BpbC-j15+M7e+WQq7f6JiPhbowWb62zCDkI&##pNft?m!ZK
z6cbsi!z7OtobupD4pJ-qD^8OHZPsbcXp~9R>3}`em_Yn#=_Uu}S8qOqY9aan@4gs7
z{fH<%d%{N>P77^h9~KHjM2`!txtRuV*Q@%HN6_T>kFDh<1s3JV{cDkpfY%eEU2Xdn
zZo7SZr{&fLZegU1!=$Ge(O{mB6?HMyAM}5gd6cNpyqS+Wr51PB2EX=IhMGxwZl<81
zNIM`TP^z9CXRI1mCb$as<aUO}6W)cG*XAAKYgjr@kI-BvedTg0;Q^^PJFs#G!rwMG
z@42F;XCpByFrUmwhXgc>t#O<@%&Z)xY(F=&6QLQgPKNWc<-NcEqkZ^-DLulRI2f{Y
zpnk)4Xv}c2vTH4wE@8`HaYLwi;Y&V=YeS!cARF~_0!#0g&il7Y+TI^dqCy1cfh?D-
z+2y%gZf$q^quC*78CENwc0hoatrXX}HcFjG{7%Jn6s6<<W#siZI%M@}i1d*gxMbmA
z1xDoJ-|&HI9&%>fv&sWdsp}2UAc>dnVnS8}8=ChDkRs)hLg|t4k00NeTWuDzP>Si`
z7LuETlNiL@rYUK3$ev#D^e}U)m8&!epy{x(%vqD<<AW;qAs4MT`*tyta{|#QFH>2G
zpR1}vh3M)T<aq8bqZBQYE}9k(Ukm+PElOKO)8c>a*<Q=yQ_nF2QV;7<bh&&J7tCdV
z$7<h0rBXFX`U*!-;O-|A%O^w{*jzY@tfpy%D_FXR@d?r;_{J=izNov0MX=9*u)U~{
zi`ZB^gsf(^2}Q6d4@Su)XTupddgOtzQl<$ZN@gE8V$a}Ryw9OlTr_kt<_v!G=Modr
z<m+56a#iediTElrlAz>j_v$Sh$-Dn4_z3aNUea~ruNUEOjsa+Yx66}{pLAaTLOdP9
zJn{WJIPsPHP$RRqC}%Si&*0lFf=3dn#$R7ws=*E3QRRZyrWR)xc*#>}7QEV~JFAa)
zR%mr6a1&Q%KHIlmHgIyZAC0$XXR;Zl7OH^z^CDqVKxp9<xrK)Uw`EdpNTh_A-&kr#
zp;q|1OYeH!%<2m2TZR9SJMJnbv3?dpP1-U0V&-_s)D#r-{Sw4SNaI7$B<~Aq&g<$X
zw=3YiC0wwS{;NTv=%YTN`U8swOWvY#ac~y3ld9~ZMer^$Xj++{@}6U!hdhNLb#>Zb
zEF*QbkJw>nkB#Bv@-qr&)EETN?S<9wTd%qtN)YNM`lp6MgC;AQ{!xE$zfUn5Qk&@5
zjKhMY2^#i_0#Ma}CdXe;C(7&Y-Ny!0d<m$j(UFhLh<f=vvWgA_F9ocpI4o!u^-Y;L
zqNMRIXfpYQ)zk92ob8S>{j6^+bg@p~H%^nex8HmvjXw~IO>q%*aRpro7+UA22)jp^
z>0mP+p668_)I~klUxLS8$l)VVtgb#!oFcNZ1DfZjP+<-`?9~Vq;pLx36@D}tvfy?l
z1Z^+9x4iB**e6lHA9Y(MBn;vH`s@3$c^Dm+DY!8f=YwYS{P_T6n4q~l5ftyU!a4;|
zbimVf)`1|A6%+?+y3_f)ysqh<KI9e?B#Na*u8`)Fis_M*l`FUVK-Yt{<V5%{jh8vG
zDoZUSqK@<>&K?C{0&evZz^H^%tVMsdNE5%YhCXdIF_?&r|A_r{H8EU;Agag0LtCEX
z9A2?Po{PWkjnQ9W5{U~1{@?Tdl#t5nM18J-=aV2IJ>tD~o2-WF!lAqUVwMD3H)F^+
z0^baI-KN?6?`Z44dezOmqz=HR1=o+g&SZ<(Li6JMt<p|B<hLm(@YLyz62L3;9I0T3
z#{s8h0?cMs(921Vg%u)dgv-miG+QKr$okhUw%NrAMY=p?9*-;e$aE+!&yyETpRSup
zq*4&2&d91#D8E6=qahQXgmo!^&f2A+OY-<B6r{hHdauAr{_Tq<s?}ZH<0H(PYfxV-
zr7WYdE+@L3fPDHSt_-M5-V@D>%g3IC)NCAz-B~%qQMUVlG2iNDm_;)g#p1s<N*e3J
zdhw7A=Qr**WqV`Hi57e7ytPRA*vOu`{SgDpXegjFa-wUA*pYV9LlWYWWu~1_x#I$0
zJ%LzdkUd=|y2wb$gjG9Vu>sNxUN_^>4Y}4`wrYYiaB0avqZ#RuS84%&2n7R>e=*i@
z4y@u$c5L59KZbM5$v_%MJ9XFEum&le6P)~qe@pkz@sMjxF)5>Q?OzG!_B28{^<2Gl
zBe()HHQSt{q6?f;c?@zy{Pp2vM^@#cdNQUmZpxqWB@}p}(H-q@*I^NopqwmLRvzak
zrD~vfooD5~(<bqitN`}BN~<m&H*Jkxr+7hZrF;xb9OywqJ9jJFLDY_J9YyE(DJ1kU
z;`0&{B6?4d{e?8%1dqwlHxRjQO!6HS3Eb!<o9F+3LBKNG{@+G4N#A(3rSbblm<32C
zs>04am%~dvL&d{Nua7u0k6tn1)qs<;<b<%72X^HlOb-7I4d$s!oNyqx)q;f&bN|Sd
zcZ~J`6QzA1Y)3G0w2P6(F9u-xV+j<G8z$RNvC-6qHA&Lj8u1=zxzm{D>B)BNlE6x{
zu!I_H2}M6+aW&i8?Pecwd0Uml*T>>mw|iHj`e9M`e@e$o5$m2m&r43*)@wozgx4sz
z=BL!j1e%5Q18*uhn(0;&JE&Opj_GIZ$~S7(CK?lf%V$PI8l+zE3{hqI+!$3u$$U$w
z9tj1lC>)B00n{aItfBiH7CQ5{?>}cs2&z1T&6}wP-M=|uGq2jC9*Qzn_HgPW-f(b7
zrCK6Tbx4!M;7fqZ95wDTTjoji=l3Pm!1+gSee0<X+g~MtF@Q$<&v;yCgGSN_$kmPT
zc}Cv2=DDFZ^sW|DfzMrS`MR*+*hAY!tfuuE&S24>x)0i38(NAHv+Y9_=n(#!<Mv<y
zRT(ez!`CVH!~c0e=s+6W3^1E*v#pUH5!~JV<FCPP8s+Hsf()2)qNqJbAO^0OOgMu(
z0WTIVFYF26W_Kxi$_uDwe0ed48D_2$M}a#S>=$p@@+RmhQ3$fj!y(DM)&=~cy@>WJ
z8Mzd7Qt%ctniqd%BYpWLu9G#%feyZ9i6&NuP5u_ip-ZT;?w19RvnsHX0pYLBKFY*P
zHaemj58j#iW-QYYWvPj$D1d)ba?9;Iv9`!ZV)ZzZfP|KxxGP2sPWuo5Y4MBpotHH4
zMsUZ@Y11?jCCB_Ct(&;crco5L*ZoAjoIG6=+K0>WxQh|Hg+mnfA{Qsp>qaBYsJq@!
zEa{L-&T)zo-UQ;>&p^zT`b@WrS-H*YDw+e)VU=Qij_dsEnZ!tsFqKNL9FA<fD{Jpg
zgRCb(Amq}<(X^4^O*NVwREwGC3%`o{pa4GX$K59^%8PA9)Is>blC!_CgxE3s8Ab3H
ze8iGU&?qmYYmNsuFtRM_l1PX6dbqqf!I#{K@5{*zGiUSakesB{zycohcwAoH%KgEh
zSwXx?vjBoLeDdZKzE+El1$Cl$y-t3vlXCj88Fj#S){O_Dsbz^Du)cI17kha=)e50z
zABijSiMhqLS@cvEO<3)1-fZ{QSx++iQJ{hz*^`+0T<!%1<v}{Qg$N!~)}XZRm;lL)
z%l*_Ui2Tmt)&+rDUl~3RMabV<q=kHE$7#y-P$}wQ=pr|)$RsdH!)vJO<5`_-bAM!3
zTNWS038Ire_|Q0ZH4euo9E57viN43HM{y@BE79vr+NJIeliiOG3t7H@7KcN2y3syW
zGLwJb%}m-&k8mF;ulU$r-Q@Mifd_y@Oqr2Ge4*{x&2(xmqV#Ibw6)CKs%PAvnvN*F
zZZMLXx<;^d^`z+lV&65ski@3CUV74l4>@Q(6df#og#25p2!rfd9ceX0x50As3UNty
z(P$!@YA-WD_Gj(0rZ&Q)^J&GZT04<5zelCt&ragH6`AA@BJUnGm^$R7GD6-C@~H2g
zEoF1#7d_8;z*UAr#lfRRY;CjL^vF!rb+4T6C~@0jQ4hGofEO>_kR-P!fw$gDDe{%B
z&Y3k$h6>BvU}{(0y^dd0IK(ICZmh9{3Hhx5gOpz!-y>-{B0-y`0K8C_anQ~pc5tHz
zS}4CQ>m`mW2y)_j8Z||Q;REYb13=2hjFQ>DT}G4LdO!35O-K3$V&x&paI^MK4BSRv
z9n4NQ5f_16xwe?JLjeSVslAZP*65XX|356f<iH0unX^@$RP2J`@l?pFZRu@e?l|Z(
z0oNB$_`Z1#0C>m1XAE24)F1Rs=iTJNhK`Z~bUl6(k0JYJK-Yq6cd#yfIs*7U7VNP<
zfa^csQOZ+#&J|oIymvA}v*bFP`5&(nBz%fadO&21JCHFQ6j)K?VGKflv?F)H1)dme
zue>TzJT2!1pOTz&xEj3m)}vv$49$wayg!>W6`nZymW2XR7Vv7TYYGr4@A4};#H~SO
zw=*cuHKXJacu~~#sU)+q)Mgje8&P5@@GTpT<uaWq-9_0)=eM`SHCghAa@+dPMGQ@+
zOy6*V`FMSUuzdLX^<u^w3fTju-jblMdw=B0vnWSt35LeO{R)r2ekRPyMN<Y8IXb_K
z0-<(engn99{WFuj$X5gR>rUA~PEomnhX8UgWy3Ss!vI#;TtTs+^J9CXA3W_0(_~JC
z_U%LdD={C0d+Tk>-#Xu*A*^4{>pq#4%*v6H<*Ol>$J3QP(QJup>{_@JFAlENFPFZr
z3arYJcHU_6A>pz>1N-x2wmjQrCqp!LpW;5&;#D1HF@D7eb7AXlPuu)}+1uud41Ag(
zm36*5KJ70Ymrc)LBbuzN9xuO_FZ*Z!KknmwiFOE4`pl`|qx}YkAcs^|om@Qtnm((2
zTDLKZNyM#Mr5?R+zIUEFs;s+HIqIs~W`+FfQ6%A@z?})Hvsc9)bpBzlNAFSZovD4Q
zmbQ;1th~7P#tQC9+!=81mgW&636FbIA5tM?^!9_|sR36e5v$iT(NE984fT!c@7*Ez
zPHiQzbGM7{R=$BwW)1L_T+6;jtByaJ`4#^jMcQ1lTzwojc03-y|18rCtz<&pH5Z#0
zwCFR5%!N<|==@d%WA(g5iJf25lBahfV~(x0gmANEha|K@nN2_CdzuoF+I-G>4`P$Q
zvi9;Sm`(t8@CmB3+r7t*;buMFSY_FLPpHPZ`cUwn>=r5E0o-d#R1LVSVCX88&UQ2;
zK!F9R&0e5SIVbvDa$@-w4O9}xkz<DH;z4EKlp~QGsqu2lSf&88<t1$92MZ-%0uyJy
zrcmJ9OJ{3&Cv8eyPV*xwL~Tlie7!$c=TIamd^?amJ*C%j>t>>_QQ)f1o(Go&3fN34
z&aEmT$NjIZK`>$5v=8sig@k>x7-xyXO*;fuLNwv+<i-;g@~g6BEP~*D<9u}!Ew>E~
zAQP{@(Qb;rrByDpDuEnNWanj$!11A%>EE{aT;{G8b-9B@6PnvkpTLLAjsPUD5_Gep
zgPY*RsCB&S>|=RvmDsU5ik{b3&JKQWg4gL)e&qPalM$@sckJl(v+%X6bNb@tX6G>z
zykr+w!WN^@eh3REgctK%A#wYnwwnKw!Oy!9X1ZID(%+!G8HX@~t18z{h{f0izO8P0
zU`9KSC~=2q#^44W0^m9v|JS7m$oqt<!8Ls5Kf|-9BL*raF^Aw)zUOziDT&^~XUm$t
z9F6l0hOj?>ZTsOPWVU_{M9J4#<4aZa*-~+oF^^}l^9higg##48&G@l90%9<mhcLfn
zlpUOud6b<4^4CiwJ~us}<xzDJza8?q*TRXfCiZ9`)OJ}P*`m!`R<9iOX&fLL!bf#o
z#cVw_)MzYFGps5$^R8|xDMroJ@sbJCvC|}OwT49|KKQDm%f2`Fw5u3y_0Jdd4%sD6
zH_tw4HLc1LNi1@Z)>yl6CGA^#4|@BOzxlhVL*J75jjj2>Bv(L!V_q}8%J6|o?0QQS
zIQTPyn_p@xcPh`DZ9dxzU#pC#NiCMb-Rr;pXm~CtBzkutEssrg>z)P85IO$ikJiG}
z?)?$I11uCsc?+$5U#;LLaX5tb?Loedm6X?TotNTtd#Znd{*zMs{h_~{0Rw(&NzywI
zmU|niHi9JO5%_cFNJhduNz$vKDQAmJSpyxryusVcOZM3;ftyo(@x>FVY%Z0O9!Eie
zN45C0InGyI05>V)?O>9bWPsV@E&o0+QuP_S3|VnF%aw6;<af$2*ZkZqD_L`Q8b6ZY
z$k{z+QJ2%(ONoHMY3W3Y;=`LGI@$gV$n|!Yu0RkLV}YdIpui<u%UA*AdM1y+ClJon
zuUG>T%?xRf(a5-dYy)nqNs4&j5N!kT_^nrF%UjEnCy}N%EYl8N!uZ7*G@s{L9PC}h
zX4nwS30Ff5)@B=d$p;wK7~#5(-Kw~+R_k(l2o;VtMaWH8pMWcq@nAr-?cP`x5<43>
z!AokJNL<LDD4>F39GZ*{E>ZBHN3`8d>r>Aite`{QmG?8sxf#%4p1G-L+AMVsqO>5?
zvsI22oXcyBQ0(h%=0e+n+!DH%$SOmJ$d?JiSA#iH%T6@-4$JPI7WN-{e|bA(v7RXD
zL5JiVDVf-$?m|8p{(fzf40_t;VRM7O349)8I^L~#OdjU0tXcBe_(R<fl=T)?LuB0n
z(k|06pOv$N`ry63QG>-!w6)cF>bXVP1#tW`rUobmMN=FU0f^X-pR>FdDT#g%wHwjC
ztHt%)xpO`j+lt=OO>wZnU0CH!ocws$B9$9l7kP!zk3=?CBN}-BrLw-Fw2wrqvt}wZ
z2<znyPeyKJ?*|@(U2d!X*~q8t^4=7_gDw2ozwyMpmiO{>P#mP~bZQE?x1w;JiS@}#
zkWrFwoo8iHZkyBPf>$$*+;tY2<lsB7e~@<xncpfU@JB<Iv<@Sm>V-OaJfjo!)j;25
zq)zS=0s9quP8@SY6xl002ofA0&!CRe>HM_!0QB3|7uwK^hED{~X5?Nc5XZL&Xy~59
z&hh}n?hT5njsF*v?|fz-z-<FR(1>28Q&~4_o(f2;?~c0A2%-IfsdO9o*@vOt7%cE^
zSy5`HSr@inHebl&1ai=Rs=JL1XH4>XU_rYG9~3`or|IF0f6iF={<j~Y@BYHLbQ30O
zI9&-5*N3)KS2Zgxk!;_HC~%-(qlu5tbp1b!y=7D#LDwZraLdIlaM9pSu;k(df<th3
zcLH480>L3ja3{Ds1b26L2?Td1*fe?Oo%PPlw`P6)i|*T$_o==2IaS5#RWgB2cCicu
zC@6mi&kyPEa@=}-7as${I+t5NowUZe%1vzmStDkS3LZ}f>F-W9Y({`z)S8&mX4hD*
zwvNI;o3e304Xdc}vGH$36iuMe(;<10g(gH#_AWl5kG=68{yq8<gd+Ljc=0E-8oQI*
zOx%ki@uh^%!*dnLaic9gRN!Ti>ds;8Tqyt}O7?=2T7ihTr?MlLrWrhRoj3K({l!2q
zo8E!v`6c_E_w6lq*Xn!57Xrw8G}l6Nb3&?@?XdRiWr@?bq)N9KAl2i)FTq-!sVhr@
zWrv@qdj9?Po?8U~Jp}v!mU^5$n56Ea1^D%))>4ji;0++2?bZVXkOI*B{xZL?d67<I
zUR@3#R5Xr_=-~lSmsww)c9!kMY^3}rIZho8ZOng${AVm)*Qwr1+%+z+Q*MkwOYwiW
z=8^G0MGyGj+rQo}2x{00GX7Jb)gtBM&^?$UTM>X6VI(C_D$u_<9>};Hi6&nv5aT7Z
z8`o??w=ibo@MS*u?L->GK;(`0!fZ2fl&HJ-{}JB5azI#JCHX%ltVSypNH3ku3LvA)
zn~wwb>s7nbFB1tDgDgkt{F|3Bw9MS4e96Fa*H|2wOEX50j3T<f59W)woimFQ^R}yh
zC>t<Iq0<iTF~)>E{C_cFG8N2dB?D1-#Mc0Bw%;6&J5X`AGT{QWa-;RfP~${S+81c1
zU=d?*@ag9Xz}20*ZgGKCGA1t*RhI4QTQQD9Y%jo=G5u>fJ(?F|_^G;HG8+B<pOAhK
zZKL$I3z7}+{LnZWA^=$Y*UMj7U-VOnSoHf(FN!;(>_467@2{Zx_!li?viZ?r=Xw_c
z<13OY8EBIc+zJOnH+}i`+4$FtVD`VF+yw*0-Lv^u+`k*^z|98N%Z=FngE+9RG4T2A
zOARG#$Yf*C7v}y|z2>~sB4#6J_Fu~}uh7VH9M*IGYu&Ip$yoGFf|odM+}%J<0GYb{
z=kMae7+@-(2DWn1Tm!l&GFSlU(a|ml(4#iT-~V;*i8yc*-4^=q#!LxtQ+cgF*SoA5
zd<JX5taVPtR}m^iQ{o>|8h-Cip0{G_z{a|=m{yO?&+a9CjpaonZX_)HxkB7XP2n&w
z5)~O0`Li$<ruql1bLi(ERex5S-g(rgt_hx9-2Z<6&gFVI>D^8$))YUm?i;x5CrHzV
z))mBW^#9$qf5atD8*1m3yfOdJy}v$+$ag>X*5Ko_e-C`WZOPH;1k%*+l4AUOpg!Lr
zvd6*3C+36!tc(XPblh6eeRj4I!#z@9F*0xwp7MM=;9$$go#KD{??F`TB2j5yyZ&kC
zE-B8xCk0q`A5#X%bMLhpKLN{$fy*%4I?4kboobDtG3Y-}6wlkl$&B^cN;WKk)yOa~
zPGO~pgnWpIKkX1#;DA-@zy<!z_KArUuB*NH$8jaFMjBXe9KN%1>WYqzxI^oj4r~Mf
z{M)xf)}#h)L_}5?-40;6Hw?^*&;v743Q!*Vv0bf&ZvPpNuGo#wFZ-o{^C=%!LoVFw
zdhl4p?zWvpNk(^7QnSvbv}n4jHc$U#A&9iR;RSLbr6>tr+}>CW=vm590|$Q`YEb7#
zd<=aTJel`qCVa{MlvSkh>ZL$zr_-CF@2Kjn;+(90a)-9|5gSDrwrS~k22QRY*WPQ{
zmkXr=?+M+|rKt=}FR}Riq-EtHVBzXHW@jU$5j@)?E%<=BN~lxbBKADzbdWQIysIjd
z@3+u{GF&!`W2n0{{SHDl9VW}t1?Ll<wP=<YoqMr!H25Q_?y7I(PUUqM%k$dmmSI}P
z>R((lQo^`Q#P_VK+Wln;{v;71KY*=Kq3^xl|F$Bgytq2PE@OaLZ+mm4N*320$}xAa
zig(cspr=OVAin>Vwol}7VZh_OYJn;CTKPNBcohO+nI1KXlK15$P<1&=_2#)`wl`k2
z{Nfp-%$-O+GS<DuGQH2ujr!C<D_2YFGKXI|gR90f5R=}8!=0U2vfi^d=#_vNyICas
z`#&`1guVJHO9>VJT`WroRr3Bm9qW4sF}#t5>a(?+5|pTvST?wP;qP>Y<O;iHQ+w-e
zz(p=O&$Hovl&MbG^QvsFfTSaM<$OiAdAg9$;}D0pKszdml^MA)NN^sLVhCRH>~lQK
z<_wsuV0E3b`o#=&QLB+-2<|!X5Du~t1$X~yb6J;aTCbonc&^?4C5b?!ITkUMFcrY&
z=2z-)b#jFa)ld_NHaRI3UmosZNoMJO9^TA?qTw2@Uqv0W8)dKe^Zrt@aEGlv9gH|>
zvSdqB&Dra@`Z&6XLD8{Y&Nk%Ewbk-gZtU>`nR5w^d!zHn;b>1w@k;psFV7A7R9LnB
zUi1dnf*j%w`w(_n`Ca6-Kw+YZ1)_$a7aMw7x<P#0oP1;l4{;qUMzwV#?_AKW?RUgk
zTJPs^e#@=k44tH<WrdD{G_p;V^}k4HWBMr`X>wCX{fXpMPU4%IXC$n{eM%YMbw+uC
zU9EO@>*Q6hclCWPzNhKCb-3P~srd`^8zx^a#T9HGjeR*T-P6Bx*lRT8MmG~w2I8?)
zr$+Z03^4QbPU{}c3FqIPu4<?<#jZU?O}TF8ntj-Lg|?ZWLN~u{Z!o@7V9Wphvx9d?
zN=zNTb+d)>H@JO?chIY4ywc)cVce6Gl@_^Vj;`Nysv&3i&N&)48D!ZWx+flkoj&L0
zI&+wHT^_{M=_;QzQ?RVMoa(6MW*4a81PZ4TGOox<U>WyYiH(2%9VrX4lrYczHt71C
zROZaXd7Pn6y;^Nb_w}IeHq=%YI<Z}c`YAlx_Nl>Wz)~d9+j&VrM5p3f|B`nofzz`#
zbzvulrIn1Kfm^(Hi@VEhBYn0dOK8f1zA^Fl^K9F%@P#zrvvt-F7BdQ&M|K|!N%zn7
ze}xOZrA6KpVbEAUT_J~N6gQd^4vKv0S8p8UE$?{uVJJ!+Bg_HPm2nVQh)HAD1Du&i
zAtSJooV(Je?_lC^9T8y!8LDvQaCjolU?6a-db=ot$~sYs+1S8oDCdu@N?#IkYYX~@
zW-LaQbflK6ygPe{iuyIEKm0@TNzcx)Y2#pw`63VRr~0a^ZoDL`RFiG-`mXxo5c$F3
zQLBe5U~9;4!(zENZI#hiMU+c8Ycn5-D%FzIxoy*zveBe!A<R13@r?ykqiO}g`kP)-
zR$;TDq-l%4XH-6)i-;~)e$yfw2*Y=9e>#aj{$ZRTeoQ#cmV6Gnexse<%qFpF#(l$=
zSg>MiXQQjDv#7f|`A2LsMw3l4UFJU5OmBa<l}3h-V?ldW0%>~_J7r#Ebu2f3P3IwZ
zVE-%G21I>zi=)oy9lGBalfm|)=lZ9e*qRv|Oul(YcjB<UgTbn|rGlk^K`~<)-QdWe
zL@UYf`i`ah6z>*~o9oLb2fdobcS??SBYUfzsh83lC3uO@lTLP~Um~xQuP;}NYZ<So
ze&@e(6sT2O|HCa1X5kZJPOVoUIrM4`X~)W^B#Uox?x%mY$HFW5Gi3bR!M16m^AF)`
zgk^B-m#JZlh;_>LZUY*A7E$H=Tf~TUrAsAiQ#EUB$ck_~&}yY|^?rOc*+HACxxa|2
z%qu>gna78^XJIKz_-@}54&xtNTG}3aPCQ*TO`+cGXVr2GDcx(I=!cI0>EYD{RL8r}
zdJjKu^?j?+)nR2z+M9>VdC?gySS{C_`sSZy*uyvap9?%&I6AHm^z@@k1awd0o%?iy
zpstfdRdI2+K)lGrxv{Q8r)PSMa24(E1#Me(1}y6jvP&s#aeB^bv-ICRV8V<$6iosL
z9ZKueV7F}(2qf-=ik+BZ)*9(>m~g7u4fe053{#1B+pQiK0#3MZGw$z`s<wu!a>ACH
z8!bM1W`P3v`nbCYY(b5rkL2&EssD(ns^)D8(hoRHOw4`#>gi<~?qp$MW<zrlJa8u$
z5viqeNWL%cy|~=tfGv>8Yg6wYx@adevFcSy>Fh!aTYT+E!s>=Ar?yHoQ}P@_pqaA%
zmL>eDL-mgEb^W@;W8^`eGTYQBM8pG)E?^<y6Sf5O3u+%`A@-rl_IF8i(YXwz+Br65
z8XOLEJyV0IG(nwT`U{-riaXUPd&lRU8@=(|pi+-;ovrG3bh}WeORBx}`z<$B)j+3{
zh=>ma6%M`nJEnZ0J4Vh1re=00<1H>Hfbww|{DCL0Y5E2M#9PSGYCEvY6>2LZQL|YS
z%j^CAc7XrgcXjx2eeS=X$l+5^t`v8i^ze$}u$+Vk?MS=NU5LTrtSv%Mubpg4#E*i-
zShZjOSk_%lP#3Ca3}lh6H>N?I3!3?|&3?or?}o!ypZgG&plNSv#5-5cp~#{RlDUz%
z{M(=9O7pptDc7USsD8Bt@?PRv_q7YIa^4<2*B{9<uQ<qYsQ#6>H+G~W6~l6O<4yC_
zqO<;{o-SWQG|EH?mj6{jy^Ws_)z_*8?R$d*TdSFwirc%Vy(1<RTH&Q-VX&kdBqgdR
zp}o=^@~57&R4T9}bb)tvHhdQ*>8HX?D`wxE536LEwUJf5*r(d!Li*?7^VW#)kT-}_
zdehNAq<r=(O$Wjusmigr1)8#-HmPmeiIkwK{P4xfEi>$is=lhZo`y)ZZ)9jcnt!g+
z-Tz2hIB^CdCtY5l$=O;e8xdzDqx~8N91BRTtq{~d8w)A8LY>a88j6{bI+;JvUypFb
zp(hk#5L`M<xi|k~MBOnZau;Q3fcI71&t3$J<c<>(q)zcZHAXA%=gnnz>~BSaC(oHF
z@uZ9BYwl4Z`8s=l{yUO5r_aKF^%z~=0zp5j{Fjb;P6A1T5yBgItnaF-tsZC<yF5}3
z{cU6p@UWCA!FFU|O;3iP%je!U0iShN9=boDa}cj6bc|Q1v2s7DRwh}SC(Qi$&WUP-
zXS#N-<rVgT?Mccvxv9Vzmtp0$jQFXlO?tZ-7Byz;Tv1hz>KmbZYOdnFQuI^8SR`!@
zoKPo{x7Uu2TwV-$tjCCdY8QFOZ{9)7q+RiMRjAYXpMyU<tf4v8=}y|Ci*LyP#yb8O
z{ob+)-JsB9fC*JDT<rNZ`@>*zMpQ+1O|yuUh4-OSYd~i=TE|UH=&c>uDxW7i_os87
z5FWUMh&{vJ^_moqw(tN4OnjXi+Yv*yhNDkRi!Sf7gwEx~bYG)?AKJOdScW*zh%-cF
zU=R4@3%OZ{jg(8MYy6#e>8H&ZQYS*czu1LxoxLMKeZw1x=BlfDrHfXX*=%ahnq8IK
zH4=jI9_KD~%m>eF&)!wh?-C=yW%Oug*dXz0>4$J0kFv_B-v+lLYi^%fvH!DN!o$)+
zbpF>9+OxYm3|sghRiB}+4ShW(GkWzUB}LmqC=8+HOwL)D6~?cHUH6z#Rnu#iVCsfS
zDw@A++-qQ~#J7-<2;K>|IyEP`z?O?i(Qt8{-=298#k5I;@m*i!=tgKTX^j~nybZ5u
z_&rcWnum^<f9IRDRQ9nonq@k;y^T^&!u0*VQ~%1o-5tZZ$p8dFY6yW#ues>Zx&1ai
zfJ1-Zun}dWO!bd!)<I;CS&C68qh)+ZH(N8Aw(Udge$Nl5GkxQ)TNn;=pl`hruSFly
z9*2UQH#m5~JF)N3bF->7rStlmyP`~<ZhnWomFDK)WaF!f8uM}IxecEdIt@$j-S%Na
z=Xys~#3Z|XnKXQ@EM@LSkkyp(TfBp9x{Djvqd_fop+X(@wqIsBH$J;G$4hIWL^R$b
z{X~pQy2qe->^RnJES<m3aX?`wor)URmhZP$#WMFQ`MfL5&F|2<fU++Un&>|m#^>(B
z5Fn9KP9JK=`ldp5sqMXzvlyj9pt%KbKM!g~?%%?__vk+nY*|#rI9AH#%2sUXx)CI=
zD-W3jd0<I<)E@FGQ~ESm^+{SmGop8KtBju5vR_LRv%S%%v{iwbDIu>O!?(eRLEqY1
zb;i;D@H!S$h88Uwu*ZAP*^wYDMF~Zxgz{A!Q9L$g)Sqw-u?l5R?LDTnXcv$&scS`p
zY0kG5ru{b9&ie!-)mU*d{Ek*JBKx2E_p089>)REiN;9UR*!)5){VR=UZ^yHBzb5+j
z19+{)65XV0J@_zM`K+r9*SSD+h`7Nk(3mLV*zY@G>BkIKJ>m{(QcBs<SxS!Ab|G9$
zaY0GBxw-Urfy%P(%&mXFmfM>ZGxYOu<y%pqmNkTYq<t5seGB55Aerr!Z!E}0lIFma
zKBpk>!WZ>2TBWnS(1}lIFmr+^p-O2;I4RPDL*K<e9EHdfiO_Wu3K-Jq&}{KwTtvqD
zPod&2qF@Q$UoU!taJ3!aLgcn_v(d;ZPsOICYmDO=&J<`8COHfiE;X=|bBEb-p8p()
z&#*=DsMhM&HTd_MVdh_E?$=GL6o|gj&Da=Gh*SMZ+P)f4%XO~e;Z(#T8Z!o%m%8{h
zS#eg3=2%*fp8S=?YIB&lc?wDrdCFhZ;YWGyr_pZ^kJ`@pFBG6sA2lX_>9sUY%!k<E
z#?&W^A(?BDFMB&e_2d(dRJVIbSJ~cdoTM^|r$li&ctaBETCx`k@Pt2CZMJ0l*dA%{
z`Sv<B$0tNtPhfatDHc4x!~NU8nGr3)N1PVegs5lHd@Cs(00}<xgs+V(H=WXe3~^c<
zE_<E7c@8^6DLip~L*@a!IX_!TUK(H4sySny*_7>UD06Z{S5%LO9wCn2p#1_iy!M91
zZk_~MYp~V$^N*COsFxvIf~7Goc1irRoE;OQ8C{-<?oJ2p7i5E*Jk7f}Z)WTAE|WE;
zPEeK8mwl>D743*JKgdkwl?tXcKCS0Ayy-gKGML_LDenFCe!`kCk(*ZK`)}kE7vZ{(
z=z&Hh)+0o(*b)B_+I7am-90$wBy;2!E@x2KB?dY@a#uPQ^hVl>37igq;tpua>a(Vd
z3ck%W4LFl8lEDhDoD_Zd^;|X)HOUH{a*4GnXYV->k5y^Ca}&@My+$><cd3@ntS?A5
zuTuGw>(TmJ>YKNarhr<?oYJnhvm%5|*MHCU_mz2fK8C;U78?G6eSTZup+$1=fXEEG
z-5nVN!RI{|84tXlyc&+Xd<a&&B?grY-^RpzZUS6uv}IJAKU?g@lh%n?LS?zvCEIb#
zKy!qGvRxato#!Z_J5=8h-!*A}7N+=2xS%$DiPptl^aBq6-m;%wU9@r`TMBn)!Cc2q
zycl~JRIi-4?88d$>Vl_FD68CKR-l=ud9fClc-%3WPGR@<p*OfQJvW({KDP6Ym&7HV
z^-qEFs{5eH7kAjHKj<@bk#rWk-IussXPK$+8qS(ZWuBb)2eLoP8_*K`tBVOucZPm+
zH93fmldZVDA|$PmejxES>Sq6oc*ls^Bj8H<%z5oCPLD|My<O;59&Je?3;q1Axf6|l
zS5*gX7f<fUNxAu(IuA-que~@8S637_Lg$23<&xadb>n_2BgolWKI@vOo2Vww)`|j-
zEc+1_A*`~{l1#+lDxP#Q^`mHnsXgvD8|Fuk22>hYv-cf!617+>`||axi++y=sDW9$
zne;2}R!EzabhwYk55Dx*=2!vqX17x)-?JOhsvU6$?GzsPdz~zYQ1;%IfBPn>^m#3R
zk70Ow>5F9gY$$6(M=m@&?@C#8sr=wm4=7Twd)+NRhSTtCH;O&IFnat{x!c<W+W`&F
zzz!DpKV7`J9Z`+4>82hNe||LU2B@ih`tqI3^lo8&=2O1Dk9+cP9Zh&DI*&m2hMb$w
zc8%&6L>;jv()Ha>dHbJIf1!w=cN^R^3*}k0k#9>gjHrefR)QCBV4v}sItmMqJGH*;
zVi`J&5-zV`pnHIaDa_q~b@$qt0ui{Xo5xtP76nq;v*_2H9BgUvg4By7`McZZ!I9CO
z{YRJ+Rb&oO->^U@iwXRa-ZchF-ljNtZ}LkKbZ4eH^1Z+G8px7H24Dq${=Zl;+nFeO
z1;QF|E<Peip%45k6ip$V+j=-2H@6$8$h*;jdo>(M!EIU&cZ`!5NpOh#uqb#cCMO3V
zF6SKf4A+SMZ@#-59K#_0AKw`2uVX2BcfRVW=zN>ulejWXjZ@Pq-kG=f-Au0<()ch>
zmPTPIhobwO$=SoB(y2y}ujvmFM}SL7Qd^^gjxj1?G-wH7!{N!K)_2nj_=bjM^VGm}
z2_fYD@m)u!4&1oP9k66aPZb_0qFry%d@cA+Wqs7O@Hauh-x*b}eeN{E%*+p*5Ocm%
zzrwELn%lsK0}<hezuxw1qTpkK6s4`8H=(TZCm-tr7sLH`DDK!L9C}9`WOrv3!q|5k
z*Bd>%6!4myG8@t1s;v?|FXY1$J20&jUz--g#HFXYa!8imBgb|TH*-BmKEC_5d$c+3
z{MZoHSN=w3GfxTbXZl>5Tlrw*`}b{WDDZ^J{x*wGebr}fSC4^JmrXu0m9Ok%#CTP^
z>Q}7w3A@EmvWO8K4H6Vy=T-XOWc3qVov<L3|CaOKvCbY{rdb`U(u1MyFRqOuEdP*K
zouN2tjv08JC2XXdzu{P)?s_Rgo=eHUFE3a=wq!M&@_sQ=XUsvsql*krWsK$d>?o6q
z)C=6Po!wE<lQ|%W)c00JzHB|?Q^GY9$;u2OY_565KBwVmWE&}edHVACkKoOvyw^5e
zxmt{1Ka)ADk}<yn6oi>-ttk7)_C?l}v}x~1w)8|Pw<c^IGSonHl<gFb0<W)^2=-+_
z*g4Gfw-MW_N6J--@Z?uZcnrM!BB%pRwh!;pHvWmZ`~DD)Nb{L5%s~_$Ey<IYR|qbK
zaZ+T34g7CHwO%yPE5q7#`T^V7y@P25_#!j=dxSO`-44YVwp#k-_7`b)KX3(#7xD?7
zLAT@>MiQNOx79E6gr-5D1#4yS<#%_fFqM#QXz}3vMe44qsu_F56<=E6uv@VwK3_Mg
z?Kj{Rm_|19eP?>Dq&bBcY_{<?zc+Xdnpk*~%GYsl^-|G}xL*pA%nsEfD$bk$R$-1;
z<E?zye<fqI8g(^?vo<Ynjd?L;cal6m53dbuR0-^bp>A4gN)|C{J)T;{0eNbcXGQBD
zS0knwg=?85ZMwN#ftY3!V6Z&Z+2=5F?!4&AoXF5>QoSc0a;7^kCqACNqUWmel@u$h
z&dujnCCuN*|344O<^fK!{@)JC7ISs_q~rt~Rn00Q%PMF0#m2yz)yROH{pFZy;E?Tq
z@ACei|MdSlS(}T4<G&8p=3wLezt7cH{3P=K?;LF<Sp!Ea^7laAivN!@wb{7=wETaZ
zshwt~jyteek@QjSD{{7kf-)vfW^k~9@JDogO-JqF#*+7DI#bE2+Ri;fi0r<ZndG6N
zU#;YP3&<r9g*)5Zhi~KUy*x<?1Jlbu?-XvX9!~A&kMooF8=D%7inq2fk>T&y{@^YS
z784cktJiZ8E>vE;jU8>v77|u>a@x<dT9T`73jA8f7dw*E)JTPiJfQz25%tYE!(WD@
z66Z!ap4x>OyM9TJpo=aNmQ0~n#G);T7$0nT^!0p(UVDZ25nDj#wh9~xWe`_tN&SQ*
z(6zp;)P1j8Shf|FTbNp{%QQD&zZ}*-u!&EjC1R{q%Wld8GD+<(c9iKQUOFZd@`(MK
z{ii3&=g5QUC~HDRCsNEs>=QX=OqV|UkE<U|Kmh~=g0HXP#fH$DjNnEHlIdL(Oxebp
zXy8R?CXNeDT4qA8d*Q{x!u^5}YsgB1K42jSgm=c6Ip5V@j4SzD*vTl=G!sIh66JXO
zcuVw?IwM%f@T7?(rhNurL@-#w!wAS90W;tV%IK`*%=r_=FG`Z|i;aiXbK<#_3-F^@
z;E^z~>^s>;tM{;e?FgHFYym4+)BZxjQs@FEYop>w5lU2;94Ml4eNtxQSdc|6Y+Pmz
zMAA3oc|kNQwIqH*>t8AI&5G}b7P4yU-_mIsqtDOj)yAU!=QqC&W2bcU^DqKzcvQvg
zXF037Hz~)KkwWCB<mEJWzsfL<Mvz1CiMmEXdmN?jlt`J^f`t0tzR{UJdKQPnq>~8g
z$Uj`tw4BoEd#M(oOkkEY?P3ZRE;Cn2y`}@_dnYwVcvwHANCvZY;Tm-^R7Jzxqz-W-
z$i%;YkV7YdpkKTZ@sNJ0=L)-49mAV+adKm9gx7bkn(n7o!!ymJ*$)pfyVwiveTDiN
zXg0$w?8FsnrYjaF2}W$i$c=Gp<%&e*GOrR8qOgInVRbW`-4qFQF<(X8yqD@#UJH@%
zgkqOx7SW3Hf7)VhV8QpA8(vI0;>qWF(>$}V6gfa9+cHzigZOK9ZeUA(THY_3|Gezi
z5ha?^H=ru>>-HeDU$7u#V->_!2!il*>l=S+Jm8fhL=Vi)&d$rrD=V|Tzdnk1A`lf7
z<>%)IgTb#~zeYensBwRvEoS&Di}i?^6!q}TrL%IfNYS#hXN-tLD~uZ7NzHx$M%F7s
zz$;HK&3(Q7m5<M}$IUUorc6vsyq@)LJ-yxC-M@S}Uukk-)o!RT>Wh5uxUH_G<;c4$
z`zHI(xJ@4Yzmy&J+hW%W4S%dj^jnwKYfb2Mq#*I#x$I4vbOxa0%ca5Ec++DVsl<IG
zkfOsqcWth!s$$h^4G0P<SFh|G9hDP9C^d_WvKeo$vHoVgV9-zR(a6}qi;IWH%*_0q
z<bBMKAIcgUlIyuZ;dIJ%TXtE<U|)&dcN~F7r`C3}+6k*nkT8MDOt2*l3wZr?_3-ey
zzm5o(zBycY2Q);Zbcm49M4jCdMgBy4%`kiw+*@?SuKD@f^$!2LyE~Drs2ph*p!Tqi
zs;b7x#D%=-bwpPAIs~Bj<ZbamDO7XD*YF`VN2UDmvRW}|LQr47t_^fjK0?0vi#yNr
zvJ@e5LUu!V&pPzL)c7|ZjX!O>b;Fd~o=oPDP;4>E!X^)(>$F)-?lO0|I*<iD*0cfR
z0*1=zA6c*@0molzIE`08RGxv~FTw1+KFVI<*NzU?&R@<Qa`<^TU>9ETSaW+k{=Mqy
z=`q%;-`d)W1fwJl9+>8**=O6eV0}asG(DAOE&dEw^Jjr$`8(UB(&d^lbjRK<k<GUJ
zqsx2EH&y0A4t{0D*{US270(aVj&n+swm#u*(f8Q`Pebk`k7ugtin~eq&&MH4Eo`2z
z9)@N1LartbvK6T+KYF`)Zw4}!-YRXbdH%RlFlL;KIULWEO}W?^lm0-2LZ+*$i;9ZM
zwqRLMaWl%p0wSZ+eSP(r#J1kYuQC}stYAot9caPA)<<^yy21)Jk=SlzahgN6<s}2l
z{;jyrjIg?QZNpv~+8V>9+p1_qJ!?6F+eGJXf11x9LLd6{NS`lmyH9xHn-C&%TX>@q
zIv4s-q~Cf=ntRHMtm;}nq_nN6)11TB5kkx@EZp4PQQ=`>lb^QNFYX+-hy4arHT>M{
zqa|l#Jwg_HL;HpA@d+92jjNFS4$0Fbeu0JHYEKs*r0rO9@mr9@eVZNIRJ=Um?)SHR
zXw7tzHVzLydhAI=1Pp(QC>J_S$?R?W_0}-De`to|Ftey=|L90|U#M%${+G6nj!t60
zoGcfNEPpHhmyN{hs@rSug7AlEO^EO8{g_8n2b?`uTao}QNUB)sr{J<Cb}QkRN@NR=
zF_Ld+=-@ysZE<l(xri(lF)><fg^F5js&rk0R)4sD%B$`Dk2?H=LeMC=oN<s5oH!h7
z^MJ?5=7mH{^pLAbWrl5eq~-!8*zd62uo9n1U1&sI6fBZuzu6nnfTQ}uOjms_f(&j(
zB3)}Kg4*g4$rx$xW6|OI)@B2pr|`oLl8Wd4vHAFSWN#e4t4Z8XCwk^>u<(dg{w*zD
zo76E9xtW>zr|TUJILD@$;rD5ZUR%0#wTDGg>n1rcFG;x{vd#L`+=QX66-nGdYc;B*
zszJSE_RZs8;3o!;GRw+H$;jkaZ)_<gB_zhDr@PZG_6HE7nBNBPn|s)kENF7!zqAq}
z#5d^r&fs{gDq{xOvY<JExP9|NB(_WrB}vAkOHQK36vCDygMop;5JbGs3q2%!N+tS|
zP?yrR^s0MChu_%h9J|WjNu&v!+6=DmwjHD!$h;NDM{%9@jDK{p-6dIEg5H{sKzGNp
zL@g~D2I9ovK_F0rqiu1A+wQ_}y&d7^jD{7Sm@yJO)8%5vK;M~bXJzO<>b{*ZJFfE9
zv$s)F35IBmCWMVJ{OVv%=|K(!#uL6I0CH3Yj$75){S*vVeEeHHIGy0o51K@YfD&#B
z?hjA-6k8S$`}Tq`yEAT}Lzmils#Zu|UXQf$=~3FkAJ-2KiVF&YAxE}|gOaQLpni}d
zybjd<9Ljfp8SYe+6`38HZBwab?2_6zvuLnbW1&21So$+BuXkkyOk)GP#?&HUR+=4r
z=<E9p9}<2_<o)~1fkVKNDjqQJ--(AT>~^BTZz(xBf3$xf$3*_(=t#!z4&R8lRA+N>
z>r<jxyWbsxv$3%Oh>UP;3d+jH=H|$;b$lsUbxlYV(1yA`*a#`A^{iD;<Z9btLsLtt
zn%wjwBQ7dq5#yk%iSuU-*)1C2s6uZ|s29qSEPoZ8cuj3B8Y(LC-4q-vV56*8n-^wh
z>k3Offf*`2o%9xghll5Oi)VBfzC1A5{QmXShb*E}WY>cFuF2q@1(OA~`qI;;icq~c
zz4Yhx3;)J%>T|1_)f|>$IweiD_z&=${$te{3Ci*9Hwx)Hd}L%>;vQDt4}B5FrEtzQ
z3#+QmcPD;EG15p%$>ZR$T+Z3Msacmc6@E_Q=6mUr9w;F(8%-`7!gd`3#)WV>9KS6S
z*~UAPu03(P#uoPT$JfzA8b%+<aRaEoeYo$RFY+oK2g%S}0Mo;1b)2u>Y^hd$Nr{Zf
zISe&|>H79@6r)AJvqgvLfb!U@1!2vsNf4FSCv9&J6wW$cTlH}S*Mw)=xfO8iS6ZnL
zamcAIn*F#L1glBZ8E0u}eLF{yOY~Zf+FDs)WfheTB(Sfxr>7?`i95G;^-1n$+(2io
zpx)2+&Y3?|h&4HafDAqW88A{kx7VY(7>I2Me&?r!kMNh#U!8eRVdsC=V&$%P>;3nS
zMNR$PypjC!G1}M|PjGF$D$mmhz7Y~XKj7tB-MHO+l97@MjgH2Ov*6L+(WbJ+9lepZ
zqH+20E7G5&%D+Y=3EYeHt7X)KdaqQIsz7pBCeh6V@w0{R&hre9S}y*^T@*Jb{f}$z
zjBs;yC>uNb#uo#gR}0l<82+>DI<hL)g>gDoZ#~<TiA;PRZdj_gqH9S38xg<(aix*s
z`xd9wb>+6fFA%kkWzdJ#Hr&WTbv<PxxyBKv9LLnw`s2Dc^)%7Zc{VJSAi^l;1o_rq
zNh1jfosfKjtcD#A4{x1Zd7BBFnd^E0FK>R%3ZZRpZ$eD;o2<)kUSYsG7F2f4`%bu-
zxM8p4^Lfuye)@!Bk@+#usy#9BJG*BVyjCDe8=75?uH9M6AQrK*>h{FXPtxZ8fz6(G
zlkM%kgQ-1iQ<675M2u&$l)!}AbTNyAc+g*MvIiH0NDh&p#hrh}SDf*5^5Y}Me&(D#
z(+2Xw>p8l%XoCR*Y-+^RS~^dPBiS-^gt$1j1&#?~V<TEVK5bc9%{>3A#Bh)eUi|k1
zOqUuL@hI6p^8Q#VJV(_ch|BLM?{Ch)A8NbWJcEAt9+H!Kd3oK76A}>(3=L^%Y5DuO
z954TRN@#)}p?VuySfEswNrQ3c4Gd3je|$AQbTN;}?7hEpJ9mFA*q5`8awE7FTktAG
z0;P{5313V{XjVQ%{nwY=0B-aCyNewSra}+r@}ll4P8G1-8gx~nrL-D-CvrN4t)Vm`
zDY?ozl7ka*L6|R$fVHeJ*R~G2(guJhr8fMtT<HX5Wp7+PNlAJd8pMaKnPRomSVp>v
zuG#sK`HZn|Yu_?|LD5L0H7>ZQx70#f18>in9gk-gYU&%Su;G`96aDJD+Mb`JO*(@=
zM1i}F%*}bL;sNjn4E~u%;!CXkqo~-}scJL%(-eQi*Mmd%XCOVALl{!vV~{?zPuEF)
zoxVeF+fmnJOaCX%Q2zX5HtkVqSqc2B8${D6uraPNQh2k^b1Q&@pL}K)HoAf^JOzAu
zLh;sVAuh*E^z^UVXmFtR828Ned<2^<8X8J&w;L4uT5M)y`N2Qz4{iD{Qq7#ah<F6X
zkLt(Wrr{|}0!lKl0f_LE9HRd*2VADpbbWoa)Z}u)Ku726!{_yvlao`K=Fon<!~5{!
ztL~px5`tYR>0*fBa7zX3!M@F(=BlKG{Hd6oiBF$ezqBdhuy~K2qKE?h0nFo{qrhyF
zKftpk8nFopNFP9%IF(L&lTlHaNfliyH4s8O8S?1T$`lKWFT&_I&{Lm1+J{Js5Yni9
zU`SgGTul4Wp4EF{Q#$H(Q9%0X`ay&igP_Ozo3X(`1|}vMdHMRfx_A@_?;S6`vOf6K
zE9E(`EK*cwxRs;03h`inExM4$Tq6NvK^VOs#DNOf?c^%|uU|#9wMh!vv$C>2eE7g&
z5Tub{rtew$787-p|0>%nsp+|j)W}*q1~q0Gwjf1ag{&WB_&;m%<@w1g)Bo>tVSfG%
zU@XxHSo&v1-5<~Y3~dd>#>K_SX9$3CaNwSGXbYk9IQ7Jv+Oy~T=Wc2{<Awnlo8`Cu
zp08-qRFu_ZQ10UXqDO<feGi3*EC-oluS2;__p4K#>W4Y`TB@wZRjdCZFB{gmw4R-8
zLK^1HuQ*jFY^YehZG?zw{hOQl%ri!YhY>*}$jN_z@p-aTKi1brd+UROin`e5^PJ3O
z)qbL`p^=oFY-wfnF3Gjk=484sHY7yy@!7a~AuurTXsJG-SSPbVI)O##wKGKV6_@Wb
zL6vXLV#m!lj9#8QdW3<PvLRV<rUq`oa*~5kvSQn^9D%M`3nUtD)ly9ajjeZPqxyUa
z{c(TW#}b{83K@~VZu-Z2ZeGgGU90EZUKV#(#9M!!Z@=C2YMym+tesL-!DdDws)D<1
za^xjJLklw*iod(Rr+xd@*vt$KUcGInsH{v*UcSw7XEX$dHcvjIthiYEB<A~Xim?~A
zu=Ze&vnhrq9UuBfUgse-7A=Nt+mr1H=8C9J1d^DNlCMuCNcK!B@BHJ(5B>KOz_t;6
z-^tc^XJQ#;Vq5Mfh!65&s^pZ-ymG0_{<4m$&wO0kv~9mAn}2F)mOdF}VA_7>4B;?9
z0_c~Tnwq@)*zmB7$Z`2eZB=k+sAiS1<jwI)t^&^1f<ejiZon{nxZ0l3gLh;2IC-|9
zxY6*!$v4)kJ)4M?b2h5<<fs@fO@N(--E32Z6%`c$43bk0kMFZ6x5Me#oMCKl$OfWQ
z4EiGd;oS(`K$G4d*$3U*_Z(ksK+N3i6KX|vuX7hbnfWlu$F){-0K2QHQT}RYS_wyT
z2H3S~voX*cP6<iLkZ{Fye?Eu|I_WdZGjpCtgkJ6O?3+fXadMXC2H!KgH_1+Me=mi;
zTi3LqaS2Owo~qz3__07LlEN3Lob=o^&O+p3$ll#vy+7DcwMnc^LoTcp1uXCN$=dVY
z6s_gHii1OCeZ31nK9O0G1^TPI0Fz6&HtAXXciUmpMN@m67sNOJ{Y;)H0h(}aoh!Ir
zOjiYW1q3K=xf2$4Kg^(Q^D9<=h8m48(j!Wp%h1>Or>C!OkE94Y%6c6!Ffv|TUUG79
zWIyWQxIq)KIo`MMz8;!+F{P2yC06xZP_$mb-?1gMHD-*Duk^&C!E|;0ut9eR3TehC
z-nhnEZw%^9@(eOqiYASa+}!T6M1us}&I9^3CsaD%VLOV|%9ody*VQ%x{rDim&3r#$
zmKJgQLCn1WO4$Qd7aYlayBt{+FjR)I$lfO*^}=u(EvE9avnd;k=P{(Dq^=Jax;E_B
zhrVGL2O;_$3R$<SeKtlKJj~1+{!r8KPOp=>bi<#R3)#D$cojI|-Z?ZfvR8mV4pxW*
z3k!>!y+3;cZXrvU9D+&wujSuB01Djh6Xx~K$^uOSqOPgA+UApSoJ<W%9y~v<t{GSq
z4SoX<^~(QLwgS$-W1f2{Ds1C`yYMw3#OY-95#UWuYK#sKH)}rAH{?<O?e+dTxRfiS
zZH6n>A35D1e0+RoNQvb8kdTm5v;#@_DpCKaFOUbUJ*?XgzRBdq_tv)zp@+bEm54W!
z5@-Qn+&uo%g;zE8&cy7}g0Oz%yu1yvDcroFAulzj_yaZn#%MtfiLykJRe=ucwV2DN
z;6v!>=@H=J$8}QPW;Qmu1F$*<ABU$O^cr>{i_|zM4?s-%>|58PJliXjXR$nmwQylQ
zi*+`{=5~8!vN5mr(^FE2xyS}7Ae_j?LGDrD<m{gLtb`D$Gp>CBn<xgz<-y$d9QiCi
zhe4~2i%Q#MCM;In=1fx<AbFrkr~MDdahbb7453UJ5i1t*iTIEjo2BdC2;%P9(80mM
z6dpU<wN|gyW;Yy5jRyM-V2<3}+zjEz(mz>knMVsF{@0@l7*(Q5HRzCVaDk4u|2loi
z%)~Xlz$4|gCW*Fjm8W))q^Ps$hdtZmiM_+*vXJLX<`y|aK`~0m!&x60e5;a_q~t<{
z0WhjbgSsqEM}r28zmi=auPhA>g|(MS>FTal806TMemfiox@tcf8)9x{)nr7)%S%|*
z@8IB|F30I|tgWOp)msRvw|!@qLn;$+ye}L9=4BG!dP;}q9>t6H7rGZ5lB_TGt4ii5
z?$}F|dH+~<E_!eN*LqhMmpkfIOpm(CKQdBI5qs7~ySr=iOhiP){c?BWP}dF^z$`2*
zdwY8Uo?*<msBo~b{iI$(P;<;GbEMWNJr$*I5LeIie&z>Yyv$p?f&|&7nMg!{4?Qe!
z13_<#Oh#L*(cDp!ixTUKoQ~JFCqi1C7G7~~l9G}JIFa0X3KXz0FkoM5{Jq?}c(`-C
zRq`qKiWa*@ng)h|2>#LOhm)B|$dW@}NMCv`AJ$SbIYa@23#wmDn6H|QJ;Njjv00c?
zR>|(0hbE^^70ZO^kdpia3#nZKU?%D+ClU?`R8Uwbsc@({JTkJ@+Ea5TTb&AViJTVG
z2ELL2rp1lxe8NPduVH%XpXYBY`a#p85#U8j`&MldA&Hb!*U8Do6o$x{BKqnFZYZri
z2eUXtCWZTTRg7o3SEb{@EMVoCNf40I2mo7ux`mM;Zfa^;Z@Xf@<%{)SLj&$g!6>K@
zbcAdX<;c3E=@NUp@rx7={LQ1!UC9E;#N<y!1zW!qEFBY5O-)U=jy;U)VURprh4lhQ
zB4;-+K3_Ur7@7%)kmO^g@V4y!b`ifmU!#fFn{`HnEhZM?VRAnB^?(4OYiMNTTgh8k
zKmCK*(kQA<K->%n5AW;k1<+T!F(u-EE0BKBC>VDwwK~u)!j5dev}E4iHYSJ8KJimL
zw2Z>=l@JqDy~Vv&fzA*%@FM^bSC^Mbs@7#_9Dz|El>`GwkR>H0<gpg0|2;{hPsQBY
zyRsxwok!Z%H7N8|8nh-Nt^VzXK>(T*n#F7fCgXW)nd<6pBLjoa>U6(bV}tki_uVeG
zJ7}q}fs`o1pstBnf|D-r$3~Qp>8Uq|70%p;^g<sGYZcTeGQa(}udEHw-nE5orL>*}
z{r&sb&CM-}D`0E~=c=TvsL1_lU!~s@=IQAvU~7u-f2NoGIL)Pxer&|jSeGfTF!i4v
z_5%xbf!1)xz=fam3kf1EFrL2@YCyu@a1}K-lT^Jh8^vr4lJ0hWws;mD)HZx2K>VP%
z13-S3Fra-wdya5F^M@+t2g>w%4Ug3Ga0!^2$WjASR+J5rn476)=Ibqbpb<XoW4_1!
zE3G$DZct$~_4^1W`S(Z)PZ!1q5&_S|p08k=!oJSVuTh1i0CfDAd-?8Vzz-f(P)`1I
zpfPE#>e&dhCwsSB8%%vHnBW=crlmq=th|^9e0j5=Oq7u(Lo~P0Q$gk*xXBv4B9!ig
zj6SFSE8Y^#U_knPe0-!RMoJh;<1j(>Lonk=0%Yp1!>DY={g|-TMM(dtM=w$YPEz>I
z1==lW_YK>&*Tj7<QuFg&YwUL_&(8mq70Y9-6lG?h?;X2;{V4Zas2`al)gNWOFGrbK
zS!bskqW$~P2?=xg@?@0KEVKmJ*sw`>?JFy3^CkN)HbT)B33DNLAtLrp`N6_7ia7Eo
zK;cz1x@_z@H(WOE%yvjvA7C?>iQ?+$0n=UEWyj(k$CD)>&(dPMV>uT;uc)LS1U*{(
zv$Z9pigB7+4gfprg?hU+P!gX0T$xU{sS47|oa7A&pwY2OMc3=caQ(x&H}%vYG*>do
z8u49qlu?hYB{Ir-prA(9?{K^XJS%?$@AlAKT-O5G)c7EZjyvDc-VWnEPC-H8H~)2L
zrtI)lMq)w&0ntHi=aNDA^DbUAX&=rrNVX9>>5T@N!=6JNS0bYJVDZq2PwUNvkF*ir
zkay@AtD^en@%6UX?%<l|CxM%aHSt??+A)xpA&+A*vA~f}Ir!76w;3^1I2^+%?D4I8
z+m*bY;4j2*G2p{iJZd*(k7Pc8b$b{NgIlbPrmdR>iZwfnUu6qZrrRQA-SKL4bTl`Y
za<=^kCp+L@=yde2gfoYmTh@+COj6fWVfccwJ1Z%tF?#hQ*e%Nu+3npFFAaQzG_w?*
z+rEhHM%JxAOY7(esqx=ji+aHo{P)p#>-UpE1=c9#l>i~Zv_k@=oShVvMfE*zt!13P
zw7Nl8pz!SLb^r|_vo-;urtqsg7be5t;NbR3P3!9QIyeRYF*LjI7JpR<ta@{=%SOP#
zVvPKI_a~KXTD_(M_=4S3vO7CZj(>5@<oU5BX^kTp+g(_!<13qsF_I?v4CtJs_s)5R
z{QL7@*sU`$K#C6+swob7Zx*SWP*^<xusAt2MS&B`013YYZ`^byu#%g|AK`b+4VEt%
z*2fqGNp|3@ZnaqKH)k%C7nHdI;`8CVa^}huwU6$u%jzI^HzCwarC60@1awLoo3?~j
z_*NpS=H5_16lw<lz*FbB?l?vw_|-<ck(<{J3d3jqT0#s1D5af4s{k;rsp0JJ&KU%y
z7;*zJ715_wi;t|$JJs0@aRX}Kd^*&qW##IrTaAJo@b!x>(XEle;U5$4p;S!H$adxb
z)uwo2s+W2#QDFOO`wbBw-OfXp4<Ng9-7dZTSziS@ba(LjuIwO8_n-QN<Tt$SNKweU
zhL|aDH@H**iitbFaZT~trT7OPq(rYR{j{o{?FD#!?q&3En=TCyv8AApR^$ZD`Lfpw
zEW@|JiJZe*&Oht3Zop9o%&D`JLxSu5t0)=wVGdJrjqR*DrI{I_<VMPkfTEQl=o2Wz
z1gI=hhxUN;>0_-#X~4I+?N|dO%r@OrSK1?x9x?<*Sw*S#<SAoRKrX;c!ZiX9uFBsP
zg89yjK2tD7>~z{4^^nbC@@;?PSsDq1mzNipfIyUHduOL_!yb7|RuRJM2GNynMf6G2
z!dp7ArWyc&YGeCYT0vz6W$kIYz)&q~f=EbxKYha(h;JPfgWP1C;VsxVXO*2$O0@*i
zpn&_Zhuu8YQZj5#z3G8OKtOOCX9T$CP~>IgzCe8IcK_ZVoX-7H5iSA?`I<d(@u;;7
zdQtDO!Ph5y9CVEUAA#f>B0%2yk#~rBmM_Kw_a}qOwRm?$uxH+H;Kx#ZJA4%u3p$v$
zJ#~HNEnS6wZZ5U)%B}8wDd$GU+p*O5I0BWgiMcUTRKP%2005W7(u`deJ>C9tB0A^m
zTie%a55<D5zIwfkO$ns+%+MhT^o&soh=RBh6nWlycAZDQoHK43<jbXmerpe*xBrPa
z@@10x<+B#n(`(B^gra`Z)J%?#$FDRIv|ooYR`n%%XZl~c`GLKk;7WrpdG8Npv=>(}
z#K=M$#GLaAu#|TacBl#7isg!f<!?Q<{}63m5dgzWv<{pHsVnwf<-XjV9PI}2&)-b<
zw}~7-ffg4R$ppOvN=N~JCO0=XJU)s2<A+xx^cxy801tVkyqLuzq}JIp=cb*>xT^q2
z3C@6TiJrhGjgWJdOFz7t^-OfEAM{Zes6W#ZuAcu&_xmSTG8O7hX#1=1-Fy{y@T|t~
zqs+WK=*cR7|Ndtc6)ul!Ygn{V!%9Fnr>Mq8hA%3DFAq~ks)9pMutVBI;b5>)B8PBV
zA>nxC9!gg<J)hbx+?d;@$c3o0HS!xvjVuBVLRWY9&b1*x?>DXvSx_JzFV_>)C+YtI
zpm0%Tf!9LNOu&U=`EMd*qS;(Qu)582J@GW6iLFSGmW`;uF-L0u-4j+^+*3;7|7~l_
z81^P^wZVbP^*l&s?{aVIA38un1(E>}k?9f4>Dn~7mEPNNb+P6rHig*i#8$hDS;f3T
zyYDM%YU+OgV`*UlOVM6dcBG(yuHVy@Z*}>XBg#NNu>Xl4>$=)maWd-dSkqhCK&=tx
zQU)86fD#$GFmSt`<&U*~_NSlPaJ>x(kqFN)>;SZp9O|WnV8S9m)w#>yJeAN5`?RTU
z&%ZwP?GJ#9e`eJccbOvr+1~nDv?skYLw5VcX}>OXJ13QtloViRs)?Zk4VH<}cC=Da
z!b%`T@<C++94%|IZ63E9S%5ec%*0Az6{ui=L`&B9XD%V#^^hpZeN*SDsbsRGk#Z|;
z$BX{)obKXt|58}f@o{(k2*9)#6!e4q@b|?GDsTeeYcqN@oK^fio2F-k_FC)&MXYB^
zz%ZExL2YU8I5<j5^b^?4D%CTqI%shS2=WUgPWwWx#!Z5%$C|rS5o+{L^UYDmsU+xS
z05KJqc%g$mdO8o?vbPC%5MK9Zj=SGER2Ud-qaLqO=~^!k+|8V|a38&m-WM*-Q$Qq8
z5uoPf%o+CCte#fG-|x;Mbct0S<R?PUhkevSSP&$k_KuFlC2#emlc_#M0)DM!1f==-
zd1Dik4znugktTqar=$)~H&;Ht<|!oK>kPYK{P~oK%lFF2&7>0q*s*n7yNfkcYVGHu
zoT{z!CFv<vS!xSnh%u66Ry)Y|5iLB#GWJ<_RZNFy=Wur99YjUEL(Vv^AB2dA2+&gh
zlDC4ksWI5Jw6vbNh!qQmR&&Ve-|1Lc%dO_h8m7$SXZ4ZBm2MfI+P`xvoS(Gitby8{
z*vX8F?rv#~j1x>wB9}rAPg`c@4fHXt-cagZp;-#132aP=Y3Wo^uPftfFw#ID@L%2k
z`IZBP!FT}N^#GP%vr^mk`Fm;67YU|ja0Zir%m!kpPpk7`fFO73liC>Vg9=gYzdFmJ
zm5R1O-{$a}2Yle#j9CC9czz}bcvb+mlw@yI0Dy(mwRGBT8$rN-cyHC@p-xy_!8Yt*
z!nOs7N2%HdgVbenzAGT#<CP|y^DlcIM}q}G^n$wFU!^l5fJp^C!-5o)l#J}`SSJ>!
zbGha>L_hDB6VTT2K^lTarCB7t%9lrm?uROUe|9*BeuQRXSsu0<v(3t|udh(%-764?
z8NgvMaqdltsf1HCIw}11@(e1$gxxOxT?a^z4}cie(IrUXG6FaWm+I}l|7ms(CleH)
zqVkVY5_CO<xpzC8cyp+rsnSTf{~g~HY0kHD0Ab+t*Q1Pz?99OP69p9g>mlj`fS?JF
zU;rTWo_{=W{`wcqqQFj-4WKh{%bjpeiVw|dx44+843!lD!3jgX&JE37e9RR-GqRL%
z0bL*%Ev==mUtvXTiTs435)*gV*E4gbhv&$IC;<iN={h3ub%O8{fWioe!cu^q-f+n>
z`+XK~j6@)~GoGUmZnksgmWfM97T++lY%-TX2^mK)fx?hz%_ijpHnI#-A^p*=Vnzl_
zOcNq~hU!<Un~kPY6y3wnF)+YBVtIIY0Dc<o6dl1dln4K=4PUa+Gzbq1OJr1K;0IX1
zFMox_SK0ycZL)CDi~)16ts*Bou$z@&O>ZUah~)&3g+5yi9m!hRmaT&8F94Ch0i?&+
zhT1*q;uUjcEHcgu0ItkQkZIsx#)HA!NPK#`Es}3xp~V-D4jsGpAPh30CSXnAF<vcz
zzyRk9A1mwk`Rbhf{FEfF5)9*UsY8WsX59B%`&*lI-gK&{N9zDv(CKK(8|@)D&)DHx
z!>!IL{1SoY#Q$)rATAl0IM)8`<_WvthhI<wm(rsSnen|=O~Z%y=Ks~GHa&CY>qiyk
zCpU9(aT$N?&{bcq!G<W$C^I*;!jrf))W3*>7hTIPt1DP%0>5QfQves*Ks*>w2r)vb
z&OfddwWj%ak2339S0g34xw&5kY4Nr0Hc_?kdMRSg%8NvSkprY4FixDj<zv_tbQzoh
zAE7XGfcIg?^H%J%;3FMwU_gNHFf{|ct!4-qUPO4k*thLB#%vkuSzSX_!|@K@3?2ab
z2IIlHTYLm=@eJNG88_GZ&)06@&jnFD1Y+0ZzFh5DQQ(3gLkQc}R_eVKULbZw1>zA!
zA$ZI3Qz#A&4#fd_+;W@GT6??Dq~Y(pxcMx4<5AEQi!7EK>UcVtG%wBGj&~-lGtW_(
zgmAYRAGvY#>p{yZz?HZKg|VLxZ#nMm9<}Wu0Aw3|C|8dGl5bj?4nRSTYqJ7@>Fo9@
z?JewraNXhQ|Df(I!}3<Qbz!u)7k8K9?ou3zQ(TL?ySrO)cP~zHDDJMMP@LlK{)NsZ
zbMCd)-ut`G`Ev-8Hzbc_$TQ^5h)cIZTruD>GkABE6n*mkZo_576@{dxqkSB{j(`qC
z0D&b}kVj^GEP!wCBRIz}ziGMpBEn<#;CdYp6vX0oq)L8g9Ua1Y3dkK0*%GEdCZh(D
z8-`GnHUlNIgZ%?lU)C#uB=U`ZfG$+nhld;75g>XRjKKqP`E?s+5gpn^Ytd}wYd-4e
zM$PRZk?Olpz{NK<F%ecFIKO?oV;QZLZ31jCVxCAiM=yHw$#t`9G{9hOLTcsoL}@~d
zLW+1GMKOe0o-~5$1aWX`fjFBUDN{B1$R2UFy#ca+M5NkEyAp~*I+(Hv8zxWXdA1SM
z-p<DspMV3T{Dfa)y>~OJC`-u@?TEg2oo<S!B5~Q;0pGxCftQd1Mu4g2(TC7$Y~8nk
zh>q2kO38v70=LN+AvFP7M|i5z(jzw~t7x~0cw|KJP)GzRsi}S|2p^_w1AaH{;N+|?
zs=v8;;!}<Et2+NtjQ{pA=S<(mCmaaHV7VWG01%<uq;3Kc4ZRm)FV=nBZ=GYe94W!|
z!uTyMEdaJhgl+~(*vxDXkYqMi)-|{wAXJE<2X!XeiHbtK4ov+}kgt9TR1eTrmU1yt
z(-<OUF&sNzG9N6S9<|zR_@ARFp=-beWn`=X2m|ot$zS+@xuB%2{d9Y_sgN(GaIGy2
zSW@*MJc0zPLjz3rn-%>buim6tHMpR3RJ&J$K36Y1$(aJ06`@OgV~}0X_43a`z9Z+7
zp3%`mpmfFTgwgQG$Wpx-T1O@+G}NL{@FC;HdE_B83d=jhz86RbwMO3>xw>q2ep(>3
zArXeZzq_DKw;>lXoDRXW;Sf7kCW()ZF7ja<&n!Ra!Lj#8Zgdu($Nj^@&d!eT{5x78
zZ1fByw(z+fiQ3-&!3H1Tvrg$>tTs2r3$%LL+fhP+blFz;{Z`jYAt69Bi9~!5jr~I)
zRE8>d9ke=7!Tsaep?WNJPTK>kv|2qcMBU1xWJkNJ`2ido5bAgDZjP2P>z9UxhS1ST
zimrvu0X7CwHB}m4hkJVid*Uo3_-g-PziWrEiBKEQM<mfwC1Hw9{=?%YZ4#Gcp4&B$
z*M8IS_f7Nrvp7X|hQ|qb+brygp?+AVnwgr>SlbW@VtN&7LV1w8-SnUo;SXw0wE$4Q
zcuKkJ>uVq`8vMoB$#=XPkRAXyI5#&ZIfe%WuK^K4_NxNJA<Sl2dvUYj=m3wt#6M$|
z?zJHAe5_tI96^MxHLIc%7*IbsOtX%W(+JniEIluJf_izLg7UCRx8m&7YA+r4r_BRk
zL?$MU-cR>yYiqr|y^)ddw3`cB^q9MA0Am%)W$RSyf$maIp2Gx)5b+Eq;j4%}5ud-!
zmge7F!oPCuW{P{)@hfRN@{&|9-K^yur@t$wWpGD>ClYC*z8BjL_ko{m*EQFRKvK(I
zOry=xg7Vk8j?YN|j?_?6L{d@`$X?CP&H{08U}ismdI1<1o@Y#=xV@QTBtrf+z?JOp
z?+1L0X@(#m@(#>u?H<!k^n)fUG$a#YzW76{p1`cFO$a$kM1+WpKdLvTjt`;GAi)d(
zHw2KSXogUWwcw$X1?40YU=Zs!!!DMcrjY}n=7Ury?V#>lRi46^?(b_0Tm4^QzrgG=
z@Rx;mwi9>QohntE82~>&G`suK=O`0KYj*y606#nwH#~0^cHT?KlRngcFpmoClh<xt
z2^GB)<{p}S`N!-g-mjIjl=A4xf>Zu#U69KA!AEF~;j=9yp?T1vg3iXlE{4xnge<AV
zLuB!(XPyE(Jv-oJl$0DCJ1#c%4pk<jYE&=N`-*+C(?9dSkKTsw`x0@3mj%q1f*U@&
zlwVV&Ac$$aqoZZuec*K4TkMpq(V0y2<vl^=>fVffxFyZ1lO2VZe2^2<5sNAiQ>fpb
z+kU6iu}!0q3($p#R>*0R+X>_%Iz8cvLi$dKTydx_@6ckRO54+&cyB7Td_qy^ZNeqy
zio@}cy4VSWJU+4rC2)<H6Nu(#JT;ZRr$(+t(M7aq`?@^VGH`!Wwh}~*GDK1&Zt-PU
zhN^XYf)rI7T`vb~>_$6S?Jg7ueVDR<q_O~qpCOj(jop2y*2bSbmCh(aLpXyf*P#8Y
zA?AcU=0Hc;hK)A2eK3<S%TTlGRnnd)EV_o=%4mrLUuXZOEI_3kXo9q;&;<OX?Y=@o
zag3w^$Wvd)jgN8iM-`t2{%%WzWlsNrVQD%`SE=uL@FifJ6cb+_Sik!t5!wmPTUcYf
zl~GH#*0Yg_*&C@4jYkEY1d;KDS>`~0^w7tVD%X$?fyUk)APAexf?D?ats5XlA+}Wi
zlDgi;BxiW*H6^d06sMlzb}p3XGcB-gevY3wiH;|PoMc+WU1A-3&(H4UYI8hQIkQnr
z&wp_>uG>f`E8xhw89JJGEb{zt9xPhyNjV?`0s2vn@jbwrLTdi|IUf5t3KWizFTmSE
zFGoj5Y3b;!tgJE*Y#kjBXNqH*o16Xo{3fS}Ln-|CefK-dVbmH$NfgReDh`j17AiE8
z6A~POJTGuzGJw}8&CkhM1B3<}8@sf$bk*zT=U^Nupm~L7>T+}S1qC~iXf}_I5NgR!
ze3qN+A|C?-1HY)%fW1%Sb*ugQm2FpVvwt|LyQZc_fzK5c$Va~%)=g~1K+=3zww%fn
zO(=#>Nl7_eZdSUIP^r@S+2Uj|EPVU$fYyj7;LW>j45R_dLO?MK0dYMa$7M5T^?CN>
zCSbSv0kPoN<qw%J7PSvNIX^4M#y}9VpQF9M1~4q&k3>U%X<t+&6C(<+J-hJ?E?^#&
zr3#$+Z{vWNJun907L_bjBUYQ0$L=7wGSx^RiQ(lHj*iT3voiXlScGI~e4O8Qt+QGm
z7S3mXwzLdNZUe|VCJZ5e#<i<cDwd_zSjz$aWYD%I0omLd1My+u$H$9_Ub@_mg3anN
z1boU!;N}VC<>hS`#$##t0^S*=jnmVLCE2S!FMO;9Z?#p%0q&=Fx@9-&3o6ExV1H_g
zq2U)7Z*?1xnZ|bVEh??3pu2=#yEb$$)Wei`0Ma8$-q12CP}qv4mjGr#v%%7Ax*)90
zM;QuRqX3b4tyV=@xuBpR5{v0Qf}Dr~e!Vn)cV)=%!#7=9AB{(4XGCpM?G5jkpqXW7
zCpgtQXSfnXk~q`D?=^rbRCc7xG1Jx&HzMx~cm3+bu@(S@1aM4OVqU&!2lrq}S(!$Q
zW9cKYJiei6CU+a4QaGrn1}7(DnY}9oohCt@d;^_<x2V^I3{=}TZ6;gQ4yEN#<(-Jw
zKWBt5{CGD3tfRW^d1{YfBI`hEa+2xg{-BC-etmPZ&U~&6$oV!+Z8geCOS5ors5-uN
zbGp5l5FlhR0j8W#`ndoxC@5$r0Suq~R7FFI3DibbHri8laAroyO%Dhvkl6q*?qL@{
zu)X<;^vC9E6{sddTQju;8och&(a3Y;!&xC(3<00#3^OdiUUIRujdh`~LOeHu+tyW7
zB=KPj>(u^cJccveL97a0h-gBPsqW4mD-b{{)vU!FCS|w%tcfD^Xv;i?zq$`HD`6gO
zh^Nmj>oheKv<-n!fvSq%?jdqFER^;IF&3>-_nRyY_Mkn0t_0vr{tuxE$vG|{KONA}
z;%&Y?VH}HZ=-3{Jiil9T!%$Tr0$#UOe}-5Tj>0`<X%7Ikf=`@ovNJfH&l82)<?vIB
zmF-<!&E6t(M;iubVPli|@PX|9?BYVH1MV%u_JQ&IJ_zP`PfvhoDNT3*sHT(eA)n=U
zMvOT5EHf4^ryN>MQque+I?eYkhY<`N-vKL0<oTMexllt%sm^qYWLRkpA{V$bD8lp`
z6A53eh3WMrqfiCPvdt<qW`$G=czk{e=@J<~vpz|#qt&97-mV>iS1QnJ6eGs&1CoS@
zAiJ^G=KbUjpwzA!s)$m*FD}L<K-&8Q=I!?N`F^$iwiMz-PywPX?ft`h@Mi!-)%z3R
zvr$%%JNP$!gR^1qA7{H37gK)<p?AsR=U^;;|89#8-dYP;XzS!8BPCT<c27htB;GSU
z{ki<R1V9)<^nC>=qHnY>>2=b3x7ZG*mkbl$xsHlj>TQp_91&9GO87v66bSKzQi6G1
z0FkHZn@IpzHVA&=5~6Yg^iQpnN>L6@^%DSehDk%cmomfwDFe4-k&%bOp5%i^M5H)|
z!*uTnM$qaL1Dg{<D3QVUUH**eSTuVPmVGY%%qJ>)yz{b-&7#se+XdvcFY~wn(A88v
zuITOUtyY`s*|hHAQe({d`e&e*YS*(*HMcL6*uqY(F%9M5ll5jwC3(F+bvryuOC&x5
zD-%MA5`MwgX`U+Y{JM^%gr*_0i7Ex|QVdn7mzMZ=nD)Dp`UK0RhA3CqSk3$Eqmfw{
zQ@@%TyYg?oML64o<bWFBgp3v4I0k?XAHW5jh^&hg_CY-Fwv!8(zyZ*MR*?ALIx!^U
zm$==i7H?mn=yQL1<`yPN9P|JQTi-eYCrnI2RSeh%q8E<{JF%)Ep`p+w6jU~crFn?X
z&dyw1T)jV4t8~ULA=rfQX#hVT92`55rlk2??|Uh@$o9d3v_PaEI26rYiTYJ78xxb;
z<1Nz^cs^wbJYwK}r@+1{l<6a3o0o5NPw7Bg-HPFm2eNdZ?(;1Yoni=J_@QowR6@x8
zJbI(NFAt#T`vZYT3uw;d6hi>HxKfn*=KX|+hqwImC-79u#W{aUAHKKI)bSjIQ%MCH
zv{)g4<tpdJa^5F;coXG~MNLgTd8Yg}VBZMtNu3j7ss})QVY%f11_F-!H}2UE&G}->
zgE=~Sr~|@oh;@bNagFgloEcAL4XIEst1uA~fyj7a<rkdjIPQexWC6utAb|o42Pc`Y
zZhkPWp{9lvVN=8^f}aBRM6umfvSZN%L{w<fc1uCUjc@^!`(?Gs1VItOZs&V^R06UR
zMMpy7avz<(a_)kiLZzac$6C)-CAfntuJzqp4`rK@p2`rjQf@(Mo8biNM||nA{my8Y
zRSBIo2`(0$_8jgK)PC`DM7>-y;sm)e6wy(cl(BMdK|<m?JJju57P#zDPJZp?i8!dt
zctV9k0xwFbh*`heuzEGx>x+xc6ScG|#8~6}yu9y{!r;nKR!SjjYkGf-4eT>UvWkLd
zU5vb<yiVu(fKkGJ_471$6(ME8x0Va*!RZhQi^4{Go4JQK>stXLZjC!x8FM5~64KJ7
zZ;&`TxL0{Z#KfYF!SWlYiJZxm6O!WvwyFTAklTf^ghXh5J}Jb|{VS{FfH!^Wg9S)r
zY5C=qL;%Ko>*PdEAd*-(m@1V-?y7cfW`=a`np`@G@mvrMV}A`}+ns|UGeZiQCMVwM
z(i)ypSU9m99Pblgs6iUtB`}fkakH?Ct<!#}jH9Pc-Pv~Gy*f?6C>0hFfnd4?V0&Fw
zgEKX=ym?oEn9C~P-roZffZ8}ZJY04&MvKoXgl{WSPC~>xU0rXt*>8tVfP%3P(!gv4
znaOn=o3Vj+(ln$c8Gz~(`{W|MZ!Ee%ekSCfXLe7~Cp+pHPyKBK)IC27AU^=u63-9=
zfcVBhVEsd;nwlD5>yRdcY>SxVoVN#bba>0lBin((l`5yDr48TvO?$}Who+k)a0?C)
zGcv|<^6)ug2|QgYRd$nh%i?S0Yh7z0ZJOhdXcsoss@*|UXOstM&X)A-g;1@+hLLY*
zHa8mMWwURrLE&S^2p<m|_bD9LZY~@FYrXBuXJgH%=xF0vFXS*0KwiixG$rH{;QGx%
zxj~Q#wlp{TkzWAps&d8>_MBf+s#qy_f}*oCyWPz@)k<4*To~v5Q+gE9=<sJcSY1JR
zFqtL}bem@<{jU~eCN_AxCE(wiNPXly;wTb5KovA^5I5Y;F4{S+M<2~v03Tu^<(tpd
zOk`b5{JXx{_{ICoYk*4_85u*PqR9Jo6%=X!;73|(0BciIQ$nKG<b{8$+J(uqucJ^}
zJswUHKR<u?FX}?@SKT|N03|IgJ*}E8Z*Yg3HK2iS*s$?<p5DySr)Woaj%icAlI88{
zJ|9-qGzXcs55m6ved{pK@@{MeeB<i;Xao=}a!kb8sQ9l0u4Ro0-<Os!(a}*R@(KzJ
zfrntMmKr{GkS<r(8IO@T@e%RJq%iu~dqgQh=}i|%7N7yBS$juEL;T;1K-V0o27kNz
z6)ZHguMW7Kx9A#>AGz`-9>+nS(+BKzf{^7Mve6$`t7}cG1_JgGk}->(Ml-VpE7l76
zx3O=4u{Dr!5mhC8LcvQDWFS2g+8C5T#Bg6LT~YjGYT9HlfVctS_|-|bzYBkBdwZ_z
z<Gb&^oHnS-j<zQ1nwo?FoPyPje>nh17%8(JE9>9`w(V>Zdcp-K)5j3NKmeu^#p-dl
zJ(4UVBeR%D2Hd+kAk+&OVHlXn_F43IwFvO=1<OAHKewmH00^+dz`y_o=;v>8xf3N)
zxH&q?%22FqxH3*yZj;#0gYJ8I8^ar&hCZ@D0DE5%%q^XD$QOR_8qoNFi4K^?y6OXE
zAIkywV|G@StRfmV;0PS7w6}iFx2?6OnyfXFc6*`yr4Du^Eh|fL47u~w<wU2bZgyDE
zX>DtxzprnIgK=vl2_LZ9fcQcgufP{fWvC<OwEZ=$n~xq6KdhZep`uqKc4+jT%PL7)
zoR4q-9cnHy1LX)&&;>jXh;SgaU|)<V2tajo+gyc~Ys$*Z0nBuQwCX#kIluUbk$CRG
zq%J2H7ga@3u3Q-(v|>Ve{QCY~z>mum3@kbdjt0qZNxtT_Qv8Cc3VNa8fv*4Q6Bq|S
zYh{YL2!Ocx^yw3TCP{c$_}~O$Jdq{iE|Qd*%H_BVyhJH<zjLT>TMOUZ+&o9cX0;>J
z9>!+ejHCYN>65HKB_C^AzXX29K|eu{k8biWh3HQt#Bovt7`z$oqv<`qbMhhR`bI|R
zI5-;e@`5`Z@7}%R0RZFm1G~K8Q);gg^1apwZV!2K+;X*pFF#M%X>H?&eG%g1;Lz9@
zpWQ}acDC-$cxE#l8oB53iqL6fh}de%tA9J_hdodXc+t6eMeijMXiI6i94Xx&QREQw
zzpjoo%?;DV?(;Ywa(dlg0&fB>1iYo<VgU+}Z{36jpFaH>O*Jqxll0k#k?015LbDe#
z;S+!|7GDmYO0J%?NfYqlx4Q{~!<=8jC7G($?*X2TK+CMwX~RO4xnwaO#S)zmj*N_4
zd*8Nd4`eR^Y}g@U8MK_7+$YBHUq)a<zqU47nwy6N=HnSO$$cAInwkK$SZ}d_7#Msa
zE=lHo?}*8}nLEXSu}@StHD!H)w)2!?$NDsvX(GDlR_NB3*mug(O7+l~+?anNA`^3i
zjn4IX$rP%xM$yDb1(ECp5uaNP*;n^tY9zFfW4d4Y7l;X0)621&S^rbb2Z`%BIhI`y
zEC<tixyOWNn7S9YejC~DL%`hN%lqjT-mq{;@Y@~!PIND_RS%^rnSb`FryGAvD~0b^
z3|T~&aer3p6wkk?oZT^5J0i=|t1pZQy2=snsd<eHLPphUvc>Oy3@fHy99hH`huwlx
zPu-`>0XnTxW1{M`5QtEa)3so61#d`0vFePPRRz?DO6MK`kr2yW=8n4GEsUAZfjs@X
zRf7?#N9vgm7H;?soh3Z!I2|0s(?FQJe{Klv58b_UjK79~!5fvcSFmV}|7G<p4<dA)
z7pvvUq;+}4YcrH%X4%3}NDjXnkDQuWIM|;P{XOn^8#7(J!EmA<p>_-gAusUgydgj<
zT!HXx4XhX~(WKDbDZyj78gwTNu82Z2k`Ayghs-t7;QM>2C=gRxBJO!QEbfRgopX4T
zt~JlAmvby@cKE^&LbrmKVS|>g5Bd+b8K^i6#`uPFZKUJDQA9sN_SPD%TMr>7h)uc8
z8Z@mm963;b_k*ku(4b<4=duL%dxD4lAy_x;Di>uRq5VrjvpQCa8;THH?P7t}*iC<S
zCUIt?`kUfTW*n@UM^F3qhag1Q;@wt(j`47ywWI;Vh6nDJ7ly_LG&w8(DAQ=iK>hK3
z)LA(P#1sWT(``Y8Q@W54c;*dUw%DZOXht_alvTC0ffWgJFD3$X9$zR9E0fi<gP2?~
zq3!w`*5fgLLsO(|>tKrD_o|K%Lc1i>XxL8X)=aIK`#^}3-LO?=Axs-y0~=a<1_dHF
zD64~jb?b*l<6hn5H2-%*Lh@WYQ`vPy;eZgeibEUz;V*Wr{ql=}l_${tv*4F+(;6(M
zSN7^w9NZTz@gnnl`zsKhya!joo{f*qjc3Os`cx-gz+GFQtNv}7hu5kJe<}0ue^RkQ
z++N>}K}O%v(MS_$7TC0j{&y7|#LO%mjqDl3EP?V8B1Q%_hDHn@jI2!@O^G-eIsaO-
z;b>{qV$KO~;B11OZ$@8~G35vStRS>WUqVTQ@~QY<5GFP;q*JmZu~DgZ2@(3w*&tU+
z9ZAfQ*p{$R;teEZ{4Zgs5m;d?2z+4zwr~^9vQ{&e)+Rs3#vew;H_tG6*V_O{E#_*x
zqPo-A$m;SVxzeb(O;twryO)S$rJ2j=@t$wLP9Db+SZphHdUwiy%|BHUk1n~_GH|C1
zDepdhnj$q}v>JMTR&=C}KOT2^w@>KKK>Pi{!;v)6?&_cqZ571{w<Qy5ZgaXQ6%Ag0
z-0!_3UZV1&oxV(S`g-&ACr6ybkB1s6zk*$#KR9A0y69guq2*qAI=)4@U%_#pq2)WM
zP|Kum*Whu7zK|7%LMb%aD<Nj}JP|3;*-1M_B5pKdYzgM<Ye#sY&%Kgzgpa$|ZRH3Y
z@D7zFRx!EwN#5qb(-No_^pjLL#haZw&{P#CB>A*u=hNJ~qcWMjGn;&t&;=%*LK7Pi
zRb(4mFDXKC@mNSJv;LahH??cY#TYkY9I=oK3vFkrj^OI@Kc3Yc!4^-)x^}^8b4NHV
zB6m;1UdvVgU-~Mc3EBl=-e?4V<&kpxS~j^cw)k4^{y^6jWcU1<%fRhNOXYPtdiOfE
ziNt2oDFnl=37Nfs*Uy4dbgKEJp{i=}(_e(A(0dP3G8Hx0urh_}ryqocC7R=>@I?;1
z>|J5ZHY;|KKOr1qVZSf4iJ&K*pXzUwmZ-qYR|<8s_}NZeV0MBaGJss%WFpp5Re_Z$
zoU)1Vf<VmHD87TdJ^GndV?=IBsJE$_gs-HKhdT`V?kk%?QmjUdsJMdLj><wb{(C97
zB|hBp52Y7<XFOQUPcyhvX3C1I&y>T6#D({&vUd-{b5zbY8Ejq1!J~I%g!mFh%gc>=
z%bI7PQLP?%xT&7WH={ng@WFF@PsdXNp0$iY=oiI}bi;i1&^^W-)pznXjtudns~u0<
zwMczFAa6=S{r;`2Grh{>UxZ!E#@dlV$?21$o2?Opvb~d$^6QSQzLgP!7!$*LeFvl8
zXS^2{5fv4EC$4X=Z)Ia`$RKJBh^U#h34^McwUD)g**`wNo-JbJU|?@%>u6(7#KZ)2
z_*#?2-oa7WRNtP6g_+@l{@?bQnAm~q4IND#h}fB5&--&Bncr9b%TWK>G{b98zsLDs
z#|G#S6NlH1BpvlF%?yOBO)QOw7#V~d42-NDi8$Gr8D3j?-KS$_XJHW5x0Nt5Gck1}
zVrOGz5OOy8JtQI)P7Xkkx&HBiiJ6i4cZaHfoXN__$e{MOtC-ms8I&B2tW<zYexLLH
zy^X6T5gii?*Y6I9m>AhvUfTv#;p><IO=rYR1RVOW6Mnq~f0^*VtG6R8^w)YjOt0<y
z<*MKG`VSOk{wGD1&8&<ZWQ|-DZLIXI<&|WV|MxUyeI5FLpeb<M|4!21r~QSbuSfo6
ztpARr|2nw;fv8+ee<CWtR(~QY7t241%F4*}PogrjGqL`6MEzi-|H|S-tjvF-FDv7p
z>C48>3DB2`od_sh#7@M{#iC90m&vmIyUG41QDgZhVE}d(14K>5$lg%jTK|7f754vz
zDoh-#{~*h2g{Hqs+Uu47E3*8Tq5bzXVPa%t`x8+ZIsQZx4tBPG5`~SC^G`%!<Yf8p
zi1LS|0V4Ox=6{nkHg@10>&%QCL`-bVEJQ%tf0eY~H|8&-`IpL8f0Y?P12X=F9^(Iw
z9+HND3NdqZqm%gCECF&kzBc4Q#Ps_fGbr19v^IM+WdP~_mz(~NLRp$bOuq|PY5!4$
z>o*~OANe~;{;Y)mJd(f5xUi(iYqzh8o0;La`u;r~;IOidxTJ`TzAeMw$I2k03aBGM
zc>(`aa&rK*mZY_@4Zy*F@D9+*Kc$g~`48Q#O2qzpzy889zc2Xv_~h&jjqCwIq569-
z)I<!5MkZzsj`nU;LO@wCBjA9NldY|#k=3i#W&ATOes}Wsmi{sLe~#ieo&T=p|2+Hu
zSDBCbU)20xneVSlFxy}FP~x9_NcY~x@_)Y!17h)?RW=hd(?68MZ%+IReg5tG@*n8)
zFXQ{aMI`n=YY1jGjz4P%j(@urv$6k0L$Li_LvR3U;=gJLj^FJ6ms$ULr4n*-G_|p(
zQWO#;k`Pi?6;c!d_*vNANFOk8sGeUyWI)V73_$EbY(N}<A7c<lkV+6D5LIB`9>fsX
zV+LUaVFF?Q`$c9p)*^tDLnXou7!^#6%#2)2tSp?2Y;=t5l#Gm&z-clzhX2DE^7b}{
zP6kH*|GNM41X=!t3*|nUD>+&*$P%#tckb0(BVq=W^nZ5C*qMLV{R4#DNZ$$p)-|JD
zMZsc;5!svJQeau2T5ehrBcWSOlUqty0@efC!xoJWM&@vXbMpBi(|#xoVPe$(sO!F9
z#;Z8~QnGfO7^=dL))YJxmK9V3;fMcw@E?A)5G^24hZ~E>om+a<Ye<n-dT(PlXrSzH
zB0<YTc{;hT$!x><@Hr<6z+kW031Dq}?N1NIpjR;Qz!*)?%*IJ}VwrI1LuVA4qhRt#
zt{r@F7OV8?4|hNjD9s(j#>YsAa-sTw3jds#v~Ni-_{`<$$0Hu##EusR)i|44hWq0Z
zddSj^T@JQ8U>0W{EC!3L>arUf)2qh_jAMNQEZZRP@vEvB7@m_t+S}|fMUjeA*5BgD
z*7Q(Ya~5LBp7l_F|CakRBXCS4v2#xuB)gPA_JvVyy~3+<mAlX&U+(>9n6w^<DSiKa
zMj_{v9G(xzSyKP_ZgN-lM^yfXcw7^oKm;+z5GVi-Jg_oz)>^vrU{&&Cyqt%>JpQ(t
zpc6XQ7u^;tsFOJHww3?{GQn4b2~{-O$5RoB$dS|$l^Z5AQ1(4#Zv3R=XQHt8s6k}m
ziBuTd?>WaGEtBMApyOMt>m=J@Vzw<jwKmftM}ikfulr5dH8yDOXWGx}TzVTPg<YX|
zgF80WKK=~0d>gT3em2Fatv17GQ}-ZG|DN<}kZbOna=H_GQ8}|Q7D6^nw0y%s3wJ}h
z^HclQaPHMtYn`lv`)vcLe4|F#+$hP0MFTFI{krQN^kkExbf@OhWRu`M<92A14ratw
zx^#PwM{3S-r~1`n<Fo98g*p7hrRsFa3zs{r2PEao)h!3NGjJ`lqM?85+x&JRey=2&
zM1V~WD7^o)G5=m(|I>f}dYql*b?N@sjf3NLb^M<<R>oKJgO%xZ34Q&|@>>-%5-~Hs
zs@gv`Hoz@={dwJ3SY8z_GZ*up&4J&}!rvFk|16SBtel*Hd-XeP!UTvfpc!9f{+}Xx
z=;7h1JlDLdVIi>7zLWWZppKFyHE@)S#mz)w@Q_y$I!2Jl5FT7of=Gx62^B&limDH7
zQmn#sP9^F(uYnJ7%Df&)SXz@%ywgFGt^{&P&q~grm-NT=EZNPH2Uyg=^-9(S&&`U@
za)gb~>izr=i>j*%8?P8XQ2oGIL~B-5RW``;N)N9+<3L+D+jNc-(-Sza$6oiqCWSTp
z?`<CPZEhYH@1WI1Tyw0XSLg9xo+U3y-qXO%;x<^Xw)S}(|7b*(!V(+In*2Gp;#Oq3
zXTdnX1S0ygbFxZLNso3nhW97Wn;T{NJc}Fx;n3#lb{B_-IANEcq4I0|B~UK)CwrTU
z%?G*d5cd&0OD>LH2LT3>(CBRtCu$1|trkE*St}vaAgab21jj2QotG1KHF@0khc|I;
z?6pP_Y6|UE@wtZv3B9Cu_YKd)&5&Lvl>(1;&gQ?MeONdkKPFD=c7W7jn&@diR+$tV
zzl^SWe%&5MkK@|XapWP9$|M4Xoct8q{mHe8`AuS|I7)!)FK-IM{nZ$QM~C{L6h`8}
zB5GKJEdLNBIz0Ejvc&S(KoQo#gmJB2;%gE=^!$+VZ`6&o7wv<*Ym$!O<hcR60(M<2
z9?vXKFIf>a{vV#BBc3Rx>-e{BPuv;4v@3QUOiJP8(qPAX$S);2$KLGF{|H|Oxl-NV
zN~hB9I*=doS!nBM`eS>B!%V$l#}FBM`$jWN{StG>vG0<hEhjE76%u|^7kAMk5%!mN
z$5)&=`U>#;CauaZIsud1_0Qj0f?sekqgvLj!R4g=a6brhmB3br9Id^0$TQ#w1~@oO
z($hSmcdo)eX4*Y3R|)9y@61%`C`y(TG!Y3fa9|A%T|d-f7#X|H@Ex-z?|zVxl(i?L
z_->^Vv1s@f-aS(#U*!yMWb$p-pzda+6`H|H1J;q#!kp2FlM4^y4@|}%pGd0B1(ql&
z8mNEvPFyGC>?FNRDuv%9R9^S`s|63&K7ESPjBHmq!k|25E7$bxX#ataVlV^S{yx{N
zN^wf4Z`+@;H!bkkoGEyzH%;y6_&6@D!5r(PNlbgYa$nKpVao378wmvY8V#3KJ1xy<
zbpP3TT7FsNssQ!Aq~>yqPglq0Zm>)=?M3Y@^Gz*<MchN%;f4<eP3Cp2q`}LHOaXFx
z{$&XZz2D2Qird5v<B|gqBL<%0NyRB3W~YA5IJfXDan$#gT!%g)<})<RYU69R*w7F!
z3HZGX{76bEGY8B6N;i>j<j^y45K>-FI_VHthK<d2xp=(z9Lz>XpAyshE0jvkRwja(
zV>cQN?9@G#l7Xlrf!-x*)NF~OU-?+d<z}#f{rj5%3HXY|0~{CH_^j+!-=w)vQVY%H
zN;S?Qe6uQ9erq98i)(&uhOnz_tD$Q`%t$+If(6`PFcsFsQ%+xHaubf3A?rFwL}(`l
zwUN>Z(KsR)<1t(!3z7#LD^Xc%n;}}d(7TAr31UAig;uL!FvZh1^~J@YSk`#l-(+vs
zPdI#cTsI(#uO-p?NMZWz{eWkOno80aa4mF8oY5~@rI^MKE(18rUjA4XAaS|<7_L;c
zoFF7F&09}Ayu`VPCB4C_jlBmX`w}?fik+BYaqP`T=TZ?)naj+ch1>g^R@U;fCJ8g<
zQD-aVFYx|jS~KmO!B#KnzbajM@FH=}IL8WNSQ}iI#1Sdomc*h(^eoKRW1}KxTl#*)
zHN;(qHLoK!QZ<Q3bFfBU&edzHPxmgvg~WgQDo(<bTY(#(WpHQb*E{-=P8l_<m-@2^
z=-lL%wVIcVbXcv8sXs)&2Xh9R;Z&X1-MEMI7Wf|i$!CT8+bmC$py*r4H)?d0Ll7BA
zoB^(H53vd3TbuiNjL7(TRE`g^G!Y9N+T6+=z`k*Kn?cSh_LFA%ekMO~4sqC|A98Ei
zbX?tI+V>o|>$otOy^%!a4{`2sMf9}xY*g|@@$vTuK?MoQ?n2+Z8~4fVM3>v)k?w^h
ztrUz0F#(|mos{tPu*?$9RnQ_f(pyh(mExXrHNTxLRQghaT%&|3%d|lqxq`l8<$2TH
zn!I8}QT=h6V8~$w&K9Y&3>KU|2t`W2O%V&Oix0$Btn_D~bm6udFS|Rf^WkWX^Z=IQ
z2TlxL3VaLRdFM#c3lYNlk%~6xNcNIR8b=V!KEw|MM7t{M^J^7vTdvkMCzhpP(8In%
z+Bo>t;RW-Ey?ON5f`A4I1XTgG1lxsdg7F=g`Mi0+z!fnC!|S#&8U{y6pP4fiwgy9@
zwB>Qj_xOe;khp<wA@1aGZ{HC^PH$$WLfpvG6VY~v)P+aSgkEC4RX?SbaLj@KhsLi%
zvoVLH%f=1}Ivh#Jrd!kU9(87+X)>kcg~hqlb=nnh(xl6%xnbeO0@3OVa{P0dp#DH6
zMK12^Q#DIV`@>PJ8TNS&c3yUFv6!##A0UkT8;iRKorhL`?6raBs2Q2ESyD<jj#P<O
zaL#itx))u&KPXf&K8a@5vqEdoE}7h@tL`$<4?tOF;)m173;3Fu2%9^@-khI<%IYtx
z9EPJXz}*ZY&dENaZm9=;NO4VZO?}PFGhh$uj1E_6<1aqJjUs8w3^8a&Nk=+#MC+^w
z8ZHk(03WY&j_elaDTt-42?sTAxK+q~s?yqja1L@5nt#ms14mqQV-Q9BnzObqjygKh
zt{{q32Cv3WL|Vqz2Zj;ml+V`&oEMhy%_(%Jf^QYbGJ-8;Cjy8E$UW#iNCWsK;IGt!
z)l+R+M<A_Yi(A<xV2Q)n8HSMx<CSiPhLK9ygLi<~60FhrVuE^uoMLs#IJt=>DzItf
z_Q#MQI^J3g^L<$c|J)n(9E$ry!{JWI;SR^aJsM^GON_%V|9}fAyFbE{CVQ0U7GkAe
z(-n>3)Lmz!+%3z*Esc_Q1I0R2###&k|I=YS1;+=gD>kNn?J$F)H?!3Z%%B6K%HU?E
zWs!-uIC_{1z2RO6Odky_M(iR_LP0phtd+DFXw{AJKZK{2bs`z?+MZsMVaE`(@uAk-
z@%xa|epw6dZ=VPl*M6Yg;T_;=wC%Jo1)DD!#o-%>qWJ>ByAsBY`va-5FlPcG^krE3
z*&sPBt4PXKb;OR~qgWYx@7at<ez1BYc{52Odv2AM`uoy%>-`0orh$awIJP1hq3Vtx
z_Das8&Oyr%P-528BkQA{O5IU~l?9lmn-?-*)lo!p^&>mN!ozPTbKbv0r=4+K$eC!g
zTj;;TMnuple7R<JMnFWQHZ`?fK)!^kw~!zh4RO{_EuM5m?kh<<hWS*r7cCh=tmDfW
z8jlTg5y|SpCShgENZ-0SttNweo1E5T>!8ZuNs6aX1P^xNBW{gNMQTsVdNYom(#(59
zefpx$j$ey3D35id3sZyy{>Umj{uFiaf_Klb>+-UCC?e#BawMKg1<v<IEIa3YM$Drr
zLJMyBBx*e<A6(mqL1+Ro$XzH?h&?|S@Ov6dGwxG|&I9YfooqjMiY?@rJjGejhCEAU
zDOzRbbC8drD#D76@a?|d!NpyLTS8e=5yt^c1fVPLOmUuIP9QrVA*VhmM<?ZButFFR
zyf3!HekNs$43}rp2u>rm*b@_<<lzkB9FmKLyVJWwrU@{iQNZ2zSFjOl%xj$l-{o?I
zt#gGw>CYD-X&vN0r|MJ0Xi3J-T7roae)EM1I)8XVO#W@wir@YEUh9<buH@z0dvyBF
z09Pdbz>}VDq!{M}%_3F>`~`fMBrOEL%7U0g)U+u^iJ%>z^KoWDQs-#YELaj$Quf##
z>Gr{gj>J4BbsR|}y`jCZf5Kd}!to()r^|Ohettkqh~IU(#JI=5=evg<%i+ohRH}wc
z-Y{PdUDzPKb$+BG7+CFzzlC_le+Kc9K$T>N`HW!r4x8vEc3@D+(BCuJQ{toiLy3c<
zFXFVWQTGQ*mhrYx0s{tHCx>>2)y!7-R>`hI$b?WuV!{tll7<1ZBe4+8mIwt^xC&4|
zU@ul8u5;7%#-VaNB~!1!8F%bh{k%hUgo`J!FW+5SToO<)&ah^Ljo3j}hSXwI4OBFt
z>B7~1LtOPo+VD7ia)lR&(jBlFWEsd_lM|eRzU9DBS@*@VhEbROp-;|Nt<)HcLKPFQ
z8|yMiNR5;zw5>p{%r+;Epro5i;D?%@mG2G1P7XSsB6m`(oAVO(jO~^69GhjNW*o=`
zZ<MtCUB%h==LG*~$Apo+Xd5oRh(UGIgbtFgQR8H`zccAM(GS_A{LSis5L@zl=z}46
zClvDBH;SR({M1lEo)}E_hhnA%cC#nVcC`oW^+b(RaqUpd`z?gh2;WQ0`mYwF+LGhz
z-Q-vGd<hw%57aMq&Lw0dwPp8~A%H}Xq@>yZc*$z|qR)B2vqL{26W|>v2*+ltlbqXX
ze8t$hM2!0l-O&uL49e<>K7$DJ5GAbmI?~gdYby!<Qatnl8m*uRc<I@T7+=f)3hb!P
zTlzd(tmEb`t^ARcW9Amq%Tfs$ZyKiE35fzq{Q}%y-T?=xWQIW(vz(QMlMvpT!?K>E
zrA&AqE9!_1^Y^y$-=rIo4pQ{m<Q>%?wH<*kWkl62E}MxdQ6b~+W_J+3{cZyfi5fUE
zL&bYhwZ5E_>QrnbzXETgFQnj|HD<mZ3R<`935nBASc)ynpy)20MVUYNS;)1`CQRU+
z^4|IE8ml}?DQ(NQl9DD)hMlFl3CoV&Z|PqPW)CXLgHj0#mbW}czvhe~DwBk9GZG0H
z;d8etL@0|>KPcogVJm=<D;AetycLGbV;nQn=YH#d7c8&W@_{M<ThS*KcRLSbG~s^d
zlcs({)vQ8bdAMZ(*#IVU2o=Zp@=h{F@|#-gY`zFS4>Yu%2u!GXn=CK5FWp(qx|`h9
z#W)Gi@K-5PWAEW9_E0j|Q4|OV?~-KS!IcZZf~AckU@#!}X2I&tZ;*F<IiGtTJ{J@$
z^F5Ahj<_`IhvE4qXHS$?%xW3Fo2zI=o1SJqBLYjUNv33!meNYLt!bI72VGngIyoVn
zE}}pZRS*+79Jkp65s!owKUcpZlG*^}a6Cqgw7rJsMlhB7Y^u{~ii9nkTY_Yao)t_7
z4;e|J2fFp9h8Et9(4m?qYDP&VVkk*hOIb^{n{xtj=L7w5JziOLPR832xIDtCPkaOB
zwcfUd>d$PAR<!)5<=TGz3HLG;c}WTe8AceW!Lr^@788VKl^vVC$3+kBa?=bIYII}@
zhPz_<4g>8r*X>LXO9#~&MhH#|la^pNB3xr8_Zl%eysVEKL*SA{igyQ@-p5FX0g<ry
zUHQ|)$;wqFx<7CBuS`Cg%-I}yJh-pqIv+Y{5h{q^eAStNB_QVG8o)+&58}_&#X@$5
z3FwwrSe@@UxQ|A}GJjzIiPCCtj_59MBJ04FnHAQILOsO7N|hJTEo6VX^5mD*)dimA
z+qVhBc>|9yR4N=i0Q0ffdgA#B$~7}+$0=Y;xXn7IZlLFj419uEc)COSh2$`V_vW66
za4+m_st9V7AjoZSfle#$^lW|7Kpd(4gH@vl;?Uv!(ygGC-0bAOC3(e-r8ON_?W4re
zTI`7A#UQC0^vTd=An#QchFqgb%nm=&$(h7gtFQTAlg-Uaot3P7j+DOcSTM}ienq==
z8|uW3+8uo6<2Fb4d6V~Da5hT-9Tu8p>RE)d=Bc_Jrh9gFRQa+NMeF;v8E4ZvvyhN{
zDy*D#mP!H<uT$vI8UFODEvl{m3Gy0e_o=6{HL`3LZ<xKkpk|%|?<CSblkR8{xf<6?
zt?_rOJ2$(--tU&56QKuM#~P{2`uAW=c4&>qt!oyo&P{|7$Dww!z672N+Eb5GQPI#2
z>LCPvrh^?ZLQVkvZdz0P$s_Ar**%RHC>E?XGV?~(2xXr@*+C3FJ7Fn93*Qj3JZ-33
zQaD7FF+&P^@rwAXIs;kKauaim{3mC!5(CCxO!KYb*LIx6j)86!=5fKB)T&e&d3l^G
zDJDd^)L(`$u4p`74&{2<G>VHaT3Gn-SRU*(w2cFPmgTvsBtCziu!EXc<$@OjpV(DP
z%cmBr_`&HgaF|_vhahA!%B}VJt~wLkqgbD_B95_WE0L=!zfM=cZL^lFVrcY~27y=P
zK-rwnfYl>J$Byq}pH$|Un1P4KdAH{ID%CkMInKnxt5_h@%WKBTjJ_L(Q><K{3ZAl$
z>4y7)y(bTs@$;|`>7z5G&>U$$Lway|2(FFJScm$P&eg!2GM}n0pP~#`+1bQs(^O>n
z7@mu;($~V$(t8(~rlH7ISdzQihF`8E{OX!Pc>e64DpSq+3pBp+)yh~O{y;WM#{H_@
z)~BT{8iJMqB}I9f{+TAj&IW8D!xp6fw)t&Bchq{rsqO8D+xIExIqwa}mDU%0djbWp
z%r$uG&sKhcdrZYyiBp7}$`f(3p{J#S%^=+KObS36OQnFxBwk&F9|tqY!G!O7Gt({I
zmgIfq$PfX4%86HyAAc_4GSC4Rf`Ty(Uo>X8#=r>B@$(A6-K9as4ws_&p%Ko-mn4%h
zXSrkem3i<UuXEC@gTX|yJ7==Cl7<Gh%)HYK6tCY-hHj9mU_(3p6x?YDCy{!jr~JjF
zY}R2F>iE;>bYPErrg`&FI^AiYv^^O|v;B{V3NexdGS?;ugc$WC#3nh&s4=(F<!B%H
z`d~%;gtVS|kC`{oUH%%RmL2&H%{oTC(Sn?PU*_ZkP1Wjd-0zEpvbv8g6Mr>k1zW{T
zJQEw#*rqTn?P^}uC5R^-vhH1`5P#8`yl_u)wtri^jxSk9c{1vLH|tfI>G*5Ho-RE?
zsriXv%c@+8t@z3GI&AU8(CCx~P1+5+n<b^doNH3XYpm<sW;r<CC)RkHa&LQ8gJx%?
z_`FmrbaX*a4Ck%}YSoCxoU&@y+w$qGR&{<-ZeGB|%Ng6r=jq8Jt6u5m;JA?xL2<-#
zWdB=&bi2~ac&)>`Qr++4i>syFs^Z_Yt~8!3Ms&0#zkTuQdrV7o7x$QdOiFxTqNVxO
z+^iG#`t!`nh0ey+FWMt^GHx{Ru-T&Cm0nD=(sWcg%5ieVV3CXzHN}-a3l$mU<SjOH
zMIMKy`e<SG8{@byU)V6-&zldxCRIw~d6cYqf-=38fGp4h`^He}-Gs*g!0i3${QUO3
z88caO3@8?b{9!Ux@QhtG&i1BE@kYu_Mv=DOD17r2-G)P0d%kRPQc@-(l^vWC(-MFC
z;9Q8#OFcdTepIjC1?|7DZg>EFpFnRB|0P-_A}>RkJ$>zx!f?*bvaCbVM90c|56#88
zCcZF{&1lbfe%Imqhy4}G?lB8;MnbH}%Efh=Y390@ZiSEHPoMOQX1?9B<6E5mT14;`
zpBrXPw3e(kwhxm#7;f52%d3xyo;AcTw&z{g*Ge_uxtz?=mY8a##i$Z&wx*F7mfVfC
z$1r;PU9ofcONIxge+5x*oUWUOy}<><FLIgp#YsK(5F)W!ay%!!<MdhmJ_Sq_>afk-
zD)1Mm%hK@+ls1yyEUB`=ks8CvfnvD`ZI{V``Q6xl!eAH>3ef&HML~AGaBaOD=a=LJ
z(vJksBywljMKIYS4^Tx=TPb3TxNn2o_rKvG1ep{WeoL@k5C$P7v{!GscKwcyWWKRM
zo0s9b?WOsUWk$$tw-9$Ps$SVvds%xav6nXRpmOY0nOADR8&&bdV1r2U(D%jOM#}4E
zp`YTyNV_V{BjO%G2_e;*&0UIS2-z}>xI^<I1CjX)uPK96KFtVft5TMO8BMEun@4-2
z+sQ@N)${y=IKzNPjjEEf48e`!4+tGPI{G-(n+V$Q)!_NWNb+M&gYF{D<lu!6$tG|k
z81*Ri*}X3p>dCcK!bvReV$sL<C)@=h#_sDW=zVuTIGX=DS5|KNUR|_}Eo8%*9?0B8
zQd{P4+ie$*4GE7E?%Bkd-z3N`S8IYGTrHl;CC_1-Tif7o<AmA2$wPZkc35S!o+^Z5
zG&Lq2odN!H*m4Jct0CGm?HAS8LXB+S%t{{7x~Ypbx^e;wbv%imdtn6x8rg<9+KrWq
zSEr3OIt?*xam<(F!MsqpY~~d!LFEhME3B>O9MT^#K77ENs2Q@vH7Hr;o|=FB>R(Tj
z$fv~NU@~_wkT0|Oayw_jVzgM5;ek}!OES14J$0Zc6ovk+)Jym!II25P%oH4dIre9i
zX;@YPH43U2OdC~ZioTFo7Zpx`*w7%BQQskFaZd|9dJ2rp5F7S+`JScN$I11H`UJHk
zjWjw<+Q`0Ik#mmwrAM!47VkF?t7m9k4EF)@#ZQ}>$^m5&WiiV2W#EOdrHbYTG+xx`
z(xr`sE6GxYz#AKkd;~>_d!u1z#1<X8il{W)1HRP5guA7FCas9CeG2^~rXbgvSm(<{
z1(gkUEyxZMzCW&sWF)Ov!=}v+(|5tsQ={B%d2*hS1G|Z?+rh4^tuwH37*}ZaE_vP(
z+x||mcDVLkT7F?vx$!estN^%~h_TX{o)roT75B${l^uF6f<h`yV>60@kTklow=Xe>
z58^5qMUZ2XW{WNfKOnl(5XL`tTqW9GFa7#ef~*AVcEmwelanJ7KVmGP-pwz`o=|Oq
zV=LUVU-?j;{e@!gJBsAz9tbAB&lDjrL3#IuEiD)#oBY+#juD&G_2bIcI2YU7g-2BC
z3p+hg9qhW<C;l;F9b&5`G3R$0^CPujOtRX+rp`DUz9Y4Q4_&+d;{s9eVxrrms@?v(
zA9Qkbi%f`yB!L(1D#ll-84$`wq^rIof7h;M2u0YL!DFD)5Cn#YXuAXH17p5zP(2yy
zYLs0ypaOUN5HDCF65`?$>ubPfp*VKcXDmgiRdc9>$!<FqW}e0vO%f4PvL{v?-IFq9
zU*u%;yi%C{SgI~t^-a>C;cX*@V42CxE?)gGBK6FIR-FTJl}xeXS;EHv>i1`|;m{Z>
zWk<c#a_6?5M7>x06*!HtHEg;2dIV$?DysHHi=s?lHT%i$BD$8d&*V~+2W5Ip6^FS~
z@8dUAhpDX^Z!xHzVG_GqhNZ#@YCi>_XE$Uudh2D@O{>rgd?r1aCs8HCKfNXSY7VAJ
z<`9`yFfNZ-A|0!`IdkZiRDCYTNd9IkK{pYXxhd0nV<m~#S;Ip|x}L}WCNCCw9}XeJ
zlzJA+9Q-o|k-itFNYH!q>BOfDu&bEknC!qk@3+U<S*zX8etuC?QDMms__cHU91Ic}
zrFX0(x?y(}#^LRs*{GJl_}S>Pe5lgZ4HLlIdCvLv$jSHi+$`)MH`Nmhw(D6z#kXRa
z>E6cI6i`dLxR^8N>yJ8yl(3^FolR9W`-{q&*sWM<gr}m?V4~pFGo=RAVH(R77pJiD
z4ph^85atw9!pq+YOPtemP+60RQaA`i+sI1KMVa&cF<GB*)wX$euZmwaKZ7(cu<n|d
zg<}^vE3liRGxunVVs?OaOoWNcZ$@MZ-XJ%s9Se(lSmE@1+!?&QaqN%KT*A|m+pHO`
zHB)wgaaHY9^pWB__bHl|_QL$^f#M0ILl3&_THR+coQo6J!H9`~_|(oqMPIW;<NI2-
zZLA-5I1OF{i~#|Wy{ybu9|&27we;wjct1f<Kz~sP*3TN?QD{94Yh!y-VlkRg>V}VH
zQCib1?m5G^`#=d1$UJblz2{r|(f(2?4`NAyY=D3G_^tmIHCGdTf=idRbl3H}4l?v&
zy$E}V+`&?UK(VtPipF;+Zu)k9ZSnT-*2xcrs9dwoCY^g@RHqaz-C+=D#HAhlqzQ3i
z`W5od29+!ZW7Zsf%=7GiY^&}$)-WUF+eP0Y=s*YL<*Pf)n<C}m^>6jmtk!KO7;tFA
zM7FR#`cD|xZ9Lj5)%F{p)Tyrd7EbqC)CuEsY`1LQ)XqI?)X5gJoSB1D1lHD?%j4^$
z6WPvZ?7-sKjE~XLAr!S=9Kri-&rx(^(Y~Fst1T|eZk1@4LKmdn62bpG7!UDYr^s%D
zjn<@1tbDJ=T9TMSeL_Pr(<vrVZJSeqrIfphq|CskXzgvY^`7u8YYSO66DXtt>E~}d
zFm>Q(NL({SHsnN6CftyApy^*QG|n(Mk=Wm#A=H-E&V{^rr(tt<oNe-QdH$Sf;k=2N
zwA#_IA#brQV0r(hqx|0QK&kH6Bn#3@Gl`4+^(NbDv-Ngq#db}N$+vetZj#yQ#4$=o
zB^Z3f+gxDH%277VXeP$@@IUiFV9nHxK!XBfQ{nE(s(&P`p?PhEo(K`TErocU$26H^
zHj*jU<OYWmEmqH#&>=s0LIpvFI#8TiQ<EdPRSzhc=q7Un-{3f3mh#KTiOo?-2!Cu;
zuEA8en+d|RgHy66BH(yC^926%r226tB^!A+#;3p5<ZWQsr}4zm3eL*VHPs_gsXUCA
z-GOl*GmwuFCXN@7X@=RIba@{OWz5sI<1vfXcM0SOO2{czVzsNvWiFD{J}-BR3D;6^
z%?$avPjx#-WL;o?^t74(OxKqXJ!63oDMh*dm2Zf*r}#c&@rv_AQ%ps*?mK-+t(2G9
zuU^)~3hvdLsO*ALuCL+2ol-p|>TG&<3qH!sHw<J_?FcGuO4Gl#-;_Qgtj$Hr`C}=O
z;SPAK_vWR{rskfx-miro(3ChyAkxY-F!?CNk=@y4`+S#sd~TYHx=!C>ct2B1lz#{M
z_Khw!f}9NaMeX_3L|AjVuGQA28Idh4we+KsYz-}&HGgGN{4PlF?1BfmA}xJ)scc#b
zwzyZP$q?C>Ge2~SEE36RF!4+}?ZRn2-IL&OCm2?WezrC-gHvvE)OvP5cU+qm0(j~M
zQ>P(#;;_p6I-f&X2RQhG39U}m2IH-tN2x<YdbM*I^F*de1)5SA#DUX0BcPZ2t5k$f
z?U01Gp1FsY``?NgM{*t$_y*_B!lbx73QNXId!$koCQPF}6*{PN6BveHfc2JH5JUGV
zeFbfInDB!^Z~nYn8WG}?XI7Cs>Sg%Mr9VIXbYA0*nKNj%aQm*;9Yd`dZ2#2873|pH
z%LSCpM^lw`-QvlN?r);GZb2QIxgXD8^1EZkXRu%#k9lQcvs#USmQWVB<!0dS8L9kQ
z9kPruPq{9okHg&3#N8fq-86y}&2D%riXuub-82FkPA4X2G-fO8$7i_5sOJ(*u1o{|
zKf2B-R<s~Yv&ZKi+qUg{Y}>YN+qP}nwr$(C)wkzirl-@L?4+{acB+!vg@3KjIa{C-
ztxA=scGyEJzZvSyBfTX@&g}g&ZRevyAk&{!eU_@pnBTXOFp=F_vrkqj=UXm6G0Am!
zR7!nrwB7H8{QDI7uV#t$-}Do-sdQcX9v47ePTt>(oNDes?$3_D!!s}aF7}SLyF30l
z)!Tsw5j)x4fu5foL(Tt=WLjaHUY&2BBPYQ*hqvU&*|2PaIShtht_v1CQ`zU5D=qb0
zRZVAfakVyh=6VWUO-~OEW@+oSv9Zl=uQuj+?5fu~k8NXpv|VRUZ0topb?OVD!2U(7
zTh>_un5;G`Zf&v9ufe))&hgFG%;fy@jdgRn{sRFiJ};n#S+q4nTUz0mU16>Qcnox8
z`0sx2tL7w*V;@}eT$*sMg*@|D{9g=kE(A97el-1ho7nRC`#9yvw!r1coOzwIK6su9
z`yQ8|mRjXlF8DP8!2n<S|78DGW>Eo#R$PBF8H%Axl3PkEq)?kut0yEh7*j}YFinm9
zDO3;hFj8u&EQO~5qiHhZKaOugo9`hPkBpNre{@6M^}cZ&fj+->&%M0x?0x;nvYbhO
z>`nds>HK|7#{i+cii{~h6zG#WOXXs(Q$^2HfY9*^ao7X&U`FRBc^h=KnhOLL5f1dR
z2SMU{1@WGHHv{3coBLDp#%USwFL)jBoUl)siw$jup+6a-7d}wJkQHB4wG0O5Y%HV$
z1qc%=Mzr{(pB3y31LBhgjG2|-32z)1ikw<6l>QDkn+8@Za9>PmK{$>IZX$9W_FEss
zf-Nav1HKcE>@Gh?YYsd+8r)Y60rX}XEY2J<i3Bx98|22@?<(I88>zJflzl4iNxyBU
zU_Sru6k|%q6C}`+mKF<ZVgPVe3?1n}UW=Rw?}H8f;ta4%4G+#OdO+0hWA4vkAJn7a
z?u(qA@b?7RgQ1o?p9pCbWfI)QCHWZKV;Iw!BzP7E@JDm)_h6nX!zYtHry*mboi)A8
z{2Ug;+=!PJTN5vw2LY_ac5Wg+9+d-u=~N{t;$z`qA^x#vXTjEboJg=%dRvvfTNRU?
zdRJce8$B3(#8`<6JzJSu&&z8VR1zEH#XxX+xP`xnGI>)6IWGO~quxtl%BMXs^pUp|
zs<@8Qn<E}9`(l35%3j@h@&sA|9O`u%*IAq0m_9zI<cT?b6vGr^{vIZS9`>k!^?+Tc
zoW6{`$02w!n-b8inq5ebeV_;tRvy5FD}oo@jMCp3fB#cvoD=LuS07}g0(;4Y&m)@T
zJy_?M;H~=ge?C^OwM;moOyC)NH)ege(0iDaIPs&~Kj_7gc`f#Hs8Rz8W5CZ?a5IrD
za8Z~gz#5xq1xaEl>2r!&T2Pci2vk51zp(ng#EG0y?o4f%_W;{DdayBSZfW~1@Uw<s
zjr535e4nB~Seb!La8LZ#BSEfO0|HyGYPzI6oEx9Hj`2eZOR$6!0%kB^QCJLkPf(>l
zd~9fU4q$3QJ+FXDPR92BIeh1efWvTE@=Xq)_Dm?)I&l}WdGJSjm#3G}#9)p3aIiV?
zzcOB7jsd}|pkCPO3`^mGW3&h18)PDc0&i_F?1&F~2*?!m4|Dn>^>@vHnc1+#dIN1E
