From 0d6dbbae9387f9a96f2866c20f5ac01140217ac4 Mon Sep 17 00:00:00 2001
From: "atul.jha" <s8atjhaa@stud.uni-saarland.de>
Date: Wed, 13 Jan 2021 10:55:08 +0100
Subject: [PATCH] Keygen working

---
 trial4/KeyGen.c      | 171 +++++++++++++++++++++++++++++++++++++------
 trial4/KeyGen.h      |  19 ++++-
 trial4/RANDFILE      | Bin 1024 -> 0 bytes
 trial4/ROMprotocol.c |  42 +++++------
 trial4/defines.h     |  64 ++++++++--------
 trial4/makefile      |   8 ++
 trial4/out/main      | Bin 18560 -> 23064 bytes
 7 files changed, 229 insertions(+), 75 deletions(-)
 delete mode 100644 trial4/RANDFILE

diff --git a/trial4/KeyGen.c b/trial4/KeyGen.c
index 0958bd0..c287564 100644
--- a/trial4/KeyGen.c
+++ b/trial4/KeyGen.c
@@ -37,6 +37,8 @@ Every key derivation should start with a new KD contxt
 **/
 
 /*
+
+/////////////////////////////////////TODO////////////////////
 void cleanup()
 {
 	mbedtls_entropy_free(&entropyCtx);
@@ -133,19 +135,8 @@ DIMASTATUS AsymmKeyGen(KeyDrv_context * KD_ctx)
 if(DEBUG)
 	printf("PASS 1\n");
 
-	mbedtls_pk_context key_ctx;
-	mbedtls_pk_init(&key_ctx);
-/*
-	mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
-	mbedtls_mpi_init( &N ); 
-	mbedtls_mpi_init( &P ); 
-	mbedtls_mpi_init( &Q );
-	mbedtls_mpi_init( &D ); 
-	mbedtls_mpi_init( &E ); 
-	mbedtls_mpi_init( &DP );
-	mbedtls_mpi_init( &DQ ); 
-	mbedtls_mpi_init( &QP );
-*/
+	mbedtls_pk_context pkey_ctx;
+	mbedtls_pk_init(&pkey_ctx);
 
 	//assign entropy source and derive seed for key gen
 
@@ -207,7 +198,7 @@ if(DEBUG)
 
 	if(KD_ctx->PKC_MODE == isECC)
 	{
-		ret = mbedtls_pk_setup(&key_ctx,mbedtls_pk_info_from_type((mbedtls_pk_type_t)MBEDTLS_PK_ECKEY));
+		ret = mbedtls_pk_setup(&pkey_ctx,mbedtls_pk_info_from_type((mbedtls_pk_type_t)MBEDTLS_PK_ECKEY));
 		if(ret < DIMASUCCESS)
 		{
 			perror("DIMAPKFAILURE\n");
@@ -215,7 +206,7 @@ if(DEBUG)
 			exit(DIMAPKFAILURE);
 		}
 
-		ret = mbedtls_ecp_gen_key( (mbedtls_ecp_group_id) ECC_CURVE, mbedtls_pk_ec( key_ctx ), 
+		ret = mbedtls_ecp_gen_key( (mbedtls_ecp_group_id) ECC_CURVE, mbedtls_pk_ec( pkey_ctx ), 
 									mbedtls_ctr_drbg_random, &drbgCtx );
 		if(ret < DIMASUCCESS)
 		{
@@ -224,9 +215,9 @@ if(DEBUG)
 			exit(DIMAECCFAILURE);
 		}
 
-		if( mbedtls_pk_get_type( &key_ctx ) == MBEDTLS_PK_ECKEY )
+		if( mbedtls_pk_get_type( &pkey_ctx ) == MBEDTLS_PK_ECKEY )
     	{
-        	mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key_ctx );
+        	mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pkey_ctx );
         	if(DEBUG)
         	{
 				printf( "curve: %s\n", mbedtls_ecp_curve_info_from_grp_id( ecp->grp.id )->name );
@@ -259,7 +250,7 @@ if(DEBUG)
 		mbedtls_mpi_init( &DQ ); 
 		mbedtls_mpi_init( &QP );
     	
-    	ret = mbedtls_pk_setup(&key_ctx, mbedtls_pk_info_from_type((mbedtls_pk_type_t) MBEDTLS_PK_RSA));
+    	ret = mbedtls_pk_setup(&pkey_ctx, mbedtls_pk_info_from_type((mbedtls_pk_type_t) MBEDTLS_PK_RSA));
     	if(ret < DIMASUCCESS)
 		{
 			perror("DIMAPKFAILURE\n");
@@ -267,7 +258,7 @@ if(DEBUG)
 			exit(DIMAPKFAILURE);
 		}
 
-		ret = mbedtls_rsa_gen_key( mbedtls_pk_rsa( key_ctx ), mbedtls_ctr_drbg_random, &drbgCtx, RSA_SIZE, RSA_EXP );
+		ret = mbedtls_rsa_gen_key( mbedtls_pk_rsa( pkey_ctx ), mbedtls_ctr_drbg_random, &drbgCtx, RSA_SIZE, RSA_EXP );
 		if(ret < DIMASUCCESS)
 		{
 			perror("DIMARSAFAILURE\n");
@@ -275,9 +266,9 @@ if(DEBUG)
 			exit(DIMARSAFAILURE);
 		}
 
-		if( mbedtls_pk_get_type( &key_ctx ) == MBEDTLS_PK_RSA )
+		if( mbedtls_pk_get_type( &pkey_ctx ) == MBEDTLS_PK_RSA )
     	{
-        	mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key_ctx );
+        	mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pkey_ctx );
 
         	if( ( ret = mbedtls_rsa_export    ( rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
             	( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) )      != 0 )
@@ -306,12 +297,150 @@ if(DEBUG)
 		exit(DIMAINVALIDSTATE);
     }
 
+    ret = WritePrivKey(KD_ctx,&pkey_ctx);
 
 
+    ret = WritePubKey(KD_ctx, &pkey_ctx);
 
+    ////////////////////////////TODO///////////////////////////
     //free block
 
     return DIMASUCCESS;
 }
 
+//#define DFL_PUB		"keys/DID_pub." DFL_FORM
+//#define DFL_PRIV		"SecureStorage/DID_priv" DFL_FORM
 
