From 6e8dc4799f2f04a5cba696c4941929c5ec4464c8 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 31 Mar 2010 17:15:11 -0500 Subject: [PATCH 001/176] Constructor for OpenPGP_LiteralDataPacket --- lib/openpgp.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lib/openpgp.php b/lib/openpgp.php index 308c80a..fbbf333 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -920,6 +920,15 @@ class OpenPGP_MarkerPacket extends OpenPGP_Packet { */ class OpenPGP_LiteralDataPacket extends OpenPGP_Packet { public $format, $filename, $timestamp; + + function __construct($data=NULL, $opt=array()) { + parent::__construct(); + $this->data = $data; + $this->format = $opt['format'] ? $opt['format'] : 'b'; + $this->filename = $opt['filename'] ? $opt['filename'] : 'data'; + $this->timestamp = $opt['timestamp'] ? $opt['timestamp'] : time(); + } + function read() { $this->size = $this->length - 1 - 4; $this->format = $this->read_byte(); From 6ac274b8ec5e5e7792edcaf2bad1d0d4cacd59af Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 31 Mar 2010 18:54:00 -0500 Subject: [PATCH 002/176] Implement OpenPGP_SecretKeyPacket --- lib/openpgp.php | 48 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index fbbf333..df8a107 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -803,7 +803,53 @@ class OpenPGP_PublicSubkeyPacket extends OpenPGP_PublicKeyPacket { * @see http://tools.ietf.org/html/rfc4880#section-12 */ class OpenPGP_SecretKeyPacket extends OpenPGP_PublicKeyPacket { - // TODO + public $s2k_useage, $s2k_type, $s2k_hash_algorithm, $s2k_salt, $s2k_count, $symmetric_type, $private_hash, $encrypted_data; + function read() { + parent::read(); // All the fields from PublicKey + $this->s2k_useage = ord($this->read_byte()); + if($this->s2k_useage == 255 || $this->s2k_useage == 254) { + $this->symmetric_type = ord($this->read_byte()); + $this->s2k_type = ord($this->read_byte()); + $this->s2k_hash_algorithm = ord($this->read_byte()); + if($this->s2k_type == 1 || $this->s2k_type == 3) $this->s2k_salt = $this->read_bytes(8); + if($this->s2k_type == 3) { + $c = ord($this->read_byte()); + $this->s2k_count = ((int)16 + ($c & 15)) << (($c >> 4) + 6); + } + } else if($this->s2k_useage > 0) { + $this->symmetric_type = $this->s2k_useage; + } + if($this->s2k_useage > 0) { + // TODO: IV of the same length as cipher's block size + $this->encrypted_data = $this->input; // Rest of input is MPIs and checksum (encrypted) + } else { + $this->data = $this->input; // Rest of input is MPIs and checksum + $this->key_from_data(); + } + } + + function key_from_data() { + if(!$this->data) return NULL; // Not decrypted yet + $this->input = $this->data; + + static $key_fields = array( + 1 => array('d', 'p', 'q', 'u'), // RSA + 16 => array('x'), // ELG-E + 17 => array('x'), // DSA + ); + foreach($key_fields[$this->algorithm] as $field) { + $this->key[$field] = $this->read_mpi(); + } + + // TODO: Validate checksum? + if($this->s2k_useage == 254) { // 20 octet sha1 hash + $this->private_hash = $this->read_bytes(20); + } else { // two-octet checksum + $this->private_hash = $this->read_bytes(2); + } + + unset($this->input); + } } /** From 36fba1596d3403b2a26477626d146cd269ca45a5 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 09:17:09 -0500 Subject: [PATCH 003/176] Default packet constructor can take data --- lib/openpgp.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index df8a107..13d6a9a 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -292,8 +292,9 @@ static function parse_old_format($input) { return array($tag, $head_length, $data_length); } - function __construct() { + function __construct($data=NULL) { $this->tag = array_search(substr(substr(get_class($this), 8), 0, -6), self::$tags); + $this->data = $data; } function read() { From 5829037d0b3847af63cb99ddb15a2dbf3b99c003 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 09:17:40 -0500 Subject: [PATCH 004/176] SignatureSubpacket constructor (for tag/type) --- lib/openpgp.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/openpgp.php b/lib/openpgp.php index 13d6a9a..800debe 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -543,6 +543,11 @@ static function class_for($tag) { } class OpenPGP_SignaturePacket_Subpacket extends OpenPGP_Packet { + function __construct($data=NULL) { + parent::__construct($data); + $this->tag = array_search(substr(substr(get_class($this), 8+16), 0, -6), OpenPGP_SignaturePacket::$subpacket_types); + } + function header_and_body() { $body = $this->body(); // Get body first, we will need it's length $size = chr(255).pack('N', strlen($body)+1); // Use 5-octet lengths + 1 for tag as first packet body octet From eb7aaf490e34a605e7d5cb698f91f63aa2c9854e Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 09:19:01 -0500 Subject: [PATCH 005/176] Ensure 2 hex digits per byte --- lib/openpgp.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 800debe..947728c 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -607,7 +607,7 @@ class OpenPGP_SignaturePacket_RevocationKeyPacket extends OpenPGP_SignaturePacke class OpenPGP_SignaturePacket_IssuerPacket extends OpenPGP_SignaturePacket_Subpacket { function read() { for($i = 0; $i < 8; $i++) { // Store KeyID in Hex - $this->data .= dechex(ord($this->read_byte())); + $this->data .= sprintf('%02X',ord($this->read_byte())); } } @@ -694,7 +694,7 @@ function read() { $this->hash_algorithm = ord($this->read_byte()); $this->key_algorithm = ord($this->read_byte()); for($i = 0; $i < 8; $i++) { // Store KeyID in Hex - $this->key_id .= dechex(ord($this->read_byte())); + $this->key_id .= sprintf('%02X',ord($this->read_byte())); } $this->nested = ord($this->read_byte()); } From fe7121efe3a5a21f1a4b360c5673dc3409303bc7 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 09:20:13 -0500 Subject: [PATCH 006/176] Method for LiteralData normalization --- lib/openpgp.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/openpgp.php b/lib/openpgp.php index 947728c..9dcd5fd 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -981,6 +981,12 @@ function __construct($data=NULL, $opt=array()) { $this->timestamp = $opt['timestamp'] ? $opt['timestamp'] : time(); } + function normalize() { + if($opt['format'] == 'u' || $opt['format'] == 't') { // Normalize line endings + $this->data = str_replace("\n", "\r\n", str_replace("\r", "\n", str_replace("\r\n", "\n", $this->data))); + } + } + function read() { $this->size = $this->length - 1 - 4; $this->format = $this->read_byte(); From e3bc3757d10e17a392ea2b191dba4c1b0af321ea Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 09:20:27 -0500 Subject: [PATCH 007/176] Normalize before verifying --- lib/openpgp.php | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/openpgp.php b/lib/openpgp.php index 9dcd5fd..ae3b4b9 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -172,6 +172,7 @@ function verify($verifiers, $index=0) { $verifier = $verifiers[$signature_packet->key_algorithm_name()][$signature_packet->hash_algorithm_name()]; if(!$verifier) return NULL; // No verifier + $data_packet->normalize(); return call_user_func($verifier, $data_packet->data.$signature_packet->trailer, $signature_packet->data); } From 1c7f7597981dd168d19f2f23460ba53e70e1088f Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 09:21:00 -0500 Subject: [PATCH 008/176] There may be no subpackets --- lib/openpgp.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index ae3b4b9..84f4fd6 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -424,13 +424,13 @@ function body() { $body = chr(4).chr($this->signature_type).chr($this->key_algorithm).chr($this->hash_algorithm); $hashed_subpackets = ''; - foreach($this->hashed_subpackets as $p) { + foreach((array)$this->hashed_subpackets as $p) { $hashed_subpackets .= $p->to_bytes(); } $body .= pack('n', strlen($hashed_subpackets)).$hashed_subpackets; $unhashed_subpackets = ''; - foreach($this->unhashed_subpackets as $p) { + foreach((array)$this->unhashed_subpackets as $p) { $unhashed_subpackets .= $p->to_bytes(); } $body .= pack('n', strlen($unhashed_subpackets)).$unhashed_subpackets; From 1e2db5b249a8fe9f531d26c11222816531c9d2cd Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 09:22:08 -0500 Subject: [PATCH 009/176] This is the correct size --- lib/openpgp.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 84f4fd6..7abab01 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -436,7 +436,7 @@ function body() { $body .= pack('n', strlen($unhashed_subpackets)).$unhashed_subpackets; $body .= pack('n', $this->hash_head); - $body .= pack('n', floor((strlen($this->data) - 7)*8)).$this->data; + $body .= pack('n', strlen($this->data)*8).$this->data; return $body; } From ec4b5c5f7260c5e4b73e87ea9a0e627b0852b1de Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 09:22:37 -0500 Subject: [PATCH 010/176] Generate SignaturePacket trailer --- lib/openpgp.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 7abab01..319d369 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -420,7 +420,7 @@ function read() { } } - function body() { + function body($trailer=false) { $body = chr(4).chr($this->signature_type).chr($this->key_algorithm).chr($this->hash_algorithm); $hashed_subpackets = ''; @@ -429,6 +429,9 @@ function body() { } $body .= pack('n', strlen($hashed_subpackets)).$hashed_subpackets; + // The trailer is just the top of the body plus some crap + if($trailer) return $body.chr(4).chr(0xff).pack('N', strlen($body)); + $unhashed_subpackets = ''; foreach((array)$this->unhashed_subpackets as $p) { $unhashed_subpackets .= $p->to_bytes(); From 86c476807c080e901008c136b8cc8c9416cdad51 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 09:23:43 -0500 Subject: [PATCH 011/176] Contructor for OpenPGP_SignaturePacket --- lib/openpgp.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/lib/openpgp.php b/lib/openpgp.php index 319d369..e87857e 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -393,6 +393,27 @@ class OpenPGP_AsymmetricSessionKeyPacket extends OpenPGP_Packet { class OpenPGP_SignaturePacket extends OpenPGP_Packet { public $version, $signature_type, $hash_algorithm, $key_algorithm, $hashed_subpackets, $unhashed_subpackets, $hash_head; public $trailer; // This is the literal bytes that get tacked on the end of the message when verifying the signature + + function __construct($data=NULL, $key_algorithm=NULL, $hash_algorithm=NULL) { + parent::__construct(); + $this->version = 4; // Default to version 4 sigs + if(is_string($this->hash_algorithm = $hash_algorithm)) { + $this->hash_algorithm = array_search($this->hash_algorithm, self::$hash_algorithms); + } + if(is_string($this->key_algorithm = $key_algorithm)) { + $this->key_algorithm = array_search($this->key_algorithm, OpenPGP_PublicKeyPacket::$algorithms); + } + if($data) { // If we have any data, set up the creation time + $this->hashed_subpackets = array(new OpenPGP_SignaturePacket_SignatureCreationTimePacket(time())); + } + if($data instanceof OpenPGP_LiteralDataPacket) { + $this->signature_type = ($data->format == 'b') ? 0x00 : 0x01; + $data->normalize(); + $data = $data->data; + } + $this->data = $data; // Store to-be-signed data in here until the signing happens + } + function read() { switch($this->version = ord($this->read_byte())) { case 3: From 0b2942e382afcd646c36f402da9f9fef25f69144 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 09:24:14 -0500 Subject: [PATCH 012/176] SignaturePacket method to do actual signing --- lib/openpgp.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/lib/openpgp.php b/lib/openpgp.php index e87857e..4d9b528 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -414,6 +414,17 @@ function __construct($data=NULL, $key_algorithm=NULL, $hash_algorithm=NULL) { $this->data = $data; // Store to-be-signed data in here until the signing happens } + /** + * $this->data must be set to the data to sign (done by constructor) + * $signers in the same format as $verifiers for OpenPGP_Message. + */ + function sign_data($signers) { + $this->trailer = $this->body(true); + $signer = $signers[$this->key_algorithm_name()][$this->hash_algorithm_name()]; + $this->data = call_user_func($signer, $this->data.$this->trailer); + $this->hash_head = array_pop(unpack('n', substr($this->data, 0, 2))); + } + function read() { switch($this->version = ord($this->read_byte())) { case 3: From 191aeaa4d918efe77b4f7c01d8fc89bb6c9a1a9c Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 12:50:08 -0500 Subject: [PATCH 013/176] fingerprint works on secret key too --- lib/openpgp.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 4d9b528..c83ce8b 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -798,16 +798,19 @@ function fingerprint() { case 3: return $this->fingerprint = md5($this->key['n'] . $this->key['e']); case 4: - $material = array( - chr(0x99), pack('n', $this->length), + $head = array( + chr(0x99), NULL, chr($this->version), pack('N', $this->timestamp), chr($this->algorithm), ); + $material = array(); foreach ($this->key as $data) { $material[] = pack('n', OpenPGP::bitlength($data)); $material[] = $data; } - return $this->fingerprint = sha1(implode('', $material)); + $material = implode('', $material); + $head[1] = pack('n', 6 + strlen($material)); + return $this->fingerprint = sha1(implode('',$head).$material); } } From 6dc7c1eb2a65c6159d9b89bb9267a9b7d8130319 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 12:51:45 -0500 Subject: [PATCH 014/176] Abstract extracting a signature packet along with data --- lib/openpgp.php | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index c83ce8b..2192622 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -149,11 +149,7 @@ function to_bytes() { return $bytes; } - /** - * Function to verify signature number $index - * $verifiers is an array of callbacks formatted like array('RSA' => array('SHA256' => CALLBACK)) that take two parameters: message and signature - */ - function verify($verifiers, $index=0) { + function signature_and_data($index=0) { $msg = $this; while($msg[0] instanceof OpenPGP_CompressedDataPacket) $msg = $msg[0]; @@ -167,6 +163,15 @@ function verify($verifiers, $index=0) { if($signature_packet && $data_packet) break; } + return array($signature_packet, $data_packet); + } + + /** + * Function to verify signature number $index + * $verifiers is an array of callbacks formatted like array('RSA' => array('SHA256' => CALLBACK)) that take two parameters: message and signature + */ + function verify($verifiers, $index=0) { + list($signature_packet, $data_packet) = $this->signature_and_data($index); if(!$signature_packet || !$data_packet) return NULL; // No signature or no data $verifier = $verifiers[$signature_packet->key_algorithm_name()][$signature_packet->hash_algorithm_name()]; From 1e81ed0bb1362300e15c08b24035e393693399d8 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 12:53:39 -0500 Subject: [PATCH 015/176] Wrapper to use OpenPGP with Crypt_RSA --- lib/openpgp_crypt_rsa.php | 138 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 lib/openpgp_crypt_rsa.php diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php new file mode 100644 index 0000000..65a014d --- /dev/null +++ b/lib/openpgp_crypt_rsa.php @@ -0,0 +1,138 @@ + + * @link http://github.com/singpolyma/openpgp-php + */ + +// From http://phpseclib.sourceforge.net/ +require 'Crypt/RSA.php'; + +class OpenPGP_Crypt_RSA { + protected $key, $message; + + // Construct a wrapper object from a key or a message packet + function __construct($packet) { + if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet); + if($packet[0] instanceof OpenPGP_PublicKeyPacket) $packet = $packet[0]; + if($packet instanceof OpenPGP_PublicKeyPacket) { // If it's a key (other keys are subclasses of this one) + $this->key = $packet; + } else { + $this->message = $packet; + } + } + + // Get Crypt_RSA for the public key + function public_key() { + if(!$this->key) return NULL; // No key + return self::convert_public_key($this->key); + } + + // Get Crypt_RSA for the private key + function private_key() { + if(!$this->key) return NULL; // No key + return self::convert_private_key($this->key); + } + + // Pass a message to verify with this key, or a key (OpenPGP or Crypt_RSA) to check this message with + // Second optional parameter to specify which signature to verify (if there is more than one) + function verify($packet, $index=0) { + if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet); + if($packet[0] instanceof OpenPGP_PublicKeyPacket) $packet = $packet[0]; + if($packet instanceof OpenPGP_Message) { + $key = $this->public_key(); + list($signature_packet, $data_packet) = $packet->signature_and_data($index); + if(!$key || $signature_packet->key_algorithm_name() != 'RSA') return NULL; + $key->setHash(strtolower($signature_packet->hash_algorithm_name())); + return $packet->verify(array('RSA' => array($signature_packet->hash_algorithm_name() => array($key, 'verify')))); + } else { + list($signature_packet, $data_packet) = $this->message->signature_and_data($index); + if(!$this->message || $signature_packet->key_algorithm_name() != 'RSA') return NULL; + if(!($packet instanceof Crypt_RSA)) $packet = self::convert_public_key($packet); + $packet->setHash(strtolower($signature_packet->hash_algorithm_name())); + return $this->message->verify(array('RSA' => array($signature_packet->hash_algorithm_name() => array($packet, 'verify')))); + } + } + + // Pass a message to sign with this key, or a secret key to sign this message with + // Second parameter is hash algorithm to use (default SHA256) + // Third parameter is the 16-digit key ID to use... defaults to the key id in the key packet + function sign($packet, $hash='SHA256', $key_id=NULL) { + if(!is_object($packet)) { + if($this->key) { + $packet = new OpenPGP_LiteralDataPacket($packet); + } else { + $packet = OpenPGP_Message::parse($packet); + $packet = $packet[0]; + } + } + + if($packet instanceof OpenPGP_SecretKeyPacket || $packet instanceof Crypt_RSA) { + $key = $packet; + $message = $this->message; + } else { + $key = $this->private_key(); + $message = $packet; + } + + if(!$key || !$message) return NULL; // Missing some data + + if($message instanceof OpenPGP_Message) { + list($dummy, $message) = $message->signature_and_data(); + } + + if(!$key_id) $key_id = substr($key->fingerprint, -16, 16); + if($key instanceof OpenPGP_SecretKeyPacket) $key = self::convert_private_key($key); + $key->setHash(strtolower($hash)); + + $sig = new OpenPGP_SignaturePacket($message, 'RSA', strtoupper($hash)); + $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($key_id); + $sig->sign_data(array('RSA' => array($hash => array($key, 'sign')))); + + return new OpenPGP_Message(array($sig, $message)); + } + + static function crypt_rsa_key($mod, $exp, $hash='SHA256') { + $rsa = new Crypt_RSA(); + $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; + $rsa->setHash(strtolower($hash)); + $rsa->modulus = new Math_BigInteger($mod, 256); + $rsa->k = strlen($rsa->modulus->toBytes()); + $rsa->exponent = new Math_BigInteger($exp, 256); + return $rsa; + } + + static function convert_key($packet, $private=false) { + if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet); + if($packet instanceof OpenPGP_Message) $packet = $packet[0]; + + $mod = $packet->key['n']; + $exp = $packet->key['e']; + if($private) $exp = $packet->key['d']; + if(!$exp) return NULL; // Packet doesn't have needed data + + $rsa = self::crypt_rsa_key($mod, $exp); + + if($private) { + if($packet->key['p'] && $packet->key['q']) $rsa->primes = array($packet->key['p'], $packet->key['q']); + if($packet->key['u']) $rsa->coefficients = array($packet->key['u']); + } + + return $rsa; + } + + static function convert_public_key($packet) { + return self::convert_key($packet, false); + } + + static function convert_private_key($packet) { + return self::convert_key($packet, true); + } + +} + +?> From b42ec74ab4dbe698d9a37abd42534a50adc676fa Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 18:03:12 -0500 Subject: [PATCH 016/176] Conveniance function to get issuer --- lib/openpgp.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/openpgp.php b/lib/openpgp.php index 2192622..5eda640 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -489,6 +489,16 @@ function hash_algorithm_name() { return self::$hash_algorithms[$this->hash_algorithm]; } + function issuer() { + foreach($this->hashed_subpackets as $p) { + if($p instanceof OpenPGP_SignaturePacket_IssuerPacket) return $p->data; + } + foreach($this->unhashed_subpackets as $p) { + if($p instanceof OpenPGP_SignaturePacket_IssuerPacket) return $p->data; + } + return NULL; + } + /** * @see http://tools.ietf.org/html/rfc4880#section-5.2.3.1 */ From e931ebed253f0089f2caed00dd7d2f28acba93a6 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 18:03:42 -0500 Subject: [PATCH 017/176] Changes to allow using a set of keys (ie, key with subkeys) --- lib/openpgp_crypt_rsa.php | 52 +++++++++++++++++++++++++-------------- 1 file changed, 33 insertions(+), 19 deletions(-) diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index 65a014d..267ef1f 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -18,41 +18,52 @@ class OpenPGP_Crypt_RSA { // Construct a wrapper object from a key or a message packet function __construct($packet) { if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet); - if($packet[0] instanceof OpenPGP_PublicKeyPacket) $packet = $packet[0]; - if($packet instanceof OpenPGP_PublicKeyPacket) { // If it's a key (other keys are subclasses of this one) + if($packet instanceof OpenPGP_PublicKeyPacket || $packet[0] instanceof OpenPGP_PublicKeyPacket) { // If it's a key (other keys are subclasses of this one) $this->key = $packet; } else { $this->message = $packet; } } - // Get Crypt_RSA for the public key - function public_key() { + function key($keyid=NULL) { if(!$this->key) return NULL; // No key - return self::convert_public_key($this->key); + if($this->key instanceof OpenPGP_Message) { + foreach($this->key as $p) { + if($p instanceof OpenPGP_PublicKeyPacket) { + if(!$keyid || strtoupper(substr($p->fingerprint, strlen($keyid)*-1)) == strtoupper($keyid)) return $p; + } + } + } + return $this->key; + } + + // Get Crypt_RSA for the public key + function public_key($keyid=NULL) { + return self::convert_public_key($this->key($keyid)); } // Get Crypt_RSA for the private key - function private_key() { - if(!$this->key) return NULL; // No key - return self::convert_private_key($this->key); + function private_key($keyid=NULL) { + return self::convert_private_key($this->key($keyid)); } // Pass a message to verify with this key, or a key (OpenPGP or Crypt_RSA) to check this message with // Second optional parameter to specify which signature to verify (if there is more than one) function verify($packet, $index=0) { if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet); - if($packet[0] instanceof OpenPGP_PublicKeyPacket) $packet = $packet[0]; - if($packet instanceof OpenPGP_Message) { - $key = $this->public_key(); + if($packet instanceof OpenPGP_Message && !($packet[0] instanceof OpenPGP_PublicKeyPacket)) { list($signature_packet, $data_packet) = $packet->signature_and_data($index); + $key = $this->public_key($signature_packet->issuer()); if(!$key || $signature_packet->key_algorithm_name() != 'RSA') return NULL; $key->setHash(strtolower($signature_packet->hash_algorithm_name())); return $packet->verify(array('RSA' => array($signature_packet->hash_algorithm_name() => array($key, 'verify')))); } else { list($signature_packet, $data_packet) = $this->message->signature_and_data($index); if(!$this->message || $signature_packet->key_algorithm_name() != 'RSA') return NULL; - if(!($packet instanceof Crypt_RSA)) $packet = self::convert_public_key($packet); + if(!($packet instanceof Crypt_RSA)) { + $packet = new self($packet); + $packet = $packet->public_key($signature_packet->issuer()); + } $packet->setHash(strtolower($signature_packet->hash_algorithm_name())); return $this->message->verify(array('RSA' => array($signature_packet->hash_algorithm_name() => array($packet, 'verify')))); } @@ -61,21 +72,21 @@ function verify($packet, $index=0) { // Pass a message to sign with this key, or a secret key to sign this message with // Second parameter is hash algorithm to use (default SHA256) // Third parameter is the 16-digit key ID to use... defaults to the key id in the key packet - function sign($packet, $hash='SHA256', $key_id=NULL) { + function sign($packet, $hash='SHA256', $keyid=NULL) { if(!is_object($packet)) { if($this->key) { $packet = new OpenPGP_LiteralDataPacket($packet); } else { $packet = OpenPGP_Message::parse($packet); - $packet = $packet[0]; } } - if($packet instanceof OpenPGP_SecretKeyPacket || $packet instanceof Crypt_RSA) { + if($packet instanceof OpenPGP_SecretKeyPacket || $packet instanceof Crypt_RSA + || ($packet instanceof ArrayAccess && $packet[0] instanceof OpenPGP_SecretKeyPacket)) { $key = $packet; $message = $this->message; } else { - $key = $this->private_key(); + $key = $this->key; $message = $packet; } @@ -85,12 +96,15 @@ function sign($packet, $hash='SHA256', $key_id=NULL) { list($dummy, $message) = $message->signature_and_data(); } - if(!$key_id) $key_id = substr($key->fingerprint, -16, 16); - if($key instanceof OpenPGP_SecretKeyPacket) $key = self::convert_private_key($key); + if(!($key instanceof Crypt_RSA)) { + $key = new self($key); + if(!$keyid) $keyid = substr($key->key()->fingerprint, -16, 16); + $key = $key->private_key($keyid); + } $key->setHash(strtolower($hash)); $sig = new OpenPGP_SignaturePacket($message, 'RSA', strtoupper($hash)); - $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($key_id); + $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid); $sig->sign_data(array('RSA' => array($hash => array($key, 'sign')))); return new OpenPGP_Message(array($sig, $message)); From 417c206bee32990544f2e47776199325857ba3d0 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 18:18:02 -0500 Subject: [PATCH 018/176] Implement OpenPGP_SignaturePacket_EmbeddedSignaturePacket --- lib/openpgp.php | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 5eda640..d3a6bd3 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -719,8 +719,19 @@ class OpenPGP_SignaturePacket_SignatureTargetPacket extends OpenPGP_SignaturePac // TODO } -class OpenPGP_SignaturePacket_EmbeddedSignaturePacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO +class OpenPGP_SignaturePacket_EmbeddedSignaturePacket extends OpenPGP_SignaturePacket { + // TODO: This is duplicated from subpacket... improve? + function __construct($data=NULL) { + parent::__construct($data); + $this->tag = array_search(substr(substr(get_class($this), 8+16), 0, -6), OpenPGP_SignaturePacket::$subpacket_types); + } + + function header_and_body() { + $body = $this->body(); // Get body first, we will need it's length + $size = chr(255).pack('N', strlen($body)+1); // Use 5-octet lengths + 1 for tag as first packet body octet + $tag = chr($this->tag); + return array('header' => $size.$tag, 'body' => $body); + } } /** From 39e1d5c231e32f378e7ac837ec78f35dd7248b46 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 18:30:21 -0500 Subject: [PATCH 019/176] Conveniance function to get self signatures --- lib/openpgp.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/lib/openpgp.php b/lib/openpgp.php index d3a6bd3..7a5ec52 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -783,6 +783,27 @@ class OpenPGP_PublicKeyPacket extends OpenPGP_Packet { public $version, $timestamp, $algorithm; public $key, $key_id, $fingerprint; + // Find self signatures in a message, these often contain metadata about the key + function self_signatures($message) { + $sigs = array(); + $keyid16 = strtoupper(substr($this->fingerprint, -16)); + foreach($message as $p) { + if($p instanceof OpenPGP_SignaturePacket) { + if(strtoupper($p->issuer()) == $keyid16) { + $sigs[] = $p; + } else { + foreach(array_merge($p->hashed_subpackets, $p->unhashed_subpackets) as $s) { + if($s instanceof OpenPGP_SignaturePacket_EmbeddedSignaturePacket && strtoupper($s->issuer()) == $keyid16) { + $sigs[] = $p; + break; + } + } + } + } else if(count($sigs)) break; // After we've seen a self sig, the next non-sig stop all self-sigs + } + return $sigs; + } + /** * @see http://tools.ietf.org/html/rfc4880#section-5.5.2 */ From 99debc4540f9e490503ff31747cd096265abd7a2 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 18:38:54 -0500 Subject: [PATCH 020/176] Implement OpenPGP_SignaturePacket_SignatureExpirationTimePacket --- lib/openpgp.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 7a5ec52..939e891 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -621,7 +621,13 @@ function body() { } class OpenPGP_SignaturePacket_SignatureExpirationTimePacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + function read() { + $this->data = $this->read_timestamp(); + } + + function body() { + return pack('N', $this->data); + } } class OpenPGP_SignaturePacket_ExportableCertificationPacket extends OpenPGP_SignaturePacket_Subpacket { From 9cdc2500b18471c4c8ed741b27e729598e3e05af Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 18:39:04 -0500 Subject: [PATCH 021/176] Implement OpenPGP_SignaturePacket_KeyExpirationTimePacket --- lib/openpgp.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 939e891..d467572 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -647,7 +647,13 @@ class OpenPGP_SignaturePacket_RevocablePacket extends OpenPGP_SignaturePacket_Su } class OpenPGP_SignaturePacket_KeyExpirationTimePacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + function read() { + $this->data = $this->read_timestamp(); + } + + function body() { + return pack('N', $this->data); + } } class OpenPGP_SignaturePacket_PreferredSymmetricAlgorithmsPacket extends OpenPGP_SignaturePacket_Subpacket { From 5756085e8593e0a092d09f759416568fcc0f63eb Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 18:39:36 -0500 Subject: [PATCH 022/176] Convenience function for expiry time of keys --- lib/openpgp.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/lib/openpgp.php b/lib/openpgp.php index d467572..ad77852 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -816,6 +816,18 @@ function self_signatures($message) { return $sigs; } + // Find expiry time of this key based on the self signatures in a message + function expires($message) { + foreach($this->self_signatures($message) as $p) { + foreach(array_merge($p->hashed_subpackets, $p->unhashed_subpackets) as $s) { + if($s instanceof OpenPGP_SignaturePacket_KeyExpirationTimePacket) { + return $this->timestamp + $s->data; + } + } + } + return NULL; // Never expires + } + /** * @see http://tools.ietf.org/html/rfc4880#section-5.5.2 */ From 377a86aee9a2e030173ed1e480bcd9e637d514ce Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Apr 2010 18:42:28 -0500 Subject: [PATCH 023/176] Added feature to the README --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 64ec4e7..abc7d9d 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,7 @@ Features * Encodes and decodes ASCII-armored OpenPGP messages. * Parses OpenPGP messages into their constituent packets. * Supports both old-format (PGP 2.6.x) and new-format (RFC 4880) packets. +* Helper class for verifying and signing messages using Crypt_RSA from Users ----- From 66ab5ccf46f40ae6c31061287a42e0214cf5b9ed Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 28 Jun 2010 12:33:42 -0500 Subject: [PATCH 024/176] Fingerprint calculation works on secret keys now --- lib/openpgp.php | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index ad77852..a61cd58 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -848,12 +848,7 @@ function read() { * @see http://tools.ietf.org/html/rfc4880#section-5.5.2 */ function read_key_material() { - static $key_fields = array( - 1 => array('n', 'e'), // RSA - 16 => array('p', 'g', 'y'), // ELG-E - 17 => array('p', 'q', 'g', 'y'), // DSA - ); - foreach ($key_fields[$this->algorithm] as $field) { + foreach (self::$key_fields[$this->algorithm] as $field) { $this->key[$field] = $this->read_mpi(); } $this->key_id = substr($this->fingerprint(), -8); @@ -875,9 +870,9 @@ function fingerprint() { chr($this->algorithm), ); $material = array(); - foreach ($this->key as $data) { - $material[] = pack('n', OpenPGP::bitlength($data)); - $material[] = $data; + foreach (self::$key_fields[$this->algorithm] as $i) { + $material[] = pack('n', OpenPGP::bitlength($this->key[$i])); + $material[] = $this->key[$i]; } $material = implode('', $material); $head[1] = pack('n', 6 + strlen($material)); @@ -885,6 +880,12 @@ function fingerprint() { } } + static $key_fields = array( + 1 => array('n', 'e'), // RSA + 16 => array('p', 'g', 'y'), // ELG-E + 17 => array('p', 'q', 'g', 'y'), // DSA + ); + static $algorithms = array( 1 => 'RSA', 2 => 'RSA', From 6cbd7f6634f86c797202de42f3c4a272d840b7a3 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 28 Jun 2010 12:33:55 -0500 Subject: [PATCH 025/176] Check the actual format --- lib/openpgp.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index a61cd58..af25d9e 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -1093,7 +1093,7 @@ function __construct($data=NULL, $opt=array()) { } function normalize() { - if($opt['format'] == 'u' || $opt['format'] == 't') { // Normalize line endings + if($this->format == 'u' || $this->format == 't') { // Normalize line endings $this->data = str_replace("\n", "\r\n", str_replace("\r", "\n", str_replace("\r\n", "\n", $this->data))); } } From 1f04075ef5b78bf300d373b7ba50548a3ead4c84 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 23 Apr 2011 09:20:17 -0500 Subject: [PATCH 026/176] Example code on using the library --- examples/sign.php | 22 ++++++++++++++++++++++ examples/verify.php | 19 +++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 examples/sign.php create mode 100644 examples/verify.php diff --git a/examples/sign.php b/examples/sign.php new file mode 100644 index 0000000..b22c81c --- /dev/null +++ b/examples/sign.php @@ -0,0 +1,22 @@ + 'u', 'filename' => 'stuff.txt')); + +/* Create a signer from the key */ +$sign = new OpenPGP_Crypt_RSA($wkey); + +/* The message is the signed data packet */ +$m = $sign->sign($data); + +/* Output the raw message bytes to STDOUT */ +echo $m->to_bytes(); + +?> diff --git a/examples/verify.php b/examples/verify.php new file mode 100644 index 0000000..71221f9 --- /dev/null +++ b/examples/verify.php @@ -0,0 +1,19 @@ +verify($m)); + +?> From 6b8445737e82db2641b3a6bfa40d9ed1e0df4c68 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 28 Apr 2011 08:07:06 -0500 Subject: [PATCH 027/176] Newline before crc24 on enarmor --- lib/openpgp.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index af25d9e..a526135 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -29,7 +29,7 @@ static function enarmor($data, $marker = 'MESSAGE', array $headers = array()) { $text .= $key . ': ' . (string)$value . "\n"; } $text .= "\n" . base64_encode($data); - $text .= '=' . substr(pack('N', self::crc24($data)), 1) . "\n"; + $text .= "\n".'=' . substr(pack('N', self::crc24($data)), 1) . "\n"; $text .= self::footer($marker) . "\n"; return $text; } From af3643c919e51dbf882d7cb29380478239a10a1d Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 28 Apr 2011 08:10:10 -0500 Subject: [PATCH 028/176] crc24 was not encoded --- examples/sign.php | 3 +++ lib/openpgp.php | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/examples/sign.php b/examples/sign.php index b22c81c..c6395cc 100644 --- a/examples/sign.php +++ b/examples/sign.php @@ -3,6 +3,9 @@ require dirname(__FILE__).'/../lib/openpgp.php'; require dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php'; +echo OpenPGP::enarmor("test"); +exit; + /* Parse secret key from STDIN, the key must not be password protected */ $wkey = OpenPGP_Message::parse(file_get_contents('php://stdin')); $wkey = $wkey[0]; diff --git a/lib/openpgp.php b/lib/openpgp.php index a526135..b3a2fd6 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -29,7 +29,7 @@ static function enarmor($data, $marker = 'MESSAGE', array $headers = array()) { $text .= $key . ': ' . (string)$value . "\n"; } $text .= "\n" . base64_encode($data); - $text .= "\n".'=' . substr(pack('N', self::crc24($data)), 1) . "\n"; + $text .= "\n".'=' . base64_encode(substr(pack('N', self::crc24($data)), 1)) . "\n"; $text .= self::footer($marker) . "\n"; return $text; } From 951ff2cacc857a42f310c5be3503dfdb845c9bb7 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 25 Jul 2011 11:50:27 -0500 Subject: [PATCH 029/176] use bitlength --- lib/openpgp.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index b3a2fd6..4a417e8 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -476,7 +476,7 @@ function body($trailer=false) { $body .= pack('n', strlen($unhashed_subpackets)).$unhashed_subpackets; $body .= pack('n', $this->hash_head); - $body .= pack('n', strlen($this->data)*8).$this->data; + $body .= pack('n', OpenPGP::bitlength($this->data)).$this->data; return $body; } From 1322f45ded0925f61485ea58c551c45959408303 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 25 Jul 2011 12:01:26 -0500 Subject: [PATCH 030/176] revert broken example script --- examples/sign.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/examples/sign.php b/examples/sign.php index c6395cc..b22c81c 100644 --- a/examples/sign.php +++ b/examples/sign.php @@ -3,9 +3,6 @@ require dirname(__FILE__).'/../lib/openpgp.php'; require dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php'; -echo OpenPGP::enarmor("test"); -exit; - /* Parse secret key from STDIN, the key must not be password protected */ $wkey = OpenPGP_Message::parse(file_get_contents('php://stdin')); $wkey = $wkey[0]; From 82fb19cc314cc6b2a6f39f50f21d81c996d60822 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 25 Jul 2011 12:03:46 -0500 Subject: [PATCH 031/176] Implement KeyFlagsPacket --- lib/openpgp.php | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 4a417e8..7e25d6e 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -712,7 +712,25 @@ class OpenPGP_SignaturePacket_PolicyURIPacket extends OpenPGP_SignaturePacket_Su } class OpenPGP_SignaturePacket_KeyFlagsPacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + function __construct($flags=array()) { + parent::__construct(); + $this->flags = $flags; + } + + function read() { + $this->flags = array(); + while($this->input) { + $this->flags[] = ord($this->read_byte()); + } + } + + function body() { + $bytes = ''; + foreach($this->flags as $f) { + $bytes .= chr($f); + } + return $bytes; + } } class OpenPGP_SignaturePacket_SignersUserIDPacket extends OpenPGP_SignaturePacket_Subpacket { From dab71c18548c7b606ab5054b5865a77b0ebc07eb Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 25 Jul 2011 12:06:21 -0500 Subject: [PATCH 032/176] Implement FeaturesPacket --- lib/openpgp.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 7e25d6e..45193ab 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -741,8 +741,9 @@ class OpenPGP_SignaturePacket_ReasonforRevocationPacket extends OpenPGP_Signatur // TODO } -class OpenPGP_SignaturePacket_FeaturesPacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + +class OpenPGP_SignaturePacket_FeaturesPacket extends OpenPGP_SignaturePacket_KeyFlagsPacket { + // Identical functionality to parent } class OpenPGP_SignaturePacket_SignatureTargetPacket extends OpenPGP_SignaturePacket_Subpacket { From 0f5742ba0dfc446a3bbff04c9f6e02c34ebd523a Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 25 Jul 2011 12:23:00 -0500 Subject: [PATCH 033/176] Implement output body for PublicKeyPacket --- lib/openpgp.php | 35 ++++++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 7 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 45193ab..c1e5df6 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -873,15 +873,11 @@ function read_key_material() { $this->key_id = substr($this->fingerprint(), -8); } - /** - * @see http://tools.ietf.org/html/rfc4880#section-12.2 - * @see http://tools.ietf.org/html/rfc4880#section-3.3 - */ - function fingerprint() { + function fingerprint_material() { switch ($this->version) { case 2: case 3: - return $this->fingerprint = md5($this->key['n'] . $this->key['e']); + return array($this->key['n'], $this->key['e']); case 4: $head = array( chr(0x99), NULL, @@ -895,7 +891,32 @@ function fingerprint() { } $material = implode('', $material); $head[1] = pack('n', 6 + strlen($material)); - return $this->fingerprint = sha1(implode('',$head).$material); + $head[] = $material; + return $head; + } + } + + /** + * @see http://tools.ietf.org/html/rfc4880#section-12.2 + * @see http://tools.ietf.org/html/rfc4880#section-3.3 + */ + function fingerprint() { + switch ($this->version) { + case 2: + case 3: + return md5(implode('', $this->fingerprint_material())); + case 4: + return sha1(implode('', $this->fingerprint_material())); + } + } + + function body() { + switch ($this->version) { + case 2: + case 3: + /* TODO */ + case 4: + return implode('', array_slice($this->fingerprint_material(), 2)); } } From 69ade89111d7f2334d447a3eb8c54489aa6c5cad Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 25 Jul 2011 12:28:33 -0500 Subject: [PATCH 034/176] refactor SecretKeyPacket read --- lib/openpgp.php | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index c1e5df6..08588ee 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -985,16 +985,19 @@ function read() { } } + static $secret_key_fields = array( + 1 => array('d', 'p', 'q', 'u'), // RSA + 2 => array('d', 'p', 'q', 'u'), // RSA-E + 3 => array('d', 'p', 'q', 'u'), // RSA-S + 16 => array('x'), // ELG-E + 17 => array('x'), // DSA + ); + function key_from_data() { if(!$this->data) return NULL; // Not decrypted yet $this->input = $this->data; - static $key_fields = array( - 1 => array('d', 'p', 'q', 'u'), // RSA - 16 => array('x'), // ELG-E - 17 => array('x'), // DSA - ); - foreach($key_fields[$this->algorithm] as $field) { + foreach(self::$secret_key_fields[$this->algorithm] as $field) { $this->key[$field] = $this->read_mpi(); } From c2c934fa6ab3727462bfd5ef0eec5291c8d3a8d1 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 25 Jul 2011 12:46:50 -0500 Subject: [PATCH 035/176] Implement SecretKeyPacket output body --- lib/openpgp.php | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/lib/openpgp.php b/lib/openpgp.php index 08588ee..39f9bbf 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -1010,6 +1010,46 @@ function key_from_data() { unset($this->input); } + + function body() { + $bytes = parent::body() . chr($this->s2k_useage); + $secret_material = NULL; + if($this->s2k_usage == 255 || $this->s2k_usage == 254) { + $bytes .= chr($this->symmetric_type); + $bytes .= chr($this->s2k_type); + $bytes .= chr($this->s2k_hash_algorithm); + if($this->s2k_type == 1 || $this->s2k_type == 3) { + $bytes .= $this->s2k_salt; + } + if($this->s2k_type == 3) { + // TODO: reverse ugly bit manipulation + } + } + if($this->s2k_usage > 0) { + $bytes .= $this->encrypted_data; + } else { + $secret_material = ''; + foreach(self::$secret_key_fields[$this->algorithm] as $f) { + $f = $this->key[$f]; + $secret_material .= pack('n', OpenPGP::bitlength($f)); + $secret_material .= $f; + } + $bytes .= $secret_material; + } + if($this->s2k_useage == 254) { + // TODO: SHA1 checksum + $bytes .= "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; + } else { + // 2-octet checksum + // TODO: this design will not work for encrypted keys + $chk = 0; + for($i = 0; $i < strlen($secret_material); $i++) { + $chk = ($chk + ord($secret_material[$i])) % 65536; + } + $bytes .= pack('n', $chk); + } + return $bytes; + } } /** From 6bf8e8cb6b91b6e9f695dc662bdef7c373b689c9 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 25 Jul 2011 12:51:08 -0500 Subject: [PATCH 036/176] UserIDPacket body --- lib/openpgp.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/openpgp.php b/lib/openpgp.php index 39f9bbf..ff5dcc9 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -1249,6 +1249,10 @@ function __toString() { if ($this->email) { $text[] = "<{$this->email}>"; } return implode(' ', $text); } + + function body() { + return ''.$this; // Convert to string is the body + } } /** From 4dbfbcb88db683c56287914099906d53cb2e7b1f Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 25 Jul 2011 15:13:24 -0500 Subject: [PATCH 037/176] Working constructor for PublicKey --- lib/openpgp.php | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index ff5dcc9..4c60059 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -814,6 +814,17 @@ class OpenPGP_PublicKeyPacket extends OpenPGP_Packet { public $version, $timestamp, $algorithm; public $key, $key_id, $fingerprint; + function __construct($key=array(), $algorithm='RSA', $timestamp=NULL, $version=4) { + parent::__construct(); + $this->key = $key; + if(is_string($this->algorithm = $algorithm)) { + $this->algorithm = array_search($this->algorithm, self::$algorithms); + } + $this->timestamp = $timestamp ? $timestamp : time(); + $this->version = $version; + $this->key_id = substr($this->fingerprint(), -8); + } + // Find self signatures in a message, these often contain metadata about the key function self_signatures($message) { $sigs = array(); @@ -904,9 +915,9 @@ function fingerprint() { switch ($this->version) { case 2: case 3: - return md5(implode('', $this->fingerprint_material())); + return $this->fingerprint = md5(implode('', $this->fingerprint_material())); case 4: - return sha1(implode('', $this->fingerprint_material())); + return $this->fingerprint = sha1(implode('', $this->fingerprint_material())); } } From fb9fddde16baf3497112c000e70baa222862c747 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 25 Jul 2011 15:14:45 -0500 Subject: [PATCH 038/176] Working constructor for UserID --- lib/openpgp.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/lib/openpgp.php b/lib/openpgp.php index 4c60059..83c2b73 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -1225,6 +1225,18 @@ class OpenPGP_TrustPacket extends OpenPGP_Packet { class OpenPGP_UserIDPacket extends OpenPGP_Packet { public $name, $comment, $email; + function __construct($name='', $comment='', $email='') { + parent::__construct(); + if(!$comment && !$email) { + $this->input = $name; + $this->read(); + } else { + $this->name = $name; + $this->comment = $comment; + $this->email = $email; + } + } + function read() { $this->text = $this->input; // User IDs of the form: "name (comment) " From b84a2a8752a493dd11bbbe9fae2a4f068ee502ec Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 25 Jul 2011 15:15:01 -0500 Subject: [PATCH 039/176] Allow using keys as data to sign over --- lib/openpgp.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/openpgp.php b/lib/openpgp.php index 83c2b73..956d089 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -415,6 +415,11 @@ function __construct($data=NULL, $key_algorithm=NULL, $hash_algorithm=NULL) { $this->signature_type = ($data->format == 'b') ? 0x00 : 0x01; $data->normalize(); $data = $data->data; + } else if($data instanceof OpenPGP_Message && $data[0] instanceof OpenPGP_PublicKeyPacket) { + // $data is a message with PublicKey first, UserID second + $key = implode('', $data[0]->fingerprint_material()); + $user_id = $data[1]->body(); + $data = $key . chr(0xB4) . pack('N', strlen($user_id)) . $user_id; } $this->data = $data; // Store to-be-signed data in here until the signing happens } From 379c79d3ad9fc29fe4fd4f18da941e19bc315c4c Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 25 Jul 2011 15:15:17 -0500 Subject: [PATCH 040/176] Crypt_RSA wrapper for signing keys --- lib/openpgp_crypt_rsa.php | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index 267ef1f..8cf4495 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -110,6 +110,35 @@ function sign($packet, $hash='SHA256', $keyid=NULL) { return new OpenPGP_Message(array($sig, $message)); } + // Pass a message with a key and userid packet to sign + function sign_key_userid($packet, $hash='SHA256', $keyid=NULL) { + if(is_array($packet)) { + $packet = new OpenPGP_Message($packet); + } else if(!is_object($packet)) { + $packet = OpenPGP_Message::parse($packet); + } + + $key = $this->private_key($keyid); + if(!$key || !$packet) return NULL; // Missing some data + + if(!$keyid) $keyid = substr($this->key->fingerprint, -16); + $key->setHash(strtolower($hash)); + + $sig = $packet->signature_and_data(); + $sig = $sig[1]; + if(!