zD$vZcriWW|&tzbuA$vP(NVN{U4bW%~M}W5r`&UYL2Kx#2dlO>;PRtezO@D?}&;754
zN1hD?vk+$qN5*g88SbbBn26B{YmP34LNvbm1eK)AlyxN;^mV-PP<9<r4Mm`bOnKPB
z1&ay?p8p88;0c3Ud;{=>`(d{u=AeB7Ju2#Y?e#Cm!;(aVq!{m`EbZQNpu`TB=?tMf
z3d_g(uTEN}oqt=ZCGPBChqnzs9eyt<lsU!Q`N(V4e@>C<SpQQcA)x32lXw=Os3A`Y
z@iejj^;N6oNz+Q0ry0<h`Z?IpMYjKE3hZ4F!^XRjd%fir4edmu)Q8Ap+TS9y7T7}>
zd@J+e*@OSM#Smh0)CV02ZANWw1v3H)A7a0A?V`(on-phOHMFx0bChD<ef1ft3O4Tx
zM5n*25kF$^;MENM(OihA{^AaW?=pZKxg{nUc;Y7->v0VM@cWhVvw*Sy!jh9+^Rt*m
z{c!@UMt}!GF*#(mYXJ%+$V2zXWd)H`gWK@q_GhWmyY?`3>UX}X4JF2mjKhr<`>W&m
zJX>lO2H@o71RceW8iQ5Pr3b`a&Ym59De~Q_qAZ{3&g(u*MNxr-lEZ!f?STBRpDhjK
zCq^$v%XXZ@AXVg;H4pAtX>nEc+p_YzEm{ALz==?!tPJPBVQXP;%W(t$n`FE|^?wjy
z=2xF|CPf67P6R;c&s1$AE31AuBu5<~1Z|wCI|{;89Gyt3Zbt3I5y#WKN1jK)7|5!?
zVEj87t6EGB<^xQq@MfYH4m?He2w3mzFiognbB232GSpaTDzMYswpV<A18NlU?!6&Q
z#I06``{w<kRncqpd{L9)sOD)CfU-kj<E6MF{6*#e^vI$_9|%G-ohPbFnc>ABbJ)Qg
zywrFoajB%+T|*5q!4-Z}elpl&BM@N#o8Y6ORQbsF2g>_jgO_(Z`<E>k?0ZtkWBb(d
z;<N%nS%j&#*W#=prU{0|oA{kFj1b^rU+Ege`u149y?-5$MW$T~z0U3>ikRe*#ZK|e
zqV6vWKiDxwb46cC<N(aL-06l5^+iA=PeDBG@o@=?_Rm7p>Eai}(t-UD4FLP><UI%b
z{p_N?l`e-6n>SBDv&y(g-sHi9#|MdPIQu>M2@x+G#rHEV7@`!5X)J&Q(Gsz#gou%n
zuE&KL<>N5|GsNee9l^>j5wQ0Sf)`L?T?BvZAaKXUBPPZ#ADNgP;Z0Vsb~sEgO`j~=
zR}xN;I_oEVs1S=^5W1y97K;fXimx{dFjeap)<!ytY8PPzw}9tAMMxxp2|%m}5)=cC
zF;*0D$S^w#p>)S9EB`SnnDr?vn|U%Lm4?9xNB}RNkll9-IG1Or3j0GU4KW2)=1{@-
zqyMCan^+QQRtVy*%o4@tY~tWnC8zQS$6G@R%m1ukTA@Pl-o#ghcuycU%0!r^;4de^
zV5mI2WCo}~a9=OSAUX5X%EG|H#>|Ed>;V~pl^>opdO^&+YS#Es-IrQqfmGRzJb_75
zeHg-snCudOy8O3L*H>B=y2_u#NJeSG3vrELa_Kk;LP`Vx?U*DXVnoP_nA`H2eBAg?
z>+5{vpHG9^mk>t@l*qGVcj#<U<80*=a8&|JQxdB(O)XxVR)yheHc8&08%aG*B`a=$
zccLrBp_U2<-Nir~B%a(hHs5?!ich-7;lWp@BjfAE4hfHzfyLKggSkxczYxVqWJtBh
zY(+_QQE;W{;>M6lkJ{y{=2{YY=F<vPlT8Haf)cqw>3C)y_CDKShftTIB|#~*Stw&C
zs_fY4iHyAx>e~dK%9Xzy?PZbMsazM5;N?bVG_{V*Z7g2rnN}Lco{2do+rxyar_|NK
z1N)g+XkIp&J3pKKdIlG!bnj$r&n73O%g8n16jq;s5B2kx`E^uMYGtfF<i}bV;*cOd
zIeD-MON1(n4fqDd#o!3xMuJAr1#}&vVdI$kTslqN?HrszSk|b(S2Lh4Y*6~518eij
zB#5444Pnr2abX}s5XI5>n?x;R?D@%agc$vyp>~8HQLLi|!i-8;*;9OU=;a-S<B(xl
zVvrQ-LI@<3`CW6q%S6D$Ag`20@adk+@%jaCDGJJWuZ}?eCYBOR%`I1{C<;J;{f73Y
zmsO97PG**ejH4z0&PND$R`07gI&4&w0;}YA0xFd?l{3eCl3Z)RPCzybqmwne8*eT^
zD_y0UFwT*rC9QOAGZmH=68O)05aMpCeLMU5ID77hx6cdjpHC)2p)MvzYFwz-l^^cZ
z^=8u#Bq4Hb$*+8J=eb{I+;pw2H3MV9aq&Yv<A@cQaz>L>4R?2|Su_gu3Ao+(Ri-k2
z+`l9l4?mrRtVk9a?ra%ZM5P!?41GqBtqmP~G7?5hu{xG_AtH5)8Ay_NdG`;>ui_ZE
zk+NKARqK^;ar(T+*z~*~X^Uq%iB>6=SbebQ9f`YL+_VqPCx=ycmQUB|+01Q~+4tGJ
zb{^y|gBLDKTt?m4-bhX$%Q_)frzVrH-NKz(&ez>!QaX3++=qrg0c$~!B)uM`VBrsW
zk8sz_wzIdHdA0s}4jiDNoSSx52L2^ufkTvWr%6L-UVR%3cb*8bRm7Y8lUQm>^B7l*
z-=RFwiRRjsp)5w5mgK%wN8)@&5Q^q=W$s$#np}s`A$(41jFfSxBRb*=YmMpnHr6TC
zo0urIATx|})^q7O7nVx@9=(0Hb(b&QIQcYa0TDhkK@lE#pHw9PqWYsRLHSfd3~^OL
zU2nw9AB7;ekDl+-uoIgQKYE-IGN=Cm6MP;jb5F-8cXG8m!B_c%5$3^RZ2m-Kt4rv7
zv)DF4e00#NF#YsE69je4!jj5MvGU^Nk=+a}qD1R`V!r$RJwA}Fv}`z8nv<^6*uY`G
zHt`LniB{g>q@2BRL#*6wIHGm_O!csi*Ia6Ondz-(9W{4JUWu9UqT=t$O8v5bIklJM
zxHautb37dTH?7rMeWX4{sgOj+#LJqkRP<JoT<Q0-ejus{ex<daZKeA(6=vtYPLV`U
z3U&KHitGHW;fSdnZRIkZy4x7X@x%3|Yi5B|*127NIlA>$BfVW#!Bq}2Vzsx6?MeG1
z`fN33I+q+G)|O^AQhnfW>*6R%J+3?TYnV#i;96)VEIOQqN~Jur?fRp(=lV9RB^;6X
z5di?u&j3DOxLr)$PQQNi1kETNfh{JfxJDE-JibQK=0k<YOn0sgRtS1Np3$aUw;BO9
zYbwq};onA%d6TC7FxVCKZd<6#!0Kh9c!ab}=Ar8zE7sVHq0``c4r(22NH`bPKhYuh
ztn6HB_{>m}m_DC)ac8BH9OYkHPK$4FI~yVE7?NoC)$O2IqI6%4oYPFVMz1wm6^9QP
z?VJvZfz+tG8B<}FoXCpjzh{G&+2eo9*DD1gX=!5MaGiBm_rnqIUsIkUQA+aF)%6V-
zZ8tKN$djfp9cPNwXXaVAi~8nhf1^Jq#_3cjl8uEy=HN(ZW+51(pS_aRr_gg*v_nZN
zYg4r6x{Rwt7K5${EchFX($_m!dnj-|cdd!ES9%l?=$p-~4T8V1eyw+ccV9+DAG%`A
zluF@PvBm#vVGlJ>WU?B?4Nm2>YkLYD8@+C$PC<LQ8hi!h2dF(1(wRacEq27NRJHZ$
zMl#LjUp#rPb8#1mnK&CGu&6jY1IJ*!hw0G~jtM^|h@l!01VjlPx3d-Q*0XntPK(KL
z-ZYn=YQUcQ?)r-JhTDfhn$tX(viVHS)%kcvl<8tsKG^HT3BTC9TgEJCt`w<kutk5}
z@z_<0htEA*+;!H%RgA{wD$>v7E?47m)Hi(eA)OyTH$@{gBo_`&c7(o})y?>HpMMD$
z!!DPyxUI(nXQ+;DM6q%YPGL0IG%1Mbg!amuj!k@C;CaIdb7(?;q%dF2rbZHyGxa33
ze(F%z_JnyAFM!p~OEWDzbd*YNZ05WvRk+=h8a}H6Z>HU-dVR|xOJcyDuY3J=TUiX0
zM@fQPOJN>jJsRo`{efT`B+KdKw%JxJC3s)i-`ICvnZ3D)!+I=DsGX^Aihfwg2gyyE
z+_pQ-`4vjV%=Yu1cNV--Y<XyW-9-gbDgznrXXv8;lREpvA?fD8cWiTARQ1Iq{Y$0?
z2*?hg*RP_)qPA$3XVYhc(BIQz97tIZV9jv^biPF|2YUyAXWSO$2Q!MVOA7pr87aot
zjwk*?#6knGc)Nrh95u8wmtdt&uMZfYLcF*?;`hOwAt%QiA8eM;DY0Fvf-B!7aaq60
z^E>aQUNlW!8{5j(_2qK3Ns_Sq=bMVo5%;rK9RFSmZbf|xvx0SStc82u?H<f?6_N9n
z{P&R=^mD8xBg1mh)dKCN*87aX#9+MGviy8@n^$P1N5a*M(EISa2Ox9sgr6n+X`JKc
z2Uh}<tdx5zBYevKm?`2mX*rj@tZwoY*|jU=+y5X5MsyYX`2l0UTEQTFjj!Icu2id@
z@^!7_@QG(z=3IV<U!;6_1W(1-7<Z;NF;d56cf$N}Coy03#QgF^o$}@`bs?k8`?37u
z1j6W_7T6+GTXCMC^=)`0qF<;(TWX1I^g6JlyctQmryMD#gXh6K$wmrWno#1H1OdjM
z`w6^axcG+?Uqs!6z6U~;Y~c3>f~~wG;wayUrO>^2gUo_@bHZizr~1%1d0jXnnV?{u
zlP_9G1)Wy(E)dUx9VrXmUG1YUI~1y5Nz*`_NMVl=K219NnQPK~cvTz4roKKH3zyYg
z2a<Y)l8#neY$6@ghOM)4Nw2hg^`^Exy5-Ue!y^$(VmjJ3tBX$Yd86&1eC6WUnaPOE
zYoXKe)#?b-|05|lDmf|=bW>_&*}COk?(e!oY7QpS<JJBd?zgfz);QC5>+#tdCuz3L
zW@ZDw>0nb^Fv*QCO`YC)>>cmatA!pj5v()xD}}Z;nlmY#IigJ3MoU_px0%B`9;Gl7
zR_DzzCX|J!+bLKUgIM%VDpvmXVK41@lio&8mSO%q=-`WPBFE*2hweO8M#nCQp@T5o
z>h-+`@M$dpjr9kG<7`ytvcRX+y&b=x))(Fwfl7nuDp)e)b@WdoU>Y~Do=UiXI=1$G
z>-SxG#HQ;k#g8T*@Fo)h>PlF1GtM+*0Un>Ar4e?(4q=yW0r(E>bKpy^ZJCrJSn8DJ
zpE0j%tSzt8#mI6=NNUO!Z#gevj;-!XNDi-**BS0si&A!H2E?Q^Yt>NhhYC+OUyu5M
zsdfaxRjJB2i_Dvrhv?aiYIP<Zt3|DQRr!&fOaA!v=NwJzNy{n|I&+Dh9}D9W`fsJn
zMG8k{veb=E_fN;aMvGVwXo+DAGoojwmp>lv=iK7WKeCqwBoVjlXgQDdTNT;Q5b4(|
zl=a#dhGCgDT-?Gs7F9pdjvVABkphjg_AoHkD;ozckMSG%)ykSRZE_N!(;AGHCX9|t
zGzr24f@3~MnJ?9qK84Gtj*u(vHE=rSp})n<&27U1Y#NPUDyNboVXG9Z)mNQK$>qCs
z1LWcC5NbpFoj6hG@Cgd9aEA2kiZ=wof~wrFn_koQuiJQfx_}Zm!l+010o&oggyOKa
zv%Wxpy>u8{b=SE}2SHNEGVn37Es1MC!VxF_pS@?p)JYb&)A~$r1Y9*7831NqvZHtt
z&~>qocAi%D%s%r&&xYZ{khzx!Stq>B?wSmNod-Uq0zyX-SBsvnZ7{RG_b$7pp+|Q#
zjoh~%<=s9DDvta2CtT}>m!%uNP_aI~+0;xk&=fMyTx%M)T%9Jxcl?{UuL8#2xl=iw
zMKf&UIi8l!8exM{x|KFFQwriuN^@F?_=WDNFDs3V`BJ|V^$)2(hnj}Tt0h8Q+v#oh
zEe?gEBK($lCxOL=6r5EsG3)<+S@v%epCw})>l3;a8@yb?u!yhaI^6oB<ak_f*B?k0
znEUr4sqTv-oh_BhI-ZPGKW|+d7M;l8oUM{$57J+KEv*{@6BaQngWpmyo!5_5*|?L5
z=*R~P!Aza2cV=}4M7o3s;bD14y<ig`ef4kijdF8AWzV$!AwnDY6y|Sl*xKm!t8gg=
z6k<HrU<Hx4N9GY>MwNdVCAi|GfYo1Iegc6SWp+{0$#}D;In5RNuCsLgg(RWn^FWFC
z2kgUDfW5}2K!4AIKMLv6j-$kvMh`hzSzC0y9zA;Dw|ifR$PgfMii2A#v@2*>Azrk2
z#Vt5eQS`3rndrjYd0E+v*?r@W`w^y7$zr?a(l|w##6&M%QsWjLwv&m#svq0y7jVqK
zx>g-!HY884_#*hF7n7>iYjxG4Q!85<?FApOM&(?sbUmJ$=w`3&hucqw)oJ<}dzpC9
zeLc39|9V;#m`~8uwxlZ-Vqac4v%MW3#qV-QKba|S5xcE=sL&d)aOeld7*0dHT3}4`
zu7Qe9+rn|y&bhy34{%S@m#bdHS60lDwH_tuY;f2Ae7Gog!%(O)qeG@owvfy>Zx?yF
zs!w|^ir4irObFKxzEis5+K-jqn6#5C$A0Rvm1F7F-mSMX_6lTHbBnvZ>d7FI8zzKl
z8~BdTC4|`ml!L<D2=^W_909=bq8J%50Ez(^1~nqUjE^Ov`JxMg_^)mfN-F|I)}ydf
zo4Jg!Lv3;ZP>}%H{!w4Iatxs|-U^xZ-RS;WNY6my<olEM*6QQjk#bM2Zz`)^ubyI=
z>?<#$G{!c1@QfJ{40fpHC}F@;`uUNg*x-3VU-6J|dag;!@+w1-tMWWqJB@UAPSwGR
zYpb;N{h35m4mit0Zn{MwwA7pPYUy^w(w%ndoi8L3vv`t(dsX(6z+f?6mTAL7bTPRx
zMKjXwz_@{>I<15GN^<XJF_|xv4SLHR;tQ{)g*BCBPKh(;?ACnB^f^Qm`=#?<{3*-i
z&{HmN^&`W1vh47^45d1s(+NH-_2%)sRO9l<m+_T^WcsB9JD&E=J(jJSMVDLRy!CpP
zN(gsSSbLeGGgq6ETVo_>Vr5#jfJ#fb(%JR0-~Bl4+w<Af;a|(?O6Y&bJAhNk{6BNG
z|CfdTKV0qq$EE&P$I1WBr7|)8Hx5-hVb)@h9(v@~2NJJSQ2c<@9EzZ>1=(Q@FXb9g
zLGv6s(h&PKt~HmYdAqFNKetNu1Dj)=Ep)_eHqn)B0+s8wSsu3J{($%nDXUpOeNRHt
zm*i_AzmXc^z$J$ZI{I8xMVagUPiUemlP*`~J%}u|yCY;4t7*^MMyvm3WHT?l-#wSH
z^EAp+{+y(#ZYQ8yK!b7NK>N!hquCE5k13QEzNwK&3?%8MxLq~}aOFasg$~YO1qS-F
zT@S%>dFpQV;Fa>2jAHysd;^d<N!$=7#cX(s5XpRwStK%um}n7xn3BoASIBQI&Qmr#
z*Uk4675GM|g&T6Q=?NIHNaXUooMZohrDFWaOHC$9I$T?Axm1>IW3*<%>6Txd5nnV>
zFTAKOb~KZKTYyl6(L9)~+z1?NrQvU=@rLrj|9O=DtHkAh9|}f#R)+tF2s6_&aWMXO
zL>NjdNqOh)H|x~>WM(T3L$7TL8u$-1J0!GN0oNb$un@LCA_#KKPAu}_cMniI6G|Os
z&6+N)E!8dC(+FXFo68Mbw40hPpDvr#O`9s2$0?fKluWz7S?L5@Teh#?FW$bN-MzJf
zryReIyr;guxeWLKd84s^9xc#39$Be7xN!WM{xLoe&DA)MiBq{iYdXMr?vtH=v!f+5
zX#mRU48LoVaZ+oVFFSsK@%e+HzV;VbGF5oq``~hb#B~2<{>pzwthDgz+;ju34zT3a
z;b1|F8srQ;FV^L(^t3c~e&knJ*8NcXDL0yIKdc<u=2il&`JnSXo^Pz&z&@*-hpxq1
z?`d@wG&&#9L8bs~ZHGS#r#9DU-%t1R@&edB&f0$k;#{)2gjnQbeWKOh<6x;cInlJc
zQ}8`}y7kEVZ!2pw8C(7goMym~`1%WRv6hI|RE-%NV|`>On%3fU3!f_2e^&Ynu<vsv
zv$g^7xgvh9UUqpE+lw<cpq@LV#kgew0nIQ6pk)9AWxn-*fXoZI1cFeW!&2a-O2MTL
z=$w_nmHSzs6yS#wqPzwW5(hdm&{`T<&T5}I0kLMGpiuOSxaky=#Qyc)n*10dJxA}P
z_){?!e>S;KZ3N$X=jet`8yEDs&oI?0bopf1271|Q$T4AS7?_<9y;j!+_b3?O5*Ysg
zJC(^$+dH>mh<*;nNoN}z9bx5`lKbM~rXml3^^TD;AhSOjN2Co-7m>a8Q+bCzoMrdh
z=3Mj5d;Qp&@OC>#n-hpI4_sNNMZ^PBi9m+}En*Qp$F;`h^2^0u=7lPv*7@eCHhpr>
zRCDr3heX=vbhSyx1GqS{f(QO9D=~Ke`lDJ+!rE`0#`djR?V2ydq<6cEMFglMhD`ax
zIeWjGKICzLdbv-M^1E#M&f}fiBfDGrD-Q8|5}MXK^flG{LA_ggyZCzk`Q-hvO4<ZU
z6#sw*{bPxjxgI4pehr32b{!0PtUomyWC$S+$2nxMMs?%QYH!*my#-j^wFTrj+}n4o
z0A2MiIzwbU_&h*n7nv4n$<jyMGjhC-uJIHg>jgoZJoN9XulJv&T0g;!YUkY5u2?DN
z*kno~O4n2%Ht7#hK-9e#@D%*+unTC5uirW-co9{;D0S@Ku|3Z%<CKm#RBVK6=<Lwv
z2L3f3$LN24>#t!!<^CEkOD{6)FVkZ%l^*TMC<C1-$3hE-g3ahwSo;+o&g*Q}@$bA4
z(QG~{Ji5?T8Vdc3l_Ys^{pz;afDC^Ud)YD|dK76`vzj$L+{;kWSQ_(K8i4wGTq5T@
zC&WWt@m&`SC8g<1MMaJ_6L_A>&KD?De$7uph=?D_Z~Nh^ckB6$=S(H!Zh)Zt-rRm~
zXPwx=y(W+hJOP9P0TihK&s!dPdmfNUzgAgra2@2|JSf(F9XAl%U_kagDLWT-I#(M9
zo$IZWEq4{@V88CarUI}UFnGxOR}N_q%U&*28bdJg>%D$H=;2d61M88Et+~N+<WD=h
z@0z$Dh^}d{c3(HIsM&6~d)?|+aC^17JHH|ku|_G>@e9yb!rgE@p`K+@lmALo8Q4KW
zgH?l60gsMIBEO@bog-0aswpX_9%ZJc$HiRL45mxavxyh5P5H!Xom4wCH$StIuV;8%
zg(Zb;WTpc`CL)AVD;d~E!>3VZ0L<-Gz)W14M_-j200A4x_!g<ub#UTpE&2Pj_Z`~n
z$X+&c_UHC5N1ZuTL624dv`)8j9oud{^ogh~@6R^2tg9t4fdr^-n(^-FuOl(n($#Ft
zUBQI1rg_8H5IG1hEp7X2JAq8K>u@ryk6|{oLy>?@sHuQSW%W>F(wg7Dh4O0|eUcNE
zKR;SHfjv*zqHdk*Z4C_#zue8z&U4lmR@oM>v({G^R{vsOXrH)XZhL=PT73Ma)XV}*
zTZPA8^V#bd>YKX60v`ES^o^jCzHN9C5V9bY3ZZJ>zUEzvm7<TK0@VG8HQ-D}EqMjL
zerXOphq~g(zF}Bx$lX1kQ-4ll6La|hMi756zyh_+^7suiGtrYW=1)YUNUH=j=OE<J
z3~t$F5rV1EXa<JpHxTu0(_r}HlYXUkW{b{Hz<#B+G$#u|W1BwT#tZX_DUvm&+Lhd(
zvNA>~qoPkm(-#pDD~lZu=;2;FhUMn{P7k<K648R7#v?UoJ#r_4;YEazy#Aoiutg*)
z8o5>i+4>wJYAPa9SvNZ70Sh4Pe~`W3gtwM$98Fwl)Ld1_z--T}Fa5pd05Dns0evP0
zExr|NNxL^aSmfHPAp;$IHjLo#_QiS8!>yLxtIr3{9_?#ih(RqZ$Ax<dy$Zdae1E;R
zw&$YqcN6HLE2KL5+M6aiO1IX)5h%zTjje5K#BcFO%OLk2SR{Wq2Mp)BQXL(hX)Pjy
zB0R(1^6wziw!evMYveYw-0jZMfQW0~xz>VT;LBiD(MS&u+0Vai=;S5VfbNR0LxNrL
z2;XhP+1gN%$ZJ~#Y^lQuu9$%qTgzt3nGKd58`zU@D-?C_o{ifFfcjL=7q8FPckmwU
zEuD!F>$T>>scYv}4Ikqsy8~?1MIz=qq+0^_6*0IzLb<;cqoz#RFXL_G2i@4^v#(3H
zj_<{DT;Y4<Y;Rr+-5CA&)#!;nqdowXV0yBWA23s}hQhzZ5=j$2CKHJXG1v?!aPd%}
z1h8k~=xHh@g!H5U@J-2ar?h}$Ck3E&HJQN%u*rm<1<Fx+`zPO#h@_vyDzO_fGP}hh
zABG?nqx`r+YJ_TMR&hTM`h@bmAt`Ydn~a!9t)OEg>PU!2E?7nqhcv<jqD==J-9tv*
zeN5jE{G+#REP_$n`w(Lj1u;^7?3f2(6BHqnW6=q&ES${CH~fF`GQYv8?tvlLwNM11
zsJ1Lfw>6}RcKDioSn7HPMh3Lw=X5Stl#7PnI#ZwYP<nm01XFbSKH#EZCpr2D@nmta
z4Zmu?xH@mztKlAl5VzquNUu5UP6ydY5o@bsRL`{nWA~8!TtTpt6yNIZ!6QDVy<5Ds
zy@kE4zP7%3zsEm^-x-77r5_Yn3-@YTUipOq=odK8O)WL;F*TY(H`-0M2-&^#GFo+W
zq_kRkD5k1(@TMwg;f)oKLzGj?JqGnf%(7W3f2Ff@E)XXr6NfR1p@tZz7*7;*bJ9|G
zNl!i@g>?G~>-$m(d$jDj_LThTu|KTz=({WI*qyxe=FUbQm^e)2tjV#PRKvA_S7G<+
zWniH15KNEe{Qg$k^(m0tY#~s&RGpudgmmuk4|=xJ<jeI;rl^tcqK3{@+lL3Q+C(~|
z*DzQyZJDhZuU)r|*cTe6zK-lzcXPUIH+gQ}Tz9&nA5|`m2n>Raf>GA0UP8iHhCiww
ze6dh)f4s|Ic!~Ig3@`#sMopG&b+jg9q9$rZici%SMdC`<r&))iG*YX~>x(03&p6DR
zQy}Cvsz$sFsT&k@3pHsz2vNmE4j*RFxXcH&4+<Dbs=Md&=UxMVhI1$!&T%Ur&SBTs
zmoZ4nF0l{kuCNEiV}f(b9pVeJz`Avf*dLW!jqVGs$LLNx%eG;Ii)h7+hHAx>#&F>{
zp4}xf$bLPjcEkgNI}66bT}H`1@%*bp+Ci{Dr^Knixxhe#5!3-$C2%u4E6$&blPIJ`
zbY?)tf%h*cD0w7CUV?{6vjn)7!$%$NFxij#ZsC%Z&a>{1vS!<g!)`;lmdImkM^N^K
z(V#>8rv(F3Vu2#UcT?L~Yqu{v1){)L0z*!|t_BS5G$5)xQx}dU)z!uLXHnm)xr_5F
zZs6AAKjVzFiXxpI5i@lo`thHnYa-*6B=f=ON{ZfWW7Z;&WE%h-arH43l{IQ1+bI;2
zS1VFnV6d-TBkmgh0Tn)r%}46L(bKGxe<NU@1MfolUO-@n{N*{J;Q^GrZ-DAv9=scH
z&pGPthui0WgXs$QF=W2>_uMmuXSdz5+4%tYV!mP+M6lWfWYfQt-8(%TsSdoZgSrvA
zeN#@rHs=(eA@&N0<rj^Ok3JHqE40=2w;vQ~L#!Eg<d!_q+hn%N46Vk>!?H2yaemX4
z{!-2e>1c#d88oiL6XhD;Y^ZleXwtv@xr2f)c}9o23Hsb4U=KUph$8ERxM}P2_!ZG!
z0?obyobk%}3d0@7;s)77Mx6r?8%0+cCXLbjlMV2vCHN-*VS>>kV@K9Dz#E-z7NZwC
zx7B}^6CWp0Cc76y*POU(;f=0P&#l#wN}v}i2li$#o}wS8e*-G(4Nt6sf&7V~1{s{F
z|3uF)46IY1%8GXt{e%7Oq0Gxg)Xab!wA`In!3Ch)oyLm)4WZ}<x9G5Y4BQnz)QJey
zHu!R%GROz4wqQecgtJQI!Yb&}E_7GFI`mT`4+IoyH%ZT3i(go8{qsPR?qT*woHlVX
zDF!c~aOO$EE+u(xazH_1>kR=O*vh36n=Vg5Zbh6D_`^uLK&G_Nxj@t`Aw<v?1~a+|
z)?XGJ1`IX}BPx8q&lbFS!!ET-zS2CK-$6|2fz|%q-FNBH2Pr9M>NQ0sM+l@9{_^Em
zvHwSG0ju{t+Ue@b(O@3qw(<;_iy9kAC^$HmSg=JQSU?UjP(wwL06Z<1@`Svb>@l;8
z%)ULr%U0Zt<Ap3N$C3-qP(@9|SA0_4M1I?_pS9nQN+Vx~Ru!q4(Vv){DOjpJMF~P#
zp}HZRnQArOc>;Gqx)X(4qA>w}+a$h>v_5SvPmo*Pbnc#tV+e=!@H`P$wx_im1g?*E
zQD_Te$%q;4SQ7=ZI6#Buggui+hTg00_q_Dgm;N_pAtB@9oWyksrlp%NrqFnnWK?%f
z3GZSZ@#`9x7piBs^LRD+DytP_^Gw`lX4#=$KyF9_)Y1xU9G=mDsj4xIdaS;&>M_W@
zo<>0Oiu9}iM?lmnb=ZQm;Kl*}L?J$`z=hrEUlw8-V1qx7#w7qwA<7oE>DR>Lswta7
z@usSpnv&TI${Yj+29no1D-(A(c&_K^()n^@Y4Q#u9-V+>KrL7{of)NXcX2B5_Z475
zd-17U^GR@CV(yoSMuZoIpX^LsqSZk@`rD#J*?=~dITqv_Q$UPDzK#$@kxP_Dm-M?1
zea_6|gCM*sH4Ti9+hZZIyA${JaGgD8Hg(x~Xj_S5OB@DRlrOXb&633Q95unB0-X+U
zmo%9@VCpPMnW*a`?B90=R##-++=oZ@P&00Mep(DzZ(>Vy)UGoTg#ayg#CC+@0qY5}
zT%R9~n36gsCxI;zZ&(ex!9xcN0*V#XvyzO`5ws$u1Pklnnh`A|-S~n=mCEu;jXCrQ
z1A*N=Gn)8*xR5!HIe%K9TwDVMLp#6@S}i3%grN~3kOOtJtwb9!*P=zCWED=SBYs~(
zNKBxHk=!v7+WF$Xb_eRrDtbl<N++uh16j<4`9bn?bIiay)+?T<JX$hC(Nv`EMFCxY
zFvR8Th^X>94Xd%VclY3fn#O+HfYM$b!6l(r=R4jl2nh2V>1oN<qGHmu1+C1D6q{l^
z@KsRPgzBQ$Exr~I&lzsk-&fZw4xjt2NV=Nr@AYWc?uNSqP&A^9a2N^=!frsYw`o49
zC&~|Uc*7&t0aTC)19lssAw}pQeFDhIU?1}mfqbMV0Tg)*DOjZBvOzv*u<RT|LA=66
zii;;14azE{zaac`48lP*hxY1|^u%lEAs`_~Mj<2w!PAJyQXCK?Y3QIn>yQC#7CV^_
z2)4uSJEXQe5`$(s<~^wlifxO*T*eOX4|4R7kq^?e^+#KoMf7i8=QmH`Johq;=CODC
zu$3hGHtXr7afdg8)LTI>BjQRAU+yue;K?At<D_cR<|X9|N$9yf%<as@Yw|?O!%7#H
ziI$2LIMV`&Ys54vtC<-{DWt3<EM#n@Rj3=tR8o^wmkNK)O3O!g5|<JaVp2cM;<B?D
zX<ZopK#K_0O#BN%!N)=dOK;4m8kA&AV~Fp!r8hGjRk%o#R)VddT#PzYQchAd&eT0_
zu)o$jgq$H|+*(IRMOrIh#oC-UaokC?5OXe47<#{^JyZ>2e%VhGAkK*7_>pU8YLdwb
z!dnPJH?jz}$2a6HF?vX6nqrUtK1H<sYpV5paWKfX)8lw=NyXeKQ}gK;mU9JBY2kDC
z<IwLs#k=OV_sX5EI?1GCuluw@cWIN((B0{=%oLdx#2b{*fpX6cBQp-8QGL{GS-nGT
z9l};wBy`y*B|~#Jv!bFgp*Y$7TqJL?wBoL6sp_Gc>SWp3mEA)_@)8h9Nn4;uC-65;
zOObYZdOG7;PPQZjT@*SxoMBqUa_e+|iaVqc1UfpBT^2Pwsxtx^T2z<<$@)~fE?U~|
z-I`Y4U_$uJ9?E4V`R`1)rzA{qj6y}HVaGqb<S-OBmZD}Y?Ci;-TffV}b6v@T)+E@q
zsjV#>qHP*gq<}M-%93<W*f1bQg~c{&F0_7TC}+BU!>Yh%;c5Mth0bcj!=fhtW)LrF
zCyj}LjhC&}wZ-=&XOz^$Jw@8qr!XDC@H+5Vx$#w-!JNu_-f_8@3XdXNooCtGYU1ju
zDr@=iv|7S`h<mNE-L7ZbraaAOikszMEL_a6rs%<Qg;&umf6*-K6IsK4H6WTn_@&<x
zJ-+EX3uWg-VMfVAdda$l5(;Urh5U-evPm*6$GXmRQ$ZGO(d7R8{g2b?m6I?eiy1a%
z#r&Bm74wWza!UPs9PhGvrc^@uEW#{1+xo~|W|gUv_{l?#6-O*(3PZ)vCk?F~X{Eoc
zzo#QKM+|mF&mt0ONIAO{R1JlUN7wGcz@<5+u}dX{GU)qe65my(mP#sx1c3c!7KU<f
zkH=#t+9leT{&STzC`UVwZGUVE^Osx29H+*~eJ3l-bowfv&+1QQLpsa5c`d4v>4|%X
z<!OzJ3HyOFa}(VfMT9!2a4ezEd@8DM(3>)!YdS>p8Jl5BXiQ-6-1^<{u~%<~nHgp|
zAxo3L4Pp`y;DJ!&)K|}X0-rKivS4#CB#;~>X4)<hBd{gyOGadRExiS$Nr^}2{n5){
z(DqiKNG68Py=bB2ZXR6@)W0+cx|xgOCGRQlZEO$CF3Ar>M0}(OvClt7d76lU7Np+n
zKt;lUuE=7>8l^G(?Kwb}J{J8!0bh`o>K4O66JPEt!w^40y@v7@jin5w?hgfD!ooBa
z#vjHf#t<|&DG=Hpw2vuSmeb>qAB$1o-OPg}_YndQ)I`t95SX9t)Ox4XeO5A2yEj2<
zh*(fM(o!q#fej<!o+(gP7&Cuzx3sOuU62(`mj*Z(qD1~}Wt@iVpzO$qNJ;57a?x5Y
zV&5ONA~s9Vdk=olkZwp1KjldW2a;~JeHjggr|pNOugaN=8B9%KrzggdymqK<^E(%`
zZ*3fRbMosrw*^ER!lMs!MT|shBEvzq%FTNM1_*UULTd483hd->Kx={rarw0L^{G$i
zA-2f$VEeWERd;_0-3(rrx3R*HpIyUFCZ<<^?~Y_WYP)QI0-i2SsB;g~c8{;k9%{Mk
zE>FCVcE|+nPR3SFODK=Hv2b~QMr2j6DHM`G%&y@)I#gAvCm3~+IS)tXqa|0Q>y3+K
zeB7R2`l`>gtKqswyDOE*1NhtdNJzuf4a7adN7?LUKCorqhrsGNYAAg84ZznEZ0Jc&
zl{FhGXd;fnraq-Edh_E$<p=^da9!%!DvhBz)$|pPg~a2L?CYj}uv4=+m0aRsns)yN
zx65adN<oE!_NHO6(51d5o*0ncqE;w{?Lv08lT&{{FZTs+RYgtwq}2vP@^3Al>0*Cb
z73qm*kh(jsYnswX!!^;q%S#IqjlW-K>`!!%%uXtHSxUI_Dv_Voq}$)`qzl2DU_<aM
z*XviRxQ@k%E#b+gC#le1hga^BQ5+vb1)AcuJ%$HtK?L&J+{`$uH8NGJhv{;T)Je*d
zku!k(3<5MVe61KD$1Q^dHrlq4<%a=DgfvM*XH=IdDKu*o7HmTB|63pYL;pw91_;F?
zsw1K$D3Q&KPMpk*N_5D~jif_G=E_(g{l)G@i0b_0MUf?%@z3#LBJ{x&%vt{aO88AW
ztrf>}DdaP&RwSy3X%ZJNl?eX}76Q3QXD>14A}Jmorq(m^QCoC5G+X?axIGvQ*$n&W
zkbYs`4w~vWL6!n<eqPBIYt#MCks+X@8E6`4I@aB<a=zAX^YJ<Fv}AxKh$qHWEISW-
z9bZX;Sg4|AMJ#V!U!n<BeVj5}0rt<lQ*Uo?5;<pao~IoGD_J#dLPx)Nbrl5^JOXw(
zPYZ8?*~L-Jap_QWAArZoFH<RlX1-WHfNk=0Nj-&qo`9ZuzQMgEeTp5jN&_+4pSI4j
zh@y{_z)BGK0XZccY#x<db#v=>E&RSPRWMRv-g$8g=hIzfEdAMFg80byddh~?;x*s;
zQ?H)vcsXH;YqjfaQtcz{<)USEaIj*M@UuiOZf&XUF8`cMtF6J^dJ?F4>*Km|r9PQb
zuUnog9CI!jGcU;4MWh)yy?mnF#4XZ<QWn$(R9pcSwy&pjaHjx9Wrhyy7ZA!YnD07D
zn91)V55j|SR502$F_2|*=7f%|6B<QZkB%m+t)*saP=sVEf3Y4h7IOOb2nb{wg5yyf
zK@<Kw`<5Wl!g|OF^20TjV$uhHy3azP|0QCNU7h{JEIdGnh^iBemHokWugO1r78_Z%
z)cc!~Y^n==gP(1SxX^YQpUP@$!M@?T*H^QOwOU>1>qWrc)aDf7RMk|*@%DuEDWiNM
z&F<;!a$gl2HwqtV0B0Z%<L@*6Z=qg&1(ZY?E=xkLjK5@&Zj1xlO^U^?u+aoYldph`
zrvQQ{(krwUT=Yv-g&k{fy!c0jdDp-g*-<C)z6qS$wdtg6wo7YFYfISP&})&&B5zZa
z4F?4`RjZ%Gf8MJLAu;#0=u_TjAxtNyg4iNhAh#-Px$}v~n}uR=cC}WnYL0f*^@1}I
zx}0ZSddntTk9h>;%*??*?_42K$*^MMY=G|_yFq@9#y%PfKs!GVd$Q(81DNoX#xSV0
zC*on{b9cX*>8s>VR&skRc&aHn;}Nt)Ea4JvvUI01PO`MK5UaIMbGmi@NkjQceeu%u
zIf7QSDITusDN#k2KI_D5M%{oeww%Rq*chh2J#wOI&3pe4CS)YNo0IsfEo@KY_x#=_
z72P%dYdj0Lkay?$ys}oi?RNT}rV*n2KRpm+O(_&zW<y<ZadKO19Lmv+`Lb_B@7m26
zBrc>6su!6XIZ<$xG0(0H^7?8#r3N~+qb_^I$^3IGsscKA<e?5(5W^|ybS>&5a)8Jf
zQAJuaX7WmH{U5|<(E`h#9l!n4%`8-bB-B4395icmY=T?^I+c+I*G@V1$d931#MskV
zc=D&2TRf>K#xXrSf8CD$WIG;>;okRfd(N;nrqPl;k$phy%tEeCo-7+t<)3&}<|$b~
zfjC=LVOaYP*$!f*6|!O7WzuLN*zf39A?#<&7HB=HCt2<!A+5>xPo;-CjI<NZz>6YN
zSxuedi9UPTuDv{hqfF|4zD6}YCC=t%HnqxSE^BufRddh7dxao6JTKO!I}v>(T|uO0
zI|iY=)@gQ+{oG26uq5TpfH-rj2b{=fm**7ZRNJV&mitz!V1|ig3m}@Y-j_v+*Kd?o
zlP+IKTq8CJbON%LN1c`4;?E*VfZZ)nJ_9TlY<G(YDk&}Gk;QrhL1IP|j6fvvf!X8Q
zc&bNX3n~dH;Ri9m5ZQqesu6o15xi<Wt+N*B6Z7yz5XwYYpo8@6IgA3-=ohhc+?u7;
zW@J3j8}aRy7d3%Q))DY}xjmY7xuFk+P8UkwPo>oE?l~ZkSmbyijgu`L_s^a6!NuYh
z*XCe$C+)b%%7u%3S@Lsh03yI_2D2yS*@i(D#FqJW2c2<1@SDpaGI+?_Pc?<14%CVj
zs1h5h5`RSydk7<T69VBqQZ=CZ2sen>_n7nZW^<k=lC^7*zR)f?+w{wS#5-M0amFV~
z=<bU<8^vB#uEtR~MJSc2i)scrD@2xry8Pi*2o=#Rtyz6*7Ra2V(2BXr%MZ}t_m6N`
zGSx(l@#gl4_tYwwf~9uog<39BBcMfOplG)6&l8?AlQ(IPh@Jq)A$w<b5{cOd8wa95
zVBnxZb6~;pK|krCH*3pUd&j-k5_w|+b-IM{2=&R)iBpO{6rT^{G3Y-c?j6dFCH|of
zIEk_sty*}?Wi!YXie58CAVPJ-{o&5J|4465J1Ce!eJ=+TEbRxfZx+kMT<@hdM-o>g
z`bdpJV&hu`OWh2Lr)qQ$YAdRZ0ZVlTRgHq@ZufsmP!nf&&8)kaB5&A5(8v4`!xAJb
zVk=gJ2e&auQWS<q(a2uG2Dgs@(GGY=bO>*fTd%SXGpA=6rHx|JSkJWP>TJu<?Un2v
zmq3E5T2jti8OnXt!{(JCA)2DYwngzl`7rA;!HYWEgDb3f-7dS}Cedua*-o<&BfDBI
zV%8QzAYzsXk0Tw)9T<-{U=bQOof9rM*-M%0%awtF{D~L?$J$uzdCnh@xl{|z6c}Q5
zt*|n&T&w-N>mAJ^u!eYY>Yvom=Inl$(D=HI1O5J8O(TgJ<}|u9SGCuUbPFmPesSFz
zt}tN+)x*t&?N#YKJn?co8SZEl)<*lUFxR3fxhSE$-!#A$+!xO)2AKh)6V=-zf@hpq
zffGo_i5nxsF_frJXk?3xo;)Yg7yEbPZFQnLBlxq9{4cB>Sp{_rwX%s<2GO);6(zGw
z_%jD&qiH2&^m2W2%sLWf1D2V#L3SbSD>wudk}A83hensC6;2GSsi}+UO|wa>#tK%X
z(p4akRfB27IAkhSw;y;lI&T|eVFZQal{4?6#p$0`B2YX-kfzL;NK0w?7Pl?ihJeYM
z5c2zVTZjh#NORL1f?A^33RT&d9-NqN)%shtp#B~3HO+wLekXC0&hv#S>5`hM>=H{R
zTc+)ta(y~*v7It@Vco`sv}UAHTtqUVUBtB1#FuNPfN9eC_vJ^O-sc`YvrHfE@h*$E
z;gw^S&lDVPA&H(Ytm}#%+PBio8}A0=#IN%Ja6D4p?xXl}2j%f4+mxEC%{H&{ZG%>$
z-n+xV+|(m4g=H^k&&3O3?-G_$yy6;eCjlwcP6FVE@p49*qA1U03E1oiH@ae<Y!N3i
zvnrc;Lldve!QS?-&9dCw24d6X9ujx$8`NnNNzsQCY#3!@nM|Vu=_MnFiUin@oY*R(
z`&H8TqM|p2QucPK;FRS!sRX!?9!OWXk3?xCvvdSF1V?^QPf7`TJk=#;On7_0`N)S>
zh@TMKP$L@hHe6Owt!+4Cq}9RutTBC<sV0*l`~6<KJi?RJgNe-wmBw9wwuGK>(>o5Y
zVjg|M$n$kAS|ATr<AMn3badraq`}$};GghtjTbue5<C7qnH-g26N`4)s%87MOW^8g
z>*8bCEe)7WIV^A4xsc^CKi$siJ<VjUl2Q&;k;L*fc1*y>hb~;)z&mhd*|p-6TdFAF
zOuymR9x<t`{+tHL#R%HBJeoA*__wrfJrX>rvdJeK9lK2`OVui33b-Q^Qx~aB?xhL}
z4|m~Jo_42^{*PFylU8S)`Y(Sfsl_S#7}MLUc22g{a)}hQ;ZY2-B0R<-={uP&cWL@`
zWbu@>wv~>Qm3C?gTz;Lc>N-AZcJab2Wj^na@)hwJNDcF{`iU9IsniTlCCvmUk7h!f
z5b>pWWcB>{3Tor}!!3tNcCePLS6uIm-a)kxqF!_j#L-^^Hw*d!!ct=zQz-8sG9H{G
zYI^MSn7&kpwfgPs3o#n$;t!!_N&y$=CsFq2w04!tfqpnm>1qSX^7eYwP3NgiQ!oF%
zPJPGf!$9XLtwtvNyW}ckCTB=i#nG5?Qlh(ec+NnZ&`YmTdMQ^_-<VVQ84zkz7~UFT
z-G$^S3L_=fP&}IClDpWHPRmJC?uLf<5ee<R@Qoj5QC_!;3{6xnEf!nDXYEh(`RCEo
zrIiyCWOC}l+GHB&9_+8X^;8pSjB9C04+QIxiaESsx?!q5P~8bf=o<~T=Qt(r78;r#
z!h=O!qsL*@L=EZSo)s0;U9pR&$}z}qlLmP_OJ)rT=YmONI+P_aHrJ7@uT$1JVe)&I
zBt%;#L;|NkPFhMkdwEN2Hk0VXHnrjC!WlKc3JA?VrMlC>@t{>vB3x?6sDjh?)gm0H
zW-7LlIApHarSTtcXeFdSL&)x>%mZzs#dSw_c<jM+sXtBbi;v37k775gG(?Up&#}4<
zu1EFY5uIJ?$|}=STmKqm-?rei@uY#@>77(RQF*K1e~^IeY>%-CW4ctzxRLG{V+cHq
zI1>DyPeS~8Jwmtr0P;$p0t6I(P=2j=s<!<AzbZt0tAIb0K$MiU_&UhQz-<7u=`)<l
z+uZ2@AFtiF+qa&(uQeq39v%vl>OQAS<%+^1{WIIV9CtJOLbaT`fFJfuXQHOcydo0j
z#yvp3p+`ME627lTmd=GvhgV=^C)fe4iOHiMLlXUGcJ_H#^J*R~(=WnQH9D}uG>{P`
zVigftsR7VZ&r*t4SBj){<eBzkWdrBt<Fj&0C0DtODl~FVBo<IQ#u8lxj0#aLXtM{<
z_xB#rmjC$#TVho_TLDYJNg7gw!V1iS<(u|2=dcu*ZU%dlm^Bf+ar^_dkD@-PtIXjR
zl0a8*S)d66DY60&h=7Ge!`KVjCR}Z<dM%D}6u)b48hUOv*155;Jf+WD+?KD%KDyc4
zE%CfSUAVl8WNUrQG2Y&8X||$}chUZXws(%N<mvWClZhs_?TPJ7G_h^lwr$&)Xky#8
zZQI5UZ|3(r?>*;v?>T?oPw(EfYE`YZs=r;ecXxI5T378IUD&n`j$=)pG`zTOa!7EZ
zm?xgmg}z;*^2y6-S7s+^s#YgQm{uiGS^8<orUOP|Vyr$QY!jRuVr-E;oT>d#*t%lA
zn7u#>N$gnTdZ^b9>T0+}VL;D<c07qVkT`?%o8!>S-^BdFfy8>TRI0%ZRh5cT&BuR4
zL|N9LUCl4=eSH*@DC<^7p7#vjY#A5q8NJz8t~fbXOB{^tQ7%wtsj3TY$qLw&IjDUH
z{XzT|kIS*y<ICAQq?^nupH~k%4lb%v*<5?W1omLthDNu>JZvZFbaK{w@x69O8jNYZ
z_j`N&{m<;5j2egBmSLfkDL!8u9u20da#K`h5_0=XBm}i1d!TDY<fhPW{GrOcB+)%B
z-HKh3TFIb6mB&%74QrFnaQ%g1Og|EPjH~^VO>3=ZO^xJ@I$)?<^*_>fOjHf@d(C^t
zuU{?U43nrIk;+2MGg;Ce&5gPYqLx7|xHzGx7T69ORI}=FsiGE2FmdW>&Oq#D1ir#q
zqeRc&Ere<ag@VPZ#%8(|QJS|T#Tr$!gKh$&dhIfkMTzEcqQNIFu`VuMZED&nG}4bF
zFd0j~>>f%RuI<)0!KXc-l<envn#5iZl;dV6+;R>knxG$Ot4$9~GyPF<HnN`bKeLUJ
zy}*pJK@;})1HBiIOX1J7J(-B)W@j<>_+2-QX073YGUB0^Q;Auuf3`9~qyD6tHultT
zG7sEv@<+8pBWHwAq?Po9nxi@Wk>P8oB&C<=kr4*@J8a~gR=ACjm=LOvX7u14j#Pp@
z(Q|U2B4Nl42l-~%Nt8+gTvf1*Hd^X~yr)Dy$TefazESV4kr}J@;`fTask9(O3w$uk
zq0fHe`ETXdC_T;0Tu}9}?OKs;r053O)MH&RUQWI>8`+2rE?@y+0ccXd-_KXg<{q4$
zl>OGG9fIpkC%m8`s4G%p#=g8{G;u|&85yn59^h+n?g614;h!&5*a#c*-wkPMiTC<#
zMA<0&!dZiAwE~}KK*%KMhpz2qpOZO9bTS4v>08cx=B(A~q#borWaDdKPCtiW<(ehq
zM6P(E)SaaBRScK%rsh>3E;1Y{RPp!$h$UBI<<y8=6WSZJC%tP%6%eMmds$nnVrIQ^
zgzmo6#2HdSzt;Yxu)2R8cnDq4ltV&ql;u`TL*1!S*BQ|9tCHHfhG7=K>0>gvjc;?P
z&rvc%%<LW7m^!-e1wWj>i(d^6T40A%ZH-D@{iOQIRkoxwq0xi7uEMfi=k*&<1(Lc+
z<tbe!e)IO_9fq;821aPX$udJgFYWijl2U{xNxLbd(<#PI<)cNj6mpl~seq!EC31mH
zbbP7~5mG?@X=`!o?}ZcDdJICv#?r0^Eh$r5r9E04QDI0CNB`edY`T5l$Rt`MCC%Li
z*;sN@fVrnqzt&3(eT9;E__jg9lV=1deN)c&!0G~v+VUrgqb6I=>kl+JBQ7uJsHA^(
zooqsxr1Gtb+weX9r03(vbxVEnzK?6Ek-NTp`x#Z0t0vgpux3U}&+7lMm**Ow;r5Gp
zlVB7(>d%B+yWH7*S?L>bvEvK$ZJlq6+I#6CpDo52g&SJ&YB4oXYGzrSyw1--)qK2Y
zS@;a%9b=Z!@>TKiIi11z9FwFKPpS)ygHEM6$NZ83Mr9itOVCz&OC*Dyyn|TjtV>Wt
z3osllMJ>}hct^l{u4#3zoKsDd=_eNHYFFcmgL#x{BW%2;v{3(#*m<FapkhvZC2}ji
z2TPPLX8d9m7BNyah7txft@ySAo8hm&(>^mXNN+DoBV(u>0^K$px`Um9c7JY)uLWn#
z+&fcgsUj8b)JB?k4mu1Ghx#3@A=f`OG7QY~aU-k1&LzB)8h9B92ASoL^d*g=Nh|A$
z(%x7n;MSN48cUp)bt=eG>u#2pT`euSS#z>5F{1Dvf6O$BfT5l%79aCnSpI$tPKHk`
zj{lj(YGy*~pM{0X$<t=+_4^j$muYdm=(y%`g8GwOgWU_!-hGYT%QCx{WhM`+bk0<j
zSZ9uKed_+}O3FKy<}(ZGwaEIft~k~ml{_tRq1suw=d<|p_;+irnxmz9P9($ty%=T4
z3k58YD0@y6F8N<mkiNJS(C8eQ=1>QP7zIC+`}<wFt%rorhAN(M!Z#2NuxT!rd){AZ
zFC|<HS3M9}_^aS^s!0q4_ELkFT23~urp8Au))*QM^qW&NHVur8rQuj4JSXl;fg1wM
zA#gYH-Ozvc;BjB-UkN<RxTDv|ZGx>uhczSJaykvXp`!kd(1bKi34h;mrcC9^ZASCC
zRHTnG-;?_BjA6(0LC22j(^q8s37g~30IvzvD9<w(12LH<OI?}dsiIa@t+UfQIybjE
zusN_Wm*1p>;pzg$kiG``Z9<NkS)^uq9Ahxg0t!0!Hlfy#acD@4(k8vZbz3F8woC*P
zOPy!#t!qx5{j?no<4tR#KMmg`LL$5@w2dX&#XNYr<N}gIDSJSP%dHVZFVlh1nq$ui
zE5>Q{g|Dcx%xi(u`49h){t{<n>U51$Lo{cJoulIY^|v=eE{S{Gx6G4{%sv%|5p5ld
z7wP$Ed6Ja4m$$uxgrfBQD_hGsigPcAl>}%Vt;c!fD!Yq)rdwLgU|d<wQLY1~5Z<@z
zYlslu+#5|dP+t6J;XS3##M$s>c^5f*lgd%8H11`NS+^AL)~(_J`yfFv6Z$kQD}v>R
zB0H@h2U-H2IS!WOvf6XsKb|J2wgoqyk8cToY*TJ8-wOFRL^&najxPuJweGfHPqUW_
zXplCPasf6%E_B$N?`O}}f(x|KSC1#kEzbS1ElN>QKiOiukG?#$OrCw}PkAGkWvdM&
zP4FxhiG1Ema;Q98*$)u7b-nd*d9)@6n-sqA2tb9$LvAy1&K$)<tDPqsLNj1n`c`B`
zvG)8n(J)n))Uu~{Cr;VNI@%r26PA}FF2Nuy87?Maj1P~*BO)$2W-=vV5q#rL`oI!{
zO^h$6`bAk-)Ke^EgZVS}HUnue3)eyIKCc8kF<7_RbQiHu?;6QLkPM^lwGsc;b82wV
zt_qfBe1h~YDtHq&L*|-AqRaz|ND9mh5bW72!%x^Qi<P$rb7M_Q%d-)irEd5`qJsHe
z9G7g~6&xJ=NJqi3%(kwG)lKk2N~qFIpu<4^c79xp1AccUIjvJIEoP@^PipvdVi$R2
zgMwWs&ps<YUORiZj_*6PVnkj^CdM~qaIQogwMb{RNOLu;!a8P!xI#S0YZa3Lbf(z5
zTA-{HQes!kO%K1{XKIE$rF!{FYfsgUVRfqc)eEH*C&A_x+)%DU#vh7Gk;^?gB*=AM
zv`VPNSkGmD{JO+3B|-3&n^vrURMMdd2D=fhVIzA<5?prqU$`_}x|d+ra-3p*gPkEl
z6nyTfZBh&Dw2GIzLB)*oQlVKy3|kqZ^r))AyA^xBJ9%xx3h`#uf62VR&tNh^;dK`|
zNy1f*#H^``sCj+u6XD5B_<0_V$?@cT7EFbH*-H7Wchva~uJWhA6;|6~Fri8FX9Yo5
z0ey2*bLrPg`2hZy6${DoQ(z>8&D)>oXlVJaj<Vt`&^&}91Y~Wh)(n_I&(F(H`o|fv
zIo)bAnV=m5l?)4&B{5n`Il2v5W`S8@zF9QR=aLBLJo(xMae{Hy8SJX*-y_IMU;dQD
zV#pE3fn5nLf=j(AQs-lg)e0HEu7M*Hb0*sG>L}(H*ar!W=E54$6{H5kn|(xcZJS1I
z+wbghLF;HJ=xl{vB@~@?WN&({MO|Y=DVy}Qt@{o%C$wADNLGGbU!|eh0C84;!|Q(k
z9SyPdqeZfn-7Z~}y~hdxC&?f2Y{4q}7<KUgw?!hW=`O`?Q(6L29N`)%CraUB=qVl9
zR{K^2%&%OWTJ~n?gZtxEg@K?WS-&Xe`SJ84c#yKgc<4TnYuxu(4cUD{D`1oZ-1SAR
z2K`E-f#suuU|3Q#?X&{5tQ@+bb{ugxgn6_2HmA&)W!38@079|ic!j;gq)P_QHl+6n
zHa$HdW95ueUW`UiB)t&2eKxl*s`?m)YNhzB)J<Q$?+52ZVqb{6!~QR|2)ye|e<j?~
zIRLemN2lUaQq}B9ZJ<0q(hGEh|L?n*yAht=ILSnQ&fiG0AWp;yH_Xy8pwW1H3FFK%
z+21p>`<Mw`+Y-&IQ&QvbqlD)WVh&HO+$BX}TEZmBxNqv#b36orlCbEjSWpywNjT#A
zTj}3o%&XIT_+$11=?~8iYH92TJesir96xTp>CACQNER{!O@++z3F0&N5@{|9{P<?V
zXr-ibSc@c{ho4Tf8iLqcOra}p#8TBJuq3o3qf&-lG=~}bqd!hHm#UIzDUZ;VlEIdU
zG<bUtQYWbO7KaE2Udle7eh`O{JHs=a6M$#=@-5w>8k2s<;JFNt@jTMry_MgDU$i2^
z!aPw1UR{?rG2gU@RZwwwOsH@4xFhBPKb*DI_sf<==dLZ3cbh5QC64ihE{@vFjC>K&
zq-083hAbC#w*DmfB-)N)PrnF2W+Z7zr|#)VKXU}r%IHwR?-5S5gna!6oN9L!qHMRd
z5av3%Cb~MtHtHra+TnG#wj*t`{Jg$i(nimdRlJ(~UW!0F(f5da8}u$56jxvpwN-Mf
zwzs#R9g>GiHTn25CDxRne{rgtK?3N`Y}977Di>fORmh&>1v<6&i)E+wP5wD{GC>+s
zj-0*QIdz*ntTcijrvTC_F2I}As%~w7Q!O?pm}r~#n)mk`gIHz!mY;kO+xDX@t0gaG
zm5(>YCB5aU5~@lRe)c&$i4%=?duKZ*Aw_fs`g>VD#dDN!3$#Tpv~@cKd`b>s%xZ%C
zY3ZqPL5KnuJFYNbBXzl%u~phVK7z2!_mE%FH&~QZIG+~5<{ESrbM{+6t$9U*+Ftoy
ztz;&T6_CW}jRypo14a{e@e(QfZ1XuN^5}^0pEp@#1Tsy<f<smc={S4F5WF6n493}y
z*+fJ(is(^v!m?xlw8Pzt%Er69)D@43aS^zDFpB1#crZ&<?$b`iSmoxl_Nl{0HSm-D
zN}r|~1MO4otMHV#l+-LoL?K2|O?T^h{M#v#+bqYXwZr4(Y?+D)=UfT>++L|8s`$w7
zlwKe^-!OcuwvmYya4hyGzC0$AISrW16;Y8Q#kqq0If|hOe+uRhIBo+5^RQphpS1=y
z3UiydUF{4OqxG*>Ijlx#F)|~1md}USmWdfMG&-I3E48Rqa)}<vo_$HRYsj}JLg?hA
z_!w&EEU6OgbjMi2zr8?V(0A#FUf>q?scwXv!MhYcZh8tiRh|h_WRB**6peq=BC1RD
zdsFDv>X=nMNZsBvLyN3mHbX%mMIAt*0pnOEKrcb11Lxo9i9uq%%F<jh-p<$Qhm}{u
z#3L00w$=E;O<q;n<92bTtfRJ1)TE7hT+!^dOZu|=1s0&=kyoGhcoGJNor$6l(btDJ
zv03sB=apGx&GZN3yoqYgl?}*P#D(KntqM9rZ~O`*)<g4(NytP>-q}4Jxp{L25#}ev
zoSaGptJkb0T8Uqi-nu~`aH4j$u+Gk&EPr%Sj2+`=F*-3fr3kf-WK0}<-MseVzS8V6
zc36yON*ZmYT!AM(=@p^4Fg>GcX3|ZPCwj!LC|lb?EtfW7*9hC7$r;c0@fg+<My>u3
zuyP8K-Jmhlu9n*nlP|#yyDFX+hJFKgiW)AqdR)n36}Hj{Ts0q;&u^6a=MzOnIpb_q
zua(^OXONYm#|pmxQwG$eD3`^aEl2<W5MMu(arT#ZwvOU}N9E;3RvFRoUERWMard^)
zr&qS=bd#>EMb~V;_?@&gmjUgs=~2ta9%xydwU7EjkpfTMr_8^7TmiC@nWY=AgKSPo
zGdiUr4O*-M`hy&^z71Hwkl%IZiT7Y5Gc{Sl*lVOAXV3}5gkjBrDTB9&vjzXfO@loE
zX?j6kyOe8UZBy&~!U*3O-=b^eHKv*CBB6s%YR(rU`VPKZIq)r$XU*Vgxy6%HkB_~<
z;h`I&bG^s?L9!Wxz$WB@SQ~C*%|P;D`T#81x(Z&csl{4<Bu|_+&Em7_R-;xpy8ZA}
z8#iGQ;6Js_@iuar>0?;KuqsMSpu*+Ywm(8vxNq(dQ(!T^L>@I0^L?`<2Zh;K)<es@
zHhKTB8Dg1x`B3ck{$YK4<;v{lnA?x97bu1{%D4k=dc|`kEgMC|Ih>p+g{|7Bd$b!4
zdB|Tc0FnY|Qo11^%OVf_XVGDN!n~vVs@Y@2q1aR%tFrSCFU#ZV!k^`8To%IP?N;mU
zZ9`F*Jf%;Qniesr3sqOmM#r#E@x9r53jThApR4m_tq(YgtW7Q{(Ho-*OZ^ZgF?gIk
zMK0^&fIFHa@`Ru%S=Lk9fz8sYB?m~z&JQ!QR=!WcZ^)-r`B)Dfh9D?XP==&rq*$6O
zqlu=LAdxQ7>DFM6qCYV|c=4cJEX*Pe?d80C&I!Hn=<14SjuW`La}Y8TW7+GUOEczL
z`0ZU(av##yDt}NA_f=&lXCdFdCO5ARy&!X%7^bwY!<E71c$xAJ4g4wCgkl1uQISdL
zk#Ww8iDQq);+Z($U`CV8a+!(w_}MD^vvZ|>i{49O+PwdP(b3H>(J&qDN;T9rBG2JL
z%!6&cyZGHJT?S$6moDt)?(PV2ui1ekTWK7n6<G$?NaFtFVJ$$uGO=p3g>^`jX?E`7
z;=;3&aHB6F@WZ*XnHP8`RBW=*&<LBF0Z*GPT3ke~G5Y0axG(bon~*fWNc5IqG_y!V
zw+@~eSxkG|@qtxeFx+vg-N)Y9D{OI_^;vAEmIc(Uep?fj)KjwJpmv6rQOMfM1HMFf
z5l@q$_!h<XLd-F%`(?QtstY(ElEGE5*hA>`KAP4bo}!|PyWzN0Fn=pqQ(<~9n1?xh
z7;J>8SI&^ndOwBQJ%2`;`W=k+4=)fDF7KaJ>~G<{#~0h_Ef+I(60|03>fCw?eY<Bx
zk{H@dMsK#XuDjekFHUut{xOywA1$~V+HdIhwf+*MQ;<5j7^)FRVl~e67ux6yfS0p-
zcdElz5R#{+k75!TAYzH!CDr33XXtoz@o2d)baCfp5Q=3?NxL=yq2(RQvfiK)1AI5<
z4f4-krrsmY9n?);9(JB==#8U+&f6jr-gyFeNVXk^=B+hsb@l1NWTt)0TP(z{Xi>da
zgmYNB8X%Wpl;II_63}o&(bNP}h;f@n;8(C^CuexqSetq8*N;}Un48%h>ubqVV#Fwj
z@5LPp6jF0dTaB54h0_v(`;@eIk0ya5@{h{1oAwnnT?_X9+ybmUYtrWxMl>Oaav>9)
zHF*crk?tJh7A}U`(pK8xxM*;GxRd-|q-^D0vu|km1IK(n=oYM9hS;C?!86-<s4jnH
zP=K4;6r5@eQAZ<ht0)BuND1lEr-$2qTp~oV(ChH>`k;FOeSk9MS*h0Jf=uyy6mdg`
zM5;KOyS!FV_k0EWv0>S~mpNdX6gcapFMG&=r#g`qADzpN(HvVbssHnAp9f(a9|Fa1
zVDMheK6L;9O(D>Y7@3C4eN)Ul3F0V+W#<{U>E^J27S#7Yf^G4>V*tiJE|^#InlBiS
zkODJ?h;NceBg#_aOPkP{EPiMK?IebBR8EmRzX;}U!sc?4F072->joZ>Yc+Kavgy21
zH*VN`lRZ4lg6a|^&N$E=fu^<>bPe{?_<nTgWs5k*N}sGJGJk)(Pbu)b%hDWcj40uC
z%`$=pF)FG_O1UFW;*ZO%X->G<c4qV7_(TWJ9#j)Pf|UDd$don5;MUY-VYpBa8_c%*
z+IQ+ciN#~Mfa>IO;UeaKVCilGu#0a$LbCcO>ft1yiXH0q9lG8kCzf3=Gd;cEy_lA0
za=4fvV}@e($ge>GdT#aH%Gp$rNnLSEBiIL3)#y)s9d<YxYQFEPv^f06iIizlfvV--
z%3pa|>>PofJurYCq6Of{jenVT@KWr5k3E>^+NK61M8Pkk?IxlRlRH%Ae7tJZFCgj$
zQ1)Ee=6@TB#DU`vbxNz=o@LvHv#1E+P*FV7)h-#Hp;&dP!9&pR1a^X5mO}py@jQBn
z@`krKkx^q3<23auQX{=d978%-=n9PY`j)uzz$NT8^PIe{vnfyrc5EK7IVa0D5`;rR
zfj7D9;!2Gc(>G-jIt<)V<-{4pE`C<fN5+Z4pWD!?4nYitC&iNh*NAk0OUn}*FQ@r!
z`^<E&M^Lx~xuwY#9$*28LFPL5;2qjPo6JITH=cNF<Jq+Kc$y1XuHFZZpW*jDdZu&A
zxOUWZTgpU7lPt-w9eUJ@qMJ0o?rT2NUB~R@uZC0+H}<eB|3Q|THLTCdx=ppzs;S%w
zoKks{<-g;iYW2>{s4Yplk~>osh!r}#oLFX#LJ6*Lij(owRr^q(B$30K;1gW9)0EXi
z3%CXllV*_HxVug6acDjpwX6aTJ{)f06C*nOA}G#T(-lWVZMw+?r--v}WuFsYv%znG
zXmF+(5@0V5QxmW2r&>rSr1oRC-`@*j?~pn;jP1u%JUgzLZhr%r+ToAjTS(Wg)Fwp!
zAdL>$ot&JMamp|lK-r)21ytH)-}X7GM1(B3CHH=YlhJPk;R`{z{P4)D6hhocRJm_O
z@kl>4@HazKdX?;8@w_Tmr}n-@EQWp@Bai-|&DsA`;d4^yfo5aZ^*Ly8r##^nL~>l3
z-TXcf1JComCb)sZ(Z2VTfUj?TQ1C!})mr8}Uyg45ZaXO<v&G@&jyaa_$;Jy&zZ?)R
z>oKy8VqgH`Z73ZmRvw^aiX&4v?iCKTW}d-{Z9Mx+^0-8wDLWSlx9tEdC=m!@`2h$9
zFB2xRy<^BTvgRy~E_y^aDMpXj*<YL237L(M-`jGtta(abPl%IM8^hz{Y>%Dan_rt0
zK7lKNU@89wtOZe+146hZwF?9@4!K(R%C?z0Gi)@$wg;TJ17`6@M(uTiEIG)BZA=KA
z?is$GWwMWTGTW|ov&Xk3T=KndZup_^Y_}qU$sWTU*Y54vn|R+XePVOqhLKbah`u@2
z;>8|(6H1;{Hq8AgtSi)#5XFtbx{U%D9)oYgAKDaJ9~7}Y@|zH&tc;ZbtO2W3##*AN
zNcvLx(m>TGme*+83aM9_+6#h`=?J-XC!1D)r65BB-<sXwwA(+`-%#nWv79g8rFm*^
zPHxnF4~dTHFy8;2;@<ImjRcqgnfCBoPw|9i9_M=pQqh-J=m=xbwvi;7LC&C&i0Qse
zv;<;8wQX^{ab)*{MwwJO^PX$I1f?*3{>H3KFARc#wf(DSKT`Rk14BR6XZ&a9F)ZNT
zg~qhbY7Snev+*_#q71Dv%VllTYSD#f+3jN{&9&~RJI`mVYtb^j^>O7jM~mBLHWbpu
zy4`MX7So2L8)k6K%Z<**3si4BFBB;gZ5~a}J0GZJ)tv`R52HJgk#g`2tT)o7oTu6F
zU4xEB)sk$ZcWEgK06sKa<o&McZQWOqq2qD?V0pQY1i(64F)%TFslq`Ys~eF+>*)Hf
zC%y=E)S~kVsy94yJ^#KQUmZkEJm&K$VA>T(G(Mb6{5IiBZ=D!v@AnImEQVz!J;{_0
zn9gr^bkrQ(F_*8sZ-1sxA=EB2yl6I$t6W^7WUq=Lm_IUvKk`*RG%PAOl|rQExo7iQ
zEtB%o_NCr4JmY#0dhRU8WA)a%4;jAWW1EUZj_oj`Fb7u^1&@65VXPB+>!R;P#b$%E
z)O+-LHAE-#xo2GkeL<!*V?d33)aeZ;)-61fvJ(_JmP2g-J;$G}3vjGxiB20qXF0=n
z#nOtQ!)~?X@3iSn%xh*h@p)?s-CL4l@DpfU;nt$b&cL$DI`ipvRH$s<jB2jtZoOh+
zsH=bE*5MYbMcP_sw<a*5sk7b@HL@P)d|=KJzc-XqLc072Mij+0Kd!rUWgKzcmum6k
zp?}zB@aCH48}0XpVpPO@9&$xo$N562krO9A!chkSbHl#=tmmv>&l?>(TCO`hnLm7_
z*!Zs_rXg)}4mGqOy)xpU0eS;AJFuKpu;O`RR}eJk4P<_&1)%cLZyI)BjK7W;nsH=F
zwT*Zi-X3ite0QMkB8tl)n1k0qfHnK?XAys;!Qkx)bKi_-FR0R)j0IeeC%ABbR^eKp
zjp@7(FO4@lC=AQm3u;gPY%TYIcT;&DLNwS)7V+!fTDS$_jl-8A9yzP{J`e_k)v@F@
zk(sp>J{Ak{8i(j2=zKnRj)$E<^l_<cSSU7C_+v=^o6wu!Q8*nd?o0j6mV{<TXI#cU
zO*526=XS-~CD-HPCf$`P2b4~j(6~WZmItW#1*rH*9PU9Sdbx5Dq7&n;_OKt!G!wY{
zG$O$$jyWRH1_(11E|N&`cSGK4MEKr-8`#^Qw;!Yq-o1I2M;80}w=uVv0Cv|0{3{O#
z-clpGH_)Hy(|jX9FHzK-`G_{bv=h@tE&Iui?~XY7ZPJEqm%h<+Cy~9%7@$RP;AH{1
zA>u<art&KV<)I*>Mr`NsfD(X}JXU84HmY}cTSAqaz{eA}TRLm-lP(OnA|<9PMgSxy
z;t58iXgBWCtcDj>F8R+S$<>T-&r-hqI*VJPrPJ7_-YVNa*DVty!R<6YAF8R+@a`ox
zfaopI^@rTb_>r@RRD@gCH#j|}OW4%2frGP&muB|K)})7h5n2R3+FtY4Uj=a)PU@<$
zXnOXR%y$tbISnTpIR{e*D%~kDTyDdFp12JiJb>wgApLkzC1!v`4H$;D_g+~O?wZ4~
z;Lz4r%s`|w418a3a6uW4>-OK*e%p+)Qa#1_rD1*~a-}6R1oN#>plY^(&#e_ZF-<l{
zwN3WX*O=Sy1mn(Bz9;MUi!!2&XK^z>bOpxI0;*yEl;u+giKUcD27&P*YG|EPL9INY
zG7xXL=Z@cAhoMq6H=|M=CPd#IvCTE;8jY!4QkZT8*OCSd^b#kG^k_5+1Sp%T!;2Tl
zDK^waIys+qP&r4iPW~jFYOa`6;xfH$&}#>SPs)+>q-6)_Rqhc}W;IsdxFnX7O?La$
z`%la31IL!LIk@-OLS~6;1j#cc`sto2{dh}8w%`1<)@bKPT#FoHGW>MI;>au9Xg&)d
zyZ`Zf-pQZf))kvxXsAEO2Gyr9#PcE=Nwx->tNGGX%AsX7ICc!7T9Yw#+oc>l))u4M
zu-4Z9H`{E4(EVujfbwH4*!2Llvi0nDJsc!^?EQy?g9a*@z3k>Gcth5Xm=-rEm=D@Z
zJX15|X>*dfvRFgkV4;L)1bVTKMXU#$SSs&|PzLU~4;)8AZ#fllUIGbXUMQdXT?twv
z(v})GhVc_6#=tz(g<>>sBn{%DN)gAXa*+DdsCM6NTwtEJVMrh3sDldKkw)2wm9MZ^
z%4_3I!!{#bW9a)Xwj66LRPZ)y)n{2OXIrZi4G9?sR?Qiah?kT$>VSt%T$4_3pC=be
z^Y}e_8RBlkSJ=D>G=ss^{MNldzr?Dbt5ht0aLDPDHW=?|L<*0Vc_$!HDR5-}BI_Zq
z=uff`URQUr$+)imm{9{jI?Gsc*N7Iy6US{__+lBRih(TM$Yk1t@aD0tFL!H2ICrI8
zTE%=dB9UriF%%l2q!T|jY5IJYTo6++tZ4tJ>sO$#15A&my_GhZ4-y%j$e*`W&0p3%
zZfgDjKNon;%?S51PI+%v_}Z5gi`Mp&ke@l8*!iB=%?Bps6IAzt_^kP{q(eriZ`D1R
zF*?OF&Uf2T)eex^CvuK7^;<tf4n=P*TAeveaKYh6dhP7*LsYG`?5rT(wzwQXt5mg?
z<tn6bdrTTMO>C?l70NknjDZ&vIknyeA7LLK-}>qQOhu1>1Bdu10ER|crcev*O(mj9
z_rpvDNqmfjuugcryD?O8z+7oSP*;PrXN%0090fP5VTa)?TmCMU3Z$c`2Q7pqVNQ=N
zDv2&mFy2S&`Mz;d!45ZM1EzDZrGvZg91JmrziVj?rX|w--9}H_CfaaE7x<Us_Y=1~
zVnr@6A#Z_luWiiXI^qJ(E@t>$w3gG~>w8w7KP#2$_^gRhHWYFf?2VTaPAXpdby32!
zmr>GKA1dnI6yyw}lEwmDMnSfQvg}BU?@2iDuMV>l4Q!FWf@445ki0H|aL4-rwO>CY
zaKcHMUC5rZH*2szd+>OAaCv4J=OUmqWoIj((qCk>AX<6ry|QvzVijIYfQjYWqMQs@
z4jtctSN;@3hXdA{tUlVg_QWkOcRDVAu_S&Eth;_A_Q)Otg!x@Y*rJ}hp{YoUuhjKt
zhuGhcNU_6CWi309(<Y%n>+t)utvFmI&lSW{_Ytiu+^RlrMC5Oog7lJPaYqO_26xzC
zZ{fk&R1s%vU#yIESOFsMLA=9{MJ}uqJw4RNAoU3(YKE0G4=<>@)Bm|A78dFXY4nts
z9Ts+73+w1$e%UBFfT19(>S=ctIb6Vc7ycneLp;4+Y!7oCn=JS2{l@K`O|{n;w+675
zrM*TEv~K+%>MZ6a;VF1JX*zDgu!rHr@@8Jd++y0$Up3RV*0xS7M>!kjrE5febc>Fj
zR6Ht41*=58bjzM8f7^K{vd+J{d473z?;<7qsi&~}MnX;%^Km3@f7PY52^0G{5$`3&
z5m$T7tNsX<;6L@&^tE-V$+yfumcV|}d~I7P3MECew{w)UF9iz)8!!iOKj8n+h<ng%
zWP97ZoZQc0f?+Nhac9}_?0Fh<BqF9k)XCE+nAaK`T})2;+EXPCIoM8ak0lP-OCK5^
zY^J{IUy{3>xGlKB?^}(&wq&(wbve5<ttG)*-+h{2o$BrV$h&@i)X(W@B<e;B?4poo
zpRsFdM3q=3iZ>D@38jD$6z6E->cn=labe*)Gr&G3Dn&sNl@$#AMu8L__!XU3=2wtl
z3<50dZc&k_-|fWON*hZjNhlN{^J<#SX1m*!hmCi=hSk%-<?9ArYZqWlk@iF9L+Kz2
zBJmmcVEF4o^-xE|4gMhbv&LuabM$labLJEGAlk>o%KKt`74RwF(^k3VYW4<U`ucQ%
zG_`$ZyRid)y#}|p76glHz33>t^ZJ_JSH}XtS;N~y(=c{`o2nyytn7<m+Ny@f)z&}4
z&VBE5oeS6s8g%M?-Zdz~X8S%B|Aw~15x+&YPV`2z<E9FQ&CAZ+m)sr!$L8DRvTSg+
zX#&S)!CADtw>bqjwYcwaZW^hv4T$KwJEypk2|@30NjJgK)~}lK5`4~8r-s+acJM*a
zE*?ptww^%Zv2trv{>}^aCVED_Gi3fUhGG+@Vtz|*dP%lJUJ+dfaFjY)!Qzp4p+oYH
zzU~~Tz&cW%_z;ll+<xBLKl@lE+fwk8uHEmx-ViJbLlY*o3%L?R+){b>8+q;=FW`yS
zI|`rA4FyxdL|->W9L=2$;pW&jCa?&8;T%z*f{WLq)F-W*bhRyGtfhN(BVlgE#JPpe
z`g*dir)%2p62vMmb8h68E-W7WMi3?yq9bL`g90|i1UW=tFtAR-JuQ#1a+o_hD~e)8
zyBk}iuE*>fE=a|gE&fw+uv@c=U^foR(9%keU@xq)+wWnT2UEK=fgWBmW367-dTp`<
zr#LkRoDyR`HELUNfIl&0cqi2hNd!zs>8Kg!vD+vQ4*JPJ;xsq>Rda0I6m|I_oxOT)
zsIid(qzp<s5@&T_0ZO~i5Je>HdyI)pVoCgJa6&ig>3TuSPHw%PdX``0>>lQTbQpAz
zH99DGT#nx<h3zFwq*zny#*FDarZV76SH)2(j?9Z@mVc(<qmI@iiBxhg8Hrk-fol4!
zM&CG2?8WD(%9ZTvmLh<4Fs0L%`kv>S=b`hybMUUkW$iU^!w}~wWomJmY#L92+E=@m
zksBg)Y=u@$q697W$L~}p`dW}z#8t217fauoNOz=)z(>SWgmjf+bR>9SSRr>b%vwx+
zPti9x!aDDZVW8QQ$d~!4o|0L(X}FmtJQTo{WLk@pf7rolNMUGuN`6{IY#nrUtzWH(
zT}q^IB4U}9=+}y<$mYW8(jOo=_7*d;i<L+&(unA$4x`GLc4=wiYokcv(!YMi4za!v
zo)q@C5{R|*;xI<l*jsOxi!PxXa*;0nGR4HIt8?$qA9WQ(Tv0=<vKJO!StKWc*uz-$
zv3QU_4M|1*z4ga4sjcvS4eu3T0UEAsB<KbuD>Jn+EM(pQBA77u0abLkIT`l7Lf{ie
zy$#uemTs;*1?R)entbtB?R<#joHt9oeb2L}RK)LF@AxHWEBIy6QB@c~nRI1?&LEZm
zW8N?_r`OY($L?}vd_8Sg*;ui7W`2tNM3_}WdJ=9K=1f?}6CTY~;&R1!zq^w_;#lnl
zZ?a7cqgLgGuYLAz<QjY$ViH`%z|H%Tor@59^Y8V03N8w2lvw2(lXCAVC{9$RPx4lm
zgBlN2yf(9wN-Lf@O^eRi_IXd>hr4OC;qZy3jvSZYxrl0#b>|)?0G*w&^9heP&t~@!
ztp=NNJ(MS0?GbU$nO)qUk!zk!({dR)v$xd~bkN8$DVtzbQ8GOLvwK4}0(t@)eREhS
z4FY-%0tR||dMyG1CJh267RE1vfkA_SnT7f9{x`?+#b^B|_c#5^;m{ypWn%sB`xlpy
z`5*3IiuFIrzc@^PIqZLBnb^N54t4@IHioYp^Oq$SHkPj(%ir9W24+TvFS{&Xb(jcP
zSlGU}EMF~TWB-TxYvCU)tbeu8GZ3&ce$`_9tBH;AOA`m{-y`^k%gV$=z{vLZXxP45
z`$Z9OurYnL_-m(U`&;9yg#GKtm>JprY9L_ZVE(6+h2yUb$3NQs!GisZWMt*gBKQwi
zo$UVw;9raM|FQiWyMK894Y{xU|ApGWIseK3PhDTf`?uD=5c{J3jn)_Se<Ah7q5q51
zKk1jmKXU)6>%VgU4ZE-U{{wFSX!##d`{MsajQ;<{>t8y*Q2R&XzbyR!NByg}{?o7j
z>B6iWU#9=vnVFdX_jWL||L<*LrvFblHnzVGK-n0X3D}wbO0ly1OO}QCFaPiP`ad|c
zef22zuTnO4Mglg5f7N398ZG~#{_~ramHq2XauBev|0`wvJE|D}T4rNlB=|pV|C=(<
zvwRJaFDC2P3H>YbcW37K>Z)JEf|-T&UuFMp6f4Wu0QfIF*!~**2M=y;y8qpGDFY)b
z13jIjk+q4VDZ|$Q`GWQT<Ga*VaiQUQ^@zpc(Csiul2L3@()d;%iOdFx&z=Ah;TuWd
zZ%l&NSfCx!xR6@}WWsOY4X7vzG^icw)K3;%!1%zxC7&G~<`Ln~<`v3cbNS&5RC!&o
zOfDBp2?!OBFIyj5E}sw{wK^7Ei|QU14U3yhz~6w-B-v$8jYFW8I-UB~fC@lzX{^fB
zxo}ZGZykIC*AO1<*B;K=mo~jKAPK60eVu4eG+R&ijPO}Onl*p|p(RwTHRC<jf^xnY
z>V0M!;6`Yyecp-<NN1k?iY&zaUcI2PIn?q^72dI2y(#wsHf=En*!E*=bit~k3;&KE
zyt}*vC>UO)!TK1*<V0DIYq6)z{HAqrhL<KAzB+Pp#ntMpbRc=EN(X|z3!__ezQz5b
z^%$Hz-~z?R<|ut2O9}St!A1+DZ;IdSD4TWm{Nsxkbj2PoNDQ9o^U3In&h(p-#05F}
z74Eu$w_q2<Yj`&w^)`EloE4vNlHRM+p-6q2Fz6*t(Dhj^s48r?FX-2M+O%3!n$rZ-
zO%WX6+{XY908u6*adO@34$Rn@AHyj}@)3LR8oYoa@D(=>@r)mnu}6n*PDEzxpWq#i
zj<~mR=zVXi4b~6lLKIam98%3+5tf*5;ao5f+g#v}EX|K?kGOaW;8&g+8M08;>335-
z@;iiIA$KAST7m)Jmbn!V6Se~{FUPFjGHeCdgZ9XJAU}?(&0QxGmov9Wucd5Rwjdx{
zhJHidwRrwyuBkwnUxn-A-=F!&?NsF{?gECBXZJ~1{3O8b^A6j~@eexhL+EdWu<e=+
zKB8;U{P<+Co#MkEto*d*eonFV(T=&eNU|l>gjDJM&%_0?w*z6m%l9Vfv+fGXlhoA}
zp1a=*vJ4<X&l_Y1#$C|xj)AAo8-gA3Vn4P+s7KD-&kM(UxD_m|-Oo6oV!n5%53`;1
zM9YKC-FJ87`@F@!^kv{}3qh6YZH<>P+YQV6whKDtbLbng&!FQs2?-L+e4xImia<Tx
zXC>z!2rtc}I+YT{*a`+}K#X++5CrH1iSV+Dn(|Px-YptR5Bn4f7QdZ2`Ly24gIA&)
zDm(vBz|eo<|1sT)>6AC>${kZ6|D01}XAd`Hb*(7~aU2e)p+_v${kp@4NrhGELsA7_
z>JwguhuA5yy(dDC`sRfh{ZKydE*;{2z5<0?Z7(PjDxB~0#+B1}T!b<8&GUWX^=m5h
zk(nEed?jU>X|&)vb8v;pM6xPPo%K(BL34360WUKr9UD6(ITsZZ@wUv9+d=(2ii~|c
z7emj1<FZx!f<7xIY@RmxHO?5qFe##ok%CV=?ePu3bEn<)C!p-%dj{cq8{N0ZD#u$-
zE7{Sd(-NJsBG@Gp;cm>d^Q!VZ<fp#<C!+081QXC>%6<kAm2mh{Yn{s~Z8Wh`OB=Hu
zL?!PL?6fz#AJO5gE?qOSCsmr3!(U#A0uUpFsr9xdy&2uU%|MOspVqv?98b8lAbQaE
z8Y<2;bLX9#_xN`~ne?I!9VGi5kE{u^0>fcba_EyHAyN`^T4`O?hR$O7X>ES2Cv-Hy
zidGksnwmc~HBE|4HV{R>cN;6ZFw65O&n?gHMA@>pB)cN)R$N{`zEE(La;eilsO%Km
z1QN67)|!P}6_D!>wR7r23;)rLp~#qYU*0r-Vx+5he7w9Cew;GLS~<-(W5;nO?(JCc
z&O{(D)8>H`vkSSkH((yXoZhU>tZZpd+Ex2{#NB356MSZc1*g7r3b&rR_*t%EW8>7;
z)!NbEC2#pS8ai8SG|k>5MvS1Qf*KvLi(4Hur><Vw+lf(Uft^lCq5rW+DPy@7LP%rx
z{aa}WRtHJ|Rwlu&)t&I~+>scqG1J;+827bN=AD}$$mr58ZpvO0QE!_o69ht<4+ng2
z)LE>M@0hbDd=Uxn2^#Jm<gXnG9vbc%5P2IBZ`vbUYdRWhYib+*Ws7V(#eT;#TG_+<
zYrTjig#nR5n+lMr>(h!mH!Hor7G82Ge~aeoVzSuBLO-h@PsNT+FYn(G<sUK!{TwbL
zQ@8H7r!Mjj^w$XXz%ju-nAxq>dsG~Z;K5It)B=H`?iDZaP*y0v3=+!z^*hkN8K0*9
zU|%-E0?z6L&m0qPb9YDyZy_;-DsKwsqfQ($`ZT%*G5*>m9erq(IC_+9u`keobg*wW
zo-mZ$%aep5^x#~V&bl|^BNQd_T8jMVUZ3_zFqZG-rlrqCd5hHM>82h<DF1GvJO`iL
zQ<L-kU<?xKOVwkTZ&jmRbFbnqLlzd!ENzYZMC@*_x!2tAPT%{vtb{qX+^F1?<mppF
zR^1C~t;6H`A7Z5R@T@4Q5R6{MMoFkAi0X=yP;|bT-!MV)1Qo7kL6h^os2z)24uZhP
zi|QP(zZcfPznjv(BSiA80U-y7)dVp%1fejWT7hVm3t^s45K7_)I9brs+=Gy+FkFXg
zBcdW37<0b|`oj_K|FF&%-L4Kx4J*PIVKLnXp536M%vO!DKF{r^U*|Zwopm^5#r^8<
zbMl&|NU+6T>$t<CWL-_GYj|>}8P+f^_l<!i(QD$E_=L<^OZ#^ch&H!%+1e)?ws?F#
z`L2=cQ2C-z<Aj(YJfWk=OYty2NPx>Bd=YRDy|2yOIRD7Sj;ynD<4n24D&Geh+QUkc
zsu;YVV&D*N43BojXH<6vP1~>-*%PlsE^3oy)L8d<D&Ta+S^C0^v+4c>yTjfEJQ(^l
z9;(+0k1Y|b2LYUJSh)58r>>oho1H}3I(Snl19#D`o8CXn6Jin?pKl{X&j?e>VPcc}
z;6x}U;L{3b!_a1th79z$br8n#$;Hm}>J*`5^s;=z<_V+V3cL;pDJbD%F+<Ab02pb}
znH55&(lF^#xgaDDu>r<|zi=jCLR8a9<+mA#2Hi?ySWfk$MnaHG^Qk&RnOL)k8$*3%
zzt&+83gl+$2Nu5_@q+F1c9<l{g;88o5z&m=3|q8W-BLt$4L(yvPU(4~?a|SH?05RU
z{fd0rJWBGh)oJwHvW|HZ%aP!jP9fQvV-w$8OCj8fGAfL@*K;}RN@#N?AMtR8IN)-5
zHC&cD7Pxc4E|foG0H_{gV7te6Bc6OW7?^v&xbdEO03-IgeAfhIUc5w#9(5dHUWq*5
zGvvZk@sz*DPWTkwp&nl6S^}o^GH^IG?V3qvzg{*>^Leu5`yd{iR%`9vDT+gAmA#jv
zZl7mS=ZU%*psjinNRi?RyP=5O;zIn{qZ*TNY&ZMqkg*PMAo{uM6}aML(YfwnA==qc
zCc3$@m+YduzNtXGHEWR2^bnckVVk}H@q{0V^Y%<o#LZU#*aVDvJ}P9|S)^!mwpgUE
zM**aochMprv}m-lw8{-1Mj$KYYNfA7#4hC+hh7Xryb?1rOmI=_4Ubfr>Ztu-ELyjA
zAJpayBgjb?&ZWg!+mMhZoI~a;lPt*+R`iizg%f_yWn72r_Pz#))jDfn3LT?i1YH<o
zQYrG`Is%&nA)qDAFQ~dfX?HW_K1I%rE!McF(JYP0{z*BD5bf87F6JkOOYB@-NgxvH
zQCF0MjqBC55-iVInwJ^I)e96(&1(J`g=kHF+9rJOe>iD@MIcrWK%1cGMWQU!u<qJm
z(u4{LD2aPqU6G2LoVP8AMeEGL3ML3{I9sgL!hTDh&f)v|g-)IS<Pp*OvpD>EEY+cd
z3-C?my;g~Po{n?SMI^_q9QY6h{a(4WefDA8V$)~P(?o=!acOT$_uYRR6a>fzYd`m%
zN+p!_dXBsFy_4kSP*%+<#``hrl3<JQc<;uCG<HsMlDCx>fVU#uDn@L+t7Q1|R0b@`
z2xHDlRRflHj`JtX6*8R|5t=|~&a$k776~Rv61yxRX0^1BjFa|Ri;TonLd`V=@+-?E
zZKO=km@V3*pE$McH(rSw2LwD{GE*Wml8D5Fl551tY=5t-Aa8bmuk0QMn{JP5hM9yG
zQ+)RkEmO@RdWV{v48?ejG|aC{Ngz&p5Cd|FmHd5f#8Bvp6}e}Yx8x|_jPsDD74AcN
z%kH*AOnFI^M?Gg0DyE{ekghcBbewt%BwJtJ37@wGWhuBvp9GxZoz!(rb)5IQ7e99d
zkI_@-hxE_YY|Z3=<5zYCqH`7WQavZx4InPvp+c*fr3Hh47Id5N=xBFah<6gOC*J^x
zW{9h9%$G4zt0qf9c*=Ho^7<?!xsW$-4v(LYF$+8aUHz{<FgAT2?1O;~u=~pURXi^y
zy2Z$)Abvc^$K8OyZd*Qs<N1uD`T~M2le-m0dcx(iF>5^9S)A6BI|z`jUPDy-psy)y
zB-La+$Emw(vL~chW8AJ-lV{F2=8*I$xa^>5UA^Kwf}Coe<ZaLK(wWnlnSCB7(v}Eb
zuNxQ5?J)%TzHZ>hE%t=%`9o@@H-9*CBgl4LBaLNgG?1rn$0Qr(S}D<UL4rbtwtfym
z7`b^r4C&~KES?+SO|U*gZr(A#j<)rT!K3b_cGQJ+Q)<$h1;UBqmM|dIkFnvAch6ii
zVT$~xIWoa&3{zll$AyFmw9ozQyEOyagcu~0%J<n|=-z^tAg}dtv#|t!x8p!4_lL~F
zJ4CHYR2IbnXj&e2c^s#0@z})mu<WHm;-8rc`E><newz$Wd`Ez#Zb~`|Vh~8HR4$&K
zK*n+^3lwV22t0EH=j%$|m@^{)rw<LBgM1_N`%W!`k^C!y7)x*yh<mD=@BS%#gCJ_h
zE7f-)&^pSJ$g_Awc^(G}JmVrP)D&!jxuC>_YSI_;4Q;vCVM1@V{TCLu+igMesf_+z
zKI$$^oS$(!|IQ;IbZYp!+39LwKoy-*6Mfpg>2(;nXtsMWua_BW0{z!)`R(j6{@>M7
zzrQ!)`{~w0WR){i`l(uDhw@a6BT5+vAk)tjwJN+@lBMLshvh1E@s0<!SitNgmVunD
zNaeBY7u%LQJ94mx5Cf!<k0!>ZEJn`8_ik?)uRueHZGMA_pNgX;S8vkvA`i?0942Oi
z1d4wX<&uH{CVB`U!2$Pt%47=imiP)-KPV+dB}GN+0ZdGFj7;w*{?Z7V(oj^C)VK=j
zoPUPNWHH*VhfZ_Q=(IaL?Wp45X`4k#G?NlC7>gVwT_(ymkOvp$qq@v(CiXRk(3st8
z$C48l9E)hptw>MEU&36>*2GgL5baB!n#tWdT7>pSW30L^R8LZ;i}_ATnqK+}G)Izr
zXMIi7nxP7NzLn5xW1==r-B24RXH=Q6rUwOXxU<?dO|}jIWmKQ}Qjdje($$4&wGPb|
zK#QKZp}eM!vmle_BeU~{YZ0cT>K;X~%)T{Z2=ywFUuqU=b22|uB;2ykOm#HrXtn8Y
zG*7TKHg2wZEz}B)=V&YDn5HX^=X91@`n^P`JZ9phoVGIaj<9{GwPu8pKJn;N^pXsW
zY^BAd{6P!GbFnYVUZ|m#HJKz!9|FSoHONWacO9C~-%76<Dvu6@79_hnxl+=t#e>I+
z|ManKX?(X$bE-@`{7~j2w}p4!qxAi~g6vg<8Z%c@487&&Hw)b-gpM2FU+7~@@IVr(
zi<a>d0ONsmv%_>N$J4u@*=>M8sTn0Ww44*bQizq8Hh^3A)3xO4&8>0o%`MNwhyVT*
zJ%uv(_yuEWr>Bbj24^D-s|Jkoq^>0Tj3@?j*hoW?SkaV8zJRy$nft^TE_bywVv4Xm
z*dcYhfmk>6D`sKruq02;pUC9eM6LwcYYs5v{22onEHwlv@G?0h1(;ffgoy)z;8?p%
zz04Zvat2Gr$Iy<!wtf$oC(NwE;Og9nlU)vwtU<k+n4LDMS&U#ZZUbE*xSbev(o|{a
zaLYfW1E&4+-*L*2)w1OF(`a4SzoGRS<d6&Ev?x8LVwOO&Dj=1dmi~qU-XI-^x@E8-
zn{c%+<_&d3#?P%s-bL0{Xez}o%`sS)kdEbKOvu#T!d)LeZ{FXLfp7f^$x)EL6~rAk
zJt-|0Z!95Ee#XIS)+GHkk4!w;NMoRfg=!{cDfxqyXQk*ll|(D$IaP%dA03-=BYn9a
zG!svZcSA16*}IEu_pNdSxzFZpPG`Z|xDWR;-}zF&$x3PSnFX3$tF4$Sb;p3Nk(Z^$
ztTJ2_4J8u$xFXfW<?fWkr5pQ?x?72RR5j?kpWu(+C~<mnx*~#nQ!QJE%|ri(uNP|`
z*OiXQKTuqvo4E=C*NJM``dgfjesF-y@KR~3PuVrMo!N^<yC_Q6q>LFgp}-|7CnB9C
zuak?{&$;j57}Xe;`p2FpPYy77xC!00^dc12)Ylh0V>`wZ|4A!Wzb%@3EC*U9xpreP
zYBn+|M23p6PE&VqFw+}Q3JO{)l3L@5vDiwTON&)&v>Jka-y4iRSon2HJ1deLPrAPu
zGjdu=tkH;%&DB}&>bcTo-ElBtw>LVvu+^lMrLWjU&oz{k?AbNK@6A`)^8x?c<`!iA
zs<QcOrA2*Gq^3E&*ob_kV-oYPbh-(#QW<Ru8nMgxNY)eMGE16xs)Ghbs<wL%N=v6k
zT5O9t4kr)I@`aVKCod{L8VdXHIr9g%lf|<OE$Q`_=0Uz+c$`a-N0mP+S<erOM<5%-
z3er5C_T*UUpo5?b1Bvs;YB@_?w0J)U<yJ6Fg91)(y`8A$<{b2$4c6c<xBF{f1jULf
z8$AwIB?={9wl&^P>U(=%*|^{IS+b9nW?TTIZy}~_lQ@3&rcL@i24z=+filQ62G_J7
z5Cbt_`D=T$qy|414AV`NXY_B}?K%v8?ZSfnF+|4eP5ZHNgqn|u>MKR3|C1fzU0|dT
z3Yf!80?xj~5)4a0XE0lFvTSV0=~OjqvN^=*>&^9eD~<M%)f)smLSH2Fwat8!y!JQE
zV@=aQzq(vmIqd9yu&kb%#`tY!4JX@5D{0#xD?8gdE3N;hy{`_7a(mmAQ0bIz1O$m`
zI;4~ukZz=gkcOcVq(np-=?;-DDG8;!J48xK=}<u64DR^tt$yd6{ax4j&Odwo0c-BL
z*R!7IS?~L<_0G(?-@#GZmlNqsk}}EjlDZb0a`VRDLS$*rU);ce(OZyX-250$U&*?`
zbGS@=IQvAIFQPEz9OgT_H+2}Q#7pZ*X-7=u`Lv$Pyx7CR{JeR#u)J26daHIN?IO7T
zo6zBGt3<im0!eh6fsP8WZQ;PPSn$z@5GhT1H6L*0n02+m3s^Dp)C!#A^y*%U$6Z>v
zxGS!-X!MrVDphDVf$tz|`VUh>$x^5__N`xEL>o$~iDjiqoRRG#o(FzoY4o*Q5OQx6
z(2Gzqau+O?HFOK3s9I!CtxG^maz*v2MXmQzmj@CLGo_?pMo(6j#*!tP@DSY<k)tsP
zR^D6)!kV2Ide|~AWJ<WsNcU|WAZdXiI#2TIyhiZk`WCh=jTRF_EW2u<ttelYe#=C5
zz_EQdj(38yboU{Zm80N(?=q=20h=j@*{AqIt_$CEQ_+Zs2tf3=)WM<V`%GnKJyQxU
zRmHc~yU^9BWb`2-WPxgAnMSx*Z6tBZq`p3jk{Qi^#US_0K^Mcs{=qu$iOt%Mn*ha|
z3VhggC;1-umQ+qY^6=GY0YrXWZPVv$x^0u?^t`dIdEnzoH+F5p4dNsZhOV!7?6s{)
z<-gS`=H9I4GxB?%^0mj4?}CU9plp$<Vsul(s(*L&nn3osA?n8t=pLIS9w3BVdZJpc
zfr-BH=3-qG=Bhymi(hUyd~l|!38XCpJz5LTwuENXy^JK=H)KighTki)wzO2vNNL3?
zwH)0g9p#(TvJWy=CyWT25^LCc@nv)-&YDw4I|5ca?^z8ZRhFdd?&p$xa8VsiJ*v9#
z;7F7`m*9NbIQ>FoB%scTu9~deFn4jloU_$I_9}f~(aOtDxgjIb`NEZZ!tQ}ySrbv~
z(iI!DPaEav)O+q6*t7*+krj_l01(T{)pxL{W6IotRAS*_s%-mWVxz01bH2MKA;1zb
z5+xZ`jjd#+Y94bk+b2EkfZyJ41vJw?KA4Qmx)pJf6_=tsJ4kHHzQ3NTwEBdCTNk*U
zwN<IaM_${0)rlPb?flV~?P47=8Gs^tq7#daBfL-7bz4YR2%%zB<<Xs*79Vla+IXEI
zQomm>&f~UFfDn}Lgy0MDRs=>pP`oSEEI!sNrPbpe(~Ck1=^=tGPc9PKnVwsd$qIzD
z@GsUQV(XG5#?6`zVOylq4O6R}8OH6CJWFA7O<1F~;iHW!*W=RO06ia$jTD906*JR4
zd|;M!5hgS~t7gA>vaZ_YW_&W2<Xl<dFS<A0hGdg3KiKyCx`o#oy*0{eD^$aHwOHNk
zdVG4uQ!2Yxre-@3yce<S!+PGSMq%a&r4rT-RV>9Oyw5&yeM(l`la+hMvHn;ey&*fT
z$Zn)$Y~Mp<!d#B1Er6asmRzny7a4xorPkNVs4v|jhg=grzN@9Z9r38|DV53AaE|%G
zJ$n89jeyVa5<69&mq(ETEJ2gOsts}ab5mvdO6Su~x{@+ykHmSpI(ppE^X>*64JUsZ
zFRVvn1wN(U)L_DQPR_&}{Pfw0IBU-Fof(V<?@HIWsX)Sz?jf&gxO0YkWdbN`bp9ik
zl$}k6W8WhlKyC*^QMy>WRosAd__Md!SUFE^G3v&aQX}i?V_9BNj5d01KUyj}DGIEY
zHBW1l6ZTnGbUAcCK3)xFHg+O9g9yn<qNi$zISA-2*`)A<$(WtJC+I>q^FyEScdf3W
z>Y6kWjiOwdy6U0DQ8y?q#ZijydAlkD^&_Fh%?*Q)K7p(^hP(XB%J<|ix;vCW?&?DI
zRO<#8ITdcA1Eb?_y`F6Jp2cUkZl7Fz7JfmD6*W($g+|G_a3oInmhh<*r3#?xX$rH@
zLCk$+@e<-u8U{(bDVH~4;+sr-jy9*k_{Iky7n>EeHbtN1A<{G%2riOYPR=@P((N-X
zO|B=|p%gFIeKtpI>t~#-GmjV-I#O?u(0^HjY%9iE2ZLL*TkBGy#vaOkiX>!<qHj0b
zDx<}`YYcqe?W=s8wQ<imjQUM19=Y6V_dthxoEH6vb5%*%0GW_1h%L-wxxc{k(8aSa
zJL<^#nfZQGP66Rc$+yGIj_?AM((26X?)rkM7<uyqzbBQxj{$3q$XKhovX>b}2!jqg
zC44jB)rtv5y(by^_cj{cCyFj!=(|3u*1s3?8lJm)3Ku0Es3!h4ull)IRCzDMvNRLX
zxsyJO+T}8OTdmbVWl@v|{<e>A1v0j@vAyGztQL)ol4Z*u^Y(f7DMeRLn6oAB#n%3l
z9^7UHH2RJQ5jcy?!KQv5jyu&&p`6oI=BwGc&%38<k>_E_g^$DKK8jbSq&?QlOe~kc
z)&QxG-?sCwY$}_a-kN;1Ek{iHWtt@#wn@*_wC2FPxK18EX(G57k^o)SY%7&@YKJ?H
z11lPB$5zyo9@S?dPEEUcp;mx~lDWBB;y#^prliD5ee>MD!hx>)PRDB=udUu{h<UB?
zp#GPy5#BE<u5w~%bD+yLRW1^35gMp#p5d_B+jw=iS~pMbR%!{mbGI=(k8o+d;t@P2
z{8;zJ+(Bpgs@RCyNpn(eqU=6aN^uqB2}d-b;IOw@-kitE8NN3;QJZ5JRDSDe-bicu
zwQO=I@frV?ZNZoY+2NJ`i0F8v$RcsaAnXdLkP@%G`0n{z0j|%V=2}_TA;l$`^>s|(
zzDPTBxJSc?2)ly~As{dN?HqF{5%&kSWo1!o_3Y;Rp`LOUB2yN#YueirU8C<#xz;8<
zK~(0Fn~}+(-tHnNo}<fIPTq{_!<H0wg&W9N3~N7tr*64T5<olmc=cMJ7~nG(iy&O{
z`sPjH1H;}eRf-1fij>x_<5$odtgSh&0sC}2ZSNmbPMD<fRm(oQduF<QY$-Yr6O3@}
z)oC>KGC3+jh}GbtRL0>xiR=?;Ixc<qIh!VLVuW0xj?x-bVin8j+`EDs2iKDElGe)2
zE|y<jf50iHJ`k4IKhQ`25&S0m`Dvc?Gw*k{^9<;O3aXCy^+D!^?TR-|VtU_T-1Q$@
zl9kfoK9EPsRK6r>(B1&8X?|i)ke0T1%3d~FkwI9On3t(!Lj}4XL(OWF<yEy{Udimz
zGFgOcAm}`yza}!E;?u9it(vd0GBtvyG1Ih4weK!mqm-gK@!V?f)M@sb-WT6Bq596s
zjK;+DWy%0kqc<k0COKL1)m<4Tdi55S??W?-uw4{vlsmv6mofV1$32od1uS6`SYFnm
z25P6%KJ`ay6{fXA>+#AWZz|%Ev-}NPV<WvZ{^l!sagmX!TPCVR(a_Oko>r;HNtH=m
zS>*NcJ8Ev_(vaTgI~H5f@f=>H2B4j&GRZnq>kj$5LfTD*H<PFo>*~Hran9)jGrmx9
zR$z}W<y<>pdX$oirqO)9_PJv&$vA$=*=AWCGm(iONwuK=Fl9P}H-bChW`I>)O}JGZ
zGWa8V)vG2FVqH36H%!Jb?)%o99916P)E`=(9J6wT>$~}`o+r?XFV*;qThkAV6q_Jt
zt{MQ#1?T$AO2r$W>-XE4jaMXnb@q$Q2>2R#&6mWFuYx2)#}Jcqz@73gUa&K>WFP;{
zRvBNMlTl&6*p+CVOtC!T8@D>dy?R?PI}@9>3z7)(DosgiQ``^bCFmDXio3HN&sX`+
zP3rZRn;a3hqoXn_a+f#0aV#N|CM&o4+%vz)myYV{aHWv<8_TX>V~e)DjZTg*^kLIB
zk4#t^q+%w*Vbx$6XDts7rs@z^Iw-RvcokA?DH&sGNyJq3RgyKoEvknie|P~`UAA}a
z(b;*M!v@2%#%iyTn-CiF`fAI~>8?{R*;=LQM+adiLAyf3PJ7Q??ip!o#9Qi7CZ1%`
zP#_W4OzAXr4XnN2$IN|s{AOQv&J6XunU|P_QDaJZTgGy=)Y*yC-NJ1*%l$gPrXoH#
zh;VKccA$X;Ax~HNu`u1?cGOG{d9M!)1(DqHpQcsEspR`$%vYPZ=D976U4ObNe%KUa
zs-!X;lT6FXDtp9ITX4@@(<zKEi(SF4ku20t5Jr?L=9Dv#6tyN_SKR0wtf>f>z#A&~
zh&xmOZzlz7a>ySOXUpZysqvCUMNw`n;*7SD_1U^^h?aF!DEW+99d^$t0ywn-?RK1V
zaM$LCIu?ywHJuI_x3=3qgaSP4dBl|7zNFHnuqZHfewg;=*-1l5a^5BZYqV>g_WWj8
z0%vQ;>7;X<Z5F`}ZtnBU+wJvI&(17bMadFh>~bEz2<!W1c70V5-O;d9=u5mVUdpw0
zLtw3lNY_0?!O^u398MoT7i4X5RKFP6r@1+=Cr$i}xK%)G*k~d~WP?$cO;_YiI`1tJ
z=yD|~r)<ih%Zlg2wBB%VElOx$*tp+wqh}z;9{XZnQZyml1b}2Z5-3&P)s2?y!i}CX
zeZ<JP62H;cYE3X5le|UC*0CLx%ro8&S6~TY4B0VcvLRw5II*I#H+k>td~2LFDj?N|
zgtC;!I7RUKD1H_Li5wS>WjI_$KeB<Ab3j#K-#oPb8J_a3V;l#oCyB4~2S0Lf5xDd|
zRn99OWEUx4eZzl%rn3S!Q-zy<&L^oWj$jZ}$G<BNavuqbSYZs9Ctwv>W)Mkqme5H|
zAEBa3V4bGGxY~XrWb7f(!%23lRc#oZsac$t<ddZFp^P3iNnC)l(0HF#wc-260iS^7
zlmY>fOxN%n(idl)S=0iM6qds23QsjH!F#%)cIM6ZUwCJA=i+03<^wK8&S<iR_jKy1
zwN1YwQr)B{owqX#c?eT@;5<+&^~s;w=gkeJ!PLa=-THX(Wd-yE76?R1fmfT$1GL1h
zk{~%v;E92@Ek#i-9>n4qVS4)}$#|$1pOJn^8AkYtOl<2{<r`7`>RvBcTZA({fAu60
zZxaKtou4Bq(vFH$e9bd#`wWC}=~Q{_Z9cG2x!vY+*;JDe6UW}2Pv{@FPD5Ma%o8>z
z!uN<BTF<`^$6<RJ%c`Mah7uJSqhqa<84Z1=USh66$-4xKlj>2!aE<A`<7YK=%!R`{
z(t*YTsaoih9(_@vj1KV<Ofw69#5I#qoUdlbdLdU8^&o#{3>Gl!^^N~M)KToLKQ8Bj
zv+aze4D3$|O3uq(ueq?;*6~lODc)(QbIsA$j$)PPrL?a%ypBal!-7Sbs3ok^n?%BA
zv&K)y)OAFzT_D5B>9-Tlmd#>$Jsvz5BWxilBQva^Dq-&yNC1pr@J)yS!b#B~2gH1A
z$3rA++>KkcuA1ddY@4rBEPdXUxem-Vd=YMR+M24XD`%t+R}sM^q*7VfBV=eKH7m54
zEQNc24x+!eBN-8oYiK5lsjS~>_oOg5C;^{s4sV^Lru5`)J|f54lY`?hIzN&hh;UR_
z&kNtKuiLQ{-hA(`m8n^B;1w`%_AT^?n;~^tnwf_F?2zlU)v4|QX{uZYVDL#O;Rq*}
z|G}JCw7Cqyi_G8*<J@PHt7Jn&x*)F5F5+3VKw}V#H2F%egemzoTuLl~Lj3|YKtQ61
zL|JM&W+!B+iXoR`x3fa&x#*tj$-OtYAHsV8(Kyq`?2pn?A3bh#6(cahUi*}e8xi$#
z_iOD?O@u#x3O(Z1Br5}24rS?m!*DJ8lNf(nEt`CWlr?-XuFJyvW^*L>BbO#{eexDl
zWa^0hmoJ_UmII)|MVyEZ=5oA)8yU43#z*%E%5i6C!%`?sa!5-EIAmv(wOS`jk(gpw
zQ>9q9Tm22+`AGnIC?wEch{gK|X>|v4)m15YRj$G_vR5HSJi&tnLZSjDmPMFFII~4$
zq{jDNb)w0+H0SGVwAMC!4&7iHyy-70G;rtKJ|D2QW75y<<PzDPs<aa~s+dNu8S+I$
zew~)cb|Vt_#n!vCARRtW7OMwl5<)XCBXtcBCjA(Z9K+W`G35mAG7`eNZ8X*$bB)Gt
zLa5V`dplj0<fZN!;hI@;t5sQ8_(+LwG|kRKA~X)p;>9<)?|RF{Lt2=cvRg8l8v>n5
z_0YJ`hLQu#u6W-W5%Nu6O))#4Bj2LSfBBpXv2CMyh?T2|eX!hRz%)KHQ_<3FkKP$K
z7$4CS&L%lLi5-$;kHtco$|fvl<^rXdn^CNZZL`e4i|snyqtr(iP<+h+HRErRLh@Vp
zgzVHa>jlJuTR(4k-cX1Uc$OXyx^2vWMaFW@T-E*25|1C~@Re?iKpCfLL7#-j@ATDf
z)LO(9t2(bvoSS^FGJHEq8f)E!zq$G2v(@*F!^q-EG_(~w+inkee7LQjIdHbs?0zCR
z=O<Ewc_HJ5Gv0CPkr^>+9*Er={eC_;$b2j@B6I$()>OANZ`GVDXYt)6_ASh9`m3ix
zo<fq9ZK>@MkMi`fCP8JVn`17!AT-?2!Fs8$sf@F%^UOvyKm(#p^hj3H5kFk<tt<PF
zZQl7m=Hs8!l_A<^1!V^Xi7Mp|V|+cWA?3sA@pSR8JPmZWR!{o885Lzpwj7i;Mwxw5
zI-t2?TW%A0ykc4b_oZG6{6=&=543`j(Piyfhr{P&{YGB)O_KMWfuT4D%<y*~Yl_T8
z8mf%w$OC0x$2A788V-l7j!e+34cP#e68Hmp<s=2sVAuDWtq&#(LL3~*=ADe|Nq6p~
zxQ!X)s<I0PX!<f8<2K`u3~_nRS9FH})EG2eu8Ju<f3WDGCtoKf8qfcQXO!`Z;l(bW
zH)qXy&<ro=##%uX0eehyx4Xlu8!Jx-K33$B)nrQ0O)pR56m*wkJPy1LnB%)=L4vt}
zMakSEEf_>J%FGJ~q`jS;C8V<@t^+r1ct0$?al2G2^kw|x<EzQ{<m)Yb%GXmPtqd}i
zVq3b;@nV)DYe<4V<bKE$2`_BPmI7?k2d*CPJh$a)fgdY-98!t^!ZPpq?A^XTP&iEI
zwe@xI*`P(!y36wpNa_5$$D-{{_etxl`DqR8@|JlE!brROryFdmmyN?pnHdjr$bu?A
zRC0HwaYOfOl?O<ByjpPCXUee4N5xkMNjcZen$E6jTuAw!cn0l~LM53!Q-vtnbk}lh
zKJ$9H+wo~jmcOEg6COXxe^?R9bFZyfPBTRwIn^y<udExI&p6a=IAGA1_%UV5QP@HU
zY`LgrSNfcTPNd!IJ}F-5Ds<cgC89{~QRzOL%OKj|Hj!-tSP<etI)|T)9eXy`?lhfU
zhj~;bHHzVedsrX88d^#rP1C(Nm^wZvDe_e|>4?$j`!HIS=F|M7fz&PX!I$=cbU~ab
z_HLXf>v12og3XSu*0a_$ZXpMq-q<zC8f4Sme-2qDE?b}GG$!RS+p9WqiL{Ma6|a8l
zJG({Frr{N!nI&CX^{G>dyUH69{X`^QrQjHY<VX#t)ukoogyt;DJAgFkkoEquk4t{R
zCz}Pe0VOe|VhSDc>$+C8UsWTwpV%hx%sa;Ose*V+C}^-Fsa90viEKLCW7R%~76+-r
zYoM~;c{(Jl;-7V`UX*rs;(;f03c<~UT4o~K_CpB=4uUl1_QXf=1414ffzjWR_9N8L
zTsqgz2Z1vWu_t6}^qL7=iYh|N(eyFJW3+dlM0JQcHTSZQiWyVnU|fypBkB9(^v>yx
zz<m`$-LDjeFWrvs8I`Ju=MLe&CJ+nLrvyn_+^{3>AEumZ8Wh96YQ}S6YI-b6%*?rf
zLCJGegSWg-lqgTWEnA=3aQ6wZr(x^;^K}VP3Fdh1Rtmw1&`E#i6`|3`av>`j>i)x3
zNyEP90k^K4-QB_9UVfcA0%)aHr0KlB7XXbL+4qkunl_s(o?M;!GF38F(uMDsJaYFq
zU!_F2SP!Y-l1=;CLUw38Q;A9->3kL0o^#&uy8m#O`;Bz<8u|N7T_|Pk+okhtty93r
zC;B$XKt=n=`uY*l6ZPSUlg_6GHE@HeO_$LJtPdECq>Vl2ay|hgoYiX=&lJCro_r;L
zFH<^hb3+&B!!?pS$9C76?5l5d`VhmIEmGP-Ug1^h3j2DF7PiU16SLmsJ(}%U+_bnW
z9){<->=L3GL9<!vMj=XIg^YI1a*z-@ZKq`RGpOG2Ya>M_m8R^IycP-|C07~*8ZoTe
z4BC?NXbFoWnyLC{GW5xdQFX~cG5gdr=@?a{wy^lk0Q&xl?Ve}PK9Yw=>gt*7G6vz5
zxe<>&^(k|Uz>b0&pf?UL+PqV$bQ9WO?~EMccX-~$X@RM2yvyToQ`>UacGQ&bqYx#*
zUNtwpeZ;C`Bi6M1^7A%Qs9c!CT-WEAYF*(;wu^{;+avhOUJ|)d#O>{c`k<aE+g*jQ
zsSh1HF=C}|?^L~$_PuQfR>=oGgFt{lm$!@MZhrX)Ql+Cfep^ITo1_ndWwposf|Z=`
z?8UWyLi1hqVRFJ<b>`%f`P~NNU9LtmT2A*123_G#c8hv_iv{(DyF?G#4jj<8eR>zQ
zFB+c5oi1>FY0=(7J=S;t^=#wwe($rCvmIBRuiMHPq_^JZ@eDI_h!j;*Zdi-F7*#cr
z93idT=ylW6e_2^YW$CQVMJMmvnpyd!U1i9gx$vPStdKg-9y(61SfqAHK4uYeNIIH0
z43QnD9h!+=2q2fAAXiizz)i^M$a<G6o+OyVOZj^GR_T$n5eAFd*wjJ{vHT&nqIpzT
z4S7gDw@33U^=;Jif;{<i&4xjxR|<{$@-qq|)wrx%ACA6?RcvpmrG_Ox&F_l2W`1*!
z_1dYu4!m7uGtuaA4Vl1}xL!yri2`}DOo7Mkf!9EM7{-~x%L5BG<Iz`m43xSp?aO2q
z*sz(G($go}u~&0+m`Mht(0ct2J(yEfJ07~eDmx-Glz-qFv7<h|x24QIl>gG$@@9^-
z*8Ith(uJ$q5PozM*r0Liw04XtwMFR0l$0Lfy^?zXYY8%WkSp^3)tTp!y_653?X#wj
zrj2)(51&eOvp8zFk`obOeSK}o2`#Oy>H|iNeA+0VvbOQ0f2$)CE_gF;R9AJuRJS;6
zU1=i2QyDMk{*6FobZ_<7lwrCVtWWUx8+QwR!IM|LCLTk$?P=)-Pw;s<YRdFy+3Cr{
zL+qN4VC<*2_2}6$W!Dtv$(it_(@VmJcV^H{)S)yrH{|wgD0QHyFJH*}d!-y0$+-Qi
zG)Awj4u506=J~SBUsqk|9Z%>Nh=?&b%f6BBh~qWMbi9GfOMIQ{)vsPKn7@1JwT<<8
zW+C2ku;zSP{H`K{VHX!aDS$Dq%1d?V1|<XLo5qU(i3@33?2&e^j;GpoJ9GZp$t&Y*
zMuqJlBVv<8ys)K5votSEBK#jcSu!^^G=8z&H;vo^^h5$Dv@kl9QQujblRV^qgI#<J
zTLflh-5Nzw5!RyT5~cf|paIW2EL5jyv$KP-U&J_T&n4mJFzv<Y<Jed~LfD0haP&8R
z91~`Hy_Q|@eg`UzgHBo3slzp5mu~oO&c`FTm9)39+@cq#DCll@^0M{UmJMDIOjgY5
z87+Y0kt0uhC}u?0m3i{Wrd5Rf@#$-2jN0*6#0^gG)R`UhpsfV2hcq32Tm?tlolpnH
za(&TT-QO*61bFFdw7Kaat*kr{dsO^#dqv$vefJ=Mpu^|;0$%&HumXkVX9{Tt-|&XG
zVzkeJo|^XAeUnuVz0tr=pB|SdKXm6R9(b!$;4zApwlw+L5gEnEbiK&^Vq|UQP>1HV
z0U+RrcV6%g`lm>$K@*;dn3Xw7+BjcWJ??#-;KnN)`t~dB`(O4V`KoxEc?oXnTob7q
z-2=7k4hu9s_&9Z?K!&w8sh6>$E5(!=JF>15T}AAU#0b1Z12^8;jf56oxW!Qn`<y_^
zn5l%AdgmD6{kgC7BF$pZ=lC?Q?DG}}wbE-HFYW2&ZL@E^YMz;QQ&QyHtVV0|CcCMf
zjV5LA=1vGH-glP&a_1Ev=r5Zy)ZFb605}3^WNL&o0;oD0BQF6hxWez-G8iF1UeI4R
zWeAJ8*&CTyA&`v52y;tY5$5f>x6F)|rXtLmFgOryFNv_Ql<{yxsCp=>nRr;42$(X9
zi3+<3y4l#<pt@mnv$3{y5_A(`HZrv{MhK$nmoR{t@jC@+CBh8h0deyILCm5!!j7h9
zf+|vXe{Y0(CBkfhMA{1i0IsgCJgyKPJ4bT>NI*aU00aZTU~UwH+sWM)Y2?Oj>vZ!E
z3sMLt6GuyXq@|rL<E2F-V>@T02s1O|?{@9~V%OG*=euJ(CU!Oe)EfX04+L;&2vrxn
z?`UW0Y=UqUg<G09+Bw;oA)AXCHSHWt8Nomhuka=RKOAAeWnX{k`}cVMg8b4OQ<Fb~
zw0Cy2{vM*K2>@Y@utC@&olp*ezB^=UB52}>Fhbfnihj?ND#GEninXPvinuhRjJUR@
zxQf(oZlJK=D&JXvzqb8vx``UkKmGh$(%g*fQ9c5{`-mb5O8(}g8cP2CzslQ>G~qu1
zgp?5yAqob9LEJzvH&8$g1Qmqv3j$%>Kwd#0P#Ew7^LtCUovEdn`~OYLzcBy1!-aAH
z4*%b0!p7#0WWeEqQg$ZJmjfv)CF<;KX(}iVg+U--5QtkqQh=8mDggy@i%Y`9xuwOy
zeEdL30jRX3^!G6T-u5z36e4Tugfy}>LHu{D{iW?Mf@l06C^-KEeK7vp$v?{Szv=on
zUH>Qp|A_qW(e-b-{!s@05&7Sv>z}3Tw`m`>z(y?&|6HMq{%3`cuthEFT~X`zU*AVu
z?i&ANled(mlfAW(J8E^KW{I>$Fd`kD5tp|OC==f)DB*+ukiXw_XsIB~0IHTA2u3~#
zKog|^!3bqUsT}}R?Cg-J7eGc8fUK>V9ZJ*Tx4M+BFbD(z!yw{N0bT(~C=e=fxlsD+
zI!W~Z%s_SUU++f;gL(gYtK*go8){HQ7r*gj0d4fXbdx@DjF@;4{B!*kA!=MeQ^1n|
zbg~<vIuV13_Gs<xa~gSA6Glb|M0U`8@0Vtd{%F}1memeQntk`)l}^eI8n585!B{5*
z+h+p{42TT2MAe}a;y4V4F@Hh_eTq$|_~8DM8q21N8j&Z(YrL)c;<G_j3^UqeYUwzq
z_E$Vhzq+q&u=Qx-Ek-;h(+Y&`ybHP#RZ2h;@#KcJ1QxNi__Zn~T!Ben{Z2`=XZQWe
zQ`Q^`1BDx&4v?&=o!c*Csgy9EaW}twO5bX!oUBi|PnaIZvHHt#b#p|R;p3nL0idYA
zzZWn{4Fd*)z!)#z`MrQp`U97R(e_Ua#Ea4<_yGf7stf#p!FYda3x+~aA_{-y!GKT*
z5H<LJ!yqtz@Q*wchEhKGI}ZltLwWWC2I2e39t^^d(*F2?2L*wChyw<Lf-Xf3F3TVB
zqOk9J2|r*kz90RALHVFRV*&y{*@J<8%oPj<16^u+{Jjqt1SQMx6UP6O&oJIgos1va
z@?Yvq{2k*3LQ!HOf5k5AV3fMbk7JIq_cMl4lK6>-l8g8eL#bH&jG^>Xe&V4dCw{_E
znkheFD7BQIuwNXfmntzo@qQ5p<QH+Ej>(_eLVpnl^cQiUG&Fv0`-?cBzla0+i#Sla
zA3xjsMI5NH{F(QQI8f3ZKk;C{h~rYt=EwZOeh~*st><UnFXBK+hy2X@MI0#kk)L_L
zh=cbRaq#{k4%C_ZH+wJ`O3~z}bA}HL`tf>zf>3HHe>*>5eBfX4P;w?e@B|<b5NhhX
zEPq}%1R%VSAFpcyP~fG?%inpZ>)#LODoQvA2>ihws#6g3hx7aryVS$^!yeMn$kH0&
zh>wHPWBF~)h5kREXn&hZjU17`O(-arctHaAIIOJFN_X*b{+MNe_&EPRoCDl<M7S{i
a<`dv@DWZzBxqOMr+E0Fi!7#qx{r+F;5|fz#