+DIMASTATUS WritePrivKey(KeyDrv_context * KD_ctx, mbedtls_pk_context * pkey_ctx)
+{
+	DIMASTATUS ret = 0;
+	int i = 0;
+	size_t	len;
+	FILE *fp;
+	unsigned char dest_file[50];
+	unsigned char * outbuf = calloc(1,sizeof(unsigned char)*KEY_BUF_SIZE);
+
+
+	if(strcmp(KD_ctx -> phrase, IDENTITY))
+	{
+		if(DEBUG)
+		{
+			printf("Private DID key should be stored only inside secure storage.\n");
+		}
+		//codeblock to check existance of SS. 
+		//return with warning otherwise
+		//exit?
+		//////////////////////////////TODO///////////////////
+
+
+		strcpy(dest_file,"SecureStorage/");
+		}
+	else
+	{
+		strcpy(dest_file,"keys/");
+	}
+
+printf("%s,%s\n",KD_ctx->phrase,IDENTITY );
+	strcat(dest_file, KD_ctx->phrase);
+	strcat(dest_file, "_priv");
+
+	if(KD_ctx->KEY_FORM == PEM)
+	{
+		strcat(dest_file, ".pem");
+		//write pem does not return no of bytes written....stupid
+		len = mbedtls_pk_write_key_pem(pkey_ctx, outbuf, KEY_BUF_SIZE);	
+		if(len < 0)
+		{
+			perror("DIMAOUTPUTERROR:");
+			return(DIMAOUTPUTERROR);
+		}
+	}
+	else if(KD_ctx->KEY_FORM == DER)
+	{
+		strcat(dest_file, ".der");
+		len = mbedtls_pk_write_key_der(pkey_ctx, outbuf, KEY_BUF_SIZE);
+		if(len < 0)
+		{
+			perror("DIMAOUTPUTERROR:");
+			return(DIMAOUTPUTERROR);
+		}
+	}
+	else
+	{
+		perror("DIMAINVALIDSTATE : Check key format in Key Derivation struct\n");
+		//cleanup();
+		exit(DIMAINVALIDSTATE);
+	}
+
+	len = strlen( (char *) outbuf );
+
+	if( ( fp = fopen( dest_file, "w" ) ) == NULL )
+	{
+		perror("DIMAOUTPUTERROR: ");
+		return(DIMAOUTPUTERROR);
+	}
+
+    fwrite( outbuf, 1, len, fp );
+    fclose( fp );
+
+    return(DIMASUCCESS);
+
+}
+
+
+DIMASTATUS WritePubKey(KeyDrv_context * KD_ctx, mbedtls_pk_context * pkey_ctx)
+{
+	DIMASTATUS ret = 0;
+	int i = 0;
+	size_t len;
+	FILE * fp;
+	unsigned char dest_file[50];
+	unsigned char * outbuf = calloc(1,sizeof(unsigned char)*KEY_BUF_SIZE);
+
+	strcpy(dest_file,"keys/");
+	strcat(dest_file, KD_ctx->phrase);
+	strcat(dest_file, "_pub");
+
+	
+	if(KD_ctx->KEY_FORM == PEM)
+	{
+		strcat(dest_file, ".pem");
+		//write pem does not return no of bytes written....stupid
+		len = mbedtls_pk_write_pubkey_pem(pkey_ctx, outbuf, KEY_BUF_SIZE);	
+		if(len < 0)
+		{
+			perror("DIMAOUTPUTERROR:");
+			return(DIMAOUTPUTERROR);
+		}
+	}
+	else if(KD_ctx->KEY_FORM == DER)
+	{
+		strcat(dest_file, ".der");
+		len = mbedtls_pk_write_pubkey_der(pkey_ctx, outbuf, KEY_BUF_SIZE);
+		if(len < 0)
+		{
+			perror("DIMAOUTPUTERROR:");
+			return(DIMAOUTPUTERROR);
+		}
+	}
+	else
+	{
+		perror("DIMAINVALIDSTATE : Check key format in Key Derivation struct\n");
+		//cleanup();
+		exit(DIMAINVALIDSTATE);
+	}
+
+	len = strlen( (char *) outbuf );
+	
+	if( ( fp = fopen( dest_file, "w" ) ) == NULL )
+	{
+		perror("DIMAOUTPUTERROR: ");
+		return(DIMAOUTPUTERROR);
+	}
+
+    fwrite( outbuf, 1, len, fp );
+    fclose( fp );
+
+    return(DIMASUCCESS);
+
+}
diff --git a/trial4/KeyGen.h b/trial4/KeyGen.h
index fb4975c..c031a55 100644
--- a/trial4/KeyGen.h
+++ b/trial4/KeyGen.h
@@ -29,4 +29,21 @@ DIMASTATUS use_dev_random(void *data, unsigned char *output, size_t len, size_t
 DIMASTATUS seedRNGSource(void *data, unsigned char *output, size_t len);
 */
 
-DIMASTATUS AsymmKeyGen(KeyDrv_context * KD_ctx);
\ No newline at end of file
+
+	//Create Asymmetric device key from CDI key
+
+	//Create KD contxt, fill in information required for the asymm key derivation
+	//call KeyGen with KD ctx
+	//export Pub key?
+	//export Pub cert?
+	//what else can we do? key chains?
+
+
+
+DIMASTATUS AsymmKeyGen(KeyDrv_context * KD_ctx);
+
+
+//If KD->phrase is IDENTITY, do not write priv key file outside SS. issue warning.
+DIMASTATUS WritePrivKey(KeyDrv_context * KD_ctx, mbedtls_pk_context * key_ctx);
+DIMASTATUS WritePubKey(KeyDrv_context * KD_ctx, mbedtls_pk_context * key_ctx);
+
diff --git a/trial4/RANDFILE b/trial4/RANDFILE
deleted file mode 100644
index fd3981be19fb821cee53a8f8969c2cc21a46a686..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1024
zcmV+b1poWv#aOB@(itWDq(9&)bT4&`R&0w`pqOZs`E>P&D|$<=!1U=w3UWpd49&F?
zc55Lx;W}63eu#yKSS2@wjN!;QI0s1PW@^^Y?jVHZk3EgD%aUg{MSMg&N=e9kKc#09
z!74incUzJdZx1|%^00Zob2_&{ffd|M-ijALB%RxoLHfAPF<;Qsr0V;JM3a`5p)!_B
z%ckO2!-nR#-d@<pU(EMyq=W5)6v|{TsLrFwP5`=jWK;}pE*r$10LvqNXQb7WV=T;x
z|158&7=A?&gqQN>0K5y^ZQ2c)V+F4x(+nSEr@0g}?-vl)8Wt&bc9Fn*P$9H7c@{ZY
zX2AuLOx>aUddjYDfee2FqgLtHD(Q~ScT)Wh)(f52U5ar*tIXsMxDDecCCL>WhDbC+
zF7<Vsea~*VrRY@=+1$z}_uyO6#E{L?fOUMnuV3Yv?M+HYMJSNG@d~28-w^xXt`K8G
z)kKSYNnf*xUs!UNUKr12DSG|tqYHkm7n6cjyx4knyCK)!=&1+`miS$&V9B=RDqfo;
zADRcbmit_C<~ZS`2Tc%0`Z;5QHdqyQlzBhKzG3fgu^hluM}iY0(^n3)*!fMFiLp|%
z&0#TUUQWL9zPZ&Cd=zmY`$95Q5<W4eiA>;FQ4S`s-FQ{|GX+~Cc%XX1yr+D=>_GW(
z3hOZt5+Ts~_%^A*pe@}hHub#OMTwa;`KXSyX$U{iSaSdpCPcIEMzl;P_EKM3v_4UJ
zLj}$(X2*mVQ0)(Z`|67s=8a(frXV(}-Ra4INJp)w)pSs}W3n&Dfl?aZ!5L5n)BD(-
z?CAaQ3;-w9;ZjpIx~Q00g>G1{6A1n(pw`*^2$E`8MQpZo#yf_UFKg>kR2|)7U0s$!
zzOP^6p%F0y0jMo@Fn6R2kaTN!ss4L~@#PsTZ&W$x4t2SHC)_kk3Rrb*)q_+^evaxU
za5G(XPqusNW%brX17tyAG8zXim4ZL?Ml^2U1I-qK49ZgpYKEdr&R~<%UI6>%efq?V
z35wxr4$X~lV|BZr&;Y|*($=z}{~GZf1#aWT3}V!@mo^|{Fhf;U>OW|(A#i{-);j6|
zkF&YNGI4>~>p^Ny%w&;7VN50w<A?@si#3Atj|e;)<-U2w`SuqEVBwuG0-=|$4}D5e
zMmk-|Xmp*&UZ=b?-{GwAQkk=xQ`ZieJ&Jiqdn8hF1U_jMUt%T|hNc$rq(-XnLSS_s
zdk8ZE<43vDjUN0I;j#no?{@9)T2~))Zm?I%*(e54OZwwP!}G;=^2I)@E=QY5Kzn7B
u)bO%9yZOo`#j+w~vohB!f3rcyVz)wn3nz{uC(iYk-iLVEITqzsF<wn(ar6iP

diff --git a/trial4/ROMprotocol.c b/trial4/ROMprotocol.c
index 71ccf4c..39f4b26 100644
--- a/trial4/ROMprotocol.c
+++ b/trial4/ROMprotocol.c
@@ -45,7 +45,7 @@ DIMASTATUS ROMprotocol()
 	//Calculating UDS hash
 
 	FILE *fp = NULL;
-	fp = fopen("RANDFILE", "rb");
+	fp = fopen("SecureStorage/RANDFILE", "rb");
 	if(!fp)
 	{
 		perror("DIMAFILENOTFOUND: Unable to access UDS\n");
@@ -179,29 +179,10 @@ if(DEBUG)
 if(DEBUG)
 {printf("PASS 5\n");}
 
-	//Create Asymmetric device key from CDI key
 
-	//Create KD contxt, fill in information required for the asymm key derivation
-	//call KeyGen with KD ctx
-	//export Pub key?
-	//export Pub cert?
-	//what else can we do?
-
-/*      
-    int 					ENT_MODE;		//SW_PRNG,HW_TRNG,DETERM,
-    int 					PKC_MODE;		//isRSA, isECC
-    const uint8_t * 		seed;			
-    const char *			phrase;			
-    int 					KEY_FORM;		//BIN,PEM,DER
-    char * 					pub_file;
-    						priv_file;
-
-} KeyDrv_context;
-
-
-*/
 
 	//Every key derivation should start with a new KD contxt
+	//setting context for DID
 