$sig) { + $sig = new OpenPGP_SignaturePacket($packet, 'RSA', strtoupper($hash)); + $sig->signature_type = 0x13; + $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_KeyFlagsPacket(array(0x01, 0x02)); + $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid); + $packet[] = $sig; + } + + $sig->sign_data(array('RSA' => array($hash => array($key, 'sign')))); + + return $packet; + } + static function crypt_rsa_key($mod, $exp, $hash='SHA256') { $rsa = new Crypt_RSA(); $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; From ae7454c504fd638397d0b2e178a457ded2705f18 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 25 Jul 2011 15:15:40 -0500 Subject: [PATCH 041/176] Example code for generating a self-signed key --- examples/keygen.php | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 examples/keygen.php diff --git a/examples/keygen.php b/examples/keygen.php new file mode 100644 index 0000000..f0a8b56 --- /dev/null +++ b/examples/keygen.php @@ -0,0 +1,24 @@ +createKey(512); +$rsa->loadKey($k['privatekey']); + +$nkey = new OpenPGP_SecretKeyPacket(array( + 'n' => $rsa->modulus->toBytes(), + 'e' => $rsa->publicExponent->toBytes(), + 'd' => $rsa->exponent->toBytes(), + 'p' => $rsa->primes[1]->toBytes(), + 'q' => $rsa->primes[2]->toBytes(), + 'u' => $rsa->coefficients[2]->toBytes() +)); + +$uid = new OpenPGP_UserIDPacket('Test '); + +$wkey = new OpenPGP_Crypt_RSA($nkey); +$m = $wkey->sign_key_userid(array($nkey, $uid)); + +print $m->to_bytes(); From 5cba4f269771cdef54b42052d70af88c7839934f Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sun, 20 Jan 2013 14:41:37 -0500 Subject: [PATCH 042/176] Import Serialization tests from OpenPGP-Haskell --- .travis.yml | 4 + lib/openpgp.php | 14 +- phpunit.xml | 7 + tests/data/000001-006.public_key | Bin 0 -> 171 bytes tests/data/000002-013.user_id | 1 + tests/data/000003-002.sig | Bin 0 -> 113 bytes tests/data/000004-012.ring_trust | Bin 0 -> 4 bytes tests/data/000005-002.sig | Bin 0 -> 113 bytes tests/data/000006-012.ring_trust | Bin 0 -> 4 bytes tests/data/000007-002.sig | Bin 0 -> 220 bytes tests/data/000008-012.ring_trust | Bin 0 -> 4 bytes tests/data/000009-002.sig | Bin 0 -> 158 bytes tests/data/000010-012.ring_trust | Bin 0 -> 4 bytes tests/data/000011-002.sig | Bin 0 -> 96 bytes tests/data/000012-012.ring_trust | Bin 0 -> 4 bytes tests/data/000013-014.public_subkey | Bin 0 -> 171 bytes tests/data/000014-002.sig | Bin 0 -> 195 bytes tests/data/000015-012.ring_trust | Bin 0 -> 4 bytes tests/data/000016-006.public_key | Bin 0 -> 1201 bytes tests/data/000017-002.sig | Bin 0 -> 123 bytes tests/data/000018-012.ring_trust | Bin 0 -> 4 bytes tests/data/000019-013.user_id | 1 + tests/data/000020-002.sig | Bin 0 -> 130 bytes tests/data/000021-012.ring_trust | Bin 0 -> 4 bytes tests/data/000022-002.sig | Bin 0 -> 186 bytes tests/data/000023-012.ring_trust | Bin 0 -> 4 bytes tests/data/000024-014.public_subkey | Bin 0 -> 608 bytes tests/data/000025-002.sig | Bin 0 -> 105 bytes tests/data/000026-012.ring_trust | Bin 0 -> 4 bytes tests/data/000027-006.public_key | Bin 0 -> 421 bytes tests/data/000028-002.sig | Bin 0 -> 99 bytes tests/data/000029-012.ring_trust | Bin 0 -> 4 bytes tests/data/000030-013.user_id | 1 + tests/data/000031-002.sig | Bin 0 -> 132 bytes tests/data/000032-012.ring_trust | Bin 0 -> 4 bytes tests/data/000033-002.sig | Bin 0 -> 96 bytes tests/data/000034-012.ring_trust | Bin 0 -> 4 bytes tests/data/000035-006.public_key | Bin 0 -> 143 bytes tests/data/000036-013.user_id | 1 + tests/data/000037-002.sig | Bin 0 -> 192 bytes tests/data/000038-012.ring_trust | Bin 0 -> 4 bytes tests/data/000039-002.sig | Bin 0 -> 72 bytes tests/data/000040-012.ring_trust | Bin 0 -> 4 bytes tests/data/000041-017.attribute | Bin 0 -> 1761 bytes tests/data/000042-002.sig | Bin 0 -> 192 bytes tests/data/000043-012.ring_trust | Bin 0 -> 4 bytes tests/data/000044-014.public_subkey | Bin 0 -> 272 bytes tests/data/000045-002.sig | Bin 0 -> 161 bytes tests/data/000046-012.ring_trust | Bin 0 -> 4 bytes tests/data/000047-005.secret_key | Bin 0 -> 610 bytes tests/data/000048-013.user_id | 1 + tests/data/000049-002.sig | Bin 0 -> 220 bytes tests/data/000050-012.ring_trust | Bin 0 -> 4 bytes tests/data/000051-007.secret_subkey | Bin 0 -> 611 bytes tests/data/000052-002.sig | Bin 0 -> 195 bytes tests/data/000053-012.ring_trust | Bin 0 -> 4 bytes tests/data/000054-005.secret_key | Bin 0 -> 1275 bytes tests/data/000055-002.sig | Bin 0 -> 123 bytes tests/data/000056-012.ring_trust | Bin 0 -> 4 bytes tests/data/000057-013.user_id | 1 + tests/data/000058-002.sig | Bin 0 -> 130 bytes tests/data/000059-012.ring_trust | Bin 0 -> 4 bytes tests/data/000060-007.secret_subkey | Bin 0 -> 698 bytes tests/data/000061-002.sig | Bin 0 -> 104 bytes tests/data/000062-012.ring_trust | Bin 0 -> 4 bytes tests/data/000063-005.secret_key | Bin 0 -> 484 bytes tests/data/000064-002.sig | Bin 0 -> 99 bytes tests/data/000065-012.ring_trust | Bin 0 -> 4 bytes tests/data/000066-013.user_id | 1 + tests/data/000067-002.sig | Bin 0 -> 106 bytes tests/data/000068-012.ring_trust | Bin 0 -> 4 bytes tests/data/000069-005.secret_key | Bin 0 -> 513 bytes tests/data/000070-013.user_id | 1 + tests/data/000071-002.sig | Bin 0 -> 192 bytes tests/data/000072-012.ring_trust | Bin 0 -> 4 bytes tests/data/000073-017.attribute | Bin 0 -> 1761 bytes tests/data/000074-002.sig | Bin 0 -> 192 bytes tests/data/000075-012.ring_trust | Bin 0 -> 4 bytes tests/data/000076-007.secret_subkey | Bin 0 -> 961 bytes tests/data/000077-002.sig | Bin 0 -> 161 bytes tests/data/000078-012.ring_trust | Bin 0 -> 4 bytes tests/data/002182-002.sig | Bin 0 -> 363 bytes tests/data/compressedsig-bzip2.gpg | Bin 0 -> 442 bytes tests/data/compressedsig-zlib.gpg | Bin 0 -> 322 bytes tests/data/compressedsig.gpg | Bin 0 -> 324 bytes tests/data/onepass_sig | Bin 0 -> 15 bytes tests/data/pubring.gpg | Bin 0 -> 179272 bytes tests/data/secring.gpg | Bin 0 -> 9329 bytes tests/data/symmetrically_encrypted | Bin 0 -> 528 bytes .../data/uncompressed-ops-dsa-sha384.txt.gpg | Bin 0 -> 150 bytes tests/data/uncompressed-ops-dsa.gpg | Bin 0 -> 150 bytes tests/data/uncompressed-ops-rsa.gpg | Bin 0 -> 236 bytes tests/suite.php | 369 ++++++++++++++++++ 93 files changed, 397 insertions(+), 5 deletions(-) create mode 100644 .travis.yml create mode 100644 phpunit.xml create mode 100644 tests/data/000001-006.public_key create mode 100644 tests/data/000002-013.user_id create mode 100644 tests/data/000003-002.sig create mode 100644 tests/data/000004-012.ring_trust create mode 100644 tests/data/000005-002.sig create mode 100644 tests/data/000006-012.ring_trust create mode 100644 tests/data/000007-002.sig create mode 100644 tests/data/000008-012.ring_trust create mode 100644 tests/data/000009-002.sig create mode 100644 tests/data/000010-012.ring_trust create mode 100644 tests/data/000011-002.sig create mode 100644 tests/data/000012-012.ring_trust create mode 100644 tests/data/000013-014.public_subkey create mode 100644 tests/data/000014-002.sig create mode 100644 tests/data/000015-012.ring_trust create mode 100644 tests/data/000016-006.public_key create mode 100644 tests/data/000017-002.sig create mode 100644 tests/data/000018-012.ring_trust create mode 100644 tests/data/000019-013.user_id create mode 100644 tests/data/000020-002.sig create mode 100644 tests/data/000021-012.ring_trust create mode 100644 tests/data/000022-002.sig create mode 100644 tests/data/000023-012.ring_trust create mode 100644 tests/data/000024-014.public_subkey create mode 100644 tests/data/000025-002.sig create mode 100644 tests/data/000026-012.ring_trust create mode 100644 tests/data/000027-006.public_key create mode 100644 tests/data/000028-002.sig create mode 100644 tests/data/000029-012.ring_trust create mode 100644 tests/data/000030-013.user_id create mode 100644 tests/data/000031-002.sig create mode 100644 tests/data/000032-012.ring_trust create mode 100644 tests/data/000033-002.sig create mode 100644 tests/data/000034-012.ring_trust create mode 100644 tests/data/000035-006.public_key create mode 100644 tests/data/000036-013.user_id create mode 100644 tests/data/000037-002.sig create mode 100644 tests/data/000038-012.ring_trust create mode 100644 tests/data/000039-002.sig create mode 100644 tests/data/000040-012.ring_trust create mode 100644 tests/data/000041-017.attribute create mode 100644 tests/data/000042-002.sig create mode 100644 tests/data/000043-012.ring_trust create mode 100644 tests/data/000044-014.public_subkey create mode 100644 tests/data/000045-002.sig create mode 100644 tests/data/000046-012.ring_trust create mode 100644 tests/data/000047-005.secret_key create mode 100644 tests/data/000048-013.user_id create mode 100644 tests/data/000049-002.sig create mode 100644 tests/data/000050-012.ring_trust create mode 100644 tests/data/000051-007.secret_subkey create mode 100644 tests/data/000052-002.sig create mode 100644 tests/data/000053-012.ring_trust create mode 100644 tests/data/000054-005.secret_key create mode 100644 tests/data/000055-002.sig create mode 100644 tests/data/000056-012.ring_trust create mode 100644 tests/data/000057-013.user_id create mode 100644 tests/data/000058-002.sig create mode 100644 tests/data/000059-012.ring_trust create mode 100644 tests/data/000060-007.secret_subkey create mode 100644 tests/data/000061-002.sig create mode 100644 tests/data/000062-012.ring_trust create mode 100644 tests/data/000063-005.secret_key create mode 100644 tests/data/000064-002.sig create mode 100644 tests/data/000065-012.ring_trust create mode 100644 tests/data/000066-013.user_id create mode 100644 tests/data/000067-002.sig create mode 100644 tests/data/000068-012.ring_trust create mode 100644 tests/data/000069-005.secret_key create mode 100644 tests/data/000070-013.user_id create mode 100644 tests/data/000071-002.sig create mode 100644 tests/data/000072-012.ring_trust create mode 100644 tests/data/000073-017.attribute create mode 100644 tests/data/000074-002.sig create mode 100644 tests/data/000075-012.ring_trust create mode 100644 tests/data/000076-007.secret_subkey create mode 100644 tests/data/000077-002.sig create mode 100644 tests/data/000078-012.ring_trust create mode 100644 tests/data/002182-002.sig create mode 100644 tests/data/compressedsig-bzip2.gpg create mode 100644 tests/data/compressedsig-zlib.gpg create mode 100644 tests/data/compressedsig.gpg create mode 100644 tests/data/onepass_sig create mode 100644 tests/data/pubring.gpg create mode 100644 tests/data/secring.gpg create mode 100644 tests/data/symmetrically_encrypted create mode 100644 tests/data/uncompressed-ops-dsa-sha384.txt.gpg create mode 100644 tests/data/uncompressed-ops-dsa.gpg create mode 100644 tests/data/uncompressed-ops-rsa.gpg create mode 100644 tests/suite.php diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..ea9620f --- /dev/null +++ b/.travis.yml @@ -0,0 +1,4 @@ +language: php +php: + - 5.3 + - 5.4 diff --git a/lib/openpgp.php b/lib/openpgp.php index 956d089..327d7f7 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -533,6 +533,7 @@ static function get_subpacket(&$input) { $input = substr($input, $length_of_length); // Chop off length header $tag = ord($input[0]); $class = self::class_for($tag); + $packet = NULL; if($class) { $packet = new $class(); $packet->tag = $tag; @@ -592,7 +593,7 @@ static function get_subpacket(&$input) { ); static function class_for($tag) { - if(!self::$subpacket_types[$tag]) return NULL; + if(!isset(self::$subpacket_types[$tag])) return NULL; return 'OpenPGP_SignaturePacket_'.self::$subpacket_types[$tag].'Packet'; } @@ -827,7 +828,10 @@ function __construct($key=array(), $algorithm='RSA', $timestamp=NULL, $version=4 } $this->timestamp = $timestamp ? $timestamp : time(); $this->version = $version; - $this->key_id = substr($this->fingerprint(), -8); + + if(count($this->key) > 0) { + $this->key_id = substr($this->fingerprint(), -8); + } } // Find self signatures in a message, these often contain metadata about the key @@ -1186,9 +1190,9 @@ class OpenPGP_LiteralDataPacket extends OpenPGP_Packet { function __construct($data=NULL, $opt=array()) { parent::__construct(); $this->data = $data; - $this->format = $opt['format'] ? $opt['format'] : 'b'; - $this->filename = $opt['filename'] ? $opt['filename'] : 'data'; - $this->timestamp = $opt['timestamp'] ? $opt['timestamp'] : time(); + $this->format = isset($opt['format']) ? $opt['format'] : 'b'; + $this->filename = isset($opt['filename']) ? $opt['filename'] : 'data'; + $this->timestamp = isset($opt['timestamp']) ? $opt['timestamp'] : time(); } function normalize() { diff --git a/phpunit.xml b/phpunit.xml new file mode 100644 index 0000000..375bb57 --- /dev/null +++ b/phpunit.xml @@ -0,0 +1,7 @@ + + + + tests/suite.php + + + diff --git a/tests/data/000001-006.public_key b/tests/data/000001-006.public_key new file mode 100644 index 0000000000000000000000000000000000000000..7cbab1782dba45124ee8b8854ad044a0519fba95 GIT binary patch literal 171 zcmV;c095~&sRU1V5+nfx;LJxfa;xL2ys38ABaB!zf$*bS0KjqzHdJg=2q_9ahU%=D z_mI%vm&nmanFUJ>DfZ*fl37ZtkxG*uzL#OJBAayf@*0hGcRwQ)j1b>6^Zub=XuT;= zsfB-5bIjv4tyR}tqU;xT0wEm`N*pF^@TP5~p-J5e1Lq7@Llrdhpss*x5!GWH@sG#( ZZd4F{Jb`YxMfkS)gG#Hm_W%(A00Fw?PdWeq literal 0 HcmV?d00001 diff --git a/tests/data/000002-013.user_id b/tests/data/000002-013.user_id new file mode 100644 index 0000000..759449b --- /dev/null +++ b/tests/data/000002-013.user_id @@ -0,0 +1 @@ +´$Test Key (RSA) \ No newline at end of file diff --git a/tests/data/000003-002.sig b/tests/data/000003-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..1e0656d2722ae7a4030bd7ab6fae63733142b3ef GIT binary patch literal 113 zcmV-%0FM8NZv-$A2mlua0#A2I)es#3RAqB?X>MmAa%FaNX=eZm2@qbN6(d11V%!I% z0RL%1+E(!+j@aK<_o3VekP@OALuhUto0*|{Aevv literal 0 HcmV?d00001 diff --git a/tests/data/000004-012.ring_trust b/tests/data/000004-012.ring_trust new file mode 100644 index 0000000000000000000000000000000000000000..ffa57e57af6498c1b6c699d816582b41adcd6bd7 GIT binary patch literal 4 LcmdnM#J~&y0?h!n literal 0 HcmV?d00001 diff --git a/tests/data/000005-002.sig b/tests/data/000005-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..108b99842af5698d2404f86244708d041e180a62 GIT binary patch literal 113 zcmV-%0FM8NZv-$A2mlua0#A2IL=YVSbY*jNX>MmAa%FaNX=eZm2@qbN6(d11V%$C} z0Q?P==j_2FnlaJ6UQwH&9MOMm?|L@z10k>^Nt?9Nh~X?j@S12ty2AXeX>~){ WVW%WuZOUvl#bq(P&ZQTjvF~nhds_1V literal 0 HcmV?d00001 diff --git a/tests/data/000008-012.ring_trust b/tests/data/000008-012.ring_trust new file mode 100644 index 0000000000000000000000000000000000000000..ffa57e57af6498c1b6c699d816582b41adcd6bd7 GIT binary patch literal 4 LcmdnM#J~&y0?h!n literal 0 HcmV?d00001 diff --git a/tests/data/000009-002.sig b/tests/data/000009-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..4a282dd68e85df54e93a9c74756d3d3d55a2271c GIT binary patch literal 158 zcmV;P0Ac@#oCFX70ssaD0#A2HcK`|r5Z>HA&uE(UZ4rP30K&Aj?Gz&raQ+uU5o)H{ zND2M#bYJ2nDxT!ZS;hUD%P&?tgBoitS)X~1u$Z~t&mJ8&wIw@xqbP__c5avc%_?6v zN}&DxMD#1$>9Zy(xGbS*Y=4(29b@nduioZagEQFy`)&s2__tk{RefRHME|dWd?H(q M-%c2=BN3zKVd64KyZ`_I literal 0 HcmV?d00001 diff --git a/tests/data/000010-012.ring_trust b/tests/data/000010-012.ring_trust new file mode 100644 index 0000000000000000000000000000000000000000..ffa57e57af6498c1b6c699d816582b41adcd6bd7 GIT binary patch literal 4 LcmdnM#J~&y0?h!n literal 0 HcmV?d00001 diff --git a/tests/data/000011-002.sig b/tests/data/000011-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..cae1b7391ce0b1d0a874eb0d16999fb01c72aac5 GIT binary patch literal 96 zcmV-m0H6PeUIY*k2ml5J0#A2IH2?|;5MG}ZBSA7^+)+LN{wCZ7v{24_zH8_$Vc5BB zAc_VLhR*$rg>G?S1n->o{s92dp)mLIA^%y4^Xk62XR5UVYtQ_4k+;1tr%0b_nUxr? C1S*&S literal 0 HcmV?d00001 diff --git a/tests/data/000012-012.ring_trust b/tests/data/000012-012.ring_trust new file mode 100644 index 0000000000000000000000000000000000000000..ffa57e57af6498c1b6c699d816582b41adcd6bd7 GIT binary patch literal 4 LcmdnM#J~&y0?h!n literal 0 HcmV?d00001 diff --git a/tests/data/000013-014.public_subkey b/tests/data/000013-014.public_subkey new file mode 100644 index 0000000000000000000000000000000000000000..08676d0672360aae51bb834988c1d95756053f6f GIT binary patch literal 171 zcmV;c0960DsRU1V5+nfx;JTigZzGfDAeyR!30&}4`63IxY_?|Fn8jw^-L(bMMn9t>qO{9Gx_N5hDvv0Uv{4?xTE{!d zMk6cM{AI3;?I5ZOC2V3#@sCpctj`VU^B#?E{y%?Nlmo${oobeMj0% zvPGA;@Pr{#NGarliOn<*2*m*Y#>Kae7=%$QwrrgmhsFTb#g>ys0wH1w>&MeH-ivCY z>zq5cQu`nP)aTd+3N#hE_dMRPZ+e)0Dd15yT)4x)Ql_dBGSzt>JHcn8dzLfQgYa^ryJ8%WuOPsnyW*po>Iy4u1Xk4wEP3Wr!sJ zrG*%uKwf`#8f=l8jx9qq=#}`^B69KLi&COSPm??_qs0`4iVpz*;GO=gE%N|{uzU`~ zBBJRIpke;xmKFH=@CDk)A)kK-3;s775?>pP+cd|Ogt)N0^z9%?aj;zyid86ALtqM} z!AYs)8DZ(xQIGKEQ;Tx<9+tM5>$YW8kZ^iY#nxT_ij6ayQa7_f{SsbRzWJ3bsJ(HD zLb>rp{av7a(Coi+$VP4(s>mf;x4knwd=t<22VrP+1=rg$x&31tXyo7HGUymrjo+gW zr+`j@*26L1NDQ09qRj#%xWgA;?0FHN-JVJ4T^S>6XPee7-mT4YY?G{PNfC;Lgr+aum&n6qIf-e%T#OLp}T+&3-8eC4#=g+ z|657%p}P5Au=SF=qwz72H8c#-A>OAWKJ4YqC-{@m-dPESo=PoXsGagm5H#mwSIA8{ z##^LCeb7}awJ;|$=NvDxNRxw0W_X0`aMsumlFpuc1B68?*+fw~*=h^`i*L6=jV5iH z)k`KDp0ZyFx`dunGLu4@AH`q&BA^l@Fiyrr*mat*r5TS#a>(0OHPvlkb8YLOmVJd0 zg;?1%>Jq@49xtUx4N~6*^DVBzJHRy_xXv^(XJ9J`S!k>O>bikUSI&9FwIgfgDj+DOK!8f_-0>fVSj zk4;aUGi9*;g#-gC%=tCf&j>v3DvsP}fpCF4XLhG8^i$ADkV;xO!FW=`VOrtbmx@vK z`0zxoSsW~k2G(P9>~oW(y1D23IgNus=)zAm>I)fQT|!Y|^11wmd9#_xY|J_4N(^#` z2n%#K^K;!xq+#)GnM)4AshJHfAmI)AW#YL+NVN<^al)KC2SPpW)cbk`?*~K>v**## z8sygn>Kki$TLFi)p#EfcgB7Ii<9g!q_AUAd7vIINvGyF^)BJ8{Vc<1&RE}zYXJM0p Pys(I_&2-?*kxWcoGc#FR literal 0 HcmV?d00001 diff --git a/tests/data/000017-002.sig b/tests/data/000017-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..e734505a7bf7651f47831e92d3718f9c1c22b5d6 GIT binary patch literal 123 zcmV->0EGXDc?2I32mm1k0#A2Jp%)B*5gxJ&FIrr~zOUBh%Xc!*n2KZSh5`ow0162Z zUY`{sK{8_8Cd~l=fed1sbYYe~nlPU!xD(R0KbbjjsmZ)jpwv%P%g;+OsUL`F(I>%JsvqE#P1)2N?NG(Xa_BGz9 \ No newline at end of file diff --git a/tests/data/000020-002.sig b/tests/data/000020-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..8588489a7cd1f2da11c513fced58b8b605f6297e GIT binary patch literal 130 zcmV-|0Db?6fCLi}2mmMr0#A1m%mNz&1qla)&Hx4r2?z%R0tOWb0tpHW1Qr4V0RkQY z0vCV)3JDNipA{oPGGg4XX8`|cTo;M>Q3Svw_h6_yAqvy+fDVfvz1cXI1~;BFKX*<6 k0FY`2lMpI$OC_8bkAEfY-XOgeLAd1xuIm!Rz1x0uy@szRS^xk5 literal 0 HcmV?d00001 diff --git a/tests/data/000021-012.ring_trust b/tests/data/000021-012.ring_trust new file mode 100644 index 0000000000000000000000000000000000000000..ffa57e57af6498c1b6c699d816582b41adcd6bd7 GIT binary patch literal 4 LcmdnM#J~&y0?h!n literal 0 HcmV?d00001 diff --git a/tests/data/000022-002.sig b/tests/data/000022-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..fefcb5fea0ca6079efc1dbe541e13c9725a6a4ae GIT binary patch literal 186 zcmV;r07d_ZxC9UZ0ssaD0#A2HGyn<-5Y*L9p>Kx-4tI+L;H*t~u!%2SM-$6g%xVRw z@{{x80|#377Nk{%ID3^-V-VWGAs&uV@x>?e#8#(D>>>~%rl$7p?fH{idQ`A{#J$&8 zU0~1kab!fq-=e#M7X4XZ9vHlJnT+oQeg|L ofB&iog52SsaJ1&q-9-82vWwRKqA-fkw8ZY*hA#-&#h;V)BU>z8!~g&Q literal 0 HcmV?d00001 diff --git a/tests/data/000023-012.ring_trust b/tests/data/000023-012.ring_trust new file mode 100644 index 0000000000000000000000000000000000000000..ffa57e57af6498c1b6c699d816582b41adcd6bd7 GIT binary patch literal 4 LcmdnM#J~&y0?h!n literal 0 HcmV?d00001 diff --git a/tests/data/000024-014.public_subkey b/tests/data/000024-014.public_subkey new file mode 100644 index 0000000000000000000000000000000000000000..2e8deea28a2d2bc1a7a7cb95c9130dd8153d7407 GIT binary patch literal 608 zcmV-m0-yc40$l`8cM{AH2|$=1HwJ7G@?i`PA5~#Li2h;nU=*;!#!C|9ptGK(^KpB_ zobW(MGJ7X7X)yBj&kYY5%nC#+yz@Oa#@`!gia2Xsl1_;018rH6Tz&doSSti27PPDD z4-m@467;TA^L)0VfK(Qipv<5NJ?6J1R&`?TL_6DFVAAQ5nDpN-XvCty7r|ymYT&)& ztdhufLE#eqBwx7iEU@24nO*v&iv(fxwHQtgdNsVXoWae#t_`pc(s!%7KRoqNFPB7s z?+;OefuR#}^cXgH-uQ&Uhf!qQlQT<@&Z^7>I*JCGg-AXq&BvHg*tKTZ?k?b7-!l~E z$8EEB!PYoXDt#S|C{cIPauVsBMr( zj28d{1qnVpXa1dQMrog}T19Xbt8x!3aEl|*N9+<9xcmNAX7{yAbJmFy6-Lk+E+P(o z9H(=tE;6Bjy&YD$jA|(8I4rj7@*yGlBTS51+SIxMJqyn$YYqphybFoHs-if}d_5)v z3t4nMAa&2K3A+csi~@jS37D!brRz+|4$^*sJT_jsYfn{)(0QjxIM&)GWd@NUI5^NY zE(YgC_v+#9qwIsLryoc(8GId%UVjc$Ln@8>58i=OIU-cF3co5J0C5?iz%>Lv-FiLW z!IhmH3smJXm=68$7Xscwa=Mn~%6&4(+S>YM{GMy*FTQwiU1 u6vmXL0GuRU>5y&K3pV1lbAL`JM5a*;%NlqrW{^001;9rcoh8r literal 0 HcmV?d00001 diff --git a/tests/data/000025-002.sig b/tests/data/000025-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..a3eea0a20470f061acc5fde00700a9b3fdc6b173 GIT binary patch literal 105 zcmV-v0G9uVX9O4#2mlWS0#A1m%mNz>1qla)&Hw-k2@qbN6(d11V%#Yt0RLN0_*m=& zVC_oAU^ZOvNn4$7-w=w906!12p%8VckvstZcaFJ$M{A;V%curifI(en^i5u=(!e64 L-?r?OFTT!5?CvR7 literal 0 HcmV?d00001 diff --git a/tests/data/000026-012.ring_trust b/tests/data/000026-012.ring_trust new file mode 100644 index 0000000000000000000000000000000000000000..ffa57e57af6498c1b6c699d816582b41adcd6bd7 GIT binary patch literal 4 LcmdnM#J~&y0?h!n literal 0 HcmV?d00001 diff --git a/tests/data/000027-006.public_key b/tests/data/000027-006.public_key new file mode 100644 index 0000000000000000000000000000000000000000..5817e00377fb5528705bf37aec73d15baa1ad8ad GIT binary patch literal 421 zcmV;W0b2f<0ipy?cN2gS1OVt48Z#jlBz-v<#|l^D%(L_Z7T*T>kpy+s*VJn!g-Bd@Hq71l2x=o0qmVC+s?$|7TD#T!*y^hpJ7Kl|b~Fti%89^Q1m$?A6|+f_Jf zwD>HjOMExss{hgZ9a}^HVtntPaDXT8xLrkYfEh-bSLUcfs)@lk>8z8oXByw|%(yhP@R z@2NjXXSY!vSIjMGz \ No newline at end of file diff --git a/tests/data/000031-002.sig b/tests/data/000031-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..f69f6875b3981c9f8b1dcfdf84b3edbc0cfc985d GIT binary patch literal 132 zcmV-~0DJ$4f&>#00suk+8v_Li02{A>1`7!Y2Ll2I6$kY(uW?ddR`63mOS3QGI6tp3IV{e-hlco|X2PitG6w)&(npQAn0+aVNm>(-<KCa_Cxxu-~Zv`P1e3Q=u`>IsTa0>RP|N5VV&m7mH5QcSUG+D0KFP9!;WIg$8) xy5Ivi;dgddB1t70FS7m2h@?#MPUqz4i_oE@dJVKrf&Ztmd9)A!2>=lR00GegLG1tl literal 0 HcmV?d00001 diff --git a/tests/data/000036-013.user_id b/tests/data/000036-013.user_id new file mode 100644 index 0000000..5d0d46e --- /dev/null +++ b/tests/data/000036-013.user_id @@ -0,0 +1 @@ +´.Test Key (RSA sign-only) \ No newline at end of file diff --git a/tests/data/000037-002.sig b/tests/data/000037-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..833b563b2cdac6f0bce92f94062c90bcdbe9425b GIT binary patch literal 192 zcmV;x06+hTz628i0strl0#A1oAp#o%1qlH>XaEKa2?z%R0tOWb0tpHW1Qr4V0RkQY z0vCV)3JDP2+&<4}n)Pjs`UC$#L?$)VoW^RvZ4c0AUhs~^dG4_EiQHWSVjcNzpt_TR z%}YV+JD{1=c+0YwLb#$-TO34p98ndsB{Fgu2fh09?{`I}zYe|L{z9w&3ildf6x2J) uv{{b@?bAGWAs)6s^0$u@nreZZPxj^k4GP(tyl;Sj*Zu%|GQb@`KyWx5LhLUD0)a%SDxvnJuA*{46|IiJpw-c6 zthRv;R#Q(4jn>8M>KPgu85v=92t)#oXn-@q{RIK{Ur|WZK_#VwI8C%B?*Gn`FSE`nlPM;O-rm0_vH|(=+E@|VpCJr#mU)-rq}UoO3EkBoq!|wy>#Vw zdCbnxtZT<1J*n{Rc4WvZu87B8`6WkkRF)N;bulnkzAPdor40|BacYET9*ZiVg2Y18~&sM zC--QZ^i%CC9{HyG%q{D&_DFAM(gFC4{8CH*^x~>$I+Q8XZ)&Uc);_KMxf26+r)4{% z82IKs++$J?yG$Utk9qQ+a-rTHY{RDD!JA7rpt2q{Y;k9>Yb3>YUp_@JnvF1 zb&(a|Jp3C6D!IgXyd#aXUsRLjbh4XVjfE57obM(}db#cV#3ZiNuYg+Grf{cz*4Xll z)j_}wrg zNzh7mz;^_LjUSwP?9FL&X6&X)drBeY3VxiO^o3{r&Dy&kZ50tLX^}-p6HG~dV|R6j ze9%XQ;wf|Wn-C-n>)_fPn9j|P)R1ObZug@EWeq!wQYmhdR}eEkV_E0=GhA72q|l`m%olPS_oQa)(RX(PR{)1F@~tGpi_ zU&oj^!+BHp@!9~X6dO3kxt@^Oe}8P?Z7Zsir{S3B_^A<_c9UvbhY?r|$((>4QjZKWLzVz#?=#2%scznJ;P3oCiU1%|?#ZKB2yOZ|S|KEn70Bv@|=olh&QMN4Ao+4i?_ zFP7xPbhDSeE*kIcEq^+0#H0`Nj!tyc?pE#kU(@qpTyV|qP98}#vheRgp8CX;ZY&kZ zLrR%enOknywE+QTJ5*GS~8NWt10$Fpc Hy{CTyO_}H8 literal 0 HcmV?d00001 diff --git a/tests/data/000042-002.sig b/tests/data/000042-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..fc6267fd0b3a31b9c16873e2cd1f075a6d64279e GIT binary patch literal 192 zcmV;x06+hTz628i0strl0#A2L4+0wl1qlH>XaEKa2?z%R0tOWb0tpHW1Qr4V0RkQY z0vCV)3JDP2+&<4}n)Pj>mjnM~Y3(7^jpBKN_Q#yPp{6T`WalxWL5L{7eLb^H#s`u# z3c?;jcB@l$3|rh(0R`ozSaI+@>xuB((JK_u;Z3=}8 uyDH8>mvsM&CwxX{FkPV~T_ua;^njVrdETK6{#6B5Lw=29#yTrC4RxT(&`0n9 literal 0 HcmV?d00001 diff --git a/tests/data/000043-012.ring_trust b/tests/data/000043-012.ring_trust new file mode 100644 index 0000000000000000000000000000000000000000..ffa57e57af6498c1b6c699d816582b41adcd6bd7 GIT binary patch literal 4 LcmdnM#J~&y0?h!n literal 0 HcmV?d00001 diff --git a/tests/data/000044-014.public_subkey b/tests/data/000044-014.public_subkey new file mode 100644 index 0000000000000000000000000000000000000000..06bf50e4f459c3cd5148174493aca1165fd1e730 GIT binary patch literal 272 zcmV+r0q_2~0SyFCcS`U92mtFxXG5doy5}KZ2BW*2orzk)M{58X1mEkRg0(%}OLM=T z@3fJyN?F~3QpK}{SOz|GYUL}HnG36T&1!Cv;Z(swDlN)~WM^a`VoWa|^ z9(LY2L07;V^skx#%^4kGcdS|IR*0@bzu_f(Agjy&4*^nC W^7Y!@eQaeE@GkaGsoww*0RRDyS$?1Z literal 0 HcmV?d00001 diff --git a/tests/data/000045-002.sig b/tests/data/000045-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..336eb0f245c8b15354d74d99d92253508abcbdbc GIT binary patch literal 161 zcmV;S0ABxyp9B~I0ssjG0#A2J@B$kk0162Z-rPRVXqxqH->?Jv0(p~S4k=NX*m$cj zu(%SzxDyqOD@TYoY-Ex;uE41mMg^G;*uss=TRo*CUKrHG%M>TL8dv3N}=1QwS*vK8EV7 znfH*;--{&f=9}+sx@#8W2VUmu zhZ?_)+oCDR+G@tCYa!wvYM}|#bj0H&Ws0s2i)2{x2vy$w>a}2k9sOw7Qp)zh$A{st z!*^{7OIxgkl@dCsi%)Y`&k|e_TMo-c!DX?;?vS31i*bNV!&fZYzw0kxa)O6DwsAoc9k^e z^{8AX@WkE7IVTG_4 \ No newline at end of file diff --git a/tests/data/000049-002.sig b/tests/data/000049-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..14276d0a57bb928f1285f739b5ee828ee5adb576 GIT binary patch literal 220 zcmV<203-j1+5{5;0strl0#A1mBmx@)1ql%9&wvIC2?z%R0tOWb0tpHW1Qr4V0RkQY z0vCV)3JDO@)lQ*rhXf9lJp|r3^9`-vT;DC~n)o@c9XA0*WQ44$JF|S+%$aKR`nDxt zIiX(Z|A=7<`tq8I9!(y8pPiwOhE)PHaJZoA(Xe%B?s(z0vDjPI4_An;ii>Nt?9Nh~X?j@S12ty2AXeX>~){ WVW%WuZOUvl#bq(P&ZQTjvF~nhds_1V literal 0 HcmV?d00001 diff --git a/tests/data/000050-012.ring_trust b/tests/data/000050-012.ring_trust new file mode 100644 index 0000000000000000000000000000000000000000..b1eeabb95244718b2b6ca41819ae6d8b9fa2c9dd GIT binary patch literal 4 LcmdnM#J~Um0?Gih literal 0 HcmV?d00001 diff --git a/tests/data/000051-007.secret_subkey b/tests/data/000051-007.secret_subkey new file mode 100644 index 0000000000000000000000000000000000000000..b4e65c92fa2d66fd0e5b24084dc85f68e22849c1 GIT binary patch literal 611 zcmV-p0-XJw0$>DBcM>E41mL=!nr|bM<{+A?g9%*lSotCgzHGJu?Cv=Sos&-M@y+>m zVCH!4U2uXz^g;84>j}GP$^W!^Q@2>xTXXNzC#~fbQyiT%ei0)OlfmeF=iD7s4OU<~ zev+~uAmk_M|FdtnUHmibRW6M!wNP`4z}l`4+WkIL`F(%g;3XMOVhDI8Ic>|Mw;Wyw z|7^t@5sM=EIztYF|IjKQ13dr{0RRF10|NqOZHY(M22F%u8$r5VQNAQrVc~62rR!KG zZWeiwQ^y`scOfhI%aLndtw~n_A-FWzNU&I7(>0%}c}uMuXcPW4Zc%_g)tLmg(8m~b z|7fXG;15mLU6uNhpd_?rpY8p-FNYOe%~YXtsGOnl+$=^)cS>HA21#r(YcTC0t9Xl5 zJ1?}%w#=$wfqj`iMx!?mn?e2hOnvKr;NKe22%){k3Uvae~6DR*kuX zJiNp7A!x-qM1mf!E#qFCbC^OB_d=`7CPdCeFArib&gLHhoJPor&#!dbF_GXD%Ywf% zB;(~bp(s|?WUAdhSM7SZYWHh)A1%6+fT(HWt`LEWRv;v&J(vcCWWg_gjY5Dqgwso# z(#ne!RDZuWr18AjdZf xhsLlT#Z_$VGy@U!8Q+!9ETL+t_nu7qb}17?<`u(^sCoL6@~3D5Y_p{_Srt56CZhlV literal 0 HcmV?d00001 diff --git a/tests/data/000052-002.sig b/tests/data/000052-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..dd601807fbda13ff485ca98879c4adea711a15c1 GIT binary patch literal 195 zcmV;!06hPQ!2}oq0ss#M0#A1mBmx@@1ql%9&wv052@urPPN8py1P(a}1l zMkKae7=%$QwrrgmhsFTb#g>ys0wH1w>&MeH-ivCY z>zq5cQu`nP)aTd+3N#hE_dMRPZ+e)0Dd15yT)4x)Ql_dBGSzt>JHcn8dzLfQgYa^ryJ8%WuOPsnyW*po>Iy4u1Xk4wEP3Wr!sJ zrG*%uKwf`#8f=l8jx9qq=#}`^B69KLi&COSPm??_qs0`4iVpz*;GO=gE%N|{uzU`~ zBBJRIpke;xmKFH=@CDk)A)kK-3;s775?>pP+cd|Ogt)N0^z9%?aj;zyid86ALtqM} z!AYs)8DZ(xQIGKEQ;Tx<9+tM5>$YW8kZ^iY#nxT_ij6ayQa7_f{SsbRzWJ3bsJ(HD zLb>rp{av7a(Coi+$VP4(s>mf;x4knwd=t<22VrP+1=rg$x&31tXyo7HGUymrjo+gW zr+`j@*26L1NDQ09qRj#%xWgA;?0FHN-JVJ4T^S>6XPee7-mT4YY?G{PNfC;Lgr+aum&n6qIf-e%T#OLp}T+&3-8eC4#=g+ z|657%p}P5Au=SF=qwz72H8c#-A>OAWKJ4YqC-{@m-dPESo=PoXsGagm5H#mwSIA8{ z##^LCeb7}awJ;|$=NvDxNRxw0W_X0`aMsumlFpuc1B68?*+fw~*=h^`i*L6=jV5iH z)k`KDp0ZyFx`dunGLu4@AH`q&BA^l@Fiyrr*mat*r5TS#a>(0OHPvlkb8YLOmVJd0 zg;?1%>Jq@49xtUx4N~6*^DVBzJHRy_xXv^(XJ9J`S!k>O>bikUSI&9FwIgfgDj+DOK!8f_-0>fVSj zk4;aUGi9*;g#-gC%=tCf&j>v3DvsP}fpCF4XLhG8^i$ADkV;xO!FW=`VOrtbmx@vK z`0zxoSsW~k2G(P9>~oW(y1D23IgNus=)zAm>I)fQT|!Y|^11wmd9#_xY|J_4N(^#` z2n%#K^K;!xq+#)GnM)4AshJHfAmI)AW#YL+NVN<^al)KC2SPpW)cbk`?*~K>v**## z8sygn>Kki$TLFi)p#EfcgB7Ii<9g!q_AUAd7vIINvGyF^)BJ8{Vc<1&RE}zYXJM0p zys(I_&2-?*kxWco{sRL7wDH~mXV-zoV0K0AC4X)Y1y6;suJ3Uh6~1BS^#p&$S8?ic l4{jk~X?^-^ql9;)jUhrN?B$Sq=NV#MD;c*A;YU%a3+RGtd}06q literal 0 HcmV?d00001 diff --git a/tests/data/000055-002.sig b/tests/data/000055-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..e734505a7bf7651f47831e92d3718f9c1c22b5d6 GIT binary patch literal 123 zcmV->0EGXDc?2I32mm1k0#A2Jp%)B*5gxJ&FIrr~zOUBh%Xc!*n2KZSh5`ow0162Z zUY`{sK{8_8Cd~l=fed1sbYYe~nlPU!xD(R0KbbjjsmZ)jpwv%P%g;+OsUL`F(I>%JsvqE#P1)2N?NG(Xa_BGz9 \ No newline at end of file diff --git a/tests/data/000058-002.sig b/tests/data/000058-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..8588489a7cd1f2da11c513fced58b8b605f6297e GIT binary patch literal 130 zcmV-|0Db?6fCLi}2mmMr0#A1m%mNz&1qla)&Hx4r2?z%R0tOWb0tpHW1Qr4V0RkQY z0vCV)3JDNipA{oPGGg4XX8`|cTo;M>Q3Svw_h6_yAqvy+fDVfvz1cXI1~;BFKX*<6 k0FY`2lMpI$OC_8bkAEfY-XOgeLAd1xuIm!Rz1x0uy@szRS^xk5 literal 0 HcmV?d00001 diff --git a/tests/data/000059-012.ring_trust b/tests/data/000059-012.ring_trust new file mode 100644 index 0000000000000000000000000000000000000000..b1eeabb95244718b2b6ca41819ae6d8b9fa2c9dd GIT binary patch literal 4 LcmdnM#J~Um0?Gih literal 0 HcmV?d00001 diff --git a/tests/data/000060-007.secret_subkey b/tests/data/000060-007.secret_subkey new file mode 100644 index 0000000000000000000000000000000000000000..9df45f395f7d368c279e5a7dbf5e6db74694b399 GIT binary patch literal 698 zcmV;r0!96u0=EQDcM{AH2|$=1HwJ7G@?i`PA5~#Li2h;nU=*;!#!C|9ptGK(^KpB_ zobW(MGJ7X7X)yBj&kYY5%nC#+yz@Oa#@`!gia2Xsl1_;018rH6Tz&doSSti27PPDD z4-m@467;TA^L)0VfK(Qipv<5NJ?6J1R&`?TL_6DFVAAQ5nDpN-XvCty7r|ymYT&)& ztdhufLE#eqBwx7iEU@24nO*v&iv(fxwHQtgdNsVXoWae#t_`pc(s!%7KRoqNFPB7s z?+;OefuR#}^cXgH-uQ&Uhf!qQlQT<@&Z^7>I*JCGg-AXq&BvHg*tKTZ?k?b7-!l~E z$8EEB!PYoXDt#S|C{cIPauVsBMr( zj28d{1qnVpXa1dQMrog}T19Xbt8x!3aEl|*N9+<9xcmNAX7{yAbJmFy6-Lk+E+P(o z9H(=tE;6Bjy&YD$jA|(8I4rj7@*yGlBTS51+SIxMJqyn$YYqphybFoHs-if}d_5)v z3t4nMAa&2K3A+csi~@jS37D!brRz+|4$^*sJT_jsYfn{)(0QjxIM&)GWd@NUI5^NY zE(YgC_v+#9qwIsLryoc(8GId%UVjc$Ln@8>58i=OIU-cF3co5J0C5?iz%>Lv-FiLW z!IhmH3smJXm=68$7Xscwa=Mn~%6&4(+S>YM{GMy*FTQwiU1 z6vmXL0GuRU>5y&K3pV1lbAL`JM5a*;%NlqrW{^001;CD0|NrI@!kMu z*MY`hK`@vEe-Rbm>jlcK|L2Zn>Z<^?%@=Z&wgSggBxXvji1qla)&Hw-k2@qbN6(d11V%#Yt0RA8mo{P&m zItQ`&c_CxQi=Rm|;LFZpoja*Od)-seKji@TVyS_x2CU3e4*B@ITKHC*;f*=0pOC5E KsF6?_jeku6wkop# literal 0 HcmV?d00001 diff --git a/tests/data/000062-012.ring_trust b/tests/data/000062-012.ring_trust new file mode 100644 index 0000000000000000000000000000000000000000..b1eeabb95244718b2b6ca41819ae6d8b9fa2c9dd GIT binary patch literal 4 LcmdnM#J~Um0?Gih literal 0 HcmV?d00001 diff --git a/tests/data/000063-005.secret_key b/tests/data/000063-005.secret_key new file mode 100644 index 0000000000000000000000000000000000000000..2f4268ee111c2ac3418c8b6116a2b771a90ade84 GIT binary patch literal 484 zcmVkpy+s*VJn!g-Bd@Hq71l2x=o0qmVC+s?$|7TD#T!*y^hpJ7Kl|b~Fti%89^Q1m$?A6|+f_Jf zwD>HjOMExss{hgZ9a}^HVtntPaDXT8xLrkYfEh-bSLUcfs)@lk>8z8oXByw|%(yhP@R z@2NjXXSY!vSIjMGzsxI$oTj<}=H8Vhah#_%cnYVjrj literal 0 HcmV?d00001 diff --git a/tests/data/000064-002.sig b/tests/data/000064-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..5194b784077f49aba684363f3b56e72c74612fbb GIT binary patch literal 99 zcmV-p0G$7bVFVu$0stWe0#A2JhZhWh0n2$aMW0#64e`VK?%v!!&uE(UZ2|`X0162Z zcQVhIieu`AZb1N_U*_B`vlsU4T?U~518NqX!fz6J0HBR \ No newline at end of file diff --git a/tests/data/000067-002.sig b/tests/data/000067-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..d354e79df22fdce1022511d81e146b4f5e9cdea5 GIT binary patch literal 106 zcmV-w0G0oUXao}x0strl0#A1nfC3u>1qlEfuYd*%2?z%R0tOWb0tpHW1Qr4V0RkQY z0vCV)3JDN*GS8TbW9o)_NC2O0k*bNzHCgRMLR6inAufxeoaw0mpF!h9qR;pUv~!v? MIFuw&IY>T-YPpae^#A|> literal 0 HcmV?d00001 diff --git a/tests/data/000068-012.ring_trust b/tests/data/000068-012.ring_trust new file mode 100644 index 0000000000000000000000000000000000000000..b1eeabb95244718b2b6ca41819ae6d8b9fa2c9dd GIT binary patch literal 4 LcmdnM#J~Um0?Gih literal 0 HcmV?d00001 diff --git a/tests/data/000069-005.secret_key b/tests/data/000069-005.secret_key new file mode 100644 index 0000000000000000000000000000000000000000..17a2c354d50641c3e64dd0923166ac12c6531a28 GIT binary patch literal 513 zcmV+c0{;D#0saI}cN8H31OU*&o+ad!O4`M5lV2_Kg|_;nFrTA6)Y~BxbnDinH!!aw zkxj5%WG1jnZn>vOd9+FQhYC?`hw2H6Py)fy5l6y1{FR@|1yW40YT8C2B2FYZbUBgu zfV$uVIN^78S0YIz8ZWZ_%!s5+@lNOD=!?*yqGG5Vy> zFHFqG2;?l}J6mNt|XS~pg)5}QFRu`DKh7I_^Ja-FbPXuaVq7eENoKtvBZ zvNyDAJ+<=Q{{6kp`7o_>MA|am-iJnGPjP-YXH`4I@mr$%nub-h7YvTmG(iWJ?Ns}H ziR?!WN;W?8w)H \ No newline at end of file diff --git a/tests/data/000071-002.sig b/tests/data/000071-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..833b563b2cdac6f0bce92f94062c90bcdbe9425b GIT binary patch literal 192 zcmV;x06+hTz628i0strl0#A1oAp#o%1qlH>XaEKa2?z%R0tOWb0tpHW1Qr4V0RkQY z0vCV)3JDP2+&<4}n)Pjs`UC$#L?$)VoW^RvZ4c0AUhs~^dG4_EiQHWSVjcNzpt_TR z%}YV+JD{1=c+0YwLb#$-TO34p98ndsB{Fgu2fh09?{`I}zYe|L{z9w&3ildf6x2J) uv{{b@?bAGWAs)6s^0$u@nreZZPxj^k4GP(tyl;Sj*Zu%|GQb@`KyWx5LhLUD0)a%SDxvnJuA*{46|IiJpw-c6 zthRv;R#Q(4jn>8M>KPgu85v=92t)#oXn-@q{RIK{Ur|WZK_#VwI8C%B?*Gn`FSE`nlPM;O-rm0_vH|(=+E@|VpCJr#mU)-rq}UoO3EkBoq!|wy>#Vw zdCbnxtZT<1J*n{Rc4WvZu87B8`6WkkRF)N;bulnkzAPdor40|BacYET9*ZiVg2Y18~&sM zC--QZ^i%CC9{HyG%q{D&_DFAM(gFC4{8CH*^x~>$I+Q8XZ)&Uc);_KMxf26+r)4{% z82IKs++$J?yG$Utk9qQ+a-rTHY{RDD!JA7rpt2q{Y;k9>Yb3>YUp_@JnvF1 zb&(a|Jp3C6D!IgXyd#aXUsRLjbh4XVjfE57obM(}db#cV#3ZiNuYg+Grf{cz*4Xll z)j_}wrg zNzh7mz;^_LjUSwP?9FL&X6&X)drBeY3VxiO^o3{r&Dy&kZ50tLX^}-p6HG~dV|R6j ze9%XQ;wf|Wn-C-n>)_fPn9j|P)R1ObZug@EWeq!wQYmhdR}eEkV_E0=GhA72q|l`m%olPS_oQa)(RX(PR{)1F@~tGpi_ zU&oj^!+BHp@!9~X6dO3kxt@^Oe}8P?Z7Zsir{S3B_^A<_c9UvbhY?r|$((>4QjZKWLzVz#?=#2%scznJ;P3oCiU1%|?#ZKB2yOZ|S|KEn70Bv@|=olh&QMN4Ao+4i?_ zFP7xPbhDSeE*kIcEq^+0#H0`Nj!tyc?pE#kU(@qpTyV|qP98}#vheRgp8CX;ZY&kZ zLrR%enOknywE+QTJ5*GS~8NWt10$Fpc Hy{CTyO_}H8 literal 0 HcmV?d00001 diff --git a/tests/data/000074-002.sig b/tests/data/000074-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..fc6267fd0b3a31b9c16873e2cd1f075a6d64279e GIT binary patch literal 192 zcmV;x06+hTz628i0strl0#A2L4+0wl1qlH>XaEKa2?z%R0tOWb0tpHW1Qr4V0RkQY z0vCV)3JDP2+&<4}n)Pj>mjnM~Y3(7^jpBKN_Q#yPp{6T`WalxWL5L{7eLb^H#s`u# z3c?;jcB@l$3|rh(0R`ozSaI+@>xuB((JK_u;Z3=}8 uyDH8>mvsM&CwxX{FkPV~T_ua;^njVrdETK6{#6B5Lw=29#yTrC4RxT(&`0n9 literal 0 HcmV?d00001 diff --git a/tests/data/000075-012.ring_trust b/tests/data/000075-012.ring_trust new file mode 100644 index 0000000000000000000000000000000000000000..b1eeabb95244718b2b6ca41819ae6d8b9fa2c9dd GIT binary patch literal 4 LcmdnM#J~Um0?Gih literal 0 HcmV?d00001 diff --git a/tests/data/000076-007.secret_subkey b/tests/data/000076-007.secret_subkey new file mode 100644 index 0000000000000000000000000000000000000000..b380339a449aba39f1405a76a69d9789a94dc2c1 GIT binary patch literal 961 zcmV;y13vtn1HJ@LcS`U92mtFxXG5doy5}KZ2BW*2orzk)M{58X1mEkRg0(%}OLM=T z@3fJyN?F~3QpK}{SOz|GYUL}HnG36T&1!Cv;Z(swDlN)~WM^a`VoWa|^ z9(LY2L07;V^skx#%^4kGcdS|IR*0@bzu_f(Agjy&4*^nC z^7Y!@eQaeE@GkaGsoww*0RRF10|NpcfkIuhK{uIT>skNzt@nxZdd?;|SLU^oqxhbx zHV8gJ4Y@p5Z0`o7#_wz@e`tc0;TXnumYc2lwDswXGYPhe%9T$R_BnM3zo~LPj!S*d5(uTbds8!0Jc-EHKC%b! znfAiH*yXQpB@5Fb(@;bku0eer;qu^7T^(gB;Tf|YdEO%a+FKSi1I z?#}-F_mC}JHDq(W-Z8koTv|6@oA(sxO@H*k)un}mmlhmar4+Z!Ln$Ys8N5xKgn~k? zG-so?$cIVhq{Ohthmq_vN~;I58s=D-A3Pv@Gy@*O#S;il0TWk#LFnQ~7JW6*TS60I zLx*x|FCqdEqKwV?1Q5-V9GrFEHVbsUJ-vXph!=33f4>NfYMhTBT79vdr0GRyGCErF zPPP>iJd+l#PV>2At>dT}Nmfuq5n)gf#5Up-Q)D3e*S7XhuKXyhb5WuzC-N7r@YhOt zlH?)UznNf%933C`7|sZv1^F8u^m`BUn%O@W?g?T9*J$M1HP^kZ1i_*6)fGIuv>~^_ z?IGZ@TNnQnB)E)ZNu|1N>DRU`E*OkCeg6+@j`uNw@luX1#Ok&}@_D>9#tutw)^1xv z24)!p6ew4p$i89;GD(qX7Wh8U4NqZ?ljcOLT&Xfv-j;N7yS*a?CuCPbUniE3=7u~O z-FpnpPx?Jv0(p~S4k=NX*m$cj zu(%SzxDyqOD@TYoY-Ex;uMrrkjJxFRJJ7gHHgUh2Mof(~V3-us9J4@ot+H2xf1r5M^~6s{G>|sL*v~Mr7Q; zS(u1=45kWMq9aQeEJ!Xw7L_!gglOfRPG%n`ioluMFps;y3`%G06XkwTNtO?CBM*Dd zETU3K1Xa~XBkqwe298IPi?)S2=m-=X^A>-&TYlVE7#o5ZzH5r~RaqlhD0NvZd00000 literal 0 HcmV?d00001 diff --git a/tests/data/compressedsig-zlib.gpg b/tests/data/compressedsig-zlib.gpg new file mode 100644 index 0000000000000000000000000000000000000000..4da4dfa99591b158a208d0f7d0aa95d938b2c6bd GIT binary patch literal 322 zcmV-I0logC0(hL8z{||Q#CYYZ-@^QM7Cy!`#Yr4hIhjd%B^4$9m8X`4WMmdA08x5= zW?s5NNxni-szPyQdR}UZLSkNuLX?lElWuZ;Zb4CMaWPOVGY_aFF;5{sCq*|czbH4c zM4=!tIXksPp**uB10++LS6q;qoSBvhRGpKWmtK;g$JMceg@KWYfsK_3WF-R^rvS`7 z+%YWoy%;YIg=2Pb+r@Z@P zd6-jA6;$k0$^;$Bq?XK#<@2>4B-ga)ANcxcppR3-bIEUL!i@C}m zGynG9&zi1|)t<7dNtmUmJ6Kb(Jc Wb>C-xL!o8t%1XX&!soeS-v9t4v8$c{ literal 0 HcmV?d00001 diff --git a/tests/data/onepass_sig b/tests/data/onepass_sig new file mode 100644 index 0000000000000000000000000000000000000000..87b2895ea9761f6b5d8524b50ca0d1eb8e4846c1 GIT binary patch literal 15 WcmbQh%gn&Uc;%|!!u)m?K1Ki`@B~Ew literal 0 HcmV?d00001 diff --git a/tests/data/pubring.gpg b/tests/data/pubring.gpg new file mode 100644 index 0000000000000000000000000000000000000000..a1519ee74b87062c7892b8a94205704f2b764161 GIT binary patch literal 179272 zcmb5W1yodR+xNYP?hd6>N z@BN;&-tAf-%$nam&V9xa|6@okMo{s_qXQu<4L##_D_tpRDfXJCjnd@_I>>ttw7a44 zYC343FrkUO+4_)n7CW|>(*NaI8lnOQ)9K1+yqjbpHmyvm#i0S(?n5g)AGM|pa(9Tm;Hb%QM) zLCON{aVO2m4rBT*oHTL#g@T+KrO)dwLgY*9&H!8x0IH$Wv~>5NQn2);VpP`XMJ4bAV9qu_rMfsD9|HBDwR0SLW{~tG%g5DHn+5i2fA}qiaX41w^2W|S3 zFReyu898KM0vz{W@E*cbSJ18LWRi}ufPi^kmaj_@nn=BB$oQ5Y`o1YX=h_6C`lp^b z#ALAt1mXU<=?nrs2o7L`jTDa#juajd6=!QS5D6U>1sNU=i4X-26%8GM2o4?uM*)H( z4ulPTVp2KB`7Hugk}$#o{}JZLMT14wt@QJ!W#oJyX^Yn%N(8H4%?zd49beYbn>@`i z+Pn=jMZ5f!9!{Y|;SbKriGHI6$K}!h+4@r9X|w0^qptGX^C@hdu(F6q``VSzUJa{X z5>recB)Q1u(aHAc(~D3fF$`@UWAA}+Z+#9~6RZYO&T!h~(9{f*>QXXTi5zS_CBK^% z(U~|7I`H&ZK4}>#AkL}WcltBFOavV0_>f@Zll6vKzc42$y(<%&sjMLSoOR2lkDwNNrpgr6A|4r5AjW#~7yS z<&<(W%xugj54paQI%b*OtbWAY@HofTAs~f`-24E&d|_QLgzG!#w-eI(dA(t(mY?aI z)NOgtE1Ksqi^>nmXmRt_P5)SEgn$EGYkw@1SFert4~ zia^4CGjbgj>f~yQu%CH)0|LI}aGd?3zSRpq+G=aGE~$mHAHDL5t8e8fk_FqPB|U)M zqv3xxXj68&Gi|~;ReDJXs=dA~yZXJ3^aU*Fi1SGLS zZpWA@;f4Qf(6A1K2ha(_zFUwO|18M+>+UHE!aQD`I%<8of%=3IUOvb%@%-XEGf#Oi zxgX2H7uo$YXmE65K#kt#_d)Z7FxJ;kX3uCG3c{@>v8d^DWSEm6-ibFM6_dl!)-4U) zinP>cMnktt#snn=bFRn^Jgz#W!`WZO#Q=&59s3QJ&_DQw zLLL+xnkJ3-?!u=u>}oQ*43ZB}_&u9ZtddS?ICxF1A>9_OSl{_mN?CNA`W2m*+H8B3FIi^x7B|XtSV;MZ z+)XTq>CI{~;rZnO;!Hm^H~<;_hL04_ zm^5mZyD#Z=Lq*H+E|r{Xg&|&q7Nd@&30gsiT=D8d)6FThn1gkVNVhYJ8IDPZ{-qt zg+F?RY-;0)I6ceRcx_H*v%0v#`SXF!yTv^0qCn-KsjerBvKSd%xx;XD4PC^>JHEK! z`E0qLh7V~StTU!q7d{TVIV5~=ki(4#U6tkyQB?W*1s-!~ls&x=LCSr|1)@oh#9fL( z!m1oeCso`dlC37oRol7jl{dvC;R(wy^pO25z6r9p*G$7*(9aH|HHbiRIzO_(Hu< zL@TnhHq3CI@MS>{H8fkE)#QEFFGU>g4Rf7-rKi2m^QHa9v{-667`Qgb*sEj{LKLig zUhlX}eZz?#$$km{TAKO0l$yYII}9MwxnAPkBggbfg-4{>RmP}Iud_8c6C~0pdyKDX zAb7MK%DvLxJku)+9>&PH_0MYaOgfslJ8nag{X%g=b-#0O;k9Q_uouW;sxKlPv6giT zw)0RljBxWmCu@2r_&k`wJ;golB>dd0?cX>?} zS#un7+z-o~h%_Fo;R>1D*PPkYGqSzKB#w`Ywid!TVw6-exhyMgLJ{DZhc0-gM^S|K zn4{-xf?R?Gt-Xp^k2S{RV&(PuJABl;O!a@vr9`NmoF7P)>5)B-LYgvn-*HdKZ))85 z{q$Xk_|Hxio-Oo;CWaDfroS4m-uPCh4LA%vU6;pjdy9hZ!FS|7uaIwg=$NK})lr;= z$wu`9^U`v;QA)NJL&~)?QxI7~cyHqO3&ee7DV*w!FJDMjrxCYE?R}qv-qu2HEWASq z^Y>O>EdM%Xy+k2i>?yB2C0qD<cIQ z4fx}AqG?ZEiU(TMArmUEi`5ecK)`VR8Rc`lEk(oXnd-;o7k)10gC||(tV<>=$PX?Q zzf{1^%lmPe)c-XuGk10r2@6EPhZ^}$v@-N3T0wq20{pMh%3YvVZVe6842Z+e)eze0 z&P?75Qlou648)40Z2iukg2b22CF-pV0%Glu6L6T_6zDS_#01dqE>N`+i8rhvm2Km7 zwa)r`w*K+h4fkRS?)#p}I}%~(gOYDWIJ@C9{Lgwrc8KqPB^)ioBkP|LDE$#^Pi zBniZC-f{JLzi!kS`uC1mwy$hcq#E)A9K{AOg?5xJ)lJb$18z%Dg6DpKU24|H=cO*z zsv@UuaycT#YP$F4-ms&5?*S*A(88>5gfsl(nQ&0WQYrb69B_Y`Vqj5fnTm$pnEo;$ zsOaidz*~h>XBQl~zU<085R>J6$-rsL@#|z16Z_#1niNaRkuY!XBB@OTzrA6+a@aP! zqh6eW-=(203j#e+P3bl^&R{p*ahc}PtGe7kO`>GT5Cm0ty`Em%(`-*laMs9Vd^0}v zc#++vJGX= z!>qs__bzP~6*^I6Pmv1T$5smt%E5O#e!%OqaQ?dEt(wJL0+&MUNXZbQKm<~HsH_O% za9^t0w_2-jdu&Tai(CZjeU8=M9aH?O%zotW7}dPT-Ks2n7?>PCxRPkAa#~km1bR1Z zWZsf2oqjgGAwvb_y?2a#7DWs|qhb*u>zgcl8C!6fzO)NrsT($nOC;^svmLw#4Zm-+ ztqwE-e@;|QI{zXlFL8}<0KQqw;5=I|o zw8ug&X+aPFRFca-{7U!{0=k}uFqP+M8EP}~rzp5UGt|@)wt{WN0jzQVAR%6(CVLgF z@G;*aIsU1cN0vx&)cpKoylhAt(q~&g_VRW@N{c9ExgWkFk2VUx(v)O=cZt0ar16wS zvj*)GGbP~qFsGddL3I9w@M1?&78$zcnjYf-ml$8LK;aY2>>G+MRzbXLI*DSZ&<`@t zww8zAvSe&!!gI)ce8#7Ny68;Mn^*v3(i!fc{UC{yV?$YdFZ@NsfKDPIl~+=5Cw+R^ z7Gb53%!nJnRS&a9cmUm_{{(Q*JqiurV0-lbvB5+K+&))1*WE!d*_H1#;Waprd!FUI zh!YVFh+(T#!6>~lRnzeh3%6gRX!Rx&CcZ>PyytlLRsZyS;Q6J~*O zp^F(m5ElXXNld~;O+@GS^kE;G&dN~rF+9;C(nTDC=j8N+JHAlz@#*&CeNo!-4>g2S z>{LJTPJf#0C_f*hF}Lm^)p~v`hv+2wdzqJ`hNPNe!J}6sQtHV|&Ogc=soO%6P zn1Nmg0mzJxv|jyreSid)xh*x5e=8*p=QuY;f`4dRJdwULhLr5a9}L)x?TO6ONi4GG zY?d>4DCuKN)o*NU*(Wm=rfd3ySvM0HwF`DJ6?`ci+o1aWCJJPc` zMl)r+`9@lOwT&MJF2``Sdo@k=W9Ciz`4%eMl0A<_98TLCJZZ~4H+b>jLNZGf{^<=# zt@r`mie8v0)V09<>ssDIT?^>5FPAh}uMhLE>-XMWKK8F`x$`tm;sDrqeU7!7_;kk* zDF=YJBg*P@#`6Ur?_3^P){^`HvN_$*&b~pqb+eFr{2^-6QoKbdL~FgAjnR&TRVCB>9;h=LBQcqtLp` zd=7A)@Wd=Nfyee#J|9OpZJbhtfyJW=1*gU$S>GDDv$tq!j&HY6BUIr!#&Mr@3SK3F z2NBg3EA3`vsA-hxo_aiuI}dDHg6IF??WIE_M^D0Dbv+c8uXw1uvHCM|EGPd3W{q;t zZBeCf4Gw_%PYH(Y?>s?EF#n%GgWPWOB4jueL*&-WqkV7b!cSPO3pWy_w`gZ1W&{(0gEe|Fh`V2fys0Vb#D3Ms;HNvW#(5lg zuPI(v+BKNPczpIsbnzPs`|w`w^v^WQK$HBtGKA&*C36f1Kr*R_L`@a+g}gi#7YxiX zMmn8uEC5K(;p9(W4 zad96|KOi9|r=+CBC#IpJp`at9prn97K+v}$BOzm$KVP@)0MsWC1IF+m z8UPL#1dj{4?FL8z01h62zZ(MVJ2C~O^~8VU12Fb__`7cYh$-ZsjkJsO(TZLEnJW?WhWT9@ z$QT>NSos!M+w}LEj&Zf$qwQ{JgfQ0%n8cx(biNUtC9hz>lWCUsh+}dJ7nssGL&Wpw z&E;u63sG)!=nKyf5HR9xjV*eD&bu+FTrNa?3HI=>r9Inp-bMQGme)@lQL_9i68n&B z!_T<0QBu1$?$F6Iie;&$NhOTF)UoJp+cK{47ArXs2~>o+& zazqwH*20=_mGu|lsX%liyp)*sj3)l^)n;MeYf+88n5lgKYYLoel_pXBxZlUAFFhu$ zI&<4SwVsB1s&|KeU6jO@#d!KveCXqYQ24a&kUlbF!(ru?LM9IK6wSgM&w{#{?AXwL z17nn}O8wXZ`1J;a_*cbhtHvrKqlX^wX|FT~u7_OsRxxK|+FfhJs1hbXi;Bm_Ljg^W z6O$AfN=a%NO=ps7W>xhI#%*+^1ayRq-xw22umNK&mwHSR&2`fNLT8)uHdjk7iwT;y zg!aqvKV=`aA7CEW%pVae7HV%ssbtZR?Y0W{@G+||GP>5}@X0632U34^ed#Oxv9!3F zUOeH> z2bFVF@49f2Ir&X$5P!e8m|FO#TcEz?qbFGH-AqTvs@MbORS1{c(M*nr5U*SfnpKne zIXhUyBb>F-yvn_khshYj`?BmL811uVzM;wM{P*)TU3!imbzK`gL%B)aAaKZ zBT85GQZ=3uyg1g8S&<*kuZyYW0w3U$%Z^Y(P=mlq++J%=7#AgHRy*@F76t|y_*U`~ zJXrx}r;;)|3}83BxAk=PaxQqaZ~pRm_Vgs-@>wR$ z1+!YoBp$I_@?yfIq*(kD1W>}m5QcvJFmW9J^rq8+oe@W?+>f8@giaV-6u(8f(8&S_ z1vbo7^kM)C9UNj$*b%MW*wk#*rj}G5?^GRKMNMd6etZ($%+fDxCvKamzL`=q?VS|O ziXnFjv9x2Z?Sk)5ePw>~=n=&!$57Xg6&XC2+4anJ9s9oP5&Hi1jrN4In~Z;sTGEqo z#WawO23x~S1iVrnAwit02L)!IsC%AFb!3mTR$8bA9f&Ix*#rCGcGTI3r^}b36^;C_ zOZ{(#q+b^#vwp!0<<+mK=*|z$=3m+lJN~JN^ukWn)-E;Vg*#B=1KQ{&b*1~p|dh*?} zZ}4efW@}C%%Ug?$C%NKbjGz33tCf0@6+V^BDvg`zhzkBFyu+(t6IlCkD6%%L}=k6b+tOdIoE z$icYLLe!S@e`nDvz`}#+34uB3Mi3@6=#oDGp#a;@tR?eSnl`A7k@A`|v%>W|pV_Zx_CePj>DSyXe0=y}&4{9RGU(xCeK0e09 zYp8G#bj7L+UVUq|pkh=ZQq0AOwKXq>wTsCw1a>EtR6L~UF`^F+e6mK0gJ`yK?rZ`d zlR)bK>zTS0WoE~08->@xQ*oVk(&O@UVE7@qsrLuHP3^EUiBCW1Us08PTP?`5*w-?S zZ@NhtK**fWBB6^^XVXQX`LLF*S_l$7Rkq7RY*vd{7+LobCZdk%c!S_ZX(n!v)|dH> zX3AUhJ7HwWdn{~_y5_HwnFT)wOM(NoQpP_bn~Ix%cMaNN9c2~SMSj+wPX?*IDD zOx>d9v!TTOPD!_DVI&S5`1cT}C4c_YH`s_{CtRj##xHi{8o|M;1Q{KxX!WfehC6$DIDyX8{IUHJds|FiV~dJzm^fy3+>mMXu#W?x@Pj;gxpX{{PIHS z`-PlfM78K~AdHsttw1(YkiWQW$4uOt>9HsH$Cd48noyRX9*K;<7r< z!3QRt4wJr%xn+V^M_}vi6;^V4ic<2p^=kke&}Hi8`8(bkMD5A(5_caC4;-)qBx0au zea;UaE!XJYOm_}W69f|r-@}v}M8YsJ#SzYXyDmpDff3<5&TOwAo2Hv}%~dsR*#Bez{AgAAFw86h8h+k%W6O8}0JiLXe6d;TIb5mmJReOn~ zsUy$}Mmt&t^9J7I2yT9daYAgG^{jq(MA5wiz%m??&HA(ue9@5hD#T+HuOuck79bOy z4RKJ^VOd{U-BFHwy6`pG)lTGn&JiYzGvGo0yG+3_o)QTF+iS`sf9HrLwlZ^5a*7c4 z%MiosfTry6KRTh3g9(-?Qcxu^UdM=bP@03Ebu_O^CJGllLL z0NducQ(p3>JGFyLg`7PEZ+{%RmH?2qc0SiJK{7SyE%g58FG`;sl?=My<4ArihS|gV z#)5CAJrCcgg6+@I5h#na(IxBXlCMAZ|34Bo7*x3?pSo9>W{r3of$)%S_o z-{WX|Yr{CWQmY?}XrlOK7@@nuNk>!B@(pf{O+Hqv;4O#iJg5f%`>{VR7mCQuM&(oH z#umZ~L;CQ3@g8SqB^<`_nu!f43)f8pGXU9w-7=ps^l;=wji`G+C=2k(2cd!hNCeyG zM!~d%krVuGuXn?Ug-@^fweEBF4`H0BJce0GLC9OiD*&v6EHj)egyOs_NB+E|igR|x z7V#T&l?$Ng-#R;}t^&V(HMwZ)eII9V-{b5e>%lk&Z$}0e5puPtbO5lN3q2dQzl-Zm zk_z1^!>FP|`5QAJo7)`z<3qQp{9!J25avTwxaQaJJoh=K!7z??#S>$Y^&tPL9gvBw zze~GLuUeYcpzN}4_d$BuBD@)Zgd4gJTBN#hsJT*4>>2j*Z6Zjr+~XWb@4+}jWEd%8 zW3#$wxzL@&EQ$n_INBWex@qf?V_n;fG-(4_gfU-ZBn1Sdm{vu{7M6eOZB|Yl+~XXs z#KSlfxhq_x9U+DF!$3NmwkH>nqMbbd8Um65E4*qFSwD2wRohl(h4)-ohQ+l7SNQEg z_Q{kK?{R)%_rN%^1@^@;F$#=~*3c33)-Up07%;;VEEH3SD=x{DyH)`iNVh%jFdvfV z(2=%RMyAjX3mTXt-{Tw!J%w=|9IC$p0$%b@w?dD1^a`XG zYGJ}S6Axsf$UMvO#9AMmm6{HP2#u9FzL9)+k8`a3=UfflN}Pt|Hf0Fv1CSl(){FKZ z5ZzqsuX#E_ANr|N;lBZ3sSEfWO~fLFr@n+bV;9BI;Ofwy_c*^r&tT*F@NOc*AnZ1a zCIQI8CmeaYK|y$UIf5xd7UW61wLPg0K*}c<7ElD#V7 zalkBfk1v5WwU z;a(i~^3S|)fmyzP?U8bdM}=`-9i5aj$$?F8V*#*=;5zyB7#*b+96Vd)v4#&-T;V0u z9fxD|d0p}b%i}VNM0>p5v>bnAbf1$@3gbLg>WRaeM%Z#~0w5bTKstrE`m4uuj0A%Q z3sT}mc-H`=rkPqL;7f=eF*#AUzq{UH4WPAhpHqAZ<7lG2G;;KKWShtaWb?P+>JRr8 z3cdFvNV3>^=u3>5(gpQKyow&fCadfzvmrm7bF*AT>Dh1ZbE@WHoK!O7>0VcQKkkn} zCYDl7w2XrNR~E&grSa{Tx#sYR_E7rHx+-4vM=s6|1tAbeGFC%bJ#NLZucGli~mSkiZ`@;oo1tm0cesWw9;WLLZgQ#zxo9} z2iphK#7Yi3396Gt7;4|=+-$)(XH^{?)zYnBZB(F@b=*p)F(1(+3S|=_=kG|(uG?H9 zKsKMQuOa8}fiScwFWT*H8s0A-&KU1;eDz&m9MjF{QKIiIy{<$6SW-KbuG@P>Eq1Nh zd9%LOv5mOH3;;XfFLbb5W3{YCAM9QVw-}i6e3HJ$@mr09alT<4=||QwlyjQ^kXVGD znM|jCq9uo0; z2jkdcnh_Kr+zi$@0@)&8H^(GpuaRaZQL_5J|1>!*|0xFbj>RRR_9Zl!%(GD!7d6id zN?p66?{T_iYGIsiw68D8$%)~1egKdaj%E$sr(ZpslS|FQrc8Bd-VeJ&cS{&LzBZh* z@Wqefs&+s&SY6As`5tF?^^boygO5;{&q%}ZNr6T>GTE%{3FA4JOOa)Q`<*!0KRYp? z>pAMH^CaIV%$)X*`OIi@@2b#*Hve*@qb&bqS=_3-YNA8Tv2}hx7A4_f=$t&$3n3f~ z)5H0a9X5GAX!IbDHd3FEZa@gXS;QFl=@&Jz`N_yVPF(13*tm=w_sNvm2BGB|AY1hH zA@PF_nvquhFnDuksngM8Hm^?F(Vh&ll5vwij4zg8e#w3s`2>%}j7yJ8YA08)#}xTLdJmBf!a6CJ{h zV`i6>QFoui`6ryOES?XZ3sOLpl825fPNFLxZZ4w^vxm^vZS64j^a>lg8ooeYp7VO5jgjOh%!uYNBY7n{34Ie7ml6%q`@AuvvG zCC1<0MDqX0J@&r;Qf>tBgJm_ zGn`lpUZ%XNQ^JFCU_u?VJyL?X?9V>^&2?R`pn=!q?hK9Rr@7~}y*v%MRico73_Vdg zpPBXmvM3_vA94a2hL5MQR$gl(k)$6A6x`#m(agf^skZ6;t(bjWG8GSiHJ0LkZ>p%y zat7{UyhyKBh)^Dg2O#e=kY?rJYV)la=GRs?WgZA1sPx?9NH706e{R2hN;e!q42f$3 zvY(7p5Zepket7&Fe`0jv$AHcbAJoe_^@xxYdA0STss|}9&|8q=%Q08{<;X-X{Av3< zo#%qXxm5ge2+bh}5tgKIW%AGNmPZ z$g$Zw*O^jJ{5*mf$%et{xU_xlQ-$R_$WPDc5>5DBv9^KOpl6M{#?@pJRm_lGRmJNF zqp3Jrkz&wwGl6)$RaeA?&R`c4?%tdHgP^*?rTd*lC4Q3eD`ZASn`gi=>?_bmiJsl2&hIT_XO zovR)4e(1=OxnFo{5@eO;Z6r4_d)+qX@%Re;4VJpK^qVSu8ER4KX@~Ephbunf~>qN4DYmQDoN={fFBoT?6z$uHzOQ*w zkJDc8!O)0O`5(J@!hbSr&Ku_nS!Vu3ajH_%9;%0Mdx7i|pQjx3)~+Zaiq>hi}I z+He20D+*P5D}FaL%M51#1hW5x0L0`{Z~WL1F#QUGnIb{XPUHw;!dKcQ(c)Z4q|FV@dB^GcU#=%7KUsR6&wJR0%9b=1vo-CPt z5(w1k16}vn^p3gNedNW_v2Oj;rbN89rmLop={=4BqfW*Kd-FL_Htt8Qthd;62R#L( zbsPe>PT$|CDQ}e@y$=uKWkQo(D#xel|i+L7?+SXx;Iq zUO^$%@ny<7IoIQZ;diGb#M!-9rt~Bm&KzR2_O@}~6v-U;{m8s(=t~qIt&h>^#bXO; zaXo-X?3}%>9Z6EDIhL}Od%nMCU1enQgZER62-fd_m>rsK3ffpMeRbELRPuy20x?Ex z&D#FlYbM46-Bj%+8!ye~zb$;%Wkzzlv+JS6U%R5J;cxvLw?Fy3ur=em7!qC?%3XMA z|I!}~&Vz)U3bGF7U8}?r@$MRBlu44Tnr&xBV%n_c=fxF}-6^-)%XC8R^jt_VGmgqF z%2GjconD3?T!~Fn0EOk!_?4ioXtJ!Cn$)(ynU~`*Ew#S0W*Q}vtf{Om**K91i~n@~ zrowU{k|pb3yJox(7hbjGMd0TSgFxcZ(C1ajNkBg|R(XYIRHzaiq%p+P^&!JbEcmcw zMw)|crpI3v8>uHln)+O5Csw)L`8~I5-2$GQeU+-YI$`RDE$I@c#7zE`2z3G6TgOTK zaiASdzN|bT!jPl?%;CWEsZM%l!InW{@7%o91UT=3#RN0s5+y?a=XcIgtXmvZu~+}t z#Vca+-d@u6{eq=EA_zn)1%IpG>SnE$sOn$pViS40xP^OUdJrr@T~s7$zd50hsxua!e`Ert)?N;k9Xo>shsiGKW4-KYleQ)_#>7H{5jh%`vs(m=c9)5j ztF%R?w?lC0o9h++EjZ0YW0BiB*)MqZ_PbE>kJ%sTJ9pP91jn^kC$99LT3Y;_5TRUO)|Es+S@A7}INbZH4N zJP>qi`^gy77mPB6e2y84+*#wrj6GES%x2|AQkIi7kaWnopGobD9`)ue88h|tzvLh+DQ78yRiOSGNJvWinu{@vZLNo|ipzMeC}G9+WNnrwM=#iSk*sOSiSB zK?5d60;*tjBb~dj%fEIV8Ql6mQ7!Zm+=Mp7e3M52!Wih*s0cBmI8x%r#S^TYdw)rF zjP)dZXK)=pBe8k>gNNg-aML(ZmAV71>#C3t<Sq)s-@K$O$ZO)s+FyDI@9Zj}N_jxB9i*Lac9A$@lR2gP4tM=@zc%zA zyQBj2{A%pu1sx;WTtT4E67aXiR@;;tv~%w%+kS{=&vu zR~q-+`bJL1Kf7#e|CMp{v`v)T*IPC6sajIgP%PsVRLtV)>8hq zXt0od|BK&ddAegwBRLY#828Y?h)*W(Y>n|*%?^l5jB`h^8^_jDVM+jTQp zXx|xLy})*@RYSNzlHgZoS~z{*sYGu?uhq9pWV=*BTB9@>+&b9Uoy~{bvr*!>V#}U^ zNqN7rAw(kAXUuCS$<`5TA?a^ul6G8ngRMd9*Rp8b!W9b7Mb-<=n5nL& z_%(H2@w7VD#fzzZ2R{0>?|TD09H1q@**Y@Rm%|qL? z+Ub&wVMxNSne3CMfTw|-tT#K!?ABy)Y~%z{Y-tg z@f(plDJ-`XO(Rd3I4{gMmb&e7>Q&yUrn6MV2KpL``S64fV{Mfn&k!rXm(*Hf=tYis z_kDhf{!uV?YhLgT0pa4U+8uBeuzuIpC zWH#3O9;~Q<;TumvfRU@gN(EYYjyzrO`AY#NjxM})6EK{N6oI13qBp6N>#x)=DHJ}P z8x4&LJBXX;^>&UQ>MOob=^5~-%+`}O+A3-2uW~<^8Hj33uYEU)BgOi*lD+Y;02mK z3R4|A+hI*b!c8S%Q>X|%@*3sa1NwN)x~;d_gdNO|KOs-q=^pD6y06#a_FGjLwIyol zJ?gZVi$O_NeXzYRr$f~c%;M_q!VxXNB*JuSrE1 zvI>>10)4C(o(-js2m7VWYdH01m7a0q$azd-<8DKp!*Lz`dIg5R6_uxqBXqC)ELq4z z)Gj=HqJ)gh-#Ea9Z*0vYMKq>L3z`uKDoDi)W>}ji1*2Nzzh^OknA#Y<=AW!X(QPEz zhQkqbR9&F$eJEON^J&B{xV@ipT%fgS7>C4K9|Vq>;xnYE7{0psOs&Y>%FOBTF)A&3-oN#c zS410{EHUB}C01_(TRv0tNRxMHNw9m0B$U5!_Pi{FMDKUjJED=!Rz#xE6%s`mZR^7wqI}A{^ zKr1{!(QWk^1&5i)rvXX1$4b}h-xn=X0E0Nj&ex!)9hAF1e9|IYiY_B_%f*oE&L=j4 z$%HRLw#z@!yU{h*(ETr>ysf3>zaMP=M^v9f{VS^Da{`bvUwPNKX@0{WgvFG>X$i>3 z#65%1wp1dICxSkq%mlU@KJ$he9HufF#`n~4AI@;tnS571LmmS%5EO&?&KtZuEi$>L ziadTR!;?-10jY@$pUi0>C=a5tgL-1l1E!IT-axA#|MtW3*3PNGFyvHz-`SVls{c{_?o{=IX&{^D39Der%3Nt0!eUcnce_+}Sc4Fd%@%X%GJ4akkRtReN)88Q z!_y(P`yNMda~fvPovO}=2V@Z;2b{Bd?E^|j5$7FBE&i+55EcLuo%qVryst$L3@_?*a%uHJTmW_{LM}% z|Na@by0cvmjwY_D)=HIHfuWT#0q3fB=+;}mwf_Vqa! zs+G2&d|WlrK+f*ho07#7Xe}gmSP#F?*NIgs9jaqd)Xi^ov)=R09ivSWa= zvHY|2M&}q>j_D7Z&|ZX=cPBF`UN-Hi(YC)2zOuLnzwy4u`7afl7COTm{`|3ChL6)@ z(iAPa5RNX9LQ)ffEP`I*9!31P`is_X>O}Ioz3(V3mG?Nmu-jqw+^N_u=umZo$@SAi zFhR19S9!o#;Nt$}SBG2Z=S4^kcG+0GnZyP@GUw*iGjoZf3E$%!3Hrh~cPjRqbpWjX zvcKe43yJ1VY0H!=#RFf=OVcd?(o4l5vamQNWChV*|K3Fwki#u@eV-G>1>@YQ*!05C zCovDk z`ET{P9~D|(hqN#S|31NBes*|{Qhe#~L#JX2$QFJw_&}jP*{oyydd*OM{m}jk;@o}C zf2z+oXaFP_F^bzSh`a0D+R*@Iq>@$H;R?D>%L=x%E%R8A4A5ITp?|A^HmG~!Ue}70 z(|@YZDbTK`jv>)=U&#j(MMWjjZ+tt391>$~lNaaNX|P z^PlQ-?G5xKo{K&>ir5mrrE*X{I7w~R*33x&z^XnxNcrCj3+H;JEk4PQ$F^77F5Kr- z{ZSL{)Mxf30PLA~Y1M|S70W_0ZE_Bhnk5F+bTd+^_Ik^#T6X9(vM?uC}$a7*9Q=DKv%ggDO)!)@-*gwkYFih zjrT_ra@~6zUwsD{=T0^5hU$%mBdEXi!n-{?8&3x$NVQ*T7+eRbY%H5$gbQ;j7v0Pw3U#s0y<^nzs@4Rc#sn!}XYB5J7Wr)}5l-kZ|- z+$Uqo{}Gr=qCfv$w+S@O{iE94sm9S409d!KWgdZGV>SB(Ly zr$2FCK^Tj^LUh#cH_C;nNdLwyQqA2pFnjJ)qTH> zVJA8-Ae+5TVm1r%kSz5`H7)TiVc59r%02%s^Pw=6wOli{)lK zpZ8EJ*ALzw$08jw1iqP@c-`&wB+j-^_V2i)|4TI{IE1RLHZ`)=QxT2b-r;T6Bpi55qB@-aA)i{!2CfSqVU5Sd)`|LbR%HPnO4D zUamXns7!qUAk8TJV9~w+3S0AnNV_*F%1Wk741dQZ<4c7Ao3A^y*Bshkko$RxW}X%D z>@5d%mSt6cH9kSOs1LOh&K7Pii@W-66)(B8EW@|w9JWoTtKWvQa1Y;@~0Cc-^Vpzxo+M|7w5GOR%Ta-o9I z_lNlL8`-Q|{3%g{ecxqmpkA&22#H-+qg{k?ZyEpSg}7dwK-xV{@M=N(0;)}iMl;R#;ci=gxz^eEk`SSaVO`s@ee z+^Ns@FQ9!l09#O1-D4KCP))R3JtEEYc6T3WFP+AgbgZiGx5fB=)BrLhPWM{glD{0N z`m6`z+^NsGD^ULx@9Gd ztQ+UA`dkI$+^Ns#j?jLqt~Nt!rF1E!a?$orf%CIivBT{^HiN&91D!b?YYkP;z7=BF zLYo%y^LrdNnkg9PPJO=2gZ6vIcwb;9e|C-_HlXT=xA??T#t-dju!t|M9M$2jI$YXP z_&xPji`>Fb|^Cg(hBlhdd z=(nlzlGOvYahxZCga`_yWe==SNDr zsD92@cjOc*g~WrqTL%rEPf2})iHD|1S5=f$?;v()S?TQY>7t4-#O<_2i$7R0ET#){ zq7EAzuzyQ3qh$^!gOiAMv_iO*y^%zwC-;CcNUW%kp*D%nT$Ntlp>HPQ3`+!_Y#E9xb6N~lv zFl~J)`S$h$`nZMcWc_xtNNnOs`7dTRoVYDJrKeaDKhGUoX7bkF~b%&)Txc zkkRNkX(&a{m8V)J8)6yBv_NOxF!~<#5=|ue4t4bPEE6GZd-?m7oWe>zlU9W*x6qWK zpyk`UF=)4&5G9saX>u=>)PH<&2;lO)M8MkFRZ1FxfVgvmx`co!UzW~NuV(z{?qMH) zpXl)gIXNr>B6!Y<%anofbH=(sEp!%g*;!T=u3^fXr+(>mjOQ8(xhp3t8Du6VHd5bS zDWT9q`8T<@qEY4E7~bm>=}Df}uhHR&H(7fNt7i+(D$VGhqvzu3Wza5us1Jg1ZJ1o| zUQDHU)sy*Y`JVZYFC)qK4>YV=59(g++d0+<9JStJRy^tL&2nz1!SJ?7g^p9gj@*tC~FzL)3QnI|zqN2Kt)1mnbwg z7;Z$A`Q2703GG;mRaV~?n{MMbEa!z-$J4e(VOI6u&Htuwg^pCCo^(AHT zKo4a+pzg>d8K<_!NRVQ+JwKw;`%e7O+E&2O>#%+kuhrZMv9vOCbmAL%8qRK+K`?^m zY8qSX|FZnDrQ}v`Y2J}U+ToP_IXVKh!`m85=NZ+&X1A_6DN1QvOxJOwJKCvylBmGf!yu_32j*b9QXqi^4!qkGTu zR<`y=4U#=sQ?N*vC+Eu(MQIox-#MJ2w;Y~IsMt?KKx7#t>|`O*~Wur_n`5usTv9%@*zz-UmEul3|C z!nyaaKfcsm{T`^MbQjbeXH3xuM8j()$1tfQ0`s;DMxn2E^Dw;so7^7XM6YVG4 z&y)uDUv`}ICqd5dIpGRoXw zv=?0{2XQo#WKt4Mg$U{&Tuj7M)tU?Icq@f&5%Z-uF{l}M)BsCb-goV2I z2y*rhETfaMJ-nQFJ%XDO<|@lCbcJW|glAcZ>|^xpM*PzA(FXpnQ@lSrc?xAQIodhs z%WcG?eDfy{B%j0Krg^QXUSxn-(GbJ)G zB&YC&QLHkp6slkUJEA|IelqT_)ZG-FGYgO4xB>ka+lNK-;_=l(FcqKp47S$i_N15#Wh zq^3dUIXed4I-Q3r%Ed&_9$)6-rX$fys=^=PQGDn>8K@Z!WR1*zrte}?{QvZD`ZLTO z-7;R^iW#-U%17kacxI}Mlq##l#ER1dF@P@ah6^soV@ig@AlG5p zIi9*pozz=P(|F;X;XQpfSYIVAi1L;54O#Bylm)zdXnZJc#LMVIpK7VRehV!WX72GXD+ zvw!qCFpkPm*P?*V{OP5`)r^%^KMw6-;syOM7^=q`d@D+SuK!<3ru0C`tnc9Nfk80o z9=4iOPv(3Ma&ygCk%-&I$mFo!W}pSB zG%vc48##QoWI;`w(_#+Ng}lJ(=Oy$Mj5by>e@|HH?mX5V-%m`i7T5pNQYitC;GPy z_rr$G2b@$K(7lq)YA%Jlg(`)PSRfRqh50;z^!?>D$?z2|md8$7=o~u-na~Slf{!KZ z&`1G-n?v8HulzJz)0IVFu$!V*vqo6yradQEvWwj$ZTp@_RH)4$;x+S5-f87vp(;Qd z7gFF^_zlEm$j;Q#ph7Nsn2X)5^G0-VNfS^>4N-@(O&;Ai%fr0<)(W*nto(ugd=Ivh zmU07wJzgR-H;1&N<7Rg87WqDX%uo6UURKk!m`%=|n(}*@uHDWFn=Ml!S0@BI%~uh@ zJHBs@v|--%9qlsEn~lj9z?0%5aNZCc{C*OBvmk~a>_ePRvj&HnXrJeJ{Q zvhIae2ImOp>7VrK-1i62W)le{m<}c~*3w2h1JuT<#!v!<*UfxGf%+Veo8z%9rG6J8 zq@ErYwz(kfBH;sQ<9$S2ssn&pB92;+K^>Ec&ZiJjhO6!UsHHqAP*O~iU3VAx>({nh zU*0i~wWK4Dc|6F7+5a5_Nl5}e>AYobh&`%aWfEVasl7m4s3$<*03}K$DLxO@(7Inz zGEA8@bq{AsTmrrq|J1!6r&rx^0RrI$Gg`ULI609@dE&Beq}(ndA_JtOu&2IwiQGi4 zKAkbnq#Sa6UKywcrt>(xx&%rm91w=U)7YM)b#$lfK;4`j6SV0Asu^&xgGr?L5;eax zj2HZZ+7?$9!0OYF)2p~`0C{?;d1*R`qT(4EeR}2NJ*>E+p94zAJ=o%Yi`-unGQ_M~ zsbNYSw(ai!;O8-Ci}3pc}H^F1<<8FvIEdK;@I9ozvPC0 z-d;U51UUbBlwO6j0cDkRb)R4DbLxQ#*Vr5!lg=uOBZ5E~+$ia;>GxK+J}}j_))HrO zt@UZ(sZ-uxPkw)w|C?S#A^_5mkWF3X_2s_v1OzhJuXX0;BeQyE2;rhufjW-or z`*>MZbotjzYPC8Vn9ifrsZRkY>*H8O{Ywex#zczuSg6EnS(S%54nVfiO0?>YP0CY8 z=gHmAR#zjxSf;_x^P|-1RWvB;8{667b~dpKh=w55zcDCMo(O6Vl$EmJ@+1t$+&m+! z(^;2+G=x28mlVv;{@V}`ltW-KopuGdrd6YV}04mXMoqTV&#Vsq3pmS>-@2=vwU%uT3>f9f{@uHzS9`b3% zPb)IELa2n8oRcpA4RkRwghH9pu&_of zKE6n3Q_B|o)CK0}QRcC<${ewBh2PMcOWH_e=J%8#E!6w5jp>*+Fa!p)Kv`$3aCY}%O-nU__-k1E zOWo#goxs*HG26enUo5af1ZE(>p1tKb%FN_a{~%Ip8xZE52Ji&D*@dvX8g>eGSu5n1 zwCd(E*I?_0nC;)GQ+R+w`neV?{ERgxXJ%0)srZ4(f>!db8sIJI4N}6GT@6WMh?ULx ztJs1x7+`gGu}7)XXcK^_q0G5*^`R5I75r`n7;wp^KWGi{7|3lumuSAfTw<~N^Y;+?BO#bsI#;+ zqSDhUP$ZbnqqOL-Ex-?dmMzuwlMvr@PI!&FHhod=(HsNj+)149Mv_dA8#{{6i84!S zCj0RH0@Hbv7VV4#o;y(APw&#qp^ArP{RFzdZ7{A(;Q{Ho)ldCx*^6)`xPsC9Plak+ zE0dVPbRKa(OA%0}$a6U?1$q$~#+LUqjAME6mN6azpsdm_Mv+W8HkC z={(|ozb=7!AD?`m8FNHvyOtIW#F{0>=-@8^l%WWB^eM?E<8tPr84TU9FwL#V0rG>+ zW9}zZ0g(8{OlnI{E>?pYKPejcIPn;*QQ&!@HT}YtK`j`R+Qo-vc5<~!0o@PQ&-Ix5 zz4!v;4AV85Jp|_DGue&{b26QI8J3l&fGG~GMT02!AtU-KR@^2MUEHF*?{FUcJWh*d zqylenDk4j02pEE`HQlxix>tl12_EM_mseOti)X*8Gi0Hc*v|xUlA+=noGf2I1BCYfabd84hZ4n3HIxK&sMG<^K z>G+k{$BpA0eJ8K1Ud69s@-7-512aa9$I@O!2^#b&LuBQIVCiLbJA7pT(|ME@wcrPG z&i(J@H`m^sEs>iIR-G@4Df73T0@EPmJB}x7=sD7O9ka^}AcuZnBb$KfJmQB>vw%0# ziGz!