literal 0
HcmV?d00001

diff --git a/docs/img/FIDO2_Certified_L1.png b/docs/img/FIDO2_Certified_L1.png
new file mode 100644
index 0000000000000000000000000000000000000000..20d34c2c5e43e596d9cb78871671595d92ebb569
GIT binary patch
literal 30553
zcmeFYWmH{Fvo1Pug1cLQ5G1&}YjAgW5AH6(T|$DpOK_I}0YY#I?!h6!{Z8_J^6qo?
z-RJHx?)kUL$QWz(tbV$>tgEWmicpl7L`EP$00014T1reA0H6#3073;G7926ybch82
zqCGEFO&4V&cQQvO2XiZ1Gcp%XM>8@r4=Zy3@K~t)Xc245?H2mvjI9lM^s0qOTZni3
z_XV+pdFco;?6_(kD|uhLq`ouKklRoH$Gg_2jcoQ+U4{lN&a?Xw{wpqz$@`zH9$mp>
zCs%iaa8q;Tf*r>)w_XIE(~<(DXQKjf>vtE`j6Q;4J)eKaAvRoG4BX$uWC_OAJ~-uG
zdrA=`WSvwaUQ{C%UVBpb=ov;=m!7LXaff;e#2KtUg#<o*^4q>VtMR{U!|2d!R*3vn
z5YN|T5}6G_`GBiSa5A)J*W2T;>A9m+?H?Bsa8D!uNSg1|WxhT5*`Ut&Ml#w@My77;
z^(Tcc=qW$G$6ptUex45pLC2xjr0((ulHB*_UNpH+Jeem?$IGM3-U6Qqf54ae%I$kc
zp5T*y3gPRh#urR^LKr)^+q-9zykJo7eE6M|jqUZmU^|S+4R1Z{j6_2diFpu{E{>T2
zqi{~UtadP^okCDcaD5=dYoRouPuvT$dVtjA#YyMGvVG`4jQd&=vtw<Jvg7SV_Vvv{
z=&{;Rc#dJ>?dfmKyvTSXYUkV0VkxQSRaaI0fG&T(hvIfB7ES$hLQEn*KL+Nv*JboG
zN?sB2J~gM;H0_F4b1?AeR}4sD3u8SxQm-^m*#`(9-`Q?iIOgK0#3o^dC~uf2GZ&ju
z7K<-`JefWfAbfk@j%1$jUW8Rmd1{JG1K%*;&)R-^oVs*NIWk3Cd(TX>&bI$s*^7G#
zIrcf_%Gm|$>ioh~9jjSuo2m;AufrFPZ<f7|Dz5}!If->WPmg-w2GZXZeX#hzabWv-
ztd=@EMMJA`-`f6y-EGM#7<18W+3t#8o-28BsF;ZNqJC<uIe9^jbJgi+cG13TQ*t)w
zuHd36+h5RTo!91<nG9)#VBLU*%|oXc+9#~-=;(f;uO4c!)Vn30Zg8Ap<x5q*`^343
zM?}|AbMsQ0m@;LfjUWp;UHN~wqj6yP`J}P3;lA@p`6~PCCzbuj#Fo{w%kT=j+R@)b
z9Z03f*s9r<f&z{U@9o}C!>YV+mP0EEOPI8NJ;)5p`C9Y#>rym}{+wYMR%5>}d9a<?
zjvP<=&#Z<4$0W4LJDKcC#}|TcWIWucEv6FOsU#$$MRZE*S^H`_%sXCINwBZ5f2{QO
z;x3)rP{H@EwzFU!A)buxA!s7^C5b(on{i}t6m?C`_`O`4TJ!eDM?rJ4f<C8RxBSAd
zxMP&s-Cq_=swX*XQI=l2|76XT$5-6#?=AF_JffIU*};!^lQJ`a_ya9nk?w7T*=6UB
zmb7!H7_!!s^6^$Z#ybpso}RKw#rFZuHd&|N=GhHp&d88mn59FKN?%Ec!ET%n2Fen@
z8UFb3maSyB)zFS=T!rW$F-6Z@inCu<4KHGue|FJ^Bs%*g+Be?DsCOun6pvQUdD!E6
zZ76w}u>O*;96#SkG&I&JSExXYrASrw`n=7VEJ2@h(4lDWB2X&{46l=N^#07%S;-!m
zF*29etjOEA>iyV%c&52j6gBxvom2YYXvr)f#9;>MsA2fiDeks#x<p~l0H2m?e|R1V
zs`E_#XJsnn&!1zaUd{+<q5tA$8OrCs<=~;mY!j*Y$`DAcO2oc16O_i1>y*LjudSx~
zfv3y*lcC%~Dn@nr(ecsVxE1ugO0C$bt>gN5X+!q7Q2J-91+4F-i{^|UgPQGdv_r^c
z9+W#hwd|*pELMsg#$TdI#Zw_GQlIwdxA?>NDOs5|7mWH6ri@;tbxCjnPIe3YWh+qB
z4Yegi*%19H%5AQhz0^}5wm<C!lvpnYDMbXpYZ&zGat(7r+Qq0l7%^^%7x3DvoVfQB
zRbd64j@Iw*R$-Vj*xJc;%ie2RZq{VTghx{RemONFl@C=vwVP$+7*VMUvoF_|NA}aM
zh;OvLq|YpTsKDxiJP5%MGMQ3vk=}H9AXIqaAW(GlR+nIO(H<&JXkYqu&;w(O^FSjY
zWb&p`l$%hu%?JT8(M}Kt$@E+FkMS&KLe1KBUv~O&Kt0QMv5F+L(H?4!Q8aUnmR=b%
zO}<fk8-*A{>nr0LGs|*4%r+fwKmyt8nnHE2KG+M_^b{8ujIF~@bA=Yh$Hlj7?1HF;
zSWeg(k4wcGyvK>uWeXbt5CjP{P*XW!`64PLgv$vLNaxU&ScccfnD@hu#GGibszH-_
zKbEYvd<mje7?^X9O3mj3OqX*bVOx}2tZX$QWVrx{X0J0y+&7Z_`CPvYkK5;=VnpBN
z86Ut*t|7fjH|&x`gTzlrghw+&f*oUJEaC9P{O%kRrpf+_h4rKd*1mI467RckJH~sN
z^~>y)BJfn|Mp^!KOJtad&zuvI2<PYw<!Be%nXi$(BTy0f5q00NGL+$5alRrdOBxZG
zl!!@DEzwm4+A@V_GM6Cj2j%x=(mH+~R|M>SS2X#%PwPEP-#>oKj!*{Xj)>Scge%5j
zuwO&^#3Dc9n0jZ2w3tbt8n1d;<_1?ZV_ZNq8VEO5%3~4k4*EV6;>HOKZ8a64B2nYm
zh)S;IGv+f54NPn6LO33<X}v`7Qy9kL`yGEHm(2c>@gsAORc55}02TU@FVKRj|6z0i
zYyH>hGQmR*pJ6a!0#W!a8tXRkJM5Zxg3cgFq3`m;thozq5<+FgLYYG2Y>&}xkS@)c
zQHSz2%`dZx$ehC#eDypOZ(rzS<W4aG`@VtAyJ?QQ<U<U|4R#d*->nK5)R9u&y*x0Q
z6!dBXdQ{Cki52u&;ol-|958Ur<!Zjbp(`~i%$bBbVnPW<Aev#J<}TSKXA364`|)D_
zR9rYluMEI=>20yF!i1tIcT2vEd~&PPkujW5MM$&cs6+f(Sk^T=k+9UxP%sZo&bg}V
zLv>O?6iX33jdTD_d0^6uJEG39X1BImCLu_wPg{G0CH78NGSDS88^X>WsAiD)$osqG
z;c)O_WijV4a)dW%SgI81=rm_7g7tD}5Nc85-|rS$oUvQsAmoy^1BwoWkvRtz7H?Ya
zV^0^TzhJ}iJ-``QIK}J)e@ke@qHBFwGK4_-!dryCtV&I0bTPqB8UlI*q6A&4&@d`N
zvu{;`Kl25>uJu(4B`Ky>`RGLCuF2L|80CT+WH(PjFZ`%s9nV(^1Yeof<RE(vo?sU<
zHG5rrEmkQ5qsW}95E$!~3>P;MjKj|hD%G>N*mMJeA^LWusRHmWSZ^R-=U+<VtU}R>
z8xw@UG7_7Vq<eJY-9T=^C7t5JhSr%H-ncGX@4}`#Hr)euGRA#^zZ1pc{NBkq_RXM8
z(@&h&yI2&didGB?t;o8{2Yx8ka>UT9g{y)vz1^cto=ZeLm4>k^WF(wAYbRR&9?ZO2
z$Mn`OXL6ep)+)Ftc{8MugeJwsyVQ?YEVw(}4b!y5KzwAHap5k<8vfz<tZD_79VShv
z(olWB9`Z1D-^A}s6)vBs#;4l@i*19Ms2yvY%)At)gLX5v|JD*m?6UFrbLt2|9+^;S
z$yeY?rH}Cwn_y30?wffS(}t}fTJ{JOx@#hP1qS(m&T+5!^Do;Tr+xu2YYDH+I~~G+
zdwiGQmLwup5#L|Go?gyzVLeA2Q)gQmb#`}YZ2jIH>b8ygP1+EDzU61Z1%=(V5zQwA
zvxRgf*_erg<#b}f!0)R8U$nGwhSx|luu_x)&<Ws!Lb$0pSE%NiVHPnCel$03r5ec!
zp?$Mdpt{LnfZO?EO~%*w1APKX6T)*VE~i94hus!GggJaiC<cZli5g2Fppv&Vaz+rj
zt~Tv{Kp17=^q1n<uWxD)I_HGMvFS+Pc#Nh|)Dxs$hO4cF;4){F4)P1vNSqhn5$1Ca
z4ZRpvjzlXn_ft&|!F!1*{mQ;4r*ek%Q}B4%XCKFH3WzdJ&k=F1T*`RWSMBk?NQ_=&
z=38DB>~CKqF0as%VDawDh?yy64nypPqZ&=|fDHRhgrZ4x-g{cQB*T=#i7CkDWnIW(
zrL*hp))4wdLYw?(l{B}2U7<)1>D6(yw?bjUqmlIkBmz=Ww^<R1spiNU*6%~hzVZY)
z!kPJ<syW6BshrU<`hUfq2TEsyNT9i!gdqH9`(DQCQ8-i?Ax`8z0GBKA!)Ro_L`q?9
z@jPqI>Yq65gtLylrb8u!c=M0q>D0#8+M;j=UM6f|GB2uM)+%T02Ge>UE6MV~{j5RV
zhpcBaZG7P(;T+M^bKc}5MKVr$RO;FN#A$byjJzGZ-_3!9xis%(KBfqqGW6B&CmKOp
ztx^!$zG$fmHAqjVgWPyq-*f#v4U0{>C$^0?Y8W1Z!!)v{<-l+XdX{=9^!6&bHmwip
zxE4uGAlW17V(Z1*yf;c*qEoNzWYbQFDL?JLr%4;sTAM52SNc)rt^E^!2WnYXhID5z
zGk`3SSc3g3n$>e=R`CS>GH!<6bc2@j>v5{ZDob?ts{A;a@PH-5g;jr6E@#HDWn3h7
zzEM_~X(Ys183{#!gRL4Gjx}echiKA(N6k91{Sy3_&Yw6;*Cb*Wa4{`GBd|WK+N!kj
zwuwZl3;f#WxzTHo9_xAYZK?hZwm>smL3hX)9;SL)Bjt!{W4H+FJS58u3bMu0RMEB%
ztbB$l6U+VP%|w(`fG}6#*L55lXnu^rJxAbRcq?~2Q0WaqeGVP4`hyX>9A~KcNJ>oT
z0G>?HC3@1qJLm^SpPOEskdNJ0Pab#F*6gZ&;ze(WrTEn@Z$h`J_|pMBTrM(1Rr_Lr
zDy|VC<K{_$p*OFSu~(u}2Wh2K10<1|tNC(r95ti%-!${WI`4ZS#%-3G_&n*D^!6-A
z+N2C2#BKAqqNq)2t*e-D$%}D`+@f<V#9~$8ky7rkaJup9Jz>FpJw;O=ID3ep?IkaJ
zzdFdAHf!J+z;yCEm_$8l(s{!7!%1qr;?J{bYsnF-Q>u+I_w=T8jIe?cEFp3K;At_K
zf}(I`Hu`p|i-qavRi|$CjE`H$<|;n4pBaXKRet?~q68Biiw2<%ZP`bGB4y<W**j|$
z$sD+Y*o$+h!OsQF)>4p$l`*RvWKVQwO)X}Kn?5%T%_Ya0|B@3~3IlG%c1mSDEtjEu
zmeFVQ(SvB^m6|@Cs?>*RBdL8m399z10gb%8U*w*7d{xniD3-n7u|)MO36wvWKB)@o
zaFD)Oq}Ucq%CRcFF&`J$j{I^kjcy3di1*b^0=NG+vs8O-6Uz7d8@3YLT+=`XMY0Xy
z@GU&{(g#voB4$TQPe@DC@_7102x$_m>q_lb_+>|UiH5vNsuanknGJYvdK~5Uhxikc
zARXmXCuY;U(3=vZp|pB^rimFkClj=Xi<>v^jc+NXs7y{<+0F-t+61{Cl!Ty@t<&*T
ze+)&?eF;S-S2gWhXSs!SK{8dhVGYPv>F-oTLu@@!`5h2Z1q&yx%e;*eV9?+h7T>~v
zwa?m|wu?YR#jwFQjYkmJrY)J;lAqyt={zFoKZ})!^}<xVAtE_miOGv2pZf#dkoaP2
zCsRcU^LX-}ix||jQ0(=0Do-J!UNH)Gp%G+(T;<w9;aZVmVYTj^pb93x#JllV2tp{H
zLiAtZ&LvBHVCV#B;-zUw=!+e$+axX`;~F7<3HES^gcNO8Sx8B-3ceMy?`0RY@sg$6
zOl(LGln~`wpw>-}UJLeVl$f9pV!5s7w#P=-X5>YC<Aho>9yT(*--$ykDwHLPv`|_o
zUCL<(7t~N0h&WxWZriAW;>Ap_hJOCxH-XxLFD6vvP(OY!v1a_uB~p#B|12=*sXCil
zId8brq0N<yB-`Js!tf#piAChJ@*E#Yw0f8%Tx8Jl0F6y_Rw(6laJhrGf?glt{cHvi
zNm&YGf_CB|bwurJ)dRRL`5WyEnH`2BW_-F~9=7Dr;&|jE(*}VFh1|8`sK^pAg{J^l
z7}BPansL?DpQDMx45!;iYw3BU!kj|RrdTDpke`)>kDBK4li^%Hstd<0@g#?Y;6t~@
z^=aj>))-MkwufIP99p|W^vlfnNvDMdh#Xn(9qW1_+qJDJ;&tq$Lu}D+N^(OGE6-?i
zyt&lc=GCUo?{>tP98EZtd>CGco+RC_^vP>e>}lh5@g}-{iRMJk(4p>KdN1=icVAFA
zW>=a^&YjH6E3IWEr%;#NfIr?vsX^t?{UM<voC@OGbtFkk-VuC@2Q9JW@E2N%NCpWd
z6TEbeWd)p;nii~-1a`~!1U8!4F3ejcW;8^vV0>y8#U|2G1kmkv>5dXg)_FpXj}Euc
zTnM+Ie9+WY8CxYQ$897ji}kh-j~7)A5b?A_+eOUc<&PDmwj6ex>&kOc?NF!LU}KXJ
zrJ%c!e!tx6Yd%|}pN5IA4;H9*mk>dH5BXlAf7@!LRNm^A+E$Vx3rPtD51qbK=@%S~
zvPk&nUCw~B&vWC_HRJLTuqZg8(WN~efrnvOG#@7yOo9)|)-K1fmoki&po2$(3R;oS
zlLIH|pdgkAF7cK22(}}Fa|*%^(aFe#Ap6O)-g6F%VL`HQv3$kw;MM*u6iIJ;wazfl
z*3M22$&ET25xi$fMCCc~#WaU>8%?6=wHLIxsvMWLub+S4cgwE=JZt*J!6r7szs!TW
zF<G)3;>Il%4P`ILh^%3d1y^9m&QGHYDbbKePD|b~q6-gq8(6cL+~xWfu{)U?d(eLf
z;v!gw!X&sb!egxb9{t{6$_v7eG+wi+eCeGAab0x-RiU+1=fo$Z1R-m0iH~H-go(2X
znrXk*(I^R0UA~v53}?AwB_?p%KiWyEGRIwp-7Jjj2c^PHKu}P)_U571yIDWbM=yn1
z6@4n6`W2`wKfQYvc!SoRnFy!du;}tGf5ygYnR7`?Sml+mGx~H2g2n=1^KnM2^h^CX
z@>`V{&Ev@G-`%+MAIR`q_1oNA)$R}1S76?Mh;+3HgzTy*qmcGvz7L%jYKMCq&qHqT
zCrH(T&rBbJ6b%{-B)3Yu46#yx#@vmS5z^h9%gCtfCPT(kG<Fozyvo7;Q7FzHh$l=R
z^4&+4fT{?8WhMw6BONDK1r2?=pNNf;R%7u&r6VR!^qzWoVM;(R7&|)=FY`4p89}QM
z%A$L;wTF<OGYvt;h5SKW?0u$bkr}P`q*?feP+z`5!>N3^C-kelkjT{bg5(xHdSkMz
zMk0^y1IP-^wt%~CdX7q^L|dt2#i{NuZ@4hTBv!?+DKF$kf^s<}IZD+8iiZ30dhF^g
zW;#P<1l2>WS?VXCgm+{XFn=sN^1mX_0PN}Sc+Vl}^E=@2<^y<L5Dk+6rDQwN!|50}
zdsYT3c05{p0Jm^-Zejw<+F+2=oth?8V*y?IJ(Qj_@9~<%D^+23#vK^e;0X<<XqvBI
zdcwbuD03ORr8T+b;2H+?C#eZJBYVLNu@{oG7K}%)TVF*!1`+QDWChv_k@T%-k68lY
zM{ipn@25Xen*#DM&SC3hHEXZieIq6lL`1_FWW>=zUWd0BEygIm(>A=)P|a<?l<>sO
zfXxvH$V{8=;cBIj)O1{2iD;p8AQ4P@dXaGA6d<3Pw|Oz$WCe(zVc>in(B)0Ef6ti?
zHwR(Ap(SCVVj+q>t_rp15(t)!6|u#{Fp!OkmKqFDt5^QW)5UyE4ihmF92r8k=x>hg
zvIMoBwsNca>Db!0ja8+Ag?16;F(VeJV8W$vndTiY{MbdJPa9falOQ#cUujs>cS=OV
zwNOv`bs*HhE2KDs^@|QrQ;JH-WA@Q&1ADE^Ryxh#vR!u&;?eA;6o1dwlh``l0jofH
zPGS_(Tl=Nyt`x_<smaTlqSuv8#(`8Uc4%Zg39i{1XgViRCqPef*mudc4sDz-pT+E6
z<CQfve<foSnXUoG*C0+BzZ~e`ZnzPUQ|j+!Ku#t@)t^2tX}9cYx5~$xDe&kf)W^{D
z^c0j?pA5IjW=3@X7=I66nAfnTiUT3~6c+Q-8k4k-qF%=tI?e@n75-{JWUYZVy0>K;
z24h8BUa&UDcR7y1r)+#mT^8FK&n&P@b0V=Zb;7Ze3}0j|$oLz*k;0v*;hUHGoOTRQ
zIR`?B+Suca%5*6sFKJ6D7T+#9P>Yt?t*D+&ql~W3Y-TqU-hFKLS-@zcUr2Pam)asH
zj5sJaM8l44jkn_sKPPrC<O|swv+H$PqppGTwJ-ScM%Ds$+I^Z_5ut=7=9L|xDjklQ
zRRSXWL2L#Fe&UFtFCc(7MLs_TOEwJSGUl=HQke+Nk+B4Rq7F63)RZ7V=1fYEp4jGv
zwNR7xMj$$;;c1o$s~oEYG~$$5P6MLI*xt7p9lLR9s)FPx2)gF)bTaj=<Fa&NbDMF-
z=jehV1;reYLE=&E0M>X<!8$v%D>)k0wA=PkaYt9|>Pb7Mre5g0#N+mAP$RN?|41Ht
z+CbP7l$fcyg>0J&%JRA#VUVoOs(ZM*F#;m;g!L<FxQwAN+u_~#zMeZr;?}e;dt7mQ
z%?9JN*_YympK~aJaqm`FTa|oAbO}4&JA%skt=OhY_(23ZB$Hb7o-Zu;62`Yfbj~gy
zEl5sVT_kq)({K{0=+<0=UKHHqEc+J9wZ5{{6j`SgtSV+<h^Z4bd}eRmE-OjlI@J3!
z3n7)CZ1J}X(;XrnETpi8(cVImu`dg&ke6W*ay~nk?+RY~AxET)(d3xbO+oZy@;xrq
zH^!kfiN?_f*g#7JCBdZ)9SMtOG^Y1SI3uC51xrPmoH0AUi-&yV-LTWzMhfpk*Y%pZ
zyoSttPgvH%t7Q8@K)g1euidRzsAlXN23p+3d5dN4Zzgv(t}0k!lpph69Fc1iXPxSN
z^x59z>qbb2VtWVhreQ`sd@r1Nsv*wxBFCuNt}Vue7pR4yo60FH84Ss~&)msh+&W+p
zW<cF(AYs?=%9N8!yOS!hr`8_hca^CXmKE9|?Fh4|NS<?@nF@ptQ0@h2_lFz4X&`<S
zx+M-QklAK&+z^{^PZXM?!0zU=^>8jnTKJej{;2hnVM3mV!0NS)4Yu^FIViOa?uDOB
z0rKkS79y5%)!4HW@8Z*(A~fS;8uJ9@-k`0Pu8@bWx>}Egmt&9G^7J-11i$LZj0kRn
zpCrpg5D|fr@(F+=H>LL5*9{O`nuMJ~raAC2Mci9ksjoG2nk@;gJF;U`hX2fa1Q~!%
zcMD9vA=WO|Fqgt`S*7`9z$?HLu+ZwU<t-=q^B`E=eEbJbbeS9>O$xDTJSTE^ah3}i
z2Wd~bqN7@5NW6^|Ea5ETQO@Ss)+>tfO!eDrcva{CVkUU@sFP(f2jO$^vCw)~f`&<|
z#~Iog!if!UMY?Tg3`LtSm9%8v%-Z|qzu`DR-n}RD(sg?DgShn)C$1VVqb~a-UEH)A
zQa5vhiN!M^YwSzOxR9B;?hWy9u60j&&c6J3Xw}z3R)4yt@Q!a3a`NCkPH6Bi;yvev
zOJ8QZx7wn`rLbIaT97-rK+e}af1Dw?kCXa8<G;2ghAQ^ii}-<8E2x(^HzLkxJVM$@
z{c^0;xpqR;{g6zAl2{GjIuw!8gth~&=)?9SSfi|&VuL0sRhY&khsM02+0@AIVh8zm
zycCQ-V0tH~K@qu95>OX8;HRMYLQWXc(URMEAM5_oUUFFXA0db8@a3)yWllm|EiK%%
zQq}2oN1A`ZSmSuGOTA=VBs4vv6rKn1jnC!N7coZj#fcal?_)BvN20QXZpp)Yw~Y$}
z!Bzu(c<mc_t?)kTQ<gffy!As<O6Ogki9%LJag`};lCf@6G?u+Xu6Ew9zkj;er$t`R
zU7;c)h0vum%jmphT(Z~Ffy(Y+N*BA=tiMFc6v3(f{EOMrmfG9OMhB`CA?MTWc!Z(u
zl&Tq~_s(@!+f;BrZw*TYcmo<@B`T^YEh_rYOHc5s^OJ7^zf_+PQNMvoVO|P~8``_C
ziv2wzO6Zc6BIvXs+PP|QNe8dltfZ86iD2e}f=Q#);BYPUh;?CvPochyj!I96%iJ3%
zTcU6Fyc1km_Fn3M3XupcHP=8=WFL`wwP8%vMhmO|G6(f#^h+vMmF%PfO1{B4ejlHX
zsNZi+oc&`TbyrLS6ezRIT8+>h&=efBd4BqCFwqThZ#Zwf3uchI|LWSm&G}tC93~5&
zW3tq9gQ-^Y(6BIAYe+Go_&o);TE5TAO{ds19E%2JlS=R3xUgpn!z^=FC=`L>Z-j&3
zVc3(E0z;`Q323O4>q)OpQMvshbP-yH4YxFfuxU*PQ6J&D+Sn13FzuC@P+Yp^F9+e#
z=3z2i7as*0k9J<H`NLM#H+C%m<^s~yO$}es(H3ACsunZq;B=3HV1-uOud!RjG*}4T
zclf?4IC#x4UUN$;+IL*Oz~r>rZ&)raXo;xgj^kg)S>IP4`KR_z;9{wr>R{*k9RL6|
z$_l)M)|8XwF>$bCFfw&8He>Lxa|AD`0f0}?!_mmZ#>|Dx*v!Jpo}c`rt&5z@%9Nj6
zgI$hE&Qa9N(n`w9$xOvdUe(0Q#)R9HTu=ak&w~d9urqTpBJ;4bwRh(6;3xls%L9IX
z9%dvb`$OVl!%wa$r${F1;ABR|#=yqFL@(}P<;FrTfI!CQWNOZ%EGF>}2=IxY+|tFx
zk%y7d-QAtRot44C$%2uYo12@FiG`7cg&w4!clNY*G4i0dccyrT_zOeK%-O`r%F)Hj
z!Jh0H)5zGt)rFs&9DGmq4{-3UiMR(i_>TpipZ~x+yO=UcgAZ)ren0|77A7VxdL|Zn
z7H-DB&j;Vi$^C1#z4Je$2+EVu!^n}5nSqJX&h9_VaCQ-Q`}cbP=?rI8@Vfwv%4W_E
zu1+Rq;%;X4E);)X)X~<}`R{AGI-5NY{o&iz)SMAy>d(r5pCc(Pr}(cq&tkN&vUB`1
z<C*&Jl%^*CqH}b0vi(D2YQkt{Yi0*B;tV1){|9;(EAxLV=s)b|`OW{v2)Nw8@c#q#
zKjrm@mp^jl5pytceO^>rjGz3OUmjBj6Dw1mKOb4m+1OdxjG5_;SxngJ+1N~2=#5xd
zjp*5oS=o$?xR^|t*p2@NC2jBQVq|Y(_6!ArGgyH*tgI~DESwzN^sL;V1+lT3vd|lI
zm@(6vnj0ILvvDzVup6=b4MM@m3iJdc+rM-53}p&JF`1b#vvaX>({r0Ko6)mzak0>I
zbF&!Jv$2?PfM7<PtVX7Ppq}->BdjRRPtL-?^zRWxTO${92PZpza#<^TSC4<cP_?o%
zQ*kkR78)}LGb<B27ZV2;GdCMIEBn8R)XkinK_h?0WM*Pu`HN{&6CMc=(Fim)D?1|#
zGe$>yi$7DI)xraA1{AE(vu}XNf5ySR@Q6B@8M!z(sX92=@{>RFO7;x-$EC>l{^2Y<
zvJNJHCjKEdGkx~Ae|VgTkp<(QM?S{?iuiv+Qn7S!xBvf!^Ka6Bp$I#<xH~x6C^#t?
zTbr4<{MR`D8S%f6l)+f%?Be7p{eRfh|3b(2m$^!Ta~+&K|F*u0*}K1<{t8I8R)0iA
zM)oHN@EDo=C4OfkH?zO21C--muS_hB>@Cc|X!{RW`{%gTe`3Zg9Ne6ytX$^wW*mRa
z*o=vui`B%0-k8ml!-$Q8iN%QHe?fP4Fn4h`axxRP0Br!&Gw51>^h`$m$NFggn8Uw#
zakn%BZG?`AnTLsq{4e#A@i9IJ)PHV|?>Xei$?^PM0DR9OiAVa`@>E<M9c``5oc^O=
z{%I)xFLZyK{|}@5KTZET*<Z6o9UMJDr?qrZaJT<2m;X-)|3Z+pGBLAvcKEMY|2xTF
zV)@&-1M>XW7<it6$0Osv&c}b4#k1%9U;O)rx&2>U0fhdaMgCjz{U34tkGTF@68LWs
z|BrS3kGTF@68LWs|BrS3|0XVke^=OM_F$st4%W{|?3O>l+8fsRt)v+6^!zWUqc{m1
zdEqFf<qQCbn9u(qfQ(Og;2@lfw46BHHY6e{4ZOKt0Tuv|0n%c^svZkR%MP|WSD7a_
zaXK*vR`Z0~@5sJi4ivqW|JcmCUJFNZ7zQEMfV*=TtUGa;ZwH5g4PNLXM^nPRJ5JJ0
zyfZzrePac*HF=^%4AfsG*dqAWh;A0;;h0_J4Ge_q$+BdkS6f+p7BwRHiO0X^)!w-)
z5MRm_Yny=ebdNH22ZL9O9m#k9>pc&tpMTeh!^d{ImjKY(9r#pZz?+TCf(9s(-W{DM
zZZ-t3m|y>bd8KvLr!K2}{n!No?DFus9gUM7FXU#99jh9;3mGgBkH_lq;^6@v?Y|!c
zM-mV3dMadray=R4r-yOzc}U<|Ao<9LqXeX%o`Q2L{TaoNgaAzA4FA3o)tW7k`9K5l
z=9SgyqyL9s2%wvS&(|<5OW>5v2npCvN~yOL!8<So5Z}tYCFp!|2LQ$VEXK>-J*c+x
zZ@Cudh074I(10~3qtzwI?@=0nlgjo^&<6qtpkKJLRrFTzw%URKE{5J_c=2{5pUeUh
zr;tDZ87$C=VtfQ|*mKuo6Fr9m1k8Hhb~E^1==jURi325q?_=s)gExNa+*2wirhduN
z1AzL`lgAr(uczUsO1lLKb|k<WH<j%&WqQSK?(?=!IZ1&Uc1=z}%N+y~0JwZjbAvly
zG7yl=M*&LWDjTddrwCo^^B_~>&;8%?w*$a#b6eBNesJNFr2lEZ;CNDke_sF~WG9mN
zxKCHw(Nt|Q@>KZ2ed!QkzF>CN8v+3Oo~3g6u<d+E3JY$>x{_cv`JpcZyE`bcNIYB=
z0HQBJQSd*_`HKWUuSvh>$V%YCMiBthFl!l16ArfVgvM~aUDgB-E%fk!>A?iHni*Fk
z9c050MgV{}0)*hpCw{^k0KoNF$LjJF@6!nT!)4KkAt2<7zq`Qs6K*nQrKgdek7*qd
z0OIm7U;*UCRjF4M2?%)LNC1QID<puR@qF|qu$5Jb0=vfM8MpN<xF*(<!IPx+G?b7p
zQKee%aD$&{2X+m2FD?Kq7i+(0yK3`Bf(51-sP}$@s{~cT8(P(lfiLwAnmF|yHWeNt
z0)c>AO>H{WnXNO|rM;&C(4xkdmp)cKI?j=T7f`_d*`bEAw}Zi0>eGlhXGI|-PQ~j9
zP-YHygW2~<$M-uZP@oBXC@G|oq=&E-sknm#x;c*@j<ftOIG=Ez-<6g+HvGU6dppTz
z@&X9xTI%rC_?KQl2^@(SNFOb`@#}mS+=u<B)}8JJ4+JPY%pJNGkwXeSNOW-vqS;dh
z6!uSpitssDIXT|zGOuO@y(l|pHuc@iA1&eY0>J%Iw!i*_gF`D4G%)@80Th-PKZNa}
zA3PKQ2wW)~BEteP=_Tv|Ft1`*^Z`I9QQ#I%lJp_CPY6^42BBIH2ZEuM(gP&e7xZ`<
zzC(fprXBK90f`GxCqBbn?Pr8M&kSLpx{LX61r$<-;=cxf)0&T}JwOh6ejK7<Uo<KJ
z%zqVpYVRcjgdQg25DbMY)w;n*C9wI-w!z8`^0Po*_&NKLbtnN8&z>}Ro96x)Dhz4?
z*&eGK79Uj3=`|n$11db;iz|Tn0Sy3bBdy*8<LM6HQ42_r3}1vn1Hkk~zW??6=V=#$
zc-^=7;L3`KKS_yTA%Oj~_yW7Dr+0FR{pkP@pzY)A7w}AYblCEQ`)nB{KO~>lEPs9$
zhJ`#$H-U?zn<TvGclLe7X}@8l#c%xZOp@e1^(p{@1Zyvb7AKM!Ei-910n41|8zxFP
zHcEJkRK@n@<D)|Ao?2Jq2Ooj1$E)q_?Tc#eSc=6)d{aQE&(Hg;>5l+WA-=`eq)1U>
zMfIC%sgFX~OnE$XKd3$lFf-RavM)BOF{G)z!ATkWDF}Ww5bTEYcD3|@!h=eC<WDRS
zb`zpaQTF%mQZ7yIUH@)sI8tY-m8x7i?Zx!jPUpr)e`I9jV1@+%NG_i+x`CYBx2GhP
zcD>OYp;bLS!iCB-Fu~?1-t5USF)`BGAM4VGOxXkl#}MHGP045ZVjLPFY4i2=<O~c9
zu<`LN)ymANQ)0ZBjRMUZkQ2fEf&*I}5%HpM%F3i%uc3_N6adzQyE^vv-?l+L+ZcZL
z_|_Ub2S?GwgwhyXb(t;42qGeI9qrxKHb@3``zxG5zKe>B`MGD}Phmhzv~IqaL?|})
z_ElC#n{su{&AT5=kYT;p@cd;SYIAyXiTC69Th@<;Q+R1p1!kQllvX+`jfb`=pMN$5
z@eL6~+u7M^HE&(-Yp>zd^nX*bZkipI<l6wVGma7}%KMCysQRWQL+@HBDin3QS+@9j
zClKGHoSmIzil_AM?#l?-Khom7u)OuyN=T{lI{sOiWRSGEGPM`Q$<}rX@w!R!d@x8x
zQ-Q!$_QO)yF!q8o6q9HHXIb}Ug9J_O_-2zI{jzp~_thrc<98(V0KojcAyY|V;VZ4w
znVGSvt-Wx}K5rLmO9f|xIia}k#8H-9KZ+ArpT16up-O2ga6ItMm$mzT1YmQHj9<P@
zSb3kvo4=130$N!GTy-V2dZg1yE3I#Ro^hcR(*Y!IRhGkWOKk#Y;?Moo2f7wa`VN0c
z&9s^~Z^1u3-tALiDvmXHSg-TX&SP{qR(gw@nv^-&ncn)Z8IqHSDxD^wfM_J$UltpY
z=MtQiwsuGFW{-J0c^Q`d)76^5HA*(hDtkvE1HYNbG^s~(ryBQXdyist!y6FNri~2P
zbrVHFyX>6{fRbInIA7tpVV5QkfdF_IYWQ=mkDK*9cEtNdYE#vitS4~c_Y~O*L?;UL
zW2*JWf68z_Y?upUH}yurpn-5POqDkh4ZpFG>aUVtJtNTI)Fnq#Ui2P&NQ%yFih1Sp
z%o5Jj1`n!LV7V5ayQ>ZWka+9m`c#!q`>NMoOd%<BPi5PAeW*}C&UV>MRqlMvE#%8M
zn1OWT-1JWO@tKsAPYfMRLTX540qC99Mw7SI&V%IidS_};Z;P*Jejgc37LfqslWVS~
zt4hS4$0fBhRjt`0o%yYGiBtW?VPvpq-5j_m;V%q`)t5KRr^;-4V?W(``!N9kbTtoA
zB$X?52IYGQ=o&eO=3rsHPM;s{>u(cN)6!zNQ=8=dX3|aYqXi2eHRDU)0|7<cbtffZ
z#(jGD?IgHg7<Bo^2$-*Df8qtj$SEkeKL{Aa8Oy-fa{ZV~jSas@$6M(`g#!#nKx+{6
z+LI&Z^;p7PKUgQbY?AcPqqvK8A`bw<*!Ntt_gogz#+DoHQbx=uV*Bfn-CmUnUKZS%
z2>VHaKQeq_i@H1Cv*|_QDW9-Xax%Cs$=I=X@D6}L($=|R=jT6K{OKTbccV#ZsC!X9
z9Kvn|04JsD9VPcZ<dcLmar#~=qO(lF5RmBxqoboYPRkl<R7o$lY>k;7u>`4sfL0`}
zJ`nr6v)%S0hd`}SN5ZGeWfxhrZXd=>dAbCt>&qM7=g=3!l^SwUP`inRbk2l~4k#vd
zUk0p5$=gs%gj%rHD$4qMpTCX_eFF;x%_Im98{C=YMg3vMuXF0o&y$-B68MI;7qfzj
z#SEKY)$JueWSQ6l#*jrYc-?sI=Tg!$Fc7>W(l22++FR^FMF!Rq5+@2)q_Rw8^n&$c
zx{8v1&Edhjyt;&#(!Q{9ahbl_G?altVPt9$h6lQ%PcLZKjYd$GtAlDS@LG|vnUo&N
z!WajcO@fVzt{{N+{jZ(*A=OmjOtcYX0j~IE1~#%E{J?`)BQv_I2s|TL(d2OUVlaAz
zfCH*h)#0ld#-R#WA~0f)CiqIu6@Lpv1C59zct1@Q4CoA?Wn_VVo-GRmSWxCm(;C<z
z7^y%B8j=YCXDrV_{E%JvqC9Y1`#IPHmdz99wTjWl?@##*+=YoqE-#DT&kU#7Ew=i4
zZ<b9YDG1Pv)L|jPlHzm7={%{u`LMdTJ3tHOg7*xd_O42N8kTb{l~dyAS}iT`kkGo@
zsZwM-_dSRQl{h}mY;1tGh*+-H_4w%b3gZP#u<+)>81FGZ_S>q7kIbxc7{GmHt5Hqb
zEM;XYw%XE+<fA{M9Ueax;cS_XlKrc}A$Z7i4b9X-N3O#N6Z*7~jEs!Q`}_OUlaWTd
zAB`P;21OiXLyJu@$cC}r3M1l@0Pw`Z?bG6}hfOD*BA~5QtK3f7PRs7^|HhPNl2FOT
zLKQRw-@y2Uu`_SDIGb&C=|Ua4Pw`{{p2Fk_OpkcPgA>=+9x6d|n<RZ=U=(NfIv*Jz
zAq2X+Vu|^xq#UM8Otf9;XqVnlYYf|Q$79hoMq+zEtmX<yF&@U!&05fO^4foMMgbkd
z^u9oUDAO?C9F&NmqvQDQCU|H<K|u|`7O3km@X%@;Qxh#1ErH)&C~tQLQ?7oI)YwB_
z>u<kwwT7(LJ3>>{18MEW(^mAx3*B+C5JFt2GgMg;+45LGL$Idis6f;hb9U-w^;v|O
z*g{BO?bDb6PmyTeBByPXDO8B=V#r0P3<9p@Uz?66t*x5hs4ub~JHF$5uXjbz@7J^O
z`*jrRuy@gmUpdR%P^<R5vZ@&hS%6*l*6dkGwSuWr`9OoW;Je%}ZLq-gbosA2p3dU~
zW9IxW&FfT#g%7a`Z6lRi(Jzdt+Bt+OeYim;01g%wk!vsNQ(c}1SBhA(7LSh?2Edw1
zt)j)8AgGQGeJ&LZ))+U~+TPJ1aKW-%O^e2BFm^CuPXN_h@=Wm1HInTS1K(^v^RTnO
zT5RN|BdyWAR(#e1o_|^X;Cl1b`R^YFXF;H}GNZE(ziz4*6Y6`p_w4?92kz0*LbX|I
zeCT>8mW}2)3L>1~3d{&WA3f#-)K<f&pdqhw#hRO&b5U@ff++4j&O2#ij|<Iv@j$>O
zUR@aPq+_0ojX1~%9%&~B&kh~&LUy?dHdg?!(*tmTiOY1KWT?tjR_rG)jact$ll7?5
za9~X#@Cbs~v+6+)wYp;KT;@3B^;I)?it^}i<<B8nEIiJG<_3lmOk9bxZ7eZNPSUK*
z%xznrXs7Mi&UYIcw?A5bf(O${z3<IowG}TaAmDbm_N$T8z4`oDM5DrNxN=MNod!F*
zV{4@e7Z#y<l_)k>{cP8WPd;5%_zA5cm3r6kcHQtci=f&^>Qr6v&WDjkS;>m38*(3r
z0DrZscI#r0jn=XRv0CFM-~6pkq4%_S@P<^(wYOl>$BlUaF9Fwi7Hf_xU}-geHxOZf
z-U)R7T<FN!z3BZ=Rk5Tx7uvuYQj3EG&BXT@)TL>Pw(qhbBE8D>i;f=Gfs=hHvsrO6
z@T7g}R}m=?@EySxwZ7rjb#FPeDvM+87)=5joEQuyb(^sfvu80{3_Q035qZxW*Rf7i
zs#=<eKz#MgbE^6*0Ia+-HMk>i0L}l#_^E8N68oVhX6!TOs0sj?E?M(vb0B>9wX|za
zCAdq|py{F+Ar(xVoPIUR8?@&_t$JGUd$^X3kOL0Vlo+=UC;kR!+52$*sQ#;xq`v20
z2Q{^|Z>Q~EzkZE>?FLuFq1T>fUwLhPwzecAj~n%&kxw1WvNXSLn1;Rc!h?j=Y;s)k
z9^O(H{Om@D^MV?0SE+UjqYl8Mz(b-<k)ioG>bHNe?l}MT2Z3K=G}Yo{!&t|Gweg;+
z&YZ-DwY*HFiZSIkST+wf_|kRUOz?(6ZM9j5LagB7DJLiAyKjSuiFx4ffBnRNEZW%9
z(=!HLqe|OP=01-&);^y)=-J^Yf!(w*!t4irc=}bysYBv|DxTEpc+q|$!T@gw*5GP@
zw};GHFhoVxUQns3%;x5%6OqM(O@4kpk`r7g<ja2dL7hjg(2p?K_BcMg-?5wWNcH)v
zH8!go?rS&NHV+YD^J`#{fB=qi4udjz(Tch^Z`U0)69rW8MZMd{!%nwXTo)IjdsSOf
zK1HU?x(C^7h+~#uV}lvVg6+F^N+4~Ip<-}wa7K1^8YMC+s{cNRtfXz1X~9M12xCXn
z+G1%qY8%L}-}&T6df#X;T?3<$tZ4fQm?ePOpzkkTgP|DAZUE@cu;nOs;i*)mEi`1J
z9(*?om1eidX1O2GeJM1;D7)NN#n92#ZMdq@+K@*_*OGeDGQjplp~5vhni-Aw3zirF
z@Q@|l6kxlvzgH_J{r>$sixAkbX)s7z(aFI$i+8Ipv>+gV7TL9~K(;}(6UeKLqod=)
zQ|)6ptFdq8GHc}i+yEG7HMDgz^ERL$!N!&*s&=YbrGnr$^UvA)k?%QRYj6w-477%n
z9=t+yOB*06h^O8{JQId_I}#W(;U(A4`am7wB7{ui!Z(~VGjvE^94JL%>wpJK7Ro%B
z1c4n6yJ_3tz3@!*y_ov*$G1)DyFSek>KZ+Hyrltw04xx2!jIRS?l(UK%q~QosfS0|
zpGM(0$S&{4BTq+ioP#B(l0f$AIY;bf#p-cSnFdu-f|=HV|LWnTWsExKnx$*=E-a|z
z$;y<}P@~yr$Zn4wp*Z7&fZkk2@R-ScoxPiYjcj}Cdl^~2NV=-h;v~5}+*PLOwB3A#
zr<jcp-god3MI(41i{E=zr)sXZ(QdiZS0{G!Yva+yQ--mjVNTJ{nu(+R2Oez-tX-QQ
zzN`;5ZlPC*^vE)`@rB0y<~hOulwlZH0Du`7m=^YvD}c*Rj6a+YX5D|ABf82;jcRJp
zbxCe=DA&xx)SQF4yn_H!H)@<H8X}ZxxT;DSN(@534qXQDT*r<Q-#)v!aD<&MPeJC2
zOd*HT9n);6(U35_!$e{MwaH_{^q360+4fv<^#~oTU<3tb-Nju@dy(n9@hR!=b*R_8
zj>qlI4+K{z>FP3w5X-YNDkquQ*QQOG{PHEFpkWx4=iKk#EXeeVN$Lu6biVbyWOGE_
zhpAn&Fh#*Zz@=8InU$AUt65it+~@lG>BPGRI~~x?*jFEyYNh0+M(*Dvl~X6_T-=|%
z7l$O^zuis^uNsB?;aI28HzdG)%>OW2hzb@#Wx6eW5#}}4^Y}zWKBj8JA*(MzU|U<+
z*iGt>qt@@<B`}3aBG@_{oph$?yn=1X>R#w|H4GG7<AH;&iDCS9>|eHzTg0b9M=<ZW
zk0(&8dww}x)Bygr;Mf%f)(b54;^dK!l&G4@rf?n5z94xk$QLRT5ECCsrP!1YX2}<)
z$QRG`%^x0CC>;!rdsgZ`sUc&PWP$}`>M~~xR{@wqG~J8Bc`yY)So)pvu-6x_v+Et9
zM)*G0u*HlkIi8YmTB(I#fnBIvdLb9oK|)z>^sUiu^!s;fKff$o0(!lt2AQ*%R%{JB
z4!Iquz^VZOLm}LQIGBs?AK}hthpIivefTZUchl5ve`Qxz<BQ&bhXFl3{oX=@&2veN
z-pPTG2A0RIeh;madu)t6+C>{xEbssrGn){>4ep)KUHmC8UwAxvw!8keA=WA18C+|q
zuiyG;wYKh<P6mrtl%hvbS^?U8&K_8e>uGQk$Y1VR{LFeC(!dmQP4B@^`yO1;(>{|B
z2^F)vf)iQ@fNE84(ue}x<8h3X_|!#wtl60gZ+dI1pvs`@cyaBbMvOeyX0Gbl0_ckM
zH_%TQeM9U4XeIzTB+1@@5gX-beC#{_Ny~*T6<o~ziq>^~Z7s82n_G+_0zei3aa|8~
z239=J0vtq!v<n?br_h@Wy}Y!+vRUFd%2IW$OOV~!$qB44z?K9c1=j4(lDawe93+R(
z19K<&03J~2&+FUTM)#Eb{Ap_}0?w6{hJL0O^gh^{d)B-|w!i<OG&1r2rdWv*ZAxCx
z7aY}MTNXb6EMM2APT4<E`qbc5aG02wwEEnzV1KI2a=0p{tYbg|KmouTbccc63^soL
zQ6V;ICcNp%Neu5W2vG3AI^wnMH90j?<1<hIY&6LO%Q_-7^Z*{P_U`;0ET19hd|+>Z
z35^U7k8AdiA+z8Cd@m;n)eOD6amN}oYhM@w`?yiiK0mBULKqoiJX>^A?H0jK=q6ZU
z>eecL!yUU=HS09mddCcd&ZNmSp5HRpIb76NBF&RY<>R{X^W4t_rBxOZ<R)M+lVBlV
zld@aLP$fc41T+;Sv2al^_(C&v=YxSJ2ILMZP%gC32rP_01nx48)LGu3J}W^VECYAJ
z{)!oyA|{6x$Kd>Yx^gKN*Z_Qf=LE_RZ1^BSbFg!BgXIk#eDJr?QS|o^&$x8P34jW!
z66Q!98#8l{5FQmCQXL5@a4J==4u!<(`{|)m@uPjq*Rh{x*|+XoMCx2bm*>thh00(E
z%l5SYqtsxefox?^JFt)+fA3HCIki-P=Ujik_>V^V!FME{IwN(-Qk2uHt0zOQYT%w0
z+T0mm(*XehZ2JCE?Qw}87(uY#lCC~gw>@6)`|@Ie2A9>zSTkUU*t=dMAt}l4`t9uO
zEF&|s(&n@AVx!q&BbeEOHQGPhVHMS2NYD863AAa-*YtmY&AER3{Gqtfd<6zaMX*vD
z>0bnE5ZhaR@SwOgQLtv}d>j0$c;2=Z1x!z}Uc3bRdlVEDU@Jz4caTUjDJd!A!-okl
zc!J$JzF+r}l9KGKtY`BwVA==FzH79z0nZ3_+?KvR(5)r-SJnCFy!_YWvKjH+(eFVI
zzS{}^H9bx;M(hk8Jz!)RH(nRzKJEw;Su|eny8vXa21h|1Zm#r^Ts*R}vlo8&@S$k+
z<odc92N#!r!mmraB_9D6VB!hjj-9Ft9f=U@ZT@L9OnwAc9GTkz+JOQL>R?AP7zHie
z)`N?dEx?c{Yp<3s*;Sz;>Rs}lKM1##geNvXFfg#Sh>+uVXN&)n-*YSFy1@}_AbV)l
zDzoiql6RoPG{S){km0Drf0(&H2Qt~=b2;a#(QeJ&b{fdiqW0{c1c`iK5NE30LaNI^
z#RdjKfZ+w7xVIz-;<Qe~X>)*RgmB2JUxaxqj^-`^BD1pu<>*v)oXhuD7}(djOAW2Q
zi1N6~>U@_sKaHTH0qxpXZg7NTfGW77K9}B*k(L2oXn^rg<L-cBW!~jx`*YW<>W+jC
z>DiaiM16rf8+nXMH6__<zXo0(e!N~3QUTj@tS&>Q-68ecXOA6sh22yD!!B4?5_=wk
zLIB%wKK@zhD;EwvKJ66i<-?73U>b_gFQLE413brqRu-QRD?XcFLX`)5HPl@7(zC%d
ziO}2j#;0>{8HJFUmDNO6B|k<pb$e*^^RtKKL_y9o<i|PGp5`(i)X3{n-!!UNkS8c|
z5pi5zOGrp?r82-z{s}|Dfcf#c=wOG%^er8zAFvm>J974AE9$belqR3RFnPo*znHuZ
z<xfcBDG<bA^QtaaZ_IE|t=+n<W6dkYJ&N7LW4<^wqB>~-JKrC|;Gd&#rlHe?O^b&P
zSQ*CfHG)dV!$r~|?v%AN5a8vtF&%$LBnf)QKxdJxDD-m-Ly^+lIeuXGTUn|K2HOPw
z&O?G~HDHU{ByMyoo)w&OJmyE<LrC@<Uh7rBa0GU$wrc5d1lT%%gl6-QXL!|Sjhe@-
z+&Ako(0v>w@U%@etEFKD#@>gfbI5@L6!QPJw4a7MtC>RQ9-T@4Ll!I!=8wZa$PQfp
z($UpryPUTi0B;_m&Lu$OB0x4Y_q)}5)1uA5lZDp@rYo(Fe9R5E+g!1=Glg&;e4=YL
zqd7%@5*0)59J(wx2&7$r&U%ONeOl4wO)li@>Z(G`-ek^K9#9a<x(x@dzHdwi;3N`O
zEcKe)Pcqs*1p%-w8@&tTH1G8h*uhfufYY4gf_!<a)E8ApU!UW5v!ys{Hyt@|z66nE
z{rA1_LY*BBEQ$aKI~<fFrr*txuQaxYi4|fBHy@j-_!WYBa%vB{e&4iP3`}g96e7Up
zV1oVH{nic|>>AuG&)TX*6$q%)AwsRK7Zh<LQ7X6Xb^4X)Me0(viyUrACe_5%r4WQd
z?&ZxF^qlavsMMXjD-$MQgJhZ*`YmZC-W>s2cYvFLCSmI%ox|!*|H}Y7zbucETeDkc
zut0DT>A+@^=E1r-izRXPac@6{CF+++0ALMAvjkX+$=saThmw8{W${apXw+(+FKK3Y
zeRC0k9<ROX=joI7ao5ciDlr-4#UiwSJ5Ct@p*Q@6-Ec&_%%F(50n+^U&PW^>I}--`
z&A$OWg{O~W2aj1`jpRz@qt&-x&U&9>UkO%8-LEgteS6vwr?Jy;2kLX=p<=60W1bhG
ziIE+P3N_}bJF(P>W1S?lE4fwk=rTONzH&r>wCk+lsDX4dxj<n=g0NN5x9<E!Mr-)^
ze4&H2TW)odqnJ}|Hi&-knN4iA>g{gCth_5>9Y<G=fh%2Eb2+X0VHMFPSOQnJrnJ(%
z6|FVGrt5E%JwXKfO6T2sVVzBmNnnnDjyRnXhY!v0ji1oe8aa+C)`ki1+_r{Y32b)Z
zOYeum;v6;|ryCE{{~CDxGH)g7#-RPld0X8{j~%5&x$3wURL5@27I#M?@5CgUy6>k>
z*x5{Q(|8?^Z;cVi$JHO0Ss5#cuSghUh0`;3vQNL-EE9p9E(glu3yI&KP{fl4LKt1b
zpPTVu1C*5XL3(hpmUC)ev}5(3-vvm4g)(C&YOsDo-l6ocTgYisrth#d>5VuL#}9!N
z5cz60z{nZAMM8p%b_Sc{4@VQ(ie@4s7ce3j1lNH@uzus%FS|C>8?k!9&pBWpl+*Q1
zSjBo6ox$Y7&Pb7hAgENprzdKeu(kzkz`7i+y@Q3c!(JtxBOG%6e_FZ@aID%levl}$
zBr8-ZWs4WtMMPHiCVQ`}Y!ymI6d55Ud(X&tBP(RT#%q4E_sZsfzx8*$*LR8Ioadb9
zIrn}4#{GN-=jypG^6Bj#FA!ap!mPzMvCt_lGy}1nI*3`Bg+a)8NaUK3(IT|L*47;!
zQ%z*2Q%M>IQmvu`C1pVsShP*8cKUvDv!88H(=QePEPW`M?M;E|T0@6v&H19m!h3;T
z!}~4bIo7rU|A6YmD`!@CjV_SK4?Ig2L${mSP?0CxM_&K}XpNBN-XO4O{6$;7$`X-K
zcnfl#0+=pQCXhR<xbe2|k933WH-XKDoLMod;P_|6rKo^qW6B8~!<A<*SI(V%u_czy
zSWme=>U>@7_;G;uK>uP8A7|xit<9Ik;}p%H0+TOuSzIv?9FYk+Jp&eee(X-d$jeVu
zX9Y=;tqj*Qk@+&VYd9?GdG98r$-<Q|szIi?&_7!RG{0!;{4p{&VwIjcFfzdrDpYC%
z>E9&`=RS$Wbs0p6dh~5}KF*8&oyW83H5nF4y{Z@qcPU<xu}VUUZ*$K>##Q$)o`&ue
zEfB04ncr)26jYtrljoOq;phyE?>RJ*`<a&*DKIWEk7KOAYOpSf(|af$8<HDAD(Tn|
z;2aNBnp<5Jgut|H)Y)kN?k+NG#UM3k#NpHS74^73BK+^6NOYQU04HAf*@ZpP=Mz+=
ze+n3rC<6b4Bx$*@h7FB)ZXa(wC<x&OWG<)5Q6EGmU}-~r2I;Dzbe~*!3Tr%7qoSv1
z3W&95wFkYcp2ZKRWOfG`3@jm$v^92QY=591ZZICDA@xbVE2;JH+W96%wMzY&AiRk)
zjiGs~$6F%srf0(AD7B}a2lWc3&_i+UYC!61g1FCF?PM$j+C^qF&otTTakY&S6IVO4
ze{vTg1S@pK2=ExgbOv4?cV+)DYTS-iH+n5BVW`u3OY7&;;zm(CQl7A>F}{tjanD+U
zo^nFOh0iR#Y@GH{v=tf;jlH`Bq!NU)bxT8ajtf{9T6WD)Hh7l}bXuQ6QvuZbfs_`y
zy|1-@pE0B*;QpmJvO8GJ(TO^9CZyqSX#6crG-3UZ54t9oDrqJ5vT+|{p&;$Wk`kY<
zT~&5<XQdf<?Q9=?V9b|><!N9@)1Pv-il8z~a0{d#PIa;h0bw+mzU^4M(6*Bb)Rx>4
zPu_q=6N?qbMj&EF)Be*`*U1uCXyLgWd6!1|V~0Xgu$Au3EfF;s4;f!#kc^=zsG+25
zx6~M%J&O`bVf`3*Cy#t}ZfKdh?IspO6B&OrhAUM+k|`w32-5ohd}2yRzC1U)`J?ak
zrjwA}QUV)y5VwHwX<SZsH}K5!vHR^zNFbJc_VH--aoZM&E4RjXNU-qhi6`kwci*K=
znzisv#T8b0cO*;+HRYe9zjSG<T`0jT7h+B|9X^aEU|ed@`0!Sz!s6zC?^?a$g~__v
zsSDv^b_C=Ye>^xsQiQv93ERYk%}Nz(iZtRlzt%X@ovtYdQ`9qGx<2(@{!5r>zDuP7
zku<W#`v;Fe7`<fu(pMPDy>9PkfKQ4go>hI<h@PB$+|k*|Am#@wU3I?I>(`BW%TF&X
zmRuld^g&tVINZlgkJj>bxR332N{D}xoaINA%V`fBr9o1IT)oJ^Bk`5)Nzq2@>8(Z$
zJvg4dLY{3@_X<Gwyy^e!KS!=YeT}PDWtjAYN~M5?F#5pSFaPS50TI=!7XTZIVm>Ua
z$6EpCAo$&Z#P|;efAGz9qf>>DW~Sxu06{-);N+15(fq&8>P+pM>9y#Y#TI7KPUgdJ
z5N@~~E~<N;%(@Y|z{4Nr%4PRZ&mZA+ujvQM1GMVc*AdRm?kn0qv}WZ&_5rXJ)hxiv
zn;I2$jwQ0AZ{fW(A?fktm>X!U+piC3`d19z-<`*YWD@d84m8m@FLT=*2(iK!6c<$Z
zE18-ga%X>~hD*)paQIklsaJv0so}pr>hb&QPS~CF@4ITXR<-L{n`X}4gGj7W1`35T
z*Qe&VM9%Q-7)rFC&X@2;ZP?XF9{a69*j`lOAL?m-$`b}JjGH+n)H;mC`mSN*#*<y-
zNg@|{E!a$;>Vr#kc+AR)rwF>!e=@V6wsUa!H77~t%8-81z3z(b*DUG+U5)31jV3an
z%FHFOfd)3$7o?2?GGc@TGsm>#tOx(}|BqA68vuG3#5D8FHu!%4!KrY=w7s-S`s!o5
zM4x8oFh_m-zE8sUb9JXpY##3bCF*wDPZcUSO9Ep%?bZjX8L>)k_ggZ^#JVOaEvi6H
zW_0vg$B_h|mJdIh-KK-$+rdHUyK&)E^EuMf;rV{%B|2kU6HgoEA7!0vt-6&v$yCN%
zn#_59{j*$6l<2_vnnpjU<e<xDfvgK=4ZG_BM@>}CdvH!Sju&nlMT(EH<xsKx*@cw?
zrU?<hOTE3lO-lXm(x6nwojO&L`S}DvGda@$q_JV~=|YUD2%Ud8ysq8IpVUW+TmmHb
zmX{=H0d*${QtXQRXaGw@@9Q(~TJ<@R&trdGP|cu?$kV{+a+(U+a?_*%>r?@qkvYt`
zm+%Wn5(M|+w18_U2Hr%nErWm@0Q7vb|IDIw2t{H_ieRnx*vN>!>^&8b=|GQ_-X<As
zbWD^v;Pff0YP)hJ3~JsFXUMn~_8S?_;07=UJY8?1$qOkF@F(!%VB5IBi04wJi6?a~
z)s^;Q4jlTM<GuC1ZRsdz<*c#q#phi?ph_*ouT5`L${+;7x!Nve`qj&oQ%qv}<}rSU
zmWtMIc!6<zujFs=h4~~NLZgeSXnlKo80()m35kie4+olHrh&Ji>qdS%XZocs;?q(W
za``B7;)M0L&3-o%w)9QO@o9|%6n-T#ke((G!%<Z**vzddiQY=nb7XMSLZwsdj$2Uy
zz-4&>)1wZ=*?iA@!GXi`X&Ir2saI@qr5MVojp;VdGqS+K<7P=&<Q)d%*X_kL8ti5~
zdL0ZBS%JODe&jG&g6VpuoN-eGwCB*8ZZ=k(>E9d8V9`TZ+Q<-i?>^!URu{t)K%?BA
z`*#wIEi7apJT+<gUb_W4N7Mr=8yk5(K0d{7%Dvwh#a}MaRB3QrP&5BhFX<Yn=^?`L
z&yBLZnXaKk@c~moQ+ppFP-$jpZe+lXy=vhOglC0YcDI|I`NhRoUM)m!$(7l-x~j)3
z$N)kkb0bj5=mowq#{8+}vYbGo`7%wFV8FHx$X>L>k*`-H*a0n+9_am5Tr=1FCjHii
zJyX6ua8&Oed-;C{Nct&st>gnKOd(|0spcf)H0>vbY-6j)y}hTMK~YXZx!@sER8VLs
zw+9Iyu<xCS&G<LxNl%;W#B#LZ+)d|Sy<lbYV<0sDXiGr5h_1R<g7Jko0U9hJ6vKV4
z2M{3Po0}EU0LUbv0wZe-?yqRf%7d~Tj?4Nl!5|6DTBqlm*l2Z4&CH|+@(nhB7il$U
z2qq>Zn2d9~mMsVudU3n5)O06s_jK#FTDi0ZW@z790F8~4kZA|@cac{DspYRGI=B|g
zW&&qU;{3qtwPan7M|%xuW;0po(iD5FqMlaJ%+J})YJs&N-E3o^-mlnd<H~VJ7&Ajk
z-lJAfpMF`b1L?)EHC(W4*mZuC@Tgz8uH?%bSbhApa-`HeXdbnA2AuFnM{H-~<D(Dk
z_+pNn;eSFA0NrVccUc0&O36835kU@sCtW1|+B)<!R(`v!W^o~A<W;Q3ZFYzI<45xz
z<)yc_qGlr&>iajL?kod!4`|~Fwb4_7vUGHG-90_gvzP~Nn~UH3q;_uv1et`cMihi_
za+l%ld;{Rv-Lkg*ae=>H=H6hcRnHvKbU_-8<D6A0T|xrU>2}!kq32hC)q2-qK}WnR
z17Ra8ka-U0li;Sv5~#6~{#HNm{7SC&t@7<V5YSRwM!dcDmLzUdX0{$4iY6YpYm29_
z5)-Vwka^zPXp+uCrhX%~_N2xAPo!@$ndTl)i;)@`SMkee>FA<>oRlUSEYE8Qp#W#2
zXlfJ=6tgp8jd1sDQgqzx7kHL7K<2|&71g5Ow<%GCnpLvoq@<Mf!|l$O7{z_GBc^zO
z0!@vYxk;06I5)>@1f^b%o4X#V9R;ljDi#*yN=udpPHcJEto=`;ASS@kQF!%|iOq@W
z3`q6W3&j03&6@L=(9oD){$B?kP;(43Kz7eG0>(^MsisX*bm8h?O$HT>e6g0e1rPCK
zduB_v2&6hK3bP4%7teo#B!VPv{>o;oAk>ioxd4x&fbJz(HPi&a^r>9;39!eiTYwLC
zjV@e4!tUB`=`-(vyaVmHXT-)2f!hKt*W@x2{oBU+kmw(}m1Oq@kB<({oC#w`_;X!t
zzoe4C;1o%YTv)899XvjTM~cR@bNPH!aEJ-~%KVin|7@|xaE1muYR@P6yVWxvab@#!
z0U3?^xxxf-I?RWdZ>+R1EX8$@-VelIfc*of0;lZlhxhwWpL!}yY?@M-2c+L)dq!kD
z%SWGg!BZi-3DN>{Fi&0nnVjH)aE#9*JnvE{D8j?SC@<3!7lu$UTf8+#cqCZ`p4|w*
z(|+HYx6k!LjLS!^CtL%6aH_qtvsd&JIS`o#JF8j{U3d^mPvE->FV>U$%rY9eA|o6=
za_VTCNA_2FQK&{^(PvXa^vukbH8jXLpFNpIjdvW3pp+v{y7uTH=-mh6R<Z24csc!`
z6#Q8oSAHH5VpgKFJYHu6F%sx)N@5_s1!lme5KeU;p5{WfP2AL2j%^J?-rS<vD7T%N
z*^ix=WSfu%SZHe7_+4e1qx%UqFOrGr+zuhXLOH4fQhZm6-%e6~W-wfFQMv9w$$*i0
zD6Enf0w(ap1?lPOJ_Bi=^|@@#%wD)3AwH>N`N81jd(_N4q+>+b-iNXSScT=f$?kz0
z2CgDZ)~C|Q^YWdNE=rxsIE(q(+6tE6Z(5*d85j{lIH8BPb*#qQx|;$mxR4ic-|O>P
z!uG6Z08baIYP@$$p$z-e`dgEF?+>@z{(of3>cJrB;dJ+w3jfM4zP~Q*)UE&LIPK<i
zsiVE!YIUpzPB>qctx`sH&HFRn+UHQclhpy51yZrR^Yh`^1;2P65RyvDDwt#Lg=bM0
zxlI4^T1)t8C&n?%u8vM%)cmtDniC&S*QwcPhsCtCymVg~8H!0gkJxDB_SKQKcF#u8
zJ1>P_lAUMaBhaSExY~6D!-4e+j3+%f;lA&3k+F(=d*cT5<n7APizLhfJMSO1F3-__
zb<hvd<a&=17tdc`cLt3GYI3lt0`Y7bc_*dQ7NqSVyV!JkWX<?yWtpm$;CIL@5b!}o
z7j|#|TdcO8#<z?@ES|w5R8&&h=$$>6ax!zW(t02;1gH-v!@gG}U$%KL%-*WsC2hya
z|F3*%?}o!T$~iLCpWo1Jz*(2_U<7bsxcv6cPFrzq#Od4Ea`0r7RafWwh_8OLxQeJK
z-^{8=Isj*)2tB&iW6g7PyktRBJ?lva1Hh6tg6`*!uY)_`u~^ozwn|Y8)!7htyZPg`
zzxGwlqTg(e;~1AHlK&jk;FkILN@^`Zsfab#0kOYGTLDT32>g|^c~iL|Xa+%tTq15T
z>AQS^ER^FYYy{yJ=$1tY?e-F5X8bxHo8dNH{M7K)4>M@AY83sp0iJ!kpz$gmWccDw
z%67U}*tJ$N_4l-(7#2RaFZ2f74(268oriTclq4YyZW=$cC$s6HJwQ(lw0w;URS&7x
zP>N=6b%(mJSC%u{rU?$KY(I=XyL$2gAai1>!ufu7J30+EghzJLB6S7I9sz2nY0WIo
zQ9_oQM^MyefJb0-{M&-2u&}ucpX=RI2pGk2<Pw>$5hQBIYn``-B&EXKgSf5j6TY<K
zfFTkPsXh{#&o30i1NjZOzIiYtkP)Rd(-jAAe||qU(&KBS12Gql<Y@tD`*7SJM@s>5
z#bEQMC`!Af=dW3@Xp(cZ6I`D~qZB#X1UP%}u0q*acPo<KGY9xr6v+-H0iMykrh|3!
zdn~W!oYud(fid*3(j;{-Hs!7N!199(8Jvdz2~afn>SYM#F~_HDkKw7~2Gzf-d$0rU
zSSUOyJtShi2Mop!@4$f3e^_w@BE}MR-BoN3?$nJ?^503y!2q>C*}v(9I@ax7;ky`$
z64UO-*_mjT!&sY=P{z0`DFgK<Q(;$tdXUWdVY_`DvL<{nd)GLnb9#H1{iG;J-sxM%
z*)rg#Iht>(3;h-z1JqIZwN{SH@bHzQ3X=zXizsz{e(rD4?(H|=UH}_M@0F#W@=BH@
zmZEol{r||bk8c!Yf$_{!zz2dTeA&^~D=bFLjk%$K1M4hJ1QH2;n#sPT|J7^k<*iqM
zUHrF!n5i|d{UOti`wOPYo^K@kjUCTm@qY#13gek)64hQ~Pm;(X&Vv7fO*6FWW=Xnw
z<30z-ErypKM1zxq>fyK+hne+FfsxoJ4UoR!F;xNQ!-}2yduL%}#$egQW}4C$OCt@z
zvkUChdhlk;CW~Z)ffyjDqF>mj{CCIsIc$di?u0DoD>ZJ8zz?nE<Ka_dLO&ml@ikg8
z(1H;I6tDZLqtck?dbIoRHu=+>O4hQPXrVZR`C?*d0`f<`LLS(aT4McwXXJd8q=Y3K
zJ*yXl^LG5zVBo(2EA<zC2!lxy!UBAN#JZ@)Lwnd~f2sLVk@mZ55HnmVIl$pBiaQty
zZkGF^y0E&cbv5dZxsIFfcmr_s;0liEu)v;g0cs*RBqaRO!20@nRWqp1Rrv$P>`bKH
z(clmrcwRasRO=Zo@b<4I-)LZmgOd|=B%Z_3*0Z(csuix4H+zIeOTsrSrv2Hoz4<%%
zI3xSOKk*Sv1rlnb!=WIO!w1T17}?O!P%yWEtuGTOb1l3MX8N3MHjA4>H>I_>(J(Gh
z@nBrv{-B22H#S_PBnUccJBd1Py=^Y;p2cKuj{RP@G0WB6^I_UCG{%<Wj_#ZVAL}0B
zS+pm>;tp?*_;LwGyxfP+2S9@CnRjhtZY$;hx3IN|$vwzpdbMw4y*u9m{DKdNa#>kf
zv8Sz(nOd3`4U^jev7NIO>Wzc}?n3Tso*jvHb%sKweZeiQR;rEi-J5xf*7eTgKw0D)
ze8a@9ZLe{!wY}%IwYJX6>K7<o-A+tQoZ2S%2=`i9dB>p6uV%UKA@Y$LM|x|w-2P7+
zjKH|>Pj-6}p~R&^S98#kE&xDFNKRgvBXqqQ)wR7ifGux2)8T&v-AHN5{yYud!bm|P
zy-=RY<-Tsyms>L1HisxVRfrSd)9reLS{mZrc0))`KiAdO_4<8yti(uBS6I{f7q!L*
zBA4giQdndLgWgz%eo{5#W}4@D2sVB3&22EJD~(Z@pW=xOD##0FY<7MJy&c<@?2P0&
z%^LPkC{_)eoQnu2zVB?oy^PVo|Lf&Bb*8&F%hQ#p$yF8p`Busq?2StxNs|R}Lq2LX
zGsBi|>>Zjq>Mc7BjE@(nvuSK@l`fRF93AXb_*@e1m#@@_yn{mZzdOiUS-nVldQn{Y
z#*G^`hA)hkGY4}?YC0my;tMKhL~1qkUV1DP(G~oP&=8yTXOTEaJo*(S{XBwedOAxb
z@=$DWAYn)-RnkZ+;yv>Zk7kq^+2W@pYpiK9IG`UmZWUGBxu7T?4GvaHw1R+ufaXA{
z6rf58i2_)9Ra~TCgPfV2MZv!zv4Uya+SRo*{j!Bl><v~{(D;XXifEac9d!|&yE#ql
zG4j?<PKD{pMGcdM9BtWI=XJ#-5>kanTa^nuYHr6XwE3sga)aIcQ2E;V#njv?K{J*s
z?d8kmO9Zb3hze-~KWX{~Qcg{;Kk@C)EB(S}ayvnvLMw4ymw0pZ!VjCAJ>BWer?|2Z
zw=(zDG0vBuR<MD(2vzYRB`(gG?bDUwp<F;){I_qbZZ^^ftVDIr!utW^%mPSYk1bb(
z+BRRLt4QfWz<}@S#JXaRs$PG~yJiSc(Wuh`_}Ym8Y5PQ}odB?dr&uwGd`c(+q+tC`
z^-8b$tGbSUezoZXTo+&SYD>OvvnZjbrR{=Z-j>`1JTq(@h%!z|awSQ05zU^L$(t<f
zWn?&G%y9T$j@y;3zP@)&&CPo59RD=`p)L3ATt=ybd)l0{^oW1qUlTLRzff~g-4)@{
zFuL65^kBFhiWCNNkHF=?2o%Yc0I_>{lR3g2Y5g`jk(9tsS-*`$O}kXGgg->$>|I=n
z(<z${gaaJFa9^HAFd39HtMOIGYWKi2HEx{&b-)%tM&VdH*X#TtVPKD6iZc==B-El@
z`B+<;V&c)2+}Qb-IHTi5q|>&siXG7Nt1qjIKQGez#*NK23K~#0Ogbs{)>~LwVs%Gv
zzHb|@^FJ}o_^e{jOOa?!;Q0;!1iZt(y*qD=d0GxckWO#ZaRS>)c4*9upOC?_m1kyP
z01dA1syM+<;Z&h;e^1OW7zxH4#n69YHE6E`<LLB=a968RUsE7))HUJp)u_x$b}l5&
z&Ss+Ycp+o_QDYu0Ref|+S`l8mpc<v^y!`tPi%O@abQ_(A+8h_@ZlarS$9D*_eTgRj
zsCTNIh`;~Sua}TI=@TM$pM76M`>5gNOw){RY!t8h8AA}q7F%jmlo}{y^rGy^&>6!P
z5cD0fm4jrnKHr+yQ#w6HPfwPKrhviT?<Srr*pUn%1v>8g8bQv&ncdw=<0wFP1#xB`
za~3aG&Bl6fu{kTC%sqJPpwS8(adUH4ijT|mx%l$>a5bTQqM3&jVms^UriVPaBs=XA
z&v^^kl?V9&NB+TNC3@9C@`DjCI`}d#hf|`3vtrNE(sYas<h~wTVC@B3a>e>y*$UyQ
zkKgPsqKBy+@IEHt$c-LZ_Mi5tuP0@|9SOO!NF{e>b)L^vZH7tdEh_hDfxJwC!VZkz
zw!@ipP*k|$%<rjI#Vch7<KP<tzFV<C+~C%cfdL)|#!~Jltzdr2RNwyZdb&ZImyWYc
zF31FHx;r01wr1i8Ue~FWlUbZ6cXXU)kf{swKt;!&k8)jQ-|~S+B5e)D!z1~I2;p*?
zRD%;6>{Y{<XkKq?Md_ZaU$B3|jDxuCW*qNiK7+d&x<H3ruC!ca=7G`;RXikBqF>4f
zO#ppIzQE2yXTVs|RK%9d8RMi<oe)lZ+6B<^0jHIM$)uhpplZGLQJwy+=F8{@TAEcS
zBR)`YrLt{7(*#hU&e6NP0sZxnSL}?9C9&Y6*-LS#G6rMqz(3@Z1xSPbt7l7JpSs?!
z9fv!!Sd`&tvGPQNz@kfwx9m|U^|zcH(zX1DtDLS!Ph7!zUgj#lVo;Gv85?$^!iO|f
z_#3@|OYZVSBG*e$Jra*^D_lG8TDbU(q{%BhA_7yYJkruaJWCXi&{ynxzf#}gBfZn)
zLQvHXKE5t}?U+HPw|%r0&|h;QTAhpir`dG-SBK=i_q~KK=Q9?>FK+lyp>6i=3&I;p
zSl*1<kgJ*!g1k4j<qpJTv3;Vo6e18K|3#oiv8cr>T?YCkK#+ti$wxaUw3Cljd484~
z`UpS<am@@2#b`<mrnaPbG}0EIUP?8JD^tIxyZ(BAr|#s)^du}ie4T6HDj@Bj7A1*e
zT(qP%(8<R#ON=<uF)=y(T)l3$1pN%@SL=y!9)6LIyclSI8ei+20KS@Dm&)C2yt|6s
zINe=oTM=P@--gooE_}`vyi|fUWE$@=09mu<4+}YR(rxIF6M6;)tgE6k=zqSxBv8OX
zC&%R%ffV?{yL>|36J9*l_KJf51xjYPf?BPLQyoHMBF`8zYCViGH8J^=*CBNNm9!#B
z*<M;{*`?<0$%YWyDtqB1P2nVqF2qMh=o03~4{0?&X6V`}>8u$Et^4MpITC8f{lR+o
z0I&@XZ@Aq)9%jk7AnWxRl<>P!w!f}DsmPyO?|pS!L_|+5Xc5W_i0M{OL$Vj%3HUuq
z{9bM!9vNA}L@L>^I{%*ADBn6^V`+(l0Fy>CiPJ9Wi-S=Y7%U{aTtH?zT3dKJ&Oe%I
zF8Ws>-xIl@m|wu^&BJrwi$!njN2NCJrf`QAb)ie8zFM4hGk?k7F2gSg+4k`Y!6|D3
zz|&-94YzplAQUHKU)`5=6-Oy%XJ_XF2F(C(9Ggt)L2KLQwAZClua=|d;ASeu?F+za
zRShC61Z%2Vf!#e@v$r$hKkgN6OX!gqbqJ?x&aGqRZlh2dY9858!vSv#9Eo7f`HSQs
zZhITk3D^r@Ij(^em%BJn;7FgJeb*QGkGljuY_JgQ>~hmVCpc!hx2Z7_3N^w5LTJQ+
zb{!mh8F;q=1ZVYqtNUOb=_-2#4G|a4e#m*Ms3mgv-%$z`S^=aFAR28FLgOA>b3NL3
z1A>X)p59nE2?Nz|N6cHODEzXqxm8SdP!pyPJbC&wewhSGf%+Q+#awT(xxT&&{RILy
zM>s}Kwi4;CNs6c^x*RqGo^+Yc)@e4~ps(rNTfdeyOJnS&bkftKsu)w!d{k_xtD9{*
ztSg>kd88Hcdvh;A;!ARJa(-6A8MHT0(_pBA5dhT`8ymZIFn(f)n^qB@q4Lo#!ysgW
zkh;P|LGKveds;C~F+b6}Ou0^d^ugJqXa99xZES3qCh};<UT-S~qv3ehvB|dUG&WQ>
zTQslO9xL#<^DRUc;2s=@zZ6$7<uZor1-K`~#bw&s81RvilJfiRyRnY10t16aBdpW`
z`I><Ipo?JKX`tRh+YOq%5)F=4))&vHE_-S{q^S?#F2{BUe|Y_ruMietNj=T#JaYI^
zc)LLD%97n=?z-vL9f_37I9rwhk4VI4$il;k41c`(o*jKhL^)DAscMnk+b`_RBMW5=
zI4r{K#ZH_M_5-mOP)3cvG>V9rvNARf2qq71wI~52V%B_lE)ju>uLLtQ^XmTEcE~sP
zH4_3)GvY+;eLpPb1@Q885&%yBAlULUkJYgVf$A2E5}eI4hFc0=l!2|`LJ8V{1tRY<
zKc^{k5g-ScK3Dnc&ST`;8U}{Q)kn(DqdzJq7?zq$?o6p?WR#lJ@$zfs6+99V*f?z*
z`xj!|!jWj;kt|Ih3OIlzhHL-fs=*%qdI9MXd=;K-J{knH*WZ)jcLSJu$Zi66zZlsd
z(>7L#&bAcO=Jf8sTe|^G4;49sb^diY+6$({h_E23Q+1w5#aji}@&S=YrAXE8r!UwA
z=D9D{ns50TMH=rssOqpTa;9vX-8_5xIe1SOms_CjF=esG0-vXAXs9Wk;`p#E2m8$6
z#@lXyT(Xf@z;6x)!1P<e%gMpoN2mNsu&zB8%@r|E%426&8&h6sChe4kX|eWu=a*0I
zsdqAC%j1inx$~x`U5#oHHB>}&a%}KY)k<d0tb$GHXN(KH<!X(2o^G@s?4!>|#|mAy
zp~C4Zn0<fdJH-(t#}5<S43Gea&6qyJWyK&mVzeo=W3pci?RUk#Zd7Pv(0hS@1wszU
zpV#H0k{*Hg@;4~N`&RbL+CYN?Xf`A_phy_Laf@SKID-Yag8ohaBUUfi%>vgt|6o-Y
zoz<AFHy_(&8Xd)y=XTfi8gD!UH0S@ub%^6n+|65g@KSN8pX=q*Ccv+KpI~#2(vL&|
z`*$2O-eU*`Z%+XMVRILBd#eYA`)16AqJMutVk|;;3dtPbc#hYO8P)~fBcS=y-f4vY
z+JP~mcLHZZfA+EV2!Q4`mAVb={FjXeJi91oI9KGREcfv_2zc9i-0otu=nWJ4t6;bx
zO=rfJl(G;!YaIRVu^s%mjJr64+5Q!zuQOjsV&rB(2cI~C7_%ryoC*kT7vGHxA<&Me
z1YU)y+;o8asQdMm)A-23RCSVJg1<iUHV#aX2-61eQuqNf?c#?);rQBycI{y8Sy|jO
ziA=t;<w!>i+hnj<r^g~U<kZ4w5adnTXh`xS*sy{Ye$%;xoxh%eL1Jkb_y~{*Z`kwX
z<31s>jV;{Y{tACF6$TIS820}#%*Nf~dU&=`^wyrDDpo-5OcU&Ma54nDj~E?cnE&nq
zaR^U9_F{>6MXO+^RUS$VHc*K7_20XMdko%73ee#l$7210_Y{IQs*N7bVf^OKgWEhJ
ztD^VepDBm6J^Gb24%lh}nP7n3SybVk_J?44j%Pa@wkqjY?Np;X;&6Lnc-0O{?ZPkb
zM3WD=G<5bmXN0Vd^TKW;s+}j>DLmVh$b#U8yI0o85~3N)kH+nzkyN{%CxQ88`5d=f
zfaSvSmTHIhP5=B~A{F=5$YBGIU(7YMCJp8=)wp|T^{SoRBolqfIUk&MVTufq^mxII
z@x_yrn#@`GuWy##mnU!e988L6SVRcYMX8s#w6lFPWxW3R%r(O6M-*Wa(80F36=<-(
zTDRloyFww}Yz!M)OxjMsb*0G8R-h)4p6D4*MtDBt>5Q--=o8#`KXwXEUe>094xkXx
zCv)QqLz4x(lt|ai+I3V0zNWdHZqIP3G^~w}@I*fx&oxrwHn5<3DpJEg9wsu3`At9~
zU&V3jyX`3?;Ewy!aO&*IzVhFFV+ar%tytGx*f(Z0SLD#=EyY?yTKkc)EbPXCMwFQc
zzZ@0(*n+4DvX#oW+_aN<7-eO=M^#=Bk)3tkosdRbB1H0F+owqO;CSPXn6EL-b3CN%
zNvXgz4>nX}923mSbIV#imkfI1?O|MRaF1FOx4uY`%+cz!bs4?(#PjHDw>Yft*>W!8
zA(F3`V3(YlteW9HjudZvNyd%n^f4vwX}u#!?C{|aViT~<S0iYT?>TCCVVB`Ce<wkF
zXsU%7(b>;-qy`JEFmMh<+%0BMEcL8Nby^W6k>P#RG|zJr_+amDDaB1#NTd_38h!eV
zDNv1<s&KpP^mD;>H?Eu&**U522?n3n>tba&+)wIG-G+uM`~g@P`#me%^RV4crYoN0
na$s9*DaWnxcCvSg(<emiFU2^kKVD46@pE$bm8A3U89)0UAD9vJ

literal 0
HcmV?d00001


From f11a838cc7d6ee916ed35cdbcde0862c7cbfba7b Mon Sep 17 00:00:00 2001
From: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
Date: Fri, 19 Feb 2021 14:20:23 +0100
Subject: [PATCH 176/192] Improved documentation for customization (#287)

* move constants to new file, and update documentation

* documentation improvements, deploy checks tests

* fix pylint

* improved code style

* swap build and check
---
 README.md                  |  52 ++-----
 deploy.py                  |   6 +
 src/ctap/command.rs        |   7 +-
 src/ctap/config_command.rs |   2 +-
 src/ctap/customization.rs  | 269 +++++++++++++++++++++++++++++++++++++
 src/ctap/data_formats.rs   |  12 ++
 src/ctap/mod.rs            |  52 +------
 src/ctap/storage.rs        |  46 ++-----
 src/ctap/storage/key.rs    |   2 +-
 9 files changed, 319 insertions(+), 129 deletions(-)
 create mode 100644 src/ctap/customization.rs

diff --git a/README.md b/README.md
index d6c47f5..6abf799 100644
--- a/README.md
+++ b/README.md
@@ -92,45 +92,19 @@ If you build your own security key, depending on the hardware you use, there are
 a few things you can personalize:
 
 1.  If you have multiple buttons, choose the buttons responsible for user
-    presence in `main.rs`.
-1.  Decide whether you want to use batch attestation. There is a boolean flag in
-    `ctap/mod.rs`. It is mandatory for U2F, and you can create your own
-    self-signed certificate. The flag is used for FIDO2 and has some privacy
-    implications. Please check
-    [WebAuthn](https://www.w3.org/TR/webauthn/#attestation) for more
-    information.
-1.  Decide whether you want to use signature counters. Currently, only global
-    signature counters are implemented, as they are the default option for U2F.
-    The flag in `ctap/mod.rs` only turns them off for FIDO2. The most privacy
-    preserving solution is individual or no signature counters. Again, please
-    check [WebAuthn](https://www.w3.org/TR/webauthn/#signature-counter) for
-    documentation.
-1.  Depending on your available flash storage, choose an appropriate maximum
-    number of supported resident keys and number of pages in `ctap/storage.rs`.
-1.  Change the default level for the credProtect extension in `ctap/mod.rs`.
-    When changing the default, resident credentials become undiscoverable without
-    user verification. This helps privacy, but can make usage less comfortable
-    for credentials that need less protection.
-1.  Increase the default minimum length for PINs in `ctap/storage.rs`.
-    The current minimum is 4. Values from 4 to 63 are allowed. Requiring longer
-    PINs can help establish trust between users and relying parties. It makes
-    user verification harder to break, but less convenient.
-    NIST recommends at least 6-digit PINs in section 5.1.9.1:
-    https://pages.nist.gov/800-63-3/sp800-63b.html
-    You can add relying parties to the list of readers of the minimum PIN length.
-1.  In an enterprise setting, you can adapt `DEFAULT_MIN_PIN_LENGTH_RP_IDS` and
-    `MAX_RP_IDS_LENGTH` for tuning the `minPinLength` extension. The former
-    allows some relying parties to read the minimum PIN length by default. The
-    latter allows storing more relying parties that may check the minimum PIN
-    length.
-1.  Increase the `MAX_CRED_BLOB_LENGTH` in `ctap/mod.rs`, if you expect blobs
-    bigger than the default value.
-1.  Implement enterprise attestation. This can be as easy as setting
-    ENTERPRISE_ATTESTATION_MODE in `ctap/mod.rs`. If you want to use a different
-    attestation type than batch attestation, you have to implement it first.
-1.  If a certification (additional to FIDO's) requires that all requests are
-    protected with user verification, set `ENFORCE_ALWAYS_UV` in
-    `ctap/config_mod.rs` to `true`.
+    presence in `src/main.rs`.
+1.  If you have colored LEDs, like different blinking patterns and want to play
+    around with the code in `src/main.rs` more, take a look at e.g. `wink_leds`.
+1.  You find more options and documentation in `src/ctap/customization.rs`,
+    including:
+    - The default level for the credProtect extension.
+    - The default minimum PIN length, and what relying parties can set it.
+    - Whether you want to enforce alwaysUv.
+    - Settings for enterprise attestation.
+    - The maximum PIN retries.
+    - Whether you want to use batch attestation.
+    - Whether you want to use signature counters.
+    - Various constants to adapt to different hardware.
 