 	KeyDrv_context DID_ctx;
 	DID_ctx.ENT_MODE = DFL_ENT;
@@ -209,12 +190,13 @@ if(DEBUG)
 	DID_ctx.seed = CDIKEY;
 	DID_ctx.phrase = IDENTITY;
 	DID_ctx.KEY_FORM = DFL_FORM;
-	DID_ctx.pub_file = "DID_pub.pem";
-	DID_ctx.priv_file = "DID_priv.pem";			//Dont save DID priv
+	//DID_ctx.pub_file = DFL_PUB;
+	//DID_ctx.priv_file = DFL_PRIV;			//Dont save DID priv outside SS
 
 if(DEBUG)
 {printf("PASS 6\n");}
 
+	//Deriving and storing DID
 	ret = AsymmKeyGen(&DID_ctx);
 	if(ret < DIMASUCCESS)
 	{
@@ -223,10 +205,22 @@ if(DEBUG)
 		exit(DIMAFAILURE);
 	}
 
+	free(CDIKEY);
+	//delete DID_ctx??
+
+	//setting context for Alias keys
+
+	//deriving alisa keys
+
+	//session keys?
+
+
+
+
 if(DEBUG)
 {printf("PASS 7\n");}
 
-	free(CDIKEY);
+
 
 
 if(DEBUG)
diff --git a/trial4/defines.h b/trial4/defines.h
index 8ccff30..f100963 100644
--- a/trial4/defines.h
+++ b/trial4/defines.h
@@ -21,11 +21,9 @@
 #define DIMAFAILUREUNKWN	-1111
 
 
-
+////////////////////////////////////////////////
 
 /* CONSTANTS TO BE USED IN DIMA */
-
-
 #define SHA256_DGST_SIZE 	32			//bytes
 #define UDS_SIZE			8
 #define CDI_KEY_SIZE		32
@@ -34,31 +32,7 @@
 #define RSA_HASH_ID			MBEDTLS_MD_SHA256 
 #define RSA_SIZE			2048	//4096
 #define RSA_EXP				65537
-
-
-
-
-/* DEFAULT CONFIGURATIONS */
-#define DEBUG			1			//print all values when 1
-
-#define isRSA			0
-#define isECC 			1
-#define DFL_PKC			isECC		// isECC, 1 = ECC, 0= RSA
-
-#define BIN 			0
-#define PEM 			1
-#define DER 			2
-#define	DFL_FORM		PEM
-
-
-//DRBG entropy source
-#define SW_PRNG 	0
-#define HW_TRNG 	1
-#define DETERM 		2
-#define DFL_ENT		HW_TRNG
-
-
-
+#define KEY_BUF_SIZE		16000
 
 /* SPECIFIC AND SPECIAL VALUES */
 /* DO NOT CHANGE THIS BLOCK */
@@ -69,7 +43,37 @@
 #define ENTROPY_LEN			32
 
 
-/* typedes */
+////////////////////////////////////////////////
+
+/* DEFAULT CONFIGURATIONS */
+
+#define DEBUG			1			//print all values when 1
+
+#define isRSA			0
+#define isECC 			1
+#define DFL_PKC			isRSA		// isECC, 1 = ECC, 0= RSA
+
+//#define BIN 			2
+#define PEM 			0
+#define DER 			1
+#define	DFL_FORM		PEM
+//#define DFL_PUB			"keys/DID_pub." DFL_FORM
+//#define DFL_PRIV		"SecureStorage/DID_priv" DFL_FORM
+
+
+
+
+//DRBG entropy source
+#define SW_PRNG 	0
+#define HW_TRNG 	1
+#define DETERM 		2
+#define DFL_ENT		DETERM
+
+
+//////////////////////////////////////////////////
+
+
+/* typedefs */
 
 typedef struct
 {
@@ -96,3 +100,5 @@ typedef struct
 	size_t					inLen;
 	uint8_t * 				outbuf;			//out buf			
 } Hash_contxt;
+
+//useless structure ^ this one
diff --git a/trial4/makefile b/trial4/makefile
index 99766ca..e080dbe 100644
--- a/trial4/makefile
+++ b/trial4/makefile
@@ -20,7 +20,15 @@ debug:
 trial:
 	${CC} -g -o $(ODIR)/trial ECCtrial.c -lm -lmbedcrypto -lmbedtls -lmbedx509 
 
+remake:
+	rm -r $(ODIR)/*
+	${CC} -o $(ODIR)/main main.c KeyGen.c ROMprotocol.c -lm -lmbedcrypto -lmbedtls -lmbedx509
+
 clean: 
 	rm -r $(ODIR)/* 
 	rm -r ./keys/*
+	rm -r ./SecureStorage/*.pem
+	rm -r ./SecureStorage/*.der
+
+	
 