+iUe!o8d5g3g6S&keyAx0hYwCK+JbQ`!J5BpX2jF%8 z;o<-CIyXX~FYJ8V4~F~=shhg=*I@=-jE;lmbx@{}0;vmE$0#=~*M9c*PexEjpL+ZL z;&qSHqE5#E`uk*IbG{ujTHq$z-B!x5&|I|&#B9ZX$|~ywg9@Zwm0s;ijVh3OnEXk9 zu=rk#J@C5fBWTduQNd9g+vpac4<8o;wum&OVxU!L$xZyI8^VP+u;>}t!6(Va<-_gx z{A1blXvK&Ga^vf>nj~}=v$DKYdSR70^q;Gu%ymtSS1;4DG(2UBm9HzCo5kq;SPQE& zu;-fTOgakUR}McczJFCb&>8>z*s(!-q*IsS%~l?JKv_A;KlMl;wMqKmix3;?Ug$-+ zH-4*S-8WO)lrRJY74>wsw(v3c#cwQ14eY{n<~@|CR-wv!C}MLKg*O|QH6%}CyQkjD zCt3(T6SSao|iW5x77Icu2aSl<>hKQ?7+koy_i+)Ry7>o zJM2K#SgC4Y%pAfksYJUB!;8t5l=6Rk0jbTG52;Of2B>?lP?ZfsIw*RbC$F{XpCqk- zp7|izejvM7OE%$D?Bulf{&JW6s%bb8qp{sYq8pXUV*5sSHTN4*;@3P83i?*hn!7gp zLSzN5+xJ!jCWs61RYCcVeraVSGU6M!s{^pLYlj(0$%{+5=cK<58tMAxej-Dp-l*51 zTGTwP&YXbc`Qs}(-}oUN`P35X-nu^7H*8{nZg>Va15Yy*5sHX!?I7>UD_7^hKNpkr zE>D8Sd{@N=Yte%O`ARQ)yZmEBrKou~DXHJbDn0GO(9+rAs>QE3S*!O4WGDKsbRtm% z3f>M%4SdkRN-W!vg}InJ_?-Q^AET-KZ7beqB0dz2fnH18=HbQ;ezb{$ZIeH~lF(Wo z(vfj-(4g9ulIizC@y=J7DE`E$_x4(Xx?jx$N!;08L(US>b5PUAn0M&di`9i;dCW^X zu)V^D_GN;mLP3f(Yh@UzMwLTMwsLK~WFz~$w>S)R~vhmn?ikN@YOKwo%gDHDJwq|59xN<5&Ao*H}wj{MT{B| zy{q>F%KNfTillb|RHSYxf6iC#T+M^8brh&O0Z%@ml{8)|!Y7V0f+!e!(M@xx{gj9{ zd>qLp#0q^pvi^;wp%e0|l}89`mTt52Zh=Rohy2qqe6~VSq4t?E&*nMt@w&=8fKIJb z5&jyCuU^Z=o*b$4AG~`+8TXywMytQpuaSeM@}J+5lABw@Pj!c?3-)3#-?a)a`@z7G z|M4~J#`eI2si>juEja6~`~9A7r5<;RKv1Y^Fjm~!_~}-F)MyJ;i)jLMw?^}MCP45o)eLLBdomxL3@K4=>qAH?$hP+V`^J)n@-PN07ShdIz5;YK)r|S4^C8AZZw@f2 zl=8LY%#XCBiZ6#zuI7l_I7Nyz@4750*UNKCnjEB3XDLRIr~dK9!IBBJKMv8i)U^%d zZw82=L4gr*5F2H+iLuz8$GLLdS};G#h$Stco=rF(KV8No4-*>os1ndLCPJf`lp1p-k&X{T{&1|xaO~SnUTxVDno6|-y54D&-^jXs6fiK&+>|HUzk;ku8O4wc@dT^rgPb* zP)mL|XRyi}1!Z#`s(%dsudkd39&A4ib?<0z3N`$^!;1@Q9oG>J$Kt6*Je+8=Kd?m< zrUUgjm5gQ(tZvIPz0fs`GY5-%B<_r*DIU9rhQKH^1w&{Eb72EY|Jr;&-76$7A+%9! z8bhM2+itcy;pITfh0`I_8%IHW?@dR!QdA!}+j-5g6r=C!2I~PXo zDRJjGX`KpBamiT5s1yn^rSTX-joqFE%cE_F%cjKFb*i%O4V`}x%vF~9D^@}UaH;E{ z#A^jS-+FUEfACbESA;%3sYz%YGF;~enzC3Nj1Pm&%Rj#UN^OoMK!ZYj(X1*jAb5ms zmU%2yyGQvJK(MQ#t4Tj()qXmaz3J%~rwjP17TXv#;fud0v{9%C(MrpK{FeNfC1h~w zm|C1#T!~Qk-S9$)#Ya~$Cn=ngDhy$QLi?nn_FnBm#9VYK3aYQh&o_WnVOs!arl#I_ zaG2YVk>iG`H*(H+b+Lc?MtF^+(jWNd6AWlj0KH7IrskK7T;q734?WsFm#O(WPm^mDtLN+e%sgmzcspqd-!2j6#j*Td;m_c_ zl0WC`uheF6CDbkEcyk!PYt1`(hk^BZLe(S|af~>*x!f+>o+|agX7_YTP|bktD-H;o zoE`J6_5>+p=rzcUr`qjpqDuqleXafrCpT=-cz5=j`IB|8H_AMd8iP~6qPK)KR&cZ^ zt5jLkJ2ac$Kf$2eEHi@%8YIGUd4o@+YMhnY{jIozCJ1Z&kFRTC7_ijlDAc`pVo+;0 z%lDDbBT|@HMEA3Ey?r3mKYZZ`&g}A zdOR>q1GtJLCkNsqKyX}YU z0@4*v-2q>_e{;p8l(R^}7<^J-?HKix)y4p^1Qem;uP;B{lX@&%G zo4uEBL@mt1-Tbo8I%?vYt(npHizyLyz6$9IMU-i(%4NY|yW$#CGOWIz%Wq{v`t&TL z>Gl85U7vKrf`a737&YDhwD=^(t2A4>2sYx%`=ueyF8|D#wpqSOVwuT)`3Eg>Z8X+-JKfK{IKX;+G%!6N5 z@6!7-LhD6C+ZwcTYLI?Gy`f=drEg!~Tl6loNyFuiue`;`OYZliGAK0LSJKdn?ns8e zl3pE-NY|Sr&t@bOSM@AG3QZ3Pzkb2+J+KKyH<)&5JG{O$kX-wdQo=HqPXp+`sm+>) z)aIoU+#Rj0T|=B{>?tid&V6Zjf$_r94Kpzxw_c;TYWz2^-1l@`6m-_^vw4dcR+mrDe-q~H!vKl&xzRYPs za%!F`LTahvN-=Nu&WwTSyRk0a?)J!&ek-hsweY^Z_l8$Fm~V`FK>#tZK;GRw8zG5^ z4o823gOxy)YT-4_6M7B5s1hwZqyd^MQDL0iA38!f7kvk>IG&Ho-Zd-LU0gL+^h4-Z zfT%3~%cC71c(if>JSZp4Auwh$zA@H5*-uDIF0ll0A*VEzw7%jMA4^Q5oZULb zz@Zb=+H!6A3aQOd2yTKEW6W~4J+)y|L?Y!62no%_Ou1E7OOryw>u8aw->O8NrEHf_ zMmI6gmFJkGap}nXbyV~C8(l<7WpeqvF)C#}e@Wx4xm@*88VNklIl=9`pp7?v(b!^TKmYwM7`o;I!V`-XFzUDMM|=^Yp>fx;%B;fj7#N z_H?kg!LjEOy>`>0vhMUv>(G~w)`U92W~2aiVCK)ctxl-SDX2`}D!%2+1mqixWpBk4J>i$b7O+Pr0;tB(3> z*chefD6gnXL!fA64hok@QycdiNts#l)OJCulhO|-WN}2H0r*vaWX{oW7teFzo0@M8CHgh|M!oJPw9JCV z%+%E)_4!5AG98K21splkwkttO2`0VO+`18lMkxOGF?ESAD%-xqdxv}1bOjKoIH_pi z`^)NW_!fg*d!H_ou9R8TFxb$j3$79Pg`XCkz7Ne7VFVe@N z31D5@bt5{6ekRnkkW}2W)Mx=A+H6MVoFi=Y0pz)Oan$3iK*lTA0 zLXn-lt_2?rD2eHnIfW6CzS|06Tj+7KyRJIle+HBg{vU+fxCzSYFG{p@Gg>`*CUzy# zsWeR7qi`h&${OUbgi2oc*iRUD5hG8c2K)5<)C!_zYpXUY zdeWp1O8_EBo?I#1Gl|6Sx2UTlBz*#RUct%upz|2v_6-0fUeS{)MJ!U~%ZTA^-5}Aq z{ws2J099ezHHZ|aWR#Az6~}xz9xuDieet047~!@6kd>K`eAu^efE%>KSPgf8M7ZvQ12ro~q z7v+F4lkZi;HW~<5Fd(ke2v~s_oK+oINtO2zdQB+-Mi$=>zV!ulWB616*2I;1oh|o;eCW&pZp%p`T|0Mv^y;uuRpW`joR6O z|3zId(BjWsz*%COuhserAJZ}eLB9h9lalDh>pXUi~6fr?}9Rqxk4 z_A3&Uj)QhRDh(owI3MFYyq-ldd%J5J4W{!5y~ff2Q9yy}xNr7o$1zb&b#KLabr2O5 zVu6xjYjZ<_-WJSKexbAs=fq;Nq&Fh+Y(?ab^` zP#S_-{GA=+Iill|KMA=lD~9_Ru?LvWBlMb90~BEc<}X!5YCdn-CyG=$AlRoi8!iB) zMJ30UCOMnc_tO#z5V2u2a4q_AlKVmL05CTy zsxH@jsaR|GJ(cnhc^jvm{0>a#5qcG)074~{iyIe$Iqu>MNhA#lR!?Y>Ef)YJ7|j3S zdvLz~dmR42jX2q5kLq3(Fr8m~Jio8Qf1{F^#=xBfA<<{$xnI!tj( zgqbAZ(fB69d#aKDWM}I|GcK5)YvBfP^!lO*2u(n~=phq!PetSZKEd3Bur;$C4@7z_ zl+r!nyKD?2d+FI1JVkBir%Aw2`D66zehSKJS>6iD@@<`Yw zbVA$Ui^5WzV-Wuo0@wK)y@EafcjOK503sWL`&+I#L7IA=~^#giqPnX!BRDNJO zkI?H2AnaMR(Vgi<``)XuCZvvl&^}WrrzswkHR}MKbn^2{cQy0ofpcl=s9aq%*!})E za(M^|45E#!IgXo7?A^Kgl9nCc`xBSmbOb=<)dY-)O&lEWUt8V;3GY8wDM|y20zO8s zvwQ$rT=Lnd+=~vkJ0PA zCx903DQe5>BH>I+178<@ICFEAtI7ceNaVQbMC7&T=l#4RR*b*2eJvCHcjWS~LA~_= zJWf_quD<8PVyReQG@9D$BR534iUaOCcgJ+Dn*=^tySz#04RtraEi16!>v80grw^1> zAgBoP9j*>y=xe+-#0}KNj%ERVMMdN_7nAh?u9IR-sc);VV)n;SUOya{gxlZfmGcOA z!emg&N1*R}T`3>k$NTJiU^#C1fifLQRQ4=8=`lQo+;n>MLuygwDDJ^@9--GjVDNNO zU(u44a=zfTj&(VRgxUZBQ>6=d`}~n8{iID}tbFam>JDMhGWYq}2AIwx^a_L-Gj08- z8V4Y%c!$1A(ZV>36NSNjUk1kR@+zrwn!fPtuvFz$4WV`VLaQPNrt=8BTIK_-pp95U ziF!I_w&{9yGGwYdgRZs!QWjx(s$qA`?D{blH}qI5Q`Mzyk`PSi(e@^rA;8cB+6p%g zf4)x}#XjvS9kNUd%XIz#*iBIlW@aRSP5;7EZqCwvIat68J~;T%{w88T(~^5kA|95x z>k}V^e zs2!ylRDPMOqFd<$0p*y8#q*UwZa=k-6F;-2<#)B6N55MI|3$Bl1_#RlTM~Q;#fMMl zy2F@BB;HoNg8Rk!f_4&UOk!k_uGftiAkMp>+q@rF=75a&y>9%g^9TjQI0L`1jddE6 z2usYUCf92lnDEHOSq}?fbvrI9dTH$gC8+#7j!ahEx65Oq22AG>3QlnYr6D5R&iP5& zDjIzh(XOh#zbH617HDGV zui3%6(A=7(<<`Hd;}{C3_eQcq_&@IID9{@qE!ERt}WaFKXM!z zAi#VSA$#6&Ogc?8efe~>V~~=lO?%(z(jd?9tWJ6ziV8VRP&k;%lefgbd~`x6SPrem zR3!anJ`JAuK9FON)rf^}lwF z+cm_I9+l;b!o?!C40iOYBzb!rjr|H1$}7;d!-1RTDVL#y@4FstdbxtwZzD0BJUlv% z*zA)$Og`A3g$%6`w0F~2%B^Dtsp+nhc3IEad14b2%2S{PS_m!FjUl)>=|4B@-)|Sg zp@S?g`Dc6iga7q4FZ|#uBMa(|=a*iI5#|R{&B_7W0_)d)odl;b9*oy6FF-IH3G6!q zrXRbN?V(7u`4PH!>2)A|@68X;PWB=RaV#;^F!L$S-y;PsK+ZR05`w&y2A8*>5ii}| zZlxm##wyO|!0axUiOzt`Q3KjjRP?z9ljDtiacQ+$Nmdd2XFf!}x!kwz`QvNWP4xlQ z!RG-3R(s1^mv$q9-l7uX?!$kxaj-4Z5Zg9;MZ3CliE3gLp2I6ZTpE0U^^+X=zI*~l z)B^R}$JKc<<55LMy^$iqaeM!|7f)>y$X?vC7;u-qQB%HU*B!X%b83o3?<$@<+%jii zwM3*5UT2Hrz~I&aT}miwBye!djdB09SZ!;B&Hl$1hmn-b0}^v^hPq=EF}gcYo20wM zNi?r@hup@-o6gf&*GFLh0x)IfPrnOnb{T6dIp7_Cw_)|ktx!0gKGos1jLZ}a#^Pn1 z`poh=ZcH#e^$j(*ho;om);Jb^I+0U2Lx$(Ou9kh8W9uF&2x%F95keU}<$KUJ#Lz+f zR_BNb)VY2I294h-k0vet>udZ0iS=+pgK}4#Ffqgu@bue#Vdq?r)pH|3zDY@@JS$(% z*tZYSn2yAO0U)1}&hi@N>NNKVIYcT>*BcyzJXZPi4x?tE-C$ojD>H=Ee7|5t(q=N9 z3Lz36Yv8H@VNC{!vU4d83XBEE<9;_Tt=I3#c(QSdC+`{uCOawgUgF!`?I$MpaO{G zO1hMMEu2`d{C@6XytTTx_lXXAnL~D($Nuu_7T+=IkFURwSUx&%eQ_!m9xcz9>Uq$L zH!La?N+DpNqmFuvu2_%~RdK@1wxy^_WociuVr4#ua9XH_gamzM9k7HBZj+~L$UQvV zpAyD}u*sj2*juhdu*LjpJM+BLbnUYwvsNX1A7&NC(*z{O#=0*|`R~39Bu~Ydv_$fd z4^~R&)GW@3PRr$s#QgDPB-QzV#Kaw-ZqZ5A-|e8q4_{!E8^a$-2)d45Mssr-rF*Bt zCQ{$NAh?C4i(opanZxi2eEUJCCkGd%(r4hzAmt0RhClb06{}ds0ADBBahE-%*|wp{ z<*31QPgstDEjyeEL%YkYl73t7jso4iVb8wTx78B%UA50njda}uT>@1jwE`vT(C{|mS@Q}aKBx?(Kx*Bbj z?2F*?GGbTQTrb#QI>7S@m8I0o@(;7gHGu^jqX6Gw%5`0fdP@sx*~$r+JTrvAt&sG_ znX;%TYqYWsSB$-qwc9K!xg{zCB00Fy;?$Of)YTo#KfbPo+aHivKmmX@5!l+?4#{I} z8MCGY6Rv;IAEFC-?@@*9tI3Z`PTRymp7uPCtBv+P>6!X|mw2k0#2MPL-kfX`|HC-&<wZJ6)6kv0N9ID}>8|BSvZU_p5|7@t6Rd=XM=^TDoc<#h-{7?thXZ|C%c}hPby@%YYE~)w^Dm-_&#a4a z+nTSQ6MeMGXIA^AAAlQ1d^e9kZRFd<$4pV<)?St%8LPuOI!b_#wkSKbv9L85q5}z` z75XAFWKAL5vt&i}CZOiPFEu$K6jiiJcv9DwLG|a=!Rl4fhDt8ox{GPXf6-6a1N!N& zhX(~j>+_54UX zJ9|Dcpd(#(S+svLa*Qxl!hnFIvp9pH(%SwcU&_EMP=}^ni4&Xo!?+KdTXP-O{}zH- zPpNR=$7Uju$!YxOmwhT7g2C*9(&UN*Mr@&_@vB!>C>Hg6YS5}OB9vSVQKj>@=-gJ6 zUyBmjmJUNB2;+8t_|-`bNEsgusUP~J-nqIMl4Z58GQ@Rdw*{0)l|vFUmW2?AMT9Uc zQMdDV;1{}(v?V-~UE)0}x*{U8HhJ0`6RC6WzA|gZU!_{_%|R)9M~S|x==EcyYb zK{`L)PHLE$B4EpwiQS~A^h$O2U)MloNDG~NIuNH2*4HGl} zTXXT=W+0c}3L(qO=`|SPt^wcR=#=Tq-9r+BSJq1?ff0AF2VoIFc< zvT=HJ@*jJPmD&jza1!j|7%kz89Wl=*g)`)F)z;?5d_?VnPOB)Snd3fD!tJCZd|QwS zgVrv*x~AazT*=T}mr8GEz~&$87F>{9BNsBxu4Khu;`TH`)|(ELHJq@rjTW?ly5T2N z+1MbQV`#wxv~ot#kGQ|+mw_-VRjazTD`OD!sST4~ebr08r?}IhVCv#9Y8u#i8km5W z&MZzV=-ELBEg@k33^`E#mB$#|4s5{BM1PPNE9@Tm#MZ~xeOK!^vn$IVk?{KunQNiC zwW~ePUZYpliBZ0X3yNB-!|4v!dNJ5az>MqwVz;Ci)gna$M#2xGrM#_E4xV^wva7h? z_H$LEMO@G>t?kG0Ovf7E%5w~|_iX9G_>ipEW!cIyJsTxQ$j=iN@pJCvOr=wJqkpZm zY@?mCNpdI}vxZJkBx(+F!neK>q^6C4MP_9dc(ue3x|wiGUF7n;hNkrxJq$^$tYX@W zPg_!VEh6RO)plqNvAmt5p*yLtwY8xwDWA>nKZL+@qT>HT5s_(GyWbyU(gN4fx+WL) zX&1l%)s%M4uQR!W3?d5`k|b;qhl1|hpro8a)7TGhFhWeKNRSkaF9^i01b}b4KWs&a z*GA*FOjaG_AzZdbcPlU`>1_!-LRVGwa^mN7!zA&qOZzR@$v|^;1%gz5T4AcH+jQ7& z9~lpea@g;&KL6^(E$aW)`F9g39AFb5lS5GpHEG2@CZ%qB&y4PGK@Mi-z_+SlEDdvP zAL%>inj+$E5FA0sULTlFhu43`YyLZSZS4st4M}v=eJG+aecs3_?U$}l6}DN(XP~z5 zRY=jRJ@`a`bp}TKgQ;2*nkX3S5t<|W{M(Q5FZeljTkL_;6W~+QyIm=yyHv_Xiwlnm zZn~$Q%{&w6fq3DG?|4)02!|#R+5kD3J!T&fodzhZx7z|Idvd%pfu=4wdAK&{@%mT~=jSb1`|^81v}mqeM(Ea0k& zFjpk)#I`T)9wDLEB3h7R-$c{^)A8S@`K@D8@U`H02;!5L2k;BS7(OFtfQc<=*DfpW zGuPc>;MfGNs;pTljZ|RYtP=y|QKG8UseZmLFr8`Y|7@!F@1|(4yntGw+dG4&n037= z2@1uMO7S%J`hldNtOZF8I?~1&wdTAacdV1PpQ51ENpKw&)Zc#2p6|s)+uv>U6?N+no^)9eQ+Jor@wVjUvZWs zU1gP;ZUR;L&u=E{aGNW$S>u0RG?K>34~#kj=lP&2fRex9Obb>z*J4xXrp)~_SnXG2 zTIxTWO~z~@M(EqT#cDqW{xiR~%hKVocs!H?!kyaI6GE0H_%Xx*E9m%LbI}xHm7|OFRr3@9BIh^i z0)UkG5qgjq#)df%bwz2N=&IpiS!IFiTtocUQMKn=#CX2vjDZ1A_i{8DoWzXgvlwk^ zM*NZmyFt+=P*x)&WD*_uvz>$>Q6c?4A@~1S@W%IFVvXfIHz@~cjoIei&U9ao9Ij*A1 zx|MpMRh7Wb&y3QK-#YIjY_1}t3k5zG0E{M)fxBKCUPXZ%I@IrOpv(2;b0EH>`h}er zBiEUBP$;(MARrAVS8D(cT<2BWZ=JpPS)c9MAssn@dTkY8md+V_3|D-U#NN13R6cit z-U8z0!p6*o#S94qT1-0JiHhA;!DC=7Ok_rz`M1t9-FKmAOa+sqz<6lEy{0iVpPuk- zj@0g!k(!$dl+!Ta>~nXew&N@?4PodZjp3wIZhEygfcw#r|E+`aom&iZ92V(g8c^L| zu6o%JeNUM_mcpSWtm-jwi*gH8-fk@C|rgF+7se>ybCzMo`WK@5dVocmA5CC z^Y0Y&>COV#oncUTX?X6fact|YF=cQ$-;-A0SM+MXgUYs)IxH`BHZYWvs`X`qgaq?5 z%krPi6txh!Q+B;hO9@qg?xA`)ivtuE8i`WTZ`@ongmJGg0hS>L^`r}3GPRE;J41do79d21JZqfd9~u2-lCcgc)GnSbq3|eRFc5c zn(3pO%WeC)LTS0{{dc?gsO>Qfa2=KL-#Y(pnwt!4wyos57iQjWE<+pR@*WvhmL%1D z8|W$W4fO9|Ok3^jzbJ|-(G{X7kMPd`*XjGunCacMdG^DpaTziLpc`dh`F7*zN7(x) z!SLvW4yxy-#`*v&9O#Q@_*K5SQ!nIgxpm|+uPsmlrZdOy^xMzZ+#{l8E5XD!%)ojW za@qom9z!qplRzG#zAm-`>HjEu>!_-uuJM!ZEF$sc1f;vWJEWw$OQa+vq?MBH zkWOhNML-D^i8+_|@qO<6*34Qn|FV`J_xauvyZ0y3146xs^)~* z4_)5z*mJx6@|QC7S#>*-hK{+`LtAo6#tUxn~8=I=H8 z;wRE;h3Jm<2r~tw*S-vU;G3rr$~C08}WgY{@fPyV3E4C2JLkBCO|d8S;R`V1_IbS zEi=PvAeLII7qY{yP_O(r`V|}-SQ? z2#2|_?XOV9_%=rdh~mC$eb+}Vww$XIYU55;&?iwZ`4u!Vz!vNoOXip+U*o{}RX_(1avlPtmNyfVP3SgGN8m+cDJEQV3##Rd!@~IYESVS?!EaIaqYl z_`a`drTnjurjQXd$36|hA!qv9wfW=}SKS(%uXOWknd2!D@?DI9x%u8k(ms4Nm;!~? zJ03W1kkEI^ERy`=9zI@gL=l?f_yWS|-$ZZp(7L{l-3HNDR56N|B3oi~b!G1bEf;xO zZCXJQy0p@HTX?+?1&d93bAy3sS}xxV3>0Ubn+3w*R2Yi$3op6NvjRJ1u9A-;l-?fW zxql-p4dZj_HN|LJrpXS#v1x|UT3(gYbcxLVC;&nys zX8Kjf&M<`sd#EnUjWtX^S+U(s_40scu$&ocU7J|C5YBJDq_;oAMAMMWfgaxYsG330 z6(#W(e`P$X)K^7>taPBw2u7bqZSrX2w{a~0da6NZBe)n3#o5AfgK++}O&KIX|lV;g+i(WxZ%x)ih# z@(3*VxO1`LE@#2)YLrY5nYw_=*^}OmdKmw3A?|K1IvkJM@(VB=$I-Vc4GDb>cdC2uhwE3J-`pVd{Oow$(aMWx&`E((~f< z>WjxVMUi}Tu?v*26Ac0bz}~5mJc$;=YIb%QFy%G!DsqkFV}Rzo%7$=6TT<1Y6nC(L zM(g<;Q8Jk-UmPaP0*@nwHA9{W6R4VlHYd3nj;Lk9r+4%-#-+L6l5l^SXhL)TKAf+o zNR-spzcm{)yFq&i%(+L$G89!P7VQG%eWp=LUMYUyT$q)uO9$e`_4p!`3Q-4-%J~Sa zLvePO*C6tomTK~6O66>?8-n{e%QQc3ziqzhtrPF>6R2v5Az2t{;A$fF*zEwb+C>05lM?mkU#QFVuQr~+^70LB2*FHQOa6ju2 zFmvyX2Chj@>0nQ3DW7&cBJ_ZgXD>qnBG1_0zdEOtJY1cijR#HOG8tm}haX}Lj{HB@ zAKB3=Fy;b(%aak_cS>rC0Xd1^e|`%oKue&78b2d_kpCXS;cn(pOxb!dAZ`N&scgUI z_+_l_FLrb7e4{o@>UR>V3UZ2~)Nez|`*%PzwOA+0J@PV}u>eY*BX&Uu=gs_Zqs`KR z%^t9uR6`D~g=?=8P4Pb;K37Q#y{66qIhKk1?0LORTJbLOLNUf7L7OjY&{Lo|--!kw z9NvgFl&NE6+UMXT<)h2Y2ct)|TUH@q{XyNLv0Dy$4))<@tNrhgIA=@Rh#$?&TFn(0 z1cFeU6SIf5Sn($fdX2rI7un#w@V4CM=1z;DD!#tW*F-c^M9F(1476C%CNoT)IqOfA z8Ax`pq#Dn77NBzWq)(rPLgWb;4l87qHobCQ2k(w&o$s6O3?`D+mDILp`Qhw zWO2rBZb08~OEO1`R&+9O_ao1ye7yAOwiQ|rKO6ZAkq7ya=O)b31d#{0A>yl}eyn$q z%DK!|8`uw6xDx6q@&LbI;!*taX?(}1ccrq)pshw5b{w?5bB=Zh;rPV_?yq%!#QY@# zQ($B`8R3J_pU$-qmA}39)v$o(^_{OG9`xs! z31wp6MCn568tG-tr$#$*JnFo5*OO}Z0=3ehgHKz}@C#c`})JW#RuSl4gTBY!$*z&`j z!)mf#Je9l=R68^ov_&Ea$CT56tGi%U-|Zac4R$}JUn2>BI~$gw5Hl$OR+X0?(8H4p z><9k4E*Xr|hkf|sRfFi}V>ct>vzd`&1w+n$&O|pD(=R%5mtH>0s9EyWeeGQQ(Jf>bH8d)P34}8&37z4-G zkLRY|?8xwx=YFNON8btu8TQSuar! zQBf0^#wA{Ti7-^^O%gW~fenw&xMvEZ2()wfmv-FxXd8}eHDz$)i7`Vu>X=X*Qq~7Q zq}@yz`L@N)96JGMr$<$Pf#E_GU%91+e3EWM%4&^|>!uH>c##1RFPV zK11DyGNdMCkae9dsG#B@nIki%0u9&B$538a(d?XZk=s{!cR*=d@%@U z`BEuPBg5;e?N4D2YR63qzxCt#LUBAMAKLC0NXKU~OoqK|7=S5wk&Tr2WSikW?u6tu zje>93#r*dga6fO{&I^8{-GHBy%X6Liqnzm9paI2s&Hs=qb+R-!PW~7fH=O-ul1-?LW@>U=GQLpW+dTyR~ zF%96rC9~@P6ku!qWAS1^8*{E4s3>QeS47X-UX38tx$rAT~NeaoVvT z^zd!8*U`7Pwv?jCpsAxl4MKZ~maRaQ@fjbp*z5uS(MOQcmF)5Ad%@=*d8CET*kYlQ zP1W)^D9#f6SIBp!!!a9GLy`*ZDhKZ}MNQ&+30kMl!)MIp^IMdzWCo+aN<5Vv4gGB3 zM>hHbr!m$x_R&5Q^nPA~f4DdPar8jem{4WdYLBo$P2dMf?X+Ppv9=MxLa;8i#}u@1 zl}@6zuB!KcKlWc`Wsmn#zrJm7POH=GoO#A9_=e z!K+5G?P`n37ZokONUkgJH0jIHb^_G8{sekM*7bsUA|!6`^VrTk&{uy_q^7mUO%G1V zghqccii|W<{tWIz?)X2}fA8;C|F}dfL@t=>A&EfwA!Tmnn;@J}fgq(Q+xnSV@B*8^ z7DejB9MvytnQ7d$+x-5d;U{RXb@2Sh(_9QuwEiRUpgVNOEa@o;C_k+%%xh!_htV)n zonCE!2Nn417z1;BR**M7D&mM~#e3c6M~FTK+HitEoc^_k2-V47dwG6eCtu{03)cUx zOBU|30>b$cKIe_+B;UPn2+l=(TA|O)ecg-w@b zjs$7NJUcr-C=R?)B!uJW{V2Zhdp7$<7-%?U8g;08-azCpb@fJpIhFl(`xh2WVZnzY z;Tg3B)3Vac#m&2>m2PE^SZI#LgP%XXFKPufSkv|iJT5sS7fJ{)OYqKe%xl+^o@Qt70gs(8dztus@6YB%vytoSXbTb)T!~*9u z=?WQLYIDy{@2WM{8qed>r}mEK?wLsPN&iP9SaAKjq?^m zE2ZzgvJ*nx&$0-7&mrIEA7=yH^Asd@^5l4p+y9Nz0?kqR3pAZJvSshG1TO=t@bc^a z#Al_H7momkc!i$g@AGjnt5bogR4?M>}T*FubMs|xGgUlf^awF7Mn#gHy2&D$9WSMhz`C%%+LI$5@W z=GYxUufXf=hKF={+`PbV+=#Ug^%M@|)k#!@k_#>%7- z!M$-rnmV5wbg^7cvGv-t{de`|4wRon7R9X(BG2cL)Bcol@ zo*KgGr(I;{p)g#mJ_VYxpiJ3%O4HU64wm?n){&Rv)9OcHm$x2XIeZR2uZB_jimv9% z#Db-54#mNZd+;ZGWGa@B^HKlRU<2%nyPt*^QhfAUTl;V`(q5`CEq!1={ z4+fkD6D`HdZCW8XvN2Cc06V1v)7N%sp|bmx5fw>xC5ljL>?^I!k~cI zkr5b>2C~7e@OZHAM_{hehtn!iG&qV*7;yWC3k2LSyW=rF`TNGg)r_0tWJ3yy^Q7qE zT!`34>Mz-2l4RV0INC5t3BlB{l^Yq+9^#<9S%Yy1u*ThG@SL7Wz=&}m;YqhKtaK8> zra<|zWi3H08^}{I$u=P&Zpk2G2CB8NbjGIanrK_ggIAu@!Dy0G!VUv}OLoR-G^P1W z6FtrIsCS3G;j={0=fXMR!4F`$ZsG4i;4mi)Jj8)AdW{i^I!kHdaSYs=s@oeq#K2l0 zE%ggSecoS9ntPk)Rg&p9@6ZFS|2U^EK;(fTTeo-cn}cO(12s5KjJW5_t6Bl!^)=cJ zH@yk{gY+PZU@gE-L)TQWcQw`=aa%_S|3nA6ZL0H|GYCf$Ex_2xlfiCs4>Z_K&Mv%K z#&a>@$o}+E&5==lP67CTo~=Hk)gq%}bgHYeSJ4;{$H&8fvM*$vD`+7cbyKzk7(w+a!0Jkq9EZVaQ4B^P6$fN>m}pl$L&1N4*>5UY%Zz>H zLjULo)bH+ch6|DB-xx?Epofd@D6qm@S`MA8qaQvkowoGwB<%-U8m1CXT9}XCn^jbn zfsC_t4Y&v>f0V2%{DU8<<7yDwIn-_jjt%Hh$2gL1*0174iC))W)y6y426GPqJu~Hd z#SfDb2Laz(Gq_;b5@FFKcq!FMy3WCN`qx}EVsINRS3WZdK>tTAH1j+2Su zm`TMJq0vD(>21=p^VkI5+rltP-bU8NY%|(3QCb5hglMxQb?A4{Lq`?Dfz1Jt|B((R zS>VBnvz6O*Ukq|28|N<(cPm@0&ezljwMDV3u<-UcW|qrvv;4fU{0$kBP&NLtewq*d z`G4arhj@YK;E_yASE+Kt1p`iP_A?CwOHH&L@QQc|K62*ORTxxdswMo>nCO{R4CP0X z^|xSz$n!5wRQMKr(aKYk|sJU1-`#U5Bhn{P*H#fE5UzMg-_>8y7a-`H%W?wxqqL ztS{SE-R3_-Jl9D2qyEckQBa(uAPa~*WD^7825@$A=ioa(?E#5f zMb-CBD;aRoquTj->F0-_Ha087ZQ)%XVyu*(pqdM5d~aKg4HPHy;10rxX*}f~J*tII zzz6Rs{1l-nAN&}f3R`A5Gs!hg#8M;BuI$RJqqAlN>?l7~D~G znWLz*>S7+s-y&B8MmGSCvC}D;D#xh)9s%$iC@h?>(r?Ley)U~liuxF(Rw1GY&c!Z! zARkkuAbjnnPxeT1F2~n2E|!mlZD7LbV=Pq)9`Bax*tTS5KOx0-pA}q zTea;mW2ApB^GA#ZV`vB3O-TfQPgq}XjI~I<9w+*oQVcl%scn=DdqWA~$XDHck?|SZ zMjVAHEYwqSo+!>w;ty2eML%-8=5cQR0QBA%gCM2uo~1)A{p_uLDQos9qD&}GyB|4( z^KZOmAwNuECT;3XQ*hJv?C^Q{T|jXLogeZcuYy>N$bK%cIDkAEtpRs4F$eRrXn`rKCsq^OwC!_c;1;mU zB>lq{0AEWvkl--u>Y1!BLJq|lQ+v?Im>M$rE}U!Hk3jxdfN6R}%983C4*mP#uAGf} z9^(;RV5clhQcZoryoI-gq$7_Mdf0aeYXEa9D>WiKuLSGd!k%{pCBpLKGT1K~@=w%(jE9oE($> z6|`5UH84oZW=UFYU-WXAWG@|wfP>ug|2UdMZy=mUnWQx2!IbU8uYq4(gjsn0fY@v2 zv2!Yy0ehGKiv<+$TB~36-406JAsi5|kDVI9NIIR)LUBIz!9q9!re7v+t>vl^ghA%o zch@eobNu}~>#^~C&N=I1<^wQvm)#id)ok7O%$IS$%Wex$k4!-B$bUJ~OX92$&b;6; z>WdJar#rGBF3jxvTn8^?^RfP)&YGQ{8N7G-@h}A@oR38a9D0h02z0-%Z|HZe3El8R zaW>IuAe^2k53PcOd4yjiK(ojQH;|RheuFBiAEsuB-}r>5y9WGToW%FxQ4DO+7iZyt z7gS5d!<2uaIeriKyg*CRglB~i+9w^L!M(ogExQ!_)wiki#|i(A#S?xm4p>1sCyZHd z+kzg~VBE3nh56ttJ%YqR{_~w>5Of~={1c`k`W%zl$_1bZprtB#=_UGDuiQCHXfD@t z*B8kSn;>eaME^CjA(=GR1T)60n$)d#op|NH99hG3Imo*77)2+vIFG&a#es#*mtno8 zzRQsL{N!0dLIs}C;f4elrb8KikpLgV-+CTHh4ChkNko7G;!pTbZMCFe_k-PifZg9y zfkerj`5AZ|v&vVB?%7|*oU|9e3l~)Vtj-t!@ag)FcS3ID7II(={oU6Y~n0Ap}R%{4*R@8}Bw^1)62aoo4V(~rk( zi|Em~AbRFMd4w(>@}s(xr}hx?TKwQKL55dwkt2tpI)Cc$mX{$#cjLL*Dd8%@30XRXQ!Gl z|J6uO3DaVnP}0-{`Moi+SgTCUwK9QbHR)UY)+mi|3dGQyKy3&Ibp^Lr`kn;L~YF5Z*f zx3_3+pI{2#={q7B;pJtezAY@q8=R+;dz}Z#bNDBZ7~z9|zL6+!y`YdHs0>6n75ne{ zZ)o49&#TLQ*I1ya-3}Na2YUFkwcM`nYEH{54D^KrsgrY_Z+D?MlB+Thd8$Ok(#Bpa znz15)!h8-`=OqzMo!^`UqHfrYS00ue?O<00drl_@P^}$RwRQ!OAL}!hx-&v?q?$V* z9DO7&GG%?S+d?;>MWkm%w2}eLl{sTEGu*2Ayj#XmEO!hggEHHV{P+f?Bs% zE+F^(zjaBiC_^~){T`3R1C%}1L0+Zo-sB%l7xuT-y-gm}a%Z$DABdj76qb(c**UP) zg&xu4g#~9LvTF}-%RzIlS0Nl0G^dIAoVOp}4uK4~z!A0E7)8ZG>WTmsax=4^n4s1Sl27|jo~Oa)@4i~Yf-l-W9@h~f|H}HZ zosxM!P3#HR7AP)2&7Z_RTyCu!iIV{Nuck9)ieoosm!)e4X7ibq`ZG z@qA^?Pe1zK;$>3X-O$huyn1f7RvVBC!r;gV8#U#>g6OCR#AG29f z@fv=7P}cfRbeu7Wln*ye9ZDX<-UoSpo$X_D25NtQRS7JT_3d8O60Ca-N8F39cU#8o z$W(v8@T1m`s0SlhDPoH+157kBDQ7sa4WKx-3J-A*7TwR48g_{VTnXStukm^}RFZUQ z?Qw*3O~Py?F4YY3h#JEjhN7A)%CF4Xzm-!j%Bcs*>_c&UxN{%Av$zu@-m9nsOwd!v z+iH-(&a))|odgj#&);8Q=Jt zi-tDBs1CZw$W80)ZhWF~eDxHK+VpURxGBsYXnUSTmQ?BbxM@erew{x4c>1W+y)#gp z%;E=m;5wu~%4{1^n1cv|XA5(uKPj$sX9A{1l5$UV4t`iN&|;B3Bz<*#RZpum8-$}E z#qfLn=OGlQ^8JH9O1ZJPSexXr(=N~mP$kTs+e#MYQ-r&tcL%V1`}!gloOg-h$4>9* z;rr&p+BgIQ;p!q|ZpNWFjZRUJbqQZ#98ib(tGOBhkL(Vh*=#b)vK>+ zygEa&@^@egcXE6yOxNou&hFzwoSmg~@3DDg!7bqQJDB^h{;66C<2xy197|=gWaxXo z-TdL*iBIMYPC^R7Bk~3rc{orNM4mzX)kASA)9P-JcY*(h1x^T+H;j=# zSE-Hb6&5D_^&`-W?1a|RBic8u|6P;ax<&^}%$DsrH0K*0gi}!Wg}a+hvV|Vp#G2>m zHCcWV`KpBhc46gSOIu4cU}z(ydGcG1rPcEZ)Rpt>%b8S85nhNM{%>8Kl4uYP)B5{h z=4=lAh<6}<%6xJS6gNYmX1hsRVZ`=l&sD%a>_9V#z|~x)PES5hz_uh9-kecpr*DeF0W3JO#$-{ufNg!y0r{ z(_Nx)b6qG-PZ&2e#|3zrO=}94LZ5_mFp!v?B{qDjTAJ=a2HLRG=U+s$7M0y3zU?C3 z%g#@BxS-$V-pnxw2e!$BcXKX3CkOaNl|RvWc}onZ7^N+7Mr(R*Khv(82ioV0H`hng zB;sC=d#UFN!!Y^nPS>I2=@XrUaDIGJ{%RltZ^H>Plxc`+qcmxJt@T}J%nm*VIsa@N z0(wI9(eSp!4;gHY1Q%4a!qqR?BW(B3oX!XTYUCy+21yA!$(u}&Clf2#k@WYmI6dcT zB%gY-1Cx*X7m#l}gLtXGFMif*a6)`YEz9GHHnaf6=~okl$nz7s8a*IPXLkzpMjH`V zT{s`mcm4BS>Cc$m`=&Qs)ORq2AHNGT{x;n3*ZC6o<5cO`mRQ4H4~jGJf(pXvA0oJ> zK%6HE12;sd;THaq*1@8)aQM-yOnewa$rYe)SjBJ2BydOuC%kR><-1Ze(e#K6T3;RV zdC+@5YL~}Hvp6d6`~rDR;pAk;*hp66W&6z%lmtvc+{Gjyx;8mZb{*nMbZ^Q}Ofa&8 z)^Oqoy`P8X>ml-_qo)rUDBQpIjt2QHr2b#%^h2eUteAwZS-1Y!i#UTU9K-Ee^^3q@ zq(eC6y{DX0wNDKk9ii4W-1|TNmJA6tk2?C)eNc(=evMPZR%^Ge8dturcC6stoaw^I0YK;5m)ci*Z$iAyFE`7wzS+Gr?w#>m|uoQl}jb&(1TeI%a10|DPy z>3YAnNl&_$MWTY<&+iE<3bg!hl7C;FDmYXk(DgTpu~e-eJraWE#CAeBTG)?aczHfi zU)2E(?#_VqZ2Xn$EtYnoqPmDdPNN+KIA5xE%&Q5L?fDqI28Ti)1p@9cqo6ry0}xK_ zg$+8ke*!FaGl*2sm1ptB-qur$y`#xOCeB$oZbk!kH(W7}lRH{>C`ans%(JML&Q5j* zD9(7o0fd7c!gJO(`k{9QWN;(WG@JLW<{pZ2R!m}~aO8P8dp*T}9!w`8cv+?PLQLQ>SLEWFsJ)vN82m7pEoa2c$nM>CQ z9it)eF6k8WZU$P|P0Qym*Vp$8IgWgV))Q7zZy_8hRtm0A{~UYNO_;)^mu5*i4Ij*^ zZH6Znl4~0~KCyzlZqBD2-Rw2GecY2poBJWi(XS>T(FY!R6 z>o6FpBcq0OUZD2!;}0_mDsMhGP}=_$Rp)A)o|@OWMnoSz0r&fl1|=xYrbHuzL;c)V zO5G&aQ^O4WGKJIhJ#!!B;=(uGTXC=UFDv^FFuMsuY;ek24!qtkCCu zGvErs`JOh)jHk?S{!0SXY0jHqjIt+4kbg*evYO^ScHGAW{HwB5x*mu;HJzgNTO1CQ z&b1?Z&!O#t%>pwBM|Y~efl-G|z7VXSvT{+NG3V6Ol!3U}VEyKA-Fl%auut_~S+ZQ< zD_CUiV=7QILBvpCA;?r3{;>}HV}*xgX)nXq=@LVI^=a(ty0(Hr zw&f>DQITd0zBBp@HN7A{MOpp1cw{KfSK>AZ$MGmRyc5rmWrY;fdBO*_ zeKi&mev-g|->X3zHyS%)S?40n_fW0Bo}uW60(jN*dYIY%zF_HLH4a9=33+a390lc< zkn;0-$ZJw_pW?69<)hM|1v`%5iYZ*Ku(%?UykAT(b68w0{0jI=-(kX zgr}Dz4gGixB~N|qF+`q=rn+&zpsp$(NZcH2O6tdr1Z{+{rg>@ZdSK)YxgGEdF_xbY zwuJEDS_^fj%n4>m7qnmhmm^KXlLz4pFSW8gcYBIx4D4lDw2sGtpD{%WDea7nJw21B zbGU+l)%y1{N}IoUNAGW5uMAy92GOu3Nc`(R-$$Aj`{DP3r*{okp~atPY6lwSU`x#a z53zVqo>$zAa4@keMTIc13m$*C+=2JBtrSmhYmf5$+tNkw0-A%14Uxx5;-_CU|H#XD zO5ou;e@ zD`CmItdc^(zc6~gr zn*MiP+QbmfuIxH;?n~|j?+1Ou*>IhDs@|24@~JqJ(7c#{EvQZ;jus(t;kR(RP-00j zp`b6>P#rLa=7dN?IRD0|;(^|t>w$J%r2~vO0$1qcZ2}q$?Uc$|;Fg@_m_Pb{`BMZH zCq?qaL5LTmdqQ&(9`uC1W2eqFC%jM8piX>sEt7VX;Zb-k!!%{74MSR;u@i{Hu5w_D zXfD+|mDRzfG*BYljri?A*%#8Zwe%2q+8p)Y#+}c=7=U~mYlq%pLt@;ED#J;9S z%QGWWe+U8ox{gGr3C;8@B1491;XT=@__QyOxWhjVUGz1Cvu5egUE(@#V>k>n3uWB6 zYF#GgEyBoN-HXO4)jQe|aQh=JmLYNNL`qfPjyg{AGlX3?e~0GGc|$nPc3Gmo4mvE7 zhCqJH))SRKTSp!a==P>s%kLD)LLyIK3TI2ATGa0K$I)yY>gyVOlw&+o2%tGfC=ia+ zDp|6-Y!>>)A<($d(uQmjAMa{l=<8g+&MU;zQ4Rvt0vJ1D4T~E=aBts|MGQy3+}pN- zmPZyO^Z*Wryu>eZk8s}PD_{>QRia&LrZat8TvrwTdoALpnGd279z1KTw%W{cKe$@V zllDW6f1y}FpNnTo91srwGt(e~-FK?RufXhpI^_6AERA$}wxN`dBQWYG->H@XDb22; zEIgw5=*_kgiaJaES>N*VLal2V^+6wdDdOiEJ=F6H47JZinm)up=3_$nC7ow;zkK{f zjkA9O`1u1=EMG@8NU@yj6%#%gwg3|>q3kc|)s6@K2Xmj%$r#b+r@JSJo7;bz|Ez>r z;Xykj>p%J}DbiTu7|7GFtoe?3(PMOWJcF*Ui-O~7=@v?!wV;RhV%@*iIlcQ$a2r1O z-KE$ui@SWi1zYhEcG+;gpa$)Ldw#e&3IogG_uThky1z>7{n{9XZmdw8Z|)C%KVmOD zv|_AY*3Ujb@3nyoM?QNIa8Q)Y#~?zk;c<=892sU|pVi1cRrB8IJhcksBf0*dCm>2tcy#Mg zAxcFj7(c6U_!gQI^bi+52~92gDzmWE)&w*Hfs_qn*1LDR!FDGO^dF<&R|JDReBa|k zlg(GiA+C^h#nYc)V|IUBICB7gb#MPcc;gY>ewI31;~zG1ZS!@4LC;Utj_yWvRTk=?YdDWjIrY=mJKFmH6Cdxtd}J$mHF+4=|DXR4XjBJ>h$ET4p)|nsco)HPe-{?^ zpdHM3OKp7G?#BLK|+L+fq{95Pg`2M!rUOP z*wJVs!0fsqWERYLU7Cy&Vdl>|F2{%!)YDDy_BSUuS0&Uoq0%|;BT71-XwwtSgeDn$ z?ImY*i|}3ho?hvPvY~L@-i@{T;z#jISC#{BOGVS8T#RyYWo37lfg-xuvkSVg$;&`{ z+imJ~B5g%w+L@_W^t740eukB8!IUx|TM>1R!`%NXooukmgBQBVAyvdFw$ts}8Ud!m zqfP#F)W;^@28;jFr;F;KOc*lEoAo+2TzRqL_GZsg(R$V?`JT5Wg=kq$f6DPoVTC$h z3hXzj&3!JuzwD&!(kXNA5Jhc}c!N94S~(q)%*ZPzXJ2-3N0nZAF{OVP-Y(h844_vV z$S5BFu-EK#NVSSTF(NoYcYOUO$9Nh@hyOp{PSUsU!Ix8YkKFY1oSMBz2LT3j-SZ>r zDM`#3ecRC|>M|dr&LH4~M~|mDbd9QlRm7EmNIk_kUz|q&1=n>%(ZQ=h+Pg3Cgw|t) zR)x1@Dc+wcKUGNxHIP?xz`xQaE)NauJM(w=xwT4%Ur$%)*2#R{S$mQ2 zmJQ;5F|S4VPOC0F7q&krh-619nksa7`-96lP{D}pm?Q0Ny-+dlP}k5pu-e@J1}G(T+T)^B~qqqdm$U9COCFtjo=AVB!z zM-)iB^HzfR;}e8OyK~SD63v?-=l66v@UZr^Qd63l_>x-SJ!r_kdA*%d0w4eB_& z-@`3?WFzW`=PFuNAvt%9W;wEoQ||ur}@3~h8XS9$c$l3x0s8glfe|Fb1PM$&-|}oR4m6+ zMEP7qts*H}or94a`{o5-8mo$t37;kXakg)loX$+ojDHZ-WK(I+HK=??qAZ_w$sjha zeRX&Iy#DS=fCh2fTIDx(Xbgu%3@q8dVGJP0pOc6O_TKUTn!86JP5m*a7`qjBmrBU{D-)3NjmnBGIz-5!TZn2Ie04p z`SlC7u7xY}evV|cAm7mugy^K!zA7s@-ICgpOrXtExu&&!J#Q)Stj24%QLbYaOLN&> z{iH0cf_dFFCzWOem*iZdVUVlD_*{x1fTK5_HkOb__8>V|!{GCG0b300{HuP28g$0& z*8-B9`*#;Jvw57nPwTRDG`^z0H7Cv?e!`;U860+-kIn188+i1^)6qHq`{UA}yx45F zO2=VI*%vMMapm1)uKbtsMuC;dm-3j>ylrR1xRFyB3ytvm1~o;9_mZM0De%7et$n{6 zq@b2$FAPwU;iGGu)tZSGxZm%07^>Bq^;trNyZl0Mp` zI9V!$^3YmKA<64JBgp6ZcXXG7b|Iff$^{9>;%-mxBQ6TeP|vLi$LISul#`7)E{_`z zur)FW$L>TQhgGtoMC$U0IcXjFaD7)bUUhmN$rQJe)m*t(9ln+@VLwZBiB`QM9ln%#r>*^{f#x&-ukI#l{?P+D^vorQ&{>3 zEBdj-4Ca0*dVztjCpo3MzO$KIH?5An@2nL6t{-soX>+V)Z2L|R*>}$AH>m=@uBDme z?l!6sdhNnfa(9?C6Ku(zemFaf^`?BElT%&NvzOhQkruf~lyHyD3}oP@9Y<1UJzMB$ z^5e`u6U-ycv(oexNX>YU+R<&#Az6}Wr@&XC-Sy{#L#}FZG)I@O ztP6t(Huf!Xe#eeQ`i;WSzRhLLd|Z_kqvX9VLrjHEjKgrq?r_SzzU;1l_%4>go-dY5 zosfrR{@);?!`aC#Oob{fE@znBGG)Wxv|p02V0W;I^K$GG1{L~fbG0Z!VOdf3&8X-+ z#rK@@6hb9oQ&g(5%5U;pSiBEHZu=O2R?4YX_h_B5wz)muqp5W775?0`7=iz>Y#v@L z^c4)gQ|sxxL4vUdrSJ#uSmp7!pJNSDe{#JQI(!m!mVwEU_iE=kzUWI+D5jdbc0f>};Wv5v10)%{?jg`_;~4 zoC+L{z7Aa@R15EUoUyBl&}0~{EYZo1%WXx0bY@{m6$Hjb{rcpcNV9wPcr8i;>ZvVD zGzt~X2`XCDdTauV_E`P5VV<}#lBrQ!jzI+{91`8AUKuY?B#cylq_rvUk0iSl_0<=qk-{fHD%RA(+3iY z{J<*AQU9;uW43HXDd#6`Id-CP$v0%h+fB=o%Ud491>f7hM4mbZ`Xz+nIGp&pSEFPk zEQmpGk5#&drv>NoDm_Yq{znoU_Pt-YIMHR7_R;3Om*~Pm2G91uW5(X-u*hqevz&s5ViD?YmwS3@<|E3mBsLAuu0K%H}%5TsaVFp z&9AIg*b#a~wBDJyZ3yca8}_pZpScFY){(xQ3-Au(K4ZI_Il4Vbcyj2lE7MpLOLr_7 zEk*DXyY-}J_}-HxxoQ?y_5^WUPzta9)A|B32HwrB`UKk-7#U-uu}aAwFh9po#rxL= z-R5LfWIH?M(uG#CDoK3GDrnu?60 z^dq8otY6A6xW*%tf4V#D4UTIt60Mtm<`VK#44 z?kw}22_iZ2bH|KlMGpIQ7P12jzvB1_`pTG_GnMXnzsl_AUx;M)eK%Lrkj>=bEosx( z+m|50`YA-OKP{M$3*!Wc`DSk~*;&v2*)0#_30Nx&7a55_bHHeIRE`Bnt_buo?=%1IAT->y|8kBi zyQ{3FS%TZR(ZoIz#VQ(`==E3KWEC*};1fubbgLr#HknM8VcaB7c5$eDQ&)Z-RS&Zx zUI)_*g`we7gSRA+w@4|DOB&%Mk z)?Tlu-v%Zj!+4l}o4}C~F*W*t#m&V^h}{)rq~?A7B?#t zg27dv!f~*N^3mPMl@mC|tt4%IRW+SLUUb^;bQ>}2Vfyo4$nRWG-oBf(b)C}EqLxz` za$S35`Zu+MBRc)h?G~em`Hxe3$M{yUXDAC$cR!-XO)l%j>Lp&E<{$$JT-d`PNAvL8PVp z`3ppsJ(rZ=H3o z`f7bi>*+%A%+KZeLGwL_Kbo`nt6=E10@h~5)2bf2?cke}>0!m!jx#qDr-|)^_b{F~ zH;4Lg7z+F^QH)4Yh#PdvEPhWDQAKQ9*x(Yve;^X7PVdZG+!r^S?`NYEA&(+iAiK~mF zorT|nev;v*u{g;K`_7XX2j-Q@;R3A!rA(bAVv9cLvECywde?H7SP?Pgz~H}{6*!w1!6u1PHN!q>yMw!RgE zXpM^@Y!xL0b%WlaUp!}cHWw3wU6e4S0tkF}nC3rea60TwTo${bT2;{GnyNT8xWbj; zGj{fytEf%HcdHLRV{R7QT@Jt)HyOvWdcMrWiU9X2W={R{NxsORLwL9E1yN3Z2PUHYJv4|6xC}MBudCo~RV=zm^Ai;e0Bz{-=l0qlF z2EXZP*(@nV@)@CP^H7q>4U6TuTCz3yIQJkLLc1Z%2}WF+a6pG= z$r;1pBacKj;Teamr#NewsVW&GA6`x?FD>_^{Q5G+@jfk*GOd34I>H7!f&?Fay@_XV z;GS=tgYnrVll9H7G{LRhld9<>U%xJHKJ{N}-*zJ@o>-}%nOH>hM!$_Mq$JE{#dAI;QM|H3~6adztw2>#$1s6esb#j-KMnAnUFIJ6O?6 zW(xPwgw{p}E%)fhoh`ael>ZM6rai3Oo$NgP{%7v1-2awr!(G0G+(7?Y2NDI3$| z_r3cK)9yBi#cJl_%agv1Yww%;Q+Glubzt0a45E|&RK<(R8X;KPm}b+}b95$mI&ndq zKa1&3GL9NSjyS963w&%8a^9qA5UVyKxa#xv&mJ|4+XNTRj88B<-U1xQ2NAVT|4Ng_ zX4boC)&r{MC=IH<^f=Bm`_l3^PS#%+xoYAMI2sw>s#xc*kQ2(b`jI?p=fS3-hO&?U zvnR+98diwq;IFSOTSV++fJek0=`T%s>rfIyJe#`aNN0$$)4iZ)DMX;}u@pSz>2s^*&LOe7_`#(CjB~Q@I#RH3f<^R5Q(}{hE)fNYBwrCIDuvYwe-!8la4Atc8${NsC>L* zJ0g&D1Br2Ph&7yfgpP7JO^B?Zthv68!gM zVxhe-oGoV(2xnl2Hf^c8wkW6r@G5y+F3YWXeliLwsgv50X4>|Tss$W6wMt!T)x{8D zJG)Tr_-P93d(21w;)p5S`vT!0t2d2BK-Gayb?P2D>#9;$a&nnouVX?0=QyaTl25F~ z&Y50lo$(RSF!Sv(_#LJI!%=m64&kKnd{)NN@|`#A09oFUm|=Ibq^oOqpCg4B@Jq|y zcN+nAth5-L$I?f=f(OBYvXMDW>VI(AU^sgCzabp!xB9H8zS@mRpq~TP&G{P}F*Vnt zB2@OVs!3EF2~o-byU0&EE{M?Zx}LO5|7btQHtSM4lm-9idx<^ziirM4cezDz*6JHz zIDu^O!zcLj*r`d*L7~T$afdcF)1IoJXUx5>7vf{xo?kwUp%oBjUrHz~gMD`~m-JZ3 z9`usQpNGWp&Krav-`(zo${#B*V4cU`>-j>vq}=8JWUu2qjiyeD7LWZXG66mLYU(Z7 zR#TWg$vTKEotbbDo4Wf_{>T={7AK?moHPpavtkgHG$pLY%n_Y|>P;KI3ROS(OY4_^ zB+gRI`>kO1>_hAa;`yzh+rEwCG7M+S2(f;U)f96vC|Q~IZe!cFL9t(-@yXP6-&5?5 zmmmUF-i zm%Pwj$JxUZ?&MIwa{KCR@uvKRoUjpAQt4zgJ?4F{HieY`I_uQU>pY;Fc$@}Y&; zjsMKEI4*GtWKSZ!)v&a)sm2hQj{hT#zB+=T2I6{)%u|EGsP73@f3-7fT} z0#XEbLz+T68(v{B^3GELg~Hu+hRMU?vAQP_?tA2+527mg@?kh6R6`KX5arQc4C~vF ztskIXPkDNW{FZ+k5t-bVR(&+mXOx`MfCG+t_+23}{Y5rOR*wB`DdE(;B>1>Uj1kq* zrQ2M?RPlGd`DXzhBi+Nw+gFKs!Z&oZIF9DZ8r{ozL62~U(n1T9z;K;`&nF|-6k9l6 z+=q2d5-06SgY4m8_Hz4thi#-a3_L3;K$~^TyV@g}s9{W(zm7jDe-3)0h&&mJM~%ox zxh9)9VTqY}xBK90Dr{V2AJrioxjsX)1B!g>Q5=-4mq`IL#!Itv&5!2%JQMTY6d&@0 zfZK89Zl;}F?TIT!JgxV@z>O^agljMy3QHCU2iaY^8t@Zh7$~)c6LWhSElgkEdP-YD z)XUih?o;1IylPBz`pz21-tvo;7)HGpTW}m_#C}J1$?pTzCLvgro;Y{YU!oMwIwT~P zr#$#h2D*R=ZNxdF;(gz4&G)^)VHdr)PLEj&!=VWpf$WLBbN_|E!Jfwle$bsfWU0}k zgA%VQ#m=z+^}7X7>2dwzHbIFf9Rk^9&DJJot5D_(56U>E^}RaR-X)YZwmeC?X5~ zj4`}bbxI#k-VN|2avqKHf2oQ(Q+Z%cd|*v(_8^o6e0TQWg+*k=&-5${e`3g<4r3<@ z!0sJ!Zi@iOp7?b%?=FW80(_|3(d?g><%)WCqMLG3!w0C3%TP-I3y@*d&EM;jVoEQU zgIk1C!(Jhp48*cU?sxtLL^tpT{*>Z)^*fs^XdmW{+ zP4D8VbS#;IDyEe&nCEea^Jmbq)dwQ|byvKe`rFUF{;TVJ=x~Q~=AN%wbmT^oo z1Gcv!cQQT(bKozVFsl{($?vxlE9y|v$!kw;7z%s5vmX*n`tj>NOM>+d>^&ylcS{u- zS5{N{N8u1VA5FkxRPnbF3}Cw(PX9i#UNKDEHr{Sg2_+3@LW9s>oH$SG`m@DdhSg=< z#di?f2{}I-R1OdhQqAHmz%jEfTMubG0rFUPC7oV|%VQeln}F5uDv-D?+=nZ%BQ9U= zSrti36lU1JI1+;5h&&KVge<#^Ts{w-5qKw{vlH512|SSu&*ZT@5-Cf_31I@&K`iu~ zY^ooMm{o37U&WBWbPJEU1coDQtAQBTKWaKPpc+}2Z2Od_ejxmw-&v?Fb8v5@J~KFN zwfq-!O!KMq4`c>XPQ~es$U;TyU^vqZh|n=oz2@>cc+UrYb0vK=Y5vE7rf#^YpgO{5 z7_6$SqZ{9rr7nvqqm}2k`c#rI5|cgq7e`V>6X7%|(S1YtR?-rDSOoZ@`ER)SjDK=A zD}S{Ab=NYD8$Uz|Xxc1SBuZ-hPI&D(J5Rt8vTc8J=OYZKksDDZf>gn2EC#G!Hq7a@ zPA6ik=6LiLUc^(iJR-tH<|m#HfAv+^Gbv@nJ({)+=taN?nPMylYf zf&K|^=KH0U+qr9gxH_|tRJ9) z^BTfIs^I*-3F=BJuI1lJmZh*J_uJV!K16HKvZ4arBG_1t=t5L2?|iMLH@YL?+QHAd z2g6|mo&dl>s^EN1K*?$eeVna)aIA$^!Gigc;2d084Z~qdnSyYTDmZBFpuUn%yeXPzPn=S8ld+=lB;s2f8mMygOUe9fni&|RcX8SAxhQor=2H_ypYka`V>*GzEN9L!t&t^j<b05jxe!EvBu+Ql^9F6(JzG7S>V=Bbc_t< z`@rPfrD5!;^u^`DZD#oV{G}FSLJdxcs5i8i-@1$~-LLfSX!DT!ZVeCV>4VubDSZVR7gFWrC3q1S>mGPxrc;TZ#1fKgPCGZ~J+TP|ss>s! zgu*HX^6O>Q0`GAy%B=SNf5LJ8tMU>G`Zc|s;j^`nEdOxeaqY~7lr+-CDb5+x2y&@# z;_qH((9ZA_swAbsGJh#P0>}BU2v01$uDqHE z0u|bek=25lD3=4M15aq-IGViBxR7cw(r3V9yHV2}!$O_)yT(Of@6O{y`eORIwfS#VYfRSZjk{pCl>2+g zoLCv@b!|MbJ1Eh;{`niMi^|_>F}#2+XJmr0FGcftH|7`feUXtyL9Z}@eb9waqwI1o z6+!Lm!395wtw79!P}fk{xc*X$8O{M+LROf6(aTv_P_-{y{^%7ket4$#9{4+F<2KdQ z93-iuM=bcUU#SY`g6_a^)Dhi6kt#13d!WlOtNeX0(b6grSH9&+-5xPICP_!|p3kb+ zx`Ti0B;78v!m6|!p*MvIu>g_h#@GLwi^Vet^2jc1eByxCxeCT&s|XT4LAIIFmKt zb#UTG5feyVFp{UwSSZa17nH33fSvO|L8`pGSOYBf&bk}eyG&OqL#{D26cLQ~ zD9TGiy>&}C@5uzRhJB0jJ~kfI`a$4)6E?0XK1pajBUN5*eF8Ty7RAr_K&!5KAul7M z<%{bbLQcSIWe})paGX!8%o}l&-3Ltd@6RN0;W+swdIuKG5=tFA;B zS=wxs*9POdiQ>?UTP+>Qp)+a{T8z?u)dFIFBEQ$vf7MwkK$lpY;e5t%PwyisYHg3B z&D5pp_|-MQYF!IFZQ!atc~kV7M8Ve~hpff`_D+zR`mZ|61bEMn=a7)d`%NZZD_`Fn zIVltVmbC@A($+oQN6m?Xy`~SFZg%wCnhiC_m513gEsE%Vf>dXb0w-T#?E-79jc2ZV z>s7^uH(X66xS!@gT#Hr8_hF&0kYG{L^Yyp0c~UG|oN%0AM4Sz&&cX?*k#}kMQd9XJ zY>2w-xhB(M&H2Znoddt%`}cb}y)J|T;d$m$AvH{2*rg#hJaT^iQfE1O4g8(v(k674 z6%49gjkA56Maj|kzwd+ZF0__bOtOaiMSw2ysvYl}!WT2lFq|1abm+VL|D(<#3tqTd zMil10X-h#UeabB?)xhsO7v=%HRl^Sd;LF>ss{L{%YDo#g`H z7@Pm5zsE9RoYPk`Rw4Q>D)xI6DOgpEoD(qxHpBkE@a=8l3b^RNQ{`zI^g}hCA}B zY+#C~5q=Xa-XisvI*SFUPP9+#Dpww$bz6&Sk2bHqTg7=4Z`;kL$mxDwwF?r1`=fE$Ql}<3~Sm_w@K};~Uw_0U#cw;qbD`Rk4z|5+%g) zijUTpr+M)8^OvehNeZaiRb#nn!4OZD_Wtmq>>{tl$)OW;5A+OT?t6wV!9+8Z>HM3c zuuQ{zD;H+Z{1Kv>3#qC?(gJ>&WVptq08?T{AoNU~T%>JWKrQVK|F~&!F#xR8=7b{)J%{o6E$pl}=aN1d-CYO4zM<3quh9`OS4woKS6< zhp~K5lRW&?u+*;xjzfgl7f4l=v~-lLoY%d5fdkKXc5+J}ol)wWn4i_xgPtEt^{YQ^ zUDzB{SKLq^?Qd#3|L}w3{8v@Qo(Aae)bGmEm` zRyd5fM|(Y;J7(>;NE3Vy$MH{qaFA*!ch^AwpAYvZq`7XZtmR@y5L8p&Pw-#dyiMXzCZ`> z%(q?5)3@H2R@&}$WxdeZyS_(O-wCs4^((^PL8_t1$pOETJ4D6*r#yOsm0^)?Vg=#s z`|Dhwi%P~}lPJfVEG#^%^xbL^HB#L+n4b&OP*fm$kZLHuJ;95c#;U{Uf+D9QLI#a0 zWV?Yk85;%EbV}e6GHwNWGO{LUHGXba{6J@W1!m7$yaH0!*}bX4JU4}as8!+(q@a2RlaN6 z@}=94#`>%F!CcA{;bUf?@s;)Y-m&#Z#sj=5_0dj`KR0yQsxjdEV%G%We<9USXhA;C zqg_^F>DKL7OrI$Y!u2Jq*hDmNFI#4m;=KPgI5}YQ1<#UJMp|f<*bZjTp0W=#E~FYt zBdAWy+56@t8!67se7lFnxK!4_O+JzwM9oZI#ZrEJB>aVYLZ3PDI(Z4_W2j3A^4|I0 zeGK6sRZJX!Ixi2-(>(dQF0z+HP2ClSl3d~JCTgJP>vL>kr=F#c5uppmXx8-XaaE}B z^Z5X01;Rn9nD_>O1aJK@A`ysV{|Y2@!xwy`RF}navK!$8rA_Qj0wmoE};b*LWy9 zi8FVhvia})NE2Nkx^f`ZKHh=2)?w$7O|EVckBZ@%r@1A|uF`u9kRRlYw12adA(YVfWk%h#+CqcY8#J^MN_^(Q{!yxG;o^e#VKGq zcB027@2z{87`s-p&A{S*(zH%)(EK2)K)*(SI@ZfJ2F7@`3oG;uk~rAB0(}}UK)1CQ z4t{9!FDW-sX?Pv)kw*y5bv8eOjf)Wjv3`(hADUn$L|>svbOn-!T@^MeS;WBWT2muR z2KVXY)8W@vtd~QH+YU7%x(AO=1fi_oHa9$3$^;P0WZWmM3@o)arxn?LLaifh4<~K>F&miLJNVN}pGZ5jUd61@v zp8h8~N~o>%vgGINb^>hBjirg8Cdum~+HR>s%GEhG+`AuA>0tKM6Fh+IL8^Utu!4N9 zg@)e|<8}69?R?|b$#3*OS@D3@6aV+%y|hauZM%{-aR>B$+luD7uyaHD|4Qv+Nf^O( zM5=Vm9|K0i(0nn+3!U=X=IY#?(GUAdHJaVvJX}V3m~$ZXJ}@i%*=Fqq0~1SG0c>2y zKDN-fkSZOIL7nDASzT$L@HcMfq6C9`gaaY>Ub8#~J-wES3S5TTRD96QYWnhSX z^=F)e`Hg#f5*!EJY#PErs$vK;0$u4@L1)n`1*=A=RV=56IBCCzok6cVZ7f1D2K4X6 z9eY1tN=`-ZUD~08swMwf&ob!NI}i?16(bAeFDlbK{3dEjEa%joxYy$64)o=!kD+AE ztE)Pd;`gy&);}D<`WUm?NOt=Z9Os!KgyX6paY^Cb)=!{gm{oISBxQG5^&IW0-Y)6$ z@U7yRN*fSW)JMyEq_G%cyO52U!8YTh@{=tJjuVE+cO%s`?32Kb92PXMu`s&sCTx6f zIuW~&w4?tHsFsXHz0)|m^NxV`X~uJfq9zVQE4zE);DZiRyFG$AC-_kua>C8mQR3nruW#MVWD32KM zoNwngb06e-1G5Lq9MNqJsUFeP05WeuKRk7L`+F@De)DV;rB|NVr-OI6zo>gDWy}-u zz?#7{ueU1Lv{9O{_cKtBXo2iOsz;zRfESbW<16+k7?;fD?aNxSGO1S|xP!l1U$n6B z^3@l;2`hW?vW7Kc+;(gRZcl(bgo9L%z-tCo=sOOygVXwIG9;#2TOEgTlN$tiAbNXO zz{7mtmiIKq^f^8|zqG`yWehmZf7K(>LB`eXO{>Apu~n1O;Q@!{%*Z2yy{cHi!YOa7 zU)l3Alwy2fT<2gm6`@Hdd^5j84+k5pEbl~BWCzND;{8$SIwvBaJYcrVof zcx=W>KMsqoV&CIW*}Ku|*vA9I!9}Nn#)VXmSO+UbHD{w*X>?HLWE2bcKI@PJvEhAi zny9nf|1>XWcIye-(EGfi_rKnBYjD7Dh{9bU9He>#^Dda5-`-v;L7DdwUo!OI2YJx; zTi*=;+5+>8^Vu#bp&w7W#;t4W;sXlB50w$DSNs@yS&SxH8ed+P@ z?YcROukxTL+|aPl5t-(+cus;N>BOhE4_CM@v$J40%Pi)_coG7Di-{S7f1dVFy5EUU#bs2po^R=dD1&W z0Sr$w&GS>^^rFRc#%Fq9JximwZ(2{}kltBp4?=&sN-IPe4YTJjwT3_t`F?cG%mj;4 zeTmLns6lD1$|+dZ8)R#owF_xN4KgT3(dLqe+J62Vm%Pv}qZ~9wn*!11bx2(Dy>BEVSJQncLmU zL4nhY>``F?@s021{R7P03E#%J68 z3%p?c*hO);<%nHd47Fh!__incMe)`?U|T-^WQOr#Ty-pd$;f<#;dN2#@B{e0Y}a)g z!pUx^=ecP!e?XE1UT{PFxpFj2G8^yudQ$k%rw8%`r%=)<-Zj^ta`Ms=Ptd$Af9$Og zl{~2mv*(!(qPrPBZ~uyVON_;L(CzWIR_Cxew_Jgfe{H2~s2{Pc!}om}{^rke^OsMU;pgfz_pgvWNc9M?nlc}F&Hwbu7kFRf-SxQAv`$58qbCLAPY+Ga z_0U-|`7@GjD6#V|Zr8|)!|nNw@CT9V5mF#-+~mAWVc^F;DAFdTQA>i!IzyofX|nZ3 z|EO^6c%a>^D<;4<5r2zp02bGhu`fpOWRR*4BQ;=t7)#%p-SBpBmcSE<(&fDKmRJe& z;1?AlURSGTNEn>|ipyqsx3&E9*gVW0`)vzoTu9Z2g98v3wQ}a3Y4~m${-KXela&(7 zQSEy>c-KA7|E$FOuF(ajy(*YEWI^eZ)-B+mEXooo7>jO%a z8P+w?G@=@yYryDlR1Ds4zE|*hxkj$K%+rnQX~S^-Qhmq-krhe1cGCJ;(0xSb%?Bcd z_wMW$C5#}R&>KzNkP^J~QK9X5r*r2B(ZUsS7>O()^~%;x4y=Z$4Ewux&WHBv8~s1~R9}@ZmuQ6H{H6L3{tEPC)UTX!l5`1I%G9gK z`c!_?Vp$OdC95;o+dC{O_1Qqy2gMPWyTvUf!Amflzf>PYGC>^jOV|YG4!ySQ%ErSg zH61d`SNoNqr$y+J^|>*VgV4TSNAY_N{c-g$zd$DJ3F7^ORDEc+1DQZ(iPz2F z%Z5=&l;olgj0&~xUC;HKYyt{U?qYG zmKd!re*~iy?qEvK4bflhyVnN_!8)ueQr0jw_3?O$rTu-;qM77M%QF~GejS3Rhg5x# zS_Bb&#+Y!fctN{#8oXO>`Mq|5*1Ye*xjIPc_OPqMU*&SD}pzO zRDE#M11}5P>&x%;MM=C*eu_m8RFm8qR|EI5md9&iNx%L1qTrG-ao-9Vt*Kv^VL0tF z2)+bT^`Q=A$j3z630MYVj33>tmn{||sFo7gs{+xbxzCE9%0~9x4DY=inyERHk-KU7 zFV5ep52uG9Un$sADtYxHLhUkjEiL2eRYnxWRluXBscYo9XZ$)p>?HNxb+5V~xMVOt zd$Fk)xSgT=9x zbtBuMeKFRPim~6$*Z`9ES%Z?!N?h5tFDo_*@Lp}N&PecVa)K_FNh(uyISyCSFW=!6 zwazp!=EMHREuOQWj87o3S5h?;b2_Zd=5wFOzQUjmWcbM*08oAw;esrB#t z(UPB&Q%E?>0q-Ii6T2fyF+A>pUeeJ zJW(G0Wed9142@K-+k0eK%qoOc(FvqIm6VmMBPtK3$QJpw;Xyw!#FzVZY05tpYT`FjDPPE*}& zs2)W61(&Q}r-1m_ca}afCfUt!YD|lQeP^lT>G>2G4k;!g-h%9smfHg|T^0BJHus~> zV!ttAEUA&cZ^xe51>-8PBGY_QVI@y9>mT;Rm7Cz#ju;&0$`8n%Pm+2DPL4VGF6tnj zAgXF28AlYU>?Hn9d;O~L#~QzQluXTqL9aKnlX^;{w60Ewf=|0 z)d}GsRigW(fJgG1=7jL9rJ3--+0LwAc_cx_B-#w>SZeN|vj2FSjYqex{ zf#WzM;`831%-_$mL+B$|aTEndzeX2Wj3}@ay;)5??PU~(B|-kw(0gR+stiL@tciCV z@t@4od!A=79P-PE_o3Tw(p&ZT>z$WZLA-aQLIL+vFd8*s8O_fpU$ZS!oMeF)WOVO7 z#&MBau4o9UT4sZ?!zlGH7!HM(5Hzk^xai?FX3n;f4Iqwm@4ce((7tEu$3CAH!c=9} zmrLNidc%4r7~}iB9`CkEm&oE1s&2is$8enI2>-OAc-DXBg%UQ256GMdHz%f`3Q8V3 z7O&=*XUee10FC!diLNTsfY!IFm7$@BH*X328M@nw4#T13Kz#Sd^Zd=6kAjv-X26b= zS1TK@p%^lqt?p^#;fd}EWy1%nO3wLq2%mqm9VS4b^eL;-RFq~_#Nzk~q@yi@; zyZJHy;s&Z<`=)=yZJ58%E1~sxHtc1;O-vI9r{rm>l`cy2ws%`rHr{i)=a*1q?!s|4 z5pk_a`~&^)YSuFUTHujjNO2 z!tR~-$9Umko&(IQ55K|p#dSMGT&s(~S+BG;qaW~T)3DH(SiSKZSIHF=)W10VdaUuc8m29Z9mkY;&^chW)Dp=0W?4SYCG!UeH=0IpzAtcazkb5MG%g~ zr*wfg*?C;NmrkU-?oFJtIhsXYfz37@+*O ze=k3k4?0yk*H|-ROc~7Fh@yw#Fs38;Hb~VXP782TS+pFSt}Cy)G6!Cqkl zq8>Jy3nsB=ex}>+uc3>)xucT3MFqoQ!l{DhCxIzoQQNeWU$z}3Q_r?_^|N7c@Xkmc z*2jvSSjvJeey}=G=~*H&Q_~nKP^77*_;&X%%zR-uEKLIt&Y_s2g-BNfwl1ifc!u>- zug`|uPNwpQaU4yLd*Xq2c|ji!r#0+86=$90f^d*(i{dyS zB62cjqSo?O@|@;)nknaOo9Ai#IPmW7G{*Eizf$#6<~6t5&5l1@qt`8A_T2b?bz8*P zX6ZzVMTU5%AVPe4WtrDDr9o64uIaFEXc!K3~lP@u5z5u>FHoHSZ!OH0>iMdA{LG%R1ref?mEDqf7sq13U2bqdtt|woVEH95ub$?#y5ozl`4Uqw>T;RSi zkItC%Eflq8ckT6P4ubI^7>-OYF@%Flz|KDZVmF}U7swZchq$~N)^kxS6i0DG57}Oz z#uNtG8a=y~f?soobD7eEudJzw-wBaMz;I@C5##E(S{9|0huU_k5B%I~_r%oOJLDU( ztj`m+Rj&s{s1?*T!^lkNENPT(EV2Q__q+Q z9~UmGuGCc{?2z3j17F^NJY$D$B2Bi;(*<8U4{Kp1C5L_oD;Q2|hCMVcqH&R^j_R-_&sl{mHx|sZE1Zh{>-w#CR|UotjCr8d&oo1h(s99tmA9Q z9;ABK2f*L3_$4PkAw(GY!%WEm-+nWhl!^Kq$fi$(dx!C$aI8KIclK_SWH$+ng8bZn z&M}F<)U!H4GHd!8{gZmH4`Q+lY~e> zbwEg*^=wSY9;A9!3>7#bC{{o5>8`&Ma>y+@cX54jStv#t@Fmm=-ZOTh9u4N{)Jdxu z$~`(JoQB~X9o>L%km^}h)qn@`)uzrh5aT_~TZva6!zl||l`FyPDsK2^SSfavO}~4; zaPAYz1YND^fq!u%H9M0b9Hi=%IbiOmwYISsjw?xt9gy?Zisv?o&xy97WOZy_DbY-n z=vCl!_ieVM5y^bG4SR=6Hn#qOaFD83iSuCn*c)Vsf@TlK1733z^9uXxgD%UE{$<|Z_?%$}t9+ye1%BceGb zWB=*ilJE(;gn;J9aeZm9^(^(5>QxIK_`-oCE#=ieCyCyQu0?7YR;VIlU#7 z&v%NS@5aVnQ{Y-)CeDTO`2Tz_sRa*&pNmwznyUu>#fnf_I(3D-j411jD$in5^=B5K z!X-a1q~}x6rgab(lk4#{|APCNsQq7@zg4fY$H00f^pTVr=x|Ik?6{dHF+h}d_y-T1 zKO-V4hArklbtIYV&BtyL_cp~ramatF) zPGoq5aVG;iKkI*_@g(-ywNB8B0& z7jQ!Mi17x`Y1nSXTZ8@8)iGUh;cu(MMGRn_+bWM^So1j-C$ScHoTU{?33`_ z^XNqLJ{}AwoDboDapKbN5PR2R{mBM>?6(XfJQi`th`A<~}=r$_N zPw=jry}R7;XV_NdL*Vo40WMM{gV%fEI1)_|&WndtvqqY^C=zlYZoI90nx}4FBPPF| zws~TEAGcvX58T#lK0eDPeW;q#^zf@_RKuaf5Jl3QROem0mOIB!NiJ zwThLm1w~UAQR}R4T#oZcS)yD)H3e4squ&A+F{IsFVU;;2uTK#O(7p@uaV7?Y?p2ee+o}_meohgPcCrp7LyuN8@YSJ> zzJvK*)T_+`juT`A;h4!5Jy-g8|VEmQ~a{BXaiFO~3Q`iC7gH&I`>IYr&AO7swWY9^9RJ;>9*)eZ+ zb1lCWta44hGegyfF0zf?>ah0<4R()7+^h-k-}6x(?}_auxwpJaM7Jsv zcbL(*e*=aiZ-|KZ9$jiIxs_>H0yG!0QXD>b>|~$`d-Mu1OuNRBzRK%m1Lw~$Bc%#k zYa$u%bZIs=s`4hLqB|VtJOUcmi0{^shTb8G&_htaBm98v{cj(dlEFClfHS7-QVIHF z;C1+%yB7Apx77FLd>x-+qpDhb^%WfF;snAexurfnO?v|^6~rN_)zlV(>9d|**{8## zcsW*wFly{l!{~@C{GfTr z|HEnc2H7)*`Ke{{$Q`o*@O$NnUlgd&_N`<1(yVZ1Vtz;cx&e5(zLVq(!9S#wS5X45 z6en!4<8cW-hv6uAB6!QlZr6ezKpltwFE7R?4|AVY-fRD2k5)4GQw4m*O-xd=rxk4R z9mAw{HwUMp^xK!=`%5v$AF}6Bm#-~pXl_Cvh={Q4);;Vui)7!tzFe~@9h%g3LwpZ( zf#K4j(9O%ib`3Y!pc)90)z+^GhS_r;M8p8jK$yow5~^)ywl&xn9e$djZPpY9oLT4l zO-6Jazf*Hi(s0nN_d;#@sQSvtZbxrFZN1WN1G`Vf?oabUIB3ZYZakBP!f!nQKLHJ^ z>3Rc!r*tY0X}~qTPo=!nA>cfG<3~$U>aa<<#X)6sL9!loLV^RgXR!^!G3uFL6hK|; zcoK+`PULp$@W;iQI$=-aT;BG^-SwzJNt6u6X9Ilutvj;Te6D6MBJfbXtNaLHII6MB z5YF^UN8D}oVb3psho-~i@~kWB5}E!D<=@^OO|LLtP^SU*9;bTi)H#E=o*{+a)2#k0 zPeYEn;W#6k5DrqE4*M7AFTrS$A%SDk&)s<`AbYf%2rD5Guw&aX-%gGkQE6$msfl^4 z*nDk|4e*BJj3MqpTVA}xO;X1n3}D51DQlH6j*+4kVsH_{Ci4!{DQ#Oy(0bvlPDM$=bE?OdHU`?@Q` zpqi`m%ZC+0blm{bc2Y7X?H?>ywY4yN)CBh-oY?DXog>%Q$iESSN))#EU)(iUkB#TG zxz@GtY1Ceu3xiW>OmWI2$SFO03Qgh~MRy~cF^KnmGF6({jyX)`PWPK1N~R_ty(0p{vDrrK zFQi(YhCNuhr5osOZcp@f15Iqx+~&sC@;3gUWa_3>+iZ(@JdgS4==RpS6w4xh0m?fd z_j|ApA|90(Oxc>Sx66RG0sPZhjwpj0!d_@QO%8ImCJGBk4qkw-nDTT1JF`&p*Lda? zDfOs&x&sgRcaJH30?p4Y)vU)inrj{}#RC1Wg_zM@Ip=T&diS^28BB2LvJLvc{FEgH zy4cTgSlH3A{V^v0%prCP`Ef{llBG2v97DpFVIQLXGR(Zdf5;KHldGd8hF$qH<#ik7 zrWWnvIq(|B@Ww0fh#l06emBPXw33jMdRP&Lvo@##;hcTqR$?Y&PWT1<_q6biXn{QJ zZa2+t$72fH-!bj&(I8rihwH1Za@ABnozAvgl7r)C3>w6rN7}P#9|qwd)gQYa0p_*; zt{L^$frpvGvlRWb5mYhSV&hO^~~@Z(5pcO=`g z_$_t-Ly*a0>29W`rcRXU(rixv8-Y~r*Z}ZzpI?hr8~=qbDtjFt@9@S?6cbVfIF1jZ z{z6jmV^m<&#$gHYzl?6S|IuFhtcFHYrFv1#Ph7ig0eIbMQ4s_K2R8}Lb=3u|H)LM~ z`JiUOaK1mChQ?*i%>1VVli>6z@W0%-4O^9{#x_;OYi_#oeu$N?;!^=p>7pTP5BhPw z@z6`c_I=kghH^I`o)vO_zPmkyaDLuA6C-f_Y;n61B@G|zWU{|eRYh!)_G$V8+qT!9 zBv|E&12Y`KbS%jXwJ3qtcrQx|`sJ3xaeVL~oX1BSruv32swaV;TfuRxVBV?N81eSc z!R>Gwos8R8z-_HjRN?%h-$pnv1;w@_vhiZyPzd{99C7@w;Sdh%pZsC7^(KE@5x}$3 zc}Mp8w$&~Um#5dUlK}M_Mq7FitynGDiq>G5x4T!*rFk?X;TrbsF${;0GaJIG;{Sq` zz%w#ur3~`;7L8e-k`nnwRxn(0>pd|s-8+EFi)4xZm3TQ7v>Z(9yFM3u`pikXh5 zj-{I!!B^beUk{Qo@0O0O2br*su{Y|Bp}f`qa14*3`JwzXDYDd*D;ZD=;=Ki>0Ydsz zcgD<&cX%&-;B6O@0rhAuc4C`kQy48md}W_2S+gr{-;ILLGg0;ygwxU7(McakF@dK8 zcn)=C94)?IOLp{3mb>bVWLTD$T0!=ji&K#^GTAVT8vDzS$0S_Ia;&iREKZb%$QQ7E zK6?7XTfmYF#1Gk7Qg1vc`c2(TGvGAvJaA(iC&C)kS2jHyNhBSdr)}(-F&hLZ~GEy9dCrKe= zoZF8?=4U&gd;xNPh+iW1X;#eXmqg0UHn~u+a-~&EZqsSL*yg|T?8e?U)>RId`(Rv! zD!0x^I!$b7HLlZhFy?iW-fe;7yh7Z|+P1g3cCp>odBHo1lb*06`wv>+$%i2U6G}Ov z@5bgJ-Xc*#R*4Z+6GyCfVZQ5u@(=(=Qw`&+y}n7|F3+57FK+OL@_ zb;F|JO;4O2v|pGw0h~d~NTcB6m`I~5{N^6;#~p=b_*=ACSZy-K0~I@9_WMqiS%axs9_#Md4ao7=8gOGW!*H&m zAmWg9{=H+(%e2({b6`fdNaYlgrHJHZp1N06B$QLye*pbA^ceMV_SiFjT1=GRWF!=? zSNF~cg5yvj=Go7M73Fb}RDCR!c@_l~o{stirQ1FD%9v`nO)>L1I9Vs!zpyHKAb zh9sYZS`EEmJ(`?_ZN(LK&Wm5Q6@_r#yDVXTtoCQmeg$6K))hOCiGMpe%&~WisBNX1 z`Y=iW^_mC;83}Bwj%T#isaKS);}yOrhTZP~M;XG2iyqHfBv89C*#>rY;G2gHrY9`p zeFyQ;0hNRD_ixIfWVH%3vrSaiei2SG`?g__c1*2A7z-cQGX(#zzVqsE+LQi-?;s;| zzxR0%`K#)Uj;f!I8FGY8*{Ojb+ND)^KaWw&ROSA3x(|^GE1P@jF~mDX&JQUqVt#bl zb<{4Q1cXBf(znpF|Sq?f5wU*U;%nnx&) z!*QPILF398a^F)DA~D=Q0q1i&H|>F|y#)1yJL>61MR)1l#R%{^A6$JACz(VLE40t} zKnd$UYN9xGaIx27`bHk|wW&`eCDh_9yzrr1${grKM-y!C;iH>S zIK9An_98W-F5x;#6=S!~Xc@}U6c=ZcfoBKQ(Ydn`;0^Af?~mva+Lg@~o@0#5qz-!8`V5&UCiI09t7hKu~r0L7W&#+x(S2tKcz99tx3JT@4@IC`3A5|t~04d zP=-IuaUVXiKu}v;RmPe%1yU?iAev(NqV&BqxMhd~bg4 zp8WU}M3Y$pEyma1JTa(

R-Foid&Lfe*!d|A%w053+~K`MK=Pg}O;rP(hMrS+?J8 zB0i_0*MMhAa#wFnTY3n@=Zkj(ZtIhUcNLxQ3y;qOP8o^T&AFi-#y#S!C-y`|@!&hdX8I+UYe_UT>%z!f_OMAbUcU zZ;EU!(;P9p2j9J)Lhlj%bSu~LtHFxLYtBN?{dhq)4P`1O*2KrLA1(6BgC>?tgPb~D zVK`LlzaX3~zd7n~hc9_WUqNI=aE`D1Y$7aNJrB!NQa!kON)&i^3bn?us7_CLEXz30 z>jYHt*mbHmVK~>t>>wQBPlIla;g_zAgUSz5MI%R7nlk=DGSMXO&!4GFhUy1F9c$yk zY3?f=ZAT4ZGQWz_>+OdX-EbVWeh8-zHKqN6Yu?nDN;^(tX%SQheZcv&^Oa6?iRM08u=dHN6BaWiIF2WRM}#}AQIRtkb~nZnc(f<> z<@+T)&rc>hV@!w@%4_M|@c^sL-d4ijlEs4G;?c9FxQtA-A6l?Dn>e*q3S`f3y_j;Q zuq~&lEfA-jx_c6&CNimna&{an9n_D3wR9EuarVD*c}IHtZ0$j*!sSEj`-!1#Fng%I z5IiES&Ro7={TSzG0icgiDV5XgSp$8a-LUmB>XSCL&F9I$p4HXg<4fjG`^i35HVgX| zxkn7a{3dbgI913V&MpZuI!pKXP)oqC^A)=MxDfwdkUz^$>cP6n{j98WP*;Mbp)cv0 zDNNzwRf#M2K%OCm4$3bh_XW*YDG29PL!7Hw9LvK~O~B`$ygg5>5H>|2XF{?_oFGw# zQMdqhOI!Q?|Cww-FodND@9PEu1%Ac={oyUsV*0Ka$W$r&J=Q2Oeb ze$t|V5l|sWBnz++P^4T`wuNTtC+ zb?qRBZYwNfm3s$72l|_(7Nqwt)wF)IJMy6(wLQ>)pFeEmi_o|*_-=0zI#Iga&IB)u zpN0G^c+PB-Vci6E!KNJ*j(vQ9t-J3TBt_TMsn`#n zXU=KFd5F8f$wu^;{%iRNN>+19lxL@Fqh%e*%*7+rLP~k6Z`mMQOmao-)77^>lpPpv zcJ5?f>!rnk#cjlIFwsNya3zW9kA!KB$3FpnuA{;zpCCV;c-H2g6>WFXtoU1Rz?blU z_|?)xywt=ux^bw9EmNe?fDtyX8&0SYPX6V!(ODI>kR8CR;ql0O7fMI9qPB*@uI@=C zC35LX0f^c=@-edfI8Rr9&C~fZx+ukD6$2fHb2AO`y&N8nXFc}{>$U;$UelFTmQtH= z4SCVJ+0P29Y}Z9=BEhSX;vVKkS(oesNvtY2l|U(C`{(d|!OM@xgVc3P06xvM7YbKT}YL9MS!v2&VNykyD^Xb7U%${3&>(IEg zS`4k2Kh@szP63e~jSHoDBi%<4t5Ojv3vC3R#=;;v@M&MFO6fV}tW}#}d77%Uo_|+7 z84O2|5y6*`ZKjvEdONFG0O}nS+_(a*Q)SO4qk_e(FbH>@G7edRzkK6<0sZu$Llni} z&Gv^aBVPG)DKH#iH^hC~P~RT!5cW!Y79B(i)qQ*N^7b)AJ(2_1P6lw)<^-RDSIFsm z6$1L+=A}_OCEvmhQ}TUdh?jy~hqAW2(72Fllw;sUnaut*C$VVJ-h0BxqL`bsp47B z>gk#3dAfU+{mKrOeX|r(`CtCixE7!uTmFMp3<@6hPlmMI#WuCx>T&kVS2$wWyw5m; z?=aJ-{&I#b0!qAr(=BtnlmrT=5)))}`AVa z)LOS=+1qwr@i8)c>ANv8vG-W;S9Sl^2E++{Am%EGij0GxRWF$#3{C>szCPf5q2uCc zj!L(XpLSgl;@nnDcqsPT4~@(?p5F^GQQAc9o%KFn3!pf9R9z}284@k#C;mlCLu1Zi ziCh5Al^kn^Ty%;g**z{SP;I)9<0~il|Ba8_GmacYNg4i3wNEn=prC`)hLe_|mCzOz}e!LP=ZLhfcvi++(dPtc}n0ng5QLmB#ur&g~fbDd#|7B={+? zzrUB#b5D8~h+BnwPy|cv)z4 z@|IlP%>3X40d&~d{CtR_{m4ylI71|9C(N`cVsol0i(L1o9Wu*Bvzo@k(!W*^UF@^0_XT5%d6mR)_v7$CHsv7_VKm zrQl?zr=j*zAO7!qWs$#(yPn5jAd_44iT5mUK0S@lL92pf-E|=cnXn%nU8|e{=Tlqb zQ%#@ET~%4?$Px++E1JzvB=%Q)>W@jE-|Op_grpOWC#p1He(58jZ>dN>3H@ZT?%+*n z&r9KuhXc^xJFviy^J0bKGgPslS(o#L`MlOi8c|;2v43$Ua)G+9$@Uw_4XgJ+2DVH= z{)YCvr{4ysvMm|>LzG*L?bd@`X_i>SP1!d4N`Dp@u91D_qxk8UEg2-wQ@AydaaF(4 zkSurA;#|?kkweT(g)vG5ZtvPGi)|j;=~soCCFU+21yQ2_> zkcBxP=uc7NK6YK}ZyLZm;D(VBT#eb(c*#3t^u-#U-ntMub*F>AGRB@Dzsk#ixPH4m z^O@Dq;gEJnBsb>-%lu>j`NUU~_dpfEEJ#B#$G~wx+z8m&x*GF>`zdn$ScMCv)CZo@ z<6GW;>N9^pW|_?eR9JkSk3!+>aJu<1 zr|KIhLe*@rn+53DNvr9Ycv5Y@jSc0je}h7)x8PA;;qXAd<&jw!`)_@nDL-aKWp19whj8@)?H)-ul;ca!%bGkjZg^bIIXU z&*UJ%`!+wRw9yRJ1C0Sxl}XFCJ?17*VHGQ|{3%N*vIN6feZ@!lpL;m-;2F5ur0p`y zfq6=*(rpSZx0T6$i0_ibq=QZ;8afa3Mg9R#x~_-f6lXvkebYKQ-v+MnO0NTbWORDw zGZdC)RCY2>i3xN>)f^23&vH1^^9O5B!;`E>W(5ladZzZOy_H;z($Eq^u-ch7Q|}U2Fr?6InX2dQ}Gxu z1nGQ?f0Sd3;Mw;I$4r9r#XjmIMM~yTnO8t1ltLWAypOpVk2rMuk{b^flmB~Mp!<$C z{a3CcMNu1}AM0+BreX;h%ERm{9JjW}XPn`c%~W{!0m^ki=f|=50*NQ=xsR0}Ox6fO zt(&3^2KKMd1l1_4$5ROHr4Zxo4#ojdH#)EOK~Q4u%RRRc%|dm;>pBEF-vCSagIT2E zq$|XFd*{A`judAasH_2^D?h##?n5chx#5kEw_i={1u*3lU-2pAg?{EU9_$acgDV{c z2h?xm3{IuyADJ)!$!;Y{>=mL=JU$E{&Qwtw)-ahsDRpM%7Ld&MU>W`UdcGHxzSQMP zSLf!cV&ho*I0NYyYVWd(ksR`+s)f88yJ_qXX;VEzE>Zg1R+WlQJ)iy)Wgo=Od5@`Eomg zI$21(3b78fgejm--gpST(w{+f5ifm+*@g(wPOEh$hOWRlWv`uS|6@(10iyar)yBwK zym=Ebpd0u2Vd%vQGnohq86I!6;pgfxyvkdFnhajfO%X94yrW@!P?w+Yvog}38uof5Fa{7!bEJtVBk&8Ot2gN#Q0z`&LP-0s1n&3pVu1AgBLqzRxGfzlY#2jH-HmAejZ&Z+s|wk4L4`(nM`zlW~(DWKg{)c z$hob3FK2T}w)d$u-Ila{`4vtp=;gdawOr;+{f$9W2n*0Rlmsbby6@X%imzI3une9A zL#Kf#twcwlH7(}!eXptvt<{{jkr%V%>+x!J4|smBsjZ`uc62`afgm7%`ta=*Q-FPP zL1CLg3+w9b8Hxx{w`2X~BqrdOAqxY?#?#av*h-%uqvBV5I{aVGasT2_11B~i>LvKS zy1t`AYiRb?m;^e8nYaj`zE_#kmR{TXOAmKfUSW|RvH*8~+bf*T#KC7i;5CjPR;MzO zyWRu&Wluks#x(go75T#wlOCazE?(IIAUk_`nuOb!De6gt=Ep3X=qA^s`S%r07w?M> zdDbGmsU-|)iUtiRpw<3DXu*3Tcz-@eSydYRq)~l;1JqgFwVVY{a}ett*wA}51g&8Z zwlclOY1Mt^6SRtmfSpH=-FXA#E3e1U@Ut&1SDeUs$)pfyjqqf1fU4HxtB^S4^Gd9? znKp!lx%^Ne!dG!Ps9V188Rs0S@##^@d&cSRL;p(vJ&pN;5y(5dpK<%E>OrPtnCm5f zXplqF_EQy@7b7ao@s#gG%v*CPVo<(MkESfY=F=zkQYTZVS`ZOJVw%#!mPHUh(OhE_&t@|2Do)OX8{Q zR{*f`MM`^x$3&>)LrHi08)9ljpg5NS)kO}=c{->F5DBgNMjhF<#XWeJugEYfiBW1P#>jpeu$loV(!aI0rhTB>2_+gC%V1CVdW@p`=42UA4 z+G86nSP90{?>^VP{~K=%;lJpIg<&ZbK@t>QBfv>C42hmqrnsv0f+=`-;f@RaID2n4k={_%@j4t`!F<7CWUaaQNC$Fh4HoRW;5@52-dZ*6IJHN{Nm-q{ff^of{156 zQ*&(kCg-BWa05VR6^_;}8a!wBvD7`OMfm~mbhcv~;0@_hM+B?M$RFTuKQ3v&lRXX_ zKKFP3Yv-}hm-o8-hDOf)#<;nJ78v*bpIUoM?1Wew6Z{Yn(24&)@3qfzF`RS?*$h zbyYC4!TVYYOFwp4;eARe6Y;s>tGoG&1f_ zYzuKICRo~A=Y6E&6!NzQ-QoR3Uct<6rNjncSuJ2VLLa4B~U*)Yp ztFCd+IEpzcSbq?;AwyvS{l}_@961SHQrQ(>++yrLkd{x=8!S`$L98auX!NsEYR)84 z)rORTXwU2O;OgfW-R9`)AT_Eq#YL_vpomz$2i2bYJ8iY7@YC#F*TFd@12~d=ItnnS zi;eMdYAP!*m!UdQXs_}zpw-Nmbya<=vWilTPFx+h5vSP!MrzLs-1=|j?9Qz-vKmqt z1E9~BjL5ra^9=4Npn(5|1MB_T8Ek_3%FgS=FZbKr350a2>}xz;G6TA?6Xv<8H9S^X zZO|d+tS3yZ84V{;rH%gECOw~{hgoch(+XDOyHk8?`74|agO@s)=F}Kd^hBxtKU+Yj zvXFZMP6=FKwaf)LlbH7ZMUJ@YN}#?D^E1f5{w`CndQ)tX-j@ zw&;l@?)@t7AP5EdQun?fGb~NRG)oO549p}!J8iX(bpfH>@Dv2A(C4{z+dy}s*>{Of zo)dMDE*hO~GEEKZqj|9Zf8I-w6cy^3Pe9MQo6=0=`QkZnAIR#QrTyh2!njvH&99zK z2FCeoC_op@S@}KDZy5uP^A{gwlqJ9~!{wDeCPc!T^o-L#*FYz4F9zMH57fPf)C+;S z!li#*3v-v55%e*5>$(6cL)Ns$ltF>7%xSCMa?Hol*$;8wT%;88kA3KK|#ugh)|f zpK+`O&fP=U2fi2pnYYA4YUhe+RNl1lz$rGIxousmvkTy!$@f9%i2O|%Qu~x~=W^kR zo@yem^aLT&f9fF_@Qc9l+l-@un<+Cz-E4%-ZSZRvapemE*II*YX6mNN#< z1)0m6oFFiq-*)q>))na14vgR;ORsT!Ui$U8WP4)Y%|h)D0DZnxm6jc3^f}pY%o2tj zr`0SrE}Vh;91IT=XJrs4C|L1p*b&m0%GCGspZos)Ykd|XjeOBpyAG{em#k4+RM7!H zY~`}Oz3ds{OO!(&d_r=aA4$CivRT7*>p5)05{-W#w=HMW91K&&9A4v;zr=@)R=~Y4 z7ZYIdOTft{MJ)^Yb|4{_?kPTZ-e)s0J_yr;^`Y;A;* z@ksnevQw)2^|+Hwz3A#T=1IKQyUm6KKY%)ix(}VRcb=m&?Y4BRId*CZ5n|~;R}Ys4 zE9b1np3}syp&Hf(*_hgZSMjqD+5SsBFSv*o;~Ujo-@zuZ391F6tCXr^+6k{b;$62;h~9d*w)1v~S9}(mU-I3E zJCxSC(5~l7)xdn;`whQb_HDf5O|ZP0xNo*51R6eYYVF-eT2C$dIT4>ifBX0gh1t99 zl`bK4;Nbbp2g?~1KKETGZGs}8uhvhE&D{uFD)_Z{&dFDVTP$`l0;loGgw|o$AG!=N zKi#)!wLS^fSfBofj|ljum%e_p3-zlGE~77t2K5tqEiFr7tT1)!vrpvv?)^h{#HM#uXc{=6%LY*?K4gU`7sh=d)>?`0nn!zo>v|} zMDXkU)=U}_u6Fb`Z5Y@^VkIWD&|Mdj+4v$+?z_o~wMvJ!LeyU7>3e7h-o$TC&~IVk zA)z2KAR!*VJ(~Xon|v7(aW&+LFg8M$q>b94D0VOxX$53xV}?=6k`2Kir0!y1b#h=YOuPc3fn z|7jT1f06(5tpDLl{2x5yKiL01?SJ?Tihy)*YRi2gkuT4Z1)gQ4Q6={JW8h8>`i^EVUjz4YGPAYTcQp9-v*4D-?vCcB zHs&^_jQ{zS!Nu5tnSqJH$?Zjr&2#_Nty!aI@p&4kf;xO+b(OeNJ6JcYOQ&LFh9db1 zb7$C9zQg)&bf*6=(s74&iFOXSoQnmTaPh}MYr;xl*GG3~ zU##Y8A##TlQM#hX@*4EBW9*oa6qW@=<=vkPUSm~KK{?}+N2m0T%wC!@T z1G3qzUtsbZmCkL}0R6W$74MBc|H{w-N@Rq*E%-TF8qlcM2*@Tr=4KNqaEF2=KtLl4 zi2GmnP~mJr8SQL=gPR3GKB;qIPMFG&v`X5Ztok>eDh-+K|BCobN+C;~R!NE`WleR9 z(Z&lu0v4i45<%Fge8(8nfOyi}RAdVoqBW(?Y*-@bE>H-ngtx_e0IN(wR8y-p{hM(| zW-`DT8*jnsQ>lz2D`1Uz;{705sV3>QqnI}_v=SjdV?E|@6SHC^YBKg8W_B{r(=|324^J2~Baw%~PI z7D2#dy3Hb+<+?ZLW*A#qym@nvo7CC;Xt+4%YPQpM&4qv}^IyF7b%Pbaa+>8JHWwX}|<$7D@U4La$Ki6s=wByT_2o{Bn8M6vj~Rt7tlkFDdd=PV`~+0ShB& z)F!{tuqQN6YkAn3P5(YR^&xgxxzUjQ!`WsAzJh6JtUPmc5CS79zTeiOQ(f>I zC`5mrwLyrlcOCT1l!S6E+)V4OFhf6lv_BJT4PE_*oiG^KOKGH$i5=KI^t`##TgXS= zM5u}wYnzb@G;di!g^FWP5v;G?Z1f*utNg}f3_W;U{v|D?L>^WrcVq!lO-P@pR`pm zKIu$!gV}5jV8cwFh048`2(WlJ#OdFvF`9zQ5_V6P6