 ### 3D printed enclosure
 
diff --git a/deploy.py b/deploy.py
index e8d5ffd..0c8d998 100755
--- a/deploy.py
+++ b/deploy.py
@@ -352,6 +352,7 @@ class OpenSKInstaller:
 
   def build_opensk(self):
     info("Building OpenSK application")
+    self._check_invariants()
     self._build_app_or_example(is_example=False)
 
   def _build_app_or_example(self, is_example):
@@ -390,6 +391,11 @@ class OpenSKInstaller:
     # Create a TAB file
     self.create_tab_file({props.arch: app_path})
 
+  def _check_invariants(self):
+    print("Testing invariants in customization.rs...")
+    self.checked_command_output(
+        ["cargo", "test", "--features=std", "--lib", "customization"])
+
   def generate_crypto_materials(self, force_regenerate):
     has_error = subprocess.call([
         os.path.join("tools", "gen_key_materials.sh"),
diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index eb16a1f..78a80aa 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use super::customization::{MAX_CREDENTIAL_COUNT_IN_LIST, MAX_LARGE_BLOB_ARRAY_SIZE};
 use super::data_formats::{
     extract_array, extract_bool, extract_byte_string, extract_map, extract_text_string,
     extract_unsigned, ok_or_missing, ClientPinSubCommand, ConfigSubCommand, ConfigSubCommandParams,
@@ -22,18 +23,12 @@ use super::data_formats::{
 };
 use super::key_material;
 use super::status_code::Ctap2StatusCode;
-use super::storage::MAX_LARGE_BLOB_ARRAY_SIZE;
 use alloc::string::String;
 use alloc::vec::Vec;
 use arrayref::array_ref;
 use cbor::destructure_cbor_map;
 use core::convert::TryFrom;
 
-// Depending on your memory, you can use Some(n) to limit request sizes in
-// MakeCredential and GetAssertion. This affects allowList and excludeList.
-// You might also want to set the max credential size in process_get_info then.
-pub const MAX_CREDENTIAL_COUNT_IN_LIST: Option<usize> = None;
-
 // This constant is a consequence of the structure of messages.
 const MIN_LARGE_BLOB_LEN: usize = 17;
 
diff --git a/src/ctap/config_command.rs b/src/ctap/config_command.rs
index c65fc56..cf98889 100644
--- a/src/ctap/config_command.rs
+++ b/src/ctap/config_command.rs
@@ -127,7 +127,7 @@ pub fn process_config(
 #[cfg(test)]
 mod test {
     use super::*;
-    use crate::ctap::ENFORCE_ALWAYS_UV;
+    use crate::ctap::customization::ENFORCE_ALWAYS_UV;
     use crypto::rng256::ThreadRng256;
 
     #[test]
diff --git a/src/ctap/customization.rs b/src/ctap/customization.rs
new file mode 100644
index 0000000..1aebadf
--- /dev/null
+++ b/src/ctap/customization.rs
@@ -0,0 +1,269 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! This file contains all customizable constants.
+//!
+//! If you adapt them, make sure to run the tests before flashing the firmware.
+//! Our deploy script enforces the invariants.
+
+use crate::ctap::data_formats::{CredentialProtectionPolicy, EnterpriseAttestationMode};
+
+// ###########################################################################
+// Constants for adjusting privacy and protection levels.
+// ###########################################################################
+
+/// Changes the default level for the credProtect extension.
+///
+/// You can change this value to one of the following for more privacy:
+/// - CredentialProtectionPolicy::UserVerificationOptionalWithCredentialIdList
+/// - CredentialProtectionPolicy::UserVerificationRequired
+///
+/// UserVerificationOptionalWithCredentialIdList
+/// Resident credentials are discoverable with
+/// - an allowList,
+/// - an excludeList,
+/// - user verification.
+///
+/// UserVerificationRequired
+/// Resident credentials are discoverable with user verification only.
+///
+/// This can improve privacy, but can make usage less comfortable.
+pub const DEFAULT_CRED_PROTECT: Option<CredentialProtectionPolicy> = None;
+
+/// Sets the initial minimum PIN length in code points.
+///
+/// # Invariant
+///
+/// - The minimum PIN length must be at least 4.
+/// - The minimum PIN length must be at most 63.
+/// - DEFAULT_MIN_PIN_LENGTH_RP_IDS must be non-empty if MAX_RP_IDS_LENGTH is 0.
+///
+/// Requiring longer PINs can help establish trust between users and relying
+/// parties. It makes user verification harder to break, but less convenient.
+/// NIST recommends at least 6-digit PINs in section 5.1.9.1:
+/// https://pages.nist.gov/800-63-3/sp800-63b.html
+///
+/// Reset reverts the minimum PIN length to this DEFAULT_MIN_PIN_LENGTH.
+pub const DEFAULT_MIN_PIN_LENGTH: u8 = 4;
+
+/// Lists relying parties that can read the minimum PIN length.
+///
+/// # Invariant
+///
+/// - DEFAULT_MIN_PIN_LENGTH_RP_IDS must be non-empty if MAX_RP_IDS_LENGTH is 0
+///
+/// Only the RP IDs listed in DEFAULT_MIN_PIN_LENGTH_RP_IDS are allowed to read
+/// the minimum PIN length with the minPinLength extension.
+pub const DEFAULT_MIN_PIN_LENGTH_RP_IDS: &[&str] = &[];
+
+/// Enforces the alwaysUv option.
+///
+/// When setting to true, commands require a PIN.
+/// Also, alwaysUv can not be disabled by commands.
+///
+/// A certification (additional to FIDO Alliance's) might require enforcing
+/// alwaysUv. Otherwise, users should have the choice to configure alwaysUv.
+/// Calling toggleAlwaysUv is preferred over enforcing alwaysUv here.
+pub const ENFORCE_ALWAYS_UV: bool = false;
+
+/// Allows usage of enterprise attestation.
+///
+/// # Invariant
+///
+/// - Enterprise and batch attestation can not both be active.
+/// - If the mode is VendorFacilitated, ENTERPRISE_RP_ID_LIST must be non-empty.
+///
+/// For privacy reasons, it is disabled by default. You can choose between:
+/// - EnterpriseAttestationMode::VendorFacilitated
+/// - EnterpriseAttestationMode::PlatformManaged
+///
+/// VendorFacilitated
+/// Enterprise attestation is restricted to ENTERPRISE_RP_ID_LIST. Add your
+/// enterprises domain, e.g. "example.com", to the list below.
+///
+/// PlatformManaged
+/// All relying parties can request an enterprise attestation. The authenticator
+/// trusts the platform to filter requests.
+///
+/// To enable the feature, send the subcommand enableEnterpriseAttestation in
+/// AuthenticatorConfig. An enterprise might want to customize the type of
+/// attestation that is used. OpenSK defaults to batch attestation. Configuring
+/// individual certificates then makes authenticators identifiable.
+///
+/// OpenSK prevents activating batch and enterprise attestation together. The
+/// current implementation uses the same key material at the moment, and these
+/// two modes have conflicting privacy guarantees.
+/// If you implement your own enterprise attestation mechanism, and you want
+/// batch attestation at the same time, proceed carefully and remove the
+/// assertion.
+pub const ENTERPRISE_ATTESTATION_MODE: Option<EnterpriseAttestationMode> = None;
+
+/// Lists relying party IDs that can perform enterprise attestation.
+///
+/// # Invariant
+///
+/// - If the mode is VendorFacilitated, ENTERPRISE_RP_ID_LIST must be non-empty.
+///
+/// This list is only considered if the enterprise attestation mode is
+/// VendorFacilitated.
+pub const ENTERPRISE_RP_ID_LIST: &[&str] = &[];
+
+/// Sets the number of consecutive failed PINs before blocking interaction.
+///
+/// # Invariant
+///
+/// - CTAP2.0: Maximum PIN retries must be 8.
+/// - CTAP2.1: Maximum PIN retries must be 8 at most.
+///
+/// The fail retry counter is reset after entering the correct PIN.
+pub const MAX_PIN_RETRIES: u8 = 8;
+
+/// Enables or disables basic attestation for FIDO2.
+///
+/// # Invariant
+///
+/// - Enterprise and batch attestation can not both be active (see above).
+///
+/// The basic attestation uses the signing key configured with a vendor command
+/// as a batch key. If you turn batch attestation on, be aware that it is your
+/// responsibility to safely generate and store the key material. Also, the
+/// batches must have size of at least 100k authenticators before using new key
+/// material.
+/// U2F is unaffected by this setting.
+///
+/// https://www.w3.org/TR/webauthn/#attestation
+pub const USE_BATCH_ATTESTATION: bool = false;
+
+/// Enables or disables signature counters.
+///
+/// The signature counter is currently implemented as a global counter.
+/// The specification strongly suggests to have per-credential counters.
+/// Implementing those means you can't have an infinite amount of server-side
+/// credentials anymore. Also, since counters need frequent writes on the
+/// persistent storage, we might need a flash friendly implementation. This
+/// solution is a compromise to be compatible with U2F and not wasting storage.
+///
+/// https://www.w3.org/TR/webauthn/#signature-counter
+pub const USE_SIGNATURE_COUNTER: bool = true;
+
+// ###########################################################################
+// Constants for performance optimization or adapting to different hardware.
+//
+// Those constants may be modified before compilation to tune the behavior of
+// the key.
+// ###########################################################################
+
+/// Sets the maximum blob size stored with the credBlob extension.
+///
+/// # Invariant
+///
+/// - The length must be at least 32.
+pub const MAX_CRED_BLOB_LENGTH: usize = 32;
+
+/// Limits the number of considered entries in credential lists.
+///
+/// # Invariant
+///
+/// - This value, if present, must be at least 1 (more is preferred).
+///
+/// Depending on your memory, you can use Some(n) to limit request sizes in
+/// MakeCredential and GetAssertion. This affects allowList and excludeList.
+pub const MAX_CREDENTIAL_COUNT_IN_LIST: Option<usize> = None;
+
+/// Limits the size of largeBlobs the authenticator stores.
+///
+/// # Invariant
+///
+/// - The allowed size must be at least 1024.
+/// - The array must fit into the shards reserved in storage/key.rs.
+pub const MAX_LARGE_BLOB_ARRAY_SIZE: usize = 2048;
+
+/// Limits the number of RP IDs that can change the minimum PIN length.
+///
+/// # Invariant
+///
+/// - If this value is 0, DEFAULT_MIN_PIN_LENGTH_RP_IDS must be non-empty.
+///
+/// You can use this constant to have an upper limit in storage requirements.
+/// This might be useful if you want to more reliably predict the remaining
+/// storage. Stored string can still be of arbitrary length though, until RP ID
+/// truncation is implemented.
+/// Outside of memory considerations, you can set this value to 0 if only RP IDs
+/// in DEFAULT_MIN_PIN_LENGTH_RP_IDS should be allowed to change the minimum PIN
+/// length.
+pub const MAX_RP_IDS_LENGTH: usize = 8;
+
+/// Sets the number of resident keys you can store.
+///
+/// # Invariant
+///
+/// - The storage key CREDENTIALS must fit at least this number of credentials.
+///
+/// This value has implications on the flash lifetime, please see the
+/// documentation for NUM_PAGES below.
+pub const MAX_SUPPORTED_RESIDENT_KEYS: usize = 150;
+
+/// Sets the number of pages used for persistent storage.
+///
+/// The number of pages should be at least 3 and at most what the flash can
+/// hold. There should be no reason to put a small number here, except that the
+/// latency of flash operations is linear in the number of pages. This may
+/// improve in the future. Currently, using 20 pages gives between 20ms and
+/// 240ms per operation. The rule of thumb is between 1ms and 12ms per
+/// additional page.
+///
+/// Limiting the number of resident keys permits to ensure a minimum number of
+/// counter increments.
+/// Let:
+/// - P the number of pages (NUM_PAGES)
+/// - K the maximum number of resident keys (MAX_SUPPORTED_RESIDENT_KEYS)
+/// - S the maximum size of a resident key (about 500)
+/// - C the number of erase cycles (10000)
+/// - I the minimum number of counter increments
+///
+/// We have: I = (P * 4084 - 5107 - K * S) / 8 * C
+///
+/// With P=20 and K=150, we have I=2M which is enough for 500 increments per day
+/// for 10 years.
+pub const NUM_PAGES: usize = 20;
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    #[test]
+    #[allow(clippy::assertions_on_constants)]
+    fn test_invariants() {
+        // Two invariants are currently tested in different files:
+        // - storage.rs: if MAX_LARGE_BLOB_ARRAY_SIZE fits the shards
+        // - storage/key.rs: if MAX_SUPPORTED_RESIDENT_KEYS fits CREDENTIALS
+        assert!(DEFAULT_MIN_PIN_LENGTH >= 4);
+        assert!(DEFAULT_MIN_PIN_LENGTH <= 63);
+        assert!(!USE_BATCH_ATTESTATION || ENTERPRISE_ATTESTATION_MODE.is_none());
+        if let Some(EnterpriseAttestationMode::VendorFacilitated) = ENTERPRISE_ATTESTATION_MODE {
+            assert!(!ENTERPRISE_RP_ID_LIST.is_empty());
+        } else {
+            assert!(ENTERPRISE_RP_ID_LIST.is_empty());
+        }
+        assert!(MAX_PIN_RETRIES <= 8);
+        assert!(MAX_CRED_BLOB_LENGTH >= 32);
+        if let Some(count) = MAX_CREDENTIAL_COUNT_IN_LIST {
+            assert!(count >= 1);
+        }
+        assert!(MAX_LARGE_BLOB_ARRAY_SIZE >= 1024);
+        if MAX_RP_IDS_LENGTH == 0 {
+            assert!(!DEFAULT_MIN_PIN_LENGTH_RP_IDS.is_empty());
+        }
+    }
+}
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index 04e9a36..97ee858 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -504,11 +504,18 @@ impl TryFrom<cbor::Value> for SignatureAlgorithm {
     }
 }
 
+/// The credProtect extension's policies for resident credentials.
 #[derive(Clone, Copy, Debug, PartialEq, PartialOrd)]
 #[cfg_attr(test, derive(IntoEnumIterator))]
 pub enum CredentialProtectionPolicy {
+    /// The credential is always discoverable, as if it had no protection level.
     UserVerificationOptional = 0x01,
+    /// The credential is discoverable with
+    /// - an allowList,
+    /// - an excludeList,
+    /// - user verification.
     UserVerificationOptionalWithCredentialIdList = 0x02,
+    /// The credentials is discoverable with user verification only.
     UserVerificationRequired = 0x03,
 }
 
@@ -939,9 +946,14 @@ impl From<SetMinPinLengthParams> for cbor::Value {
     }
 }
 
+/// The level of enterprise attestation allowed in MakeCredential.
 #[derive(Debug, PartialEq)]
 pub enum EnterpriseAttestationMode {
+    /// Enterprise attestation is restricted to a list of RP IDs. Add your
+    /// enterprises domain, e.g. "example.com", to the list below.
     VendorFacilitated = 0x01,
+    /// All relying parties can request an enterprise attestation. The authenticator
+    /// trusts the platform to filter requests.
     PlatformManaged = 0x02,
 }
 
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 18b0345..f74b16e 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -18,6 +18,7 @@ mod config_command;
 mod credential_management;
 #[cfg(feature = "with_ctap1")]
 mod ctap1;
+mod customization;
 pub mod data_formats;
 pub mod hid;
 mod key_material;
@@ -31,10 +32,14 @@ mod timed_permission;
 use self::command::{
     AuthenticatorClientPinParameters, AuthenticatorGetAssertionParameters,
     AuthenticatorMakeCredentialParameters, AuthenticatorVendorConfigureParameters, Command,
-    MAX_CREDENTIAL_COUNT_IN_LIST,
 };
 use self::config_command::process_config;
 use self::credential_management::process_credential_management;
+use self::customization::{
+    DEFAULT_CRED_PROTECT, ENTERPRISE_ATTESTATION_MODE, ENTERPRISE_RP_ID_LIST,
+    MAX_CREDENTIAL_COUNT_IN_LIST, MAX_CRED_BLOB_LENGTH, MAX_LARGE_BLOB_ARRAY_SIZE,
+    MAX_RP_IDS_LENGTH, USE_BATCH_ATTESTATION, USE_SIGNATURE_COUNTER,
+};
 use self::data_formats::{
     AuthenticatorTransport, CoseKey, CredentialProtectionPolicy, EnterpriseAttestationMode,
     GetAssertionExtensions, PackedAttestationStatement, PublicKeyCredentialDescriptor,
@@ -49,7 +54,7 @@ use self::response::{
     AuthenticatorMakeCredentialResponse, AuthenticatorVendorResponse, ResponseData,
 };
 use self::status_code::Ctap2StatusCode;
-use self::storage::{PersistentStore, MAX_LARGE_BLOB_ARRAY_SIZE, MAX_RP_IDS_LENGTH};
+use self::storage::PersistentStore;
 use self::timed_permission::TimedPermission;
 #[cfg(feature = "with_ctap1")]
 use self::timed_permission::U2fUserPresenceState;
@@ -74,36 +79,7 @@ use libtock_drivers::console::Console;
 use libtock_drivers::crp;
 use libtock_drivers::timer::{ClockValue, Duration};
 
-// This flag enables or disables basic attestation for FIDO2. U2F is unaffected by
-// this setting. The basic attestation uses the signing key configured with a
-// vendor command as a batch key. If you turn batch attestation on, be aware that
-// it is your responsibility to safely generate and store the key material. Also,
-// the batches must have size of at least 100k authenticators before using new
-// key material.
-const USE_BATCH_ATTESTATION: bool = false;
-// The signature counter is currently implemented as a global counter, if you set
-// this flag to true. The spec strongly suggests to have per-credential-counters,
-// but it means you can't have an infinite amount of credentials anymore. Also,
-// since this is the only piece of information that needs writing often, we might
-// need a flash storage friendly way to implement this feature. The implemented
-// solution is a compromise to be compatible with U2F and not wasting storage.
-const USE_SIGNATURE_COUNTER: bool = true;
 pub const INITIAL_SIGNATURE_COUNTER: u32 = 1;
-// This flag allows usage of enterprise attestation. For privacy reasons, it is
-// disabled by default. You can choose between
-// - EnterpriseAttestationMode::VendorFacilitated,
-// - EnterpriseAttestationMode::PlatformManaged.
-// For VendorFacilitated, choose an appriopriate ENTERPRISE_RP_ID_LIST.
-// To enable the feature, send the subcommand enableEnterpriseAttestation in
-// AuthenticatorConfig. An enterprise might want to customize the type of
-// attestation that is used. OpenSK defaults to batch attestation. Configuring
-// individual certificates then makes authenticators identifiable. Do NOT set
-// USE_BATCH_ATTESTATION to true at the same time in this case! The code asserts
-// that you don't use the same key material for batch and enterprise attestation.
-// If you implement your own enterprise attestation mechanism, and you want batch
-// attestation at the same time, proceed carefully and remove the assertion.
-pub const ENTERPRISE_ATTESTATION_MODE: Option<EnterpriseAttestationMode> = None;
-const ENTERPRISE_RP_ID_LIST: &[&str] = &[];
 // Our credential ID consists of
 // - 16 byte initialization vector for AES-256,
 // - 32 byte ECDSA private key for the credential,
@@ -141,15 +117,6 @@ pub const ES256_CRED_PARAM: PublicKeyCredentialParameter = PublicKeyCredentialPa
     cred_type: PublicKeyCredentialType::PublicKey,
     alg: SignatureAlgorithm::ES256,
 };
-// You can change this value to one of the following for more privacy.
-// - Some(CredentialProtectionPolicy::UserVerificationOptionalWithCredentialIdList)
-// - Some(CredentialProtectionPolicy::UserVerificationRequired)
-const DEFAULT_CRED_PROTECT: Option<CredentialProtectionPolicy> = None;
-// Maximum size stored with the credBlob extension. Must be at least 32.
-const MAX_CRED_BLOB_LENGTH: usize = 32;
-// Enforce the alwaysUv option. With this constant set to true, commands require
-// a PIN to be set up. alwaysUv can not be disabled by commands.
-pub const ENFORCE_ALWAYS_UV: bool = false;
 
 // Checks the PIN protocol parameter against all supported versions.
 pub fn check_pin_uv_auth_protocol(
@@ -329,11 +296,6 @@ where
         check_user_presence: CheckUserPresence,
         now: ClockValue,
     ) -> CtapState<'a, R, CheckUserPresence> {
-        #[allow(clippy::assertions_on_constants)]
-        {
-            assert!(!USE_BATCH_ATTESTATION || ENTERPRISE_ATTESTATION_MODE.is_none());
-        }
-
         let persistent_store = PersistentStore::new(rng);
         let pin_protocol_v1 = PinProtocolV1::new(rng);
         CtapState {
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index b1aa4ec..0f6657f 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -14,14 +14,19 @@
 
 mod key;
 
+use crate::ctap::customization::{
+    DEFAULT_MIN_PIN_LENGTH, DEFAULT_MIN_PIN_LENGTH_RP_IDS, ENFORCE_ALWAYS_UV,
+    MAX_LARGE_BLOB_ARRAY_SIZE, MAX_PIN_RETRIES, MAX_RP_IDS_LENGTH, MAX_SUPPORTED_RESIDENT_KEYS,
+    NUM_PAGES,
+};
 use crate::ctap::data_formats::{
     extract_array, extract_text_string, CredentialProtectionPolicy, PublicKeyCredentialSource,
     PublicKeyCredentialUserEntity,
 };
+use crate::ctap::key_material;
 use crate::ctap::pin_protocol_v1::PIN_AUTH_LENGTH;
 use crate::ctap::status_code::Ctap2StatusCode;
 use crate::ctap::INITIAL_SIGNATURE_COUNTER;
-use crate::ctap::{key_material, ENFORCE_ALWAYS_UV};
 use crate::embedded_flash::{new_storage, Storage};
 use alloc::string::String;
 use alloc::vec;
@@ -33,35 +38,6 @@ use core::convert::TryInto;
 use crypto::rng256::Rng256;
 use persistent_store::{fragment, StoreUpdate};
 
-// Those constants may be modified before compilation to tune the behavior of the key.
-//
-// The number of pages should be at least 3 and at most what the flash can hold. There should be no
-// reason to put a small number here, except that the latency of flash operations is linear in the
-// number of pages. This may improve in the future. Currently, using 20 pages gives between 20ms and
-// 240ms per operation. The rule of thumb is between 1ms and 12ms per additional page.
-//
-// Limiting the number of resident keys permits to ensure a minimum number of counter increments.
-// Let:
-// - P the number of pages (NUM_PAGES)
-// - K the maximum number of resident keys (MAX_SUPPORTED_RESIDENT_KEYS)
-// - S the maximum size of a resident key (about 500)
-// - C the number of erase cycles (10000)
-// - I the minimum number of counter increments
-//
-// We have: I = (P * 4084 - 5107 - K * S) / 8 * C
-//
-// With P=20 and K=150, we have I=2M which is enough for 500 increments per day for 10 years.
-const NUM_PAGES: usize = 20;
-const MAX_SUPPORTED_RESIDENT_KEYS: usize = 150;
-
-const MAX_PIN_RETRIES: u8 = 8;
-const DEFAULT_MIN_PIN_LENGTH: u8 = 4;
-const DEFAULT_MIN_PIN_LENGTH_RP_IDS: &[&str] = &[];
-// This constant is an attempt to limit storage requirements. If you don't set it to 0,
-// the stored strings can still be unbounded, but that is true for all RP IDs.
-pub const MAX_RP_IDS_LENGTH: usize = 8;
-pub const MAX_LARGE_BLOB_ARRAY_SIZE: usize = 2048;
-
 /// Wrapper for master keys.
 pub struct MasterKeys {
     /// Master encryption key.
@@ -825,7 +801,7 @@ mod test {
 
         let mut credential_ids = vec![];
         for i in 0..MAX_SUPPORTED_RESIDENT_KEYS {
-            let user_handle = i.to_ne_bytes().to_vec();
+            let user_handle = (i as u32).to_ne_bytes().to_vec();
             let credential_source = create_credential_source(&mut rng, "example.com", user_handle);
             credential_ids.push(credential_source.credential_id.clone());
             assert!(persistent_store.store_credential(credential_source).is_ok());
@@ -899,7 +875,7 @@ mod test {
         assert_eq!(persistent_store.count_credentials().unwrap(), 0);
 
         for i in 0..MAX_SUPPORTED_RESIDENT_KEYS {
-            let user_handle = i.to_ne_bytes().to_vec();
+            let user_handle = (i as u32).to_ne_bytes().to_vec();
             let credential_source = create_credential_source(&mut rng, "example.com", user_handle);
             assert!(persistent_store.store_credential(credential_source).is_ok());
             assert_eq!(persistent_store.count_credentials().unwrap(), i + 1);
@@ -948,7 +924,7 @@ mod test {
 
         let mut persistent_store = PersistentStore::new(&mut rng);
         for i in 0..MAX_SUPPORTED_RESIDENT_KEYS {
-            let user_handle = i.to_ne_bytes().to_vec();
+            let user_handle = (i as u32).to_ne_bytes().to_vec();
             let credential_source = create_credential_source(&mut rng, "example.com", user_handle);
             assert!(persistent_store.store_credential(credential_source).is_ok());
             assert_eq!(persistent_store.count_credentials().unwrap(), i + 1);
@@ -1247,10 +1223,6 @@ mod test {
         let mut rng = ThreadRng256 {};
         let persistent_store = PersistentStore::new(&mut rng);
 
-        #[allow(clippy::assertions_on_constants)]
-        {
-            assert!(MAX_LARGE_BLOB_ARRAY_SIZE >= 1024);
-        }
         assert!(
             MAX_LARGE_BLOB_ARRAY_SIZE
                 <= persistent_store.store.max_value_length()
diff --git a/src/ctap/storage/key.rs b/src/ctap/storage/key.rs
index 7c6bea5..38a2a8b 100644
--- a/src/ctap/storage/key.rs
+++ b/src/ctap/storage/key.rs
@@ -141,7 +141,7 @@ mod test {
 
     #[test]
     fn enough_credentials() {
-        use super::super::MAX_SUPPORTED_RESIDENT_KEYS;
+        use crate::ctap::customization::MAX_SUPPORTED_RESIDENT_KEYS;
         assert!(MAX_SUPPORTED_RESIDENT_KEYS <= CREDENTIALS.end - CREDENTIALS.start);
     }
 

From 5e9c32dff53c07e621c0dd3447c956e1b3109dd0 Mon Sep 17 00:00:00 2001
From: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
Date: Wed, 3 Mar 2021 16:33:25 +0100
Subject: [PATCH 177/192] HKDF for CTAP2.1 (#290)

* implements hkdf, both regular and FIDO specific

* improved documentation

* constant usage in function return type
---
 libraries/crypto/src/hkdf.rs | 226 +++++++++++++++++++++++++++++++++++
 libraries/crypto/src/lib.rs  |   1 +
 2 files changed, 227 insertions(+)
 create mode 100644 libraries/crypto/src/hkdf.rs

diff --git a/libraries/crypto/src/hkdf.rs b/libraries/crypto/src/hkdf.rs
new file mode 100644
index 0000000..ee276a3
--- /dev/null
+++ b/libraries/crypto/src/hkdf.rs
@@ -0,0 +1,226 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use super::hmac::hmac_256;
+use super::{Hash256, HashBlockSize64Bytes};
+
+const HASH_SIZE: usize = 32;
+
+/// Computes the HKDF with empty salt and 256 bit (one block) output.
+///
+/// # Arguments
+///
+/// * `ikm` - Input keying material
+/// * `info` - Optional context and application specific information
+///
+/// This implementation is equivalent to the below hkdf, with `salt` set to the
+/// default block of zeros and the output length l as 32.
+pub fn hkdf_empty_salt_256<H>(ikm: &[u8], info: &[u8]) -> [u8; HASH_SIZE]
+where
+    H: Hash256 + HashBlockSize64Bytes,
+{
+    // Salt is a zero block here.
+    let prk = hmac_256::<H>(&[0; HASH_SIZE], ikm);
+    // l is implicitly the block size, so we iterate exactly once.
+    let mut t = info.to_vec();
+    t.push(1);
+    hmac_256::<H>(&prk, t.as_slice())
+}
+
+/// Computes the HKDF.
+///
+/// # Arguments
+///
+/// * `salt` - Optional salt value (a non-secret random value)
+/// * `ikm` - Input keying material
+/// * `l` - Length of output keying material in octets
+/// * `info` - Optional context and application specific information
+///
+/// Defined in RFC: https://tools.ietf.org/html/rfc5869
+///
+/// `salt` and `info` can be be empty. `salt` then defaults to one block of
+/// zeros of size `HASH_SIZE`. Argument order is taken from:
+/// https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html#pinProto2
+#[cfg(test)]
+pub fn hkdf<H>(salt: &[u8], ikm: &[u8], l: u8, info: &[u8]) -> Vec<u8>
+where
+    H: Hash256 + HashBlockSize64Bytes,
+{
+    let prk = if salt.is_empty() {
+        hmac_256::<H>(&[0; HASH_SIZE], ikm)
+    } else {
+        hmac_256::<H>(salt, ikm)
+    };
+    let mut t = vec![];
+    let mut okm = vec![];
+    for i in 0..(l as usize + HASH_SIZE - 1) / HASH_SIZE {
+        t.extend_from_slice(info);
+        t.push((i + 1) as u8);
+        t = hmac_256::<H>(&prk, t.as_slice()).to_vec();
+        okm.extend_from_slice(t.as_slice());
+    }
+    okm.truncate(l as usize);
+    okm
+}
+
+#[cfg(test)]
+mod test {
+    use super::super::sha256::Sha256;
+    use super::*;
+    use arrayref::array_ref;
+
+    #[test]
+    fn test_hkdf_sha256_vectors() {
+        // Test vectors taken from https://tools.ietf.org/html/rfc5869.
+        let ikm = hex::decode("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b").unwrap();
+        let salt = hex::decode("000102030405060708090a0b0c").unwrap();
+        let info = hex::decode("f0f1f2f3f4f5f6f7f8f9").unwrap();
+        let l = 42;
+        let okm = hex::decode(
+            "3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865",
+        )
+        .unwrap();
+        assert_eq!(
+            hkdf::<Sha256>(salt.as_slice(), ikm.as_slice(), l, info.as_slice()),
+            okm
+        );
+
+        let ikm = hex::decode(
+            "000102030405060708090a0b0c0d0e0f\
+                                101112131415161718191a1b1c1d1e1f\
+                                202122232425262728292a2b2c2d2e2f\
+                                303132333435363738393a3b3c3d3e3f\
+                                404142434445464748494a4b4c4d4e4f",
+        )
+        .unwrap();
+        let salt = hex::decode(
+            "606162636465666768696a6b6c6d6e6f\
+                               707172737475767778797a7b7c7d7e7f\
+                               808182838485868788898a8b8c8d8e8f\
+                               909192939495969798999a9b9c9d9e9f\
+                               a0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
+        )
+        .unwrap();
+        let info = hex::decode(
+            "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf\
+                               c0c1c2c3c4c5c6c7c8c9cacbcccdcecf\
+                               d0d1d2d3d4d5d6d7d8d9dadbdcdddedf\
+                               e0e1e2e3e4e5e6e7e8e9eaebecedeeef\
+                               f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
+        )
+        .unwrap();
+        let l = 82;
+        let okm = hex::decode(
+            "b11e398dc80327a1c8e7f78c596a4934\
+                              4f012eda2d4efad8a050cc4c19afa97c\
+                              59045a99cac7827271cb41c65e590e09\
+                              da3275600c2f09b8367793a9aca3db71\
+                              cc30c58179ec3e87c14c01d5c1f3434f\
+                              1d87",
+        )
+        .unwrap();
+        assert_eq!(
+            hkdf::<Sha256>(salt.as_slice(), ikm.as_slice(), l, info.as_slice()),
+            okm
+        );
+
+        let ikm = hex::decode("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b").unwrap();
+        let salt = hex::decode("").unwrap();
+        let info = hex::decode("").unwrap();
+        let l = 42;
+        let okm = hex::decode(
+            "8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8",
+        )
+        .unwrap();
+        assert_eq!(
+            hkdf::<Sha256>(salt.as_slice(), ikm.as_slice(), l, info.as_slice()),
+            okm
+        );
+    }
+
+    #[test]
+    fn test_hkdf_empty_salt_256_sha256_vectors() {
+        // Test vectors generated by pycryptodome using:
+        // HKDF(b'0', 32, b'', SHA256, context=b'\x00').hex()
+        let test_okms = [
+            hex::decode("f9be72116cb97f41828210289caafeabde1f3dfb9723bf43538ab18f3666783a")
+                .unwrap(),
+            hex::decode("f50f964f5b94d62fd1da9356ab8662b0a0f5b8e36e277178b69b6ffecf50cf44")
+                .unwrap(),
+            hex::decode("fc8772ceb5592d67442dcb4353cdd28519e82d6e55b4cf664b5685252c2d2998")
+                .unwrap(),
+            hex::decode("62831b924839a180f53be5461eeea1b89dc21779f50142b5a54df0f0cc86d61a")
+                .unwrap(),
+            hex::decode("6991f00a12946a4e3b8315cdcf0132c2ca508fd17b769f08d1454d92d33733e0")
+                .unwrap(),
+            hex::decode("0f9bb7dddd1ec61f91d8c4f5369b5870f9d44c4ceabccca1b83f06fec115e4e3")
+                .unwrap(),
+            hex::decode("235367e2ab6cca2aba1a666825458dba6b272a215a2537c05feebe4b80dab709")
+                .unwrap(),
+            hex::decode("96e8edad661da48d1a133b38c255d33e05555bc9aa442579dea1cd8d8b8d2aef")
+                .unwrap(),
+        ];
+        for (i, okm) in test_okms.iter().enumerate() {
+            // String of number i.
+            let ikm = i.to_string();
+            // Byte i.
+            let info = [i as u8];
+            assert_eq!(
+                &hkdf_empty_salt_256::<Sha256>(&ikm.as_bytes(), &info[..]),
+                array_ref!(okm, 0, 32)
+            );
+        }
+    }
+
+    #[test]
+    fn test_hkdf_length() {
+        let salt = [];
+        let mut input = Vec::new();
+        for l in 0..128 {
+            assert_eq!(
+                hkdf::<Sha256>(&salt, input.as_slice(), l, input.as_slice()).len(),
+                l as usize
+            );
+            input.push(b'A');
+        }
+    }
+
+    #[test]
+    fn test_hkdf_empty_salt() {
+        let salt = [];
+        let mut input = Vec::new();
+        for l in 0..128 {
+            assert_eq!(
+                hkdf::<Sha256>(&salt, input.as_slice(), l, input.as_slice()),
+                hkdf::<Sha256>(&[0; 32], input.as_slice(), l, input.as_slice())
+            );
+            input.push(b'A');
+        }
+    }
+
+    #[test]
+    fn test_hkdf_compare_implementations() {
+        let salt = [];
+        let l = 32;
+
+        let mut input = Vec::new();
+        for _ in 0..128 {
+            assert_eq!(
+                hkdf::<Sha256>(&salt, input.as_slice(), l, input.as_slice()),
+                hkdf_empty_salt_256::<Sha256>(input.as_slice(), input.as_slice())
+            );
+            input.push(b'A');
+        }
+    }
+}
diff --git a/libraries/crypto/src/lib.rs b/libraries/crypto/src/lib.rs
index 7b35e99..da13180 100644
--- a/libraries/crypto/src/lib.rs
+++ b/libraries/crypto/src/lib.rs
@@ -22,6 +22,7 @@ pub mod cbc;
 mod ec;
 pub mod ecdh;
 pub mod ecdsa;
+pub mod hkdf;
 pub mod hmac;
 pub mod rng256;
 pub mod sha256;

From 351e6c12c6e09e92efdeef94deaaf5568451c090 Mon Sep 17 00:00:00 2001
From: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
Date: Thu, 4 Mar 2021 10:37:19 +0100
Subject: [PATCH 178/192] renames PIN protocol related variables to prepare PIN
 protocol v2 (#291)

---
 .../{pin_protocol_v1.rs => client_pin.rs}     | 194 ++++++++----------
 src/ctap/command.rs                           |  20 +-
 src/ctap/config_command.rs                    |  67 +++---
 src/ctap/credential_management.rs             | 130 ++++++------
 src/ctap/large_blobs.rs                       |  90 +++-----
 src/ctap/mod.rs                               |  63 +++---
 src/ctap/storage.rs                           |   2 +-
 7 files changed, 246 insertions(+), 320 deletions(-)
 rename src/ctap/{pin_protocol_v1.rs => client_pin.rs} (88%)

diff --git a/src/ctap/pin_protocol_v1.rs b/src/ctap/client_pin.rs
similarity index 88%
rename from src/ctap/pin_protocol_v1.rs
rename to src/ctap/client_pin.rs
index 3b00a35..ec309ed 100644
--- a/src/ctap/pin_protocol_v1.rs
+++ b/src/ctap/client_pin.rs
@@ -166,7 +166,7 @@ pub enum PinPermission {
     AuthenticatorConfiguration = 0x20,
 }
 
-pub struct PinProtocolV1 {
+pub struct ClientPin {
     key_agreement_key: crypto::ecdh::SecKey,
     pin_uv_auth_token: [u8; PIN_TOKEN_LENGTH],
     consecutive_pin_mismatches: u8,
@@ -174,11 +174,11 @@ pub struct PinProtocolV1 {
     permissions_rp_id: Option<String>,
 }
 
-impl PinProtocolV1 {
-    pub fn new(rng: &mut impl Rng256) -> PinProtocolV1 {
+impl ClientPin {
+    pub fn new(rng: &mut impl Rng256) -> ClientPin {
         let key_agreement_key = crypto::ecdh::SecKey::gensk(rng);
         let pin_uv_auth_token = rng.gen_uniform_u8x32();
-        PinProtocolV1 {
+        ClientPin {
             key_agreement_key,
             pin_uv_auth_token,
             consecutive_pin_mismatches: 0,
@@ -395,14 +395,14 @@ impl PinProtocolV1 {
         Ok(response)
     }
 
-    pub fn process_subcommand(
+    pub fn process_command(
         &mut self,
         rng: &mut impl Rng256,
         persistent_store: &mut PersistentStore,
         client_pin_params: AuthenticatorClientPinParameters,
     ) -> Result<ResponseData, Ctap2StatusCode> {
         let AuthenticatorClientPinParameters {
-            pin_protocol,
+            pin_uv_auth_protocol,
             sub_command,
             key_agreement,
             pin_auth,
@@ -412,7 +412,7 @@ impl PinProtocolV1 {
             permissions_rp_id,
         } = client_pin_params;
 
-        if pin_protocol != 1 {
+        if pin_uv_auth_protocol != 1 {
             return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
         }
 
@@ -558,8 +558,8 @@ impl PinProtocolV1 {
     pub fn new_test(
         key_agreement_key: crypto::ecdh::SecKey,
         pin_uv_auth_token: [u8; PIN_TOKEN_LENGTH],
-    ) -> PinProtocolV1 {
-        PinProtocolV1 {
+    ) -> ClientPin {
+        ClientPin {
             key_agreement_key,
             pin_uv_auth_token,
             consecutive_pin_mismatches: 0,
@@ -647,13 +647,13 @@ mod test {
         let aes_enc_key = crypto::aes256::EncryptionKey::new(&shared_secret);
         let aes_dec_key = crypto::aes256::DecryptionKey::new(&aes_enc_key);
 
-        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
+        let mut client_pin = ClientPin::new(&mut rng);
         let pin_hash_enc = vec![
             0x8D, 0x7A, 0xA3, 0x9F, 0x7F, 0xC6, 0x08, 0x13, 0x9A, 0xC8, 0x56, 0x97, 0x70, 0x74,
             0x99, 0x66,
         ];
         assert_eq!(
-            pin_protocol_v1.verify_pin_hash_enc(
+            client_pin.verify_pin_hash_enc(
                 &mut rng,
                 &mut persistent_store,
                 &aes_dec_key,
@@ -664,7 +664,7 @@ mod test {
 
         let pin_hash_enc = vec![0xEE; 16];
         assert_eq!(
-            pin_protocol_v1.verify_pin_hash_enc(
+            client_pin.verify_pin_hash_enc(
                 &mut rng,
                 &mut persistent_store,
                 &aes_dec_key,
@@ -677,9 +677,9 @@ mod test {
             0x8D, 0x7A, 0xA3, 0x9F, 0x7F, 0xC6, 0x08, 0x13, 0x9A, 0xC8, 0x56, 0x97, 0x70, 0x74,
             0x99, 0x66,
         ];
-        pin_protocol_v1.consecutive_pin_mismatches = 3;
+        client_pin.consecutive_pin_mismatches = 3;
         assert_eq!(
-            pin_protocol_v1.verify_pin_hash_enc(
+            client_pin.verify_pin_hash_enc(
                 &mut rng,
                 &mut persistent_store,
                 &aes_dec_key,
@@ -687,11 +687,11 @@ mod test {
             ),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_BLOCKED)
         );
-        pin_protocol_v1.consecutive_pin_mismatches = 0;
+        client_pin.consecutive_pin_mismatches = 0;
 
         let pin_hash_enc = vec![0x77; PIN_AUTH_LENGTH - 1];
         assert_eq!(
-            pin_protocol_v1.verify_pin_hash_enc(
+            client_pin.verify_pin_hash_enc(
                 &mut rng,
                 &mut persistent_store,
                 &aes_dec_key,
@@ -702,7 +702,7 @@ mod test {
 
         let pin_hash_enc = vec![0x77; PIN_AUTH_LENGTH + 1];
         assert_eq!(
-            pin_protocol_v1.verify_pin_hash_enc(
+            client_pin.verify_pin_hash_enc(
                 &mut rng,
                 &mut persistent_store,
                 &aes_dec_key,
@@ -716,14 +716,14 @@ mod test {
     fn test_process_get_pin_retries() {
         let mut rng = ThreadRng256 {};
         let persistent_store = PersistentStore::new(&mut rng);
-        let pin_protocol_v1 = PinProtocolV1::new(&mut rng);
+        let client_pin = ClientPin::new(&mut rng);
         let expected_response = Ok(AuthenticatorClientPinResponse {
             key_agreement: None,
             pin_token: None,
             retries: Some(persistent_store.pin_retries().unwrap() as u64),
         });
         assert_eq!(
-            pin_protocol_v1.process_get_pin_retries(&persistent_store),
+            client_pin.process_get_pin_retries(&persistent_store),
             expected_response
         );
     }
@@ -731,36 +731,28 @@ mod test {
     #[test]
     fn test_process_get_key_agreement() {
         let mut rng = ThreadRng256 {};
-        let pin_protocol_v1 = PinProtocolV1::new(&mut rng);
-        let pk = pin_protocol_v1.key_agreement_key.genpk();
+        let client_pin = ClientPin::new(&mut rng);
+        let pk = client_pin.key_agreement_key.genpk();
         let expected_response = Ok(AuthenticatorClientPinResponse {
             key_agreement: Some(CoseKey::from(pk)),
             pin_token: None,
             retries: None,
         });
-        assert_eq!(
-            pin_protocol_v1.process_get_key_agreement(),
-            expected_response
-        );
+        assert_eq!(client_pin.process_get_key_agreement(), expected_response);
     }
 
     #[test]
     fn test_process_set_pin() {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
-        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
-        let pk = pin_protocol_v1.key_agreement_key.genpk();
-        let shared_secret = pin_protocol_v1.key_agreement_key.exchange_x_sha256(&pk);
+        let mut client_pin = ClientPin::new(&mut rng);
+        let pk = client_pin.key_agreement_key.genpk();
+        let shared_secret = client_pin.key_agreement_key.exchange_x_sha256(&pk);
         let key_agreement = CoseKey::from(pk);
         let new_pin_enc = encrypt_standard_pin(&shared_secret);
         let pin_auth = hmac_256::<Sha256>(&shared_secret, &new_pin_enc[..])[..16].to_vec();
         assert_eq!(
-            pin_protocol_v1.process_set_pin(
-                &mut persistent_store,
-                key_agreement,
-                pin_auth,
-                new_pin_enc
-            ),
+            client_pin.process_set_pin(&mut persistent_store, key_agreement, pin_auth, new_pin_enc),
             Ok(())
         );
     }
@@ -770,9 +762,9 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         set_standard_pin(&mut persistent_store);
-        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
-        let pk = pin_protocol_v1.key_agreement_key.genpk();
-        let shared_secret = pin_protocol_v1.key_agreement_key.exchange_x_sha256(&pk);
+        let mut client_pin = ClientPin::new(&mut rng);
+        let pk = client_pin.key_agreement_key.genpk();
+        let shared_secret = client_pin.key_agreement_key.exchange_x_sha256(&pk);
         let key_agreement = CoseKey::from(pk);
         let new_pin_enc = encrypt_standard_pin(&shared_secret);
         let pin_hash_enc = encrypt_standard_pin_hash(&shared_secret);
@@ -780,7 +772,7 @@ mod test {
         auth_param_data.extend(&pin_hash_enc);
         let pin_auth = hmac_256::<Sha256>(&shared_secret, &auth_param_data[..])[..16].to_vec();
         assert_eq!(
-            pin_protocol_v1.process_change_pin(
+            client_pin.process_change_pin(
                 &mut rng,
                 &mut persistent_store,
                 key_agreement.clone(),
@@ -793,7 +785,7 @@ mod test {
 
         let bad_pin_hash_enc = vec![0xEE; 16];
         assert_eq!(
-            pin_protocol_v1.process_change_pin(
+            client_pin.process_change_pin(
                 &mut rng,
                 &mut persistent_store,
                 key_agreement.clone(),
@@ -808,7 +800,7 @@ mod test {
             persistent_store.decr_pin_retries().unwrap();
         }
         assert_eq!(
-            pin_protocol_v1.process_change_pin(
+            client_pin.process_change_pin(
                 &mut rng,
                 &mut persistent_store,
                 key_agreement,
@@ -825,12 +817,12 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         set_standard_pin(&mut persistent_store);
-        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
-        let pk = pin_protocol_v1.key_agreement_key.genpk();
-        let shared_secret = pin_protocol_v1.key_agreement_key.exchange_x_sha256(&pk);
+        let mut client_pin = ClientPin::new(&mut rng);
+        let pk = client_pin.key_agreement_key.genpk();
+        let shared_secret = client_pin.key_agreement_key.exchange_x_sha256(&pk);
         let key_agreement = CoseKey::from(pk);
         let pin_hash_enc = encrypt_standard_pin_hash(&shared_secret);
-        assert!(pin_protocol_v1
+        assert!(client_pin
             .process_get_pin_token(
                 &mut rng,
                 &mut persistent_store,
@@ -841,7 +833,7 @@ mod test {
 
         let pin_hash_enc = vec![0xEE; 16];
         assert_eq!(
-            pin_protocol_v1.process_get_pin_token(
+            client_pin.process_get_pin_token(
                 &mut rng,
                 &mut persistent_store,
                 key_agreement,
@@ -857,13 +849,13 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         set_standard_pin(&mut persistent_store);
         assert_eq!(persistent_store.force_pin_change(), Ok(()));
-        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
-        let pk = pin_protocol_v1.key_agreement_key.genpk();
-        let shared_secret = pin_protocol_v1.key_agreement_key.exchange_x_sha256(&pk);
+        let mut client_pin = ClientPin::new(&mut rng);
+        let pk = client_pin.key_agreement_key.genpk();
+        let shared_secret = client_pin.key_agreement_key.exchange_x_sha256(&pk);
         let key_agreement = CoseKey::from(pk);
         let pin_hash_enc = encrypt_standard_pin_hash(&shared_secret);
         assert_eq!(
-            pin_protocol_v1.process_get_pin_token(
+            client_pin.process_get_pin_token(
                 &mut rng,
                 &mut persistent_store,
                 key_agreement,
@@ -878,12 +870,12 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         set_standard_pin(&mut persistent_store);
-        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
-        let pk = pin_protocol_v1.key_agreement_key.genpk();
-        let shared_secret = pin_protocol_v1.key_agreement_key.exchange_x_sha256(&pk);
+        let mut client_pin = ClientPin::new(&mut rng);
+        let pk = client_pin.key_agreement_key.genpk();
+        let shared_secret = client_pin.key_agreement_key.exchange_x_sha256(&pk);
         let key_agreement = CoseKey::from(pk);
         let pin_hash_enc = encrypt_standard_pin_hash(&shared_secret);
-        assert!(pin_protocol_v1
+        assert!(client_pin
             .process_get_pin_uv_auth_token_using_pin_with_permissions(
                 &mut rng,
                 &mut persistent_store,
@@ -893,14 +885,14 @@ mod test {
                 Some(String::from("example.com")),
             )
             .is_ok());
-        assert_eq!(pin_protocol_v1.permissions, 0x03);
+        assert_eq!(client_pin.permissions, 0x03);
         assert_eq!(
-            pin_protocol_v1.permissions_rp_id,
+            client_pin.permissions_rp_id,
             Some(String::from("example.com"))
         );
 
         assert_eq!(
-            pin_protocol_v1.process_get_pin_uv_auth_token_using_pin_with_permissions(
+            client_pin.process_get_pin_uv_auth_token_using_pin_with_permissions(
                 &mut rng,
                 &mut persistent_store,
                 key_agreement.clone(),
@@ -912,7 +904,7 @@ mod test {
         );
 
         assert_eq!(
-            pin_protocol_v1.process_get_pin_uv_auth_token_using_pin_with_permissions(
+            client_pin.process_get_pin_uv_auth_token_using_pin_with_permissions(
                 &mut rng,
                 &mut persistent_store,
                 key_agreement.clone(),
@@ -925,7 +917,7 @@ mod test {
 
         let pin_hash_enc = vec![0xEE; 16];
         assert_eq!(
-            pin_protocol_v1.process_get_pin_uv_auth_token_using_pin_with_permissions(
+            client_pin.process_get_pin_uv_auth_token_using_pin_with_permissions(
                 &mut rng,
                 &mut persistent_store,
                 key_agreement,
@@ -943,13 +935,13 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         set_standard_pin(&mut persistent_store);
         assert_eq!(persistent_store.force_pin_change(), Ok(()));
-        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
-        let pk = pin_protocol_v1.key_agreement_key.genpk();
-        let shared_secret = pin_protocol_v1.key_agreement_key.exchange_x_sha256(&pk);
+        let mut client_pin = ClientPin::new(&mut rng);
+        let pk = client_pin.key_agreement_key.genpk();
+        let shared_secret = client_pin.key_agreement_key.exchange_x_sha256(&pk);
         let key_agreement = CoseKey::from(pk);
         let pin_hash_enc = encrypt_standard_pin_hash(&shared_secret);
         assert_eq!(
-            pin_protocol_v1.process_get_pin_uv_auth_token_using_pin_with_permissions(
+            client_pin.process_get_pin_uv_auth_token_using_pin_with_permissions(
                 &mut rng,
                 &mut persistent_store,
                 key_agreement,
@@ -965,9 +957,9 @@ mod test {
     fn test_process() {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
-        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
+        let mut client_pin = ClientPin::new(&mut rng);
         let client_pin_params = AuthenticatorClientPinParameters {
-            pin_protocol: 1,
+            pin_uv_auth_protocol: 1,
             sub_command: ClientPinSubCommand::GetPinRetries,
             key_agreement: None,
             pin_auth: None,
@@ -976,12 +968,12 @@ mod test {
             permissions: None,
             permissions_rp_id: None,
         };
-        assert!(pin_protocol_v1
-            .process_subcommand(&mut rng, &mut persistent_store, client_pin_params)
+        assert!(client_pin
+            .process_command(&mut rng, &mut persistent_store, client_pin_params)
             .is_ok());
 
         let client_pin_params = AuthenticatorClientPinParameters {
-            pin_protocol: 2,
+            pin_uv_auth_protocol: 2,
             sub_command: ClientPinSubCommand::GetPinRetries,
             key_agreement: None,
             pin_auth: None,
@@ -992,7 +984,7 @@ mod test {
         };
         let error_code = Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER;
         assert_eq!(
-            pin_protocol_v1.process_subcommand(&mut rng, &mut persistent_store, client_pin_params),
+            client_pin.process_command(&mut rng, &mut persistent_store, client_pin_params),
             Err(error_code)
         );
     }
@@ -1161,15 +1153,15 @@ mod test {
     #[test]
     fn test_has_permission() {
         let mut rng = ThreadRng256 {};
-        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
-        pin_protocol_v1.permissions = 0x7F;
+        let mut client_pin = ClientPin::new(&mut rng);
+        client_pin.permissions = 0x7F;
         for permission in PinPermission::into_enum_iter() {
-            assert_eq!(pin_protocol_v1.has_permission(permission), Ok(()));
+            assert_eq!(client_pin.has_permission(permission), Ok(()));
         }
-        pin_protocol_v1.permissions = 0x00;
+        client_pin.permissions = 0x00;
         for permission in PinPermission::into_enum_iter() {
             assert_eq!(
-                pin_protocol_v1.has_permission(permission),
+                client_pin.has_permission(permission),
                 Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
             );
         }
@@ -1178,12 +1170,12 @@ mod test {
     #[test]
     fn test_has_no_rp_id_permission() {
         let mut rng = ThreadRng256 {};
-        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
-        assert_eq!(pin_protocol_v1.has_no_rp_id_permission(), Ok(()));
-        assert_eq!(pin_protocol_v1.permissions_rp_id, None);
-        pin_protocol_v1.permissions_rp_id = Some("example.com".to_string());
+        let mut client_pin = ClientPin::new(&mut rng);
+        assert_eq!(client_pin.has_no_rp_id_permission(), Ok(()));
+        assert_eq!(client_pin.permissions_rp_id, None);
+        client_pin.permissions_rp_id = Some("example.com".to_string());
         assert_eq!(
-            pin_protocol_v1.has_no_rp_id_permission(),
+            client_pin.has_no_rp_id_permission(),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         );
     }
@@ -1191,19 +1183,13 @@ mod test {
     #[test]
     fn test_has_no_or_rp_id_permission() {
         let mut rng = ThreadRng256 {};
-        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
+        let mut client_pin = ClientPin::new(&mut rng);
+        assert_eq!(client_pin.has_no_or_rp_id_permission("example.com"), Ok(()));
+        assert_eq!(client_pin.permissions_rp_id, None);
+        client_pin.permissions_rp_id = Some("example.com".to_string());
+        assert_eq!(client_pin.has_no_or_rp_id_permission("example.com"), Ok(()));
         assert_eq!(
-            pin_protocol_v1.has_no_or_rp_id_permission("example.com"),
-            Ok(())
-        );
-        assert_eq!(pin_protocol_v1.permissions_rp_id, None);
-        pin_protocol_v1.permissions_rp_id = Some("example.com".to_string());
-        assert_eq!(
-            pin_protocol_v1.has_no_or_rp_id_permission("example.com"),
-            Ok(())
-        );
-        assert_eq!(
-            pin_protocol_v1.has_no_or_rp_id_permission("another.example.com"),
+            client_pin.has_no_or_rp_id_permission("another.example.com"),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         );
     }
@@ -1211,20 +1197,20 @@ mod test {
     #[test]
     fn test_has_no_or_rp_id_hash_permission() {
         let mut rng = ThreadRng256 {};
-        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
+        let mut client_pin = ClientPin::new(&mut rng);
         let rp_id_hash = Sha256::hash(b"example.com");
         assert_eq!(
-            pin_protocol_v1.has_no_or_rp_id_hash_permission(&rp_id_hash),
+            client_pin.has_no_or_rp_id_hash_permission(&rp_id_hash),
             Ok(())
         );
-        assert_eq!(pin_protocol_v1.permissions_rp_id, None);
-        pin_protocol_v1.permissions_rp_id = Some("example.com".to_string());
+        assert_eq!(client_pin.permissions_rp_id, None);
+        client_pin.permissions_rp_id = Some("example.com".to_string());
         assert_eq!(
-            pin_protocol_v1.has_no_or_rp_id_hash_permission(&rp_id_hash),
+            client_pin.has_no_or_rp_id_hash_permission(&rp_id_hash),
             Ok(())
         );
         assert_eq!(
-            pin_protocol_v1.has_no_or_rp_id_hash_permission(&[0x4A; 32]),
+            client_pin.has_no_or_rp_id_hash_permission(&[0x4A; 32]),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         );
     }
@@ -1232,21 +1218,15 @@ mod test {
     #[test]
     fn test_ensure_rp_id_permission() {
         let mut rng = ThreadRng256 {};
-        let mut pin_protocol_v1 = PinProtocolV1::new(&mut rng);
+        let mut client_pin = ClientPin::new(&mut rng);
+        assert_eq!(client_pin.ensure_rp_id_permission("example.com"), Ok(()));
         assert_eq!(
-            pin_protocol_v1.ensure_rp_id_permission("example.com"),
-            Ok(())
-        );
-        assert_eq!(
-            pin_protocol_v1.permissions_rp_id,
+            client_pin.permissions_rp_id,
             Some(String::from("example.com"))
         );
+        assert_eq!(client_pin.ensure_rp_id_permission("example.com"), Ok(()));
         assert_eq!(
-            pin_protocol_v1.ensure_rp_id_permission("example.com"),
-            Ok(())
-        );
-        assert_eq!(
-            pin_protocol_v1.ensure_rp_id_permission("counter-example.com"),
+            client_pin.ensure_rp_id_permission("counter-example.com"),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         );
     }
diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index 78a80aa..8c5aaec 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -304,7 +304,7 @@ impl TryFrom<cbor::Value> for AuthenticatorGetAssertionParameters {
 
 #[derive(Debug, PartialEq)]
 pub struct AuthenticatorClientPinParameters {
-    pub pin_protocol: u64,
+    pub pin_uv_auth_protocol: u64,
     pub sub_command: ClientPinSubCommand,
     pub key_agreement: Option<CoseKey>,
     pub pin_auth: Option<Vec<u8>>,
@@ -320,7 +320,7 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
     fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
         destructure_cbor_map! {
             let {
-                0x01 => pin_protocol,
+                0x01 => pin_uv_auth_protocol,
                 0x02 => sub_command,
                 0x03 => key_agreement,
                 0x04 => pin_auth,
@@ -331,7 +331,7 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
             } = extract_map(cbor_value)?;
         }
 
-        let pin_protocol = extract_unsigned(ok_or_missing(pin_protocol)?)?;
+        let pin_uv_auth_protocol = extract_unsigned(ok_or_missing(pin_uv_auth_protocol)?)?;
         let sub_command = ClientPinSubCommand::try_from(ok_or_missing(sub_command)?)?;
         let key_agreement = key_agreement.map(CoseKey::try_from).transpose()?;
         let pin_auth = pin_auth.map(extract_byte_string).transpose()?;
@@ -346,7 +346,7 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
         let permissions_rp_id = permissions_rp_id.map(extract_text_string).transpose()?;
 
         Ok(AuthenticatorClientPinParameters {
-            pin_protocol,
+            pin_uv_auth_protocol,
             sub_command,
             key_agreement,
             pin_auth,
@@ -506,7 +506,7 @@ impl TryFrom<cbor::Value> for AuthenticatorAttestationMaterial {
 pub struct AuthenticatorCredentialManagementParameters {
     pub sub_command: CredentialManagementSubCommand,
     pub sub_command_params: Option<CredentialManagementSubCommandParameters>,
-    pub pin_protocol: Option<u64>,
+    pub pin_uv_auth_protocol: Option<u64>,
     pub pin_auth: Option<Vec<u8>>,
 }
 
@@ -518,7 +518,7 @@ impl TryFrom<cbor::Value> for AuthenticatorCredentialManagementParameters {
             let {
                 0x01 => sub_command,
                 0x02 => sub_command_params,
-                0x03 => pin_protocol,
+                0x03 => pin_uv_auth_protocol,
                 0x04 => pin_auth,
             } = extract_map(cbor_value)?;
         }
@@ -527,13 +527,13 @@ impl TryFrom<cbor::Value> for AuthenticatorCredentialManagementParameters {
         let sub_command_params = sub_command_params
             .map(CredentialManagementSubCommandParameters::try_from)
             .transpose()?;
-        let pin_protocol = pin_protocol.map(extract_unsigned).transpose()?;
+        let pin_uv_auth_protocol = pin_uv_auth_protocol.map(extract_unsigned).transpose()?;
         let pin_auth = pin_auth.map(extract_byte_string).transpose()?;
 
         Ok(AuthenticatorCredentialManagementParameters {
             sub_command,
             sub_command_params,
-            pin_protocol,
+            pin_uv_auth_protocol,
             pin_auth,
         })
     }
@@ -706,7 +706,7 @@ mod test {
             AuthenticatorClientPinParameters::try_from(cbor_value).unwrap();
 
         let expected_client_pin_parameters = AuthenticatorClientPinParameters {
-            pin_protocol: 1,
+            pin_uv_auth_protocol: 1,
             sub_command: ClientPinSubCommand::GetPinRetries,
             key_agreement: Some(cose_key),
             pin_auth: Some(vec![0xBB]),
@@ -765,7 +765,7 @@ mod test {
         let expected_cred_management_parameters = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::EnumerateCredentialsBegin,
             sub_command_params: Some(params),
-            pin_protocol: Some(1),
+            pin_uv_auth_protocol: Some(1),
             pin_auth: Some(vec![0x9A; 16]),
         };
 
diff --git a/src/ctap/config_command.rs b/src/ctap/config_command.rs
index cf98889..4a7f868 100644
--- a/src/ctap/config_command.rs
+++ b/src/ctap/config_command.rs
@@ -12,9 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use super::client_pin::ClientPin;
 use super::command::AuthenticatorConfigParameters;
 use super::data_formats::{ConfigSubCommand, ConfigSubCommandParams, SetMinPinLengthParams};
-use super::pin_protocol_v1::PinProtocolV1;
 use super::response::ResponseData;
 use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
@@ -76,7 +76,7 @@ fn process_set_min_pin_length(
 /// Processes the AuthenticatorConfig command.
 pub fn process_config(
     persistent_store: &mut PersistentStore,
-    pin_protocol_v1: &mut PinProtocolV1,
+    client_pin: &mut ClientPin,
     params: AuthenticatorConfigParameters,
 ) -> Result<ResponseData, Ctap2StatusCode> {
     let AuthenticatorConfigParameters {
@@ -103,7 +103,7 @@ pub fn process_config(
                 return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
             }
         }
-        if !pin_protocol_v1.verify_pin_auth_token(&config_data, &auth_param) {
+        if !client_pin.verify_pin_auth_token(&config_data, &auth_param) {
             return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
         }
     }
@@ -136,7 +136,7 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
 
         let config_params = AuthenticatorConfigParameters {
             sub_command: ConfigSubCommand::EnableEnterpriseAttestation,
@@ -144,8 +144,7 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let config_response =
-            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
 
         if ENTERPRISE_ATTESTATION_MODE.is_some() {
             assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
@@ -164,7 +163,7 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
 
         let config_params = AuthenticatorConfigParameters {
             sub_command: ConfigSubCommand::ToggleAlwaysUv,
@@ -172,8 +171,7 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let config_response =
-            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
         assert!(persistent_store.has_always_uv().unwrap());
 
@@ -183,8 +181,7 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let config_response =
-            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         if ENFORCE_ALWAYS_UV {
             assert_eq!(
                 config_response,
@@ -202,7 +199,7 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
         persistent_store.set_pin(&[0x88; 16], 4).unwrap();
 
         let pin_uv_auth_param = Some(vec![
@@ -215,8 +212,7 @@ mod test {
             pin_uv_auth_param: pin_uv_auth_param.clone(),
             pin_uv_auth_protocol: Some(1),
         };
-        let config_response =
-            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         if ENFORCE_ALWAYS_UV {
             assert_eq!(
                 config_response,
@@ -233,8 +229,7 @@ mod test {
             pin_uv_auth_param,
             pin_uv_auth_protocol: Some(1),
         };
-        let config_response =
-            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
         assert!(!persistent_store.has_always_uv().unwrap());
     }
@@ -264,13 +259,12 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
 
         // First, increase minimum PIN length from 4 to 6 without PIN auth.
         let min_pin_length = 6;
         let config_params = create_min_pin_config_params(min_pin_length, None);
-        let config_response =
-            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
         assert_eq!(persistent_store.min_pin_length(), Ok(min_pin_length));
 
@@ -284,8 +278,7 @@ mod test {
             0xB2, 0xDE,
         ];
         config_params.pin_uv_auth_param = Some(pin_auth);
-        let config_response =
-            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
         assert_eq!(persistent_store.min_pin_length(), Ok(min_pin_length));
 
@@ -296,8 +289,7 @@ mod test {
             0xA7, 0x71,
         ];
         config_params.pin_uv_auth_param = Some(pin_auth);
-        let config_response =
-            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(
             config_response,
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_POLICY_VIOLATION)
@@ -311,15 +303,14 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
 
         // First, set RP IDs without PIN auth.
         let min_pin_length = 6;
         let min_pin_length_rp_ids = vec!["example.com".to_string()];
         let config_params =
             create_min_pin_config_params(min_pin_length, Some(min_pin_length_rp_ids.clone()));
-        let config_response =
-            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
         assert_eq!(persistent_store.min_pin_length(), Ok(min_pin_length));
         assert_eq!(
@@ -339,8 +330,7 @@ mod test {
             0xD6, 0xDA,
         ];
         config_params.pin_uv_auth_param = Some(pin_auth.clone());
-        let config_response =
-            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
         assert_eq!(persistent_store.min_pin_length(), Ok(min_pin_length));
         assert_eq!(
@@ -353,8 +343,7 @@ mod test {
         let mut config_params =
             create_min_pin_config_params(9, Some(min_pin_length_rp_ids.clone()));
         config_params.pin_uv_auth_param = Some(pin_auth.clone());
-        let config_response =
-            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(
             config_response,
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
@@ -372,8 +361,7 @@ mod test {
             Some(vec!["counter.example.com".to_string()]),
         );
         config_params.pin_uv_auth_param = Some(pin_auth);
-        let config_response =
-            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(
             config_response,
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
@@ -391,7 +379,7 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
 
         persistent_store.set_pin(&[0x88; 16], 4).unwrap();
         // Increase min PIN, force PIN change.
@@ -402,8 +390,7 @@ mod test {
             0xA8, 0xC8,
         ]);
         config_params.pin_uv_auth_param = pin_uv_auth_param;
-        let config_response =
-            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
         assert_eq!(persistent_store.min_pin_length(), Ok(min_pin_length));
         assert_eq!(persistent_store.has_force_pin_change(), Ok(true));
@@ -415,7 +402,7 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
 
         persistent_store.set_pin(&[0x88; 16], 4).unwrap();
         let pin_uv_auth_param = Some(vec![
@@ -435,8 +422,7 @@ mod test {
             pin_uv_auth_param,
             pin_uv_auth_protocol: Some(1),
         };
-        let config_response =
-            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
         assert_eq!(persistent_store.has_force_pin_change(), Ok(true));
     }
@@ -447,7 +433,7 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
 
         let config_params = AuthenticatorConfigParameters {
             sub_command: ConfigSubCommand::VendorPrototype,
@@ -455,8 +441,7 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let config_response =
-            process_config(&mut persistent_store, &mut pin_protocol_v1, config_params);
+        let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(
             config_response,
             Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
diff --git a/src/ctap/credential_management.rs b/src/ctap/credential_management.rs
index 5a2cc4b..e392ead 100644
--- a/src/ctap/credential_management.rs
+++ b/src/ctap/credential_management.rs
@@ -12,13 +12,13 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use super::client_pin::{ClientPin, PinPermission};
 use super::command::AuthenticatorCredentialManagementParameters;
 use super::data_formats::{
     CoseKey, CredentialManagementSubCommand, CredentialManagementSubCommandParameters,
     PublicKeyCredentialDescriptor, PublicKeyCredentialRpEntity, PublicKeyCredentialSource,
     PublicKeyCredentialUserEntity,
 };
-use super::pin_protocol_v1::{PinPermission, PinProtocolV1};
 use super::response::{AuthenticatorCredentialManagementResponse, ResponseData};
 use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
@@ -110,15 +110,15 @@ fn enumerate_credentials_response(
 /// Either no RP ID is associated, or the RP ID matches the stored credential.
 fn check_rp_id_permissions(
     persistent_store: &mut PersistentStore,
-    pin_protocol_v1: &mut PinProtocolV1,
+    client_pin: &mut ClientPin,
     credential_id: &[u8],
 ) -> Result<(), Ctap2StatusCode> {
     // Pre-check a sufficient condition before calling the store.
-    if pin_protocol_v1.has_no_rp_id_permission().is_ok() {
+    if client_pin.has_no_rp_id_permission().is_ok() {
         return Ok(());
     }
     let (_, credential) = persistent_store.find_credential_item(credential_id)?;
-    pin_protocol_v1.has_no_or_rp_id_permission(&credential.rp_id)
+    client_pin.has_no_or_rp_id_permission(&credential.rp_id)
 }
 
 /// Processes the subcommand getCredsMetadata for CredentialManagement.
@@ -173,14 +173,14 @@ fn process_enumerate_rps_get_next_rp(
 fn process_enumerate_credentials_begin(
     persistent_store: &PersistentStore,
     stateful_command_permission: &mut StatefulPermission,
-    pin_protocol_v1: &mut PinProtocolV1,
+    client_pin: &mut ClientPin,
     sub_command_params: CredentialManagementSubCommandParameters,
     now: ClockValue,
 ) -> Result<AuthenticatorCredentialManagementResponse, Ctap2StatusCode> {
     let rp_id_hash = sub_command_params
         .rp_id_hash
         .ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?;
-    pin_protocol_v1.has_no_or_rp_id_hash_permission(&rp_id_hash[..])?;
+    client_pin.has_no_or_rp_id_hash_permission(&rp_id_hash[..])?;
     let mut iter_result = Ok(());
     let iter = persistent_store.iter_credentials(&mut iter_result)?;
     let mut rp_credentials: Vec<usize> = iter
@@ -219,21 +219,21 @@ fn process_enumerate_credentials_get_next_credential(
 /// Processes the subcommand deleteCredential for CredentialManagement.
 fn process_delete_credential(
     persistent_store: &mut PersistentStore,
-    pin_protocol_v1: &mut PinProtocolV1,
+    client_pin: &mut ClientPin,
     sub_command_params: CredentialManagementSubCommandParameters,
 ) -> Result<(), Ctap2StatusCode> {
     let credential_id = sub_command_params
         .credential_id
         .ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?
         .key_id;
-    check_rp_id_permissions(persistent_store, pin_protocol_v1, &credential_id)?;
+    check_rp_id_permissions(persistent_store, client_pin, &credential_id)?;
     persistent_store.delete_credential(&credential_id)
 }
 
 /// Processes the subcommand updateUserInformation for CredentialManagement.
 fn process_update_user_information(
     persistent_store: &mut PersistentStore,
-    pin_protocol_v1: &mut PinProtocolV1,
+    client_pin: &mut ClientPin,
     sub_command_params: CredentialManagementSubCommandParameters,
 ) -> Result<(), Ctap2StatusCode> {
     let credential_id = sub_command_params
@@ -243,7 +243,7 @@ fn process_update_user_information(
     let user = sub_command_params
         .user
         .ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?;
-    check_rp_id_permissions(persistent_store, pin_protocol_v1, &credential_id)?;
+    check_rp_id_permissions(persistent_store, client_pin, &credential_id)?;
     persistent_store.update_credential(&credential_id, user)
 }
 
@@ -251,14 +251,14 @@ fn process_update_user_information(
 pub fn process_credential_management(
     persistent_store: &mut PersistentStore,
     stateful_command_permission: &mut StatefulPermission,
-    pin_protocol_v1: &mut PinProtocolV1,
+    client_pin: &mut ClientPin,
     cred_management_params: AuthenticatorCredentialManagementParameters,
     now: ClockValue,
 ) -> Result<ResponseData, Ctap2StatusCode> {
     let AuthenticatorCredentialManagementParameters {
         sub_command,
         sub_command_params,
-        pin_protocol,
+        pin_uv_auth_protocol,
         pin_auth,
     } = cred_management_params;
 
@@ -282,7 +282,7 @@ pub fn process_credential_management(
         | CredentialManagementSubCommand::EnumerateCredentialsBegin
         | CredentialManagementSubCommand::DeleteCredential
         | CredentialManagementSubCommand::UpdateUserInformation => {
-            check_pin_uv_auth_protocol(pin_protocol)?;
+            check_pin_uv_auth_protocol(pin_uv_auth_protocol)?;
             let pin_auth = pin_auth.ok_or(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
             let mut management_data = vec![sub_command as u8];
             if let Some(sub_command_params) = sub_command_params.clone() {
@@ -290,11 +290,11 @@ pub fn process_credential_management(
                     return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
                 }
             }
-            if !pin_protocol_v1.verify_pin_auth_token(&management_data, &pin_auth) {
+            if !client_pin.verify_pin_auth_token(&management_data, &pin_auth) {
                 return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
             }
             // The RP ID permission is handled differently per subcommand below.
-            pin_protocol_v1.has_permission(PinPermission::CredentialManagement)?;
+            client_pin.has_permission(PinPermission::CredentialManagement)?;
         }
         CredentialManagementSubCommand::EnumerateRpsGetNextRp
         | CredentialManagementSubCommand::EnumerateCredentialsGetNextCredential => {}
@@ -302,11 +302,11 @@ pub fn process_credential_management(
 
     let response = match sub_command {
         CredentialManagementSubCommand::GetCredsMetadata => {
-            pin_protocol_v1.has_no_rp_id_permission()?;
+            client_pin.has_no_rp_id_permission()?;
             Some(process_get_creds_metadata(persistent_store)?)
         }
         CredentialManagementSubCommand::EnumerateRpsBegin => {
-            pin_protocol_v1.has_no_rp_id_permission()?;
+            client_pin.has_no_rp_id_permission()?;
             Some(process_enumerate_rps_begin(
                 persistent_store,
                 stateful_command_permission,
@@ -320,7 +320,7 @@ pub fn process_credential_management(
             Some(process_enumerate_credentials_begin(
                 persistent_store,
                 stateful_command_permission,
-                pin_protocol_v1,
+                client_pin,
                 sub_command_params.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
                 now,
             )?)
@@ -334,7 +334,7 @@ pub fn process_credential_management(
         CredentialManagementSubCommand::DeleteCredential => {
             process_delete_credential(
                 persistent_store,
-                pin_protocol_v1,
+                client_pin,
                 sub_command_params.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
             )?;
             None
@@ -342,7 +342,7 @@ pub fn process_credential_management(
         CredentialManagementSubCommand::UpdateUserInformation => {
             process_update_user_information(
                 persistent_store,
-                pin_protocol_v1,
+                client_pin,
                 sub_command_params.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
             )?;
             None
@@ -384,12 +384,12 @@ mod test {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
         let credential_source = create_credential_source(&mut rng);
 
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
-        ctap_state.pin_protocol_v1 = pin_protocol_v1;
+        ctap_state.client_pin = client_pin;
 
         ctap_state.persistent_store.set_pin(&[0u8; 16], 4).unwrap();
         let pin_auth = Some(vec![
@@ -400,13 +400,13 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::GetCredsMetadata,
             sub_command_params: None,
-            pin_protocol: Some(1),
+            pin_uv_auth_protocol: Some(1),
             pin_auth: pin_auth.clone(),
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.pin_protocol_v1,
+            &mut ctap_state.client_pin,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
         );
@@ -428,13 +428,13 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::GetCredsMetadata,
             sub_command_params: None,
-            pin_protocol: Some(1),
+            pin_uv_auth_protocol: Some(1),
             pin_auth,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.pin_protocol_v1,
+            &mut ctap_state.client_pin,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
         );
@@ -455,14 +455,14 @@ mod test {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
         let credential_source1 = create_credential_source(&mut rng);
         let mut credential_source2 = create_credential_source(&mut rng);
         credential_source2.rp_id = "another.example.com".to_string();
 
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
-        ctap_state.pin_protocol_v1 = pin_protocol_v1;
+        ctap_state.client_pin = client_pin;
 
         ctap_state
             .persistent_store
@@ -482,13 +482,13 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::EnumerateRpsBegin,
             sub_command_params: None,
-            pin_protocol: Some(1),
+            pin_uv_auth_protocol: Some(1),
             pin_auth,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.pin_protocol_v1,
+            &mut ctap_state.client_pin,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
         );
@@ -506,13 +506,13 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::EnumerateRpsGetNextRp,
             sub_command_params: None,
-            pin_protocol: None,
+            pin_uv_auth_protocol: None,
             pin_auth: None,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.pin_protocol_v1,
+            &mut ctap_state.client_pin,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
         );
@@ -531,13 +531,13 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::EnumerateRpsGetNextRp,
             sub_command_params: None,
-            pin_protocol: None,
+            pin_uv_auth_protocol: None,
             pin_auth: None,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.pin_protocol_v1,
+            &mut ctap_state.client_pin,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
         );
@@ -552,12 +552,12 @@ mod test {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
         let credential_source = create_credential_source(&mut rng);
 
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
-        ctap_state.pin_protocol_v1 = pin_protocol_v1;
+        ctap_state.client_pin = client_pin;
 
         const NUM_CREDENTIALS: usize = 20;
         for i in 0..NUM_CREDENTIALS {
@@ -581,7 +581,7 @@ mod test {
         let mut cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::EnumerateRpsBegin,
             sub_command_params: None,
-            pin_protocol: Some(1),
+            pin_uv_auth_protocol: Some(1),
             pin_auth,
         };
 
@@ -589,7 +589,7 @@ mod test {
             let cred_management_response = process_credential_management(
                 &mut ctap_state.persistent_store,
                 &mut ctap_state.stateful_command_permission,
-                &mut ctap_state.pin_protocol_v1,
+                &mut ctap_state.client_pin,
                 cred_management_params,
                 DUMMY_CLOCK_VALUE,
             );
@@ -611,7 +611,7 @@ mod test {
             cred_management_params = AuthenticatorCredentialManagementParameters {
                 sub_command: CredentialManagementSubCommand::EnumerateRpsGetNextRp,
                 sub_command_params: None,
-                pin_protocol: None,
+                pin_uv_auth_protocol: None,
                 pin_auth: None,
             };
         }
@@ -619,7 +619,7 @@ mod test {
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.pin_protocol_v1,
+            &mut ctap_state.client_pin,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
         );
@@ -634,7 +634,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
         let credential_source1 = create_credential_source(&mut rng);
         let mut credential_source2 = create_credential_source(&mut rng);
         credential_source2.user_handle = vec![0x02];
@@ -644,7 +644,7 @@ mod test {
 
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
-        ctap_state.pin_protocol_v1 = pin_protocol_v1;
+        ctap_state.client_pin = client_pin;
 
         ctap_state
             .persistent_store
@@ -671,13 +671,13 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::EnumerateCredentialsBegin,
             sub_command_params: Some(sub_command_params),
-            pin_protocol: Some(1),
+            pin_uv_auth_protocol: Some(1),
             pin_auth,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.pin_protocol_v1,
+            &mut ctap_state.client_pin,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
         );
@@ -694,13 +694,13 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::EnumerateCredentialsGetNextCredential,
             sub_command_params: None,
-            pin_protocol: None,
+            pin_uv_auth_protocol: None,
             pin_auth: None,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.pin_protocol_v1,
+            &mut ctap_state.client_pin,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
         );
@@ -718,13 +718,13 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::EnumerateCredentialsGetNextCredential,
             sub_command_params: None,
-            pin_protocol: None,
+            pin_uv_auth_protocol: None,
             pin_auth: None,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.pin_protocol_v1,
+            &mut ctap_state.client_pin,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
         );
@@ -739,13 +739,13 @@ mod test {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
         let mut credential_source = create_credential_source(&mut rng);
         credential_source.credential_id = vec![0x1D; 32];
 
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
-        ctap_state.pin_protocol_v1 = pin_protocol_v1;
+        ctap_state.client_pin = client_pin;
 
         ctap_state
             .persistent_store
@@ -771,13 +771,13 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::DeleteCredential,
             sub_command_params: Some(sub_command_params.clone()),
-            pin_protocol: Some(1),
+            pin_uv_auth_protocol: Some(1),
             pin_auth: pin_auth.clone(),
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.pin_protocol_v1,
+            &mut ctap_state.client_pin,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
         );
@@ -789,13 +789,13 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::DeleteCredential,
             sub_command_params: Some(sub_command_params),
-            pin_protocol: Some(1),
+            pin_uv_auth_protocol: Some(1),
             pin_auth,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.pin_protocol_v1,
+            &mut ctap_state.client_pin,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
         );
@@ -810,13 +810,13 @@ mod test {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
         let mut credential_source = create_credential_source(&mut rng);
         credential_source.credential_id = vec![0x1D; 32];
 
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
-        ctap_state.pin_protocol_v1 = pin_protocol_v1;
+        ctap_state.client_pin = client_pin;
 
         ctap_state
             .persistent_store
@@ -848,13 +848,13 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::UpdateUserInformation,
             sub_command_params: Some(sub_command_params),
-            pin_protocol: Some(1),
+            pin_uv_auth_protocol: Some(1),
             pin_auth,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.pin_protocol_v1,
+            &mut ctap_state.client_pin,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
         );
@@ -878,15 +878,15 @@ mod test {
     }
 
     #[test]
-    fn test_process_credential_management_invalid_pin_protocol() {
+    fn test_process_credential_management_invalid_pin_uv_auth_protocol() {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
 
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
-        ctap_state.pin_protocol_v1 = pin_protocol_v1;
+        ctap_state.client_pin = client_pin;
 
         ctap_state.persistent_store.set_pin(&[0u8; 16], 4).unwrap();
         let pin_auth = Some(vec![
@@ -897,13 +897,13 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::GetCredsMetadata,
             sub_command_params: None,
-            pin_protocol: Some(123456),
+            pin_uv_auth_protocol: Some(123456),
             pin_auth,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.pin_protocol_v1,
+            &mut ctap_state.client_pin,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
         );
@@ -924,13 +924,13 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::GetCredsMetadata,
             sub_command_params: None,
-            pin_protocol: Some(1),
+            pin_uv_auth_protocol: Some(1),
             pin_auth: Some(vec![0u8; 16]),
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
             &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.pin_protocol_v1,
+            &mut ctap_state.client_pin,
             cred_management_params,
             DUMMY_CLOCK_VALUE,
         );
diff --git a/src/ctap/large_blobs.rs b/src/ctap/large_blobs.rs
index f84c1a9..b74f982 100644
--- a/src/ctap/large_blobs.rs
+++ b/src/ctap/large_blobs.rs
@@ -13,8 +13,8 @@
 // limitations under the License.
 
 use super::check_pin_uv_auth_protocol;
+use super::client_pin::{ClientPin, PinPermission};
 use super::command::AuthenticatorLargeBlobsParameters;
-use super::pin_protocol_v1::{PinPermission, PinProtocolV1};
 use super::response::{AuthenticatorLargeBlobsResponse, ResponseData};
 use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
@@ -51,7 +51,7 @@ impl LargeBlobs {
     pub fn process_command(
         &mut self,
         persistent_store: &mut PersistentStore,
-        pin_protocol_v1: &mut PinProtocolV1,
+        client_pin: &mut ClientPin,
         large_blobs_params: AuthenticatorLargeBlobsParameters,
     ) -> Result<ResponseData, Ctap2StatusCode> {
         let AuthenticatorLargeBlobsParameters {
@@ -94,14 +94,14 @@ impl LargeBlobs {
                 // TODO(kaczmarczyck) Error codes for PIN protocol differ across commands.
                 // Change to Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED for None?
                 check_pin_uv_auth_protocol(pin_uv_auth_protocol)?;
-                pin_protocol_v1.has_permission(PinPermission::LargeBlobWrite)?;
+                client_pin.has_permission(PinPermission::LargeBlobWrite)?;
                 let mut message = vec![0xFF; 32];
                 message.extend(&[0x0C, 0x00]);
                 let mut offset_bytes = [0u8; 4];
                 LittleEndian::write_u32(&mut offset_bytes, offset as u32);
                 message.extend(&offset_bytes);
                 message.extend(&Sha256::hash(set.as_slice()));
-                if !pin_protocol_v1.verify_pin_auth_token(&message, &pin_uv_auth_param) {
+                if !client_pin.verify_pin_auth_token(&message, &pin_uv_auth_param) {
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
                 }
             }
@@ -146,7 +146,7 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
         let mut large_blobs = LargeBlobs::new();
 
         let large_blob = vec![
@@ -161,11 +161,8 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let large_blobs_response = large_blobs.process_command(
-            &mut persistent_store,
-            &mut pin_protocol_v1,
-            large_blobs_params,
-        );
+        let large_blobs_response =
+            large_blobs.process_command(&mut persistent_store, &mut client_pin, large_blobs_params);
         match large_blobs_response.unwrap() {
             ResponseData::AuthenticatorLargeBlobs(Some(response)) => {
                 assert_eq!(response.config, large_blob);
@@ -180,7 +177,7 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
         let mut large_blobs = LargeBlobs::new();
 
         const BLOB_LEN: usize = 200;
@@ -196,11 +193,8 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let large_blobs_response = large_blobs.process_command(
-            &mut persistent_store,
-            &mut pin_protocol_v1,
-            large_blobs_params,
-        );
+        let large_blobs_response =
+            large_blobs.process_command(&mut persistent_store, &mut client_pin, large_blobs_params);
         assert_eq!(
             large_blobs_response,
             Ok(ResponseData::AuthenticatorLargeBlobs(None))
@@ -214,11 +208,8 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let large_blobs_response = large_blobs.process_command(
-            &mut persistent_store,
-            &mut pin_protocol_v1,
-            large_blobs_params,
-        );
+        let large_blobs_response =
+            large_blobs.process_command(&mut persistent_store, &mut client_pin, large_blobs_params);
         assert_eq!(
             large_blobs_response,
             Ok(ResponseData::AuthenticatorLargeBlobs(None))
@@ -232,11 +223,8 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let large_blobs_response = large_blobs.process_command(
-            &mut persistent_store,
-            &mut pin_protocol_v1,
-            large_blobs_params,
-        );
+        let large_blobs_response =
+            large_blobs.process_command(&mut persistent_store, &mut client_pin, large_blobs_params);
         match large_blobs_response.unwrap() {
             ResponseData::AuthenticatorLargeBlobs(Some(response)) => {
                 assert_eq!(response.config, large_blob);
@@ -251,7 +239,7 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
         let mut large_blobs = LargeBlobs::new();
 
         const BLOB_LEN: usize = 200;
@@ -267,11 +255,8 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let large_blobs_response = large_blobs.process_command(
-            &mut persistent_store,
-            &mut pin_protocol_v1,
-            large_blobs_params,
-        );
+        let large_blobs_response =
+            large_blobs.process_command(&mut persistent_store, &mut client_pin, large_blobs_params);
         assert_eq!(
             large_blobs_response,
             Ok(ResponseData::AuthenticatorLargeBlobs(None))
@@ -286,11 +271,8 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let large_blobs_response = large_blobs.process_command(
-            &mut persistent_store,
-            &mut pin_protocol_v1,
-            large_blobs_params,
-        );
+        let large_blobs_response =
+            large_blobs.process_command(&mut persistent_store, &mut client_pin, large_blobs_params);
         assert_eq!(
             large_blobs_response,
             Err(Ctap2StatusCode::CTAP1_ERR_INVALID_SEQ),
@@ -303,7 +285,7 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
         let mut large_blobs = LargeBlobs::new();
 
         const BLOB_LEN: usize = 200;
@@ -320,11 +302,8 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let large_blobs_response = large_blobs.process_command(
-            &mut persistent_store,
-            &mut pin_protocol_v1,
-            large_blobs_params,
-        );
+        let large_blobs_response =
+            large_blobs.process_command(&mut persistent_store, &mut client_pin, large_blobs_params);
         assert_eq!(
             large_blobs_response,
             Ok(ResponseData::AuthenticatorLargeBlobs(None))
@@ -338,11 +317,8 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let large_blobs_response = large_blobs.process_command(
-            &mut persistent_store,
-            &mut pin_protocol_v1,
-            large_blobs_params,
-        );
+        let large_blobs_response =
+            large_blobs.process_command(&mut persistent_store, &mut client_pin, large_blobs_params);
         assert_eq!(
             large_blobs_response,
             Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER),
@@ -355,7 +331,7 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
         let mut large_blobs = LargeBlobs::new();
 
         const BLOB_LEN: usize = 20;
@@ -370,11 +346,8 @@ mod test {
             pin_uv_auth_param: None,
             pin_uv_auth_protocol: None,
         };
-        let large_blobs_response = large_blobs.process_command(
-            &mut persistent_store,
-            &mut pin_protocol_v1,
-            large_blobs_params,
-        );
+        let large_blobs_response =
+            large_blobs.process_command(&mut persistent_store, &mut client_pin, large_blobs_params);
         assert_eq!(
             large_blobs_response,
             Err(Ctap2StatusCode::CTAP2_ERR_INTEGRITY_FAILURE),
@@ -387,7 +360,7 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
         let mut large_blobs = LargeBlobs::new();
 
         const BLOB_LEN: usize = 20;
@@ -409,11 +382,8 @@ mod test {
             pin_uv_auth_param,
             pin_uv_auth_protocol: Some(1),
         };
-        let large_blobs_response = large_blobs.process_command(
-            &mut persistent_store,
-            &mut pin_protocol_v1,
-            large_blobs_params,
-        );
+        let large_blobs_response =
+            large_blobs.process_command(&mut persistent_store, &mut client_pin, large_blobs_params);
         assert_eq!(
             large_blobs_response,
             Ok(ResponseData::AuthenticatorLargeBlobs(None))
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index f74b16e..d9606e8 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -13,6 +13,7 @@
 // limitations under the License.
 
 pub mod apdu;
+mod client_pin;
 pub mod command;
 mod config_command;
 mod credential_management;
@@ -23,15 +24,15 @@ pub mod data_formats;
 pub mod hid;
 mod key_material;
 mod large_blobs;
-mod pin_protocol_v1;
 pub mod response;
 pub mod status_code;
 mod storage;
 mod timed_permission;
 
+use self::client_pin::{ClientPin, PinPermission};
 use self::command::{
-    AuthenticatorClientPinParameters, AuthenticatorGetAssertionParameters,
-    AuthenticatorMakeCredentialParameters, AuthenticatorVendorConfigureParameters, Command,
+    AuthenticatorGetAssertionParameters, AuthenticatorMakeCredentialParameters,
+    AuthenticatorVendorConfigureParameters, Command,
 };
 use self::config_command::process_config;
 use self::credential_management::process_credential_management;
@@ -48,7 +49,6 @@ use self::data_formats::{
 };
 use self::hid::ChannelID;
 use self::large_blobs::{LargeBlobs, MAX_MSG_SIZE};
-use self::pin_protocol_v1::{PinPermission, PinProtocolV1};
 use self::response::{
     AuthenticatorGetAssertionResponse, AuthenticatorGetInfoResponse,
     AuthenticatorMakeCredentialResponse, AuthenticatorVendorResponse, ResponseData,
@@ -278,7 +278,7 @@ pub struct CtapState<'a, R: Rng256, CheckUserPresence: Fn(ChannelID) -> Result<(
     // false otherwise.
     check_user_presence: CheckUserPresence,
     persistent_store: PersistentStore,
-    pin_protocol_v1: PinProtocolV1,
+    client_pin: ClientPin,
     #[cfg(feature = "with_ctap1")]
     pub u2f_up_state: U2fUserPresenceState,
     // The state initializes to Reset and its timeout, and never goes back to Reset.
@@ -297,12 +297,12 @@ where
         now: ClockValue,
     ) -> CtapState<'a, R, CheckUserPresence> {
         let persistent_store = PersistentStore::new(rng);
-        let pin_protocol_v1 = PinProtocolV1::new(rng);
+        let client_pin = ClientPin::new(rng);
         CtapState {
             rng,
             check_user_presence,
             persistent_store,
-            pin_protocol_v1,
+            client_pin,
             #[cfg(feature = "with_ctap1")]
             u2f_up_state: U2fUserPresenceState::new(
                 U2F_UP_PROMPT_TIMEOUT,
@@ -473,13 +473,17 @@ where
                     }
                     Command::AuthenticatorGetNextAssertion => self.process_get_next_assertion(now),
                     Command::AuthenticatorGetInfo => self.process_get_info(),
-                    Command::AuthenticatorClientPin(params) => self.process_client_pin(params),
+                    Command::AuthenticatorClientPin(params) => self.client_pin.process_command(
+                        self.rng,
+                        &mut self.persistent_store,
+                        params,
+                    ),
                     Command::AuthenticatorReset => self.process_reset(cid, now),
                     Command::AuthenticatorCredentialManagement(params) => {
                         process_credential_management(
                             &mut self.persistent_store,
                             &mut self.stateful_command_permission,
-                            &mut self.pin_protocol_v1,
+                            &mut self.client_pin,
                             params,
                             now,
                         )
@@ -487,14 +491,12 @@ where
                     Command::AuthenticatorSelection => self.process_selection(cid),
                     Command::AuthenticatorLargeBlobs(params) => self.large_blobs.process_command(
                         &mut self.persistent_store,
-                        &mut self.pin_protocol_v1,
-                        params,
-                    ),
-                    Command::AuthenticatorConfig(params) => process_config(
-                        &mut self.persistent_store,
-                        &mut self.pin_protocol_v1,
+                        &mut self.client_pin,
                         params,
                     ),
+                    Command::AuthenticatorConfig(params) => {
+                        process_config(&mut self.persistent_store, &mut self.client_pin, params)
+                    }
                     // Vendor specific commands
                     Command::AuthenticatorVendorConfigure(params) => {
                         self.process_vendor_configure(params, cid)
@@ -647,14 +649,14 @@ where
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
                 }
                 if !self
-                    .pin_protocol_v1
+                    .client_pin
                     .verify_pin_auth_token(&client_data_hash, &pin_auth)
                 {
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
                 }
-                self.pin_protocol_v1
+                self.client_pin
                     .has_permission(PinPermission::MakeCredential)?;
-                self.pin_protocol_v1.ensure_rp_id_permission(&rp_id)?;
+                self.client_pin.ensure_rp_id_permission(&rp_id)?;
                 UP_FLAG | UV_FLAG | AT_FLAG | ed_flag
             }
             None => {
@@ -815,7 +817,7 @@ where
             let encrypted_output = if let Some(hmac_secret_input) = extensions.hmac_secret {
                 let cred_random = self.generate_cred_random(&credential.private_key, has_uv)?;
                 Some(
-                    self.pin_protocol_v1
+                    self.client_pin
                         .process_hmac_secret(hmac_secret_input, &cred_random)?,
                 )
             } else {
@@ -938,14 +940,14 @@ where
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
                 }
                 if !self
-                    .pin_protocol_v1
+                    .client_pin
                     .verify_pin_auth_token(&client_data_hash, &pin_auth)
                 {
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
                 }
-                self.pin_protocol_v1
+                self.client_pin
                     .has_permission(PinPermission::GetAssertion)?;
-                self.pin_protocol_v1.ensure_rp_id_permission(&rp_id)?;
+                self.client_pin.ensure_rp_id_permission(&rp_id)?;
                 UV_FLAG
             }
             None => {
@@ -1104,17 +1106,6 @@ where
         ))
     }
 
-    fn process_client_pin(
-        &mut self,
-        client_pin_params: AuthenticatorClientPinParameters,
-    ) -> Result<ResponseData, Ctap2StatusCode> {
-        self.pin_protocol_v1.process_subcommand(
-            self.rng,
-            &mut self.persistent_store,
-            client_pin_params,
-        )
-    }
-
     fn process_reset(
         &mut self,
         cid: ChannelID,
@@ -1129,7 +1120,7 @@ where
         (self.check_user_presence)(cid)?;
 
         self.persistent_store.reset(self.rng)?;
-        self.pin_protocol_v1.reset(self.rng);
+        self.client_pin.reset(self.rng);
         #[cfg(feature = "with_ctap1")]
         {
             self.u2f_up_state = U2fUserPresenceState::new(
@@ -2332,11 +2323,11 @@ mod test {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x88; 32];
-        let pin_protocol_v1 = PinProtocolV1::new_test(key_agreement_key, pin_uv_auth_token);
+        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
 
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
-        ctap_state.pin_protocol_v1 = pin_protocol_v1;
+        ctap_state.client_pin = client_pin;
 
         let mut make_credential_params = create_minimal_make_credential_parameters();
         let user1 = PublicKeyCredentialUserEntity {
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 0f6657f..a650d4d 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -14,6 +14,7 @@
 
 mod key;
 
+use crate::ctap::client_pin::PIN_AUTH_LENGTH;
 use crate::ctap::customization::{
     DEFAULT_MIN_PIN_LENGTH, DEFAULT_MIN_PIN_LENGTH_RP_IDS, ENFORCE_ALWAYS_UV,
     MAX_LARGE_BLOB_ARRAY_SIZE, MAX_PIN_RETRIES, MAX_RP_IDS_LENGTH, MAX_SUPPORTED_RESIDENT_KEYS,
@@ -24,7 +25,6 @@ use crate::ctap::data_formats::{
     PublicKeyCredentialUserEntity,
 };
 use crate::ctap::key_material;
-use crate::ctap::pin_protocol_v1::PIN_AUTH_LENGTH;
 use crate::ctap::status_code::Ctap2StatusCode;
 use crate::ctap::INITIAL_SIGNATURE_COUNTER;
 use crate::embedded_flash::{new_storage, Storage};

From eb0a0770dda54ff76bd40467f3b0901a6f57ef1c Mon Sep 17 00:00:00 2001
From: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
Date: Wed, 10 Mar 2021 13:20:29 +0100
Subject: [PATCH 179/192] adds the PIN protocol trait (#292)

* adds the PIN protocol trait

* improved documentation

* SharedSecret not mutable
---
 libraries/crypto/src/ecdh.rs      |  20 +-
 src/ctap/client_pin.rs            | 460 +++++++++++++-----------------
 src/ctap/config_command.rs        |   4 +-
 src/ctap/credential_management.rs |   4 +-
 src/ctap/large_blobs.rs           |   4 +-
 src/ctap/mod.rs                   |  26 +-
 src/ctap/pin_protocol.rs          | 443 ++++++++++++++++++++++++++++
 7 files changed, 660 insertions(+), 301 deletions(-)
 create mode 100644 src/ctap/pin_protocol.rs

diff --git a/libraries/crypto/src/ecdh.rs b/libraries/crypto/src/ecdh.rs
index 705aee0..4a03679 100644
--- a/libraries/crypto/src/ecdh.rs
+++ b/libraries/crypto/src/ecdh.rs
@@ -17,8 +17,6 @@ use super::ec::int256;
 use super::ec::int256::Int256;
 use super::ec::point::PointP256;
 use super::rng256::Rng256;
-use super::sha256::Sha256;
-use super::Hash256;
 
 pub const NBYTES: usize = int256::NBYTES;
 
@@ -62,15 +60,15 @@ impl SecKey {
         // - https://www.secg.org/sec1-v2.pdf
     }
 
-    /// Creates a shared key using the Diffie Hellman key agreement.
+    /// Performs the handshake using the Diffie Hellman key agreement.
     ///
-    /// The key agreement is defined in the FIDO2 specification,
-    /// Section 6.5.5.4. "Obtaining the Shared Secret"
-    pub fn exchange_x_sha256(&self, other: &PubKey) -> [u8; 32] {
+    /// This function generates the Z in the PIN protocol v1 specification.
+    /// https://drafts.fidoalliance.org/fido-2/stable-links-to-latest/fido-client-to-authenticator-protocol.html#pinProto1
+    pub fn exchange_x(&self, other: &PubKey) -> [u8; 32] {
         let p = self.exchange_raw(other);
         let mut x: [u8; 32] = [Default::default(); 32];
         p.getx().to_int().to_bin(&mut x);
-        Sha256::hash(&x)
+        x
     }
 }
 
@@ -123,7 +121,7 @@ mod test {
 
     /** Test that the exchanged key is the same on both sides **/
     #[test]
-    fn test_exchange_x_sha256_is_symmetric() {
+    fn test_exchange_x_is_symmetric() {
         let mut rng = ThreadRng256 {};
 
         for _ in 0..ITERATIONS {
@@ -131,12 +129,12 @@ mod test {
             let pk_a = sk_a.genpk();
             let sk_b = SecKey::gensk(&mut rng);
             let pk_b = sk_b.genpk();
-            assert_eq!(sk_a.exchange_x_sha256(&pk_b), sk_b.exchange_x_sha256(&pk_a));
+            assert_eq!(sk_a.exchange_x(&pk_b), sk_b.exchange_x(&pk_a));
         }
     }
 
     #[test]
-    fn test_exchange_x_sha256_bytes_is_symmetric() {
+    fn test_exchange_x_bytes_is_symmetric() {
         let mut rng = ThreadRng256 {};
 
         for _ in 0..ITERATIONS {
@@ -150,7 +148,7 @@ mod test {
 
             let pk_a = PubKey::from_bytes_uncompressed(&pk_bytes_a).unwrap();
             let pk_b = PubKey::from_bytes_uncompressed(&pk_bytes_b).unwrap();
-            assert_eq!(sk_a.exchange_x_sha256(&pk_b), sk_b.exchange_x_sha256(&pk_a));
+            assert_eq!(sk_a.exchange_x(&pk_b), sk_b.exchange_x(&pk_a));
         }
     }
 
diff --git a/src/ctap/client_pin.rs b/src/ctap/client_pin.rs
index ec309ed..245f020 100644
--- a/src/ctap/client_pin.rs
+++ b/src/ctap/client_pin.rs
@@ -14,17 +14,14 @@
 
 use super::command::AuthenticatorClientPinParameters;
 use super::data_formats::{ClientPinSubCommand, CoseKey, GetAssertionHmacSecretInput};
+use super::pin_protocol::{verify_pin_uv_auth_token, PinProtocol, SharedSecret};
 use super::response::{AuthenticatorClientPinResponse, ResponseData};
 use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
 use alloc::str;
 use alloc::string::String;
-use alloc::vec;
 use alloc::vec::Vec;
-use arrayref::array_ref;
-use core::convert::TryInto;
-use crypto::cbc::{cbc_decrypt, cbc_encrypt};
-use crypto::hmac::{hmac_256, verify_hmac_256_first_128bits};
+use crypto::hmac::hmac_256;
 use crypto::rng256::Rng256;
 use crypto::sha256::Sha256;
 use crypto::Hash256;
@@ -32,123 +29,82 @@ use crypto::Hash256;
 use enum_iterator::IntoEnumIterator;
 use subtle::ConstantTimeEq;
 
-// Those constants have to be multiples of 16, the AES block size.
+/// The prefix length of the PIN hash that is stored and compared.
+///
+/// The code assumes that this value is a multiple of the AES block length, fits
+/// an u8 and is at most as long as a SHA256. The value is fixed for all PIN
+/// protocols.
 pub const PIN_AUTH_LENGTH: usize = 16;
+
+/// The length of the pinUvAuthToken used throughout PIN protocols.
+///
+/// The code assumes that this value is a multiple of the AES block length. It
+/// is fixed since CTAP2.1.
+pub const PIN_TOKEN_LENGTH: usize = 32;
+
+/// The length of the encrypted PINs when received by SetPin or ChangePin.
+///
+/// The code assumes that this value is a multiple of the AES block length. It
+/// is fixed since CTAP2.1.
 const PIN_PADDED_LENGTH: usize = 64;
-const PIN_TOKEN_LENGTH: usize = 32;
 
-/// Checks the given pin_auth against the truncated output of HMAC-SHA256.
-/// Returns LEFT(HMAC(hmac_key, hmac_contents), 16) == pin_auth).
-fn verify_pin_auth(hmac_key: &[u8], hmac_contents: &[u8], pin_auth: &[u8]) -> bool {
-    if pin_auth.len() != PIN_AUTH_LENGTH {
-        return false;
-    }
-    verify_hmac_256_first_128bits::<Sha256>(
-        hmac_key,
-        hmac_contents,
-        array_ref![pin_auth, 0, PIN_AUTH_LENGTH],
-    )
-}
-
-/// Encrypts the HMAC-secret outputs. To compute them, we first have to
-/// decrypt the HMAC secret salt(s) that were encrypted with the shared secret.
-/// The credRandom is used as a secret to HMAC those salts.
+/// Computes and encrypts the HMAC-secret outputs.
+///
+/// To compute them, we first have to decrypt the HMAC secret salt(s) that were
+/// encrypted with the shared secret. The credRandom is used as a secret in HMAC
+/// for those salts.
 fn encrypt_hmac_secret_output(
-    shared_secret: &[u8; 32],
+    rng: &mut impl Rng256,
+    shared_secret: &dyn SharedSecret,
     salt_enc: &[u8],
     cred_random: &[u8; 32],
 ) -> Result<Vec<u8>, Ctap2StatusCode> {
-    if salt_enc.len() != 32 && salt_enc.len() != 64 {
+    let decrypted_salts = shared_secret.decrypt(salt_enc)?;
+    if decrypted_salts.len() != 32 && decrypted_salts.len() != 64 {
         return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
     }
-    let aes_enc_key = crypto::aes256::EncryptionKey::new(shared_secret);
-    let aes_dec_key = crypto::aes256::DecryptionKey::new(&aes_enc_key);
-    // The specification specifically asks for a zero IV.
-    let iv = [0u8; 16];
-
-    // With the if clause restriction above, block_len can only be 2 or 4.
-    let block_len = salt_enc.len() / 16;
-    let mut blocks = vec![[0u8; 16]; block_len];
-    for i in 0..block_len {
-        blocks[i].copy_from_slice(&salt_enc[16 * i..16 * (i + 1)]);
+    let mut output = hmac_256::<Sha256>(&cred_random[..], &decrypted_salts[..32]).to_vec();
+    if decrypted_salts.len() == 64 {
+        let mut output2 = hmac_256::<Sha256>(&cred_random[..], &decrypted_salts[32..]).to_vec();
+        output.append(&mut output2);
     }
-    cbc_decrypt(&aes_dec_key, iv, &mut blocks[..block_len]);
-
-    let mut decrypted_salt1 = [0u8; 32];
-    decrypted_salt1[..16].copy_from_slice(&blocks[0]);
-    decrypted_salt1[16..].copy_from_slice(&blocks[1]);
-    let output1 = hmac_256::<Sha256>(&cred_random[..], &decrypted_salt1[..]);
-    for i in 0..2 {
-        blocks[i].copy_from_slice(&output1[16 * i..16 * (i + 1)]);
-    }
-
-    if block_len == 4 {
-        let mut decrypted_salt2 = [0u8; 32];
-        decrypted_salt2[..16].copy_from_slice(&blocks[2]);
-        decrypted_salt2[16..].copy_from_slice(&blocks[3]);
-        let output2 = hmac_256::<Sha256>(&cred_random[..], &decrypted_salt2[..]);
-        for i in 0..2 {
-            blocks[i + 2].copy_from_slice(&output2[16 * i..16 * (i + 1)]);
-        }
-    }
-
-    cbc_encrypt(&aes_enc_key, iv, &mut blocks[..block_len]);
-    let mut encrypted_output = Vec::with_capacity(salt_enc.len());
-    for b in &blocks[..block_len] {
-        encrypted_output.extend(b);
-    }
-    Ok(encrypted_output)
+    shared_secret.encrypt(rng, &output)
 }
 
 /// Decrypts the new_pin_enc and outputs the found PIN.
 fn decrypt_pin(
-    aes_dec_key: &crypto::aes256::DecryptionKey,
+    shared_secret: &dyn SharedSecret,
     new_pin_enc: Vec<u8>,
-) -> Option<Vec<u8>> {
-    if new_pin_enc.len() != PIN_PADDED_LENGTH {
-        return None;
+) -> Result<Vec<u8>, Ctap2StatusCode> {
+    let decrypted_pin = shared_secret.decrypt(&new_pin_enc)?;
+    if decrypted_pin.len() != PIN_PADDED_LENGTH {
+        return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
     }
-    let iv = [0u8; 16];
-    // Assuming PIN_PADDED_LENGTH % block_size == 0 here.
-    const BLOCK_COUNT: usize = PIN_PADDED_LENGTH / 16;
-    let mut blocks = [[0u8; 16]; BLOCK_COUNT];
-    for i in 0..BLOCK_COUNT {
-        blocks[i].copy_from_slice(&new_pin_enc[i * 16..(i + 1) * 16]);
-    }
-    cbc_decrypt(aes_dec_key, iv, &mut blocks);
     // In CTAP 2.1, the specification changed. The new wording might lead to
     // different behavior when there are non-zero bytes after zero bytes.
     // This implementation consistently ignores those degenerate cases.
-    Some(
-        blocks
-            .iter()
-            .flatten()
-            .cloned()
-            .take_while(|&c| c != 0)
-            .collect::<Vec<u8>>(),
-    )
+    Ok(decrypted_pin.into_iter().take_while(|&c| c != 0).collect())
 }
 
-/// Stores the encrypted new PIN in the persistent storage, if it satisfies the
-/// PIN policy. The PIN is decrypted and stripped from its padding. Next, the
-/// length of the PIN is checked to fulfill policy requirements. Last, the PIN
-/// is hashed, truncated to 16 bytes and persistently stored.
+/// Stores a hash prefix of the new PIN in the persistent storage, if correct.
+///
+/// The new PIN is passed encrypted, so it is first decrypted and stripped from
+/// padding. Next, it is checked against the PIN policy. Last, it is hashed and
+/// truncated for persistent storage.
 fn check_and_store_new_pin(
     persistent_store: &mut PersistentStore,
-    aes_dec_key: &crypto::aes256::DecryptionKey,
+    shared_secret: &dyn SharedSecret,
     new_pin_enc: Vec<u8>,
 ) -> Result<(), Ctap2StatusCode> {
-    let pin = decrypt_pin(aes_dec_key, new_pin_enc)
-        .ok_or(Ctap2StatusCode::CTAP2_ERR_PIN_POLICY_VIOLATION)?;
-
+    let pin = decrypt_pin(shared_secret, new_pin_enc)?;
     let min_pin_length = persistent_store.min_pin_length()? as usize;
     let pin_length = str::from_utf8(&pin).unwrap_or("").chars().count();
     if pin_length < min_pin_length || pin.len() == PIN_PADDED_LENGTH {
         return Err(Ctap2StatusCode::CTAP2_ERR_PIN_POLICY_VIOLATION);
     }
-    let mut pin_hash = [0u8; 16];
-    pin_hash.copy_from_slice(&Sha256::hash(&pin[..])[..16]);
-    // The PIN length is always < 64.
+    let mut pin_hash = [0u8; PIN_AUTH_LENGTH];
+    pin_hash.copy_from_slice(&Sha256::hash(&pin[..])[..PIN_AUTH_LENGTH]);
+    // The PIN length is always < PIN_PADDED_LENGTH < 256.
     persistent_store.set_pin(&pin_hash, pin_length as u8)?;
     Ok(())
 }
@@ -167,8 +123,7 @@ pub enum PinPermission {
 }
 
 pub struct ClientPin {
-    key_agreement_key: crypto::ecdh::SecKey,
-    pin_uv_auth_token: [u8; PIN_TOKEN_LENGTH],
+    pin_protocol_v1: PinProtocol,
     consecutive_pin_mismatches: u8,
     permissions: u8,
     permissions_rp_id: Option<String>,
@@ -176,17 +131,16 @@ pub struct ClientPin {
 
 impl ClientPin {
     pub fn new(rng: &mut impl Rng256) -> ClientPin {
-        let key_agreement_key = crypto::ecdh::SecKey::gensk(rng);
-        let pin_uv_auth_token = rng.gen_uniform_u8x32();
         ClientPin {
-            key_agreement_key,
-            pin_uv_auth_token,
+            pin_protocol_v1: PinProtocol::new(rng),
             consecutive_pin_mismatches: 0,
             permissions: 0,
             permissions_rp_id: None,
         }
     }
 