diff --git a/trial4/out/main b/trial4/out/main
index 4925b66f430a61d2858945776b9219a4e4fecf90..ba99235be63efcbf5115e2763fdc60b50e038f1c 100755
GIT binary patch
literal 23064
zcmeHPdw5jUwckm2L<%83K#Eom2#N?Hypa-|gd8~0@Gt?y`WS}HghZ0eI1dCLS85!t
z<J_^7ilyG$mbQLg>UY0hY>P!&AUvF)wKi&1eDy|AoB^zeRa2|x{?>k+*)z<swqNf*
z_haXqth0XWvDaREpMB2Rb7tRZ*3K;~C}64-vDu8c(jfwINx`8yc>v;KGuRpU|21|#
z>j%CM$AsJ^2&AI)NY{!MOS}k_>}C`SAeWvm^%PYR674Hx`AE}5fhx+F!2z<PSZB=Q
zEU3W`6g@-%p>#{C>?l04v!tCR?G$A)ennOLsBQFFEakbh8Zs)1k}j1+Z->2f{8kxf
zPocL9m?^64u7(}O`DII~RIHQrIpyV`%!i_?A11Ukub4JvLW_5NOLJRf&G<Dlrj4IA
zr7Ywxo5b5q{z-S<f+f5ra-&j3F`t7EVI)5qF0A-Id-!nQrn5RXzrAkYbv@h1l58qI
zs^9MEFbY^7*BOLO$LDf<s>~OT|N8L8+YjBm?EJ?Q@0T2V{=E{wd5a5`pOr^48WrTj
zDLx~Q{ul(7PyZ(lxZeT43BL3B`K|;04F^B%4(+OS&>!!Bzvz&MgAVb`cJT8T2R}b^
z@H5jv|4|40=ML>%<$!<NA<o4P{!It{dmZqJ4)yMH@L!HR82IFta~=FV<A9es_^)?}
zbBTkWe|7M4EdtCpK0kKAO$Yxc9q>CG{2X?`&vR(k2nXEbfWPe!&rk>bCI|cq#A)D@
zTOM%mA93(=8}O02PQZWPp<mh@@JHaMl%2~;T}GC-T^t|AhUMUoN<3G;i~Ik|DV^UB
z`e(7h?3ZJ++%tyjK<f&hw;{MT5cbpjKbg5}7SDHkeL>&K=1|xdTs(hHi@(jc*t4R=
z$K39ft^PK5DC`M_-EN_pSCO2CTSD%@DtE{ijs%zjf+3IFw<h2ZhHa?T>uzpq^t&5_
z{#JK*ZNQh21e)Eq1e?P?cVjbZS3W{bo=H=uxg!Cu2cn=a<I2|-4*COY-5#&k9r8zl
z4H+XuveFmM_76<BU*%g%O}1-Lei|cf4X1$3ZOxe)Wh^`+p{!Wo+@V=n)dqa6b`1^T
zpxYZ<u@X7+d2N(Zw$j(;Mvykvip=DTBMb921l$dg;A)>1$jV^A-JJ2Q8Y*+y>S>F3
zTI^b6;~L>L)RfgYB?<bnGMrVt-J1Mp(9`DiXWA}3>b+^_DG*ta+e5iBJ&l<$=5El&
zS<@<Squn&hjY=v;S6efk3Jr7yOk=(^=-@_wz}LnCzF^QFWPwOHgu#zqZdm1RXj<iN
z^fb4yK(M(j+{hX{EiL{A777PjVA1MpZ3wJojSVgSkdMFy51jE~#u|e@kC%m7e7*p@
zHLUSa&7PL#TZLjPp%jKZ!CF1dZLCp5;Pzp#dmvvC3JEcD``Wy0UTsa)9QUNMiBs&u
z%+aJWy5W*{ZiS$j-Xveh@86V+!?r|dDNNm?DxPeFr;I;gQNS{PMQk9SqlDG{-+lnM
zw|&??iJjBjJc#Zfe<%6K@a8kf?@QpRsQY?#KVCXi;4XRpuJEoQ0xy>Hqrw$`@Ct(~
z(7m;E&G{}3mo7MdNW*279Piff^Eo2^r8N9P4L_mb6EwU>!zXF@^4SLG`r|*QaJw{V
zxZW!P4cGf;jfU&bS?e@hf6ll^!>MjnHfXrYDakf#I6BNOTQq!tjWV`X!*Nxz%Qg)k
zXrqkn&~OY8yL4!{{*Z7`!w1{ijCE<adR8LwAq_uM)9==B{k|!s;b&|5Cp4U%HB{-*
z@N*SNRQ5aNc$kJ4Yxq|+yi~)7Yxpn?KTpFA4gZ>kkJ0c8G`w8H4Go{6;UhHMrQstr
z+|uxiG<=bUkJ9jE8a`UXmuvXN8s4PgmuPrE!^dd&8V$cx!`ErJehYMuhF_-XZ_w~@
z8opV>$7}c&4VRDpT)I`m>DfV*Z5l3@Jh*6whEG<?pdA`MMZ>N3<Hc6I?+fD%W<@)~
zg}q%?`+?&9wnp#NvEvNZJ9-@c55CZaBjTG#p6>2N89kDCnsU-zoF7g+O*QEb&Ywj*
zO`Yj&oF70uO*!c;oG&DvrkeBy&VO<lc$#9;>o|XscpCQU0OyYqPg6>IIp^Obo~DxY
zBF?`;`~c!zoPUmZnmW?uoPUaVnljP`=l2mmi1<>@?<Ah4h&1E;&xxn0A${U=0HYrv
zo~DF!H|Kv$JWU1ZF3vwlJWT=V4$f~Ro=*MrHqPHmJe~6CEu6oLc)En7H*o$|;_1?n
zUdQ<$@iY~r1DwB!c$xyz%Q?S-csljdi#Y!c;^~x6yEtD*Je}(4a?W2#JY9m)2Is4Y
zr&B&%%K4eZUqC$L{3PNpB>u!_)c&!=8^m{WekAd9s;9d+Kb&|v#nT;}KZ|%ewbR=;
zKY(~TrPEtDUr0Qi%IOW9|70w9I)&5gIDe9OI(5?l&L1V7PTBNw&c8`KovP_YoPUM*
zvBbML{~Ym`5ns;vr--LhGHr04{5Ng@&&$MjYhusdXvN;N+TS{{XmM?#@4e_7D>3M7
zPAZN-t9Qr`VDsm}7gm#`;z=+|tVG|vpw{I*R_yKYS8+<+L@Z9JK{xbvH<k^)@NVw^
zhW&IFWq8=fNHH<>F7D>i&tY%v{k+JEov`+%uCNM{*0Z07hrwZ`bU2V4I{8~yaXHjj
zWP;URaV{M#p?C&b@rvQ#QiITgDGUFSea{46K;f*Tz&_XymuL^E-;i#E1|4B`C`E+-
zj^Uab`Dt%&r}-%<r#{E|6Ei=BC_$qB5N&vJKevb>0q<L}r>vNH!ip{FvEpXW4S!SA
ze%xin?l@${B3&>#XvOAtz!22z1_frOKs&5Xs-Chn4)vn?F;x9#^dqmX{f-kXvTDZx
zM4zT~Tk-iPtoRagk=jjDlojht-TGIq-D9=i(ZeDaL54UxQ}uw+TW2f29X$7RtO8Jv
zRlp<Yu`V^c_mHd9Myj>_j&2s&tZWvNYYH<?O(@*~H73*2e!LtFOre3@Xy74e;TUcc
z6+z4msV6?+mI$h2nU$~#A@AO4z}$*GL(z>!hOJKX5J9@zZyxU$KuWu;4|{vPR=m$>
zIy1=g#E#DBGJs%NXY_h`WF?~AAHx+~R#BCS=(>*t`#i;-s3@XnrVCL3Mx@!pn-!%h
z;;g-=AhHIEhcU&aN`xZ0tlU9adECIio%m26jl}#x_V@6{aeFK7DkaDyD3-M1616bQ
zHu1<rL^T-w@u~AJG0>LI)I0=`9uNOgKhB~Zkvaqsqab2`fiLAqxIaSB-*lh4Sh!Ci