h8S5mH@)J}BtB#=$XQvGI zd&$yrn@MEAg6Ju7y8$;tSRzLk1|zv2Kbr&sf3L-?t+T}EMBtdsVj~1qIKRy)d*_#)3|BNge3(7OQ8p}8y>#$b)dIiWQPq{;?;yPb0 zHbLZuF)UTCr=W?6`3{}OT7HVTDaNpSzF;|L2C;C1fqrUso_87NH*kpuId41G?xck$ za_U_!xky2TM;KJ6#N(~F(smPdP80l0?EN<{M&B*Qaim1zLfq9?julmZ`r9 zrNf~|IC8VMA3ZoVFE)Kwea(*jCARsO9TpETvQ_sngGaY!-)59N(YQ%*Y17r}b>*Q( zzCU&_4uc(!(GF562eNuaG#Qd za2`%AuP*xhyCuKC_Hjb6SV9-HFihaGAh}aZ;=K7|#ta&QqR@PB-R1V%$8~$G|yAt3wfa5jx3*^^k%OY4a#;FCY>};2wy1^rzp@ zpjf*j^kDS}aU5joX`BeDe1*YUuvulkEhEX}&i9NveM6CGEb$Wr!vWXL75^W0Ah)ix zXLiL;ur*>A#Po_GP+*mRS*~)C443VdFmaP|F81)!XFgHiEILJn7=mLUZ-dPos8FZE<4KCbxG^FP=oR05WvbHvW1q~wrc$~GZJ%_3^THqiN{kEHTuLZ6i`WHZ)-L? z#O>|2OIxE^L1No*ty=oU17!9wmaP$V5=)p|0#~%SG2z|p_2=#tyDt8hS^Dbi&gcA{*nj-OZ4oFZ&se!jMLxe6Bx>8S9>E!T6az34urQ_J&E;mr9WExBkLf z^+#nRb?Jz@gwe4)LCB@+BIs!oyM@}8>xJGB2=&1qL(g73~; z9Vs$yG-`}S=m*Rp`=F<9>b%NBcwxs29du&i%><#wmJh}xmeL!}u!UfWE&PN7`@Ry> zE5ZS%RHAzkagf@3kG!nxmSd;FZ66gszxS9F;=S@|w_1Vx8Ix<=bmMBUHKN&2^W!=# z0Cnqay)N9J>`#0oWxLi}zyKRO8`obuJ25<3|pvg)JvTsU@xFD&5Z~Q)E zCJ+gJ>!;Sgn$3Zr9jnG>yb0bK+^LSx333T4U}4kM_@34yj^{V9&_vKf!8H633J(4f z1a&-bRsnuN=ssY;4-S~&b9kfg0K=vQ^ru=*XT(K$*F2T=x02l`#&dj={1ILi zk&R_kPZb;-97_lG$qG9;b)>tkjWVa9ez&B(O{}i_cY`;}AQ;X!(^zq-(U}t0wBg{k z>05fO-|Js4gF5cfT-7m8I-5M^S_fEeF<7cGXxqy;^+!M&t~ai_ZU%S0^U}8$6U2wX zZs3cD#7b3);cx9xh@r&eau>Q1Ow;J4z54Suw`DyYpgaoR$@>{3`=yL5UscF1rqGj7 z-YNO&bu@Z=Y|94@opIZ6IZZRV+^fKU*O&VH(>!}Jc|$uak~MibLg?#JQAA!ccaU_M zoKwMi*Aj&0b`V~jPgMG`U9tenPRX|_xghMQ>iNwR4^+NKN^|L|9;^FP2@L>*eqV*?mVCg>@>7_Qze7`xh^D-WqUDABd z8zKYqsoZIg(a>hbSpuSxfy{w2Z!zE1UCoE_TEe#ow^U{+K2$`dM=6($$PXoo1Fo1A zW4bM=b<{_l+GJ$!-#5||k8TyG53x?6+Gv^uh;yBSmkFYqPU=dmcnf!zo+G^N^*&u9 zt)d#g22ZQnZ}#-y&~h)_=bm1v`RUrF5y72jG57hyh0w=$)Pt$(hZ)wsXOez|Im-$ZiBa|%8LY@@3kE+B;;`5WCf_?u;%++vjstawu z+BESNqJvZHBPg7sW0rogU_+@pf1PN+rqypm_xdAia3R$$_FUK2+OTu7XgB+%_9k=fFLzP;`9Q*3*hgYynMC>|PulJ~;ZMG=auHIM?CG z5VvNCypVa6O6atpTu6qeLVIE`vA^r37nrDo(|`Sh@&3v!@E8n&*yKaHz%W$7@zOHa z7V10Gklq-}d zjIV+4D0x5Lou7n$tt^FQl4x+~vw8k2(iK2~o_O{i5DdmU(3|}ukzv>;4S`_b{wGRE z<(9KyV{t>tD5E~Y2Ra6^reGB$Vs4YoyPF!HBL=j*Z$sElu6MsVO(bTCH6e{uzaSti z|IO?jpZ(a(r3K}%wBGMkO0Y6XC@ejfBeEOSPUKJAnLbZU^fU!oU0E*Isr4@(;*HRJ)wjJDlp0A$4=l znFQNrm8-t|-s^M_7uom+(Xh&34j4Rrupi0#(XwU}<@)}sc!}SgItvg|-=CaVQ^Fm; zk*RHxva6__1c`-$gI=PNe^jLO|5Fv|=VArjFC3)??0wiLwM{q@YE02wuXY3vWRb4{ zEE(*F)1g8R50wHbQn9{D%TnJZ%+^=0P;OUI`^qW17l{w2E#x0*-W#s`rJttX4>ok| zvNG3fQ^M>375Q;AQFmV4WtXoDjMfdHTuqW94;JH%l|-{DCG0F__;^;vAUc_?6j|mE zY7U?*%h2vdLJc4bpPKa&wsmNrxP!E3SAwq+divc>S8ML?bnc~aE#ZxJ)rhZzTxr-B zPCnGMt=WWFqe?WN#H5(g|Ded(Lla+p9PDB(bLeDw$`B)}_=FhAADc&cxnno`Mtr9f zrVKo=;LhN9AGymJ;mXsMKdt(rRTd_?P~LPxrgoimD-_)D#f1NeW3B%e)u`Jqw;SBj z-a1{Ea9~A#L`ck1_u*MJ>V8o~`yL31>R4wWo& zXMCPy=AGFIHh$9Q-4%UMtxn`x#%`}L;rq~YBW8@9mscUJs!BBJ#Nr_fwblahq0#Az z5oNQZrg=~D3_fodDzh^$Em?U58BR5mJ;_THl6S=TCq3;4k7z9^t6Z?oBEo_ zFc9?{TadeQQu5)!a{kHWhOMa22sff5-7oezDt|@M$;0$KA1n$aUQLe+e}W83XHXy?Ilw*@MEERU}Y z6wm4ye1JGdGS29p)zNx?bNH#N4E@W#^Fx(7OU@QZ8%yvoS(5yzw$%}ZwP34hqVVS)B$&f{8@op>@IQp= z#fzjLEv7vJsKia2DAv`D9SrmA!fCuIX)tUIzS3A*!WSjKA?z^db-RQMt2q`O=C+L) zCM89T4nDE|*zPcY`zA8R%#DAF5xbKn4-^XVzoJ8--|t?+@7xfEHa8JliZOU(u$J;v z5D%Yf=G%gt>$etfE*lpUoR^2Fc5&M@b7R3pv_lYY6Lxy5Yt9X|-M1T#MZ#nX<#1X# zFUsaRo>b*@N40y&-)@P}L&9ZL9sA^~o=!jb{wNL~(+C|h^xs+VS^U_XG`#@>O{^gU zb49U)kQ6mO$kkaVnD@aW^FkJ}BFhdwQdip82mPs#q@o%~ar{BW(4D^RtuYg6-toEf+J9pvTv}hI`~x*f zoG;^3F#UYQwK03UGJcE_;sQb)xZ=H1HcRgCPb0hU5DUaYo#>uD}f{BX+HQ#IZSR|`? z-oTMBui}FR$j?~fkip_%OJa;iH?~FEcbtnL9$`=#q(bUDKTeLK*y)A#e%Z_E{OZnc zHyeXG+JufONKT(=KYK5wC6pVAWpn>yc4Hu?YMpso7^mbB5i}19vZASRMCPk^ocdh+ z{;-pZ!IsyvkVSg>+GT$zBj^@lJL;sn#W6MC-pmc6I9$wfMpYSKDJ9DWI#~JAV%mC; zm{#0dLW$EYo9#!>paB9|{^HsBjWPF`S4@ngDxK_GUpFF`k7VzpzD?q!jHl?pZjT)j ztF-VHy$RN=BPr&Cu54cXc3-lcmNB`00+-Ge&5P)gXs|@iVMP*EX`&>scUUvPr#ulV z=a`IbinIPDZ_22R zFKMz^-}~H(oBqaG>&h(r2vJ$ndf($?e}J{drGowOom8Yhx8i;TvG3#}ZH{fPkl*TV zqeJreQfK4P9>rh;*s0)=S6J4Ji0(SI3lnbDN{6l;u99X;R(qI?WGKx}=P^M8e44dFUNI^F+empFd!ryrcpb+D zob&Xa_0|aH`!Ek5**$jx&~mPVhLBCrH>r>DiJE&MJANkrDGfvh9ni@Z-S(5iAO$4C zEAm(V##<%0^ObwZ=wzxsyGJI{RxpQjtM3&GGFX~{<(XkBwQ~Cnx0@E|ojO{$9-~NH z?#A|;1sBt3sSN%aZZ7w|Xhag0FVUKV(Z~z}`t@`N1rls)H=_hHiR}JDWPjFzQ|eA9 zCseQhpr!I`Vt)(=AGxFt?u(BalV7sVK{F+YW!`KL*TWcQ+(EN2(IH1^jHX<;t(Blv zYRudZdL*=jGEDh!AYe|ut5w}CznA%AY}ntEvYUSu*2sKY7oj$`xu}oV?hAO|)Xd-R zX{^a*vuW;YQv+YdTgx8Eb$7!@(w240`OSp=`U_bW+>~@&8!Z+4i}s=Q=_Z8vAIztN z^_LbT6EIkMjO3(t7b5dQlCZVmMI+vigvibEo~M{u*G5reI41#udus2M1`qdn3yKcB zJ}+MBb9l36e1%~VJd0WQMLo&2xfF}T*VMCv;1xl#Z9-p)EOmvkCZkp!VVRTwA|c+6 za5@AHY(y?)qdOohBbjgUdX3;)d_1)#P3w^fS#zMG!`N;{q-|<9W~&&A9xS&cl4?`2 zf&iEIjc>US?~Xb5;VRsWRf}LPSFaw{bjwi_k+vR%WWHSy>^dJqMx4KV~P4EK*&F1a*h=ltTV(i;j%S1 z!Tf97UhVuTqOY4;bOL?#LDL)p#1&jYv{kb%)eeDMeyE~AaWK>&bB{?X2^ad)hL?%^ z{`AkjZ4oX7(s-8%`6$U5DyiT5$6EuqBT{5X+KG+)Rx{EWgq+`&m&nwvh~Cc{*lcKh zHm`~Zwu}{f83$b)$KkhGOB0oW39c zStiLimGc<8_DrU3(*xVocOwm56v)9-A$;NNB%NVeENW)y49XvLC4zXAG+FeEGXHOOcALv?kq$D0* z@6HAbs~$uRg}wHN9sS6BP-YQ6BcVw|wbVq0Jk~V_jog0rK#*dl)QUKD$R!W7>{> zRw56WE7Ajwm`nA$!QH%(!*2>wE+fHqf9!h=W)WG;x1bz|!$Rf|Y^U*@J(bMxXp9Oo z=OO$%GXu)uQL(&M9QmuQe6`ITh)vrqLqn7vl&v?0yrGM!CDTZvTyIE+g>x!ZPkxZm zxgteySSczl8OtYlDBRbk?nR%THI{>WpmZ+_ZpTE4D&mCG_1s`l_Sz_k?&jOGUzMcb zO?p809fOPZp0V~*nM?M;4Za&>NaJ7Tpv96L2vH{@RQ#o*^6|UCX*YQpD-RaBuB2Mi zhD^PmdRyktw~y3ALAfD_np#&{Bt>oO279p3mW(t9yO+QRp(@o_p@@^RYw&+q*(?OUp8k)0#<*t)9i0uFg6-PqI6DQ!oo&H_?``oie7g!fxqw= zwwjk4#eY;t7aDve-dcrq1lf15kxa#Q1eb235J}_^`|XA}p+uw&@YRAG z|I9(pku+;QCcX7~DYYPUuc(W3oRXKU{xc`{K!fU2mf==6j>M0@<~Sa4cUFyjb}pb8 zjr`Z{VZ1y0>>hpCF3DA?q%=FCNRQ+NvvNx?26XRJT89&&y!=17GF__wIXaKqKlpOW zkHNT@xC7~H8djmBC5O2oXA|*cI#mG93vWEsr_hQAwM9rMiWPj+%ZC3B@0}k_pA;Hr z;qEV5T?)05cGZn^xhvIUtoOO?%ZIgciteNYHBxvQeuL?6snY_)TXeA%&^h}Abe-&JKs=w6k@9(Y7lkO64xoThkT@&(YaxUK~uq0ke!MjtTZ&_K!GY#Bw;A} zU|moCHG+Wc7E9MpcB7|0G`ONx6vG%nbxG(X(7xWLQwDn6riJ%!q6(9i^r){vCF8I! zTrnN(CfyhWxk24OgFaMlBTfyR3)Z|@7y|TI2{5`CLK&L;lwUU8uI)RBJ z4Tl_NNJMW2-%>1f03}jMfEHccT4!A6gXi*^If4+K5NI7Ts`yAz9)c$V^2uy>feM|t znER}de=NhDv!b+b@ow+;n}`MEN7K3zi8whuM4G9**1vUDAIzAONfCxfKfYn%7rol% zLr`VI6c%k)b#rwqC^_6D&{Ra%ByelA=^;>fBbZHSH+s%T^N@%5h43L~MlOL4xC#?K z@H%NWX{yxfkC|=!YD^4#I2QfQddXBEev(3gMe$#`(5bzlbk)W4f-#^;y~RWIZ72bl}%D)Ib_xetY5Ug&3?VAAef#5e18 z;W?q+=znVNVhx>@9&l#&r`Rj*t_;8C_Y|SzsPP(j8sRLsy-sU}!f32^7G}W}NMNZo zLtov;p>5w2+On4%twd1GI71LM2(L+44uji1I5kH5$35VlYY=4ATVF0Mu}zVeTCY+T*6FYX#rbYRV#D{ad)qO0DMERf?+k#(znQv2?8pSN zB+>dGT-mi>CG?+>1z5dxi- zIh-vk3T+W5H3G(iXRaKsaSH8i&oMH%=X>#|#`rFR(8PptG*If&zJK$yxR(Jd^!uk7 z1Z{mWBvP$@(3tN;ALGexSOTTdW25l>3O)S#Cbm@lDap*eJ%mQS+?%YsobQqwoa}f} zxm|Qn@=j;01(76oS)5`zFcBkXDwNV2Q?)``E1$vf@;bw9O{N`T5<_v6i}w7rSDUJ)$W+TbA6X1FZ560#rMZ z?p}MRP7~ZlUOPY39f3e4q7aYY>P&x;vmd?**XtY{XAgO9qcX&JMC1F}!|0k@mB|+H zX3?H-dGVK8&2Q{NHpFPd5;Gs8;wZ2dkcMd4!6O%|p=I$9OnSlTPL?S%LTYQt?BoY* ziMXUBg5<*>i5+!REwHM(+P5_s%0km|`G_XjM_vv4-5uf~Xg=b;3w+v(X`lK!?J2ZWI-U ze=Z9v`Zd#kXP=7V($%`E(FnjQ)(U;OLtS4ZL~NN!R1a`Co3m9P=< z`NrX@2;l%EO{27lvqF7R3$e4l=KUtug2J;fcJPkdf%il7OBVhIDWuGcC`SZ`??(60 z{qL0XC<$wj+ZLT&VB{|s{$51FZDwi=nr_br$EVSg8emm)ps(;)a7~@P**wH5pb&nN zWk&@w!C~o&H*@ECqprK$X+mQ3T~{ZTZ~Te-n8?ab5Nfx$)LP1ZwpGfOjE>0naqs=bvGiGZp&Bg(^IZ9`!In^UhXj-l_W zFy1^=J5j&iJcH;s9FsAaNe?tK{g>MPq2t>KltxvDy33EBiZb9Ct}|wlAaPvl17@u& zZUwl1Hp={xix7E>V)<27`mSD?aTHa}>a9tI?6BTH?g9V2xkz0Ph&{W932byg3!5pZ zybtM-d2<*qx9lN~H4tvXDF0L>>B|bPrD&RsIY)}R4w@+3S6>VTedvyA{zSPgkEE@v=Ouqj?+RH`}olxgGkip>V3|Cp{H(l z^_`A)qx9FCde-3fI$-{u%Q*C*`R4C5;y;mTNNw%3^-jvkot7wxsSV8f!{pk$Ul1?f z+0gy)*8r-;$fVMrfx7Va^fo99kTcT$v`-M4W>|cLwOMQFT4WGSe6ChFh;Q8!OQS2X z#nfR>E%H9LYcH`%iIfvMNs(Qhd;u?3(`S@gax}@*%g1KUjSe63Jb1&k;JBVpn{qoY zl4G!A#<`B4mPY$i3ep5(-|#5CBJ|MW;AiCby9ZI_rKeub3XdM1h~_{A@wQdh8g5tr zXZQH8Y9mmS@k`}596EN_TVan-!cRy~W^JZ|!o58%g$$;;9m{FaN5o`h4o*d#wsIez zxCp8&9mlwvs3nBpKaYVAZuTs|qlJu_gf`Ysu`kR-bbCE~@(XQEA4Wc`1Ft;Q3lLFQ zYnnsplxd@F+OlZ1-N5VW*^dIj%-|<*A7X*mShRM69cZzS?FYh+4&o*}D1|VIG4k$u zDi4Ph)&&dXcGG<8kIfh$Js+_k0az7T#girS|x(DP?RV(xJ6SgGjCo= z%~~9mM}dl&R_(Fho*m9HxF- zXWg|qyRx<3*~zgAdDdGTmpBqf92cqpDVKuTYuDf}gaJc;W>Z?);hEOUXXAw?Z|J8T zJarYUc@rb+uDCjz?hH04)Gg(##USoserFR4&-m*~jL8*HTZx~4zN|15MFKn31ly_h zfy;$=`k?#GD$}6A%kRGW{h(DOZC$n_Pqt;fguhZ$BHE+tubyH0LkZdJP1M`J#qMSI z+MSJs_@1_QtVkuI{|{AX;ZVi%{rxMQ64KI0iG9WzDpJx7 zO1G2>NJ)v5&+L6Ze%;?6z>BkcXJ<~$`#68AO?|&Pm4NcUvad8#^ZNfO``WoUx+DAf zZM*_JeB8PJ>y3hTn5+QpsS&;_&lpt*5pS;FT<{|gPG;Qxif=()=d&+Y+#|K;%U=A8 z;=Oz2)5=iE6PlLJxQShlyJoek*YtkT+oSccCQ>av9z!j~wN@;C6EP}iG5D*40{3m) zZzA{k?(g5wH-wc+XB`K>R|McWF)~Qdv=Jcad)qSaR_*5aI=Qake5ap`%n0PnF~s_2 zN4`)j6O)LAOHRI{Z@HCr%QKth-31$OGFKswVAUMtihI zlF4!E$&I^mf494#vb!vGBgNT&?Haqu#FwkLmY$S#&_|i-t4>U$C15(IIO!p7Psx)> zKZ|RmAdEV18kepapp^@X7qi1+B)r)mw)!TgN2ZjTMR6w1crdf-;N4!1CCax4b*C8H zS{`c@_&6qVb@@%Q66Mv-b+^Ux76!a3$m$r>+`X&<=%rj-tla3uTwSg12upf<+1PXW z+E}?lw@)PE<p2VaQP=r8Xk|B)<~w$*?|@XdTk9t+g(3?-J>CBC@Eu^28OdKi)B0 z;%|)=6k40j2ErPqPxw?23Ovuy&WcL!iQj2@bdst34ZH1IKtGZ`2Qm?{+?X zin)gW9+53YOCiX^i#a9P)$7fS5-{!j5L~F&+3NR{3tS|4WE4{`^sD)`!GUlq!2CA= z?(Pj7qyWp`L7#Ibh@4*zQYKG74KQCD`9l0hD{H4qsT(vRN_J`0+A>wjV?V zY~cR%?AuSv*}?g_esprbF_t*6Kfm_^>fa6MkFxxg9=%9?^7CYwXzw{zdJT-DJU|a| za`6nq0|FYzkMFx?{1cIi!fcDeLagqbZ~zV+>KWt7qWUJ z7o~cfAY11rJR3demjvVJH>*PSMBDJcXZUEB;|X+#pX7U`%!eN>`atF0rbIT#(rsg@~(I28u=G$!lr4RKB2YLTD8W0jMqw&}@| zRwN~lh2GQCgS(e+=dACdiQaT@V@#(%rsMbeqAAb|<8*y`0dWdv=|1Q7%rm8x0d>$? z`2{?_-vyroq^zhN3L~ESzC=fqbX@&Dt<-@bs#$6BV)QC=7PH$3HH`Da=Q_k0-li*9 zsefNt`ySjkwW?fJQx#d$xlW;~eaxZx zB8NR{6zjwL)Z_xU2lCWAdPt8UwbH*FqpQe`(CLLS>yp$Q?m!$PREEbK&V+ z-ZSfW8yUhti+R!e9!yFoufjFYryd&WW z7gx;#OYFWV?6juAPHZoAa5p}M!mS4p{g_5=C_E@^mNPcnKlmT#E}=eB6>akLbRmoT z?w=x3pl?w-74b0Jn<=eUpr*0rY20po&N9#rKzSV3ZiGL>|8P-khcxn2`VT@u7>7tO zAF}7jndM1^aFI6)m@AUJy2Vs^b~agl@!%e*)}HwX98^J|UDA3n@lIWs@p^Zd1aE_j zmQ$=8q?+>I`?*W}m>1%Vi@ib5y6oq()&x@woK;zPoyBMnxX(YQFc)Ct7taZT-@Wnk zE!U!@KC1C6d$%;w=){Py;Lml9Y7F9hqCDD7V|@|d)eLk^(hFXlRLVSKbXj-YC=v)# zx!tM=REZ)aobPdY+k_8DhaMi@>2IRuN`u*R%@VnOUT)p`OqC`0{Vuqto~~1e8!7E+ zL5S;e!Fe+e?eb-m1-JztCv?RicHGMS!rZXSWpLa8#j#&cLLA3z3l*tzC%yCm(0`2s> z+Jd3b?f$NAqL~n#v3jS!JzqJfMzKJL{#PR*qKk|Xwj47Wv5w%iNmjwZ-ru==+ zd`q7pP7_~VPTjVqEyZ<2$zY&$Xu8L4e`mFViA(mlXxV}SP}i?44P_p_ewdM}bg95o zqnLY*FF^yw;g3S93Edm5pjojwAFl^0qqoFgtKRA7DO=><<{5b`ke7H`<|`Hdy=QQZCe@qswEF-`pE13_PwmG$X4?2ky=a&79hJ;>IbuD zg9>?m**^XFbbsVZr79UX2eodSa6Vs(g$&>x|1^B+%ge5 zeFF5tZ_oF1+j2@uZLCRUEgE#T9je_sI`hTs$QT%w%7Kg*$X$3MpuXFdtfa;#Sbd&A950jI zc3Tc&nrNWYV>n4a_x9d58oguvDaA07hhKEw0dH8i=F{tf2a7(Bd@r@@oy*L~oz!9H zj`TF^Lx^Kqrn#v7PBBzY7O2z;D&iT`#y))ZLPVuwbk~HhbDPygOnO=o>CdNs!%4Dm4JU1<17Eh;fbOBg(^LE;zAIjfo%9zz zA7{a|8cqQM?BKEjhf$Je9K9#*Ck^lhW1771rFIa0OXB~LVJwcs4FREX0zM2P!(25qF_E6}Txj$@_6*CE{h;U)Z) zLb}tI%E<~*vY7io$%m-jU`O|R9)0=26+RQEFK~_)QhhEh$@Mfz>6rvBBlu-HNt%wS z>m#lfn`8!RQYd{p?cuD&mN8~$J>r%-oSJ+`aE?(MWY3SR+0gab5mOdV zM9Jt{*U&_prC!{pn^#>#8Ln2oC0+-sp-8=urh77x)A+NI<)8;jnyG&@oMUnu;xL${ z#uM;7ozwx-(lhdY?PpIue)!GQQp|a@uY6tm<7>zFGtV`MwhnI{UVi? zP3dI!KVtHaVfM^kc?;Q7-JV-5zVWml6+{3IbDLBf$Jo4xYig=bc?v?ghDyN{OM-Bm zT-n|HkmL%fpZvcw{LMf1o4`4DkgD&-IKp|G!ACER<$+9)_eGe_Cq@+Ia{FkOsW&<~ z&o*9w_j5zWyQ^91QJm(WG7(pZ)cp5IO*lt11+s^>U2sN6E_!{?15qTBt?<*sLC-$r z&k&ucUUhGM9v$#AUG+1o3g3`|R zUb_sNw6Hq{^})JzK7MEdBlIA;v$Vd;W>a)^NA=-PBFV_KS6v4$VVpT}q`u3?vY#|d z&Udp_#DLB>!G%1glJ%^x-=d6Buk(D-)WI6?$JU3BLedSt;Iq;YMr&Nzq7S3lhjZcx zAbVK-3zxiIV%!{5!4zGI406fadg4NnL*rLGg0o+^*_k7X^~O2A`%8Yx$EMVgVEY!I z%H>O)4d;AMgE*1y{q3~zIML%EE>M^A?YL*nAdtwEw82|`dCLvQ2h3=hEu=haGZ*yk z*b;svXJ{~T;LHWzpXcu&Mi zHowxQ2^4aSU?n&`!Z_&zd5Iqn`R|xGb{t7Kh#I}OROL)megfxUAXQk|OFohD+`G#YaIOW}^k5o^9+UnOBqp(-T^`fzlgm1AkH;q^C`PjHUH3S>{j z#{|ak2Lzw?5`dnTGyZjI;cWlgRv2&J`b(hjFZ%BRtzpb+rZN|aLDAcvsW}{Sf4-p3 z{6F@%=s=v#CEPdOdZ&LdPY@-s4g7zwiUmtEa^s4st)7ycDVb7$xO>EHq)o)etBB&N z*zYmL8Y5hHNNw`(zPfk^88`7L_9O*Fmt8b|0aHG66c32qzM9+0GhYpt=?`)Am6-ur zjUw+*a`3N7hR$D|<~CUL#1^}M0OuGXRqSLPHNAh|jSy}7j3~fb^(WhV8~F(hon7G7 z*3tDh>uBIz~numV89C>UzAlp@sDsNbjJHxW(j{h1Red6~m;W9Xf`+=v5XJEAG5ml^_@7Yl|_tUcH))dFqCNSPCt-6d5O_& zIETWG9xH4sau+}4RBRd>##tss#yiaZC!r(-3$;rKM9H{)Jq6*^{NZ=3JTDGh9j3W` z_kJ+Lra^`EVMwCe11XBEr09(MfyrjDI9Gbv4jEVS@;oMWpwD0QW&o;suII7TUcm)y z`nM6uI5Wn2g%Wo`mJ_`s?@eEDll*BLCt|u)m-kij8r&Y|N6>SrEEzJV`KJ*5ehl&( zdr}p{@r;fw!&H}+u03uoVm08@Hy+kmceHvg(9yf1Rl~LM*0-)57UxQ@(t1OjD6Nim z$0`GPMlhB2Hgmp(SXqL3uTWa%S*Lx7$p>r~M9JJ}UISL{T`w~^P#%Mh!Tv96jd z4ccF$+i7MC9r)#y%Q>+3^L1tcvS+tkSKyIU?#c^splW{F8YxsmDf*GT=!-GFFuDMF z+Af%l%HY1^X~$N)#a@mkd3KKz`>TmCjPotc5aLK~Uf?blQ>4iAg7OPV+r6ddo&6IV zkMu;!ABL=zG^*x_91&$!K|G(>bz33HW&z*W+ zrH9KpUD^jAPb)Zmp9A$(6zhnuogan5fWhbOW)Kh7nM*cP>qe-~W`89Xo9{vyI&g<^ zHaUeLPQgU)8;9w2hvQqoGc71Q>n07j{w^>&Lm7j39Y4Ow4^hM;j4zSVz1|NaduTBAWl$kR0+GZ<#E;~@Dqr8?j186&>xIj zpyD1?Cm{$MQ-N2ch`R0S8@R=(Oo_AevNP$1qZcWRv)6Y9aWKh!mJriJWK^ZVv#=|+ zR8I3>af%BTZ73A0r<6GJ0=sQ&m51mW9m|9JxtqaVlWgr_zS1zx0nP@*2}lU}zVPuK ze)}@W8&3uK)m>>heN88!dut$+Yf38ue5YZr9x&1+WZo!|^+w;cwKaaN7oYKuBZIe# ze9tF^*?mbZqLV1d4 zb66bN$dcP|E_d(=VH~1ANY&-f>M<_MAFF{iUF7wJN`r z&(Y6s_f2Vm*5^PXm7UwC=K~HT__4#@xsv44F#kt}&N~R=XnK7Ts50cIe+Z`1i>D`i z`5}?E>G%EC*f4emWAC8KFj(a@C-xYxRGOqwrCI2-+`Dd6r&Gb~VL}UoI6mArrBiH- z&7T4_U`Mkgt;=vV0j{53Bxu9M6E>7eAdju1{3^P30FOV>Ns6$e4YQ@kd=i$IkntX= zg*e61$&Xk@qJqy_K@k~GZT!=^O^^>w-;8e1=jLNX%tufs;{7VCcK3-x#D@~)wEZ(; zon4|Cm_2y{;t*$NdVG-PN6M>6;IBsdip8WC{9wonvO2TaASNwEw5x-ue?6rcrpj94 zQ@boA!Ovtop9s<=!8nEU$hbT2o?Y9yMk^bgCaB~Xpf18`SFv!nnOn;G*o4tN7CE0gTf~fb^qQaPs0WE*$AHfH6M1G%E7DxIt*uuZbZQL7WKUQ|n#a z=Wot-GvmW#b>EvkWObZv27b8hu!%+P=We{!)@kckgl&q}HL$o_W_j5jhyiyt=7^)oSSTkD02YxSd^R|pwhBmub{B71ri4l`KPlVFy28DGJ@)$dpNZ9`Fb=8>GC!8w5jTq+rt2sG{KMJj zzWLV+`)P>rq6B1v^t#)~GDbml1n+ekWq~na;}?pJ6?^S_I3HN;;2bApomwdpk9yMx zHD#*}OhX7dy=J7!zWR2a$d;66R^)@L5XdKd;GvgwmD<>@(VOa3Mxd@!jr#l_dlLPi z=h8V2^YOIko{9l}LWhRb$~A2s-j0Uzc%Sy4gNKRT+lZ3Q9+8=9)JRT5nRGO{m%SS6 zrbZ*o9yE$7h=cMyY$l#MrgI*==YGDN&#CKoL|-DV4iFP7c?Jl3sDo*|c>3*jH?HYl z*K+)@_E>myZ%cm3Pn_I%HpGyqfE zLX*yGFcwV?{2g!NK5ux*u8RpfPi4_s10ha?;ThKvIqf3X3^?C8oB|%-^sHK)^U9Lf z5q)IWnadAE5 z*_=>vxUH25C*M6z7zfLi9O5J?cScmvdYWegp;~v*YhNBl2ll0<^b`tyGAODTU{VIV zQci}?MSyh)!RK2m@9(~H3Z_Va#b2^mQK}G!JBt+S`8O1<&Uz^Se3U&I!+PR59i?ZX zF?7Ml6=4jbj$?UZ88%K~igA_rt{@4H#;0@86pa7;I$5kF3TI+><8d1+0jltG?9vwVd=LF&^9g_N0ihrKJv=F||=$M@o}efh#r^WlV`VSTn`@DUs*pptp#b%gB8# zE;7v1J{G&M#wFnGlO-7E8Xoey$S=uoHs-&OHUZMP*DX!9F;G>6#}g(nQY|skm;>5# z04F;R|J7cyPrKuqnOh9;Q!|elSbb3T8X2<3>b7FzF6}PM;pGo-k_&zHbSf3hy8Lm_ zn&NexOh7?x1njG;-^0%lG-ieN15e2BWxuL_oS_D@hr1NHencH(ji;UPDJ{H#-hAXy zHhy-aj$gJI4Mk^4*%LEza2iSf*0p#~TGps+luOIVK}Tv(K{F5IxIIAn;kJu5f!-v} z;}@XA0zJgKgN^7o?@2N0ty#j2f{`wd5k!#$g>I$-hs?s`-2pzAXD{`cpz>fik+RY z!;BiIUu@n}{&Ks7!X}pj<^R~zBnok)RHB*Ow}zJDdqKu=PgN|^O(e1c?Z;P~OPM9Q z2){hwCnyh%lx_BPRnr8|#h??%&m8)~@>;U){>byoOzeBuga(#EtPAj04J2Hao;^NP zohFkU>CzeAHY%0^`EacQm(*cp_7iazkvhH26Xo$|u=<6p`yLTw5A8|;UU=#uW-|KgiwNltwnC9byD;uMG@39>NxnpEk+%nQB~oIH~6 z8)EYbG+^vCL1$ zGr((fLD~9rKNtI5tF-av7i?uyGjxwc7$-m%nMbnPNEsoU@#tRv3H((>DNaVYIVN@X zjSqT;*MBx{p@akPyy=`(ZWf!7$=SW&Fx@j~_1q9vFOUtiVTJ7Zn?JMx`@H(G#_4>k z!k_3l?D*4|#PNbTC_AY)a(e9M^RxKjJ>i}lO~$g)XThN`d&1Q8AWm1cpR%DAu5lSq zvUk!JJww;&tYEaK{rz%9ck5$eXg8Qmc&lpe_@U6~*X@8k_xwvb%Q|~lAERveH{>+T zV*eAd^-ex36R<;gM;_(Zqt$z5kY?%H{ao$TlX|2Cs)n7>gg4lRW}-cHZzgvVTHZN%#;53ZQywdOG)%qpfsJ41T4&+5=`4~oix|3y3 zUpk9^n739GV)BA6 zb5bau&lD&^OwF22C=9yD^w?pX)KH|qK|RzZVS;i`?t>%fpwxD8nlZe+(xtJ{OX_I% zUFA0u$PQS?>@ykSEKuuzjSE>6wSTnyWRC39sT7`Z4H*LvQE0=sT5uPuce-zW2c4Pgm`l z?~;o*^=sgdNozD(lXd4lcexCu*ffBsJ z%bw!f#`^1ntc(<=A}L!Sp7`Q#4=X{b@VazoRp{%cwmSF%B#7mai8 zBsya3+5fl!&#QDugN{$S^7B)lTy}_r@NZOGD(z z!G=;gSzk6(ul#FIeUU!IIbPsJAv{(6>;*b&0-q>(k+xN?SaxIt%sKIm?H0(OgX+k( zF7xJ>o0VHE4~oie=Um4RPK*1;k&tgf=CPmTED4(8j%-$PAd0n5A=1*l$H@pr4#YgB(<{i1(m9UjVqL&?-42~7!hmHIf|~z-AS3c zp49{GtAFhw#Xo>Jtx`rN-d>N(>-oUSP16>d;-Du}DkUWk)0q{3k7YxGU&JE*_UOqd28<#`jTX zsBdz1vvLQ0o-*0(`<-HYifXS3Uh*fAGk(K&oaCBEovMa|pj6;qg266mONO>EtuJ=gN zgFJs~7M@~_f!rJ}?TOTDOBIZ-w76gzug;a}{fL&llDP$|gG3y^?C)fkFb+kK62#%f zMNM+C@o`=I0X&`4Yu>fuYBK4J35F|(Ot1R%)FiN~-Vn}NVF^E7&{DD?dgu1DNyelF z&IzT2I5p1}BIhGiu(cphIWLlNythu9RlweVW3cYo5Bggl!CRx5#5SrsQ6acdP}GgP zZN^qmfd}JI-uwx1?7r}QVa_*xPI8y4Eo}c> z=(+pEdE(iNGgm-AZ$(T{xqjm9O$FbVXw`fY+FD?O1^#`;VO5{SKM(%+z&UOKkUhNwK1MIw zi-y>?!90@#$&-cU46EV%v|D^;7?Kaog~@>*j!hxtfe|~kDoATQrZOGZ>QKRYy`96wJZlT z(2`%fybrh0O7D1zaYd6d2*#mjO@%n9%gN4BUx^6bJ_Y+~kf(}g!Gr@V6?(YN310Y^ zjXvnF8oxjKjF)3fXg-BAAw@C3L6~2l~*A zFy(awDrm>KG%LmDRqLJ6lR+MPz_ADIm4IIAC64U#>cQV7Vh?_k!8lBXNPm^0WblCj zMp+%}OYnY<@8bNSBAa!zRi~D_uu4jON!|zQUoSM($NYmrcWO!wPo}~sek3&5`T563hnBuLks!Z8`e5@`mcs$MQE?(F zU)L2SlnwZI!McEqFN#NQ4c(QnWw{j(;_h=A=C8kdi!fYyDayoba48fd6~I3KDBTi+b$ir6xG%5_!I>A3lrT?{DbERRooa z*DvvwZ=mhV@v~|bM-=3jw&s=rduqCtTK7sV_tOapVhmZ{u@|-4z&Nt~KOlQ>3E0`c zMC?SBzXN%jyO?#SY7#BahO_jW<*NFwg%<$2-wW~Q+rdXlm>06B!=Aj8IzOI;!#MMX z$huw^Np*@!*_Doyad3V~b?VdAstrC>d~bBSY;oR)Oc3P#4kt&0O`J>2o4B`dnZhkC z&O=yX=c!~=0UczI!i&o}8NY#*pJ`zIw0X8?qUBTj2jZU3Xw$~@Inob+&OA?Z3+ZyMtnA0?IH&k(u4GfwB z{aO_JLW-OCQ+H23TFs*C9rG`GL4C{r{qB+-7gUfveLl=*uT;#^L1n3k>2>^RFkVyP zI;TpIZdW>DBIEXTL;=p`2gK9nE{mAN%O(V#&&KE1X;A*~FQ?lL8FwFt-ZZ1$pS;QA z3jAKu%aoWS^-$Z&qleW6-UssRYe}H5+kU|>_#5T{m9X<8z6ZyNJ4#poz&Hb%){s4H zwOJj9ZZ8{^{Sk#!%XP`!Y7MB_sBt_&JjzWk!<2y+>zuuya*Tt5`(;7nRA91Y^X#<} z)W7l9o&_&toqC6P@hFmUit@f*J=~D9WEIS^osR4~5%w9K zj*zv+Ib_%iks~01ah4)WA$u6SjiQAOj6cxGf;Zv(<;O=afsk5?2z`~HFfXbmG*+j&m;V{e<0$w1kUa|J+5XzI4q^wuS^t?mnO*$tx!w#|xfP{&ToHx`Q8v3t zmb{+J&)HO^K{eDiA2XP5M|yWxmyTVv1m7#JZWzWn0`pS=hn~E9`JOBJ-Yq52hyN*y zN+s#xc%Acu`|2I1(-#XHe}GriovC+U@OYZn5_7&WQBR#V|n$3=ujXW!VHcNH(k0U)T z!2xk5gtoAC!VTo-!8|TL)!k#mv`XglpjPi!Ph#Ug*F6X8`M%na=M&dAhmo4Uj2L_I zi3_p2-@-Ucpi>ZV+Ty(Riq|L5&@{jfA>FtCy<;6qQ+b!IV!lrpwhL=%S4&6 zy3AAYv7~=&LBV54%Mf%sbzFT_(}R0QPJWQ{;650;feD{}E3Pbu?5|_BbDT1@(s>DX z&|+n|r;FFSNM160WUQ`<$(%0HCJ$|M(WaX+;&t?&lx$FiX2 z6IcDh!kdY!UaWP!v<(YTedjO7zk(CuNZgKF)N%ch6$B#eF3oSu8e;7OdD+4mlfvj) zj|*;=fnDiOR>AP0U9J=II0r~;1$KWRE#?BPp&drHqk{C(M z!droHz(h%iV^CqGL#mR&bP)#Xafcj38dA2!`x@-^rbd2E_gA#I!B^K9r*X?((Q9N5 z^Gx8rpx9c>b@G2433eW2-njjB!1+;+w!ZZ)=-Z*fa$NJjG+~`y65U4&b zjM{QZAKf4i>Ax$wiTKbRg9*k({qMOXNqiN8u`W!a<2 z_e5W+stW1iKsRA}Mu)=#SN$-jvoU>>5?yQ!i*z_A#tC{Z8@b9*l@CY3J!rtA6mDnM z`-Vkm9auD>$$sv&k2D0uw)I>?N=|Fj7b%j$-d8*UmmzX=iq<8mxTON zWE|J3^648|;rjp)aL?C1=HS_DE_LkbJOOo#!^jimD z`nGxg=EZrmK^rHRDPMEOyE6w53;6FY|FIb2v@zmkF`|XBD7*&mIqfu~W8rA4^x>;dZm5_b8(3u!S2?aspx;@gmtlx8ZxA0y4dW=7Iz#px zp*L6Y7MoVR2n2PIu%ChMwicX^C{9SFzH9X*xp@wOeZKuNYYZh5gVi(WT#WvR%tgG0 z3C_7lhd85QKaO;a4zKk}f!_=7f!i;Jl8o5S2AQt<6gEjvphA?)D27P3^H*5Z6z;~K zCa=6|epeO+=lnT`I90q_lXG-jDBR$_Fuh*5`}f3~6pC&?9?A4LPI+}EeFVGP-ESNB zLw`$FlFyj31`w7u4xB*sufOX@ksKG|MBkbVl=Um3Kpz5MfPQ=0mR2FQaEnrrxKFR< z<42O9uSxbAx{H=ilKIL#^*Fbfw5*h0YiMu|6Vl&URGGb{dvVjS_criM)eoZQv3jOr zEaTY*8q+YupdUg{oQ);{0b>`4J!`0(yzfQ zLdPI0t@XQIt?=rh1h)BN%yRj=898iPIAEhygkpFR7?{PR`-_r957f@ozf_)gt+8%QmEmEKQ3r*m8^=qI8&0C54?(-{9q zm!H?PqQ}j;u`SC76_w{;98F6YW4&xZzIEJ1Jdu2#T_S?V^i4mftC?tjZhtJNG z1K|^eF6Q4I11(x?*+V`5SN4d?uHFk2 zfpOwOkolPY#1lDx+M|b2IG7iL7u1Qt(+>%WXzA~r9ek;5o0RlNSVh0 zvz0kXrJU2vr%m%9J6T&*I-&ZE4e$64gGT@pF*k7oW^AKC7LQqi=~-0b^@3^Z&% z?EM&6=QYS4TW03VE=+@Kt>U45hW!e+%WW&b#Lug;`F9M;S7&o=8VkrU@&2W`zGSxp(g zCwV(P=Mlg2^{n_lP>1!X_$^*!PpWre{N~rDsrW!*m#{62L&$+V2jB3GVLjp=U9`D_ zDA^I^N2}n9QB_Yw94cymz>7ET0$Hk`HNW(ygJQOKz9^f`gd(PXzF@6^afq(XLG~=i zFir(~at!d~gOk%&_jK?nhs8K1*(d4P#XzlhYalED%-|sc54@xGgq5AQodwvu+Rj8y|)0@Ebpqx&3+oxk)J}$ zqy_XjE=+E4jsh`ck3a9$&w5!!QqXNz#JbMs^V7Gku{OmgKiW-f|7MaB_}(oBb9IV; zul_opTv!@@-yN$!|;G&io*r?8@0|Ug8q4R65fHw5tsc%PL*_Htx{sVAg83a$z!Mm= zb5u4mRCy@T|D04}mt)ARj|P6Y&s$CNCvH#7ncI)dbC2oD#(Cw7;GDK-=($=7VjrMc zs=pr*0{xImn!n@5+U8N12M)z{o^!F$I4Xm$&dtO^?X;me=IT!_w+ReITXHcY7>76( zdEcQV?QATYvbbZYAM6{m@z3(jd{_r)gcJE9*h(j(QxCvByYyk>-pK|-iW;nl>K7~W zVj`F5a85e%x%6EHZtY}ph_1Ti}l7f`nPBH z`812+=a1(1~~@*ta_iDGFp_{UTEZ> zBi^yQ3fPS>hv1^5-c4OYJitzaKh&1d*x zKz-27?twt0;xI*cZO5_T_{vsVZVIT!l}+|*vn0AaqRVTNnl1f>XQ2<}!~d>l5~^K@ z6Yk53u&b2Xb_4wh%-8vI^De&EsHY0(>N>TeJmI^z2C|B87_TIsjndfE{*jZG>XFzm z+=cpW{>Qn2j8CAUJsC6n$)~)u6&pO z_i|AP`VI?ygx*vdoa2i059@qaFhA5svQMOg8|oBdMEg=5z4V2QKi+p^_N1P>f^3Cp za_hl$Ga^@EHG4UFo^pLEIgAhghlA`J%uJmuStiirqQgd%v|sH!Vz(_feeyNy=54DE z63ewrOK_W_H7V}{xF3IRrY+=xPOV+&^$g}e-zB9(p38>p2Ab%IsHD3sV1J$}X%ULM z>7^lr`&NYd3k8?u0PyQ}U0Deu&JBY!mQ(Vh0#VW_wifGz<_6cV04 z#fuo(CpW3Zc-k(9?~pITIAli1{-5uCbJeT*yB{gRJ>M$*vi*s9NkRFgaxSfTS#RgI z1(4_8xrT#}Gxlq^!{)X|CeQ3rM>(}Kj6*(_3)!Rd_B~CT*bXMU0*H{juKg~3W7M%b z_lle!qfpfO?9DfjMBYXvSIcks;WU_5TM3jC5x~ord~i{- zMR%{05gp}Nqwt;e+Q_B>oTJ18*^{8kBlcsJ_NW(hYV6hhq4(g^ott~V$=X6u-+rz6 zI0xL9SzhT`R%$-Ka!KZKTU)0F_lgh|j6=1K%me%gU!+O$94lLT4Bk&7@0~n}@Qyi$ zTqA2c*-d}*2$1hJkC6cvM%f*%EE~=ug0B13r`E&b)4S9X$o){Xb;PeZ2^~Kw1Vl*B z-dIRdM8>&;SMoal zkWH><^dL$e)y0K-;*om$zWXCd5Sc!p=6VNIeX>wFG3D2H88CF}R+s3Q`qCo0L+OHgfjEM1YGk)pP^0V_>Q)%Zeo8-_!2*(tK1Ni$x><0njATMgv6^%vnv9?1Ld~OX# z`^3XqsM7V@^R)WzvXPZ{6*!Iie-_4#^=hVsO|4KQa6R)p;Q;BZ{yujSV1WlXH#&*6 z)X@iS@z+4UNrCfxPQoN+i9aXZ+Ig_sos6m)(6ePte^<$1c$e2Qx<7H5JjZzu3jUpv z_&vvwH2aG=B6Jho)5(Ae+HXsG5o1*(_=dr)3ibsre7@SL0=f&;&p+Bq(ji0{3G9y^ zuevjk8|A_6Nqt^_n0|=jl3RPHy#W*rlG{c|%R3T>PyP?eyeGNHLSHb6fYatk`M`dlhE3XRx&o=h|vi6QRhqP zWzGH`T;vXKpxx5%t6AG6fVxOV(sZLAmYZviwN(cb)#VE&aRFc)3OpJRCyL_p(g;pP z7$wljhRXW9Z=={T``h$6s`6wRFLYR;8AKjszAJ~~{&}R`gfCuI8SV}fUp(qqKv?Z)2ywzi*7Sd_p#{!yrkBvc3>6iTe7SWuL8z^l zkaw-%_S9j6I5AL`I!$p#LF9D67l|5_5PVO8U?j$SGClW-?L1)v2l&%s;Ii!N1F2-J z$%iRMGsg%aA5b3u?|Vq~{nN8ODt+a)w#e;VG(fyg(z#7)RD?iR67J2&3QS)#8j{9Z2IJ7gNr5=$pBW91jG7`4ffMc3>hXIDT%oeSG*Ng= zouR!xrG^ZMf?eIAC5Q2M4IyiXtu)augv~xcegWgqWxM<|{*vC&39zFE}^H1>GJrAz0Nx}UDrp4zt z67m`oJ%$CvJUnm$NPT!yZ64nlcDV5^l!D(tBE$8&I}i_VoN0S=l%=(Py)we?T9-ccv4(IoyRLext6O09u;o1K6I={u3j+P32awMI-5~N>`|k`hp{QRg zUH8KNmgUS}fheBR8of2Xc(sB!A7n5#A<5ui#lc%J4m(#2Xr7&k>x&nR=_#?_0TB_O zZ#JV@icz~zSW;6fN_q5GHlDzG_;_7;|LY5*8zH97j4wu!?khr&Zs+f~I1uGQ9Ah>; z_OARX-J=%Z$w&r;%ZyZ_Hy{nptzvS+K_3N$0e*r30(qkgCdzEITSzxqLZ_wNB3PVO zgd>*)#DRm$IZsd3J~fAeD9C?rO_hcx+GTWo1FfFL$84*&2Y6Thmkqfvug4-18C`bs zqNJ^2Zb-rMUm~0*&(B@6Ti=G}Ym4jwpxie;vt{kQCth6J6^-vI;PdkQ1N6&o?`}lJ!us&b^Uwap4sUV4s=v`V3q-J-9ME6H&h8CrN+I}XQ2Ha{`}-3Dd1`w0n=JdK zIlfKmTb8lz8Q-jWE--t{|LHeqY3bs-7^dYTGYZ53s&EqXVGV@d{OV84+LdBQljZ`} zd2U4f^AfWgaugxo0_?3?6ho2hiT~mVfX0QAu3)K+>agEr07SlRi|S@}bO$MW>FWwfZ<~Wl#4QJZK?9a|h$iZ@wz&vc99zWPS`EZehN`M2nQaKRvj+YK#L6R3 zwu&GO9s45+;r&@whXc@E5fj#EXrgbFSQ(9KP?X>1<6b{29hg1Vq|b2@?c$&gwXwH& zb3i89i7#+0r%FJJifpIOdH_CJewM8VP+RUvaiZ*2^vpRVBFl;d%U`CRR)BHrb)MrS zx8vBSd;{Tec|boa_pe(HncBHFmj;*1T_S$sE$;!HUcMNM1+gJ3(ot8E7;K^TO!*;u zJ^?t#^jW`QfEFaTww2Fy2=wzLPTa&A)YnJSp@!(-Ej04aIf5$yx@9>_`G(~OYe*P< zNJjfa5J9PNF$l)VuY1-Bca8Nmj3}byl3PI(G>ny`Rum&_V>#8WUi6(V;PejxS)UPw zl(o#|&KBQ4az5Sf$uE{75|qI>1vDz4c{cVP3}^FBIMDzzTe8WwMS6LNj>*$L|s7_xU;wHfI<|1tv&*!+moPGiz4xop` z_aUD%oARl?>^nThH~j@THK022Z5>(=n>5)yPStD~_hyRI4n6q$JlyykH&!zmaiWG6 zeEMk)_)$8A30eE=y9`8m`$ToGmJJ!&Fd*_}yhY|*gQx5*G}#war4PSYwxxo-&!T)? z&*%3&w4Uw?I5LhqGr+Ht?UCJKuF&L*#fMgc<6OP|H4W4y`6q=W;|`)3t(xRW$#~Bb z&}(mZ{%3wf`R9E>^ZZlCfLFmaod)#@IG-vI;3F2ej|}x9FHF?QeB3~wegeLCpuiA) zaZ+F^WtmyKQmaaQQ>PT1b59K7Oz&cUiy~YLEvp9NEw=qq0-D2==O)3G3ZW=GSw~{W>OS)zsV09~|iNKp#AIay^t6Y$Fxk*JyfE5>9Wv=Yho` zMFrWP{rN97(YbZLtpf5nK>eVw3F!-|jK?pPWyPK!GVb2-@XG_y_Rnx$*+#c^jIW)N zq(bR1UPUo}2eaoD&hviJfE%!qUqBid#0IQM+WNHBDWLLy6^QG}O0Jwv94^$BbrDi=%Ldg2W{=q25{Scyeks6GNn@poI{c4g4ca?V- z4=nB{`kM9myBLbjF|R(EpzALHep!>?!D6|5-u3D=)%k)q&%pK9L*QKSrz0P z;!1&?TT3;bvswjgT(3o>LF01V$7p*;>s@xv0C<80kMY!{mIfcYBDJyeE2!QdH2~|X z>D}9kOp2=$LkVS`GZXxla%+1RFpjmX?DPD*8U3hk6Q8gA1JFxECcI~kMRUukcYbN0 zjM0f_f&{1^{w)3WIPEv8NE_>@%NwzH3JvrE)1`=dab$xyCBhDLn4uAS62RYx)iR1h zF2PdIYxtO+Y4BcM;LZYw`@J61`FSArGosBM8h!Y-*P^1U5Nsb5_5S*Neji@l%0@yO zpeqgsB87s&tO2Dnb=Yp^%7whyvZuZ3HlXge3l+lRPPVG$LoIp)W*t4WQ(*BH(e&cy zJSkYg?8HW2HN5=XcI6kum+Xxp zHbwft=BGjk0W_|Oh%ksx5_6ZLRE|5q z^E#uqK=S1$oOr9{vQ=bPOTrKUs&D$&e->?Uhy-y2u3zj?g!!uSbOQO5`45Y~BhF>Rcr; zEK1re@+bG#Lf5dD!`CMsJ?wknl$dpWB`AZhrh(o(fl6;eLgsG-rb`iRjztC8Q)u=g z!F{dS@+~J&L4w*ShVj_bF4jZt-QX8H8n))m4fykJ=-D1}KX_@YgQ|k6DMBqv|A6@| zqF+oaL7dn`uAl_CV9a$WAR{evWpW7_QTA}kAZ3=55|5&B53B--1>CYF1=7hKo|+VK z^!!#donyja4bV#4t%QYWkMHosXu%#I47wG#G&+aZqiJHmoEbCoR7tyMBA|6G1*54p^>L`wZBCG z`a&p6UbvU>xP>?$_}P%t+k02H*i?dZ(n~;`KCGo*!sNzPR6yTm4=GeHx(>;HtI~Hp zqs?<{!c$5>SE-lS#4#A3+FJ;89XGm$ zJ5zjXBH}96k-enz3ReTL(uw9;g(4Jznf^)C+mmbdtaMg49L%0hQ7jOLex*8yA(KT{ z?H1@rq4t0qBtYysP}@4RUKT|XFoQDyctxQ{l-ffKD5QX$9N_Ed#qN2RACR<*5&^UJfMyalgVMW(&(-f9wJgzM#+kzK5Mh z1m|>z(Sq#x%Lya`Dq6}6AM^REG_pCUm#@;}vBQssEr2Q!L$6GVCF~JclYZ9H%P&IL zw{_tA*SGW`5C^i+jcaW>FDow#@WcK1kWlPY)Sz{o7^y$&1q}Mz0A3M$cI6***mH5} z+0GZozT{`+kWFfe7q~xyLa;n$iaZLkp zwif1dYWw`G*?GeD*>w*q7#xUAa8Bp5UgF&v$_s*$mjv}WfWHBAHgC0-zrd9pimdk0 z%da+S{twXq@OX9&f11%G+rEZi0ye2oJ=^O7jMJl92O8HoS{1TinD(|Z;Bk9J2Uck; zhT6WbVjeISrZ7>Vs{`WC10|t-dyh9x(D&4p@ArNoxY-|rir!E5o69oD1M!-`lJ;6iCkyby z-&!kLs<)P)*uS0FUNPP#=~9;@zCylxOs?gYY-Afe&P2Dj59>y0^(Fezps5KOZ)va0(inh zXN=2V9JS4~c5#SEKl|L7MF9O<;?@xN=^DgCt6ghK+9SGh+SL)oz&X*KAdV&)Ap{p^ z2Zi=H@MN4PMZc;^>bOxqj$RgN?jDF+0naP`@JEUhaqnJ@i(eUu_L1kR+XgH+C#4s} zskyX5M)Qq>WWNFY4JQ(BD37}}-5oh?{t~0;sKD>QzHEXWsX(Z4{kr1UD;ZC3C;Rd* zGSy(5;kYdj2Q8TMv~95I8v@`l1y7G;F%L0lXNWf_Y|c-6wAGN8Dy+5!*$)mV0sw-vH7b)2;{f$ zSq>YGlbgo8d?n`flColZaRiJr9`!t~t4u5!0Yr;-6BJ+twd06WIEAiEZ3uxujNr$- ztBnG5O{BPN7xKkbma3Kx+NuXb8Wy+zz z&Po3(Zo`oNm30dQ8hS;POjr1q1)#nl+0Snp&u6O$&V0l--`uravegQFUtSYw0C6Z( zti{xfvfXt79rcU(crnyh10>yxl$GLdm(1X3ynrYD0O-|4E|amO#nuPmbI@ zFniX#p5xCMQE|zaNgWhvKzyt)Oi;)RLa2wCcn|H(ru+izhiM?YRD|dJ}?m=k~>f1$dd;FetXh$i7444YE7rj7yKE%{3J*z*YY%qwno=upJ zf`y9*q#tWkTtT(K-o#h4nwBf3bjz$=R|DtdKd-BA#_Q_ow3%fhfF0Nof%n(#$M`4; zgyQd2q}%)kJ|w(ATw=n^!n1_bkv9>wRd(I$J1N_nSuoB9g*Rwi_ac$sH1~BLmw?Qz zU)VvOp0!`NjmiXe5Q=xH$!uLJuwOKcxOKjBX=D7tTq#cU3Rd3Z7<~WQluZJ0+Ord_ zu+!y#c-;dYtkj6;Ri2I4@|IKNe*!kU38 z0P4Hd9+SI;RN-aQy`3W;N5XwY)yaYHU5eai=b+;_1FG#?P$tp$A$pcVa1I6iGi3I(pAjjGM>~$&MlPevKuCu1ydSX z2jKT+A-Ys5I@=1hb3^dfNId)=a#i%AH2azKYBG1xf# zUQ2{%wL9I*X);@S2p;I08p%F?)7X;iwZQN8h?B7r=Bc7E0M2P70OuHE0+psXoYg`J zQJYQ}MS3-6_ni)R1g$_+(TJ;i#K)5#gBZb{Nj1%k&MV6dj6)sytfyTzx9ci#p0N`7 z4V;$=_qmNauY44XD@)R=j^(Mk8#!n=GS}O<=XU zIQn=@0nXWfK39q@5huDzW+2m10V|ecsHGlhT_EX<%N$fE=ZEGS9x@=_TklICn_w-I zd7=Mlz(ZVVuPL7djH4+3oCo1iG!Dex{-CU*2h{61KTdqTO=0&1nj3_2e>pp!ttAK6 zF==Q@V#{vw{F2Go*GPqbUN$8?fN_@EpY@q2yL1kQuwLi($ABInuh{=5RbY6&h_#Fc zQt#RRuGe=UyT8ajY-iTzB)E z`)?Eh9(Pql*pF94mlFK&X$8cO=+*FIG=Nv#yzlWoQf;HOY41%s%7!mhHUXHQAPE_W z1L7QqB$sVT%+4ua0Q(meZ^31{VS10j?eY>tGr{8tJR)$8yA92^Yy2Zu!uf+Ae*)3b z?&u0E4j_pZ{H$|`r8!1J>1v+c`U0%0%-I`8ek&N5DQjWF4&&%K^UQ+~IcSsh$o>jA z;w8*ZWiybF>q_;!87hCG^SnDm#C zanHY{1pJo0PLnjDwY$5s04uAPmlun>tBITS^JS}n?$%BYCT^yz|K7T4XW`>!W94Y$ zXvO-U|77vBaAjvx zNSPxWqU^tJGI>8{ns6gFAhsxE}deEQpf^BPms$BBHc--83WPpJzuIm>n{>78&r_aR8o#1@JE$ zI~ET|o0q0G7WNjF7WU>W<`%4h4h|mfzO0}*dil>&ddb1Y#`%(s_kW(&N_f~!$JaeR z+Y;cmCTBuOKk^bK1@5<54NrGHSSfP(z|OCp`t^w}C769;VD!xwI8qlT%$z8QG$>ef z5t*>ZUV6f981vn2NXV!;7>L-;<~s_fsgIUX?iOE4v11#ZwwJ~~y_+sRzF94tC%bUw zM7tjx^QB} zd4LD5+9sqV4kRQF&{(?(&9tiC?NA?H+gHH#SS+1{bviDApyOvJsT)I!4F0TtmCQY@ zOEzNSnPK+;0{+2Ch+-#+O7Z9lPF_6hYtcCTR7V*5mjgdBw~3AQWZI7@-Ih3$yLG2o z_LXA@(H%@~V@@keaeC6Zna`_s@d$U+8B@s8J_<{ekOgXR(fP>yYuCPEf+|E&yE4=! zD+?6n*U8Qu{f_%yF9yseb~vg;A;7H=qhUv!P|A=c>X=K>!yTZ@w^UA2*zg@>r` z`bnlx6b7?ui$IN+x>62*$vZCXoi~${UzXUtt2M8ZB6DESA^*927B}R1uRU=H6*~<00Rs_k zXMozltWqTAx2H=_SNbkaY=_TlAVUR`I>T{Gs64t9hQ04(#nvq*DGm;Xo%J_N#QP69 zuYDc!c_z`3U8E)O><%%n`wJ)sJARU)u>Q8*KA0<;MYpv|p@+;6Pq9Q}b*$HpO7%{v zMlmpDb?IHGZ<#K+5g{R$P_0Rtz!_=*tiytY1l=wFN-Vw+wA4tNZ_k{V24tyj!ayV? zQZUroU?-ycVil2_kM*ORt2dFIHWPD=mHb`_TD}3 z5hRt?KXfcb-?Ijr(Rui)SfisDP(B9Y?(p^3b|`LqfNH5E((_azpBc!azjEH2ew;+6 zXQRf!pZN2t`ruO$ZhRa$B@MWBJRzXD`)eJfKJ){&o=60rrSXj8{~j z%+v=AX#KS1)d>cjP#2c5TfdKEbtdpS5Bc}v=!9BU9bp{3kJ8pd@A%;#r};anq){oL?3h9u z{_al!n05B16d>z}YGb}KCUekO+5k`X$&Rky3zZfn;lmzzx@ctisT^IK$lhZrLR=AR zrp?SA0mBcKl)(n!0f;Z!n~YdjI;qXv0ZlJx@ixtb`qoVIUSNf4mvvTuct2{V|NTjK z6ieDm)&KM7{oCZ%3%tTBr3_bbzjEbiz9e1<$0(D`!{NhaWo9hP!O1zVeS?Vq@*nF& zy}uuWtgC#2Zuaw2qQNyIW(1BMs+|s3$wa*$ zT*%dhJPzQNb>FvVc9gnOZl*BBS8dyQEx5H1Rp85c&Jr>i$Z8Jrtsn@@y6?iDLDsc~ zXHqKl>^{ukK|eBg_;DQHc4kh`K>v<$XjS^OAH++(1D_TnMO2S1x*GL@QI>cSDw~HZ zgN0r8%3|$?YF()tiT&b3^t%vQJK<^^v2F~;RsEFrZy7B2izqdZ-kp59R~Y&vW!3do zL^n}#YhbC+LH`H!kjBk6oA4*3T;p^Q-l4u;WlOhk%yHyVp=80XdYg&=~r38i(PaZ0clS zC(3q>7y;%&KI4nMr*;Ad+9w+4WXXy0*SMctby+%6^@pmRcn#53VWGJEGjnI%X+L4| zv7+)Px_H?+41MC*;HPCqNusjfyts$#J~t#tIp`(d&{X&!{-(Td7r1@_7#-HXt2xu! z^GW4fv4K3b02afR0_+26U4{cf`pox%ylq1^pb`r@1P!X3VYj6uN$LMQ)d0#Vci6!Yz(0f#W+3;*#NETy;-#aLyM>#mvxTFThm9lP08xT@k^lKq z)<9FhgLHCqH!*W(1>DzX{|N9Q-B_RhJ_|P=4<|1#I~$vnI6J!phoqP!uN1pDr<4>g zmm~+jI3I_&6g!V38#{}Mn;9i1xG(m<`Hg?vFIG=>7IxO>ZptpvGfa#2Zn$~QBB*LqiL$j z+mq~D{}rTYo1O`}k4{;eankM-SJ5mFZ-?72b5-*)u_c+R<95WpiwOCIeHz(=7%bTs z)YEu7v6$v8)lN`FfFdzv;~rNX*9+%Q>l;kgb&`Za{T_)F#wcW5-Ry3Uoj zb|3NWUtYO(zsGRT1FZ|3ins?^hIYBZL5Bft=8{ihfQpJtl$p*yj$FbY zcoiCtDDy`+3X=Hmhb@93PYRk~#9y~a(XPr;?4}41airp+q06E0u6a0_boAVw#+!B6 z$b``NzN946X?VAp`?Z-&@EI~sJRBrkW#X>0cvNJsK5#X+%jnKa6wK)d9v;^01Z;VA zO<2X>Hd;bUK)p6O5cE$BkB-MfaQdA{_^A!e9+S2^>JAse6=L1&+ z@DI3*%6z9{RQfW7IB4rHAz?D%jMN?!P7Y{0O88fxvhD2(C2u!AnG_Qcit-)Q(<_HyPLemBzy*A-hP)4wtu@8zhHz7=^;E|F!4|V9ars?{o>4N9F zK?IMWYrc7w)*hsSjB?bk6ba?Hu7Z(wP7AXpEl!s!WRi01afX7ZUye;3Ky2YM$ED$! z1}~@{zKZc8NCQ*B+GYUrI(_C(`Ia5EOxr0Qy=}} zSTh~nUd2}sQ%5ef@3y9q-q&u;^BtZ&0>kQAf!L zpy~P7l@q~$T>-s4qHs8V;A96Ok~x*=g~hupbD|1&GrTMX!y4gor*JJc5v&a6<|W1s zk|}hy@22H820*`Sb*t6*^!JJ7M*+bxm7YIvcKZ}!vj`TNnvys(2&`6296pIY8n`_ zx>LYfsr)?#iRmYw6u3V%LY3P5dTlfz%B53Z2)XrP zm~!$mXj;sElV}YQ$Jh+ls@B6kk?o)9dG;km=Yups(<9~thi>+`qa$(w|3Lg@GrG$f zktV}c3`0795&<{UDu>(5t7AqoR9)iS2T?E?r;}c%&MD@poYaVC`en8yqe$i`)38*+x{4CHidNrpt6z$A8Kx*pDZmtG z8(#xI&_D^b{_ew$I)XeM!RiZx)Wo77%!^t0wbZ`$$XfV^Z?AnOcH7mWAVr_I-G9O) zx&ME|Buz`T%p-*At%IoWPr4bkzE{It*4JZLTHR^S)6JyX$_W*nvTdiM0-ry_s>URi~X1^u_c>Rf*M=O+4cv~-|$dD$ymU=Vw2b4ZVYqg zB`ZZK5{2kVle8Z>gAuijf;4-c!hfPaz5f@(Ew}!+n*s_!2EkGAPoCxOvQcA%O`j}G z_&Hq{^44=@u&tESLn~@-RV=S<1L_MV-t^R|vwz?znJa!u)LCX_%x)`5BC?3MgnK>j|L>ub(HWk z&DU&#nA@ug8`D*)fXX1_jP@S}9#nLuehZ)z2REstCA2a{Zxc5V5`ikE6po4{{ zFsS(Q0RIh5u8yA1j(wxs4Z}<|YDUnmoZjep=u_|!$}ho#X`5G3kUyVi`5y<$ES{8m7dfVKy@_c$s z=FG|nU_j@Bk(ytMqawHb z&Ki0x7jgUR>99uP>&8UF5yyq^`9D^B8cLQWw|yo8{W&1a>{jIYrlODBk4mdVzdd46 zbab}7rG$F z!TUrXGb*6^E+;{|x(9kWZGW?m|y7mF5E6 zbS|hpGST6FN-5tzIsbK(J~~UL$rCjz2@6gUzmk8qDL_J6NJrg z)rYvF3b!5qmbT=PxMc9=x^o|UdIwqL(u-1?Nj~WH>VKGM6Q{{vme>I1lmqtfgiwpfW{SRK$i!gNe zao6|0U9QZZx?;>>0yujKA3jym5>Zs)?iBA?j|*mzw}=&o$GUtk_7bol9g|Jrt~#`o z`P{F)>n#Tjv9@;mhPS#Z<;t$s{la`H>ATyyd$ffv|H>qq2*uKdr(;d6PaAUX3IRXf z8bjF5b&bs=mH(13TDQO}(@ThWRRZ%;7*ZR`HCRD8r|FCoxb3He4Y>rCq(@Ssmg3{B zpU^O~7}SKRI7fFPp|z+aCg>gQuG`qg!6gb2-94KLas6s8cZ z=$5Zk>0Xaf#hLvTc*?&pWkQeGc@1BRUgo^${bl;6z4}h-NiAMXFyn$fA}E?NS)HSf z`h_Su&WROUn+wK+;jj4G*S%-`$Gri!vSL|nI>OxfgfV(@u}=gyO;yMczDmVtibTop zbGRy+66eC*e{y|AridNG-=v=k)C)l3*GSPl`ur2`SHfya&wX#)2bRXbnl(Z~T3D?? z4<|G$iAzF6SUW>iZ z9cD&oyW~c&9qYVIqO}|uT(oZwY`(vJPigLz50z;4 zlu95YGM-dxdz)kx#@BSieuH`^*TW?hk z9%fttf!6isGmj@{{tDLpBSh8l*1eZjMcd}l!{}foXu_u4-J@PYO;sL&LhdCyK?Eu`~6CR6WfU| zW8O_TV@QVk|B?&(ys6sv^Wsy>1wN78O=|bR9y(zal)&!&=?ng+lhnXG3=|G)B!i^u zPNi$CiNSSyqMaA`5vNr|imK%obU(}wL^enN0EHr16&)&*+zy)@=5$G2jedCef%UBe zT*km_D|sl6?O?~w5K>W)rolt;HhPTpKiL~VN2BMXRO?sFwzX=om*d^9XT zz_Zr#6++zg?1p=o7t)GVHk%8Hc`59g{ECypx{rw&cTc%k|K=U%holY4oBcVb%m{0} zJo76R;!VR;(g)D%@o!j3^oxZf==DIrCispl;TvTE)F7t6#Zj*?G+$r>Jk;)EzKD%= zrX)ui<|^gkq&bZq9i1R7GQk~&(RKC>&ETEnEOZxw`NfmH@4n_{;TJtocdm2iy}3+H z42b2KMWxGSM)&AFZxDM{=D)36!;A}2THBJn!gGzC3E`zLeAqK*(V%M^4xtXCr=^rr zHC)}SxxeN7Op((cXvdwgb9Mx^>}AYP*!h;c@a}!oJ8@shZSNlzguS-emvV8{OBOP# z@2%Tk44rq<^pEuqfA6g*FRm;Kpzvl}#HMw}abl1-@cy;Exs)sM_=jn&Okgh~cAB^BO>TB#bcSIPzbYU=TR)cRzk z)Idqg$qDek&(vq}!OC8F;F#oxwkk)vupB;x->elN51j*8gj zKqm0L2X2Ln(WgA87k63yKcuiy?nBsm7-AZYI$(X?;(UkLvZA|6CnLV^5qPZN(uw2r z>st-;?&E9-B&3`dbpN%TNcut12a4mA;Z7M+VT=9mte%2H^eSCP9T zTQ-pa*M6VPT+V2|;wJ3Nb!ujRqoN=3=aLPaE94_lQ2%rM5vS@n_^;!Sg}t@YbK>^j zeC@wMFwiTM=A-^|j0^IE8zVYI$E4K5Oj6R%W&+Rd_o+BL^m2-@RlVOfsXl)TeqdFU zQYE#pPsn$DNeP=Wl3G94^3GD*Z*i7pQgGj7PEk5N$W(5{0J%JJxt~xTg>p4P3Ai<} zuOjQcA>1n+f<=ND2VPBggkx$fqY-Jx0t-SNzmS2VqES>JKsv!xM*AUspQqoIkmoYC zOM}hyWRQ5~+-<4QkTSX@#cY@86{?>xdls_H#dMg(yGnA z>8(K}No(^gBt93)eg9(rqCU}z6BCCZWq_$`8L@GB%(X|$C5wo{*Q|Uerz^%pj(L-! zxw60siy!bNCQ)5qhWxOlMxmt6So%H(??c||?nDecX7OUb{4l6ih2VOsl{nM9);*CU z*R0AVkkd<9oA|dYy`ls}I>k+Vkac7J9g3GOzt`F{>DOGKd5-R~MKDhm^XD51qN)-H z!j7rju?zt7x2PH8znekf-auqVqME#zsFk}#e&G^dqH^_ON_iXTS=%5`7My{btaxfu z97@OJdaXy01%~-wdfsfFKxAHym%;>X?=dE-`74_nbKI6)A_Kxwm4>My;qVy@OwrCcVtYK}BER)T))yseIDdal%%HxL=3TH>E-2BvOU z51DDdaa!v`s)9O8|9f-aD=7nd5C-0C@$(9~3GWR7L_s+Q+S7pD&n;9=fyc(elK9rp zNTB}KC0RQ-Qd`Jh2tmYv<;S2NCiO4|I41xH#L1l}&7n6NT0fTnl=;J#*L|x@Zo=OV zRxXG}ZXn)>Q3Lwjrl?-Uo|HF(&~ijA$w7rghFbgJobYGmXQcJm@A>WnjNnQ@MS?#O zz?A>fgQ!$Hk0({O^cDRiQ17ap`_15Ui~)4xNC``IZ3>zMws-&-M}CMLWKY(MH^DyW z{kzo4Ky5)5>eG9X8&Xn&04X{?FXZ)vWuOCwv+=c(fmN0w7JPoRFoaQE{`?cDGv43% zk)J*RaWp;$&-44pFpim45HQcjVdrR#+oiIdvz;+(~T2!JSl5VE`LCmQMUCuj|I z;nw`+fF6)y{4YnVR_{Hp2JJ8*o6hZ6IuOBR0V+2$qO3=rk4l3 zt;h~ZHR)7{KXLZ_5m1!z4Tv>J`c4ebWIvACFk~MG#g~I|4%~@A^D}xxmb3A>rQ-7( zP%}y+?^j>@FtqpDTH#|N>3qJ6ehi><4O@R~j*QfcdI1|OYK*3uI@t>981V1>2+PUN zf;jEheQ1s$Hj}c@KrR0M-c80k(p%}I$F|uhp=)87%q2jPXh>ghq_{f&f)cprOyno) z^4qV?U>p^%XQ5RNYo8*5X3#2`AHaD^;-&vq&0|oN5MQ>I+V(V@%Lr7^ND=v%=sbqQ z^;e*78Rozvh+Bdbq<`(vLHz@=$F@?J4l+oq!yf23N_cwa(fsrG=^7)?CYd;#a3{nZ zP~m8lfv3^$4#VK3F+M!%%HmUT{~n|m|I0C&f6mV({P2orYSGnuWCMCAZbxw|Y3&bN zw0Qf66Ty+c7ZtGuI$&(hh8%G=y~kt7HI+XqNyGb11P8|P$V~&;16?(DeTkXo{stSU zfIxF$F~6D+y?EUFeagsk==r-)5BR<&uB+L&)}=4A;`0K}8Hh#`mUh56S=v4zj+tOM zy_)w%sdzhZL*mcO$@uo5HyrY2xNS9X?8#ooK;=t}!>O?h(#gT{U43TfX2S%5E_<)jQj=-l428D+q{JSX}q8h+b5V6+%U2tI}G35TMe zA`@(O&eb|roxwN<2Am*{4xP}5CflK>K`OBRpdQMd>0XX)*0jX&VX-^@#^~__IyuKJ zEsQzVT$$h{JtbwFGO0MZ&Vg|b6D&X++semPR}R;aM&Nz+ck!pbC{NGco4KE3iK5os ziM3Gz>hXR_x@O7~_w8drod2Vy? zK!qcxub75_!>-g?b8~@DN^7xoi~t}5^n;FkM36CYE~kp$+k2?&LEQo=b^o1b5zM0J z`I#1KfK7WG;dh< zp%8i$jDrRAF9XIkPH=USNLLxzi2&5t4b**>T4nu>D3_Drq7r$bL~F1ND3G;wU)L3u z+}I4mAH{eYeQqA%0x9bM+Jj~M5ybg)$UH%q#=ASc18ArhY@w%e#2Xe;-y-Sg;?$rn z#!LcreQrK@xnV~o61v}W#+F@SoGdU+z&JQRN`XZ|Pcyf;^4S%eYAiJ{2~dQ*)Oo5K12=Gr%~wZEryw>0y1d3;a^sU10x> z3boP}&0ezk)oDxl4I@SdX8xRKF75 z|3eu@Vo7x{Na_989@2Nu6~sxr$|0e8Cq5QHMFugpkN?mvvfmTlX_IfydgyhfjRH`o z8j^THZ^=8rjNP2W{?&=lMq?e+A^(3kS7o62p?xDjVu1I#aTe~XELw1Mdu;MeKg$dm<`AfZ%3ph4TE>FxN!x?+ z|KairZS_0Q)93->!9fP1eYD!WI=O=Tsn@1p z9Imwq5T~8%eP-j4s(E-npf$cii+Rw=D@z!mn5ORg#VX&BcntKjh|wv;qemd6zJB|z zQg7`O4tJO<7>7Ho4#csUEF;-4`!jt6*yF5bD0e*!Phn8Aa5E?`_$`RS%ogY<)#4TJ z{P{JxE=rG)(^K@^Mwpxc7)M6zx${5Q6XFoHOrEnf@V#r9#Wf8qb_%`js4I6gGV4}K zCkX`l7eg`5HGPVwz>59oPIEjDUslR!4bBNm1=(W?9j&mOorSIo+!cV!gwYyrlsXx~ ztoxfVKD30pK^U;ob?t0Mhxru&$CA4`HFST!@oRnX?@KTGxl*Yo<~CrsyoT{A8`y#O z)Y{BGLbJqtdhMLS@Uy9u7P%NA-=S>TgY);om5$n@HC=9Z8>X=psAA>s^BU$<2ia55 zncF59=@^ik3iOg`P$YzuaPP1=O((Y@l{x2aY%B!45Kc##ctQwe>?hB2V(IPCgW5$! zFwQT+=Y7z;ysP|t46?#a2dFscFHg^Jds%qngc!GUu8^?)xU3A^r-dO!Uf;+3YgbAp zQMx@|wk5?6Q~~<0J)(jR+RyehL7l=EYWFV!H<;|WTd?&@A9nYA)_R%TBH~n2oCnOl z&dh9eTO%o9{^h$FALB)i%jE$}FwP=n3y5QOfw0K!h&%EG)SADx@JrXSvWe2JXCD~h zh_lM2^b-eG6Y*QM-i+P2Gb~6Fq+f;Zn^(+?|KW&rykrJ(!l6)%>J`ukmbrj0n}_Pf zS7TM#*adkVVrH175>EVgK!4Rj=FucmJd~UdYM4}4*s~7IH8)_K;m!dNr>ZX|wSifW zPn`{@0os@(+jseqKEXYSL16Dc0g1Me3-tHFT+esgWKJ)d-^!ZJS&Spe8WR5xN1Rgq zxspq7oSEBPMcnB~1vp3?QSAFf?KH!U&I}TAD~B1U`@#cW(Kq|zEEf^eRcPGl!&fai zx3gzY;GCN*kUi%i`?GB}iyyUMfC|uL<2TVRS&7B&5|`8Q1V5*59=3oEDnzKGobY*_ z(j6hOuXm(}-_2NqIwAb~yu_(I{y(bDGN7tpYuJYnq#FSd=};*N>F$t5K)OS^L%JKJ zr9)6ax{*eZ5Jiw~1tbI!4Dy?OzU#gF{d;~qXU*)1)q~W-tC{yhUkqPs%K{xaG71i+ zzaDJR(xP>qJz9AbKPL7QbgJn|@c#Wg*twUIuovS>!TXG~ClTs2@{hy#+yRnDE|}~_ zk)7jR8cp{Y5=b7m#|M3ucZqMIfw#6)rcIEe_r?2! zdRqvJAO&WX?`CgDi~*$B?aObmZ~pnwkQPRFMy6oeHt}#VlwGHI_nj+S@RAr z$YWAKg-DXgbPG!aXZ|PNhcve|1!Kq!xZxaW5{QGZ|DY=Cw6Hoz4CrIgQjG=}g9So4 zv!fJ^n(em56jh*dL9}`7Q6srAJ_$2V|Wq-V!oBymS$Gdf_NCb@-W}`qlD2oTH7@ zf26p%6pd#n6AQ3GC6_H-aP}o<5_lEPnrd-syf2s%)VGh^?8o)*dSL0j;nyIt>e7#2 zIUEA#%pk)de~i23m=dBwHv2#)mQO)eW8%9^_=s!qUF*c?cmHlN18um8MycF;FgP=} zT~23-Y?Z@1^8awokiG%|AfHwoIlCCjk9)Zu3ho z{CMCgTyN~OHDjsHpDpnicCJdz5u-x$bBia}DlWmxf)mt?Mh_Iw*oX@isAyl-t(%Hf z4UG@zfq5pd(~b_KG)n9HBc5I86`y%aFu`lG6XuL`FOueJ8kdyyX~j$@7Yd5ky|GV>Rp*yP67`sZ}OBI zd-({&E=8Q?Ho`fEst^ZnR8WR=3InGC2lW0S%a`jN+Lt7L)4ZLIZD8z5X9YU`>Fkx` zxUx=vx@Y&&Ii{$Ei?HL{9E>xM(hPBG`m$?8zm<=?YX>*O=4?9Ef`?DjrcN~RkKt~| zk|Q(V2e{Zf7{J@>=8hRsGYwI}$o!cO(|@Gq?<+tY18l*Zoq&^SkME$vFby^105ACv zQ?KW+zTAf@0zJQ{px(7@;V@ny?2K1Q@D83f??COgYcpIP;Y5f-)AwLbOE!F44!lW~ z_GL>;uqAZ;nG?HqpmJStkxt_XsHZ}4!n#n8d?)hu&5cm3TN|g@8~=wh(gSgJHWv8~ zXQq_uzJZ#4&750PmW`nVn^P-wQ;V5VJz?N}SGQm6Ym%#|HY(e*HJb?MSASpxyHBMS zM3F@}J*7WxtvZNjeicO&Xyq<>7!>Zms}xiizS>jMTj=n;4k|a7y4C#}s_R7GJ>$miOCcAxE8jOAx^0CNFPl!cDTkOxKBN59=AUu@(Y}+$_ly=&o7;s zjRc*Ani2QXOT-G@9}he%CV82E;1uTvlV|Zh(jE*=Q?uP+zb9z~YMmsjvGa=0i~hd- zJvI}&BVu$~Mydh&tCqgC&#&CTSwut)Uuep+9}_UXf^$w^Lh^WC$86HM`9&TV__fr6 z^iC&*9q0YtGv4>K$DaMJTQ3jRVaO9^4aNkuotwhtqO@fua(g_uFwPP>vhxx>&TtqH zu9D}63}CVOj5%6z4mhsQk%;q6%-*H{LVcg>G)cw# z=XtiFO7?%}#*+L7#QFC^{V6-Rfu-Llo%#1)l3>)_L3?FKaA_U@?DsUQucM>~D{KjV zt!(wKZr%C};8u8paF~1FxB!NA^$RY_F+V#h?x=aY=zlZ9@UrxR&oD-K$&*Lvg<0r5DMBz+RsBkxs9n zD%+Eh%(^a!rJnUm5`1?zH%%*<$b4`6AWjYZeNp8fp*I!b+`892%8eu0nI)Rw)x zkwKfiKI#R$3>Up)c);-rqW$FB^nyGXb*^t=@~q za~_N(TvM`Nake5-@$3Nop#;O2ChyEmkc4mHO`<$46Am%c08y7vW_w*8<$d~dP)6XoR_ znEfub=8yr6OL>Sf*V!l$$83qZ_=`5QU{4dJrp3;NLpjI76;OIgHzM)_=6?jli4Ick+gB zo6MQ$+MZP z2XQ2JE^yWgC=!1F4`_y!$h*)cBjGXai)}U|j2+w2QEAW#q4PAXjPq1nk5|t>@LsF9Zv`J1 z*Z5`p^R=1DH?QqIM|S_{B>qu!f^l}(1t3oD^l*dC?6%F{Y;eDqCA#^jcr3N)KHlc& zV%((+(pLeuqK zWz{bQbo!XiBdKOX&?y4{DrR?p)?kNKD~`|`Iq&aUCDa(ZFwS=~LWmRpy72rt7SSD`htGSoK-wKC}y8#zGJ-M^3Z)eC28IE9L70N34u8N z!(oMNQl`JAfj{c?gDvBZpzenTNpzQi_~`x{>>OZ~KbtSmHtWM^ILEJk>ooF2?*keN zTpv4pcLs4VZ+NUCX2;1tr~xi^13_&pQ5H2^dEj_W(K1TA}sIn{_P=6P2KckVr_V5%28!*v7ind()8%CeW<4_nUhhG%pe4m{fyS1D6`UL1LZe4kCNfg}1 zqYTgGv8h$5q!z!UfYaY!_`{E2i0 zO&_Jn*5askxS!Yj`@ZpQI`TJfK}Uu6?}(TE)flGYJ+=vt$)b7Nq78%zL4+FcG`;nS!P)+TI_lKHgGb=|bpEX$A zL3$Pqxi1(A%|_HQBtuNW4U-+oF?r@>F`_p)6RHv_5Wsrd8T3_sf9@~o^J!!yaL9u|r6}9FNonxU{%2XE zcB+9Z!h>St>@@_s6~VY4!D$;5g?d|t*<|;M`N|J>9Oy}X^|M>jN#wr!qskx$rCfcIH)HT z5N9EL%8S@hzUMjU@lRCB&savk%e&-P{M(mF%dau=!5-+prgDBU^hG7i{-MtIRm_s( zc;EY)Fb*1cy9;pQ`=jQug0yW@6hYkca~ju>%1vj3kPoRz?xr2p2K}1g^xs4YR)73G zKaA&IN*cM(lOjsyJUGW588=r9#iicSM@t+}0+GpN^(YgOTBj+@lleKxa($~9lL6qB zM&Z%iCzBD**LEYNy7SorU*QdGpUR-cdLzHruOJUsleaVHVc?$~-Xx1BD>4Lh5p9D) z?`1=ErVOweie6M{UCid~IuMLWRvb#=_K8ozWBeuQV@5DrL#Tp zM?xxd0 za5Lzr`8s#-+jFs%Uvbv{8@GNOXQY$^Z=k6V;i36WYL0x1+A3UK9?MCcI0v{q-N^V( zh~62;$qkz2ok-x}YjiDO_z@duwHbAl!1JP6gC4U6+^0FWM;hGHS< zDi?>E&wO;PN+YOyem|=DYu)7z<6vST{o(r*%?ad`vRXnwACnpRJvDR-ArmA1`E5FT z7`BnOq!7?o*SGm@FD+a|s@}5Wl69rQ<$&j<$Y9#-K;xqEdF@;gr6W)I97Lp}1@&>h zy?CE}?!Z54)Vt61q776}TJ#V`o(?ApaHR!Qwq^~Ec|20Fg2{7TCj#O$x9^BbZaU0q zU4mXsCwbpzWDKoL3WaGonb7DR@+yHHXG5$=ht`WjM$32E>U| z8VISPaWx)30X=f0J{o!6?kMA@H8*w3=dr%;zN88|^?fYUxHOq)axzg7AkO>XgMpNC%rCb;06ihu(c_$61NUk^Mf_ob#r;2G(yQPc^V8(AVxL*zDH5R0 zx_jPyjr}KlJzoz~fjFG$pt1HQD#xN1ScklpUqWpQ-CCZB9%=Fok!MN?_aO?4<*b}M zJZWq6>5SLgZhqcI&#i|#OaJE_ler#;ymyA!UcK##ci>Qt1e#7DgFKgJ@hGo4)r0K#4`*F&e$V4oaBeWdI5=o@5NCj4hMkATaAvU^ zkw@`&BehKUfpg`ka%k|VEjEV8@;Z2@N3>I-WtEdTY=|$=k3wcJ3WfWxecin_?iz4PsM;fZ?Rf`yHgDBZrRy0KEbyoF%s=D z6)<^7aFP4;dEqk$1HKEX7~mpxyrh^e9(frS)T~#=hk} z>VqoQKuOUOsAJNq&?68t=YI17ll6@GYnOr7yBv7N9wxwE zj_{=KekYT*(dA$Mr|O_R(_9QbF3uw4Iuy2zG?=x=qdYAEmPEwMru+w0wh}w&sV?X# zdPm3Rw?RCY?@oC$Zz-h{6F2WuESk~?O^-~NJWdHnyTEeU!q1)5VTuh0qYW2;yW>o6Nj*WqO(nB1`G$)-=UCtO?xmYh)slM~prEkxSrKBfi;PtSO`)leqEW z^_4PXk9{F5jxXa>!2oeIOz$Ni42465p>wP$Sy3dZuh1a8C%nSYUlSFP1>#>UD$D)q zmpzZ_^2g2$iGy=oaP#}&@^lJA97*MH2Isx;RWEQe$UX{1!&ylyNb2n~F=E%1U8b@r z1X(7Ex3#qTYoiJ~#RtCGb!R(DkTAnI&OXR{*+^t7Xj<*MJbojh;IVIAWJ<2_D-x^> zPuDBNVe(KJJBU;3VNv<1hDp{)tG}o&bPgOLbqauU4v8RnXx4LagX=$H*F}MU{(FFF zVkgLs$+VWcYehw%^qxB!QTQ{gw5e?aBj(~hL-;ID8$tyyS#9zw3K@8)V;n z`ui7*%c6non{>%*ZGK=9M51?SUuA-KmDoNVC?{XekGhJ|5oVpS&#)9y^}*zE*+ZTi z*j)G@lE03~DT6OVJa@S%8aeC5ZNnA2aN4n*K=%O~>=w$rRY%7z?0~$Do%7FooY)V4 z55YLDhkTGc>-*c%uJYp6X&6B7-SMNicXE=%dWf?j%1c-qokj^7Y#Hj?*QFeA&+c|i z3zcJpi-uiapM`PUA3cOPDA{2Y)$cl4?}1)uiRaq%-$&>7(@UdKi|x&DK1RLD1j&}q zP}6Os?w}0}S7|;Y8_`d1YG#9Re6^AOF|%)p6XbI)Z;Qc;4}yzV^Y_ol17$iH-SD^+ z;)|BQn*c8Z+cziWC+isERVe05%vxUYi}A2{lT47R4kXWDjkl7X29Cih=(Ha{@Wlje zSK{sCtOQP>S^7KD1!}n9++cMuHwz<}^zwF{!53kbZ6zRsI!piCU%{LIzq7Q@ACc_= zUNiAra2}4K_Iwch#8fbZs`1$>FlW+?`Pwb^4j1y~P z3CR;(O3Mv+U1xbIsv}5EsHRKXI&%Y7 zKN2Ou;)61A>PWjXYCGBNU7!nDH}Gp&as@w0csLs1yj3r6O5JjRgBbJz)`A?}g^V7t zLyW~PPU=sR+eP`z691D&w#ab=lE>KbfchcFhygwD^K09LkqnWr2^~|W&-rFcKKfa@ zU<0CA@n~fuh&7gHX7{fDyb68(6Z;y}k^VpPqogR832_RxTgP1oKUS2Uf?m1DUakEv zhMfENn@SOu4_Pj}AApxE$XT?ato*n!R+Ra};<-wn@5w-%p%c1Z`ufn3 zVm4p_9Q&I5)RU7K=&@m-X1hnB;4x?o;>#1oULk9I+F`*#Wm__XD>vH&p|}Gv5wiYT zRM7%?{&Xy~i1kNUvxU2Y6Dz>b?O6DV#Nf>rmWdXn1fo_l4e%}?A~s3BuP}K^C4{VH z>hqFe^pYuzQ)7h8(<>kDum4T6LT&B}@|p@UU*dXa=N z1!bKtpHxh^w}Zt*2!X$s?~B-`tEu2aEEp&{8xH1Z4@uM$K=#gmo-80b%A)373if&XpH*QQN|+EqF>*#j+)8{ z#v#L;gE+^HwPU`4-Ib3#!OL{3RC9*EACjqiyeVKZVzJ^n;sJe8IbusFf*w$DNyv%b z|JCpzf(DxevJ3vnLx%Sg;&e;uKX!L3E*sAQm;V^wJP#`r&KkcUdlVBzT}xsDDnS?c(8p{3AB(H0#}0 zp6tu2z*`aIp>I4!U_Y>@)SM-|LQ~hLXbI=s8-_SBLSjW9>hmt91~|u~7UBfZ_ZI~F4GP_71K)kg zfq;xy14ZCSzJ5t(e%?lo6X^3QGIvw6Bgl%jtTC&d`>yb1(G(#4`QQB9zz~5r-haq= zI`FrLm@$AyZE{<4>t?#IocQ&*@_ILp=DQ?^;8qj5pLuCx*FydEtlUiF3HdkXu_zda z!e0^M@Zg}uJ+bg`)WHK8D5qZc@fuweQ7Jf_RDuIG+E^2qz-{#OuEh&AuSPqres#$y z?AGk5x7~0~ASJ}9d$|<47@~|trw8=aXSnUL&)9Gjm{~Q64F}}Yf8vva{LI!5;sjXE zpQ1?A4twlh>P)k|g7lw%`0+`8kS6X;x*Bpt zz5?se@T$K}w0pi*Yq2>i0Y7I*@-M47oU^kJ$uo=p(;%*irRD|5zzy*d@^5x`aHyK^ z$@N%PVh9;Z>;`cM*k;!Ot)~|QabR5KNm-a&?hmgXm{2}l|>PRrf z9n{@Xys1T+t&xVWM0%GVCJ(JDGX9QVuG>VaAbrAL0wN5wM622@w|UYeRV_+?xt?Y{ zPapv=bohKVRp+hE`k5DO-S|2U@AgkFNRRrre(3icA$d*{A0#Jh2pm7XL=>)|yg;L5 zDjP-_{lT7;qHei5VWSIXzsjlpE!Nz7wXIA_`O#~imS@)pU>t@#q~1bNIF|4TqqOl& z49HmQyj&OWQ%cv{!z!U*eV+ zWiW=V>6#DmQbmK4?>KaTE2qiOv+qfFyMrwKcrPz0&{xM8UOZ9r>4-)xTD$tpqV;2{ z7t){qaafj+dS=1Iy>W3dOJ*M>a07F{!gnoXlbJal&hVO7jZd-%+DzU}`CHY9jXtiS z&6bk$zB^CwdAhk^91ia=Xnu&XEb@qyDhxgSft~XDuN2Y7$)D}r5(EP#^@Wa52q%al z$fl!I*tlSN;dAmxKM;KSQI{LagZ(EDr!F!NwuSG7;%Ym3?+oDR8-Li7xN_!u!uwf^ zF00^9Mm@OXo@101mv$x5?MIDS4~g^9VRk4*)xkNJ7mz#;k6(r#jkFD4H~>9CC7$7{ z_7~!Yqdx+MvDn;VE58E~1v(5ZuEwqwYAD+=Xkr%aVP)|z7GWHjQ7(vsL%_zi67oHa zav0>vNZ(MM4a+)CjB?J-L_km$K>mYMJ;WIYj^w&${yWCiQz1ngcGU(`d! ztp-VJ5|v9)`cr|1@`RdORVKgTv?blrg8J%ADeq_oyknF#_-xjju`n^fI-FnRD+yk% za-`e;_wpAXw@Q5V zM>kqaurcvvCV#9mL3-VP=2@aIAGr=C%DVR5K8V!SBEU`6!rj{SMOW=ra*yX4>kJr=@HL@w^(eTk|K>jx`$?0ynm`W+jJ%fjwKiMP&3zr?S=J4Vz;pYM>K zfJ_!4&KeZu+kB?%0cu4b`zzc-IMRTBm4xek&BsCECe-KM5%y$ER}0o(l#>ovJ%3Kz>U$cf>sLO`dKtcc)oGy17T6KmBb5=RCuW3}=sAqZodfT{2@-Gu-;> z6&Pp9Ef?Z^XId7gULe?b9|k-$0a(G;HwWJ$tlWE2!$KeLgy9MTuh8B4Yq#$ce)+bS z|6Avr)QK@9FBisH4K0E=bng1$f{zT^qYXj*MPxOzvj^{-mY%Sj^>*;n&m7jF!2Wuw z;@EzAnkYm{$Zb99g+6o659#y&=6Sm$9^!2O$o!mHu=#54C&(bET{&lTO!~p+ZQ=Ol zEVgXQK4=l-rHEr?MMg`}AO6W~53rH;ZpPQR0ppyUAoIRxZ@gWzbG&i*vk1J<@k+FR z|96nZU6e3kCfAuRtjfOU8M}p`mTA_;kTfE# z@2vm3GWB~f&MFQ)#OaN4*D2VZMmGuu8s!+TEu#I1iaz>_nEB{!#-EzhK#TQWqp_7Z zpwdF=yDI7$bK1(d#_y^88rN?ip{}(obIp z+QV?Amd1OlR&KR0$Ra@^O z3Xd-RMx)4X?a+$_AG!@RD>`tmwSbrM(mp7s2Y%{kDB?n0mNy%coFrC-b4ngTob2Ib z&zl1qcOw-Ld8C8umVDQLtD#1BJd`LL=tc1zQ@#>WC;T%&b+QzKtiNc`W{7H$S<#J2z(!XfweU=G8U%QEkiz z^l~aH%3>CjOfZhm3wDSj#vQe+<+z(}1bW8bm+sV})z@k?M_{S3Fx#UjQp|(i&PFNO zDfXih$AfkG4{e28tkjPM?O~j_`!*2gE)Ly3aX{ zpGDz-YA&hIxa>d8xEKuw;`CBJF;9)n%fUD`w~^VSqO<`#q=eALiOEJuMVZ#LskfVII{6`5Q;P#)kqJF=>Nzs=Fa;GZ%v*ke>OU z?F3~A~<)&leMB6(hd4bB+;Z-%K4e&h>TF6 z6|93~GZ1a`$7xI8zaJ}5rN$A#O#tT8qv6W@Zms&>ta85bW{_0l#u!)}6>U#t{ z`r#iDn4iWrDbUAfrF+AQ^jQX_gMpSm=n!L2C#jDJOw_#dQQUXE+XDm6=}LgcWq{#H zt!yBAu|)(dB+M0jhN9!2RK&r?;R4UdYqQjpK$gI(gzCvLez|LrHCb;)ct(RGYz^U@ zZf%I8-5J($F<+L{0`%|}{$%>?7^$KQ^sFzxc{&(Sqo06%At!((z%t8r)@w5qFCd7) zM9_9i2hQm!fH=MMxasuhLCi_e`OFlUQnk0->1I8h{{Ueo3-46ClF!OkW%o5$~NbHlA=x5zhA zU_9sh8V#~_Z$9SQIn0-32yGTqzDxTsRCfZ(+xai&A{F9H2JN0`=^vBWiy{ht%>13{ z9X|O>rmmh`p%NY7L&(q#{5FquHX1dhHEr8)LcIBx5XpN5g?W$P&2nr9gA^p)Nxq#_FJi@1EG%l0)1^U0p*PkyhPCjUzc z=P)4kgk|OVd)gOw^b|%w{Is_Dh{y_ogFz}iI2=H))y3!mqO*o{!L&UB8e^Ub({l|h z51a5UBa7jj&SOZPWz6p0*%KekIgnYSHg;|9P)GOSb!I86E*aF6pb}f4M;WZtUO8rQ z8C7Ml@h6#A5?fV=O2Rmb{%A;!UyV~*Pi{~u$nYYPb?PJ?oM<-t`c*a9G|gH_?0y5# z!;@diiyCc778}m~sJb&`6q`Tk0^=wZ$3PsD;UGt{n39Z23=sJbW9*HrxsjhiqbBmq zO~u{+bj%5O-~3Y17UFYbg1!;sNvRi!N4P$K^q+s<{b9)j#Cad;_ndGA90=l^mRknuRw>`rga z*>YjaDnuUj@7za8V`H^um~nS9Y=_jpJkh7H;rlLh=I7Z(`Q}A#D985G`XM`@P!lyYUQX} z&sSN2ah~iW_1@oyTLfHBb@vOY!522~(yEL&-m1K0R@6-#mUXMtd=B)w8I~v^!}M>_ zR>b~19>!-(CV&6JI8jfL{-4Y!%D#+)@AQ2MAoIFPMGl|v`L1Ch%D1L=BktJQR^X)) zjylK4O}i}knmMvJqASSlj&=77jFVjL42_FNtjX8>631C!;Q9Mfz#kcxm@oXN+j2g)xy`FZavds4C?HI;+6lt*X9KB{yOhwS7st- z$|wda<@wFOSI zUu8!wtXMZ*e#rzc<&6|fp!M6d2OYDUx+vomOv%?D1OKyhZD!WfHlevWe3t!aY_()& zYe^OuXV;Gh8W&mXzGQzPuXP?D$UwQm(q=V47zB5&uv1G-WIcRd3i3ROWX9~QXUNgb zNR52(jO7bP=#ruM*S~QcI(&sVmP|~SgO~(oXT89KWkVTKF;sMtkz5$9XYClg-aPLL zb_-2S{D}otIg1%XR{pI$7z`N|#)C++J4O8C|{ss&Q2*Wspcair_1MjEn z8Jv^L32(ssNM66B4@sEo+4WDPP*C=wcJ>SdQE-*jXiCbrGq*oVKQ6^q-^?)J`T^q* zkt{&+tVPhz1i0QEy+{O}FdqK&mI#uY2$>%hhp!*}2|W6X06n_%zrH41sWMTiB5w?~ zy4S{_k^+0lOPoj?8L!--%a&yH9{KZp1!S_^$#0og#mv7)Q#AD3etVx!;BP-TwTrD6 z5${OceZEML8VqUI1U@v>hsz^R0?FgUv-hJ(MuF_+N26!e3EP>TxhpDi!=}zj`$0I*;$;(5NUr=Ue1cFca=zTf%WseRoDH8F*==I zb$INXz|#D1VW)Jk4m;?4v_GsSx9s~nnS2wfaxwR~2A8L37m{bNXK;uvfnsKc3cMLe zx#6L!83ovrn0n1^o(-fqpnkd$p(Ekj2P6gL!5-m$7k|hz{thboAUAvsiwXcKIqF z_t$<}eOH3%KjOrxNPoDlBmcecSl-(ai(sXUv$GDlRFOYIn{j zXzpM&_>gy;HxSKCxUu~133ojSi7F$8bC%JeaXs<65ns5U#hwa0j=z)Q*zkT}1VAz?<2D^=%B!DhH>o0th$Kj!MQ zPxPOS9tdW*)mbPdebVvx1*&n3x#IOaf9x;loW&%6SMatwGKcAz;-m-{NS?OP(dnLz z+qWzq1JCXWCe6~sFWb;&Z0yF`d0$H95TGCW-w5F(erNc0jya?9B4u|l5#xm~Ode9I z1Bess$%3$|klgoXf-gM zoos;e)&H#@QbwfxrBU^(+OsP-Qy6&kXVwC;-t#Hc=_WJ=5bSJEpSojw0N#@@tS+Bc zYct~)%jv=kBlc^rd0_UkIH@C2k81Q>$82v3WupTbXLWkZ0!Pm|dCpI)${k`V=Yhd$?1>CaLG#q*3%7tW7S08X*`11zn{G5i#LuP}_Z#iW6gTowt z>v1#4%-T#14K%`g-ZQ=N1lw7r5C8q{171+oY@Wu;MacIy>*FIUj%9Znp3kgMy~DqG zCUaDW#?_%y8uSjOU(6U-ev+u9yNCd#io6ykvwG6-_P|(YuGMZKPT zln3GvXH)FbDHwT2F#A-TtQEO_(k*X0Fp24Hs0jm)?15MB+oIw*iX-s>a(D3ykHf40 zMBxXvLNSx6?FKZ%N90yKRm{_;2OHsJxQH76%zfp=Of`Maz|Tb-1Kx7hq3j6*>n z0daICnUC0hJpY&uI)6yWUdTQ%4~`laA0)Pki~XYS`GpGVdUL~dGp?0OvEtTA#OBSa zJ<{$%I7eX&;!t@6%5tr?%?1F^L3_xj-42hl34Z5!$c zYziqUP0}*IxDLe&{;eNM`dNrWx2LukUTyQl>kl{&wK_HMXQlss7d;bSq<@++IaWdp z^j^~r-@5k5%2C&QF<3Z__=w-RJcTTH)u{IIDv;x<-ln4Jy{FwGm)*& zC3JZbUK*foD^-x5Ab*4z^OcdchV$EOY;I47eV9B{+emwPH+cD0oa?7j4sgyh6|7#q z6EV_Q{47VuKO7yD*|F{f>f@+JtRGIP6)Kq9Y(_25xrasSLixu3#zifLJP(DtC%oUp zUBhE8K;(<1Cv07gReRaoR&B2vWD0tKpw0sQ$2NtcJZUQV(W8IP|I}P?>of_fgmcu9 z_TU&w&H!ixzCCV=DBKoAWYb#|eq^S57|r8Vz_ZD}+I=ixhs!KwegbI@>zNi(61thW~GEriwm2<<%D_ z3d=56&Cj|vp*phvj>{hbac~y2>WU{~1?cR+Jl{nCw?nU1LE8rmLR9K^-1rQ0RBVTRau^g z?0(n%Oy!&r#kL;>R6t%O)va|;3fTb7Ey?#ub(LZlm-tdJ{aKu54tX!9cBXk*q%j-& zf=t6!)k0NnHv5uig0v@((wJ|RWI2JCXJs!$KEBnk{WxiVpw|uKL>;8ReLH8MKUfuVLj!k@ zUJu5(-BApUE2*u8pmgG$lZzk72XL0$ek@=Ah*ExjEr^=>_cVL*1<=D?Y9^KbN{yaL)Wx8PF4}7@D!})m7m9{##P{b4Bb)9)Z>TDz9)*M-GQc@*Pa#g)bEZ8^88=Ny;191>Rs8kPQg`;4nMdI1 z(|(sz{f4`s%L7*!;dk~%i^prMSRqakvom;)Y~Y+aQiv0WYOUX#U=nl%G;T2_eXeN6 z<$!gWToNVXSDqCrC+!2p2EStDc~+ZR@R>?1^l%1xm!)qu?lYv z$#ot^nBMpyl$rZ~I7t5n&gxxOA}hMNAyA=}ZAn(^f4$=Gg(%u(z{EsM%TX%u-qx6Q zYTXN+yw`IWPs1v^Hld}5jDP);hl7zBlILEQn89SM&SwvPpw}s#9V}{J3*q&Ry1t$N zqniyg!5?VV5#RcRWG4Ou$cCbN4Jy6eX?gz}CJ%=@(mz&)u{pJ*svaF;30|xY##GC2 zA9kWTdCe3ankb!%EepDUy{E_({OhxypOK_V5;C}{VDbCzDvZOGi;Q=>8h~MHHmT9Tc7DV2DYFkafPdnL1>KYvTJbNr6*m~y$6@R3Y zER1s>O9|qbay{nmDfna{QVL$E-#nf_%9yzm%{;i=dJ*cesL=*q3cmG=9$m*j@@SPl zh5j1%hzd~(FI?}vpNF)&F)(tEGSVI$8iRT(S$^l>yZ1fGQHxdbGKl8#2{D?tfS)8d zfC-(sr08c^?UMuJ>*T@AU#=11$w};x+R@O9f-E zg8aP%M_|9(#Pc<9WGl%OeqI)3?f1Yq!rsXEX=lekx@&BzZjUth z?m;u+qaK$L$wot!FNMp-Bd@!bf@s!!bbqpIUO?l;9^%*f?Y7C=UnpQ4*#}6!amNtp z$6TB741C~8MK5LEJsCRgRyq z7O`eHeyT&rH8dDUj#32TjNp^!vYraW_Rb;-dk^fa@>B8^{uJkqcQ^W>;IeyF04eeP z&d(E36KIY?Nrh(v=K}*g_+cFRw8s#K8`J7+#c;jR3dF5q*Vi>xzCSlpiNd^{o|ATN z#nhn*)-&BrOLc}KY+kQdN9wjw%*NQ2BQTET|L+%PZSCr}5T@(9o&oyFj48LoY{her ze;|9B!htW#Q%+G2qSxNSYxnwEE6z2X9V0$SBnb(pLiL0H=Eu@j2$BacL)rQfzT=Kp z2k?BKNOj!)T6A;5;{jhd1!}BFwe(lug`qI&Sx^gAA^AZi2YNnAH!+*N8Vnpjk9vuIM9d6W4EwKyNPd$hV%49jb!q`AP;VT zJ<;ETr{`8tmwf8VI?Z}-T$3OW6gHhW;dD;{1? zEXgf6%zh$4g(aJ^{ZZAB1jZ?-L*{w*OuTIvSHa8MB}5dCXUQjL-*tN2J9%wKx(1!l zgVihz=<_;WgjGIMVtZ2W_eiJlN<2Al;KMkDOh|jj)Ndq$%O~l89auI;MK8j)OSl>p z?#})-c(zXJJ4^_?+e?PWbT|X{RAPd*6!8Osehq|bTrf^M5mFy}7LcBK@ZgFS^ChUv z%VjXb)=sUaa~XYj%#p_?eGkf4ulp9n@#W3#xSNn2c2bZdeQ}$d7K}62i1b5hn2b9! zq6uHsfzDn;kKQoeQjR~0DXUoAM9@^DRhWV3NZ?zE-p0*T8JRzuk%JQzXbCLig8$=4 z2=u5x^Sn(k&|86V`~EdhH{nMw)tZ{l*>&OejNcNcyTJ9m$ZHU-!E~=lLGih^s%(EcQn?C`{j^vts^k=>fdbwXfLU z&Jzyh_HtB;j$Jd`^9tpE0Oy?Dg5;UnBJGQzS`8JR0vd_~iAfLP)pqxJ_D$T;nkRAo z_VvIE>=c(4UGST&fkK2cxJUms86h3a|12S-gp3bnIz%g9C($j?1m}i};v{FP(uJmg3BpOZcJF}e*om|ZC$jMfK@OZe_r zbJ7%nOv@n94@6*mY{@UYyobD+XN{eznb$ju1)R@MCkTnV9PKeK5w^Z~_5;3Up|E(0 zgfRF2x4Ua%^XmNCgy_UUe=t02cU>H2G zURgtWfbkhNE>W^bNS+4rr^^L}G=U%ww(yu>fJz~kDD^<5fcp(Ge`R-UQbgh6d|jPzOp~A@ z?i($|in11ir-om_x!RUCuvcMVBmb^7DAMHB*S|qiu=_$n@^ldz*Bxxf@#*a1mKV8T z<$CCaJ;+`~+#|`7jAK>`XQatp0RDNSp7Qx(IYBRRxspask-?cYE_s+dTGB{;wG^8} zuv^(BKP3a)Fevd1@3B+pL&;*_gQu#o*5rplwt>%G4CUPJZ24D(YlbAE4hP=vx#8w?)Zd9=mlpm90v5Vc1#`@CpD1${V4IE)!pOZRLrvPbC|2!hC%=s`AWL8HFX z;*W?TP2z(z#Bokh+~GWwU-zH;Lc&%-0XaW~n)rDBdO#Gz5!_!OYeQv5RI zuX(z9tdtk^>Cf*~V6UTG165CN5-LADTIYZ5Y!&M=_eh_upl}!_k53N~#2H)p@*Erc z9SarcEXY4~Lv`9`vq7-&C8}o9o0~*o3@6~0ol;WjcVk5#^45K5mG=AYgfyEijFVA< z^tYgPO0`I@8`0b|1S>9c;$yQkR<_EopEOJx>P9=ug&g!v z3FSl`#;FiN>Mb9m!Vp_Gl@q0xfk!P-5>>K1#O{m2M(Tu(WRC(~&JWQ4&~x&8pAU6E zMh8p(-LAkKzCH(680Xb%254N$4J9SIlvIxQK>ac^>&UGx&C=20@}ed=eO6VqKh2GFMgt>xIH0RnWt@fP&j1st&usvFCR_4UE$gi}WAL4mbBxTee~1C?E=xN^+CP zbI%FBF%dU(y;_m2+QxGC5!Nm|uxl<0)&|`fyG>J|s_(1#XhZYK!&E zM-Z2x@Fj58(e+?M{o(qp=m+gV+lDsaJbdkLq>oLP9o0B$e1~u4Lga5FjMHIW331|+ zd4rNLf{7P&LFaN2gzqPWMW)C5$r8=(U&LQl_Q5@vE|O&8b!Kw>fbd$c^~GoR@8}hK zaE|{b#EDI|@udi66+r|0!pN4pfbHB7je*6S@80i;8U0naUtqsSR^#Vxm0sx7wVAq$ zag_QUBVh3+iH;Ox{tvysOS4Worjo-i5NW4d9TRykqMEoQM@)^8uEM-6(g3tHjRfz0 zZ^~Nctkx$&XEsk4jSVs3@?^Y#HX##$_%yxa|fb9MRDtLhSErQ zGdlW1vA4b%sDGERBH*-Z?LXBiTx>4-wrJZIa`y?0(-xnojaHTmdkQ$KB=L^klh`!CIljm|hpDgoRXwDl z?3A8BQ(o^0A=k>lloI9d)?Iu??fZ8E#JfuwJKkxOr;d2l9!J(a5jZnf;Mjt3dc*EQ z^8Di{gGvI!o!8g%zHx~vdC-zZH~adk-mEVJ)h|Se321+~HxiQGCn_XRcQs9W!t_Il zzKl_bgVN~EyE>Jhy#*pCX^+nK8&Z!BKTfpmOc5?{&ThQ~er)&D0b#`g*U7L_%eLwL zD+P`d1kA54(J%55;{14{{N=GUnhmNe(0?o>8w6(@V-1JoVm%7!`rJ*cK|iAV<+c@e z3at_aw6=>&>f3KJyQ>oC{exOoFSLP zdk1~o#7+m~l=ZT=>&5<}-s`@Ii+9o6ZQxh}so3A16>&-%q~$+87}{7*Whi@!l2X3G z`K5~eg45H7aYqC>jdfB8+6U<~Jb7XxrMBb(IoS_1d6lvUu|ai2(v)=81nM=%{;0B} z!!hJD`_XUWheCbs1ur-a>P1muv^Fvf_#l57=A2y`4SntjL7PUC!XV_n?k@%Cd;#3I zXg}8?@{fB}!2y~=H;oSMGH>|wO~3XdN`g=7)0TR!jIjs#mBvsQGuOota`wNX9G%u{ zF*;H~r$BY2>{Jm9edgg$>>&wdW5Spu3*Y3eg!;SmUijc73(`ARQzT@`f)u5^=OE4d zd2|*=@KdaUn`7Bw2T)e5e}mMh3}t-1tew}wbxPQ06u;(8{8?zAsP_fOG56U3|K<j^b|t!qsW9XV4^-S%i4a_cU(Sxu`TV3YCP@>vxI6eP*uITq85$yRbB}lWhz@{OL^*e z+?#lv&`{#97o4gKb9iL0Xkb1_AC`^fSGt}DiPKGnA0s$<$ z6{{5-y>CUlR?0nlswBjKv{pKTr(KvnhKn$vI}gar02k6N`G8_tMx@!$BlLVqorU-(1~udYmX z6v`ul{1iud=TS|&;jMhpRC;5MKTTCgo2Q_e2=~ zZMN|@u9USK)8_66f+Lpbf5UmTvr?WK&IO_lI3g&L%Ktf#cf#MrM}3MHhs~Wg{8RYz z8OXojY;t6QqM$xmHw6UIY%bIE4`OpQfR z5%t4)P2$KLQ2HRhpl)s?a}%S#P5^aRFYx*gKW_A!{Dm+XsMZLC6Z~t=ZQa zvO$loUyMYBbGGBGe)mTDLp~FOR@-ovnh*8y0Xm2^-df|rXdP?<>~HEWMBcGxzTouF zHPI_LN?qK-wb>Y1SZ^mNV9wZY$*%LjuOo0S`Jtc3Z^ zekwwS{PP6|oWdbkjtqU8ZU+<(ch(0-`TM?Y3W}I@trLT3rI8;NkV!y*&(csX_d|XF z$H1K@!=HKiZT?Gy4E1$CwG}+`4C5H^F$4ASFvD71=9rrnD%G8uTpww;NMT6^g2sJh zOm4Hzc)iMRu0kI(GDTv?=8gX@LPmc1!iRyd6iC=^8k_cVQ^5xFD9Zc<83hB=e0Rrp zLg-ZOF3`Tbl-Xu*h?;xv)+M>!#}-yB>@)8=C_pfBLbJJ1t|k>nfylRwsSyue4- z@a4Qron||QIJ~8Y+|{ ziT7%7q>wQR_O5`ORqTgH91i=5z0`|S*01S;>AZ~|Hg3d*zgEm^5bPKfTEl;-{1dEO4UAf!LAf^>Y;A-Kz~y|FCunc{({3G zDR@oj9L#o22a1TK(J=$<0#o-xpw`PSkXbJg&)h-&GHtB{PuF71>PW=BU~fzxtLOBa zyt#<1G{XxHhpfRTjLj1HsCz)pSbLYy-k9g@d%}cc^ZIHi6xKk{xqyne$_&pw7i(4N za`zu1ZHhmUKV6omC9Ay93JZu!j5i(*&!%RLW zsM7`pY*2;*miQvWv6=Vny+TMe)f8w}0S%L!oSoIDFKR5CTcn(u;GjanKECq7h6Lj$ zJQRY2hlT@(0LKIe1IGdbf?@l=5ZsodX{1}V1=e4H4v2ggO$ca5A@k=Kfz+9&V4JID zwE?w1(p=xyr@4ptC=RwFV-}V^DOJ=RrvEL1OB;UJmbIJ zvFBvyV!>eVWX@>rVE)hjdJGmWwy#;sl8T0#N_i2Tf=bXjdi^0mfCqx@eWNzAVsD8; z?(D-k=oPE)@&DF1($G*q$RWW!EazV@j)q0QKI@;mxEuZ#@8bUEIntw5YhVT64QgV? z_T_#Ik49$|P@A!qa>b%i;DvfBcr>!JA*A~BuqiSEUg(_?JVCLS(@6Inwi>|FqoJ!ezLW7 zb@5_!wlueU|IaABXJKMueb2=CU!(OWB>SzrsDDZTsa5c#a9Z~0 zgaFDJ{4lR=HDkQ2>P}-&?X3=~kMW`M4+kWJL81ss20i_v#@mE2+1>=rEp+f_ahuS- z)=*q9*!=VuR_e5zsZA_P3W5!oC0&^5;T%C-7cyi5!t=g_DBrtJ+jOH8iAj6Z9WBK; zdA?u>J(G$@xvI4#jJf?Ib;zr*_RY@82(k)xqQ3T?O&wO36l-7Y_m_T5)I0PWYd#JFK)!zQA z@HO5D0;7ThnBq>shnAXIZPqe^S_vaRzbUVPQ%arkZPRh*X1?g}aAy}2QY17kkuXw> zPEK9-n{1pK^Vsaw0iHnw97lT{9Nq)x#kR_7skQU0%*X3SRTH&qR;SL!-AdIut&j}E zx8n^31gF$|V`jAr$S|<~;ZrT@gpx7D*(!(qpE{Ze9(m=cUThKP!q$rHv^t+AiQ%2-50)t#=G$ zsextM$lXvBZu9%B5T!LD#}JU3ta93iqK&4<9V|adhCj<1-)}4fY~5qyk_f~sQmX!q zJ(YDelhCCgJwf1zzbUvMwa)2aH*lM^&Rv!_jIKzqK!>kZ= zg%jN%$KiV2t)(^EJd-Y5&oWDUf@cjmVGvQfM2J>SkU7VQ0VDHx*e}xg(bE_X31y+h{8TnUJ$4q49nLsq@6V}M>K;B*~6P)*uFo6<~{p|d1v#;#_ z8Ci4|^cQxu)(O0}5p9lHGZ29A0xyF1#rUFErJQ0IUMb;&lmtaPRf=Za`i7d=3GL6l zN&ASVKJe&&ec1FTb&77WhNDCjk( zt=cFZyK!;|()Sh_bUWUF^wc;nVk2UH-G?{qY>eK$u*0v8Y^P0Np@8s#03==0crt=X zR({T!PiNbkj_(ikDlJ5b|TT5HX%L1vzz~!p7F4gA)dyH5|ZWbD_Ab0>kW;ta^+7 z^MjuSOTD3Y_&9!LOb|UG@pS&1osdTl)(g9`XXsjqbJF*bQs9qRbm*?ba-`aM0kTb$ z0r#UC5&`e#{!%7nrTmYDRT}xg%j!0qHr8DzqY@RY(XfmUc^BgQg9=H&9yW%CuT7_U7>N|D{>PZxFR)9 zfTG&Zvg2Y#;OcFA!>(JP>4jZWNa{Pep6$nJ(7gK`s&#?=o*e;K*pBego!RUsh7FUl zjQTUjrYBGFY;KXF`9cGT8yaN-rZx7(AEYxH|30)HcO_WOe1_q(S}wk{_yESa(q zh)FRkpNWDdW zI-s}zyS`mo!p6Ei=Wws#QirdTEb>-_ylk=d{P+vkm+tMf3d72R8cshS8aojdM zPDGuG@$S63OGDdIq+U9Wu>8TrMnzPgJMUo!WkDwKxd&Tqflb`#K8gY#rWu_1k1Yik zRj|5Yvqi1gt%kga1p?xJ3@^ypxUZ*x<}ly0(S}N<6!};x|M1U!FlI6hj zTd)xga{un0s+z#T5$jHkM({jOR4iMUbPU3c+xh)NT`&=U)t#g*DYv~SZKTAF*_Y3~ zM9*5)(6X=>yxI8Me;PZN57goezJ~*WuOg@uB!aMlgFj>V13*7`0OJ>VW9Z`QWcuFD z-o?~e$idXk+||+!B!J$%(MkXQE8{04BSvF;I~PM^7eHNEU%y!*83PGdYof?0&?ze6nhU?QXsrIOZt;rW?TALnV4zOPg7_cvCBG><$Iaj1 z{>@q=;TzA&2nS-m=$o&qi0X*!EMo@hKp?O-7y8-4ToSH;&-GT8F*~dTJJ!m}PiwP8 zd92Q$Qb;FVeJwA5PO_Wm_jtjdjN`!0g)J6J9|%diIB0Q-PI2qITjoY;y&}1*yJ`sE zo;KJidOHn9ol2DY`#_|lFsD>Se6xs0QiksNt&9v;(_Wc&?myrjM=moctldKlGPGbj ziBNu_X9zZMaW&-vJf$NAV*InotFbC)QWQk^ek6azDp>QQ3H!v48xCEM^j1~~U}(AG z)Y)A`iDCkwKbRw2@{fgt(mhxCB#~t80z<4-bP$8Ok#N&R2k=?Xs)||BbhRb*Z=gH- zbn*k+A?=?|f!b(wvRD!1(!ygl5a3SEmRaoKK!X4Lumw@2iCzp0yL$^4;Uq7fY7YG* zIMWEODms2JhmBGbTC-rw7w$h^wuG0$+5cH6+D`17+5s6usNQrQ#B|VOeJ)fIcnQJ+ z>x!_GnK8E?s|tai7Ys29AOROfC8(ooCt*I_GU3s*F^@YNf0_-3C{Wex0GHoWgEvXP z&Hm7TN50+*-aqj#&lmM4(VCGMO$$CTVm>SclE1i1WtjnnFm+u|lr^x6PDpuWt{z`h zY!ZmR5z(Zsi{=VN4I`@c@1vq{2~!Y1QwR%|(*x3!*ZHeO!t7v1w|BUPTu{E&4;Cv6 zLrL{bd=3=n`k6v(8qZ_`x&Zk>2)TX(isl3+fjJd>nzN6;*RtOZZ>Wz6s z$opnq%+u*FnS%iUbGu}L0fd3qlllX!hfPz-Srq!_qQva?Tg^HUCz3c*;FxdMN`jT7 z@^pJ{oc|oO%0>`u#1J89K;zGb*s~K0j&)99pRQ`*9-RtmMXj#DwBw6K8g8;GaRg$3}!oqn+y#d`9^_k zC7lZ6KJ{}}7SvWb{(t~Xqmy-xoxaV2i5B=LezGS_nXLF3r)Q^Bs#bsF$x+ekG8`(X zbV_!*+4(uLzbbJ3!>2FiLHkDr3+?3RznCX`^^T`B^K77F82X820P21sPjw=iUHD_z z;1v|uPhJ%S-U0F^zF$#gB0m6DI5}3hK2V%Xhl-+bmHGAB;BunGMYPtQoK8UwMA5g5 z&hgk>pCZQ_Bac;?!>^!lQl&8T!=k9*a+5w{>*aGH;gv=2(%$4uI`goti&Hr1+glC! z^z_J6R;tl|K-o~CqL$IRD!oc4=+rqVJe_j0Eq%t(*3cKqd>MH#lii+TQ~bOli%Ups#aL17{Z z!R{TBxk5jS0a)C3cxFnHZ&|*vIb5KPFWO#zdLVIK-ZG^1o_eISwyc}l)kbksH8u2U zm>yzuKe7hLl`7zH zS-GFaCGsL;7r4NZp@BnQ!1q&>b@Wr~nJ)1b{_FNR-x+qk!xXEpmN&&uA;ROeU&jfj z5lKq<0Z!26bGpffI_zHiHprz3X3p@6DaF1gAq427L@c7wqVUoZgo%r&2IZ|1WY)FO zSSn_glbhwV;MJ=alD{o2LA@EpPq z$62N+SxP zWZp4J#PL-#CycF9a#{vE^?gk|%BWJ)U%_AzU*}%k-h3gFZuq6W{letp za_+VTL7{YI;d%3pJZIkuY!XPz{D#o_Y&kSM$qUv3s}W-vB@_=%v;RB>f(^?pU9!y5 zpQo%J<5Vb|7sl6Pv9aMM`vHlc~Y24 z8CyJE$e;Y-rU#g}b!BcKBl7PMi zR(Ym$AVsd&JLCI(ak|N6l8}cE%~6yffvUJ z-gLuRa*^nuC~!|E?9&p?dcYP6fxlqoLyO zb<>KTWYDtD@A3#A7ZuA*XNz)YsD2MAS3EdQn-Eu`_5nsNCXK{=${rk}6?IZC-KRFV z<1aRrvS?RtHG~fk$fT&yJvWk{l+jkPW<2*Fa|8ZLmR}?j9@E#0c*ybM4)1VkWIj|7 znCwu%TYK*cJ#c#QAhhvNrDhTioPD+OKl;-3|8sqbn`Z$V#`TzV;0FDOmmhsH!hKT= zWg$S$RqIDATPXV5&?+sA9UAV6cP;d>l8|PQn$$#0_-jW+QUp{LQ+&CXuo^OEMMl$d^1}*n&1Q`)c2uwYk_6hTS&(HqaF+AFsI6&65m)o~M%Snx z24o0R5K_i+D`(0AZDxF3@UG2}&bzMN!?4`+Sud`#We)J-x#V{;ksW|puF|Qxa3R_|pe<((%!45(xpDG!p~yU#!J+&-W|U9{%J)H0Bqb zzik{78OLeUgWi)(4Ed?JCXDPbW&}327%gue8({rI+F(*hS*8c?kl2w!sDBh%XQopL z^~J8YIrmNI#CZI{rW^<#GaF^^G^7l}`DdHeU zoFuRCQ!j5qHy&l8Q#@YE`(SU2FpGfYMF>-E15|q2+U~{h<3><-cE)Q?Q2=|ko1Yzq z6G`iWL`H(ls~JV%8o^_`^fXa9&srhC%=n&#d@30dkPQ7r5Sq{j(mKz13C|_EK8GGZ z$&tzvmvRvO1Yz9=vf#hbn_hUw0Q^~%^lhUVhO9oGPR&mZO=Fn1bR=`o8(Yc!jMpro zpI6^0v+PKHd_M{P+cux~gC&Kceq9%#tb-`VM4M|1*wxYB&+Z@4$Q=x(WYT!T?&bRC zb<5i@s0q06#ZPA{MESH3yQC3&?gfA-VH_oJ`)I$wukAVH25#Kg(1dAX)GeCxRgM;> z0dZj|H+wt*{v0!d(E9Tswb^|TzE7EZdmet=c>T~Jq&a+-NZQ2%aGYK`GnN&xf{7dh z*<>my4Y(#e1&jF7_Q;!NGU%(>X`Xil;)+P%1iGy1{TU_zxA%((x zRM(B+`CRM-Pk|=WJklS*syoTB4_{49E!20l?e}zrn3hAnkchRWOH{FZ{8Y?g(&QX~ z4^LeslZQ`ZP1P&WFUoNp_A7Xac()TpiHfWcROO|?1bIr7L~;)=!}7-Am;?Fuoc>AP zZ_8v?v)P@g`C*NSzq(hOW56m<;e0d-6|r1tQ@q4#`}(M+b9z)oYUTOG!l}2l z;YO0)9h~?n7`oTH?qjVo=(NR{~a$Rs!CmidYMQGgoNi$Pe=>PfT!{- z5v%JzgNYw{VOrzm%K;uKomu&HH(vx^`kTjG2uQgunhY`gM*7-v;DiH2wu(w!T8~Ab#yEhed|C1FLFPDIuuP!X9zS)VM=!oJZq&6Y z(W1I}H<1#J{PeKHq0aN$>v=T50mI2KOr(QTNxefjD1X|4@SLjH6SKt<-EfKT8 z!J*C12+21(2H?9=Ut)pZQAdRI+exs45K_ue=yqEihM2 zF(m9@41AR%+bD`QXUB%;p$qhE5InjH*ti)e68&8@$3x6Z9Ne^x7qDXQ@;*F`ay5cs zg@gT<`y)cuy8qwYA5$9(dj>mG7e-?zPX`x!#(%{KUsjl8PvzM$HegAy910-G)J)8X zZFXCc1y&P5=^!{*V!V;Z?{UZrl`MzleEm3|afA4q*pRSw*974LG(XchmCD+A0ZhB6 zm&!>{dwdF0|EScA8PkJV6B&6nm%=n!mwnqwmwj5iZe)9QT!UqUMi0+ft3#b_!+jQ! zu7Ii0R5ERSzf#zOxKo|+294W>p*O?)}LiEtf7Re>fQ0F ztTpoyEpI`e)2=DsR=&a?0W#tH!rc+qWIRduD2d`MGp2oAG@te}&Mn&qqdte9^y_Oo zOIIeS10`YO0`8vN4-PNfNYW-y|!UwhK=00!dBx1X8aN z+FTq3IbU5XWp9|T;SjK1flfa?)G26e5V6<&gSHQr}(7J zq|hLeYAC{I3mf%%@7VKMsGvVnmWP*U9;v&N)TU>;6b8(7$EjS!H31PJ_)=0mQ6K>A z+8wPDK_`-`rFw=tDDs8a$fYrx(IKpu)WHKn_n?bYHJdoL2>3fkNdKgkd|*@Fa6GT7 zBqR9IO{^_IpZX`TT7&KRh=So)*Jrq)8X#L%g-|eK$p`ukTf~|~Zoj-(f^XTA@Hwd^ zI1-RDW|peQAc;AbEk8K$jHkJ{Ccm}T>lkP*zQO&z zvD`ue{NRpPjH2pkkVq#}<#*vjF`wegFoMdsOQ{>cRViNc^Bo_B)t(zF#l>QOb9DRP zA@?wO2%LW|rg*Um;QvtOa+3pU^#JXafzaAvzq`en|DHHnSbPu$)b`06gLO7t#5Y{f(cm73zrTEUWUu@xR$Mzwv~9!&_?O<1|H`b z06JY!`C#^%$jqps?{>>muHwd)J`R49OMxh%GheQaCg>@a#VaOKc6>Cerb%wP|O5UJ~N3?FL`tt8#&<-b9Nnu zQ1c?Rh3Fn3^gNI_a5H4aYLJugHVpdUK(a9qQhasES@V%b-3VmCKQ7TJH!n?h^fJou zV#WW)_a5o`^L)%Ni?b0pc;!9S_MF=k=DVz*2X7|SR9^PfUdK+PU!1{Vi-1C@mlD+FrF)e4J zlr;)7lT=U4xF0*8I|(omTgqkYv2Nhptrm~2Q~_gO^F|9Vtlxb-ly!