+    /// Checks the given encrypted PIN hash against the stored PIN hash.
+    ///
     /// Decrypts the encrypted pin_hash and compares it to the stored pin_hash.
     /// Resets or decreases the PIN retries, depending on success or failure.
     /// Also, in case of failure, the key agreement key is randomly reset.
@@ -194,7 +148,7 @@ impl ClientPin {
         &mut self,
         rng: &mut impl Rng256,
         persistent_store: &mut PersistentStore,
-        aes_dec_key: &crypto::aes256::DecryptionKey,
+        shared_secret: &dyn SharedSecret,
         pin_hash_enc: Vec<u8>,
     ) -> Result<(), Ctap2StatusCode> {
         match persistent_store.pin_hash()? {
@@ -206,14 +160,10 @@ impl ClientPin {
                 if pin_hash_enc.len() != PIN_AUTH_LENGTH {
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID);
                 }
+                let pin_hash_dec = shared_secret.decrypt(&pin_hash_enc)?;
 
-                let iv = [0u8; 16];
-                let mut blocks = [[0u8; 16]; 1];
-                blocks[0].copy_from_slice(&pin_hash_enc);
-                cbc_decrypt(aes_dec_key, iv, &mut blocks);
-
-                if !bool::from(pin_hash.ct_eq(&blocks[0])) {
-                    self.key_agreement_key = crypto::ecdh::SecKey::gensk(rng);
+                if !bool::from(pin_hash.ct_eq(&pin_hash_dec)) {
+                    self.pin_protocol_v1.regenerate(rng);
                     if persistent_store.pin_retries()? == 0 {
                         return Err(Ctap2StatusCode::CTAP2_ERR_PIN_BLOCKED);
                     }
@@ -232,26 +182,6 @@ impl ClientPin {
         Ok(())
     }
 
-    /// Uses the self-owned and passed halves of the key agreement to generate the
-    /// shared secret for checking pin_auth and generating a decryption key.
-    fn exchange_decryption_key(
-        &self,
-        key_agreement: CoseKey,
-        pin_auth: &[u8],
-        authenticated_message: &[u8],
-    ) -> Result<crypto::aes256::DecryptionKey, Ctap2StatusCode> {
-        let pk: crypto::ecdh::PubKey = CoseKey::try_into(key_agreement)?;
-        let shared_secret = self.key_agreement_key.exchange_x_sha256(&pk);
-
-        if !verify_pin_auth(&shared_secret, authenticated_message, pin_auth) {
-            return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
-        }
-
-        let aes_enc_key = crypto::aes256::EncryptionKey::new(&shared_secret);
-        let aes_dec_key = crypto::aes256::DecryptionKey::new(&aes_enc_key);
-        Ok(aes_dec_key)
-    }
-
     fn process_get_pin_retries(
         &self,
         persistent_store: &PersistentStore,
@@ -264,9 +194,8 @@ impl ClientPin {
     }
 
     fn process_get_key_agreement(&self) -> Result<AuthenticatorClientPinResponse, Ctap2StatusCode> {
-        let pk = self.key_agreement_key.genpk();
         Ok(AuthenticatorClientPinResponse {
-            key_agreement: Some(CoseKey::from(pk)),
+            key_agreement: Some(self.pin_protocol_v1.get_public_key()),
             pin_token: None,
             retries: None,
         })
@@ -282,9 +211,10 @@ impl ClientPin {
         if persistent_store.pin_hash()?.is_some() {
             return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
         }
-        let pin_decryption_key =
-            self.exchange_decryption_key(key_agreement, &pin_auth, &new_pin_enc)?;
-        check_and_store_new_pin(persistent_store, &pin_decryption_key, new_pin_enc)?;
+        let shared_secret = self.pin_protocol_v1.decapsulate(key_agreement, 1)?;
+        shared_secret.verify(&new_pin_enc, &pin_auth)?;
+
+        check_and_store_new_pin(persistent_store, shared_secret.as_ref(), new_pin_enc)?;
         persistent_store.reset_pin_retries()?;
         Ok(())
     }
@@ -301,14 +231,14 @@ impl ClientPin {
         if persistent_store.pin_retries()? == 0 {
             return Err(Ctap2StatusCode::CTAP2_ERR_PIN_BLOCKED);
         }
+        let shared_secret = self.pin_protocol_v1.decapsulate(key_agreement, 1)?;
         let mut auth_param_data = new_pin_enc.clone();
         auth_param_data.extend(&pin_hash_enc);
-        let pin_decryption_key =
-            self.exchange_decryption_key(key_agreement, &pin_auth, &auth_param_data)?;
-        self.verify_pin_hash_enc(rng, persistent_store, &pin_decryption_key, pin_hash_enc)?;
+        shared_secret.verify(&auth_param_data, &pin_auth)?;
+        self.verify_pin_hash_enc(rng, persistent_store, shared_secret.as_ref(), pin_hash_enc)?;
 
-        check_and_store_new_pin(persistent_store, &pin_decryption_key, new_pin_enc)?;
-        self.pin_uv_auth_token = rng.gen_uniform_u8x32();
+        check_and_store_new_pin(persistent_store, shared_secret.as_ref(), new_pin_enc)?;
+        self.pin_protocol_v1.reset_pin_uv_auth_token(rng);
         Ok(())
     }
 
@@ -322,26 +252,13 @@ impl ClientPin {
         if persistent_store.pin_retries()? == 0 {
             return Err(Ctap2StatusCode::CTAP2_ERR_PIN_BLOCKED);
         }
-        let pk: crypto::ecdh::PubKey = CoseKey::try_into(key_agreement)?;
-        let shared_secret = self.key_agreement_key.exchange_x_sha256(&pk);
-
-        let token_encryption_key = crypto::aes256::EncryptionKey::new(&shared_secret);
-        let pin_decryption_key = crypto::aes256::DecryptionKey::new(&token_encryption_key);
-        self.verify_pin_hash_enc(rng, persistent_store, &pin_decryption_key, pin_hash_enc)?;
-        // TODO(kaczmarczyck) can this be moved up in the specification?
+        let shared_secret = self.pin_protocol_v1.decapsulate(key_agreement, 1)?;
+        self.verify_pin_hash_enc(rng, persistent_store, shared_secret.as_ref(), pin_hash_enc)?;
         if persistent_store.has_force_pin_change()? {
             return Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID);
         }
 
-        // Assuming PIN_TOKEN_LENGTH % block_size == 0 here.
-        let iv = [0u8; 16];
-        let mut blocks = [[0u8; 16]; PIN_TOKEN_LENGTH / 16];
-        for (i, item) in blocks.iter_mut().take(PIN_TOKEN_LENGTH / 16).enumerate() {
-            item.copy_from_slice(&self.pin_uv_auth_token[i * 16..(i + 1) * 16]);
-        }
-        cbc_encrypt(&token_encryption_key, iv, &mut blocks);
-        let pin_token: Vec<u8> = blocks.iter().flatten().cloned().collect();
-
+        let pin_token = shared_secret.encrypt(rng, self.pin_protocol_v1.get_pin_uv_auth_token())?;
         self.permissions = 0x03;
         self.permissions_rp_id = None;
 
@@ -469,13 +386,23 @@ impl ClientPin {
         Ok(ResponseData::AuthenticatorClientPin(response))
     }
 
-    pub fn verify_pin_auth_token(&self, hmac_contents: &[u8], pin_auth: &[u8]) -> bool {
-        verify_pin_auth(&self.pin_uv_auth_token, &hmac_contents, &pin_auth)
+    pub fn verify_pin_auth_token(
+        &self,
+        hmac_contents: &[u8],
+        pin_auth: &[u8],
+    ) -> Result<(), Ctap2StatusCode> {
+        // TODO(kaczmarczyck) pass the protocol number
+        verify_pin_uv_auth_token(
+            self.pin_protocol_v1.get_pin_uv_auth_token(),
+            hmac_contents,
+            pin_auth,
+            1,
+        )
     }
 
     pub fn reset(&mut self, rng: &mut impl Rng256) {
-        self.key_agreement_key = crypto::ecdh::SecKey::gensk(rng);
-        self.pin_uv_auth_token = rng.gen_uniform_u8x32();
+        self.pin_protocol_v1.regenerate(rng);
+        self.pin_protocol_v1.reset_pin_uv_auth_token(rng);
         self.consecutive_pin_mismatches = 0;
         self.permissions = 0;
         self.permissions_rp_id = None;
@@ -483,6 +410,7 @@ impl ClientPin {
 
     pub fn process_hmac_secret(
         &self,
+        rng: &mut impl Rng256,
         hmac_secret_input: GetAssertionHmacSecretInput,
         cred_random: &[u8; 32],
     ) -> Result<Vec<u8>, Ctap2StatusCode> {
@@ -491,14 +419,9 @@ impl ClientPin {
             salt_enc,
             salt_auth,
         } = hmac_secret_input;
-        let pk: crypto::ecdh::PubKey = CoseKey::try_into(key_agreement)?;
-        let shared_secret = self.key_agreement_key.exchange_x_sha256(&pk);
-        // HMAC-secret does the same 16 byte truncated check.
-        if !verify_pin_auth(&shared_secret, &salt_enc, &salt_auth) {
-            // Hard to tell what the correct error code here is.
-            return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
-        }
-        encrypt_hmac_secret_output(&shared_secret, &salt_enc[..], cred_random)
+        let shared_secret = self.pin_protocol_v1.decapsulate(key_agreement, 1)?;
+        shared_secret.verify(&salt_enc, &salt_auth)?;
+        encrypt_hmac_secret_output(rng, shared_secret.as_ref(), &salt_enc[..], cred_random)
     }
 
     /// Check if the required command's token permission is granted.
@@ -560,8 +483,7 @@ impl ClientPin {
         pin_uv_auth_token: [u8; PIN_TOKEN_LENGTH],
     ) -> ClientPin {
         ClientPin {
-            key_agreement_key,
-            pin_uv_auth_token,
+            pin_protocol_v1: PinProtocol::new_test(key_agreement_key, pin_uv_auth_token),
             consecutive_pin_mismatches: 0,
             permissions: 0xFF,
             permissions_rp_id: None,
@@ -571,10 +493,12 @@ impl ClientPin {
 
 #[cfg(test)]
 mod test {
+    use super::super::pin_protocol::SharedSecretV1;
     use super::*;
+    use alloc::vec;
     use crypto::rng256::ThreadRng256;
 
-    // Stores a PIN hash corresponding to the dummy PIN "1234".
+    /// Stores a PIN hash corresponding to the dummy PIN "1234".
     fn set_standard_pin(persistent_store: &mut PersistentStore) {
         let mut pin = [0u8; 64];
         pin[..4].copy_from_slice(b"1234");
@@ -583,36 +507,20 @@ mod test {
         persistent_store.set_pin(&pin_hash, 4).unwrap();
     }
 
-    // Encrypts the message with a zero IV and key derived from shared_secret.
+    /// Encrypts the message with a zero IV and key derived from shared_secret.
     fn encrypt_message(shared_secret: &[u8; 32], message: &[u8]) -> Vec<u8> {
-        assert!(message.len() % 16 == 0);
-        let block_len = message.len() / 16;
-        let mut blocks = vec![[0u8; 16]; block_len];
-        for i in 0..block_len {
-            blocks[i][..].copy_from_slice(&message[i * 16..(i + 1) * 16]);
-        }
-        let aes_enc_key = crypto::aes256::EncryptionKey::new(shared_secret);
-        let iv = [0u8; 16];
-        cbc_encrypt(&aes_enc_key, iv, &mut blocks);
-        blocks.iter().flatten().cloned().collect::<Vec<u8>>()
+        let mut rng = ThreadRng256 {};
+        let shared_secret = SharedSecretV1::new_test(*shared_secret);
+        shared_secret.encrypt(&mut rng, message).unwrap()
     }
 
-    // Decrypts the message with a zero IV and key derived from shared_secret.
+    /// Decrypts the message with a zero IV and key derived from shared_secret.
     fn decrypt_message(shared_secret: &[u8; 32], message: &[u8]) -> Vec<u8> {
-        assert!(message.len() % 16 == 0);
-        let block_len = message.len() / 16;
-        let mut blocks = vec![[0u8; 16]; block_len];
-        for i in 0..block_len {
-            blocks[i][..].copy_from_slice(&message[i * 16..(i + 1) * 16]);
-        }
-        let aes_enc_key = crypto::aes256::EncryptionKey::new(shared_secret);
-        let aes_dec_key = crypto::aes256::DecryptionKey::new(&aes_enc_key);
-        let iv = [0u8; 16];
-        cbc_decrypt(&aes_dec_key, iv, &mut blocks);
-        blocks.iter().flatten().cloned().collect::<Vec<u8>>()
+        let shared_secret = SharedSecretV1::new_test(*shared_secret);
+        shared_secret.decrypt(message).unwrap()
     }
 
-    // Fails on PINs bigger than 64 bytes.
+    /// Fails on PINs bigger than 64 bytes.
     fn encrypt_pin(shared_secret: &[u8; 32], pin: Vec<u8>) -> Vec<u8> {
         assert!(pin.len() <= 64);
         let mut padded_pin = [0u8; 64];
@@ -620,12 +528,12 @@ mod test {
         encrypt_message(shared_secret, &padded_pin)
     }
 
-    // Encrypts the dummy PIN "1234".
+    /// Encrypts the dummy PIN "1234".
     fn encrypt_standard_pin(shared_secret: &[u8; 32]) -> Vec<u8> {
         encrypt_pin(shared_secret, b"1234".to_vec())
     }
 
-    // Encrypts the PIN hash corresponding to the dummy PIN "1234".
+    /// Encrypts the PIN hash corresponding to the dummy PIN "1234".
     fn encrypt_standard_pin_hash(shared_secret: &[u8; 32]) -> Vec<u8> {
         let mut pin = [0u8; 64];
         pin[..4].copy_from_slice(b"1234");
@@ -643,9 +551,7 @@ mod test {
             0xC4, 0x12,
         ];
         persistent_store.set_pin(&pin_hash, 4).unwrap();
-        let shared_secret = [0x88; 32];
-        let aes_enc_key = crypto::aes256::EncryptionKey::new(&shared_secret);
-        let aes_dec_key = crypto::aes256::DecryptionKey::new(&aes_enc_key);
+        let shared_secret = SharedSecretV1::new_test([0x88; 32]);
 
         let mut client_pin = ClientPin::new(&mut rng);
         let pin_hash_enc = vec![
@@ -656,7 +562,7 @@ mod test {
             client_pin.verify_pin_hash_enc(
                 &mut rng,
                 &mut persistent_store,
-                &aes_dec_key,
+                &shared_secret,
                 pin_hash_enc
             ),
             Ok(())
@@ -667,7 +573,7 @@ mod test {
             client_pin.verify_pin_hash_enc(
                 &mut rng,
                 &mut persistent_store,
-                &aes_dec_key,
+                &shared_secret,
                 pin_hash_enc
             ),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID)
@@ -682,7 +588,7 @@ mod test {
             client_pin.verify_pin_hash_enc(
                 &mut rng,
                 &mut persistent_store,
-                &aes_dec_key,
+                &shared_secret,
                 pin_hash_enc
             ),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_BLOCKED)
@@ -694,7 +600,7 @@ mod test {
             client_pin.verify_pin_hash_enc(
                 &mut rng,
                 &mut persistent_store,
-                &aes_dec_key,
+                &shared_secret,
                 pin_hash_enc
             ),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID)
@@ -705,7 +611,7 @@ mod test {
             client_pin.verify_pin_hash_enc(
                 &mut rng,
                 &mut persistent_store,
-                &aes_dec_key,
+                &shared_secret,
                 pin_hash_enc
             ),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID)
@@ -731,8 +637,10 @@ mod test {
     #[test]
     fn test_process_get_key_agreement() {
         let mut rng = ThreadRng256 {};
-        let client_pin = ClientPin::new(&mut rng);
-        let pk = client_pin.key_agreement_key.genpk();
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pk = key_agreement_key.genpk();
+        let pin_uv_auth_token = [0x91; PIN_TOKEN_LENGTH];
+        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
         let expected_response = Ok(AuthenticatorClientPinResponse {
             key_agreement: Some(CoseKey::from(pk)),
             pin_token: None,
@@ -745,9 +653,12 @@ mod test {
     fn test_process_set_pin() {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
-        let mut client_pin = ClientPin::new(&mut rng);
-        let pk = client_pin.key_agreement_key.genpk();
-        let shared_secret = client_pin.key_agreement_key.exchange_x_sha256(&pk);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pk = key_agreement_key.genpk();
+        let pre_secret = key_agreement_key.exchange_x(&pk);
+        let pin_uv_auth_token = [0x91; PIN_TOKEN_LENGTH];
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let shared_secret = Sha256::hash(&pre_secret);
         let key_agreement = CoseKey::from(pk);
         let new_pin_enc = encrypt_standard_pin(&shared_secret);
         let pin_auth = hmac_256::<Sha256>(&shared_secret, &new_pin_enc[..])[..16].to_vec();
@@ -762,14 +673,18 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         set_standard_pin(&mut persistent_store);
-        let mut client_pin = ClientPin::new(&mut rng);
-        let pk = client_pin.key_agreement_key.genpk();
-        let shared_secret = client_pin.key_agreement_key.exchange_x_sha256(&pk);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pk = key_agreement_key.genpk();
+        let pre_secret = key_agreement_key.exchange_x(&pk);
+        let pin_uv_auth_token = [0x91; PIN_TOKEN_LENGTH];
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let shared_secret = Sha256::hash(&pre_secret);
         let key_agreement = CoseKey::from(pk);
         let new_pin_enc = encrypt_standard_pin(&shared_secret);
         let pin_hash_enc = encrypt_standard_pin_hash(&shared_secret);
         let mut auth_param_data = new_pin_enc.clone();
         auth_param_data.extend(&pin_hash_enc);
+
         let pin_auth = hmac_256::<Sha256>(&shared_secret, &auth_param_data[..])[..16].to_vec();
         assert_eq!(
             client_pin.process_change_pin(
@@ -817,10 +732,14 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         set_standard_pin(&mut persistent_store);
-        let mut client_pin = ClientPin::new(&mut rng);
-        let pk = client_pin.key_agreement_key.genpk();
-        let shared_secret = client_pin.key_agreement_key.exchange_x_sha256(&pk);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pk = key_agreement_key.genpk();
+        let pre_secret = key_agreement_key.exchange_x(&pk);
+        let pin_uv_auth_token = [0x91; PIN_TOKEN_LENGTH];
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let shared_secret = Sha256::hash(&pre_secret);
         let key_agreement = CoseKey::from(pk);
+
         let pin_hash_enc = encrypt_standard_pin_hash(&shared_secret);
         assert!(client_pin
             .process_get_pin_token(
@@ -849,10 +768,14 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         set_standard_pin(&mut persistent_store);
         assert_eq!(persistent_store.force_pin_change(), Ok(()));
-        let mut client_pin = ClientPin::new(&mut rng);
-        let pk = client_pin.key_agreement_key.genpk();
-        let shared_secret = client_pin.key_agreement_key.exchange_x_sha256(&pk);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pk = key_agreement_key.genpk();
+        let pre_secret = key_agreement_key.exchange_x(&pk);
+        let pin_uv_auth_token = [0x91; PIN_TOKEN_LENGTH];
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let shared_secret = Sha256::hash(&pre_secret);
         let key_agreement = CoseKey::from(pk);
+
         let pin_hash_enc = encrypt_standard_pin_hash(&shared_secret);
         assert_eq!(
             client_pin.process_get_pin_token(
@@ -870,10 +793,14 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         set_standard_pin(&mut persistent_store);
-        let mut client_pin = ClientPin::new(&mut rng);
-        let pk = client_pin.key_agreement_key.genpk();
-        let shared_secret = client_pin.key_agreement_key.exchange_x_sha256(&pk);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pk = key_agreement_key.genpk();
+        let pre_secret = key_agreement_key.exchange_x(&pk);
+        let pin_uv_auth_token = [0x91; PIN_TOKEN_LENGTH];
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let shared_secret = Sha256::hash(&pre_secret);
         let key_agreement = CoseKey::from(pk);
+
         let pin_hash_enc = encrypt_standard_pin_hash(&shared_secret);
         assert!(client_pin
             .process_get_pin_uv_auth_token_using_pin_with_permissions(
@@ -935,10 +862,14 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         set_standard_pin(&mut persistent_store);
         assert_eq!(persistent_store.force_pin_change(), Ok(()));
-        let mut client_pin = ClientPin::new(&mut rng);
-        let pk = client_pin.key_agreement_key.genpk();
-        let shared_secret = client_pin.key_agreement_key.exchange_x_sha256(&pk);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pk = key_agreement_key.genpk();
+        let pre_secret = key_agreement_key.exchange_x(&pk);
+        let pin_uv_auth_token = [0x91; PIN_TOKEN_LENGTH];
+        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let shared_secret = Sha256::hash(&pre_secret);
         let key_agreement = CoseKey::from(pk);
+
         let pin_hash_enc = encrypt_standard_pin_hash(&shared_secret);
         assert_eq!(
             client_pin.process_get_pin_uv_auth_token_using_pin_with_permissions(
@@ -991,9 +922,7 @@ mod test {
 
     #[test]
     fn test_decrypt_pin() {
-        let shared_secret = [0x88; 32];
-        let aes_enc_key = crypto::aes256::EncryptionKey::new(&shared_secret);
-        let aes_dec_key = crypto::aes256::DecryptionKey::new(&aes_enc_key);
+        let shared_secret = SharedSecretV1::new_test([0x88; 32]);
 
         // "1234"
         let new_pin_enc = vec![
@@ -1004,8 +933,8 @@ mod test {
             0x18, 0x35, 0x06, 0x66, 0x97, 0x84, 0x68, 0xC2,
         ];
         assert_eq!(
-            decrypt_pin(&aes_dec_key, new_pin_enc),
-            Some(b"1234".to_vec()),
+            decrypt_pin(&shared_secret, new_pin_enc),
+            Ok(b"1234".to_vec()),
         );
 
         // "123"
@@ -1017,26 +946,31 @@ mod test {
             0x7C, 0xC7, 0x2D, 0x43, 0x74, 0x4C, 0x1D, 0x7E,
         ];
         assert_eq!(
-            decrypt_pin(&aes_dec_key, new_pin_enc),
-            Some(b"123".to_vec()),
+            decrypt_pin(&shared_secret, new_pin_enc),
+            Ok(b"123".to_vec()),
         );
 
         // Encrypted PIN is too short.
         let new_pin_enc = vec![0x44; 63];
-        assert_eq!(decrypt_pin(&aes_dec_key, new_pin_enc), None,);
+        assert_eq!(
+            decrypt_pin(&shared_secret, new_pin_enc),
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        );
 
         // Encrypted PIN is too long.
         let new_pin_enc = vec![0x44; 65];
-        assert_eq!(decrypt_pin(&aes_dec_key, new_pin_enc), None,);
+        assert_eq!(
+            decrypt_pin(&shared_secret, new_pin_enc),
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        );
     }
 
     #[test]
     fn test_check_and_store_new_pin() {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
-        let shared_secret = [0x88; 32];
-        let aes_enc_key = crypto::aes256::EncryptionKey::new(&shared_secret);
-        let aes_dec_key = crypto::aes256::DecryptionKey::new(&aes_enc_key);
+        let shared_secret_hash = [0x88; 32];
+        let shared_secret = SharedSecretV1::new_test(shared_secret_hash);
 
         let test_cases = vec![
             // Accept PIN "1234".
@@ -1059,9 +993,9 @@ mod test {
         ];
         for (pin, result) in test_cases {
             let old_pin_hash = persistent_store.pin_hash().unwrap();
-            let new_pin_enc = encrypt_pin(&shared_secret, pin);
+            let new_pin_enc = encrypt_pin(&shared_secret_hash, pin);
             assert_eq!(
-                check_and_store_new_pin(&mut persistent_store, &aes_dec_key, new_pin_enc),
+                check_and_store_new_pin(&mut persistent_store, &shared_secret, new_pin_enc),
                 result
             );
             if result.is_ok() {
@@ -1072,31 +1006,22 @@ mod test {
         }
     }
 
-    #[test]
-    fn test_verify_pin_auth() {
-        let hmac_key = [0x88; 16];
-        let pin_auth = [
-            0x88, 0x09, 0x41, 0x13, 0xF7, 0x97, 0x32, 0x0B, 0x3E, 0xD9, 0xBC, 0x76, 0x4F, 0x18,
-            0x56, 0x5D,
-        ];
-        assert!(verify_pin_auth(&hmac_key, &[], &pin_auth));
-        assert!(!verify_pin_auth(&hmac_key, &[0x00], &pin_auth));
-    }
-
     #[test]
     fn test_encrypt_hmac_secret_output() {
-        let shared_secret = [0x55; 32];
+        let mut rng = ThreadRng256 {};
+        let shared_secret_hash = [0x88; 32];
+        let shared_secret = SharedSecretV1::new_test(shared_secret_hash);
         let salt_enc = [0x5E; 32];
         let cred_random = [0xC9; 32];
-        let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random);
+        let output = encrypt_hmac_secret_output(&mut rng, &shared_secret, &salt_enc, &cred_random);
         assert_eq!(output.unwrap().len(), 32);
 
         let salt_enc = [0x5E; 48];
-        let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random);
+        let output = encrypt_hmac_secret_output(&mut rng, &shared_secret, &salt_enc, &cred_random);
         assert_eq!(output, Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER));
 
         let salt_enc = [0x5E; 64];
-        let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random);
+        let output = encrypt_hmac_secret_output(&mut rng, &shared_secret, &salt_enc, &cred_random);
         assert_eq!(output.unwrap().len(), 64);
 
         let mut salt_enc = [0x00; 32];
@@ -1108,45 +1033,50 @@ mod test {
         let expected_output1 = hmac_256::<Sha256>(&cred_random, &salt1);
         let expected_output2 = hmac_256::<Sha256>(&cred_random, &salt2);
 
-        let salt_enc1 = encrypt_message(&shared_secret, &salt1);
+        let salt_enc1 = encrypt_message(&shared_secret_hash, &salt1);
         salt_enc.copy_from_slice(salt_enc1.as_slice());
-        let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random).unwrap();
-        let output_dec = decrypt_message(&shared_secret, &output);
+        let output =
+            encrypt_hmac_secret_output(&mut rng, &shared_secret, &salt_enc, &cred_random).unwrap();
+        let output_dec = decrypt_message(&shared_secret_hash, &output);
         assert_eq!(&output_dec, &expected_output1);
 
-        let salt_enc2 = &encrypt_message(&shared_secret, &salt2);
+        let salt_enc2 = &encrypt_message(&shared_secret_hash, &salt2);
         salt_enc.copy_from_slice(salt_enc2.as_slice());
-        let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random).unwrap();
-        let output_dec = decrypt_message(&shared_secret, &output);
+        let output =
+            encrypt_hmac_secret_output(&mut rng, &shared_secret, &salt_enc, &cred_random).unwrap();
+        let output_dec = decrypt_message(&shared_secret_hash, &output);
         assert_eq!(&output_dec, &expected_output2);
 
         let mut salt_enc = [0x00; 64];
         let mut salt12 = [0x00; 64];
         salt12[..32].copy_from_slice(&salt1);
         salt12[32..].copy_from_slice(&salt2);
-        let salt_enc12 = encrypt_message(&shared_secret, &salt12);
+        let salt_enc12 = encrypt_message(&shared_secret_hash, &salt12);
         salt_enc.copy_from_slice(salt_enc12.as_slice());
-        let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random).unwrap();
-        let output_dec = decrypt_message(&shared_secret, &output);
+        let output =
+            encrypt_hmac_secret_output(&mut rng, &shared_secret, &salt_enc, &cred_random).unwrap();
+        let output_dec = decrypt_message(&shared_secret_hash, &output);
         assert_eq!(&output_dec[..32], &expected_output1);
         assert_eq!(&output_dec[32..], &expected_output2);
 
         let mut salt_enc = [0x00; 64];
         let mut salt02 = [0x00; 64];
         salt02[32..].copy_from_slice(&salt2);
-        let salt_enc02 = encrypt_message(&shared_secret, &salt02);
+        let salt_enc02 = encrypt_message(&shared_secret_hash, &salt02);
         salt_enc.copy_from_slice(salt_enc02.as_slice());
-        let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random).unwrap();
-        let output_dec = decrypt_message(&shared_secret, &output);
+        let output =
+            encrypt_hmac_secret_output(&mut rng, &shared_secret, &salt_enc, &cred_random).unwrap();
+        let output_dec = decrypt_message(&shared_secret_hash, &output);
         assert_eq!(&output_dec[32..], &expected_output2);
 
         let mut salt_enc = [0x00; 64];
         let mut salt10 = [0x00; 64];
         salt10[..32].copy_from_slice(&salt1);
-        let salt_enc10 = encrypt_message(&shared_secret, &salt10);
+        let salt_enc10 = encrypt_message(&shared_secret_hash, &salt10);
         salt_enc.copy_from_slice(salt_enc10.as_slice());
-        let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random).unwrap();
-        let output_dec = decrypt_message(&shared_secret, &output);
+        let output =
+            encrypt_hmac_secret_output(&mut rng, &shared_secret, &salt_enc, &cred_random).unwrap();
+        let output_dec = decrypt_message(&shared_secret_hash, &output);
         assert_eq!(&output_dec[..32], &expected_output1);
     }
 
diff --git a/src/ctap/config_command.rs b/src/ctap/config_command.rs
index 4a7f868..2f90f11 100644
--- a/src/ctap/config_command.rs
+++ b/src/ctap/config_command.rs
@@ -103,9 +103,7 @@ pub fn process_config(
                 return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
             }
         }
-        if !client_pin.verify_pin_auth_token(&config_data, &auth_param) {
-            return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
-        }
+        client_pin.verify_pin_auth_token(&config_data, &auth_param)?;
     }
 
     match sub_command {
diff --git a/src/ctap/credential_management.rs b/src/ctap/credential_management.rs
index e392ead..5b07294 100644
--- a/src/ctap/credential_management.rs
+++ b/src/ctap/credential_management.rs
@@ -290,9 +290,7 @@ pub fn process_credential_management(
                     return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
                 }
             }
-            if !client_pin.verify_pin_auth_token(&management_data, &pin_auth) {
-                return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
-            }
+            client_pin.verify_pin_auth_token(&management_data, &pin_auth)?;
             // The RP ID permission is handled differently per subcommand below.
             client_pin.has_permission(PinPermission::CredentialManagement)?;
         }
diff --git a/src/ctap/large_blobs.rs b/src/ctap/large_blobs.rs
index b74f982..05cec58 100644
--- a/src/ctap/large_blobs.rs
+++ b/src/ctap/large_blobs.rs
@@ -101,9 +101,7 @@ impl LargeBlobs {
                 LittleEndian::write_u32(&mut offset_bytes, offset as u32);
                 message.extend(&offset_bytes);
                 message.extend(&Sha256::hash(set.as_slice()));
-                if !client_pin.verify_pin_auth_token(&message, &pin_uv_auth_param) {
-                    return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
-                }
+                client_pin.verify_pin_auth_token(&message, &pin_uv_auth_param)?;
             }
             if offset + set.len() > self.expected_length {
                 return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index d9606e8..6d8e2d0 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -24,6 +24,7 @@ pub mod data_formats;
 pub mod hid;
 mod key_material;
 mod large_blobs;
+mod pin_protocol;
 pub mod response;
 pub mod status_code;
 mod storage;
@@ -648,12 +649,8 @@ where
                     // Specification is unclear, could be CTAP2_ERR_INVALID_OPTION.
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
                 }
-                if !self
-                    .client_pin
-                    .verify_pin_auth_token(&client_data_hash, &pin_auth)
-                {
-                    return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
-                }
+                self.client_pin
+                    .verify_pin_auth_token(&client_data_hash, &pin_auth)?;
                 self.client_pin
                     .has_permission(PinPermission::MakeCredential)?;
                 self.client_pin.ensure_rp_id_permission(&rp_id)?;
@@ -816,10 +813,11 @@ where
         if extensions.hmac_secret.is_some() || extensions.cred_blob {
             let encrypted_output = if let Some(hmac_secret_input) = extensions.hmac_secret {
                 let cred_random = self.generate_cred_random(&credential.private_key, has_uv)?;
-                Some(
-                    self.client_pin
-                        .process_hmac_secret(hmac_secret_input, &cred_random)?,
-                )
+                Some(self.client_pin.process_hmac_secret(
+                    self.rng,
+                    hmac_secret_input,
+                    &cred_random,
+                )?)
             } else {
                 None
             };
@@ -939,12 +937,8 @@ where
                     // Specification is unclear, could be CTAP2_ERR_UNSUPPORTED_OPTION.
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
                 }
-                if !self
-                    .client_pin
-                    .verify_pin_auth_token(&client_data_hash, &pin_auth)
-                {
-                    return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
-                }
+                self.client_pin
+                    .verify_pin_auth_token(&client_data_hash, &pin_auth)?;
                 self.client_pin
                     .has_permission(PinPermission::GetAssertion)?;
                 self.client_pin.ensure_rp_id_permission(&rp_id)?;
diff --git a/src/ctap/pin_protocol.rs b/src/ctap/pin_protocol.rs
new file mode 100644
index 0000000..88d608a
--- /dev/null
+++ b/src/ctap/pin_protocol.rs
@@ -0,0 +1,443 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use crate::ctap::client_pin::PIN_TOKEN_LENGTH;
+use crate::ctap::data_formats::CoseKey;
+use crate::ctap::status_code::Ctap2StatusCode;
+use alloc::boxed::Box;
+use alloc::vec;
+use alloc::vec::Vec;
+use core::convert::TryInto;
+use crypto::cbc::{cbc_decrypt, cbc_encrypt};
+use crypto::hkdf::hkdf_empty_salt_256;
+use crypto::hmac::{verify_hmac_256, verify_hmac_256_first_128bits};
+use crypto::rng256::Rng256;
+use crypto::sha256::Sha256;
+use crypto::Hash256;
+
+/// Implements common functions between existing PIN protocols for handshakes.
+pub struct PinProtocol {
+    key_agreement_key: crypto::ecdh::SecKey,
+    pin_uv_auth_token: [u8; PIN_TOKEN_LENGTH],
+}
+
+impl PinProtocol {
+    /// This process is run by the authenticator at power-on.
+    ///
+    /// This function implements "initialize" from the specification.
+    pub fn new(rng: &mut impl Rng256) -> PinProtocol {
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(rng);
+        let pin_uv_auth_token = rng.gen_uniform_u8x32();
+        PinProtocol {
+            key_agreement_key,
+            pin_uv_auth_token,
+        }
+    }
+
+    /// Generates a fresh public key.
+    pub fn regenerate(&mut self, rng: &mut impl Rng256) {
+        self.key_agreement_key = crypto::ecdh::SecKey::gensk(rng);
+    }
+
+    /// Generates a fresh pinUvAuthToken.
+    pub fn reset_pin_uv_auth_token(&mut self, rng: &mut impl Rng256) {
+        self.pin_uv_auth_token = rng.gen_uniform_u8x32();
+    }
+
+    /// Returns the authenticator’s public key as a CoseKey structure.
+    pub fn get_public_key(&self) -> CoseKey {
+        CoseKey::from(self.key_agreement_key.genpk())
+    }
+
+    /// Processes the peer's encapsulated CoseKey and returns the shared secret.
+    pub fn decapsulate(
+        &self,
+        peer_cose_key: CoseKey,
+        pin_uv_auth_protocol: u64,
+    ) -> Result<Box<dyn SharedSecret>, Ctap2StatusCode> {
+        let pk: crypto::ecdh::PubKey = CoseKey::try_into(peer_cose_key)?;
+        let handshake = self.key_agreement_key.exchange_x(&pk);
+        match pin_uv_auth_protocol {
+            1 => Ok(Box::new(SharedSecretV1::new(handshake))),
+            2 => Ok(Box::new(SharedSecretV2::new(handshake))),
+            _ => Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER),
+        }
+    }
+
+    /// Getter for pinUvAuthToken.
+    pub fn get_pin_uv_auth_token(&self) -> &[u8; PIN_TOKEN_LENGTH] {
+        &self.pin_uv_auth_token
+    }
+
+    /// This is used for debugging to inject key material.
+    #[cfg(test)]
+    pub fn new_test(
+        key_agreement_key: crypto::ecdh::SecKey,
+        pin_uv_auth_token: [u8; PIN_TOKEN_LENGTH],
+    ) -> PinProtocol {
+        PinProtocol {
+            key_agreement_key,
+            pin_uv_auth_token,
+        }
+    }
+}
+
+/// Verifies the pinUvAuthToken for the given PIN protocol.
+pub fn verify_pin_uv_auth_token(
+    token: &[u8; PIN_TOKEN_LENGTH],
+    message: &[u8],
+    signature: &[u8],
+    pin_uv_auth_protocol: u64,
+) -> Result<(), Ctap2StatusCode> {
+    match pin_uv_auth_protocol {
+        1 => verify_v1(token, message, signature),
+        2 => verify_v2(token, message, signature),
+        _ => Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER),
+    }
+}
+
+pub trait SharedSecret {
+    /// Returns the encrypted plaintext.
+    fn encrypt(&self, rng: &mut dyn Rng256, plaintext: &[u8]) -> Result<Vec<u8>, Ctap2StatusCode>;
+
+    /// Returns the decrypted ciphertext.
+    fn decrypt(&self, ciphertext: &[u8]) -> Result<Vec<u8>, Ctap2StatusCode>;
+
+    /// Verifies that the signature is a valid MAC for the given message.
+    fn verify(&self, message: &[u8], signature: &[u8]) -> Result<(), Ctap2StatusCode>;
+}
+
+fn aes256_cbc_encrypt(
+    rng: &mut dyn Rng256,
+    aes_enc_key: &crypto::aes256::EncryptionKey,
+    plaintext: &[u8],
+    has_iv: bool,
+) -> Result<Vec<u8>, Ctap2StatusCode> {
+    if plaintext.len() % 16 != 0 {
+        return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+    }
+    let iv = if has_iv {
+        let random_bytes = rng.gen_uniform_u8x32();
+        *array_ref!(random_bytes, 0, 16)
+    } else {
+        [0u8; 16]
+    };
+    let mut blocks = Vec::with_capacity(plaintext.len() / 16);
+    // TODO(https://github.com/rust-lang/rust/issues/74985) Use array_chunks when stable.
+    for block in plaintext.chunks_exact(16) {
+        blocks.push(*array_ref!(block, 0, 16));
+    }
+    cbc_encrypt(aes_enc_key, iv, &mut blocks);
+    let mut ciphertext = if has_iv { iv.to_vec() } else { vec![] };
+    ciphertext.extend(blocks.iter().flatten());
+    Ok(ciphertext)
+}
+
+fn aes256_cbc_decrypt(
+    aes_enc_key: &crypto::aes256::EncryptionKey,
+    ciphertext: &[u8],
+    has_iv: bool,
+) -> Result<Vec<u8>, Ctap2StatusCode> {
+    if ciphertext.len() % 16 != 0 {
+        return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+    }
+    let mut block_len = ciphertext.len() / 16;
+    // TODO(https://github.com/rust-lang/rust/issues/74985) Use array_chunks when stable.
+    let mut block_iter = ciphertext.chunks_exact(16);
+    let iv = if has_iv {
+        block_len -= 1;
+        let iv_block = block_iter
+            .next()
+            .ok_or(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)?;
+        *array_ref!(iv_block, 0, 16)
+    } else {
+        [0u8; 16]
+    };
+    let mut blocks = Vec::with_capacity(block_len);
+    for block in block_iter {
+        blocks.push(*array_ref!(block, 0, 16));
+    }
+    let aes_dec_key = crypto::aes256::DecryptionKey::new(aes_enc_key);
+    cbc_decrypt(&aes_dec_key, iv, &mut blocks);
+    Ok(blocks.iter().flatten().cloned().collect::<Vec<u8>>())
+}
+
+fn verify_v1(key: &[u8], message: &[u8], signature: &[u8]) -> Result<(), Ctap2StatusCode> {
+    if signature.len() != 16 {
+        return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+    }
+    if verify_hmac_256_first_128bits::<Sha256>(key, message, array_ref![signature, 0, 16]) {
+        Ok(())
+    } else {
+        Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+    }
+}
+
+fn verify_v2(key: &[u8], message: &[u8], signature: &[u8]) -> Result<(), Ctap2StatusCode> {
+    if signature.len() != 32 {
+        return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+    }
+    if verify_hmac_256::<Sha256>(key, message, array_ref![signature, 0, 32]) {
+        Ok(())
+    } else {
+        Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+    }
+}
+
+pub struct SharedSecretV1 {
+    common_secret: [u8; 32],
+    aes_enc_key: crypto::aes256::EncryptionKey,
+}
+
+impl SharedSecretV1 {
+    /// Creates a new shared secret from the handshake result.
+    fn new(handshake: [u8; 32]) -> SharedSecretV1 {
+        let common_secret = Sha256::hash(&handshake);
+        let aes_enc_key = crypto::aes256::EncryptionKey::new(&common_secret);
+        SharedSecretV1 {
+            common_secret,
+            aes_enc_key,
+        }
+    }
+
+    /// Creates a new shared secret for testing.
+    #[cfg(test)]
+    pub fn new_test(hash: [u8; 32]) -> SharedSecretV1 {
+        let aes_enc_key = crypto::aes256::EncryptionKey::new(&hash);
+        SharedSecretV1 {
+            common_secret: hash,
+            aes_enc_key,
+        }
+    }
+}
+
+impl SharedSecret for SharedSecretV1 {
+    fn encrypt(&self, rng: &mut dyn Rng256, plaintext: &[u8]) -> Result<Vec<u8>, Ctap2StatusCode> {
+        aes256_cbc_encrypt(rng, &self.aes_enc_key, plaintext, false)
+    }
+
+    fn decrypt(&self, ciphertext: &[u8]) -> Result<Vec<u8>, Ctap2StatusCode> {
+        aes256_cbc_decrypt(&self.aes_enc_key, ciphertext, false)
+    }
+
+    fn verify(&self, message: &[u8], signature: &[u8]) -> Result<(), Ctap2StatusCode> {
+        verify_v1(&self.common_secret, message, signature)
+    }
+}
+
+pub struct SharedSecretV2 {
+    aes_enc_key: crypto::aes256::EncryptionKey,
+    hmac_key: [u8; 32],
+}
+
+impl SharedSecretV2 {
+    /// Creates a new shared secret from the handshake result.
+    fn new(handshake: [u8; 32]) -> SharedSecretV2 {
+        let aes_key = hkdf_empty_salt_256::<Sha256>(&handshake, b"CTAP2 AES key");
+        SharedSecretV2 {
+            aes_enc_key: crypto::aes256::EncryptionKey::new(&aes_key),
+            hmac_key: hkdf_empty_salt_256::<Sha256>(&handshake, b"CTAP2 HMAC key"),
+        }
+    }
+}
+
+impl SharedSecret for SharedSecretV2 {
+    fn encrypt(&self, rng: &mut dyn Rng256, plaintext: &[u8]) -> Result<Vec<u8>, Ctap2StatusCode> {
+        aes256_cbc_encrypt(rng, &self.aes_enc_key, plaintext, true)
+    }
+
+    fn decrypt(&self, ciphertext: &[u8]) -> Result<Vec<u8>, Ctap2StatusCode> {
+        aes256_cbc_decrypt(&self.aes_enc_key, ciphertext, true)
+    }
+
+    fn verify(&self, message: &[u8], signature: &[u8]) -> Result<(), Ctap2StatusCode> {
+        verify_v2(&self.hmac_key, message, signature)
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+    use crypto::rng256::ThreadRng256;
+
+    #[test]
+    fn test_pin_protocol_public_key() {
+        let mut rng = ThreadRng256 {};
+        let mut pin_protocol = PinProtocol::new(&mut rng);
+        let public_key = pin_protocol.get_public_key();
+        pin_protocol.regenerate(&mut rng);
+        let new_public_key = pin_protocol.get_public_key();
+        assert_ne!(public_key, new_public_key);
+    }
+
+    #[test]
+    fn test_pin_protocol_pin_uv_auth_token() {
+        let mut rng = ThreadRng256 {};
+        let mut pin_protocol = PinProtocol::new(&mut rng);
+        let token = *pin_protocol.get_pin_uv_auth_token();
+        pin_protocol.reset_pin_uv_auth_token(&mut rng);
+        let new_token = pin_protocol.get_pin_uv_auth_token();
+        assert_ne!(&token, new_token);
+    }
+
+    #[test]
+    fn test_shared_secret_v1_encrypt_decrypt() {
+        let mut rng = ThreadRng256 {};
+        let shared_secret = SharedSecretV1::new([0x55; 32]);
+        let plaintext = vec![0xAA; 64];
+        let ciphertext = shared_secret.encrypt(&mut rng, &plaintext).unwrap();
+        assert_eq!(shared_secret.decrypt(&ciphertext), Ok(plaintext));
+    }
+
+    #[test]
+    fn test_shared_secret_v1_verify() {
+        let shared_secret = SharedSecretV1::new([0x55; 32]);
+        let message = [0xAA];
+        let signature = [
+            0x8B, 0x60, 0x15, 0x7D, 0xF3, 0x44, 0x82, 0x2E, 0x54, 0x34, 0x7A, 0x01, 0xFB, 0x02,
+            0x48, 0xA6,
+        ];
+        assert_eq!(shared_secret.verify(&message, &signature), Ok(()));
+        assert_eq!(
+            shared_secret.verify(&[0xBB], &signature),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+        assert_eq!(
+            shared_secret.verify(&message, &[0x12; 16]),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+    }
+
+    #[test]
+    fn test_shared_secret_v2_encrypt_decrypt() {
+        let mut rng = ThreadRng256 {};
+        let shared_secret = SharedSecretV2::new([0x55; 32]);
+        let plaintext = vec![0xAA; 64];
+        let ciphertext = shared_secret.encrypt(&mut rng, &plaintext).unwrap();
+        assert_eq!(shared_secret.decrypt(&ciphertext), Ok(plaintext));
+    }
+
+    #[test]
+    fn test_shared_secret_v2_verify() {
+        let shared_secret = SharedSecretV2::new([0x55; 32]);
+        let message = [0xAA];
+        let signature = [
+            0xC0, 0x3F, 0x2A, 0x22, 0x5C, 0xC3, 0x4E, 0x05, 0xC1, 0x0E, 0x72, 0x9C, 0x8D, 0xD5,
+            0x7D, 0xE5, 0x98, 0x9C, 0x68, 0x15, 0xEC, 0xE2, 0x3A, 0x95, 0xD5, 0x90, 0xE1, 0xE9,
+            0x3F, 0xF0, 0x1A, 0xAF,
+        ];
+        assert_eq!(shared_secret.verify(&message, &signature), Ok(()));
+        assert_eq!(
+            shared_secret.verify(&[0xBB], &signature),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+        assert_eq!(
+            shared_secret.verify(&message, &[0x12; 32]),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+    }
+
+    #[test]
+    fn test_decapsulate_invalid() {
+        let mut rng = ThreadRng256 {};
+        let pin_protocol = PinProtocol::new(&mut rng);
+        let shared_secret = pin_protocol.decapsulate(pin_protocol.get_public_key(), 3);
+        assert_eq!(
+            shared_secret.err(),
+            Some(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        );
+    }
+
+    #[test]
+    fn test_decapsulate_symmetric() {
+        let mut rng = ThreadRng256 {};
+        let pin_protocol1 = PinProtocol::new(&mut rng);
+        let pin_protocol2 = PinProtocol::new(&mut rng);
+        for protocol in 1..=2 {
+            let shared_secret1 = pin_protocol1
+                .decapsulate(pin_protocol2.get_public_key(), protocol)
+                .unwrap();
+            let shared_secret2 = pin_protocol2
+                .decapsulate(pin_protocol1.get_public_key(), protocol)
+                .unwrap();
+            let plaintext = vec![0xAA; 64];
+            let ciphertext = shared_secret1.encrypt(&mut rng, &plaintext).unwrap();
+            assert_eq!(plaintext, shared_secret2.decrypt(&ciphertext).unwrap());
+        }
+    }
+
+    #[test]
+    fn test_verify_pin_uv_auth_token_v1() {
+        let token = [0x91; PIN_TOKEN_LENGTH];
+        let message = [0xAA];
+        let signature = [
+            0x9C, 0x1C, 0xFE, 0x9D, 0xD7, 0x64, 0x6A, 0x06, 0xB9, 0xA8, 0x0F, 0x96, 0xAD, 0x50,
+            0x49, 0x68,
+        ];
+        assert_eq!(
+            verify_pin_uv_auth_token(&token, &message, &signature, 1),
+            Ok(())
+        );
+        assert_eq!(
+            verify_pin_uv_auth_token(&[0x12; PIN_TOKEN_LENGTH], &message, &signature, 1),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+        assert_eq!(
+            verify_pin_uv_auth_token(&token, &[0xBB], &signature, 1),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+        assert_eq!(
+            verify_pin_uv_auth_token(&token, &message, &[0x12; 16], 1),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+    }
+
+    #[test]
+    fn test_verify_pin_uv_auth_token_v2() {
+        let token = [0x91; PIN_TOKEN_LENGTH];
+        let message = [0xAA];
+        let signature = [
+            0x9C, 0x1C, 0xFE, 0x9D, 0xD7, 0x64, 0x6A, 0x06, 0xB9, 0xA8, 0x0F, 0x96, 0xAD, 0x50,
+            0x49, 0x68, 0x94, 0x90, 0x20, 0x53, 0x0F, 0xA3, 0xD2, 0x7A, 0x9F, 0xFD, 0xFA, 0x62,
+            0x36, 0x93, 0xF7, 0x84,
+        ];
+        assert_eq!(
+            verify_pin_uv_auth_token(&token, &message, &signature, 2),
+            Ok(())
+        );
+        assert_eq!(
+            verify_pin_uv_auth_token(&[0x12; PIN_TOKEN_LENGTH], &message, &signature, 2),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+        assert_eq!(
+            verify_pin_uv_auth_token(&token, &[0xBB], &signature, 2),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+        assert_eq!(
+            verify_pin_uv_auth_token(&token, &message, &[0x12; 32], 2),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+    }
+
+    #[test]
+    fn test_verify_pin_uv_auth_token_invalid_protocol() {
+        let token = [0x91; PIN_TOKEN_LENGTH];
+        let message = [0xAA];
+        let signature = [];
+        assert_eq!(
+            verify_pin_uv_auth_token(&token, &message, &signature, 3),
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        );
+    }
+}

From 3c7c5a4810965f774a055aada4f32bcf9387ad80 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Sat, 13 Mar 2021 13:16:57 +0100
Subject: [PATCH 180/192] Update the documentation to use linking by name

See https://doc.rust-lang.org/stable/rustdoc/linking-to-items-by-name.html
---
 libraries/persistent_store/src/buffer.rs   |  38 +-
 libraries/persistent_store/src/driver.rs   |   4 +
 libraries/persistent_store/src/format.rs   | 176 ++++----
 libraries/persistent_store/src/fragment.rs |   4 +-
 libraries/persistent_store/src/lib.rs      | 467 ++++++++++-----------
 libraries/persistent_store/src/model.rs    |   5 +-
 libraries/persistent_store/src/storage.rs  |   8 +-
 libraries/persistent_store/src/store.rs    |  43 +-
 8 files changed, 368 insertions(+), 377 deletions(-)

diff --git a/libraries/persistent_store/src/buffer.rs b/libraries/persistent_store/src/buffer.rs
index ae35089..3acd39a 100644
--- a/libraries/persistent_store/src/buffer.rs
+++ b/libraries/persistent_store/src/buffer.rs
@@ -12,6 +12,11 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+//! Flash storage for testing.
+//!
+//! [`BufferStorage`] implements the flash [`Storage`] interface but doesn't interface with an
+//! actual flash storage. Instead it uses a buffer in memory to represent the storage state.
+
 use crate::{Storage, StorageError, StorageIndex, StorageResult};
 use alloc::borrow::Borrow;
 use alloc::boxed::Box;
@@ -63,8 +68,8 @@ pub struct BufferOptions {
     ///
     /// When set, the following conditions would panic:
     /// - A bit is written from 0 to 1.
-    /// - A word is written more than `max_word_writes`.
-    /// - A page is erased more than `max_page_erases`.
+    /// - A word is written more than [`Self::max_word_writes`].
+    /// - A page is erased more than [`Self::max_page_erases`].
     pub strict_mode: bool,
 }
 
@@ -110,15 +115,13 @@ impl BufferStorage {
     ///
     /// Before each subsequent mutable operation (write or erase), the delay is decremented if
     /// positive. If the delay is elapsed, the operation is saved and an error is returned.
-    /// Subsequent operations will panic until the interrupted operation is [corrupted] or the
-    /// interruption is [reset].
+    /// Subsequent operations will panic until either of:
+    /// - The interrupted operation is [corrupted](BufferStorage::corrupt_operation).
+    /// - The interruption is [reset](BufferStorage::reset_interruption).
     ///
     /// # Panics
     ///
     /// Panics if an interruption is already armed.
-    ///
-    /// [corrupted]: struct.BufferStorage.html#method.corrupt_operation
-    /// [reset]: struct.BufferStorage.html#method.reset_interruption
     pub fn arm_interruption(&mut self, delay: usize) {
         self.interruption.arm(delay);
     }
@@ -130,10 +133,8 @@ impl BufferStorage {
     /// # Panics
     ///
     /// Panics if any of the following conditions hold:
-    /// - An interruption was not [armed].
+    /// - An interruption was not [armed](BufferStorage::arm_interruption).
     /// - An interruption was armed and it has triggered.
-    ///
-    /// [armed]: struct.BufferStorage.html#method.arm_interruption
     pub fn disarm_interruption(&mut self) -> usize {
         self.interruption.get().err().unwrap()
     }
@@ -142,16 +143,14 @@ impl BufferStorage {
     ///
     /// # Panics
     ///
-    /// Panics if an interruption was not [armed].
-    ///
-    /// [armed]: struct.BufferStorage.html#method.arm_interruption
+    /// Panics if an interruption was not [armed](BufferStorage::arm_interruption).
     pub fn reset_interruption(&mut self) {
         let _ = self.interruption.get();
     }
 
     /// Corrupts an interrupted operation.
     ///
-    /// Applies the [corruption function] to the storage. Counters are updated accordingly:
+    /// Applies the corruption function to the storage. Counters are updated accordingly:
     /// - If a word is fully written, its counter is incremented regardless of whether other words
     ///   of the same operation have been fully written.
     /// - If a page is fully erased, its counter is incremented (and its word counters are reset).
@@ -159,13 +158,10 @@ impl BufferStorage {
     /// # Panics
     ///
     /// Panics if any of the following conditions hold:
-    /// - An interruption was not [armed].
+    /// - An interruption was not [armed](BufferStorage::arm_interruption).
     /// - An interruption was armed but did not trigger.
     /// - The corruption function corrupts more bits than allowed.
     /// - The interrupted operation itself would have panicked.
-    ///
-    /// [armed]: struct.BufferStorage.html#method.arm_interruption
-    /// [corruption function]: type.BufferCorruptFunction.html
     pub fn corrupt_operation(&mut self, corrupt: BufferCorruptFunction) {
         let operation = self.interruption.get().unwrap();
         let range = self.operation_range(&operation).unwrap();
@@ -217,7 +213,8 @@ impl BufferStorage {
     ///
     /// # Panics
     ///
-    /// Panics if the maximum number of erase cycles per page is reached.
+    /// Panics if the [maximum number of erase cycles per page](BufferOptions::max_page_erases) is
+    /// reached.
     fn incr_page_erases(&mut self, page: usize) {
         // Check that pages are not erased too many times.
         if self.options.strict_mode {
@@ -243,7 +240,8 @@ impl BufferStorage {
     ///
     /// # Panics
     ///
-    /// Panics if the maximum number of writes per word is reached.
+    /// Panics if the [maximum number of writes per word](BufferOptions::max_word_writes) is
+    /// reached.
     fn incr_word_writes(&mut self, index: usize, value: &[u8], complete: &[u8]) {
         let word_size = self.word_size();
         for i in 0..value.len() / word_size {
diff --git a/libraries/persistent_store/src/driver.rs b/libraries/persistent_store/src/driver.rs
index f17f576..d2baee0 100644
--- a/libraries/persistent_store/src/driver.rs
+++ b/libraries/persistent_store/src/driver.rs
@@ -12,6 +12,10 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+//! Store wrapper for testing.
+//!
+//! [`StoreDriver`] wraps a [`Store`] and compares its behavior with its associated [`StoreModel`].
+
 use crate::format::{Format, Position};
 #[cfg(test)]
 use crate::StoreUpdate;
diff --git a/libraries/persistent_store/src/format.rs b/libraries/persistent_store/src/format.rs
index a70dcc4..a7dd4f5 100644
--- a/libraries/persistent_store/src/format.rs
+++ b/libraries/persistent_store/src/format.rs
@@ -12,6 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+//! Storage representation of a store.
+
 #[macro_use]
 mod bitfield;
 
@@ -26,13 +28,14 @@ use core::convert::TryFrom;
 
 /// Internal representation of a word in flash.
 ///
-/// Currently, the store only supports storages where a word is 32 bits.
+/// Currently, the store only supports storages where a word is 32 bits, i.e. the [word
+/// size](Storage::word_size) is 4 bytes.
 type WORD = u32;
 
 /// Abstract representation of a word in flash.
 ///
-/// This type is kept abstract to avoid possible confusion with `Nat` if they happen to have the
-/// same representation. This is because they have different semantics, `Nat` represents natural
+/// This type is kept abstract to avoid possible confusion with [`Nat`] if they happen to have the
+/// same representation. This is because they have different semantics, [`Nat`] represents natural
 /// numbers while `Word` represents sequences of bits (and thus has no arithmetic).
 #[derive(Clone, Copy, Debug, PartialEq, Eq)]
 pub struct Word(WORD);
@@ -47,7 +50,7 @@ impl Word {
     ///
     /// # Panics
     ///
-    /// Panics if `slice.len() != WORD_SIZE`.
+    /// Panics if `slice.len()` is not [`WORD_SIZE`] bytes.
     pub fn from_slice(slice: &[u8]) -> Word {
         Word(WORD::from_le_bytes(<WordSlice>::try_from(slice).unwrap()))
     }
@@ -60,47 +63,49 @@ impl Word {
 
 /// Size of a word in bytes.
 ///
-/// Currently, the store only supports storages where a word is 4 bytes.
+/// Currently, the store only supports storages where the [word size](Storage::word_size) is 4
+/// bytes.
 const WORD_SIZE: Nat = core::mem::size_of::<WORD>() as Nat;
 
 /// Minimum number of words per page.
 ///
-/// Currently, the store only supports storages where pages have at least 8 words.
-const MIN_NUM_WORDS_PER_PAGE: Nat = 8;
+/// Currently, the store only supports storages where pages have at least 8 [words](WORD_SIZE), i.e.
+/// the [page size](Storage::page_size) is at least 32 bytes.
+const MIN_PAGE_SIZE: Nat = 8;
 
 /// Maximum size of a page in bytes.
 ///
-/// Currently, the store only supports storages where pages are between 8 and 1024 [words].
-///
-/// [words]: constant.WORD_SIZE.html
+/// Currently, the store only supports storages where pages have at most 1024 [words](WORD_SIZE),
+/// i.e. the [page size](Storage::page_size) is at most 4096 bytes.
 const MAX_PAGE_SIZE: Nat = 4096;
 
 /// Maximum number of erase cycles.
 ///
-/// Currently, the store only supports storages where the maximum number of erase cycles fits on 16
-/// bits.
+/// Currently, the store only supports storages where the [maximum number of erase
+/// cycles](Storage::max_page_erases) fits in 16 bits, i.e. it is at most 65535.
 const MAX_ERASE_CYCLE: Nat = 65535;
 
 /// Minimum number of pages.
 ///
-/// Currently, the store only supports storages with at least 3 pages.
+/// Currently, the store only supports storages where the [number of pages](Storage::num_pages) is
+/// at least 3.
 const MIN_NUM_PAGES: Nat = 3;
 
 /// Maximum page index.
 ///
-/// Thus the maximum number of pages is one more than this number. Currently, the store only
-/// supports storages where the number of pages is between 3 and 64.
+/// Currently, the store only supports storages where the [number of pages](Storage::num_pages) is
+/// at most 64, i.e. the maximum page index is 63.
 const MAX_PAGE_INDEX: Nat = 63;
 
 /// Maximum key index.
 ///
-/// Thus the number of keys is one more than this number. Currently, the store only supports 4096
-/// keys.
+/// Currently, the store only supports 4096 keys, i.e. the maximum key index is 4095.
 const MAX_KEY_INDEX: Nat = 4095;
 
 /// Maximum length in bytes of a user payload.
 ///
-/// Currently, the store only supports values smaller than 1024 bytes.
+/// Currently, the store only supports values at most 1023 bytes long. This may be further reduced
+/// depending on the [page size](Storage::page_size), see [`Format::max_value_len`].
 const MAX_VALUE_LEN: Nat = 1023;
 
 /// Maximum number of updates per transaction.
@@ -109,9 +114,15 @@ const MAX_VALUE_LEN: Nat = 1023;
 const MAX_UPDATES: Nat = 31;
 
 /// Maximum number of words per virtual page.
-const MAX_VIRT_PAGE_SIZE: Nat = div_ceil(MAX_PAGE_SIZE, WORD_SIZE) - CONTENT_WORD;
+///
+/// A virtual page has [`CONTENT_WORD`] less [words](WORD_SIZE) than the storage [page
+/// size](Storage::page_size). Those words are used to store the page header. Since a page has at
+/// least [8](MIN_PAGE_SIZE) words, a virtual page has at least 6 words.
+const MAX_VIRT_PAGE_SIZE: Nat = MAX_PAGE_SIZE / WORD_SIZE - CONTENT_WORD;
 
 /// Word with all bits set to one.
+///
+/// After a page is erased, all words are equal to this value.
 const ERASED_WORD: Word = Word(!(0 as WORD));
 
 /// Helpers for a given storage configuration.
@@ -121,33 +132,31 @@ pub struct Format {
     ///
     /// # Invariant
     ///
-    /// - Words divide a page evenly.
-    /// - There are at least 8 words in a page.
-    /// - There are at most `MAX_PAGE_SIZE` bytes in a page.
+    /// - [Words](WORD_SIZE) divide a page evenly.
+    /// - There are at least [`MIN_PAGE_SIZE`] words in a page.
+    /// - There are at most [`MAX_PAGE_SIZE`] bytes in a page.
     page_size: Nat,
 
     /// The number of pages in the storage.
     ///
     /// # Invariant
     ///
-    /// - There are at least 3 pages.
-    /// - There are at most `MAX_PAGE_INDEX + 1` pages.
+    /// - There are at least [`MIN_NUM_PAGES`] pages.
+    /// - There are at most [`MAX_PAGE_INDEX`] + 1 pages.
     num_pages: Nat,
 
     /// The maximum number of times a page can be erased.
     ///
     /// # Invariant
     ///
-    /// - A page can be erased at most `MAX_ERASE_CYCLE` times.
+    /// - A page can be erased at most [`MAX_ERASE_CYCLE`] times.
     max_page_erases: Nat,
 }
 
 impl Format {
     /// Extracts the format from a storage.
     ///
-    /// Returns `None` if the storage is not [supported].
-    ///
-    /// [supported]: struct.Format.html#method.is_storage_supported
+    /// Returns `None` if the storage is not [supported](Format::is_storage_supported).
     pub fn new<S: Storage>(storage: &S) -> Option<Format> {
         if Format::is_storage_supported(storage) {
             Some(Format {
@@ -163,21 +172,12 @@ impl Format {
     /// Returns whether a storage is supported.
     ///
     /// A storage is supported if the following conditions hold:
-    /// - The size of a word is [`WORD_SIZE`] bytes.
-    /// - The size of a word evenly divides the size of a page.
-    /// - A page contains at least [`MIN_NUM_WORDS_PER_PAGE`] words.
-    /// - A page contains at most [`MAX_PAGE_SIZE`] bytes.
-    /// - There are at least [`MIN_NUM_PAGES`] pages.
-    /// - There are at most [`MAX_PAGE_INDEX`]` + 1` pages.
-    /// - A word can be written at least twice between erase cycles.
-    /// - The maximum number of erase cycles is at most [`MAX_ERASE_CYCLE`].
-    ///
-    /// [`WORD_SIZE`]: constant.WORD_SIZE.html
-    /// [`MIN_NUM_WORDS_PER_PAGE`]: constant.MIN_NUM_WORDS_PER_PAGE.html
-    /// [`MAX_PAGE_SIZE`]: constant.MAX_PAGE_SIZE.html
-    /// [`MIN_NUM_PAGES`]: constant.MIN_NUM_PAGES.html
-    /// [`MAX_PAGE_INDEX`]: constant.MAX_PAGE_INDEX.html
-    /// [`MAX_ERASE_CYCLE`]: constant.MAX_ERASE_CYCLE.html
+    /// - The [`Storage::word_size`] is [`WORD_SIZE`] bytes.
+    /// - The [`Storage::word_size`] evenly divides the [`Storage::page_size`].
+    /// - The [`Storage::page_size`] is between [`MIN_PAGE_SIZE`] words and [`MAX_PAGE_SIZE`] bytes.
+    /// - The [`Storage::num_pages`] is between [`MIN_NUM_PAGES`] and [`MAX_PAGE_INDEX`] + 1.
+    /// - The [`Storage::max_word_writes`] is at least 2.
+    /// - The [`Storage::max_page_erases`] is at most [`MAX_ERASE_CYCLE`].
     fn is_storage_supported<S: Storage>(storage: &S) -> bool {
         let word_size = usize_to_nat(storage.word_size());
         let page_size = usize_to_nat(storage.page_size());
@@ -186,7 +186,7 @@ impl Format {
         let max_page_erases = usize_to_nat(storage.max_page_erases());
         word_size == WORD_SIZE
             && page_size % word_size == 0
-            && (MIN_NUM_WORDS_PER_PAGE * word_size <= page_size && page_size <= MAX_PAGE_SIZE)
+            && (MIN_PAGE_SIZE * word_size <= page_size && page_size <= MAX_PAGE_SIZE)
             && (MIN_NUM_PAGES <= num_pages && num_pages <= MAX_PAGE_INDEX + 1)
             && max_word_writes >= 2
             && max_page_erases <= MAX_ERASE_CYCLE
@@ -199,28 +199,28 @@ impl Format {
 
     /// The size of a page in bytes.
     ///
-    /// We have `MIN_NUM_WORDS_PER_PAGE * self.word_size() <= self.page_size() <= MAX_PAGE_SIZE`.
+    /// This is at least [`MIN_PAGE_SIZE`] [words](WORD_SIZE) and at most [`MAX_PAGE_SIZE`] bytes.
     pub fn page_size(&self) -> Nat {
         self.page_size
     }
 
-    /// The number of pages in the storage, denoted by `N`.
+    /// The number of pages in the storage, denoted by N.
     ///
-    /// We have `MIN_NUM_PAGES <= N <= MAX_PAGE_INDEX + 1`.
+    /// We have [`MIN_NUM_PAGES`] ≤ N ≤ [`MAX_PAGE_INDEX`] + 1.
     pub fn num_pages(&self) -> Nat {
         self.num_pages
     }
 
     /// The maximum page index.
     ///
-    /// We have `2 <= self.max_page() <= MAX_PAGE_INDEX`.
+    /// This is at least [`MIN_NUM_PAGES`] - 1 and at most [`MAX_PAGE_INDEX`].
     pub fn max_page(&self) -> Nat {
         self.num_pages - 1
     }
 
-    /// The maximum number of times a page can be erased, denoted by `E`.
+    /// The maximum number of times a page can be erased, denoted by E.
     ///
-    /// We have `E <= MAX_ERASE_CYCLE`.
+    /// We have E ≤ [`MAX_ERASE_CYCLE`].
     pub fn max_page_erases(&self) -> Nat {
         self.max_page_erases
     }
@@ -235,19 +235,18 @@ impl Format {
         MAX_UPDATES
     }
 
-    /// The size of a virtual page in words, denoted by `Q`.
+    /// The size of a virtual page in words, denoted by Q.
     ///
     /// A virtual page is stored in a physical page after the page header.
     ///
-    /// We have `MIN_NUM_WORDS_PER_PAGE - 2 <= Q <= MAX_VIRT_PAGE_SIZE`.
+    /// We have [`MIN_PAGE_SIZE`] - 2 ≤ Q ≤ [`MAX_VIRT_PAGE_SIZE`].
     pub fn virt_page_size(&self) -> Nat {
         self.page_size() / self.word_size() - CONTENT_WORD
     }
 
     /// The maximum length in bytes of a user payload.
     ///
-    /// We have `(MIN_NUM_WORDS_PER_PAGE - 3) * self.word_size() <= self.max_value_len() <=
-    /// MAX_VALUE_LEN`.
+    /// This is at least [`MIN_PAGE_SIZE`] - 3 [words](WORD_SIZE) and at most [`MAX_VALUE_LEN`].
     pub fn max_value_len(&self) -> Nat {
         min(
             (self.virt_page_size() - 1) * self.word_size(),
@@ -255,57 +254,50 @@ impl Format {
         )
     }
 
-    /// The maximum prefix length in words, denoted by `M`.
+    /// The maximum prefix length in words, denoted by M.
     ///
     /// A prefix is the first words of a virtual page that belong to the last entry of the previous
     /// virtual page. This happens because entries may overlap up to 2 virtual pages.
     ///
-    /// We have `MIN_NUM_WORDS_PER_PAGE - 3 <= M < Q`.
+    /// We have [`MIN_PAGE_SIZE`] - 3 ≤ M < Q.
     pub fn max_prefix_len(&self) -> Nat {
         self.bytes_to_words(self.max_value_len())
     }
 
-    /// The total virtual capacity in words, denoted by `V`.
+    /// The total virtual capacity in words, denoted by V.
     ///
-    /// We have `V = (N - 1) * (Q - 1) - M`.
+    /// We have V = (N - 1) × (Q - 1) - M.
     ///
-    /// We can show `V >= (N - 2) * (Q - 1)` with the following steps:
-    /// - `M <= Q - 1` from `M < Q` from [`M`] definition
-    /// - `-M >= -(Q - 1)` from above
-    /// - `V >= (N - 1) * (Q - 1) - (Q - 1)` from `V` definition
-    ///
-    /// [`M`]: struct.Format.html#method.max_prefix_len
+    /// We can show V ≥ (N - 2) × (Q - 1) with the following steps:
+    /// - M ≤ Q - 1 from M < Q from [M](Format::max_prefix_len)'s definition
+    /// - -M ≥ -(Q - 1) from above
+    /// - V ≥ (N - 1) × (Q - 1) - (Q - 1) from V's definition
     pub fn virt_size(&self) -> Nat {
         (self.num_pages() - 1) * (self.virt_page_size() - 1) - self.max_prefix_len()
     }
 
-    /// The total user capacity in words, denoted by `C`.
+    /// The total user capacity in words, denoted by C.
     ///
-    /// We have `C = V - N = (N - 1) * (Q - 2) - M - 1`.
+    /// We have C = V - N = (N - 1) × (Q - 2) - M - 1.
     ///
-    /// We can show `C >= (N - 2) * (Q - 2) - 2` with the following steps:
-    /// - `V >= (N - 2) * (Q - 1)` from [`V`] definition
-    /// - `C >= (N - 2) * (Q - 1) - N` from `C` definition
-    /// - `(N - 2) * (Q - 1) - N = (N - 2) * (Q - 2) - 2` by calculus
-    ///
-    /// [`V`]: struct.Format.html#method.virt_size
+    /// We can show C ≥ (N - 2) × (Q - 2) - 2 with the following steps:
+    /// - V ≥ (N - 2) × (Q - 1) from [V](Format::virt_size)'s definition
+    /// - C ≥ (N - 2) × (Q - 1) - N from C's definition
+    /// - (N - 2) × (Q - 1) - N = (N - 2) × (Q - 2) - 2 by calculus
     pub fn total_capacity(&self) -> Nat {
         // From the virtual capacity, we reserve N - 1 words for `Erase` entries and 1 word for a
         // `Clear` entry.
         self.virt_size() - self.num_pages()
     }
 
-    /// The total virtual lifetime in words, denoted by `L`.
+    /// The total virtual lifetime in words, denoted by L.
     ///
-    /// We have `L = (E * N + N - 1) * Q`.
+    /// We have L = (E × N + N - 1) × Q.
     pub fn total_lifetime(&self) -> Position {
         Position::new(self, self.max_page_erases(), self.num_pages() - 1, 0)
     }
 
     /// Returns the word position of the first entry of a page.
-    ///
-    /// The init info of the page must be provided to know where the first entry of the page
-    /// starts.
     pub fn page_head(&self, init: InitInfo, page: Nat) -> Position {
         Position::new(self, init.cycle, page, init.prefix)
     }
@@ -557,7 +549,7 @@ impl Format {
     ///
     /// # Preconditions
     ///
-    /// - `bytes + self.word_size()` does not overflow.
+    /// - `bytes` + [`Self::word_size`] does not overflow.
     pub fn bytes_to_words(&self, bytes: Nat) -> Nat {
         div_ceil(bytes, self.word_size())
     }
@@ -571,7 +563,7 @@ const COMPACT_WORD: Nat = 1;
 
 /// The word index of the content of a page.
 ///
-/// Since a page is at least 8 words, there is always at least 6 words of content.
+/// This is also the length in words of the page header.
 const CONTENT_WORD: Nat = 2;
 
 /// The checksum for a single word.
@@ -718,21 +710,21 @@ bitfield! {
 
 /// The position of a word in the virtual storage.
 ///
-/// With the notations defined in `Format`, let:
-/// - `w` a virtual word offset in a page which is between `0` and `Q - 1`
-/// - `p` a page offset which is between `0` and `N - 1`
-/// - `c` the number of erase cycles of a page which is between `0` and `E`
+/// With the notations defined in [`Format`], let:
+/// - w denote a word offset in a virtual page, thus between 0 and Q - 1
+/// - p denote a page offset, thus between 0 and N - 1
+/// - c denote the number of times a page was erased, thus between 0 and E
 ///
-/// Then the position of a word is `(c*N + p)*Q + w`. This position monotonically increases and
+/// The position of a word is (c × N + p) × Q + w. This position monotonically increases and
 /// represents the consumed lifetime of the storage.
 ///
-/// This type is kept abstract to avoid possible confusion with `Nat` and `Word` if they happen to
-/// have the same representation. Here is an overview of their semantics:
+/// This type is kept abstract to avoid possible confusion with [`Nat`] and [`Word`] if they happen
+/// to have the same representation. Here is an overview of their semantics:
 ///
 /// | Name       | Semantics                   | Arithmetic operations | Bit-wise operations |
 /// | ---------- | --------------------------- | --------------------- | ------------------- |
-/// | `Nat`      | Natural numbers             | Yes (no overflow)     | No                  |
-/// | `Word`     | Word in flash               | No                    | Yes                 |
+/// | [`Nat`]    | Natural numbers             | Yes (no overflow)     | No                  |
+/// | [`Word`]   | Word in flash               | No                    | Yes                 |
 /// | `Position` | Position in virtual storage | Yes (no overflow)     | No                  |
 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord)]
 pub struct Position(Nat);
@@ -763,9 +755,9 @@ impl Position {
     /// Create a word position given its coordinates.
     ///
     /// The coordinates of a word are:
-    /// - Its word index in its page.
+    /// - Its word index in its virtual page.
     /// - Its page index in the storage.
-    /// - The number of times that page was erased.
+    /// - The number of times its page was erased.
     pub fn new(format: &Format, cycle: Nat, page: Nat, word: Nat) -> Position {
         Position((cycle * format.num_pages() + page) * format.virt_page_size() + word)
     }
@@ -928,11 +920,11 @@ pub fn is_erased(slice: &[u8]) -> bool {
 
 /// Divides then takes ceiling.
 ///
-/// Returns `ceil(x / m)` in mathematical notations (not Rust code).
+/// Returns ⌈x / m⌉, i.e. the lowest natural number r such that r ≥ x / m.
 ///
 /// # Preconditions
 ///
-/// - `x + m` does not overflow.
+/// - x + m does not overflow.
 const fn div_ceil(x: Nat, m: Nat) -> Nat {
     (x + m - 1) / m
 }
diff --git a/libraries/persistent_store/src/fragment.rs b/libraries/persistent_store/src/fragment.rs
index d19b511..661d5db 100644
--- a/libraries/persistent_store/src/fragment.rs
+++ b/libraries/persistent_store/src/fragment.rs
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-//! Helper functions for fragmented entries.
+//! Support for fragmented entries.
 //!
 //! This module permits to handle entries larger than the [maximum value
 //! length](Store::max_value_length) by storing ordered consecutive fragments in a sequence of keys.
@@ -36,7 +36,7 @@ pub trait Keys {
     ///
     /// # Preconditions
     ///
-    /// The position must be within the length: `pos < len()`.
+    /// The position must be within the length: `pos` < [`Self::len`].
     fn key(&self, pos: usize) -> usize;
 }
 
diff --git a/libraries/persistent_store/src/lib.rs b/libraries/persistent_store/src/lib.rs
index a8adc2b..e3735c3 100644
--- a/libraries/persistent_store/src/lib.rs
+++ b/libraries/persistent_store/src/lib.rs
@@ -12,191 +12,191 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// TODO(ia0): Add links once the code is complete.
+// The documentation is easier to read from a browser:
+// - Run: cargo doc --document-private-items --features=std
+// - Open: target/doc/persistent_store/index.html
+
 //! Store abstraction for flash storage
 //!
 //! # Specification
 //!
-//! The store provides a partial function from keys to values on top of a storage
-//! interface. The store total capacity depends on the size of the storage. Store
-//! updates may be bundled in transactions. Mutable operations are atomic, including
-//! when interrupted.
+//! The [store](Store) provides a partial function from keys to values on top of a
+//! [storage](Storage) interface. The store total [capacity](Store::capacity) depends on the size of
+//! the storage. Store [updates](StoreUpdate) may be bundled in [transactions](Store::transaction).
+//! Mutable operations are atomic, including when interrupted.
 //!
-//! The store is flash-efficient in the sense that it uses the storage lifetime
-//! efficiently. For each page, all words are written at least once between erase
-//! cycles and all erase cycles are used. However, not all written words are user
-//! content: lifetime is also consumed with metadata and compaction.
+//! The store is flash-efficient in the sense that it uses the storage [lifetime](Store::lifetime)
+//! efficiently. For each page, all words are written at least once between erase cycles and all
+//! erase cycles are used. However, not all written words are user content: lifetime is also
+//! consumed with metadata and compaction.
 //!
-//! The store is extendable with other entries than key-values. It is essentially a
-//! framework providing access to the storage lifetime. The partial function is
-//! simply the most common usage and can be used to encode other usages.
+//! The store is extendable with other entries than key-values. It is essentially a framework
+//! providing access to the storage lifetime. The partial function is simply the most common usage
+//! and can be used to encode other usages.
 //!
 //! ## Definitions
 //!
-//! An _entry_ is a pair of a key and a value. A _key_ is a number between 0
-//! and 4095. A _value_ is a byte slice with a length between 0 and 1023 bytes (for
-//! large enough pages).
+//! An _entry_ is a pair of a key and a value. A _key_ is a number between 0 and
+//! [4095](format::MAX_KEY_INDEX). A _value_ is a byte slice with a length between 0 and
+//! [1023](format::Format::max_value_len) bytes (for large enough pages).
 //!
 //! The store provides the following _updates_:
-//! -   Given a key and a value, `Insert` updates the store such that the value is
+//! -   Given a key and a value, [`StoreUpdate::Insert`] updates the store such that the value is
 //!     associated with the key. The values for other keys are left unchanged.
-//! -   Given a key, `Remove` updates the store such that no value is associated with
-//!     the key. The values for other keys are left unchanged. Additionally, if there
-//!     was a value associated with the key, the value is wiped from the storage
-//!     (all its bits are set to 0).
+//! -   Given a key, [`StoreUpdate::Remove`] updates the store such that no value is associated with
+//!     the key. The values for other keys are left unchanged. Additionally, if there was a value
+//!     associated with the key, the value is wiped from the storage (all its bits are set to 0).
 //!
 //! The store provides the following _read-only operations_:
-//! -   `Iter` iterates through the store returning all entries exactly once. The
-//!     iteration order is not specified but stable between mutable operations.
-//! -   `Capacity` returns how many words can be stored before the store is full.
-//! -   `Lifetime` returns how many words can be written before the storage lifetime
-//!     is consumed.
+//! -   [`Store::iter`] iterates through the store returning all entries exactly once. The iteration
+//!     order is not specified but stable between mutable operations.
+//! -   [`Store::capacity`] returns how many words can be stored before the store is full.
+//! -   [`Store::lifetime`] returns how many words can be written before the storage lifetime is
+//!     consumed.
 //!
 //! The store provides the following _mutable operations_:
-//! -   Given a set of independent updates, `Transaction` applies the sequence of
-//!     updates.
-//! -   Given a threshold, `Clear` removes all entries with a key greater or equal
-//!     to the threshold.
-//! -   Given a length in words, `Prepare` makes one step of compaction unless that
-//!     many words can be written without compaction. This operation has no effect
-//!     on the store but may still mutate its storage. In particular, the store has
-//!     the same capacity but a possibly reduced lifetime.
+//! -   Given a set of independent updates, [`Store::transaction`] applies the sequence of updates.
+//! -   Given a threshold, [`Store::clear`] removes all entries with a key greater or equal to the
+//!     threshold.
+//! -   Given a length in words, [`Store::prepare`] makes one step of compaction unless that many
+//!     words can be written without compaction. This operation has no effect on the store but may
+//!     still mutate its storage. In particular, the store has the same capacity but a possibly
+//!     reduced lifetime.
 //!
-//! A mutable operation is _atomic_ if, when power is lost during the operation, the
-//! store is either updated (as if the operation succeeded) or left unchanged (as if
-//! the operation did not occur). If the store is left unchanged, lifetime may still
-//! be consumed.
+//! A mutable operation is _atomic_ if, when power is lost during the operation, the store is either
+//! updated (as if the operation succeeded) or left unchanged (as if the operation did not occur).
+//! If the store is left unchanged, lifetime may still be consumed.
 //!
 //! The store relies on the following _storage interface_:
-//! -   It is possible to read a byte slice. The slice won't span multiple pages.
-//! -   It is possible to write a word slice. The slice won't span multiple pages.
-//! -   It is possible to erase a page.
-//! -   The pages are sequentially indexed from 0. If the actual underlying storage
-//!     is segmented, then the storage layer should translate those indices to
-//!     actual page addresses.
+//! -   It is possible to [read](Storage::read_slice) a byte slice. The slice won't span multiple
+//!     pages.
+//! -   It is possible to [write](Storage::write_slice) a word slice. The slice won't span multiple
+//!     pages.
+//! -   It is possible to [erase](Storage::erase_page) a page.
+//! -   The pages are sequentially indexed from 0. If the actual underlying storage is segmented,
+//!     then the storage layer should translate those indices to actual page addresses.
 //!
-//! The store has a _total capacity_ of `C = (N - 1) * (P - 4) - M - 1` words, where
-//! `P` is the number of words per page, `N` is the number of pages, and `M` is the
-//! maximum length in words of a value (256 for large enough pages). The capacity
-//! used by each mutable operation is given below (a transient word only uses
-//! capacity during the operation):
-//! -   `Insert` uses `1 + ceil(len / 4)` words where `len` is the length of the
-//!     value in bytes. If an entry was replaced, the words used by its insertion
-//!     are freed.
-//! -   `Remove` doesn't use capacity if alone in the transaction and 1 transient
-//!     word otherwise. If an entry was deleted, the words used by its insertion are
-//!     freed.
-//! -   `Transaction` uses 1 transient word. In addition, the updates of the
-//!     transaction use and free words as described above.
-//! -   `Clear` doesn't use capacity and frees the words used by the insertion of
-//!     the deleted entries.
-//! -   `Prepare` doesn't use capacity.
+//! The store has a _total capacity_ of C = (N - 1) × (P - 4) - M - 1 words, where:
+//! -   P is the number of words per page
+//! -   [N](format::Format::num_pages) is the number of pages
+//! -   [M](format::Format::max_prefix_len) is the maximum length in words of a value (256 for large
+//!     enough pages)
 //!
-//! The _total lifetime_ of the store is below `L = ((E + 1) * N - 1) * (P - 2)` and
-//! above `L - M` words, where `E` is the maximum number of erase cycles. The
-//! lifetime is used when capacity is used, including transiently, as well as when
-//! compaction occurs. Compaction frequency and lifetime consumption are positively
-//! correlated to the store load factor (the ratio of used capacity to total capacity).
+//! The capacity used by each mutable operation is given below (a transient word only uses capacity
+//! during the operation):
 //!
-//! It is possible to approximate the cost of transient words in terms of capacity:
-//! `L` transient words are equivalent to `C - x` words of capacity where `x` is the
-//! average capacity (including transient) of operations.
+//! | Operation/Update        | Used capacity    | Freed capacity    | Transient capacity |
+//! | ----------------------- | ---------------- | ----------------- | ------------------ |
+//! | [`StoreUpdate::Insert`] | 1 + value length | overwritten entry | 0                  |
+//! | [`StoreUpdate::Remove`] | 0                | deleted entry     | see below\*        |
+//! | [`Store::transaction`]  | 0 + updates      | 0 + updates       | 1                  |
+//! | [`Store::clear`]        | 0                | deleted entries   | 0                  |
+//! | [`Store::prepare`]      | 0                | 0                 | 0                  |
+//!
+//! \*0 if the update is alone in the transaction, otherwise 1.
+//!
+//! The _total lifetime_ of the store is below L = ((E + 1) × N - 1) × (P - 2) and above L - M
+//! words, where E is the maximum number of erase cycles. The lifetime is used when capacity is
+//! used, including transiently, as well as when compaction occurs. Compaction frequency and
+//! lifetime consumption are positively correlated to the store load factor (the ratio of used
+//! capacity to total capacity).
+//!
+//! It is possible to approximate the cost of transient words in terms of capacity: L transient
+//! words are equivalent to C - x words of capacity where x is the average capacity (including
+//! transient) of operations.
 //!
 //! ## Preconditions
 //!
 //! The following assumptions need to hold, or the store may behave in unexpected ways:
-//! -   A word can be written twice between erase cycles.
-//! -   A page can be erased `E` times after the first boot of the store.
-//! -   When power is lost while writing a slice or erasing a page, the next read
-//!     returns a slice where a subset (possibly none or all) of the bits that
-//!     should have been modified have been modified.
-//! -   Reading a slice is deterministic. When power is lost while writing a slice
-//!     or erasing a slice (erasing a page containing that slice), reading that
-//!     slice repeatedly returns the same result (until it is overwritten or its
-//!     page is erased).
-//! -   To decide whether a page has been erased, it is enough to test if all its
-//!     bits are equal to 1.
-//! -   When power is lost while writing a slice or erasing a page, that operation
-//!     does not count towards the limits. However, completing that write or erase
-//!     operation would count towards the limits, as if the number of writes per
-//!     word and number of erase cycles could be fractional.
-//! -   The storage is only modified by the store. Note that completely erasing the
-//!     storage is supported, essentially losing all content and lifetime tracking.
-//!     It is preferred to use `Clear` with a threshold of 0 to keep the lifetime
-//!     tracking.
+//! -   A word can be written [twice](Storage::max_word_writes) between erase cycles.
+//! -   A page can be erased [E](Storage::max_page_erases) times after the first boot of the store.
+//! -   When power is lost while writing a slice or erasing a page, the next read returns a slice
+//!     where a subset (possibly none or all) of the bits that should have been modified have been
+//!     modified.
+//! -   Reading a slice is deterministic. When power is lost while writing a slice or erasing a
+//!     slice (erasing a page containing that slice), reading that slice repeatedly returns the same
+//!     result (until it is overwritten or its page is erased).
+//! -   To decide whether a page has been erased, it is enough to test if all its bits are equal
+//!     to 1.
+//! -   When power is lost while writing a slice or erasing a page, that operation does not count
+//!     towards the limits. However, completing that write or erase operation would count towards
+//!     the limits, as if the number of writes per word and number of erase cycles could be
+//!     fractional.
+//! -   The storage is only modified by the store. Note that completely erasing the storage is
+//!     supported, essentially losing all content and lifetime tracking. It is preferred to use
+//!     [`Store::clear`] with a threshold of 0 to keep the lifetime tracking.
 //!
-//! The store properties may still hold outside some of those assumptions, but with
-//! an increasing chance of failure.
+//! The store properties may still hold outside some of those assumptions, but with an increasing
+//! chance of failure.
 //!
 //! # Implementation
 //!
 //! We define the following constants:
-//! -   `E < 65536` the number of times a page can be erased.
-//! -   `3 <= N < 64` the number of pages in the storage.
-//! -   `8 <= P <= 1024` the number of words in a page.
-//! -   `Q = P - 2` the number of words in a virtual page.
-//! -   `K = 4096` the maximum number of keys.
-//! -   `M = min(Q - 1, 256)` the maximum length in words of a value.
-//! -   `V = (N - 1) * (Q - 1) - M` the virtual capacity.
-//! -   `C = V - N` the user capacity.
+//! -   [E](format::Format::max_page_erases) ≤ [65535](format::MAX_ERASE_CYCLE) the number of times
+//!     a page can be erased.
+//! -   3 ≤ [N](format::Format::num_pages) < 64 the number of pages in the storage.
+//! -   8 ≤ P ≤ 1024 the number of words in a page.
+//! -   [Q](format::Format::virt_page_size) = P - 2 the number of words in a virtual page.
+//! -   [M](format::Format::max_prefix_len) = min(Q - 1, 256) the maximum length in words of a
+//!     value.
+//! -   [V](format::Format::virt_size) = (N - 1) × (Q - 1) - M the virtual capacity.
+//! -   [C](format::Format::total_capacity) = V - N the user capacity.
 //!
-//! We build a virtual storage from the physical storage using the first 2 words of
-//! each page:
+//! We build a virtual storage from the physical storage using the first 2 words of each page:
 //! -   The first word contains the number of times the page has been erased.
-//! -   The second word contains the starting word to which this page is being moved
-//!     during compaction.
+//! -   The second word contains the starting word to which this page is being moved during
+//!     compaction.
 //!
-//! The virtual storage has a length of `(E + 1) * N * Q` words and represents the
-//! lifetime of the store. (We reserve the last `Q + M` words to support adding
-//! emergency lifetime.) This virtual storage has a linear address space.
+//! The virtual storage has a length of (E + 1) × N × Q words and represents the lifetime of the
+//! store. (We reserve the last Q + M words to support adding emergency lifetime.) This virtual
+//! storage has a linear address space.
 //!
-//! We define a set of overlapping windows of `N * Q` words at each `Q`-aligned
-//! boundary. We call `i` the window spanning from `i * Q` to `(i + N) * Q`. Only
-//! those windows actually exist in the underlying storage. We use compaction to
-//! shift the current window from `i` to `i + 1`, preserving the content of the
-//! store.
+//! We define a set of overlapping windows of N × Q words at each Q-aligned boundary. We call i the
+//! window spanning from i × Q to (i + N) × Q. Only those windows actually exist in the underlying
+//! storage. We use compaction to shift the current window from i to i + 1, preserving the content
+//! of the store.
 //!
-//! For a given state of the virtual storage, we define `h_i` as the position of the
-//! first entry of the window `i`. We call it the head of the window `i`. Because
-//! entries are at most `M + 1` words, they can overlap on the next page only by `M`
-//! words. So we have `i * Q <= h_i <= i * Q + M` . Since there are no entries
-//! before the first page, we have `h_0 = 0`.
+//! For a given state of the virtual storage, we define h\_i as the position of the first entry of
+//! the window i. We call it the head of the window i. Because entries are at most M + 1 words, they
+//! can overlap on the next page only by M words. So we have i × Q ≤ h_i ≤ i × Q + M . Since there
+//! are no entries before the first page, we have h\_0 = 0.
 //!
-//! We define `t_i` as one past the last entry of the window `i`. If there are no
-//! entries in that window, we have `t_i = h_i`. We call `t_i` the tail of the
-//! window `i`. We define the compaction invariant as `t_i - h_i <= V`.
+//! We define t\_i as one past the last entry of the window i. If there are no entries in that
+//! window, we have t\_i = h\_i. We call t\_i the tail of the window i. We define the compaction
+//! invariant as t\_i - h\_i ≤ V.
 //!
-//! We define `|x|` as the capacity used before position `x`. We have `|x| <= x`. We
-//! define the capacity invariant as `|t_i| - |h_i| <= C`.
+//! We define |x| as the capacity used before position x. We have |x| ≤ x. We define the capacity
+//! invariant as |t\_i| - |h\_i| ≤ C.
 //!
-//! Using this virtual storage, entries are appended to the tail as long as there is
-//! both virtual capacity to preserve the compaction invariant and capacity to
-//! preserve the capacity invariant. When virtual capacity runs out, the first page
-//! of the window is compacted and the window is shifted.
+//! Using this virtual storage, entries are appended to the tail as long as there is both virtual
+//! capacity to preserve the compaction invariant and capacity to preserve the capacity invariant.
+//! When virtual capacity runs out, the first page of the window is compacted and the window is
+//! shifted.
 //!
-//! Entries are identified by a prefix of bits. The prefix has to contain at least
-//! one bit set to zero to differentiate from the tail. Entries can be one of:
-//! -   Padding: A word whose first bit is set to zero. The rest is arbitrary. This
-//!     entry is used to mark words partially written after an interrupted operation
-//!     as padding such that they are ignored by future operations.
-//! -   Header: A word whose second bit is set to zero. It contains the following fields:
-//!     -   A bit indicating whether the entry is deleted.
-//!     -   A bit indicating whether the value is word-aligned and has all bits set
-//!         to 1 in its last word. The last word of an entry is used to detect that
-//!         an entry has been fully written. As such it must contain at least one
-//!         bit equal to zero.
-//!     -   The key of the entry.
-//!     -   The length in bytes of the value. The value follows the header. The
-//!         entry is word-aligned if the value is not.
-//!     -   The checksum of the first and last word of the entry.
-//! -   Erase: A word used during compaction. It contains the page to be erased and
-//!     a checksum.
-//! -   Clear: A word used during the `Clear` operation. It contains the threshold
-//!     and a checksum.
-//! -   Marker: A word used during the `Transaction` operation. It contains the
-//!     number of updates following the marker and a checksum.
-//! -   Remove: A word used during the `Transaction` operation. It contains the key
-//!     of the entry to be removed and a checksum.
+//! Entries are identified by a prefix of bits. The prefix has to contain at least one bit set to
+//! zero to differentiate from the tail. Entries can be one of:
+//! -   [Padding](format::ID_PADDING): A word whose first bit is set to zero. The rest is arbitrary.
+//!     This entry is used to mark words partially written after an interrupted operation as padding
+//!     such that they are ignored by future operations.
+//! -   [Header](format::ID_HEADER): A word whose second bit is set to zero. It contains the
+//!     following fields:
+//!     -   A [bit](format::HEADER_DELETED) indicating whether the entry is deleted.
+//!     -   A [bit](format::HEADER_FLIPPED) indicating whether the value is word-aligned and has all
+//!         bits set to 1 in its last word. The last word of an entry is used to detect that an
+//!         entry has been fully written. As such it must contain at least one bit equal to zero.
+//!     -   The [key](format::HEADER_KEY) of the entry.
+//!     -   The [length](format::HEADER_LENGTH) in bytes of the value. The value follows the header.
+//!         The entry is word-aligned if the value is not.
+//!     -   The [checksum](format::HEADER_CHECKSUM) of the first and last word of the entry.
+//! -   [Erase](format::ID_ERASE): A word used during compaction. It contains the
+//!     [page](format::ERASE_PAGE) to be erased and a [checksum](format::WORD_CHECKSUM).
+//! -   [Clear](format::ID_CLEAR): A word used during the clear operation. It contains the
+//!     [threshold](format::CLEAR_MIN_KEY) and a [checksum](format::WORD_CHECKSUM).
+//! -   [Marker](format::ID_MARKER): A word used during a transaction. It contains the [number of
+//!     updates](format::MARKER_COUNT) following the marker and a [checksum](format::WORD_CHECKSUM).
+//! -   [Remove](format::ID_REMOVE): A word used inside a transaction. It contains the
+//!     [key](format::REMOVE_KEY) of the entry to be removed and a
+//!     [checksum](format::WORD_CHECKSUM).
 //!
 //! Checksums are the number of bits equal to 0.
 //!
@@ -204,107 +204,105 @@
 //!
 //! ## Compaction
 //!
-//! It should always be possible to fully compact the store, after what the
-//! remaining capacity should be available in the current window (restoring the
-//! compaction invariant). We consider all notations on the virtual storage after
-//! the full compaction. We will use the `|x|` notation although we update the state
-//! of the virtual storage. This is fine because compaction doesn't change the
-//! status of an existing word.
+//! It should always be possible to fully compact the store, after what the remaining capacity
+//! should be available in the current window (restoring the compaction invariant). We consider all
+//! notations on the virtual storage after the full compaction. We will use the |x| notation
+//! although we update the state of the virtual storage. This is fine because compaction doesn't
+//! change the status of an existing word.
 //!
-//! We want to show that the next `N - 1` compactions won't move the tail past the
-//! last page of their window, with `I` the initial window:
+//! We want to show that the next N - 1 compactions won't move the tail past the last page of their
+//! window, with I the initial window:
 //!
-//! ```text
-//! forall 1 <= i <= N - 1, t_{I + i} <= (I + i + N - 1) * Q
-//! ```
+//! |                  |            |   |                     |
+//! | ----------------:| ----------:|:-:|:------------------- |
+//! | ∀(1 ≤ i ≤ N - 1) | t\_{I + i} | ≤ | (I + i + N - 1) × Q |
 //!
-//! We assume `i` between `1` and `N - 1`.
+//! We assume i between 1 and N - 1.
 //!
-//! One step of compaction advances the tail by how many words were used in the
-//! first page of the window with the last entry possibly overlapping on the next
-//! page.
+//! One step of compaction advances the tail by how many words were used in the first page of the
+//! window with the last entry possibly overlapping on the next page.
 //!
-//! ```text
-//! forall j, t_{j + 1} = t_j + |h_{j + 1}| - |h_j| + 1
-//! ```
+//! |    |            |   |                                      |
+//! | --:| ----------:|:-:|:------------------------------------ |
+//! | ∀j | t\_{j + 1} | = | t\_j + \|h\_{j + 1}\| - \|h\_j\| + 1 |
 //!
 //! By induction, we have:
 //!
-//! ```text
-//! t_{I + i} <= t_I + |h_{I + i}| - |h_I| + i
-//! ```
+//! |            |   |                                      |
+//! | ----------:|:-:|:------------------------------------ |
+//! | t\_{I + i} | ≤ | t\_I + \|h\_{I + i}\| - \|h\_I\| + i |
 //!
 //! We have the following properties:
 //!
-//! ```text
-//! t_I <= h_I + V
-//! |h_{I + i}| - |h_I| <= h_{I + i} - h_I
-//! h_{I + i} <= (I + i) * Q + M
-//! ```
+//! |                           |   |                   |
+//! | -------------------------:|:-:|:----------------- |
+//! | t\_I                      | ≤ | h\_I + V          |
+//! | \|h\_{I + i}\| - \|h\_I\| | ≤ | h\_{I + i} - h\_I |
+//! | h\_{I + i}                | ≤ | (I + i) × Q + M   |
 //!
 //! Replacing into our previous equality, we can conclude:
 //!
-//! ```text
-//! t_{I + i}  = t_I + |h_{I + i}| - |h_I| + i
-//!           <= h_I + V + (I + i) * Q + M - h_I + i
-//!            = (N - 1) * (Q - 1) - M + (I + i) * Q + M + i
-//!            = (N - 1) * (Q - 1) + (I + i) * Q + i
-//!            = (I + i + N - 1) * Q + i - (N - 1)
-//!           <= (I + i + N - 1) * Q
-//! ```
+//! |            |   |                                             |
+//! | ----------:|:-:| ------------------------------------------- |
+//! | t\_{I + i} | = | t_I + \|h_{I + i}\| - \|h_I\| + i           |
+//! |            | ≤ | h\_I + V + (I + i) * Q + M - h\_I + i       |
+//! |            | = | (N - 1) × (Q - 1) - M + (I + i) × Q + M + i |
+//! |            | = | (N - 1) × (Q - 1) + (I + i) × Q + i         |
+//! |            | = | (I + i + N - 1) × Q + i - (N - 1)           |
+//! |            | ≤ | (I + i + N - 1) × Q                         |
 //!
-//! We also want to show that after `N - 1` compactions, the remaining capacity is
-//! available without compaction.
+//! We also want to show that after N - 1 compactions, the remaining capacity is available without
+//! compaction.
 //!
-//! ```text
-//! V - (t_{I + N - 1} - h_{I + N - 1}) >=    // The available words in the window.
-//!   C - (|t_{I + N - 1}| - |h_{I + N - 1}|) // The remaining capacity.
-//!   + 1                                     // Reserved for Clear.
-//! ```
+//! |   |                                               |                                   |
+//! | -:| --------------------------------------------- | --------------------------------- |
+//! |   | V - (t\_{I + N - 1} - h\_{I + N - 1})         | The available words in the window |
+//! | ≥ | C - (\|t\_{I + N - 1}\| - \|h\_{I + N - 1}\|) | The remaining capacity            |
+//! | + | 1                                             | Reserved for clear                |
 //!
-//! We can replace the definition of `C` and simplify:
+//! We can replace the definition of C and simplify:
 //!
-//! ```text
-//! V - (t_{I + N - 1} - h_{I + N - 1}) >= V - N - (|t_{I + N - 1}| - |h_{I + N - 1}|) + 1
-//! iff t_{I + N - 1} - h_{I + N - 1} <= |t_{I + N - 1}| - |h_{I + N - 1}| + N - 1
-//! ```
+//! |     |                                       |   |                                                       |
+//! | ---:| -------------------------------------:|:-:|:----------------------------------------------------- |
+//! |     | V - (t\_{I + N - 1} - h\_{I + N - 1}) | ≥ | V - N - (\|t\_{I + N - 1}\| - \|h\_{I + N - 1}\|) + 1 |
+//! | iff | t\_{I + N - 1} - h\_{I + N - 1}       | ≤ | \|t\_{I + N - 1}\| - \|h\_{I + N - 1}\| + N - 1       |
 //!
 //! We have the following properties:
 //!
-//! ```text
-//! t_{I + N - 1} = t_I + |h_{I + N - 1}| - |h_I| + N - 1
-//! |t_{I + N - 1}| - |h_{I + N - 1}| = |t_I| - |h_I| // Compaction preserves capacity.
-//! |h_{I + N - 1}| - |t_I| <= h_{I + N - 1} - t_I
-//! ```
+//!
+//! |                                         |   |                                              |        |
+//! | ---------------------------------------:|:-:|:-------------------------------------------- |:------ |
+//! | t\_{I + N - 1}                          | = | t\_I + \|h\_{I + N - 1}\| - \|h\_I\| + N - 1 |        |
+//! | \|t\_{I + N - 1}\| - \|h\_{I + N - 1}\| | = | \|t\_I\| - \|h\_I\|   | Compaction preserves capacity |
+//! | \|h\_{I + N - 1}\| - \|t\_I\|           | ≤ | h\_{I + N - 1} - t\_I |                               |
 //!
 //! From which we conclude:
 //!
-//! ```text
-//! t_{I + N - 1} - h_{I + N - 1} <= |t_{I + N - 1}| - |h_{I + N - 1}| + N - 1
-//! iff t_I + |h_{I + N - 1}| - |h_I| + N - 1 - h_{I + N - 1} <= |t_I| - |h_I| + N - 1
-//! iff t_I + |h_{I + N - 1}| - h_{I + N - 1} <= |t_I|
-//! iff |h_{I + N - 1}| - |t_I| <= h_{I + N - 1} - t_I
-//! ```
+//! |     |                                 |   |                                                 |
+//! | ---:| -------------------------------:|:-:|:----------------------------------------------- |
+//! |     | t\_{I + N - 1} - h\_{I + N - 1} | ≤ | \|t\_{I + N - 1}\| - \|h\_{I + N - 1}\| + N - 1 |
+//! | iff | t\_I + \|h\_{I + N - 1}\| - \|h\_I\| + N - 1 - h\_{I + N - 1} | ≤ | \|t\_I\| - \|h\_I\| + N - 1 |
+//! | iff | t\_I + \|h\_{I + N - 1}\| - h\_{I + N - 1}                    | ≤ | \|t\_I\| |
+//! | iff | \|h\_{I + N - 1}\| - \|t\_I\|                                 | ≤ | h\_{I + N - 1} - t\_I |
 //!
 //!
 //! ## Checksum
 //!
-//! The main property we want is that all partially written/erased words are either
-//! the initial word, the final word, or invalid.
+//! The main property we want is that all partially written/erased words are either the initial
+//! word, the final word, or invalid.
 //!
-//! We say that a bit sequence `TARGET` is reachable from a bit sequence `SOURCE` if
-//! both have the same length and `SOURCE & TARGET == TARGET` where `&` is the
-//! bitwise AND operation on bit sequences of that length. In other words, when
-//! `SOURCE` has a bit equal to 0 then `TARGET` also has that bit equal to 0.
+//! We say that a bit sequence `TARGET` is reachable from a bit sequence `SOURCE` if both have the
+//! same length and `SOURCE & TARGET == TARGET` where `&` is the bitwise AND operation on bit
+//! sequences of that length. In other words, when `SOURCE` has a bit equal to 0 then `TARGET` also
+//! has that bit equal to 0.
 //!
-//! The only written entries start with `101` or `110` and are written from an
-//! erased word. Marking an entry as padding or deleted is a single bit operation,
-//! so the property trivially holds. For those cases, the proof relies on the fact
-//! that there is exactly one bit equal to 0 in the 3 first bits. Either the 3 first
-//! bits are still `111` in which case we expect the remaining bits to be equal
-//! to 1. Otherwise we can use the checksum of the given type of entry because those
-//! 2 types of entries are not reachable from each other. Here is a visualization of
-//! the partitioning based on the first 3 bits:
+//! The only written entries start with `101` or `110` and are written from an erased word. Marking
+//! an entry as padding or deleted is a single bit operation, so the property trivially holds. For
+//! those cases, the proof relies on the fact that there is exactly one bit equal to 0 in the 3
+//! first bits. Either the 3 first bits are still `111` in which case we expect the remaining bits
+//! to be equal to 1. Otherwise we can use the checksum of the given type of entry because those 2
+//! types of entries are not reachable from each other. Here is a visualization of the partitioning
+//! based on the first 3 bits:
 //!
 //! | First 3 bits | Description        | How to check                 |
 //! | ------------:| ------------------ | ---------------------------- |
@@ -314,34 +312,27 @@
 //! | `100`        | Deleted user entry | No check, atomically written |
 //! | `0??`        | Padding entry      | No check, atomically written |
 //!
-//! To show that valid entries of a given type are not reachable from each other, we
-//! show 3 lemmas:
+//! To show that valid entries of a given type are not reachable from each other, we show 3 lemmas:
 //!
-//! 1.  A bit sequence is not reachable from another if its number of bits equal to
-//!     0 is smaller.
+//! 1.  A bit sequence is not reachable from another if its number of bits equal to 0 is smaller.
+//! 2.  A bit sequence is not reachable from another if they have the same number of bits equals to
+//!     0 and are different.
+//! 3.  A bit sequence is not reachable from another if it is bigger when they are interpreted as
+//!     numbers in binary representation.
 //!
-//! 2.  A bit sequence is not reachable from another if they have the same number of
-//!     bits equals to 0 and are different.
-//!
-//! 3.  A bit sequence is not reachable from another if it is bigger when they are
-//!     interpreted as numbers in binary representation.
-//!
-//! From those lemmas we consider the 2 cases. If both entries have the same number
-//! of bits equal to 0, they are either equal or not reachable from each other
-//! because of the second lemma. If they don't have the same number of bits equal to
-//! 0, then the one with less bits equal to 0 is not reachable from the other
-//! because of the first lemma and the one with more bits equal to 0 is not
-//! reachable from the other because of the third lemma and the definition of the
-//! checksum.
+//! From those lemmas we consider the 2 cases. If both entries have the same number of bits equal to
+//! 0, they are either equal or not reachable from each other because of the second lemma. If they
+//! don't have the same number of bits equal to 0, then the one with less bits equal to 0 is not
+//! reachable from the other because of the first lemma and the one with more bits equal to 0 is not
+//! reachable from the other because of the third lemma and the definition of the checksum.
 //!
 //! # Fuzzing
 //!
-//! For any sequence of operations and interruptions starting from an erased
-//! storage, the store is checked against its model and some internal invariant at
-//! each step.
+//! For any sequence of operations and interruptions starting from an erased storage, the store is
+//! checked against its model and some internal invariant at each step.
 //!
-//! For any sequence of operations and interruptions starting from an arbitrary
-//! storage, the store is checked not to crash.
+//! For any sequence of operations and interruptions starting from an arbitrary storage, the store
+//! is checked not to crash.
 