znDjFgv+zQVEF2ttn75*$is~4x*I^aQH0nLH9~v>9@%CLj?`wx5z)@sejPUoAq6brD
znM_*o+%{M4psO14_FF!lJ5!4gSGLP>aGA!nCbb<R;qq0=WTN6NLVrl;IaCoJPl<{l
zRDE-gou9a?5BhI#bOUm^hpy47>v^X3p+TazU!;7$leaCurz&Pq6(v-~3aU81iJQfv
zYxr1s2}w^;ODXwkZ0)t;eSM=T)%*6)eL!kQUiWvB``01ba~8QT;_Z@Ab*3JIfcMHC
z%2B>*zel-^MVly)I45z2w)~Zbd)!sbBdQpSO8EJcDiT@Y>V0W7^>H|6JL$qMR0mKz
zt=w8T?K>uq)^Ql5=IL5J@Q~~48PXa7t@MS+0J^K4fD;Ho<Z>ulrv{&^Pqbrj^bPb5
zWl)}io2Z6Fbc<xy3${bDw+OadvQ2_z^31+gu!dx>6s$|KUl;6h$&Ldn=C>*m#BxT)
z?*L{GNgCzbaeI^+X}8AWsm(JoUZrNnI_1cq8KVHH!l<Wu;(c8g8I=1J*`Hd;Myg~N
zg?A>6kHZw68nvCNyTS6IP4j%-@o^)sJh~i7s!c?BauU0E$`T2l$i${Cl)%LHbwuJ^
zbAD`Z4PDW2eE^shRAjQ1Nbs~JHt}R8wi}d0VMrz<%re1sI8pHm?k!U<{Fz5jHRX<#
zV<i7j$QeB3%DXiC?mYI}Nxog!Q-gBtA0+uEA@9f|zmwz<A*TlA+Iva9M95uv<TWIp
zD&&-bT>A+m9|HL?8am^Mdk0~Nd20|1a3zqF3SDum7@v|{IIBc1^NR1p=_17Z?8b$^
z$7@X<$ghUszNsT0^!C~p;s7qhn{grDkbAu}x1bW%X+A_`_qy4bBQcm*%A&@^%&k`3
z#HAirn8ega@xVY`Tmcd88p_d<M*yWhJ4x~54q$h^4-2Qh`mhx%?{pRWgPxU*ovwkt
z2}xH8I|dhKM<>IQWC&=V2^g`;^^m39HKxysO*j&h)l$SSR2FelnUp;|%XC|`7q>ig
zwu;urUOM?RD|XQOxXVf`67dvtbuu@W8>zb0yt=q+7_OrAJlZd3Uxp>pq^l3C=Tj~=
z?4%UQ8<dAA6lB%hb}T}X!aGjKzt26^&z;=+C;`Gfjhgki|4cm!OpKbBM0&PTj~siS
z5@BxR?Mh625Sj#sNhN0Pz#ZET7C9R}?jj$pfOibRd~$3oTD1c=Zrc$3R{Lf#Aw2IO
z7dOMR99<C_T~pNPx(9-Pd~_WZ0dLJeB(nPZ_iA)~x&Crv)mtQ#_s2i6w}(>9|98E8
z3AHoR+naHVo7#^mMQ^96a&!{)$!G8JZdJYgU;JjcGqqmiRO{{g$;X|5zo@r=C_MAt
zZinZ*z5O5rvbVo^+=U4uXBxrKx`HY@`6oOtMGxT~n5L7?=xg!_@=Hkm9OOxJ+wP?K
z=*pz|^8rco7d=Vymmeg}?HiNkV<k!RR|}Koj-5&K@usA?^Vy{N>!nHaH%F7^t|>`#
z_Z3NV&u@}u$NNch@5@PZUwP8p|7OxWFga;H@pRHmj!BxGPbAHQw<XOdf1Na+nvpbr
zdq>iI`bg6JU1QRG2H5W}usWmNc34xti&Ydv_Z^T_^$AKWms;(+xKd;^g!hwhItk-K
zh)!6Bmh3r~F3Jl?kf<O>sgv*a_U<;&bTNq*@t%sN=$RnCi5$WM=VH(9q-l0Hzx#!|
zmtm-R|Ag2?#g*jq2iZRV8x<qS6T+t;+$X>0*bWcED#m-FeHZVKwNu~_uQ1{Kr>ImM
zov8~%)!Y*z84PyMPjO$Fie&43be#J3piJGd$#H&cHFPOo1zm$5V}l>-pxfYzhtV=I
zkKYG}?OeB@eHWSc|Ca+$xEBhkecb2Mnol|wK6yY{KI?3sGr3RFg-;?Ea-SyoY=cj&
z5ALMq#iBjrHxZ@fF*=97N2p+TqaXNmIRsdC%Bb@{#WGxKCM7*%eHAqKoK2m7H3{Mg
z9;=Y+&qu#ND5rXSggmA)0Z=@Dfu``-%LVgscJp9$ciz12t|NC^d&u1*w!3ZQF1{(N
z`TXYMKl3^(A!oJOvE5)hYv9hr*h4LE9nH$hROod^yO3zgC=C!g7M;oK&+5!*KQ%yF
zkI?`jU34Z9(V5?YLh47nii&U1@g^Ma!2wI%hMLf)v{s1|l?aQ_B{D>6_ffcmsdIjb
zqomn|S>jpD63@*}n$KgF_ycB%7cfh_h*{z#%m{}tOT3I(;uXviuVR*X4cP0LVg862
z=6^0on%$VK-oR}2CT6R{n62KzZ1px~t0S1L-oZ?j!c3LMOm!49)iKOe$1zjAi<#<A
zn5o`dsEx!AsV%W+F-5I<1WP}0*^cAIHyOR#NqW;6wTVGpSRSt2VW7DdCJRA3Q_mt-
zSgba(M-`pgKZSm3BZ=c;u%m<Kq&drL1Um(+$jpP;dgnpV8U2ISb95|vjvHt7+;97+
zp8Eyt+PNKij!Z<)O`uTTNx?&+qKuAT#c^kpmYV7LyEA$Y^%%7*F0v7e4x^+b`o0R+
zNRa`qGdf0TB`V$np4!AcayK-_Phc=+r-4q_F4Bxsrj_r`)GQe8fwSJ!kFy0AagP<d
z$!5AZew>ak!?C;$X5Uk9gy6~jmDf}*t%<!<xug<nrK69W$(KUM6Rod|eO43usP<A?
zMJ%@VepZzF);owL`fk{m_^MjJtc`tA8~dm__FiT0Ij>pm`wOhgUymH6?;x(bq4N65
z8!B(CbnoAgSug!yKe9sp<hK+B_|Dhz;p=nb8h^0GJA&0m8XA0|P-CRU;NQYiZc&0O
z*aWX{^#u9O02A*i7~-u3L%zgd+|nFwGUim*utk;i^~OZlMMBMOD-F%GtgI~D)EqKe
zJ!_4yXO++J7_I(RIAE0x4UyJJiziGL(j&Ba^{gK6V`#YHQOf=x>Ew#(?Es&50IRO6
znrA46JXP1sudG?Hw6eCQx_)uxV$+yu%xUs9tWp&k;-wYD<n<ZNZN^o;wMMls*t{BH
z`P&S<O%Q1a4-oB}#Jw%LYHnps?UFhZwZXYLXO7MDS3hPNqeBDOGWXRp4Z~p9N?J`E
zcrvN0ue42!Y+z=CKhokg+WcYk2EDUmK-ma*f}U0%UJZid1#rYn`bRF=BKk*Fv1%N$
zYJPY%M|mP0+rQ|lIe)9sHD2^eb9gN|TEtW0L%7uj9>a`K6AyHS4=M5oeO|-g*0L4}
z3^gN<A^t4KC7zYOGB!Fij&ef9F&=W-=nuAf!e7u0w{ZJ~OBOF$ve>MvTUduCi^2zB
zdAS;h7{2O(k{%^}6Y44#RL`xcHKjWDL;Qk;i{~y}vH-bU(nc>_8DT$-HJlN~lInW9
z<GK6E+^XIZy=TrGz(zMUtzpK@Ga4fy-fDW61|y72jhgB#bs8@uvd@+&JQT`@byf9T
zIUr^l^Q#R{%SwaZ$}+sZMtd;ZosnZ<d%eoMR<wSqAk%FB(l=^Xy@&U3Y{$H5(`Dk2