#HydDy zE;~dF_=g7SaO<45p3_HGr>FrDp53lejhn{))a~z?Me++0xGAcqKeA}0N?tJh(Gt5! zm>ZtdU4+BfQbz}~baSUxvh<;5($JJ(rWSU8ytlLT5x4X zOb~?MXha|bK~S)FM*|SiP>_*82#5s82q>s%U_t~C5P=eiKokH#MZun&Qq6G+1!E?O zfENYMFe;V|m)LewuLUb9_<=GO!R4hwwQpwODYoag4fLjhImSB=VP>eer>WtTDwKX% z896cUv=F$Ro3eMmReRVRdapEm`ff0dr4v>e5ouSy7SgY2bt*Z{TrR~;zJNx4NS|7S zEQM}l!-{p7h4bKj!j@?D<>M80hXSg)QBuRlG&Vx}mmX3-%!=qt9fs_A`z)WfjT8{& zd^&QhMgRaZ5KRB(SxaWB6K&!qb!zEb6vJcP8yd6@`v&0tp&(L5qUzqs@QtVGruU(d zbCBe@#98njN~_J6hq_mqjk+@iZbuW06&nPa<|$wp+NMH&2{lyI z>x?@OwN6b&zqt3c*rVC%pSwkL&Q@a0-id17`1&s_)03#0BYV>eI(*G*BsWHWuq~1ZNZMNc|Ua+Uj;7I5buQ@=e;RSti{WadsxI#e( z2yNo|Az!U)I>DP&>Z4RaW`lRn%f;u6$drXAhIyvGLF9$D{PPi7WNJn%AbFG()I8!1#EOf9=^Q ze1NKV*-s=lEHXzk@kzr9bzOb?IG@AqomZ7(TM+dCKWb=yHD#Zc{XP!}=YnJ@X_Pg` zw&W^P`KKo{p7bU`PfW4TZQ^N>4T61b0goO*SQnW1kwRF1QwaSp3jLEQg2>Aim*w@!*+PJA|(qp>dtx0=F) z(&xysBxQTOzkgdjH5_Bz*3_#^3%xRiKP;Qzmln*sAldV}=#&lLT5<@Np=AfuaoRDv zEv?`ybLaBp4z-*)Ou%J)BIu4Y1A9uo$+m;k4?wHP)&K} z^|#@}JXpwmfcyTw#u(yYb=C&^4ARhkz;xe-L|Fu=IqKfP1kYlmZSG#WP@~3AYQW^y zcSKYkf|e`c#cHQl$-d0X>U@SxJ)IhbrMO&EK2+N3LR$~ zv{5@?1c|#x6ZHxfMyLV}N0uUV&{99o@K~_S8lrrpRa)`K4gd zprUXe!o8}v{e|-Jgp>=}R_r_W-5lj0dJm3jZ2vyN}@&pH9|AXw@15T9Lu(0aclW)|`IY{Q#5LRmy*0#fd@jB;OCozhp)y&vr z(+#Sqpv-|ZA z1lPC6kl8_KmOm2OJwF+)30c$}&p=XeQ+3<<0kwilwGnQF7L$&YDQZENLdiOb+0L|j z?D3{%r0W&shlZ5B21~6t=U3`|(?$;w(cEbo{IwEyxW+miH%Y9;?Jg0L%_lN%2kG@2+qs3`;Ei4(nb~+iX6Cq>?_QAGtS_x`Z4>K6FXdqs1*is2_dH#a zM^Ed?9Y&yQ>LD`O_rb|p$W+)iBB8anPMc<1tQdB+Pb{}rz=;T1m*IP>tTyotgaIGr zNG$|QyTP5aVf2VRW$1(sH7P&*jW@jm&eLf@Q?PtQ8WPtMyu zbUV|1Ari3>2w+Fk@KkWz-8I{Enq<8|V|Ohq=+;*3*eY@V$bI)f^L{Ra6mzGGTX z>Ny#?x5zna<_*nI3c<}cy@6+ z(Oi0$Cym4tw{XzZ|ec zOjWw%o0`6|X#QDMS3}+!&l104nG=!1i#c2^n;XoPIWsHYUqb4@P_(-k#u=-kmdV_6yg;11-iU7dd&1!=08TLUtAwcSL%_o zMj=kWaNBoF%x`Jl`Y9OwR${wbjdvG~#MDSq-R!ja*E^rulrQ#h!A(VU*HC0Mcm6ZC z1*Lqm6NeNf%&w9Y40h@jj9bgqW@-6)bZM9FbRi^3k;BQKuOLTA(%7|I-@cKq&p>v` z?0gJ>q4nAK7G7@&@(9tU=?@H|*)C zn%?;8#Wk87@nZKK0utc&o^G5)Kr6vzKF=@=1O%d+r@5Pb5J~0CVs644ZxBlnbT0YQ zrjb3V7F?q7{tFN=oPR}SfV-<~R6ASCT6N>={9@>$r;2Ua^a&F2jq;v@hw zlB)fOz(+*>Ol~nRRUjbF7AX;%#Z`$uojBH?{$P>1olv4_1F>=sx2Jv1&!hb>Kh^k0 zC9qM%ld1R-?Qu@c&@rjB%*4X(%}!16t9$yDaM!bIGYigKUiYLQi_3GpX5@Owd3rI5 zfkgsGm44E8Cc@XhL}n8qU}uz|8ny>=(2F)_D%^91H?<6FjFLBuP=5`TvS;^Wix385a40=ke;NH`jG##;4 zFUh4C-4;ZG&CctIRWV=jw$-I~4YyZfRAY^Mm9>fqUp(jdC>?Nwr5+TRgXelq%;&v$ z9o!YFZZV(8trRy>3Wq$4Kuish7iAhANLK$|Z}t6l*X`ua>R!2h!!suV(k;D8Rg8hd8+?BEX}k78SO>&#;qy znN_JT<4jQIiuJ@fl6FjPAD6i4=e@SoRlSnibT}S?>=-FK4W=J?ky|M{S581Xg?4k4 zEz`CDYs20t6naCe9Hl=y*#Z8XlFTrbt1$ zvxmI!NkNzunD~)Df7!H0{yf^W-~9O}rJ3mf_tZF()kLK44~?)!E4V!giDAw@nDasnMpT1;ScARd#p!dv{mJG1k)VU+qjq8 zru(V}Lo_d}`^dBm&J`ezVn0{;IO|AjDHq*4zU+E2%xMYO)?Kp}E4|@gDSi0%lfppi z!TilpmU95#Cw8Zp(3EU5?fA;4W^I~p*Jzvo*;COG%zQfR4I*U21gq(H!6J-o3TUD1v<$kj+~t;Mt2o` z^y$W}tzEkhOogd1?=b6DeB(|bu@m*cgAQ`q#@78L6329FdcUDI zs87Q_UvG0^YC6aiFopD~`G;m_=U3GHX0~_ss`Hztm+_TevW2`r2;$O3lccGAOjF(% zDVoDU|1ooz*`sJ6{7W=KA4LQB)rVUqOK$+iO*(h<8oACbl}F$`ow}gBXsGR9D8GM1IX)B!28?xQ(yu2e&h|Ma zny{UPG~DKMX61=Y&O!0r_onmtIjd;nRjLgw7^;;Vn~UUq>J+X*QPmwncTpmqBXo`9 z$aM?-O3E67XefWOot1^ssL~0#3&vjuv@C-JR=hlQXcXv4Ico0UVfo4@s$1*Zkz+ae zuQ2LV10RY$`P5+pQ2w2tsdcC%`Z(%}OxK<~iF8UMUrp34HIJ@ZR%I1bI!E` zKKE+TVEuxW^Ua>&hx2-(@Ib4fBeJOf6Cs7}Bea8xhA{YvraiEX3Oz&D6{AkkgLbIl zU1E^Z6~joHi4)Z#f0ummg=EOR|LjtVL{)U>D|x#rGM(!A0c2;>){qgNRwN61DpX~~ z1sYTN7WNMNsfW4P?~I6tYCJ|fzv5Uab-DAu?(F<*n-5oGJac)wTnw2a8fNw|ip{Yh zvDubSd`Z|Dn$D=Sr6BtBHh+{u89so#&N>@#3L8MDh|u`J_nttXU;7hongr`7R)#l( zJ`^~v8P&Qr?JKNA;>hFT(pb-G`0MOM>Q5K%@7jlNI4j(wXSo&^LuFs6x%dfKYYFw9 z807v;eWz7NgdQ`&BZ2hc0QS>2d|wVjkx%rj;X+IhCo6Kpe1u}pXOM25NunC??ZNO- zraY%ApVg{cnx?gKMzJs@B-Fm_DDw>hthFQgi%Cp`kjxSjfSIuoslFLHx8a z7BAJ2E#CduYeV_&lWmiEtov8b_s+iXu<~Ms%io~?)=$|_4#Wlkfq;LEhwl%|0Bl8B z1=+_5AVB`{0zAwCqyP{Q7z_qM9)BPZ2qF?XGScI~LPJAA$HBtI#lgbC!6PIm!ow#e zz`-Gg5|dI;P*G9g5z)}mP|}f8Qc?ac0(|@{5+V{NGBPG5J`O(R|9U)h0v?r*2w(yN z(f|-}fFK;;Loa{~06+i%K>v6O01_C22t+`BoaBCdLeS#|2|@%v+TPy-hyVgZaBu;L zP`s!3G!jSzTi1LD+2%DijRFmFd_hg^f<|e13&8_Pyj9j@2P~k86pjrOMK2TzNALrw})8(I_R+&4hRPz2Jn3?zr?HM$h&`6xSR7e z!oWzQut74|G@I~4s$!SobpHEKJw^rQhcCKXLJC^7a zpa~YTiRuGjW5>^PCf3F7khZs}Ih&>anQ1(#Y43cwZ|1bMdRBVQmqn(-e$S`)ze<>I2|CChw}MKK%}ZB5INxT zP22HTqhz)nJRwt8l&jJ$Q!3~K$zw6SFDtpn+pH8sB~ifht8W?yXV-UgXN?T!$m&{3 z6bLN{twmr6pBit%lL0Z!AZc;!Ss32=ubskyU@^_Z*y((~J4)<3wH7h`_@C#=uidAt zx^p`{v;@OFGVnC%$yV-VTCy!1r4*AaUp|- zCdj*=^y3OZn@!+^Hzn%pCTgOiC+?t>H?S{vaA*E?jJeoOmpXCk#7W?i^0^7zzr|s4 ziZV?lNjEOoQ`_7ifC)94d5Onmj^y$Xv5+x!$iD>d7j? z&n4djsoh&7FZl?UcQbREZCy)Y^Do^mOF8$3B-8M;#@$ohA_kkshpwBDI{mPPJcW#@ zTr|qmc}sEQ*+%9>SDb=Npb7!Rcogy@&}@{zEEOKl4M+5w(krX|1sV%OLrpv@MaglF zE=`U(x&#poiGxDF{`nfKwwE3<7x}Jw3Ag}vFQ_;g0@BwY(Ys$4s)<^!oeS%=kJYE) zT78ybl_lRSD^NAw*VFUg>)StF%gRh9W3m5&)l~e_!^zXB;LXvC*9Mt0Qv|D5=`=Si z>ZMb-M6Mr}5~rlZ6P|*Bi6n0s2lc}wu>De7F2C%LI9TOYd~FcEV02dg9_dUc4*(a~ zuu#*B1CZ$uAbnwHw6DNsHJJ|k#jt- zjV4usd5K5$297;;wpIHOUp!~jq=v_@8X1K7V<+rkHVsW8nZkllsFn=-3p=Aox1*HQ zh{khaFheFL7P_?JRr$^PENGr=*6m)UZUNjOuWs%093usnDTW*~!wVgrca+7GYh7mD zYvUA3D%max@9iO@pv1i@nV;N0YM3y>J#fe3)FYL1hjt7R6qB4{o7N&t68$hpzx{mD zU2#Z0KZ!di?Tz?sz-?_{6n11=1BhHQdH50b50O^J`rnCk?nlsr#mfWeRP?G((B(jS zdrsk#P>Zdnxe{SapM6DYRr-+13B|XbDJ&4qi4AOP__gG2( z@F6P!T&MCr{O0U}WT91bN(a;sv{sf8iI46Nk&JI-tvQWy=#A(j*Utk|#(WlY(C@V% z+ERYe7X8nj@M3sm{}$;CP{*S)RXheF1NP*srSjHVwxA}6d9CRg;riWjb^sFa(q48@ zy~u)++vm)qCPEx<`Qvf6>lx?(OGMk|s-v=}E~2cz7uDTyT_nXDTAd-*a~#~JYI`9U z%uhkSmEYG3@+^+DOcGk|KYjtH zFJzF?MQX6?f@#V(QlA$B#V%EC^B}G25sM?6-Xet1*sgbAS1NM}!<2#a?=;h1upb1G zrNx+7Kn>XG#q6T5y(RuJ`=wgR(!ZTCWuT-{odkc1>7L%hRmD~K*{cx-0iDhI#Juaw zQa)r+35;f89s481{Qe_*7Jqt|Ci=|i-PA@o5O~&7kBIV(5@Ty<7ld118|{UOpgE&# zc8?}(*3bF;Twa^Cf}W(RbbiKIKFFY*0aWz4{M+#jH%Ys~-&XNI@0uzI3I0e(u3v!P2$y1J%q3}4Ned2= ztl+WEYa9$!*v#*(9te%!=Tp5XZU|cjs2=QzE5tN5B0)VDJYm(MGIF_pWi=RRRPC8|80 zQS?bzht7UZF%2cBpt>R+LC%8QkWrq$#yU&=Ax3nFVh*0MS)b#bX|Dix<(y3s2)EWj z8@mpm%QXf>5BPLVQ5FgXEe<;~4Q%YhQG&h?Sava2PlHZ0V%U3k8zfJC+Iaghm7Jy> z4WtmQNI>{ZI$47q<|teW@h=IlMaMAI%wiHZrOOOUxU?5PxVyHt(?S?6bRl!tP{TD62`18K7;-(+IIqUU(cy;`y)%Y3-iP2N8A`o8N& zIg!HwocGLxR8R9)l>0jm%6BWsV+6%gHByCDkw@n6IDDe8tUuq>Q2umej}geIf46D= zjsi>7pj!l=L~~4L_2lo~Wt`PbxLr+n1W`}q!uahi5}sA>nvzWpzxZshhmoS7^#oH9VpOzJH^M zU?yN``q_firM}sfmfWHlITuSu6v?;Z`RQI@NzK_``S&|mnQ6e~G5^l!*e+r)g2@cO zpd;(ku6BAT=b4|P5-5AlrM(j-Ub7ow?6jhxJ(ISANcdhf$psjC&`^uy>O z?pG4nE^Wx(NODzlcjMv@%K@NYm=#+FF*R2e+>=4&H~9EZ0$<7HXm?x_WF;sNy0h0F zGR;gTwlKkZ>DCrFS<_A4B6h557^D(6$0u-!zF=mEOux*RWW**Kd$U_?tW*AQXsXvi z2CP^Ke-SoP`aM1=B=9aoSp|%2__T0`US}5Im-f|+b9@t4)XyH+-@<(RlrQ(y;mW!1VxcOE#$P}0qLQ;f*p5piXtvar@BZdJMl zLz2fG4w+AqVu~HP56Mth2)?de4Z<~!3D3?%)p6pJ}AOx{J#y}0dEC_%HR@l?2S^RE3*f5|W)#zqeCh)O_t1h7VSlJa+$%TEb~if205N&9Ai|Ulxg8Bj z(upoSH$W7ofmm^O_+TV}qBhzRfCa&#>RPIK%ob2~=N!usn) zHx&1GC33|7J6a`~e_;hDNpWQQtnPh+{A;VgElNY&<&k`A9Mt0Jo1UcN~6B zuYj%N>F$aiuT4m>Cl4eei56U?TW?|5;C7>uAk{!htxaB9I#&>)Zd90}8SXCf%o%+h zU56)lkcWigs<+`(VUO8DciMlHe(lweVP{v5@>5Ts;!l@96!Y#z6S+3 zPq)}M^K^M5I8H!uj+-`G=O)Y>?QNzI5dK@D1?MRU#bDE0AvFH#$_dG; z6F`+SM_jJ|U=6+|=M3BkegWxdy-{g;PNi0G9Zp>7(GPEgoMB5xU7ZmH2RFwEvnVbkk5?9F2 zOVuq%EG||k&P-Rx1*%Omdn=f7E+uJ#~=@!dy-!`=~$taW;>NoS4*E_x{S@v(K}A*IEqU&~l@ ZxZXQ&x%)}fDaC{p@hdBS3)}np0suQxWnKUP literal 0 HcmV?d00001 diff --git a/tests/suite.php b/tests/suite.php new file mode 100644 index 0000000..a24b0b1 --- /dev/null +++ b/tests/suite.php @@ -0,0 +1,369 @@ +to_bytes(); + //$out = OpenPGP_Message::parse($mid); + //$this->assertEquals($in, $out); + } + + public function test000001006public_key() { + $this->oneSerialization("000001-006.public_key"); + } + + + public function test000002013user_id() { + $this->oneSerialization("000002-013.user_id"); + } + + public function test000003002sig() { + $this->oneSerialization("000003-002.sig"); + } + + public function test000004012ring_trust() { + $this->oneSerialization("000004-012.ring_trust"); + } + + public function test000005002sig() { + $this->oneSerialization("000005-002.sig"); + } + + public function test000006012ring_trust() { + $this->oneSerialization("000006-012.ring_trust"); + } + + public function test000007002sig() { + $this->oneSerialization("000007-002.sig"); + } + + public function test000008012ring_trust() { + $this->oneSerialization("000008-012.ring_trust"); + } + + public function test000009002sig() { + $this->oneSerialization("000009-002.sig"); + } + + public function test000010012ring_trust() { + $this->oneSerialization("000010-012.ring_trust"); + } + + public function test000011002sig() { + $this->oneSerialization("000011-002.sig"); + } + + public function test000012012ring_trust() { + $this->oneSerialization("000012-012.ring_trust"); + } + + public function test000013014public_subkey() { + $this->oneSerialization("000013-014.public_subkey"); + } + + public function test000014002sig() { + $this->oneSerialization("000014-002.sig"); + } + + public function test000015012ring_trust() { + $this->oneSerialization("000015-012.ring_trust"); + } + + public function test000016006public_key() { + $this->oneSerialization("000016-006.public_key"); + } + + public function test000017002sig() { + $this->oneSerialization("000017-002.sig"); + } + + public function test000018012ring_trust() { + $this->oneSerialization("000018-012.ring_trust"); + } + + public function test000019013user_id() { + $this->oneSerialization("000019-013.user_id"); + } + + public function test000020002sig() { + $this->oneSerialization("000020-002.sig"); + } + + public function test000021012ring_trust() { + $this->oneSerialization("000021-012.ring_trust"); + } + + public function test000022002sig() { + $this->oneSerialization("000022-002.sig"); + } + + public function test000023012ring_trust() { + $this->oneSerialization("000023-012.ring_trust"); + } + + public function test000024014public_subkey() { + $this->oneSerialization("000024-014.public_subkey"); + } + + public function test000025002sig() { + $this->oneSerialization("000025-002.sig"); + } + + public function test000026012ring_trust() { + $this->oneSerialization("000026-012.ring_trust"); + } + + public function test000027006public_key() { + $this->oneSerialization("000027-006.public_key"); + } + + public function test000028002sig() { + $this->oneSerialization("000028-002.sig"); + } + + public function test000029012ring_trust() { + $this->oneSerialization("000029-012.ring_trust"); + } + + public function test000030013user_id() { + $this->oneSerialization("000030-013.user_id"); + } + + public function test000031002sig() { + $this->oneSerialization("000031-002.sig"); + } + + public function test000032012ring_trust() { + $this->oneSerialization("000032-012.ring_trust"); + } + + public function test000033002sig() { + $this->oneSerialization("000033-002.sig"); + } + + public function test000034012ring_trust() { + $this->oneSerialization("000034-012.ring_trust"); + } + + public function test000035006public_key() { + $this->oneSerialization("000035-006.public_key"); + } + + public function test000036013user_id() { + $this->oneSerialization("000036-013.user_id"); + } + + public function test000037002sig() { + $this->oneSerialization("000037-002.sig"); + } + + public function test000038012ring_trust() { + $this->oneSerialization("000038-012.ring_trust"); + } + + public function test000039002sig() { + $this->oneSerialization("000039-002.sig"); + } + + public function test000040012ring_trust() { + $this->oneSerialization("000040-012.ring_trust"); + } + + public function test000041017attribute() { + $this->oneSerialization("000041-017.attribute"); + } + + public function test000042002sig() { + $this->oneSerialization("000042-002.sig"); + } + + public function test000043012ring_trust() { + $this->oneSerialization("000043-012.ring_trust"); + } + + public function test000044014public_subkey() { + $this->oneSerialization("000044-014.public_subkey"); + } + + public function test000045002sig() { + $this->oneSerialization("000045-002.sig"); + } + + public function test000046012ring_trust() { + $this->oneSerialization("000046-012.ring_trust"); + } + + public function test000047005secret_key() { + $this->oneSerialization("000047-005.secret_key"); + } + + public function test000048013user_id() { + $this->oneSerialization("000048-013.user_id"); + } + + public function test000049002sig() { + $this->oneSerialization("000049-002.sig"); + } + + public function test000050012ring_trust() { + $this->oneSerialization("000050-012.ring_trust"); + } + + public function test000051007secret_subkey() { + $this->oneSerialization("000051-007.secret_subkey"); + } + + public function test000052002sig() { + $this->oneSerialization("000052-002.sig"); + } + + public function test000053012ring_trust() { + $this->oneSerialization("000053-012.ring_trust"); + } + + public function test000054005secret_key() { + $this->oneSerialization("000054-005.secret_key"); + } + + public function test000055002sig() { + $this->oneSerialization("000055-002.sig"); + } + + public function test000056012ring_trust() { + $this->oneSerialization("000056-012.ring_trust"); + } + + public function test000057013user_id() { + $this->oneSerialization("000057-013.user_id"); + } + + public function test000058002sig() { + $this->oneSerialization("000058-002.sig"); + } + + public function test000059012ring_trust() { + $this->oneSerialization("000059-012.ring_trust"); + } + + public function test000060007secret_subkey() { + $this->oneSerialization("000060-007.secret_subkey"); + } + + public function test000061002sig() { + $this->oneSerialization("000061-002.sig"); + } + + public function test000062012ring_trust() { + $this->oneSerialization("000062-012.ring_trust"); + } + + public function test000063005secret_key() { + $this->oneSerialization("000063-005.secret_key"); + } + + public function test000064002sig() { + $this->oneSerialization("000064-002.sig"); + } + + public function test000065012ring_trust() { + $this->oneSerialization("000065-012.ring_trust"); + } + + public function test000066013user_id() { + $this->oneSerialization("000066-013.user_id"); + } + + public function test000067002sig() { + $this->oneSerialization("000067-002.sig"); + } + + public function test000068012ring_trust() { + $this->oneSerialization("000068-012.ring_trust"); + } + + public function test000069005secret_key() { + $this->oneSerialization("000069-005.secret_key"); + } + + public function test000070013user_id() { + $this->oneSerialization("000070-013.user_id"); + } + + public function test000071002sig() { + $this->oneSerialization("000071-002.sig"); + } + + public function test000072012ring_trust() { + $this->oneSerialization("000072-012.ring_trust"); + } + + public function test000073017attribute() { + $this->oneSerialization("000073-017.attribute"); + } + + public function test000074002sig() { + $this->oneSerialization("000074-002.sig"); + } + + public function test000075012ring_trust() { + $this->oneSerialization("000075-012.ring_trust"); + } + + public function test000076007secret_subkey() { + $this->oneSerialization("000076-007.secret_subkey"); + } + + public function test000077002sig() { + $this->oneSerialization("000077-002.sig"); + } + + public function test000078012ring_trust() { + $this->oneSerialization("000078-012.ring_trust"); + } + + public function test002182002sig() { + $this->oneSerialization("002182-002.sig"); + } + + public function testpubringgpg() { + $this->oneSerialization("pubring.gpg"); + } + + public function testsecringgpg() { + $this->oneSerialization("secring.gpg"); + } + + public function testcompressedsiggpg() { + $this->oneSerialization("compressedsig.gpg"); + } + + public function testcompressedsigzlibgpg() { + $this->oneSerialization("compressedsig-zlib.gpg"); + } + + public function testcompressedsigbzip2gpg() { + $this->oneSerialization("compressedsig-bzip2.gpg"); + } + + public function testonepass_sig() { + $this->oneSerialization("onepass_sig"); + } + + public function testsymmetrically_encrypted() { + $this->oneSerialization("symmetrically_encrypted"); + } + + public function testuncompressedopsdsagpg() { + $this->oneSerialization("uncompressed-ops-dsa.gpg"); + } + + public function testuncompressedopsdsasha384txtgpg() { + $this->oneSerialization("uncompressed-ops-dsa-sha384.txt.gpg"); + } + + public function testuncompressedopsrsagpg() { + $this->oneSerialization("uncompressed-ops-rsa.gpg"); + } +} From 057c79440a3e23cad3f986568658d79ed6c6ea20 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sun, 20 Jan 2013 14:48:22 -0500 Subject: [PATCH 043/176] poke travis --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index ea9620f..3c5da86 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,4 @@ language: php php: - - 5.3 - - 5.4 + - "5.4" + - "5.3" From c5600d2812bcbdfde52633a5d3d3ea7669adc79d Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sun, 20 Jan 2013 16:49:19 -0500 Subject: [PATCH 044/176] Enable meat of tests, all but one pass --- lib/openpgp.php | 279 +++++++++++++++++++++++++++++++++++++++++------- tests/suite.php | 6 +- 2 files changed, 246 insertions(+), 39 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 327d7f7..1086dbc 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -86,6 +86,28 @@ static function crc24($data) { static function bitlength($data) { return (strlen($data) - 1) * 8 + (int)floor(log(ord($data[0]), 2)) + 1; } + + static function decode_s2k_count($c) { + return ((int)16 + ($c & 15)) << (($c >> 4) + 6); + } + + static function encode_s2k_count($iterations) { + if($iterations >= 65011712) return 255; + + $count = $iterations >> 6; + $c = 0; + while($count >= 32) { + $count = $count >> 1; + $c++; + } + $result = ($c << 4) | ($count - 16); + + if(OpenPGP::decode_s2k_count($result) < $iterations) { + return $result + 1; + } + + return $result; + } } ////////////////////////////////////////////////////////////////////////////// @@ -241,6 +263,7 @@ static function parse(&$input) { $packet->length = $data_length; $packet->read(); unset($packet->input); + unset($packet->length); } $input = substr($input, $data_length); } @@ -392,6 +415,7 @@ class OpenPGP_AsymmetricSessionKeyPacket extends OpenPGP_Packet { /** * OpenPGP Signature packet (tag 2). + * Be sure to NULL the trailer if you update a signature packet! * * @see http://tools.ietf.org/html/rfc4880#section-5.2 */ @@ -457,12 +481,22 @@ function read() { $this->unhashed_subpackets = self::get_subpackets($this->read_bytes($unhashed_size)); $this->hash_head = $this->read_unpacked(2, 'n'); - $this->data = $this->read_mpi(); + + $this->data = array(); + while(strlen($this->input) > 0) { + $this->data[] = $this->read_mpi(); + } break; } } - function body($trailer=false) { + function calculate_trailer() { + // The trailer is just the top of the body plus some crap + $body = $this->body_start(); + return $body.chr(4).chr(0xff).pack('N', strlen($body)); + } + + function body_start() { $body = chr(4).chr($this->signature_type).chr($this->key_algorithm).chr($this->hash_algorithm); $hashed_subpackets = ''; @@ -470,9 +504,11 @@ function body($trailer=false) { $hashed_subpackets .= $p->to_bytes(); } $body .= pack('n', strlen($hashed_subpackets)).$hashed_subpackets; + } - // The trailer is just the top of the body plus some crap - if($trailer) return $body.chr(4).chr(0xff).pack('N', strlen($body)); + function body() { + if(!$this->trailer) $this->trailer = $this->calculate_trailer(); + $body = substr($this->trailer, 0, -6); $unhashed_subpackets = ''; foreach((array)$this->unhashed_subpackets as $p) { @@ -481,7 +517,10 @@ function body($trailer=false) { $body .= pack('n', strlen($unhashed_subpackets)).$unhashed_subpackets; $body .= pack('n', $this->hash_head); - $body .= pack('n', OpenPGP::bitlength($this->data)).$this->data; + + foreach($this->data as $mpi) { + $body .= pack('n', OpenPGP::bitlength($mpi)).$mpi; + } return $body; } @@ -533,7 +572,6 @@ static function get_subpacket(&$input) { $input = substr($input, $length_of_length); // Chop off length header $tag = ord($input[0]); $class = self::class_for($tag); - $packet = NULL; if($class) { $packet = new $class(); $packet->tag = $tag; @@ -541,6 +579,7 @@ static function get_subpacket(&$input) { $packet->length = $len-1; $packet->read(); unset($packet->input); + unset($packet->length); } $input = substr($input, $len); // Chop off the data from this packet return $packet; @@ -593,7 +632,7 @@ static function get_subpacket(&$input) { ); static function class_for($tag) { - if(!isset(self::$subpacket_types[$tag])) return NULL; + if(!isset(self::$subpacket_types[$tag])) return 'OpenPGP_SignaturePacket_Subpacket'; return 'OpenPGP_SignaturePacket_'.self::$subpacket_types[$tag].'Packet'; } @@ -611,6 +650,15 @@ function header_and_body() { $tag = chr($this->tag); return array('header' => $size.$tag, 'body' => $body); } + + /* Defaults for unsupported packets */ + function read() { + $this->data = $this->input; + } + + function body() { + return $this->data; + } } /** @@ -637,19 +685,44 @@ function body() { } class OpenPGP_SignaturePacket_ExportableCertificationPacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + function read() { + $this->data = (ord($this->input) == 0); + } + + function body() { + return chr($this->data ? 1 : 0); + } } class OpenPGP_SignaturePacket_TrustSignaturePacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + function read() { + $this->depth = ord($this->input{0}); + $this->trust = ord($this->input{1}); + } + + function body() { + return chr($this->depth) . chr($this->trust); + } } class OpenPGP_SignaturePacket_RegularExpressionPacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + function read() { + $this->data = substr($this->input, 0, -1); + } + + function body() { + return $this->data . chr(0); + } } class OpenPGP_SignaturePacket_RevocablePacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + function read() { + $this->data = (ord($this->input) == 0); + } + + function body() { + return chr($this->data ? 1 : 0); + } } class OpenPGP_SignaturePacket_KeyExpirationTimePacket extends OpenPGP_SignaturePacket_Subpacket { @@ -663,11 +736,48 @@ function body() { } class OpenPGP_SignaturePacket_PreferredSymmetricAlgorithmsPacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + function read() { + $this->data = array(); + while(strlen($this->input) > 0) { + $this->data[] = ord($this->read_byte()); + } + } + + function body() { + $bytes = ''; + foreach($this->data as $algo) { + $bytes .= chr($algo); + } + return $bytes; + } } class OpenPGP_SignaturePacket_RevocationKeyPacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + public $key_algorithm, $fingerprint, $sensitive; + + function read() { + // bitfield must have bit 0x80 set, says the spec + $bitfield = ord($this->read_byte()); + $this->sensitive = $bitfield & 0x40 == 0x40; + $this->key_algorithm = ord($this->read_byte()); + + $this->fingerprint = ''; + while(strlen($this->input) > 0) { + $this->fingerprint .= sprintf('%02X',ord($this->read_byte())); + } + } + + function body() { + $bytes = ''; + $bytes .= chr(0x80 | ($this->sensitive ? 0x40 : 0x00)); + $bytes .= chr($this->key_algorithm); + + for($i = 0; $i < strlen($this->fingerprint); $i += 2) { + $bytes .= chr(hexdec($this->fingerprint{$i}.$this->fingerprint{$i+1})); + } + + return $bytes; + } } /** @@ -690,31 +800,100 @@ function body() { } class OpenPGP_SignaturePacket_NotationDataPacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + public $human_readable, $name; + + function read() { + $flags = $this->read_bytes(4); + $namelen = $this->read_unpacked(2, 'n'); + $datalen = $this->read_unpacked(2, 'n'); + $this->human_readable = $flags[0] & 0x80 == 0x80; + $this->name = $this->read_bytes($namelen); + $this->data = $this->read_bytes($datalen); + } + + function body () { + return chr($this->human_readable ? 0x80 : 0x00) . "\0\0\0" . + pack('n', strlen($this->name)) . pack('n', strlen($this->data)) . + $this->name . $this->data; + } } class OpenPGP_SignaturePacket_PreferredHashAlgorithmsPacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + function read() { + $this->data = array(); + while(strlen($this->input) > 0) { + $this->data[] = ord($this->read_byte()); + } + } + + function body() { + $bytes = ''; + foreach($this->data as $algo) { + $bytes .= chr($algo); + } + return $bytes; + } } class OpenPGP_SignaturePacket_PreferredCompressionAlgorithmsPacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + function read() { + $this->data = array(); + while(strlen($this->input) > 0) { + $this->data[] = ord($this->read_byte()); + } + } + + function body() { + $bytes = ''; + foreach($this->data as $algo) { + $bytes .= chr($algo); + } + return $bytes; + } } class OpenPGP_SignaturePacket_KeyServerPreferencesPacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + public $no_modify; + + function read() { + $flags = ord($this->input); + $this->no_modify = $flags & 0x80 == 0x80; + } + + function body() { + return chr($this->no_modify ? 0x80 : 0x00); + } } class OpenPGP_SignaturePacket_PreferredKeyServerPacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + function read() { + $this->data = $this->input; + } + + function body() { + return $this->data; + } } class OpenPGP_SignaturePacket_PrimaryUserIDPacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + function read() { + $this->data = (ord($this->input) == 0); + } + + function body() { + return chr($this->data ? 1 : 0); + } + } class OpenPGP_SignaturePacket_PolicyURIPacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + function read() { + $this->data = $this->input; + } + + function body() { + return $this->data; + } } class OpenPGP_SignaturePacket_KeyFlagsPacket extends OpenPGP_SignaturePacket_Subpacket { @@ -740,11 +919,26 @@ function body() { } class OpenPGP_SignaturePacket_SignersUserIDPacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + function read() { + $this->data = $this->input; + } + + function body() { + return $this->data; + } } class OpenPGP_SignaturePacket_ReasonforRevocationPacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + public $code; + + function read() { + $this->code = ord($this->read_byte()); + $this->data = $this->input; + } + + function body() { + return chr($this->code) . $this->data; + } } @@ -753,7 +947,18 @@ class OpenPGP_SignaturePacket_FeaturesPacket extends OpenPGP_SignaturePacket_Key } class OpenPGP_SignaturePacket_SignatureTargetPacket extends OpenPGP_SignaturePacket_Subpacket { - // TODO + public $key_algorithm, $hash_algorithm; + + function read() { + $this->key_algorithm = ord($this->read_byte()); + $this->hash_algorithm = ord($this->read_byte()); + $this->data = $this->input; + } + + function body() { + return chr($this->key_algorithm) . chr($this->hash_algorithm) . $this->data; + } + } class OpenPGP_SignaturePacket_EmbeddedSignaturePacket extends OpenPGP_SignaturePacket { @@ -819,6 +1024,7 @@ function body() { class OpenPGP_PublicKeyPacket extends OpenPGP_Packet { public $version, $timestamp, $algorithm; public $key, $key_id, $fingerprint; + public $v3_days_of_validity; function __construct($key=array(), $algorithm='RSA', $timestamp=NULL, $version=4) { parent::__construct(); @@ -934,7 +1140,8 @@ function body() { switch ($this->version) { case 2: case 3: - /* TODO */ + return chr(3) . pack('N', $this->timestamp) . + pack('N', $this->v3_days_of_validity) . chr($this->algorithm); case 4: return implode('', array_slice($this->fingerprint_material(), 2)); } @@ -990,8 +1197,7 @@ function read() { $this->s2k_hash_algorithm = ord($this->read_byte()); if($this->s2k_type == 1 || $this->s2k_type == 3) $this->s2k_salt = $this->read_bytes(8); if($this->s2k_type == 3) { - $c = ord($this->read_byte()); - $this->s2k_count = ((int)16 + ($c & 15)) << (($c >> 4) + 6); + $this->s2k_count = OpenPGP::decode_s2k_count(ord($this->read_byte())); } } else if($this->s2k_useage > 0) { $this->symmetric_type = $this->s2k_useage; @@ -1034,7 +1240,7 @@ function key_from_data() { function body() { $bytes = parent::body() . chr($this->s2k_useage); $secret_material = NULL; - if($this->s2k_usage == 255 || $this->s2k_usage == 254) { + if($this->s2k_useage == 255 || $this->s2k_useage == 254) { $bytes .= chr($this->symmetric_type); $bytes .= chr($this->s2k_type); $bytes .= chr($this->s2k_hash_algorithm); @@ -1042,10 +1248,10 @@ function body() { $bytes .= $this->s2k_salt; } if($this->s2k_type == 3) { - // TODO: reverse ugly bit manipulation + $bytes .= chr(OpenPGP::encode_s2k_count($this->s2k_count)); } } - if($this->s2k_usage > 0) { + if($this->s2k_useage > 0) { $bytes .= $this->encrypted_data; } else { $secret_material = ''; @@ -1055,13 +1261,8 @@ function body() { $secret_material .= $f; } $bytes .= $secret_material; - } - if($this->s2k_useage == 254) { - // TODO: SHA1 checksum - $bytes .= "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; - } else { + // 2-octet checksum - // TODO: this design will not work for encrypted keys $chk = 0; for($i = 0; $i < strlen($secret_material); $i++) { $chk = ($chk + ord($secret_material[$i])) % 65536; @@ -1222,7 +1423,13 @@ function body() { * @see http://tools.ietf.org/html/rfc4880#section-5.10 */ class OpenPGP_TrustPacket extends OpenPGP_Packet { - // TODO + function read() { + $this->data = $this->input; + } + + function body() { + return $this->data; + } } /** diff --git a/tests/suite.php b/tests/suite.php index a24b0b1..6391215 100644 --- a/tests/suite.php +++ b/tests/suite.php @@ -5,9 +5,9 @@ class Serialization extends PHPUnit_Framework_TestCase { public function oneSerialization($path) { $in = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/' . $path)); - //$mid = $in->to_bytes(); - //$out = OpenPGP_Message::parse($mid); - //$this->assertEquals($in, $out); + $mid = $in->to_bytes(); + $out = OpenPGP_Message::parse($mid); + $this->assertEquals($in, $out); } public function test000001006public_key() { From 825452e123b43f66299c53276ecc3c7fc43335e2 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sun, 20 Jan 2013 17:34:08 -0500 Subject: [PATCH 045/176] Support v3 sigs and keys properly --- lib/openpgp.php | 103 ++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 83 insertions(+), 20 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 1086dbc..6f50f95 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -461,8 +461,30 @@ function sign_data($signers) { function read() { switch($this->version = ord($this->read_byte())) { + case 2: case 3: - // TODO: V3 sigs + assert(ord($this->read_byte()) == 5); + $this->signature_type = ord($this->read_byte()); + $creation_time = $this->read_timestamp(); + $keyid = $this->read_bytes(8); + $keyidHex = ''; + for($i = 0; $i < strlen($keyid); $i++) { // Store KeyID in Hex + $keyidHex .= sprintf('%02X',ord($keyid{$i})); + } + + $this->hashed_subpackets = array(); + $this->unhashed_subpackets = array( + new OpenPGP_SignaturePacket_SignatureCreationTimePacket($creation_time), + new OpenPGP_SignaturePacket_IssuerPacket($keyidHex) + ); + + $this->key_algorithm = ord($this->read_byte()); + $this->hash_algorithm = ord($this->read_byte()); + $this->hash_head = $this->read_unpacked(2, 'n'); + $this->data = array(); + while(strlen($this->input) > 0) { + $this->data[] = $this->read_mpi(); + } break; case 4: $this->signature_type = ord($this->read_byte()); @@ -507,22 +529,54 @@ function body_start() { } function body() { - if(!$this->trailer) $this->trailer = $this->calculate_trailer(); - $body = substr($this->trailer, 0, -6); + switch($this->version) { + case 2: + case 3: + $body = chr($this->version) . chr(5) . chr($this->signature_type); - $unhashed_subpackets = ''; - foreach((array)$this->unhashed_subpackets as $p) { - $unhashed_subpackets .= $p->to_bytes(); - } - $body .= pack('n', strlen($unhashed_subpackets)).$unhashed_subpackets; + foreach((array)$this->unhashed_subpackets as $p) { + if($p instanceof OpenPGP_SignaturePacket_SignatureCreationTimePacket) { + $body .= pack('N', $p->data); + break; + } + } - $body .= pack('n', $this->hash_head); + foreach((array)$this->unhashed_subpackets as $p) { + if($p instanceof OpenPGP_SignaturePacket_IssuerPacket) { + for($i = 0; $i < strlen($p->data); $i += 2) { + $body .= chr(hexdec($p->data{$i}.$p->data{$i+1})); + } + break; + } + } - foreach($this->data as $mpi) { - $body .= pack('n', OpenPGP::bitlength($mpi)).$mpi; - } + $body .= chr($this->key_algorithm); + $body .= chr($this->hash_algorithm); + $body .= pack('n', $this->hash_head); - return $body; + foreach($this->data as $mpi) { + $body .= pack('n', OpenPGP::bitlength($mpi)).$mpi; + } + + return $body; + case 4: + if(!$this->trailer) $this->trailer = $this->calculate_trailer(); + $body = substr($this->trailer, 0, -6); + + $unhashed_subpackets = ''; + foreach((array)$this->unhashed_subpackets as $p) { + $unhashed_subpackets .= $p->to_bytes(); + } + $body .= pack('n', strlen($unhashed_subpackets)).$unhashed_subpackets; + + $body .= pack('n', $this->hash_head); + + foreach($this->data as $mpi) { + $body .= pack('n', OpenPGP::bitlength($mpi)).$mpi; + } + + return $body; + } } function key_algorithm_name() { @@ -1078,14 +1132,16 @@ function expires($message) { */ function read() { switch ($this->version = ord($this->read_byte())) { - case 2: case 3: - return FALSE; // TODO + $this->timestamp = $this->read_timestamp(); + $this->v3_days_of_validity = $this->read_unpacked(2, 'n'); + $this->algorithm = ord($this->read_byte()); + $this->read_key_material(); + break; case 4: $this->timestamp = $this->read_timestamp(); $this->algorithm = ord($this->read_byte()); $this->read_key_material(); - return TRUE; } } @@ -1101,9 +1157,13 @@ function read_key_material() { function fingerprint_material() { switch ($this->version) { - case 2: case 3: - return array($this->key['n'], $this->key['e']); + $material = array(); + foreach (self::$key_fields[$this->algorithm] as $i) { + $material[] = pack('n', OpenPGP::bitlength($this->key[$i])); + $material[] = $this->key[$i]; + } + return $material; case 4: $head = array( chr(0x99), NULL, @@ -1140,8 +1200,11 @@ function body() { switch ($this->version) { case 2: case 3: - return chr(3) . pack('N', $this->timestamp) . - pack('N', $this->v3_days_of_validity) . chr($this->algorithm); + return implode('', array_merge(array( + chr($this->version) . pack('N', $this->timestamp) . + pack('n', $this->v3_days_of_validity) . chr($this->algorithm) + ), $this->fingerprint_material()) + ); case 4: return implode('', array_slice($this->fingerprint_material(), 2)); } From f4af8a010b97390e63203d4bd9bc25a388716e35 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sun, 20 Jan 2013 17:41:37 -0500 Subject: [PATCH 046/176] Remove unsafe use of array_pop --- lib/openpgp.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 6f50f95..4537798 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -285,7 +285,8 @@ static function parse_new_format($input) { return array($tag, 3, (($len - 192) << 8) + ord($input[2]) + 192); } if($len == 255) { // Five octet length - return array($tag, 6, array_pop(unpack('N', substr($input, 2, 4)))); + $unpacked = unpack('N', substr($input, 2, 4)); + return array($tag, 6, array_pop($unpacked)); } // TODO: Partial body lengths. 1 << ($len & 0x1F) } @@ -366,7 +367,7 @@ function read_mpi() { */ function read_unpacked($count, $format) { $unpacked = unpack($format, $this->read_bytes($count)); - return $unpacked[1]; + return array_pop($unpacked); } function read_byte() { @@ -456,7 +457,8 @@ function sign_data($signers) { $this->trailer = $this->body(true); $signer = $signers[$this->key_algorithm_name()][$this->hash_algorithm_name()]; $this->data = call_user_func($signer, $this->data.$this->trailer); - $this->hash_head = array_pop(unpack('n', substr($this->data, 0, 2))); + $unpacked = unpack('n', substr($this->data, 0, 2)); + $this->hash_head = array_pop($unpacked); } function read() { @@ -621,7 +623,8 @@ static function get_subpacket(&$input) { } if($len == 255) { // Five octet length $length_of_length = 5; - $len = array_pop(unpack('N', substr($input, 1, 4))); + $unpacked = unpack('N', substr($input, 1, 4)); + $len = array_pop($unpacked); } $input = substr($input, $length_of_length); // Chop off length header $tag = ord($input[0]); From 995a9d784047dd6ffb9593ad4280ee6f30ea68db Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sun, 20 Jan 2013 17:51:37 -0500 Subject: [PATCH 047/176] Fingerprint tests --- lib/openpgp.php | 4 ++-- phpunit.xml | 4 ++++ tests/suite.php | 23 +++++++++++++++++++++++ 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 4537798..04a1009 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -1193,9 +1193,9 @@ function fingerprint() { switch ($this->version) { case 2: case 3: - return $this->fingerprint = md5(implode('', $this->fingerprint_material())); + return $this->fingerprint = strtoupper(md5(implode('', $this->fingerprint_material()))); case 4: - return $this->fingerprint = sha1(implode('', $this->fingerprint_material())); + return $this->fingerprint = strtoupper(sha1(implode('', $this->fingerprint_material()))); } } diff --git a/phpunit.xml b/phpunit.xml index 375bb57..00cfad3 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -3,5 +3,9 @@ tests/suite.php + + + tests/suite.php + diff --git a/tests/suite.php b/tests/suite.php index 6391215..1fabf72 100644 --- a/tests/suite.php +++ b/tests/suite.php @@ -367,3 +367,26 @@ public function testuncompressedopsrsagpg() { $this->oneSerialization("uncompressed-ops-rsa.gpg"); } } + +class Fingerprint extends PHPUnit_Framework_TestCase { + public function oneFingerprint($path, $kf) { + $m = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/' . $path)); + $this->assertEquals($m[0]->fingerprint(), $kf); + } + + public function test000001006public_key() { + $this->oneFingerprint("000001-006.public_key", "421F28FEAAD222F856C8FFD5D4D54EA16F87040E"); + } + + public function test000016006public_key() { + $this->oneFingerprint("000016-006.public_key", "AF95E4D7BAC521EE9740BED75E9F1523413262DC"); + } + + public function test000027006public_key() { + $this->oneFingerprint("000027-006.public_key", "1EB20B2F5A5CC3BEAFD6E5CB7732CF988A63EA86"); + } + + public function test000035006public_key() { + $this->oneFingerprint("000035-006.public_key", "CB7933459F59C70DF1C3FBEEDEDC3ECF689AF56D"); + } +} From 7d44211fc8d35a13bb432d2a17304730e7ca8bd1 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sun, 20 Jan 2013 18:57:14 -0500 Subject: [PATCH 048/176] Clarify the verify example --- examples/verify.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/examples/verify.php b/examples/verify.php index 71221f9..8650199 100644 --- a/examples/verify.php +++ b/examples/verify.php @@ -1,11 +1,10 @@ Date: Sun, 20 Jan 2013 19:00:49 -0500 Subject: [PATCH 049/176] Message signature verification tests --- lib/openpgp.php | 2 +- lib/openpgp_crypt_rsa.php | 7 ++++--- phpunit.xml | 20 +++++++++++-------- tests/data/pubring.gpg | Bin 179272 -> 7368 bytes tests/data/secring.gpg | Bin 9329 -> 10573 bytes tests/phpseclib_suite.php | 41 ++++++++++++++++++++++++++++++++++++++ tests/suite.php | 2 +- 7 files changed, 59 insertions(+), 13 deletions(-) create mode 100644 tests/phpseclib_suite.php diff --git a/lib/openpgp.php b/lib/openpgp.php index 04a1009..d529ef2 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -182,7 +182,7 @@ function signature_and_data($index=0) { $i++; } if($p instanceof OpenPGP_LiteralDataPacket) $data_packet = $p; - if($signature_packet && $data_packet) break; + if(isset($signature_packet) && isset($data_packet)) break; } return array($signature_packet, $data_packet); diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index 8cf4495..1e9456b 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -56,7 +56,7 @@ function verify($packet, $index=0) { $key = $this->public_key($signature_packet->issuer()); if(!$key || $signature_packet->key_algorithm_name() != 'RSA') return NULL; $key->setHash(strtolower($signature_packet->hash_algorithm_name())); - return $packet->verify(array('RSA' => array($signature_packet->hash_algorithm_name() => array($key, 'verify')))); + return $packet->verify(array('RSA' => array($signature_packet->hash_algorithm_name() => function($m, $s) use($key) {return $key->verify($m, $s[0]);}))); } else { list($signature_packet, $data_packet) = $this->message->signature_and_data($index); if(!$this->message || $signature_packet->key_algorithm_name() != 'RSA') return NULL; @@ -65,7 +65,7 @@ function verify($packet, $index=0) { $packet = $packet->public_key($signature_packet->issuer()); } $packet->setHash(strtolower($signature_packet->hash_algorithm_name())); - return $this->message->verify(array('RSA' => array($signature_packet->hash_algorithm_name() => array($packet, 'verify')))); + return $this->message->verify(array('RSA' => array($signature_packet->hash_algorithm_name() => function($m, $s) use($packet) {return $packet->verify($m, $s[0]);}))); } } @@ -141,11 +141,12 @@ function sign_key_userid($packet, $hash='SHA256', $keyid=NULL) { static function crypt_rsa_key($mod, $exp, $hash='SHA256') { $rsa = new Crypt_RSA(); - $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; + $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); $rsa->setHash(strtolower($hash)); $rsa->modulus = new Math_BigInteger($mod, 256); $rsa->k = strlen($rsa->modulus->toBytes()); $rsa->exponent = new Math_BigInteger($exp, 256); + $rsa->setPublicKey(); return $rsa; } diff --git a/phpunit.xml b/phpunit.xml index 00cfad3..8049722 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -1,11 +1,15 @@ - - - tests/suite.php - + + + tests/suite.php + - - tests/suite.php - - + + tests/suite.php + + + + tests/phpseclib_suite.php + + diff --git a/tests/data/pubring.gpg b/tests/data/pubring.gpg index a1519ee74b87062c7892b8a94205704f2b764161..56e0599f63a7b674c10e924d6dcde67483fbbdfb 100644 GIT binary patch delta 8 PcmX@{gX@Ilh7&RX71RV^ literal 179272 zcmb5W1yodR+xNYP?hd6>N z@BN;&-tAf-%$nam&V9xa|6@okMo{s_qXQu<4L##_D_tpRDfXJCjnd@_I>>ttw7a44 zYC343FrkUO+4_)n7CW|>(*NaI8lnOQ)9K1+yqjbpHmyvm#i0S(?n5g)AGM|pa(9Tm;Hb%QM) zLCON{aVO2m4rBT*oHTL#g@T+KrO)dwLgY*9&H!8x0IH$Wv~>5NQn2);VpP`XMJ4bAV9qu_rMfsD9|HBDwR0SLW{~tG%g5DHn+5i2fA}qiaX41w^2W|S3 zFReyu898KM0vz{W@E*cbSJ18LWRi}ufPi^kmaj_@nn=BB$oQ5Y`o1YX=h_6C`lp^b z#ALAt1mXU<=?nrs2o7L`jTDa#juajd6=!QS5D6U>1sNU=i4X-26%8GM2o4?uM*)H( z4ulPTVp2KB`7Hugk}$#o{}JZLMT14wt@QJ!W#oJyX^Yn%N(8H4%?zd49beYbn>@`i z+Pn=jMZ5f!9!{Y|;SbKriGHI6$K}!h+4@r9X|w0^qptGX^C@hdu(F6q``VSzUJa{X z5>recB)Q1u(aHAc(~D3fF$`@UWAA}+Z+#9~6RZYO&T!h~(9{f*>QXXTi5zS_CBK^% z(U~|7I`H&ZK4}>#AkL}WcltBFOavV0_>f@Zll6vKzc42$y(<%&sjMLSoOR2lkDwNNrpgr6A|4r5AjW#~7yS z<&<(W%xugj54paQI%b*OtbWAY@HofTAs~f`-24E&d|_QLgzG!#w-eI(dA(t(mY?aI z)NOgtE1Ksqi^>nmXmRt_P5)SEgn$EGYkw@1SFert4~ zia^4CGjbgj>f~yQu%CH)0|LI}aGd?3zSRpq+G=aGE~$mHAHDL5t8e8fk_FqPB|U)M zqv3xxXj68&Gi|~;ReDJXs=dA~yZXJ3^aU*Fi1SGLS zZpWA@;f4Qf(6A1K2ha(_zFUwO|18M+>+UHE!aQD`I%<8of%=3IUOvb%@%-XEGf#Oi zxgX2H7uo$YXmE65K#kt#_d)Z7FxJ;kX3uCG3c{@>v8d^DWSEm6-ibFM6_dl!)-4U) zinP>cMnktt#snn=bFRn^Jgz#W!`WZO#Q=&59s3QJ&_DQw zLLL+xnkJ3-?!u=u>}oQ*43ZB}_&u9ZtddS?ICxF1A>9_OSl{_mN?CNA`W2m*+H8B3FIi^x7B|XtSV;MZ z+)XTq>CI{~;rZnO;!Hm^H~<;_hL04_ zm^5mZyD#Z=Lq*H+E|r{Xg&|&q7Nd@&30gsiT=D8d)6FThn1gkVNVhYJ8IDPZ{-qt zg+F?RY-;0)I6ceRcx_H*v%0v#`SXF!yTv^0qCn-KsjerBvKSd%xx;XD4PC^>JHEK! z`E0qLh7V~StTU!q7d{TVIV5~=ki(4#U6tkyQB?W*1s-!~ls&x=LCSr|1)@oh#9fL( z!m1oeCso`dlC37oRol7jl{dvC;R(wy^pO25z6r9p*G$7*(9aH|HHbiRIzO_(Hu< zL@TnhHq3CI@MS>{H8fkE)#QEFFGU>g4Rf7-rKi2m^QHa9v{-667`Qgb*sEj{LKLig zUhlX}eZz?#$$km{TAKO0l$yYII}9MwxnAPkBggbfg-4{>RmP}Iud_8c6C~0pdyKDX zAb7MK%DvLxJku)+9>&PH_0MYaOgfslJ8nag{X%g=b-#0O;k9Q_uouW;sxKlPv6giT zw)0RljBxWmCu@2r_&k`wJ;golB>dd0?cX>?} zS#un7+z-o~h%_Fo;R>1D*PPkYGqSzKB#w`Ywid!TVw6-exhyMgLJ{DZhc0-gM^S|K zn4{-xf?R?Gt-Xp^k2S{RV&(PuJABl;O!a@vr9`NmoF7P)>5)B-LYgvn-*HdKZ))85 z{q$Xk_|Hxio-Oo;CWaDfroS4m-uPCh4LA%vU6;pjdy9hZ!FS|7uaIwg=$NK})lr;= z$wu`9^U`v;QA)NJL&~)?QxI7~cyHqO3&ee7DV*w!FJDMjrxCYE?R}qv-qu2HEWASq z^Y>O>EdM%Xy+k2i>?yB2C0qD<cIQ z4fx}AqG?ZEiU(TMArmUEi`5ecK)`VR8Rc`lEk(oXnd-;o7k)10gC||(tV<>=$PX?Q zzf{1^%lmPe)c-XuGk10r2@6EPhZ^}$v@-N3T0wq20{pMh%3YvVZVe6842Z+e)eze0 z&P?75Qlou648)40Z2iukg2b22CF-pV0%Glu6L6T_6zDS_#01dqE>N`+i8rhvm2Km7 zwa)r`w*K+h4fkRS?)#p}I}%~(gOYDWIJ@C9{Lgwrc8KqPB^)ioBkP|LDE$#^Pi zBniZC-f{JLzi!kS`uC1mwy$hcq#E)A9K{AOg?5xJ)lJb$18z%Dg6DpKU24|H=cO*z zsv@UuaycT#YP$F4-ms&5?*S*A(88>5gfsl(nQ&0WQYrb69B_Y`Vqj5fnTm$pnEo;$ zsOaidz*~h>XBQl~zU<085R>J6$-rsL@#|z16Z_#1niNaRkuY!XBB@OTzrA6+a@aP! zqh6eW-=(203j#e+P3bl^&R{p*ahc}PtGe7kO`>GT5Cm0ty`Em%(`-*laMs9Vd^0}v zc#++vJGX= z!>qs__bzP~6*^I6Pmv1T$5smt%E5O#e!%OqaQ?dEt(wJL0+&MUNXZbQKm<~HsH_O% za9^t0w_2-jdu&Tai(CZjeU8=M9aH?O%zotW7}dPT-Ks2n7?>PCxRPkAa#~km1bR1Z zWZsf2oqjgGAwvb_y?2a#7DWs|qhb*u>zgcl8C!6fzO)NrsT($nOC;^svmLw#4Zm-+ ztqwE-e@;|QI{zXlFL8}<0KQqw;5=I|o zw8ug&X+aPFRFca-{7U!{0=k}uFqP+M8EP}~rzp5UGt|@)wt{WN0jzQVAR%6(CVLgF z@G;*aIsU1cN0vx&)cpKoylhAt(q~&g_VRW@N{c9ExgWkFk2VUx(v)O=cZt0ar16wS zvj*)GGbP~qFsGddL3I9w@M1?&78$zcnjYf-ml$8LK;aY2>>G+MRzbXLI*DSZ&<`@t zww8zAvSe&!!gI)ce8#7Ny68;Mn^*v3(i!fc{UC{yV?$YdFZ@NsfKDPIl~+=5Cw+R^ z7Gb53%!nJnRS&a9cmUm_{{(Q*JqiurV0-lbvB5+K+&))1*WE!d*_H1#;Waprd!FUI zh!YVFh+(T#!6>~lRnzeh3%6gRX!Rx&CcZ>PyytlLRsZyS;Q6J~*O zp^F(m5ElXXNld~;O+@GS^kE;G&dN~rF+9;C(nTDC=j8N+JHAlz@#*&CeNo!-4>g2S z>{LJTPJf#0C_f*hF}Lm^)p~v`hv+2wdzqJ`hNPNe!J}6sQtHV|&Ogc=soO%6P zn1Nmg0mzJxv|jyreSid)xh*x5e=8*p=QuY;f`4dRJdwULhLr5a9}L)x?TO6ONi4GG zY?d>4DCuKN)o*NU*(Wm=rfd3ySvM0HwF`DJ6?`ci+o1aWCJJPc` zMl)r+`9@lOwT&MJF2``Sdo@k=W9Ciz`4%eMl0A<_98TLCJZZ~4H+b>jLNZGf{^<=# zt@r`mie8v0)V09<>ssDIT?^>5FPAh}uMhLE>-XMWKK8F`x$`tm;sDrqeU7!7_;kk* zDF=YJBg*P@#`6Ur?_3^P){^`HvN_$*&b~pqb+eFr{2^-6QoKbdL~FgAjnR&TRVCB>9;h=LBQcqtLp` zd=7A)@Wd=Nfyee#J|9OpZJbhtfyJW=1*gU$S>GDDv$tq!j&HY6BUIr!#&Mr@3SK3F z2NBg3EA3`vsA-hxo_aiuI}dDHg6IF??WIE_M^D0Dbv+c8uXw1uvHCM|EGPd3W{q;t zZBeCf4Gw_%PYH(Y?>s?EF#n%GgWPWOB4jueL*&-WqkV7b!cSPO3pWy_w`gZ1W&{(0gEe|Fh`V2fys0Vb#D3Ms;HNvW#(5lg zuPI(v+BKNPczpIsbnzPs`|w`w^v^WQK$HBtGKA&*C36f1Kr*R_L`@a+g}gi#7YxiX zMmn8uEC5K(;p9(W4 zad96|KOi9|r=+CBC#IpJp`at9prn97K+v}$BOzm$KVP@)0MsWC1IF+m z8UPL#1dj{4?FL8z01h62zZ(MVJ2C~O^~8VU12Fb__`7cYh$-ZsjkJsO(TZLEnJW?WhWT9@ z$QT>NSos!M+w}LEj&Zf$qwQ{JgfQ0%n8cx(biNUtC9hz>lWCUsh+}dJ7nssGL&Wpw z&E;u63sG)!=nKyf5HR9xjV*eD&bu+FTrNa?3HI=>r9Inp-bMQGme)@lQL_9i68n&B z!_T<0QBu1$?$F6Iie;&$NhOTF)UoJp+cK{47ArXs2~>o+& zazqwH*20=_mGu|lsX%liyp)*sj3)l^)n;MeYf+88n5lgKYYLoel_pXBxZlUAFFhu$ zI&<4SwVsB1s&|KeU6jO@#d!KveCXqYQ24a&kUlbF!(ru?LM9IK6wSgM&w{#{?AXwL z17nn}O8wXZ`1J;a_*cbhtHvrKqlX^wX|FT~u7_OsRxxK|+FfhJs1hbXi;Bm_Ljg^W z6O$AfN=a%NO=ps7W>xhI#%*+^1ayRq-xw22umNK&mwHSR&2`fNLT8)uHdjk7iwT;y zg!aqvKV=`aA7CEW%pVae7HV%ssbtZR?Y0W{@G+||GP>5}@X0632U34^ed#Oxv9!3F zUOeH> z2bFVF@49f2Ir&X$5P!e8m|FO#TcEz?qbFGH-AqTvs@MbORS1{c(M*nr5U*SfnpKne zIXhUyBb>F-yvn_khshYj`?BmL811uVzM;wM{P*)TU3!imbzK`gL%B)aAaKZ zBT85GQZ=3uyg1g8S&<*kuZyYW0w3U$%Z^Y(P=mlq++J%=7#AgHRy*@F76t|y_*U`~ zJXrx}r;;)|3}83BxAk=PaxQqaZ~pRm_Vgs-@>wR$ z1+!YoBp$I_@?yfIq*(kD1W>}m5QcvJFmW9J^rq8+oe@W?+>f8@giaV-6u(8f(8&S_ z1vbo7^kM)C9UNj$*b%MW*wk#*rj}G5?^GRKMNMd6etZ($%+fDxCvKamzL`=q?VS|O ziXnFjv9x2Z?Sk)5ePw>~=n=&!$57Xg6&XC2+4anJ9s9oP5&Hi1jrN4In~Z;sTGEqo z#WawO23x~S1iVrnAwit02L)!IsC%AFb!3mTR$8bA9f&Ix*#rCGcGTI3r^}b36^;C_ zOZ{(#q+b^#vwp!0<<+mK=*|z$=3m+lJN~JN^ukWn)-E;Vg*#B=1KQ{&b*1~p|dh*?} zZ}4efW@}C%%Ug?$C%NKbjGz33tCf0@6+V^BDvg`zhzkBFyu+(t6IlCkD6%%L}=k6b+tOdIoE z$icYLLe!S@e`nDvz`}#+34uB3Mi3@6=#oDGp#a;@tR?eSnl`A7k@A`|v%>W|pV_Zx_CePj>DSyXe0=y}&4{9RGU(xCeK0e09 zYp8G#bj7L+UVUq|pkh=ZQq0AOwKXq>wTsCw1a>EtR6L~UF`^F+e6mK0gJ`yK?rZ`d zlR)bK>zTS0WoE~08->@xQ*oVk(&O@UVE7@qsrLuHP3^EUiBCW1Us08PTP?`5*w-?S zZ@NhtK**fWBB6^^XVXQX`LLF*S_l$7Rkq7RY*vd{7+LobCZdk%c!S_ZX(n!v)|dH> zX3AUhJ7HwWdn{~_y5_HwnFT)wOM(NoQpP_bn~Ix%cMaNN9c2~SMSj+wPX?*IDD zOx>d9v!TTOPD!_DVI&S5`1cT}C4c_YH`s_{CtRj##xHi{8o|M;1Q{KxX!WfehC6$DIDyX8{IUHJds|FiV~dJzm^fy3+>mMXu#W?x@Pj;gxpX{{PIHS z`-PlfM78K~AdHsttw1(YkiWQW$4uOt>9HsH$Cd48noyRX9*K;<7r< z!3QRt4wJr%xn+V^M_}vi6;^V4ic<2p^=kke&}Hi8`8(bkMD5A(5_caC4;-)qBx0au zea;UaE!XJYOm_}W69f|r-@}v}M8YsJ#SzYXyDmpDff3<5&TOwAo2Hv}%~dsR*#Bez{AgAAFw86h8h+k%W6O8}0JiLXe6d;TIb5mmJReOn~ zsUy$}Mmt&t^9J7I2yT9daYAgG^{jq(MA5wiz%m??&HA(ue9@5hD#T+HuOuck79bOy z4RKJ^VOd{U-BFHwy6`pG)lTGn&JiYzGvGo0yG+3_o)QTF+iS`sf9HrLwlZ^5a*7c4 z%MiosfTry6KRTh3g9(-?Qcxu^UdM=bP@03Ebu_O^CJGllLL z0NducQ(p3>JGFyLg`7PEZ+{%RmH?2qc0SiJK{7SyE%g58FG`;sl?=My<4ArihS|gV z#)5CAJrCcgg6+@I5h#na(IxBXlCMAZ|34Bo7*x3?pSo9>W{r3of$)%S_o z-{WX|Yr{CWQmY?}XrlOK7@@nuNk>!B@(pf{O+Hqv;4O#iJg5f%`>{VR7mCQuM&(oH z#umZ~L;CQ3@g8SqB^<`_nu!f43)f8pGXU9w-7=ps^l;=wji`G+C=2k(2cd!hNCeyG zM!~d%krVuGuXn?Ug-@^fweEBF4`H0BJce0GLC9OiD*&v6EHj)egyOs_NB+E|igR|x z7V#T&l?$Ng-#R;}t^&V(HMwZ)eII9V-{b5e>%lk&Z$}0e5puPtbO5lN3q2dQzl-Zm zk_z1^!>FP|`5QAJo7)`z<3qQp{9!J25avTwxaQaJJoh=K!7z??#S>$Y^&tPL9gvBw zze~GLuUeYcpzN}4_d$BuBD@)Zgd4gJTBN#hsJT*4>>2j*Z6Zjr+~XWb@4+}jWEd%8 zW3#$wxzL@&EQ$n_INBWex@qf?V_n;fG-(4_gfU-ZBn1Sdm{vu{7M6eOZB|Yl+~XXs z#KSlfxhq_x9U+DF!$3NmwkH>nqMbbd8Um65E4*qFSwD2wRohl(h4)-ohQ+l7SNQEg z_Q{kK?{R)%_rN%^1@^@;F$#=~*3c33)-Up07%;;VEEH3SD=x{DyH)`iNVh%jFdvfV z(2=%RMyAjX3mTXt-{Tw!J%w=|9IC$p0$%b@w?dD1^a`XG zYGJ}S6Axsf$UMvO#9AMmm6{HP2#u9FzL9)+k8`a3=UfflN}Pt|Hf0Fv1CSl(){FKZ z5ZzqsuX#E_ANr|N;lBZ3sSEfWO~fLFr@n+bV;9BI;Ofwy_c*^r&tT*F@NOc*AnZ1a zCIQI8CmeaYK|y$UIf5xd7UW61wLPg0K*}c<7ElD#V7 zalkBfk1v5WwU z;a(i~^3S|)fmyzP?U8bdM}=`-9i5aj$$?F8V*#*=;5zyB7#*b+96Vd)v4#&-T;V0u z9fxD|d0p}b%i}VNM0>p5v>bnAbf1$@3gbLg>WRaeM%Z#~0w5bTKstrE`m4uuj0A%Q z3sT}mc-H`=rkPqL;7f=eF*#AUzq{UH4WPAhpHqAZ<7lG2G;;KKWShtaWb?P+>JRr8 z3cdFvNV3>^=u3>5(gpQKyow&fCadfzvmrm7bF*AT>Dh1ZbE@WHoK!O7>0VcQKkkn} zCYDl7w2XrNR~E&grSa{Tx#sYR_E7rHx+-4vM=s6|1tAbeGFC%bJ#NLZucGli~mSkiZ`@;oo1tm0cesWw9;WLLZgQ#zxo9} z2iphK#7Yi3396Gt7;4|=+-$)(XH^{?)zYnBZB(F@b=*p)F(1(+3S|=_=kG|(uG?H9 zKsKMQuOa8}fiScwFWT*H8s0A-&KU1;eDz&m9MjF{QKIiIy{<$6SW-KbuG@P>Eq1Nh zd9%LOv5mOH3;;XfFLbb5W3{YCAM9QVw-}i6e3HJ$@mr09alT<4=||QwlyjQ^kXVGD znM|jCq9uo0; z2jkdcnh_Kr+zi$@0@)&8H^(GpuaRaZQL_5J|1>!*|0xFbj>RRR_9Zl!%(GD!7d6id zN?p66?{T_iYGIsiw68D8$%)~1egKdaj%E$sr(ZpslS|FQrc8Bd-VeJ&cS{&LzBZh* z@Wqefs&+s&SY6As`5tF?^^boygO5;{&q%}ZNr6T>GTE%{3FA4JOOa)Q`<*!0KRYp? z>pAMH^CaIV%$)X*`OIi@@2b#*Hve*@qb&bqS=_3-YNA8Tv2}hx7A4_f=$t&$3n3f~ z)5H0a9X5GAX!IbDHd3FEZa@gXS;QFl=@&Jz`N_yVPF(13*tm=w_sNvm2BGB|AY1hH zA@PF_nvquhFnDuksngM8Hm^?F(Vh&ll5vwij4zg8e#w3s`2>%}j7yJ8YA08)#}xTLdJmBf!a6CJ{h zV`i6>QFoui`6ryOES?XZ3sOLpl825fPNFLxZZ4w^vxm^vZS64j^a>lg8ooeYp7VO5jgjOh%!uYNBY7n{34Ie7ml6%q`@AuvvG zCC1<0MDqX0J@&r;Qf>tBgJm_ zGn`lpUZ%XNQ^JFCU_u?VJyL?X?9V>^&2?R`pn=!q?hK9Rr@7~}y*v%MRico73_Vdg zpPBXmvM3_vA94a2hL5MQR$gl(k)$6A6x`#m(agf^skZ6;t(bjWG8GSiHJ0LkZ>p%y zat7{UyhyKBh)^Dg2O#e=kY?rJYV)la=GRs?WgZA1sPx?9NH706e{R2hN;e!q42f$3 zvY(7p5Zepket7&Fe`0jv$AHcbAJoe_^@xxYdA0STss|}9&|8q=%Q08{<;X-X{Av3< zo#%qXxm5ge2+bh}5tgKIW%AGNmPZ z$g$Zw*O^jJ{5*mf$%et{xU_xlQ-$R_$WPDc5>5DBv9^KOpl6M{#?@pJRm_lGRmJNF zqp3Jrkz&wwGl6)$RaeA?&R`c4?%tdHgP^*?rTd*lC4Q3eD`ZASn`gi=>?_bmiJsl2&hIT_XO zovR)4e(1=OxnFo{5@eO;Z6r4_d)+qX@%Re;4VJpK^qVSu8ER4KX@~Ephbunf~>qN4DYmQDoN={fFBoT?6z$uHzOQ*w zkJDc8!O)0O`5(J@!hbSr&Ku_nS!Vu3ajH_%9;%0Mdx7i|pQjx3)~+Zaiq>hi}I z+He20D+*P5D}FaL%M51#1hW5x0L0`{Z~WL1F#QUGnIb{XPUHw;!dKcQ(c)Z4q|FV@dB^GcU#=%7KUsR6&wJR0%9b=1vo-CPt z5(w1k16}vn^p3gNedNW_v2Oj;rbN89rmLop={=4BqfW*Kd-FL_Htt8Qthd;62R#L( zbsPe>PT$|CDQ}e@y$=uKWkQo(D#xel|i+L7?+SXx;Iq zUO^$%@ny<7IoIQZ;diGb#M!-9rt~Bm&KzR2_O@}~6v-U;{m8s(=t~qIt&h>^#bXO; zaXo-X?3}%>9Z6EDIhL}Od%nMCU1enQgZER62-fd_m>rsK3ffpMeRbELRPuy20x?Ex z&D#FlYbM46-Bj%+8!ye~zb$;%Wkzzlv+JS6U%R5J;cxvLw?Fy3ur=em7!qC?%3XMA z|I!}~&Vz)U3bGF7U8}?r@$MRBlu44Tnr&xBV%n_c=fxF}-6^-)%XC8R^jt_VGmgqF z%2GjconD3?T!~Fn0EOk!_?4ioXtJ!Cn$)(ynU~`*Ew#S0W*Q}vtf{Om**K91i~n@~ zrowU{k|pb3yJox(7hbjGMd0TSgFxcZ(C1ajNkBg|R(XYIRHzaiq%p+P^&!JbEcmcw zMw)|crpI3v8>uHln)+O5Csw)L`8~I5-2$GQeU+-YI$`RDE$I@c#7zE`2z3G6TgOTK zaiASdzN|bT!jPl?