 #![cfg_attr(not(feature = "std"), no_std)]
 #![feature(try_trait)]
diff --git a/libraries/persistent_store/src/model.rs b/libraries/persistent_store/src/model.rs
index eebc329..e0bf9e3 100644
--- a/libraries/persistent_store/src/model.rs
+++ b/libraries/persistent_store/src/model.rs
@@ -12,13 +12,16 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+//! Store specification.
+
 use crate::format::Format;
 use crate::{usize_to_nat, StoreError, StoreRatio, StoreResult, StoreUpdate};
 use std::collections::HashMap;
 
 /// Models the mutable operations of a store.
 ///
-/// The model doesn't model the storage and read-only operations. This is done by the driver.
+/// The model doesn't model the storage and read-only operations. This is done by the
+/// [driver](crate::StoreDriver).
 #[derive(Clone, Debug)]
 pub struct StoreModel {
     /// Represents the content of the store.
diff --git a/libraries/persistent_store/src/storage.rs b/libraries/persistent_store/src/storage.rs
index becd900..fb5b0cb 100644
--- a/libraries/persistent_store/src/storage.rs
+++ b/libraries/persistent_store/src/storage.rs
@@ -12,6 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+//! Flash storage abstraction.
+
 /// Represents a byte position in a storage.
 #[derive(Copy, Clone, Debug, PartialEq, Eq)]
 pub struct StorageIndex {
@@ -65,12 +67,14 @@ pub trait Storage {
     /// The following pre-conditions must hold:
     /// - The `index` must designate `value.len()` bytes in the storage.
     /// - Both `index` and `value.len()` must be word-aligned.
-    /// - The written words should not have been written too many times since last page erasure.
+    /// - The written words should not have been written [too many](Self::max_word_writes) times
+    ///   since the last page erasure.
     fn write_slice(&mut self, index: StorageIndex, value: &[u8]) -> StorageResult<()>;
 
     /// Erases a page of the storage.
     ///
-    /// The `page` must be in the storage.
+    /// The `page` must be in the storage, i.e. less than [`Storage::num_pages`]. And the page
+    /// should not have been erased [too many](Self::max_page_erases) times.
     fn erase_page(&mut self, page: usize) -> StorageResult<()>;
 }
 
diff --git a/libraries/persistent_store/src/store.rs b/libraries/persistent_store/src/store.rs
index f19f463..c143c89 100644
--- a/libraries/persistent_store/src/store.rs
+++ b/libraries/persistent_store/src/store.rs
@@ -12,6 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+//! Store implementation.
+
 use crate::format::{
     is_erased, CompactInfo, Format, Header, InitInfo, InternalEntry, Padding, ParsedWord, Position,
     Word, WordState,
@@ -55,17 +57,14 @@ pub enum StoreError {
     ///
     /// The consequences depend on the storage failure. In particular, the operation may or may not
     /// have succeeded, and the storage may have become invalid. Before doing any other operation,
-    /// the store should be [recovered]. The operation may then be retried if idempotent.
-    ///
-    /// [recovered]: struct.Store.html#method.recover
+    /// the store should be [recovered](Store::recover). The operation may then be retried if
+    /// idempotent.
     StorageError,
 
     /// Storage is invalid.
     ///
-    /// The storage should be erased and the store [recovered]. The store would be empty and have
-    /// lost track of lifetime.
-    ///
-    /// [recovered]: struct.Store.html#method.recover
+    /// The storage should be erased and the store [recovered](Store::recover). The store would be
+    /// empty and have lost track of lifetime.
     InvalidStorage,
 }
 
@@ -92,14 +91,12 @@ pub type StoreResult<T> = Result<T, StoreError>;
 
 /// Progression ratio for store metrics.
 ///
-/// This is used for the [capacity] and [lifetime] metrics. Those metrics are measured in words.
+/// This is used for the [`Store::capacity`] and [`Store::lifetime`] metrics. Those metrics are
+/// measured in words.
 ///
 /// # Invariant
 ///
-/// - The used value does not exceed the total: `used <= total`.
-///
-/// [capacity]: struct.Store.html#method.capacity
-/// [lifetime]: struct.Store.html#method.lifetime
+/// - The used value does not exceed the total: `used` ≤ `total`.
 #[derive(Copy, Clone, Debug, PartialEq, Eq)]
 pub struct StoreRatio {
     /// How much of the metric is used.
@@ -148,11 +145,11 @@ impl StoreHandle {
         self.key as usize
     }
 
-    /// Returns the length of value of the entry.
+    /// Returns the value length of the entry.
     ///
     /// # Errors
     ///
-    /// Returns `InvalidArgument` if the entry has been deleted or compacted.
+    /// Returns [`StoreError::InvalidArgument`] if the entry has been deleted or compacted.
     pub fn get_length<S: Storage>(&self, store: &Store<S>) -> StoreResult<usize> {
         store.get_length(self)
     }
@@ -161,7 +158,7 @@ impl StoreHandle {
     ///
     /// # Errors
     ///
-    /// Returns `InvalidArgument` if the entry has been deleted or compacted.
+    /// Returns [`StoreError::InvalidArgument`] if the entry has been deleted or compacted.
     pub fn get_value<S: Storage>(&self, store: &Store<S>) -> StoreResult<Vec<u8>> {
         store.get_value(self)
     }
@@ -211,7 +208,7 @@ pub struct Store<S: Storage> {
 
     /// The list of the position of the user entries.
     ///
-    /// The position is encoded as the word offset from the [head](Store#structfield.head).
+    /// The position is encoded as the word offset from the [head](Store::head).
     entries: Option<Vec<u16>>,
 }
 
@@ -224,7 +221,8 @@ impl<S: Storage> Store<S> {
     ///
     /// # Errors
     ///
-    /// Returns `InvalidArgument` if the storage is not supported.
+    /// Returns [`StoreError::InvalidArgument`] if the storage is not
+    /// [supported](Format::is_storage_supported).
     pub fn new(storage: S) -> Result<Store<S>, (StoreError, S)> {
         let format = match Format::new(&storage) {
             None => return Err((StoreError::InvalidArgument, storage)),
@@ -258,7 +256,7 @@ impl<S: Storage> Store<S> {
         )))
     }
 
-    /// Returns the current capacity in words.
+    /// Returns the current and total capacity in words.
     ///
     /// The capacity represents the size of what is stored.
     pub fn capacity(&self) -> StoreResult<StoreRatio> {
@@ -271,7 +269,7 @@ impl<S: Storage> Store<S> {
         Ok(StoreRatio { used, total })
     }
 
-    /// Returns the current lifetime in words.
+    /// Returns the current and total lifetime in words.
     ///
     /// The lifetime represents the age of the storage. The limit is an over-approximation by at
     /// most the maximum length of a value (the actual limit depends on the length of the prefix of
@@ -286,10 +284,11 @@ impl<S: Storage> Store<S> {
     ///
     /// # Errors
     ///
-    /// Returns `InvalidArgument` in the following circumstances:
-    /// - There are too many updates.
+    /// Returns [`StoreError::InvalidArgument`] in the following circumstances:
+    /// - There are [too many](Format::max_updates) updates.
     /// - The updates overlap, i.e. their keys are not disjoint.
-    /// - The updates are invalid, e.g. key out of bound or value too long.
+    /// - The updates are invalid, e.g. key [out of bound](Format::max_key) or value [too
+    ///   long](Format::max_value_len).
     pub fn transaction<ByteSlice: Borrow<[u8]>>(
         &mut self,
         updates: &[StoreUpdate<ByteSlice>],

From 6cb6538db6782d6ea2dce5fe685395cfb28b0316 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Mon, 15 Mar 2021 12:10:13 +0100
Subject: [PATCH 181/192] Fix typography

---
 libraries/persistent_store/src/lib.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libraries/persistent_store/src/lib.rs b/libraries/persistent_store/src/lib.rs
index e3735c3..4be15e3 100644
--- a/libraries/persistent_store/src/lib.rs
+++ b/libraries/persistent_store/src/lib.rs
@@ -27,7 +27,7 @@
 //!
 //! The store is flash-efficient in the sense that it uses the storage [lifetime](Store::lifetime)
 //! efficiently. For each page, all words are written at least once between erase cycles and all
-//! erase cycles are used. However, not all written words are user content: lifetime is also
+//! erase cycles are used. However, not all written words are user content: Lifetime is also
 //! consumed with metadata and compaction.
 //!
 //! The store is extendable with other entries than key-values. It is essentially a framework

From e5313057f9874bd8a0715c4f006cf5b96bbb407c Mon Sep 17 00:00:00 2001
From: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
Date: Mon, 15 Mar 2021 13:36:28 +0100
Subject: [PATCH 182/192] PIN protocol V2 in ClientPin (#293)

* PIN protocol V2 in ClientPin

* the test ClientPin has a random second private key
---
 src/ctap/client_pin.rs            | 1055 +++++++++++++++++------------
 src/ctap/command.rs               |   23 +-
 src/ctap/config_command.rs        |   25 +-
 src/ctap/credential_management.rs |   23 +-
 src/ctap/data_formats.rs          |   79 ++-
 src/ctap/large_blobs.rs           |   19 +-
 src/ctap/mod.rs                   |    8 +-
 src/ctap/pin_protocol.rs          |  108 +--
 8 files changed, 815 insertions(+), 525 deletions(-)

diff --git a/src/ctap/client_pin.rs b/src/ctap/client_pin.rs
index 245f020..12e049c 100644
--- a/src/ctap/client_pin.rs
+++ b/src/ctap/client_pin.rs
@@ -13,11 +13,14 @@
 // limitations under the License.
 
 use super::command::AuthenticatorClientPinParameters;
-use super::data_formats::{ClientPinSubCommand, CoseKey, GetAssertionHmacSecretInput};
+use super::data_formats::{
+    ok_or_missing, ClientPinSubCommand, CoseKey, GetAssertionHmacSecretInput, PinUvAuthProtocol,
+};
 use super::pin_protocol::{verify_pin_uv_auth_token, PinProtocol, SharedSecret};
 use super::response::{AuthenticatorClientPinResponse, ResponseData};
 use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
+use alloc::boxed::Box;
 use alloc::str;
 use alloc::string::String;
 use alloc::vec::Vec;
@@ -48,29 +51,6 @@ pub const PIN_TOKEN_LENGTH: usize = 32;
 /// is fixed since CTAP2.1.
 const PIN_PADDED_LENGTH: usize = 64;
 
-/// Computes and encrypts the HMAC-secret outputs.
-///
-/// To compute them, we first have to decrypt the HMAC secret salt(s) that were
-/// encrypted with the shared secret. The credRandom is used as a secret in HMAC
-/// for those salts.
-fn encrypt_hmac_secret_output(
-    rng: &mut impl Rng256,
-    shared_secret: &dyn SharedSecret,
-    salt_enc: &[u8],
-    cred_random: &[u8; 32],
-) -> Result<Vec<u8>, Ctap2StatusCode> {
-    let decrypted_salts = shared_secret.decrypt(salt_enc)?;
-    if decrypted_salts.len() != 32 && decrypted_salts.len() != 64 {
-        return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
-    }
-    let mut output = hmac_256::<Sha256>(&cred_random[..], &decrypted_salts[..32]).to_vec();
-    if decrypted_salts.len() == 64 {
-        let mut output2 = hmac_256::<Sha256>(&cred_random[..], &decrypted_salts[32..]).to_vec();
-        output.append(&mut output2);
-    }
-    shared_secret.encrypt(rng, &output)
-}
-
 /// Decrypts the new_pin_enc and outputs the found PIN.
 fn decrypt_pin(
     shared_secret: &dyn SharedSecret,
@@ -124,6 +104,7 @@ pub enum PinPermission {
 
 pub struct ClientPin {
     pin_protocol_v1: PinProtocol,
+    pin_protocol_v2: PinProtocol,
     consecutive_pin_mismatches: u8,
     permissions: u8,
     permissions_rp_id: Option<String>,
@@ -133,12 +114,42 @@ impl ClientPin {
     pub fn new(rng: &mut impl Rng256) -> ClientPin {
         ClientPin {
             pin_protocol_v1: PinProtocol::new(rng),
+            pin_protocol_v2: PinProtocol::new(rng),
             consecutive_pin_mismatches: 0,
             permissions: 0,
             permissions_rp_id: None,
         }
     }
 
+    /// Gets a reference to the PIN protocol of the given version.
+    fn get_pin_protocol(&self, pin_uv_auth_protocol: PinUvAuthProtocol) -> &PinProtocol {
+        match pin_uv_auth_protocol {
+            PinUvAuthProtocol::V1 => &self.pin_protocol_v1,
+            PinUvAuthProtocol::V2 => &self.pin_protocol_v2,
+        }
+    }
+
+    /// Gets a mutable reference to the PIN protocol of the given version.
+    fn get_mut_pin_protocol(
+        &mut self,
+        pin_uv_auth_protocol: PinUvAuthProtocol,
+    ) -> &mut PinProtocol {
+        match pin_uv_auth_protocol {
+            PinUvAuthProtocol::V1 => &mut self.pin_protocol_v1,
+            PinUvAuthProtocol::V2 => &mut self.pin_protocol_v2,
+        }
+    }
+
+    /// Computes the shared secret for the given version.
+    fn get_shared_secret(
+        &self,
+        pin_uv_auth_protocol: PinUvAuthProtocol,
+        key_agreement: CoseKey,
+    ) -> Result<Box<dyn SharedSecret>, Ctap2StatusCode> {
+        self.get_pin_protocol(pin_uv_auth_protocol)
+            .decapsulate(key_agreement, pin_uv_auth_protocol)
+    }
+
     /// Checks the given encrypted PIN hash against the stored PIN hash.
     ///
     /// Decrypts the encrypted pin_hash and compares it to the stored pin_hash.
@@ -148,6 +159,7 @@ impl ClientPin {
         &mut self,
         rng: &mut impl Rng256,
         persistent_store: &mut PersistentStore,
+        pin_uv_auth_protocol: PinUvAuthProtocol,
         shared_secret: &dyn SharedSecret,
         pin_hash_enc: Vec<u8>,
     ) -> Result<(), Ctap2StatusCode> {
@@ -157,13 +169,13 @@ impl ClientPin {
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_BLOCKED);
                 }
                 persistent_store.decr_pin_retries()?;
-                if pin_hash_enc.len() != PIN_AUTH_LENGTH {
-                    return Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID);
-                }
-                let pin_hash_dec = shared_secret.decrypt(&pin_hash_enc)?;
+                let pin_hash_dec = shared_secret
+                    .decrypt(&pin_hash_enc)
+                    .map_err(|_| Ctap2StatusCode::CTAP2_ERR_PIN_INVALID)?;
 
                 if !bool::from(pin_hash.ct_eq(&pin_hash_dec)) {
-                    self.pin_protocol_v1.regenerate(rng);
+                    self.get_mut_pin_protocol(pin_uv_auth_protocol)
+                        .regenerate(rng);
                     if persistent_store.pin_retries()? == 0 {
                         return Err(Ctap2StatusCode::CTAP2_ERR_PIN_BLOCKED);
                     }
@@ -193,9 +205,16 @@ impl ClientPin {
         })
     }
 
-    fn process_get_key_agreement(&self) -> Result<AuthenticatorClientPinResponse, Ctap2StatusCode> {
+    fn process_get_key_agreement(
+        &self,
+        client_pin_params: AuthenticatorClientPinParameters,
+    ) -> Result<AuthenticatorClientPinResponse, Ctap2StatusCode> {
+        let key_agreement = Some(
+            self.get_pin_protocol(client_pin_params.pin_uv_auth_protocol)
+                .get_public_key(),
+        );
         Ok(AuthenticatorClientPinResponse {
-            key_agreement: Some(self.pin_protocol_v1.get_public_key()),
+            key_agreement,
             pin_token: None,
             retries: None,
         })
@@ -204,15 +223,24 @@ impl ClientPin {
     fn process_set_pin(
         &mut self,
         persistent_store: &mut PersistentStore,
-        key_agreement: CoseKey,
-        pin_auth: Vec<u8>,
-        new_pin_enc: Vec<u8>,
+        client_pin_params: AuthenticatorClientPinParameters,
     ) -> Result<(), Ctap2StatusCode> {
+        let AuthenticatorClientPinParameters {
+            pin_uv_auth_protocol,
+            key_agreement,
+            pin_uv_auth_param,
+            new_pin_enc,
+            ..
+        } = client_pin_params;
+        let key_agreement = ok_or_missing(key_agreement)?;
+        let pin_uv_auth_param = ok_or_missing(pin_uv_auth_param)?;
+        let new_pin_enc = ok_or_missing(new_pin_enc)?;
+
         if persistent_store.pin_hash()?.is_some() {
             return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
         }
-        let shared_secret = self.pin_protocol_v1.decapsulate(key_agreement, 1)?;
-        shared_secret.verify(&new_pin_enc, &pin_auth)?;
+        let shared_secret = self.get_shared_secret(pin_uv_auth_protocol, key_agreement)?;
+        shared_secret.verify(&new_pin_enc, &pin_uv_auth_param)?;
 
         check_and_store_new_pin(persistent_store, shared_secret.as_ref(), new_pin_enc)?;
         persistent_store.reset_pin_retries()?;
@@ -223,22 +251,39 @@ impl ClientPin {
         &mut self,
         rng: &mut impl Rng256,
         persistent_store: &mut PersistentStore,
-        key_agreement: CoseKey,
-        pin_auth: Vec<u8>,
-        new_pin_enc: Vec<u8>,
-        pin_hash_enc: Vec<u8>,
+        client_pin_params: AuthenticatorClientPinParameters,
     ) -> Result<(), Ctap2StatusCode> {
+        let AuthenticatorClientPinParameters {
+            pin_uv_auth_protocol,
+            key_agreement,
+            pin_uv_auth_param,
+            new_pin_enc,
+            pin_hash_enc,
+            ..
+        } = client_pin_params;
+        let key_agreement = ok_or_missing(key_agreement)?;
+        let pin_uv_auth_param = ok_or_missing(pin_uv_auth_param)?;
+        let new_pin_enc = ok_or_missing(new_pin_enc)?;
+        let pin_hash_enc = ok_or_missing(pin_hash_enc)?;
+
         if persistent_store.pin_retries()? == 0 {
             return Err(Ctap2StatusCode::CTAP2_ERR_PIN_BLOCKED);
         }
-        let shared_secret = self.pin_protocol_v1.decapsulate(key_agreement, 1)?;
+        let shared_secret = self.get_shared_secret(pin_uv_auth_protocol, key_agreement)?;
         let mut auth_param_data = new_pin_enc.clone();
         auth_param_data.extend(&pin_hash_enc);
-        shared_secret.verify(&auth_param_data, &pin_auth)?;
-        self.verify_pin_hash_enc(rng, persistent_store, shared_secret.as_ref(), pin_hash_enc)?;
+        shared_secret.verify(&auth_param_data, &pin_uv_auth_param)?;
+        self.verify_pin_hash_enc(
+            rng,
+            persistent_store,
+            pin_uv_auth_protocol,
+            shared_secret.as_ref(),
+            pin_hash_enc,
+        )?;
 
         check_and_store_new_pin(persistent_store, shared_secret.as_ref(), new_pin_enc)?;
         self.pin_protocol_v1.reset_pin_uv_auth_token(rng);
+        self.pin_protocol_v2.reset_pin_uv_auth_token(rng);
         Ok(())
     }
 
@@ -246,19 +291,37 @@ impl ClientPin {
         &mut self,
         rng: &mut impl Rng256,
         persistent_store: &mut PersistentStore,
-        key_agreement: CoseKey,
-        pin_hash_enc: Vec<u8>,
+        client_pin_params: AuthenticatorClientPinParameters,
     ) -> Result<AuthenticatorClientPinResponse, Ctap2StatusCode> {
+        let AuthenticatorClientPinParameters {
+            pin_uv_auth_protocol,
+            key_agreement,
+            pin_hash_enc,
+            ..
+        } = client_pin_params;
+        let key_agreement = ok_or_missing(key_agreement)?;
+        let pin_hash_enc = ok_or_missing(pin_hash_enc)?;
+
         if persistent_store.pin_retries()? == 0 {
             return Err(Ctap2StatusCode::CTAP2_ERR_PIN_BLOCKED);
         }
-        let shared_secret = self.pin_protocol_v1.decapsulate(key_agreement, 1)?;
-        self.verify_pin_hash_enc(rng, persistent_store, shared_secret.as_ref(), pin_hash_enc)?;
+        let shared_secret = self.get_shared_secret(pin_uv_auth_protocol, key_agreement)?;
+        self.verify_pin_hash_enc(
+            rng,
+            persistent_store,
+            pin_uv_auth_protocol,
+            shared_secret.as_ref(),
+            pin_hash_enc,
+        )?;
         if persistent_store.has_force_pin_change()? {
             return Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID);
         }
 
-        let pin_token = shared_secret.encrypt(rng, self.pin_protocol_v1.get_pin_uv_auth_token())?;
+        let pin_token = shared_secret.encrypt(
+            rng,
+            self.get_pin_protocol(pin_uv_auth_protocol)
+                .get_pin_uv_auth_token(),
+        )?;
         self.permissions = 0x03;
         self.permissions_rp_id = None;
 
@@ -273,16 +336,14 @@ impl ClientPin {
         &self,
         // If you want to support local user verification, implement this function.
         // Lacking a fingerprint reader, this subcommand is currently unsupported.
-        _key_agreement: CoseKey,
-        _permissions: u8,
-        _permissions_rp_id: Option<String>,
+        _client_pin_params: AuthenticatorClientPinParameters,
     ) -> Result<AuthenticatorClientPinResponse, Ctap2StatusCode> {
-        // User verifications is only supported through PIN currently.
+        // User verification is only supported through PIN currently.
         Err(Ctap2StatusCode::CTAP2_ERR_INVALID_SUBCOMMAND)
     }
 
     fn process_get_uv_retries(&self) -> Result<AuthenticatorClientPinResponse, Ctap2StatusCode> {
-        // User verifications is only supported through PIN currently.
+        // User verification is only supported through PIN currently.
         Err(Ctap2StatusCode::CTAP2_ERR_INVALID_SUBCOMMAND)
     }
 
@@ -290,11 +351,13 @@ impl ClientPin {
         &mut self,
         rng: &mut impl Rng256,
         persistent_store: &mut PersistentStore,
-        key_agreement: CoseKey,
-        pin_hash_enc: Vec<u8>,
-        permissions: u8,
-        permissions_rp_id: Option<String>,
+        mut client_pin_params: AuthenticatorClientPinParameters,
     ) -> Result<AuthenticatorClientPinResponse, Ctap2StatusCode> {
+        let permissions = ok_or_missing(client_pin_params.permissions)?;
+        // Mutating client_pin_params is just an optimization to move it into
+        // process_get_pin_token, without cloning permissions_rp_id here.
+        let permissions_rp_id = client_pin_params.permissions_rp_id.take();
+
         if permissions == 0 {
             return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
         }
@@ -303,8 +366,7 @@ impl ClientPin {
             return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
         }
 
-        let response =
-            self.process_get_pin_token(rng, persistent_store, key_agreement, pin_hash_enc)?;
+        let response = self.process_get_pin_token(rng, persistent_store, client_pin_params)?;
 
         self.permissions = permissions;
         self.permissions_rp_id = permissions_rp_id;
@@ -312,102 +374,80 @@ impl ClientPin {
         Ok(response)
     }
 
+    /// Processes the authenticatorClientPin command.
     pub fn process_command(
         &mut self,
         rng: &mut impl Rng256,
         persistent_store: &mut PersistentStore,
         client_pin_params: AuthenticatorClientPinParameters,
     ) -> Result<ResponseData, Ctap2StatusCode> {
-        let AuthenticatorClientPinParameters {
-            pin_uv_auth_protocol,
-            sub_command,
-            key_agreement,
-            pin_auth,
-            new_pin_enc,
-            pin_hash_enc,
-            permissions,
-            permissions_rp_id,
-        } = client_pin_params;
-
-        if pin_uv_auth_protocol != 1 {
-            return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
-        }
-
-        let response = match sub_command {
+        let response = match client_pin_params.sub_command {
             ClientPinSubCommand::GetPinRetries => {
                 Some(self.process_get_pin_retries(persistent_store)?)
             }
-            ClientPinSubCommand::GetKeyAgreement => Some(self.process_get_key_agreement()?),
+            ClientPinSubCommand::GetKeyAgreement => {
+                Some(self.process_get_key_agreement(client_pin_params)?)
+            }
             ClientPinSubCommand::SetPin => {
-                self.process_set_pin(
-                    persistent_store,
-                    key_agreement.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
-                    pin_auth.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
-                    new_pin_enc.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
-                )?;
+                self.process_set_pin(persistent_store, client_pin_params)?;
                 None
             }
             ClientPinSubCommand::ChangePin => {
-                self.process_change_pin(
-                    rng,
-                    persistent_store,
-                    key_agreement.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
-                    pin_auth.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
-                    new_pin_enc.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
-                    pin_hash_enc.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
-                )?;
+                self.process_change_pin(rng, persistent_store, client_pin_params)?;
                 None
             }
-            ClientPinSubCommand::GetPinToken => Some(self.process_get_pin_token(
-                rng,
-                persistent_store,
-                key_agreement.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
-                pin_hash_enc.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
-            )?),
+            ClientPinSubCommand::GetPinToken => {
+                Some(self.process_get_pin_token(rng, persistent_store, client_pin_params)?)
+            }
             ClientPinSubCommand::GetPinUvAuthTokenUsingUvWithPermissions => Some(
-                self.process_get_pin_uv_auth_token_using_uv_with_permissions(
-                    key_agreement.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
-                    permissions.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
-                    permissions_rp_id,
-                )?,
+                self.process_get_pin_uv_auth_token_using_uv_with_permissions(client_pin_params)?,
             ),
             ClientPinSubCommand::GetUvRetries => Some(self.process_get_uv_retries()?),
             ClientPinSubCommand::GetPinUvAuthTokenUsingPinWithPermissions => Some(
                 self.process_get_pin_uv_auth_token_using_pin_with_permissions(
                     rng,
                     persistent_store,
-                    key_agreement.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
-                    pin_hash_enc.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
-                    permissions.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
-                    permissions_rp_id,
+                    client_pin_params,
                 )?,
             ),
         };
         Ok(ResponseData::AuthenticatorClientPin(response))
     }
 
+    /// Verifies the HMAC for the PIN protocol V1 pinUvAuthToken.
     pub fn verify_pin_auth_token(
         &self,
         hmac_contents: &[u8],
-        pin_auth: &[u8],
+        pin_uv_auth_param: &[u8],
     ) -> Result<(), Ctap2StatusCode> {
-        // TODO(kaczmarczyck) pass the protocol number
         verify_pin_uv_auth_token(
-            self.pin_protocol_v1.get_pin_uv_auth_token(),
+            self.get_pin_protocol(PinUvAuthProtocol::V1)
+                .get_pin_uv_auth_token(),
             hmac_contents,
-            pin_auth,
-            1,
+            pin_uv_auth_param,
+            PinUvAuthProtocol::V1,
         )
     }
 
+    /// Resets all held state.
     pub fn reset(&mut self, rng: &mut impl Rng256) {
         self.pin_protocol_v1.regenerate(rng);
         self.pin_protocol_v1.reset_pin_uv_auth_token(rng);
+        self.pin_protocol_v2.regenerate(rng);
+        self.pin_protocol_v2.reset_pin_uv_auth_token(rng);
         self.consecutive_pin_mismatches = 0;
         self.permissions = 0;
         self.permissions_rp_id = None;
     }
 
+    /// Verifies, computes and encrypts the HMAC-secret outputs.
+    ///
+    /// The salt_enc is
+    /// - verified with the shared secret and salt_auth,
+    /// - decrypted with the shared secret,
+    /// - HMAC'ed with cred_random.
+    /// The length of the output matches salt_enc and has to be 1 or 2 blocks of
+    /// 32 byte.
     pub fn process_hmac_secret(
         &self,
         rng: &mut impl Rng256,
@@ -418,10 +458,23 @@ impl ClientPin {
             key_agreement,
             salt_enc,
             salt_auth,
+            pin_uv_auth_protocol,
         } = hmac_secret_input;
-        let shared_secret = self.pin_protocol_v1.decapsulate(key_agreement, 1)?;
+        let shared_secret = self
+            .get_pin_protocol(pin_uv_auth_protocol)
+            .decapsulate(key_agreement, pin_uv_auth_protocol)?;
         shared_secret.verify(&salt_enc, &salt_auth)?;
-        encrypt_hmac_secret_output(rng, shared_secret.as_ref(), &salt_enc[..], cred_random)
+
+        let decrypted_salts = shared_secret.decrypt(&salt_enc)?;
+        if decrypted_salts.len() != 32 && decrypted_salts.len() != 64 {
+            return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+        }
+        let mut output = hmac_256::<Sha256>(&cred_random[..], &decrypted_salts[..32]).to_vec();
+        if decrypted_salts.len() == 64 {
+            let mut output2 = hmac_256::<Sha256>(&cred_random[..], &decrypted_salts[32..]).to_vec();
+            output.append(&mut output2);
+        }
+        shared_secret.encrypt(rng, &output)
     }
 
     /// Check if the required command's token permission is granted.
@@ -481,9 +534,17 @@ impl ClientPin {
     pub fn new_test(
         key_agreement_key: crypto::ecdh::SecKey,
         pin_uv_auth_token: [u8; PIN_TOKEN_LENGTH],
+        pin_uv_auth_protocol: PinUvAuthProtocol,
     ) -> ClientPin {
+        use crypto::rng256::ThreadRng256;
+        let mut rng = ThreadRng256 {};
+        let (key_agreement_key_v1, key_agreement_key_v2) = match pin_uv_auth_protocol {
+            PinUvAuthProtocol::V1 => (key_agreement_key, crypto::ecdh::SecKey::gensk(&mut rng)),
+            PinUvAuthProtocol::V2 => (crypto::ecdh::SecKey::gensk(&mut rng), key_agreement_key),
+        };
         ClientPin {
-            pin_protocol_v1: PinProtocol::new_test(key_agreement_key, pin_uv_auth_token),
+            pin_protocol_v1: PinProtocol::new_test(key_agreement_key_v1, pin_uv_auth_token),
+            pin_protocol_v2: PinProtocol::new_test(key_agreement_key_v2, pin_uv_auth_token),
             consecutive_pin_mismatches: 0,
             permissions: 0xFF,
             permissions_rp_id: None,
@@ -493,7 +554,6 @@ impl ClientPin {
 
 #[cfg(test)]
 mod test {
-    use super::super::pin_protocol::SharedSecretV1;
     use super::*;
     use alloc::vec;
     use crypto::rng256::ThreadRng256;
@@ -507,62 +567,100 @@ mod test {
         persistent_store.set_pin(&pin_hash, 4).unwrap();
     }
 
-    /// Encrypts the message with a zero IV and key derived from shared_secret.
-    fn encrypt_message(shared_secret: &[u8; 32], message: &[u8]) -> Vec<u8> {
-        let mut rng = ThreadRng256 {};
-        let shared_secret = SharedSecretV1::new_test(*shared_secret);
-        shared_secret.encrypt(&mut rng, message).unwrap()
-    }
-
-    /// Decrypts the message with a zero IV and key derived from shared_secret.
-    fn decrypt_message(shared_secret: &[u8; 32], message: &[u8]) -> Vec<u8> {
-        let shared_secret = SharedSecretV1::new_test(*shared_secret);
-        shared_secret.decrypt(message).unwrap()
-    }
-
     /// Fails on PINs bigger than 64 bytes.
-    fn encrypt_pin(shared_secret: &[u8; 32], pin: Vec<u8>) -> Vec<u8> {
+    fn encrypt_pin(shared_secret: &dyn SharedSecret, pin: Vec<u8>) -> Vec<u8> {
         assert!(pin.len() <= 64);
+        let mut rng = ThreadRng256 {};
         let mut padded_pin = [0u8; 64];
         padded_pin[..pin.len()].copy_from_slice(&pin[..]);
-        encrypt_message(shared_secret, &padded_pin)
+        shared_secret.encrypt(&mut rng, &padded_pin).unwrap()
     }
 
-    /// Encrypts the dummy PIN "1234".
-    fn encrypt_standard_pin(shared_secret: &[u8; 32]) -> Vec<u8> {
-        encrypt_pin(shared_secret, b"1234".to_vec())
+    /// Generates a ClientPin instance and a shared secret for testing.
+    ///
+    /// The shared secret for the desired PIN protocol is generated in a
+    /// handshake with itself. The other protocol has a random private key, so
+    /// tests using the wrong combination of PIN protocol and shared secret
+    /// should fail.
+    fn create_client_pin_and_shared_secret(
+        pin_uv_auth_protocol: PinUvAuthProtocol,
+    ) -> (ClientPin, Box<dyn SharedSecret>) {
+        let mut rng = ThreadRng256 {};
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pk = key_agreement_key.genpk();
+        let key_agreement = CoseKey::from(pk);
+        let pin_uv_auth_token = [0x91; PIN_TOKEN_LENGTH];
+        let client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, pin_uv_auth_protocol);
+        let shared_secret = client_pin
+            .get_pin_protocol(pin_uv_auth_protocol)
+            .decapsulate(key_agreement, pin_uv_auth_protocol)
+            .unwrap();
+        (client_pin, shared_secret)
     }
 
-    /// Encrypts the PIN hash corresponding to the dummy PIN "1234".
-    fn encrypt_standard_pin_hash(shared_secret: &[u8; 32]) -> Vec<u8> {
-        let mut pin = [0u8; 64];
-        pin[..4].copy_from_slice(b"1234");
-        let pin_hash = Sha256::hash(&pin);
-        encrypt_message(shared_secret, &pin_hash[..16])
+    /// Generates standard input parameters to the ClientPin command.
+    ///
+    /// All fields are populated for simplicity, even though most are unused.
+    fn create_client_pin_and_parameters(
+        pin_uv_auth_protocol: PinUvAuthProtocol,
+        sub_command: ClientPinSubCommand,
+    ) -> (ClientPin, AuthenticatorClientPinParameters) {
+        let mut rng = ThreadRng256 {};
+        let (client_pin, shared_secret) = create_client_pin_and_shared_secret(pin_uv_auth_protocol);
+
+        let pin = b"1234";
+        let mut padded_pin = [0u8; 64];
+        padded_pin[..pin.len()].copy_from_slice(&pin[..]);
+        let pin_hash = Sha256::hash(&padded_pin);
+        let new_pin_enc = shared_secret
+            .as_ref()
+            .encrypt(&mut rng, &padded_pin)
+            .unwrap();
+        let pin_uv_auth_param = shared_secret.as_ref().authenticate(&new_pin_enc);
+        let pin_hash_enc = shared_secret
+            .as_ref()
+            .encrypt(&mut rng, &pin_hash[..16])
+            .unwrap();
+        let params = AuthenticatorClientPinParameters {
+            pin_uv_auth_protocol,
+            sub_command,
+            key_agreement: Some(
+                client_pin
+                    .get_pin_protocol(pin_uv_auth_protocol)
+                    .get_public_key(),
+            ),
+            pin_uv_auth_param: Some(pin_uv_auth_param),
+            new_pin_enc: Some(new_pin_enc),
+            pin_hash_enc: Some(pin_hash_enc),
+            permissions: Some(0x03),
+            permissions_rp_id: Some("example.com".to_string()),
+        };
+        (client_pin, params)
     }
 
-    #[test]
-    fn test_verify_pin_hash_enc() {
+    fn test_helper_verify_pin_hash_enc(pin_uv_auth_protocol: PinUvAuthProtocol) {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
+        let mut client_pin = ClientPin::new(&mut rng);
+        let pin_protocol = client_pin.get_pin_protocol(pin_uv_auth_protocol);
+        let shared_secret = pin_protocol
+            .decapsulate(pin_protocol.get_public_key(), pin_uv_auth_protocol)
+            .unwrap();
         // The PIN is "1234".
         let pin_hash = [
             0x01, 0xD9, 0x88, 0x40, 0x50, 0xBB, 0xD0, 0x7A, 0x23, 0x1A, 0xEB, 0x69, 0xD8, 0x36,
             0xC4, 0x12,
         ];
         persistent_store.set_pin(&pin_hash, 4).unwrap();
-        let shared_secret = SharedSecretV1::new_test([0x88; 32]);
 
-        let mut client_pin = ClientPin::new(&mut rng);
-        let pin_hash_enc = vec![
-            0x8D, 0x7A, 0xA3, 0x9F, 0x7F, 0xC6, 0x08, 0x13, 0x9A, 0xC8, 0x56, 0x97, 0x70, 0x74,
-            0x99, 0x66,
-        ];
+        let pin_hash_enc = shared_secret.as_ref().encrypt(&mut rng, &pin_hash).unwrap();
         assert_eq!(
             client_pin.verify_pin_hash_enc(
                 &mut rng,
                 &mut persistent_store,
-                &shared_secret,
+                pin_uv_auth_protocol,
+                shared_secret.as_ref(),
                 pin_hash_enc
             ),
             Ok(())
@@ -573,22 +671,21 @@ mod test {
             client_pin.verify_pin_hash_enc(
                 &mut rng,
                 &mut persistent_store,
-                &shared_secret,
+                pin_uv_auth_protocol,
+                shared_secret.as_ref(),
                 pin_hash_enc
             ),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID)
         );
 
-        let pin_hash_enc = vec![
-            0x8D, 0x7A, 0xA3, 0x9F, 0x7F, 0xC6, 0x08, 0x13, 0x9A, 0xC8, 0x56, 0x97, 0x70, 0x74,
-            0x99, 0x66,
-        ];
+        let pin_hash_enc = shared_secret.as_ref().encrypt(&mut rng, &pin_hash).unwrap();
         client_pin.consecutive_pin_mismatches = 3;
         assert_eq!(
             client_pin.verify_pin_hash_enc(
                 &mut rng,
                 &mut persistent_store,
-                &shared_secret,
+                pin_uv_auth_protocol,
+                shared_secret.as_ref(),
                 pin_hash_enc
             ),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_BLOCKED)
@@ -600,7 +697,8 @@ mod test {
             client_pin.verify_pin_hash_enc(
                 &mut rng,
                 &mut persistent_store,
-                &shared_secret,
+                pin_uv_auth_protocol,
+                shared_secret.as_ref(),
                 pin_hash_enc
             ),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID)
@@ -611,7 +709,8 @@ mod test {
             client_pin.verify_pin_hash_enc(
                 &mut rng,
                 &mut persistent_store,
-                &shared_secret,
+                pin_uv_auth_protocol,
+                shared_secret.as_ref(),
                 pin_hash_enc
             ),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID)
@@ -619,95 +718,119 @@ mod test {
     }
 
     #[test]
-    fn test_process_get_pin_retries() {
+    fn test_verify_pin_hash_enc_v1() {
+        test_helper_verify_pin_hash_enc(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_verify_pin_hash_enc_v2() {
+        test_helper_verify_pin_hash_enc(PinUvAuthProtocol::V2);
+    }
+
+    fn test_helper_process_get_pin_retries(pin_uv_auth_protocol: PinUvAuthProtocol) {
+        let (mut client_pin, params) = create_client_pin_and_parameters(
+            pin_uv_auth_protocol,
+            ClientPinSubCommand::GetPinRetries,
+        );
         let mut rng = ThreadRng256 {};
-        let persistent_store = PersistentStore::new(&mut rng);
-        let client_pin = ClientPin::new(&mut rng);
-        let expected_response = Ok(AuthenticatorClientPinResponse {
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let expected_response = Some(AuthenticatorClientPinResponse {
             key_agreement: None,
             pin_token: None,
             retries: Some(persistent_store.pin_retries().unwrap() as u64),
         });
         assert_eq!(
-            client_pin.process_get_pin_retries(&persistent_store),
-            expected_response
+            client_pin.process_command(&mut rng, &mut persistent_store, params),
+            Ok(ResponseData::AuthenticatorClientPin(expected_response))
         );
     }
 
     #[test]
-    fn test_process_get_key_agreement() {
+    fn test_process_get_pin_retries_v1() {
+        test_helper_process_get_pin_retries(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_process_get_pin_retries_v2() {
+        test_helper_process_get_pin_retries(PinUvAuthProtocol::V2);
+    }
+
+    fn test_helper_process_get_key_agreement(pin_uv_auth_protocol: PinUvAuthProtocol) {
+        let (mut client_pin, params) = create_client_pin_and_parameters(
+            pin_uv_auth_protocol,
+            ClientPinSubCommand::GetKeyAgreement,
+        );
         let mut rng = ThreadRng256 {};
-        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
-        let pk = key_agreement_key.genpk();
-        let pin_uv_auth_token = [0x91; PIN_TOKEN_LENGTH];
-        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
-        let expected_response = Ok(AuthenticatorClientPinResponse {
-            key_agreement: Some(CoseKey::from(pk)),
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        let expected_response = Some(AuthenticatorClientPinResponse {
+            key_agreement: params.key_agreement.clone(),
             pin_token: None,
             retries: None,
         });
-        assert_eq!(client_pin.process_get_key_agreement(), expected_response);
-    }
-
-    #[test]
-    fn test_process_set_pin() {
-        let mut rng = ThreadRng256 {};
-        let mut persistent_store = PersistentStore::new(&mut rng);
-        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
-        let pk = key_agreement_key.genpk();
-        let pre_secret = key_agreement_key.exchange_x(&pk);
-        let pin_uv_auth_token = [0x91; PIN_TOKEN_LENGTH];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
-        let shared_secret = Sha256::hash(&pre_secret);
-        let key_agreement = CoseKey::from(pk);
-        let new_pin_enc = encrypt_standard_pin(&shared_secret);
-        let pin_auth = hmac_256::<Sha256>(&shared_secret, &new_pin_enc[..])[..16].to_vec();
         assert_eq!(
-            client_pin.process_set_pin(&mut persistent_store, key_agreement, pin_auth, new_pin_enc),
-            Ok(())
+            client_pin.process_command(&mut rng, &mut persistent_store, params),
+            Ok(ResponseData::AuthenticatorClientPin(expected_response))
         );
     }
 
     #[test]
-    fn test_process_change_pin() {
+    fn test_process_get_key_agreement_v1() {
+        test_helper_process_get_key_agreement(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_process_get_key_agreement_v2() {
+        test_helper_process_get_key_agreement(PinUvAuthProtocol::V2);
+    }
+
+    fn test_helper_process_set_pin(pin_uv_auth_protocol: PinUvAuthProtocol) {
+        let (mut client_pin, params) =
+            create_client_pin_and_parameters(pin_uv_auth_protocol, ClientPinSubCommand::SetPin);
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        assert_eq!(
+            client_pin.process_command(&mut rng, &mut persistent_store, params),
+            Ok(ResponseData::AuthenticatorClientPin(None))
+        );
+    }
+
+    #[test]
+    fn test_process_set_pin_v1() {
+        test_helper_process_set_pin(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_process_set_pin_v2() {
+        test_helper_process_set_pin(PinUvAuthProtocol::V2);
+    }
+
+    fn test_helper_process_change_pin(pin_uv_auth_protocol: PinUvAuthProtocol) {
+        let (mut client_pin, mut params) =
+            create_client_pin_and_parameters(pin_uv_auth_protocol, ClientPinSubCommand::ChangePin);
+        let shared_secret = client_pin
+            .get_pin_protocol(pin_uv_auth_protocol)
+            .decapsulate(
+                params.key_agreement.clone().unwrap(),
+                params.pin_uv_auth_protocol,
+            )
+            .unwrap();
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         set_standard_pin(&mut persistent_store);
-        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
-        let pk = key_agreement_key.genpk();
-        let pre_secret = key_agreement_key.exchange_x(&pk);
-        let pin_uv_auth_token = [0x91; PIN_TOKEN_LENGTH];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
-        let shared_secret = Sha256::hash(&pre_secret);
-        let key_agreement = CoseKey::from(pk);
-        let new_pin_enc = encrypt_standard_pin(&shared_secret);
-        let pin_hash_enc = encrypt_standard_pin_hash(&shared_secret);
-        let mut auth_param_data = new_pin_enc.clone();
-        auth_param_data.extend(&pin_hash_enc);
 
-        let pin_auth = hmac_256::<Sha256>(&shared_secret, &auth_param_data[..])[..16].to_vec();
+        let mut auth_param_data = params.new_pin_enc.clone().unwrap();
+        auth_param_data.extend(params.pin_hash_enc.as_ref().unwrap());
+        let pin_uv_auth_param = shared_secret.authenticate(&auth_param_data);
+        params.pin_uv_auth_param = Some(pin_uv_auth_param);
         assert_eq!(
-            client_pin.process_change_pin(
-                &mut rng,
-                &mut persistent_store,
-                key_agreement.clone(),
-                pin_auth.clone(),
-                new_pin_enc.clone(),
-                pin_hash_enc.clone()
-            ),
-            Ok(())
+            client_pin.process_command(&mut rng, &mut persistent_store, params.clone()),
+            Ok(ResponseData::AuthenticatorClientPin(None))
         );
 
-        let bad_pin_hash_enc = vec![0xEE; 16];
+        let mut bad_params = params.clone();
+        bad_params.pin_hash_enc = Some(vec![0xEE; 16]);
         assert_eq!(
-            client_pin.process_change_pin(
-                &mut rng,
-                &mut persistent_store,
-                key_agreement.clone(),
-                pin_auth.clone(),
-                new_pin_enc.clone(),
-                bad_pin_hash_enc
-            ),
+            client_pin.process_command(&mut rng, &mut persistent_store, bad_params),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         );
 
@@ -715,102 +838,91 @@ mod test {
             persistent_store.decr_pin_retries().unwrap();
         }
         assert_eq!(
-            client_pin.process_change_pin(
-                &mut rng,
-                &mut persistent_store,
-                key_agreement,
-                pin_auth,
-                new_pin_enc,
-                pin_hash_enc,
-            ),
+            client_pin.process_command(&mut rng, &mut persistent_store, params),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_BLOCKED)
         );
     }
 
     #[test]
-    fn test_process_get_pin_token() {
+    fn test_process_change_pin_v1() {
+        test_helper_process_change_pin(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_process_change_pin_v2() {
+        test_helper_process_change_pin(PinUvAuthProtocol::V2);
+    }
+
+    fn test_helper_process_get_pin_token(pin_uv_auth_protocol: PinUvAuthProtocol) {
+        let (mut client_pin, params) = create_client_pin_and_parameters(
+            pin_uv_auth_protocol,
+            ClientPinSubCommand::GetPinToken,
+        );
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         set_standard_pin(&mut persistent_store);
-        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
-        let pk = key_agreement_key.genpk();
-        let pre_secret = key_agreement_key.exchange_x(&pk);
-        let pin_uv_auth_token = [0x91; PIN_TOKEN_LENGTH];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
-        let shared_secret = Sha256::hash(&pre_secret);
-        let key_agreement = CoseKey::from(pk);
 
-        let pin_hash_enc = encrypt_standard_pin_hash(&shared_secret);
         assert!(client_pin
-            .process_get_pin_token(
-                &mut rng,
-                &mut persistent_store,
-                key_agreement.clone(),
-                pin_hash_enc
-            )
+            .process_command(&mut rng, &mut persistent_store, params.clone())
             .is_ok());
 
-        let pin_hash_enc = vec![0xEE; 16];
+        let mut bad_params = params;
+        bad_params.pin_hash_enc = Some(vec![0xEE; 16]);
         assert_eq!(
-            client_pin.process_get_pin_token(
-                &mut rng,
-                &mut persistent_store,
-                key_agreement,
-                pin_hash_enc
-            ),
+            client_pin.process_command(&mut rng, &mut persistent_store, bad_params),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID)
         );
     }
 
     #[test]
-    fn test_process_get_pin_token_force_pin_change() {
+    fn test_process_get_pin_token_v1() {
+        test_helper_process_get_pin_token(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_process_get_pin_token_v2() {
+        test_helper_process_get_pin_token(PinUvAuthProtocol::V2);
+    }
+
+    fn test_helper_process_get_pin_token_force_pin_change(pin_uv_auth_protocol: PinUvAuthProtocol) {
+        let (mut client_pin, params) = create_client_pin_and_parameters(
+            pin_uv_auth_protocol,
+            ClientPinSubCommand::GetPinToken,
+        );
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         set_standard_pin(&mut persistent_store);
-        assert_eq!(persistent_store.force_pin_change(), Ok(()));
-        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
-        let pk = key_agreement_key.genpk();
-        let pre_secret = key_agreement_key.exchange_x(&pk);
-        let pin_uv_auth_token = [0x91; PIN_TOKEN_LENGTH];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
-        let shared_secret = Sha256::hash(&pre_secret);
-        let key_agreement = CoseKey::from(pk);
 
-        let pin_hash_enc = encrypt_standard_pin_hash(&shared_secret);
+        assert_eq!(persistent_store.force_pin_change(), Ok(()));
         assert_eq!(
-            client_pin.process_get_pin_token(
-                &mut rng,
-                &mut persistent_store,
-                key_agreement,
-                pin_hash_enc
-            ),
+            client_pin.process_command(&mut rng, &mut persistent_store, params),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID),
         );
     }
 
     #[test]
-    fn test_process_get_pin_uv_auth_token_using_pin_with_permissions() {
+    fn test_process_get_pin_token_force_pin_change_v1() {
+        test_helper_process_get_pin_token_force_pin_change(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_process_get_pin_token_force_pin_change_v2() {
+        test_helper_process_get_pin_token_force_pin_change(PinUvAuthProtocol::V2);
+    }
+
+    fn test_helper_process_get_pin_uv_auth_token_using_pin_with_permissions(
+        pin_uv_auth_protocol: PinUvAuthProtocol,
+    ) {
+        let (mut client_pin, params) = create_client_pin_and_parameters(
+            pin_uv_auth_protocol,
+            ClientPinSubCommand::GetPinUvAuthTokenUsingPinWithPermissions,
+        );
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         set_standard_pin(&mut persistent_store);
-        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
-        let pk = key_agreement_key.genpk();
-        let pre_secret = key_agreement_key.exchange_x(&pk);
-        let pin_uv_auth_token = [0x91; PIN_TOKEN_LENGTH];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
-        let shared_secret = Sha256::hash(&pre_secret);
-        let key_agreement = CoseKey::from(pk);
 
-        let pin_hash_enc = encrypt_standard_pin_hash(&shared_secret);
         assert!(client_pin
-            .process_get_pin_uv_auth_token_using_pin_with_permissions(
-                &mut rng,
-                &mut persistent_store,
-                key_agreement.clone(),
-                pin_hash_enc.clone(),
-                0x03,
-                Some(String::from("example.com")),
-            )
+            .process_command(&mut rng, &mut persistent_store, params.clone())
             .is_ok());
         assert_eq!(client_pin.permissions, 0x03);
         assert_eq!(
@@ -818,159 +930,121 @@ mod test {
             Some(String::from("example.com"))
         );
 
+        let mut bad_params = params.clone();
+        bad_params.permissions = Some(0x00);
         assert_eq!(
-            client_pin.process_get_pin_uv_auth_token_using_pin_with_permissions(
-                &mut rng,
-                &mut persistent_store,
-                key_agreement.clone(),
-                pin_hash_enc.clone(),
-                0x00,
-                Some(String::from("example.com")),
-            ),
+            client_pin.process_command(&mut rng, &mut persistent_store, bad_params),
             Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
         );
 
+        let mut bad_params = params.clone();
+        bad_params.permissions_rp_id = None;
         assert_eq!(
-            client_pin.process_get_pin_uv_auth_token_using_pin_with_permissions(
-                &mut rng,
-                &mut persistent_store,
-                key_agreement.clone(),
-                pin_hash_enc,
-                0x03,
-                None,
-            ),
+            client_pin.process_command(&mut rng, &mut persistent_store, bad_params),
             Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
         );
 
-        let pin_hash_enc = vec![0xEE; 16];
+        let mut bad_params = params;
+        bad_params.pin_hash_enc = Some(vec![0xEE; 16]);
         assert_eq!(
-            client_pin.process_get_pin_uv_auth_token_using_pin_with_permissions(
-                &mut rng,
-                &mut persistent_store,
-                key_agreement,
-                pin_hash_enc,
-                0x03,
-                Some(String::from("example.com")),
-            ),
+            client_pin.process_command(&mut rng, &mut persistent_store, bad_params),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID)
         );
     }
 
     #[test]
-    fn test_process_get_pin_token_force_pin_change_force_pin_change() {
+    fn test_process_get_pin_uv_auth_token_using_pin_with_permissions_v1() {
+        test_helper_process_get_pin_uv_auth_token_using_pin_with_permissions(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_process_get_pin_uv_auth_token_using_pin_with_permissions_v2() {
+        test_helper_process_get_pin_uv_auth_token_using_pin_with_permissions(PinUvAuthProtocol::V2);
+    }
+
+    fn test_helper_process_get_pin_uv_auth_token_using_pin_with_permissions_force_pin_change(
+        pin_uv_auth_protocol: PinUvAuthProtocol,
+    ) {
+        let (mut client_pin, params) = create_client_pin_and_parameters(
+            pin_uv_auth_protocol,
+            ClientPinSubCommand::GetPinUvAuthTokenUsingPinWithPermissions,
+        );
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         set_standard_pin(&mut persistent_store);
+
         assert_eq!(persistent_store.force_pin_change(), Ok(()));
-        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
-        let pk = key_agreement_key.genpk();
-        let pre_secret = key_agreement_key.exchange_x(&pk);
-        let pin_uv_auth_token = [0x91; PIN_TOKEN_LENGTH];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
-        let shared_secret = Sha256::hash(&pre_secret);
-        let key_agreement = CoseKey::from(pk);
-
-        let pin_hash_enc = encrypt_standard_pin_hash(&shared_secret);
         assert_eq!(
-            client_pin.process_get_pin_uv_auth_token_using_pin_with_permissions(
-                &mut rng,
-                &mut persistent_store,
-                key_agreement,
-                pin_hash_enc,
-                0x03,
-                Some(String::from("example.com")),
-            ),
-            Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID),
+            client_pin.process_command(&mut rng, &mut persistent_store, params),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID)
         );
     }
 
     #[test]
-    fn test_process() {
+    fn test_process_get_pin_uv_auth_token_using_pin_with_permissions_force_pin_change_v1() {
+        test_helper_process_get_pin_uv_auth_token_using_pin_with_permissions_force_pin_change(
+            PinUvAuthProtocol::V1,
+        );
+    }
+
+    #[test]
+    fn test_process_get_pin_uv_auth_token_using_pin_with_permissions_force_pin_change_v2() {
+        test_helper_process_get_pin_uv_auth_token_using_pin_with_permissions_force_pin_change(
+            PinUvAuthProtocol::V2,
+        );
+    }
+
+    fn test_helper_decrypt_pin(pin_uv_auth_protocol: PinUvAuthProtocol) {
         let mut rng = ThreadRng256 {};
-        let mut persistent_store = PersistentStore::new(&mut rng);
-        let mut client_pin = ClientPin::new(&mut rng);
-        let client_pin_params = AuthenticatorClientPinParameters {
-            pin_uv_auth_protocol: 1,
-            sub_command: ClientPinSubCommand::GetPinRetries,
-            key_agreement: None,
-            pin_auth: None,
-            new_pin_enc: None,
-            pin_hash_enc: None,
-            permissions: None,
-            permissions_rp_id: None,
-        };
-        assert!(client_pin
-            .process_command(&mut rng, &mut persistent_store, client_pin_params)
-            .is_ok());
+        let pin_protocol = PinProtocol::new(&mut rng);
+        let shared_secret = pin_protocol
+            .decapsulate(pin_protocol.get_public_key(), pin_uv_auth_protocol)
+            .unwrap();
 
-        let client_pin_params = AuthenticatorClientPinParameters {
-            pin_uv_auth_protocol: 2,
-            sub_command: ClientPinSubCommand::GetPinRetries,
-            key_agreement: None,
-            pin_auth: None,
-            new_pin_enc: None,
-            pin_hash_enc: None,
-            permissions: None,
-            permissions_rp_id: None,
-        };
-        let error_code = Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER;
+        let new_pin_enc = encrypt_pin(shared_secret.as_ref(), b"1234".to_vec());
         assert_eq!(
-            client_pin.process_command(&mut rng, &mut persistent_store, client_pin_params),
-            Err(error_code)
-        );
-    }
-
-    #[test]
-    fn test_decrypt_pin() {
-        let shared_secret = SharedSecretV1::new_test([0x88; 32]);
-
-        // "1234"
-        let new_pin_enc = vec![
-            0xC0, 0xCF, 0xAE, 0x4C, 0x79, 0x56, 0x87, 0x99, 0xE5, 0x83, 0x4F, 0xE6, 0x4D, 0xFE,
-            0x53, 0x32, 0x36, 0x0D, 0xF9, 0x1E, 0x47, 0x66, 0x10, 0x5C, 0x63, 0x30, 0x1D, 0xCC,
-            0x00, 0x09, 0x91, 0xA4, 0x20, 0x6B, 0x78, 0x10, 0xFE, 0xC6, 0x2E, 0x7E, 0x75, 0x14,
-            0xEE, 0x01, 0x99, 0x6C, 0xD7, 0xE5, 0x2B, 0xA5, 0x7A, 0x5A, 0xE1, 0xEC, 0x69, 0x31,
-            0x18, 0x35, 0x06, 0x66, 0x97, 0x84, 0x68, 0xC2,
-        ];
-        assert_eq!(
-            decrypt_pin(&shared_secret, new_pin_enc),
+            decrypt_pin(shared_secret.as_ref(), new_pin_enc),
             Ok(b"1234".to_vec()),
         );
 
-        // "123"
-        let new_pin_enc = vec![
-            0xF3, 0x54, 0x29, 0x17, 0xD4, 0xF8, 0xCD, 0x23, 0x1D, 0x59, 0xED, 0xE5, 0x33, 0x42,
-            0x13, 0x39, 0x22, 0xBB, 0x91, 0x28, 0x87, 0x6A, 0xF9, 0xB1, 0x80, 0x9C, 0x9D, 0x76,
-            0xFF, 0xDD, 0xB8, 0xD6, 0x8D, 0x66, 0x99, 0xA2, 0x42, 0x67, 0xB0, 0x5C, 0x82, 0x3F,
-            0x08, 0x55, 0x8C, 0x04, 0xC5, 0x91, 0xF0, 0xF9, 0x58, 0x44, 0x00, 0x1B, 0x99, 0xA6,
-            0x7C, 0xC7, 0x2D, 0x43, 0x74, 0x4C, 0x1D, 0x7E,
-        ];
+        let new_pin_enc = encrypt_pin(shared_secret.as_ref(), b"123".to_vec());
         assert_eq!(
-            decrypt_pin(&shared_secret, new_pin_enc),
+            decrypt_pin(shared_secret.as_ref(), new_pin_enc),
             Ok(b"123".to_vec()),
         );
 
         // Encrypted PIN is too short.
         let new_pin_enc = vec![0x44; 63];
         assert_eq!(
-            decrypt_pin(&shared_secret, new_pin_enc),
+            decrypt_pin(shared_secret.as_ref(), new_pin_enc),
             Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
         );
 
         // Encrypted PIN is too long.
         let new_pin_enc = vec![0x44; 65];
         assert_eq!(
-            decrypt_pin(&shared_secret, new_pin_enc),
+            decrypt_pin(shared_secret.as_ref(), new_pin_enc),
             Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
         );
     }
 
     #[test]
-    fn test_check_and_store_new_pin() {
+    fn test_decrypt_pin_v1() {
+        test_helper_decrypt_pin(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_decrypt_pin_v2() {
+        test_helper_decrypt_pin(PinUvAuthProtocol::V2);
+    }
+
+    fn test_helper_check_and_store_new_pin(pin_uv_auth_protocol: PinUvAuthProtocol) {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
-        let shared_secret_hash = [0x88; 32];
-        let shared_secret = SharedSecretV1::new_test(shared_secret_hash);
+        let pin_protocol = PinProtocol::new(&mut rng);
+        let shared_secret = pin_protocol
+            .decapsulate(pin_protocol.get_public_key(), pin_uv_auth_protocol)
+            .unwrap();
 
         let test_cases = vec![
             // Accept PIN "1234".
@@ -993,9 +1067,10 @@ mod test {
         ];
         for (pin, result) in test_cases {
             let old_pin_hash = persistent_store.pin_hash().unwrap();
-            let new_pin_enc = encrypt_pin(&shared_secret_hash, pin);
+            let new_pin_enc = encrypt_pin(shared_secret.as_ref(), pin);
+
             assert_eq!(
-                check_and_store_new_pin(&mut persistent_store, &shared_secret, new_pin_enc),
+                check_and_store_new_pin(&mut persistent_store, shared_secret.as_ref(), new_pin_enc),
                 result
             );
             if result.is_ok() {
@@ -1007,77 +1082,151 @@ mod test {
     }
 
     #[test]
-    fn test_encrypt_hmac_secret_output() {
+    fn test_check_and_store_new_pin_v1() {
+        test_helper_check_and_store_new_pin(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_check_and_store_new_pin_v2() {
+        test_helper_check_and_store_new_pin(PinUvAuthProtocol::V2);
+    }
+
+    /// Generates valid inputs for process_hmac_secret and returns the output.
+    fn get_process_hmac_secret_decrypted_output(
+        pin_uv_auth_protocol: PinUvAuthProtocol,
+        cred_random: &[u8; 32],
+        salt: Vec<u8>,
+    ) -> Result<Vec<u8>, Ctap2StatusCode> {
         let mut rng = ThreadRng256 {};
-        let shared_secret_hash = [0x88; 32];
-        let shared_secret = SharedSecretV1::new_test(shared_secret_hash);
-        let salt_enc = [0x5E; 32];
-        let cred_random = [0xC9; 32];
-        let output = encrypt_hmac_secret_output(&mut rng, &shared_secret, &salt_enc, &cred_random);
-        assert_eq!(output.unwrap().len(), 32);
+        let (client_pin, shared_secret) = create_client_pin_and_shared_secret(pin_uv_auth_protocol);
 
-        let salt_enc = [0x5E; 48];
-        let output = encrypt_hmac_secret_output(&mut rng, &shared_secret, &salt_enc, &cred_random);
-        assert_eq!(output, Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER));
+        let salt_enc = shared_secret.as_ref().encrypt(&mut rng, &salt).unwrap();
+        let salt_auth = shared_secret.authenticate(&salt_enc);
+        let hmac_secret_input = GetAssertionHmacSecretInput {
+            key_agreement: client_pin
+                .get_pin_protocol(pin_uv_auth_protocol)
+                .get_public_key(),
+            salt_enc,
+            salt_auth,
+            pin_uv_auth_protocol,
+        };
+        let output = client_pin.process_hmac_secret(&mut rng, hmac_secret_input, cred_random);
+        output.map(|v| shared_secret.as_ref().decrypt(&v).unwrap())
+    }
 
-        let salt_enc = [0x5E; 64];
-        let output = encrypt_hmac_secret_output(&mut rng, &shared_secret, &salt_enc, &cred_random);
-        assert_eq!(output.unwrap().len(), 64);
-
-        let mut salt_enc = [0x00; 32];
+    fn test_helper_process_hmac_secret_bad_salt_auth(pin_uv_auth_protocol: PinUvAuthProtocol) {
+        let mut rng = ThreadRng256 {};
+        let (client_pin, shared_secret) = create_client_pin_and_shared_secret(pin_uv_auth_protocol);
+        let cred_random = [0xC9; 32];
+
+        let salt_enc = vec![0x01; 32];
+        let mut salt_auth = shared_secret.authenticate(&salt_enc);
+        salt_auth[0] = 0x00;
+        let hmac_secret_input = GetAssertionHmacSecretInput {
+            key_agreement: client_pin
+                .get_pin_protocol(pin_uv_auth_protocol)
+                .get_public_key(),
+            salt_enc,
+            salt_auth,
+            pin_uv_auth_protocol,
+        };
+        let output = client_pin.process_hmac_secret(&mut rng, hmac_secret_input, &cred_random);
+        assert_eq!(output, Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID));
+    }
+
+    #[test]
+    fn test_process_hmac_secret_bad_salt_auth_v1() {
+        test_helper_process_hmac_secret_bad_salt_auth(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_process_hmac_secret_bad_salt_auth_v2() {
+        test_helper_process_hmac_secret_bad_salt_auth(PinUvAuthProtocol::V2);
+    }
+
+    fn test_helper_process_hmac_secret_one_salt(pin_uv_auth_protocol: PinUvAuthProtocol) {
+        let cred_random = [0xC9; 32];
+
+        let salt = vec![0x01; 32];
+        let expected_output = hmac_256::<Sha256>(&cred_random, &salt);
+
+        let output =
+            get_process_hmac_secret_decrypted_output(pin_uv_auth_protocol, &cred_random, salt)
+                .unwrap();
+        assert_eq!(&output, &expected_output);
+    }
+
+    #[test]
+    fn test_process_hmac_secret_one_salt_v1() {
+        test_helper_process_hmac_secret_one_salt(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_process_hmac_secret_one_salt_v2() {
+        test_helper_process_hmac_secret_one_salt(PinUvAuthProtocol::V2);
+    }
+
+    fn test_helper_process_hmac_secret_two_salts(pin_uv_auth_protocol: PinUvAuthProtocol) {
         let cred_random = [0xC9; 32];
 
-        // Test values to check for reproducibility.
         let salt1 = [0x01; 32];
         let salt2 = [0x02; 32];
         let expected_output1 = hmac_256::<Sha256>(&cred_random, &salt1);
         let expected_output2 = hmac_256::<Sha256>(&cred_random, &salt2);
 
-        let salt_enc1 = encrypt_message(&shared_secret_hash, &salt1);
-        salt_enc.copy_from_slice(salt_enc1.as_slice());
-        let output =
-            encrypt_hmac_secret_output(&mut rng, &shared_secret, &salt_enc, &cred_random).unwrap();
-        let output_dec = decrypt_message(&shared_secret_hash, &output);
-        assert_eq!(&output_dec, &expected_output1);
-
-        let salt_enc2 = &encrypt_message(&shared_secret_hash, &salt2);
-        salt_enc.copy_from_slice(salt_enc2.as_slice());
-        let output =
-            encrypt_hmac_secret_output(&mut rng, &shared_secret, &salt_enc, &cred_random).unwrap();
-        let output_dec = decrypt_message(&shared_secret_hash, &output);
-        assert_eq!(&output_dec, &expected_output2);
-
-        let mut salt_enc = [0x00; 64];
-        let mut salt12 = [0x00; 64];
+        let mut salt12 = vec![0x00; 64];
         salt12[..32].copy_from_slice(&salt1);
         salt12[32..].copy_from_slice(&salt2);
-        let salt_enc12 = encrypt_message(&shared_secret_hash, &salt12);
-        salt_enc.copy_from_slice(salt_enc12.as_slice());
         let output =
-            encrypt_hmac_secret_output(&mut rng, &shared_secret, &salt_enc, &cred_random).unwrap();
-        let output_dec = decrypt_message(&shared_secret_hash, &output);
-        assert_eq!(&output_dec[..32], &expected_output1);
-        assert_eq!(&output_dec[32..], &expected_output2);
+            get_process_hmac_secret_decrypted_output(pin_uv_auth_protocol, &cred_random, salt12)
+                .unwrap();
+        assert_eq!(&output[..32], &expected_output1);
+        assert_eq!(&output[32..], &expected_output2);
 
-        let mut salt_enc = [0x00; 64];
-        let mut salt02 = [0x00; 64];
+        let mut salt02 = vec![0x00; 64];
         salt02[32..].copy_from_slice(&salt2);
-        let salt_enc02 = encrypt_message(&shared_secret_hash, &salt02);
-        salt_enc.copy_from_slice(salt_enc02.as_slice());
         let output =
-            encrypt_hmac_secret_output(&mut rng, &shared_secret, &salt_enc, &cred_random).unwrap();
-        let output_dec = decrypt_message(&shared_secret_hash, &output);
-        assert_eq!(&output_dec[32..], &expected_output2);
+            get_process_hmac_secret_decrypted_output(pin_uv_auth_protocol, &cred_random, salt02)
+                .unwrap();
+        assert_eq!(&output[32..], &expected_output2);
 
-        let mut salt_enc = [0x00; 64];
-        let mut salt10 = [0x00; 64];
+        let mut salt10 = vec![0x00; 64];
         salt10[..32].copy_from_slice(&salt1);
-        let salt_enc10 = encrypt_message(&shared_secret_hash, &salt10);
-        salt_enc.copy_from_slice(salt_enc10.as_slice());
         let output =
-            encrypt_hmac_secret_output(&mut rng, &shared_secret, &salt_enc, &cred_random).unwrap();
-        let output_dec = decrypt_message(&shared_secret_hash, &output);
-        assert_eq!(&output_dec[..32], &expected_output1);
+            get_process_hmac_secret_decrypted_output(pin_uv_auth_protocol, &cred_random, salt10)
+                .unwrap();
+        assert_eq!(&output[..32], &expected_output1);
+    }
+
+    #[test]
+    fn test_process_hmac_secret_two_salts_v1() {
+        test_helper_process_hmac_secret_two_salts(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_process_hmac_secret_two_salts_v2() {
+        test_helper_process_hmac_secret_two_salts(PinUvAuthProtocol::V2);
+    }
+
+    fn test_helper_process_hmac_secret_wrong_length(pin_uv_auth_protocol: PinUvAuthProtocol) {
+        let cred_random = [0xC9; 32];
+
+        let output = get_process_hmac_secret_decrypted_output(
+            pin_uv_auth_protocol,
+            &cred_random,
+            vec![0x5E; 48],
+        );
+        assert_eq!(output, Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER));
+    }
+
+    #[test]
+    fn test_process_hmac_secret_wrong_length_v1() {
+        test_helper_process_hmac_secret_wrong_length(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_process_hmac_secret_wrong_length_v2() {
+        test_helper_process_hmac_secret_wrong_length(PinUvAuthProtocol::V2);
     }
 
     #[test]
@@ -1160,4 +1309,34 @@ mod test {
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         );
     }
+
+    #[test]
+    fn test_reset() {
+        let mut rng = ThreadRng256 {};
+        let mut client_pin = ClientPin::new(&mut rng);
+        let public_key_v1 = client_pin.pin_protocol_v1.get_public_key();
+        let public_key_v2 = client_pin.pin_protocol_v2.get_public_key();
+        let token_v1 = *client_pin.pin_protocol_v1.get_pin_uv_auth_token();
+        let token_v2 = *client_pin.pin_protocol_v2.get_pin_uv_auth_token();
+        client_pin.permissions = 0xFF;
+        client_pin.permissions_rp_id = Some(String::from("example.com"));
+        client_pin.reset(&mut rng);
+        assert_ne!(public_key_v1, client_pin.pin_protocol_v1.get_public_key());
+        assert_ne!(public_key_v2, client_pin.pin_protocol_v2.get_public_key());
+        assert_ne!(
+            &token_v1,
+            client_pin.pin_protocol_v1.get_pin_uv_auth_token()
+        );
+        assert_ne!(
+            &token_v2,
+            client_pin.pin_protocol_v2.get_pin_uv_auth_token()
+        );
+        for permission in PinPermission::into_enum_iter() {
+            assert_eq!(
+                client_pin.has_permission(permission),
+                Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+            );
+        }
+        assert_eq!(client_pin.has_no_rp_id_permission(), Ok(()));
+    }
 }
diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index 8c5aaec..748c33e 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -18,8 +18,8 @@ use super::data_formats::{
     extract_unsigned, ok_or_missing, ClientPinSubCommand, ConfigSubCommand, ConfigSubCommandParams,
     CoseKey, CredentialManagementSubCommand, CredentialManagementSubCommandParameters,
     GetAssertionExtensions, GetAssertionOptions, MakeCredentialExtensions, MakeCredentialOptions,
-    PublicKeyCredentialDescriptor, PublicKeyCredentialParameter, PublicKeyCredentialRpEntity,
-    PublicKeyCredentialUserEntity, SetMinPinLengthParams,
+    PinUvAuthProtocol, PublicKeyCredentialDescriptor, PublicKeyCredentialParameter,
+    PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity, SetMinPinLengthParams,
 };
 use super::key_material;
 use super::status_code::Ctap2StatusCode;
@@ -302,12 +302,12 @@ impl TryFrom<cbor::Value> for AuthenticatorGetAssertionParameters {
     }
 }
 
-#[derive(Debug, PartialEq)]
+#[derive(Clone, Debug, PartialEq)]
 pub struct AuthenticatorClientPinParameters {
-    pub pin_uv_auth_protocol: u64,
+    pub pin_uv_auth_protocol: PinUvAuthProtocol,
     pub sub_command: ClientPinSubCommand,
     pub key_agreement: Option<CoseKey>,
-    pub pin_auth: Option<Vec<u8>>,
+    pub pin_uv_auth_param: Option<Vec<u8>>,
     pub new_pin_enc: Option<Vec<u8>>,
     pub pin_hash_enc: Option<Vec<u8>>,
     pub permissions: Option<u8>,
@@ -323,7 +323,7 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
                 0x01 => pin_uv_auth_protocol,
                 0x02 => sub_command,
                 0x03 => key_agreement,
-                0x04 => pin_auth,
+                0x04 => pin_uv_auth_param,
                 0x05 => new_pin_enc,
                 0x06 => pin_hash_enc,
                 0x09 => permissions,
@@ -331,10 +331,11 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
             } = extract_map(cbor_value)?;
         }
 
-        let pin_uv_auth_protocol = extract_unsigned(ok_or_missing(pin_uv_auth_protocol)?)?;
+        let pin_uv_auth_protocol =
+            PinUvAuthProtocol::try_from(ok_or_missing(pin_uv_auth_protocol)?)?;
         let sub_command = ClientPinSubCommand::try_from(ok_or_missing(sub_command)?)?;
         let key_agreement = key_agreement.map(CoseKey::try_from).transpose()?;
-        let pin_auth = pin_auth.map(extract_byte_string).transpose()?;
+        let pin_uv_auth_param = pin_uv_auth_param.map(extract_byte_string).transpose()?;
         let new_pin_enc = new_pin_enc.map(extract_byte_string).transpose()?;
         let pin_hash_enc = pin_hash_enc.map(extract_byte_string).transpose()?;
         // We expect a bit field of 8 bits, and drop everything else.
@@ -349,7 +350,7 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
             pin_uv_auth_protocol,
             sub_command,
             key_agreement,
-            pin_auth,
+            pin_uv_auth_param,
             new_pin_enc,
             pin_hash_enc,
             permissions,
@@ -706,10 +707,10 @@ mod test {
             AuthenticatorClientPinParameters::try_from(cbor_value).unwrap();
 
         let expected_client_pin_parameters = AuthenticatorClientPinParameters {
-            pin_uv_auth_protocol: 1,
+            pin_uv_auth_protocol: PinUvAuthProtocol::V1,
             sub_command: ClientPinSubCommand::GetPinRetries,
             key_agreement: Some(cose_key),
-            pin_auth: Some(vec![0xBB]),
+            pin_uv_auth_param: Some(vec![0xBB]),
             new_pin_enc: Some(vec![0xCC]),
             pin_hash_enc: Some(vec![0xDD]),
             permissions: Some(0x03),
diff --git a/src/ctap/config_command.rs b/src/ctap/config_command.rs
index 2f90f11..3cbefd5 100644
--- a/src/ctap/config_command.rs
+++ b/src/ctap/config_command.rs
@@ -126,6 +126,7 @@ pub fn process_config(
 mod test {
     use super::*;
     use crate::ctap::customization::ENFORCE_ALWAYS_UV;
+    use crate::ctap::data_formats::PinUvAuthProtocol;
     use crypto::rng256::ThreadRng256;
 
     #[test]
@@ -134,7 +135,8 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
 
         let config_params = AuthenticatorConfigParameters {
             sub_command: ConfigSubCommand::EnableEnterpriseAttestation,
@@ -161,7 +163,8 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
 
         let config_params = AuthenticatorConfigParameters {
             sub_command: ConfigSubCommand::ToggleAlwaysUv,
@@ -197,7 +200,8 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
         persistent_store.set_pin(&[0x88; 16], 4).unwrap();
 
         let pin_uv_auth_param = Some(vec![
@@ -257,7 +261,8 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
 
         // First, increase minimum PIN length from 4 to 6 without PIN auth.
         let min_pin_length = 6;
@@ -301,7 +306,8 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
 
         // First, set RP IDs without PIN auth.
         let min_pin_length = 6;
@@ -377,7 +383,8 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
 
         persistent_store.set_pin(&[0x88; 16], 4).unwrap();
         // Increase min PIN, force PIN change.
@@ -400,7 +407,8 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
 
         persistent_store.set_pin(&[0x88; 16], 4).unwrap();
         let pin_uv_auth_param = Some(vec![
@@ -431,7 +439,8 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
 
         let config_params = AuthenticatorConfigParameters {
             sub_command: ConfigSubCommand::VendorPrototype,
diff --git a/src/ctap/credential_management.rs b/src/ctap/credential_management.rs
index 5b07294..bbfb320 100644
--- a/src/ctap/credential_management.rs
+++ b/src/ctap/credential_management.rs
@@ -351,7 +351,7 @@ pub fn process_credential_management(
 
 #[cfg(test)]
 mod test {
-    use super::super::data_formats::PublicKeyCredentialType;
+    use super::super::data_formats::{PinUvAuthProtocol, PublicKeyCredentialType};
     use super::super::CtapState;
     use super::*;
     use crypto::rng256::{Rng256, ThreadRng256};
@@ -382,7 +382,8 @@ mod test {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
         let credential_source = create_credential_source(&mut rng);
 
         let user_immediately_present = |_| Ok(());
@@ -453,7 +454,8 @@ mod test {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
         let credential_source1 = create_credential_source(&mut rng);
         let mut credential_source2 = create_credential_source(&mut rng);
         credential_source2.rp_id = "another.example.com".to_string();
@@ -550,7 +552,8 @@ mod test {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
         let credential_source = create_credential_source(&mut rng);
 
         let user_immediately_present = |_| Ok(());
@@ -632,7 +635,8 @@ mod test {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
         let credential_source1 = create_credential_source(&mut rng);
         let mut credential_source2 = create_credential_source(&mut rng);
         credential_source2.user_handle = vec![0x02];
@@ -737,7 +741,8 @@ mod test {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
         let mut credential_source = create_credential_source(&mut rng);
         credential_source.credential_id = vec![0x1D; 32];
 
@@ -808,7 +813,8 @@ mod test {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
         let mut credential_source = create_credential_source(&mut rng);
         credential_source.credential_id = vec![0x1D; 32];
 
@@ -880,7 +886,8 @@ mod test {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
 
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index 97ee858..138dd3a 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -356,6 +356,7 @@ pub struct GetAssertionHmacSecretInput {
     pub key_agreement: CoseKey,
     pub salt_enc: Vec<u8>,
     pub salt_auth: Vec<u8>,
+    pub pin_uv_auth_protocol: PinUvAuthProtocol,
 }
 
 impl TryFrom<cbor::Value> for GetAssertionHmacSecretInput {
@@ -367,16 +368,20 @@ impl TryFrom<cbor::Value> for GetAssertionHmacSecretInput {
                 1 => key_agreement,
                 2 => salt_enc,
                 3 => salt_auth,
+                4 => pin_uv_auth_protocol,
             } = extract_map(cbor_value)?;
         }
 
         let key_agreement = CoseKey::try_from(ok_or_missing(key_agreement)?)?;
         let salt_enc = extract_byte_string(ok_or_missing(salt_enc)?)?;
         let salt_auth = extract_byte_string(ok_or_missing(salt_auth)?)?;
+        let pin_uv_auth_protocol =
+            pin_uv_auth_protocol.map_or(Ok(PinUvAuthProtocol::V1), PinUvAuthProtocol::try_from)?;
         Ok(Self {
             key_agreement,
             salt_enc,
             salt_auth,
+            pin_uv_auth_protocol,
         })
     }
 }
@@ -638,7 +643,7 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialSource {
         let cred_protect_policy = cred_protect_policy
             .map(CredentialProtectionPolicy::try_from)
             .transpose()?;
-        let creation_order = creation_order.map(extract_unsigned).unwrap_or(Ok(0))?;
+        let creation_order = creation_order.map_or(Ok(0), extract_unsigned)?;
         let user_name = user_name.map(extract_text_string).transpose()?;
         let user_icon = user_icon.map(extract_text_string).transpose()?;
         let cred_blob = cred_blob.map(extract_byte_string).transpose()?;
@@ -809,6 +814,24 @@ impl TryFrom<CoseKey> for ecdh::PubKey {
     }
 }
 
+#[derive(Clone, Copy, Debug, PartialEq)]
+pub enum PinUvAuthProtocol {
+    V1,
+    V2,
+}
+
+impl TryFrom<cbor::Value> for PinUvAuthProtocol {
+    type Error = Ctap2StatusCode;
+
+    fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
+        match extract_unsigned(cbor_value)? {
+            1 => Ok(PinUvAuthProtocol::V1),
+            2 => Ok(PinUvAuthProtocol::V2),
+            _ => Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER),
+        }
+    }
+}
+
 #[derive(Clone, Debug, PartialEq)]
 #[cfg_attr(test, derive(IntoEnumIterator))]
 pub enum ClientPinSubCommand {
@@ -1569,7 +1592,7 @@ mod test {
     }
 
     #[test]
-    fn test_from_get_assertion_extensions() {
+    fn test_from_get_assertion_extensions_default_protocol() {
         let mut rng = ThreadRng256 {};
         let sk = crypto::ecdh::SecKey::gensk(&mut rng);
         let pk = sk.genpk();
@@ -1588,6 +1611,7 @@ mod test {
             key_agreement: cose_key,
             salt_enc: vec![0x02; 32],
             salt_auth: vec![0x03; 16],
+            pin_uv_auth_protocol: PinUvAuthProtocol::V1,
         };
         let expected_extensions = GetAssertionExtensions {
             hmac_secret: Some(expected_input),
@@ -1597,6 +1621,38 @@ mod test {
         assert_eq!(extensions, Ok(expected_extensions));
     }
 
+    #[test]
+    fn test_from_get_assertion_extensions_with_protocol() {
+        let mut rng = ThreadRng256 {};
+        let sk = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pk = sk.genpk();
+        let cose_key = CoseKey::from(pk);
+        let cbor_extensions = cbor_map! {
+            "hmac-secret" => cbor_map! {
+                1 => cbor::Value::from(cose_key.clone()),
+                2 => vec![0x02; 32],
+                3 => vec![0x03; 16],
+                4 => 2,
+            },
+            "credBlob" => true,
+            "largeBlobKey" => true,
+        };
+        let extensions = GetAssertionExtensions::try_from(cbor_extensions);
+        let expected_input = GetAssertionHmacSecretInput {
+            key_agreement: cose_key,
+            salt_enc: vec![0x02; 32],
+            salt_auth: vec![0x03; 16],
+            pin_uv_auth_protocol: PinUvAuthProtocol::V2,
+        };
+        let expected_extensions = GetAssertionExtensions {
+            hmac_secret: Some(expected_input),
+            cred_blob: true,
+            large_blob_key: Some(true),
+        };
+        assert_eq!(extensions, Ok(expected_extensions));
+        // TODO more tests, check default
+    }
+
     #[test]
     fn test_from_make_credential_options() {
         let cbor_make_options = cbor_map! {
@@ -1759,6 +1815,25 @@ mod test {
         assert_eq!(cose_key.algorithm, ES256_ALGORITHM);
     }
 
+    #[test]
+    fn test_from_pin_uv_auth_protocol() {
+        let cbor_protocol: cbor::Value = cbor_int!(0x01);
+        assert_eq!(
+            PinUvAuthProtocol::try_from(cbor_protocol),
+            Ok(PinUvAuthProtocol::V1)
+        );
+        let cbor_protocol: cbor::Value = cbor_int!(0x02);
+        assert_eq!(
+            PinUvAuthProtocol::try_from(cbor_protocol),
+            Ok(PinUvAuthProtocol::V2)
+        );
+        let cbor_protocol: cbor::Value = cbor_int!(0x03);
+        assert_eq!(
+            PinUvAuthProtocol::try_from(cbor_protocol),
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        );
+    }
+
     #[test]
     fn test_from_into_client_pin_sub_command() {
         let cbor_sub_command: cbor::Value = cbor_int!(0x01);
diff --git a/src/ctap/large_blobs.rs b/src/ctap/large_blobs.rs
index 05cec58..d366ce4 100644
--- a/src/ctap/large_blobs.rs
+++ b/src/ctap/large_blobs.rs
@@ -135,6 +135,7 @@ impl LargeBlobs {
 
 #[cfg(test)]
 mod test {
+    use super::super::data_formats::PinUvAuthProtocol;
     use super::*;
     use crypto::rng256::ThreadRng256;
 
@@ -144,7 +145,8 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
         let mut large_blobs = LargeBlobs::new();
 
         let large_blob = vec![
@@ -175,7 +177,8 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
         let mut large_blobs = LargeBlobs::new();
 
         const BLOB_LEN: usize = 200;
@@ -237,7 +240,8 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
         let mut large_blobs = LargeBlobs::new();
 
         const BLOB_LEN: usize = 200;
@@ -283,7 +287,8 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
         let mut large_blobs = LargeBlobs::new();
 
         const BLOB_LEN: usize = 200;
@@ -329,7 +334,8 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
         let mut large_blobs = LargeBlobs::new();
 
         const BLOB_LEN: usize = 20;
@@ -358,7 +364,8 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
-        let mut client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let mut client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
         let mut large_blobs = LargeBlobs::new();
 
         const BLOB_LEN: usize = 20;
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 6d8e2d0..8432f4e 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -1223,7 +1223,8 @@ mod test {
     use super::command::AuthenticatorAttestationMaterial;
     use super::data_formats::{
         CoseKey, GetAssertionHmacSecretInput, GetAssertionOptions, MakeCredentialExtensions,
-        MakeCredentialOptions, PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity,
+        MakeCredentialOptions, PinUvAuthProtocol, PublicKeyCredentialRpEntity,
+        PublicKeyCredentialUserEntity,
     };
     use super::*;
     use cbor::{cbor_array, cbor_array_vec, cbor_map};
@@ -1983,6 +1984,7 @@ mod test {
             key_agreement: CoseKey::from(pk),
             salt_enc: vec![0x02; 32],
             salt_auth: vec![0x03; 16],
+            pin_uv_auth_protocol: PinUvAuthProtocol::V1,
         };
         let get_extensions = GetAssertionExtensions {
             hmac_secret: Some(hmac_secret_input),
@@ -2040,6 +2042,7 @@ mod test {
             key_agreement: CoseKey::from(pk),
             salt_enc: vec![0x02; 32],
             salt_auth: vec![0x03; 16],
+            pin_uv_auth_protocol: PinUvAuthProtocol::V1,
         };
         let get_extensions = GetAssertionExtensions {
             hmac_secret: Some(hmac_secret_input),
@@ -2317,7 +2320,8 @@ mod test {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x88; 32];
-        let client_pin = ClientPin::new_test(key_agreement_key, pin_uv_auth_token);
+        let client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
 
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
diff --git a/src/ctap/pin_protocol.rs b/src/ctap/pin_protocol.rs
index 88d608a..912f7aa 100644
--- a/src/ctap/pin_protocol.rs
+++ b/src/ctap/pin_protocol.rs
@@ -13,7 +13,7 @@
 // limitations under the License.
 
 use crate::ctap::client_pin::PIN_TOKEN_LENGTH;
-use crate::ctap::data_formats::CoseKey;
+use crate::ctap::data_formats::{CoseKey, PinUvAuthProtocol};
 use crate::ctap::status_code::Ctap2StatusCode;
 use alloc::boxed::Box;
 use alloc::vec;
@@ -21,6 +21,8 @@ use alloc::vec::Vec;
 use core::convert::TryInto;
 use crypto::cbc::{cbc_decrypt, cbc_encrypt};
 use crypto::hkdf::hkdf_empty_salt_256;
+#[cfg(test)]
+use crypto::hmac::hmac_256;
 use crypto::hmac::{verify_hmac_256, verify_hmac_256_first_128bits};
 use crypto::rng256::Rng256;
 use crypto::sha256::Sha256;
@@ -64,14 +66,13 @@ impl PinProtocol {
     pub fn decapsulate(
         &self,
         peer_cose_key: CoseKey,
-        pin_uv_auth_protocol: u64,
+        pin_uv_auth_protocol: PinUvAuthProtocol,
     ) -> Result<Box<dyn SharedSecret>, Ctap2StatusCode> {
         let pk: crypto::ecdh::PubKey = CoseKey::try_into(peer_cose_key)?;
         let handshake = self.key_agreement_key.exchange_x(&pk);
         match pin_uv_auth_protocol {
-            1 => Ok(Box::new(SharedSecretV1::new(handshake))),
-            2 => Ok(Box::new(SharedSecretV2::new(handshake))),
-            _ => Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER),
+            PinUvAuthProtocol::V1 => Ok(Box::new(SharedSecretV1::new(handshake))),
+            PinUvAuthProtocol::V2 => Ok(Box::new(SharedSecretV2::new(handshake))),
         }
     }
 
@@ -98,12 +99,11 @@ pub fn verify_pin_uv_auth_token(
     token: &[u8; PIN_TOKEN_LENGTH],
     message: &[u8],
     signature: &[u8],
-    pin_uv_auth_protocol: u64,
+    pin_uv_auth_protocol: PinUvAuthProtocol,
 ) -> Result<(), Ctap2StatusCode> {
     match pin_uv_auth_protocol {
-        1 => verify_v1(token, message, signature),
-        2 => verify_v2(token, message, signature),
-        _ => Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER),
+        PinUvAuthProtocol::V1 => verify_v1(token, message, signature),
+        PinUvAuthProtocol::V2 => verify_v2(token, message, signature),
     }
 }
 
@@ -116,6 +116,10 @@ pub trait SharedSecret {
 
     /// Verifies that the signature is a valid MAC for the given message.
     fn verify(&self, message: &[u8], signature: &[u8]) -> Result<(), Ctap2StatusCode>;
+
+    /// Creates a signature that matches verify.
+    #[cfg(test)]
+    fn authenticate(&self, message: &[u8]) -> Vec<u8>;
 }
 
 fn aes256_cbc_encrypt(
@@ -210,16 +214,6 @@ impl SharedSecretV1 {
             aes_enc_key,
         }
     }
-
-    /// Creates a new shared secret for testing.
-    #[cfg(test)]
-    pub fn new_test(hash: [u8; 32]) -> SharedSecretV1 {
-        let aes_enc_key = crypto::aes256::EncryptionKey::new(&hash);
-        SharedSecretV1 {
-            common_secret: hash,
-            aes_enc_key,
-        }
-    }
 }
 
 impl SharedSecret for SharedSecretV1 {
@@ -234,6 +228,11 @@ impl SharedSecret for SharedSecretV1 {
     fn verify(&self, message: &[u8], signature: &[u8]) -> Result<(), Ctap2StatusCode> {
         verify_v1(&self.common_secret, message, signature)
     }
+
+    #[cfg(test)]
+    fn authenticate(&self, message: &[u8]) -> Vec<u8> {
+        hmac_256::<Sha256>(&self.common_secret, message)[..16].to_vec()
+    }
 }
 
 pub struct SharedSecretV2 {
@@ -264,6 +263,11 @@ impl SharedSecret for SharedSecretV2 {
     fn verify(&self, message: &[u8], signature: &[u8]) -> Result<(), Ctap2StatusCode> {
         verify_v2(&self.hmac_key, message, signature)
     }
+
+    #[cfg(test)]
+    fn authenticate(&self, message: &[u8]) -> Vec<u8> {
+        hmac_256::<Sha256>(&self.hmac_key, message).to_vec()
+    }
 }
 
 #[cfg(test)]
@@ -300,6 +304,14 @@ mod test {
         assert_eq!(shared_secret.decrypt(&ciphertext), Ok(plaintext));
     }
 
+    #[test]
+    fn test_shared_secret_v1_authenticate_verify() {
+        let shared_secret = SharedSecretV1::new([0x55; 32]);
+        let message = [0xAA; 32];
+        let signature = shared_secret.authenticate(&message);
+        assert_eq!(shared_secret.verify(&message, &signature), Ok(()));
+    }
+
     #[test]
     fn test_shared_secret_v1_verify() {
         let shared_secret = SharedSecretV1::new([0x55; 32]);
@@ -328,6 +340,14 @@ mod test {
         assert_eq!(shared_secret.decrypt(&ciphertext), Ok(plaintext));
     }
 
+    #[test]
+    fn test_shared_secret_v2_authenticate_verify() {
+        let shared_secret = SharedSecretV2::new([0x55; 32]);
+        let message = [0xAA; 32];
+        let signature = shared_secret.authenticate(&message);
+        assert_eq!(shared_secret.verify(&message, &signature), Ok(()));
+    }
+
     #[test]
     fn test_shared_secret_v2_verify() {
         let shared_secret = SharedSecretV2::new([0x55; 32]);
@@ -348,23 +368,12 @@ mod test {
         );
     }
 
-    #[test]
-    fn test_decapsulate_invalid() {
-        let mut rng = ThreadRng256 {};
-        let pin_protocol = PinProtocol::new(&mut rng);
-        let shared_secret = pin_protocol.decapsulate(pin_protocol.get_public_key(), 3);
-        assert_eq!(
-            shared_secret.err(),
-            Some(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
-        );
-    }
-
     #[test]
     fn test_decapsulate_symmetric() {
         let mut rng = ThreadRng256 {};
         let pin_protocol1 = PinProtocol::new(&mut rng);
         let pin_protocol2 = PinProtocol::new(&mut rng);
-        for protocol in 1..=2 {
+        for &protocol in &[PinUvAuthProtocol::V1, PinUvAuthProtocol::V2] {
             let shared_secret1 = pin_protocol1
                 .decapsulate(pin_protocol2.get_public_key(), protocol)
                 .unwrap();
@@ -386,19 +395,24 @@ mod test {
             0x49, 0x68,
         ];
         assert_eq!(
-            verify_pin_uv_auth_token(&token, &message, &signature, 1),
+            verify_pin_uv_auth_token(&token, &message, &signature, PinUvAuthProtocol::V1),
             Ok(())
         );
         assert_eq!(
-            verify_pin_uv_auth_token(&[0x12; PIN_TOKEN_LENGTH], &message, &signature, 1),
+            verify_pin_uv_auth_token(
+                &[0x12; PIN_TOKEN_LENGTH],
+                &message,
+                &signature,
+                PinUvAuthProtocol::V1
+            ),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         );
         assert_eq!(
-            verify_pin_uv_auth_token(&token, &[0xBB], &signature, 1),
+            verify_pin_uv_auth_token(&token, &[0xBB], &signature, PinUvAuthProtocol::V1),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         );
         assert_eq!(
-            verify_pin_uv_auth_token(&token, &message, &[0x12; 16], 1),
+            verify_pin_uv_auth_token(&token, &message, &[0x12; 16], PinUvAuthProtocol::V1),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         );
     }
@@ -413,31 +427,25 @@ mod test {
             0x36, 0x93, 0xF7, 0x84,
         ];
         assert_eq!(
-            verify_pin_uv_auth_token(&token, &message, &signature, 2),
+            verify_pin_uv_auth_token(&token, &message, &signature, PinUvAuthProtocol::V2),
             Ok(())
         );
         assert_eq!(
-            verify_pin_uv_auth_token(&[0x12; PIN_TOKEN_LENGTH], &message, &signature, 2),
+            verify_pin_uv_auth_token(
+                &[0x12; PIN_TOKEN_LENGTH],
+                &message,
+                &signature,
+                PinUvAuthProtocol::V2
+            ),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         );
         assert_eq!(
-            verify_pin_uv_auth_token(&token, &[0xBB], &signature, 2),
+            verify_pin_uv_auth_token(&token, &[0xBB], &signature, PinUvAuthProtocol::V2),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         );
         assert_eq!(
-            verify_pin_uv_auth_token(&token, &message, &[0x12; 32], 2),
+            verify_pin_uv_auth_token(&token, &message, &[0x12; 32], PinUvAuthProtocol::V2),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         );
     }
-
-    #[test]
-    fn test_verify_pin_uv_auth_token_invalid_protocol() {
-        let token = [0x91; PIN_TOKEN_LENGTH];
-        let message = [0xAA];
-        let signature = [];
-        assert_eq!(
-            verify_pin_uv_auth_token(&token, &message, &signature, 3),
-            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
-        );
-    }
 }

From aec1e0a4092007eaabfe2c7f0eb2c51625f8f5d5 Mon Sep 17 00:00:00 2001
From: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
Date: Thu, 18 Mar 2021 17:29:32 +0100
Subject: [PATCH 183/192] adds PIN protocol V2 to all commands (#295)

---
 src/ctap/client_pin.rs            | 127 +++++++++++-
 src/ctap/command.rs               |  50 +++--
 src/ctap/config_command.rs        |  71 ++++---
 src/ctap/credential_management.rs | 137 ++++++-------
 src/ctap/data_formats.rs          |   4 +-
 src/ctap/large_blobs.rs           |  55 +++--
 src/ctap/mod.rs                   | 324 ++++++++++++++++++++----------
 src/ctap/pin_protocol.rs          |  13 ++
 8 files changed, 520 insertions(+), 261 deletions(-)

diff --git a/src/ctap/client_pin.rs b/src/ctap/client_pin.rs
index 12e049c..a580b1b 100644
--- a/src/ctap/client_pin.rs
+++ b/src/ctap/client_pin.rs
@@ -90,14 +90,12 @@ fn check_and_store_new_pin(
 }
 
 #[cfg_attr(test, derive(IntoEnumIterator))]
-// TODO remove when all variants are used
-#[allow(dead_code)]
 pub enum PinPermission {
     // All variants should use integers with a single bit set.
     MakeCredential = 0x01,
     GetAssertion = 0x02,
     CredentialManagement = 0x04,
-    BioEnrollment = 0x08,
+    _BioEnrollment = 0x08,
     LargeBlobWrite = 0x10,
     AuthenticatorConfiguration = 0x20,
 }
@@ -414,18 +412,19 @@ impl ClientPin {
         Ok(ResponseData::AuthenticatorClientPin(response))
     }
 
-    /// Verifies the HMAC for the PIN protocol V1 pinUvAuthToken.
-    pub fn verify_pin_auth_token(
+    /// Verifies the HMAC for the pinUvAuthToken of the given version.
+    pub fn verify_pin_uv_auth_token(
         &self,
         hmac_contents: &[u8],
         pin_uv_auth_param: &[u8],
+        pin_uv_auth_protocol: PinUvAuthProtocol,
     ) -> Result<(), Ctap2StatusCode> {
         verify_pin_uv_auth_token(
-            self.get_pin_protocol(PinUvAuthProtocol::V1)
+            self.get_pin_protocol(pin_uv_auth_protocol)
                 .get_pin_uv_auth_token(),
             hmac_contents,
             pin_uv_auth_param,
-            PinUvAuthProtocol::V1,
+            pin_uv_auth_protocol,
         )
     }
 
@@ -554,6 +553,7 @@ impl ClientPin {
 
 #[cfg(test)]
 mod test {
+    use super::super::pin_protocol::authenticate_pin_uv_auth_token;
     use super::*;
     use alloc::vec;
     use crypto::rng256::ThreadRng256;
@@ -639,6 +639,48 @@ mod test {
         (client_pin, params)
     }
 
+    #[test]
+    fn test_mix_pin_protocols() {
+        let mut rng = ThreadRng256 {};
+        let client_pin = ClientPin::new(&mut rng);
+        let pin_protocol_v1 = client_pin.get_pin_protocol(PinUvAuthProtocol::V1);
+        let pin_protocol_v2 = client_pin.get_pin_protocol(PinUvAuthProtocol::V2);
+        let message = vec![0xAA; 16];
+
+        let shared_secret_v1 = pin_protocol_v1
+            .decapsulate(pin_protocol_v1.get_public_key(), PinUvAuthProtocol::V1)
+            .unwrap();
+        let shared_secret_v2 = pin_protocol_v2
+            .decapsulate(pin_protocol_v2.get_public_key(), PinUvAuthProtocol::V2)
+            .unwrap();
+        let ciphertext = shared_secret_v1.encrypt(&mut rng, &message).unwrap();
+        let plaintext = shared_secret_v2.decrypt(&ciphertext).unwrap();
+        assert_ne!(&message, &plaintext);
+        let ciphertext = shared_secret_v2.encrypt(&mut rng, &message).unwrap();
+        let plaintext = shared_secret_v1.decrypt(&ciphertext).unwrap();
+        assert_ne!(&message, &plaintext);
+
+        let fake_secret_v1 = pin_protocol_v1
+            .decapsulate(pin_protocol_v2.get_public_key(), PinUvAuthProtocol::V1)
+            .unwrap();
+        let ciphertext = shared_secret_v1.encrypt(&mut rng, &message).unwrap();
+        let plaintext = fake_secret_v1.decrypt(&ciphertext).unwrap();
+        assert_ne!(&message, &plaintext);
+        let ciphertext = fake_secret_v1.encrypt(&mut rng, &message).unwrap();
+        let plaintext = shared_secret_v1.decrypt(&ciphertext).unwrap();
+        assert_ne!(&message, &plaintext);
+
+        let fake_secret_v2 = pin_protocol_v2
+            .decapsulate(pin_protocol_v1.get_public_key(), PinUvAuthProtocol::V2)
+            .unwrap();
+        let ciphertext = shared_secret_v2.encrypt(&mut rng, &message).unwrap();
+        let plaintext = fake_secret_v2.decrypt(&ciphertext).unwrap();
+        assert_ne!(&message, &plaintext);
+        let ciphertext = fake_secret_v2.encrypt(&mut rng, &message).unwrap();
+        let plaintext = shared_secret_v2.decrypt(&ciphertext).unwrap();
+        assert_ne!(&message, &plaintext);
+    }
+
     fn test_helper_verify_pin_hash_enc(pin_uv_auth_protocol: PinUvAuthProtocol) {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
@@ -1310,6 +1352,77 @@ mod test {
         );
     }
 
+    #[test]
+    fn test_verify_pin_uv_auth_token() {
+        let mut rng = ThreadRng256 {};
+        let client_pin = ClientPin::new(&mut rng);
+        let message = [0xAA];
+
+        let pin_uv_auth_token_v1 = client_pin
+            .get_pin_protocol(PinUvAuthProtocol::V1)
+            .get_pin_uv_auth_token();
+        let pin_uv_auth_param_v1 =
+            authenticate_pin_uv_auth_token(&pin_uv_auth_token_v1, &message, PinUvAuthProtocol::V1);
+        let pin_uv_auth_token_v2 = client_pin
+            .get_pin_protocol(PinUvAuthProtocol::V2)
+            .get_pin_uv_auth_token();
+        let pin_uv_auth_param_v2 =
+            authenticate_pin_uv_auth_token(&pin_uv_auth_token_v2, &message, PinUvAuthProtocol::V2);
+        let pin_uv_auth_param_v1_from_v2_token =
+            authenticate_pin_uv_auth_token(&pin_uv_auth_token_v2, &message, PinUvAuthProtocol::V1);
+        let pin_uv_auth_param_v2_from_v1_token =
+            authenticate_pin_uv_auth_token(&pin_uv_auth_token_v1, &message, PinUvAuthProtocol::V2);
+
+        assert_eq!(
+            client_pin.verify_pin_uv_auth_token(
+                &message,
+                &pin_uv_auth_param_v1,
+                PinUvAuthProtocol::V1
+            ),
+            Ok(())
+        );
+        assert_eq!(
+            client_pin.verify_pin_uv_auth_token(
+                &message,
+                &pin_uv_auth_param_v2,
+                PinUvAuthProtocol::V2
+            ),
+            Ok(())
+        );
+        assert_eq!(
+            client_pin.verify_pin_uv_auth_token(
+                &message,
+                &pin_uv_auth_param_v1,
+                PinUvAuthProtocol::V2
+            ),
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        );
+        assert_eq!(
+            client_pin.verify_pin_uv_auth_token(
+                &message,
+                &pin_uv_auth_param_v2,
+                PinUvAuthProtocol::V1
+            ),
+            Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
+        );
+        assert_eq!(
+            client_pin.verify_pin_uv_auth_token(
+                &message,
+                &pin_uv_auth_param_v1_from_v2_token,
+                PinUvAuthProtocol::V1
+            ),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+        assert_eq!(
+            client_pin.verify_pin_uv_auth_token(
+                &message,
+                &pin_uv_auth_param_v2_from_v1_token,
+                PinUvAuthProtocol::V2
+            ),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+    }
+
     #[test]
     fn test_reset() {
         let mut rng = ThreadRng256 {};
diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index 748c33e..c0ecb2d 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -155,7 +155,7 @@ pub struct AuthenticatorMakeCredentialParameters {
     // Same for options, use defaults when not present.
     pub options: MakeCredentialOptions,
     pub pin_uv_auth_param: Option<Vec<u8>>,
-    pub pin_uv_auth_protocol: Option<u64>,
+    pub pin_uv_auth_protocol: Option<PinUvAuthProtocol>,
     pub enterprise_attestation: Option<u64>,
 }
 
@@ -213,7 +213,9 @@ impl TryFrom<cbor::Value> for AuthenticatorMakeCredentialParameters {
             .unwrap_or_default();
 
         let pin_uv_auth_param = pin_uv_auth_param.map(extract_byte_string).transpose()?;
-        let pin_uv_auth_protocol = pin_uv_auth_protocol.map(extract_unsigned).transpose()?;
+        let pin_uv_auth_protocol = pin_uv_auth_protocol
+            .map(PinUvAuthProtocol::try_from)
+            .transpose()?;
         let enterprise_attestation = enterprise_attestation.map(extract_unsigned).transpose()?;
 
         Ok(AuthenticatorMakeCredentialParameters {
@@ -241,7 +243,7 @@ pub struct AuthenticatorGetAssertionParameters {
     // Same for options, use defaults when not present.
     pub options: GetAssertionOptions,
     pub pin_uv_auth_param: Option<Vec<u8>>,
-    pub pin_uv_auth_protocol: Option<u64>,
+    pub pin_uv_auth_protocol: Option<PinUvAuthProtocol>,
 }
 
 impl TryFrom<cbor::Value> for AuthenticatorGetAssertionParameters {
@@ -288,7 +290,9 @@ impl TryFrom<cbor::Value> for AuthenticatorGetAssertionParameters {
             .unwrap_or_default();
 
         let pin_uv_auth_param = pin_uv_auth_param.map(extract_byte_string).transpose()?;
-        let pin_uv_auth_protocol = pin_uv_auth_protocol.map(extract_unsigned).transpose()?;
+        let pin_uv_auth_protocol = pin_uv_auth_protocol
+            .map(PinUvAuthProtocol::try_from)
+            .transpose()?;
 
         Ok(AuthenticatorGetAssertionParameters {
             rp_id,
@@ -366,7 +370,7 @@ pub struct AuthenticatorLargeBlobsParameters {
     pub offset: usize,
     pub length: Option<usize>,
     pub pin_uv_auth_param: Option<Vec<u8>>,
-    pub pin_uv_auth_protocol: Option<u64>,
+    pub pin_uv_auth_protocol: Option<PinUvAuthProtocol>,
 }
 
 impl TryFrom<cbor::Value> for AuthenticatorLargeBlobsParameters {
@@ -394,7 +398,9 @@ impl TryFrom<cbor::Value> for AuthenticatorLargeBlobsParameters {
             .transpose()?
             .map(|u| u as usize);
         let pin_uv_auth_param = pin_uv_auth_param.map(extract_byte_string).transpose()?;
-        let pin_uv_auth_protocol = pin_uv_auth_protocol.map(extract_unsigned).transpose()?;
+        let pin_uv_auth_protocol = pin_uv_auth_protocol
+            .map(PinUvAuthProtocol::try_from)
+            .transpose()?;
 
         if get.is_none() && set.is_none() {
             return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
@@ -439,7 +445,7 @@ pub struct AuthenticatorConfigParameters {
     pub sub_command: ConfigSubCommand,
     pub sub_command_params: Option<ConfigSubCommandParams>,
     pub pin_uv_auth_param: Option<Vec<u8>>,
-    pub pin_uv_auth_protocol: Option<u64>,
+    pub pin_uv_auth_protocol: Option<PinUvAuthProtocol>,
 }
 
 impl TryFrom<cbor::Value> for AuthenticatorConfigParameters {
@@ -463,7 +469,9 @@ impl TryFrom<cbor::Value> for AuthenticatorConfigParameters {
             _ => None,
         };
         let pin_uv_auth_param = pin_uv_auth_param.map(extract_byte_string).transpose()?;
-        let pin_uv_auth_protocol = pin_uv_auth_protocol.map(extract_unsigned).transpose()?;
+        let pin_uv_auth_protocol = pin_uv_auth_protocol
+            .map(PinUvAuthProtocol::try_from)
+            .transpose()?;
 
         Ok(AuthenticatorConfigParameters {
             sub_command,
@@ -507,8 +515,8 @@ impl TryFrom<cbor::Value> for AuthenticatorAttestationMaterial {
 pub struct AuthenticatorCredentialManagementParameters {
     pub sub_command: CredentialManagementSubCommand,
     pub sub_command_params: Option<CredentialManagementSubCommandParameters>,
-    pub pin_uv_auth_protocol: Option<u64>,
-    pub pin_auth: Option<Vec<u8>>,
+    pub pin_uv_auth_protocol: Option<PinUvAuthProtocol>,
+    pub pin_uv_auth_param: Option<Vec<u8>>,
 }
 
 impl TryFrom<cbor::Value> for AuthenticatorCredentialManagementParameters {
@@ -520,7 +528,7 @@ impl TryFrom<cbor::Value> for AuthenticatorCredentialManagementParameters {
                 0x01 => sub_command,
                 0x02 => sub_command_params,
                 0x03 => pin_uv_auth_protocol,
-                0x04 => pin_auth,
+                0x04 => pin_uv_auth_param,
             } = extract_map(cbor_value)?;
         }
 
@@ -528,14 +536,16 @@ impl TryFrom<cbor::Value> for AuthenticatorCredentialManagementParameters {
         let sub_command_params = sub_command_params
             .map(CredentialManagementSubCommandParameters::try_from)
             .transpose()?;
-        let pin_uv_auth_protocol = pin_uv_auth_protocol.map(extract_unsigned).transpose()?;
-        let pin_auth = pin_auth.map(extract_byte_string).transpose()?;
+        let pin_uv_auth_protocol = pin_uv_auth_protocol
+            .map(PinUvAuthProtocol::try_from)
+            .transpose()?;
+        let pin_uv_auth_param = pin_uv_auth_param.map(extract_byte_string).transpose()?;
 
         Ok(AuthenticatorCredentialManagementParameters {
             sub_command,
             sub_command_params,
             pin_uv_auth_protocol,
-            pin_auth,
+            pin_uv_auth_param,
         })
     }
 }
@@ -630,7 +640,7 @@ mod test {
             extensions: MakeCredentialExtensions::default(),
             options,
             pin_uv_auth_param: Some(vec![0x12, 0x34]),
-            pin_uv_auth_protocol: Some(1),
+            pin_uv_auth_protocol: Some(PinUvAuthProtocol::V1),
             enterprise_attestation: Some(2),
         };
 
@@ -677,7 +687,7 @@ mod test {
             extensions: GetAssertionExtensions::default(),
             options,
             pin_uv_auth_param: Some(vec![0x12, 0x34]),
-            pin_uv_auth_protocol: Some(1),
+            pin_uv_auth_protocol: Some(PinUvAuthProtocol::V1),
         };
 
         assert_eq!(
@@ -766,8 +776,8 @@ mod test {
         let expected_cred_management_parameters = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::EnumerateCredentialsBegin,
             sub_command_params: Some(params),
-            pin_uv_auth_protocol: Some(1),
-            pin_auth: Some(vec![0x9A; 16]),
+            pin_uv_auth_protocol: Some(PinUvAuthProtocol::V1),
+            pin_uv_auth_param: Some(vec![0x9A; 16]),
         };
 
         assert_eq!(
@@ -821,7 +831,7 @@ mod test {
             offset: 0,
             length: Some(MIN_LARGE_BLOB_LEN),
             pin_uv_auth_param: Some(vec![0xA9]),
-            pin_uv_auth_protocol: Some(1),
+            pin_uv_auth_protocol: Some(PinUvAuthProtocol::V1),
         };
         assert_eq!(
             returned_large_blobs_parameters,
@@ -843,7 +853,7 @@ mod test {
             offset: 1,
             length: None,
             pin_uv_auth_param: Some(vec![0xA9]),
-            pin_uv_auth_protocol: Some(1),
+            pin_uv_auth_protocol: Some(PinUvAuthProtocol::V1),
         };
         assert_eq!(
             returned_large_blobs_parameters,
diff --git a/src/ctap/config_command.rs b/src/ctap/config_command.rs
index 3cbefd5..bdedc6b 100644
--- a/src/ctap/config_command.rs
+++ b/src/ctap/config_command.rs
@@ -12,13 +12,13 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use super::client_pin::ClientPin;
+use super::client_pin::{ClientPin, PinPermission};
 use super::command::AuthenticatorConfigParameters;
+use super::customization::ENTERPRISE_ATTESTATION_MODE;
 use super::data_formats::{ConfigSubCommand, ConfigSubCommandParams, SetMinPinLengthParams};
 use super::response::ResponseData;
 use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
-use super::{check_pin_uv_auth_protocol, ENTERPRISE_ATTESTATION_MODE};
 use alloc::vec;
 
 /// Processes the subcommand enableEnterpriseAttestation for AuthenticatorConfig.
@@ -91,10 +91,10 @@ pub fn process_config(
         _ => true,
     } && persistent_store.has_always_uv()?;
     if persistent_store.pin_hash()?.is_some() || enforce_uv {
-        // TODO(kaczmarczyck) The error code is specified inconsistently with other commands.
-        check_pin_uv_auth_protocol(pin_uv_auth_protocol)
-            .map_err(|_| Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
-        let auth_param = pin_uv_auth_param.ok_or(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
+        let pin_uv_auth_param =
+            pin_uv_auth_param.ok_or(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
+        let pin_uv_auth_protocol =
+            pin_uv_auth_protocol.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?;
         // Constants are taken from the specification, section 6.11, step 4.2.
         let mut config_data = vec![0xFF; 32];
         config_data.extend(&[0x0D, sub_command as u8]);
@@ -103,7 +103,12 @@ pub fn process_config(
                 return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
             }
         }
-        client_pin.verify_pin_auth_token(&config_data, &auth_param)?;
+        client_pin.verify_pin_uv_auth_token(
+            &config_data,
+            &pin_uv_auth_param,
+            pin_uv_auth_protocol,
+        )?;
+        client_pin.has_permission(PinPermission::AuthenticatorConfiguration)?;
     }
 
     match sub_command {
@@ -127,6 +132,7 @@ mod test {
     use super::*;
     use crate::ctap::customization::ENFORCE_ALWAYS_UV;
     use crate::ctap::data_formats::PinUvAuthProtocol;
+    use crate::ctap::pin_protocol::authenticate_pin_uv_auth_token;
     use crypto::rng256::ThreadRng256;
 
     #[test]
@@ -194,25 +200,24 @@ mod test {
         }
     }
 
-    #[test]
-    fn test_process_toggle_always_uv_with_pin() {
+    fn test_helper_process_toggle_always_uv_with_pin(pin_uv_auth_protocol: PinUvAuthProtocol) {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
         let mut client_pin =
-            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, pin_uv_auth_protocol);
         persistent_store.set_pin(&[0x88; 16], 4).unwrap();
 