zLA(!fUeVXrfMThE%{tuMdjRzOBfY)HLC1mK4>}D~Q=bCHnm|W^wu4rK{s7bqdM9SP
zyFp(BeF(G|ce)2a8}X>}7U*I;|MtO*em(9MM}a;K+5(F2CwM8iwT>06DJ?i}VE^I`
z1^r72r!V0)yxrS-nNZ>X^XoG<O6mvR?CtHQD@RG`+>&8e4*tq5#p~D=!@oXu@~DyI
zfb6UB83Vt#1GEd(bv-^~(cVdfR+f~mFPt-|Un>FvOY+<CnFaZIptgKzM*bgwr+<O`
zH;_+){0-f{@HOs${J)0J2asQrC9kvPp8_9?d{4rSmtB9+`2M6o_U9wdvv8AnBeh?}
zUvzDulFx$tR`koCKr`}mfs$Vj+(Lg9XZbJU{wZg-Ltc(mLLZJ<RY~c$3ad(n-B)Cm
z7>PbrC1d`ruT@gMzMoYxqrLz95?8QfMrBEPWyzST5(9eBuPQ0VJD7~oxL5{16z1u2
zIs>OOa5@90GjKWsr!#Om1E(`^Is^Y7GN9h4SMSf$EjN{1O7HMf!Iy2K;Efb2_-d0E
z^?RbPN?yIU&!0hnsb?7V4zqfHpPmP(DEWt<_xg$7EN{B8)W(ZTD$rUfl`bh4Pw$K!
zmhpW>i0yZ)^>_M7B-NNT+u)k&-hM_O&f3p;^k_jvy}Nx-HdNt<WFl1DCxkkE8Ntgi
zN$CYlDoPKJle~S%FNd(eDB3IiVMR~Lxg8#ZI6q3t@i@YH)ef%oPyA>99y-V8G}+&C
zC0#0Mqok`PT`%bal0GcyW0EE%eNoaQl71v<KYGI!WvHYVOFB)`xsooGv{BO4lCGEZ
z0ZAX0^f5`3lD;VE5lKIiw4Z!%A1dj^l1`I!uB1yPZIpDir0XSpK+=aLeN57%q%TT(
zMADBW6|Mir|Eu4-%$qZ3rZHy8ibz{HVoWcaT2?-Oa)fge|7GHgvhpdH3iQj=RD{_;
z{jOivFT$Fw`aOI$Uc|!c#L@&s_}z~>uQeFwWMBJy&c^#Ob>3&={h2x+vhiZJ*`A;>
zk|Lay>U_<hG#3nD>b%azF^kCYn2ir)MqV6~L+(Ta!y>Fysr?tS{p9)mCD$)y9b<J(
zaa_dCwD%9tr9}vG`2-zN`e)m}o6@C4nBCO8n~e{_z6gd6@#7*k)Sf4GVG+%Wu6+8#
zSnlso$*zd0t3t*LU0?dJ_xV>Q8B|<f3XwNgPCjYPkMMOl_y~!s>zDF19R~%t3aEIf
zJ}PtZDaezDR^a4cT@Oi@3N11huv7E78F;?<f9Qa31y25J<&VkKb@5jcUzvkH;o!$9
zZ_h)&0OP?+Uv}h_d~v?Pb<RFzJe&kxfWe$Q9{wuz)pcD}QNj~@>i8T1ydcl`nGXCc
z<YAi}=W3dm$8qH~L$8(k$K{2TuNgwz=%9Zaa3f=GAJOlsjXdM_yWCF+yK;n3<!g>O
z{0YZxbNgVs1OB7~{+a{+o&(+w3CZ{S??J%xOg(Ib176AfpE}P>anQFMa4*M8ScAL~
zx<+Oq=%ByJ0pI3;A8^3mbihA#z@2{ge+l|MU*6_8;MY0ew>seWJK$S^Q$Oa;liMBi
zpLD=qcfj8VZrGzzJHUNxzV;4xz$XGfv+!J|?i-Y+*$(>k4tOK^L5tP(3oI`Y2mQDM
z{v(cK{+IIuU&Du|M;-Lvg{&0weD1yoKjV4JTz}PfGy5F;(6{vY@^%b3`B&Ew(JID1
z=K3XUxSY2qNx`QMeoFBmlh6NH2Yj{zezgPc<9G?1aghjwe>Z}|n;rC{4){g~{2>Q?
z2XGocx%oK&+>klZ$sf6&5_Xr&+Z$5&u7m$G@W4mci=A@*;om92W(dc1&*FFt@R6s&
z>=+*pr{339JNQ}VfHUkP5DG^c8_OD4W@`+0xYdoH`M3FKZvd~~y|Tr>!qejR;w$Ko
z+Y?#C8vLz+7JO6gEt@{=@)`M+_~rv{PcZ0Niy!odgV;KNzFv2GBdx7#VWM$-$A>Ic
z+93cT;WdGIJ~~i4WMFp$Y=WS(z6MseaDE`@5BnSZEl_p4=hjuuH{IrfYTC&o+qajw
ztFK*9IlpF3wuEnU0SNm(xlK!Yu&V2rdtU9rs>)jT!nt$n&BgA;l~uJSdF8tqG=w5z
ziv{d|;B&dumIbss!8NqI2Ys85CfMQ1w=cv77hkj;iLj2WAY<C1A=|guIUxt59T>79
zm9xyQ5q2Q7%ZAt>gzrBh_h1lPJLGqw?P4MJgUD9P-9jQGox*6(kGci(>a({k`8)RT
z&^A30J5yx5Q>s-vRd&B{%a1&JtH`G1+3Dnz%}Bmza}Ik~5cw|8DLY=|j~Xs>c2g1C
zZe(lYG{i0$a(@ikd!sdwt)P;SZ~qdB@!d*tHoD0*gHFzdD4Eg2_Z&eWA-}r`Tb#6H
zHb_yK7rV;veL^zPVFM3$%|e8Z7meI_fg`g=i=DCj`>61}Vze_YOABes-hapL8oc3>
zwdD;@F!nvscNpOtkf^rnJEkbidFvjyv$xyfTd8DPN`q1CtCEdr^OM{+C0nj4<@>nM
z+hN&avByd_=5}NIA~nU)zD9XBD?+xBiq-C%9ck=TY1_|KhSs*Wis@GD<C0sSzNt&L
zOodM)MeRJJFuN-1723*%m7$`rX9Z|DC}@*9!lpC6V1Sk3wJcv*WmV1iuxF*@R<=dT
zRz#YyuOIgKDI>1Q6KY~*-nDJ;Cule*B&+cP7hWpMV%(4geJvg`kVk=*Fe~F@stku^
zEB#=@zBTyIcg-ma`uWB*WxghPscQ1ViQ<H*xMm3pb&MK3t<4RHiT1TA!?rf84A)Ek
zE?%B1`QHc8b2c7@@a!#$TE|jUtv^dK*Hy<v>2`|Ne3iXg?^4u&OfR_o%PRCZuG@#D
zBSlALX^Xukb*LH)eoN(7^{e$WMQ2E5+&=N5)|n;C7T|!^#Ff2TH&-+u4RO1}+pg@@
z`t?%axOKAa)q0$wYTX?wyil(7aw8a8(^mDXbvs4FQdz~X^b}nMIjxZ^Uajvb>XP=k
z@k^N9iUaBsWv|u&6;<o@s{Y*e-!1K{q(ik{sHpnhfb8j(HrM_>V3ZSzj~De2AgR2q
zRZ<?S&EO!0k8W>BJ4L%y!=w?tw?swJ`*Ez>+v}8a9Zki{jqp$Lihe)GUae;;`s1AS
zI90Fm_mdoZ^*xcI>iZI<Pkp7ApMs(IRWsG|rJ^Hq3{>38$D=v+x%;u+t`sHBamV)L
z*sJwcMT=En(muETCxO%2C7nZ5)cTp)r!`k!@ru3xo5A=fd$oS+nnm6+{Ux{zuk7D|
zfX1G(SL=FeA6%7KH9nP{>PK4Vr2O0V@_RFDHb4}<TYxy^|CPO>M}g}0_Iij*7^!*$
zmx*8TCvZT%RQ>8Xv(zOtR6T+db*W>bAL2vxmlLBEWq+xL(IM$l(P>T>bGggK2^&L`
yD+*m_XenOBqvlT<-zs(-+NJ3#ad@*zyp*VVmExH=$Y=lZ)k5QQr6_5x{r>`TT{T+(