%;CWEsZM%l!InW{@7%o91UT=3#RN0s5+y?a=XcIgtXmvZu~+}t z#Vca+-d@u6{eq=EA_zn)1%IpG>SnE$sOn$pViS40xP^OUdJrr@T~s7$zd50hsxua!e`Ert)?N;k9Xo>shsiGKW4-KYleQ)_#>7H{5jh%`vs(m=c9)5j ztF%R?w?lC0o9h++EjZ0YW0BiB*)MqZ_PbE>kJ%sTJ9pP91jn^kC$99LT3Y;_5TRUO)|Es+S@A7}INbZH4N zJP>qi`^gy77mPB6e2y84+*#wrj6GES%x2|AQkIi7kaWnopGobD9`)ue88h|tzvLh+DQ78yRiOSGNJvWinu{@vZLNo|ipzMeC}G9+WNnrwM=#iSk*sOSiSB zK?5d60;*tjBb~dj%fEIV8Ql6mQ7!Zm+=Mp7e3M52!Wih*s0cBmI8x%r#S^TYdw)rF zjP)dZXK)=pBe8k>gNNg-aML(ZmAV71>#C3t<Sq)s-@K$O$ZO)s+FyDI@9Zj}N_jxB9i*Lac9A$@lR2gP4tM=@zc%zA zyQBj2{A%pu1sx;WTtT4E67aXiR@;;tv~%w%+kS{=&vu zR~q-+`bJL1Kf7#e|CMp{v`v)T*IPC6sajIgP%PsVRLtV)>8hq zXt0od|BK&ddAegwBRLY#828Y?h)*W(Y>n|*%?^l5jB`h^8^_jDVM+jTQp zXx|xLy})*@RYSNzlHgZoS~z{*sYGu?uhq9pWV=*BTB9@>+&b9Uoy~{bvr*!>V#}U^ zNqN7rAw(kAXUuCS$<`5TA?a^ul6G8ngRMd9*Rp8b!W9b7Mb-<=n5nL& z_%(H2@w7VD#fzzZ2R{0>?|TD09H1q@**Y@Rm%|qL? z+Ub&wVMxNSne3CMfTw|-tT#K!?ABy)Y~%z{Y-tg z@f(plDJ-`XO(Rd3I4{gMmb&e7>Q&yUrn6MV2KpL``S64fV{Mfn&k!rXm(*Hf=tYis z_kDhf{!uV?YhLgT0pa4U+8uBeuzuIpC zWH#3O9;~Q<;TumvfRU@gN(EYYjyzrO`AY#NjxM})6EK{N6oI13qBp6N>#x)=DHJ}P z8x4&LJBXX;^>&UQ>MOob=^5~-%+`}O+A3-2uW~<^8Hj33uYEU)BgOi*lD+Y;02mK z3R4|A+hI*b!c8S%Q>X|%@*3sa1NwN)x~;d_gdNO|KOs-q=^pD6y06#a_FGjLwIyol zJ?gZVi$O_NeXzYRr$f~c%;M_q!VxXNB*JuSrE1 zvI>>10)4C(o(-js2m7VWYdH01m7a0q$azd-<8DKp!*Lz`dIg5R6_uxqBXqC)ELq4z z)Gj=HqJ)gh-#Ea9Z*0vYMKq>L3z`uKDoDi)W>}ji1*2Nzzh^OknA#Y<=AW!X(QPEz zhQkqbR9&F$eJEON^J&B{xV@ipT%fgS7>C4K9|Vq>;xnYE7{0psOs&Y>%FOBTF)A&3-oN#c zS410{EHUB}C01_(TRv0tNRxMHNw9m0B$U5!_Pi{FMDKUjJED=!Rz#xE6%s`mZR^7wqI}A{^ zKr1{!(QWk^1&5i)rvXX1$4b}h-xn=X0E0Nj&ex!)9hAF1e9|IYiY_B_%f*oE&L=j4 z$%HRLw#z@!yU{h*(ETr>ysf3>zaMP=M^v9f{VS^Da{`bvUwPNKX@0{WgvFG>X$i>3 z#65%1wp1dICxSkq%mlU@KJ$he9HufF#`n~4AI@;tnS571LmmS%5EO&?&KtZuEi$>L ziadTR!;?-10jY@$pUi0>C=a5tgL-1l1E!IT-axA#|MtW3*3PNGFyvHz-`SVls{c{_?o{=IX&{^D39Der%3Nt0!eUcnce_+}Sc4Fd%@%X%GJ4akkRtReN)88Q z!_y(P`yNMda~fvPovO}=2V@Z;2b{Bd?E^|j5$7FBE&i+55EcLuo%qVryst$L3@_?*a%uHJTmW_{LM}% z|Na@by0cvmjwY_D)=HIHfuWT#0q3fB=+;}mwf_Vqa! zs+G2&d|WlrK+f*ho07#7Xe}gmSP#F?*NIgs9jaqd)Xi^ov)=R09ivSWa= zvHY|2M&}q>j_D7Z&|ZX=cPBF`UN-Hi(YC)2zOuLnzwy4u`7afl7COTm{`|3ChL6)@ z(iAPa5RNX9LQ)ffEP`I*9!31P`is_X>O}Ioz3(V3mG?Nmu-jqw+^N_u=umZo$@SAi zFhR19S9!o#;Nt$}SBG2Z=S4^kcG+0GnZyP@GUw*iGjoZf3E$%!3Hrh~cPjRqbpWjX zvcKe43yJ1VY0H!=#RFf=OVcd?(o4l5vamQNWChV*|K3Fwki#u@eV-G>1>@YQ*!05C zCovDk z`ET{P9~D|(hqN#S|31NBes*|{Qhe#~L#JX2$QFJw_&}jP*{oyydd*OM{m}jk;@o}C zf2z+oXaFP_F^bzSh`a0D+R*@Iq>@$H;R?D>%L=x%E%R8A4A5ITp?|A^HmG~!Ue}70 z(|@YZDbTK`jv>)=U&#j(MMWjjZ+tt391>$~lNaaNX|P z^PlQ-?G5xKo{K&>ir5mrrE*X{I7w~R*33x&z^XnxNcrCj3+H;JEk4PQ$F^77F5Kr- z{ZSL{)Mxf30PLA~Y1M|S70W_0ZE_Bhnk5F+bTd+^_Ik^#T6X9(vM?uC}$a7*9Q=DKv%ggDO)!)@-*gwkYFih zjrT_ra@~6zUwsD{=T0^5hU$%mBdEXi!n-{?8&3x$NVQ*T7+eRbY%H5$gbQ;j7v0Pw3U#s0y<^nzs@4Rc#sn!}XYB5J7Wr)}5l-kZ|- z+$Uqo{}Gr=qCfv$w+S@O{iE94sm9S409d!KWgdZGV>SB(Ly zr$2FCK^Tj^LUh#cH_C;nNdLwyQqA2pFnjJ)qTH> zVJA8-Ae+5TVm1r%kSz5`H7)TiVc59r%02%s^Pw=6wOli{)lK zpZ8EJ*ALzw$08jw1iqP@c-`&wB+j-^_V2i)|4TI{IE1RLHZ`)=QxT2b-r;T6Bpi55qB@-aA)i{!2CfSqVU5Sd)`|LbR%HPnO4D zUamXns7!qUAk8TJV9~w+3S0AnNV_*F%1Wk741dQZ<4c7Ao3A^y*Bshkko$RxW}X%D z>@5d%mSt6cH9kSOs1LOh&K7Pii@W-66)(B8EW@|w9JWoTtKWvQa1Y;@~0Cc-^Vpzxo+M|7w5GOR%Ta-o9I z_lNlL8`-Q|{3%g{ecxqmpkA&22#H-+qg{k?ZyEpSg}7dwK-xV{@M=N(0;)}iMl;R#;ci=gxz^eEk`SSaVO`s@ee z+^Ns@FQ9!l09#O1-D4KCP))R3JtEEYc6T3WFP+AgbgZiGx5fB=)BrLhPWM{glD{0N z`m6`z+^NsGD^ULx@9Gd ztQ+UA`dkI$+^Ns#j?jLqt~Nt!rF1E!a?$orf%CIivBT{^HiN&91D!b?YYkP;z7=BF zLYo%y^LrdNnkg9PPJO=2gZ6vIcwb;9e|C-_HlXT=xA??T#t-dju!t|M9M$2jI$YXP z_&xPji`>Fb|^Cg(hBlhdd z=(nlzlGOvYahxZCga`_yWe==SNDr zsD92@cjOc*g~WrqTL%rEPf2})iHD|1S5=f$?;v()S?TQY>7t4-#O<_2i$7R0ET#){ zq7EAzuzyQ3qh$^!gOiAMv_iO*y^%zwC-;CcNUW%kp*D%nT$Ntlp>HPQ3`+!_Y#E9xb6N~lv zFl~J)`S$h$`nZMcWc_xtNNnOs`7dTRoVYDJrKeaDKhGUoX7bkF~b%&)Txc zkkRNkX(&a{m8V)J8)6yBv_NOxF!~<#5=|ue4t4bPEE6GZd-?m7oWe>zlU9W*x6qWK zpyk`UF=)4&5G9saX>u=>)PH<&2;lO)M8MkFRZ1FxfVgvmx`co!UzW~NuV(z{?qMH) zpXl)gIXNr>B6!Y<%anofbH=(sEp!%g*;!T=u3^fXr+(>mjOQ8(xhp3t8Du6VHd5bS zDWT9q`8T<@qEY4E7~bm>=}Df}uhHR&H(7fNt7i+(D$VGhqvzu3Wza5us1Jg1ZJ1o| zUQDHU)sy*Y`JVZYFC)qK4>YV=59(g++d0+<9JStJRy^tL&2nz1!SJ?7g^p9gj@*tC~FzL)3QnI|zqN2Kt)1mnbwg z7;Z$A`Q2703GG;mRaV~?n{MMbEa!z-$J4e(VOI6u&Htuwg^pCCo^(AHT zKo4a+pzg>d8K<_!NRVQ+JwKw;`%e7O+E&2O>#%+kuhrZMv9vOCbmAL%8qRK+K`?^m zY8qSX|FZnDrQ}v`Y2J}U+ToP_IXVKh!`m85=NZ+&X1A_6DN1QvOxJOwJKCvylBmGf!yu_32j*b9QXqi^4!qkGTu zR<`y=4U#=sQ?N*vC+Eu(MQIox-#MJ2w;Y~IsMt?KKx7#t>|`O*~Wur_n`5usTv9%@*zz-UmEul3|C z!nyaaKfcsm{T`^MbQjbeXH3xuM8j()$1tfQ0`s;DMxn2E^Dw;so7^7XM6YVG4 z&y)uDUv`}ICqd5dIpGRoXw zv=?0{2XQo#WKt4Mg$U{&Tuj7M)tU?Icq@f&5%Z-uF{l}M)BsCb-goV2I z2y*rhETfaMJ-nQFJ%XDO<|@lCbcJW|glAcZ>|^xpM*PzA(FXpnQ@lSrc?xAQIodhs z%WcG?eDfy{B%j0Krg^QXUSxn-(GbJ)G zB&YC&QLHkp6slkUJEA|IelqT_)ZG-FGYgO4xB>ka+lNK-;_=l(FcqKp47S$i_N15#Wh zq^3dUIXed4I-Q3r%Ed&_9$)6-rX$fys=^=PQGDn>8K@Z!WR1*zrte}?{QvZD`ZLTO z-7;R^iW#-U%17kacxI}Mlq##l#ER1dF@P@ah6^soV@ig@AlG5p zIi9*pozz=P(|F;X;XQpfSYIVAi1L;54O#Bylm)zdXnZJc#LMVIpK7VRehV!WX72GXD+ zvw!qCFpkPm*P?*V{OP5`)r^%^KMw6-;syOM7^=q`d@D+SuK!<3ru0C`tnc9Nfk80o z9=4iOPv(3Ma&ygCk%-&I$mFo!W}pSB zG%vc48##QoWI;`w(_#+Ng}lJ(=Oy$Mj5by>e@|HH?mX5V-%m`i7T5pNQYitC;GPy z_rr$G2b@$K(7lq)YA%Jlg(`)PSRfRqh50;z^!?>D$?z2|md8$7=o~u-na~Slf{!KZ z&`1G-n?v8HulzJz)0IVFu$!V*vqo6yradQEvWwj$ZTp@_RH)4$;x+S5-f87vp(;Qd z7gFF^_zlEm$j;Q#ph7Nsn2X)5^G0-VNfS^>4N-@(O&;Ai%fr0<)(W*nto(ugd=Ivh zmU07wJzgR-H;1&N<7Rg87WqDX%uo6UURKk!m`%=|n(}*@uHDWFn=Ml!S0@BI%~uh@ zJHBs@v|--%9qlsEn~lj9z?0%5aNZCc{C*OBvmk~a>_ePRvj&HnXrJeJ{Q zvhIae2ImOp>7VrK-1i62W)le{m<}c~*3w2h1JuT<#!v!<*UfxGf%+Veo8z%9rG6J8 zq@ErYwz(kfBH;sQ<9$S2ssn&pB92;+K^>Ec&ZiJjhO6!UsHHqAP*O~iU3VAx>({nh zU*0i~wWK4Dc|6F7+5a5_Nl5}e>AYobh&`%aWfEVasl7m4s3$<*03}K$DLxO@(7Inz zGEA8@bq{AsTmrrq|J1!6r&rx^0RrI$Gg`ULI609@dE&Beq}(ndA_JtOu&2IwiQGi4 zKAkbnq#Sa6UKywcrt>(xx&%rm91w=U)7YM)b#$lfK;4`j6SV0Asu^&xgGr?L5;eax zj2HZZ+7?$9!0OYF)2p~`0C{?;d1*R`qT(4EeR}2NJ*>E+p94zAJ=o%Yi`-unGQ_M~ zsbNYSw(ai!;O8-Ci}3pc}H^F1<<8FvIEdK;@I9ozvPC0 z-d;U51UUbBlwO6j0cDkRb)R4DbLxQ#*Vr5!lg=uOBZ5E~+$ia;>GxK+J}}j_))HrO zt@UZ(sZ-uxPkw)w|C?S#A^_5mkWF3X_2s_v1OzhJuXX0;BeQyE2;rhufjW-or z`*>MZbotjzYPC8Vn9ifrsZRkY>*H8O{Ywex#zczuSg6EnS(S%54nVfiO0?>YP0CY8 z=gHmAR#zjxSf;_x^P|-1RWvB;8{667b~dpKh=w55zcDCMo(O6Vl$EmJ@+1t$+&m+! z(^;2+G=x28mlVv;{@V}`ltW-KopuGdrd6YV}04mXMoqTV&#Vsq3pmS>-@2=vwU%uT3>f9f{@uHzS9`b3% zPb)IELa2n8oRcpA4RkRwghH9pu&_of zKE6n3Q_B|o)CK0}QRcC<${ewBh2PMcOWH_e=J%8#E!6w5jp>*+Fa!p)Kv`$3aCY}%O-nU__-k1E zOWo#goxs*HG26enUo5af1ZE(>p1tKb%FN_a{~%Ip8xZE52Ji&D*@dvX8g>eGSu5n1 zwCd(E*I?_0nC;)GQ+R+w`neV?{ERgxXJ%0)srZ4(f>!db8sIJI4N}6GT@6WMh?ULx ztJs1x7+`gGu}7)XXcK^_q0G5*^`R5I75r`n7;wp^KWGi{7|3lumuSAfTw<~N^Y;+?BO#bsI#;+ zqSDhUP$ZbnqqOL-Ex-?dmMzuwlMvr@PI!&FHhod=(HsNj+)149Mv_dA8#{{6i84!S zCj0RH0@Hbv7VV4#o;y(APw&#qp^ArP{RFzdZ7{A(;Q{Ho)ldCx*^6)`xPsC9Plak+ zE0dVPbRKa(OA%0}$a6U?1$q$~#+LUqjAME6mN6azpsdm_Mv+W8HkC z={(|ozb=7!AD?`m8FNHvyOtIW#F{0>=-@8^l%WWB^eM?E<8tPr84TU9FwL#V0rG>+ zW9}zZ0g(8{OlnI{E>?pYKPejcIPn;*QQ&!@HT}YtK`j`R+Qo-vc5<~!0o@PQ&-Ix5 zz4!v;4AV85Jp|_DGue&{b26QI8J3l&fGG~GMT02!AtU-KR@^2MUEHF*?{FUcJWh*d zqylenDk4j02pEE`HQlxix>tl12_EM_mseOti)X*8Gi0Hc*v|xUlA+=noGf2I1BCYfabd84hZ4n3HIxK&sMG<^K z>G+k{$BpA0eJ8K1Ud69s@-7-512aa9$I@O!2^#b&LuBQIVCiLbJA7pT(|ME@wcrPG z&i(J@H`m^sEs>iIR-G@4Df73T0@EPmJB}x7=sD7O9ka^}AcuZnBb$KfJmQB>vw%0# ziGz!+iUe!o8d5g3g6S&keyAx0hYwCK+JbQ`!J5BpX2jF%8 z;o<-CIyXX~FYJ8V4~F~=shhg=*I@=-jE;lmbx@{}0;vmE$0#=~*M9c*PexEjpL+ZL z;&qSHqE5#E`uk*IbG{ujTHq$z-B!x5&|I|&#B9ZX$|~ywg9@Zwm0s;ijVh3OnEXk9 zu=rk#J@C5fBWTduQNd9g+vpac4<8o;wum&OVxU!L$xZyI8^VP+u;>}t!6(Va<-_gx z{A1blXvK&Ga^vf>nj~}=v$DKYdSR70^q;Gu%ymtSS1;4DG(2UBm9HzCo5kq;SPQE& zu;-fTOgakUR}McczJFCb&>8>z*s(!-q*IsS%~l?JKv_A;KlMl;wMqKmix3;?Ug$-+ zH-4*S-8WO)lrRJY74>wsw(v3c#cwQ14eY{n<~@|CR-wv!C}MLKg*O|QH6%}CyQkjD zCt3(T6SSao|iW5x77Icu2aSl<>hKQ?7+koy_i+)Ry7>o zJM2K#SgC4Y%pAfksYJUB!;8t5l=6Rk0jbTG52;Of2B>?lP?ZfsIw*RbC$F{XpCqk- zp7|izejvM7OE%$D?Bulf{&JW6s%bb8qp{sYq8pXUV*5sSHTN4*;@3P83i?*hn!7gp zLSzN5+xJ!jCWs61RYCcVeraVSGU6M!s{^pLYlj(0$%{+5=cK<58tMAxej-Dp-l*51 zTGTwP&YXbc`Qs}(-}oUN`P35X-nu^7H*8{nZg>Va15Yy*5sHX!?I7>UD_7^hKNpkr zE>D8Sd{@N=Yte%O`ARQ)yZmEBrKou~DXHJbDn0GO(9+rAs>QE3S*!O4WGDKsbRtm% z3f>M%4SdkRN-W!vg}InJ_?-Q^AET-KZ7beqB0dz2fnH18=HbQ;ezb{$ZIeH~lF(Wo z(vfj-(4g9ulIizC@y=J7DE`E$_x4(Xx?jx$N!;08L(US>b5PUAn0M&di`9i;dCW^X zu)V^D_GN;mLP3f(Yh@UzMwLTMwsLK~WFz~$w>S)R~vhmn?ikN@YOKwo%gDHDJwq|59xN<5&Ao*H}wj{MT{B| zy{q>F%KNfTillb|RHSYxf6iC#T+M^8brh&O0Z%@ml{8)|!Y7V0f+!e!(M@xx{gj9{ zd>qLp#0q^pvi^;wp%e0|l}89`mTt52Zh=Rohy2qqe6~VSq4t?E&*nMt@w&=8fKIJb z5&jyCuU^Z=o*b$4AG~`+8TXywMytQpuaSeM@}J+5lABw@Pj!c?3-)3#-?a)a`@z7G z|M4~J#`eI2si>juEja6~`~9A7r5<;RKv1Y^Fjm~!_~}-F)MyJ;i)jLMw?^}MCP45o)eLLBdomxL3@K4=>qAH?$hP+V`^J)n@-PN07ShdIz5;YK)r|S4^C8AZZw@f2 zl=8LY%#XCBiZ6#zuI7l_I7Nyz@4750*UNKCnjEB3XDLRIr~dK9!IBBJKMv8i)U^%d zZw82=L4gr*5F2H+iLuz8$GLLdS};G#h$Stco=rF(KV8No4-*>os1ndLCPJf`lp1p-k&X{T{&1|xaO~SnUTxVDno6|-y54D&-^jXs6fiK&+>|HUzk;ku8O4wc@dT^rgPb* zP)mL|XRyi}1!Z#`s(%dsudkd39&A4ib?<0z3N`$^!;1@Q9oG>J$Kt6*Je+8=Kd?m< zrUUgjm5gQ(tZvIPz0fs`GY5-%B<_r*DIU9rhQKH^1w&{Eb72EY|Jr;&-76$7A+%9! z8bhM2+itcy;pITfh0`I_8%IHW?@dR!QdA!}+j-5g6r=C!2I~PXo zDRJjGX`KpBamiT5s1yn^rSTX-joqFE%cE_F%cjKFb*i%O4V`}x%vF~9D^@}UaH;E{ z#A^jS-+FUEfACbESA;%3sYz%YGF;~enzC3Nj1Pm&%Rj#UN^OoMK!ZYj(X1*jAb5ms zmU%2yyGQvJK(MQ#t4Tj()qXmaz3J%~rwjP17TXv#;fud0v{9%C(MrpK{FeNfC1h~w zm|C1#T!~Qk-S9$)#Ya~$Cn=ngDhy$QLi?nn_FnBm#9VYK3aYQh&o_WnVOs!arl#I_ zaG2YVk>iG`H*(H+b+Lc?MtF^+(jWNd6AWlj0KH7IrskK7T;q734?WsFm#O(WPm^mDtLN+e%sgmzcspqd-!2j6#j*Td;m_c_ zl0WC`uheF6CDbkEcyk!PYt1`(hk^BZLe(S|af~>*x!f+>o+|agX7_YTP|bktD-H;o zoE`J6_5>+p=rzcUr`qjpqDuqleXafrCpT=-cz5=j`IB|8H_AMd8iP~6qPK)KR&cZ^ zt5jLkJ2ac$Kf$2eEHi@%8YIGUd4o@+YMhnY{jIozCJ1Z&kFRTC7_ijlDAc`pVo+;0 z%lDDbBT|@HMEA3Ey?r3mKYZZ`&g}A zdOR>q1GtJLCkNsqKyX}YU z0@4*v-2q>_e{;p8l(R^}7<^J-?HKix)y4p^1Qem;uP;B{lX@&%G zo4uEBL@mt1-Tbo8I%?vYt(npHizyLyz6$9IMU-i(%4NY|yW$#CGOWIz%Wq{v`t&TL z>Gl85U7vKrf`a737&YDhwD=^(t2A4>2sYx%`=ueyF8|D#wpqSOVwuT)`3Eg>Z8X+-JKfK{IKX;+G%!6N5 z@6!7-LhD6C+ZwcTYLI?Gy`f=drEg!~Tl6loNyFuiue`;`OYZliGAK0LSJKdn?ns8e zl3pE-NY|Sr&t@bOSM@AG3QZ3Pzkb2+J+KKyH<)&5JG{O$kX-wdQo=HqPXp+`sm+>) z)aIoU+#Rj0T|=B{>?tid&V6Zjf$_r94Kpzxw_c;TYWz2^-1l@`6m-_^vw4dcR+mrDe-q~H!vKl&xzRYPs za%!F`LTahvN-=Nu&WwTSyRk0a?)J!&ek-hsweY^Z_l8$Fm~V`FK>#tZK;GRw8zG5^ z4o823gOxy)YT-4_6M7B5s1hwZqyd^MQDL0iA38!f7kvk>IG&Ho-Zd-LU0gL+^h4-Z zfT%3~%cC71c(if>JSZp4Auwh$zA@H5*-uDIF0ll0A*VEzw7%jMA4^Q5oZULb zz@Zb=+H!6A3aQOd2yTKEW6W~4J+)y|L?Y!62no%_Ou1E7OOryw>u8aw->O8NrEHf_ zMmI6gmFJkGap}nXbyV~C8(l<7WpeqvF)C#}e@Wx4xm@*88VNklIl=9`pp7?v(b!^TKmYwM7`o;I!V`-XFzUDMM|=^Yp>fx;%B;fj7#N z_H?kg!LjEOy>`>0vhMUv>(G~w)`U92W~2aiVCK)ctxl-SDX2`}D!%2+1mqixWpBk4J>i$b7O+Pr0;tB(3> z*chefD6gnXL!fA64hok@QycdiNts#l)OJCulhO|-WN}2H0r*vaWX{oW7teFzo0@M8CHgh|M!oJPw9JCV z%+%E)_4!5AG98K21splkwkttO2`0VO+`18lMkxOGF?ESAD%-xqdxv}1bOjKoIH_pi z`^)NW_!fg*d!H_ou9R8TFxb$j3$79Pg`XCkz7Ne7VFVe@N z31D5@bt5{6ekRnkkW}2W)Mx=A+H6MVoFi=Y0pz)Oan$3iK*lTA0 zLXn-lt_2?rD2eHnIfW6CzS|06Tj+7KyRJIle+HBg{vU+fxCzSYFG{p@Gg>`*CUzy# zsWeR7qi`h&${OUbgi2oc*iRUD5hG8c2K)5<)C!_zYpXUY zdeWp1O8_EBo?I#1Gl|6Sx2UTlBz*#RUct%upz|2v_6-0fUeS{)MJ!U~%ZTA^-5}Aq z{ws2J099ezHHZ|aWR#Az6~}xz9xuDieet047~!@6kd>K`eAu^efE%>KSPgf8M7ZvQ12ro~q z7v+F4lkZi;HW~<5Fd(ke2v~s_oK+oINtO2zdQB+-Mi$=>zV!ulWB616*2I;1oh|o;eCW&pZp%p`T|0Mv^y;uuRpW`joR6O z|3zId(BjWsz*%COuhserAJZ}eLB9h9lalDh>pXUi~6fr?}9Rqxk4 z_A3&Uj)QhRDh(owI3MFYyq-ldd%J5J4W{!5y~ff2Q9yy}xNr7o$1zb&b#KLabr2O5 zVu6xjYjZ<_-WJSKexbAs=fq;Nq&Fh+Y(?ab^` zP#S_-{GA=+Iill|KMA=lD~9_Ru?LvWBlMb90~BEc<}X!5YCdn-CyG=$AlRoi8!iB) zMJ30UCOMnc_tO#z5V2u2a4q_AlKVmL05CTy zsxH@jsaR|GJ(cnhc^jvm{0>a#5qcG)074~{iyIe$Iqu>MNhA#lR!?Y>Ef)YJ7|j3S zdvLz~dmR42jX2q5kLq3(Fr8m~Jio8Qf1{F^#=xBfA<<{$xnI!tj( zgqbAZ(fB69d#aKDWM}I|GcK5)YvBfP^!lO*2u(n~=phq!PetSZKEd3Bur;$C4@7z_ zl+r!nyKD?2d+FI1JVkBir%Aw2`D66zehSKJS>6iD@@<`Yw zbVA$Ui^5WzV-Wuo0@wK)y@EafcjOK503sWL`&+I#L7IA=~^#giqPnX!BRDNJO zkI?H2AnaMR(Vgi<``)XuCZvvl&^}WrrzswkHR}MKbn^2{cQy0ofpcl=s9aq%*!})E za(M^|45E#!IgXo7?A^Kgl9nCc`xBSmbOb=<)dY-)O&lEWUt8V;3GY8wDM|y20zO8s zvwQ$rT=Lnd+=~vkJ0PA zCx903DQe5>BH>I+178<@ICFEAtI7ceNaVQbMC7&T=l#4RR*b*2eJvCHcjWS~LA~_= zJWf_quD<8PVyReQG@9D$BR534iUaOCcgJ+Dn*=^tySz#04RtraEi16!>v80grw^1> zAgBoP9j*>y=xe+-#0}KNj%ERVMMdN_7nAh?u9IR-sc);VV)n;SUOya{gxlZfmGcOA z!emg&N1*R}T`3>k$NTJiU^#C1fifLQRQ4=8=`lQo+;n>MLuygwDDJ^@9--GjVDNNO zU(u44a=zfTj&(VRgxUZBQ>6=d`}~n8{iID}tbFam>JDMhGWYq}2AIwx^a_L-Gj08- z8V4Y%c!$1A(ZV>36NSNjUk1kR@+zrwn!fPtuvFz$4WV`VLaQPNrt=8BTIK_-pp95U ziF!I_w&{9yGGwYdgRZs!QWjx(s$qA`?D{blH}qI5Q`Mzyk`PSi(e@^rA;8cB+6p%g zf4)x}#XjvS9kNUd%XIz#*iBIlW@aRSP5;7EZqCwvIat68J~;T%{w88T(~^5kA|95x z>k}V^e zs2!ylRDPMOqFd<$0p*y8#q*UwZa=k-6F;-2<#)B6N55MI|3$Bl1_#RlTM~Q;#fMMl zy2F@BB;HoNg8Rk!f_4&UOk!k_uGftiAkMp>+q@rF=75a&y>9%g^9TjQI0L`1jddE6 z2usYUCf92lnDEHOSq}?fbvrI9dTH$gC8+#7j!ahEx65Oq22AG>3QlnYr6D5R&iP5& zDjIzh(XOh#zbH617HDGV zui3%6(A=7(<<`Hd;}{C3_eQcq_&@IID9{@qE!ERt}WaFKXM!z zAi#VSA$#6&Ogc?8efe~>V~~=lO?%(z(jd?9tWJ6ziV8VRP&k;%lefgbd~`x6SPrem zR3!anJ`JAuK9FON)rf^}lwF z+cm_I9+l;b!o?!C40iOYBzb!rjr|H1$}7;d!-1RTDVL#y@4FstdbxtwZzD0BJUlv% z*zA)$Og`A3g$%6`w0F~2%B^Dtsp+nhc3IEad14b2%2S{PS_m!FjUl)>=|4B@-)|Sg zp@S?g`Dc6iga7q4FZ|#uBMa(|=a*iI5#|R{&B_7W0_)d)odl;b9*oy6FF-IH3G6!q zrXRbN?V(7u`4PH!>2)A|@68X;PWB=RaV#;^F!L$S-y;PsK+ZR05`w&y2A8*>5ii}| zZlxm##wyO|!0axUiOzt`Q3KjjRP?z9ljDtiacQ+$Nmdd2XFf!}x!kwz`QvNWP4xlQ z!RG-3R(s1^mv$q9-l7uX?!$kxaj-4Z5Zg9;MZ3CliE3gLp2I6ZTpE0U^^+X=zI*~l z)B^R}$JKc<<55LMy^$iqaeM!|7f)>y$X?vC7;u-qQB%HU*B!X%b83o3?<$@<+%jii zwM3*5UT2Hrz~I&aT}miwBye!djdB09SZ!;B&Hl$1hmn-b0}^v^hPq=EF}gcYo20wM zNi?r@hup@-o6gf&*GFLh0x)IfPrnOnb{T6dIp7_Cw_)|ktx!0gKGos1jLZ}a#^Pn1 z`poh=ZcH#e^$j(*ho;om);Jb^I+0U2Lx$(Ou9kh8W9uF&2x%F95keU}<$KUJ#Lz+f zR_BNb)VY2I294h-k0vet>udZ0iS=+pgK}4#Ffqgu@bue#Vdq?r)pH|3zDY@@JS$(% z*tZYSn2yAO0U)1}&hi@N>NNKVIYcT>*BcyzJXZPi4x?tE-C$ojD>H=Ee7|5t(q=N9 z3Lz36Yv8H@VNC{!vU4d83XBEE<9;_Tt=I3#c(QSdC+`{uCOawgUgF!`?I$MpaO{G zO1hMMEu2`d{C@6XytTTx_lXXAnL~D($Nuu_7T+=IkFURwSUx&%eQ_!m9xcz9>Uq$L zH!La?N+DpNqmFuvu2_%~RdK@1wxy^_WociuVr4#ua9XH_gamzM9k7HBZj+~L$UQvV zpAyD}u*sj2*juhdu*LjpJM+BLbnUYwvsNX1A7&NC(*z{O#=0*|`R~39Bu~Ydv_$fd z4^~R&)GW@3PRr$s#QgDPB-QzV#Kaw-ZqZ5A-|e8q4_{!E8^a$-2)d45Mssr-rF*Bt zCQ{$NAh?C4i(opanZxi2eEUJCCkGd%(r4hzAmt0RhClb06{}ds0ADBBahE-%*|wp{ z<*31QPgstDEjyeEL%YkYl73t7jso4iVb8wTx78B%UA50njda}uT>@1jwE`vT(C{|mS@Q}aKBx?(Kx*Bbj z?2F*?GGbTQTrb#QI>7S@m8I0o@(;7gHGu^jqX6Gw%5`0fdP@sx*~$r+JTrvAt&sG_ znX;%TYqYWsSB$-qwc9K!xg{zCB00Fy;?$Of)YTo#KfbPo+aHivKmmX@5!l+?4#{I} z8MCGY6Rv;IAEFC-?@@*9tI3Z`PTRymp7uPCtBv+P>6!X|mw2k0#2MPL-kfX`|HC-&<wZJ6)6kv0N9ID}>8|BSvZU_p5|7@t6Rd=XM=^TDoc<#h-{7?thXZ|C%c}hPby@%YYE~)w^Dm-_&#a4a z+nTSQ6MeMGXIA^AAAlQ1d^e9kZRFd<$4pV<)?St%8LPuOI!b_#wkSKbv9L85q5}z` z75XAFWKAL5vt&i}CZOiPFEu$K6jiiJcv9DwLG|a=!Rl4fhDt8ox{GPXf6-6a1N!N& zhX(~j>+_54UX zJ9|Dcpd(#(S+svLa*Qxl!hnFIvp9pH(%SwcU&_EMP=}^ni4&Xo!?+KdTXP-O{}zH- zPpNR=$7Uju$!YxOmwhT7g2C*9(&UN*Mr@&_@vB!>C>Hg6YS5}OB9vSVQKj>@=-gJ6 zUyBmjmJUNB2;+8t_|-`bNEsgusUP~J-nqIMl4Z58GQ@Rdw*{0)l|vFUmW2?AMT9Uc zQMdDV;1{}(v?V-~UE)0}x*{U8HhJ0`6RC6WzA|gZU!_{_%|R)9M~S|x==EcyYb zK{`L)PHLE$B4EpwiQS~A^h$O2U)MloNDG~NIuNH2*4HGl} zTXXT=W+0c}3L(qO=`|SPt^wcR=#=Tq-9r+BSJq1?ff0AF2VoIFc< zvT=HJ@*jJPmD&jza1!j|7%kz89Wl=*g)`)F)z;?5d_?VnPOB)Snd3fD!tJCZd|QwS zgVrv*x~AazT*=T}mr8GEz~&$87F>{9BNsBxu4Khu;`TH`)|(ELHJq@rjTW?ly5T2N z+1MbQV`#wxv~ot#kGQ|+mw_-VRjazTD`OD!sST4~ebr08r?}IhVCv#9Y8u#i8km5W z&MZzV=-ELBEg@k33^`E#mB$#|4s5{BM1PPNE9@Tm#MZ~xeOK!^vn$IVk?{KunQNiC zwW~ePUZYpliBZ0X3yNB-!|4v!dNJ5az>MqwVz;Ci)gna$M#2xGrM#_E4xV^wva7h? z_H$LEMO@G>t?kG0Ovf7E%5w~|_iX9G_>ipEW!cIyJsTxQ$j=iN@pJCvOr=wJqkpZm zY@?mCNpdI}vxZJkBx(+F!neK>q^6C4MP_9dc(ue3x|wiGUF7n;hNkrxJq$^$tYX@W zPg_!VEh6RO)plqNvAmt5p*yLtwY8xwDWA>nKZL+@qT>HT5s_(GyWbyU(gN4fx+WL) zX&1l%)s%M4uQR!W3?d5`k|b;qhl1|hpro8a)7TGhFhWeKNRSkaF9^i01b}b4KWs&a z*GA*FOjaG_AzZdbcPlU`>1_!-LRVGwa^mN7!zA&qOZzR@$v|^;1%gz5T4AcH+jQ7& z9~lpea@g;&KL6^(E$aW)`F9g39AFb5lS5GpHEG2@CZ%qB&y4PGK@Mi-z_+SlEDdvP zAL%>inj+$E5FA0sULTlFhu43`YyLZSZS4st4M}v=eJG+aecs3_?U$}l6}DN(XP~z5 zRY=jRJ@`a`bp}TKgQ;2*nkX3S5t<|W{M(Q5FZeljTkL_;6W~+QyIm=yyHv_Xiwlnm zZn~$Q%{&w6fq3DG?|4)02!|#R+5kD3J!T&fodzhZx7z|Idvd%pfu=4wdAK&{@%mT~=jSb1`|^81v}mqeM(Ea0k& zFjpk)#I`T)9wDLEB3h7R-$c{^)A8S@`K@D8@U`H02;!5L2k;BS7(OFtfQc<=*DfpW zGuPc>;MfGNs;pTljZ|RYtP=y|QKG8UseZmLFr8`Y|7@!F@1|(4yntGw+dG4&n037= z2@1uMO7S%J`hldNtOZF8I?~1&wdTAacdV1PpQ51ENpKw&)Zc#2p6|s)+uv>U6?N+no^)9eQ+Jor@wVjUvZWs zU1gP;ZUR;L&u=E{aGNW$S>u0RG?K>34~#kj=lP&2fRex9Obb>z*J4xXrp)~_SnXG2 zTIxTWO~z~@M(EqT#cDqW{xiR~%hKVocs!H?!kyaI6GE0H_%Xx*E9m%LbI}xHm7|OFRr3@9BIh^i z0)UkG5qgjq#)df%bwz2N=&IpiS!IFiTtocUQMKn=#CX2vjDZ1A_i{8DoWzXgvlwk^ zM*NZmyFt+=P*x)&WD*_uvz>$>Q6c?4A@~1S@W%IFVvXfIHz@~cjoIei&U9ao9Ij*A1 zx|MpMRh7Wb&y3QK-#YIjY_1}t3k5zG0E{M)fxBKCUPXZ%I@IrOpv(2;b0EH>`h}er zBiEUBP$;(MARrAVS8D(cT<2BWZ=JpPS)c9MAssn@dTkY8md+V_3|D-U#NN13R6cit z-U8z0!p6*o#S94qT1-0JiHhA;!DC=7Ok_rz`M1t9-FKmAOa+sqz<6lEy{0iVpPuk- zj@0g!k(!$dl+!Ta>~nXew&N@?4PodZjp3wIZhEygfcw#r|E+`aom&iZ92V(g8c^L| zu6o%JeNUM_mcpSWtm-jwi*gH8-fk@C|rgF+7se>ybCzMo`WK@5dVocmA5CC z^Y0Y&>COV#oncUTX?X6fact|YF=cQ$-;-A0SM+MXgUYs)IxH`BHZYWvs`X`qgaq?5 z%krPi6txh!Q+B;hO9@qg?xA`)ivtuE8i`WTZ`@ongmJGg0hS>L^`r}3GPRE;J41do79d21JZqfd9~u2-lCcgc)GnSbq3|eRFc5c zn(3pO%WeC)LTS0{{dc?gsO>Qfa2=KL-#Y(pnwt!4wyos57iQjWE<+pR@*WvhmL%1D z8|W$W4fO9|Ok3^jzbJ|-(G{X7kMPd`*XjGunCacMdG^DpaTziLpc`dh`F7*zN7(x) z!SLvW4yxy-#`*v&9O#Q@_*K5SQ!nIgxpm|+uPsmlrZdOy^xMzZ+#{l8E5XD!%)ojW za@qom9z!qplRzG#zAm-`>HjEu>!_-uuJM!ZEF$sc1f;vWJEWw$OQa+vq?MBH zkWOhNML-D^i8+_|@qO<6*34Qn|FV`J_xauvyZ0y3146xs^)~* z4_)5z*mJx6@|QC7S#>*-hK{+`LtAo6#tUxn~8=I=H8 z;wRE;h3Jm<2r~tw*S-vU;G3rr$~C08}WgY{@fPyV3E4C2JLkBCO|d8S;R`V1_IbS zEi=PvAeLII7qY{yP_O(r`V|}-SQ? z2#2|_?XOV9_%=rdh~mC$eb+}Vww$XIYU55;&?iwZ`4u!Vz!vNoOXip+U*o{}RX_(1avlPtmNyfVP3SgGN8m+cDJEQV3##Rd!@~IYESVS?!EaIaqYl z_`a`drTnjurjQXd$36|hA!qv9wfW=}SKS(%uXOWknd2!D@?DI9x%u8k(ms4Nm;!~? zJ03W1kkEI^ERy`=9zI@gL=l?f_yWS|-$ZZp(7L{l-3HNDR56N|B3oi~b!G1bEf;xO zZCXJQy0p@HTX?+?1&d93bAy3sS}xxV3>0Ubn+3w*R2Yi$3op6NvjRJ1u9A-;l-?fW zxql-p4dZj_HN|LJrpXS#v1x|UT3(gYbcxLVC;&nys zX8Kjf&M<`sd#EnUjWtX^S+U(s_40scu$&ocU7J|C5YBJDq_;oAMAMMWfgaxYsG330 z6(#W(e`P$X)K^7>taPBw2u7bqZSrX2w{a~0da6NZBe)n3#o5AfgK++}O&KIX|lV;g+i(WxZ%x)ih# z@(3*VxO1`LE@#2)YLrY5nYw_=*^}OmdKmw3A?|K1IvkJM@(VB=$I-Vc4GDb>cdC2uhwE3J-`pVd{Oow$(aMWx&`E((~f< z>WjxVMUi}Tu?v*26Ac0bz}~5mJc$;=YIb%QFy%G!DsqkFV}Rzo%7$=6TT<1Y6nC(L zM(g<;Q8Jk-UmPaP0*@nwHA9{W6R4VlHYd3nj;Lk9r+4%-#-+L6l5l^SXhL)TKAf+o zNR-spzcm{)yFq&i%(+L$G89!P7VQG%eWp=LUMYUyT$q)uO9$e`_4p!`3Q-4-%J~Sa zLvePO*C6tomTK~6O66>?8-n{e%QQc3ziqzhtrPF>6R2v5Az2t{;A$fF*zEwb+C>05lM?mkU#QFVuQr~+^70LB2*FHQOa6ju2 zFmvyX2Chj@>0nQ3DW7&cBJ_ZgXD>qnBG1_0zdEOtJY1cijR#HOG8tm}haX}Lj{HB@ zAKB3=Fy;b(%aak_cS>rC0Xd1^e|`%oKue&78b2d_kpCXS;cn(pOxb!dAZ`N&scgUI z_+_l_FLrb7e4{o@>UR>V3UZ2~)Nez|`*%PzwOA+0J@PV}u>eY*BX&Uu=gs_Zqs`KR z%^t9uR6`D~g=?=8P4Pb;K37Q#y{66qIhKk1?0LORTJbLOLNUf7L7OjY&{Lo|--!kw z9NvgFl&NE6+UMXT<)h2Y2ct)|TUH@q{XyNLv0Dy$4))<@tNrhgIA=@Rh#$?&TFn(0 z1cFeU6SIf5Sn($fdX2rI7un#w@V4CM=1z;DD!#tW*F-c^M9F(1476C%CNoT)IqOfA z8Ax`pq#Dn77NBzWq)(rPLgWb;4l87qHobCQ2k(w&o$s6O3?`D+mDILp`Qhw zWO2rBZb08~OEO1`R&+9O_ao1ye7yAOwiQ|rKO6ZAkq7ya=O)b31d#{0A>yl}eyn$q z%DK!|8`uw6xDx6q@&LbI;!*taX?(}1ccrq)pshw5b{w?5bB=Zh;rPV_?yq%!#QY@# zQ($B`8R3J_pU$-qmA}39)v$o(^_{OG9`xs! z31wp6MCn568tG-tr$#$*JnFo5*OO}Z0=3ehgHKz}@C#c`})JW#RuSl4gTBY!$*z&`j z!)mf#Je9l=R68^ov_&Ea$CT56tGi%U-|Zac4R$}JUn2>BI~$gw5Hl$OR+X0?(8H4p z><9k4E*Xr|hkf|sRfFi}V>ct>vzd`&1w+n$&O|pD(=R%5mtH>0s9EyWeeGQQ(Jf>bH8d)P34}8&37z4-G zkLRY|?8xwx=YFNON8btu8TQSuar! zQBf0^#wA{Ti7-^^O%gW~fenw&xMvEZ2()wfmv-FxXd8}eHDz$)i7`Vu>X=X*Qq~7Q zq}@yz`L@N)96JGMr$<$Pf#E_GU%91+e3EWM%4&^|>!uH>c##1RFPV zK11DyGNdMCkae9dsG#B@nIki%0u9&B$538a(d?XZk=s{!cR*=d@%@U z`BEuPBg5;e?N4D2YR63qzxCt#LUBAMAKLC0NXKU~OoqK|7=S5wk&Tr2WSikW?u6tu zje>93#r*dga6fO{&I^8{-GHBy%X6Liqnzm9paI2s&Hs=qb+R-!PW~7fH=O-ul1-?LW@>U=GQLpW+dTyR~ zF%96rC9~@P6ku!qWAS1^8*{E4s3>QeS47X-UX38tx$rAT~NeaoVvT z^zd!8*U`7Pwv?jCpsAxl4MKZ~maRaQ@fjbp*z5uS(MOQcmF)5Ad%@=*d8CET*kYlQ zP1W)^D9#f6SIBp!!!a9GLy`*ZDhKZ}MNQ&+30kMl!)MIp^IMdzWCo+aN<5Vv4gGB3 zM>hHbr!m$x_R&5Q^nPA~f4DdPar8jem{4WdYLBo$P2dMf?X+Ppv9=MxLa;8i#}u@1 zl}@6zuB!KcKlWc`Wsmn#zrJm7POH=GoO#A9_=e z!K+5G?P`n37ZokONUkgJH0jIHb^_G8{sekM*7bsUA|!6`^VrTk&{uy_q^7mUO%G1V zghqccii|W<{tWIz?)X2}fA8;C|F}dfL@t=>A&EfwA!Tmnn;@J}fgq(Q+xnSV@B*8^ z7DejB9MvytnQ7d$+x-5d;U{RXb@2Sh(_9QuwEiRUpgVNOEa@o;C_k+%%xh!_htV)n zonCE!2Nn417z1;BR**M7D&mM~#e3c6M~FTK+HitEoc^_k2-V47dwG6eCtu{03)cUx zOBU|30>b$cKIe_+B;UPn2+l=(TA|O)ecg-w@b zjs$7NJUcr-C=R?)B!uJW{V2Zhdp7$<7-%?U8g;08-azCpb@fJpIhFl(`xh2WVZnzY z;Tg3B)3Vac#m&2>m2PE^SZI#LgP%XXFKPufSkv|iJT5sS7fJ{)OYqKe%xl+^o@Qt70gs(8dztus@6YB%vytoSXbTb)T!~*9u z=?WQLYIDy{@2WM{8qed>r}mEK?wLsPN&iP9SaAKjq?^m zE2ZzgvJ*nx&$0-7&mrIEA7=yH^Asd@^5l4p+y9Nz0?kqR3pAZJvSshG1TO=t@bc^a z#Al_H7momkc!i$g@AGjnt5bogR4?M>}T*FubMs|xGgUlf^awF7Mn#gHy2&D$9WSMhz`C%%+LI$5@W z=GYxUufXf=hKF={+`PbV+=#Ug^%M@|)k#!@k_#>%7- z!M$-rnmV5wbg^7cvGv-t{de`|4wRon7R9X(BG2cL)Bcol@ zo*KgGr(I;{p)g#mJ_VYxpiJ3%O4HU64wm?n){&Rv)9OcHm$x2XIeZR2uZB_jimv9% z#Db-54#mNZd+;ZGWGa@B^HKlRU<2%nyPt*^QhfAUTl;V`(q5`CEq!1={ z4+fkD6D`HdZCW8XvN2Cc06V1v)7N%sp|bmx5fw>xC5ljL>?^I!k~cI zkr5b>2C~7e@OZHAM_{hehtn!iG&qV*7;yWC3k2LSyW=rF`TNGg)r_0tWJ3yy^Q7qE zT!`34>Mz-2l4RV0INC5t3BlB{l^Yq+9^#<9S%Yy1u*ThG@SL7Wz=&}m;YqhKtaK8> zra<|zWi3H08^}{I$u=P&Zpk2G2CB8NbjGIanrK_ggIAu@!Dy0G!VUv}OLoR-G^P1W z6FtrIsCS3G;j={0=fXMR!4F`$ZsG4i;4mi)Jj8)AdW{i^I!kHdaSYs=s@oeq#K2l0 zE%ggSecoS9ntPk)Rg&p9@6ZFS|2U^EK;(fTTeo-cn}cO(12s5KjJW5_t6Bl!^)=cJ zH@yk{gY+PZU@gE-L)TQWcQw`=aa%_S|3nA6ZL0H|GYCf$Ex_2xlfiCs4>Z_K&Mv%K z#&a>@$o}+E&5==lP67CTo~=Hk)gq%}bgHYeSJ4;{$H&8fvM*$vD`+7cbyKzk7(w+a!0Jkq9EZVaQ4B^P6$fN>m}pl$L&1N4*>5UY%Zz>H zLjULo)bH+ch6|DB-xx?Epofd@D6qm@S`MA8qaQvkowoGwB<%-U8m1CXT9}XCn^jbn zfsC_t4Y&v>f0V2%{DU8<<7yDwIn-_jjt%Hh$2gL1*0174iC))W)y6y426GPqJu~Hd z#SfDb2Laz(Gq_;b5@FFKcq!FMy3WCN`qx}EVsINRS3WZdK>tTAH1j+2Su zm`TMJq0vD(>21=p^VkI5+rltP-bU8NY%|(3QCb5hglMxQb?A4{Lq`?Dfz1Jt|B((R zS>VBnvz6O*Ukq|28|N<(cPm@0&ezljwMDV3u<-UcW|qrvv;4fU{0$kBP&NLtewq*d z`G4arhj@YK;E_yASE+Kt1p`iP_A?CwOHH&L@QQc|K62*ORTxxdswMo>nCO{R4CP0X z^|xSz$n!5wRQMKr(aKYk|sJU1-`#U5Bhn{P*H#fE5UzMg-_>8y7a-`H%W?wxqqL ztS{SE-R3_-Jl9D2qyEckQBa(uAPa~*WD^7825@$A=ioa(?E#5f zMb-CBD;aRoquTj->F0-_Ha087ZQ)%XVyu*(pqdM5d~aKg4HPHy;10rxX*}f~J*tII zzz6Rs{1l-nAN&}f3R`A5Gs!hg#8M;BuI$RJqqAlN>?l7~D~G znWLz*>S7+s-y&B8MmGSCvC}D;D#xh)9s%$iC@h?>(r?Ley)U~liuxF(Rw1GY&c!Z! zARkkuAbjnnPxeT1F2~n2E|!mlZD7LbV=Pq)9`Bax*tTS5KOx0-pA}q zTea;mW2ApB^GA#ZV`vB3O-TfQPgq}XjI~I<9w+*oQVcl%scn=DdqWA~$XDHck?|SZ zMjVAHEYwqSo+!>w;ty2eML%-8=5cQR0QBA%gCM2uo~1)A{p_uLDQos9qD&}GyB|4( z^KZOmAwNuECT;3XQ*hJv?C^Q{T|jXLogeZcuYy>N$bK%cIDkAEtpRs4F$eRrXn`rKCsq^OwC!_c;1;mU zB>lq{0AEWvkl--u>Y1!BLJq|lQ+v?Im>M$rE}U!Hk3jxdfN6R}%983C4*mP#uAGf} z9^(;RV5clhQcZoryoI-gq$7_Mdf0aeYXEa9D>WiKuLSGd!k%{pCBpLKGT1K~@=w%(jE9oE($> z6|`5UH84oZW=UFYU-WXAWG@|wfP>ug|2UdMZy=mUnWQx2!IbU8uYq4(gjsn0fY@v2 zv2!Yy0ehGKiv<+$TB~36-406JAsi5|kDVI9NIIR)LUBIz!9q9!re7v+t>vl^ghA%o zch@eobNu}~>#^~C&N=I1<^wQvm)#id)ok7O%$IS$%Wex$k4!-B$bUJ~OX92$&b;6; z>WdJar#rGBF3jxvTn8^?^RfP)&YGQ{8N7G-@h}A@oR38a9D0h02z0-%Z|HZe3El8R zaW>IuAe^2k53PcOd4yjiK(ojQH;|RheuFBiAEsuB-}r>5y9WGToW%FxQ4DO+7iZyt z7gS5d!<2uaIeriKyg*CRglB~i+9w^L!M(ogExQ!_)wiki#|i(A#S?xm4p>1sCyZHd z+kzg~VBE3nh56ttJ%YqR{_~w>5Of~={1c`k`W%zl$_1bZprtB#=_UGDuiQCHXfD@t z*B8kSn;>eaME^CjA(=GR1T)60n$)d#op|NH99hG3Imo*77)2+vIFG&a#es#*mtno8 zzRQsL{N!0dLIs}C;f4elrb8KikpLgV-+CTHh4ChkNko7G;!pTbZMCFe_k-PifZg9y zfkerj`5AZ|v&vVB?%7|*oU|9e3l~)Vtj-t!@ag)FcS3ID7II(={oU6Y~n0Ap}R%{4*R@8}Bw^1)62aoo4V(~rk( zi|Em~AbRFMd4w(>@}s(xr}hx?TKwQKL55dwkt2tpI)Cc$mX{$#cjLL*Dd8%@30XRXQ!Gl z|J6uO3DaVnP}0-{`Moi+SgTCUwK9QbHR)UY)+mi|3dGQyKy3&Ibp^Lr`kn;L~YF5Z*f zx3_3+pI{2#={q7B;pJtezAY@q8=R+;dz}Z#bNDBZ7~z9|zL6+!y`YdHs0>6n75ne{ zZ)o49&#TLQ*I1ya-3}Na2YUFkwcM`nYEH{54D^KrsgrY_Z+D?MlB+Thd8$Ok(#Bpa znz15)!h8-`=OqzMo!^`UqHfrYS00ue?O<00drl_@P^}$RwRQ!OAL}!hx-&v?q?$V* z9DO7&GG%?S+d?;>MWkm%w2}eLl{sTEGu*2Ayj#XmEO!hggEHHV{P+f?Bs% zE+F^(zjaBiC_^~){T`3R1C%}1L0+Zo-sB%l7xuT-y-gm}a%Z$DABdj76qb(c**UP) zg&xu4g#~9LvTF}-%RzIlS0Nl0G^dIAoVOp}4uK4~z!A0E7)8ZG>WTmsax=4^n4s1Sl27|jo~Oa)@4i~Yf-l-W9@h~f|H}HZ zosxM!P3#HR7AP)2&7Z_RTyCu!iIV{Nuck9)ieoosm!)e4X7ibq`ZG z@qA^?Pe1zK;$>3X-O$huyn1f7RvVBC!r;gV8#U#>g6OCR#AG29f z@fv=7P}cfRbeu7Wln*ye9ZDX<-UoSpo$X_D25NtQRS7JT_3d8O60Ca-N8F39cU#8o z$W(v8@T1m`s0SlhDPoH+157kBDQ7sa4WKx-3J-A*7TwR48g_{VTnXStukm^}RFZUQ z?Qw*3O~Py?F4YY3h#JEjhN7A)%CF4Xzm-!j%Bcs*>_c&UxN{%Av$zu@-m9nsOwd!v z+iH-(&a))|odgj#&);8Q=Jt zi-tDBs1CZw$W80)ZhWF~eDxHK+VpURxGBsYXnUSTmQ?BbxM@erew{x4c>1W+y)#gp z%;E=m;5wu~%4{1^n1cv|XA5(uKPj$sX9A{1l5$UV4t`iN&|;B3Bz<*#RZpum8-$}E z#qfLn=OGlQ^8JH9O1ZJPSexXr(=N~mP$kTs+e#MYQ-r&tcL%V1`}!gloOg-h$4>9* z;rr&p+BgIQ;p!q|ZpNWFjZRUJbqQZ#98ib(tGOBhkL(Vh*=#b)vK>+ zygEa&@^@egcXE6yOxNou&hFzwoSmg~@3DDg!7bqQJDB^h{;66C<2xy197|=gWaxXo z-TdL*iBIMYPC^R7Bk~3rc{orNM4mzX)kASA)9P-JcY*(h1x^T+H;j=# zSE-Hb6&5D_^&`-W?1a|RBic8u|6P;ax<&^}%$DsrH0K*0gi}!Wg}a+hvV|Vp#G2>m zHCcWV`KpBhc46gSOIu4cU}z(ydGcG1rPcEZ)Rpt>%b8S85nhNM{%>8Kl4uYP)B5{h z=4=lAh<6}<%6xJS6gNYmX1hsRVZ`=l&sD%a>_9V#z|~x)PES5hz_uh9-kecpr*DeF0W3JO#$-{ufNg!y0r{ z(_Nx)b6qG-PZ&2e#|3zrO=}94LZ5_mFp!v?B{qDjTAJ=a2HLRG=U+s$7M0y3zU?C3 z%g#@BxS-$V-pnxw2e!$BcXKX3CkOaNl|RvWc}onZ7^N+7Mr(R*Khv(82ioV0H`hng zB;sC=d#UFN!!Y^nPS>I2=@XrUaDIGJ{%RltZ^H>Plxc`+qcmxJt@T}J%nm*VIsa@N z0(wI9(eSp!4;gHY1Q%4a!qqR?BW(B3oX!XTYUCy+21yA!$(u}&Clf2#k@WYmI6dcT zB%gY-1Cx*X7m#l}gLtXGFMif*a6)`YEz9GHHnaf6=~okl$nz7s8a*IPXLkzpMjH`V zT{s`mcm4BS>Cc$m`=&Qs)ORq2AHNGT{x;n3*ZC6o<5cO`mRQ4H4~jGJf(pXvA0oJ> zK%6HE12;sd;THaq*1@8)aQM-yOnewa$rYe)SjBJ2BydOuC%kR><-1Ze(e#K6T3;RV zdC+@5YL~}Hvp6d6`~rDR;pAk;*hp66W&6z%lmtvc+{Gjyx;8mZb{*nMbZ^Q}Ofa&8 z)^Oqoy`P8X>ml-_qo)rUDBQpIjt2QHr2b#%^h2eUteAwZS-1Y!i#UTU9K-Ee^^3q@ zq(eC6y{DX0wNDKk9ii4W-1|TNmJA6tk2?C)eNc(=evMPZR%^Ge8dturcC6stoaw^I0YK;5m)ci*Z$iAyFE`7wzS+Gr?w#>m|uoQl}jb&(1TeI%a10|DPy z>3YAnNl&_$MWTY<&+iE<3bg!hl7C;FDmYXk(DgTpu~e-eJraWE#CAeBTG)?aczHfi zU)2E(?#_VqZ2Xn$EtYnoqPmDdPNN+KIA5xE%&Q5L?fDqI28Ti)1p@9cqo6ry0}xK_ zg$+8ke*!FaGl*2sm1ptB-qur$y`#xOCeB$oZbk!kH(W7}lRH{>C`ans%(JML&Q5j* zD9(7o0fd7c!gJO(`k{9QWN;(WG@JLW<{pZ2R!m}~aO8P8dp*T}9!w`8cv+?PLQLQ>SLEWFsJ)vN82m7pEoa2c$nM>CQ z9it)eF6k8WZU$P|P0Qym*Vp$8IgWgV))Q7zZy_8hRtm0A{~UYNO_;)^mu5*i4Ij*^ zZH6Znl4~0~KCyzlZqBD2-Rw2GecY2poBJWi(XS>T(FY!R6 z>o6FpBcq0OUZD2!;}0_mDsMhGP}=_$Rp)A)o|@OWMnoSz0r&fl1|=xYrbHuzL;c)V zO5G&aQ^O4WGKJIhJ#!!B;=(uGTXC=UFDv^FFuMsuY;ek24!qtkCCu zGvErs`JOh)jHk?S{!0SXY0jHqjIt+4kbg*evYO^ScHGAW{HwB5x*mu;HJzgNTO1CQ z&b1?Z&!O#t%>pwBM|Y~efl-G|z7VXSvT{+NG3V6Ol!3U}VEyKA-Fl%auut_~S+ZQ< zD_CUiV=7QILBvpCA;?r3{;>}HV}*xgX)nXq=@LVI^=a(ty0(Hr zw&f>DQITd0zBBp@HN7A{MOpp1cw{KfSK>AZ$MGmRyc5rmWrY;fdBO*_ zeKi&mev-g|->X3zHyS%)S?40n_fW0Bo}uW60(jN*dYIY%zF_HLH4a9=33+a390lc< zkn;0-$ZJw_pW?69<)hM|1v`%5iYZ*Ku(%?UykAT(b68w0{0jI=-(kX zgr}Dz4gGixB~N|qF+`q=rn+&zpsp$(NZcH2O6tdr1Z{+{rg>@ZdSK)YxgGEdF_xbY zwuJEDS_^fj%n4>m7qnmhmm^KXlLz4pFSW8gcYBIx4D4lDw2sGtpD{%WDea7nJw21B zbGU+l)%y1{N}IoUNAGW5uMAy92GOu3Nc`(R-$$Aj`{DP3r*{okp~atPY6lwSU`x#a z53zVqo>$zAa4@keMTIc13m$*C+=2JBtrSmhYmf5$+tNkw0-A%14Uxx5;-_CU|H#XD zO5ou;e@ zD`CmItdc^(zc6~gr zn*MiP+QbmfuIxH;?n~|j?+1Ou*>IhDs@|24@~JqJ(7c#{EvQZ;jus(t;kR(RP-00j zp`b6>P#rLa=7dN?IRD0|;(^|t>w$J%r2~vO0$1qcZ2}q$?Uc$|;Fg@_m_Pb{`BMZH zCq?qaL5LTmdqQ&(9`uC1W2eqFC%jM8piX>sEt7VX;Zb-k!!%{74MSR;u@i{Hu5w_D zXfD+|mDRzfG*BYljri?A*%#8Zwe%2q+8p)Y#+}c=7=U~mYlq%pLt@;ED#J;9S z%QGWWe+U8ox{gGr3C;8@B1491;XT=@__QyOxWhjVUGz1Cvu5egUE(@#V>k>n3uWB6 zYF#GgEyBoN-HXO4)jQe|aQh=JmLYNNL`qfPjyg{AGlX3?e~0GGc|$nPc3Gmo4mvE7 zhCqJH))SRKTSp!a==P>s%kLD)LLyIK3TI2ATGa0K$I)yY>gyVOlw&+o2%tGfC=ia+ zDp|6-Y!>>)A<($d(uQmjAMa{l=<8g+&MU;zQ4Rvt0vJ1D4T~E=aBts|MGQy3+}pN- zmPZyO^Z*Wryu>eZk8s}PD_{>QRia&LrZat8TvrwTdoALpnGd279z1KTw%W{cKe$@V zllDW6f1y}FpNnTo91srwGt(e~-FK?RufXhpI^_6AERA$}wxN`dBQWYG->H@XDb22; zEIgw5=*_kgiaJaES>N*VLal2V^+6wdDdOiEJ=F6H47JZinm)up=3_$nC7ow;zkK{f zjkA9O`1u1=EMG@8NU@yj6%#%gwg3|>q3kc|)s6@K2Xmj%$r#b+r@JSJo7;bz|Ez>r z;Xykj>p%J}DbiTu7|7GFtoe?3(PMOWJcF*Ui-O~7=@v?!wV;RhV%@*iIlcQ$a2r1O z-KE$ui@SWi1zYhEcG+;gpa$)Ldw#e&3IogG_uThky1z>7{n{9XZmdw8Z|)C%KVmOD zv|_AY*3Ujb@3nyoM?QNIa8Q)Y#~?zk;c<=892sU|pVi1cRrB8IJhcksBf0*dCm>2tcy#Mg zAxcFj7(c6U_!gQI^bi+52~92gDzmWE)&w*Hfs_qn*1LDR!FDGO^dF<&R|JDReBa|k zlg(GiA+C^h#nYc)V|IUBICB7gb#MPcc;gY>ewI31;~zG1ZS!@4LC;Utj_yWvRTk=?YdDWjIrY=mJKFmH6Cdxtd}J$mHF+4=|DXR4XjBJ>h$ET4p)|nsco)HPe-{?^ zpdHM3OKp7G?#BLK|+L+fq{95Pg`2M!rUOP z*wJVs!0fsqWERYLU7Cy&Vdl>|F2{%!)YDDy_BSUuS0&Uoq0%|;BT71-XwwtSgeDn$ z?ImY*i|}3ho?hvPvY~L@-i@{T;z#jISC#{BOGVS8T#RyYWo37lfg-xuvkSVg$;&`{ z+imJ~B5g%w+L@_W^t740eukB8!IUx|TM>1R!`%NXooukmgBQBVAyvdFw$ts}8Ud!m zqfP#F)W;^@28;jFr;F;KOc*lEoAo+2TzRqL_GZsg(R$V?`JT5Wg=kq$f6DPoVTC$h z3hXzj&3!JuzwD&!(kXNA5Jhc}c!N94S~(q)%*ZPzXJ2-3N0nZAF{OVP-Y(h844_vV z$S5BFu-EK#NVSSTF(NoYcYOUO$9Nh@hyOp{PSUsU!Ix8YkKFY1oSMBz2LT3j-SZ>r zDM`#3ecRC|>M|dr&LH4~M~|mDbd9QlRm7EmNIk_kUz|q&1=n>%(ZQ=h+Pg3Cgw|t) zR)x1@Dc+wcKUGNxHIP?xz`xQaE)NauJM(w=xwT4%Ur$%)*2#R{S$mQ2 zmJQ;5F|S4VPOC0F7q&krh-619nksa7`-96lP{D}pm?Q0Ny-+dlP}k5pu-e@J1}G(T+T)^B~qqqdm$U9COCFtjo=AVB!z zM-)iB^HzfR;}e8OyK~SD63v?-=l66v@UZr^Qd63l_>x-SJ!r_kdA*%d0w4eB_& z-@`3?WFzW`=PFuNAvt%9W;wEoQ||ur}@3~h8XS9$c$l3x0s8glfe|Fb1PM$&-|}oR4m6+ zMEP7qts*H}or94a`{o5-8mo$t37;kXakg)loX$+ojDHZ-WK(I+HK=??qAZ_w$sjha zeRX&Iy#DS=fCh2fTIDx(Xbgu%3@q8dVGJP0pOc6O_TKUTn!86JP5m*a7`qjBmrBU{D-)3NjmnBGIz-5!TZn2Ie04p z`SlC7u7xY}evV|cAm7mugy^K!zA7s@-ICgpOrXtExu&&!J#Q)Stj24%QLbYaOLN&> z{iH0cf_dFFCzWOem*iZdVUVlD_*{x1fTK5_HkOb__8>V|!{GCG0b300{HuP28g$0& z*8-B9`*#;Jvw57nPwTRDG`^z0H7Cv?e!`;U860+-kIn188+i1^)6qHq`{UA}yx45F zO2=VI*%vMMapm1)uKbtsMuC;dm-3j>ylrR1xRFyB3ytvm1~o;9_mZM0De%7et$n{6 zq@b2$FAPwU;iGGu)tZSGxZm%07^>Bq^;trNyZl0Mp` zI9V!$^3YmKA<64JBgp6ZcXXG7b|Iff$^{9>;%-mxBQ6TeP|vLi$LISul#`7)E{_`z zur)FW$L>TQhgGtoMC$U0IcXjFaD7)bUUhmN$rQJe)m*t(9ln+@VLwZBiB`QM9ln%#r>*^{f#x&-ukI#l{?P+D^vorQ&{>3 zEBdj-4Ca0*dVztjCpo3MzO$KIH?5An@2nL6t{-soX>+V)Z2L|R*>}$AH>m=@uBDme z?l!6sdhNnfa(9?C6Ku(zemFaf^`?BElT%&NvzOhQkruf~lyHyD3}oP@9Y<1UJzMB$ z^5e`u6U-ycv(oexNX>YU+R<&#Az6}Wr@&XC-Sy{#L#}FZG)I@O ztP6t(Huf!Xe#eeQ`i;WSzRhLLd|Z_kqvX9VLrjHEjKgrq?r_SzzU;1l_%4>go-dY5 zosfrR{@);?!`aC#Oob{fE@znBGG)Wxv|p02V0W;I^K$GG1{L~fbG0Z!VOdf3&8X-+ z#rK@@6hb9oQ&g(5%5U;pSiBEHZu=O2R?4YX_h_B5wz)muqp5W775?0`7=iz>Y#v@L z^c4)gQ|sxxL4vUdrSJ#uSmp7!pJNSDe{#JQI(!m!mVwEU_iE=kzUWI+D5jdbc0f>};Wv5v10)%{?jg`_;~4 zoC+L{z7Aa@R15EUoUyBl&}0~{EYZo1%WXx0bY@{m6$Hjb{rcpcNV9wPcr8i;>ZvVD zGzt~X2`XCDdTauV_E`P5VV<}#lBrQ!jzI+{91`8AUKuY?B#cylq_rvUk0iSl_0<=qk-{fHD%RA(+3iY z{J<*AQU9;uW43HXDd#6`Id-CP$v0%h+fB=o%Ud491>f7hM4mbZ`Xz+nIGp&pSEFPk zEQmpGk5#&drv>NoDm_Yq{znoU_Pt-YIMHR7_R;3Om*~Pm2G91uW5(X-u*hqevz&s5ViD?YmwS3@<|E3mBsLAuu0K%H}%5TsaVFp z&9AIg*b#a~wBDJyZ3yca8}_pZpScFY){(xQ3-Au(K4ZI_Il4Vbcyj2lE7MpLOLr_7 zEk*DXyY-}J_}-HxxoQ?y_5^WUPzta9)A|B32HwrB`UKk-7#U-uu}aAwFh9po#rxL= z-R5LfWIH?M(uG#CDoK3GDrnu?60 z^dq8otY6A6xW*%tf4V#D4UTIt60Mtm<`VK#44 z?kw}22_iZ2bH|KlMGpIQ7P12jzvB1_`pTG_GnMXnzsl_AUx;M)eK%Lrkj>=bEosx( z+m|50`YA-OKP{M$3*!Wc`DSk~*;&v2*)0#_30Nx&7a55_bHHeIRE`Bnt_buo?=%1IAT->y|8kBi zyQ{3FS%TZR(ZoIz#VQ(`==E3KWEC*};1fubbgLr#HknM8VcaB7c5$eDQ&)Z-RS&Zx zUI)_*g`we7gSRA+w@4|DOB&%Mk z)?Tlu-v%Zj!+4l}o4}C~F*W*t#m&V^h}{)rq~?A7B?#t zg27dv!f~*N^3mPMl@mC|tt4%IRW+SLUUb^;bQ>}2Vfyo4$nRWG-oBf(b)C}EqLxz` za$S35`Zu+MBRc)h?G~em`Hxe3$M{yUXDAC$cR!-XO)l%j>Lp&E<{$$JT-d`PNAvL8PVp z`3ppsJ(rZ=H3o z`f7bi>*+%A%+KZeLGwL_Kbo`nt6=E10@h~5)2bf2?cke}>0!m!jx#qDr-|)^_b{F~ zH;4Lg7z+F^QH)4Yh#PdvEPhWDQAKQ9*x(Yve;^X7PVdZG+!r^S?`NYEA&(+iAiK~mF zorT|nev;v*u{g;K`_7XX2j-Q@;R3A!rA(bAVv9cLvECywde?H7SP?Pgz~H}{6*!w1!6u1PHN!q>yMw!RgE zXpM^@Y!xL0b%WlaUp!}cHWw3wU6e4S0tkF}nC3rea60TwTo${bT2;{GnyNT8xWbj; zGj{fytEf%HcdHLRV{R7QT@Jt)HyOvWdcMrWiU9X2W={R{NxsORLwL9E1yN3Z2PUHYJv4|6xC}MBudCo~RV=zm^Ai;e0Bz{-=l0qlF z2EXZP*(@nV@)@CP^H7q>4U6TuTCz3yIQJkLLc1Z%2}WF+a6pG= z$r;1pBacKj;Teamr#NewsVW&GA6`x?FD>_^{Q5G+@jfk*GOd34I>H7!f&?Fay@_XV z;GS=tgYnrVll9H7G{LRhld9<>U%xJHKJ{N}-*zJ@o>-}%nOH>hM!$_Mq$JE{#dAI;QM|H3~6adztw2>#$1s6esb#j-KMnAnUFIJ6O?6 zW(xPwgw{p}E%)fhoh`ael>ZM6rai3Oo$NgP{%7v1-2awr!(G0G+(7?Y2NDI3$| z_r3cK)9yBi#cJl_%agv1Yww%;Q+Glubzt0a45E|&RK<(R8X;KPm}b+}b95$mI&ndq zKa1&3GL9NSjyS963w&%8a^9qA5UVyKxa#xv&mJ|4+XNTRj88B<-U1xQ2NAVT|4Ng_ zX4boC)&r{MC=IH<^f=Bm`_l3^PS#%+xoYAMI2sw>s#xc*kQ2(b`jI?p=fS3-hO&?U zvnR+98diwq;IFSOTSV++fJek0=`T%s>rfIyJe#`aNN0$$)4iZ)DMX;}u@pSz>2s^*&LOe7_`#(CjB~Q@I#RH3f<^R5Q(}{hE)fNYBwrCIDuvYwe-!8la4Atc8${NsC>L* zJ0g&D1Br2Ph&7yfgpP7JO^B?Zthv68!gM zVxhe-oGoV(2xnl2Hf^c8wkW6r@G5y+F3YWXeliLwsgv50X4>|Tss$W6wMt!T)x{8D zJG)Tr_-P93d(21w;)p5S`vT!0t2d2BK-Gayb?P2D>#9;$a&nnouVX?0=QyaTl25F~ z&Y50lo$(RSF!Sv(_#LJI!%=m64&kKnd{)NN@|`#A09oFUm|=Ibq^oOqpCg4B@Jq|y zcN+nAth5-L$I?f=f(OBYvXMDW>VI(AU^sgCzabp!xB9H8zS@mRpq~TP&G{P}F*Vnt zB2@OVs!3EF2~o-byU0&EE{M?Zx}LO5|7btQHtSM4lm-9idx<^ziirM4cezDz*6JHz zIDu^O!zcLj*r`d*L7~T$afdcF)1IoJXUx5>7vf{xo?kwUp%oBjUrHz~gMD`~m-JZ3 z9`usQpNGWp&Krav-`(zo${#B*V4cU`>-j>vq}=8JWUu2qjiyeD7LWZXG66mLYU(Z7 zR#TWg$vTKEotbbDo4Wf_{>T={7AK?moHPpavtkgHG$pLY%n_Y|>P;KI3ROS(OY4_^ zB+gRI`>kO1>_hAa;`yzh+rEwCG7M+S2(f;U)f96vC|Q~IZe!cFL9t(-@yXP6-&5?5 zmmmUF-i zm%Pwj$JxUZ?&MIwa{KCR@uvKRoUjpAQt4zgJ?4F{HieY`I_uQU>pY;Fc$@}Y&; zjsMKEI4*GtWKSZ!)v&a)sm2hQj{hT#zB+=T2I6{)%u|EGsP73@f3-7fT} z0#XEbLz+T68(v{B^3GELg~Hu+hRMU?vAQP_?tA2+527mg@?kh6R6`KX5arQc4C~vF ztskIXPkDNW{FZ+k5t-bVR(&+mXOx`MfCG+t_+23}{Y5rOR*wB`DdE(;B>1>Uj1kq* zrQ2M?RPlGd`DXzhBi+Nw+gFKs!Z&oZIF9DZ8r{ozL62~U(n1T9z;K;`&nF|-6k9l6 z+=q2d5-06SgY4m8_Hz4thi#-a3_L3;K$~^TyV@g}s9{W(zm7jDe-3)0h&&mJM~%ox zxh9)9VTqY}xBK90Dr{V2AJrioxjsX)1B!g>Q5=-4mq`IL#!Itv&5!2%JQMTY6d&@0 zfZK89Zl;}F?TIT!JgxV@z>O^agljMy3QHCU2iaY^8t@Zh7$~)c6LWhSElgkEdP-YD z)XUih?o;1IylPBz`pz21-tvo;7)HGpTW}m_#C}J1$?pTzCLvgro;Y{YU!oMwIwT~P zr#$#h2D*R=ZNxdF;(gz4&G)^)VHdr)PLEj&!=VWpf$WLBbN_|E!Jfwle$bsfWU0}k zgA%VQ#m=z+^}7X7>2dwzHbIFf9Rk^9&DJJot5D_(56U>E^}RaR-X)YZwmeC?X5~ zj4`}bbxI#k-VN|2avqKHf2oQ(Q+Z%cd|*v(_8^o6e0TQWg+*k=&-5${e`3g<4r3<@ z!0sJ!Zi@iOp7?b%?=FW80(_|3(d?g><%)WCqMLG3!w0C3%TP-I3y@*d&EM;jVoEQU zgIk1C!(Jhp48*cU?sxtLL^tpT{*>Z)^*fs^XdmW{+ zP4D8VbS#;IDyEe&nCEea^Jmbq)dwQ|byvKe`rFUF{;TVJ=x~Q~=AN%wbmT^oo z1Gcv!cQQT(bKozVFsl{($?vxlE9y|v$!kw;7z%s5vmX*n`tj>NOM>+d>^&ylcS{u- zS5{N{N8u1VA5FkxRPnbF3}Cw(PX9i#UNKDEHr{Sg2_+3@LW9s>oH$SG`m@DdhSg=< z#di?f2{}I-R1OdhQqAHmz%jEfTMubG0rFUPC7oV|%VQeln}F5uDv-D?+=nZ%BQ9U= zSrti36lU1JI1+;5h&&KVge<#^Ts{w-5qKw{vlH512|SSu&*ZT@5-Cf_31I@&K`iu~ zY^ooMm{o37U&WBWbPJEU1coDQtAQBTKWaKPpc+}2Z2Od_ejxmw-&v?Fb8v5@J~KFN zwfq-!O!KMq4`c>XPQ~es$U;TyU^vqZh|n=oz2@>cc+UrYb0vK=Y5vE7rf#^YpgO{5 z7_6$SqZ{9rr7nvqqm}2k`c#rI5|cgq7e`V>6X7%|(S1YtR?-rDSOoZ@`ER)SjDK=A zD}S{Ab=NYD8$Uz|Xxc1SBuZ-hPI&D(J5Rt8vTc8J=OYZKksDDZf>gn2EC#G!Hq7a@ zPA6ik=6LiLUc^(iJR-tH<|m#HfAv+^Gbv@nJ({)+=taN?nPMylYf zf&K|^=KH0U+qr9gxH_|tRJ9) z^BTfIs^I*-3F=BJuI1lJmZh*J_uJV!K16HKvZ4arBG_1t=t5L2?|iMLH@YL?+QHAd z2g6|mo&dl>s^EN1K*?$eeVna)aIA$^!Gigc;2d084Z~qdnSyYTDmZBFpuUn%yeXPzPn=S8ld+=lB;s2f8mMygOUe9fni&|RcX8SAxhQor=2H_ypYka`V>*GzEN9L!t&t^j<b05jxe!EvBu+Ql^9F6(JzG7S>V=Bbc_t< z`@rPfrD5!;^u^`DZD#oV{G}FSLJdxcs5i8i-@1$~-LLfSX!DT!ZVeCV>4VubDSZVR7gFWrC3q1S>mGPxrc;TZ#1fKgPCGZ~J+TP|ss>s! zgu*HX^6O>Q0`GAy%B=SNf5LJ8tMU>G`Zc|s;j^`nEdOxeaqY~7lr+-CDb5+x2y&@# z;_qH((9ZA_swAbsGJh#P0>}BU2v01$uDqHE z0u|bek=25lD3=4M15aq-IGViBxR7cw(r3V9yHV2}!$O_)yT(Of@6O{y`eORIwfS#VYfRSZjk{pCl>2+g zoLCv@b!|MbJ1Eh;{`niMi^|_>F}#2+XJmr0FGcftH|7`feUXtyL9Z}@eb9waqwI1o z6+!Lm!395wtw79!P}fk{xc*X$8O{M+LROf6(aTv_P_-{y{^%7ket4$#9{4+F<2KdQ z93-iuM=bcUU#SY`g6_a^)Dhi6kt#13d!WlOtNeX0(b6grSH9&+-5xPICP_!|p3kb+ zx`Ti0B;78v!m6|!p*MvIu>g_h#@GLwi^Vet^2jc1eByxCxeCT&s|XT4LAIIFmKt zb#UTG5feyVFp{UwSSZa17nH33fSvO|L8`pGSOYBf&bk}eyG&OqL#{D26cLQ~ zD9TGiy>&}C@5uzRhJB0jJ~kfI`a$4)6E?0XK1pajBUN5*eF8Ty7RAr_K&!5KAul7M z<%{bbLQcSIWe})paGX!8%o}l&-3Ltd@6RN0;W+swdIuKG5=tFA;B zS=wxs*9POdiQ>?UTP+>Qp)+a{T8z?u)dFIFBEQ$vf7MwkK$lpY;e5t%PwyisYHg3B z&D5pp_|-MQYF!IFZQ!atc~kV7M8Ve~hpff`_D+zR`mZ|61bEMn=a7)d`%NZZD_`Fn zIVltVmbC@A($+oQN6m?Xy`~SFZg%wCnhiC_m513gEsE%Vf>dXb0w-T#?E-79jc2ZV z>s7^uH(X66xS!@gT#Hr8_hF&0kYG{L^Yyp0c~UG|oN%0AM4Sz&&cX?*k#}kMQd9XJ zY>2w-xhB(M&H2Znoddt%`}cb}y)J|T;d$m$AvH{2*rg#hJaT^iQfE1O4g8(v(k674 z6%49gjkA56Maj|kzwd+ZF0__bOtOaiMSw2ysvYl}!WT2lFq|1abm+VL|D(<#3tqTd zMil10X-h#UeabB?)xhsO7v=%HRl^Sd;LF>ss{L{%YDo#g`H z7@Pm5zsE9RoYPk`Rw4Q>D)xI6DOgpEoD(qxHpBkE@a=8l3b^RNQ{`zI^g}hCA}B zY+#C~5q=Xa-XisvI*SFUPP9+#Dpww$bz6&Sk2bHqTg7=4Z`;kL$mxDwwF?r1`=fE$Ql}<3~Sm_w@K};~Uw_0U#cw;qbD`Rk4z|5+%g) zijUTpr+M)8^OvehNeZaiRb#nn!4OZD_Wtmq>>{tl$)OW;5A+OT?t6wV!9+8Z>HM3c zuuQ{zD;H+Z{1Kv>3#qC?(gJ>&WVptq08?T{AoNU~T%>JWKrQVK|F~&!F#xR8=7b{)J%{o6E$pl}=aN1d-CYO4zM<3quh9`OS4woKS6< zhp~K5lRW&?u+*;xjzfgl7f4l=v~-lLoY%d5fdkKXc5+J}ol)wWn4i_xgPtEt^{YQ^ zUDzB{SKLq^?Qd#3|L}w3{8v@Qo(Aae)bGmEm` zRyd5fM|(Y;J7(>;NE3Vy$MH{qaFA*!ch^AwpAYvZq`7XZtmR@y5L8p&Pw-#dyiMXzCZ`> z%(q?5)3@H2R@&}$WxdeZyS_(O-wCs4^((^PL8_t1$pOETJ4D6*r#yOsm0^)?Vg=#s z`|Dhwi%P~}lPJfVEG#^%^xbL^HB#L+n4b&OP*fm$kZLHuJ;95c#;U{Uf+D9QLI#a0 zWV?Yk85;%EbV}e6GHwNWGO{LUHGXba{6J@W1!m7$yaH0!*}bX4JU4}as8!+(q@a2RlaN6 z@}=94#`>%F!CcA{;bUf?@s;)Y-m&#Z#sj=5_0dj`KR0yQsxjdEV%G%We<9USXhA;C zqg_^F>DKL7OrI$Y!u2Jq*hDmNFI#4m;=KPgI5}YQ1<#UJMp|f<*bZjTp0W=#E~FYt zBdAWy+56@t8!67se7lFnxK!4_O+JzwM9oZI#ZrEJB>aVYLZ3PDI(Z4_W2j3A^4|I0 zeGK6sRZJX!Ixi2-(>(dQF0z+HP2ClSl3d~JCTgJP>vL>kr=F#c5uppmXx8-XaaE}B z^Z5X01;Rn9nD_>O1aJK@A`ysV{|Y2@!xwy`RF}navK!$8rA_Qj0wmoE};b*LWy9 zi8FVhvia})NE2Nkx^f`ZKHh=2)?w$7O|EVckBZ@%r@1A|uF`u9kRRlYw12adA(YVfWk%h#+CqcY8#J^MN_^(Q{!yxG;o^e#VKGq zcB027@2z{87`s-p&A{S*(zH%)(EK2)K)*(SI@ZfJ2F7@`3oG;uk~rAB0(}}UK)1CQ z4t{9!FDW-sX?Pv)kw*y5bv8eOjf)Wjv3`(hADUn$L|>svbOn-!T@^MeS;WBWT2muR z2KVXY)8W@vtd~QH+YU7%x(AO=1fi_oHa9$3$^;P0WZWmM3@o)arxn?LLaifh4<~K>F&miLJNVN}pGZ5jUd61@v zp8h8~N~o>%vgGINb^>hBjirg8Cdum~+HR>s%GEhG+`AuA>0tKM6Fh+IL8^Utu!4N9 zg@)e|<8}69?R?|b$#3*OS@D3@6aV+%y|hauZM%{-aR>B$+luD7uyaHD|4Qv+Nf^O( zM5=Vm9|K0i(0nn+3!U=X=IY#?(GUAdHJaVvJX}V3m~$ZXJ}@i%*=Fqq0~1SG0c>2y zKDN-fkSZOIL7nDASzT$L@HcMfq6C9`gaaY>Ub8#~J-wES3S5TTRD96QYWnhSX z^=F)e`Hg#f5*!EJY#PErs$vK;0$u4@L1)n`1*=A=RV=56IBCCzok6cVZ7f1D2K4X6 z9eY1tN=`-ZUD~08swMwf&ob!NI}i?16(bAeFDlbK{3dEjEa%joxYy$64)o=!kD+AE ztE)Pd;`gy&);}D<`WUm?NOt=Z9Os!KgyX6paY^Cb)=!{gm{oISBxQG5^&IW0-Y)6$ z@U7yRN*fSW)JMyEq_G%cyO52U!8YTh@{=tJjuVE+cO%s`?32Kb92PXMu`s&sCTx6f zIuW~&w4?tHsFsXHz0)|m^NxV`X~uJfq9zVQE4zE);DZiRyFG$AC-_kua>C8mQR3nruW#MVWD32KM zoNwngb06e-1G5Lq9MNqJsUFeP05WeuKRk7L`+F@De)DV;rB|NVr-OI6zo>gDWy}-u zz?#7{ueU1Lv{9O{_cKtBXo2iOsz;zRfESbW<16+k7?;fD?aNxSGO1S|xP!l1U$n6B z^3@l;2`hW?vW7Kc+;(gRZcl(bgo9L%z-tCo=sOOygVXwIG9;#2TOEgTlN$tiAbNXO zz{7mtmiIKq^f^8|zqG`yWehmZf7K(>LB`eXO{>Apu~n1O;Q@!{%*Z2yy{cHi!YOa7 zU)l3Alwy2fT<2gm6`@Hdd^5j84+k5pEbl~BWCzND;{8$SIwvBaJYcrVof zcx=W>KMsqoV&CIW*}Ku|*vA9I!9}Nn#)VXmSO+UbHD{w*X>?HLWE2bcKI@PJvEhAi zny9nf|1>XWcIye-(EGfi_rKnBYjD7Dh{9bU9He>#^Dda5-`-v;L7DdwUo!OI2YJx; zTi*=;+5+>8^Vu#bp&w7W#;t4W;sXlB50w$DSNs@yS&SxH8ed+P@ z?YcROukxTL+|aPl5t-(+cus;N>BOhE4_CM@v$J40%Pi)_coG7Di-{S7f1dVFy5EUU#bs2po^R=dD1&W z0Sr$w&GS>^^rFRc#%Fq9JximwZ(2{}kltBp4?=&sN-IPe4YTJjwT3_t`F?cG%mj;4 zeTmLns6lD1$|+dZ8)R#owF_xN4KgT3(dLqe+J62Vm%Pv}qZ~9wn*!11bx2(Dy>BEVSJQncLmU zL4nhY>``F?@s021{R7P03E#%J68 z3%p?c*hO);<%nHd47Fh!__incMe)`?U|T-^WQOr#Ty-pd$;f<#;dN2#@B{e0Y}a)g z!pUx^=ecP!e?XE1UT{PFxpFj2G8^yudQ$k%rw8%`r%=)<-Zj^ta`Ms=Ptd$Af9$Og zl{~2mv*(!(qPrPBZ~uyVON_;L(CzWIR_Cxew_Jgfe{H2~s2{Pc!}om}{^rke^OsMU;pgfz_pgvWNc9M?nlc}F&Hwbu7kFRf-SxQAv`$58qbCLAPY+Ga z_0U-|`7@GjD6#V|Zr8|)!|nNw@CT9V5mF#-+~mAWVc^F;DAFdTQA>i!IzyofX|nZ3 z|EO^6c%a>^D<;4<5r2zp02bGhu`fpOWRR*4BQ;=t7)#%p-SBpBmcSE<(&fDKmRJe& z;1?AlURSGTNEn>|ipyqsx3&E9*gVW0`)vzoTu9Z2g98v3wQ}a3Y4~m${-KXela&(7 zQSEy>c-KA7|E$FOuF(ajy(*YEWI^eZ)-B+mEXooo7>jO%a z8P+w?G@=@yYryDlR1Ds4zE|*hxkj$K%+rnQX~S^-Qhmq-krhe1cGCJ;(0xSb%?Bcd z_wMW$C5#}R&>KzNkP^J~QK9X5r*r2B(ZUsS7>O()^~%;x4y=Z$4Ewux&WHBv8~s1~R9}@ZmuQ6H{H6L3{tEPC)UTX!l5`1I%G9gK z`c!_?Vp$OdC95;o+dC{O_1Qqy2gMPWyTvUf!Amflzf>PYGC>^jOV|YG4!ySQ%ErSg zH61d`SNoNqr$y+J^|>*VgV4TSNAY_N{c-g$zd$DJ3F7^ORDEc+1DQZ(iPz2F z%Z5=&l;olgj0&~xUC;HKYyt{U?qYG zmKd!re*~iy?qEvK4bflhyVnN_!8)ueQr0jw_3?O$rTu-;qM77M%QF~GejS3Rhg5x# zS_Bb&#+Y!fctN{#8oXO>`Mq|5*1Ye*xjIPc_OPqMU*&SD}pzO zRDE#M11}5P>&x%;MM=C*eu_m8RFm8qR|EI5md9&iNx%L1qTrG-ao-9Vt*Kv^VL0tF z2)+bT^`Q=A$j3z630MYVj33>tmn{||sFo7gs{+xbxzCE9%0~9x4DY=inyERHk-KU7 zFV5ep52uG9Un$sADtYxHLhUkjEiL2eRYnxWRluXBscYo9XZ$)p>?HNxb+5V~xMVOt zd$Fk)xSgT=9x zbtBuMeKFRPim~6$*Z`9ES%Z?!N?h5tFDo_*@Lp}N&PecVa)K_FNh(uyISyCSFW=!6 zwazp!=EMHREuOQWj87o3S5h?;b2_Zd=5wFOzQUjmWcbM*08oAw;esrB#t z(UPB&Q%E?>0q-Ii6T2fyF+A>pUeeJ zJW(G0Wed9142@K-+k0eK%qoOc(FvqIm6VmMBPtK3$QJpw;Xyw!#FzVZY05tpYT`FjDPPE*}& zs2)W61(&Q}r-1m_ca}afCfUt!YD|lQeP^lT>G>2G4k;!g-h%9smfHg|T^0BJHus~> zV!ttAEUA&cZ^xe51>-8PBGY_QVI@y9>mT;Rm7Cz#ju;&0$`8n%Pm+2DPL4VGF6tnj zAgXF28AlYU>?Hn9d;O~L#~QzQluXTqL9aKnlX^;{w60Ewf=|0 z)d}GsRigW(fJgG1=7jL9rJ3--+0LwAc_cx_B-#w>SZeN|vj2FSjYqex{ zf#WzM;`831%-_$mL+B$|aTEndzeX2Wj3}@ay;)5??PU~(B|-kw(0gR+stiL@tciCV z@t@4od!A=79P-PE_o3Tw(p&ZT>z$WZLA-aQLIL+vFd8*s8O_fpU$ZS!oMeF)WOVO7 z#&MBau4o9UT4sZ?!zlGH7!HM(5Hzk^xai?FX3n;f4Iqwm@4ce((7tEu$3CAH!c=9} zmrLNidc%4r7~}iB9`CkEm&oE1s&2is$8enI2>-OAc-DXBg%UQ256GMdHz%f`3Q8V3 z7O&=*XUee10FC!diLNTsfY!IFm7$@BH*X328M@nw4#T13Kz#Sd^Zd=6kAjv-X26b= zS1TK@p%^lqt?p^#;fd}EWy1%nO3wLq2%mqm9VS4b^eL;-RFq~_#Nzk~q@yi@; zyZJHy;s&Z<`=)=yZJ58%E1~sxHtc1;O-vI9r{rm>l`cy2ws%`rHr{i)=a*1q?!s|4 z5pk_a`~&^)YSuFUTHujjNO2 z!tR~-$9Umko&(IQ55K|p#dSMGT&s(~S+BG;qaW~T)3DH(SiSKZSIHF=)W10VdaUuc8m29Z9mkY;&^chW)Dp=0W?4SYCG!UeH=0IpzAtcazkb5MG%g~ zr*wfg*?C;NmrkU-?oFJtIhsXYfz37@+*O ze=k3k4?0yk*H|-ROc~7Fh@yw#Fs38;Hb~VXP782TS+pFSt}Cy)G6!Cqkl zq8>Jy3nsB=ex}>+uc3>)xucT3MFqoQ!l{DhCxIzoQQNeWU$z}3Q_r?_^|N7c@Xkmc z*2jvSSjvJeey}=G=~*H&Q_~nKP^77*_;&X%%zR-uEKLIt&Y_s2g-BNfwl1ifc!u>- zug`|uPNwpQaU4yLd*Xq2c|ji!r#0+86=$90f^d*(i{dyS zB62cjqSo?O@|@;)nknaOo9Ai#IPmW7G{*Eizf$#6<~6t5&5l1@qt`8A_T2b?bz8*P zX6ZzVMTU5%AVPe4WtrDDr9o64uIaFEXc!K3~lP@u5z5u>FHoHSZ!OH0>iMdA{LG%R1ref?mEDqf7sq13U2bqdtt|woVEH95ub$?#y5ozl`4Uqw>T;RSi zkItC%Eflq8ckT6P4ubI^7>-OYF@%Flz|KDZVmF}U7swZchq$~N)^kxS6i0DG57}Oz z#uNtG8a=y~f?soobD7eEudJzw-wBaMz;I@C5##E(S{9|0huU_k5B%I~_r%oOJLDU( ztj`m+Rj&s{s1?*T!^lkNENPT(EV2Q__q+Q z9~UmGuGCc{?2z3j17F^NJY$D$B2Bi;(*<8U4{Kp1C5L_oD;Q2|hCMVcqH&R^j_R-_&sl{mHx|sZE1Zh{>-w#CR|UotjCr8d&oo1h(s99tmA9Q z9;ABK2f*L3_$4PkAw(GY!%WEm-+nWhl!^Kq$fi$(dx!C$aI8KIclK_SWH$+ng8bZn z&M}F<)U!H4GHd!8{gZmH4`Q+lY~e> zbwEg*^=wSY9;A9!3>7#bC{{o5>8`&Ma>y+@cX54jStv#t@Fmm=-ZOTh9u4N{)Jdxu z$~`(JoQB~X9o>L%km^}h)qn@`)uzrh5aT_~TZva6!zl||l`FyPDsK2^SSfavO}~4; zaPAYz1YND^fq!u%H9M0b9Hi=%IbiOmwYISsjw?xt9gy?Zisv?o&xy97WOZy_DbY-n z=vCl!_ieVM5y^bG4SR=6Hn#qOaFD83iSuCn*c)Vsf@TlK1733z^9uXxgD%UE{$<|Z_?%$}t9+ye1%BceGb zWB=*ilJE(;gn;J9aeZm9^(^(5>QxIK_`-oCE#=ieCyCyQu0?7YR;VIlU#7 z&v%NS@5aVnQ{Y-)CeDTO`2Tz_sRa*&pNmwznyUu>#fnf_I(3D-j411jD$in5^=B5K z!X-a1q~}x6rgab(lk4#{|APCNsQq7@zg4fY$H00f^pTVr=x|Ik?6{dHF+h}d_y-T1 zKO-V4hArklbtIYV&BtyL_cp~ramatF) zPGoq5aVG;iKkI*_@g(-ywNB8B0& z7jQ!Mi17x`Y1nSXTZ8@8)iGUh;cu(MMGRn_+bWM^So1j-C$ScHoTU{?33`_ z^XNqLJ{}AwoDboDapKbN5PR2R{mBM>?6(XfJQi`th`A<~}=r$_N zPw=jry}R7;XV_NdL*Vo40WMM{gV%fEI1)_|&WndtvqqY^C=zlYZoI90nx}4FBPPF| zws~TEAGcvX58T#lK0eDPeW;q#^zf@_RKuaf5Jl3QROem0mOIB!NiJ zwThLm1w~UAQR}R4T#oZcS)yD)H3e4squ&A+F{IsFVU;;2uTK#O(7p@uaV7?Y?p2ee+o}_meohgPcCrp7LyuN8@YSJ> zzJvK*)T_+`juT`A;h4!5Jy-g8|VEmQ~a{BXaiFO~3Q`iC7gH&I`>IYr&AO7swWY9^9RJ;>9*)eZ+ zb1lCWta44hGegyfF0zf?>ah0<4R()7+^h-k-}6x(?}_auxwpJaM7Jsv zcbL(*e*=aiZ-|KZ9$jiIxs_>H0yG!0QXD>b>|~$`d-Mu1OuNRBzRK%m1Lw~$Bc%#k zYa$u%bZIs=s`4hLqB|VtJOUcmi0{^shTb8G&_htaBm98v{cj(dlEFClfHS7-QVIHF z;C1+%yB7Apx77FLd>x-+qpDhb^%WfF;snAexurfnO?v|^6~rN_)zlV(>9d|**{8## zcsW*wFly{l!{~@C{GfTr z|HEnc2H7)*`Ke{{$Q`o*@O$NnUlgd&_N`<1(yVZ1Vtz;cx&e5(zLVq(!9S#wS5X45 z6en!4<8cW-hv6uAB6!QlZr6ezKpltwFE7R?4|AVY-fRD2k5)4GQw4m*O-xd=rxk4R z9mAw{HwUMp^xK!=`%5v$AF}6Bm#-~pXl_Cvh={Q4);;Vui)7!tzFe~@9h%g3LwpZ( zf#K4j(9O%ib`3Y!pc)90)z+^GhS_r;M8p8jK$yow5~^)ywl&xn9e$djZPpY9oLT4l zO-6Jazf*Hi(s0nN_d;#@sQSvtZbxrFZN1WN1G`Vf?oabUIB3ZYZakBP!f!nQKLHJ^ z>3Rc!r*tY0X}~qTPo=!nA>cfG<3~$U>aa<<#X)6sL9!loLV^RgXR!^!G3uFL6hK|; zcoK+`PULp$@W;iQI$=-aT;BG^-SwzJNt6u6X9Ilutvj;Te6D6MBJfbXtNaLHII6MB z5YF^UN8D}oVb3psho-~i@~kWB5}E!D<=@^OO|LLtP^SU*9;bTi)H#E=o*{+a)2#k0 zPeYEn;W#6k5DrqE4*M7AFTrS$A%SDk&)s<`AbYf%2rD5Guw&aX-%gGkQE6$msfl^4 z*nDk|4e*BJj3MqpTVA}xO;X1n3}D51DQlH6j*+4kVsH_{Ci4!{DQ#Oy(0bvlPDM$=bE?OdHU`?@Q` zpqi`m%ZC+0blm{bc2Y7X?H?>ywY4yN)CBh-oY?DXog>%Q$iESSN))#EU)(iUkB#TG zxz@GtY1Ceu3xiW>OmWI2$SFO03Qgh~MRy~cF^KnmGF6({jyX)`PWPK1N~R_ty(0p{vDrrK zFQi(YhCNuhr5osOZcp@f15Iqx+~&sC@;3gUWa_3>+iZ(@JdgS4==RpS6w4xh0m?fd z_j|ApA|90(Oxc>Sx66RG0sPZhjwpj0!d_@QO%8ImCJGBk4qkw-nDTT1JF`&p*Lda? zDfOs&x&sgRcaJH30?p4Y)vU)inrj{}#RC1Wg_zM@Ip=T&diS^28BB2LvJLvc{FEgH zy4cTgSlH3A{V^v0%prCP`Ef{llBG2v97DpFVIQLXGR(Zdf5;KHldGd8hF$qH<#ik7 zrWWnvIq(|B@Ww0fh#l06emBPXw33jMdRP&Lvo@##;hcTqR$?Y&PWT1<_q6biXn{QJ zZa2+t$72fH-!bj&(I8rihwH1Za@ABnozAvgl7r)C3>w6rN7}P#9|qwd)gQYa0p_*; zt{L^$frpvGvlRWb5mYhSV&hO^~~@Z(5pcO=`g z_$_t-Ly*a0>29W`rcRXU(rixv8-Y~r*Z}ZzpI?hr8~=qbDtjFt@9@S?6cbVfIF1jZ z{z6jmV^m<&#$gHYzl?6S|IuFhtcFHYrFv1#Ph7ig0eIbMQ4s_K2R8}Lb=3u|H)LM~ z`JiUOaK1mChQ?*i%>1VVli>6z@W0%-4O^9{#x_;OYi_#oeu$N?;!^=p>7pTP5BhPw z@z6`c_I=kghH^I`o)vO_zPmkyaDLuA6C-f_Y;n61B@G|zWU{|eRYh!)_G$V8+qT!9 zBv|E&12Y`KbS%jXwJ3qtcrQx|`sJ3xaeVL~oX1BSruv32swaV;TfuRxVBV?N81eSc z!R>Gwos8R8z-_HjRN?%h-$pnv1;w@_vhiZyPzd{99C7@w;Sdh%pZsC7^(KE@5x}$3 zc}Mp8w$&~Um#5dUlK}M_Mq7FitynGDiq>G5x4T!*rFk?X;TrbsF${;0GaJIG;{Sq` zz%w#ur3~`;7L8e-k`nnwRxn(0>pd|s-8+EFi)4xZm3TQ7v>Z(9yFM3u`pikXh5 zj-{I!!B^beUk{Qo@0O0O2br*su{Y|Bp}f`qa14*3`JwzXDYDd*D;ZD=;=Ki>0Ydsz zcgD<&cX%&-;B6O@0rhAuc4C`kQy48md}W_2S+gr{-;ILLGg0;ygwxU7(McakF@dK8 zcn)=C94)?IOLp{3mb>bVWLTD$T0!=ji&K#^GTAVT8vDzS$0S_Ia;&iREKZb%$QQ7E zK6?7XTfmYF#1Gk7Qg1vc`c2(TGvGAvJaA(iC&C)kS2jHyNhBSdr)}(-F&hLZ~GEy9dCrKe= zoZF8?=4U&gd;xNPh+iW1X;#eXmqg0UHn~u+a-~&EZqsSL*yg|T?8e?U)>RId`(Rv! zD!0x^I!$b7HLlZhFy?iW-fe;7yh7Z|+P1g3cCp>odBHo1lb*06`wv>+$%i2U6G}Ov z@5bgJ-Xc*#R*4Z+6GyCfVZQ5u@(=(=Qw`&+y}n7|F3+57FK+OL@_ zb;F|JO;4O2v|pGw0h~d~NTcB6m`I~5{N^6;#~p=b_*=ACSZy-K0~I@9_WMqiS%axs9_#Md4ao7=8gOGW!*H&m zAmWg9{=H+(%e2({b6`fdNaYlgrHJHZp1N06B$QLye*pbA^ceMV_SiFjT1=GRWF!=? zSNF~cg5yvj=Go7M73Fb}RDCR!c@_l~o{stirQ1FD%9v`nO)>L1I9Vs!zpyHKAb zh9sYZS`EEmJ(`?_ZN(LK&Wm5Q6@_r#yDVXTtoCQmeg$6K))hOCiGMpe%&~WisBNX1 z`Y=iW^_mC;83}Bwj%T#isaKS);}yOrhTZP~M;XG2iyqHfBv89C*#>rY;G2gHrY9`p zeFyQ;0hNRD_ixIfWVH%3vrSaiei2SG`?g__c1*2A7z-cQGX(#zzVqsE+LQi-?;s;| zzxR0%`K#)Uj;f!I8FGY8*{Ojb+ND)^KaWw&ROSA3x(|^GE1P@jF~mDX&JQUqVt#bl zb<{4Q1cXBf(znpF|Sq?f5wU*U;%nnx&) z!*QPILF398a^F)DA~D=Q0q1i&H|>F|y#)1yJL>61MR)1l#R%{^A6$JACz(VLE40t} zKnd$UYN9xGaIx27`bHk|wW&`eCDh_9yzrr1${grKM-y!C;iH>S zIK9An_98W-F5x;#6=S!~Xc@}U6c=ZcfoBKQ(Ydn`;0^Af?~mva+Lg@~o@0#5qz-!8`V5&UCiI09t7hKu~r0L7W&#+x(S2tKcz99tx3JT@4@IC`3A5|t~04d zP=-IuaUVXiKu}v;RmPe%1yU?iAev(NqV&BqxMhd~bg4 zp8WU}M3Y$pEyma1JTa(

R-Foid&Lfe*!d|A%w053+~K`MK=Pg}O;rP(hMrS+?J8 zB0i_0*MMhAa#wFnTY3n@=Zkj(ZtIhUcNLxQ3y;qOP8o^T&AFi-#y#S!C-y`|@!&hdX8I+UYe_UT>%z!f_OMAbUcU zZ;EU!(;P9p2j9J)Lhlj%bSu~LtHFxLYtBN?{dhq)4P`1O*2KrLA1(6BgC>?tgPb~D zVK`LlzaX3~zd7n~hc9_WUqNI=aE`D1Y$7aNJrB!NQa!kON)&i^3bn?us7_CLEXz30 z>jYHt*mbHmVK~>t>>wQBPlIla;g_zAgUSz5MI%R7nlk=DGSMXO&!4GFhUy1F9c$yk zY3?f=ZAT4ZGQWz_>+OdX-EbVWeh8-zHKqN6Yu?nDN;^(tX%SQheZcv&^Oa6?iRM08u=dHN6BaWiIF2WRM}#}AQIRtkb~nZnc(f<> z<@+T)&rc>hV@!w@%4_M|@c^sL-d4ijlEs4G;?c9FxQtA-A6l?Dn>e*q3S`f3y_j;Q zuq~&lEfA-jx_c6&CNimna&{an9n_D3wR9EuarVD*c}IHtZ0$j*!sSEj`-!1#Fng%I z5IiES&Ro7={TSzG0icgiDV5XgSp$8a-LUmB>XSCL&F9I$p4HXg<4fjG`^i35HVgX| zxkn7a{3dbgI913V&MpZuI!pKXP)oqC^A)=MxDfwdkUz^$>cP6n{j98WP*;Mbp)cv0 zDNNzwRf#M2K%OCm4$3bh_XW*YDG29PL!7Hw9LvK~O~B`$ygg5>5H>|2XF{?_oFGw# zQMdqhOI!Q?|Cww-FodND@9PEu1%Ac={oyUsV*0Ka$W$r&J=Q2Oeb ze$t|V5l|sWBnz++P^4T`wuNTtC+ zb?qRBZYwNfm3s$72l|_(7Nqwt)wF)IJMy6(wLQ>)pFeEmi_o|*_-=0zI#Iga&IB)u zpN0G^c+PB-Vci6E!KNJ*j(vQ9t-J3TBt_TMsn`#n zXU=KFd5F8f$wu^;{%iRNN>+19lxL@Fqh%e*%*7+rLP~k6Z`mMQOmao-)77^>lpPpv zcJ5?f>!rnk#cjlIFwsNya3zW9kA!KB$3FpnuA{;zpCCV;c-H2g6>WFXtoU1Rz?blU z_|?)xywt=ux^bw9EmNe?fDtyX8&0SYPX6V!(ODI>kR8CR;ql0O7fMI9qPB*@uI@=C zC35LX0f^c=@-edfI8Rr9&C~fZx+ukD6$2fHb2AO`y&N8nXFc}{>$U;$UelFTmQtH= z4SCVJ+0P29Y}Z9=BEhSX;vVKkS(oesNvtY2l|U(C`{(d|!OM@xgVc3P06xvM7YbKT}YL9MS!v2&VNykyD^Xb7U%${3&>(IEg zS`4k2Kh@szP63e~jSHoDBi%<4t5Ojv3vC3R#=;;v@M&MFO6fV}tW}#}d77%Uo_|+7 z84O2|5y6*`ZKjvEdONFG0O}nS+_(a*Q)SO4qk_e(FbH>@G7edRzkK6<0sZu$Llni} z&Gv^aBVPG)DKH#iH^hC~P~RT!5cW!Y79B(i)qQ*N^7b)AJ(2_1P6lw)<^-RDSIFsm z6$1L+=A}_OCEvmhQ}TUdh?jy~hqAW2(72Fllw;sUnaut*C$VVJ-h0BxqL`bsp47B z>gk#3dAfU+{mKrOeX|r(`CtCixE7!uTmFMp3<@6hPlmMI#WuCx>T&kVS2$wWyw5m; z?=aJ-{&I#b0!qAr(=BtnlmrT=5)))}`AVa z)LOS=+1qwr@i8)c>ANv8vG-W;S9Sl^2E++{Am%EGij0GxRWF$#3{C>szCPf5q2uCc zj!L(XpLSgl;@nnDcqsPT4~@(?p5F^GQQAc9o%KFn3!pf9R9z}284@k#C;mlCLu1Zi ziCh5Al^kn^Ty%;g**z{SP;I)9<0~il|Ba8_GmacYNg4i3wNEn=prC`)hLe_|mCzOz}e!LP=ZLhfcvi++(dPtc}n0ng5QLmB#ur&g~fbDd#|7B={+? zzrUB#b5D8~h+BnwPy|cv)z4 z@|IlP%>3X40d&~d{CtR_{m4ylI71|9C(N`cVsol0i(L1o9Wu*Bvzo@k(!W*^UF@^0_XT5%d6mR)_v7$CHsv7_VKm zrQl?zr=j*zAO7!qWs$#(yPn5jAd_44iT5mUK0S@lL92pf-E|=cnXn%nU8|e{=Tlqb zQ%#@ET~%4?$Px++E1JzvB=%Q)>W@jE-|Op_grpOWC#p1He(58jZ>dN>3H@ZT?%+*n z&r9KuhXc^xJFviy^J0bKGgPslS(o#L`MlOi8c|;2v43$Ua)G+9$@Uw_4XgJ+2DVH= z{)YCvr{4ysvMm|>LzG*L?bd@`X_i>SP1!d4N`Dp@u91D_qxk8UEg2-wQ@AydaaF(4 zkSurA;#|?kkweT(g)vG5ZtvPGi)|j;=~soCCFU+21yQ2_> zkcBxP=uc7NK6YK}ZyLZm;D(VBT#eb(c*#3t^u-#U-ntMub*F>AGRB@Dzsk#ixPH4m z^O@Dq;gEJnBsb>-%lu>j`NUU~_dpfEEJ#B#$G~wx+z8m&x*GF>`zdn$ScMCv)CZo@ z<6GW;>N9^pW|_?eR9JkSk3!+>aJu<1 zr|KIhLe*@rn+53DNvr9Ycv5Y@jSc0je}h7)x8PA;;qXAd<&jw!`)_@nDL-aKWp19whj8@)?H)-ul;ca!%bGkjZg^bIIXU z&*UJ%`!+wRw9yRJ1C0Sxl}XFCJ?17*VHGQ|{3%N*vIN6feZ@!lpL;m-;2F5ur0p`y zfq6=*(rpSZx0T6$i0_ibq=QZ;8afa3Mg9R#x~_-f6lXvkebYKQ-v+MnO0NTbWORDw zGZdC)RCY2>i3xN>)f^23&vH1^^9O5B!;`E>W(5ladZzZOy_H;z($Eq^u-ch7Q|}U2Fr?6InX2dQ}Gxu z1nGQ?f0Sd3;Mw;I$4r9r#XjmIMM~yTnO8t1ltLWAypOpVk2rMuk{b^flmB~Mp!<$C z{a3CcMNu1}AM0+BreX;h%ERm{9JjW}XPn`c%~W{!0m^ki=f|=50*NQ=xsR0}Ox6fO zt(&3^2KKMd1l1_4$5ROHr4Zxo4#ojdH#)EOK~Q4u%RRRc%|dm;>pBEF-vCSagIT2E zq$|XFd*{A`judAasH_2^D?h##?n5chx#5kEw_i={1u*3lU-2pAg?{EU9_$acgDV{c z2h?xm3{IuyADJ)!$!;Y{>=mL=JU$E{&Qwtw)-ahsDRpM%7Ld&MU>W`UdcGHxzSQMP zSLf!cV&ho*I0NYyYVWd(ksR`+s)f88yJ_qXX;VEzE>Zg1R+WlQJ)iy)Wgo=Od5@`Eomg zI$21(3b78fgejm--gpST(w{+f5ifm+*@g(wPOEh$hOWRlWv`uS|6@(10iyar)yBwK zym=Ebpd0u2Vd%vQGnohq86I!6;pgfxyvkdFnhajfO%X94yrW@!P?w+Yvog}38uof5Fa{7!bEJtVBk&8Ot2gN#Q0z`&LP-0s1n&3pVu1AgBLqzRxGfzlY#2jH-HmAejZ&Z+s|wk4L4`(nM`zlW~(DWKg{)c z$hob3FK2T}w)d$u-Ila{`4vtp=;gdawOr;+{f$9W2n*0Rlmsbby6@X%imzI3une9A zL#Kf#twcwlH7(}!eXptvt<{{jkr%V%>+x!J4|smBsjZ`uc62`afgm7%`ta=*Q-FPP zL1CLg3+w9b8Hxx{w`2X~BqrdOAqxY?#?#av*h-%uqvBV5I{aVGasT2_11B~i>LvKS zy1t`AYiRb?m;^e8nYaj`zE_#kmR{TXOAmKfUSW|RvH*8~+bf*T#KC7i;5CjPR;MzO zyWRu&Wluks#x(go75T#wlOCazE?(IIAUk_`nuOb!De6gt=Ep3X=qA^s`S%r07w?M> zdDbGmsU-|)iUtiRpw<3DXu*3Tcz-@eSydYRq)~l;1JqgFwVVY{a}ett*wA}51g&8Z zwlclOY1Mt^6SRtmfSpH=-FXA#E3e1U@Ut&1SDeUs$)pfyjqqf1fU4HxtB^S4^Gd9? znKp!lx%^Ne!dG!Ps9V188Rs0S@##^@d&cSRL;p(vJ&pN;5y(5dpK<%E>OrPtnCm5f zXplqF_EQy@7b7ao@s#gG%v*CPVo<(MkESfY=F=zkQYTZVS`ZOJVw%#!mPHUh(OhE_&t@|2Do)OX8{Q zR{*f`MM`^x$3&>)LrHi08)9ljpg5NS)kO}=c{->F5DBgNMjhF<#XWeJugEYfiBW1P#>jpeu$loV(!aI0rhTB>2_+gC%V1CVdW@p`=42UA4 z+G86nSP90{?>^VP{~K=%;lJpIg<&ZbK@t>QBfv>C42hmqrnsv0f+=`-;f@RaID2n4k={_%@j4t`!F<7CWUaaQNC$Fh4HoRW;5@52-dZ*6IJHN{Nm-q{ff^of{156 zQ*&(kCg-BWa05VR6^_;}8a!wBvD7`OMfm~mbhcv~;0@_hM+B?M$RFTuKQ3v&lRXX_ zKKFP3Yv-}hm-o8-hDOf)#<;nJ78v*bpIUoM?1Wew6Z{Yn(24&)@3qfzF`RS?*$h zbyYC4!TVYYOFwp4;eARe6Y;s>tGoG&1f_ zYzuKICRo~A=Y6E&6!NzQ-QoR3Uct<6rNjncSuJ2VLLa4B~U*)Yp ztFCd+IEpzcSbq?;AwyvS{l}_@961SHQrQ(>++yrLkd{x=8!S`$L98auX!NsEYR)84 z)rORTXwU2O;OgfW-R9`)AT_Eq#YL_vpomz$2i2bYJ8iY7@YC#F*TFd@12~d=ItnnS zi;eMdYAP!*m!UdQXs_}zpw-Nmbya<=vWilTPFx+h5vSP!MrzLs-1=|j?9Qz-vKmqt z1E9~BjL5ra^9=4Npn(5|1MB_T8Ek_3%FgS=FZbKr350a2>}xz;G6TA?6Xv<8H9S^X zZO|d+tS3yZ84V{;rH%gECOw~{hgoch(+XDOyHk8?`74|agO@s)=F}Kd^hBxtKU+Yj zvXFZMP6=FKwaf)LlbH7ZMUJ@YN}#?D^E1f5{w`CndQ)tX-j@ zw&;l@?)@t7AP5EdQun?fGb~NRG)oO549p}!J8iX(bpfH>@Dv2A(C4{z+dy}s*>{Of zo)dMDE*hO~GEEKZqj|9Zf8I-w6cy^3Pe9MQo6=0=`QkZnAIR#QrTyh2!njvH&99zK z2FCeoC_op@S@}KDZy5uP^A{gwlqJ9~!{wDeCPc!T^o-L#*FYz4F9zMH57fPf)C+;S z!li#*3v-v55%e*5>$(6cL)Ns$ltF>7%xSCMa?Hol*$;8wT%;88kA3KK|#ugh)|f zpK+`O&fP=U2fi2pnYYA4YUhe+RNl1lz$rGIxousmvkTy!$@f9%i2O|%Qu~x~=W^kR zo@yem^aLT&f9fF_@Qc9l+l-@un<+Cz-E4%-ZSZRvapemE*II*YX6mNN#< z1)0m6oFFiq-*)q>))na14vgR;ORsT!Ui$U8WP4)Y%|h)D0DZnxm6jc3^f}pY%o2tj zr`0SrE}Vh;91IT=XJrs4C|L1p*b&m0%GCGspZos)Ykd|XjeOBpyAG{em#k4+RM7!H zY~`}Oz3ds{OO!(&d_r=aA4$CivRT7*>p5)05{-W#w=HMW91K&&9A4v;zr=@)R=~Y4 z7ZYIdOTft{MJ)^Yb|4{_?kPTZ-e)s0J_yr;^`Y;A;* z@ksnevQw)2^|+Hwz3A#T=1IKQyUm6KKY%)ix(}VRcb=m&?Y4BRId*CZ5n|~;R}Ys4 zE9b1np3}syp&Hf(*_hgZSMjqD+5SsBFSv*o;~Ujo-@zuZ391F6tCXr^+6k{b;$62;h~9d*w)1v~S9}(mU-I3E zJCxSC(5~l7)xdn;`whQb_HDf5O|ZP0xNo*51R6eYYVF-eT2C$dIT4>ifBX0gh1t99 zl`bK4;Nbbp2g?~1KKETGZGs}8uhvhE&D{uFD)_Z{&dFDVTP$`l0;loGgw|o$AG!=N zKi#)!wLS^fSfBofj|ljum%e_p3-zlGE~77t2K5tqEiFr7tT1)!vrpvv?)^h{#HM#uXc{=6%LY*?K4gU`7sh=d)>?`0nn!zo>v|} zMDXkU)=U}_u6Fb`Z5Y@^VkIWD&|Mdj+4v$+?z_o~wMvJ!LeyU7>3e7h-o$TC&~IVk zA)z2KAR!*VJ(~Xon|v7(aW&+LFg8M$q>b94D0VOxX$53xV}?=6k`2Kir0!y1b#h=YOuPc3fn z|7jT1f06(5tpDLl{2x5yKiL01?SJ?Tihy)*YRi2gkuT4Z1)gQ4Q6={JW8h8>`i^EVUjz4YGPAYTcQp9-v*4D-?vCcB zHs&^_jQ{zS!Nu5tnSqJH$?Zjr&2#_Nty!aI@p&4kf;xO+b(OeNJ6JcYOQ&LFh9db1 zb7$C9zQg)&bf*6=(s74&iFOXSoQnmTaPh}MYr;xl*GG3~ zU##Y8A##TlQM#hX@*4EBW9*oa6qW@=<=vkPUSm~KK{?}+N2m0T%wC!@T z1G3qzUtsbZmCkL}0R6W$74MBc|H{w-N@Rq*E%-TF8qlcM2*@Tr=4KNqaEF2=KtLl4 zi2GmnP~mJr8SQL=gPR3GKB;qIPMFG&v`X5Ztok>eDh-+K|BCobN+C;~R!NE`WleR9 z(Z&lu0v4i45<%Fge8(8nfOyi}RAdVoqBW(?Y*-@bE>H-ngtx_e0IN(wR8y-p{hM(| zW-`DT8*jnsQ>lz2D`1Uz;{705sV3>QqnI}_v=SjdV?E|@6SHC^YBKg8W_B{r(=|324^J2~Baw%~PI z7D2#dy3Hb+<+?ZLW*A#qym@nvo7CC;Xt+4%YPQpM&4qv}^IyF7b%Pbaa+>8JHWwX}|<$7D@U4La$Ki6s=wByT_2o{Bn8M6vj~Rt7tlkFDdd=PV`~+0ShB& z)F!{tuqQN6YkAn3P5(YR^&xgxxzUjQ!`WsAzJh6JtUPmc5CS79zTeiOQ(f>I zC`5mrwLyrlcOCT1l!S6E+)V4OFhf6lv_BJT4PE_*oiG^KOKGH$i5=KI^t`##TgXS= zM5u}wYnzb@G;di!g^FWP5v;G?Z1f*utNg}f3_W;U{v|D?L>^WrcVq!lO-P@pR`pm zKIu$!gV}5jV8cwFh048`2(WlJ#OdFvF`9zQ5_V6P6