-        let pin_uv_auth_param = Some(vec![
-            0x99, 0xBA, 0x0A, 0x57, 0x9D, 0x95, 0x5A, 0x44, 0xE3, 0x77, 0xCF, 0x95, 0x51, 0x3F,
-            0xFD, 0xBE,
-        ]);
+        let mut config_data = vec![0xFF; 32];
+        config_data.extend(&[0x0D, ConfigSubCommand::ToggleAlwaysUv as u8]);
+        let pin_uv_auth_param =
+            authenticate_pin_uv_auth_token(&pin_uv_auth_token, &config_data, pin_uv_auth_protocol);
         let config_params = AuthenticatorConfigParameters {
             sub_command: ConfigSubCommand::ToggleAlwaysUv,
             sub_command_params: None,
-            pin_uv_auth_param: pin_uv_auth_param.clone(),
-            pin_uv_auth_protocol: Some(1),
+            pin_uv_auth_param: Some(pin_uv_auth_param.clone()),
+            pin_uv_auth_protocol: Some(pin_uv_auth_protocol),
         };
         let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         if ENFORCE_ALWAYS_UV {
@@ -228,14 +233,24 @@ mod test {
         let config_params = AuthenticatorConfigParameters {
             sub_command: ConfigSubCommand::ToggleAlwaysUv,
             sub_command_params: None,
-            pin_uv_auth_param,
-            pin_uv_auth_protocol: Some(1),
+            pin_uv_auth_param: Some(pin_uv_auth_param),
+            pin_uv_auth_protocol: Some(pin_uv_auth_protocol),
         };
         let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
         assert!(!persistent_store.has_always_uv().unwrap());
     }
 
+    #[test]
+    fn test_process_toggle_always_uv_with_pin_v1() {
+        test_helper_process_toggle_always_uv_with_pin(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_process_toggle_always_uv_with_pin_v2() {
+        test_helper_process_toggle_always_uv_with_pin(PinUvAuthProtocol::V2);
+    }
+
     fn create_min_pin_config_params(
         min_pin_length: u8,
         min_pin_length_rp_ids: Option<Vec<String>>,
@@ -251,7 +266,7 @@ mod test {
                 set_min_pin_length_params,
             )),
             pin_uv_auth_param: None,
-            pin_uv_auth_protocol: Some(1),
+            pin_uv_auth_protocol: Some(PinUvAuthProtocol::V1),
         }
     }
 
@@ -276,22 +291,22 @@ mod test {
         persistent_store.set_pin(&[0x88; 16], 8).unwrap();
         let min_pin_length = 8;
         let mut config_params = create_min_pin_config_params(min_pin_length, None);
-        let pin_auth = vec![
+        let pin_uv_auth_param = vec![
             0x5C, 0x69, 0x71, 0x29, 0xBD, 0xCC, 0x53, 0xE8, 0x3C, 0x97, 0x62, 0xDD, 0x90, 0x29,
             0xB2, 0xDE,
         ];
-        config_params.pin_uv_auth_param = Some(pin_auth);
+        config_params.pin_uv_auth_param = Some(pin_uv_auth_param);
         let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
         assert_eq!(persistent_store.min_pin_length(), Ok(min_pin_length));
 
         // Third, decreasing the minimum PIN length from 8 to 7 fails.
         let mut config_params = create_min_pin_config_params(7, None);
-        let pin_auth = vec![
+        let pin_uv_auth_param = vec![
             0xC5, 0xEA, 0xC1, 0x5E, 0x7F, 0x80, 0x70, 0x1A, 0x4E, 0xC4, 0xAD, 0x85, 0x35, 0xD8,
             0xA7, 0x71,
         ];
-        config_params.pin_uv_auth_param = Some(pin_auth);
+        config_params.pin_uv_auth_param = Some(pin_uv_auth_param);
         let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(
             config_response,
@@ -329,11 +344,11 @@ mod test {
         persistent_store.set_pin(&[0x88; 16], 8).unwrap();
         let mut config_params =
             create_min_pin_config_params(min_pin_length, Some(min_pin_length_rp_ids.clone()));
-        let pin_auth = vec![
+        let pin_uv_auth_param = vec![
             0x40, 0x51, 0x2D, 0xAC, 0x2D, 0xE2, 0x15, 0x77, 0x5C, 0xF9, 0x5B, 0x62, 0x9A, 0x2D,
             0xD6, 0xDA,
         ];
-        config_params.pin_uv_auth_param = Some(pin_auth.clone());
+        config_params.pin_uv_auth_param = Some(pin_uv_auth_param.clone());
         let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
         assert_eq!(persistent_store.min_pin_length(), Ok(min_pin_length));
@@ -346,7 +361,7 @@ mod test {
         // One PIN auth shouldn't work for different lengths.
         let mut config_params =
             create_min_pin_config_params(9, Some(min_pin_length_rp_ids.clone()));
-        config_params.pin_uv_auth_param = Some(pin_auth.clone());
+        config_params.pin_uv_auth_param = Some(pin_uv_auth_param.clone());
         let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(
             config_response,
@@ -364,7 +379,7 @@ mod test {
             min_pin_length,
             Some(vec!["counter.example.com".to_string()]),
         );
-        config_params.pin_uv_auth_param = Some(pin_auth);
+        config_params.pin_uv_auth_param = Some(pin_uv_auth_param);
         let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(
             config_response,
@@ -426,7 +441,7 @@ mod test {
                 set_min_pin_length_params,
             )),
             pin_uv_auth_param,
-            pin_uv_auth_protocol: Some(1),
+            pin_uv_auth_protocol: Some(PinUvAuthProtocol::V1),
         };
         let config_response = process_config(&mut persistent_store, &mut client_pin, config_params);
         assert_eq!(config_response, Ok(ResponseData::AuthenticatorConfig));
diff --git a/src/ctap/credential_management.rs b/src/ctap/credential_management.rs
index bbfb320..b81648a 100644
--- a/src/ctap/credential_management.rs
+++ b/src/ctap/credential_management.rs
@@ -22,7 +22,7 @@ use super::data_formats::{
 use super::response::{AuthenticatorCredentialManagementResponse, ResponseData};
 use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
-use super::{check_pin_uv_auth_protocol, StatefulCommand, StatefulPermission};
+use super::{StatefulCommand, StatefulPermission};
 use alloc::collections::BTreeSet;
 use alloc::string::String;
 use alloc::vec;
@@ -259,7 +259,7 @@ pub fn process_credential_management(
         sub_command,
         sub_command_params,
         pin_uv_auth_protocol,
-        pin_auth,
+        pin_uv_auth_param,
     } = cred_management_params;
 
     match (sub_command, stateful_command_permission.get_command()) {
@@ -282,15 +282,21 @@ pub fn process_credential_management(
         | CredentialManagementSubCommand::EnumerateCredentialsBegin
         | CredentialManagementSubCommand::DeleteCredential
         | CredentialManagementSubCommand::UpdateUserInformation => {
-            check_pin_uv_auth_protocol(pin_uv_auth_protocol)?;
-            let pin_auth = pin_auth.ok_or(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
+            let pin_uv_auth_param =
+                pin_uv_auth_param.ok_or(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
+            let pin_uv_auth_protocol =
+                pin_uv_auth_protocol.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?;
             let mut management_data = vec![sub_command as u8];
             if let Some(sub_command_params) = sub_command_params.clone() {
                 if !cbor::write(sub_command_params.into(), &mut management_data) {
                     return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
                 }
             }
-            client_pin.verify_pin_auth_token(&management_data, &pin_auth)?;
+            client_pin.verify_pin_uv_auth_token(
+                &management_data,
+                &pin_uv_auth_param,
+                pin_uv_auth_protocol,
+            )?;
             // The RP ID permission is handled differently per subcommand below.
             client_pin.has_permission(PinPermission::CredentialManagement)?;
         }
@@ -352,6 +358,7 @@ pub fn process_credential_management(
 #[cfg(test)]
 mod test {
     use super::super::data_formats::{PinUvAuthProtocol, PublicKeyCredentialType};
+    use super::super::pin_protocol::authenticate_pin_uv_auth_token;
     use super::super::CtapState;
     use super::*;
     use crypto::rng256::{Rng256, ThreadRng256};
@@ -377,13 +384,12 @@ mod test {
         }
     }
 
-    #[test]
-    fn test_process_get_creds_metadata() {
+    fn test_helper_process_get_creds_metadata(pin_uv_auth_protocol: PinUvAuthProtocol) {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
         let client_pin =
-            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, pin_uv_auth_protocol);
         let credential_source = create_credential_source(&mut rng);
 
         let user_immediately_present = |_| Ok(());
@@ -391,16 +397,18 @@ mod test {
         ctap_state.client_pin = client_pin;
 
         ctap_state.persistent_store.set_pin(&[0u8; 16], 4).unwrap();
-        let pin_auth = Some(vec![
-            0xC5, 0xFB, 0x75, 0x55, 0x98, 0xB5, 0x19, 0x01, 0xB3, 0x31, 0x7D, 0xFE, 0x1D, 0xF5,
-            0xFB, 0x00,
-        ]);
+        let management_data = vec![CredentialManagementSubCommand::GetCredsMetadata as u8];
+        let pin_uv_auth_param = authenticate_pin_uv_auth_token(
+            &pin_uv_auth_token,
+            &management_data,
+            pin_uv_auth_protocol,
+        );
 
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::GetCredsMetadata,
             sub_command_params: None,
-            pin_uv_auth_protocol: Some(1),
-            pin_auth: pin_auth.clone(),
+            pin_uv_auth_protocol: Some(pin_uv_auth_protocol),
+            pin_uv_auth_param: Some(pin_uv_auth_param.clone()),
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
@@ -427,8 +435,8 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::GetCredsMetadata,
             sub_command_params: None,
-            pin_uv_auth_protocol: Some(1),
-            pin_auth,
+            pin_uv_auth_protocol: Some(pin_uv_auth_protocol),
+            pin_uv_auth_param: Some(pin_uv_auth_param),
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
@@ -449,6 +457,16 @@ mod test {
         };
     }
 
+    #[test]
+    fn test_process_get_creds_metadata_v1() {
+        test_helper_process_get_creds_metadata(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_process_get_creds_metadata_v2() {
+        test_helper_process_get_creds_metadata(PinUvAuthProtocol::V2);
+    }
+
     #[test]
     fn test_process_enumerate_rps_with_uv() {
         let mut rng = ThreadRng256 {};
@@ -474,7 +492,7 @@ mod test {
             .unwrap();
 
         ctap_state.persistent_store.set_pin(&[0u8; 16], 4).unwrap();
-        let pin_auth = Some(vec![
+        let pin_uv_auth_param = Some(vec![
             0x1A, 0xA4, 0x96, 0xDA, 0x62, 0x80, 0x28, 0x13, 0xEB, 0x32, 0xB9, 0xF1, 0xD2, 0xA9,
             0xD0, 0xD1,
         ]);
@@ -482,8 +500,8 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::EnumerateRpsBegin,
             sub_command_params: None,
-            pin_uv_auth_protocol: Some(1),
-            pin_auth,
+            pin_uv_auth_protocol: Some(PinUvAuthProtocol::V1),
+            pin_uv_auth_param,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
@@ -507,7 +525,7 @@ mod test {
             sub_command: CredentialManagementSubCommand::EnumerateRpsGetNextRp,
             sub_command_params: None,
             pin_uv_auth_protocol: None,
-            pin_auth: None,
+            pin_uv_auth_param: None,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
@@ -532,7 +550,7 @@ mod test {
             sub_command: CredentialManagementSubCommand::EnumerateRpsGetNextRp,
             sub_command_params: None,
             pin_uv_auth_protocol: None,
-            pin_auth: None,
+            pin_uv_auth_param: None,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
@@ -571,7 +589,7 @@ mod test {
         }
 
         ctap_state.persistent_store.set_pin(&[0u8; 16], 4).unwrap();
-        let pin_auth = Some(vec![
+        let pin_uv_auth_param = Some(vec![
             0x1A, 0xA4, 0x96, 0xDA, 0x62, 0x80, 0x28, 0x13, 0xEB, 0x32, 0xB9, 0xF1, 0xD2, 0xA9,
             0xD0, 0xD1,
         ]);
@@ -582,8 +600,8 @@ mod test {
         let mut cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::EnumerateRpsBegin,
             sub_command_params: None,
-            pin_uv_auth_protocol: Some(1),
-            pin_auth,
+            pin_uv_auth_protocol: Some(PinUvAuthProtocol::V1),
+            pin_uv_auth_param,
         };
 
         for _ in 0..NUM_CREDENTIALS {
@@ -613,7 +631,7 @@ mod test {
                 sub_command: CredentialManagementSubCommand::EnumerateRpsGetNextRp,
                 sub_command_params: None,
                 pin_uv_auth_protocol: None,
-                pin_auth: None,
+                pin_uv_auth_param: None,
             };
         }
 
@@ -658,7 +676,7 @@ mod test {
             .unwrap();
 
         ctap_state.persistent_store.set_pin(&[0u8; 16], 4).unwrap();
-        let pin_auth = Some(vec![
+        let pin_uv_auth_param = Some(vec![
             0xF8, 0xB0, 0x3C, 0xC1, 0xD5, 0x58, 0x9C, 0xB7, 0x4D, 0x42, 0xA1, 0x64, 0x14, 0x28,
             0x2B, 0x68,
         ]);
@@ -673,8 +691,8 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::EnumerateCredentialsBegin,
             sub_command_params: Some(sub_command_params),
-            pin_uv_auth_protocol: Some(1),
-            pin_auth,
+            pin_uv_auth_protocol: Some(PinUvAuthProtocol::V1),
+            pin_uv_auth_param,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
@@ -697,7 +715,7 @@ mod test {
             sub_command: CredentialManagementSubCommand::EnumerateCredentialsGetNextCredential,
             sub_command_params: None,
             pin_uv_auth_protocol: None,
-            pin_auth: None,
+            pin_uv_auth_param: None,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
@@ -721,7 +739,7 @@ mod test {
             sub_command: CredentialManagementSubCommand::EnumerateCredentialsGetNextCredential,
             sub_command_params: None,
             pin_uv_auth_protocol: None,
-            pin_auth: None,
+            pin_uv_auth_param: None,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
@@ -756,7 +774,7 @@ mod test {
             .unwrap();
 
         ctap_state.persistent_store.set_pin(&[0u8; 16], 4).unwrap();
-        let pin_auth = Some(vec![
+        let pin_uv_auth_param = Some(vec![
             0xBD, 0xE3, 0xEF, 0x8A, 0x77, 0x01, 0xB1, 0x69, 0x19, 0xE6, 0x62, 0xB9, 0x9B, 0x89,
             0x9C, 0x64,
         ]);
@@ -774,8 +792,8 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::DeleteCredential,
             sub_command_params: Some(sub_command_params.clone()),
-            pin_uv_auth_protocol: Some(1),
-            pin_auth: pin_auth.clone(),
+            pin_uv_auth_protocol: Some(PinUvAuthProtocol::V1),
+            pin_uv_auth_param: pin_uv_auth_param.clone(),
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
@@ -792,8 +810,8 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::DeleteCredential,
             sub_command_params: Some(sub_command_params),
-            pin_uv_auth_protocol: Some(1),
-            pin_auth,
+            pin_uv_auth_protocol: Some(PinUvAuthProtocol::V1),
+            pin_uv_auth_param,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
@@ -828,7 +846,7 @@ mod test {
             .unwrap();
 
         ctap_state.persistent_store.set_pin(&[0u8; 16], 4).unwrap();
-        let pin_auth = Some(vec![
+        let pin_uv_auth_param = Some(vec![
             0xA5, 0x55, 0x8F, 0x03, 0xC3, 0xD3, 0x73, 0x1C, 0x07, 0xDA, 0x1F, 0x8C, 0xC7, 0xBD,
             0x9D, 0xB7,
         ]);
@@ -852,8 +870,8 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::UpdateUserInformation,
             sub_command_params: Some(sub_command_params),
-            pin_uv_auth_protocol: Some(1),
-            pin_auth,
+            pin_uv_auth_protocol: Some(PinUvAuthProtocol::V1),
+            pin_uv_auth_param,
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
@@ -882,44 +900,7 @@ mod test {
     }
 
     #[test]
-    fn test_process_credential_management_invalid_pin_uv_auth_protocol() {
-        let mut rng = ThreadRng256 {};
-        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
-        let pin_uv_auth_token = [0x55; 32];
-        let client_pin =
-            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
-
-        let user_immediately_present = |_| Ok(());
-        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
-        ctap_state.client_pin = client_pin;
-
-        ctap_state.persistent_store.set_pin(&[0u8; 16], 4).unwrap();
-        let pin_auth = Some(vec![
-            0xC5, 0xFB, 0x75, 0x55, 0x98, 0xB5, 0x19, 0x01, 0xB3, 0x31, 0x7D, 0xFE, 0x1D, 0xF5,
-            0xFB, 0x00,
-        ]);
-
-        let cred_management_params = AuthenticatorCredentialManagementParameters {
-            sub_command: CredentialManagementSubCommand::GetCredsMetadata,
-            sub_command_params: None,
-            pin_uv_auth_protocol: Some(123456),
-            pin_auth,
-        };
-        let cred_management_response = process_credential_management(
-            &mut ctap_state.persistent_store,
-            &mut ctap_state.stateful_command_permission,
-            &mut ctap_state.client_pin,
-            cred_management_params,
-            DUMMY_CLOCK_VALUE,
-        );
-        assert_eq!(
-            cred_management_response,
-            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
-        );
-    }
-
-    #[test]
-    fn test_process_credential_management_invalid_pin_auth() {
+    fn test_process_credential_management_invalid_pin_uv_auth_param() {
         let mut rng = ThreadRng256 {};
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
@@ -929,8 +910,8 @@ mod test {
         let cred_management_params = AuthenticatorCredentialManagementParameters {
             sub_command: CredentialManagementSubCommand::GetCredsMetadata,
             sub_command_params: None,
-            pin_uv_auth_protocol: Some(1),
-            pin_auth: Some(vec![0u8; 16]),
+            pin_uv_auth_protocol: Some(PinUvAuthProtocol::V1),
+            pin_uv_auth_param: Some(vec![0u8; 16]),
         };
         let cred_management_response = process_credential_management(
             &mut ctap_state.persistent_store,
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index 138dd3a..84fe721 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -816,8 +816,8 @@ impl TryFrom<CoseKey> for ecdh::PubKey {
 
 #[derive(Clone, Copy, Debug, PartialEq)]
 pub enum PinUvAuthProtocol {
-    V1,
-    V2,
+    V1 = 1,
+    V2 = 2,
 }
 
 impl TryFrom<cbor::Value> for PinUvAuthProtocol {
diff --git a/src/ctap/large_blobs.rs b/src/ctap/large_blobs.rs
index d366ce4..ffb98cb 100644
--- a/src/ctap/large_blobs.rs
+++ b/src/ctap/large_blobs.rs
@@ -12,7 +12,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use super::check_pin_uv_auth_protocol;
 use super::client_pin::{ClientPin, PinPermission};
 use super::command::AuthenticatorLargeBlobsParameters;
 use super::response::{AuthenticatorLargeBlobsResponse, ResponseData};
@@ -91,17 +90,20 @@ impl LargeBlobs {
             if persistent_store.pin_hash()?.is_some() || persistent_store.has_always_uv()? {
                 let pin_uv_auth_param =
                     pin_uv_auth_param.ok_or(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED)?;
-                // TODO(kaczmarczyck) Error codes for PIN protocol differ across commands.
-                // Change to Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED for None?
-                check_pin_uv_auth_protocol(pin_uv_auth_protocol)?;
-                client_pin.has_permission(PinPermission::LargeBlobWrite)?;
-                let mut message = vec![0xFF; 32];
-                message.extend(&[0x0C, 0x00]);
+                let pin_uv_auth_protocol =
+                    pin_uv_auth_protocol.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?;
+                let mut large_blob_data = vec![0xFF; 32];
+                large_blob_data.extend(&[0x0C, 0x00]);
                 let mut offset_bytes = [0u8; 4];
                 LittleEndian::write_u32(&mut offset_bytes, offset as u32);
-                message.extend(&offset_bytes);
-                message.extend(&Sha256::hash(set.as_slice()));
-                client_pin.verify_pin_auth_token(&message, &pin_uv_auth_param)?;
+                large_blob_data.extend(&offset_bytes);
+                large_blob_data.extend(&Sha256::hash(set.as_slice()));
+                client_pin.verify_pin_uv_auth_token(
+                    &large_blob_data,
+                    &pin_uv_auth_param,
+                    pin_uv_auth_protocol,
+                )?;
+                client_pin.has_permission(PinPermission::LargeBlobWrite)?;
             }
             if offset + set.len() > self.expected_length {
                 return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
@@ -136,6 +138,7 @@ impl LargeBlobs {
 #[cfg(test)]
 mod test {
     use super::super::data_formats::PinUvAuthProtocol;
+    use super::super::pin_protocol::authenticate_pin_uv_auth_token;
     use super::*;
     use crypto::rng256::ThreadRng256;
 
@@ -358,14 +361,13 @@ mod test {
         );
     }
 
-    #[test]
-    fn test_process_command_commit_with_pin() {
+    fn test_helper_process_command_commit_with_pin(pin_uv_auth_protocol: PinUvAuthProtocol) {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x55; 32];
         let mut client_pin =
-            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, pin_uv_auth_protocol);
         let mut large_blobs = LargeBlobs::new();
 
         const BLOB_LEN: usize = 20;
@@ -374,18 +376,23 @@ mod test {
         large_blob.extend_from_slice(&Sha256::hash(&large_blob[..])[..TRUNCATED_HASH_LEN]);
 
         persistent_store.set_pin(&[0u8; 16], 4).unwrap();
-        let pin_uv_auth_param = Some(vec![
-            0x68, 0x0C, 0x3F, 0x6A, 0x62, 0x47, 0xE6, 0x7C, 0x23, 0x1F, 0x79, 0xE3, 0xDC, 0x6D,
-            0xC3, 0xDE,
-        ]);
+        let mut large_blob_data = vec![0xFF; 32];
+        // Command constant and offset bytes.
+        large_blob_data.extend(&[0x0C, 0x00, 0x00, 0x00, 0x00, 0x00]);
+        large_blob_data.extend(&Sha256::hash(&large_blob));
+        let pin_uv_auth_param = authenticate_pin_uv_auth_token(
+            &pin_uv_auth_token,
+            &large_blob_data,
+            pin_uv_auth_protocol,
+        );
 
         let large_blobs_params = AuthenticatorLargeBlobsParameters {
             get: None,
             set: Some(large_blob),
             offset: 0,
             length: Some(BLOB_LEN),
-            pin_uv_auth_param,
-            pin_uv_auth_protocol: Some(1),
+            pin_uv_auth_param: Some(pin_uv_auth_param),
+            pin_uv_auth_protocol: Some(pin_uv_auth_protocol),
         };
         let large_blobs_response =
             large_blobs.process_command(&mut persistent_store, &mut client_pin, large_blobs_params);
@@ -394,4 +401,14 @@ mod test {
             Ok(ResponseData::AuthenticatorLargeBlobs(None))
         );
     }
+
+    #[test]
+    fn test_process_command_commit_with_pin_v1() {
+        test_helper_process_command_commit_with_pin(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_process_command_commit_with_pin_v2() {
+        test_helper_process_command_commit_with_pin(PinUvAuthProtocol::V2);
+    }
 }
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 8432f4e..83db5a9 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -44,9 +44,9 @@ use self::customization::{
 };
 use self::data_formats::{
     AuthenticatorTransport, CoseKey, CredentialProtectionPolicy, EnterpriseAttestationMode,
-    GetAssertionExtensions, PackedAttestationStatement, PublicKeyCredentialDescriptor,
-    PublicKeyCredentialParameter, PublicKeyCredentialSource, PublicKeyCredentialType,
-    PublicKeyCredentialUserEntity, SignatureAlgorithm,
+    GetAssertionExtensions, PackedAttestationStatement, PinUvAuthProtocol,
+    PublicKeyCredentialDescriptor, PublicKeyCredentialParameter, PublicKeyCredentialSource,
+    PublicKeyCredentialType, PublicKeyCredentialUserEntity, SignatureAlgorithm,
 };
 use self::hid::ChannelID;
 use self::large_blobs::{LargeBlobs, MAX_MSG_SIZE};
@@ -109,9 +109,6 @@ pub const U2F_VERSION_STRING: &str = "U2F_V2";
 // TODO(#106) change to final string when ready
 pub const FIDO2_1_VERSION_STRING: &str = "FIDO_2_1_PRE";
 
-// This is the currently supported PIN protocol version.
-const PIN_PROTOCOL_VERSION: u64 = 1;
-
 // We currently only support one algorithm for signatures: ES256.
 // This algorithm is requested in MakeCredential and advertized in GetInfo.
 pub const ES256_CRED_PARAM: PublicKeyCredentialParameter = PublicKeyCredentialParameter {
@@ -119,16 +116,6 @@ pub const ES256_CRED_PARAM: PublicKeyCredentialParameter = PublicKeyCredentialPa
     alg: SignatureAlgorithm::ES256,
 };
 
-// Checks the PIN protocol parameter against all supported versions.
-pub fn check_pin_uv_auth_protocol(
-    pin_uv_auth_protocol: Option<u64>,
-) -> Result<(), Ctap2StatusCode> {
-    match pin_uv_auth_protocol {
-        Some(PIN_PROTOCOL_VERSION) => Ok(()),
-        _ => Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
-    }
-}
-
 // This function is adapted from https://doc.rust-lang.org/nightly/src/core/str/mod.rs.html#2110
 // (as of 2020-01-20) and truncates to "max" bytes, not breaking the encoding.
 // We change the return value, since we don't need the bool.
@@ -526,7 +513,7 @@ where
     fn pin_uv_auth_precheck(
         &mut self,
         pin_uv_auth_param: &Option<Vec<u8>>,
-        pin_uv_auth_protocol: Option<u64>,
+        pin_uv_auth_protocol: Option<PinUvAuthProtocol>,
         cid: ChannelID,
     ) -> Result<(), Ctap2StatusCode> {
         if let Some(auth_param) = &pin_uv_auth_param {
@@ -539,11 +526,9 @@ where
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID);
                 }
             }
-
-            check_pin_uv_auth_protocol(pin_uv_auth_protocol)
-        } else {
-            Ok(())
+            pin_uv_auth_protocol.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?;
         }
+        Ok(())
     }
 
     fn process_make_credential(
@@ -644,13 +629,16 @@ where
         // User verification depends on the PIN auth inputs, which are checked here.
         let ed_flag = if has_extension_output { ED_FLAG } else { 0 };
         let flags = match pin_uv_auth_param {
-            Some(pin_auth) => {
+            Some(pin_uv_auth_param) => {
                 if self.persistent_store.pin_hash()?.is_none() {
                     // Specification is unclear, could be CTAP2_ERR_INVALID_OPTION.
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
                 }
-                self.client_pin
-                    .verify_pin_auth_token(&client_data_hash, &pin_auth)?;
+                self.client_pin.verify_pin_uv_auth_token(
+                    &client_data_hash,
+                    &pin_uv_auth_param,
+                    pin_uv_auth_protocol.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
+                )?;
                 self.client_pin
                     .has_permission(PinPermission::MakeCredential)?;
                 self.client_pin.ensure_rp_id_permission(&rp_id)?;
@@ -932,13 +920,16 @@ where
         // not support internal UV. User presence is requested as an option.
         let has_uv = pin_uv_auth_param.is_some();
         let mut flags = match pin_uv_auth_param {
-            Some(pin_auth) => {
+            Some(pin_uv_auth_param) => {
                 if self.persistent_store.pin_hash()?.is_none() {
                     // Specification is unclear, could be CTAP2_ERR_UNSUPPORTED_OPTION.
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
                 }
-                self.client_pin
-                    .verify_pin_auth_token(&client_data_hash, &pin_auth)?;
+                self.client_pin.verify_pin_uv_auth_token(
+                    &client_data_hash,
+                    &pin_uv_auth_param,
+                    pin_uv_auth_protocol.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
+                )?;
                 self.client_pin
                     .has_permission(PinPermission::GetAssertion)?;
                 self.client_pin.ensure_rp_id_permission(&rp_id)?;
@@ -1082,7 +1073,11 @@ where
                 aaguid: self.persistent_store.aaguid()?,
                 options: Some(options_map),
                 max_msg_size: Some(MAX_MSG_SIZE as u64),
-                pin_protocols: Some(vec![PIN_PROTOCOL_VERSION]),
+                // The order implies preference. We favor the new V2.
+                pin_protocols: Some(vec![
+                    PinUvAuthProtocol::V2 as u64,
+                    PinUvAuthProtocol::V1 as u64,
+                ]),
                 max_credential_count_in_list: MAX_CREDENTIAL_COUNT_IN_LIST.map(|c| c as u64),
                 max_credential_id_length: Some(CREDENTIAL_ID_SIZE as u64),
                 transports: Some(vec![AuthenticatorTransport::Usb]),
@@ -1220,12 +1215,14 @@ where
 
 #[cfg(test)]
 mod test {
-    use super::command::AuthenticatorAttestationMaterial;
+    use super::client_pin::PIN_TOKEN_LENGTH;
+    use super::command::{AuthenticatorAttestationMaterial, AuthenticatorClientPinParameters};
     use super::data_formats::{
-        CoseKey, GetAssertionHmacSecretInput, GetAssertionOptions, MakeCredentialExtensions,
-        MakeCredentialOptions, PinUvAuthProtocol, PublicKeyCredentialRpEntity,
-        PublicKeyCredentialUserEntity,
+        ClientPinSubCommand, CoseKey, GetAssertionHmacSecretInput, GetAssertionOptions,
+        MakeCredentialExtensions, MakeCredentialOptions, PinUvAuthProtocol,
+        PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity,
     };
+    use super::pin_protocol::{authenticate_pin_uv_auth_token, PinProtocol};
     use super::*;
     use cbor::{cbor_array, cbor_array_vec, cbor_map};
     use crypto::rng256::ThreadRng256;
@@ -1316,7 +1313,7 @@ mod test {
                 "alwaysUv" => false,
             },
             0x05 => MAX_MSG_SIZE as u64,
-            0x06 => cbor_array_vec![vec![1]],
+            0x06 => cbor_array_vec![vec![2, 1]],
             0x07 => MAX_CREDENTIAL_COUNT_IN_LIST.map(|c| c as u64),
             0x08 => CREDENTIAL_ID_SIZE as u64,
             0x09 => cbor_array_vec![vec!["usb"]],
@@ -1755,6 +1752,52 @@ mod test {
         assert_eq!(stored_credential.large_blob_key.unwrap(), large_blob_key);
     }
 
+    fn test_helper_process_make_credential_with_pin_and_uv(
+        pin_uv_auth_protocol: PinUvAuthProtocol,
+    ) {
+        let mut rng = ThreadRng256 {};
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pin_uv_auth_token = [0x91; PIN_TOKEN_LENGTH];
+        let client_pin =
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, pin_uv_auth_protocol);
+
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
+        ctap_state.client_pin = client_pin;
+        ctap_state.persistent_store.set_pin(&[0x88; 16], 4).unwrap();
+
+        let client_data_hash = [0xCD];
+        let pin_uv_auth_param = authenticate_pin_uv_auth_token(
+            &pin_uv_auth_token,
+            &client_data_hash,
+            pin_uv_auth_protocol,
+        );
+        let mut make_credential_params = create_minimal_make_credential_parameters();
+        make_credential_params.options.uv = true;
+        make_credential_params.pin_uv_auth_param = Some(pin_uv_auth_param);
+        make_credential_params.pin_uv_auth_protocol = Some(pin_uv_auth_protocol);
+        let make_credential_response =
+            ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
+
+        check_make_response(
+            make_credential_response,
+            0x45,
+            &ctap_state.persistent_store.aaguid().unwrap(),
+            0x20,
+            &[],
+        );
+    }
+
+    #[test]
+    fn test_process_make_credential_with_pin_and_uv_v1() {
+        test_helper_process_make_credential_with_pin_and_uv(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_process_make_credential_with_pin_and_uv_v2() {
+        test_helper_process_make_credential_with_pin_and_uv(PinUvAuthProtocol::V2);
+    }
+
     #[test]
     fn test_non_resident_process_make_credential_with_pin() {
         let mut rng = ThreadRng256 {};
@@ -1810,7 +1853,7 @@ mod test {
         ctap_state.persistent_store.set_pin(&[0x88; 16], 4).unwrap();
         let mut make_credential_params = create_minimal_make_credential_parameters();
         make_credential_params.pin_uv_auth_param = Some(vec![0xA4; 16]);
-        make_credential_params.pin_uv_auth_protocol = Some(1);
+        make_credential_params.pin_uv_auth_protocol = Some(PinUvAuthProtocol::V1);
         let make_credential_response =
             ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
         assert_eq!(
@@ -1951,10 +1994,62 @@ mod test {
         check_assertion_response(get_assertion_response, vec![0x1D], signature_counter, None);
     }
 
-    #[test]
-    fn test_process_get_assertion_hmac_secret() {
+    fn get_assertion_hmac_secret_params(
+        key_agreement_key: crypto::ecdh::SecKey,
+        key_agreement_response: ResponseData,
+        credential_id: Option<Vec<u8>>,
+        pin_uv_auth_protocol: PinUvAuthProtocol,
+    ) -> AuthenticatorGetAssertionParameters {
         let mut rng = ThreadRng256 {};
-        let sk = crypto::ecdh::SecKey::gensk(&mut rng);
+        let platform_public_key = key_agreement_key.genpk();
+        let public_key = match key_agreement_response {
+            ResponseData::AuthenticatorClientPin(Some(client_pin_response)) => {
+                client_pin_response.key_agreement.unwrap()
+            }
+            _ => panic!("Invalid response type"),
+        };
+        let pin_protocol = PinProtocol::new_test(key_agreement_key, [0x91; 32]);
+        let shared_secret = pin_protocol
+            .decapsulate(public_key, pin_uv_auth_protocol)
+            .unwrap();
+
+        let salt = vec![0x01; 32];
+        let salt_enc = shared_secret.as_ref().encrypt(&mut rng, &salt).unwrap();
+        let salt_auth = shared_secret.authenticate(&salt_enc);
+        let hmac_secret_input = GetAssertionHmacSecretInput {
+            key_agreement: CoseKey::from(platform_public_key),
+            salt_enc,
+            salt_auth,
+            pin_uv_auth_protocol,
+        };
+        let get_extensions = GetAssertionExtensions {
+            hmac_secret: Some(hmac_secret_input),
+            ..Default::default()
+        };
+
+        let credential_descriptor = credential_id.map(|key_id| PublicKeyCredentialDescriptor {
+            key_type: PublicKeyCredentialType::PublicKey,
+            key_id,
+            transports: None,
+        });
+        let allow_list = credential_descriptor.map(|c| vec![c]);
+        AuthenticatorGetAssertionParameters {
+            rp_id: String::from("example.com"),
+            client_data_hash: vec![0xCD],
+            allow_list,
+            extensions: get_extensions,
+            options: GetAssertionOptions {
+                up: true,
+                uv: false,
+            },
+            pin_uv_auth_param: None,
+            pin_uv_auth_protocol: None,
+        }
+    }
+
+    fn test_helper_process_get_assertion_hmac_secret(pin_uv_auth_protocol: PinUvAuthProtocol) {
+        let mut rng = ThreadRng256 {};
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
@@ -1979,51 +2074,50 @@ mod test {
             _ => panic!("Invalid response type"),
         };
 
-        let pk = sk.genpk();
-        let hmac_secret_input = GetAssertionHmacSecretInput {
-            key_agreement: CoseKey::from(pk),
-            salt_enc: vec![0x02; 32],
-            salt_auth: vec![0x03; 16],
-            pin_uv_auth_protocol: PinUvAuthProtocol::V1,
-        };
-        let get_extensions = GetAssertionExtensions {
-            hmac_secret: Some(hmac_secret_input),
-            ..Default::default()
-        };
-
-        let cred_desc = PublicKeyCredentialDescriptor {
-            key_type: PublicKeyCredentialType::PublicKey,
-            key_id: credential_id,
-            transports: None,
-        };
-        let get_assertion_params = AuthenticatorGetAssertionParameters {
-            rp_id: String::from("example.com"),
-            client_data_hash: vec![0xCD],
-            allow_list: Some(vec![cred_desc]),
-            extensions: get_extensions,
-            options: GetAssertionOptions {
-                up: false,
-                uv: false,
-            },
+        let client_pin_params = AuthenticatorClientPinParameters {
+            pin_uv_auth_protocol,
+            sub_command: ClientPinSubCommand::GetKeyAgreement,
+            key_agreement: None,
             pin_uv_auth_param: None,
-            pin_uv_auth_protocol: None,
+            new_pin_enc: None,
+            pin_hash_enc: None,
+            permissions: None,
+            permissions_rp_id: None,
         };
+        let key_agreement_response = ctap_state.client_pin.process_command(
+            ctap_state.rng,
+            &mut ctap_state.persistent_store,
+            client_pin_params,
+        );
+        let get_assertion_params = get_assertion_hmac_secret_params(
+            key_agreement_key,
+            key_agreement_response.unwrap(),
+            Some(credential_id),
+            pin_uv_auth_protocol,
+        );
         let get_assertion_response = ctap_state.process_get_assertion(
             get_assertion_params,
             DUMMY_CHANNEL_ID,
             DUMMY_CLOCK_VALUE,
         );
-
-        assert_eq!(
-            get_assertion_response,
-            Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_OPTION)
-        );
+        assert!(get_assertion_response.is_ok());
     }
 
     #[test]
-    fn test_resident_process_get_assertion_hmac_secret() {
+    fn test_process_get_assertion_hmac_secret_v1() {
+        test_helper_process_get_assertion_hmac_secret(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_process_get_assertion_hmac_secret_v2() {
+        test_helper_process_get_assertion_hmac_secret(PinUvAuthProtocol::V2);
+    }
+
+    fn test_helper_resident_process_get_assertion_hmac_secret(
+        pin_uv_auth_protocol: PinUvAuthProtocol,
+    ) {
         let mut rng = ThreadRng256 {};
-        let sk = crypto::ecdh::SecKey::gensk(&mut rng);
+        let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
 
@@ -2037,40 +2131,43 @@ mod test {
             .process_make_credential(make_credential_params, DUMMY_CHANNEL_ID)
             .is_ok());
 
-        let pk = sk.genpk();
-        let hmac_secret_input = GetAssertionHmacSecretInput {
-            key_agreement: CoseKey::from(pk),
-            salt_enc: vec![0x02; 32],
-            salt_auth: vec![0x03; 16],
-            pin_uv_auth_protocol: PinUvAuthProtocol::V1,
-        };
-        let get_extensions = GetAssertionExtensions {
-            hmac_secret: Some(hmac_secret_input),
-            ..Default::default()
-        };
-
-        let get_assertion_params = AuthenticatorGetAssertionParameters {
-            rp_id: String::from("example.com"),
-            client_data_hash: vec![0xCD],
-            allow_list: None,
-            extensions: get_extensions,
-            options: GetAssertionOptions {
-                up: false,
-                uv: false,
-            },
+        let client_pin_params = AuthenticatorClientPinParameters {
+            pin_uv_auth_protocol,
+            sub_command: ClientPinSubCommand::GetKeyAgreement,
+            key_agreement: None,
             pin_uv_auth_param: None,
-            pin_uv_auth_protocol: None,
+            new_pin_enc: None,
+            pin_hash_enc: None,
+            permissions: None,
+            permissions_rp_id: None,
         };
+        let key_agreement_response = ctap_state.client_pin.process_command(
+            ctap_state.rng,
+            &mut ctap_state.persistent_store,
+            client_pin_params,
+        );
+        let get_assertion_params = get_assertion_hmac_secret_params(
+            key_agreement_key,
+            key_agreement_response.unwrap(),
+            None,
+            pin_uv_auth_protocol,
+        );
         let get_assertion_response = ctap_state.process_get_assertion(
             get_assertion_params,
             DUMMY_CHANNEL_ID,
             DUMMY_CLOCK_VALUE,
         );
+        assert!(get_assertion_response.is_ok());
+    }
 
-        assert_eq!(
-            get_assertion_response,
-            Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_OPTION)
-        );
+    #[test]
+    fn test_process_resident_get_assertion_hmac_secret_v1() {
+        test_helper_resident_process_get_assertion_hmac_secret(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_resident_process_get_assertion_hmac_secret_v2() {
+        test_helper_resident_process_get_assertion_hmac_secret(PinUvAuthProtocol::V2);
     }
 
     #[test]
@@ -2315,13 +2412,14 @@ mod test {
         assert_eq!(large_blob_key, vec![0x1C; 32]);
     }
 
-    #[test]
-    fn test_process_get_next_assertion_two_credentials_with_uv() {
+    fn test_helper_process_get_next_assertion_two_credentials_with_uv(
+        pin_uv_auth_protocol: PinUvAuthProtocol,
+    ) {
         let mut rng = ThreadRng256 {};
         let key_agreement_key = crypto::ecdh::SecKey::gensk(&mut rng);
         let pin_uv_auth_token = [0x88; 32];
         let client_pin =
-            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, PinUvAuthProtocol::V1);
+            ClientPin::new_test(key_agreement_key, pin_uv_auth_token, pin_uv_auth_protocol);
 
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
@@ -2352,22 +2450,24 @@ mod test {
 
         // The PIN length is outside of the test scope and most likely incorrect.
         ctap_state.persistent_store.set_pin(&[0u8; 16], 4).unwrap();
-        let pin_uv_auth_param = Some(vec![
-            0x6F, 0x52, 0x83, 0xBF, 0x1A, 0x91, 0xEE, 0x67, 0xE9, 0xD4, 0x4C, 0x80, 0x08, 0x79,
-            0x90, 0x8D,
-        ]);
+        let client_data_hash = vec![0xCD];
+        let pin_uv_auth_param = authenticate_pin_uv_auth_token(
+            &pin_uv_auth_token,
+            &client_data_hash,
+            pin_uv_auth_protocol,
+        );
 
         let get_assertion_params = AuthenticatorGetAssertionParameters {
             rp_id: String::from("example.com"),
-            client_data_hash: vec![0xCD],
+            client_data_hash,
             allow_list: None,
             extensions: GetAssertionExtensions::default(),
             options: GetAssertionOptions {
                 up: false,
                 uv: true,
             },
-            pin_uv_auth_param,
-            pin_uv_auth_protocol: Some(1),
+            pin_uv_auth_param: Some(pin_uv_auth_param),
+            pin_uv_auth_protocol: Some(pin_uv_auth_protocol),
         };
         let get_assertion_response = ctap_state.process_get_assertion(
             get_assertion_params,
@@ -2404,6 +2504,16 @@ mod test {
         );
     }
 
+    #[test]
+    fn test_process_get_next_assertion_two_credentials_with_uv_v1() {
+        test_helper_process_get_next_assertion_two_credentials_with_uv(PinUvAuthProtocol::V1);
+    }
+
+    #[test]
+    fn test_process_get_next_assertion_two_credentials_with_uv_v2() {
+        test_helper_process_get_next_assertion_two_credentials_with_uv(PinUvAuthProtocol::V2);
+    }
+
     #[test]
     fn test_process_get_next_assertion_three_credentials_no_uv() {
         let mut rng = ThreadRng256 {};
diff --git a/src/ctap/pin_protocol.rs b/src/ctap/pin_protocol.rs
index 912f7aa..44ae53d 100644
--- a/src/ctap/pin_protocol.rs
+++ b/src/ctap/pin_protocol.rs
@@ -94,6 +94,19 @@ impl PinProtocol {
     }
 }
 
+/// Authenticates the pinUvAuthToken for the given PIN protocol.
+#[cfg(test)]
+pub fn authenticate_pin_uv_auth_token(
+    token: &[u8; PIN_TOKEN_LENGTH],
+    message: &[u8],
+    pin_uv_auth_protocol: PinUvAuthProtocol,
+) -> Vec<u8> {
+    match pin_uv_auth_protocol {
+        PinUvAuthProtocol::V1 => hmac_256::<Sha256>(token, message)[..16].to_vec(),
+        PinUvAuthProtocol::V2 => hmac_256::<Sha256>(token, message).to_vec(),
+    }
+}
+
 /// Verifies the pinUvAuthToken for the given PIN protocol.
 pub fn verify_pin_uv_auth_token(
     token: &[u8; PIN_TOKEN_LENGTH],

From 63232cfe60ced13c6abf6876715a02e83c540f73 Mon Sep 17 00:00:00 2001
From: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
Date: Mon, 22 Mar 2021 14:03:51 +0100
Subject: [PATCH 184/192] adds PIN token state with timeouts (#296)

---
 src/ctap/client_pin.rs   | 384 +++++++++++++++++++++++++++++++--------
 src/ctap/command.rs      |   2 +-
 src/ctap/data_formats.rs |   6 +-
 src/ctap/mod.rs          |  28 ++-
 src/ctap/token_state.rs  | 277 ++++++++++++++++++++++++++++
 src/main.rs              |   4 +-
 6 files changed, 616 insertions(+), 85 deletions(-)
 create mode 100644 src/ctap/token_state.rs

diff --git a/src/ctap/client_pin.rs b/src/ctap/client_pin.rs
index a580b1b..82e7904 100644
--- a/src/ctap/client_pin.rs
+++ b/src/ctap/client_pin.rs
@@ -20,6 +20,7 @@ use super::pin_protocol::{verify_pin_uv_auth_token, PinProtocol, SharedSecret};
 use super::response::{AuthenticatorClientPinResponse, ResponseData};
 use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
+use super::token_state::PinUvAuthTokenState;
 use alloc::boxed::Box;
 use alloc::str;
 use alloc::string::String;
@@ -30,6 +31,7 @@ use crypto::sha256::Sha256;
 use crypto::Hash256;
 #[cfg(test)]
 use enum_iterator::IntoEnumIterator;
+use libtock_drivers::timer::ClockValue;
 use subtle::ConstantTimeEq;
 
 /// The prefix length of the PIN hash that is stored and compared.
@@ -104,8 +106,7 @@ pub struct ClientPin {
     pin_protocol_v1: PinProtocol,
     pin_protocol_v2: PinProtocol,
     consecutive_pin_mismatches: u8,
-    permissions: u8,
-    permissions_rp_id: Option<String>,
+    pin_uv_auth_token_state: PinUvAuthTokenState,
 }
 
 impl ClientPin {
@@ -114,8 +115,7 @@ impl ClientPin {
             pin_protocol_v1: PinProtocol::new(rng),
             pin_protocol_v2: PinProtocol::new(rng),
             consecutive_pin_mismatches: 0,
-            permissions: 0,
-            permissions_rp_id: None,
+            pin_uv_auth_token_state: PinUvAuthTokenState::new(),
         }
     }
 
@@ -290,6 +290,7 @@ impl ClientPin {
         rng: &mut impl Rng256,
         persistent_store: &mut PersistentStore,
         client_pin_params: AuthenticatorClientPinParameters,
+        now: ClockValue,
     ) -> Result<AuthenticatorClientPinResponse, Ctap2StatusCode> {
         let AuthenticatorClientPinParameters {
             pin_uv_auth_protocol,
@@ -314,14 +315,17 @@ impl ClientPin {
         if persistent_store.has_force_pin_change()? {
             return Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID);
         }
-
         let pin_token = shared_secret.encrypt(
             rng,
             self.get_pin_protocol(pin_uv_auth_protocol)
                 .get_pin_uv_auth_token(),
         )?;
-        self.permissions = 0x03;
-        self.permissions_rp_id = None;
+
+        self.pin_protocol_v1.reset_pin_uv_auth_token(rng);
+        self.pin_protocol_v2.reset_pin_uv_auth_token(rng);
+        self.pin_uv_auth_token_state
+            .begin_using_pin_uv_auth_token(now);
+        self.pin_uv_auth_token_state.set_default_permissions();
 
         Ok(AuthenticatorClientPinResponse {
             key_agreement: None,
@@ -350,6 +354,7 @@ impl ClientPin {
         rng: &mut impl Rng256,
         persistent_store: &mut PersistentStore,
         mut client_pin_params: AuthenticatorClientPinParameters,
+        now: ClockValue,
     ) -> Result<AuthenticatorClientPinResponse, Ctap2StatusCode> {
         let permissions = ok_or_missing(client_pin_params.permissions)?;
         // Mutating client_pin_params is just an optimization to move it into
@@ -364,10 +369,10 @@ impl ClientPin {
             return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
         }
 
-        let response = self.process_get_pin_token(rng, persistent_store, client_pin_params)?;
-
-        self.permissions = permissions;
-        self.permissions_rp_id = permissions_rp_id;
+        let response = self.process_get_pin_token(rng, persistent_store, client_pin_params, now)?;
+        self.pin_uv_auth_token_state.set_permissions(permissions);
+        self.pin_uv_auth_token_state
+            .set_permissions_rp_id(permissions_rp_id);
 
         Ok(response)
     }
@@ -378,6 +383,7 @@ impl ClientPin {
         rng: &mut impl Rng256,
         persistent_store: &mut PersistentStore,
         client_pin_params: AuthenticatorClientPinParameters,
+        now: ClockValue,
     ) -> Result<ResponseData, Ctap2StatusCode> {
         let response = match client_pin_params.sub_command {
             ClientPinSubCommand::GetPinRetries => {
@@ -395,7 +401,7 @@ impl ClientPin {
                 None
             }
             ClientPinSubCommand::GetPinToken => {
-                Some(self.process_get_pin_token(rng, persistent_store, client_pin_params)?)
+                Some(self.process_get_pin_token(rng, persistent_store, client_pin_params, now)?)
             }
             ClientPinSubCommand::GetPinUvAuthTokenUsingUvWithPermissions => Some(
                 self.process_get_pin_uv_auth_token_using_uv_with_permissions(client_pin_params)?,
@@ -406,6 +412,7 @@ impl ClientPin {
                     rng,
                     persistent_store,
                     client_pin_params,
+                    now,
                 )?,
             ),
         };
@@ -419,6 +426,9 @@ impl ClientPin {
         pin_uv_auth_param: &[u8],
         pin_uv_auth_protocol: PinUvAuthProtocol,
     ) -> Result<(), Ctap2StatusCode> {
+        if !self.pin_uv_auth_token_state.is_in_use() {
+            return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
+        }
         verify_pin_uv_auth_token(
             self.get_pin_protocol(pin_uv_auth_protocol)
                 .get_pin_uv_auth_token(),
@@ -435,8 +445,7 @@ impl ClientPin {
         self.pin_protocol_v2.regenerate(rng);
         self.pin_protocol_v2.reset_pin_uv_auth_token(rng);
         self.consecutive_pin_mismatches = 0;
-        self.permissions = 0;
-        self.permissions_rp_id = None;
+        self.pin_uv_auth_token_state.stop_using_pin_uv_auth_token();
     }
 
     /// Verifies, computes and encrypts the HMAC-secret outputs.
@@ -476,30 +485,43 @@ impl ClientPin {
         shared_secret.encrypt(rng, &output)
     }
 
-    /// Check if the required command's token permission is granted.
-    pub fn has_permission(&self, permission: PinPermission) -> Result<(), Ctap2StatusCode> {
-        // Relies on the fact that all permissions are represented by powers of two.
-        if permission as u8 & self.permissions != 0 {
+    /// Consumes flags and permissions related to the pinUvAuthToken.
+    pub fn clear_token_flags(&mut self) {
+        self.pin_uv_auth_token_state.clear_user_verified_flag();
+        self.pin_uv_auth_token_state
+            .clear_pin_uv_auth_token_permissions_except_lbw();
+    }
+
+    /// Updates the running timers, triggers timeout events.
+    pub fn update_timeouts(&mut self, now: ClockValue) {
+        self.pin_uv_auth_token_state
+            .pin_uv_auth_token_usage_timer_observer(now);
+    }
+
+    /// Checks if user verification is cached for use of the pinUvAuthToken.
+    pub fn check_user_verified_flag(&mut self) -> Result<(), Ctap2StatusCode> {
+        if self.pin_uv_auth_token_state.get_user_verified_flag_value() {
             Ok(())
         } else {
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         }
     }
 
+    /// Check if the required command's token permission is granted.
+    pub fn has_permission(&self, permission: PinPermission) -> Result<(), Ctap2StatusCode> {
+        self.pin_uv_auth_token_state.has_permission(permission)
+    }
+
     /// Check if no RP ID is associated with the token permission.
     pub fn has_no_rp_id_permission(&self) -> Result<(), Ctap2StatusCode> {
-        if self.permissions_rp_id.is_some() {
-            return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
-        }
-        Ok(())
+        self.pin_uv_auth_token_state.has_no_permissions_rp_id()
     }
 
     /// Check if no or the passed RP ID is associated with the token permission.
     pub fn has_no_or_rp_id_permission(&mut self, rp_id: &str) -> Result<(), Ctap2StatusCode> {
-        match &self.permissions_rp_id {
-            Some(p) if rp_id != p => Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
-            _ => Ok(()),
-        }
+        self.pin_uv_auth_token_state
+            .has_no_permissions_rp_id()
+            .or_else(|_| self.pin_uv_auth_token_state.has_permissions_rp_id(rp_id))
     }
 
     /// Check if no RP ID is associated with the token permission, or it matches the hash.
@@ -507,26 +529,28 @@ impl ClientPin {
         &self,
         rp_id_hash: &[u8],
     ) -> Result<(), Ctap2StatusCode> {
-        match &self.permissions_rp_id {
-            Some(p) if rp_id_hash != Sha256::hash(p.as_bytes()) => {
-                Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
-            }
-            _ => Ok(()),
-        }
+        self.pin_uv_auth_token_state
+            .has_no_permissions_rp_id()
+            .or_else(|_| {
+                self.pin_uv_auth_token_state
+                    .has_permissions_rp_id_hash(rp_id_hash)
+            })
     }
 
     /// Check if the passed RP ID is associated with the token permission.
     ///
     /// If no RP ID is associated, associate the passed RP ID as a side effect.
     pub fn ensure_rp_id_permission(&mut self, rp_id: &str) -> Result<(), Ctap2StatusCode> {
-        match &self.permissions_rp_id {
-            Some(p) if rp_id != p => Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
-            None => {
-                self.permissions_rp_id = Some(String::from(rp_id));
-                Ok(())
-            }
-            _ => Ok(()),
+        if self
+            .pin_uv_auth_token_state
+            .has_no_permissions_rp_id()
+            .is_ok()
+        {
+            self.pin_uv_auth_token_state
+                .set_permissions_rp_id(Some(String::from(rp_id)));
+            return Ok(());
         }
+        self.pin_uv_auth_token_state.has_permissions_rp_id(rp_id)
     }
 
     #[cfg(test)]
@@ -541,12 +565,16 @@ impl ClientPin {
             PinUvAuthProtocol::V1 => (key_agreement_key, crypto::ecdh::SecKey::gensk(&mut rng)),
             PinUvAuthProtocol::V2 => (crypto::ecdh::SecKey::gensk(&mut rng), key_agreement_key),
         };
+        let mut pin_uv_auth_token_state = PinUvAuthTokenState::new();
+        pin_uv_auth_token_state.set_permissions(0xFF);
+        const CLOCK_FREQUENCY_HZ: usize = 32768;
+        const DUMMY_CLOCK_VALUE: ClockValue = ClockValue::new(0, CLOCK_FREQUENCY_HZ);
+        pin_uv_auth_token_state.begin_using_pin_uv_auth_token(DUMMY_CLOCK_VALUE);
         ClientPin {
             pin_protocol_v1: PinProtocol::new_test(key_agreement_key_v1, pin_uv_auth_token),
             pin_protocol_v2: PinProtocol::new_test(key_agreement_key_v2, pin_uv_auth_token),
             consecutive_pin_mismatches: 0,
-            permissions: 0xFF,
-            permissions_rp_id: None,
+            pin_uv_auth_token_state,
         }
     }
 }
@@ -557,6 +585,10 @@ mod test {
     use super::*;
     use alloc::vec;
     use crypto::rng256::ThreadRng256;
+    use libtock_drivers::timer::Duration;
+
+    const CLOCK_FREQUENCY_HZ: usize = 32768;
+    const DUMMY_CLOCK_VALUE: ClockValue = ClockValue::new(0, CLOCK_FREQUENCY_HZ);
 
     /// Stores a PIN hash corresponding to the dummy PIN "1234".
     fn set_standard_pin(persistent_store: &mut PersistentStore) {
@@ -782,7 +814,7 @@ mod test {
             retries: Some(persistent_store.pin_retries().unwrap() as u64),
         });
         assert_eq!(
-            client_pin.process_command(&mut rng, &mut persistent_store, params),
+            client_pin.process_command(&mut rng, &mut persistent_store, params, DUMMY_CLOCK_VALUE),
             Ok(ResponseData::AuthenticatorClientPin(expected_response))
         );
     }
@@ -810,7 +842,7 @@ mod test {
             retries: None,
         });
         assert_eq!(
-            client_pin.process_command(&mut rng, &mut persistent_store, params),
+            client_pin.process_command(&mut rng, &mut persistent_store, params, DUMMY_CLOCK_VALUE),
             Ok(ResponseData::AuthenticatorClientPin(expected_response))
         );
     }
@@ -831,7 +863,7 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         assert_eq!(
-            client_pin.process_command(&mut rng, &mut persistent_store, params),
+            client_pin.process_command(&mut rng, &mut persistent_store, params, DUMMY_CLOCK_VALUE),
             Ok(ResponseData::AuthenticatorClientPin(None))
         );
     }
@@ -865,14 +897,24 @@ mod test {
         let pin_uv_auth_param = shared_secret.authenticate(&auth_param_data);
         params.pin_uv_auth_param = Some(pin_uv_auth_param);
         assert_eq!(
-            client_pin.process_command(&mut rng, &mut persistent_store, params.clone()),
+            client_pin.process_command(
+                &mut rng,
+                &mut persistent_store,
+                params.clone(),
+                DUMMY_CLOCK_VALUE
+            ),
             Ok(ResponseData::AuthenticatorClientPin(None))
         );
 
         let mut bad_params = params.clone();
         bad_params.pin_hash_enc = Some(vec![0xEE; 16]);
         assert_eq!(
-            client_pin.process_command(&mut rng, &mut persistent_store, bad_params),
+            client_pin.process_command(
+                &mut rng,
+                &mut persistent_store,
+                bad_params,
+                DUMMY_CLOCK_VALUE
+            ),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         );
 
@@ -880,7 +922,7 @@ mod test {
             persistent_store.decr_pin_retries().unwrap();
         }
         assert_eq!(
-            client_pin.process_command(&mut rng, &mut persistent_store, params),
+            client_pin.process_command(&mut rng, &mut persistent_store, params, DUMMY_CLOCK_VALUE),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_BLOCKED)
         );
     }
@@ -905,13 +947,41 @@ mod test {
         set_standard_pin(&mut persistent_store);
 
         assert!(client_pin
-            .process_command(&mut rng, &mut persistent_store, params.clone())
+            .process_command(
+                &mut rng,
+                &mut persistent_store,
+                params.clone(),
+                DUMMY_CLOCK_VALUE
+            )
             .is_ok());
+        assert_eq!(
+            client_pin
+                .pin_uv_auth_token_state
+                .has_permission(PinPermission::MakeCredential),
+            Ok(())
+        );
+        assert_eq!(
+            client_pin
+                .pin_uv_auth_token_state
+                .has_permission(PinPermission::GetAssertion),
+            Ok(())
+        );
+        assert_eq!(
+            client_pin
+                .pin_uv_auth_token_state
+                .has_no_permissions_rp_id(),
+            Ok(())
+        );
 
         let mut bad_params = params;
         bad_params.pin_hash_enc = Some(vec![0xEE; 16]);
         assert_eq!(
-            client_pin.process_command(&mut rng, &mut persistent_store, bad_params),
+            client_pin.process_command(
+                &mut rng,
+                &mut persistent_store,
+                bad_params,
+                DUMMY_CLOCK_VALUE
+            ),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID)
         );
     }
@@ -937,7 +1007,7 @@ mod test {
 
         assert_eq!(persistent_store.force_pin_change(), Ok(()));
         assert_eq!(
-            client_pin.process_command(&mut rng, &mut persistent_store, params),
+            client_pin.process_command(&mut rng, &mut persistent_store, params, DUMMY_CLOCK_VALUE),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID),
         );
     }
@@ -964,32 +1034,65 @@ mod test {
         set_standard_pin(&mut persistent_store);
 
         assert!(client_pin
-            .process_command(&mut rng, &mut persistent_store, params.clone())
+            .process_command(
+                &mut rng,
+                &mut persistent_store,
+                params.clone(),
+                DUMMY_CLOCK_VALUE
+            )
             .is_ok());
-        assert_eq!(client_pin.permissions, 0x03);
         assert_eq!(
-            client_pin.permissions_rp_id,
-            Some(String::from("example.com"))
+            client_pin
+                .pin_uv_auth_token_state
+                .has_permission(PinPermission::MakeCredential),
+            Ok(())
+        );
+        assert_eq!(
+            client_pin
+                .pin_uv_auth_token_state
+                .has_permission(PinPermission::GetAssertion),
+            Ok(())
+        );
+        assert_eq!(
+            client_pin
+                .pin_uv_auth_token_state
+                .has_permissions_rp_id("example.com"),
+            Ok(())
         );
 
         let mut bad_params = params.clone();
         bad_params.permissions = Some(0x00);
         assert_eq!(
-            client_pin.process_command(&mut rng, &mut persistent_store, bad_params),
+            client_pin.process_command(
+                &mut rng,
+                &mut persistent_store,
+                bad_params,
+                DUMMY_CLOCK_VALUE
+            ),
             Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
         );
 
         let mut bad_params = params.clone();
         bad_params.permissions_rp_id = None;
         assert_eq!(
-            client_pin.process_command(&mut rng, &mut persistent_store, bad_params),
+            client_pin.process_command(
+                &mut rng,
+                &mut persistent_store,
+                bad_params,
+                DUMMY_CLOCK_VALUE
+            ),
             Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)
         );
 
         let mut bad_params = params;
         bad_params.pin_hash_enc = Some(vec![0xEE; 16]);
         assert_eq!(
-            client_pin.process_command(&mut rng, &mut persistent_store, bad_params),
+            client_pin.process_command(
+                &mut rng,
+                &mut persistent_store,
+                bad_params,
+                DUMMY_CLOCK_VALUE
+            ),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID)
         );
     }
@@ -1017,7 +1120,7 @@ mod test {
 
         assert_eq!(persistent_store.force_pin_change(), Ok(()));
         assert_eq!(
-            client_pin.process_command(&mut rng, &mut persistent_store, params),
+            client_pin.process_command(&mut rng, &mut persistent_store, params, DUMMY_CLOCK_VALUE),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID)
         );
     }
@@ -1275,14 +1378,21 @@ mod test {
     fn test_has_permission() {
         let mut rng = ThreadRng256 {};
         let mut client_pin = ClientPin::new(&mut rng);
-        client_pin.permissions = 0x7F;
-        for permission in PinPermission::into_enum_iter() {
-            assert_eq!(client_pin.has_permission(permission), Ok(()));
-        }
-        client_pin.permissions = 0x00;
+        client_pin.pin_uv_auth_token_state.set_permissions(0x7F);
         for permission in PinPermission::into_enum_iter() {
             assert_eq!(
-                client_pin.has_permission(permission),
+                client_pin
+                    .pin_uv_auth_token_state
+                    .has_permission(permission),
+                Ok(())
+            );
+        }
+        client_pin.pin_uv_auth_token_state.set_permissions(0x00);
+        for permission in PinPermission::into_enum_iter() {
+            assert_eq!(
+                client_pin
+                    .pin_uv_auth_token_state
+                    .has_permission(permission),
                 Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
             );
         }
@@ -1293,8 +1403,9 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut client_pin = ClientPin::new(&mut rng);
         assert_eq!(client_pin.has_no_rp_id_permission(), Ok(()));
-        assert_eq!(client_pin.permissions_rp_id, None);
-        client_pin.permissions_rp_id = Some("example.com".to_string());
+        client_pin
+            .pin_uv_auth_token_state
+            .set_permissions_rp_id(Some("example.com".to_string()));
         assert_eq!(
             client_pin.has_no_rp_id_permission(),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
@@ -1306,8 +1417,9 @@ mod test {
         let mut rng = ThreadRng256 {};
         let mut client_pin = ClientPin::new(&mut rng);
         assert_eq!(client_pin.has_no_or_rp_id_permission("example.com"), Ok(()));
-        assert_eq!(client_pin.permissions_rp_id, None);
-        client_pin.permissions_rp_id = Some("example.com".to_string());
+        client_pin
+            .pin_uv_auth_token_state
+            .set_permissions_rp_id(Some("example.com".to_string()));
         assert_eq!(client_pin.has_no_or_rp_id_permission("example.com"), Ok(()));
         assert_eq!(
             client_pin.has_no_or_rp_id_permission("another.example.com"),
@@ -1324,8 +1436,9 @@ mod test {
             client_pin.has_no_or_rp_id_hash_permission(&rp_id_hash),
             Ok(())
         );
-        assert_eq!(client_pin.permissions_rp_id, None);
-        client_pin.permissions_rp_id = Some("example.com".to_string());
+        client_pin
+            .pin_uv_auth_token_state
+            .set_permissions_rp_id(Some("example.com".to_string()));
         assert_eq!(
             client_pin.has_no_or_rp_id_hash_permission(&rp_id_hash),
             Ok(())
@@ -1342,12 +1455,14 @@ mod test {
         let mut client_pin = ClientPin::new(&mut rng);
         assert_eq!(client_pin.ensure_rp_id_permission("example.com"), Ok(()));
         assert_eq!(
-            client_pin.permissions_rp_id,
-            Some(String::from("example.com"))
+            client_pin
+                .pin_uv_auth_token_state
+                .has_permissions_rp_id("example.com"),
+            Ok(())
         );
         assert_eq!(client_pin.ensure_rp_id_permission("example.com"), Ok(()));
         assert_eq!(
-            client_pin.ensure_rp_id_permission("counter-example.com"),
+            client_pin.ensure_rp_id_permission("another.example.com"),
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
         );
     }
@@ -1355,8 +1470,11 @@ mod test {
     #[test]
     fn test_verify_pin_uv_auth_token() {
         let mut rng = ThreadRng256 {};
-        let client_pin = ClientPin::new(&mut rng);
+        let mut client_pin = ClientPin::new(&mut rng);
         let message = [0xAA];
+        client_pin
+            .pin_uv_auth_token_state
+            .begin_using_pin_uv_auth_token(DUMMY_CLOCK_VALUE);
 
         let pin_uv_auth_token_v1 = client_pin
             .get_pin_protocol(PinUvAuthProtocol::V1)
@@ -1423,6 +1541,28 @@ mod test {
         );
     }
 
+    #[test]
+    fn test_verify_pin_uv_auth_token_not_in_use() {
+        let mut rng = ThreadRng256 {};
+        let client_pin = ClientPin::new(&mut rng);
+        let message = [0xAA];
+
+        let pin_uv_auth_token_v1 = client_pin
+            .get_pin_protocol(PinUvAuthProtocol::V1)
+            .get_pin_uv_auth_token();
+        let pin_uv_auth_param_v1 =
+            authenticate_pin_uv_auth_token(&pin_uv_auth_token_v1, &message, PinUvAuthProtocol::V1);
+
+        assert_eq!(
+            client_pin.verify_pin_uv_auth_token(
+                &message,
+                &pin_uv_auth_param_v1,
+                PinUvAuthProtocol::V1
+            ),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+    }
+
     #[test]
     fn test_reset() {
         let mut rng = ThreadRng256 {};
@@ -1431,8 +1571,10 @@ mod test {
         let public_key_v2 = client_pin.pin_protocol_v2.get_public_key();
         let token_v1 = *client_pin.pin_protocol_v1.get_pin_uv_auth_token();
         let token_v2 = *client_pin.pin_protocol_v2.get_pin_uv_auth_token();
-        client_pin.permissions = 0xFF;
-        client_pin.permissions_rp_id = Some(String::from("example.com"));
+        client_pin.pin_uv_auth_token_state.set_permissions(0xFF);
+        client_pin
+            .pin_uv_auth_token_state
+            .set_permissions_rp_id(Some(String::from("example.com")));
         client_pin.reset(&mut rng);
         assert_ne!(public_key_v1, client_pin.pin_protocol_v1.get_public_key());
         assert_ne!(public_key_v2, client_pin.pin_protocol_v2.get_public_key());
@@ -1452,4 +1594,94 @@ mod test {
         }
         assert_eq!(client_pin.has_no_rp_id_permission(), Ok(()));
     }
+
+    #[test]
+    fn test_update_timeouts() {
+        let (mut client_pin, mut params) = create_client_pin_and_parameters(
+            PinUvAuthProtocol::V2,
+            ClientPinSubCommand::GetPinUvAuthTokenUsingPinWithPermissions,
+        );
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        set_standard_pin(&mut persistent_store);
+        params.permissions = Some(0xFF);
+
+        assert!(client_pin
+            .process_command(&mut rng, &mut persistent_store, params, DUMMY_CLOCK_VALUE)
+            .is_ok());
+        for permission in PinPermission::into_enum_iter() {
+            assert_eq!(
+                client_pin
+                    .pin_uv_auth_token_state
+                    .has_permission(permission),
+                Ok(())
+            );
+        }
+        assert_eq!(
+            client_pin
+                .pin_uv_auth_token_state
+                .has_permissions_rp_id("example.com"),
+            Ok(())
+        );
+
+        let timeout = DUMMY_CLOCK_VALUE.wrapping_add(Duration::from_ms(30001));
+        client_pin.update_timeouts(timeout);
+        for permission in PinPermission::into_enum_iter() {
+            assert_eq!(
+                client_pin
+                    .pin_uv_auth_token_state
+                    .has_permission(permission),
+                Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+            );
+        }
+        assert_eq!(
+            client_pin
+                .pin_uv_auth_token_state
+                .has_permissions_rp_id("example.com"),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+    }
+
+    #[test]
+    fn test_clear_token_flags() {
+        let (mut client_pin, mut params) = create_client_pin_and_parameters(
+            PinUvAuthProtocol::V2,
+            ClientPinSubCommand::GetPinUvAuthTokenUsingPinWithPermissions,
+        );
+        let mut rng = ThreadRng256 {};
+        let mut persistent_store = PersistentStore::new(&mut rng);
+        set_standard_pin(&mut persistent_store);
+        params.permissions = Some(0xFF);
+
+        assert!(client_pin
+            .process_command(&mut rng, &mut persistent_store, params, DUMMY_CLOCK_VALUE)
+            .is_ok());
+        for permission in PinPermission::into_enum_iter() {
+            assert_eq!(
+                client_pin
+                    .pin_uv_auth_token_state
+                    .has_permission(permission),
+                Ok(())
+            );
+        }
+        assert_eq!(client_pin.check_user_verified_flag(), Ok(()));
+
+        client_pin.clear_token_flags();
+        assert_eq!(
+            client_pin
+                .pin_uv_auth_token_state
+                .has_permission(PinPermission::CredentialManagement),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+        assert_eq!(
+            client_pin
+                .pin_uv_auth_token_state
+                .has_permission(PinPermission::LargeBlobWrite),
+            Ok(())
+        );
+        assert_eq!(
+            client_pin.check_user_verified_flag(),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+    }
 }
diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index c0ecb2d..4616b02 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -143,7 +143,7 @@ impl Command {
     }
 }
 
-#[derive(Debug, PartialEq)]
+#[derive(Clone, Debug, PartialEq)]
 pub struct AuthenticatorMakeCredentialParameters {
     pub client_data_hash: Vec<u8>,
     pub rp: PublicKeyCredentialRpEntity,
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index 84fe721..1721e62 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -148,7 +148,7 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialType {
 }
 
 // https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialparameters
-#[derive(Debug, PartialEq)]
+#[derive(Clone, Debug, PartialEq)]
 pub struct PublicKeyCredentialParameter {
     pub cred_type: PublicKeyCredentialType,
     pub alg: SignatureAlgorithm,
@@ -387,7 +387,7 @@ impl TryFrom<cbor::Value> for GetAssertionHmacSecretInput {
 }
 
 // Even though options are optional, we can use the default if not present.
-#[derive(Debug, Default, PartialEq)]
+#[derive(Clone, Debug, Default, PartialEq)]
 pub struct MakeCredentialOptions {
     pub rk: bool,
     pub uv: bool,
@@ -484,7 +484,7 @@ impl From<PackedAttestationStatement> for cbor::Value {
     }
 }
 
-#[derive(Debug, PartialEq)]
+#[derive(Clone, Debug, PartialEq)]
 pub enum SignatureAlgorithm {
     ES256 = ES256_ALGORITHM as isize,
     // This is the default for all numbers not covered above.
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 83db5a9..46d805b 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -29,6 +29,7 @@ pub mod response;
 pub mod status_code;
 mod storage;
 mod timed_permission;
+mod token_state;
 
 use self::client_pin::{ClientPin, PinPermission};
 use self::command::{
@@ -301,11 +302,12 @@ where
         }
     }
 
-    pub fn update_command_permission(&mut self, now: ClockValue) {
+    pub fn update_timeouts(&mut self, now: ClockValue) {
         // Ignore the result, just update.
         let _ = self
             .stateful_command_permission
             .check_command_permission(now);
+        self.client_pin.update_timeouts(now);
     }
 
     pub fn increment_global_signature_counter(&mut self) -> Result<(), Ctap2StatusCode> {
@@ -465,6 +467,7 @@ where
                         self.rng,
                         &mut self.persistent_store,
                         params,
+                        now,
                     ),
                     Command::AuthenticatorReset => self.process_reset(cid, now),
                     Command::AuthenticatorCredentialManagement(params) => {
@@ -641,6 +644,10 @@ where
                 )?;
                 self.client_pin
                     .has_permission(PinPermission::MakeCredential)?;
+                self.client_pin.check_user_verified_flag()?;
+                // Checking for the correct permissions_rp_id is specified earlier.
+                // Error codes are identical though, so the implementation can be identical with
+                // GetAssertion.
                 self.client_pin.ensure_rp_id_permission(&rp_id)?;
                 UP_FLAG | UV_FLAG | AT_FLAG | ed_flag
             }
@@ -660,6 +667,7 @@ where
         };
 
         (self.check_user_presence)(cid)?;
+        self.client_pin.clear_token_flags();
 
         let sk = crypto::ecdsa::SecKey::gensk(self.rng);
         let pk = sk.genpk();
@@ -932,6 +940,10 @@ where
                 )?;
                 self.client_pin
                     .has_permission(PinPermission::GetAssertion)?;
+                // Checking for the UV flag is specified earlier for GetAssertion.
+                // Error codes are identical though, so the implementation can be identical with
+                // MakeCredential.
+                self.client_pin.check_user_verified_flag()?;
                 self.client_pin.ensure_rp_id_permission(&rp_id)?;
                 UV_FLAG
             }
@@ -987,6 +999,7 @@ where
         // For CTAP 2.1, it was moved to a later protocol step.
         if options.up {
             (self.check_user_presence)(cid)?;
+            self.client_pin.clear_token_flags();
         }
 
         let credential = credential.ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)?;
@@ -1777,7 +1790,7 @@ mod test {
         make_credential_params.pin_uv_auth_param = Some(pin_uv_auth_param);
         make_credential_params.pin_uv_auth_protocol = Some(pin_uv_auth_protocol);
         let make_credential_response =
-            ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
+            ctap_state.process_make_credential(make_credential_params.clone(), DUMMY_CHANNEL_ID);
 
         check_make_response(
             make_credential_response,
@@ -1786,6 +1799,13 @@ mod test {
             0x20,
             &[],
         );
+
+        let make_credential_response =
+            ctap_state.process_make_credential(make_credential_params, DUMMY_CHANNEL_ID);
+        assert_eq!(
+            make_credential_response,
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        )
     }
 
     #[test]
@@ -2088,6 +2108,7 @@ mod test {
             ctap_state.rng,
             &mut ctap_state.persistent_store,
             client_pin_params,
+            DUMMY_CLOCK_VALUE,
         );
         let get_assertion_params = get_assertion_hmac_secret_params(
             key_agreement_key,
@@ -2145,6 +2166,7 @@ mod test {
             ctap_state.rng,
             &mut ctap_state.persistent_store,
             client_pin_params,
+            DUMMY_CLOCK_VALUE,
         );
         let get_assertion_params = get_assertion_hmac_secret_params(
             key_agreement_key,
@@ -2423,7 +2445,6 @@ mod test {
 
         let user_immediately_present = |_| Ok(());
         let mut ctap_state = CtapState::new(&mut rng, user_immediately_present, DUMMY_CLOCK_VALUE);
-        ctap_state.client_pin = client_pin;
 
         let mut make_credential_params = create_minimal_make_credential_parameters();
         let user1 = PublicKeyCredentialUserEntity {
@@ -2448,6 +2469,7 @@ mod test {
             .process_make_credential(make_credential_params, DUMMY_CHANNEL_ID)
             .is_ok());
 
+        ctap_state.client_pin = client_pin;
         // The PIN length is outside of the test scope and most likely incorrect.
         ctap_state.persistent_store.set_pin(&[0u8; 16], 4).unwrap();
         let client_data_hash = vec![0xCD];
diff --git a/src/ctap/token_state.rs b/src/ctap/token_state.rs
new file mode 100644
index 0000000..fea0f3c
--- /dev/null
+++ b/src/ctap/token_state.rs
@@ -0,0 +1,277 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use crate::ctap::client_pin::PinPermission;
+use crate::ctap::status_code::Ctap2StatusCode;
+use crate::ctap::timed_permission::TimedPermission;
+use alloc::string::String;
+use crypto::sha256::Sha256;
+use crypto::Hash256;
+use libtock_drivers::timer::{ClockValue, Duration};
+
+/// Timeout for auth tokens.
+///
+/// This usage time limit is correct for USB, BLE, and internal.
+/// NFC only allows 19.8 seconds.
+/// TODO(#15) multiplex over transports, add NFC
+const INITIAL_USAGE_TIME_LIMIT: Duration<isize> = Duration::from_ms(30000);
+
+/// Implements pinUvAuthToken state from section 6.5.2.1.
+///
+/// The userPresent flag is omitted as the only way to set it to true is
+/// built-in user verification. Therefore, we never cache user presence.
+///
+/// This implementation does not use a rolling timer.
+pub struct PinUvAuthTokenState {
+    // Relies on the fact that all permissions are represented by powers of two.
+    permissions_set: u8,
+    permissions_rp_id: Option<String>,
+    usage_timer: TimedPermission,
+    user_verified: bool,
+    in_use: bool,
+}
+
+impl PinUvAuthTokenState {
+    /// Creates a pinUvAuthToken state without permissions.
+    pub fn new() -> PinUvAuthTokenState {
+        PinUvAuthTokenState {
+            permissions_set: 0,
+            permissions_rp_id: None,
+            usage_timer: TimedPermission::waiting(),
+            user_verified: false,
+            in_use: false,
+        }
+    }
+
+    /// Returns whether the pinUvAuthToken is active.
+    pub fn is_in_use(&self) -> bool {
+        self.in_use
+    }
+
+    /// Checks if the permission is granted.
+    pub fn has_permission(&self, permission: PinPermission) -> Result<(), Ctap2StatusCode> {
+        if permission as u8 & self.permissions_set != 0 {
+            Ok(())
+        } else {
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        }
+    }
+
+    /// Checks if there is no associated permissions RPID.
+    pub fn has_no_permissions_rp_id(&self) -> Result<(), Ctap2StatusCode> {
+        if self.permissions_rp_id.is_some() {
+            return Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID);
+        }
+        Ok(())
+    }
+
+    /// Checks if the permissions RPID is associated.
+    pub fn has_permissions_rp_id(&self, rp_id: &str) -> Result<(), Ctap2StatusCode> {
+        match &self.permissions_rp_id {
+            Some(p) if rp_id == p => Ok(()),
+            _ => Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
+        }
+    }
+
+    /// Checks if the permissions RPID's association matches the hash.
+    pub fn has_permissions_rp_id_hash(&self, rp_id_hash: &[u8]) -> Result<(), Ctap2StatusCode> {
+        match &self.permissions_rp_id {
+            Some(p) if rp_id_hash == Sha256::hash(p.as_bytes()) => Ok(()),
+            _ => Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID),
+        }
+    }
+
+    /// Sets the permissions, represented as bits in a byte.
+    pub fn set_permissions(&mut self, permissions: u8) {
+        self.permissions_set = permissions;
+    }
+
+    /// Sets the permissions RPID.
+    pub fn set_permissions_rp_id(&mut self, permissions_rp_id: Option<String>) {
+        self.permissions_rp_id = permissions_rp_id;
+    }
+
+    /// Sets the default permissions.
+    ///
+    /// Allows MakeCredential and GetAssertion, without specifying a RP ID.
+    pub fn set_default_permissions(&mut self) {
+        self.set_permissions(0x03);
+        self.set_permissions_rp_id(None);
+    }
+
+    /// Starts the timer for pinUvAuthToken usage.
+    pub fn begin_using_pin_uv_auth_token(&mut self, now: ClockValue) {
+        self.user_verified = true;
+        self.usage_timer = TimedPermission::granted(now, INITIAL_USAGE_TIME_LIMIT);
+        self.in_use = true;
+    }
+
+    /// Updates the usage timer, and disables the pinUvAuthToken on timeout.
+    pub fn pin_uv_auth_token_usage_timer_observer(&mut self, now: ClockValue) {
+        if !self.in_use {
+            return;
+        }
+        self.usage_timer = self.usage_timer.check_expiration(now);
+        if !self.usage_timer.is_granted(now) {
+            self.stop_using_pin_uv_auth_token();
+        }
+    }
+
+    /// Returns whether the user is verified.
+    pub fn get_user_verified_flag_value(&self) -> bool {
+        self.in_use && self.user_verified
+    }
+
+    /// Consumes the user verification.
+    pub fn clear_user_verified_flag(&mut self) {
+        self.user_verified = false;
+    }
+
+    /// Clears all permissions except Large Blob Write.
+    pub fn clear_pin_uv_auth_token_permissions_except_lbw(&mut self) {
+        self.permissions_set &= PinPermission::LargeBlobWrite as u8;
+    }
+
+    /// Resets to the initial state.
+    pub fn stop_using_pin_uv_auth_token(&mut self) {
+        self.permissions_rp_id = None;
+        self.permissions_set = 0;
+        self.usage_timer = TimedPermission::waiting();
+        self.user_verified = false;
+        self.in_use = false;
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+    use enum_iterator::IntoEnumIterator;
+
+    const CLOCK_FREQUENCY_HZ: usize = 32768;
+    const START_CLOCK_VALUE: ClockValue = ClockValue::new(0, CLOCK_FREQUENCY_HZ);
+    const SMALL_DURATION: Duration<isize> = Duration::from_ms(100);
+
+    #[test]
+    fn test_observer() {
+        let mut token_state = PinUvAuthTokenState::new();
+        let mut now = START_CLOCK_VALUE;
+        token_state.begin_using_pin_uv_auth_token(now);
+        assert!(token_state.is_in_use());
+        now = now.wrapping_add(SMALL_DURATION);
+        token_state.pin_uv_auth_token_usage_timer_observer(now);
+        assert!(token_state.is_in_use());
+        now = now.wrapping_add(INITIAL_USAGE_TIME_LIMIT);
+        token_state.pin_uv_auth_token_usage_timer_observer(now);
+        assert!(!token_state.is_in_use());
+    }
+
+    #[test]
+    fn test_stop() {
+        let mut token_state = PinUvAuthTokenState::new();
+        token_state.begin_using_pin_uv_auth_token(START_CLOCK_VALUE);
+        assert!(token_state.is_in_use());
+        token_state.stop_using_pin_uv_auth_token();
+        assert!(!token_state.is_in_use());
+    }
+
+    #[test]
+    fn test_permissions() {
+        let mut token_state = PinUvAuthTokenState::new();
+        token_state.set_permissions(0xFF);
+        for permission in PinPermission::into_enum_iter() {
+            assert_eq!(token_state.has_permission(permission), Ok(()));
+        }
+        token_state.clear_pin_uv_auth_token_permissions_except_lbw();
+        assert_eq!(
+            token_state.has_permission(PinPermission::CredentialManagement),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+        assert_eq!(
+            token_state.has_permission(PinPermission::LargeBlobWrite),
+            Ok(())
+        );
+        token_state.stop_using_pin_uv_auth_token();
+        for permission in PinPermission::into_enum_iter() {
+            assert_eq!(
+                token_state.has_permission(permission),
+                Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+            );
+        }
+    }
+
+    #[test]
+    fn test_permissions_rp_id_none() {
+        let mut token_state = PinUvAuthTokenState::new();
+        let example_hash = Sha256::hash(b"example.com");
+        token_state.set_permissions_rp_id(None);
+        assert_eq!(token_state.has_no_permissions_rp_id(), Ok(()));
+        assert_eq!(
+            token_state.has_permissions_rp_id("example.com"),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+        assert_eq!(
+            token_state.has_permissions_rp_id_hash(&example_hash),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+    }
+
+    #[test]
+    fn test_permissions_rp_id_some() {
+        let mut token_state = PinUvAuthTokenState::new();
+        let example_hash = Sha256::hash(b"example.com");
+        token_state.set_permissions_rp_id(Some(String::from("example.com")));
+
+        assert_eq!(
+            token_state.has_no_permissions_rp_id(),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+        assert_eq!(token_state.has_permissions_rp_id("example.com"), Ok(()));
+        assert_eq!(
+            token_state.has_permissions_rp_id("another.example.com"),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+        assert_eq!(
+            token_state.has_permissions_rp_id_hash(&example_hash),
+            Ok(())
+        );
+        assert_eq!(
+            token_state.has_permissions_rp_id_hash(&[0x1D; 32]),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+
+        token_state.stop_using_pin_uv_auth_token();
+        assert_eq!(
+            token_state.has_permissions_rp_id("example.com"),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+        assert_eq!(
+            token_state.has_permissions_rp_id_hash(&example_hash),
+            Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)
+        );
+    }
+
+    #[test]
+    fn test_user_verified_flag() {
+        let mut token_state = PinUvAuthTokenState::new();
+        assert!(!token_state.get_user_verified_flag_value());
+        token_state.begin_using_pin_uv_auth_token(START_CLOCK_VALUE);
+        assert!(token_state.get_user_verified_flag_value());
+        token_state.clear_user_verified_flag();
+        assert!(!token_state.get_user_verified_flag_value());
+        token_state.begin_using_pin_uv_auth_token(START_CLOCK_VALUE);
+        assert!(token_state.get_user_verified_flag_value());
+        token_state.stop_using_pin_uv_auth_token();
+        assert!(!token_state.get_user_verified_flag_value());
+    }
+}
diff --git a/src/main.rs b/src/main.rs
index 2ca12a8..202a1ea 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -120,8 +120,8 @@ fn main() {
         }
 
         // These calls are making sure that even for long inactivity, wrapping clock values
-        // never randomly wink or grant user presence for U2F.
-        ctap_state.update_command_permission(now);
+        // don't cause problems with timers.
+        ctap_state.update_timeouts(now);
         ctap_hid.wink_permission = ctap_hid.wink_permission.check_expiration(now);
 
         if has_packet {

From c596f785fff92d7b96a472b1e09ae230afd6518c Mon Sep 17 00:00:00 2001
From: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
Date: Tue, 23 Mar 2021 12:07:15 +0100
Subject: [PATCH 185/192] Output parameters for CTAP2.1 (#297)

* finalizes output parameters for CTAP2.1

* explanation for internal UV
---
 src/ctap/client_pin.rs | 24 +++++++++++++++++++++-
 src/ctap/mod.rs        |  1 +
 src/ctap/response.rs   | 45 +++++++++++++++++++++++++++++++++++++-----
 3 files changed, 64 insertions(+), 6 deletions(-)

diff --git a/src/ctap/client_pin.rs b/src/ctap/client_pin.rs
index 82e7904..96c3f02 100644
--- a/src/ctap/client_pin.rs
+++ b/src/ctap/client_pin.rs
@@ -200,6 +200,7 @@ impl ClientPin {
             key_agreement: None,
             pin_token: None,
             retries: Some(persistent_store.pin_retries()? as u64),
+            power_cycle_state: Some(self.consecutive_pin_mismatches >= 3),
         })
     }
 
@@ -215,6 +216,7 @@ impl ClientPin {
             key_agreement,
             pin_token: None,
             retries: None,
+            power_cycle_state: None,
         })
     }
 
@@ -331,6 +333,7 @@ impl ClientPin {
             key_agreement: None,
             pin_token: Some(pin_token),
             retries: None,
+            power_cycle_state: None,
         })
     }
 
@@ -812,6 +815,24 @@ mod test {
             key_agreement: None,
             pin_token: None,
             retries: Some(persistent_store.pin_retries().unwrap() as u64),
+            power_cycle_state: Some(false),
+        });
+        assert_eq!(
+            client_pin.process_command(
+                &mut rng,
+                &mut persistent_store,
+                params.clone(),
+                DUMMY_CLOCK_VALUE
+            ),
+            Ok(ResponseData::AuthenticatorClientPin(expected_response))
+        );
+
+        client_pin.consecutive_pin_mismatches = 3;
+        let expected_response = Some(AuthenticatorClientPinResponse {
+            key_agreement: None,
+            pin_token: None,
+            retries: Some(persistent_store.pin_retries().unwrap() as u64),
+            power_cycle_state: Some(true),
         });
         assert_eq!(
             client_pin.process_command(&mut rng, &mut persistent_store, params, DUMMY_CLOCK_VALUE),
@@ -840,6 +861,7 @@ mod test {
             key_agreement: params.key_agreement.clone(),
             pin_token: None,
             retries: None,
+            power_cycle_state: None,
         });
         assert_eq!(
             client_pin.process_command(&mut rng, &mut persistent_store, params, DUMMY_CLOCK_VALUE),
@@ -1266,7 +1288,7 @@ mod test {
 
         let salt_enc = vec![0x01; 32];
         let mut salt_auth = shared_secret.authenticate(&salt_enc);
-        salt_auth[0] = 0x00;
+        salt_auth[0] ^= 0x01;
         let hmac_secret_input = GetAssertionHmacSecretInput {
             key_agreement: client_pin
                 .get_pin_protocol(pin_uv_auth_protocol)
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 46d805b..d47a248 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -1101,6 +1101,7 @@ where
                 firmware_version: None,
                 max_cred_blob_length: Some(MAX_CRED_BLOB_LENGTH as u64),
                 max_rp_ids_for_set_min_pin_length: Some(MAX_RP_IDS_LENGTH as u64),
+                certifications: None,
                 remaining_discoverable_credentials: Some(
                     self.persistent_store.remaining_credentials()? as u64,
                 ),
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index b6b3d25..ddc186b 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -20,7 +20,7 @@ use super::data_formats::{
 use alloc::collections::BTreeMap;
 use alloc::string::String;
 use alloc::vec::Vec;
-use cbor::{cbor_array_vec, cbor_bool, cbor_map_btree, cbor_map_options, cbor_text};
+use cbor::{cbor_array_vec, cbor_bool, cbor_int, cbor_map_btree, cbor_map_options, cbor_text};
 
 #[derive(Debug, PartialEq)]
 pub enum ResponseData {
@@ -92,6 +92,7 @@ pub struct AuthenticatorGetAssertionResponse {
     pub signature: Vec<u8>,
     pub user: Option<PublicKeyCredentialUserEntity>,
     pub number_of_credentials: Option<u64>,
+    // 0x06: userSelected missing as we don't support displays.
     pub large_blob_key: Option<Vec<u8>>,
 }
 
@@ -135,7 +136,14 @@ pub struct AuthenticatorGetInfoResponse {
     pub firmware_version: Option<u64>,
     pub max_cred_blob_length: Option<u64>,
     pub max_rp_ids_for_set_min_pin_length: Option<u64>,
+    // Missing response fields as they are only relevant for internal UV:
+    // - 0x11: preferredPlatformUvAttempts
+    // - 0x12: uvModality
+    // Add them when your hardware supports any kind of user verification within
+    // the boundary of the device, e.g. fingerprint or built-in keyboard.
+    pub certifications: Option<BTreeMap<String, i64>>,
     pub remaining_discoverable_credentials: Option<u64>,
+    // - 0x15: vendorPrototypeConfigCommands missing as we don't support it.
 }
 
 impl From<AuthenticatorGetInfoResponse> for cbor::Value {
@@ -157,15 +165,24 @@ impl From<AuthenticatorGetInfoResponse> for cbor::Value {
             firmware_version,
             max_cred_blob_length,
             max_rp_ids_for_set_min_pin_length,
+            certifications,
             remaining_discoverable_credentials,
         } = get_info_response;
 
         let options_cbor: Option<cbor::Value> = options.map(|options| {
-            let option_map: BTreeMap<_, _> = options
+            let options_map: BTreeMap<_, _> = options
                 .into_iter()
                 .map(|(key, value)| (cbor_text!(key), cbor_bool!(value)))
                 .collect();
-            cbor_map_btree!(option_map)
+            cbor_map_btree!(options_map)
+        });
+
+        let certifications_cbor: Option<cbor::Value> = certifications.map(|certifications| {
+            let certifications_map: BTreeMap<_, _> = certifications
+                .into_iter()
+                .map(|(key, value)| (cbor_text!(key), cbor_int!(value)))
+                .collect();
+            cbor_map_btree!(certifications_map)
         });
 
         cbor_map_options! {
@@ -185,6 +202,7 @@ impl From<AuthenticatorGetInfoResponse> for cbor::Value {
             0x0E => firmware_version,
             0x0F => max_cred_blob_length,
             0x10 => max_rp_ids_for_set_min_pin_length,
+            0x13 => certifications_cbor,
             0x14 => remaining_discoverable_credentials,
         }
     }
@@ -195,6 +213,8 @@ pub struct AuthenticatorClientPinResponse {
     pub key_agreement: Option<CoseKey>,
     pub pin_token: Option<Vec<u8>>,
     pub retries: Option<u64>,
+    pub power_cycle_state: Option<bool>,
+    // - 0x05: uvRetries missing as we don't support internal UV.
 }
 
 impl From<AuthenticatorClientPinResponse> for cbor::Value {
@@ -203,12 +223,14 @@ impl From<AuthenticatorClientPinResponse> for cbor::Value {
             key_agreement,
             pin_token,
             retries,
+            power_cycle_state,
         } = client_pin_response;
 
         cbor_map_options! {
             0x01 => key_agreement.map(cbor::Value::from),
             0x02 => pin_token,
             0x03 => retries,
+            0x04 => power_cycle_state,
         }
     }
 }
@@ -401,6 +423,7 @@ mod test {
             firmware_version: None,
             max_cred_blob_length: None,
             max_rp_ids_for_set_min_pin_length: None,
+            certifications: None,
             remaining_discoverable_credentials: None,
         };
         let response_cbor: Option<cbor::Value> =
@@ -417,6 +440,8 @@ mod test {
     fn test_get_info_optionals_into_cbor() {
         let mut options_map = BTreeMap::new();
         options_map.insert(String::from("rk"), true);
+        let mut certifications_map = BTreeMap::new();
+        certifications_map.insert(String::from("example-cert"), 1);
         let get_info_response = AuthenticatorGetInfoResponse {
             versions: vec!["FIDO_2_0".to_string()],
             extensions: Some(vec!["extension".to_string()]),
@@ -434,6 +459,7 @@ mod test {
             firmware_version: Some(0),
             max_cred_blob_length: Some(1024),
             max_rp_ids_for_set_min_pin_length: Some(8),
+            certifications: Some(certifications_map),
             remaining_discoverable_credentials: Some(150),
         };
         let response_cbor: Option<cbor::Value> =
@@ -455,6 +481,7 @@ mod test {
             0x0E => 0,
             0x0F => 1024,
             0x10 => 8,
+            0x13 => cbor_map! {"example-cert" => 1},
             0x14 => 150,
         };
         assert_eq!(response_cbor, Some(expected_cbor));
@@ -462,15 +489,23 @@ mod test {
 
     #[test]
     fn test_used_client_pin_into_cbor() {
+        let mut rng = ThreadRng256 {};
+        let sk = crypto::ecdh::SecKey::gensk(&mut rng);
+        let pk = sk.genpk();
+        let cose_key = CoseKey::from(pk);
         let client_pin_response = AuthenticatorClientPinResponse {
-            key_agreement: None,
+            key_agreement: Some(cose_key.clone()),
             pin_token: Some(vec![70]),
-            retries: None,
+            retries: Some(8),
+            power_cycle_state: Some(false),
         };
         let response_cbor: Option<cbor::Value> =
             ResponseData::AuthenticatorClientPin(Some(client_pin_response)).into();
         let expected_cbor = cbor_map_options! {
+            0x01 => cbor::Value::from(cose_key),
             0x02 => vec![70],
+            0x03 => 8,
+            0x04 => false,
         };
         assert_eq!(response_cbor, Some(expected_cbor));
     }

From e7797a5683f4818cc3a90f3db353887911e337b6 Mon Sep 17 00:00:00 2001
From: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
Date: Wed, 31 Mar 2021 16:41:20 +0200
Subject: [PATCH 186/192] Separate file crypto wrappers, starting with AES-CBC
 (#298)

* refactor key wrapping with tests

* remove backwards compatiblity tests

* adds AES-CBC tests for IV and RNG
---
 src/ctap/crypto_wrapper.rs | 147 +++++++++++++++++++++++++++++++++++++
 src/ctap/mod.rs            |  43 +++--------
 src/ctap/pin_protocol.rs   |  58 +--------------
 3 files changed, 157 insertions(+), 91 deletions(-)
 create mode 100644 src/ctap/crypto_wrapper.rs

diff --git a/src/ctap/crypto_wrapper.rs b/src/ctap/crypto_wrapper.rs
new file mode 100644
index 0000000..2587e76
--- /dev/null
+++ b/src/ctap/crypto_wrapper.rs
@@ -0,0 +1,147 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use crate::ctap::status_code::Ctap2StatusCode;
+use alloc::vec;
+use alloc::vec::Vec;
+use crypto::cbc::{cbc_decrypt, cbc_encrypt};
+use crypto::rng256::Rng256;
+
+/// Wraps the AES256-CBC encryption to match what we need in CTAP.
+pub fn aes256_cbc_encrypt(
+    rng: &mut dyn Rng256,
+    aes_enc_key: &crypto::aes256::EncryptionKey,
+    plaintext: &[u8],
+    embeds_iv: bool,
+) -> Result<Vec<u8>, Ctap2StatusCode> {
+    if plaintext.len() % 16 != 0 {
+        return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+    }
+    let iv = if embeds_iv {
+        let random_bytes = rng.gen_uniform_u8x32();
+        *array_ref!(random_bytes, 0, 16)
+    } else {
+        [0u8; 16]
+    };
+    let mut blocks = Vec::with_capacity(plaintext.len() / 16);
+    // TODO(https://github.com/rust-lang/rust/issues/74985) Use array_chunks when stable.
+    for block in plaintext.chunks_exact(16) {
+        blocks.push(*array_ref!(block, 0, 16));
+    }
+    cbc_encrypt(aes_enc_key, iv, &mut blocks);
+    let mut ciphertext = if embeds_iv { iv.to_vec() } else { vec![] };
+    ciphertext.extend(blocks.iter().flatten());
+    Ok(ciphertext)
+}
+
+/// Wraps the AES256-CBC decryption to match what we need in CTAP.
+pub fn aes256_cbc_decrypt(
+    aes_enc_key: &crypto::aes256::EncryptionKey,
+    ciphertext: &[u8],
+    embeds_iv: bool,
+) -> Result<Vec<u8>, Ctap2StatusCode> {
+    if ciphertext.len() % 16 != 0 {
+        return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+    }
+    let mut block_len = ciphertext.len() / 16;
+    // TODO(https://github.com/rust-lang/rust/issues/74985) Use array_chunks when stable.
+    let mut block_iter = ciphertext.chunks_exact(16);
+    let iv = if embeds_iv {
+        block_len -= 1;
+        let iv_block = block_iter
+            .next()
+            .ok_or(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)?;
+        *array_ref!(iv_block, 0, 16)
+    } else {
+        [0u8; 16]
+    };
+    let mut blocks = Vec::with_capacity(block_len);
+    for block in block_iter {
+        blocks.push(*array_ref!(block, 0, 16));
+    }
+    let aes_dec_key = crypto::aes256::DecryptionKey::new(aes_enc_key);
+    cbc_decrypt(&aes_dec_key, iv, &mut blocks);
+    Ok(blocks.iter().flatten().cloned().collect::<Vec<u8>>())
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+    use crypto::rng256::ThreadRng256;
+
+    #[test]
+    fn test_encrypt_decrypt_with_iv() {
+        let mut rng = ThreadRng256 {};
+        let aes_enc_key = crypto::aes256::EncryptionKey::new(&[0xC2; 32]);
+        let plaintext = vec![0xAA; 64];
+        let ciphertext = aes256_cbc_encrypt(&mut rng, &aes_enc_key, &plaintext, true).unwrap();
+        let decrypted = aes256_cbc_decrypt(&aes_enc_key, &ciphertext, true).unwrap();
+        assert_eq!(decrypted, plaintext);
+    }
+
+    #[test]
+    fn test_encrypt_decrypt_without_iv() {
+        let mut rng = ThreadRng256 {};
+        let aes_enc_key = crypto::aes256::EncryptionKey::new(&[0xC2; 32]);
+        let plaintext = vec![0xAA; 64];
+        let ciphertext = aes256_cbc_encrypt(&mut rng, &aes_enc_key, &plaintext, false).unwrap();
+        let decrypted = aes256_cbc_decrypt(&aes_enc_key, &ciphertext, false).unwrap();
+        assert_eq!(decrypted, plaintext);
+    }
+
+    #[test]
+    fn test_correct_iv_usage() {
+        let mut rng = ThreadRng256 {};
+        let aes_enc_key = crypto::aes256::EncryptionKey::new(&[0xC2; 32]);
+        let plaintext = vec![0xAA; 64];
+        let mut ciphertext_no_iv =
+            aes256_cbc_encrypt(&mut rng, &aes_enc_key, &plaintext, false).unwrap();
+        let mut ciphertext_with_iv = vec![0u8; 16];
+        ciphertext_with_iv.append(&mut ciphertext_no_iv);
+        let decrypted = aes256_cbc_decrypt(&aes_enc_key, &ciphertext_with_iv, true).unwrap();
+        assert_eq!(decrypted, plaintext);
+    }
+
+    #[test]
+    fn test_iv_manipulation_property() {
+        let mut rng = ThreadRng256 {};
+        let aes_enc_key = crypto::aes256::EncryptionKey::new(&[0xC2; 32]);
+        let plaintext = vec![0xAA; 64];
+        let mut ciphertext = aes256_cbc_encrypt(&mut rng, &aes_enc_key, &plaintext, true).unwrap();
+        let mut expected_plaintext = plaintext;
+        for i in 0..16 {
+            ciphertext[i] ^= 0xBB;
+            expected_plaintext[i] ^= 0xBB;
+        }
+        let decrypted = aes256_cbc_decrypt(&aes_enc_key, &ciphertext, true).unwrap();
+        assert_eq!(decrypted, expected_plaintext);
+    }
+
+    #[test]
+    fn test_chaining() {
+        let mut rng = ThreadRng256 {};
+        let aes_enc_key = crypto::aes256::EncryptionKey::new(&[0xC2; 32]);
+        let plaintext = vec![0xAA; 64];
+        let ciphertext1 = aes256_cbc_encrypt(&mut rng, &aes_enc_key, &plaintext, true).unwrap();
+        let ciphertext2 = aes256_cbc_encrypt(&mut rng, &aes_enc_key, &plaintext, true).unwrap();
+        assert_eq!(ciphertext1.len(), 80);
+        assert_eq!(ciphertext2.len(), 80);
+        // The ciphertext should mutate in all blocks with a different IV.
+        let block_iter1 = ciphertext1.chunks_exact(16);
+        let block_iter2 = ciphertext2.chunks_exact(16);
+        for (block1, block2) in block_iter1.zip(block_iter2) {
+            assert_ne!(block1, block2);
+        }
+    }
+}
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index d47a248..5d07789 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -17,6 +17,7 @@ mod client_pin;
 pub mod command;
 mod config_command;
 mod credential_management;
+mod crypto_wrapper;
 #[cfg(feature = "with_ctap1")]
 mod ctap1;
 mod customization;
@@ -38,6 +39,7 @@ use self::command::{
 };
 use self::config_command::process_config;
 use self::credential_management::process_credential_management;
+use self::crypto_wrapper::{aes256_cbc_decrypt, aes256_cbc_encrypt};
 use self::customization::{
     DEFAULT_CRED_PROTECT, ENTERPRISE_ATTESTATION_MODE, ENTERPRISE_RP_ID_LIST,
     MAX_CREDENTIAL_COUNT_IN_LIST, MAX_CRED_BLOB_LENGTH, MAX_LARGE_BLOB_ARRAY_SIZE,
@@ -71,7 +73,6 @@ use cbor::cbor_map_options;
 use core::convert::TryFrom;
 #[cfg(feature = "debug_ctap")]
 use core::fmt::Write;
-use crypto::cbc::{cbc_decrypt, cbc_encrypt};
 use crypto::hmac::{hmac_256, verify_hmac_256};
 use crypto::rng256::Rng256;
 use crypto::sha256::Sha256;
@@ -338,23 +339,11 @@ where
     ) -> Result<Vec<u8>, Ctap2StatusCode> {
         let master_keys = self.persistent_store.master_keys()?;
         let aes_enc_key = crypto::aes256::EncryptionKey::new(&master_keys.encryption);
-        let mut sk_bytes = [0; 32];
-        private_key.to_bytes(&mut sk_bytes);
-        let mut iv = [0; 16];
-        iv.copy_from_slice(&self.rng.gen_uniform_u8x32()[..16]);
+        let mut plaintext = [0; 64];
+        private_key.to_bytes(array_mut_ref!(plaintext, 0, 32));
+        plaintext[32..64].copy_from_slice(application);
 
-        let mut blocks = [[0u8; 16]; 4];
-        blocks[0].copy_from_slice(&sk_bytes[..16]);
-        blocks[1].copy_from_slice(&sk_bytes[16..]);
-        blocks[2].copy_from_slice(&application[..16]);
-        blocks[3].copy_from_slice(&application[16..]);
-        cbc_encrypt(&aes_enc_key, iv, &mut blocks);
-
-        let mut encrypted_id = Vec::with_capacity(0x70);
-        encrypted_id.extend(&iv);
-        for b in &blocks {
-            encrypted_id.extend(b);
-        }
+        let mut encrypted_id = aes256_cbc_encrypt(self.rng, &aes_enc_key, &plaintext, true)?;
         let id_hmac = hmac_256::<Sha256>(&master_keys.hmac, &encrypted_id[..]);
         encrypted_id.extend(&id_hmac);
         Ok(encrypted_id)
@@ -381,26 +370,12 @@ where
             return Ok(None);
         }
         let aes_enc_key = crypto::aes256::EncryptionKey::new(&master_keys.encryption);
-        let aes_dec_key = crypto::aes256::DecryptionKey::new(&aes_enc_key);
-        let mut iv = [0; 16];
-        iv.copy_from_slice(&credential_id[..16]);
-        let mut blocks = [[0u8; 16]; 4];
-        for i in 0..4 {
-            blocks[i].copy_from_slice(&credential_id[16 * (i + 1)..16 * (i + 2)]);
-        }
 
-        cbc_decrypt(&aes_dec_key, iv, &mut blocks);
-        let mut decrypted_sk = [0; 32];
-        let mut decrypted_rp_id_hash = [0; 32];
-        decrypted_sk[..16].clone_from_slice(&blocks[0]);
-        decrypted_sk[16..].clone_from_slice(&blocks[1]);
-        decrypted_rp_id_hash[..16].clone_from_slice(&blocks[2]);
-        decrypted_rp_id_hash[16..].clone_from_slice(&blocks[3]);
-        if rp_id_hash != decrypted_rp_id_hash {
+        let decrypted_id = aes256_cbc_decrypt(&aes_enc_key, &credential_id[..payload_size], true)?;
+        if rp_id_hash != &decrypted_id[32..64] {
             return Ok(None);
         }
-
-        let sk_option = crypto::ecdsa::SecKey::from_bytes(&decrypted_sk);
+        let sk_option = crypto::ecdsa::SecKey::from_bytes(array_ref!(decrypted_id, 0, 32));
         Ok(sk_option.map(|sk| PublicKeyCredentialSource {
             key_type: PublicKeyCredentialType::PublicKey,
             credential_id,
diff --git a/src/ctap/pin_protocol.rs b/src/ctap/pin_protocol.rs
index 44ae53d..d1e8f2b 100644
--- a/src/ctap/pin_protocol.rs
+++ b/src/ctap/pin_protocol.rs
@@ -13,13 +13,12 @@
 // limitations under the License.
 
 use crate::ctap::client_pin::PIN_TOKEN_LENGTH;
+use crate::ctap::crypto_wrapper::{aes256_cbc_decrypt, aes256_cbc_encrypt};
 use crate::ctap::data_formats::{CoseKey, PinUvAuthProtocol};
 use crate::ctap::status_code::Ctap2StatusCode;
 use alloc::boxed::Box;
-use alloc::vec;
 use alloc::vec::Vec;
 use core::convert::TryInto;
-use crypto::cbc::{cbc_decrypt, cbc_encrypt};
 use crypto::hkdf::hkdf_empty_salt_256;
 #[cfg(test)]
 use crypto::hmac::hmac_256;
@@ -135,61 +134,6 @@ pub trait SharedSecret {
     fn authenticate(&self, message: &[u8]) -> Vec<u8>;
 }
 
-fn aes256_cbc_encrypt(
-    rng: &mut dyn Rng256,
-    aes_enc_key: &crypto::aes256::EncryptionKey,
-    plaintext: &[u8],
-    has_iv: bool,
-) -> Result<Vec<u8>, Ctap2StatusCode> {
-    if plaintext.len() % 16 != 0 {
-        return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
-    }
-    let iv = if has_iv {
-        let random_bytes = rng.gen_uniform_u8x32();
-        *array_ref!(random_bytes, 0, 16)
-    } else {
-        [0u8; 16]
-    };
-    let mut blocks = Vec::with_capacity(plaintext.len() / 16);
-    // TODO(https://github.com/rust-lang/rust/issues/74985) Use array_chunks when stable.
-    for block in plaintext.chunks_exact(16) {
-        blocks.push(*array_ref!(block, 0, 16));
-    }
-    cbc_encrypt(aes_enc_key, iv, &mut blocks);
-    let mut ciphertext = if has_iv { iv.to_vec() } else { vec![] };
-    ciphertext.extend(blocks.iter().flatten());
-    Ok(ciphertext)
-}
-
-fn aes256_cbc_decrypt(
-    aes_enc_key: &crypto::aes256::EncryptionKey,
-    ciphertext: &[u8],
-    has_iv: bool,
-) -> Result<Vec<u8>, Ctap2StatusCode> {
-    if ciphertext.len() % 16 != 0 {
-        return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
-    }
-    let mut block_len = ciphertext.len() / 16;
-    // TODO(https://github.com/rust-lang/rust/issues/74985) Use array_chunks when stable.
-    let mut block_iter = ciphertext.chunks_exact(16);
-    let iv = if has_iv {
-        block_len -= 1;
-        let iv_block = block_iter
-            .next()
-            .ok_or(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)?;
-        *array_ref!(iv_block, 0, 16)
-    } else {
-        [0u8; 16]
-    };
-    let mut blocks = Vec::with_capacity(block_len);
-    for block in block_iter {
-        blocks.push(*array_ref!(block, 0, 16));
-    }
-    let aes_dec_key = crypto::aes256::DecryptionKey::new(aes_enc_key);
-    cbc_decrypt(&aes_dec_key, iv, &mut blocks);
-    Ok(blocks.iter().flatten().cloned().collect::<Vec<u8>>())
-}
-
 fn verify_v1(key: &[u8], message: &[u8], signature: &[u8]) -> Result<(), Ctap2StatusCode> {
     if signature.len() != 16 {
         return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);

From 6216a3214d88de381407e49afa3c6a90ef2139bf Mon Sep 17 00:00:00 2001
From: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
Date: Wed, 7 Apr 2021 09:07:46 +0200
Subject: [PATCH 187/192] final changes to CTAP2.1 algorithm (#299)