literal 18560
zcmeHPdvsLQx!)lK0?H(U4^)sN4+Sejct^a^Ovr(g8Xf{cyjK~AnaKktnYr`8#A=&1
zj?3wETIv#|t+$tJ@AcZ}qP8effgm_RYc19nR@#DAJA+VS6-`?-_xJ6y_nAGDIc;y(
z{pYUL&6<4s`+bkS_qQMCoPEybb9&>FVI?I@rc!ntBd&L>iPQ=~txIG;YFRZKg})Qo
z1U3TvaE_VsT9ZI(rUBtv(sF^9f|6bJFcT=G6NH|mvW7&<gsd1jG{ZzCWlZA$*->3X
zS92Cr;~7b}Q-zQo6;#?$^~kPU*mVm#Ntvj>q_Ta~Hu|j*@<Lh<86`<cm(t3&qdv;t
ze<f#!(0~auNu}M5u%mkZt*KHdt`g<h#bt|#horI}W(C?dESNVd;F}p}>xgyE?5tie
zbHO}kB<P&O+fDvScj@vbUJ|*Hp`tpUj~`(qAN%QNzW4Drww^v)d1lJN*P0s_?D_hY
zBy-{?`|aLdt%MD)9Yt6besl1v(_cCHleg}>^T@xhoA6}nJ;%E*opt~&nj9!x4Cy@i
zxhS9*PW99BG)-o&ji0Hga4|n0+30VCyJGqe+Ti^*er~kE-?YIG*x>(Z6Nf`K^?BLG
zPoIsSAK3W0+(!R%HuyC*<&L$9|Ft%L-mvjAXrsTy2B)#8;a8a6w$b<5l=~4J6dMm&
z8~rIZc#}=JH{19hXXEEy8~iRCKX2LKKeX}lgbn@~8~l4V`1L4P!>=%XY@=U_aWc73
z8T=-jxP1!xmFyx`S*7J!UB~h9Y<vMeN8p9}-{k(!VbkTpE4)3#>si5uPt9}B7}nSJ
z4St_D+!cxjX<ePm+zo4%xqbeyzojh_^@rCiTO0^>_}6$g1pLhHZfOs8xFb<dIO=wr
zsznvaX*3XVhc>w*{%9=3BoK~x-2To`FdVg@cAvYgqdDkq4hP%a(XNm`CkeH=Zx6Rc
z{qE*AlrDWlT0L{-FL1{~J`Y4;f6kS^BN`5dy4)V0&m9TI!rq(_YSQA5=KGiG&9M%z
z<z0ep9c?+sqDbEGNM4cfYg2n~H0<_;H?$xEexK!@0?^{`aBuQ=Sy(&TS**A`%<m1k
zy|M6SzfxXHIOJ~2`Ic1|k!kmI#5@736w!uec#X8?wLwb4{=9hQ6>qhsI2!hJ_=4?)
zWvP9W>v^|V>HXGCzGlme+9-pAKJRFw0qUi3xq$gQ(I3shkiUb4{NZpg%tEnf1Va*?
z;@#x-wr+Aad)fjl6mIK?HZ!j$5D0o%BpMFDqTS!_4Rx_*Zy*@)v*xhh<71J4-yed#
zx6?yqc>-;B&<Ljz#RzZrv~{p%voN<Gqs;^PhDgK|Gq=CP$CfrW)Gc<;an7D+WplYX
z&iR;dn0);2Fe^tGrZ7i2vGS&_#N>UK<V_ExW9CYj{AX&E!0W>h%jtjrS0BLb+Hkg*
zuNSx<YHJ%qcSOqtAG@S&6!}_bR>rztmG_su<4nJu;(k=(-2yKc>ypGJe`uD*4e4G{
zxaRy}1*dx-nT{y<1rh{3rr?(-ct*h|DtNzwU!~v!3NCK3xpbRT<8&ncV(GNfb_G{^
z<WU7z`(}rNtIrL)6kNS;?p1IqTc$$_E@Miv!wQZLv(ga-A8nzCn}VOC;28x!SHb%g
z90SBk0}Af2P-H|rsqPgDUasJB43fA~!Ov6l$1AvcU!p0v7;4;Vx`JP*_^DFxixj+C
z!N)6jt%6^y;D&-<s^BXXTs|w3c%6b@rs&_M;FA=*Rlzj{4=MQN3f`&UlNG#M!KWzr
zy$Y^g>bEHPG(~@#f?uKF+Z9|qB68`Y3O-%Y-=W~*(U?njDfp)p{ayv1so+M>$#NrE
z_Wem3Gvd9`VS|T_o`dBF*x>xS%QQAPtsZ|XCe<QGd@EUIj}0PCTSPof;p}0~&mo?s
zZnl^6R}oK3QFaICClgOoIJ=$mmk>`=H@k)NV~M9Jo9*WOXyR$OXG5GHMm$Z?>}{O?
z(?swzHM1)@{|Dk}N@i<0e}Z_LirFg8zezkz!K}vlUlLDKFI&m^Ul8vgo^k#;;%Ta7
z`#%9N?P=m^ie-;+emC(nwX%mf{}}N!rLw)8{|@mqm9jfH|1j~i1ZTH%{_Dik(wp7F
z`TK~cDVFW#{1=I*sg(_J{tLv@l*-=5`8$ZGsgzyG`7rUcWM^wRzma&FQrRlbZy<gG
z@fzp<nRr^tvz44*MLbQZEaUvAiJwG#|Hst+I^s3rk8yqx@icX^hdDooc$zZVUd~@d
zJWZAC4$e;|o~B54JLfMUo~A~23+Ksy^A_+t%|6wTcyYavc+=?lZU4$Ojj6J$5Njhf
z=11rPBUSSbv<5Hu{READP%){VLl?tAlaVSr57fA3z(~9uy%<A#H*{!dkGXa5ShKTY
z(%szutp{jS=Xkh$ofK2^e*w~D%=iTM#{N%AjYPk(KXbiNk~UuaBsv}rzbYJ_OAhV)
zb=M@I#$vOKo|+cQHBo)eHIg+O!DYrEq8S5!(q$g-B~+bms@VGn;1ca2^;@&e(4ZV<
zX(eiSE!v*B@9f}UpMI8<Gf~WkgnkyHnIyU$qAkxJ;1&r4;5{SpoRQG`jYQLck<<rn
z{i~v$leI?Tt|LYwb{Iy7jKs2D7=r4@K!NEQ&|agDil=Bjj~RmE4}oNkpdWd0J$Lo9
z*rr_vQTr@~+ej|!H<C@{BD0s43?tE(Iq_$%Jz(_QHNaw1AVWR-G6w*ox5i2Seem4V
zyET9Yj1pdh0b_=KY#+JGJWQqb+;xn_wn>|P<eI9Pq$X7Ef*KQH={Z@224>K}V`$(J
zXdw@`shY9Wg!!f=D%HErNEyQ*Kek(gxsiB*Y8OL<jXwPdL8{x&pX|lbV<h$%X9fp-
zMsoNxTCB<Q?B2fkI)GqVU;Gx4Gg9$mA5r`JGLQWUG!^gu&}64j38|WIVI|7^w<!w2
zh%~E7l#EjmN!Bw^66=Iw4=H}uR3w+KT@;lkHT>C)ANA2>%xAJ6AT870NY+*ow3DDj
z+CmKsv#q>lW{ny!`jhh?yjVk9`Z5n9I@y`<Z`C5+8(W1+%%DpA@sC5?ul<|cR}1&m
z<o*S!bFPuYD&mjuR@A(SwK}s^EyE}mVN`o)E{aU>i1+N_aqqei6+B4B2K?`<L=ZFU
zc{lS&8p*;oyLQo4266i-AJ2W6?L%B%4VMXWc?KfW<vHXsRdY9?zajK|Dv0DjcM|&g
zfEAx)?Qry8MVxk@_R%#n^At5K@iZD__V%k3?}bAOrnUsh*_~8`gNnG1ib!tdX32Ob
zA1kk+Pczg~>RUOs_8ZBvoflD0KE02w%b5X`IW$z0$o)ieKbG86Jgr*wWqu2ro&ogA
zK8jJXV!uX#NW@#IB1uk?3~kxOTVGqwYgF?bF2sEPWFlr%xO!P7;_)OLv)x$EP*GIA
z<~vZ${E8-v>CGscUPS9lr1gZVH2@EVzB)+jtI*0$LImJ^3ISDUlNrk;)C*$p)eevM
zR>Y5^cPN5l3YJlAQ}OMB{g4Vw#d`(&JCi*o*dr#(#LRxyWHrI=HrZOie%EAg6YN7^
z#rj5q!jUl%^%&Z9O}O33Y=FpYO(zd+k&*ERH8asi?Lu+1Vw50M81+<6vTVx*8pS@d
zu4o~1sF07Tdgsyj7)OQ3QQMa}2mv43w9XeDAM1JH@!Jrj##Ee9dsBOO$WkdD$kf*D
z6u{KZZX!vpxh%22fv#w{J^;*Xd2FtcO7XCzw$^fQJ2fJvA(`v|n`eUSaH{4GEZ7;H
zm&CibaI7Rr?l<LB%R+fbv8U=6%9}_&&9tWm70MTpyv&sM7LiXP`P&~*B;wSdLi^z)
zf5wzky9?!6+#6^9%aq?%ME-M<$02{07M16TyAo>Vx>bW5pP#sN5BQ9^=kn`Wv@CN!
z48*1M^CxT3#|0NVxY|#yPQH)3l=u-`d1yNK#gB>{<liRw^N^?Y9edOI4_nguW24jh
zj|S5EkKa%0JMT;Dk2})(6D!jCuH9+<$=0;K`^B{WleKC6sS{~^&%Ct0_xiNH@2Rxj
z`(9e#|9V<~x+<+7cr&dZoSW94c|NVDr>FJ4XVUti&!qKdf0EXpt4`}by(_Ih|4v%}
zS#w%{0oczkGy3AktZL1_7}Y}UE}+^us9O?TYV_>kO0j7Wjv!$P36rJ}qiYpfvhO0A
z3gx^rYetdM$v+GZ?$ywAa}u9|5*%jeN}SwE4&i}wi5GVxifk{x=D^)cFjTyMKy0e!
zDTp)M@_l~I^x1FvGzs^~M}p<>X;>wAPxS2J{n0fK4#VVdA&m}MkG{-!vuN%KH5mnV
z-?y=vXJ+N=^}k1bdq{-t-MLAgH@t_Xuad(RkF$!$d-?i39wnJe{k?G5!*xq~_K^9=
z&mKfo&f+02^Az{_yyBDcrcYj>Jf8<)V)~rNeUdJG5}Cw(K0!WP;Zx~@HfmlXK0tm`
zae7Fk#UVnd$?iozVBzb_Q~=8l8FhXK`5aC`&sk4{=Du;%`R9-znc{Ud<?3C@_feIh
z9w(5;$8r^*vR{Ix>G4S}ShhnHr@C8T)ZNeU^qleLySv+Rw~++Nt$EGocNw2A>a3fb