h8S5mH@)J}BtB#=$XQvGI zd&$yrn@MEAg6Ju7y8$;tSRzLk1|zv2Kbr&sf3L-?t+T}EMBtdsVj~1qIKRy)d*_#)3|BNge3(7OQ8p}8y>#$b)dIiWQPq{;?;yPb0 zHbLZuF)UTCr=W?6`3{}OT7HVTDaNpSzF;|L2C;C1fqrUso_87NH*kpuId41G?xck$ za_U_!xky2TM;KJ6#N(~F(smPdP80l0?EN<{M&B*Qaim1zLfq9?julmZ`r9 zrNf~|IC8VMA3ZoVFE)Kwea(*jCARsO9TpETvQ_sngGaY!-)59N(YQ%*Y17r}b>*Q( zzCU&_4uc(!(GF562eNuaG#Qd za2`%AuP*xhyCuKC_Hjb6SV9-HFihaGAh}aZ;=K7|#ta&QqR@PB-R1V%$8~$G|yAt3wfa5jx3*^^k%OY4a#;FCY>};2wy1^rzp@ zpjf*j^kDS}aU5joX`BeDe1*YUuvulkEhEX}&i9NveM6CGEb$Wr!vWXL75^W0Ah)ix zXLiL;ur*>A#Po_GP+*mRS*~)C443VdFmaP|F81)!XFgHiEILJn7=mLUZ-dPos8FZE<4KCbxG^FP=oR05WvbHvW1q~wrc$~GZJ%_3^THqiN{kEHTuLZ6i`WHZ)-L? z#O>|2OIxE^L1No*ty=oU17!9wmaP$V5=)p|0#~%SG2z|p_2=#tyDt8hS^Dbi&gcA{*nj-OZ4oFZ&se!jMLxe6Bx>8S9>E!T6az34urQ_J&E;mr9WExBkLf z^+#nRb?Jz@gwe4)LCB@+BIs!oyM@}8>xJGB2=&1qL(g73~; z9Vs$yG-`}S=m*Rp`=F<9>b%NBcwxs29du&i%><#wmJh}xmeL!}u!UfWE&PN7`@Ry> zE5ZS%RHAzkagf@3kG!nxmSd;FZ66gszxS9F;=S@|w_1Vx8Ix<=bmMBUHKN&2^W!=# z0Cnqay)N9J>`#0oWxLi}zyKRO8`obuJ25<3|pvg)JvTsU@xFD&5Z~Q)E zCJ+gJ>!;Sgn$3Zr9jnG>yb0bK+^LSx333T4U}4kM_@34yj^{V9&_vKf!8H633J(4f z1a&-bRsnuN=ssY;4-S~&b9kfg0K=vQ^ru=*XT(K$*F2T=x02l`#&dj={1ILi zk&R_kPZb;-97_lG$qG9;b)>tkjWVa9ez&B(O{}i_cY`;}AQ;X!(^zq-(U}t0wBg{k z>05fO-|Js4gF5cfT-7m8I-5M^S_fEeF<7cGXxqy;^+!M&t~ai_ZU%S0^U}8$6U2wX zZs3cD#7b3);cx9xh@r&eau>Q1Ow;J4z54Suw`DyYpgaoR$@>{3`=yL5UscF1rqGj7 z-YNO&bu@Z=Y|94@opIZ6IZZRV+^fKU*O&VH(>!}Jc|$uak~MibLg?#JQAA!ccaU_M zoKwMi*Aj&0b`V~jPgMG`U9tenPRX|_xghMQ>iNwR4^+NKN^|L|9;^FP2@L>*eqV*?mVCg>@>7_Qze7`xh^D-WqUDABd z8zKYqsoZIg(a>hbSpuSxfy{w2Z!zE1UCoE_TEe#ow^U{+K2$`dM=6($$PXoo1Fo1A zW4bM=b<{_l+GJ$!-#5||k8TyG53x?6+Gv^uh;yBSmkFYqPU=dmcnf!zo+G^N^*&u9 zt)d#g22ZQnZ}#-y&~h)_=bm1v`RUrF5y72jG57hyh0w=$)Pt$(hZ)wsXOez|Im-$ZiBa|%8LY@@3kE+B;;`5WCf_?u;%++vjstawu z+BESNqJvZHBPg7sW0rogU_+@pf1PN+rqypm_xdAia3R$$_FUK2+OTu7XgB+%_9k=fFLzP;`9Q*3*hgYynMC>|PulJ~;ZMG=auHIM?CG z5VvNCypVa6O6atpTu6qeLVIE`vA^r37nrDo(|`Sh@&3v!@E8n&*yKaHz%W$7@zOHa z7V10Gklq-}d zjIV+4D0x5Lou7n$tt^FQl4x+~vw8k2(iK2~o_O{i5DdmU(3|}ukzv>;4S`_b{wGRE z<(9KyV{t>tD5E~Y2Ra6^reGB$Vs4YoyPF!HBL=j*Z$sElu6MsVO(bTCH6e{uzaSti z|IO?jpZ(a(r3K}%wBGMkO0Y6XC@ejfBeEOSPUKJAnLbZU^fU!oU0E*Isr4@(;*HRJ)wjJDlp0A$4=l znFQNrm8-t|-s^M_7uom+(Xh&34j4Rrupi0#(XwU}<@)}sc!}SgItvg|-=CaVQ^Fm; zk*RHxva6__1c`-$gI=PNe^jLO|5Fv|=VArjFC3)??0wiLwM{q@YE02wuXY3vWRb4{ zEE(*F)1g8R50wHbQn9{D%TnJZ%+^=0P;OUI`^qW17l{w2E#x0*-W#s`rJttX4>ok| zvNG3fQ^M>375Q;AQFmV4WtXoDjMfdHTuqW94;JH%l|-{DCG0F__;^;vAUc_?6j|mE zY7U?*%h2vdLJc4bpPKa&wsmNrxP!E3SAwq+divc>S8ML?bnc~aE#ZxJ)rhZzTxr-B zPCnGMt=WWFqe?WN#H5(g|Ded(Lla+p9PDB(bLeDw$`B)}_=FhAADc&cxnno`Mtr9f zrVKo=;LhN9AGymJ;mXsMKdt(rRTd_?P~LPxrgoimD-_)D#f1NeW3B%e)u`Jqw;SBj z-a1{Ea9~A#L`ck1_u*MJ>V8o~`yL31>R4wWo& zXMCPy=AGFIHh$9Q-4%UMtxn`x#%`}L;rq~YBW8@9mscUJs!BBJ#Nr_fwblahq0#Az z5oNQZrg=~D3_fodDzh^$Em?U58BR5mJ;_THl6S=TCq3;4k7z9^t6Z?oBEo_ zFc9?{TadeQQu5)!a{kHWhOMa22sff5-7oezDt|@M$;0$KA1n$aUQLe+e}W83XHXy?Ilw*@MEERU}Y z6wm4ye1JGdGS29p)zNx?bNH#N4E@W#^Fx(7OU@QZ8%yvoS(5yzw$%}ZwP34hqVVS)B$&f{8@op>@IQp= z#fzjLEv7vJsKia2DAv`D9SrmA!fCuIX)tUIzS3A*!WSjKA?z^db-RQMt2q`O=C+L) zCM89T4nDE|*zPcY`zA8R%#DAF5xbKn4-^XVzoJ8--|t?+@7xfEHa8JliZOU(u$J;v z5D%Yf=G%gt>$etfE*lpUoR^2Fc5&M@b7R3pv_lYY6Lxy5Yt9X|-M1T#MZ#nX<#1X# zFUsaRo>b*@N40y&-)@P}L&9ZL9sA^~o=!jb{wNL~(+C|h^xs+VS^U_XG`#@>O{^gU zb49U)kQ6mO$kkaVnD@aW^FkJ}BFhdwQdip82mPs#q@o%~ar{BW(4D^RtuYg6-toEf+J9pvTv}hI`~x*f zoG;^3F#UYQwK03UGJcE_;sQb)xZ=H1HcRgCPb0hU5DUaYo#>uD}f{BX+HQ#IZSR|`? z-oTMBui}FR$j?~fkip_%OJa;iH?~FEcbtnL9$`=#q(bUDKTeLK*y)A#e%Z_E{OZnc zHyeXG+JufONKT(=KYK5wC6pVAWpn>yc4Hu?YMpso7^mbB5i}19vZASRMCPk^ocdh+ z{;-pZ!IsyvkVSg>+GT$zBj^@lJL;sn#W6MC-pmc6I9$wfMpYSKDJ9DWI#~JAV%mC; zm{#0dLW$EYo9#!>paB9|{^HsBjWPF`S4@ngDxK_GUpFF`k7VzpzD?q!jHl?pZjT)j ztF-VHy$RN=BPr&Cu54cXc3-lcmNB`00+-Ge&5P)gXs|@iVMP*EX`&>scUUvPr#ulV z=a`IbinIPDZ_22R zFKMz^-}~H(oBqaG>&h(r2vJ$ndf($?e}J{drGowOom8Yhx8i;TvG3#}ZH{fPkl*TV zqeJreQfK4P9>rh;*s0)=S6J4Ji0(SI3lnbDN{6l;u99X;R(qI?WGKx}=P^M8e44dFUNI^F+empFd!ryrcpb+D zob&Xa_0|aH`!Ek5**$jx&~mPVhLBCrH>r>DiJE&MJANkrDGfvh9ni@Z-S(5iAO$4C zEAm(V##<%0^ObwZ=wzxsyGJI{RxpQjtM3&GGFX~{<(XkBwQ~Cnx0@E|ojO{$9-~NH z?#A|;1sBt3sSN%aZZ7w|Xhag0FVUKV(Z~z}`t@`N1rls)H=_hHiR}JDWPjFzQ|eA9 zCseQhpr!I`Vt)(=AGxFt?u(BalV7sVK{F+YW!`KL*TWcQ+(EN2(IH1^jHX<;t(Blv zYRudZdL*=jGEDh!AYe|ut5w}CznA%AY}ntEvYUSu*2sKY7oj$`xu}oV?hAO|)Xd-R zX{^a*vuW;YQv+YdTgx8Eb$7!@(w240`OSp=`U_bW+>~@&8!Z+4i}s=Q=_Z8vAIztN z^_LbT6EIkMjO3(t7b5dQlCZVmMI+vigvibEo~M{u*G5reI41#udus2M1`qdn3yKcB zJ}+MBb9l36e1%~VJd0WQMLo&2xfF}T*VMCv;1xl#Z9-p)EOmvkCZkp!VVRTwA|c+6 za5@AHY(y?)qdOohBbjgUdX3;)d_1)#P3w^fS#zMG!`N;{q-|<9W~&&A9xS&cl4?`2 zf&iEIjc>US?~Xb5;VRsWRf}LPSFaw{bjwi_k+vR%WWHSy>^dJqMx4KV~P4EK*&F1a*h=ltTV(i;j%S1 z!Tf97UhVuTqOY4;bOL?#LDL)p#1&jYv{kb%)eeDMeyE~AaWK>&bB{?X2^ad)hL?%^ z{`AkjZ4oX7(s-8%`6$U5DyiT5$6EuqBT{5X+KG+)Rx{EWgq+`&m&nwvh~Cc{*lcKh zHm`~Zwu}{f83$b)$KkhGOB0oW39c zStiLimGc<8_DrU3(*xVocOwm56v)9-A$;NNB%NVeENW)y49XvLC4zXAG+FeEGXHOOcALv?kq$D0* z@6HAbs~$uRg}wHN9sS6BP-YQ6BcVw|wbVq0Jk~V_jog0rK#*dl)QUKD$R!W7>{> zRw56WE7Ajwm`nA$!QH%(!*2>wE+fHqf9!h=W)WG;x1bz|!$Rf|Y^U*@J(bMxXp9Oo z=OO$%GXu)uQL(&M9QmuQe6`ITh)vrqLqn7vl&v?0yrGM!CDTZvTyIE+g>x!ZPkxZm zxgteySSczl8OtYlDBRbk?nR%THI{>WpmZ+_ZpTE4D&mCG_1s`l_Sz_k?&jOGUzMcb zO?p809fOPZp0V~*nM?M;4Za&>NaJ7Tpv96L2vH{@RQ#o*^6|UCX*YQpD-RaBuB2Mi zhD^PmdRyktw~y3ALAfD_np#&{Bt>oO279p3mW(t9yO+QRp(@o_p@@^RYw&+q*(?OUp8k)0#<*t)9i0uFg6-PqI6DQ!oo&H_?``oie7g!fxqw= zwwjk4#eY;t7aDve-dcrq1lf15kxa#Q1eb235J}_^`|XA}p+uw&@YRAG z|I9(pku+;QCcX7~DYYPUuc(W3oRXKU{xc`{K!fU2mf==6j>M0@<~Sa4cUFyjb}pb8 zjr`Z{VZ1y0>>hpCF3DA?q%=FCNRQ+NvvNx?26XRJT89&&y!=17GF__wIXaKqKlpOW zkHNT@xC7~H8djmBC5O2oXA|*cI#mG93vWEsr_hQAwM9rMiWPj+%ZC3B@0}k_pA;Hr z;qEV5T?)05cGZn^xhvIUtoOO?%ZIgciteNYHBxvQeuL?6snY_)TXeA%&^h}Abe-&JKs=w6k@9(Y7lkO64xoThkT@&(YaxUK~uq0ke!MjtTZ&_K!GY#Bw;A} zU|moCHG+Wc7E9MpcB7|0G`ONx6vG%nbxG(X(7xWLQwDn6riJ%!q6(9i^r){vCF8I! zTrnN(CfyhWxk24OgFaMlBTfyR3)Z|@7y|TI2{5`CLK&L;lwUU8uI)RBJ z4Tl_NNJMW2-%>1f03}jMfEHccT4!A6gXi*^If4+K5NI7Ts`yAz9)c$V^2uy>feM|t znER}de=NhDv!b+b@ow+;n}`MEN7K3zi8whuM4G9**1vUDAIzAONfCxfKfYn%7rol% zLr`VI6c%k)b#rwqC^_6D&{Ra%ByelA=^;>fBbZHSH+s%T^N@%5h43L~MlOL4xC#?K z@H%NWX{yxfkC|=!YD^4#I2QfQddXBEev(3gMe$#`(5bzlbk)W4f-#^;y~RWIZ72bl}%D)Ib_xetY5Ug&3?VAAef#5e18 z;W?q+=znVNVhx>@9&l#&r`Rj*t_;8C_Y|SzsPP(j8sRLsy-sU}!f32^7G}W}NMNZo zLtov;p>5w2+On4%twd1GI71LM2(L+44uji1I5kH5$35VlYY=4ATVF0Mu}zVeTCY+T*6FYX#rbYRV#D{ad)qO0DMERf?+k#(znQv2?8pSN zB+>dGT-mi>CG?+>1z5dxi- zIh-vk3T+W5H3G(iXRaKsaSH8i&oMH%=X>#|#`rFR(8PptG*If&zJK$yxR(Jd^!uk7 z1Z{mWBvP$@(3tN;ALGexSOTTdW25l>3O)S#Cbm@lDap*eJ%mQS+?%YsobQqwoa}f} zxm|Qn@=j;01(76oS)5`zFcBkXDwNV2Q?)``E1$vf@;bw9O{N`T5<_v6i}w7rSDUJ)$W+TbA6X1FZ560#rMZ z?p}MRP7~ZlUOPY39f3e4q7aYY>P&x;vmd?**XtY{XAgO9qcX&JMC1F}!|0k@mB|+H zX3?H-dGVK8&2Q{NHpFPd5;Gs8;wZ2dkcMd4!6O%|p=I$9OnSlTPL?S%LTYQt?BoY* ziMXUBg5<*>i5+!REwHM(+P5_s%0km|`G_XjM_vv4-5uf~Xg=b;3w+v(X`lK!?J2ZWI-U ze=Z9v`Zd#kXP=7V($%`E(FnjQ)(U;OLtS4ZL~NN!R1a`Co3m9P=< z`NrX@2;l%EO{27lvqF7R3$e4l=KUtug2J;fcJPkdf%il7OBVhIDWuGcC`SZ`??(60 z{qL0XC<$wj+ZLT&VB{|s{$51FZDwi=nr_br$EVSg8emm)ps(;)a7~@P**wH5pb&nN zWk&@w!C~o&H*@ECqprK$X+mQ3T~{ZTZ~Te-n8?ab5Nfx$)LP1ZwpGfOjE>0naqs=bvGiGZp&Bg(^IZ9`!In^UhXj-l_W zFy1^=J5j&iJcH;s9FsAaNe?tK{g>MPq2t>KltxvDy33EBiZb9Ct}|wlAaPvl17@u& zZUwl1Hp={xix7E>V)<27`mSD?aTHa}>a9tI?6BTH?g9V2xkz0Ph&{W932byg3!5pZ zybtM-d2<*qx9lN~H4tvXDF0L>>B|bPrD&RsIY)}R4w@+3S6>VTedvyA{zSPgkEE@v=Ouqj?+RH`}olxgGkip>V3|Cp{H(l z^_`A)qx9FCde-3fI$-{u%Q*C*`R4C5;y;mTNNw%3^-jvkot7wxsSV8f!{pk$Ul1?f z+0gy)*8r-;$fVMrfx7Va^fo99kTcT$v`-M4W>|cLwOMQFT4WGSe6ChFh;Q8!OQS2X z#nfR>E%H9LYcH`%iIfvMNs(Qhd;u?3(`S@gax}@*%g1KUjSe63Jb1&k;JBVpn{qoY zl4G!A#<`B4mPY$i3ep5(-|#5CBJ|MW;AiCby9ZI_rKeub3XdM1h~_{A@wQdh8g5tr zXZQH8Y9mmS@k`}596EN_TVan-!cRy~W^JZ|!o58%g$$;;9m{FaN5o`h4o*d#wsIez zxCp8&9mlwvs3nBpKaYVAZuTs|qlJu_gf`Ysu`kR-bbCE~@(XQEA4Wc`1Ft;Q3lLFQ zYnnsplxd@F+OlZ1-N5VW*^dIj%-|<*A7X*mShRM69cZzS?FYh+4&o*}D1|VIG4k$u zDi4Ph)&&dXcGG<8kIfh$Js+_k0az7T#girS|x(DP?RV(xJ6SgGjCo= z%~~9mM}dl&R_(Fho*m9HxF- zXWg|qyRx<3*~zgAdDdGTmpBqf92cqpDVKuTYuDf}gaJc;W>Z?);hEOUXXAw?Z|J8T zJarYUc@rb+uDCjz?hH04)Gg(##USoserFR4&-m*~jL8*HTZx~4zN|15MFKn31ly_h zfy;$=`k?#GD$}6A%kRGW{h(DOZC$n_Pqt;fguhZ$BHE+tubyH0LkZdJP1M`J#qMSI z+MSJs_@1_QtVkuI{|{AX;ZVi%{rxMQ64KI0iG9WzDpJx7 zO1G2>NJ)v5&+L6Ze%;?6z>BkcXJ<~$`#68AO?|&Pm4NcUvad8#^ZNfO``WoUx+DAf zZM*_JeB8PJ>y3hTn5+QpsS&;_&lpt*5pS;FT<{|gPG;Qxif=()=d&+Y+#|K;%U=A8 z;=Oz2)5=iE6PlLJxQShlyJoek*YtkT+oSccCQ>av9z!j~wN@;C6EP}iG5D*40{3m) zZzA{k?(g5wH-wc+XB`K>R|McWF)~Qdv=Jcad)qSaR_*5aI=Qake5ap`%n0PnF~s_2 zN4`)j6O)LAOHRI{Z@HCr%QKth-31$OGFKswVAUMtihI zlF4!E$&I^mf494#vb!vGBgNT&?Haqu#FwkLmY$S#&_|i-t4>U$C15(IIO!p7Psx)> zKZ|RmAdEV18kepapp^@X7qi1+B)r)mw)!TgN2ZjTMR6w1crdf-;N4!1CCax4b*C8H zS{`c@_&6qVb@@%Q66Mv-b+^Ux76!a3$m$r>+`X&<=%rj-tla3uTwSg12upf<+1PXW z+E}?lw@)PE<p2VaQP=r8Xk|B)<~w$*?|@XdTk9t+g(3?-J>CBC@Eu^28OdKi)B0 z;%|)=6k40j2ErPqPxw?23Ovuy&WcL!iQj2@bdst34ZH1IKtGZ`2Qm?{+?X zin)gW9+53YOCiX^i#a9P)$7fS5-{!j5L~F&+3NR{3tS|4WE4{`^sD)`!GUlq!2CA= z?(Pj7qyWp`L7#Ibh@4*zQYKG74KQCD`9l0hD{H4qsT(vRN_J`0+A>wjV?V zY~cR%?AuSv*}?g_esprbF_t*6Kfm_^>fa6MkFxxg9=%9?^7CYwXzw{zdJT-DJU|a| za`6nq0|FYzkMFx?{1cIi!fcDeLagqbZ~zV+>KWt7qWUJ z7o~cfAY11rJR3demjvVJH>*PSMBDJcXZUEB;|X+#pX7U`%!eN>`atF0rbIT#(rsg@~(I28u=G$!lr4RKB2YLTD8W0jMqw&}@| zRwN~lh2GQCgS(e+=dACdiQaT@V@#(%rsMbeqAAb|<8*y`0dWdv=|1Q7%rm8x0d>$? z`2{?_-vyroq^zhN3L~ESzC=fqbX@&Dt<-@bs#$6BV)QC=7PH$3HH`Da=Q_k0-li*9 zsefNt`ySjkwW?fJQx#d$xlW;~eaxZx zB8NR{6zjwL)Z_xU2lCWAdPt8UwbH*FqpQe`(CLLS>yp$Q?m!$PREEbK&V+ z-ZSfW8yUhti+R!e9!yFoufjFYryd&WW z7gx;#OYFWV?6juAPHZoAa5p}M!mS4p{g_5=C_E@^mNPcnKlmT#E}=eB6>akLbRmoT z?w=x3pl?w-74b0Jn<=eUpr*0rY20po&N9#rKzSV3ZiGL>|8P-khcxn2`VT@u7>7tO zAF}7jndM1^aFI6)m@AUJy2Vs^b~agl@!%e*)}HwX98^J|UDA3n@lIWs@p^Zd1aE_j zmQ$=8q?+>I`?*W}m>1%Vi@ib5y6oq()&x@woK;zPoyBMnxX(YQFc)Ct7taZT-@Wnk zE!U!@KC1C6d$%;w=){Py;Lml9Y7F9hqCDD7V|@|d)eLk^(hFXlRLVSKbXj-YC=v)# zx!tM=REZ)aobPdY+k_8DhaMi@>2IRuN`u*R%@VnOUT)p`OqC`0{Vuqto~~1e8!7E+ zL5S;e!Fe+e?eb-m1-JztCv?RicHGMS!rZXSWpLa8#j#&cLLA3z3l*tzC%yCm(0`2s> z+Jd3b?f$NAqL~n#v3jS!JzqJfMzKJL{#PR*qKk|Xwj47Wv5w%iNmjwZ-ru==+ zd`q7pP7_~VPTjVqEyZ<2$zY&$Xu8L4e`mFViA(mlXxV}SP}i?44P_p_ewdM}bg95o zqnLY*FF^yw;g3S93Edm5pjojwAFl^0qqoFgtKRA7DO=><<{5b`ke7H`<|`Hdy=QQZCe@qswEF-`pE13_PwmG$X4?2ky=a&79hJ;>IbuD zg9>?m**^XFbbsVZr79UX2eodSa6Vs(g$&>x|1^B+%ge5 zeFF5tZ_oF1+j2@uZLCRUEgE#T9je_sI`hTs$QT%w%7Kg*$X$3MpuXFdtfa;#Sbd&A950jI zc3Tc&nrNWYV>n4a_x9d58oguvDaA07hhKEw0dH8i=F{tf2a7(Bd@r@@oy*L~oz!9H zj`TF^Lx^Kqrn#v7PBBzY7O2z;D&iT`#y))ZLPVuwbk~HhbDPygOnO=o>CdNs!%4Dm4JU1<17Eh;fbOBg(^LE;zAIjfo%9zz zA7{a|8cqQM?BKEjhf$Je9K9#*Ck^lhW1771rFIa0OXB~LVJwcs4FREX0zM2P!(25qF_E6}Txj$@_6*CE{h;U)Z) zLb}tI%E<~*vY7io$%m-jU`O|R9)0=26+RQEFK~_)QhhEh$@Mfz>6rvBBlu-HNt%wS z>m#lfn`8!RQYd{p?cuD&mN8~$J>r%-oSJ+`aE?(MWY3SR+0gab5mOdV zM9Jt{*U&_prC!{pn^#>#8Ln2oC0+-sp-8=urh77x)A+NI<)8;jnyG&@oMUnu;xL${ z#uM;7ozwx-(lhdY?PpIue)!GQQp|a@uY6tm<7>zFGtV`MwhnI{UVi? zP3dI!KVtHaVfM^kc?;Q7-JV-5zVWml6+{3IbDLBf$Jo4xYig=bc?v?ghDyN{OM-Bm zT-n|HkmL%fpZvcw{LMf1o4`4DkgD&-IKp|G!ACER<$+9)_eGe_Cq@+Ia{FkOsW&<~ z&o*9w_j5zWyQ^91QJm(WG7(pZ)cp5IO*lt11+s^>U2sN6E_!{?15qTBt?<*sLC-$r z&k&ucUUhGM9v$#AUG+1o3g3`|R zUb_sNw6Hq{^})JzK7MEdBlIA;v$Vd;W>a)^NA=-PBFV_KS6v4$VVpT}q`u3?vY#|d z&Udp_#DLB>!G%1glJ%^x-=d6Buk(D-)WI6?$JU3BLedSt;Iq;YMr&Nzq7S3lhjZcx zAbVK-3zxiIV%!{5!4zGI406fadg4NnL*rLGg0o+^*_k7X^~O2A`%8Yx$EMVgVEY!I z%H>O)4d;AMgE*1y{q3~zIML%EE>M^A?YL*nAdtwEw82|`dCLvQ2h3=hEu=haGZ*yk z*b;svXJ{~T;LHWzpXcu&Mi zHowxQ2^4aSU?n&`!Z_&zd5Iqn`R|xGb{t7Kh#I}OROL)megfxUAXQk|OFohD+`G#YaIOW}^k5o^9+UnOBqp(-T^`fzlgm1AkH;q^C`PjHUH3S>{j z#{|ak2Lzw?5`dnTGyZjI;cWlgRv2&J`b(hjFZ%BRtzpb+rZN|aLDAcvsW}{Sf4-p3 z{6F@%=s=v#CEPdOdZ&LdPY@-s4g7zwiUmtEa^s4st)7ycDVb7$xO>EHq)o)etBB&N z*zYmL8Y5hHNNw`(zPfk^88`7L_9O*Fmt8b|0aHG66c32qzM9+0GhYpt=?`)Am6-ur zjUw+*a`3N7hR$D|<~CUL#1^}M0OuGXRqSLPHNAh|jSy}7j3~fb^(WhV8~F(hon7G7 z*3tDh>uBIz~numV89C>UzAlp@sDsNbjJHxW(j{h1Red6~m;W9Xf`+=v5XJEAG5ml^_@7Yl|_tUcH))dFqCNSPCt-6d5O_& zIETWG9xH4sau+}4RBRd>##tss#yiaZC!r(-3$;rKM9H{)Jq6*^{NZ=3JTDGh9j3W` z_kJ+Lra^`EVMwCe11XBEr09(MfyrjDI9Gbv4jEVS@;oMWpwD0QW&o;suII7TUcm)y z`nM6uI5Wn2g%Wo`mJ_`s?@eEDll*BLCt|u)m-kij8r&Y|N6>SrEEzJV`KJ*5ehl&( zdr}p{@r;fw!&H}+u03uoVm08@Hy+kmceHvg(9yf1Rl~LM*0-)57UxQ@(t1OjD6Nim z$0`GPMlhB2Hgmp(SXqL3uTWa%S*Lx7$p>r~M9JJ}UISL{T`w~^P#%Mh!Tv96jd z4ccF$+i7MC9r)#y%Q>+3^L1tcvS+tkSKyIU?#c^splW{F8YxsmDf*GT=!-GFFuDMF z+Af%l%HY1^X~$N)#a@mkd3KKz`>TmCjPotc5aLK~Uf?blQ>4iAg7OPV+r6ddo&6IV zkMu;!ABL=zG^*x_91&$!K|G(>bz33HW&z*W+ zrH9KpUD^jAPb)Zmp9A$(6zhnuogan5fWhbOW)Kh7nM*cP>qe-~W`89Xo9{vyI&g<^ zHaUeLPQgU)8;9w2hvQqoGc71Q>n07j{w^>&Lm7j39Y4Ow4^hM;j4zSVz1|NaduTBAWl$kR0+GZ<#E;~@Dqr8?j186&>xIj zpyD1?Cm{$MQ-N2ch`R0S8@R=(Oo_AevNP$1qZcWRv)6Y9aWKh!mJriJWK^ZVv#=|+ zR8I3>af%BTZ73A0r<6GJ0=sQ&m51mW9m|9JxtqaVlWgr_zS1zx0nP@*2}lU}zVPuK ze)}@W8&3uK)m>>heN88!dut$+Yf38ue5YZr9x&1+WZo!|^+w;cwKaaN7oYKuBZIe# ze9tF^*?mbZqLV1d4 zb66bN$dcP|E_d(=VH~1ANY&-f>M<_MAFF{iUF7wJN`r z&(Y6s_f2Vm*5^PXm7UwC=K~HT__4#@xsv44F#kt}&N~R=XnK7Ts50cIe+Z`1i>D`i z`5}?E>G%EC*f4emWAC8KFj(a@C-xYxRGOqwrCI2-+`Dd6r&Gb~VL}UoI6mArrBiH- z&7T4_U`Mkgt;=vV0j{53Bxu9M6E>7eAdju1{3^P30FOV>Ns6$e4YQ@kd=i$IkntX= zg*e61$&Xk@qJqy_K@k~GZT!=^O^^>w-;8e1=jLNX%tufs;{7VCcK3-x#D@~)wEZ(; zon4|Cm_2y{;t*$NdVG-PN6M>6;IBsdip8WC{9wonvO2TaASNwEw5x-ue?6rcrpj94 zQ@boA!Ovtop9s<=!8nEU$hbT2o?Y9yMk^bgCaB~Xpf18`SFv!nnOn;G*o4tN7CE0gTf~fb^qQaPs0WE*$AHfH6M1G%E7DxIt*uuZbZQL7WKUQ|n#a z=Wot-GvmW#b>EvkWObZv27b8hu!%+P=We{!)@kckgl&q}HL$o_W_j5jhyiyt=7^)oSSTkD02YxSd^R|pwhBmub{B71ri4l`KPlVFy28DGJ@)$dpNZ9`Fb=8>GC!8w5jTq+rt2sG{KMJj zzWLV+`)P>rq6B1v^t#)~GDbml1n+ekWq~na;}?pJ6?^S_I3HN;;2bApomwdpk9yMx zHD#*}OhX7dy=J7!zWR2a$d;66R^)@L5XdKd;GvgwmD<>@(VOa3Mxd@!jr#l_dlLPi z=h8V2^YOIko{9l}LWhRb$~A2s-j0Uzc%Sy4gNKRT+lZ3Q9+8=9)JRT5nRGO{m%SS6 zrbZ*o9yE$7h=cMyY$l#MrgI*==YGDN&#CKoL|-DV4iFP7c?Jl3sDo*|c>3*jH?HYl z*K+)@_E>myZ%cm3Pn_I%HpGyqfE zLX*yGFcwV?{2g!NK5ux*u8RpfPi4_s10ha?;ThKvIqf3X3^?C8oB|%-^sHK)^U9Lf z5q)IWnadAE5 z*_=>vxUH25C*M6z7zfLi9O5J?cScmvdYWegp;~v*YhNBl2ll0<^b`tyGAODTU{VIV zQci}?MSyh)!RK2m@9(~H3Z_Va#b2^mQK}G!JBt+S`8O1<&Uz^Se3U&I!+PR59i?ZX zF?7Ml6=4jbj$?UZ88%K~igA_rt{@4H#;0@86pa7;I$5kF3TI+><8d1+0jltG?9vwVd=LF&^9g_N0ihrKJv=F||=$M@o}efh#r^WlV`VSTn`@DUs*pptp#b%gB8# zE;7v1J{G&M#wFnGlO-7E8Xoey$S=uoHs-&OHUZMP*DX!9F;G>6#}g(nQY|skm;>5# z04F;R|J7cyPrKuqnOh9;Q!|elSbb3T8X2<3>b7FzF6}PM;pGo-k_&zHbSf3hy8Lm_ zn&NexOh7?x1njG;-^0%lG-ieN15e2BWxuL_oS_D@hr1NHencH(ji;UPDJ{H#-hAXy zHhy-aj$gJI4Mk^4*%LEza2iSf*0p#~TGps+luOIVK}Tv(K{F5IxIIAn;kJu5f!-v} z;}@XA0zJgKgN^7o?@2N0ty#j2f{`wd5k!#$g>I$-hs?s`-2pzAXD{`cpz>fik+RY z!;BiIUu@n}{&Ks7!X}pj<^R~zBnok)RHB*Ow}zJDdqKu=PgN|^O(e1c?Z;P~OPM9Q z2){hwCnyh%lx_BPRnr8|#h??%&m8)~@>;U){>byoOzeBuga(#EtPAj04J2Hao;^NP zohFkU>CzeAHY%0^`EacQm(*cp_7iazkvhH26Xo$|u=<6p`yLTw5A8|;UU=#uW-|KgiwNltwnC9byD;uMG@39>NxnpEk+%nQB~oIH~6 z8)EYbG+^vCL1$ zGr((fLD~9rKNtI5tF-av7i?uyGjxwc7$-m%nMbnPNEsoU@#tRv3H((>DNaVYIVN@X zjSqT;*MBx{p@akPyy=`(ZWf!7$=SW&Fx@j~_1q9vFOUtiVTJ7Zn?JMx`@H(G#_4>k z!k_3l?D*4|#PNbTC_AY)a(e9M^RxKjJ>i}lO~$g)XThN`d&1Q8AWm1cpR%DAu5lSq zvUk!JJww;&tYEaK{rz%9ck5$eXg8Qmc&lpe_@U6~*X@8k_xwvb%Q|~lAERveH{>+T zV*eAd^-ex36R<;gM;_(Zqt$z5kY?%H{ao$TlX|2Cs)n7>gg4lRW}-cHZzgvVTHZN%#;53ZQywdOG)%qpfsJ41T4&+5=`4~oix|3y3 zUpk9^n739GV)BA6 zb5bau&lD&^OwF22C=9yD^w?pX)KH|qK|RzZVS;i`?t>%fpwxD8nlZe+(xtJ{OX_I% zUFA0u$PQS?>@ykSEKuuzjSE>6wSTnyWRC39sT7`Z4H*LvQE0=sT5uPuce-zW2c4Pgm`l z?~;o*^=sgdNozD(lXd4lcexCu*ffBsJ z%bw!f#`^1ntc(<=A}L!Sp7`Q#4=X{b@VazoRp{%cwmSF%B#7mai8 zBsya3+5fl!&#QDugN{$S^7B)lTy}_r@NZOGD(z z!G=;gSzk6(ul#FIeUU!IIbPsJAv{(6>;*b&0-q>(k+xN?SaxIt%sKIm?H0(OgX+k( zF7xJ>o0VHE4~oie=Um4RPK*1;k&tgf=CPmTED4(8j%-$PAd0n5A=1*l$H@pr4#YgB(<{i1(m9UjVqL&?-42~7!hmHIf|~z-AS3c zp49{GtAFhw#Xo>Jtx`rN-d>N(>-oUSP16>d;-Du}DkUWk)0q{3k7YxGU&JE*_UOqd28<#`jTX zsBdz1vvLQ0o-*0(`<-HYifXS3Uh*fAGk(K&oaCBEovMa|pj6;qg266mONO>EtuJ=gN zgFJs~7M@~_f!rJ}?TOTDOBIZ-w76gzug;a}{fL&llDP$|gG3y^?C)fkFb+kK62#%f zMNM+C@o`=I0X&`4Yu>fuYBK4J35F|(Ot1R%)FiN~-Vn}NVF^E7&{DD?dgu1DNyelF z&IzT2I5p1}BIhGiu(cphIWLlNythu9RlweVW3cYo5Bggl!CRx5#5SrsQ6acdP}GgP zZN^qmfd}JI-uwx1?7r}QVa_*xPI8y4Eo}c> z=(+pEdE(iNGgm-AZ$(T{xqjm9O$FbVXw`fY+FD?O1^#`;VO5{SKM(%+z&UOKkUhNwK1MIw zi-y>?!90@#$&-cU46EV%v|D^;7?Kaog~@>*j!hxtfe|~kDoATQrZOGZ>QKRYy`96wJZlT z(2`%fybrh0O7D1zaYd6d2*#mjO@%n9%gN4BUx^6bJ_Y+~kf(}g!Gr@V6?(YN310Y^ zjXvnF8oxjKjF)3fXg-BAAw@C3L6~2l~*A zFy(awDrm>KG%LmDRqLJ6lR+MPz_ADIm4IIAC64U#>cQV7Vh?_k!8lBXNPm^0WblCj zMp+%}OYnY<@8bNSBAa!zRi~D_uu4jON!|zQUoSM($NYmrcWO!wPo}~sek3&5`T563hnBuLks!Z8`e5@`mcs$MQE?(F zU)L2SlnwZI!McEqFN#NQ4c(QnWw{j(;_h=A=C8kdi!fYyDayoba48fd6~I3KDBTi+b$ir6xG%5_!I>A3lrT?{DbERRooa z*DvvwZ=mhV@v~|bM-=3jw&s=rduqCtTK7sV_tOapVhmZ{u@|-4z&Nt~KOlQ>3E0`c zMC?SBzXN%jyO?#SY7#BahO_jW<*NFwg%<$2-wW~Q+rdXlm>06B!=Aj8IzOI;!#MMX z$huw^Np*@!*_Doyad3V~b?VdAstrC>d~bBSY;oR)Oc3P#4kt&0O`J>2o4B`dnZhkC z&O=yX=c!~=0UczI!i&o}8NY#*pJ`zIw0X8?qUBTj2jZU3Xw$~@Inob+&OA?Z3+ZyMtnA0?IH&k(u4GfwB z{aO_JLW-OCQ+H23TFs*C9rG`GL4C{r{qB+-7gUfveLl=*uT;#^L1n3k>2>^RFkVyP zI;TpIZdW>DBIEXTL;=p`2gK9nE{mAN%O(V#&&KE1X;A*~FQ?lL8FwFt-ZZ1$pS;QA z3jAKu%aoWS^-$Z&qleW6-UssRYe}H5+kU|>_#5T{m9X<8z6ZyNJ4#poz&Hb%){s4H zwOJj9ZZ8{^{Sk#!%XP`!Y7MB_sBt_&JjzWk!<2y+>zuuya*Tt5`(;7nRA91Y^X#<} z)W7l9o&_&toqC6P@hFmUit@f*J=~D9WEIS^osR4~5%w9K zj*zv+Ib_%iks~01ah4)WA$u6SjiQAOj6cxGf;Zv(<;O=afsk5?2z`~HFfXbmG*+j&m;V{e<0$w1kUa|J+5XzI4q^wuS^t?mnO*$tx!w#|xfP{&ToHx`Q8v3t zmb{+J&)HO^K{eDiA2XP5M|yWxmyTVv1m7#JZWzWn0`pS=hn~E9`JOBJ-Yq52hyN*y zN+s#xc%Acu`|2I1(-#XHe}GriovC+U@OYZn5_7&WQBR#V|n$3=ujXW!VHcNH(k0U)T z!2xk5gtoAC!VTo-!8|TL)!k#mv`XglpjPi!Ph#Ug*F6X8`M%na=M&dAhmo4Uj2L_I zi3_p2-@-Ucpi>ZV+Ty(Riq|L5&@{jfA>FtCy<;6qQ+b!IV!lrpwhL=%S4&6 zy3AAYv7~=&LBV54%Mf%sbzFT_(}R0QPJWQ{;650;feD{}E3Pbu?5|_BbDT1@(s>DX z&|+n|r;FFSNM160WUQ`<$(%0HCJ$|M(WaX+;&t?&lx$FiX2 z6IcDh!kdY!UaWP!v<(YTedjO7zk(CuNZgKF)N%ch6$B#eF3oSu8e;7OdD+4mlfvj) zj|*;=fnDiOR>AP0U9J=II0r~;1$KWRE#?BPp&drHqk{C(M z!droHz(h%iV^CqGL#mR&bP)#Xafcj38dA2!`x@-^rbd2E_gA#I!B^K9r*X?((Q9N5 z^Gx8rpx9c>b@G2433eW2-njjB!1+;+w!ZZ)=-Z*fa$NJjG+~`y65U4&b zjM{QZAKf4i>Ax$wiTKbRg9*k({qMOXNqiN8u`W!a<2 z_e5W+stW1iKsRA}Mu)=#SN$-jvoU>>5?yQ!i*z_A#tC{Z8@b9*l@CY3J!rtA6mDnM z`-Vkm9auD>$$sv&k2D0uw)I>?N=|Fj7b%j$-d8*UmmzX=iq<8mxTON zWE|J3^648|;rjp)aL?C1=HS_DE_LkbJOOo#!^jimD z`nGxg=EZrmK^rHRDPMEOyE6w53;6FY|FIb2v@zmkF`|XBD7*&mIqfu~W8rA4^x>;dZm5_b8(3u!S2?aspx;@gmtlx8ZxA0y4dW=7Iz#px zp*L6Y7MoVR2n2PIu%ChMwicX^C{9SFzH9X*xp@wOeZKuNYYZh5gVi(WT#WvR%tgG0 z3C_7lhd85QKaO;a4zKk}f!_=7f!i;Jl8o5S2AQt<6gEjvphA?)D27P3^H*5Z6z;~K zCa=6|epeO+=lnT`I90q_lXG-jDBR$_Fuh*5`}f3~6pC&?9?A4LPI+}EeFVGP-ESNB zLw`$FlFyj31`w7u4xB*sufOX@ksKG|MBkbVl=Um3Kpz5MfPQ=0mR2FQaEnrrxKFR< z<42O9uSxbAx{H=ilKIL#^*Fbfw5*h0YiMu|6Vl&URGGb{dvVjS_criM)eoZQv3jOr zEaTY*8q+YupdUg{oQ);{0b>`4J!`0(yzfQ zLdPI0t@XQIt?=rh1h)BN%yRj=898iPIAEhygkpFR7?{PR`-_r957f@ozf_)gt+8%QmEmEKQ3r*m8^=qI8&0C54?(-{9q zm!H?PqQ}j;u`SC76_w{;98F6YW4&xZzIEJ1Jdu2#T_S?V^i4mftC?tjZhtJNG z1K|^eF6Q4I11(x?*+V`5SN4d?uHFk2 zfpOwOkolPY#1lDx+M|b2IG7iL7u1Qt(+>%WXzA~r9ek;5o0RlNSVh0 zvz0kXrJU2vr%m%9J6T&*I-&ZE4e$64gGT@pF*k7oW^AKC7LQqi=~-0b^@3^Z&% z?EM&6=QYS4TW03VE=+@Kt>U45hW!e+%WW&b#Lug;`F9M;S7&o=8VkrU@&2W`zGSxp(g zCwV(P=Mlg2^{n_lP>1!X_$^*!PpWre{N~rDsrW!*m#{62L&$+V2jB3GVLjp=U9`D_ zDA^I^N2}n9QB_Yw94cymz>7ET0$Hk`HNW(ygJQOKz9^f`gd(PXzF@6^afq(XLG~=i zFir(~at!d~gOk%&_jK?nhs8K1*(d4P#XzlhYalED%-|sc54@xGgq5AQodwvu+Rj8y|)0@Ebpqx&3+oxk)J}$ zqy_XjE=+E4jsh`ck3a9$&w5!!QqXNz#JbMs^V7Gku{OmgKiW-f|7MaB_}(oBb9IV; zul_opTv!@@-yN$!|;G&io*r?8@0|Ug8q4R65fHw5tsc%PL*_Htx{sVAg83a$z!Mm= zb5u4mRCy@T|D04}mt)ARj|P6Y&s$CNCvH#7ncI)dbC2oD#(Cw7;GDK-=($=7VjrMc zs=pr*0{xImn!n@5+U8N12M)z{o^!F$I4Xm$&dtO^?X;me=IT!_w+ReITXHcY7>76( zdEcQV?QATYvbbZYAM6{m@z3(jd{_r)gcJE9*h(j(QxCvByYyk>-pK|-iW;nl>K7~W zVj`F5a85e%x%6EHZtY}ph_1Ti}l7f`nPBH z`812+=a1(1~~@*ta_iDGFp_{UTEZ> zBi^yQ3fPS>hv1^5-c4OYJitzaKh&1d*x zKz-27?twt0;xI*cZO5_T_{vsVZVIT!l}+|*vn0AaqRVTNnl1f>XQ2<}!~d>l5~^K@ z6Yk53u&b2Xb_4wh%-8vI^De&EsHY0(>N>TeJmI^z2C|B87_TIsjndfE{*jZG>XFzm z+=cpW{>Qn2j8CAUJsC6n$)~)u6&pO z_i|AP`VI?ygx*vdoa2i059@qaFhA5svQMOg8|oBdMEg=5z4V2QKi+p^_N1P>f^3Cp za_hl$Ga^@EHG4UFo^pLEIgAhghlA`J%uJmuStiirqQgd%v|sH!Vz(_feeyNy=54DE z63ewrOK_W_H7V}{xF3IRrY+=xPOV+&^$g}e-zB9(p38>p2Ab%IsHD3sV1J$}X%ULM z>7^lr`&NYd3k8?u0PyQ}U0Deu&JBY!mQ(Vh0#VW_wifGz<_6cV04 z#fuo(CpW3Zc-k(9?~pITIAli1{-5uCbJeT*yB{gRJ>M$*vi*s9NkRFgaxSfTS#RgI z1(4_8xrT#}Gxlq^!{)X|CeQ3rM>(}Kj6*(_3)!Rd_B~CT*bXMU0*H{juKg~3W7M%b z_lle!qfpfO?9DfjMBYXvSIcks;WU_5TM3jC5x~ord~i{- zMR%{05gp}Nqwt;e+Q_B>oTJ18*^{8kBlcsJ_NW(hYV6hhq4(g^ott~V$=X6u-+rz6 zI0xL9SzhT`R%$-Ka!KZKTU)0F_lgh|j6=1K%me%gU!+O$94lLT4Bk&7@0~n}@Qyi$ zTqA2c*-d}*2$1hJkC6cvM%f*%EE~=ug0B13r`E&b)4S9X$o){Xb;PeZ2^~Kw1Vl*B z-dIRdM8>&;SMoal zkWH><^dL$e)y0K-;*om$zWXCd5Sc!p=6VNIeX>wFG3D2H88CF}R+s3Q`qCo0L+OHgfjEM1YGk)pP^0V_>Q)%Zeo8-_!2*(tK1Ni$x><0njATMgv6^%vnv9?1Ld~OX# z`^3XqsM7V@^R)WzvXPZ{6*!Iie-_4#^=hVsO|4KQa6R)p;Q;BZ{yujSV1WlXH#&*6 z)X@iS@z+4UNrCfxPQoN+i9aXZ+Ig_sos6m)(6ePte^<$1c$e2Qx<7H5JjZzu3jUpv z_&vvwH2aG=B6Jho)5(Ae+HXsG5o1*(_=dr)3ibsre7@SL0=f&;&p+Bq(ji0{3G9y^ zuevjk8|A_6Nqt^_n0|=jl3RPHy#W*rlG{c|%R3T>PyP?eyeGNHLSHb6fYatk`M`dlhE3XRx&o=h|vi6QRhqP zWzGH`T;vXKpxx5%t6AG6fVxOV(sZLAmYZviwN(cb)#VE&aRFc)3OpJRCyL_p(g;pP z7$wljhRXW9Z=={T``h$6s`6wRFLYR;8AKjszAJ~~{&}R`gfCuI8SV}fUp(qqKv?Z)2ywzi*7Sd_p#{!yrkBvc3>6iTe7SWuL8z^l zkaw-%_S9j6I5AL`I!$p#LF9D67l|5_5PVO8U?j$SGClW-?L1)v2l&%s;Ii!N1F2-J z$%iRMGsg%aA5b3u?|Vq~{nN8ODt+a)w#e;VG(fyg(z#7)RD?iR67J2&3QS)#8j{9Z2IJ7gNr5=$pBW91jG7`4ffMc3>hXIDT%oeSG*Ng= zouR!xrG^ZMf?eIAC5Q2M4IyiXtu)augv~xcegWgqWxM<|{*vC&39zFE}^H1>GJrAz0Nx}UDrp4zt z67m`oJ%$CvJUnm$NPT!yZ64nlcDV5^l!D(tBE$8&I}i_VoN0S=l%=(Py)we?T9-ccv4(IoyRLext6O09u;o1K6I={u3j+P32awMI-5~N>`|k`hp{QRg zUH8KNmgUS}fheBR8of2Xc(sB!A7n5#A<5ui#lc%J4m(#2Xr7&k>x&nR=_#?_0TB_O zZ#JV@icz~zSW;6fN_q5GHlDzG_;_7;|LY5*8zH97j4wu!?khr&Zs+f~I1uGQ9Ah>; z_OARX-J=%Z$w&r;%ZyZ_Hy{nptzvS+K_3N$0e*r30(qkgCdzEITSzxqLZ_wNB3PVO zgd>*)#DRm$IZsd3J~fAeD9C?rO_hcx+GTWo1FfFL$84*&2Y6Thmkqfvug4-18C`bs zqNJ^2Zb-rMUm~0*&(B@6Ti=G}Ym4jwpxie;vt{kQCth6J6^-vI;PdkQ1N6&o?`}lJ!us&b^Uwap4sUV4s=v`V3q-J-9ME6H&h8CrN+I}XQ2Ha{`}-3Dd1`w0n=JdK zIlfKmTb8lz8Q-jWE--t{|LHeqY3bs-7^dYTGYZ53s&EqXVGV@d{OV84+LdBQljZ`} zd2U4f^AfWgaugxo0_?3?6ho2hiT~mVfX0QAu3)K+>agEr07SlRi|S@}bO$MW>FWwfZ<~Wl#4QJZK?9a|h$iZ@wz&vc99zWPS`EZehN`M2nQaKRvj+YK#L6R3 zwu&GO9s45+;r&@whXc@E5fj#EXrgbFSQ(9KP?X>1<6b{29hg1Vq|b2@?c$&gwXwH& zb3i89i7#+0r%FJJifpIOdH_CJewM8VP+RUvaiZ*2^vpRVBFl;d%U`CRR)BHrb)MrS zx8vBSd;{Tec|boa_pe(HncBHFmj;*1T_S$sE$;!HUcMNM1+gJ3(ot8E7;K^TO!*;u zJ^?t#^jW`QfEFaTww2Fy2=wzLPTa&A)YnJSp@!(-Ej04aIf5$yx@9>_`G(~OYe*P< zNJjfa5J9PNF$l)VuY1-Bca8Nmj3}byl3PI(G>ny`Rum&_V>#8WUi6(V;PejxS)UPw zl(o#|&KBQ4az5Sf$uE{75|qI>1vDz4c{cVP3}^FBIMDzzTe8WwMS6LNj>*$L|s7_xU;wHfI<|1tv&*!+moPGiz4xop` z_aUD%oARl?>^nThH~j@THK022Z5>(=n>5)yPStD~_hyRI4n6q$JlyykH&!zmaiWG6 zeEMk)_)$8A30eE=y9`8m`$ToGmJJ!&Fd*_}yhY|*gQx5*G}#war4PSYwxxo-&!T)? z&*%3&w4Uw?I5LhqGr+Ht?UCJKuF&L*#fMgc<6OP|H4W4y`6q=W;|`)3t(xRW$#~Bb z&}(mZ{%3wf`R9E>^ZZlCfLFmaod)#@IG-vI;3F2ej|}x9FHF?QeB3~wegeLCpuiA) zaZ+F^WtmyKQmaaQQ>PT1b59K7Oz&cUiy~YLEvp9NEw=qq0-D2==O)3G3ZW=GSw~{W>OS)zsV09~|iNKp#AIay^t6Y$Fxk*JyfE5>9Wv=Yho` zMFrWP{rN97(YbZLtpf5nK>eVw3F!-|jK?pPWyPK!GVb2-@XG_y_Rnx$*+#c^jIW)N zq(bR1UPUo}2eaoD&hviJfE%!qUqBid#0IQM+WNHBDWLLy6^QG}O0Jwv94^$BbrDi=%Ldg2W{=q25{Scyeks6GNn@poI{c4g4ca?V- z4=nB{`kM9myBLbjF|R(EpzALHep!>?!D6|5-u3D=)%k)q&%pK9L*QKSrz0P z;!1&?TT3;bvswjgT(3o>LF01V$7p*;>s@xv0C<80kMY!{mIfcYBDJyeE2!QdH2~|X z>D}9kOp2=$LkVS`GZXxla%+1RFpjmX?DPD*8U3hk6Q8gA1JFxECcI~kMRUukcYbN0 zjM0f_f&{1^{w)3WIPEv8NE_>@%NwzH3JvrE)1`=dab$xyCBhDLn4uAS62RYx)iR1h zF2PdIYxtO+Y4BcM;LZYw`@J61`FSArGosBM8h!Y-*P^1U5Nsb5_5S*Neji@l%0@yO zpeqgsB87s&tO2Dnb=Yp^%7whyvZuZ3HlXge3l+lRPPVG$LoIp)W*t4WQ(*BH(e&cy zJSkYg?8HW2HN5=XcI6kum+Xxp zHbwft=BGjk0W_|Oh%ksx5_6ZLRE|5q z^E#uqK=S1$oOr9{vQ=bPOTrKUs&D$&e->?Uhy-y2u3zj?g!!uSbOQO5`45Y~BhF>Rcr; zEK1re@+bG#Lf5dD!`CMsJ?wknl$dpWB`AZhrh(o(fl6;eLgsG-rb`iRjztC8Q)u=g z!F{dS@+~J&L4w*ShVj_bF4jZt-QX8H8n))m4fykJ=-D1}KX_@YgQ|k6DMBqv|A6@| zqF+oaL7dn`uAl_CV9a$WAR{evWpW7_QTA}kAZ3=55|5&B53B--1>CYF1=7hKo|+VK z^!!#donyja4bV#4t%QYWkMHosXu%#I47wG#G&+aZqiJHmoEbCoR7tyMBA|6G1*54p^>L`wZBCG z`a&p6UbvU>xP>?$_}P%t+k02H*i?dZ(n~;`KCGo*!sNzPR6yTm4=GeHx(>;HtI~Hp zqs?<{!c$5>SE-lS#4#A3+FJ;89XGm$ zJ5zjXBH}96k-enz3ReTL(uw9;g(4Jznf^)C+mmbdtaMg49L%0hQ7jOLex*8yA(KT{ z?H1@rq4t0qBtYysP}@4RUKT|XFoQDyctxQ{l-ffKD5QX$9N_Ed#qN2RACR<*5&^UJfMyalgVMW(&(-f9wJgzM#+kzK5Mh z1m|>z(Sq#x%Lya`Dq6}6AM^REG_pCUm#@;}vBQssEr2Q!L$6GVCF~JclYZ9H%P&IL zw{_tA*SGW`5C^i+jcaW>FDow#@WcK1kWlPY)Sz{o7^y$&1q}Mz0A3M$cI6***mH5} z+0GZozT{`+kWFfe7q~xyLa;n$iaZLkp zwif1dYWw`G*?GeD*>w*q7#xUAa8Bp5UgF&v$_s*$mjv}WfWHBAHgC0-zrd9pimdk0 z%da+S{twXq@OX9&f11%G+rEZi0ye2oJ=^O7jMJl92O8HoS{1TinD(|Z;Bk9J2Uck; zhT6WbVjeISrZ7>Vs{`WC10|t-dyh9x(D&4p@ArNoxY-|rir!E5o69oD1M!-`lJ;6iCkyby z-&!kLs<)P)*uS0FUNPP#=~9;@zCylxOs?gYY-Afe&P2Dj59>y0^(Fezps5KOZ)va0(inh zXN=2V9JS4~c5#SEKl|L7MF9O<;?@xN=^DgCt6ghK+9SGh+SL)oz&X*KAdV&)Ap{p^ z2Zi=H@MN4PMZc;^>bOxqj$RgN?jDF+0naP`@JEUhaqnJ@i(eUu_L1kR+XgH+C#4s} zskyX5M)Qq>WWNFY4JQ(BD37}}-5oh?{t~0;sKD>QzHEXWsX(Z4{kr1UD;ZC3C;Rd* zGSy(5;kYdj2Q8TMv~95I8v@`l1y7G;F%L0lXNWf_Y|c-6wAGN8Dy+5!*$)mV0sw-vH7b)2;{f$ zSq>YGlbgo8d?n`flColZaRiJr9`!t~t4u5!0Yr;-6BJ+twd06WIEAiEZ3uxujNr$- ztBnG5O{BPN7xKkbma3Kx+NuXb8Wy+zz z&Po3(Zo`oNm30dQ8hS;POjr1q1)#nl+0Snp&u6O$&V0l--`uravegQFUtSYw0C6Z( zti{xfvfXt79rcU(crnyh10>yxl$GLdm(1X3ynrYD0O-|4E|amO#nuPmbI@ zFniX#p5xCMQE|zaNgWhvKzyt)Oi;)RLa2wCcn|H(ru+izhiM?YRD|dJ}?m=k~>f1$dd;FetXh$i7444YE7rj7yKE%{3J*z*YY%qwno=upJ zf`y9*q#tWkTtT(K-o#h4nwBf3bjz$=R|DtdKd-BA#_Q_ow3%fhfF0Nof%n(#$M`4; zgyQd2q}%)kJ|w(ATw=n^!n1_bkv9>wRd(I$J1N_nSuoB9g*Rwi_ac$sH1~BLmw?Qz zU)VvOp0!`NjmiXe5Q=xH$!uLJuwOKcxOKjBX=D7tTq#cU3Rd3Z7<~WQluZJ0+Ord_ zu+!y#c-;dYtkj6;Ri2I4@|IKNe*!kU38 z0P4Hd9+SI;RN-aQy`3W;N5XwY)yaYHU5eai=b+;_1FG#?P$tp$A$pcVa1I6iGi3I(pAjjGM>~$&MlPevKuCu1ydSX z2jKT+A-Ys5I@=1hb3^dfNId)=a#i%AH2azKYBG1xf# zUQ2{%wL9I*X);@S2p;I08p%F?)7X;iwZQN8h?B7r=Bc7E0M2P70OuHE0+psXoYg`J zQJYQ}MS3-6_ni)R1g$_+(TJ;i#K)5#gBZb{Nj1%k&MV6dj6)sytfyTzx9ci#p0N`7 z4V;$=_qmNauY44XD@)R=j^(Mk8#!n=GS}O<=XU zIQn=@0nXWfK39q@5huDzW+2m10V|ecsHGlhT_EX<%N$fE=ZEGS9x@=_TklICn_w-I zd7=Mlz(ZVVuPL7djH4+3oCo1iG!Dex{-CU*2h{61KTdqTO=0&1nj3_2e>pp!ttAK6 zF==Q@V#{vw{F2Go*GPqbUN$8?fN_@EpY@q2yL1kQuwLi($ABInuh{=5RbY6&h_#Fc zQt#RRuGe=UyT8ajY-iTzB)E z`)?Eh9(Pql*pF94mlFK&X$8cO=+*FIG=Nv#yzlWoQf;HOY41%s%7!mhHUXHQAPE_W z1L7QqB$sVT%+4ua0Q(meZ^31{VS10j?eY>tGr{8tJR)$8yA92^Yy2Zu!uf+Ae*)3b z?&u0E4j_pZ{H$|`r8!1J>1v+c`U0%0%-I`8ek&N5DQjWF4&&%K^UQ+~IcSsh$o>jA z;w8*ZWiybF>q_;!87hCG^SnDm#C zanHY{1pJo0PLnjDwY$5s04uAPmlun>tBITS^JS}n?$%BYCT^yz|K7T4XW`>!W94Y$ zXvO-U|77vBaAjvx zNSPxWqU^tJGI>8{ns6gFAhsxE}deEQpf^BPms$BBHc--83WPpJzuIm>n{>78&r_aR8o#1@JE$ zI~ET|o0q0G7WNjF7WU>W<`%4h4h|mfzO0}*dil>&ddb1Y#`%(s_kW(&N_f~!$JaeR z+Y;cmCTBuOKk^bK1@5<54NrGHSSfP(z|OCp`t^w}C769;VD!xwI8qlT%$z8QG$>ef z5t*>ZUV6f981vn2NXV!;7>L-;<~s_fsgIUX?iOE4v11#ZwwJ~~y_+sRzF94tC%bUw zM7tjx^QB} zd4LD5+9sqV4kRQF&{(?(&9tiC?NA?H+gHH#SS+1{bviDApyOvJsT)I!4F0TtmCQY@ zOEzNSnPK+;0{+2Ch+-#+O7Z9lPF_6hYtcCTR7V*5mjgdBw~3AQWZI7@-Ih3$yLG2o z_LXA@(H%@~V@@keaeC6Zna`_s@d$U+8B@s8J_<{ekOgXR(fP>yYuCPEf+|E&yE4=! zD+?6n*U8Qu{f_%yF9yseb~vg;A;7H=qhUv!P|A=c>X=K>!yTZ@w^UA2*zg@>r` z`bnlx6b7?ui$IN+x>62*$vZCXoi~${UzXUtt2M8ZB6DESA^*927B}R1uRU=H6*~<00Rs_k zXMozltWqTAx2H=_SNbkaY=_TlAVUR`I>T{Gs64t9hQ04(#nvq*DGm;Xo%J_N#QP69 zuYDc!c_z`3U8E)O><%%n`wJ)sJARU)u>Q8*KA0<;MYpv|p@+;6Pq9Q}b*$HpO7%{v zMlmpDb?IHGZ<#K+5g{R$P_0Rtz!_=*tiytY1l=wFN-Vw+wA4tNZ_k{V24tyj!ayV? zQZUroU?-ycVil2_kM*ORt2dFIHWPD=mHb`_TD}3 z5hRt?KXfcb-?Ijr(Rui)SfisDP(B9Y?(p^3b|`LqfNH5E((_azpBc!azjEH2ew;+6 zXQRf!pZN2t`ruO$ZhRa$B@MWBJRzXD`)eJfKJ){&o=60rrSXj8{~j z%+v=AX#KS1)d>cjP#2c5TfdKEbtdpS5Bc}v=!9BU9bp{3kJ8pd@A%;#r};anq){oL?3h9u z{_al!n05B16d>z}YGb}KCUekO+5k`X$&Rky3zZfn;lmzzx@ctisT^IK$lhZrLR=AR zrp?SA0mBcKl)(n!0f;Z!n~YdjI;qXv0ZlJx@ixtb`qoVIUSNf4mvvTuct2{V|NTjK z6ieDm)&KM7{oCZ%3%tTBr3_bbzjEbiz9e1<$0(D`!{NhaWo9hP!O1zVeS?Vq@*nF& zy}uuWtgC#2Zuaw2qQNyIW(1BMs+|s3$wa*$ zT*%dhJPzQNb>FvVc9gnOZl*BBS8dyQEx5H1Rp85c&Jr>i$Z8Jrtsn@@y6?iDLDsc~ zXHqKl>^{ukK|eBg_;DQHc4kh`K>v<$XjS^OAH++(1D_TnMO2S1x*GL@QI>cSDw~HZ zgN0r8%3|$?YF()tiT&b3^t%vQJK<^^v2F~;RsEFrZy7B2izqdZ-kp59R~Y&vW!3do zL^n}#YhbC+LH`H!kjBk6oA4*3T;p^Q-l4u;WlOhk%yHyVp=80XdYg&=~r38i(PaZ0clS zC(3q>7y;%&KI4nMr*;Ad+9w+4WXXy0*SMctby+%6^@pmRcn#53VWGJEGjnI%X+L4| zv7+)Px_H?+41MC*;HPCqNusjfyts$#J~t#tIp`(d&{X&!{-(Td7r1@_7#-HXt2xu! z^GW4fv4K3b02afR0_+26U4{cf`pox%ylq1^pb`r@1P!X3VYj6uN$LMQ)d0#Vci6!Yz(0f#W+3;*#NETy;-#aLyM>#mvxTFThm9lP08xT@k^lKq z)<9FhgLHCqH!*W(1>DzX{|N9Q-B_RhJ_|P=4<|1#I~$vnI6J!phoqP!uN1pDr<4>g zmm~+jI3I_&6g!V38#{}Mn;9i1xG(m<`Hg?vFIG=>7IxO>ZptpvGfa#2Zn$~QBB*LqiL$j z+mq~D{}rTYo1O`}k4{;eankM-SJ5mFZ-?72b5-*)u_c+R<95WpiwOCIeHz(=7%bTs z)YEu7v6$v8)lN`FfFdzv;~rNX*9+%Q>l;kgb&`Za{T_)F#wcW5-Ry3Uoj zb|3NWUtYO(zsGRT1FZ|3ins?^hIYBZL5Bft=8{ihfQpJtl$p*yj$FbY zcoiCtDDy`+3X=Hmhb@93PYRk~#9y~a(XPr;?4}41airp+q06E0u6a0_boAVw#+!B6 z$b``NzN946X?VAp`?Z-&@EI~sJRBrkW#X>0cvNJsK5#X+%jnKa6wK)d9v;^01Z;VA zO<2X>Hd;bUK)p6O5cE$BkB-MfaQdA{_^A!e9+S2^>JAse6=L1&+ z@DI3*%6z9{RQfW7IB4rHAz?D%jMN?!P7Y{0O88fxvhD2(C2u!AnG_Qcit-)Q(<_HyPLemBzy*A-hP)4wtu@8zhHz7=^;E|F!4|V9ars?{o>4N9F zK?IMWYrc7w)*hsSjB?bk6ba?Hu7Z(wP7AXpEl!s!WRi01afX7ZUye;3Ky2YM$ED$! z1}~@{zKZc8NCQ*B+GYUrI(_C(`Ia5EOxr0Qy=}} zSTh~nUd2}sQ%5ef@3y9q-q&u;^BtZ&0>kQAf!L zpy~P7l@q~$T>-s4qHs8V;A96Ok~x*=g~hupbD|1&GrTMX!y4gor*JJc5v&a6<|W1s zk|}hy@22H820*`Sb*t6*^!JJ7M*+bxm7YIvcKZ}!vj`TNnvys(2&`6296pIY8n`_ zx>LYfsr)?#iRmYw6u3V%LY3P5dTlfz%B53Z2)XrP zm~!$mXj;sElV}YQ$Jh+ls@B6kk?o)9dG;km=Yups(<9~thi>+`qa$(w|3Lg@GrG$f zktV}c3`0795&<{UDu>(5t7AqoR9)iS2T?E?r;}c%&MD@poYaVC`en8yqe$i`)38*+x{4CHidNrpt6z$A8Kx*pDZmtG z8(#xI&_D^b{_ew$I)XeM!RiZx)Wo77%!^t0wbZ`$$XfV^Z?AnOcH7mWAVr_I-G9O) zx&ME|Buz`T%p-*At%IoWPr4bkzE{It*4JZLTHR^S)6JyX$_W*nvTdiM0-ry_s>URi~X1^u_c>Rf*M=O+4cv~-|$dD$ymU=Vw2b4ZVYqg zB`ZZK5{2kVle8Z>gAuijf;4-c!hfPaz5f@(Ew}!+n*s_!2EkGAPoCxOvQcA%O`j}G z_&Hq{^44=@u&tESLn~@-RV=S<1L_MV-t^R|vwz?znJa!u)LCX_%x)`5BC?3MgnK>j|L>ub(HWk z&DU&#nA@ug8`D*)fXX1_jP@S}9#nLuehZ)z2REstCA2a{Zxc5V5`ikE6po4{{ zFsS(Q0RIh5u8yA1j(wxs4Z}<|YDUnmoZjep=u_|!$}ho#X`5G3kUyVi`5y<$ES{8m7dfVKy@_c$s z=FG|nU_j@Bk(ytMqawHb z&Ki0x7jgUR>99uP>&8UF5yyq^`9D^B8cLQWw|yo8{W&1a>{jIYrlODBk4mdVzdd46 zbab}7rG$F z!TUrXGb*6^E+;{|x(9kWZGW?m|y7mF5E6 zbS|hpGST6FN-5tzIsbK(J~~UL$rCjz2@6gUzmk8qDL_J6NJrg z)rYvF3b!5qmbT=PxMc9=x^o|UdIwqL(u-1?Nj~WH>VKGM6Q{{vme>I1lmqtfgiwpfW{SRK$i!gNe zao6|0U9QZZx?;>>0yujKA3jym5>Zs)?iBA?j|*mzw}=&o$GUtk_7bol9g|Jrt~#`o z`P{F)>n#Tjv9@;mhPS#Z<;t$s{la`H>ATyyd$ffv|H>qq2*uKdr(;d6PaAUX3IRXf z8bjF5b&bs=mH(13TDQO}(@ThWRRZ%;7*ZR`HCRD8r|FCoxb3He4Y>rCq(@Ssmg3{B zpU^O~7}SKRI7fFPp|z+aCg>gQuG`qg!6gb2-94KLas6s8cZ z=$5Zk>0Xaf#hLvTc*?&pWkQeGc@1BRUgo^${bl;6z4}h-NiAMXFyn$fA}E?NS)HSf z`h_Su&WROUn+wK+;jj4G*S%-`$Gri!vSL|nI>OxfgfV(@u}=gyO;yMczDmVtibTop zbGRy+66eC*e{y|AridNG-=v=k)C)l3*GSPl`ur2`SHfya&wX#)2bRXbnl(Z~T3D?? z4<|G$iAzF6SUW>iZ z9cD&oyW~c&9qYVIqO}|uT(oZwY`(vJPigLz50z;4 zlu95YGM-dxdz)kx#@BSieuH`^*TW?hk z9%fttf!6isGmj@{{tDLpBSh8l*1eZjMcd}l!{}foXu_u4-J@PYO;sL&LhdCyK?Eu`~6CR6WfU| zW8O_TV@QVk|B?&(ys6sv^Wsy>1wN78O=|bR9y(zal)&!&=?ng+lhnXG3=|G)B!i^u zPNi$CiNSSyqMaA`5vNr|imK%obU(}wL^enN0EHr16&)&*+zy)@=5$G2jedCef%UBe zT*km_D|sl6?O?~w5K>W)rolt;HhPTpKiL~VN2BMXRO?sFwzX=om*d^9XT zz_Zr#6++zg?1p=o7t)GVHk%8Hc`59g{ECypx{rw&cTc%k|K=U%holY4oBcVb%m{0} zJo76R;!VR;(g)D%@o!j3^oxZf==DIrCispl;TvTE)F7t6#Zj*?G+$r>Jk;)EzKD%= zrX)ui<|^gkq&bZq9i1R7GQk~&(RKC>&ETEnEOZxw`NfmH@4n_{;TJtocdm2iy}3+H z42b2KMWxGSM)&AFZxDM{=D)36!;A}2THBJn!gGzC3E`zLeAqK*(V%M^4xtXCr=^rr zHC)}SxxeN7Op((cXvdwgb9Mx^>}AYP*!h;c@a}!oJ8@shZSNlzguS-emvV8{OBOP# z@2%Tk44rq<^pEuqfA6g*FRm;Kpzvl}#HMw}abl1-@cy;Exs)sM_=jn&Okgh~cAB^BO>TB#bcSIPzbYU=TR)cRzk z)Idqg$qDek&(vq}!OC8F;F#oxwkk)vupB;x->elN51j*8gj zKqm0L2X2Ln(WgA87k63yKcuiy?nBsm7-AZYI$(X?;(UkLvZA|6CnLV^5qPZN(uw2r z>st-;?&E9-B&3`dbpN%TNcut12a4mA;Z7M+VT=9mte%2H^eSCP9T zTQ-pa*M6VPT+V2|;wJ3Nb!ujRqoN=3=aLPaE94_lQ2%rM5vS@n_^;!Sg}t@YbK>^j zeC@wMFwiTM=A-^|j0^IE8zVYI$E4K5Oj6R%W&+Rd_o+BL^m2-@RlVOfsXl)TeqdFU zQYE#pPsn$DNeP=Wl3G94^3GD*Z*i7pQgGj7PEk5N$W(5{0J%JJxt~xTg>p4P3Ai<} zuOjQcA>1n+f<=ND2VPBggkx$fqY-Jx0t-SNzmS2VqES>JKsv!xM*AUspQqoIkmoYC zOM}hyWRQ5~+-<4QkTSX@#cY@86{?>xdls_H#dMg(yGnA z>8(K}No(^gBt93)eg9(rqCU}z6BCCZWq_$`8L@GB%(X|$C5wo{*Q|Uerz^%pj(L-! zxw60siy!bNCQ)5qhWxOlMxmt6So%H(??c||?nDecX7OUb{4l6ih2VOsl{nM9);*CU z*R0AVkkd<9oA|dYy`ls}I>k+Vkac7J9g3GOzt`F{>DOGKd5-R~MKDhm^XD51qN)-H z!j7rju?zt7x2PH8znekf-auqVqME#zsFk}#e&G^dqH^_ON_iXTS=%5`7My{btaxfu z97@OJdaXy01%~-wdfsfFKxAHym%;>X?=dE-`74_nbKI6)A_Kxwm4>My;qVy@OwrCcVtYK}BER)T))yseIDdal%%HxL=3TH>E-2BvOU z51DDdaa!v`s)9O8|9f-aD=7nd5C-0C@$(9~3GWR7L_s+Q+S7pD&n;9=fyc(elK9rp zNTB}KC0RQ-Qd`Jh2tmYv<;S2NCiO4|I41xH#L1l}&7n6NT0fTnl=;J#*L|x@Zo=OV zRxXG}ZXn)>Q3Lwjrl?-Uo|HF(&~ijA$w7rghFbgJobYGmXQcJm@A>WnjNnQ@MS?#O zz?A>fgQ!$Hk0({O^cDRiQ17ap`_15Ui~)4xNC``IZ3>zMws-&-M}CMLWKY(MH^DyW z{kzo4Ky5)5>eG9X8&Xn&04X{?FXZ)vWuOCwv+=c(fmN0w7JPoRFoaQE{`?cDGv43% zk)J*RaWp;$&-44pFpim45HQcjVdrR#+oiIdvz;+(~T2!JSl5VE`LCmQMUCuj|I z;nw`+fF6)y{4YnVR_{Hp2JJ8*o6hZ6IuOBR0V+2$qO3=rk4l3 zt;h~ZHR)7{KXLZ_5m1!z4Tv>J`c4ebWIvACFk~MG#g~I|4%~@A^D}xxmb3A>rQ-7( zP%}y+?^j>@FtqpDTH#|N>3qJ6ehi><4O@R~j*QfcdI1|OYK*3uI@t>981V1>2+PUN zf;jEheQ1s$Hj}c@KrR0M-c80k(p%}I$F|uhp=)87%q2jPXh>ghq_{f&f)cprOyno) z^4qV?U>p^%XQ5RNYo8*5X3#2`AHaD^;-&vq&0|oN5MQ>I+V(V@%Lr7^ND=v%=sbqQ z^;e*78Rozvh+Bdbq<`(vLHz@=$F@?J4l+oq!yf23N_cwa(fsrG=^7)?CYd;#a3{nZ zP~m8lfv3^$4#VK3F+M!%%HmUT{~n|m|I0C&f6mV({P2orYSGnuWCMCAZbxw|Y3&bN zw0Qf66Ty+c7ZtGuI$&(hh8%G=y~kt7HI+XqNyGb11P8|P$V~&;16?(DeTkXo{stSU zfIxF$F~6D+y?EUFeagsk==r-)5BR<&uB+L&)}=4A;`0K}8Hh#`mUh56S=v4zj+tOM zy_)w%sdzhZL*mcO$@uo5HyrY2xNS9X?8#ooK;=t}!>O?h(#gT{U43TfX2S%5E_<)jQj=-l428D+q{JSX}q8h+b5V6+%U2tI}G35TMe zA`@(O&eb|roxwN<2Am*{4xP}5CflK>K`OBRpdQMd>0XX)*0jX&VX-^@#^~__IyuKJ zEsQzVT$$h{JtbwFGO0MZ&Vg|b6D&X++semPR}R;aM&Nz+ck!pbC{NGco4KE3iK5os ziM3Gz>hXR_x@O7~_w8drod2Vy? zK!qcxub75_!>-g?b8~@DN^7xoi~t}5^n;FkM36CYE~kp$+k2?&LEQo=b^o1b5zM0J z`I#1KfK7WG;dh< zp%8i$jDrRAF9XIkPH=USNLLxzi2&5t4b**>T4nu>D3_Drq7r$bL~F1ND3G;wU)L3u z+}I4mAH{eYeQqA%0x9bM+Jj~M5ybg)$UH%q#=ASc18ArhY@w%e#2Xe;-y-Sg;?$rn z#!LcreQrK@xnV~o61v}W#+F@SoGdU+z&JQRN`XZ|Pcyf;^4S%eYAiJ{2~dQ*)Oo5K12=Gr%~wZEryw>0y1d3;a^sU10x> z3boP}&0ezk)oDxl4I@SdX8xRKF75 z|3eu@Vo7x{Na_989@2Nu6~sxr$|0e8Cq5QHMFugpkN?mvvfmTlX_IfydgyhfjRH`o z8j^THZ^=8rjNP2W{?&=lMq?e+A^(3kS7o62p?xDjVu1I#aTe~XELw1Mdu;MeKg$dm<`AfZ%3ph4TE>FxN!x?+ z|KairZS_0Q)93->!9fP1eYD!WI=O=Tsn@1p z9Imwq5T~8%eP-j4s(E-npf$cii+Rw=D@z!mn5ORg#VX&BcntKjh|wv;qemd6zJB|z zQg7`O4tJO<7>7Ho4#csUEF;-4`!jt6*yF5bD0e*!Phn8Aa5E?`_$`RS%ogY<)#4TJ z{P{JxE=rG)(^K@^Mwpxc7)M6zx${5Q6XFoHOrEnf@V#r9#Wf8qb_%`js4I6gGV4}K zCkX`l7eg`5HGPVwz>59oPIEjDUslR!4bBNm1=(W?9j&mOorSIo+!cV!gwYyrlsXx~ ztoxfVKD30pK^U;ob?t0Mhxru&$CA4`HFST!@oRnX?@KTGxl*Yo<~CrsyoT{A8`y#O z)Y{BGLbJqtdhMLS@Uy9u7P%NA-=S>TgY);om5$n@HC=9Z8>X=psAA>s^BU$<2ia55 zncF59=@^ik3iOg`P$YzuaPP1=O((Y@l{x2aY%B!45Kc##ctQwe>?hB2V(IPCgW5$! zFwQT+=Y7z;ysP|t46?#a2dFscFHg^Jds%qngc!GUu8^?)xU3A^r-dO!Uf;+3YgbAp zQMx@|wk5?6Q~~<0J)(jR+RyehL7l=EYWFV!H<;|WTd?&@A9nYA)_R%TBH~n2oCnOl z&dh9eTO%o9{^h$FALB)i%jE$}FwP=n3y5QOfw0K!h&%EG)SADx@JrXSvWe2JXCD~h zh_lM2^b-eG6Y*QM-i+P2Gb~6Fq+f;Zn^(+?|KW&rykrJ(!l6)%>J`ukmbrj0n}_Pf zS7TM#*adkVVrH175>EVgK!4Rj=FucmJd~UdYM4}4*s~7IH8)_K;m!dNr>ZX|wSifW zPn`{@0os@(+jseqKEXYSL16Dc0g1Me3-tHFT+esgWKJ)d-^!ZJS&Spe8WR5xN1Rgq zxspq7oSEBPMcnB~1vp3?QSAFf?KH!U&I}TAD~B1U`@#cW(Kq|zEEf^eRcPGl!&fai zx3gzY;GCN*kUi%i`?GB}iyyUMfC|uL<2TVRS&7B&5|`8Q1V5*59=3oEDnzKGobY*_ z(j6hOuXm(}-_2NqIwAb~yu_(I{y(bDGN7tpYuJYnq#FSd=};*N>F$t5K)OS^L%JKJ zr9)6ax{*eZ5Jiw~1tbI!4Dy?OzU#gF{d;~qXU*)1)q~W-tC{yhUkqPs%K{xaG71i+ zzaDJR(xP>qJz9AbKPL7QbgJn|@c#Wg*twUIuovS>!TXG~ClTs2@{hy#+yRnDE|}~_ zk)7jR8cp{Y5=b7m#|M3ucZqMIfw#6)rcIEe_r?2! zdRqvJAO&WX?`CgDi~*$B?aObmZ~pnwkQPRFMy6oeHt}#VlwGHI_nj+S@RAr z$YWAKg-DXgbPG!aXZ|PNhcve|1!Kq!xZxaW5{QGZ|DY=Cw6Hoz4CrIgQjG=}g9So4 zv!fJ^n(em56jh*dL9}`7Q6srAJ_$2V|Wq-V!oBymS$Gdf_NCb@-W}`qlD2oTH7@ zf26p%6pd#n6AQ3GC6_H-aP}o<5_lEPnrd-syf2s%)VGh^?8o)*dSL0j;nyIt>e7#2 zIUEA#%pk)de~i23m=dBwHv2#)mQO)eW8%9^_=s!qUF*c?cmHlN18um8MycF;FgP=} zT~23-Y?Z@1^8awokiG%|AfHwoIlCCjk9)Zu3ho z{CMCgTyN~OHDjsHpDpnicCJdz5u-x$bBia}DlWmxf)mt?Mh_Iw*oX@isAyl-t(%Hf z4UG@zfq5pd(~b_KG)n9HBc5I86`y%aFu`lG6XuL`FOueJ8kdyyX~j$@7Yd5ky|GV>Rp*yP67`sZ}OBI zd-({&E=8Q?Ho`fEst^ZnR8WR=3InGC2lW0S%a`jN+Lt7L)4ZLIZD8z5X9YU`>Fkx` zxUx=vx@Y&&Ii{$Ei?HL{9E>xM(hPBG`m$?8zm<=?YX>*O=4?9Ef`?DjrcN~RkKt~| zk|Q(V2e{Zf7{J@>=8hRsGYwI}$o!cO(|@Gq?<+tY18l*Zoq&^SkME$vFby^105ACv zQ?KW+zTAf@0zJQ{px(7@;V@ny?2K1Q@D83f??COgYcpIP;Y5f-)AwLbOE!F44!lW~ z_GL>;uqAZ;nG?HqpmJStkxt_XsHZ}4!n#n8d?)hu&5cm3TN|g@8~=wh(gSgJHWv8~ zXQq_uzJZ#4&750PmW`nVn^P-wQ;V5VJz?N}SGQm6Ym%#|HY(e*HJb?MSASpxyHBMS zM3F@}J*7WxtvZNjeicO&Xyq<>7!>Zms}xiizS>jMTj=n;4k|a7y4C#}s_R7GJ>$miOCcAxE8jOAx^0CNFPl!cDTkOxKBN59=AUu@(Y}+$_ly=&o7;s zjRc*Ani2QXOT-G@9}he%CV82E;1uTvlV|Zh(jE*=Q?uP+zb9z~YMmsjvGa=0i~hd- zJvI}&BVu$~Mydh&tCqgC&#&CTSwut)Uuep+9}_UXf^$w^Lh^WC$86HM`9&TV__fr6 z^iC&*9q0YtGv4>K$DaMJTQ3jRVaO9^4aNkuotwhtqO@fua(g_uFwPP>vhxx>&TtqH zu9D}63}CVOj5%6z4mhsQk%;q6%-*H{LVcg>G)cw# z=XtiFO7?%}#*+L7#QFC^{V6-Rfu-Llo%#1)l3>)_L3?FKaA_U@?DsUQucM>~D{KjV zt!(wKZr%C};8u8paF~1FxB!NA^$RY_F+V#h?x=aY=zlZ9@UrxR&oD-K$&*Lvg<0r5DMBz+RsBkxs9n zD%+Eh%(^a!rJnUm5`1?zH%%*<$b4`6AWjYZeNp8fp*I!b+`892%8eu0nI)Rw)x zkwKfiKI#R$3>Up)c);-rqW$FB^nyGXb*^t=@~q za~_N(TvM`Nake5-@$3Nop#;O2ChyEmkc4mHO`<$46Am%c08y7vW_w*8<$d~dP)6XoR_ znEfub=8yr6OL>Sf*V!l$$83qZ_=`5QU{4dJrp3;NLpjI76;OIgHzM)_=6?jli4Ick+gB zo6MQ$+MZP z2XQ2JE^yWgC=!1F4`_y!$h*)cBjGXai)}U|j2+w2QEAW#q4PAXjPq1nk5|t>@LsF9Zv`J1 z*Z5`p^R=1DH?QqIM|S_{B>qu!f^l}(1t3oD^l*dC?6%F{Y;eDqCA#^jcr3N)KHlc& zV%((+(pLeuqK zWz{bQbo!XiBdKOX&?y4{DrR?p)?kNKD~`|`Iq&aUCDa(ZFwS=~LWmRpy72rt7SSD`htGSoK-wKC}y8#zGJ-M^3Z)eC28IE9L70N34u8N z!(oMNQl`JAfj{c?gDvBZpzenTNpzQi_~`x{>>OZ~KbtSmHtWM^ILEJk>ooF2?*keN zTpv4pcLs4VZ+NUCX2;1tr~xi^13_&pQ5H2^dEj_W(K1TA}sIn{_P=6P2KckVr_V5%28!*v7ind()8%CeW<4_nUhhG%pe4m{fyS1D6`UL1LZe4kCNfg}1 zqYTgGv8h$5q!z!UfYaY!_`{E2i0 zO&_Jn*5askxS!Yj`@ZpQI`TJfK}Uu6?}(TE)flGYJ+=vt$)b7Nq78%zL4+FcG`;nS!P)+TI_lKHgGb=|bpEX$A zL3$Pqxi1(A%|_HQBtuNW4U-+oF?r@>F`_p)6RHv_5Wsrd8T3_sf9@~o^J!!yaL9u|r6}9FNonxU{%2XE zcB+9Z!h>St>@@_s6~VY4!D$;5g?d|t*<|;M`N|J>9Oy}X^|M>jN#wr!qskx$rCfcIH)HT z5N9EL%8S@hzUMjU@lRCB&savk%e&-P{M(mF%dau=!5-+prgDBU^hG7i{-MtIRm_s( zc;EY)Fb*1cy9;pQ`=jQug0yW@6hYkca~ju>%1vj3kPoRz?xr2p2K}1g^xs4YR)73G zKaA&IN*cM(lOjsyJUGW588=r9#iicSM@t+}0+GpN^(YgOTBj+@lleKxa($~9lL6qB zM&Z%iCzBD**LEYNy7SorU*QdGpUR-cdLzHruOJUsleaVHVc?$~-Xx1BD>4Lh5p9D) z?`1=ErVOweie6M{UCid~IuMLWRvb#=_K8ozWBeuQV@5DrL#Tp zM?xxd0 za5Lzr`8s#-+jFs%Uvbv{8@GNOXQY$^Z=k6V;i36WYL0x1+A3UK9?MCcI0v{q-N^V( zh~62;$qkz2ok-x}YjiDO_z@duwHbAl!1JP6gC4U6+^0FWM;hGHS< zDi?>E&wO;PN+YOyem|=DYu)7z<6vST{o(r*%?ad`vRXnwACnpRJvDR-ArmA1`E5FT z7`BnOq!7?o*SGm@FD+a|s@}5Wl69rQ<$&j<$Y9#-K;xqEdF@;gr6W)I97Lp}1@&>h zy?CE}?!Z54)Vt61q776}TJ#V`o(?ApaHR!Qwq^~Ec|20Fg2{7TCj#O$x9^BbZaU0q zU4mXsCwbpzWDKoL3WaGonb7DR@+yHHXG5$=ht`WjM$32E>U| z8VISPaWx)30X=f0J{o!6?kMA@H8*w3=dr%;zN88|^?fYUxHOq)axzg7AkO>XgMpNC%rCb;06ihu(c_$61NUk^Mf_ob#r;2G(yQPc^V8(AVxL*zDH5R0 zx_jPyjr}KlJzoz~fjFG$pt1HQD#xN1ScklpUqWpQ-CCZB9%=Fok!MN?_aO?4<*b}M zJZWq6>5SLgZhqcI&#i|#OaJE_ler#;ymyA!UcK##ci>Qt1e#7DgFKgJ@hGo4)r0K#4`*F&e$V4oaBeWdI5=o@5NCj4hMkATaAvU^ zkw@`&BehKUfpg`ka%k|VEjEV8@;Z2@N3>I-WtEdTY=|$=k3wcJ3WfWxecin_?iz4PsM;fZ?Rf`yHgDBZrRy0KEbyoF%s=D z6)<^7aFP4;dEqk$1HKEX7~mpxyrh^e9(frS)T~#=hk} z>VqoQKuOUOsAJNq&?68t=YI17ll6@GYnOr7yBv7N9wxwE zj_{=KekYT*(dA$Mr|O_R(_9QbF3uw4Iuy2zG?=x=qdYAEmPEwMru+w0wh}w&sV?X# zdPm3Rw?RCY?@oC$Zz-h{6F2WuESk~?O^-~NJWdHnyTEeU!q1)5VTuh0qYW2;yW>o6Nj*WqO(nB1`G$)-=UCtO?xmYh)slM~prEkxSrKBfi;PtSO`)leqEW z^_4PXk9{F5jxXa>!2oeIOz$Ni42465p>wP$Sy3dZuh1a8C%nSYUlSFP1>#>UD$D)q zmpzZ_^2g2$iGy=oaP#}&@^lJA97*MH2Isx;RWEQe$UX{1!&ylyNb2n~F=E%1U8b@r z1X(7Ex3#qTYoiJ~#RtCGb!R(DkTAnI&OXR{*+^t7Xj<*MJbojh;IVIAWJ<2_D-x^> zPuDBNVe(KJJBU;3VNv<1hDp{)tG}o&bPgOLbqauU4v8RnXx4LagX=$H*F}MU{(FFF zVkgLs$+VWcYehw%^qxB!QTQ{gw5e?aBj(~hL-;ID8$tyyS#9zw3K@8)V;n z`ui7*%c6non{>%*ZGK=9M51?SUuA-KmDoNVC?{XekGhJ|5oVpS&#)9y^}*zE*+ZTi z*j)G@lE03~DT6OVJa@S%8aeC5ZNnA2aN4n*K=%O~>=w$rRY%7z?0~$Do%7FooY)V4 z55YLDhkTGc>-*c%uJYp6X&6B7-SMNicXE=%dWf?j%1c-qokj^7Y#Hj?*QFeA&+c|i z3zcJpi-uiapM`PUA3cOPDA{2Y)$cl4?}1)uiRaq%-$&>7(@UdKi|x&DK1RLD1j&}q zP}6Os?w}0}S7|;Y8_`d1YG#9Re6^AOF|%)p6XbI)Z;Qc;4}yzV^Y_ol17$iH-SD^+ z;)|BQn*c8Z+cziWC+isERVe05%vxUYi}A2{lT47R4kXWDjkl7X29Cih=(Ha{@Wlje zSK{sCtOQP>S^7KD1!}n9++cMuHwz<}^zwF{!53kbZ6zRsI!piCU%{LIzq7Q@ACc_= zUNiAra2}4K_Iwch#8fbZs`1$>FlW+?`Pwb^4j1y~P z3CR;(O3Mv+U1xbIsv}5EsHRKXI&%Y7 zKN2Ou;)61A>PWjXYCGBNU7!nDH}Gp&as@w0csLs1yj3r6O5JjRgBbJz)`A?}g^V7t zLyW~PPU=sR+eP`z691D&w#ab=lE>KbfchcFhygwD^K09LkqnWr2^~|W&-rFcKKfa@ zU<0CA@n~fuh&7gHX7{fDyb68(6Z;y}k^VpPqogR832_RxTgP1oKUS2Uf?m1DUakEv zhMfENn@SOu4_Pj}AApxE$XT?ato*n!R+Ra};<-wn@5w-%p%c1Z`ufn3 zVm4p_9Q&I5)RU7K=&@m-X1hnB;4x?o;>#1oULk9I+F`*#Wm__XD>vH&p|}Gv5wiYT zRM7%?{&Xy~i1kNUvxU2Y6Dz>b?O6DV#Nf>rmWdXn1fo_l4e%}?A~s3BuP}K^C4{VH z>hqFe^pYuzQ)7h8(<>kDum4T6LT&B}@|p@UU*dXa=N z1!bKtpHxh^w}Zt*2!X$s?~B-`tEu2aEEp&{8xH1Z4@uM$K=#gmo-80b%A)373if&XpH*QQN|+EqF>*#j+)8{ z#v#L;gE+^HwPU`4-Ib3#!OL{3RC9*EACjqiyeVKZVzJ^n;sJe8IbusFf*w$DNyv%b z|JCpzf(DxevJ3vnLx%Sg;&e;uKX!L3E*sAQm;V^wJP#`r&KkcUdlVBzT}xsDDnS?c(8p{3AB(H0#}0 zp6tu2z*`aIp>I4!U_Y>@)SM-|LQ~hLXbI=s8-_SBLSjW9>hmt91~|u~7UBfZ_ZI~F4GP_71K)kg zfq;xy14ZCSzJ5t(e%?lo6X^3QGIvw6Bgl%jtTC&d`>yb1(G(#4`QQB9zz~5r-haq= zI`FrLm@$AyZE{<4>t?#IocQ&*@_ILp=DQ?^;8qj5pLuCx*FydEtlUiF3HdkXu_zda z!e0^M@Zg}uJ+bg`)WHK8D5qZc@fuweQ7Jf_RDuIG+E^2qz-{#OuEh&AuSPqres#$y z?AGk5x7~0~ASJ}9d$|<47@~|trw8=aXSnUL&)9Gjm{~Q64F}}Yf8vva{LI!5;sjXE zpQ1?A4twlh>P)k|g7lw%`0+`8kS6X;x*Bpt zz5?se@T$K}w0pi*Yq2>i0Y7I*@-M47oU^kJ$uo=p(;%*irRD|5zzy*d@^5x`aHyK^ z$@N%PVh9;Z>;`cM*k;!Ot)~|QabR5KNm-a&?hmgXm{2}l|>PRrf z9n{@Xys1T+t&xVWM0%GVCJ(JDGX9QVuG>VaAbrAL0wN5wM622@w|UYeRV_+?xt?Y{ zPapv=bohKVRp+hE`k5DO-S|2U@AgkFNRRrre(3icA$d*{A0#Jh2pm7XL=>)|yg;L5 zDjP-_{lT7;qHei5VWSIXzsjlpE!Nz7wXIA_`O#~imS@)pU>t@#q~1bNIF|4TqqOl& z49HmQyj&OWQ%cv{!z!U*eV+ zWiW=V>6#DmQbmK4?>KaTE2qiOv+qfFyMrwKcrPz0&{xM8UOZ9r>4-)xTD$tpqV;2{ z7t){qaafj+dS=1Iy>W3dOJ*M>a07F{!gnoXlbJal&hVO7jZd-%+DzU}`CHY9jXtiS z&6bk$zB^CwdAhk^91ia=Xnu&XEb@qyDhxgSft~XDuN2Y7$)D}r5(EP#^@Wa52q%al z$fl!I*tlSN;dAmxKM;KSQI{LagZ(EDr!F!NwuSG7;%Ym3?+oDR8-Li7xN_!u!uwf^ zF00^9Mm@OXo@101mv$x5?MIDS4~g^9VRk4*)xkNJ7mz#;k6(r#jkFD4H~>9CC7$7{ z_7~!Yqdx+MvDn;VE58E~1v(5ZuEwqwYAD+=Xkr%aVP)|z7GWHjQ7(vsL%_zi67oHa zav0>vNZ(MM4a+)CjB?J-L_km$K>mYMJ;WIYj^w&${yWCiQz1ngcGU(`d! ztp-VJ5|v9)`cr|1@`RdORVKgTv?blrg8J%ADeq_oyknF#_-xjju`n^fI-FnRD+yk% za-`e;_wpAXw@Q5V zM>kqaurcvvCV#9mL3-VP=2@aIAGr=C%DVR5K8V!SBEU`6!rj{SMOW=ra*yX4>kJr=@HL@w^(eTk|K>jx`$?0ynm`W+jJ%fjwKiMP&3zr?S=J4Vz;pYM>K zfJ_!4&KeZu+kB?%0cu4b`zzc-IMRTBm4xek&BsCECe-KM5%y$ER}0o(l#>ovJ%3Kz>U$cf>sLO`dKtcc)oGy17T6KmBb5=RCuW3}=sAqZodfT{2@-Gu-;> z6&Pp9Ef?Z^XId7gULe?b9|k-$0a(G;HwWJ$tlWE2!$KeLgy9MTuh8B4Yq#$ce)+bS z|6Avr)QK@9FBisH4K0E=bng1$f{zT^qYXj*MPxOzvj^{-mY%Sj^>*;n&m7jF!2Wuw z;@EzAnkYm{$Zb99g+6o659#y&=6Sm$9^!2O$o!mHu=#54C&(bET{&lTO!~p+ZQ=Ol zEVgXQK4=l-rHEr?MMg`}AO6W~53rH;ZpPQR0ppyUAoIRxZ@gWzbG&i*vk1J<@k+FR z|96nZU6e3kCfAuRtjfOU8M}p`mTA_;kTfE# z@2vm3GWB~f&MFQ)#OaN4*D2VZMmGuu8s!+TEu#I1iaz>_nEB{!#-EzhK#TQWqp_7Z zpwdF=yDI7$bK1(d#_y^88rN?ip{}(obIp z+QV?Amd1OlR&KR0$Ra@^O z3Xd-RMx)4X?a+$_AG!@RD>`tmwSbrM(mp7s2Y%{kDB?n0mNy%coFrC-b4ngTob2Ib z&zl1qcOw-Ld8C8umVDQLtD#1BJd`LL=tc1zQ@#>WC;T%&b+QzKtiNc`W{7H$S<#J2z(!XfweU=G8U%QEkiz z^l~aH%3>CjOfZhm3wDSj#vQe+<+z(}1bW8bm+sV})z@k?M_{S3Fx#UjQp|(i&PFNO zDfXih$AfkG4{e28tkjPM?O~j_`!*2gE)Ly3aX{ zpGDz-YA&hIxa>d8xEKuw;`CBJF;9)n%fUD`w~^VSqO<`#q=eALiOEJuMVZ#LskfVII{6`5Q;P#)kqJF=>Nzs=Fa;GZ%v*ke>OU z?F3~A~<)&leMB6(hd4bB+;Z-%K4e&h>TF6 z6|93~GZ1a`$7xI8zaJ}5rN$A#O#tT8qv6W@Zms&>ta85bW{_0l#u!)}6>U#t{ z`r#iDn4iWrDbUAfrF+AQ^jQX_gMpSm=n!L2C#jDJOw_#dQQUXE+XDm6=}LgcWq{#H zt!yBAu|)(dB+M0jhN9!2RK&r?;R4UdYqQjpK$gI(gzCvLez|LrHCb;)ct(RGYz^U@ zZf%I8-5J($F<+L{0`%|}{$%>?7^$KQ^sFzxc{&(Sqo06%At!((z%t8r)@w5qFCd7) zM9_9i2hQm!fH=MMxasuhLCi_e`OFlUQnk0->1I8h{{Ueo3-46ClF!OkW%o5$~NbHlA=x5zhA zU_9sh8V#~_Z$9SQIn0-32yGTqzDxTsRCfZ(+xai&A{F9H2JN0`=^vBWiy{ht%>13{ z9X|O>rmmh`p%NY7L&(q#{5FquHX1dhHEr8)LcIBx5XpN5g?W$P&2nr9gA^p)Nxq#_FJi@1EG%l0)1^U0p*PkyhPCjUzc z=P)4kgk|OVd)gOw^b|%w{Is_Dh{y_ogFz}iI2=H))y3!mqO*o{!L&UB8e^Ub({l|h z51a5UBa7jj&SOZPWz6p0*%KekIgnYSHg;|9P)GOSb!I86E*aF6pb}f4M;WZtUO8rQ z8C7Ml@h6#A5?fV=O2Rmb{%A;!UyV~*Pi{~u$nYYPb?PJ?oM<-t`c*a9G|gH_?0y5# z!;@diiyCc778}m~sJb&`6q`Tk0^=wZ$3PsD;UGt{n39Z23=sJbW9*HrxsjhiqbBmq zO~u{+bj%5O-~3Y17UFYbg1!;sNvRi!N4P$K^q+s<{b9)j#Cad;_ndGA90=l^mRknuRw>`rga z*>YjaDnuUj@7za8V`H^um~nS9Y=_jpJkh7H;rlLh=I7Z(`Q}A#D985G`XM`@P!lyYUQX} z&sSN2ah~iW_1@oyTLfHBb@vOY!522~(yEL&-m1K0R@6-#mUXMtd=B)w8I~v^!}M>_ zR>b~19>!-(CV&6JI8jfL{-4Y!%D#+)@AQ2MAoIFPMGl|v`L1Ch%D1L=BktJQR^X)) zjylK4O}i}knmMvJqASSlj&=77jFVjL42_FNtjX8>631C!;Q9Mfz#kcxm@oXN+j2g)xy`FZavds4C?HI;+6lt*X9KB{yOhwS7st- z$|wda<@wFOSI zUu8!wtXMZ*e#rzc<&6|fp!M6d2OYDUx+vomOv%?D1OKyhZD!WfHlevWe3t!aY_()& zYe^OuXV;Gh8W&mXzGQzPuXP?D$UwQm(q=V47zB5&uv1G-WIcRd3i3ROWX9~QXUNgb zNR52(jO7bP=#ruM*S~QcI(&sVmP|~SgO~(oXT89KWkVTKF;sMtkz5$9XYClg-aPLL zb_-2S{D}otIg1%XR{pI$7z`N|#)C++J4O8C|{ss&Q2*Wspcair_1MjEn z8Jv^L32(ssNM66B4@sEo+4WDPP*C=wcJ>SdQE-*jXiCbrGq*oVKQ6^q-^?)J`T^q* zkt{&+tVPhz1i0QEy+{O}FdqK&mI#uY2$>%hhp!*}2|W6X06n_%zrH41sWMTiB5w?~ zy4S{_k^+0lOPoj?8L!--%a&yH9{KZp1!S_^$#0og#mv7)Q#AD3etVx!;BP-TwTrD6 z5${OceZEML8VqUI1U@v>hsz^R0?FgUv-hJ(MuF_+N26!e3EP>TxhpDi!=}zj`$0I*;$;(5NUr=Ue1cFca=zTf%WseRoDH8F*==I zb$INXz|#D1VW)Jk4m;?4v_GsSx9s~nnS2wfaxwR~2A8L37m{bNXK;uvfnsKc3cMLe zx#6L!83ovrn0n1^o(-fqpnkd$p(Ekj2P6gL!5-m$7k|hz{thboAUAvsiwXcKIqF z_t$<}eOH3%KjOrxNPoDlBmcecSl-(ai(sXUv$GDlRFOYIn{j zXzpM&_>gy;HxSKCxUu~133ojSi7F$8bC%JeaXs<65ns5U#hwa0j=z)Q*zkT}1VAz?<2D^=%B!DhH>o0th$Kj!MQ zPxPOS9tdW*)mbPdebVvx1*&n3x#IOaf9x;loW&%6SMatwGKcAz;-m-{NS?OP(dnLz z+qWzq1JCXWCe6~sFWb;&Z0yF`d0$H95TGCW-w5F(erNc0jya?9B4u|l5#xm~Ode9I z1Bess$%3$|klgoXf-gM zoos;e)&H#@QbwfxrBU^(+OsP-Qy6&kXVwC;-t#Hc=_WJ=5bSJEpSojw0N#@@tS+Bc zYct~)%jv=kBlc^rd0_UkIH@C2k81Q>$82v3WupTbXLWkZ0!Pm|dCpI)${k`V=Yhd$?1>CaLG#q*3%7tW7S08X*`11zn{G5i#LuP}_Z#iW6gTowt z>v1#4%-T#14K%`g-ZQ=N1lw7r5C8q{171+oY@Wu;MacIy>*FIUj%9Znp3kgMy~DqG zCUaDW#?_%y8uSjOU(6U-ev+u9yNCd#io6ykvwG6-_P|(YuGMZKPT zln3GvXH)FbDHwT2F#A-TtQEO_(k*X0Fp24Hs0jm)?15MB+oIw*iX-s>a(D3ykHf40 zMBxXvLNSx6?FKZ%N90yKRm{_;2OHsJxQH76%zfp=Of`Maz|Tb-1Kx7hq3j6*>n z0daICnUC0hJpY&uI)6yWUdTQ%4~`laA0)Pki~XYS`GpGVdUL~dGp?0OvEtTA#OBSa zJ<{$%I7eX&;!t@6%5tr?%?1F^L3_xj-42hl34Z5!$c zYziqUP0}*IxDLe&{;eNM`dNrWx2LukUTyQl>kl{&wK_HMXQlss7d;bSq<@++IaWdp z^j^~r-@5k5%2C&QF<3Z__=w-RJcTTH)u{IIDv;x<-ln4Jy{FwGm)*& zC3JZbUK*foD^-x5Ab*4z^OcdchV$EOY;I47eV9B{+emwPH+cD0oa?7j4sgyh6|7#q z6EV_Q{47VuKO7yD*|F{f>f@+JtRGIP6)Kq9Y(_25xrasSLixu3#zifLJP(DtC%oUp zUBhE8K;(<1Cv07gReRaoR&B2vWD0tKpw0sQ$2NtcJZUQV(W8IP|I}P?>of_fgmcu9 z_TU&w&H!ixzCCV=DBKoAWYb#|eq^S57|r8Vz_ZD}+I=ixhs!KwegbI@>zNi(61thW~GEriwm2<<%D_ z3d=56&Cj|vp*phvj>{hbac~y2>WU{~1?cR+Jl{nCw?nU1LE8rmLR9K^-1rQ0RBVTRau^g z?0(n%Oy!&r#kL;>R6t%O)va|;3fTb7Ey?#ub(LZlm-tdJ{aKu54tX!9cBXk*q%j-& zf=t6!)k0NnHv5uig0v@((wJ|RWI2JCXJs!$KEBnk{WxiVpw|uKL>;8ReLH8MKUfuVLj!k@ zUJu5(-BApUE2*u8pmgG$lZzk72XL0$ek@=Ah*ExjEr^=>_cVL*1<=D?Y9^KbN{yaL)Wx8PF4}7@D!})m7m9{##P{b4Bb)9)Z>TDz9)*M-GQc@*Pa#g)bEZ8^88=Ny;191>Rs8kPQg`;4nMdI1 z(|(sz{f4`s%L7*!;dk~%i^prMSRqakvom;)Y~Y+aQiv0WYOUX#U=nl%G;T2_eXeN6 z<$!gWToNVXSDqCrC+!2p2EStDc~+ZR@R>?1^l%1xm!)qu?lYv z$#ot^nBMpyl$rZ~I7t5n&gxxOA}hMNAyA=}ZAn(^f4$=Gg(%u(z{EsM%TX%u-qx6Q zYTXN+yw`IWPs1v^Hld}5jDP);hl7zBlILEQn89SM&SwvPpw}s#9V}{J3*q&Ry1t$N zqniyg!5?VV5#RcRWG4Ou$cCbN4Jy6eX?gz}CJ%=@(mz&)u{pJ*svaF;30|xY##GC2 zA9kWTdCe3ankb!%EepDUy{E_({OhxypOK_V5;C}{VDbCzDvZOGi;Q=>8h~MHHmT9Tc7DV2DYFkafPdnL1>KYvTJbNr6*m~y$6@R3Y zER1s>O9|qbay{nmDfna{QVL$E-#nf_%9yzm%{;i=dJ*cesL=*q3cmG=9$m*j@@SPl zh5j1%hzd~(FI?}vpNF)&F)(tEGSVI$8iRT(S$^l>yZ1fGQHxdbGKl8#2{D?tfS)8d zfC-(sr08c^?UMuJ>*T@AU#=11$w};x+R@O9f-E zg8aP%M_|9(#Pc<9WGl%OeqI)3?f1Yq!rsXEX=lekx@&BzZjUth z?m;u+qaK$L$wot!FNMp-Bd@!bf@s!!bbqpIUO?l;9^%*f?Y7C=UnpQ4*#}6!amNtp z$6TB741C~8MK5LEJsCRgRyq z7O`eHeyT&rH8dDUj#32TjNp^!vYraW_Rb;-dk^fa@>B8^{uJkqcQ^W>;IeyF04eeP z&d(E36KIY?Nrh(v=K}*g_+cFRw8s#K8`J7+#c;jR3dF5q*Vi>xzCSlpiNd^{o|ATN z#nhn*)-&BrOLc}KY+kQdN9wjw%*NQ2BQTET|L+%PZSCr}5T@(9o&oyFj48LoY{her ze;|9B!htW#Q%+G2qSxNSYxnwEE6z2X9V0$SBnb(pLiL0H=Eu@j2$BacL)rQfzT=Kp z2k?BKNOj!)T6A;5;{jhd1!}BFwe(lug`qI&Sx^gAA^AZi2YNnAH!+*N8Vnpjk9vuIM9d6W4EwKyNPd$hV%49jb!q`AP;VT zJ<;ETr{`8tmwf8VI?Z}-T$3OW6gHhW;dD;{1? zEXgf6%zh$4g(aJ^{ZZAB1jZ?-L*{w*OuTIvSHa8MB}5dCXUQjL-*tN2J9%wKx(1!l zgVihz=<_;WgjGIMVtZ2W_eiJlN<2Al;KMkDOh|jj)Ndq$%O~l89auI;MK8j)OSl>p z?#})-c(zXJJ4^_?+e?PWbT|X{RAPd*6!8Osehq|bTrf^M5mFy}7LcBK@ZgFS^ChUv z%VjXb)=sUaa~XYj%#p_?eGkf4ulp9n@#W3#xSNn2c2bZdeQ}$d7K}62i1b5hn2b9! zq6uHsfzDn;kKQoeQjR~0DXUoAM9@^DRhWV3NZ?zE-p0*T8JRzuk%JQzXbCLig8$=4 z2=u5x^Sn(k&|86V`~EdhH{nMw)tZ{l*>&OejNcNcyTJ9m$ZHU-!E~=lLGih^s%(EcQn?C`{j^vts^k=>fdbwXfLU z&Jzyh_HtB;j$Jd`^9tpE0Oy?Dg5;UnBJGQzS`8JR0vd_~iAfLP)pqxJ_D$T;nkRAo z_VvIE>=c(4UGST&fkK2cxJUms86h3a|12S-gp3bnIz%g9C($j?1m}i};v{FP(uJmg3BpOZcJF}e*om|ZC$jMfK@OZe_r zbJ7%nOv@n94@6*mY{@UYyobD+XN{eznb$ju1)R@MCkTnV9PKeK5w^Z~_5;3Up|E(0 zgfRF2x4Ua%^XmNCgy_UUe=t02cU>H2G zURgtWfbkhNE>W^bNS+4rr^^L}G=U%ww(yu>fJz~kDD^<5fcp(Ge`R-UQbgh6d|jPzOp~A@ z?i($|in11ir-om_x!RUCuvcMVBmb^7DAMHB*S|qiu=_$n@^ldz*Bxxf@#*a1mKV8T z<$CCaJ;+`~+#|`7jAK>`XQatp0RDNSp7Qx(IYBRRxspask-?cYE_s+dTGB{;wG^8} zuv^(BKP3a)Fevd1@3B+pL&;*_gQu#o*5rplwt>%G4CUPJZ24D(YlbAE4hP=vx#8w?)Zd9=mlpm90v5Vc1#`@CpD1${V4IE)!pOZRLrvPbC|2!hC%=s`AWL8HFX z;*W?TP2z(z#Bokh+~GWwU-zH;Lc&%-0XaW~n)rDBdO#Gz5!_!OYeQv5RI zuX(z9tdtk^>Cf*~V6UTG165CN5-LADTIYZ5Y!&M=_eh_upl}!_k53N~#2H)p@*Erc z9SarcEXY4~Lv`9`vq7-&C8}o9o0~*o3@6~0ol;WjcVk5#^45K5mG=AYgfyEijFVA< z^tYgPO0`I@8`0b|1S>9c;$yQkR<_EopEOJx>P9=ug&g!v z3FSl`#;FiN>Mb9m!Vp_Gl@q0xfk!P-5>>K1#O{m2M(Tu(WRC(~&JWQ4&~x&8pAU6E zMh8p(-LAkKzCH(680Xb%254N$4J9SIlvIxQK>ac^>&UGx&C=20@}ed=eO6VqKh2GFMgt>xIH0RnWt@fP&j1st&usvFCR_4UE$gi}WAL4mbBxTee~1C?E=xN^+CP zbI%FBF%dU(y;_m2+QxGC5!Nm|uxl<0)&|`fyG>J|s_(1#XhZYK!&E zM-Z2x@Fj58(e+?M{o(qp=m+gV+lDsaJbdkLq>oLP9o0B$e1~u4Lga5FjMHIW331|+ zd4rNLf{7P&LFaN2gzqPWMW)C5$r8=(U&LQl_Q5@vE|O&8b!Kw>fbd$c^~GoR@8}hK zaE|{b#EDI|@udi66+r|0!pN4pfbHB7je*6S@80i;8U0naUtqsSR^#Vxm0sx7wVAq$ zag_QUBVh3+iH;Ox{tvysOS4Worjo-i5NW4d9TRykqMEoQM@)^8uEM-6(g3tHjRfz0 zZ^~Nctkx$&XEsk4jSVs3@?^Y#HX##$_%yxa|fb9MRDtLhSErQ zGdlW1vA4b%sDGERBH*-Z?LXBiTx>4-wrJZIa`y?0(-xnojaHTmdkQ$KB=L^klh`!CIljm|hpDgoRXwDl z?3A8BQ(o^0A=k>lloI9d)?Iu??fZ8E#JfuwJKkxOr;d2l9!J(a5jZnf;Mjt3dc*EQ z^8Di{gGvI!o!8g%zHx~vdC-zZH~adk-mEVJ)h|Se321+~HxiQGCn_XRcQs9W!t_Il zzKl_bgVN~EyE>Jhy#*pCX^+nK8&Z!BKTfpmOc5?{&ThQ~er)&D0b#`g*U7L_%eLwL zD+P`d1kA54(J%55;{14{{N=GUnhmNe(0?o>8w6(@V-1JoVm%7!`rJ*cK|iAV<+c@e z3at_aw6=>&>f3KJyQ>oC{exOoFSLP zdk1~o#7+m~l=ZT=>&5<}-s`@Ii+9o6ZQxh}so3A16>&-%q~$+87}{7*Whi@!l2X3G z`K5~eg45H7aYqC>jdfB8+6U<~Jb7XxrMBb(IoS_1d6lvUu|ai2(v)=81nM=%{;0B} z!!hJD`_XUWheCbs1ur-a>P1muv^Fvf_#l57=A2y`4SntjL7PUC!XV_n?k@%Cd;#3I zXg}8?@{fB}!2y~=H;oSMGH>|wO~3XdN`g=7)0TR!jIjs#mBvsQGuOota`wNX9G%u{ zF*;H~r$BY2>{Jm9edgg$>>&wdW5Spu3*Y3eg!;SmUijc73(`ARQzT@`f)u5^=OE4d zd2|*=@KdaUn`7Bw2T)e5e}mMh3}t-1tew}wbxPQ06u;(8{8?zAsP_fOG56U3|K<j^b|t!qsW9XV4^-S%i4a_cU(Sxu`TV3YCP@>vxI6eP*uITq85$yRbB}lWhz@{OL^*e z+?#lv&`{#97o4gKb9iL0Xkb1_AC`^fSGt}DiPKGnA0s$<$ z6{{5-y>CUlR?0nlswBjKv{pKTr(KvnhKn$vI}gar02k6N`G8_tMx@!$BlLVqorU-(1~udYmX z6v`ul{1iud=TS|&;jMhpRC;5MKTTCgo2Q_e2=~ zZMN|@u9USK)8_66f+Lpbf5UmTvr?WK&IO_lI3g&L%Ktf#cf#MrM}3MHhs~Wg{8RYz z8OXojY;t6QqM$xmHw6UIY%bIE4`OpQfR z5%t4)P2$KLQ2HRhpl)s?a}%S#P5^aRFYx*gKW_A!{Dm+XsMZLC6Z~t=ZQa zvO$loUyMYBbGGBGe)mTDLp~FOR@-ovnh*8y0Xm2^-df|rXdP?