---
 src/ctap/client_pin.rs   |  91 +++++++++++++++++++------
 src/ctap/data_formats.rs |   7 +-
 src/ctap/mod.rs          | 143 ++++++++++++++++++++-------------------
 src/ctap/response.rs     |   8 +--
 4 files changed, 154 insertions(+), 95 deletions(-)

diff --git a/src/ctap/client_pin.rs b/src/ctap/client_pin.rs
index 96c3f02..8b6588e 100644
--- a/src/ctap/client_pin.rs
+++ b/src/ctap/client_pin.rs
@@ -198,7 +198,7 @@ impl ClientPin {
     ) -> Result<AuthenticatorClientPinResponse, Ctap2StatusCode> {
         Ok(AuthenticatorClientPinResponse {
             key_agreement: None,
-            pin_token: None,
+            pin_uv_auth_token: None,
             retries: Some(persistent_store.pin_retries()? as u64),
             power_cycle_state: Some(self.consecutive_pin_mismatches >= 3),
         })
@@ -214,7 +214,7 @@ impl ClientPin {
         );
         Ok(AuthenticatorClientPinResponse {
             key_agreement,
-            pin_token: None,
+            pin_uv_auth_token: None,
             retries: None,
             power_cycle_state: None,
         })
@@ -298,10 +298,15 @@ impl ClientPin {
             pin_uv_auth_protocol,
             key_agreement,
             pin_hash_enc,
+            permissions,
+            permissions_rp_id,
             ..
         } = client_pin_params;
         let key_agreement = ok_or_missing(key_agreement)?;
         let pin_hash_enc = ok_or_missing(pin_hash_enc)?;
+        if permissions.is_some() || permissions_rp_id.is_some() {
+            return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
+        }
 
         if persistent_store.pin_retries()? == 0 {
             return Err(Ctap2StatusCode::CTAP2_ERR_PIN_BLOCKED);
@@ -317,21 +322,21 @@ impl ClientPin {
         if persistent_store.has_force_pin_change()? {
             return Err(Ctap2StatusCode::CTAP2_ERR_PIN_INVALID);
         }
-        let pin_token = shared_secret.encrypt(
-            rng,
-            self.get_pin_protocol(pin_uv_auth_protocol)
-                .get_pin_uv_auth_token(),
-        )?;
 
         self.pin_protocol_v1.reset_pin_uv_auth_token(rng);
         self.pin_protocol_v2.reset_pin_uv_auth_token(rng);
         self.pin_uv_auth_token_state
             .begin_using_pin_uv_auth_token(now);
         self.pin_uv_auth_token_state.set_default_permissions();
+        let pin_uv_auth_token = shared_secret.encrypt(
+            rng,
+            self.get_pin_protocol(pin_uv_auth_protocol)
+                .get_pin_uv_auth_token(),
+        )?;
 
         Ok(AuthenticatorClientPinResponse {
             key_agreement: None,
-            pin_token: Some(pin_token),
+            pin_uv_auth_token: Some(pin_uv_auth_token),
             retries: None,
             power_cycle_state: None,
         })
@@ -359,9 +364,10 @@ impl ClientPin {
         mut client_pin_params: AuthenticatorClientPinParameters,
         now: ClockValue,
     ) -> Result<AuthenticatorClientPinResponse, Ctap2StatusCode> {
-        let permissions = ok_or_missing(client_pin_params.permissions)?;
         // Mutating client_pin_params is just an optimization to move it into
         // process_get_pin_token, without cloning permissions_rp_id here.
+        // getPinToken requires permissions* to be None.
+        let permissions = ok_or_missing(client_pin_params.permissions.take())?;
         let permissions_rp_id = client_pin_params.permissions_rp_id.take();
 
         if permissions == 0 {
@@ -657,6 +663,13 @@ mod test {
             .as_ref()
             .encrypt(&mut rng, &pin_hash[..16])
             .unwrap();
+        let (permissions, permissions_rp_id) = match sub_command {
+            ClientPinSubCommand::GetPinUvAuthTokenUsingUvWithPermissions
+            | ClientPinSubCommand::GetPinUvAuthTokenUsingPinWithPermissions => {
+                (Some(0x03), Some("example.com".to_string()))
+            }
+            _ => (None, None),
+        };
         let params = AuthenticatorClientPinParameters {
             pin_uv_auth_protocol,
             sub_command,
@@ -668,8 +681,8 @@ mod test {
             pin_uv_auth_param: Some(pin_uv_auth_param),
             new_pin_enc: Some(new_pin_enc),
             pin_hash_enc: Some(pin_hash_enc),
-            permissions: Some(0x03),
-            permissions_rp_id: Some("example.com".to_string()),
+            permissions,
+            permissions_rp_id,
         };
         (client_pin, params)
     }
@@ -813,7 +826,7 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let expected_response = Some(AuthenticatorClientPinResponse {
             key_agreement: None,
-            pin_token: None,
+            pin_uv_auth_token: None,
             retries: Some(persistent_store.pin_retries().unwrap() as u64),
             power_cycle_state: Some(false),
         });
@@ -830,7 +843,7 @@ mod test {
         client_pin.consecutive_pin_mismatches = 3;
         let expected_response = Some(AuthenticatorClientPinResponse {
             key_agreement: None,
-            pin_token: None,
+            pin_uv_auth_token: None,
             retries: Some(persistent_store.pin_retries().unwrap() as u64),
             power_cycle_state: Some(true),
         });
@@ -859,7 +872,7 @@ mod test {
         let mut persistent_store = PersistentStore::new(&mut rng);
         let expected_response = Some(AuthenticatorClientPinResponse {
             key_agreement: params.key_agreement.clone(),
-            pin_token: None,
+            pin_uv_auth_token: None,
             retries: None,
             power_cycle_state: None,
         });
@@ -964,18 +977,37 @@ mod test {
             pin_uv_auth_protocol,
             ClientPinSubCommand::GetPinToken,
         );
+        let shared_secret = client_pin
+            .get_pin_protocol(pin_uv_auth_protocol)
+            .decapsulate(
+                params.key_agreement.clone().unwrap(),
+                params.pin_uv_auth_protocol,
+            )
+            .unwrap();
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         set_standard_pin(&mut persistent_store);
 
-        assert!(client_pin
+        let response = client_pin
             .process_command(
                 &mut rng,
                 &mut persistent_store,
                 params.clone(),
-                DUMMY_CLOCK_VALUE
+                DUMMY_CLOCK_VALUE,
             )
-            .is_ok());
+            .unwrap();
+        let encrypted_token = match response {
+            ResponseData::AuthenticatorClientPin(Some(response)) => {
+                response.pin_uv_auth_token.unwrap()
+            }
+            _ => panic!("Invalid response type"),
+        };
+        assert_eq!(
+            &shared_secret.decrypt(&encrypted_token).unwrap(),
+            client_pin
+                .get_pin_protocol(pin_uv_auth_protocol)
+                .get_pin_uv_auth_token()
+        );
         assert_eq!(
             client_pin
                 .pin_uv_auth_token_state
@@ -1051,18 +1083,37 @@ mod test {
             pin_uv_auth_protocol,
             ClientPinSubCommand::GetPinUvAuthTokenUsingPinWithPermissions,
         );
+        let shared_secret = client_pin
+            .get_pin_protocol(pin_uv_auth_protocol)
+            .decapsulate(
+                params.key_agreement.clone().unwrap(),
+                params.pin_uv_auth_protocol,
+            )
+            .unwrap();
         let mut rng = ThreadRng256 {};
         let mut persistent_store = PersistentStore::new(&mut rng);
         set_standard_pin(&mut persistent_store);
 
-        assert!(client_pin
+        let response = client_pin
             .process_command(
                 &mut rng,
                 &mut persistent_store,
                 params.clone(),
-                DUMMY_CLOCK_VALUE
+                DUMMY_CLOCK_VALUE,
             )
-            .is_ok());
+            .unwrap();
+        let encrypted_token = match response {
+            ResponseData::AuthenticatorClientPin(Some(response)) => {
+                response.pin_uv_auth_token.unwrap()
+            }
+            _ => panic!("Invalid response type"),
+        };
+        assert_eq!(
+            &shared_secret.decrypt(&encrypted_token).unwrap(),
+            client_pin
+                .get_pin_protocol(pin_uv_auth_protocol)
+                .get_pin_uv_auth_token()
+        );
         assert_eq!(
             client_pin
                 .pin_uv_auth_token_state
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index 1721e62..b135a11 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -409,8 +409,11 @@ impl TryFrom<cbor::Value> for MakeCredentialOptions {
             Some(options_entry) => extract_bool(options_entry)?,
             None => false,
         };
-        if up.is_some() {
-            return Err(Ctap2StatusCode::CTAP2_ERR_INVALID_OPTION);
+        // In CTAP2.0, the up option is supposed to always fail when present.
+        if let Some(options_entry) = up {
+            if !extract_bool(options_entry)? {
+                return Err(Ctap2StatusCode::CTAP2_ERR_INVALID_OPTION);
+            }
         }
         let uv = match uv {
             Some(options_entry) => extract_bool(options_entry)?,
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 5d07789..1ecac53 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -554,6 +554,68 @@ where
             false
         };
 
+        // MakeCredential always requires user presence.
+        // User verification depends on the PIN auth inputs, which are checked here.
+        // The ED flag is added later, if applicable.
+        let has_uv = pin_uv_auth_param.is_some();
+        let mut flags = match pin_uv_auth_param {
+            Some(pin_uv_auth_param) => {
+                // This case is not mentioned in CTAP2.1, so we keep 2.0 logic.
+                if self.persistent_store.pin_hash()?.is_none() {
+                    return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
+                }
+                self.client_pin.verify_pin_uv_auth_token(
+                    &client_data_hash,
+                    &pin_uv_auth_param,
+                    pin_uv_auth_protocol.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
+                )?;
+                self.client_pin
+                    .has_permission(PinPermission::MakeCredential)?;
+                self.client_pin.check_user_verified_flag()?;
+                // Checking for the correct permissions_rp_id is specified earlier.
+                // Error codes are identical though, so the implementation can be identical with
+                // GetAssertion.
+                self.client_pin.ensure_rp_id_permission(&rp_id)?;
+                UV_FLAG
+            }
+            None => {
+                if options.uv {
+                    return Err(Ctap2StatusCode::CTAP2_ERR_INVALID_OPTION);
+                }
+                if self.persistent_store.has_always_uv()? {
+                    return Err(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED);
+                }
+                // Corresponds to makeCredUvNotRqd set to true.
+                if options.rk && self.persistent_store.pin_hash()?.is_some() {
+                    return Err(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED);
+                }
+                0x00
+            }
+        };
+        flags |= UP_FLAG | AT_FLAG;
+
+        let rp_id_hash = Sha256::hash(rp_id.as_bytes());
+        if let Some(exclude_list) = exclude_list {
+            for cred_desc in exclude_list {
+                if self
+                    .persistent_store
+                    .find_credential(&rp_id, &cred_desc.key_id, !has_uv)?
+                    .is_some()
+                    || self
+                        .decrypt_credential_source(cred_desc.key_id, &rp_id_hash)?
+                        .is_some()
+                {
+                    // Perform this check, so bad actors can't brute force exclude_list
+                    // without user interaction.
+                    let _ = (self.check_user_presence)(cid);
+                    return Err(Ctap2StatusCode::CTAP2_ERR_CREDENTIAL_EXCLUDED);
+                }
+            }
+        }
+
+        (self.check_user_presence)(cid)?;
+        self.client_pin.clear_token_flags();
+
         let mut cred_protect_policy = extensions.cred_protect;
         if cred_protect_policy.unwrap_or(CredentialProtectionPolicy::UserVerificationOptional)
             < DEFAULT_CRED_PROTECT.unwrap_or(CredentialProtectionPolicy::UserVerificationOptional)
@@ -576,74 +638,17 @@ where
             None
         };
         let has_extension_output = extensions.hmac_secret
-            || cred_protect_policy.is_some()
+            || extensions.cred_protect.is_some()
             || min_pin_length
             || has_cred_blob_output;
+        if has_extension_output {
+            flags |= ED_FLAG
+        };
         let large_blob_key = match (options.rk, extensions.large_blob_key) {
             (true, Some(true)) => Some(self.rng.gen_uniform_u8x32().to_vec()),
             _ => None,
         };
 
-        let rp_id_hash = Sha256::hash(rp_id.as_bytes());
-        if let Some(exclude_list) = exclude_list {
-            for cred_desc in exclude_list {
-                if self
-                    .persistent_store
-                    .find_credential(&rp_id, &cred_desc.key_id, pin_uv_auth_param.is_none())?
-                    .is_some()
-                    || self
-                        .decrypt_credential_source(cred_desc.key_id, &rp_id_hash)?
-                        .is_some()
-                {
-                    // Perform this check, so bad actors can't brute force exclude_list
-                    // without user interaction.
-                    (self.check_user_presence)(cid)?;
-                    return Err(Ctap2StatusCode::CTAP2_ERR_CREDENTIAL_EXCLUDED);
-                }
-            }
-        }
-
-        // MakeCredential always requires user presence.
-        // User verification depends on the PIN auth inputs, which are checked here.
-        let ed_flag = if has_extension_output { ED_FLAG } else { 0 };
-        let flags = match pin_uv_auth_param {
-            Some(pin_uv_auth_param) => {
-                if self.persistent_store.pin_hash()?.is_none() {
-                    // Specification is unclear, could be CTAP2_ERR_INVALID_OPTION.
-                    return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
-                }
-                self.client_pin.verify_pin_uv_auth_token(
-                    &client_data_hash,
-                    &pin_uv_auth_param,
-                    pin_uv_auth_protocol.ok_or(Ctap2StatusCode::CTAP2_ERR_MISSING_PARAMETER)?,
-                )?;
-                self.client_pin
-                    .has_permission(PinPermission::MakeCredential)?;
-                self.client_pin.check_user_verified_flag()?;
-                // Checking for the correct permissions_rp_id is specified earlier.
-                // Error codes are identical though, so the implementation can be identical with
-                // GetAssertion.
-                self.client_pin.ensure_rp_id_permission(&rp_id)?;
-                UP_FLAG | UV_FLAG | AT_FLAG | ed_flag
-            }
-            None => {
-                if self.persistent_store.has_always_uv()? {
-                    return Err(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED);
-                }
-                // Corresponds to makeCredUvNotRqd set to true.
-                if options.rk && self.persistent_store.pin_hash()?.is_some() {
-                    return Err(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED);
-                }
-                if options.uv {
-                    return Err(Ctap2StatusCode::CTAP2_ERR_INVALID_OPTION);
-                }
-                UP_FLAG | AT_FLAG | ed_flag
-            }
-        };
-
-        (self.check_user_presence)(cid)?;
-        self.client_pin.clear_token_flags();
-
         let sk = crypto::ecdsa::SecKey::gensk(self.rng);
         let pk = sk.genpk();
 
@@ -699,9 +704,10 @@ where
             } else {
                 None
             };
+            let cred_protect_output = extensions.cred_protect.and(cred_protect_policy);
             let extensions_output = cbor_map_options! {
                 "hmac-secret" => hmac_secret_output,
-                "credProtect" => cred_protect_policy,
+                "credProtect" => cred_protect_output,
                 "minPinLength" => min_pin_length_output,
                 "credBlob" => cred_blob_output,
             };
@@ -904,8 +910,8 @@ where
         let has_uv = pin_uv_auth_param.is_some();
         let mut flags = match pin_uv_auth_param {
             Some(pin_uv_auth_param) => {
+                // This case is not mentioned in CTAP2.1, so we keep 2.0 logic.
                 if self.persistent_store.pin_hash()?.is_none() {
-                    // Specification is unclear, could be CTAP2_ERR_UNSUPPORTED_OPTION.
                     return Err(Ctap2StatusCode::CTAP2_ERR_PIN_NOT_SET);
                 }
                 self.client_pin.verify_pin_uv_auth_token(
@@ -923,12 +929,12 @@ where
                 UV_FLAG
             }
             None => {
-                if self.persistent_store.has_always_uv()? {
-                    return Err(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED);
-                }
                 if options.uv {
                     return Err(Ctap2StatusCode::CTAP2_ERR_INVALID_OPTION);
                 }
+                if options.up && self.persistent_store.has_always_uv()? {
+                    return Err(Ctap2StatusCode::CTAP2_ERR_PUAT_REQUIRED);
+                }
                 0x00
             }
         };
@@ -970,15 +976,14 @@ where
             (credential, stored_credentials)
         };
 
+        let credential = credential.ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)?;
+
         // This check comes before CTAP2_ERR_NO_CREDENTIALS in CTAP 2.0.
-        // For CTAP 2.1, it was moved to a later protocol step.
         if options.up {
             (self.check_user_presence)(cid)?;
             self.client_pin.clear_token_flags();
         }
 
-        let credential = credential.ok_or(Ctap2StatusCode::CTAP2_ERR_NO_CREDENTIALS)?;
-
         self.increment_global_signature_counter()?;
 
         let assertion_input = AssertionInput {
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index ddc186b..6a47172 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -211,7 +211,7 @@ impl From<AuthenticatorGetInfoResponse> for cbor::Value {
 #[derive(Debug, PartialEq)]
 pub struct AuthenticatorClientPinResponse {
     pub key_agreement: Option<CoseKey>,
-    pub pin_token: Option<Vec<u8>>,
+    pub pin_uv_auth_token: Option<Vec<u8>>,
     pub retries: Option<u64>,
     pub power_cycle_state: Option<bool>,
     // - 0x05: uvRetries missing as we don't support internal UV.
@@ -221,14 +221,14 @@ impl From<AuthenticatorClientPinResponse> for cbor::Value {
     fn from(client_pin_response: AuthenticatorClientPinResponse) -> Self {
         let AuthenticatorClientPinResponse {
             key_agreement,
-            pin_token,
+            pin_uv_auth_token,
             retries,
             power_cycle_state,
         } = client_pin_response;
 
         cbor_map_options! {
             0x01 => key_agreement.map(cbor::Value::from),
-            0x02 => pin_token,
+            0x02 => pin_uv_auth_token,
             0x03 => retries,
             0x04 => power_cycle_state,
         }
@@ -495,7 +495,7 @@ mod test {
         let cose_key = CoseKey::from(pk);
         let client_pin_response = AuthenticatorClientPinResponse {
             key_agreement: Some(cose_key.clone()),
-            pin_token: Some(vec![70]),
+            pin_uv_auth_token: Some(vec![70]),
             retries: Some(8),
             power_cycle_state: Some(false),
         };

From 054e303d112a63c61b7c0b1041e34fe9e8a9cca6 Mon Sep 17 00:00:00 2001
From: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
Date: Fri, 9 Apr 2021 07:40:11 +0200
Subject: [PATCH 188/192] move MAX_MSG_SIZE to customization and use it in HID
 (#302)

---
 src/ctap/customization.rs | 11 +++++++++++
 src/ctap/hid/mod.rs       |  3 +++
 src/ctap/hid/receive.rs   | 22 +++++++++++++---------
 src/ctap/large_blobs.rs   |  5 +----
 src/ctap/mod.rs           |  4 ++--
 5 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/src/ctap/customization.rs b/src/ctap/customization.rs
index 1aebadf..7c28a2f 100644
--- a/src/ctap/customization.rs
+++ b/src/ctap/customization.rs
@@ -119,6 +119,15 @@ pub const ENTERPRISE_ATTESTATION_MODE: Option<EnterpriseAttestationMode> = None;
 /// VendorFacilitated.
 pub const ENTERPRISE_RP_ID_LIST: &[&str] = &[];
 
+/// Maximum message size send for CTAP commands.
+///
+/// The maximum value is 7609, as HID packets can not encode longer messages.
+/// 1024 is the default mentioned in the authenticatorLargeBlobs commands.
+/// Larger values are preferred, as that allows more parameters in commands.
+/// If long commands are too unreliable on your hardware, consider decreasing
+/// this value.
+pub const MAX_MSG_SIZE: usize = 7609;
+
 /// Sets the number of consecutive failed PINs before blocking interaction.
 ///
 /// # Invariant
@@ -256,6 +265,8 @@ mod test {
         } else {
             assert!(ENTERPRISE_RP_ID_LIST.is_empty());
         }
+        assert!(MAX_MSG_SIZE >= 1024);
+        assert!(MAX_MSG_SIZE <= 7609);
         assert!(MAX_PIN_RETRIES <= 8);
         assert!(MAX_CRED_BLOB_LENGTH >= 32);
         if let Some(count) = MAX_CREDENTIAL_COUNT_IN_LIST {
diff --git a/src/ctap/hid/mod.rs b/src/ctap/hid/mod.rs
index 03cb637..c6fc418 100644
--- a/src/ctap/hid/mod.rs
+++ b/src/ctap/hid/mod.rs
@@ -322,6 +322,9 @@ impl CtapHid {
                         receive::Error::UnexpectedSeq => {
                             CtapHid::error_message(cid, CtapHid::ERR_INVALID_SEQ)
                         }
+                        receive::Error::UnexpectedLen => {
+                            CtapHid::error_message(cid, CtapHid::ERR_INVALID_LEN)
+                        }
                         receive::Error::Timeout => {
                             CtapHid::error_message(cid, CtapHid::ERR_MSG_TIMEOUT)
                         }
diff --git a/src/ctap/hid/receive.rs b/src/ctap/hid/receive.rs
index 8efdb1c..caf9ffc 100644
--- a/src/ctap/hid/receive.rs
+++ b/src/ctap/hid/receive.rs
@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use super::super::customization::MAX_MSG_SIZE;
 use super::{ChannelID, CtapHid, HidPacket, Message, ProcessedPacket};
 use alloc::vec::Vec;
 use core::mem::swap;
@@ -45,6 +46,8 @@ pub enum Error {
     UnexpectedContinuation,
     // Expected a continuation packet with a specific sequence number, got another sequence number.
     UnexpectedSeq,
+    // The length of a message is too big.
+    UnexpectedLen,
     // This packet arrived after a timeout.
     Timeout,
 }
@@ -107,7 +110,7 @@ impl MessageAssembler {
             // Expecting an initialization packet.
             match processed_packet {
                 ProcessedPacket::InitPacket { cmd, len, data } => {
-                    Ok(self.accept_init_packet(*cid, cmd, len, data, timestamp))
+                    self.parse_init_packet(*cid, cmd, len, data, timestamp)
                 }
                 ProcessedPacket::ContinuationPacket { .. } => {
                     // CTAP specification (version 20190130) section 8.1.5.4
@@ -129,7 +132,7 @@ impl MessageAssembler {
                 ProcessedPacket::InitPacket { cmd, len, data } => {
                     self.reset();
                     if cmd == CtapHid::COMMAND_INIT {
-                        Ok(self.accept_init_packet(*cid, cmd, len, data, timestamp))
+                        self.parse_init_packet(*cid, cmd, len, data, timestamp)
                     } else {
                         Err((*cid, Error::UnexpectedInit))
                     }
@@ -151,24 +154,25 @@ impl MessageAssembler {
         }
     }
 
-    fn accept_init_packet(
+    fn parse_init_packet(
         &mut self,
         cid: ChannelID,
         cmd: u8,
         len: usize,
         data: &[u8],
         timestamp: Timestamp<isize>,
-    ) -> Option<Message> {
-        // TODO: Should invalid commands/payload lengths be rejected early, i.e. as soon as the
-        // initialization packet is received, or should we build a message and then catch the
-        // error?
-        // The specification (version 20190130) isn't clear on this point.
+    ) -> Result<Option<Message>, (ChannelID, Error)> {
+        // Reject invalid lengths early to reduce the risk of running out of memory.
+        // TODO: also reject invalid commands early?
+        if len > MAX_MSG_SIZE {
+            return Err((cid, Error::UnexpectedLen));
+        }
         self.cid = cid;
         self.last_timestamp = timestamp;
         self.cmd = cmd;
         self.seq = 0;
         self.remaining_payload_len = len;
-        self.append_payload(data)
+        Ok(self.append_payload(data))
     }
 
     fn append_payload(&mut self, data: &[u8]) -> Option<Message> {
diff --git a/src/ctap/large_blobs.rs b/src/ctap/large_blobs.rs
index ffb98cb..846bc33 100644
--- a/src/ctap/large_blobs.rs
+++ b/src/ctap/large_blobs.rs
@@ -14,6 +14,7 @@
 
 use super::client_pin::{ClientPin, PinPermission};
 use super::command::AuthenticatorLargeBlobsParameters;
+use super::customization::MAX_MSG_SIZE;
 use super::response::{AuthenticatorLargeBlobsResponse, ResponseData};
 use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
@@ -23,10 +24,6 @@ use byteorder::{ByteOrder, LittleEndian};
 use crypto::sha256::Sha256;
 use crypto::Hash256;
 
-/// This is maximum message size supported by the authenticator. 1024 is the default.
-/// Increasing this values can speed up commands with longer responses, but lead to
-/// packets dropping or unexpected failures.
-pub const MAX_MSG_SIZE: usize = 1024;
 /// The length of the truncated hash that as appended to the large blob data.
 const TRUNCATED_HASH_LEN: usize = 16;
 
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 1ecac53..548523a 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -42,7 +42,7 @@ use self::credential_management::process_credential_management;
 use self::crypto_wrapper::{aes256_cbc_decrypt, aes256_cbc_encrypt};
 use self::customization::{
     DEFAULT_CRED_PROTECT, ENTERPRISE_ATTESTATION_MODE, ENTERPRISE_RP_ID_LIST,
-    MAX_CREDENTIAL_COUNT_IN_LIST, MAX_CRED_BLOB_LENGTH, MAX_LARGE_BLOB_ARRAY_SIZE,
+    MAX_CREDENTIAL_COUNT_IN_LIST, MAX_CRED_BLOB_LENGTH, MAX_LARGE_BLOB_ARRAY_SIZE, MAX_MSG_SIZE,
     MAX_RP_IDS_LENGTH, USE_BATCH_ATTESTATION, USE_SIGNATURE_COUNTER,
 };
 use self::data_formats::{
@@ -52,7 +52,7 @@ use self::data_formats::{
     PublicKeyCredentialType, PublicKeyCredentialUserEntity, SignatureAlgorithm,
 };
 use self::hid::ChannelID;
-use self::large_blobs::{LargeBlobs, MAX_MSG_SIZE};
+use self::large_blobs::LargeBlobs;
 use self::response::{
     AuthenticatorGetAssertionResponse, AuthenticatorGetInfoResponse,
     AuthenticatorMakeCredentialResponse, AuthenticatorVendorResponse, ResponseData,

From 78b7767682e4e3f0b36ae577882827f22db38176 Mon Sep 17 00:00:00 2001
From: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
Date: Tue, 13 Apr 2021 14:46:28 +0200
Subject: [PATCH 189/192] CBOR maps use Vec instead of BTreeMap (#303)

* CBOR uses Vec for map internally

* remove BTreeMap from get_info

* rename cbor_map_btree and clean up cbor_array_vec

* destructure now takes Vec, not BTreeMap

* adds dedup in CBOR writer

* fail to write CBOR maps with duplicates

* CBOR interface refinements

* macro documentation for CBOR map and array
---
 libraries/cbor/src/macros.rs | 130 ++++++++++++++++++++++-------------
 libraries/cbor/src/reader.rs |   9 ++-
 libraries/cbor/src/values.rs |   9 ++-
 libraries/cbor/src/writer.rs |  97 ++++++++++++++++++++++----
 src/ctap/command.rs          |   6 +-
 src/ctap/data_formats.rs     |  49 ++++++-------
 src/ctap/mod.rs              |  70 ++++++++++---------
 src/ctap/response.rs         |  39 +++++------
 src/ctap/storage.rs          |  12 ++--
 9 files changed, 258 insertions(+), 163 deletions(-)

diff --git a/libraries/cbor/src/macros.rs b/libraries/cbor/src/macros.rs
index 40669d1..758925e 100644
--- a/libraries/cbor/src/macros.rs
+++ b/libraries/cbor/src/macros.rs
@@ -13,14 +13,14 @@
 // limitations under the License.
 
 use crate::values::{KeyType, Value};
-use alloc::collections::btree_map;
+use alloc::vec;
 use core::cmp::Ordering;
 use core::iter::Peekable;
 
-/// This macro generates code to extract multiple values from a `BTreeMap<KeyType, Value>` at once
-/// in an optimized manner, consuming the input map.
+/// This macro generates code to extract multiple values from a `Vec<(KeyType, Value)>` at once
+/// in an optimized manner, consuming the input vector.
 ///
-/// It takes as input a `BTreeMap` as well as a list of identifiers and keys, and generates code
+/// It takes as input a `Vec` as well as a list of identifiers and keys, and generates code
 /// that assigns the corresponding values to new variables using the given identifiers. Each of
 /// these variables has type `Option<Value>`, to account for the case where keys aren't found.
 ///
@@ -32,16 +32,14 @@ use core::iter::Peekable;
 /// the keys are indeed sorted. This macro is therefore **not suitable for dynamic keys** that can
 /// change at runtime.
 ///
-/// Semantically, provided that the keys are sorted as specified above, the following two snippets
-/// of code are equivalent, but the `destructure_cbor_map!` version is more optimized, as it doesn't
-/// re-balance the `BTreeMap` for each key, contrary to the `BTreeMap::remove` operations.
+/// Example usage:
 ///
 /// ```rust
 /// # extern crate alloc;
 /// # use cbor::destructure_cbor_map;
 /// #
 /// # fn main() {
-/// #     let map = alloc::collections::BTreeMap::new();
+/// #     let map = alloc::vec::Vec::new();
 /// destructure_cbor_map! {
 ///     let {
 ///         1 => x,
@@ -50,17 +48,6 @@ use core::iter::Peekable;
 /// }
 /// # }
 /// ```
-///
-/// ```rust
-/// # extern crate alloc;
-/// #
-/// # fn main() {
-/// #     let mut map = alloc::collections::BTreeMap::<cbor::KeyType, _>::new();
-/// use cbor::values::IntoCborKey;
-/// let x: Option<cbor::Value> = map.remove(&1.into_cbor_key());
-/// let y: Option<cbor::Value> = map.remove(&"key".into_cbor_key());
-/// # }
-/// ```
 #[macro_export]
 macro_rules! destructure_cbor_map {
     ( let { $( $key:expr => $variable:ident, )+ } = $map:expr; ) => {
@@ -100,7 +87,7 @@ macro_rules! destructure_cbor_map {
 /// would be inlined for every use case. As of June 2020, this saves ~40KB of binary size for the
 /// CTAP2 application of OpenSK.
 pub fn destructure_cbor_map_peek_value(
-    it: &mut Peekable<btree_map::IntoIter<KeyType, Value>>,
+    it: &mut Peekable<vec::IntoIter<(KeyType, Value)>>,
     needle: KeyType,
 ) -> Option<Value> {
     loop {
@@ -145,6 +132,23 @@ macro_rules! assert_sorted_keys {
     };
 }
 
+/// Creates a CBOR Value of type Map with the specified key-value pairs.
+///
+/// Keys and values are expressions and converted into CBOR Keys and Values.
+/// The syntax for these pairs is `key_expression => value_expression,`.
+/// Duplicate keys will lead to invalid CBOR, i.e. writing these values fails.
+/// Keys do not have to be sorted.
+///
+/// Example usage:
+///
+/// ```rust
+/// # extern crate alloc;
+/// # use cbor::cbor_map;
+/// let map = cbor_map! {
+///   0x01 => false,
+///   "02" => -3,
+/// };
+/// ```
 #[macro_export]
 macro_rules! cbor_map {
     // trailing comma case
@@ -157,15 +161,35 @@ macro_rules! cbor_map {
             // The import is unused if the list is empty.
             #[allow(unused_imports)]
             use $crate::values::{IntoCborKey, IntoCborValue};
-            let mut _map = ::alloc::collections::BTreeMap::new();
+            let mut _map = ::alloc::vec::Vec::new();
             $(
-                _map.insert($key.into_cbor_key(), $value.into_cbor_value());
+                _map.push(($key.into_cbor_key(), $value.into_cbor_value()));
             )*
             $crate::values::Value::Map(_map)
         }
     };
 }
 
+/// Creates a CBOR Value of type Map with key-value pairs where values can be Options.
+///
+/// Keys and values are expressions and converted into CBOR Keys and Value Options.
+/// The map entry is included iff the Value is not an Option or Option is Some.
+/// The syntax for these pairs is `key_expression => value_expression,`.
+/// Duplicate keys will lead to invalid CBOR, i.e. writing these values fails.
+/// Keys do not have to be sorted.
+///
+/// Example usage:
+///
+/// ```rust
+/// # extern crate alloc;
+/// # use cbor::cbor_map_options;
+/// let missing_value: Option<bool> = None;
+/// let map = cbor_map_options! {
+///   0x01 => Some(false),
+///   "02" => -3,
+///   "not in map" => missing_value,
+/// };
+/// ```
 #[macro_export]
 macro_rules! cbor_map_options {
     // trailing comma case
@@ -178,12 +202,12 @@ macro_rules! cbor_map_options {
             // The import is unused if the list is empty.
             #[allow(unused_imports)]
             use $crate::values::{IntoCborKey, IntoCborValueOption};
-            let mut _map = ::alloc::collections::BTreeMap::<_, $crate::values::Value>::new();
+            let mut _map = ::alloc::vec::Vec::<(_, $crate::values::Value)>::new();
             $(
             {
                 let opt: Option<$crate::values::Value> = $value.into_cbor_value_option();
                 if let Some(val) = opt {
-                    _map.insert($key.into_cbor_key(), val);
+                    _map.push(($key.into_cbor_key(), val));
                 }
             }
             )*
@@ -192,13 +216,25 @@ macro_rules! cbor_map_options {
     };
 }
 
+/// Creates a CBOR Value of type Map from a Vec<(KeyType, Value)>.
 #[macro_export]
-macro_rules! cbor_map_btree {
-    ( $tree:expr ) => {
-        $crate::values::Value::Map($tree)
-    };
+macro_rules! cbor_map_collection {
+    ( $tree:expr ) => {{
+        $crate::values::Value::from($tree)
+    }};
 }
 
+/// Creates a CBOR Value of type Array with the given elements.
+///
+/// Elements are expressions and converted into CBOR Values. Elements are comma-separated.
+///
+/// Example usage:
+///
+/// ```rust
+/// # extern crate alloc;
+/// # use cbor::cbor_array;
+/// let array = cbor_array![1, "2"];
+/// ```
 #[macro_export]
 macro_rules! cbor_array {
     // trailing comma case
@@ -216,6 +252,7 @@ macro_rules! cbor_array {
     };
 }
 
+/// Creates a CBOR Value of type Array from a Vec<Value>.
 #[macro_export]
 macro_rules! cbor_array_vec {
     ( $vec:expr ) => {{
@@ -329,7 +366,6 @@ macro_rules! cbor_key_bytes {
 #[cfg(test)]
 mod test {
     use super::super::values::{KeyType, SimpleValue, Value};
-    use alloc::collections::BTreeMap;
 
     #[test]
     fn test_cbor_simple_values() {
@@ -421,7 +457,7 @@ mod test {
                 Value::KeyValue(KeyType::Unsigned(0)),
                 Value::KeyValue(KeyType::Unsigned(1)),
             ]),
-            Value::Map(BTreeMap::new()),
+            Value::Map(Vec::new()),
             Value::Map(
                 [(KeyType::Unsigned(2), Value::KeyValue(KeyType::Unsigned(3)))]
                     .iter()
@@ -518,7 +554,7 @@ mod test {
                         Value::KeyValue(KeyType::Unsigned(1)),
                     ]),
                 ),
-                (KeyType::Unsigned(9), Value::Map(BTreeMap::new())),
+                (KeyType::Unsigned(9), Value::Map(Vec::new())),
                 (
                     KeyType::Unsigned(10),
                     Value::Map(
@@ -589,7 +625,7 @@ mod test {
                         Value::KeyValue(KeyType::Unsigned(1)),
                     ]),
                 ),
-                (KeyType::Unsigned(9), Value::Map(BTreeMap::new())),
+                (KeyType::Unsigned(9), Value::Map(Vec::new())),
                 (
                     KeyType::Unsigned(10),
                     Value::Map(
@@ -608,30 +644,26 @@ mod test {
     }
 
     #[test]
-    fn test_cbor_map_btree_empty() {
-        let a = cbor_map_btree!(BTreeMap::new());
-        let b = Value::Map(BTreeMap::new());
+    fn test_cbor_map_collection_empty() {
+        let a = cbor_map_collection!(Vec::<(_, _)>::new());
+        let b = Value::Map(Vec::new());
         assert_eq!(a, b);
     }
 
     #[test]
-    fn test_cbor_map_btree_foo() {
-        let a = cbor_map_btree!(
-            [(KeyType::Unsigned(2), Value::KeyValue(KeyType::Unsigned(3)))]
-                .iter()
-                .cloned()
-                .collect()
-        );
-        let b = Value::Map(
-            [(KeyType::Unsigned(2), Value::KeyValue(KeyType::Unsigned(3)))]
-                .iter()
-                .cloned()
-                .collect(),
-        );
+    fn test_cbor_map_collection_foo() {
+        let a = cbor_map_collection!(vec![(
+            KeyType::Unsigned(2),
+            Value::KeyValue(KeyType::Unsigned(3))
+        )]);
+        let b = Value::Map(vec![(
+            KeyType::Unsigned(2),
+            Value::KeyValue(KeyType::Unsigned(3)),
+        )]);
         assert_eq!(a, b);
     }
 
-    fn extract_map(cbor_value: Value) -> BTreeMap<KeyType, Value> {
+    fn extract_map(cbor_value: Value) -> Vec<(KeyType, Value)> {
         match cbor_value {
             Value::Map(map) => map,
             _ => panic!("Expected CBOR map."),
diff --git a/libraries/cbor/src/reader.rs b/libraries/cbor/src/reader.rs
index a1061a0..0634d84 100644
--- a/libraries/cbor/src/reader.rs
+++ b/libraries/cbor/src/reader.rs
@@ -13,8 +13,7 @@
 // limitations under the License.
 
 use super::values::{Constants, KeyType, SimpleValue, Value};
-use crate::{cbor_array_vec, cbor_bytes_lit, cbor_map_btree, cbor_text, cbor_unsigned};
-use alloc::collections::BTreeMap;
+use crate::{cbor_array_vec, cbor_bytes_lit, cbor_map_collection, cbor_text, cbor_unsigned};
 use alloc::str;
 use alloc::vec::Vec;
 
@@ -174,7 +173,7 @@ impl<'a> Reader<'a> {
         size_value: u64,
         remaining_depth: i8,
     ) -> Result<Value, DecoderError> {
-        let mut value_map = BTreeMap::new();
+        let mut value_map = Vec::new();
         let mut last_key_option = None;
         for _ in 0..size_value {
             let key_value = self.decode_complete_data_item(remaining_depth - 1)?;
@@ -185,12 +184,12 @@ impl<'a> Reader<'a> {
                     }
                 }
                 last_key_option = Some(key.clone());
-                value_map.insert(key, self.decode_complete_data_item(remaining_depth - 1)?);
+                value_map.push((key, self.decode_complete_data_item(remaining_depth - 1)?));
             } else {
                 return Err(DecoderError::IncorrectMapKeyType);
             }
         }
-        Ok(cbor_map_btree!(value_map))
+        Ok(cbor_map_collection!(value_map))
     }
 
     fn decode_to_simple_value(
diff --git a/libraries/cbor/src/values.rs b/libraries/cbor/src/values.rs
index b20d109..c2f7b72 100644
--- a/libraries/cbor/src/values.rs
+++ b/libraries/cbor/src/values.rs
@@ -12,7 +12,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use alloc::collections::BTreeMap;
 use alloc::string::{String, ToString};
 use alloc::vec::Vec;
 use core::cmp::Ordering;
@@ -21,7 +20,7 @@ use core::cmp::Ordering;
 pub enum Value {
     KeyValue(KeyType),
     Array(Vec<Value>),
-    Map(BTreeMap<KeyType, Value>),
+    Map(Vec<(KeyType, Value)>),
     // TAG is omitted
     Simple(SimpleValue),
 }
@@ -183,6 +182,12 @@ where
     }
 }
 
+impl From<Vec<(KeyType, Value)>> for Value {
+    fn from(map: Vec<(KeyType, Value)>) -> Self {
+        Value::Map(map)
+    }
+}
+
 impl From<bool> for Value {
     fn from(b: bool) -> Self {
         Value::bool_value(b)
diff --git a/libraries/cbor/src/writer.rs b/libraries/cbor/src/writer.rs
index 592048d..386f0b5 100644
--- a/libraries/cbor/src/writer.rs
+++ b/libraries/cbor/src/writer.rs
@@ -56,8 +56,14 @@ impl<'a> Writer<'a> {
                     }
                 }
             }
-            Value::Map(map) => {
-                self.start_item(5, map.len() as u64);
+            Value::Map(mut map) => {
+                map.sort_by(|a, b| a.0.cmp(&b.0));
+                let map_len = map.len();
+                map.dedup_by(|a, b| a.0.eq(&b.0));
+                if map_len != map.len() {
+                    return false;
+                }
+                self.start_item(5, map_len as u64);
                 for (k, v) in map {
                     if !self.encode_cbor(Value::KeyValue(k), remaining_depth - 1) {
                         return false;
@@ -209,9 +215,16 @@ mod test {
     #[test]
     fn test_write_map() {
         let value_map = cbor_map! {
-            "aa" => "AA",
-            "e" => "E",
-            "" => ".",
+            0 => "a",
+            23 => "b",
+            24 => "c",
+            std::u8::MAX as i64 => "d",
+            256 => "e",
+            std::u16::MAX as i64 => "f",
+            65536 => "g",
+            std::u32::MAX as i64 => "h",
+            4294967296_i64 => "i",
+            std::i64::MAX => "j",
             -1 => "k",
             -24 => "l",
             -25 => "m",
@@ -224,16 +237,9 @@ mod test {
             b"a" => 2,
             b"bar" => 3,
             b"foo" => 4,
-            0 => "a",
-            23 => "b",
-            24 => "c",
-            std::u8::MAX as i64 => "d",
-            256 => "e",
-            std::u16::MAX as i64 => "f",
-            65536 => "g",
-            std::u32::MAX as i64 => "h",
-            4294967296_i64 => "i",
-            std::i64::MAX => "j",
+            "" => ".",
+            "e" => "E",
+            "aa" => "AA",
         };
         let expected_cbor = vec![
             0xb8, 0x19, // map of 25 pairs:
@@ -288,6 +294,67 @@ mod test {
         assert_eq!(write_return(value_map), Some(expected_cbor));
     }
 
+    #[test]
+    fn test_write_map_sorted() {
+        let sorted_map = cbor_map! {
+            0 => "a",
+            1 => "b",
+            -1 => "c",
+            -2 => "d",
+            b"a" => "e",
+            b"b" => "f",
+            "" => "g",
+            "c" => "h",
+        };
+        let unsorted_map = cbor_map! {
+            1 => "b",
+            -2 => "d",
+            b"b" => "f",
+            "c" => "h",
+            "" => "g",
+            b"a" => "e",
+            -1 => "c",
+            0 => "a",
+        };
+        assert_eq!(write_return(sorted_map), write_return(unsorted_map));
+    }
+
+    #[test]
+    fn test_write_map_duplicates() {
+        let duplicate0 = cbor_map! {
+            0 => "a",
+            -1 => "c",
+            b"a" => "e",
+            "c" => "g",
+            0 => "b",
+        };
+        assert_eq!(write_return(duplicate0), None);
+        let duplicate1 = cbor_map! {
+            0 => "a",
+            -1 => "c",
+            b"a" => "e",
+            "c" => "g",
+            -1 => "d",
+        };
+        assert_eq!(write_return(duplicate1), None);
+        let duplicate2 = cbor_map! {
+            0 => "a",
+            -1 => "c",
+            b"a" => "e",
+            "c" => "g",
+            b"a" => "f",
+        };
+        assert_eq!(write_return(duplicate2), None);
+        let duplicate3 = cbor_map! {
+            0 => "a",
+            -1 => "c",
+            b"a" => "e",
+            "c" => "g",
+            "c" => "h",
+        };
+        assert_eq!(write_return(duplicate3), None);
+    }
+
     #[test]
     fn test_write_map_with_array() {
         let value_map = cbor_map! {
diff --git a/src/ctap/command.rs b/src/ctap/command.rs
index 4616b02..387a687 100644
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -594,14 +594,14 @@ mod test {
             0x01 => vec![0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F],
             0x02 => cbor_map! {
                 "id" => "example.com",
-                "name" => "Example",
                 "icon" => "example.com/icon.png",
+                "name" => "Example",
             },
             0x03 => cbor_map! {
                 "id" => vec![0x1D, 0x1D, 0x1D, 0x1D],
+                "icon" => "example.com/foo/icon.png",
                 "name" => "foo",
                 "displayName" => "bar",
-                "icon" => "example.com/foo/icon.png",
             },
             0x04 => cbor_array![ES256_CRED_PARAM],
             0x05 => cbor_array![],
@@ -656,8 +656,8 @@ mod test {
             0x01 => "example.com",
             0x02 => vec![0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F],
             0x03 => cbor_array![ cbor_map! {
-                "type" => "public-key",
                 "id" => vec![0x2D, 0x2D, 0x2D, 0x2D],
+                "type" => "public-key",
                 "transports" => cbor_array!["usb"],
             } ],
             0x06 => vec![0x12, 0x34],
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index b135a11..673b850 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -13,7 +13,6 @@
 // limitations under the License.
 
 use super::status_code::Ctap2StatusCode;
-use alloc::collections::BTreeMap;
 use alloc::string::String;
 use alloc::vec::Vec;
 use arrayref::array_ref;
@@ -62,8 +61,8 @@ impl From<PublicKeyCredentialRpEntity> for cbor::Value {
     fn from(entity: PublicKeyCredentialRpEntity) -> Self {
         cbor_map_options! {
             "id" => entity.rp_id,
-            "name" => entity.rp_name,
             "icon" => entity.rp_icon,
+            "name" => entity.rp_name,
         }
     }
 }
@@ -108,9 +107,9 @@ impl From<PublicKeyCredentialUserEntity> for cbor::Value {
     fn from(entity: PublicKeyCredentialUserEntity) -> Self {
         cbor_map_options! {
             "id" => entity.user_id,
+            "icon" => entity.user_icon,
             "name" => entity.user_name,
             "displayName" => entity.user_display_name,
-            "icon" => entity.user_icon,
         }
     }
 }
@@ -174,8 +173,8 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialParameter {
 impl From<PublicKeyCredentialParameter> for cbor::Value {
     fn from(cred_param: PublicKeyCredentialParameter) -> Self {
         cbor_map_options! {
-            "type" => cred_param.cred_type,
             "alg" => cred_param.alg,
+            "type" => cred_param.cred_type,
         }
     }
 }
@@ -262,8 +261,8 @@ impl TryFrom<cbor::Value> for PublicKeyCredentialDescriptor {
 impl From<PublicKeyCredentialDescriptor> for cbor::Value {
     fn from(desc: PublicKeyCredentialDescriptor) -> Self {
         cbor_map_options! {
-            "type" => desc.key_type,
             "id" => desc.key_id,
+            "type" => desc.key_type,
             "transports" => desc.transports.map(|vec| cbor_array_vec!(vec)),
         }
     }
@@ -1119,7 +1118,7 @@ pub(super) fn extract_array(cbor_value: cbor::Value) -> Result<Vec<cbor::Value>,
 
 pub(super) fn extract_map(
     cbor_value: cbor::Value,
-) -> Result<BTreeMap<cbor::KeyType, cbor::Value>, Ctap2StatusCode> {
+) -> Result<Vec<(cbor::KeyType, cbor::Value)>, Ctap2StatusCode> {
     match cbor_value {
         cbor::Value::Map(map) => Ok(map),
         _ => Err(Ctap2StatusCode::CTAP2_ERR_CBOR_UNEXPECTED_TYPE),
@@ -1142,7 +1141,6 @@ pub(super) fn ok_or_missing<T>(value_option: Option<T>) -> Result<T, Ctap2Status
 mod test {
     use self::Ctap2StatusCode::CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
     use super::*;
-    use alloc::collections::BTreeMap;
     use cbor::{
         cbor_array, cbor_bool, cbor_bytes, cbor_bytes_lit, cbor_false, cbor_int, cbor_null,
         cbor_text, cbor_unsigned,
@@ -1371,21 +1369,18 @@ mod test {
             extract_map(cbor_array![]),
             Err(CTAP2_ERR_CBOR_UNEXPECTED_TYPE)
         );
-        assert_eq!(extract_map(cbor_map! {}), Ok(BTreeMap::new()));
+        assert_eq!(extract_map(cbor_map! {}), Ok(Vec::new()));
         assert_eq!(
             extract_map(cbor_map! {
                 1 => cbor_false!(),
-                "foo" => b"bar",
                 b"bin" => -42,
+                "foo" => b"bar",
             }),
-            Ok([
+            Ok(vec![
                 (cbor_unsigned!(1), cbor_false!()),
-                (cbor_text!("foo"), cbor_bytes_lit!(b"bar")),
                 (cbor_bytes_lit!(b"bin"), cbor_int!(-42)),
-            ]
-            .iter()
-            .cloned()
-            .collect::<BTreeMap<_, _>>())
+                (cbor_text!("foo"), cbor_bytes_lit!(b"bar")),
+            ])
         );
     }
 
@@ -1419,8 +1414,8 @@ mod test {
     fn test_from_public_key_credential_rp_entity() {
         let cbor_rp_entity = cbor_map! {
             "id" => "example.com",
-            "name" => "Example",
             "icon" => "example.com/icon.png",
+            "name" => "Example",
         };
         let rp_entity = PublicKeyCredentialRpEntity::try_from(cbor_rp_entity);
         let expected_rp_entity = PublicKeyCredentialRpEntity {
@@ -1435,9 +1430,9 @@ mod test {
     fn test_from_into_public_key_credential_user_entity() {
         let cbor_user_entity = cbor_map! {
             "id" => vec![0x1D, 0x1D, 0x1D, 0x1D],
+            "icon" => "example.com/foo/icon.png",
             "name" => "foo",
             "displayName" => "bar",
-            "icon" => "example.com/foo/icon.png",
         };
         let user_entity = PublicKeyCredentialUserEntity::try_from(cbor_user_entity.clone());
         let expected_user_entity = PublicKeyCredentialUserEntity {
@@ -1541,8 +1536,8 @@ mod test {
     #[test]
     fn test_from_into_public_key_credential_parameter() {
         let cbor_credential_parameter = cbor_map! {
-            "type" => "public-key",
             "alg" => ES256_ALGORITHM,
+            "type" => "public-key",
         };
         let credential_parameter =
             PublicKeyCredentialParameter::try_from(cbor_credential_parameter.clone());
@@ -1558,8 +1553,8 @@ mod test {
     #[test]
     fn test_from_into_public_key_credential_descriptor() {
         let cbor_credential_descriptor = cbor_map! {
-            "type" => "public-key",
             "id" => vec![0x2D, 0x2D, 0x2D, 0x2D],
+            "type" => "public-key",
             "transports" => cbor_array!["usb"],
         };
         let credential_descriptor =
@@ -1577,11 +1572,11 @@ mod test {
     #[test]
     fn test_from_make_credential_extensions() {
         let cbor_extensions = cbor_map! {
-            "hmac-secret" => true,
-            "credProtect" => CredentialProtectionPolicy::UserVerificationRequired,
-            "minPinLength" => true,
             "credBlob" => vec![0xCB],
+            "credProtect" => CredentialProtectionPolicy::UserVerificationRequired,
+            "hmac-secret" => true,
             "largeBlobKey" => true,
+            "minPinLength" => true,
         };
         let extensions = MakeCredentialExtensions::try_from(cbor_extensions);
         let expected_extensions = MakeCredentialExtensions {
@@ -1601,12 +1596,12 @@ mod test {
         let pk = sk.genpk();
         let cose_key = CoseKey::from(pk);
         let cbor_extensions = cbor_map! {
+            "credBlob" => true,
             "hmac-secret" => cbor_map! {
                 1 => cbor::Value::from(cose_key.clone()),
                 2 => vec![0x02; 32],
                 3 => vec![0x03; 16],
             },
-            "credBlob" => true,
             "largeBlobKey" => true,
         };
         let extensions = GetAssertionExtensions::try_from(cbor_extensions);
@@ -1631,13 +1626,13 @@ mod test {
         let pk = sk.genpk();
         let cose_key = CoseKey::from(pk);
         let cbor_extensions = cbor_map! {
+            "credBlob" => true,
             "hmac-secret" => cbor_map! {
                 1 => cbor::Value::from(cose_key.clone()),
                 2 => vec![0x02; 32],
                 3 => vec![0x03; 16],
                 4 => 2,
             },
-            "credBlob" => true,
             "largeBlobKey" => true,
         };
         let extensions = GetAssertionExtensions::try_from(cbor_extensions);
@@ -1690,7 +1685,7 @@ mod test {
         let cbor_packed_attestation_statement = cbor_map! {
             "alg" => 1,
             "sig" => vec![0x55, 0x55, 0x55, 0x55],
-            "x5c" => cbor_array_vec![vec![certificate]],
+            "x5c" => cbor_array![certificate],
             "ecdaaKeyId" => vec![0xEC, 0xDA, 0x1D],
         };
         let packed_attestation_statement = PackedAttestationStatement {
@@ -1878,7 +1873,7 @@ mod test {
         };
         let cbor_params = cbor_map! {
             0x01 => 6,
-            0x02 => cbor_array_vec!(vec!["example.com".to_string()]),
+            0x02 => cbor_array!("example.com".to_string()),
             0x03 => true,
         };
         assert_eq!(cbor::Value::from(params.clone()), cbor_params);
@@ -1897,7 +1892,7 @@ mod test {
             ConfigSubCommandParams::SetMinPinLength(set_min_pin_length_params);
         let cbor_params = cbor_map! {
             0x01 => 6,
-            0x02 => cbor_array_vec!(vec!["example.com".to_string()]),
+            0x02 => cbor_array!("example.com".to_string()),
             0x03 => true,
         };
         assert_eq!(cbor::Value::from(config_sub_command_params), cbor_params);
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 548523a..eaca021 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -63,7 +63,6 @@ use self::timed_permission::TimedPermission;
 #[cfg(feature = "with_ctap1")]
 use self::timed_permission::U2fUserPresenceState;
 use alloc::boxed::Box;
-use alloc::collections::BTreeMap;
 use alloc::string::{String, ToString};
 use alloc::vec;
 use alloc::vec::Vec;
@@ -706,10 +705,10 @@ where
             };
             let cred_protect_output = extensions.cred_protect.and(cred_protect_policy);
             let extensions_output = cbor_map_options! {
-                "hmac-secret" => hmac_secret_output,
-                "credProtect" => cred_protect_output,
-                "minPinLength" => min_pin_length_output,
                 "credBlob" => cred_blob_output,
+                "credProtect" => cred_protect_output,
+                "hmac-secret" => hmac_secret_output,
+                "minPinLength" => min_pin_length_output,
             };
             if !cbor::write(extensions_output, &mut auth_data) {
                 return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
@@ -805,8 +804,8 @@ where
                 None
             };
             let extensions_output = cbor_map_options! {
-                "hmac-secret" => encrypted_output,
                 "credBlob" => cred_blob,
+                "hmac-secret" => encrypted_output,
             };
             if !cbor::write(extensions_output, &mut auth_data) {
                 return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
@@ -1033,26 +1032,29 @@ where
                 versions.insert(0, String::from(U2F_VERSION_STRING))
             }
         }
-        let mut options_map = BTreeMap::new();
-        options_map.insert(String::from("rk"), true);
-        options_map.insert(
-            String::from("clientPin"),
-            self.persistent_store.pin_hash()?.is_some(),
-        );
-        options_map.insert(String::from("up"), true);
-        options_map.insert(String::from("pinUvAuthToken"), true);
-        options_map.insert(String::from("largeBlobs"), true);
+        let mut options = vec![];
         if ENTERPRISE_ATTESTATION_MODE.is_some() {
-            options_map.insert(
+            options.push((
                 String::from("ep"),
                 self.persistent_store.enterprise_attestation()?,
-            );
+            ));
         }
-        options_map.insert(String::from("authnrCfg"), true);
-        options_map.insert(String::from("credMgmt"), true);
-        options_map.insert(String::from("setMinPINLength"), true);
-        options_map.insert(String::from("makeCredUvNotRqd"), !has_always_uv);
-        options_map.insert(String::from("alwaysUv"), has_always_uv);
+        options.append(&mut vec![
+            (String::from("rk"), true),
+            (String::from("up"), true),
+            (String::from("alwaysUv"), has_always_uv),
+            (String::from("credMgmt"), true),
+            (String::from("authnrCfg"), true),
+            (
+                String::from("clientPin"),
+                self.persistent_store.pin_hash()?.is_some(),
+            ),
+            (String::from("largeBlobs"), true),
+            (String::from("pinUvAuthToken"), true),
+            (String::from("setMinPINLength"), true),
+            (String::from("makeCredUvNotRqd"), !has_always_uv),
+        ]);
+
         Ok(ResponseData::AuthenticatorGetInfo(
             AuthenticatorGetInfoResponse {
                 versions,
@@ -1064,7 +1066,7 @@ where
                     String::from("largeBlobKey"),
                 ]),
                 aaguid: self.persistent_store.aaguid()?,
-                options: Some(options_map),
+                options: Some(options),
                 max_msg_size: Some(MAX_MSG_SIZE as u64),
                 // The order implies preference. We favor the new V2.
                 pin_protocols: Some(vec![
@@ -1285,33 +1287,33 @@ mod test {
                     String::from(FIDO2_VERSION_STRING),
                     String::from(FIDO2_1_VERSION_STRING),
                 ]],
-            0x02 => cbor_array_vec![vec![
+            0x02 => cbor_array![
                     String::from("hmac-secret"),
                     String::from("credProtect"),
                     String::from("minPinLength"),
                     String::from("credBlob"),
                     String::from("largeBlobKey"),
-                ]],
+                ],
             0x03 => ctap_state.persistent_store.aaguid().unwrap(),
             0x04 => cbor_map_options! {
-                "rk" => true,
-                "clientPin" => false,
-                "up" => true,
-                "pinUvAuthToken" => true,
-                "largeBlobs" => true,
                 "ep" => ENTERPRISE_ATTESTATION_MODE.map(|_| false),
-                "authnrCfg" => true,
+                "rk" => true,
+                "up" => true,
+                "alwaysUv" => false,
                 "credMgmt" => true,
+                "authnrCfg" => true,
+                "clientPin" => false,
+                "largeBlobs" => true,
+                "pinUvAuthToken" => true,
                 "setMinPINLength" => true,
                 "makeCredUvNotRqd" => true,
-                "alwaysUv" => false,
             },
             0x05 => MAX_MSG_SIZE as u64,
-            0x06 => cbor_array_vec![vec![2, 1]],
+            0x06 => cbor_array![2, 1],
             0x07 => MAX_CREDENTIAL_COUNT_IN_LIST.map(|c| c as u64),
             0x08 => CREDENTIAL_ID_SIZE as u64,
-            0x09 => cbor_array_vec![vec!["usb"]],
-            0x0A => cbor_array_vec![vec![ES256_CRED_PARAM]],
+            0x09 => cbor_array!["usb"],
+            0x0A => cbor_array![ES256_CRED_PARAM],
             0x0B => MAX_LARGE_BLOB_ARRAY_SIZE as u64,
             0x0C => false,
             0x0D => ctap_state.persistent_store.min_pin_length().unwrap() as u64,
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index 6a47172..2568bae 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -17,10 +17,9 @@ use super::data_formats::{
     PublicKeyCredentialDescriptor, PublicKeyCredentialParameter, PublicKeyCredentialRpEntity,
     PublicKeyCredentialUserEntity,
 };
-use alloc::collections::BTreeMap;
 use alloc::string::String;
 use alloc::vec::Vec;
-use cbor::{cbor_array_vec, cbor_bool, cbor_int, cbor_map_btree, cbor_map_options, cbor_text};
+use cbor::{cbor_array_vec, cbor_bool, cbor_int, cbor_map_collection, cbor_map_options, cbor_text};
 
 #[derive(Debug, PartialEq)]
 pub enum ResponseData {
@@ -123,7 +122,7 @@ pub struct AuthenticatorGetInfoResponse {
     pub versions: Vec<String>,
     pub extensions: Option<Vec<String>>,
     pub aaguid: [u8; 16],
-    pub options: Option<BTreeMap<String, bool>>,
+    pub options: Option<Vec<(String, bool)>>,
     pub max_msg_size: Option<u64>,
     pub pin_protocols: Option<Vec<u64>>,
     pub max_credential_count_in_list: Option<u64>,
@@ -141,7 +140,7 @@ pub struct AuthenticatorGetInfoResponse {
     // - 0x12: uvModality
     // Add them when your hardware supports any kind of user verification within
     // the boundary of the device, e.g. fingerprint or built-in keyboard.
-    pub certifications: Option<BTreeMap<String, i64>>,
+    pub certifications: Option<Vec<(String, i64)>>,
     pub remaining_discoverable_credentials: Option<u64>,
     // - 0x15: vendorPrototypeConfigCommands missing as we don't support it.
 }
@@ -170,19 +169,19 @@ impl From<AuthenticatorGetInfoResponse> for cbor::Value {
         } = get_info_response;
 
         let options_cbor: Option<cbor::Value> = options.map(|options| {
-            let options_map: BTreeMap<_, _> = options
+            let options_map: Vec<(_, _)> = options
                 .into_iter()
                 .map(|(key, value)| (cbor_text!(key), cbor_bool!(value)))
                 .collect();
-            cbor_map_btree!(options_map)
+            cbor_map_collection!(options_map)
         });
 
         let certifications_cbor: Option<cbor::Value> = certifications.map(|certifications| {
-            let certifications_map: BTreeMap<_, _> = certifications
+            let certifications_map: Vec<(_, _)> = certifications
                 .into_iter()
                 .map(|(key, value)| (cbor_text!(key), cbor_int!(value)))
                 .collect();
-            cbor_map_btree!(certifications_map)
+            cbor_map_collection!(certifications_map)
         });
 
         cbor_map_options! {
@@ -337,7 +336,7 @@ mod test {
         let cbor_packed_attestation_statement = cbor_map! {
             "alg" => 1,
             "sig" => vec![0x55, 0x55, 0x55, 0x55],
-            "x5c" => cbor_array_vec![vec![certificate]],
+            "x5c" => cbor_array![certificate],
             "ecdaaKeyId" => vec![0xEC, 0xDA, 0x1D],
         };
 
@@ -385,17 +384,17 @@ mod test {
             ResponseData::AuthenticatorGetAssertion(get_assertion_response).into();
         let expected_cbor = cbor_map_options! {
             0x01 => cbor_map! {
-                "type" => "public-key",
                 "id" => vec![0x2D, 0x2D, 0x2D, 0x2D],
+                "type" => "public-key",
                 "transports" => cbor_array!["usb"],
             },
             0x02 => vec![0xAD],
             0x03 => vec![0x51],
             0x04 => cbor_map! {
                 "id" => vec![0x1D, 0x1D, 0x1D, 0x1D],
+                "icon" => "example.com/foo/icon.png".to_string(),
                 "name" => "foo".to_string(),
                 "displayName" => "bar".to_string(),
-                "icon" => "example.com/foo/icon.png".to_string(),
             },
             0x05 => 2,
             0x07 => vec![0x1B],
@@ -438,15 +437,11 @@ mod test {
 
     #[test]
     fn test_get_info_optionals_into_cbor() {
-        let mut options_map = BTreeMap::new();
-        options_map.insert(String::from("rk"), true);
-        let mut certifications_map = BTreeMap::new();
-        certifications_map.insert(String::from("example-cert"), 1);
         let get_info_response = AuthenticatorGetInfoResponse {
             versions: vec!["FIDO_2_0".to_string()],
             extensions: Some(vec!["extension".to_string()]),
             aaguid: [0x00; 16],
-            options: Some(options_map),
+            options: Some(vec![(String::from("rk"), true)]),
             max_msg_size: Some(1024),
             pin_protocols: Some(vec![1]),
             max_credential_count_in_list: Some(20),
@@ -459,22 +454,22 @@ mod test {
             firmware_version: Some(0),
             max_cred_blob_length: Some(1024),
             max_rp_ids_for_set_min_pin_length: Some(8),
-            certifications: Some(certifications_map),
+            certifications: Some(vec![(String::from("example-cert"), 1)]),
             remaining_discoverable_credentials: Some(150),
         };
         let response_cbor: Option<cbor::Value> =
             ResponseData::AuthenticatorGetInfo(get_info_response).into();
         let expected_cbor = cbor_map_options! {
-            0x01 => cbor_array_vec![vec!["FIDO_2_0"]],
-            0x02 => cbor_array_vec![vec!["extension"]],
+            0x01 => cbor_array!["FIDO_2_0"],
+            0x02 => cbor_array!["extension"],
             0x03 => vec![0x00; 16],
             0x04 => cbor_map! {"rk" => true},
             0x05 => 1024,
-            0x06 => cbor_array_vec![vec![1]],
+            0x06 => cbor_array![1],
             0x07 => 20,
             0x08 => 256,
-            0x09 => cbor_array_vec![vec!["usb"]],
-            0x0A => cbor_array_vec![vec![ES256_CRED_PARAM]],
+            0x09 => cbor_array!["usb"],
+            0x0A => cbor_array![ES256_CRED_PARAM],
             0x0B => 1024,
             0x0C => false,
             0x0D => 4,
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index a650d4d..2ba8d77 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -1370,13 +1370,13 @@ mod test {
             private_key,
             rp_id: String::from("example.com"),
             user_handle: vec![0x00],
-            user_display_name: None,
-            cred_protect_policy: None,
+            user_display_name: Some(String::from("Display Name")),
+            cred_protect_policy: Some(CredentialProtectionPolicy::UserVerificationOptional),
             creation_order: 0,
-            user_name: None,
-            user_icon: None,
-            cred_blob: None,
-            large_blob_key: None,
+            user_name: Some(String::from("name")),
+            user_icon: Some(String::from("icon")),
+            cred_blob: Some(vec![0xCB]),
+            large_blob_key: Some(vec![0x1B]),
         };
         let serialized = serialize_credential(credential.clone()).unwrap();
         let reconstructed = deserialize_credential(&serialized).unwrap();

From 9a1c060234bb065b48a753fe7426df4f9a9f3fee Mon Sep 17 00:00:00 2001
From: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
Date: Wed, 14 Apr 2021 10:19:10 +0200
Subject: [PATCH 190/192] Remove KeyType from CBOR (#306)

* removes KeyType from CBOR

* type_label usage in writer
---
 libraries/cbor/src/lib.rs    |   2 +-
 libraries/cbor/src/macros.rs | 248 ++++++++++++++---------------------
 libraries/cbor/src/reader.rs |  34 ++---
 libraries/cbor/src/values.rs | 229 +++++++++++++++++---------------
 libraries/cbor/src/writer.rs |  25 ++--
 src/ctap/data_formats.rs     |  18 +--
 src/ctap/response.rs         |   2 +-
 7 files changed, 256 insertions(+), 302 deletions(-)

diff --git a/libraries/cbor/src/lib.rs b/libraries/cbor/src/lib.rs
index 0a128fc..0667484 100644
--- a/libraries/cbor/src/lib.rs
+++ b/libraries/cbor/src/lib.rs
@@ -24,5 +24,5 @@ pub mod values;
 pub mod writer;
 
 pub use self::reader::read;
-pub use self::values::{KeyType, SimpleValue, Value};
+pub use self::values::{SimpleValue, Value};
 pub use self::writer::write;
diff --git a/libraries/cbor/src/macros.rs b/libraries/cbor/src/macros.rs
index 758925e..7dac984 100644
--- a/libraries/cbor/src/macros.rs
+++ b/libraries/cbor/src/macros.rs
@@ -12,12 +12,12 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use crate::values::{KeyType, Value};
+use crate::values::Value;
 use alloc::vec;
 use core::cmp::Ordering;
 use core::iter::Peekable;
 
-/// This macro generates code to extract multiple values from a `Vec<(KeyType, Value)>` at once
+/// This macro generates code to extract multiple values from a `Vec<(Value, Value)>` at once
 /// in an optimized manner, consuming the input vector.
 ///
 /// It takes as input a `Vec` as well as a list of identifiers and keys, and generates code
@@ -57,7 +57,7 @@ macro_rules! destructure_cbor_map {
         #[cfg(test)]
         $crate::assert_sorted_keys!($( $key, )+);
 
-        use $crate::values::{IntoCborKey, Value};
+        use $crate::values::{IntoCborValue, Value};
         use $crate::macros::destructure_cbor_map_peek_value;
 
         // This algorithm first converts the map into a peekable iterator - whose items are sorted
@@ -70,7 +70,7 @@ macro_rules! destructure_cbor_map {
         // to come in the same order (i.e. sorted).
         let mut it = $map.into_iter().peekable();
         $(
-        let $variable: Option<Value> = destructure_cbor_map_peek_value(&mut it, $key.into_cbor_key());
+        let $variable: Option<Value> = destructure_cbor_map_peek_value(&mut it, $key.into_cbor_value());
         )+
     };
 }
@@ -87,14 +87,14 @@ macro_rules! destructure_cbor_map {
 /// would be inlined for every use case. As of June 2020, this saves ~40KB of binary size for the
 /// CTAP2 application of OpenSK.
 pub fn destructure_cbor_map_peek_value(
-    it: &mut Peekable<vec::IntoIter<(KeyType, Value)>>,
-    needle: KeyType,
+    it: &mut Peekable<vec::IntoIter<(Value, Value)>>,
+    needle: Value,
 ) -> Option<Value> {
     loop {
         match it.peek() {
             None => return None,
             Some(item) => {
-                let key: &KeyType = &item.0;
+                let key: &Value = &item.0;
                 match key.cmp(&needle) {
                     Ordering::Less => {
                         it.next();
@@ -118,9 +118,9 @@ macro_rules! assert_sorted_keys {
 
     ( $key1:expr, $key2:expr, $( $keys:expr, )* ) => {
         {
-            use $crate::values::{IntoCborKey, KeyType};
-            let k1: KeyType = $key1.into_cbor_key();
-            let k2: KeyType = $key2.into_cbor_key();
+            use $crate::values::{IntoCborValue, Value};
+            let k1: Value = $key1.into_cbor_value();
+            let k2: Value = $key2.into_cbor_value();
             assert!(
                 k1 < k2,
                 "{:?} < {:?} failed. The destructure_cbor_map! macro requires keys in sorted order.",
@@ -160,10 +160,10 @@ macro_rules! cbor_map {
         {
             // The import is unused if the list is empty.
             #[allow(unused_imports)]
-            use $crate::values::{IntoCborKey, IntoCborValue};
+            use $crate::values::IntoCborValue;
             let mut _map = ::alloc::vec::Vec::new();
             $(
-                _map.push(($key.into_cbor_key(), $value.into_cbor_value()));
+                _map.push(($key.into_cbor_value(), $value.into_cbor_value()));
             )*
             $crate::values::Value::Map(_map)
         }
@@ -201,13 +201,13 @@ macro_rules! cbor_map_options {
         {
             // The import is unused if the list is empty.
             #[allow(unused_imports)]
-            use $crate::values::{IntoCborKey, IntoCborValueOption};
+            use $crate::values::{IntoCborValue, IntoCborValueOption};
             let mut _map = ::alloc::vec::Vec::<(_, $crate::values::Value)>::new();
             $(
             {
                 let opt: Option<$crate::values::Value> = $value.into_cbor_value_option();
                 if let Some(val) = opt {
-                    _map.push(($key.into_cbor_key(), val));
+                    _map.push(($key.into_cbor_value(), val));
                 }
             }
             )*
@@ -216,7 +216,7 @@ macro_rules! cbor_map_options {
     };
 }
 
-/// Creates a CBOR Value of type Map from a Vec<(KeyType, Value)>.
+/// Creates a CBOR Value of type Map from a Vec<(Value, Value)>.
 #[macro_export]
 macro_rules! cbor_map_collection {
     ( $tree:expr ) => {{
@@ -261,6 +261,7 @@ macro_rules! cbor_array_vec {
     }};
 }
 
+/// Creates a CBOR Value of type Simple with value true.
 #[macro_export]
 macro_rules! cbor_true {
     ( ) => {
@@ -268,6 +269,7 @@ macro_rules! cbor_true {
     };
 }
 
+/// Creates a CBOR Value of type Simple with value false.
 #[macro_export]
 macro_rules! cbor_false {
     ( ) => {
@@ -275,6 +277,7 @@ macro_rules! cbor_false {
     };
 }
 
+/// Creates a CBOR Value of type Simple with value null.
 #[macro_export]
 macro_rules! cbor_null {
     ( ) => {
@@ -282,6 +285,7 @@ macro_rules! cbor_null {
     };
 }
 
+/// Creates a CBOR Value of type Simple with the undefined value.
 #[macro_export]
 macro_rules! cbor_undefined {
     ( ) => {
@@ -289,6 +293,7 @@ macro_rules! cbor_undefined {
     };
 }
 
+/// Creates a CBOR Value of type Simple with the given bool value.
 #[macro_export]
 macro_rules! cbor_bool {
     ( $x:expr ) => {
@@ -296,37 +301,47 @@ macro_rules! cbor_bool {
     };
 }
 
-// For key types, we construct a KeyType and call .into(), which will automatically convert it to a
-// KeyType or a Value depending on the context.
+/// Creates a CBOR Value of type Unsigned with the given numeric value.
 #[macro_export]
 macro_rules! cbor_unsigned {
     ( $x:expr ) => {
-        $crate::cbor_key_unsigned!($x).into()
+        $crate::values::Value::Unsigned($x)
     };
 }
 
+/// Creates a CBOR Value of type Unsigned or Negative with the given numeric value.
 #[macro_export]
 macro_rules! cbor_int {
     ( $x:expr ) => {
-        $crate::cbor_key_int!($x).into()
+        $crate::values::Value::integer($x)
     };
 }
 
+/// Creates a CBOR Value of type Text String with the given string.
 #[macro_export]
 macro_rules! cbor_text {
     ( $x:expr ) => {
-        $crate::cbor_key_text!($x).into()
+        $crate::values::Value::TextString($x.into())
     };
 }
 
+/// Creates a CBOR Value of type Byte String with the given slice or vector.
 #[macro_export]
 macro_rules! cbor_bytes {
     ( $x:expr ) => {
-        $crate::cbor_key_bytes!($x).into()
+        $crate::values::Value::ByteString($x)
     };
 }
 
-// Macro to use with a literal, e.g. cbor_bytes_lit!(b"foo")
+/// Creates a CBOR Value of type Byte String with the given byte string literal.
+///
+/// Example usage:
+///
+/// ```rust
+/// # extern crate alloc;
+/// # use cbor::cbor_bytes_lit;
+/// let byte_array = cbor_bytes_lit!(b"foo");
+/// ```
 #[macro_export]
 macro_rules! cbor_bytes_lit {
     ( $x:expr ) => {
@@ -334,38 +349,9 @@ macro_rules! cbor_bytes_lit {
     };
 }
 
-// Some explicit macros are also available for contexts where the type is not explicit.
-#[macro_export]
-macro_rules! cbor_key_unsigned {
-    ( $x:expr ) => {
-        $crate::values::KeyType::Unsigned($x)
-    };
-}
-
-#[macro_export]
-macro_rules! cbor_key_int {
-    ( $x:expr ) => {
-        $crate::values::KeyType::integer($x)
-    };
-}
-
-#[macro_export]
-macro_rules! cbor_key_text {
-    ( $x:expr ) => {
-        $crate::values::KeyType::TextString($x.into())
-    };
-}
-
-#[macro_export]
-macro_rules! cbor_key_bytes {
-    ( $x:expr ) => {
-        $crate::values::KeyType::ByteString($x)
-    };
-}
-
 #[cfg(test)]
 mod test {
-    use super::super::values::{KeyType, SimpleValue, Value};
+    use super::super::values::{SimpleValue, Value};
 
     #[test]
     fn test_cbor_simple_values() {
@@ -383,23 +369,20 @@ mod test {
 
     #[test]
     fn test_cbor_int_unsigned() {
-        assert_eq!(cbor_key_int!(0), KeyType::Unsigned(0));
-        assert_eq!(cbor_key_int!(1), KeyType::Unsigned(1));
-        assert_eq!(cbor_key_int!(123456), KeyType::Unsigned(123456));
+        assert_eq!(cbor_int!(0), Value::Unsigned(0));
+        assert_eq!(cbor_int!(1), Value::Unsigned(1));
+        assert_eq!(cbor_int!(123456), Value::Unsigned(123456));
         assert_eq!(
-            cbor_key_int!(std::i64::MAX),
-            KeyType::Unsigned(std::i64::MAX as u64)
+            cbor_int!(std::i64::MAX),
+            Value::Unsigned(std::i64::MAX as u64)
         );
     }
 
     #[test]
     fn test_cbor_int_negative() {
-        assert_eq!(cbor_key_int!(-1), KeyType::Negative(-1));
-        assert_eq!(cbor_key_int!(-123456), KeyType::Negative(-123456));
-        assert_eq!(
-            cbor_key_int!(std::i64::MIN),
-            KeyType::Negative(std::i64::MIN)
-        );
+        assert_eq!(cbor_int!(-1), Value::Negative(-1));
+        assert_eq!(cbor_int!(-123456), Value::Negative(-123456));
+        assert_eq!(cbor_int!(std::i64::MIN), Value::Negative(std::i64::MIN));
     }
 
     #[test]
@@ -417,16 +400,16 @@ mod test {
             std::u64::MAX,
         ];
         let b = Value::Array(vec![
-            Value::KeyValue(KeyType::Negative(std::i64::MIN)),
-            Value::KeyValue(KeyType::Negative(std::i32::MIN as i64)),
-            Value::KeyValue(KeyType::Negative(-123456)),
-            Value::KeyValue(KeyType::Negative(-1)),
-            Value::KeyValue(KeyType::Unsigned(0)),
-            Value::KeyValue(KeyType::Unsigned(1)),
-            Value::KeyValue(KeyType::Unsigned(123456)),
-            Value::KeyValue(KeyType::Unsigned(std::i32::MAX as u64)),
-            Value::KeyValue(KeyType::Unsigned(std::i64::MAX as u64)),
-            Value::KeyValue(KeyType::Unsigned(std::u64::MAX)),
+            Value::Negative(std::i64::MIN),
+            Value::Negative(std::i32::MIN as i64),
+            Value::Negative(-123456),
+            Value::Negative(-1),
+            Value::Unsigned(0),
+            Value::Unsigned(1),
+            Value::Unsigned(123456),
+            Value::Unsigned(std::i32::MAX as u64),
+            Value::Unsigned(std::i64::MAX as u64),
+            Value::Unsigned(std::u64::MAX),
         ]);
         assert_eq!(a, b);
     }
@@ -446,20 +429,17 @@ mod test {
             cbor_map! {2 => 3},
         ];
         let b = Value::Array(vec![
-            Value::KeyValue(KeyType::Negative(-123)),
-            Value::KeyValue(KeyType::Unsigned(456)),
+            Value::Negative(-123),
+            Value::Unsigned(456),
             Value::Simple(SimpleValue::TrueValue),
             Value::Simple(SimpleValue::NullValue),
-            Value::KeyValue(KeyType::TextString(String::from("foo"))),
-            Value::KeyValue(KeyType::ByteString(b"bar".to_vec())),
+            Value::TextString(String::from("foo")),
+            Value::ByteString(b"bar".to_vec()),
             Value::Array(Vec::new()),
-            Value::Array(vec![
-                Value::KeyValue(KeyType::Unsigned(0)),
-                Value::KeyValue(KeyType::Unsigned(1)),
-            ]),
+            Value::Array(vec![Value::Unsigned(0), Value::Unsigned(1)]),
             Value::Map(Vec::new()),
             Value::Map(
-                [(KeyType::Unsigned(2), Value::KeyValue(KeyType::Unsigned(3)))]
+                [(Value::Unsigned(2), Value::Unsigned(3))]
                     .iter()
                     .cloned()
                     .collect(),
@@ -479,10 +459,10 @@ mod test {
     fn test_cbor_array_vec_int() {
         let a = cbor_array_vec!(vec![1, 2, 3, 4]);
         let b = Value::Array(vec![
-            Value::KeyValue(KeyType::Unsigned(1)),
-            Value::KeyValue(KeyType::Unsigned(2)),
-            Value::KeyValue(KeyType::Unsigned(3)),
-            Value::KeyValue(KeyType::Unsigned(4)),
+            Value::Unsigned(1),
+            Value::Unsigned(2),
+            Value::Unsigned(3),
+            Value::Unsigned(4),
         ]);
         assert_eq!(a, b);
     }
@@ -491,9 +471,9 @@ mod test {
     fn test_cbor_array_vec_text() {
         let a = cbor_array_vec!(vec!["a", "b", "c"]);
         let b = Value::Array(vec![
-            Value::KeyValue(KeyType::TextString(String::from("a"))),
-            Value::KeyValue(KeyType::TextString(String::from("b"))),
-            Value::KeyValue(KeyType::TextString(String::from("c"))),
+            Value::TextString(String::from("a")),
+            Value::TextString(String::from("b")),
+            Value::TextString(String::from("c")),
         ]);
         assert_eq!(a, b);
     }
@@ -502,9 +482,9 @@ mod test {
     fn test_cbor_array_vec_bytes() {
         let a = cbor_array_vec!(vec![b"a", b"b", b"c"]);
         let b = Value::Array(vec![
-            Value::KeyValue(KeyType::ByteString(b"a".to_vec())),
-            Value::KeyValue(KeyType::ByteString(b"b".to_vec())),
-            Value::KeyValue(KeyType::ByteString(b"c".to_vec())),
+            Value::ByteString(b"a".to_vec()),
+            Value::ByteString(b"b".to_vec()),
+            Value::ByteString(b"c".to_vec()),
         ]);
         assert_eq!(a, b);
     }
@@ -525,40 +505,28 @@ mod test {
         };
         let b = Value::Map(
             [
+                (Value::Negative(-1), Value::Negative(-23)),
+                (Value::Unsigned(4), Value::Unsigned(56)),
                 (
-                    KeyType::Negative(-1),
-                    Value::KeyValue(KeyType::Negative(-23)),
-                ),
-                (KeyType::Unsigned(4), Value::KeyValue(KeyType::Unsigned(56))),
-                (
-                    KeyType::TextString(String::from("foo")),
+                    Value::TextString(String::from("foo")),
                     Value::Simple(SimpleValue::TrueValue),
                 ),
                 (
-                    KeyType::ByteString(b"bar".to_vec()),
+                    Value::ByteString(b"bar".to_vec()),
                     Value::Simple(SimpleValue::NullValue),
                 ),
+                (Value::Unsigned(5), Value::TextString(String::from("foo"))),
+                (Value::Unsigned(6), Value::ByteString(b"bar".to_vec())),
+                (Value::Unsigned(7), Value::Array(Vec::new())),
                 (
-                    KeyType::Unsigned(5),
-                    Value::KeyValue(KeyType::TextString(String::from("foo"))),
+                    Value::Unsigned(8),
+                    Value::Array(vec![Value::Unsigned(0), Value::Unsigned(1)]),
                 ),
+                (Value::Unsigned(9), Value::Map(Vec::new())),
                 (
-                    KeyType::Unsigned(6),
-                    Value::KeyValue(KeyType::ByteString(b"bar".to_vec())),
-                ),
-                (KeyType::Unsigned(7), Value::Array(Vec::new())),
-                (
-                    KeyType::Unsigned(8),
-                    Value::Array(vec![
-                        Value::KeyValue(KeyType::Unsigned(0)),
-                        Value::KeyValue(KeyType::Unsigned(1)),
-                    ]),
-                ),
-                (KeyType::Unsigned(9), Value::Map(Vec::new())),
-                (
-                    KeyType::Unsigned(10),
+                    Value::Unsigned(10),
                     Value::Map(
-                        [(KeyType::Unsigned(2), Value::KeyValue(KeyType::Unsigned(3)))]
+                        [(Value::Unsigned(2), Value::Unsigned(3))]
                             .iter()
                             .cloned()
                             .collect(),
@@ -596,40 +564,28 @@ mod test {
         };
         let b = Value::Map(
             [
+                (Value::Negative(-1), Value::Negative(-23)),
+                (Value::Unsigned(4), Value::Unsigned(56)),
                 (
-                    KeyType::Negative(-1),
-                    Value::KeyValue(KeyType::Negative(-23)),
-                ),
-                (KeyType::Unsigned(4), Value::KeyValue(KeyType::Unsigned(56))),
-                (
-                    KeyType::TextString(String::from("foo")),
+                    Value::TextString(String::from("foo")),
                     Value::Simple(SimpleValue::TrueValue),
                 ),
                 (
-                    KeyType::ByteString(b"bar".to_vec()),
+                    Value::ByteString(b"bar".to_vec()),
                     Value::Simple(SimpleValue::NullValue),
                 ),
+                (Value::Unsigned(5), Value::TextString(String::from("foo"))),
+                (Value::Unsigned(6), Value::ByteString(b"bar".to_vec())),
+                (Value::Unsigned(7), Value::Array(Vec::new())),
                 (
-                    KeyType::Unsigned(5),
-                    Value::KeyValue(KeyType::TextString(String::from("foo"))),
+                    Value::Unsigned(8),
+                    Value::Array(vec![Value::Unsigned(0), Value::Unsigned(1)]),
                 ),
+                (Value::Unsigned(9), Value::Map(Vec::new())),
                 (
-                    KeyType::Unsigned(6),
-                    Value::KeyValue(KeyType::ByteString(b"bar".to_vec())),
-                ),
-                (KeyType::Unsigned(7), Value::Array(Vec::new())),
-                (
-                    KeyType::Unsigned(8),
-                    Value::Array(vec![
-                        Value::KeyValue(KeyType::Unsigned(0)),
-                        Value::KeyValue(KeyType::Unsigned(1)),
-                    ]),
-                ),
-                (KeyType::Unsigned(9), Value::Map(Vec::new())),
-                (
-                    KeyType::Unsigned(10),
+                    Value::Unsigned(10),
                     Value::Map(
-                        [(KeyType::Unsigned(2), Value::KeyValue(KeyType::Unsigned(3)))]
+                        [(Value::Unsigned(2), Value::Unsigned(3))]
                             .iter()
                             .cloned()
                             .collect(),
@@ -652,18 +608,12 @@ mod test {
 
     #[test]
     fn test_cbor_map_collection_foo() {
-        let a = cbor_map_collection!(vec![(
-            KeyType::Unsigned(2),
-            Value::KeyValue(KeyType::Unsigned(3))
-        )]);
-        let b = Value::Map(vec![(
-            KeyType::Unsigned(2),
-            Value::KeyValue(KeyType::Unsigned(3)),
-        )]);
+        let a = cbor_map_collection!(vec![(Value::Unsigned(2), Value::Unsigned(3))]);
+        let b = Value::Map(vec![(Value::Unsigned(2), Value::Unsigned(3))]);
         assert_eq!(a, b);
     }
 
-    fn extract_map(cbor_value: Value) -> Vec<(KeyType, Value)> {
+    fn extract_map(cbor_value: Value) -> Vec<(Value, Value)> {
         match cbor_value {
             Value::Map(map) => map,
             _ => panic!("Expected CBOR map."),
diff --git a/libraries/cbor/src/reader.rs b/libraries/cbor/src/reader.rs
index 0634d84..b11cf84 100644
--- a/libraries/cbor/src/reader.rs
+++ b/libraries/cbor/src/reader.rs
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use super::values::{Constants, KeyType, SimpleValue, Value};
+use super::values::{Constants, SimpleValue, Value};
 use crate::{cbor_array_vec, cbor_bytes_lit, cbor_map_collection, cbor_text, cbor_unsigned};
 use alloc::str;
 use alloc::vec::Vec;
@@ -22,7 +22,6 @@ pub enum DecoderError {
     UnsupportedMajorType,
     UnknownAdditionalInfo,
     IncompleteCborData,
-    IncorrectMapKeyType,
     TooMuchNesting,
     InvalidUtf8,
     ExtranousData,
@@ -134,7 +133,7 @@ impl<'a> Reader<'a> {
         if signed_size < 0 {
             Err(DecoderError::OutOfRangeIntegerValue)
         } else {
-            Ok(Value::KeyValue(KeyType::Negative(-(size_value as i64) - 1)))
+            Ok(Value::Negative(-(size_value as i64) - 1))
         }
     }
 
@@ -176,18 +175,14 @@ impl<'a> Reader<'a> {
         let mut value_map = Vec::new();
         let mut last_key_option = None;
         for _ in 0..size_value {
-            let key_value = self.decode_complete_data_item(remaining_depth - 1)?;
-            if let Value::KeyValue(key) = key_value {
-                if let Some(last_key) = last_key_option {
-                    if last_key >= key {
-                        return Err(DecoderError::OutOfOrderKey);
-                    }
+            let key = self.decode_complete_data_item(remaining_depth - 1)?;
+            if let Some(last_key) = last_key_option {
+                if last_key >= key {
+                    return Err(DecoderError::OutOfOrderKey);
                 }
-                last_key_option = Some(key.clone());
-                value_map.push((key, self.decode_complete_data_item(remaining_depth - 1)?));
-            } else {
-                return Err(DecoderError::IncorrectMapKeyType);
             }
+            last_key_option = Some(key.clone());
+            value_map.push((key, self.decode_complete_data_item(remaining_depth - 1)?));
         }
         Ok(cbor_map_collection!(value_map))
     }
@@ -614,19 +609,6 @@ mod test {
         }
     }
 
-    #[test]
-    fn test_read_unsupported_map_key_format_error() {
-        // While CBOR can handle all types as map keys, we only support a subset.
-        let bad_map_cbor = vec![
-            0xa2, // map of 2 pairs
-            0x82, 0x01, 0x02, // invalid key : [1, 2]
-            0x02, // value : 2
-            0x61, 0x64, // key : "d"
-            0x03, // value : 3
-        ];
-        assert_eq!(read(&bad_map_cbor), Err(DecoderError::IncorrectMapKeyType));
-    }
-
     #[test]
     fn test_read_unknown_additional_info_error() {
         let cases = vec![
diff --git a/libraries/cbor/src/values.rs b/libraries/cbor/src/values.rs
index c2f7b72..1e1324d 100644
--- a/libraries/cbor/src/values.rs
+++ b/libraries/cbor/src/values.rs
@@ -12,31 +12,25 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use super::writer::write;
 use alloc::string::{String, ToString};
 use alloc::vec::Vec;
 use core::cmp::Ordering;
 
-#[derive(Clone, Debug, PartialEq)]
+#[derive(Clone, Debug)]
 pub enum Value {
-    KeyValue(KeyType),
-    Array(Vec<Value>),
-    Map(Vec<(KeyType, Value)>),
-    // TAG is omitted
-    Simple(SimpleValue),
-}
-
-// The specification recommends to limit the available keys.
-// Currently supported are both integer and string types.
-#[derive(Clone, Debug, Eq, PartialEq)]
-pub enum KeyType {
     Unsigned(u64),
     // We only use 63 bits of information here.
     Negative(i64),
     ByteString(Vec<u8>),
     TextString(String),
+    Array(Vec<Value>),
+    Map(Vec<(Value, Value)>),
+    // TAG is omitted
+    Simple(SimpleValue),
 }
 
-#[derive(Clone, Debug, PartialEq)]
+#[derive(Clone, Debug, PartialEq, Eq, PartialOrd, Ord)]
 pub enum SimpleValue {
     FalseValue = 20,
     TrueValue = 21,
@@ -57,6 +51,15 @@ impl Constants {
 }
 
 impl Value {
+    // For simplicity, this only takes i64. Construct directly for the last bit.
+    pub fn integer(int: i64) -> Value {
+        if int >= 0 {
+            Value::Unsigned(int as u64)
+        } else {
+            Value::Negative(int)
+        }
+    }
+
     pub fn bool_value(b: bool) -> Value {
         if b {
             Value::Simple(SimpleValue::TrueValue)
@@ -66,8 +69,13 @@ impl Value {
     }
 
     pub fn type_label(&self) -> u8 {
+        // TODO use enum discriminant instead when stable
+        // https://github.com/rust-lang/rust/issues/60553
         match self {
-            Value::KeyValue(key) => key.type_label(),
+            Value::Unsigned(_) => 0,
+            Value::Negative(_) => 1,
+            Value::ByteString(_) => 2,
+            Value::TextString(_) => 3,
             Value::Array(_) => 4,
             Value::Map(_) => 5,
             Value::Simple(_) => 7,
@@ -75,29 +83,11 @@ impl Value {
     }
 }
 
-impl KeyType {
-    // For simplicity, this only takes i64. Construct directly for the last bit.
-    pub fn integer(int: i64) -> KeyType {
-        if int >= 0 {
-            KeyType::Unsigned(int as u64)
-        } else {
-            KeyType::Negative(int)
-        }
-    }
-
-    pub fn type_label(&self) -> u8 {
-        match self {
-            KeyType::Unsigned(_) => 0,
-            KeyType::Negative(_) => 1,
-            KeyType::ByteString(_) => 2,
-            KeyType::TextString(_) => 3,
-        }
-    }
-}
-
-impl Ord for KeyType {
-    fn cmp(&self, other: &KeyType) -> Ordering {
-        use super::values::KeyType::{ByteString, Negative, TextString, Unsigned};
+impl Ord for Value {
+    fn cmp(&self, other: &Value) -> Ordering {
+        use super::values::Value::{
+            Array, ByteString, Map, Negative, Simple, TextString, Unsigned,
+        };
         let self_type_value = self.type_label();
         let other_type_value = other.type_label();
         if self_type_value != other_type_value {
@@ -108,17 +98,35 @@ impl Ord for KeyType {
             (Negative(n1), Negative(n2)) => n1.cmp(n2).reverse(),
             (ByteString(b1), ByteString(b2)) => b1.len().cmp(&b2.len()).then(b1.cmp(b2)),
             (TextString(t1), TextString(t2)) => t1.len().cmp(&t2.len()).then(t1.cmp(t2)),
-            _ => unreachable!(),
+            (Array(a1), Array(a2)) if a1.len() != a2.len() => a1.len().cmp(&a2.len()),
+            (Map(m1), Map(m2)) if m1.len() != m2.len() => m1.len().cmp(&m2.len()),
+            (Simple(s1), Simple(s2)) => s1.cmp(s2),
+            (v1, v2) => {
+                // This case could handle all of the above as well. Checking individually is faster.
+                let mut encoding1 = Vec::new();
+                write(v1.clone(), &mut encoding1);
+                let mut encoding2 = Vec::new();
+                write(v2.clone(), &mut encoding2);
+                encoding1.cmp(&encoding2)
+            }
         }
     }
 }
 
-impl PartialOrd for KeyType {
-    fn partial_cmp(&self, other: &KeyType) -> Option<Ordering> {
+impl PartialOrd for Value {
+    fn partial_cmp(&self, other: &Value) -> Option<Ordering> {
         Some(self.cmp(other))
     }
 }
 
+impl Eq for Value {}
+
+impl PartialEq for Value {
+    fn eq(&self, other: &Value) -> bool {
+        self.cmp(other) == Ordering::Equal
+    }
+}
+
 impl SimpleValue {
     pub fn from_integer(int: u64) -> Option<SimpleValue> {
         match int {
@@ -131,59 +139,50 @@ impl SimpleValue {
     }
 }
 
-impl From<u64> for KeyType {
+impl From<u64> for Value {
     fn from(unsigned: u64) -> Self {
-        KeyType::Unsigned(unsigned)
+        Value::Unsigned(unsigned)
     }
 }
 
-impl From<i64> for KeyType {
+impl From<i64> for Value {
     fn from(i: i64) -> Self {
-        KeyType::integer(i)
+        Value::integer(i)
     }
 }
 
-impl From<i32> for KeyType {
+impl From<i32> for Value {
     fn from(i: i32) -> Self {
-        KeyType::integer(i as i64)
+        Value::integer(i as i64)
     }
 }
 
-impl From<Vec<u8>> for KeyType {
+impl From<Vec<u8>> for Value {
     fn from(bytes: Vec<u8>) -> Self {
-        KeyType::ByteString(bytes)
+        Value::ByteString(bytes)
     }
 }
 
-impl From<&[u8]> for KeyType {
+impl From<&[u8]> for Value {
     fn from(bytes: &[u8]) -> Self {
-        KeyType::ByteString(bytes.to_vec())
+        Value::ByteString(bytes.to_vec())
     }
 }
 
-impl From<String> for KeyType {
+impl From<String> for Value {
     fn from(text: String) -> Self {
-        KeyType::TextString(text)
+        Value::TextString(text)
     }
 }
 
-impl From<&str> for KeyType {
+impl From<&str> for Value {
     fn from(text: &str) -> Self {
-        KeyType::TextString(text.to_string())
+        Value::TextString(text.to_string())
     }
 }
 
-impl<T> From<T> for Value
-where
-    KeyType: From<T>,
-{
-    fn from(t: T) -> Self {
-        Value::KeyValue(KeyType::from(t))
-    }
-}
-
-impl From<Vec<(KeyType, Value)>> for Value {
-    fn from(map: Vec<(KeyType, Value)>) -> Self {
+impl From<Vec<(Value, Value)>> for Value {
+    fn from(map: Vec<(Value, Value)>) -> Self {
         Value::Map(map)
     }
 }
@@ -194,19 +193,6 @@ impl From<bool> for Value {
     }
 }
 
-pub trait IntoCborKey {
-    fn into_cbor_key(self) -> KeyType;
-}
-
-impl<T> IntoCborKey for T
-where
-    KeyType: From<T>,
-{
-    fn into_cbor_key(self) -> KeyType {
-        KeyType::from(self)
-    }
-}
-
 pub trait IntoCborValue {
     fn into_cbor_value(self) -> Value;
 }
@@ -244,32 +230,69 @@ where
 
 #[cfg(test)]
 mod test {
-    use crate::{cbor_key_bytes, cbor_key_int, cbor_key_text};
+    use super::*;
+    use crate::{cbor_array, cbor_bool, cbor_bytes, cbor_int, cbor_map, cbor_text};
 
     #[test]
-    fn test_key_type_ordering() {
-        assert!(cbor_key_int!(0) < cbor_key_int!(23));
-        assert!(cbor_key_int!(23) < cbor_key_int!(24));
-        assert!(cbor_key_int!(24) < cbor_key_int!(1000));
-        assert!(cbor_key_int!(1000) < cbor_key_int!(1000000));
-        assert!(cbor_key_int!(1000000) < cbor_key_int!(std::i64::MAX));
-        assert!(cbor_key_int!(std::i64::MAX) < cbor_key_int!(-1));
-        assert!(cbor_key_int!(-1) < cbor_key_int!(-23));
-        assert!(cbor_key_int!(-23) < cbor_key_int!(-24));
-        assert!(cbor_key_int!(-24) < cbor_key_int!(-1000));
-        assert!(cbor_key_int!(-1000) < cbor_key_int!(-1000000));
-        assert!(cbor_key_int!(-1000000) < cbor_key_int!(std::i64::MIN));
-        assert!(cbor_key_int!(std::i64::MIN) < cbor_key_bytes!(vec![]));
-        assert!(cbor_key_bytes!(vec![]) < cbor_key_bytes!(vec![0x00]));
-        assert!(cbor_key_bytes!(vec![0x00]) < cbor_key_bytes!(vec![0x01]));
-        assert!(cbor_key_bytes!(vec![0x01]) < cbor_key_bytes!(vec![0xFF]));
-        assert!(cbor_key_bytes!(vec![0xFF]) < cbor_key_bytes!(vec![0x00, 0x00]));
-        assert!(cbor_key_bytes!(vec![0x00, 0x00]) < cbor_key_text!(""));
-        assert!(cbor_key_text!("") < cbor_key_text!("a"));
-        assert!(cbor_key_text!("a") < cbor_key_text!("b"));
-        assert!(cbor_key_text!("b") < cbor_key_text!("aa"));
-        assert!(cbor_key_int!(1) < cbor_key_bytes!(vec![0x00]));
-        assert!(cbor_key_int!(1) < cbor_key_text!("s"));
-        assert!(cbor_key_int!(-1) < cbor_key_text!("s"));
+    fn test_value_ordering() {
+        assert!(cbor_int!(0) < cbor_int!(23));
+        assert!(cbor_int!(23) < cbor_int!(24));
+        assert!(cbor_int!(24) < cbor_int!(1000));
+        assert!(cbor_int!(1000) < cbor_int!(1000000));
+        assert!(cbor_int!(1000000) < cbor_int!(std::i64::MAX));
+        assert!(cbor_int!(std::i64::MAX) < cbor_int!(-1));
+        assert!(cbor_int!(-1) < cbor_int!(-23));
+        assert!(cbor_int!(-23) < cbor_int!(-24));
+        assert!(cbor_int!(-24) < cbor_int!(-1000));
+        assert!(cbor_int!(-1000) < cbor_int!(-1000000));
+        assert!(cbor_int!(-1000000) < cbor_int!(std::i64::MIN));
+        assert!(cbor_int!(std::i64::MIN) < cbor_bytes!(vec![]));
+        assert!(cbor_bytes!(vec![]) < cbor_bytes!(vec![0x00]));
+        assert!(cbor_bytes!(vec![0x00]) < cbor_bytes!(vec![0x01]));
+        assert!(cbor_bytes!(vec![0x01]) < cbor_bytes!(vec![0xFF]));
+        assert!(cbor_bytes!(vec![0xFF]) < cbor_bytes!(vec![0x00, 0x00]));
+        assert!(cbor_bytes!(vec![0x00, 0x00]) < cbor_text!(""));
+        assert!(cbor_text!("") < cbor_text!("a"));
+        assert!(cbor_text!("a") < cbor_text!("b"));
+        assert!(cbor_text!("b") < cbor_text!("aa"));
+        assert!(cbor_text!("aa") < cbor_array![]);
+        assert!(cbor_array![] < cbor_array![0]);
+        assert!(cbor_array![0] < cbor_array![-1]);
+        assert!(cbor_array![1] < cbor_array![b""]);
+        assert!(cbor_array![b""] < cbor_array![""]);
+        assert!(cbor_array![""] < cbor_array![cbor_array![]]);
+        assert!(cbor_array![cbor_array![]] < cbor_array![cbor_map! {}]);
+        assert!(cbor_array![cbor_map! {}] < cbor_array![false]);
+        assert!(cbor_array![false] < cbor_array![0, 0]);
+        assert!(cbor_array![0, 0] < cbor_map! {});
+        assert!(cbor_map! {} < cbor_map! {0 => 0});
+        assert!(cbor_map! {0 => 0} < cbor_map! {0 => 1});
+        assert!(cbor_map! {0 => 1} < cbor_map! {1 => 0});
+        assert!(cbor_map! {1 => 0} < cbor_map! {-1 => 0});
+        assert!(cbor_map! {-1 => 0} < cbor_map! {b"" => 0});
+        assert!(cbor_map! {b"" => 0} < cbor_map! {"" => 0});
+        assert!(cbor_map! {"" => 0} < cbor_map! {cbor_array![] => 0});
+        assert!(cbor_map! {cbor_array![] => 0} < cbor_map! {cbor_map!{} => 0});
+        assert!(cbor_map! {cbor_map!{} => 0} < cbor_map! {false => 0});
+        assert!(cbor_map! {false => 0} < cbor_map! {0 => 0, 0 => 0});
+        assert!(cbor_map! {0 => 0, 0 => 0} < cbor_bool!(false));
+        assert!(cbor_bool!(false) < cbor_bool!(true));
+        assert!(cbor_bool!(true) < Value::Simple(SimpleValue::NullValue));
+        assert!(Value::Simple(SimpleValue::NullValue) < Value::Simple(SimpleValue::Undefined));
+        assert!(cbor_int!(1) < cbor_bytes!(vec![0x00]));
+        assert!(cbor_int!(1) < cbor_text!("s"));
+        assert!(cbor_int!(1) < cbor_array![]);
+        assert!(cbor_int!(1) < cbor_map! {});
+        assert!(cbor_int!(1) < cbor_bool!(false));
+        assert!(cbor_int!(-1) < cbor_text!("s"));
+        assert!(cbor_int!(-1) < cbor_array![]);
+        assert!(cbor_int!(-1) < cbor_map! {});
+        assert!(cbor_int!(-1) < cbor_bool!(false));
+        assert!(cbor_bytes!(vec![0x00]) < cbor_array![]);
+        assert!(cbor_bytes!(vec![0x00]) < cbor_map! {});
+        assert!(cbor_bytes!(vec![0x00]) < cbor_bool!(false));
+        assert!(cbor_text!("s") < cbor_map! {});
+        assert!(cbor_text!("s") < cbor_bool!(false));
+        assert!(cbor_array![] < cbor_bool!(false));
     }
 }
diff --git a/libraries/cbor/src/writer.rs b/libraries/cbor/src/writer.rs
index 386f0b5..c8a4808 100644
--- a/libraries/cbor/src/writer.rs
+++ b/libraries/cbor/src/writer.rs
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use super::values::{Constants, KeyType, Value};
+use super::values::{Constants, Value};
 use alloc::vec::Vec;
 
 pub fn write(value: Value, encoded_cbor: &mut Vec<u8>) -> bool {
@@ -35,21 +35,20 @@ impl<'a> Writer<'a> {
         if remaining_depth < 0 {
             return false;
         }
+        let type_label = value.type_label();
         match value {
-            Value::KeyValue(KeyType::Unsigned(unsigned)) => self.start_item(0, unsigned),
-            Value::KeyValue(KeyType::Negative(negative)) => {
-                self.start_item(1, -(negative + 1) as u64)
-            }
-            Value::KeyValue(KeyType::ByteString(byte_string)) => {
-                self.start_item(2, byte_string.len() as u64);
+            Value::Unsigned(unsigned) => self.start_item(type_label, unsigned),
+            Value::Negative(negative) => self.start_item(type_label, -(negative + 1) as u64),
+            Value::ByteString(byte_string) => {
+                self.start_item(type_label, byte_string.len() as u64);
                 self.encoded_cbor.extend(byte_string);
             }
-            Value::KeyValue(KeyType::TextString(text_string)) => {
-                self.start_item(3, text_string.len() as u64);
+            Value::TextString(text_string) => {
+                self.start_item(type_label, text_string.len() as u64);
                 self.encoded_cbor.extend(text_string.into_bytes());
             }
             Value::Array(array) => {
-                self.start_item(4, array.len() as u64);
+                self.start_item(type_label, array.len() as u64);
                 for el in array {
                     if !self.encode_cbor(el, remaining_depth - 1) {
                         return false;
@@ -63,9 +62,9 @@ impl<'a> Writer<'a> {
                 if map_len != map.len() {
                     return false;
                 }
-                self.start_item(5, map_len as u64);
+                self.start_item(type_label, map_len as u64);
                 for (k, v) in map {
-                    if !self.encode_cbor(Value::KeyValue(k), remaining_depth - 1) {
+                    if !self.encode_cbor(k, remaining_depth - 1) {
                         return false;
                     }
                     if !self.encode_cbor(v, remaining_depth - 1) {
@@ -73,7 +72,7 @@ impl<'a> Writer<'a> {
                     }
                 }
             }
-            Value::Simple(simple_value) => self.start_item(7, simple_value as u64),
+            Value::Simple(simple_value) => self.start_item(type_label, simple_value as u64),
         }
         true
     }
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index 673b850..be76b65 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -586,8 +586,8 @@ enum PublicKeyCredentialSourceField {
     // - CredRandom = 5,
 }
 
-impl From<PublicKeyCredentialSourceField> for cbor::KeyType {
-    fn from(field: PublicKeyCredentialSourceField) -> cbor::KeyType {
+impl From<PublicKeyCredentialSourceField> for cbor::Value {
+    fn from(field: PublicKeyCredentialSourceField) -> cbor::Value {
         (field as u64).into()
     }
 }
@@ -1076,35 +1076,35 @@ impl From<CredentialManagementSubCommandParameters> for cbor::Value {
 
 pub(super) fn extract_unsigned(cbor_value: cbor::Value) -> Result<u64, Ctap2StatusCode> {
     match cbor_value {
-        cbor::Value::KeyValue(cbor::KeyType::Unsigned(unsigned)) => Ok(unsigned),
+        cbor::Value::Unsigned(unsigned) => Ok(unsigned),
         _ => Err(Ctap2StatusCode::CTAP2_ERR_CBOR_UNEXPECTED_TYPE),
     }
 }
 
 pub(super) fn extract_integer(cbor_value: cbor::Value) -> Result<i64, Ctap2StatusCode> {
     match cbor_value {
-        cbor::Value::KeyValue(cbor::KeyType::Unsigned(unsigned)) => {
+        cbor::Value::Unsigned(unsigned) => {
             if unsigned <= core::i64::MAX as u64 {
                 Ok(unsigned as i64)
             } else {
                 Err(Ctap2StatusCode::CTAP2_ERR_CBOR_UNEXPECTED_TYPE)
             }
         }
-        cbor::Value::KeyValue(cbor::KeyType::Negative(signed)) => Ok(signed),
+        cbor::Value::Negative(signed) => Ok(signed),
         _ => Err(Ctap2StatusCode::CTAP2_ERR_CBOR_UNEXPECTED_TYPE),
     }
 }
 
 pub fn extract_byte_string(cbor_value: cbor::Value) -> Result<Vec<u8>, Ctap2StatusCode> {
     match cbor_value {
-        cbor::Value::KeyValue(cbor::KeyType::ByteString(byte_string)) => Ok(byte_string),
+        cbor::Value::ByteString(byte_string) => Ok(byte_string),
         _ => Err(Ctap2StatusCode::CTAP2_ERR_CBOR_UNEXPECTED_TYPE),
     }
 }
 
 pub(super) fn extract_text_string(cbor_value: cbor::Value) -> Result<String, Ctap2StatusCode> {
     match cbor_value {
-        cbor::Value::KeyValue(cbor::KeyType::TextString(text_string)) => Ok(text_string),
+        cbor::Value::TextString(text_string) => Ok(text_string),
         _ => Err(Ctap2StatusCode::CTAP2_ERR_CBOR_UNEXPECTED_TYPE),
     }
 }
@@ -1118,7 +1118,7 @@ pub(super) fn extract_array(cbor_value: cbor::Value) -> Result<Vec<cbor::Value>,
 
 pub(super) fn extract_map(
     cbor_value: cbor::Value,
-) -> Result<Vec<(cbor::KeyType, cbor::Value)>, Ctap2StatusCode> {
+) -> Result<Vec<(cbor::Value, cbor::Value)>, Ctap2StatusCode> {
     match cbor_value {
         cbor::Value::Map(map) => Ok(map),
         _ => Err(Ctap2StatusCode::CTAP2_ERR_CBOR_UNEXPECTED_TYPE),
@@ -1681,7 +1681,7 @@ mod test {
 
     #[test]
     fn test_into_packed_attestation_statement() {
-        let certificate: cbor::values::KeyType = cbor_bytes![vec![0x5C, 0x5C, 0x5C, 0x5C]];
+        let certificate = cbor_bytes![vec![0x5C, 0x5C, 0x5C, 0x5C]];
         let cbor_packed_attestation_statement = cbor_map! {
             "alg" => 1,
             "sig" => vec![0x55, 0x55, 0x55, 0x55],
diff --git a/src/ctap/response.rs b/src/ctap/response.rs
index 2568bae..765403d 100644
--- a/src/ctap/response.rs
+++ b/src/ctap/response.rs
@@ -326,7 +326,7 @@ mod test {
 
     #[test]
     fn test_make_credential_into_cbor() {
-        let certificate: cbor::values::KeyType = cbor_bytes![vec![0x5C, 0x5C, 0x5C, 0x5C]];
+        let certificate = cbor_bytes![vec![0x5C, 0x5C, 0x5C, 0x5C]];
         let att_stmt = PackedAttestationStatement {
             alg: 1,
             sig: vec![0x55, 0x55, 0x55, 0x55],

From 7c8894bb043e00de4be7f6ca2c99e90ad0b45ad5 Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Thu, 15 Apr 2021 17:22:38 +0200
Subject: [PATCH 191/192] Compare all timestamps using UTC timezone (#308)

---
 tools/configure.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/configure.py b/tools/configure.py
index 9343490..5fa2da1 100755
--- a/tools/configure.py
+++ b/tools/configure.py
@@ -107,7 +107,7 @@ def main(args):
 
     cert = x509.load_pem_x509_certificate(args.certificate.read())
     # Some sanity/validity checks
-    now = datetime.datetime.now()
+    now = datetime.datetime.utcnow()
     if cert.not_valid_before > now:
       fatal("Certificate validity starts in the future.")
     if cert.not_valid_after <= now:

From c03605aa0ccecaeef339b05a85adcac77dd40465 Mon Sep 17 00:00:00 2001
From: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
Date: Wed, 21 Apr 2021 11:45:01 +0200
Subject: [PATCH 192/192] opt level and no Debug by unwrap (#311)

---
 Cargo.toml          | 1 +
 src/ctap/storage.rs | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index b7b0360..63b109a 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -43,3 +43,4 @@ lto = true # Link Time Optimization usually reduces size of binaries and static
 [profile.release]
 panic = "abort"
 lto = true # Link Time Optimization usually reduces size of binaries and static libraries
+opt-level = "z"
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 2ba8d77..084cc1b 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -72,7 +72,7 @@ impl PersistentStore {
         let mut store = PersistentStore {
             store: persistent_store::Store::new(storage).ok().unwrap(),
         };
-        store.init(rng).unwrap();
+        store.init(rng).ok().unwrap();
         store
     }