zU6}7|q2+8McNUjJ<=3b4qEZ39zW8ATnj%UAgz{!*^78XK^CN5mn4Q_uPXmN>(V0Zd
z&Mc#<e1jKJQ$qQ#Aiob8tluaJeM(R4n5aZpjFz*v;WM+2s#`&w(}7%CKa5r4MXVCP
zxGt@~gjM2YtP-zam3S4a#A{d)j$oB|9jnAIu}ZvwRpKbHUtxv$HCCA4T$a|4VYNDr
z)#^>GR&Qao`Yl$gx3OBigVpMHSgA5tsj^t9PGF^a7c13CtW>A4QvDt))#(+=Nc;`8
zB@r*DTFV~616NYC<7D|pZEz<^H;!sdjj2OhT)Q+h*T7<7(!NX*vBFl3mOrX!YF|oi
zzlFp}bFgDn)%>2byhN~0ux4b|<m+7kL0|l3rROMb_8d3P>$#fYvgf`JyB=<bo+A^p
z=l%l<nd7J6Ayu=T@~<G@7q3LqXwmD7pD%K#s#&-AcnV6YY#Fo>A`M($e7e+1m3d6O
z%G7e3Ts7xv)>8=)UK%fgrqg;1)cg?9RKAWhuc2O$<@RMRf#E(l8qCz1L+x5pno90+
zN@q^;wp>Y~Q4kfqMus4G_CRiLfp!{PH@Vg}Bwlkhxv-Zp?S*o_RWXz3YFFaphQx=B
zGw3P5+}QtdX{LoriJyvUv)_>W3yq0CH6}i+Pn>oQo`2NnIZ$F;^Q+hi+N=AQTV1!f
zZgs79xesi~mHGYw#E<;(-8|ZBAI1znUeIVa1;YW~<!p7#>-9$>&9Q*S-}9h5D1|q$
zSw8>fS>o*yGv8=w=KC#8yzbI&Z;Q5Si|ZTMO4sVu+HBaxB5fTlnqum7I-{*^5v|?R
zrA0lP{F+B=54OVrb9ue7_E^9ZB@5vZ+PrwS8gK3tT=PifV3>3Y#q|Ek?;FkPSJf@m
zBtxF+8<x2mmala+Hq@_P<65I@i?qe9e(xq(pk}_TM4fzot*t}5!QZ9T`@?OUQLSKy
zhL>0|Z*;WTzB%06${Uur8XB8c=_n1(^~H-Vp1&kqq)m&AX6xKHF48oO-7IK5ap1{h
z)oPbzqU8gNyunz&r*#CQ=nZ;Tt3g={dBUD{KVAvL@p3p~I{hJ+Y$g4nqF6n$te$6Y
z<R}lMZTnZ=u=uYvnjG+st*Vk8jA60LwY+{wL!-{!^Y#$8e8rk2E1H(0PE8&3!di<4
zsn0O7w5IyiRsgxXx!h{CVMam64e+$q)=s7^8r2+&__c`NOK&gHQ)H?&)aR*F+(~4O
zx_MSRjT`Ehh`=t=mep&XK#N9iwKbo=*%}lLJ`A<CXcu>?SXf?f&~G+dJ0B|b?oe!l
zGvseK^B5PL;mue;1yg)QnWz;EG`wEc@FvwNkn1iK0YoG*2QMwXwiOi5oa}p<!NDJc
zPIz~4@F?ijpm&2Vz|{W$v=#LH62^K!=Yf6`bPed|u(m`&Uj@A%^f}y`{TTEt?$cfd
z4d8M&0ne=G!w033J65rh&dQQY&mCF5rDS9!;S=!NeqwM?eLqlKpRuVzzyEiGgCW|f
za8xdFjQ@1SIk%U0v+FOp_Nuv4Cj;f>)q_^UFK+m(L}lHA-y*bc4xuhb<vqg|j~UU9
z3V|j0o%l6EekrIWUz?LZ1bFFRkUs@^9puMV`(a191M+_qzf#2Srabv7OMVvkBFI0W
zTMAjf($gbIf$S$Bt`6MZO~vh6PCjWQ$*Il%1i6N75<l{+&QbZ5VRer2UoO=hT55Qm
zWBQlM3`f;HBMe7%&&Xwt+OVVA<*0Hwrq?+%=s~~EQO@5V-wi(o{7{(xk^T{Z|4$K+
z-z~`R6fl%|Dx~zS1SMJnDar4qu<6K?{9fu}!OQP>`Pu+Xt}XK01o@o=%~MKJe&&<G
zAo1HodAKL$X&cR9B%11!4huOpQ+V>x&L|SSIHWY*BuxEAf*_&Bx}6%=kaJdkPb=3`
zQ5?QBGt)NFaEU)E3X=8i7kb!3;7OJ*-*rnpEcd*9h%bk5%guTI#uJvfkCk%n2e<j0
zKPwuFO*qcWc9^C8-~F||qb_i{mNs^gng!h~=skiyAm}54J}zil&{qY0N6-%i9YJqm
zkuDVU3PBeLx<t^mf;J1fS<rg~eL&Dh1btl4w4kpF`i`I<3OYi3OmU&0R|vX5&?SPd
z6|`B<&4S(|=mUa2BB<G_zyGiNK4|IU#f!A*O&ekz(U`W-Ip0||b8d`tvp+k#+F3Pk
zhKc?yC6(f7LVnk;>X+gfLw*mRkC(EjoFIyz6yHh7`KiE|TV>X~%*RJCIe+u<kxY*3
ze7xNJ0zd_kFU2VbIqy_aDI3k?{LIIPe&0#*QmkUNV*KUnk6}BC^j|4+Sm!VD^^1Hb
z%KcZeO1c3nNTuvN>->N!Dy1)tr>lsWFJ<Gb@61$bDel_j`k9YkfO8R=3h{g?yU<$i
zRADKtZdJwf#}E0wmh4KIT-|eC=sGc+y~j6<a;SNo7>2m@7sL}U95LD)tV;b@3E1TV
zm)9ZbYaucvSk2}4yYjlUgyTcw&@TMQ>zee_#r22Aa~tqt_5XJp{88Xk|Ffe0^7{6K
zz%LRP5Q#ry<Hs&;FG0Tq<Kf^8WC~KTdLHLG<A#ifKL9Vm)vs_o{8{MB>$5Dv!2>&V
zd|nQ`q{#SL2z)H!z#lZ=L@pCcIWE2C=*>2G2XHN?X60hIz-dLs=NE1KJY<9Ku)z=5
z;IG=?r+^px?)(EA{c;4PVCeI<xw!t&b>mVS{aH5n4IFo{apDH&CK0)tZS?Q7!5_52
zziWd(YlFXKgWG-g??C?+i_aA{xNd{HZSV+i>aW7}t=mTbejA+5pJ~>p%w?Xi(SOkf
z&j3Gf*hNfU*QKX3Hu|H77mv?G;OC)b^7;anr>kxB>um6K9CxrSQ%rmQ42&#&=~t{@
zPC-_Qb-3_+MHjDs?)oVACc13=B!H72xt^P)GqzRK=Q**i&JlvI+xYo`4SvW5KWc-Y
zw!usB;6dx#dhvk5_YhF03XaQK=ja3*+zFiey|BHDfNME(E4POGaj-e!I&xe{yaL}S
z<~!f>fGo&y%iPL*0r+H#%Vi$s{WbKy=$kfv7)~HWqOs;?r<di9y11k5ZX6Kk@YAUR
zU(nqW2yXBM+`ecq9C3SMoy;3-4+XFT>T@n!a7}e_C4Owd?FolHT{s^Q4dc)OZJWA%
zvG(>Zm?#`S^O2`Y2M$mrZ2vCxQ%0V6!66eIpHNx9m#tc{EEEn#gWg~Os&4m^Rjy^a
zTVGyJCv)<B`<T1_=H;$s4U6+7{5%UFoR4(thVWq2uVU_{jVtP0jqVjomaNv-xYxMq
z8g=r@4@Y<-G4pT+&QbVlYvl<DI_w}TEH={3Q!Rh#L=m0g$ai6$w<y5qz(zhKOUfN9
zu?nZ-G|I6dadN{v`%&D9H~>Q%zUG0Ee6_+eCOPRmMu&S=Enm7i|FqHn;;@c#R>?fN
zlJj0HqJQyhPmv>0_9vHyoI0|O_=wjnL(ak!ui4NOQ0Cd2d~M7qoSzXVXJqFUJ9s28
ze$1%gyjh_cbP7%~<wgTPWQ0N^L3b<8CIxaQo8;IuPkr%&LAk2p7>~PQ1*(bnK5o1R
z$Q`b-qEq|;6hGvpOprV+ged<Q9FG~!GpWak_-P~AMD-+;#Ox2s!JT!ujUSQ9HHgNL
zd0r|XQ&taa;_$Or^!_bh)$PV1K)JBc>A<2#{tzr28{F&`gU1!=YHv3eGV`QWp-=VL
zRlZENmpW6P24hb6i+VPIM#Cm;l{uXE@`ppriT720r>m}EX4KOnxR#EXb3?2R2gq?u
z&PiOWC(_ECzOD}VGifwzN;c!o7T&hyF>c7h{(y%JL@pGFGAHj{C$i3#AlRtC6My-E
zHD@@;4~jYctzxZj^}&hcOjC2wH!WlyC3xD~yr>hMGjrmY8FS)-!(US7u5^E2j-K0a
zi*7y7$o&#Y<$k5~PP%HM+bP;3#O*Loa$iMKP2iH?_9HLN2B+G~{TE56=4qS%r-2I9
zgTXgoL0P`sr;)T;DC2U^liZgSEL)BYZEZ?>xz8#o-Ct3neOPL{w3qvxYk}bw!?KtA
zK9b6PTBz_;7{B#EX%AGEFZYKeZ5DR2{!&lUO_0-`s^sOqs-(5TzOeoRW_KV%O_cU>
zze&=5p(x8QZ2#TDzE0@LeJM%hJ~P?Vp^-xSF9V~PQ2i*$eRfIlM3a|9cUV{gIn};a
z>~l%V-vwIQbT4iuN$)SPm-}Io%KAzdl9%+~3haBu!-S-DV&7HT%W@_Etpa=bUO`g1
zzb^F)+y8B0FZ)kECrSDR8k|a!^_I{Nk)ilW`@;YCBOnz8Ei8XufxWe_H{CQiR50KR
z%YPPXv_~eZDfemQ{|8d2FL_B{fo+9iFZT&MuLg)D^-M0uOZ+$lH1=fqa{oyFe=9OD
za(qfV*^jiJMoqNrof<fX{YOq%w@v${pA%41?XBncD$`z;V{*CrOTHf&@+Hfc&s~+m
zUX~;E3#!A;KtPyKmuh%^GqW=+#LP&0mCCWBs@4komEt`PU1w(DC+j2EPa5B{?yCKk
fMJD%{TzG^~mMe8>dKI&;t2H$~F^ToJ(Efh_Q)&lE