<>~HEWMBcGxzTouF zHPI_LN?qK-wb>Y1SZ^mNV9wZY$*%LjuOo0S`Jtc3Z^ zekwwS{PP6|oWdbkjtqU8ZU+<(ch(0-`TM?Y3W}I@trLT3rI8;NkV!y*&(csX_d|XF z$H1K@!=HKiZT?Gy4E1$CwG}+`4C5H^F$4ASFvD71=9rrnD%G8uTpww;NMT6^g2sJh zOm4Hzc)iMRu0kI(GDTv?=8gX@LPmc1!iRyd6iC=^8k_cVQ^5xFD9Zc<83hB=e0Rrp zLg-ZOF3`Tbl-Xu*h?;xv)+M>!#}-yB>@)8=C_pfBLbJJ1t|k>nfylRwsSyue4- z@a4Qron||QIJ~8Y+|{ ziT7%7q>wQR_O5`ORqTgH91i=5z0`|S*01S;>AZ~|Hg3d*zgEm^5bPKfTEl;-{1dEO4UAf!LAf^>Y;A-Kz~y|FCunc{({3G zDR@oj9L#o22a1TK(J=$<0#o-xpw`PSkXbJg&)h-&GHtB{PuF71>PW=BU~fzxtLOBa zyt#<1G{XxHhpfRTjLj1HsCz)pSbLYy-k9g@d%}cc^ZIHi6xKk{xqyne$_&pw7i(4N za`zu1ZHhmUKV6omC9Ay93JZu!j5i(*&!%RLW zsM7`pY*2;*miQvWv6=Vny+TMe)f8w}0S%L!oSoIDFKR5CTcn(u;GjanKECq7h6Lj$ zJQRY2hlT@(0LKIe1IGdbf?@l=5ZsodX{1}V1=e4H4v2ggO$ca5A@k=Kfz+9&V4JID zwE?w1(p=xyr@4ptC=RwFV-}V^DOJ=RrvEL1OB;UJmbIJ zvFBvyV!>eVWX@>rVE)hjdJGmWwy#;sl8T0#N_i2Tf=bXjdi^0mfCqx@eWNzAVsD8; z?(D-k=oPE)@&DF1($G*q$RWW!EazV@j)q0QKI@;mxEuZ#@8bUEIntw5YhVT64QgV? z_T_#Ik49$|P@A!qa>b%i;DvfBcr>!JA*A~BuqiSEUg(_?JVCLS(@6Inwi>|FqoJ!ezLW7 zb@5_!wlueU|IaABXJKMueb2=CU!(OWB>SzrsDDZTsa5c#a9Z~0 zgaFDJ{4lR=HDkQ2>P}-&?X3=~kMW`M4+kWJL81ss20i_v#@mE2+1>=rEp+f_ahuS- z)=*q9*!=VuR_e5zsZA_P3W5!oC0&^5;T%C-7cyi5!t=g_DBrtJ+jOH8iAj6Z9WBK; zdA?u>J(G$@xvI4#jJf?Ib;zr*_RY@82(k)xqQ3T?O&wO36l-7Y_m_T5)I0PWYd#JFK)!zQA z@HO5D0;7ThnBq>shnAXIZPqe^S_vaRzbUVPQ%arkZPRh*X1?g}aAy}2QY17kkuXw> zPEK9-n{1pK^Vsaw0iHnw97lT{9Nq)x#kR_7skQU0%*X3SRTH&qR;SL!-AdIut&j}E zx8n^31gF$|V`jAr$S|<~;ZrT@gpx7D*(!(qpE{Ze9(m=cUThKP!q$rHv^t+AiQ%2-50)t#=G$ zsextM$lXvBZu9%B5T!LD#}JU3ta93iqK&4<9V|adhCj<1-)}4fY~5qyk_f~sQmX!q zJ(YDelhCCgJwf1zzbUvMwa)2aH*lM^&Rv!_jIKzqK!>kZ= zg%jN%$KiV2t)(^EJd-Y5&oWDUf@cjmVGvQfM2J>SkU7VQ0VDHx*e}xg(bE_X31y+h{8TnUJ$4q49nLsq@6V}M>K;B*~6P)*uFo6<~{p|d1v#;#_ z8Ci4|^cQxu)(O0}5p9lHGZ29A0xyF1#rUFErJQ0IUMb;&lmtaPRf=Za`i7d=3GL6l zN&ASVKJe&&ec1FTb&77WhNDCjk( zt=cFZyK!;|()Sh_bUWUF^wc;nVk2UH-G?{qY>eK$u*0v8Y^P0Np@8s#03==0crt=X zR({T!PiNbkj_(ikDlJ5b|TT5HX%L1vzz~!p7F4gA)dyH5|ZWbD_Ab0>kW;ta^+7 z^MjuSOTD3Y_&9!LOb|UG@pS&1osdTl)(g9`XXsjqbJF*bQs9qRbm*?ba-`aM0kTb$ z0r#UC5&`e#{!%7nrTmYDRT}xg%j!0qHr8DzqY@RY(XfmUc^BgQg9=H&9yW%CuT7_U7>N|D{>PZxFR)9 zfTG&Zvg2Y#;OcFA!>(JP>4jZWNa{Pep6$nJ(7gK`s&#?=o*e;K*pBego!RUsh7FUl zjQTUjrYBGFY;KXF`9cGT8yaN-rZx7(AEYxH|30)HcO_WOe1_q(S}wk{_yESa(q zh)FRkpNWDdW zI-s}zyS`mo!p6Ei=Wws#QirdTEb>-_ylk=d{P+vkm+tMf3d72R8cshS8aojdM zPDGuG@$S63OGDdIq+U9Wu>8TrMnzPgJMUo!WkDwKxd&Tqflb`#K8gY#rWu_1k1Yik zRj|5Yvqi1gt%kga1p?xJ3@^ypxUZ*x<}ly0(S}N<6!};x|M1U!FlI6hj zTd)xga{un0s+z#T5$jHkM({jOR4iMUbPU3c+xh)NT`&=U)t#g*DYv~SZKTAF*_Y3~ zM9*5)(6X=>yxI8Me;PZN57goezJ~*WuOg@uB!aMlgFj>V13*7`0OJ>VW9Z`QWcuFD z-o?~e$idXk+||+!B!J$%(MkXQE8{04BSvF;I~PM^7eHNEU%y!*83PGdYof?0&?ze6nhU?QXsrIOZt;rW?TALnV4zOPg7_cvCBG><$Iaj1 z{>@q=;TzA&2nS-m=$o&qi0X*!EMo@hKp?O-7y8-4ToSH;&-GT8F*~dTJJ!m}PiwP8 zd92Q$Qb;FVeJwA5PO_Wm_jtjdjN`!0g)J6J9|%diIB0Q-PI2qITjoY;y&}1*yJ`sE zo;KJidOHn9ol2DY`#_|lFsD>Se6xs0QiksNt&9v;(_Wc&?myrjM=moctldKlGPGbj ziBNu_X9zZMaW&-vJf$NAV*InotFbC)QWQk^ek6azDp>QQ3H!v48xCEM^j1~~U}(AG z)Y)A`iDCkwKbRw2@{fgt(mhxCB#~t80z<4-bP$8Ok#N&R2k=?Xs)||BbhRb*Z=gH- zbn*k+A?=?|f!b(wvRD!1(!ygl5a3SEmRaoKK!X4Lumw@2iCzp0yL$^4;Uq7fY7YG* zIMWEODms2JhmBGbTC-rw7w$h^wuG0$+5cH6+D`17+5s6usNQrQ#B|VOeJ)fIcnQJ+ z>x!_GnK8E?s|tai7Ys29AOROfC8(ooCt*I_GU3s*F^@YNf0_-3C{Wex0GHoWgEvXP z&Hm7TN50+*-aqj#&lmM4(VCGMO$$CTVm>SclE1i1WtjnnFm+u|lr^x6PDpuWt{z`h zY!ZmR5z(Zsi{=VN4I`@c@1vq{2~!Y1QwR%|(*x3!*ZHeO!t7v1w|BUPTu{E&4;Cv6 zLrL{bd=3=n`k6v(8qZ_`x&Zk>2)TX(isl3+fjJd>nzN6;*RtOZZ>Wz6s z$opnq%+u*FnS%iUbGu}L0fd3qlllX!hfPz-Srq!_qQva?Tg^HUCz3c*;FxdMN`jT7 z@^pJ{oc|oO%0>`u#1J89K;zGb*s~K0j&)99pRQ`*9-RtmMXj#DwBw6K8g8;GaRg$3}!oqn+y#d`9^_k zC7lZ6KJ{}}7SvWb{(t~Xqmy-xoxaV2i5B=LezGS_nXLF3r)Q^Bs#bsF$x+ekG8`(X zbV_!*+4(uLzbbJ3!>2FiLHkDr3+?3RznCX`^^T`B^K77F82X820P21sPjw=iUHD_z z;1v|uPhJ%S-U0F^zF$#gB0m6DI5}3hK2V%Xhl-+bmHGAB;BunGMYPtQoK8UwMA5g5 z&hgk>pCZQ_Bac;?!>^!lQl&8T!=k9*a+5w{>*aGH;gv=2(%$4uI`goti&Hr1+glC! z^z_J6R;tl|K-o~CqL$IRD!oc4=+rqVJe_j0Eq%t(*3cKqd>MH#lii+TQ~bOli%Ups#aL17{Z z!R{TBxk5jS0a)C3cxFnHZ&|*vIb5KPFWO#zdLVIK-ZG^1o_eISwyc}l)kbksH8u2U zm>yzuKe7hLl`7zH zS-GFaCGsL;7r4NZp@BnQ!1q&>b@Wr~nJ)1b{_FNR-x+qk!xXEpmN&&uA;ROeU&jfj z5lKq<0Z!26bGpffI_zHiHprz3X3p@6DaF1gAq427L@c7wqVUoZgo%r&2IZ|1WY)FO zSSn_glbhwV;MJ=alD{o2LA@EpPq z$62N+SxP zWZp4J#PL-#CycF9a#{vE^?gk|%BWJ)U%_AzU*}%k-h3gFZuq6W{letp za_+VTL7{YI;d%3pJZIkuY!XPz{D#o_Y&kSM$qUv3s}W-vB@_=%v;RB>f(^?pU9!y5 zpQo%J<5Vb|7sl6Pv9aMM`vHlc~Y24 z8CyJE$e;Y-rU#g}b!BcKBl7PMi zR(Ym$AVsd&JLCI(ak|N6l8}cE%~6yffvUJ z-gLuRa*^nuC~!|E?9&p?dcYP6fxlqoLyO zb<>KTWYDtD@A3#A7ZuA*XNz)YsD2MAS3EdQn-Eu`_5nsNCXK{=${rk}6?IZC-KRFV z<1aRrvS?RtHG~fk$fT&yJvWk{l+jkPW<2*Fa|8ZLmR}?j9@E#0c*ybM4)1VkWIj|7 znCwu%TYK*cJ#c#QAhhvNrDhTioPD+OKl;-3|8sqbn`Z$V#`TzV;0FDOmmhsH!hKT= zWg$S$RqIDATPXV5&?+sA9UAV6cP;d>l8|PQn$$#0_-jW+QUp{LQ+&CXuo^OEMMl$d^1}*n&1Q`)c2uwYk_6hTS&(HqaF+AFsI6&65m)o~M%Snx z24o0R5K_i+D`(0AZDxF3@UG2}&bzMN!?4`+Sud`#We)J-x#V{;ksW|puF|Qxa3R_|pe<((%!45(xpDG!p~yU#!J+&-W|U9{%J)H0Bqb zzik{78OLeUgWi)(4Ed?JCXDPbW&}327%gue8({rI+F(*hS*8c?kl2w!sDBh%XQopL z^~J8YIrmNI#CZI{rW^<#GaF^^G^7l}`DdHeU zoFuRCQ!j5qHy&l8Q#@YE`(SU2FpGfYMF>-E15|q2+U~{h<3><-cE)Q?Q2=|ko1Yzq z6G`iWL`H(ls~JV%8o^_`^fXa9&srhC%=n&#d@30dkPQ7r5Sq{j(mKz13C|_EK8GGZ z$&tzvmvRvO1Yz9=vf#hbn_hUw0Q^~%^lhUVhO9oGPR&mZO=Fn1bR=`o8(Yc!jMpro zpI6^0v+PKHd_M{P+cux~gC&Kceq9%#tb-`VM4M|1*wxYB&+Z@4$Q=x(WYT!T?&bRC zb<5i@s0q06#ZPA{MESH3yQC3&?gfA-VH_oJ`)I$wukAVH25#Kg(1dAX)GeCxRgM;> z0dZj|H+wt*{v0!d(E9Tswb^|TzE7EZdmet=c>T~Jq&a+-NZQ2%aGYK`GnN&xf{7dh z*<>my4Y(#e1&jF7_Q;!NGU%(>X`Xil;)+P%1iGy1{TU_zxA%((x zRM(B+`CRM-Pk|=WJklS*syoTB4_{49E!20l?e}zrn3hAnkchRWOH{FZ{8Y?g(&QX~ z4^LeslZQ`ZP1P&WFUoNp_A7Xac()TpiHfWcROO|?1bIr7L~;)=!}7-Am;?Fuoc>AP zZ_8v?v)P@g`C*NSzq(hOW56m<;e0d-6|r1tQ@q4#`}(M+b9z)oYUTOG!l}2l z;YO0)9h~?n7`oTH?qjVo=(NR{~a$Rs!CmidYMQGgoNi$Pe=>PfT!{- z5v%JzgNYw{VOrzm%K;uKomu&HH(vx^`kTjG2uQgunhY`gM*7-v;DiH2wu(w!T8~Ab#yEhed|C1FLFPDIuuP!X9zS)VM=!oJZq&6Y z(W1I}H<1#J{PeKHq0aN$>v=T50mI2KOr(QTNxefjD1X|4@SLjH6SKt<-EfKT8 z!J*C12+21(2H?9=Ut)pZQAdRI+exs45K_ue=yqEihM2 zF(m9@41AR%+bD`QXUB%;p$qhE5InjH*ti)e68&8@$3x6Z9Ne^x7qDXQ@;*F`ay5cs zg@gT<`y)cuy8qwYA5$9(dj>mG7e-?zPX`x!#(%{KUsjl8PvzM$HegAy910-G)J)8X zZFXCc1y&P5=^!{*V!V;Z?{UZrl`MzleEm3|afA4q*pRSw*974LG(XchmCD+A0ZhB6 zm&!>{dwdF0|EScA8PkJV6B&6nm%=n!mwnqwmwj5iZe)9QT!UqUMi0+ft3#b_!+jQ! zu7Ii0R5ERSzf#zOxKo|+294W>p*O?)}LiEtf7Re>fQ0F ztTpoyEpI`e)2=DsR=&a?0W#tH!rc+qWIRduD2d`MGp2oAG@te}&Mn&qqdte9^y_Oo zOIIeS10`YO0`8vN4-PNfNYW-y|!UwhK=00!dBx1X8aN z+FTq3IbU5XWp9|T;SjK1flfa?)G26e5V6<&gSHQr}(7J zq|hLeYAC{I3mf%%@7VKMsGvVnmWP*U9;v&N)TU>;6b8(7$EjS!H31PJ_)=0mQ6K>A z+8wPDK_`-`rFw=tDDs8a$fYrx(IKpu)WHKn_n?bYHJdoL2>3fkNdKgkd|*@Fa6GT7 zBqR9IO{^_IpZX`TT7&KRh=So)*Jrq)8X#L%g-|eK$p`ukTf~|~Zoj-(f^XTA@Hwd^ zI1-RDW|peQAc;AbEk8K$jHkJ{Ccm}T>lkP*zQO&z zvD`ue{NRpPjH2pkkVq#}<#*vjF`wegFoMdsOQ{>cRViNc^Bo_B)t(zF#l>QOb9DRP zA@?wO2%LW|rg*Um;QvtOa+3pU^#JXafzaAvzq`en|DHHnSbPu$)b`06gLiIAeQc1Mx;J`eyOu5w06wJ1Y?kstj;Da}1e`Tv zP=%_zAvC-J>Q1=gML*jSRrd{(P4N4WdQTs6ab)=mvgM+5V5EQfH@Y@o*dvVb*VmH( zpy&|Dyo>mpRyyQOWAfAtO3Q?=22*>;x^EL+h)6d_yE+;QKDc?y!Otvm<1v*3jO zV9Tan?+^ej)mbgG8indDB{57$u0E2)B5+jik&FjG0c1%V8|2R&G7soht@jL{5!v2r z%J2!=5NHg>{uO_kRxJGPl@6ETODQ@Od9u;J!%ThXIf(zDd=a&%fJ9>sh1|}C1OG|S zoT^D09O1Do_$$6NsI0hbi0{^)aKf73p>jGQ9TCybHh$ z7PWq>QN9^&yGfSkANA#iWITclBcITCI)4cYpSSp;NPE1)KC{$=^b0BGRAZBlJAarGObZKs9E-4^9WN$!jZ*(qna&>cbK8Roh6A=Oc zAO!+RLDYZK0viJc3ke7Z0|EpU0tf>H76JnS0v-VZ7k~f?2@rp2`ZsF=1qs7b0Gte! zjm78uU+6u-;iFZb9r6Pq=KBDkyneB(l2j|CFZdUWvAl2pRf(AyodP`sNkP=t5C{Oj zSKINw!U~g36q?_!)SimDvsVf}l~bmCMy`us62gDH$COXb6r(03DjPy19aG(&p9y_*T z08+AtHC(}N!KVw^YXI+cU$;(<&n+;tVawXkK}1R8z)w-hi><2d zr`~_l{U0dI6b|2yk{A<|XCOkcmxsYWFd=ONTFjYdlSkbh5%=S`L>+64C z*AL*UGNeb9UH^Ja(WizI|0jkt=(f_7CVyuv4EQem8!pv%9E8lq>N+L1lhhX`;R6u# zJ;p1$t?RZ90Z*rteKkkFlk{GHiFAsyJKD=2`}+EvRENCcG*BNcXN=h6tXSIhHNiR+ z00C4AbJQ61T|TO3yn2@rp2`ZsF=1qpRk0HEhp{jwdwXp$CTI(Ky?7s)bF)=vPS X%S7gSDn?e@BJwM!P+tT2KuORIj%`qQ delta 7 OcmX>b^wDEOp$Y&Hc>|sR diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php new file mode 100644 index 0000000..4f23a84 --- /dev/null +++ b/tests/phpseclib_suite.php @@ -0,0 +1,41 @@ +assertSame($verify->verify($m), TRUE); + } + + public function testUncompressedOpsRSA() { + $this->oneMessageRSA('pubring.gpg', 'uncompressed-ops-rsa.gpg'); + } + + public function testCompressedSig() { + $this->oneMessageRSA('pubring.gpg', 'compressedsig.gpg'); + } + + public function testCompressedSigZLIB() { + $this->oneMessageRSA('pubring.gpg', 'compressedsig-zlib.gpg'); + } + + public function testCompressedSigBzip2() { + $this->oneMessageRSA('pubring.gpg', 'compressedsig-bzip2.gpg'); + } + +/* + public function testUncompressedOpsDSA() { + $this->oneMessageDSA('pubring.gpg', 'uncompressed-ops-dsa.gpg'); + } + + public function testUncompressedOpsDSAsha384() { + $this->oneMessageDSA('pubring.gpg', 'uncompressed-ops-dsa-sha384.gpg'); + } +*/ +} diff --git a/tests/suite.php b/tests/suite.php index 1fabf72..b417098 100644 --- a/tests/suite.php +++ b/tests/suite.php @@ -1,6 +1,6 @@ Date: Sun, 20 Jan 2013 19:09:36 -0500 Subject: [PATCH 050/176] dependencies for travis --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index 3c5da86..de7125a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,3 +2,6 @@ language: php php: - "5.4" - "5.3" +before_script: + - pear channel-discover phpseclib.sourceforge.net + - pear install phpseclib/Crypt_RSA From f9ea5ee0e58cf1b372da5822679e1dc66c23c2ca Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sun, 20 Jan 2013 19:23:33 -0500 Subject: [PATCH 051/176] Try without pear --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index de7125a..4cfe693 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,5 +3,5 @@ php: - "5.4" - "5.3" before_script: - - pear channel-discover phpseclib.sourceforge.net - - pear install phpseclib/Crypt_RSA + - git clone git://github.com/phpseclib/phpseclib.git phpseclib + - mv phpseclib/phpseclib/* ./ From 4263d031889d4aa84965b8593c32ecfb80bfa0a1 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sun, 20 Jan 2013 21:44:33 -0500 Subject: [PATCH 052/176] Restructure signing code All sorts of signatures can be verified now, and it is easier to extract information from the verified signature packets. --- lib/openpgp.php | 140 +++++++++++++++++++++++++++++--------- lib/openpgp_crypt_rsa.php | 39 ++++++++--- phpunit.xml | 4 ++ tests/data/helloKey.gpg | Bin 0 -> 1598 bytes tests/phpseclib_suite.php | 15 +++- tests/suite.php | 18 ++--- 6 files changed, 163 insertions(+), 53 deletions(-) create mode 100644 tests/data/helloKey.gpg diff --git a/lib/openpgp.php b/lib/openpgp.php index d529ef2..6c0686e 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -171,36 +171,116 @@ function to_bytes() { return $bytes; } - function signature_and_data($index=0) { + /** + * Extract signed objects from a well-formatted message + * + * Recurses into CompressedDataPacket + * + * + */ + function signatures() { $msg = $this; - while($msg[0] instanceof OpenPGP_CompressedDataPacket) $msg = $msg[0]; + while($msg[0] instanceof OpenPGP_CompressedDataPacket) $msg = $msg[0]->data; - $i = 0; - foreach($msg as $p) { - if($p instanceof OpenPGP_SignaturePacket) { - if($i == $index) $signature_packet = $p; - $i++; + $key = NULL; + $userid = NULL; + $subkey = NULL; + $sigs = array(); + $final_sigs = array(); + + foreach($msg as $idx => $p) { + if($p instanceof OpenPGP_LiteralDataPacket) { + return array(array($p, array_values(array_filter($msg->packets, function($p) { + return $p instanceof OpenPGP_SignaturePacket; + })))); + } else if($p instanceof OpenPGP_PublicSubkeyPacket || $p instanceof OpenPGP_SecretSubkeyPacket) { + if($userid) { + array_push($final_sigs, array($key, $userid, $sigs)); + $userid = NULL; + } else if($subkey) { + array_push($final_sigs, array($key, $subkey, $sigs)); + $key = NULL; + } + $sigs = array(); + $subkey = $p; + } else if($p instanceof OpenPGP_PublicKeyPacket) { + if($userid) { + array_push($final_sigs, array($key, $userid, $sigs)); + $userid = NULL; + } else if($subkey) { + array_push($final_sigs, array($key, $subkey, $sigs)); + $subkey = NULL; + } else if($key) { + array_push($final_sigs, array($key, $sigs)); + $key = NULL; + } + $sigs = array(); + $key = $p; + } else if($p instanceof OpenPGP_UserIDPacket) { + if($userid) { + array_push($final_sigs, array($key, $userid, $sigs)); + $userid = NULL; + } else if($key) { + array_push($final_sigs, array($key, $sigs)); + } + $sigs = array(); + $userid = $p; + } else if($p instanceof OpenPGP_SignaturePacket) { + $sigs[] = $p; } - if($p instanceof OpenPGP_LiteralDataPacket) $data_packet = $p; - if(isset($signature_packet) && isset($data_packet)) break; } - return array($signature_packet, $data_packet); + if($userid) { + array_push($final_sigs, array($key, $userid, $sigs)); + } else if($subkey) { + array_push($final_sigs, array($key, $subkey, $sigs)); + } else if($key) { + array_push($final_sigs, array($key, $sigs)); + } + + return $final_sigs; } /** - * Function to verify signature number $index - * $verifiers is an array of callbacks formatted like array('RSA' => array('SHA256' => CALLBACK)) that take two parameters: message and signature + * Function to extract verified signatures + * $verifiers is an array of callbacks formatted like array('RSA' => array('SHA256' => CALLBACK)) that take two parameters: raw message and signature packet */ - function verify($verifiers, $index=0) { - list($signature_packet, $data_packet) = $this->signature_and_data($index); - if(!$signature_packet || !$data_packet) return NULL; // No signature or no data + function verified_signatures($verifiers) { + $signed = $this->signatures(); + $vsigned = array(); + + foreach($signed as $sign) { + $signatures = array_pop($sign); + $vsigs = array(); + + foreach($signatures as $sig) { + $verifier = $verifiers[$sig->key_algorithm_name()][$sig->hash_algorithm_name()]; + if($verifier && $this->verify_one($verifier, $sign, $sig)) { + $vsigs[] = $sig; + } + } + array_push($sign, $vsigs); + $vsigned[] = $sign; + } - $verifier = $verifiers[$signature_packet->key_algorithm_name()][$signature_packet->hash_algorithm_name()]; - if(!$verifier) return NULL; // No verifier + return $vsigned; + } - $data_packet->normalize(); - return call_user_func($verifier, $data_packet->data.$signature_packet->trailer, $signature_packet->data); + function verify_one($verifier, $sign, $sig) { + if($sign[0] instanceof OpenPGP_LiteralDataPacket) { + $sign[0]->normalize(); + $raw = $sign[0]->data; + } else if(isset($sign[1]) && $sign[1] instanceof OpenPGP_UserIDPacket) { + $raw = implode('', array_merge($sign[0]->fingerprint_material(), array(chr(0xB4), + pack('N', strlen($sign[1]->body())), $sign[1]->body()))); + } else if(isset($sign[1]) && ($sign[1] instanceof OpenPGP_PublicSubkeyPacket || $sign[1] instanceof OpenPGP_SecretSubkeyPacket)) { + $raw = implode('', array_merge($sign[0]->fingerprint_material(), $sign[1]->fingerprint_material())); + } else if($sign[0] instanceof OpenPGP_PublicKeyPacket) { + $raw = implode('', $sign[0]->fingerprint_material()); + } else { + return NULL; + } + return call_user_func($verifier, $raw.$sig->trailer, $sig); } // IteratorAggregate interface @@ -285,8 +365,7 @@ static function parse_new_format($input) { return array($tag, 3, (($len - 192) << 8) + ord($input[2]) + 192); } if($len == 255) { // Five octet length - $unpacked = unpack('N', substr($input, 2, 4)); - return array($tag, 6, array_pop($unpacked)); + return array($tag, 6, reset(unpack('N', substr($input, 2, 4)))); } // TODO: Partial body lengths. 1 << ($len & 0x1F) } @@ -366,8 +445,7 @@ function read_mpi() { * @see http://php.net/manual/en/function.unpack.php */ function read_unpacked($count, $format) { - $unpacked = unpack($format, $this->read_bytes($count)); - return array_pop($unpacked); + return reset(unpack($format, $this->read_bytes($count))); } function read_byte() { @@ -457,8 +535,7 @@ function sign_data($signers) { $this->trailer = $this->body(true); $signer = $signers[$this->key_algorithm_name()][$this->hash_algorithm_name()]; $this->data = call_user_func($signer, $this->data.$this->trailer); - $unpacked = unpack('n', substr($this->data, 0, 2)); - $this->hash_head = array_pop($unpacked); + $this->hash_head = reset(unpack('n', substr($this->data, 0, 2))); } function read() { @@ -623,8 +700,7 @@ static function get_subpacket(&$input) { } if($len == 255) { // Five octet length $length_of_length = 5; - $unpacked = unpack('N', substr($input, 1, 4)); - $len = array_pop($unpacked); + $len = reset(unpack('N', substr($input, 1, 4))); } $input = substr($input, $length_of_length); // Chop off length header $tag = ord($input[0]); @@ -1520,27 +1596,27 @@ function __construct($name='', $comment='', $email='') { } function read() { - $this->text = $this->input; + $this->data = $this->input; // User IDs of the form: "name (comment) " - if (preg_match('/^([^\(]+)\(([^\)]+)\)\s+<([^>]+)>$/', $this->text, $matches)) { + if (preg_match('/^([^\(]+)\(([^\)]+)\)\s+<([^>]+)>$/', $this->data, $matches)) { $this->name = trim($matches[1]); $this->comment = trim($matches[2]); $this->email = trim($matches[3]); } // User IDs of the form: "name " - else if (preg_match('/^([^<]+)\s+<([^>]+)>$/', $this->text, $matches)) { + else if (preg_match('/^([^<]+)\s+<([^>]+)>$/', $this->data, $matches)) { $this->name = trim($matches[1]); $this->comment = NULL; $this->email = trim($matches[2]); } // User IDs of the form: "name" - else if (preg_match('/^([^<]+)$/', $this->text, $matches)) { + else if (preg_match('/^([^<]+)$/', $this->data, $matches)) { $this->name = trim($matches[1]); $this->comment = NULL; $this->email = NULL; } // User IDs of the form: "" - else if (preg_match('/^<([^>]+)>$/', $this->text, $matches)) { + else if (preg_match('/^<([^>]+)>$/', $this->data, $matches)) { $this->name = NULL; $this->comment = NULL; $this->email = trim($matches[2]); diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index 1e9456b..9b455ac 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -50,23 +50,40 @@ function private_key($keyid=NULL) { // Pass a message to verify with this key, or a key (OpenPGP or Crypt_RSA) to check this message with // Second optional parameter to specify which signature to verify (if there is more than one) function verify($packet, $index=0) { + $self = $this; // For old PHP if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet); - if($packet instanceof OpenPGP_Message && !($packet[0] instanceof OpenPGP_PublicKeyPacket)) { - list($signature_packet, $data_packet) = $packet->signature_and_data($index); - $key = $this->public_key($signature_packet->issuer()); - if(!$key || $signature_packet->key_algorithm_name() != 'RSA') return NULL; - $key->setHash(strtolower($signature_packet->hash_algorithm_name())); - return $packet->verify(array('RSA' => array($signature_packet->hash_algorithm_name() => function($m, $s) use($key) {return $key->verify($m, $s[0]);}))); + if(!$this->message) { + $m = $packet; + $verifier = function($m, $s) use($self) { + $key = $self->public_key($s->issuer()); + if(!$key) return false; + $key->setHash(strtolower($s->hash_algorithm_name())); + return $key->verify($m, reset($s->data)); + }; } else { - list($signature_packet, $data_packet) = $this->message->signature_and_data($index); - if(!$this->message || $signature_packet->key_algorithm_name() != 'RSA') return NULL; if(!($packet instanceof Crypt_RSA)) { $packet = new self($packet); - $packet = $packet->public_key($signature_packet->issuer()); } - $packet->setHash(strtolower($signature_packet->hash_algorithm_name())); - return $this->message->verify(array('RSA' => array($signature_packet->hash_algorithm_name() => function($m, $s) use($packet) {return $packet->verify($m, $s[0]);}))); + + $m = $this->message; + $verifier = function($m, $s) use($self, $packet) { + if(!($packet instanceof Crypt_RSA)) { + $key = $packet->public_key($s->issuer()); + } + if(!$key) return false; + $key->setHash(strtolower($s->hash_algorithm_name())); + return $key->verify($m, reset($s->data)); + }; } + + return $m->verified_signatures(array('RSA' => array( + 'MD5' => $verifier, + 'SHA1' => $verifier, + 'SHA224' => $verifier, + 'SHA256' => $verifier, + 'SHA384' => $verifier, + 'SHA512' => $verifier + ))); } // Pass a message to sign with this key, or a secret key to sign this message with diff --git a/phpunit.xml b/phpunit.xml index 8049722..41b0d95 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -11,5 +11,9 @@ tests/phpseclib_suite.php + + + tests/phpseclib_suite.php + diff --git a/tests/data/helloKey.gpg b/tests/data/helloKey.gpg new file mode 100644 index 0000000000000000000000000000000000000000..b1dd07809b2a0349d006c74d158edd5e3276b402 GIT binary patch literal 1598 zcmV-E2EqB20yzXvcM>E41mMg^G;*uss=TRo*CUKrHG%M>TL8dv3N}=1QwS*vK8EV7 znfH*;-+XYkE(F|H zE>9Dt_?R5$(PPfhu-8B4{@^&fBIWy$J|$Iu3x%L-B463Kb?}48vZ#c8Twq`nb(U+Y zK^p{zx=CmYrN&1l-ySeAl!1POV?ue&Vk=r_oPq{~iV@#Rdb ziLiCpBx~!syN17RfQY}LmJ``gl!7{tqU4wJsrxD!@qi3Vb)jtRzoL>S)FbI2>YG>@3 z8$>-iPR}TM+Ytp`3Ko4Q!JkZ3E(~Bwbt`AGr2=jw6e`o#X@#!-C69^U={epX1t1g& zwS&1Wa1Q)%-__R6>Q@|?{n<>oB-+749I0ij{5eorE58v_Li5bDo>1`7!Y2Ll2I6$kKx- z4wXFw-Z=9Ot>0YVE$W*1Ij$Wy0Yzkltg1V+eA>*JYV`WHC15$BUg`gcVG8>4nu#7w z9)6#lp^k=C0yA*9pz6`Eb!hH*;kL2ZThEKB7-V(rS#L<o z(X{2g)XRZWkt7zsxc!mmQgb{&twDs$^?{X>xTx!W|H7VgFg~F}q{ifLRLgRJ5$$4X z6TSQRa&oC*&@E8%w4`}~gH$dwRD2*T&#*$iRDr^*3hE!;LdJ@*wlux!`##U}kr@9l z8;JJ4IbY)9+=&@e*-AAjaM)nVq`#~w0&v%|(g?~-I;Inr4Z-TcOFfTg&g=!{6Y)6l zNq@9dI9|YN)RwOUYe+pQBNLv}r0KpU(5$v^*92xO$IC-m{PI~C&4Y^sl56w*FA5+7 z0&v}Y!gI1Vh&Okd#TX~D#V(|S7 z%M~qnI5Qs->&hM@H>?xvETFW&;v~kaHKx-4mk(}-4eD^3AdVD zQq*1&qycS|`1$ypqfW|}$PR3I2Xo5-%FoovQ6+f$@VnGK4%5G4MURT)yUqD6so1%aR+QQaaXI&`eiRXs|%ojv@mNabKl_< wOf#Z1qRP7SZPUy}d5R?Po`J)u(MTgyP%fShW?UQIcRi4g$O!Xly0|o9Yk;`(J^%m! literal 0 HcmV?d00001 diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index 4f23a84..90e0725 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -10,7 +10,7 @@ public function oneMessageRSA($pkey, $path) { $pkeyM = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/' . $pkey)); $m = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/' . $path)); $verify = new OpenPGP_Crypt_RSA($pkeyM); - $this->assertSame($verify->verify($m), TRUE); + $this->assertSame($verify->verify($m), $m->signatures()); } public function testUncompressedOpsRSA() { @@ -39,3 +39,16 @@ public function testUncompressedOpsDSAsha384() { } */ } + + +class KeyVerification extends PHPUnit_Framework_TestCase { + public function oneKeyRSA($path) { + $m = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/' . $path)); + $verify = new OpenPGP_Crypt_RSA($m); + $this->assertSame($verify->verify($m), $m->signatures()); + } + + public function testHelloKey() { + $this->oneKeyRSA("helloKey.gpg"); + } +} diff --git a/tests/suite.php b/tests/suite.php index b417098..6ee09c0 100644 --- a/tests/suite.php +++ b/tests/suite.php @@ -378,15 +378,15 @@ public function test000001006public_key() { $this->oneFingerprint("000001-006.public_key", "421F28FEAAD222F856C8FFD5D4D54EA16F87040E"); } - public function test000016006public_key() { - $this->oneFingerprint("000016-006.public_key", "AF95E4D7BAC521EE9740BED75E9F1523413262DC"); - } + public function test000016006public_key() { + $this->oneFingerprint("000016-006.public_key", "AF95E4D7BAC521EE9740BED75E9F1523413262DC"); + } - public function test000027006public_key() { - $this->oneFingerprint("000027-006.public_key", "1EB20B2F5A5CC3BEAFD6E5CB7732CF988A63EA86"); - } + public function test000027006public_key() { + $this->oneFingerprint("000027-006.public_key", "1EB20B2F5A5CC3BEAFD6E5CB7732CF988A63EA86"); + } - public function test000035006public_key() { - $this->oneFingerprint("000035-006.public_key", "CB7933459F59C70DF1C3FBEEDEDC3ECF689AF56D"); - } + public function test000035006public_key() { + $this->oneFingerprint("000035-006.public_key", "CB7933459F59C70DF1C3FBEEDEDC3ECF689AF56D"); + } } From 7a1510f2e1ae57a142167954670ab5f21597a1c4 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sun, 20 Jan 2013 21:49:48 -0500 Subject: [PATCH 053/176] Remove unsafe uses of reset --- lib/openpgp.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 6c0686e..d36a5c0 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -365,7 +365,8 @@ static function parse_new_format($input) { return array($tag, 3, (($len - 192) << 8) + ord($input[2]) + 192); } if($len == 255) { // Five octet length - return array($tag, 6, reset(unpack('N', substr($input, 2, 4)))); + $unpacked = unpack('N', substr($input, 2, 4)); + return array($tag, 6, reset($unpacked)); } // TODO: Partial body lengths. 1 << ($len & 0x1F) } @@ -445,7 +446,8 @@ function read_mpi() { * @see http://php.net/manual/en/function.unpack.php */ function read_unpacked($count, $format) { - return reset(unpack($format, $this->read_bytes($count))); + $unpacked = unpack($format, $this->read_bytes($count)); + return reset($unpacked); } function read_byte() { @@ -535,7 +537,8 @@ function sign_data($signers) { $this->trailer = $this->body(true); $signer = $signers[$this->key_algorithm_name()][$this->hash_algorithm_name()]; $this->data = call_user_func($signer, $this->data.$this->trailer); - $this->hash_head = reset(unpack('n', substr($this->data, 0, 2))); + $unpacked = unpack('n', substr($this->data, 0, 2)); + $this->hash_head = reset($unpacked); } function read() { @@ -700,7 +703,8 @@ static function get_subpacket(&$input) { } if($len == 255) { // Five octet length $length_of_length = 5; - $len = reset(unpack('N', substr($input, 1, 4))); + $unpacked = unpack('N', substr($input, 1, 4)); + $len = reset($unpacked); } $input = substr($input, $length_of_length); // Chop off length header $tag = ord($input[0]); From 74afee62669d277b3a92a86d2f5e1fa367e773d7 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sun, 20 Jan 2013 22:15:49 -0500 Subject: [PATCH 054/176] Test signing at all --- lib/openpgp.php | 8 +++++--- lib/openpgp_crypt_rsa.php | 5 +++-- tests/phpseclib_suite.php | 9 +++++++++ 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index d36a5c0..3b81b36 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -534,10 +534,10 @@ function __construct($data=NULL, $key_algorithm=NULL, $hash_algorithm=NULL) { * $signers in the same format as $verifiers for OpenPGP_Message. */ function sign_data($signers) { - $this->trailer = $this->body(true); + $this->trailer = $this->calculate_trailer(); $signer = $signers[$this->key_algorithm_name()][$this->hash_algorithm_name()]; $this->data = call_user_func($signer, $this->data.$this->trailer); - $unpacked = unpack('n', substr($this->data, 0, 2)); + $unpacked = unpack('n', substr(implode('',$this->data), 0, 2)); $this->hash_head = reset($unpacked); } @@ -608,6 +608,8 @@ function body_start() { $hashed_subpackets .= $p->to_bytes(); } $body .= pack('n', strlen($hashed_subpackets)).$hashed_subpackets; + + return $body; } function body() { @@ -653,7 +655,7 @@ function body() { $body .= pack('n', $this->hash_head); - foreach($this->data as $mpi) { + foreach((array)$this->data as $mpi) { $body .= pack('n', OpenPGP::bitlength($mpi)).$mpi; } diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index 9b455ac..7953d6b 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -110,7 +110,8 @@ function sign($packet, $hash='SHA256', $keyid=NULL) { if(!$key || !$message) return NULL; // Missing some data if($message instanceof OpenPGP_Message) { - list($dummy, $message) = $message->signature_and_data(); + $sign = $message->signatures(); + $message = $sign[0][0]; } if(!($key instanceof Crypt_RSA)) { @@ -122,7 +123,7 @@ function sign($packet, $hash='SHA256', $keyid=NULL) { $sig = new OpenPGP_SignaturePacket($message, 'RSA', strtoupper($hash)); $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid); - $sig->sign_data(array('RSA' => array($hash => array($key, 'sign')))); + $sig->sign_data(array('RSA' => array($hash => function($data) use($key) {return array($key->sign($data));}))); return new OpenPGP_Message(array($sig, $message)); } diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index 90e0725..19dd665 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -29,6 +29,15 @@ public function testCompressedSigBzip2() { $this->oneMessageRSA('pubring.gpg', 'compressedsig-bzip2.gpg'); } + public function testSigningMessages() { + $wkey = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/helloKey.gpg')); + $data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt')); + $sign = new OpenPGP_Crypt_RSA($wkey); + $m = $sign->sign($data)->to_bytes(); + $reparsedM = OpenPGP_Message::parse($m); + $this->assertSame($sign->verify($reparsedM), $reparsedM->signatures()); + } + /* public function testUncompressedOpsDSA() { $this->oneMessageDSA('pubring.gpg', 'uncompressed-ops-dsa.gpg'); From dffa0ecaa21077acdf605c4ebb3244425b438567 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 21 Jan 2013 15:20:23 -0500 Subject: [PATCH 055/176] Generalize S2K support, and support SymmetricSessionKeyPacket --- lib/openpgp.php | 78 +++++++++++++++++++++++++++++++++++++++---------- tests/suite.php | 8 +++++ 2 files changed, 70 insertions(+), 16 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 3b81b36..6fda942 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -110,6 +110,52 @@ static function encode_s2k_count($iterations) { } } +class OpenPGP_S2K { + public $type, $hash_algorithm, $salt, $count; + + static function parse(&$input) { + $s2k = new OpenPGP_S2k(); + switch($s2k->type = ord($input{0})) { + case 0: + $s2k->hash_algorithm = ord($input{1}); + $input = substr($input, 2); + break; + case 1: + $s2k->hash_algorithm = ord($input{1}); + $s2k->salt = substr($input, 2, 8); + $input = substr($input, 10); + break; + case 3: + $s2k->hash_algorithm = ord($input{1}); + $s2k->salt = substr($input, 2, 8); + $s2k->count = OpenPGP::decode_s2k_count($input{9}); + $input = substr($input, 11); + break; + } + + return $s2k; + } + + function to_bytes() { + $bytes = chr($this->type); + switch($this->type) { + case 0: + $bytes .= chr($this->hash_algorithm); + break; + case 1: + $bytes .= chr($this->hash_algorithm); + $bytes .= $this->salt; + break; + case 3: + $bytes .= chr($this->hash_algorithm); + $bytes .= $this->salt; + $bytes .= chr(OpenPGP::encode_s2k_count($this->count)); + break; + } + return $bytes; + } +} + ////////////////////////////////////////////////////////////////////////////// // OpenPGP messages @@ -1121,7 +1167,19 @@ function header_and_body() { * @see http://tools.ietf.org/html/rfc4880#section-5.3 */ class OpenPGP_SymmetricSessionKeyPacket extends OpenPGP_Packet { - // TODO + public $version, $symmetric_algorithm, $s2k, $encrypted_data; + + function read() { + $this->version = ord($this->read_byte()); + $this->symmetric_algorithm = ord($this->read_byte()); + $this->s2k = OpenPGP_S2k::parse($this->input); + $this->encrypted_data = $this->input; + } + + function body() { + return chr($this->version) . chr($this->symmetric_algorithm) . + $this->s2k->to_bytes() . $this->encrypted_data; + } } /** @@ -1335,18 +1393,13 @@ class OpenPGP_PublicSubkeyPacket extends OpenPGP_PublicKeyPacket { * @see http://tools.ietf.org/html/rfc4880#section-12 */ class OpenPGP_SecretKeyPacket extends OpenPGP_PublicKeyPacket { - public $s2k_useage, $s2k_type, $s2k_hash_algorithm, $s2k_salt, $s2k_count, $symmetric_type, $private_hash, $encrypted_data; + public $s2k_useage, $s2k, $symmetric_type, $private_hash, $encrypted_data; function read() { parent::read(); // All the fields from PublicKey $this->s2k_useage = ord($this->read_byte()); if($this->s2k_useage == 255 || $this->s2k_useage == 254) { $this->symmetric_type = ord($this->read_byte()); - $this->s2k_type = ord($this->read_byte()); - $this->s2k_hash_algorithm = ord($this->read_byte()); - if($this->s2k_type == 1 || $this->s2k_type == 3) $this->s2k_salt = $this->read_bytes(8); - if($this->s2k_type == 3) { - $this->s2k_count = OpenPGP::decode_s2k_count(ord($this->read_byte())); - } + $this->s2k = OpenPGP_S2k::parse($this->input); } else if($this->s2k_useage > 0) { $this->symmetric_type = $this->s2k_useage; } @@ -1390,14 +1443,7 @@ function body() { $secret_material = NULL; if($this->s2k_useage == 255 || $this->s2k_useage == 254) { $bytes .= chr($this->symmetric_type); - $bytes .= chr($this->s2k_type); - $bytes .= chr($this->s2k_hash_algorithm); - if($this->s2k_type == 1 || $this->s2k_type == 3) { - $bytes .= $this->s2k_salt; - } - if($this->s2k_type == 3) { - $bytes .= chr(OpenPGP::encode_s2k_count($this->s2k_count)); - } + $bytes .= $this->s2k->to_bytes(); } if($this->s2k_useage > 0) { $bytes .= $this->encrypted_data; diff --git a/tests/suite.php b/tests/suite.php index 6ee09c0..1752d0b 100644 --- a/tests/suite.php +++ b/tests/suite.php @@ -366,6 +366,14 @@ public function testuncompressedopsdsasha384txtgpg() { public function testuncompressedopsrsagpg() { $this->oneSerialization("uncompressed-ops-rsa.gpg"); } + + public function testSymmetricAES() { + $this->oneSerialization("symmetric-aes.gpg"); + } + + public function testSymmetricNoMDC() { + $this->oneSerialization("symmetric-no-mdc.gpg"); + } } class Fingerprint extends PHPUnit_Framework_TestCase { From 68b20475086bc92fa5cae0158030cd4943ce37d3 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 21 Jan 2013 15:33:46 -0500 Subject: [PATCH 056/176] Both kinds of EncryptedDataPacket --- lib/openpgp.php | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 6fda942..0e929ac 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -1562,7 +1562,13 @@ function offsetUnset($offset) { * @see http://tools.ietf.org/html/rfc4880#section-5.7 */ class OpenPGP_EncryptedDataPacket extends OpenPGP_Packet { - // TODO + function read() { + $this->data = $this->input; + } + + function body() { + return $this->data; + } } /** @@ -1705,8 +1711,17 @@ class OpenPGP_UserAttributePacket extends OpenPGP_Packet { * * @see http://tools.ietf.org/html/rfc4880#section-5.13 */ -class OpenPGP_IntegrityProtectedDataPacket extends OpenPGP_Packet { - // TODO +class OpenPGP_IntegrityProtectedDataPacket extends OpenPGP_EncryptedDataPacket { + public $version; + + function read() { + $this->version = ord($this->read_byte()); + $this->data = $this->input; + } + + function body() { + return chr($this->version) . $this->data; + } } /** From 06cf88784648e99e61dc066c909b8abe47205f38 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 21 Jan 2013 16:00:18 -0500 Subject: [PATCH 057/176] Forgot these data files --- tests/data/symmetric-aes.gpg | 1 + tests/data/symmetric-no-mdc.gpg | 2 ++ tests/data/symmetric-with-session-key.gpg | Bin 0 -> 641 bytes 3 files changed, 3 insertions(+) create mode 100644 tests/data/symmetric-aes.gpg create mode 100644 tests/data/symmetric-no-mdc.gpg create mode 100644 tests/data/symmetric-with-session-key.gpg diff --git a/tests/data/symmetric-aes.gpg b/tests/data/symmetric-aes.gpg new file mode 100644 index 0000000..f148ada --- /dev/null +++ b/tests/data/symmetric-aes.gpg @@ -0,0 +1 @@ +Œ  »†FÝyDã`Ò>ì~i•XaMé©MÂÛ7*W£ÛK1®IºÉ&¢·UÞ]-axósön´ìíÖŽ‘ì©ó§jUÄûÇ•%ÀøÔ©eÚ \ No newline at end of file diff --git a/tests/data/symmetric-no-mdc.gpg b/tests/data/symmetric-no-mdc.gpg new file mode 100644 index 0000000..40d31b0 --- /dev/null +++ b/tests/data/symmetric-no-mdc.gpg @@ -0,0 +1,2 @@ +Œ [¨¡JH×BÉ`É#¥{Õ%íû‘|ž©6™buâC» gÝ+ +HÞÄè \ No newline at end of file diff --git a/tests/data/symmetric-with-session-key.gpg b/tests/data/symmetric-with-session-key.gpg new file mode 100644 index 0000000000000000000000000000000000000000..0b623f1e5f229e0ece6f8067edb3c9613931a179 GIT binary patch literal 641 zcmV-{0)G940t^EH00000000015CDki@mp&_T8G86o%p^~1eCpmKLt7TF6s&cvs1oo zwuH2Ci5U|ju@si%Ma18%Q6m0pXOVr{hQ%*WpO)a%bVlZH%4U}8nC*TN86)Oe6&UN9 z`vCfF3DsC^RY#^QtKThR*q06Au7Acbwbi;Dfkm4lBFr~6ngR^+M3{MT$yJzCi^skV z)W9Z*65d1dQ)vqYbw@9XR#1$m6kcTkejkchT6mx|o=kIkHOgSfM*bqy;s^1X`W2e} zCV>#9-e(QB()#2DTPg%^eo1rhqE!YJhOmBt&YzvmTUt;}5eX=GJV8lLJDP;y&tFrD z0T!nfSN44!=+8IqhLT>Q?J)6usED6-!O701$t1_Hg99#vocd7D`|ix@^5{Dj>h;BJ zpv^kvEa%<)g4htLPqp+jJTPHbUJp9(Hfk$aQtqh_JnBnOoV?|g&p52Aqs)^}#ZKJ# z@D+Mk8Pv3F08GNM#w`x_F|QY2z9Wohy$Lu|h*h(Z(s{DBxn@pU~ClqQjD8DHHK$5X+|T3tuAF_$BhNeB&;*ckRe+T;n@m#hP-R0 zaS7XMvk{;;svQvDujP9xll}0((_ literal 0 HcmV?d00001 From bf8201f4321a66f76bc725cad3ed21813e4e0404 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 21 Jan 2013 18:18:13 -0500 Subject: [PATCH 058/176] Start work on decryption --- lib/openpgp.php | 33 ++++++++++++++++++- lib/openpgp_phpseclib_crypt.php | 57 +++++++++++++++++++++++++++++++++ tests/phpseclib_suite.php | 29 +++++++++++++++++ 3 files changed, 118 insertions(+), 1 deletion(-) create mode 100644 lib/openpgp_phpseclib_crypt.php diff --git a/lib/openpgp.php b/lib/openpgp.php index 0e929ac..0e63968 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -128,7 +128,7 @@ static function parse(&$input) { case 3: $s2k->hash_algorithm = ord($input{1}); $s2k->salt = substr($input, 2, 8); - $s2k->count = OpenPGP::decode_s2k_count($input{9}); + $s2k->count = OpenPGP::decode_s2k_count(ord($input{10})); $input = substr($input, 11); break; } @@ -154,6 +154,37 @@ function to_bytes() { } return $bytes; } + + function raw_hash($s) { + return hash(strtolower(OpenPGP_SignaturePacket::$hash_algorithms[$this->hash_algorithm]), $s, true); + } + + function sized_hash($s, $size) { + $hash = $this->raw_hash($s); + while(strlen($hash) < $size) { + $s = "\0" . $s; + $hash .= $this->raw_hash($s); + } + + return substr($hash, 0, $size); + } + + function iterate($s) { + if(strlen($s) >= $this->count) return $s; + $s = str_repeat($s, ceil($this->count / strlen($s))); + return substr($s, 0, $this->count); + } + + function make_key($pass, $size) { + switch($this->type) { + case 0: + return $this->sized_hash($pass, $size); + case 1: + return $this->sized_hash($this->salt . $pass, $size); + case 3: + return $this->sized_hash($this->iterate($this->salt . $pass), $size); + } + } } ////////////////////////////////////////////////////////////////////////////// diff --git a/lib/openpgp_phpseclib_crypt.php b/lib/openpgp_phpseclib_crypt.php new file mode 100644 index 0000000..cd14c04 --- /dev/null +++ b/lib/openpgp_phpseclib_crypt.php @@ -0,0 +1,57 @@ +symmetric_algorithm) { + case 7: + $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); + $cipher->setKeyLength(128); + break; + case 8: + $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); + $cipher->setKeyLength(192); + break; + case 9: + $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); + $cipher->setKeyLength(256); + break; + } + if(!$cipher) continue; // Unsupported cipher + + $cipher->setKey($p->s2k->make_key($pass, $cipher->key_size)); + $epacket = self::getEncryptedData($m); + $padAmount = $cipher->block_size - (strlen($epacket->data) % $cipher->block_size); + + if(strlen($p->encrypted_data) < 1) { + if($epacket instanceof OpenPGP_IntegrityProtectedDataPacket) { + $data = substr($cipher->decrypt($epacket->data . str_repeat("\0", $padAmount)), 0, strlen($epacket->data)); + $prefix = substr($data, 0, $cipher->block_size + 2); + $mdc = substr(substr($data, -22, 22), 2); + $data = substr($data, $cipher->block_size + 2, -22); + + $mkMDC = hash("sha1", $prefix . $data . "\xD3\x14", true); + if($mkMDC !== $mdc) return false; + + return OpenPGP_Message::parse($data); + } else { + // TODO (resync) + } + } else { + // TODO + } + } + } + } + + public static function getEncryptedData($m) { + foreach($m as $p) { + if($p instanceof OpenPGP_EncryptedDataPacket) return $p; + } + throw new Exception("Can only decrypt EncryptedDataPacket"); + } +} diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index 19dd665..559be3d 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -4,6 +4,7 @@ require_once dirname(__FILE__).'/../lib/openpgp.php'; require_once dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php'; +require_once dirname(__FILE__).'/../lib/openpgp_phpseclib_crypt.php'; class MessageVerification extends PHPUnit_Framework_TestCase { public function oneMessageRSA($pkey, $path) { @@ -61,3 +62,31 @@ public function testHelloKey() { $this->oneKeyRSA("helloKey.gpg"); } } + + +class Decryption extends PHPUnit_Framework_TestCase { + public function oneSymmetric($pass, $cnt, $path) { + $m = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/' . $path)); + $m2 = OpenPGP_phpseclib_Crypt::decryptSymmetric($pass, $m); + while($m2[0] instanceof OpenPGP_CompressedDataPacket) $m2 = $m2[0]->data; + foreach($m2 as $p) { + if($p instanceof OpenPGP_LiteralDataPacket) { + $this->assertEquals($p->data, $cnt); + } + } + } + + public function testDecryptAES() { + $this->oneSymmetric("hello", "PGP\n", "symmetric-aes.gpg"); + } + +/* TODO + public function testDecryptSessionKey() { + $this->oneSymmetric("hello", "PGP\n", "symmetric-with-session-key.gpg"); + } + + public function testDecryptNoMDC() { + $this->oneSymmetric("hello", "PGP\n", "symmetric-no-mdc.gpg"); + } +*/ +} From 567b18c1b28fd8942260307326df0e4b5a61841a Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 26 Jan 2013 11:08:18 -0500 Subject: [PATCH 059/176] Support 3DES --- ...pt.php => openpgp_crypt_aes_tripledes.php} | 18 +++++++++++++----- tests/data/symmetric-3des.gpg | Bin 0 -> 71 bytes tests/phpseclib_suite.php | 8 ++++++-- 3 files changed, 19 insertions(+), 7 deletions(-) rename lib/{openpgp_phpseclib_crypt.php => openpgp_crypt_aes_tripledes.php} (71%) create mode 100644 tests/data/symmetric-3des.gpg diff --git a/lib/openpgp_phpseclib_crypt.php b/lib/openpgp_crypt_aes_tripledes.php similarity index 71% rename from lib/openpgp_phpseclib_crypt.php rename to lib/openpgp_crypt_aes_tripledes.php index cd14c04..8e0d27b 100644 --- a/lib/openpgp_phpseclib_crypt.php +++ b/lib/openpgp_crypt_aes_tripledes.php @@ -2,12 +2,18 @@ require_once dirname(__FILE__).'/openpgp.php'; require_once 'Crypt/AES.php'; +require_once 'Crypt/TripleDES.php'; -class OpenPGP_phpseclib_Crypt { +class OpenPGP_Crypt_AES_TripleDES { public static function decryptSymmetric($pass, $m) { foreach($m as $p) { if($p instanceof OpenPGP_SymmetricSessionKeyPacket) { switch($p->symmetric_algorithm) { + case 2: + $cipher = new Crypt_TripleDES(CRYPT_DES_MODE_CFB); + $key_bytes = 24; + $key_block_bytes = 8; + break; case 7: $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); $cipher->setKeyLength(128); @@ -22,17 +28,19 @@ public static function decryptSymmetric($pass, $m) { break; } if(!$cipher) continue; // Unsupported cipher + if(!isset($key_bytes)) $key_bytes = $cipher->key_size; + if(!isset($key_block_bytes)) $key_block_bytes = $cipher->block_size; - $cipher->setKey($p->s2k->make_key($pass, $cipher->key_size)); + $cipher->setKey($p->s2k->make_key($pass, $key_bytes)); $epacket = self::getEncryptedData($m); - $padAmount = $cipher->block_size - (strlen($epacket->data) % $cipher->block_size); + $padAmount = $key_block_bytes - (strlen($epacket->data) % $key_block_bytes); if(strlen($p->encrypted_data) < 1) { if($epacket instanceof OpenPGP_IntegrityProtectedDataPacket) { $data = substr($cipher->decrypt($epacket->data . str_repeat("\0", $padAmount)), 0, strlen($epacket->data)); - $prefix = substr($data, 0, $cipher->block_size + 2); + $prefix = substr($data, 0, $key_block_bytes + 2); $mdc = substr(substr($data, -22, 22), 2); - $data = substr($data, $cipher->block_size + 2, -22); + $data = substr($data, $key_block_bytes + 2, -22); $mkMDC = hash("sha1", $prefix . $data . "\xD3\x14", true); if($mkMDC !== $mdc) return false; diff --git a/tests/data/symmetric-3des.gpg b/tests/data/symmetric-3des.gpg new file mode 100644 index 0000000000000000000000000000000000000000..0029caece648aa06ae12418a6341345290d06b54 GIT binary patch literal 71 zcmV-N0J#5*4Fm!M0^)EABgKS59AMHm0j!n(7TSmJyc<$OyV>u!G?U@!XE@fQjsV36 dc;~RSXPdata; foreach($m2 as $p) { if($p instanceof OpenPGP_LiteralDataPacket) { @@ -80,6 +80,10 @@ public function testDecryptAES() { $this->oneSymmetric("hello", "PGP\n", "symmetric-aes.gpg"); } + public function testDecrypt3DES() { + $this->oneSymmetric("hello", "PGP\n", "symmetric-3des.gpg"); + } + /* TODO public function testDecryptSessionKey() { $this->oneSymmetric("hello", "PGP\n", "symmetric-with-session-key.gpg"); From 47a7f6e25c986835a3676e7dff4ee493413a47e6 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 26 Jan 2013 11:10:45 -0500 Subject: [PATCH 060/176] Keep trying on failure --- lib/openpgp_crypt_aes_tripledes.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/openpgp_crypt_aes_tripledes.php b/lib/openpgp_crypt_aes_tripledes.php index 8e0d27b..cf1de66 100644 --- a/lib/openpgp_crypt_aes_tripledes.php +++ b/lib/openpgp_crypt_aes_tripledes.php @@ -45,7 +45,10 @@ public static function decryptSymmetric($pass, $m) { $mkMDC = hash("sha1", $prefix . $data . "\xD3\x14", true); if($mkMDC !== $mdc) return false; - return OpenPGP_Message::parse($data); + try { + $msg = OpenPGP_Message::parse($data); + } catch (Exception $ex) { $msg = NULL; } + if($msg) return $msg; /* Otherwise keep trying */ } else { // TODO (resync) } @@ -54,6 +57,8 @@ public static function decryptSymmetric($pass, $m) { } } } + + return NULL; /* If we get here, we failed */ } public static function getEncryptedData($m) { From 8c60f4e37b721544ad1f7032500808ce3fafe6d0 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 26 Jan 2013 11:17:11 -0500 Subject: [PATCH 061/176] Support the no-MDC (resync) case --- lib/openpgp_crypt_aes_tripledes.php | 20 +++++++++++++++----- tests/phpseclib_suite.php | 2 +- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/lib/openpgp_crypt_aes_tripledes.php b/lib/openpgp_crypt_aes_tripledes.php index cf1de66..9ba22a4 100644 --- a/lib/openpgp_crypt_aes_tripledes.php +++ b/lib/openpgp_crypt_aes_tripledes.php @@ -37,10 +37,10 @@ public static function decryptSymmetric($pass, $m) { if(strlen($p->encrypted_data) < 1) { if($epacket instanceof OpenPGP_IntegrityProtectedDataPacket) { - $data = substr($cipher->decrypt($epacket->data . str_repeat("\0", $padAmount)), 0, strlen($epacket->data)); - $prefix = substr($data, 0, $key_block_bytes + 2); - $mdc = substr(substr($data, -22, 22), 2); - $data = substr($data, $key_block_bytes + 2, -22); + $data = substr($cipher->decrypt($epacket->data . str_repeat("\0", $padAmount)), 0, strlen($epacket->data)); + $prefix = substr($data, 0, $key_block_bytes + 2); + $mdc = substr(substr($data, -22, 22), 2); + $data = substr($data, $key_block_bytes + 2, -22); $mkMDC = hash("sha1", $prefix . $data . "\xD3\x14", true); if($mkMDC !== $mdc) return false; @@ -50,7 +50,17 @@ public static function decryptSymmetric($pass, $m) { } catch (Exception $ex) { $msg = NULL; } if($msg) return $msg; /* Otherwise keep trying */ } else { - // TODO (resync) + // No MDC mean decrypt with resync + $iv = substr($epacket->data, 2, $key_block_bytes); + $edata = substr($epacket->data, $key_block_bytes + 2); + + $cipher->setIV($iv); + $data = substr($cipher->decrypt($edata . str_repeat("\0", $padAmount)), 0, strlen($edata)); + + try { + $msg = OpenPGP_Message::parse($data); + } catch (Exception $ex) { $msg = NULL; } + if($msg) return $msg; /* Otherwise keep trying */ } } else { // TODO diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index 9501268..c5c0e8d 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -88,9 +88,9 @@ public function testDecrypt3DES() { public function testDecryptSessionKey() { $this->oneSymmetric("hello", "PGP\n", "symmetric-with-session-key.gpg"); } +*/ public function testDecryptNoMDC() { $this->oneSymmetric("hello", "PGP\n", "symmetric-no-mdc.gpg"); } -*/ } From 641c07835bc57efe4c1666cf629444ccb1fa8414 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 26 Jan 2013 11:26:55 -0500 Subject: [PATCH 062/176] Support session keys --- lib/openpgp_crypt_aes_tripledes.php | 106 ++++++++++++++++------------ tests/phpseclib_suite.php | 2 - 2 files changed, 59 insertions(+), 49 deletions(-) diff --git a/lib/openpgp_crypt_aes_tripledes.php b/lib/openpgp_crypt_aes_tripledes.php index 9ba22a4..87145d3 100644 --- a/lib/openpgp_crypt_aes_tripledes.php +++ b/lib/openpgp_crypt_aes_tripledes.php @@ -8,62 +8,46 @@ class OpenPGP_Crypt_AES_TripleDES { public static function decryptSymmetric($pass, $m) { foreach($m as $p) { if($p instanceof OpenPGP_SymmetricSessionKeyPacket) { - switch($p->symmetric_algorithm) { - case 2: - $cipher = new Crypt_TripleDES(CRYPT_DES_MODE_CFB); - $key_bytes = 24; - $key_block_bytes = 8; - break; - case 7: - $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); - $cipher->setKeyLength(128); - break; - case 8: - $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); - $cipher->setKeyLength(192); - break; - case 9: - $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); - $cipher->setKeyLength(256); - break; + list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($p->symmetric_algorithm); + if(!$cipher) continue; + $cipher->setKey($p->s2k->make_key($pass, $key_bytes)); + + if(strlen($p->encrypted_data) > 0) { + $padAmount = $key_block_bytes - (strlen($p->encrypted_data) % $key_block_bytes); + $data = substr($cipher->decrypt($p->encrypted_data . str_repeat("\0", $padAmount)), 0, strlen($p->encrypted_data)); + list($cipher, $key_bytes, $key_block_bytes) = self::getCipher(ord($data{0})); + if(!$cipher) continue; + $cipher->setKey(substr($data, 1)); } - if(!$cipher) continue; // Unsupported cipher - if(!isset($key_bytes)) $key_bytes = $cipher->key_size; - if(!isset($key_block_bytes)) $key_block_bytes = $cipher->block_size; - $cipher->setKey($p->s2k->make_key($pass, $key_bytes)); $epacket = self::getEncryptedData($m); $padAmount = $key_block_bytes - (strlen($epacket->data) % $key_block_bytes); - if(strlen($p->encrypted_data) < 1) { - if($epacket instanceof OpenPGP_IntegrityProtectedDataPacket) { - $data = substr($cipher->decrypt($epacket->data . str_repeat("\0", $padAmount)), 0, strlen($epacket->data)); - $prefix = substr($data, 0, $key_block_bytes + 2); - $mdc = substr(substr($data, -22, 22), 2); - $data = substr($data, $key_block_bytes + 2, -22); + if($epacket instanceof OpenPGP_IntegrityProtectedDataPacket) { + $data = substr($cipher->decrypt($epacket->data . str_repeat("\0", $padAmount)), 0, strlen($epacket->data)); + $prefix = substr($data, 0, $key_block_bytes + 2); + $mdc = substr(substr($data, -22, 22), 2); + $data = substr($data, $key_block_bytes + 2, -22); - $mkMDC = hash("sha1", $prefix . $data . "\xD3\x14", true); - if($mkMDC !== $mdc) return false; + $mkMDC = hash("sha1", $prefix . $data . "\xD3\x14", true); + if($mkMDC !== $mdc) return false; - try { - $msg = OpenPGP_Message::parse($data); - } catch (Exception $ex) { $msg = NULL; } - if($msg) return $msg; /* Otherwise keep trying */ - } else { - // No MDC mean decrypt with resync - $iv = substr($epacket->data, 2, $key_block_bytes); - $edata = substr($epacket->data, $key_block_bytes + 2); + try { + $msg = OpenPGP_Message::parse($data); + } catch (Exception $ex) { $msg = NULL; } + if($msg) return $msg; /* Otherwise keep trying */ + } else { + // No MDC mean decrypt with resync + $iv = substr($epacket->data, 2, $key_block_bytes); + $edata = substr($epacket->data, $key_block_bytes + 2); - $cipher->setIV($iv); - $data = substr($cipher->decrypt($edata . str_repeat("\0", $padAmount)), 0, strlen($edata)); + $cipher->setIV($iv); + $data = substr($cipher->decrypt($edata . str_repeat("\0", $padAmount)), 0, strlen($edata)); - try { - $msg = OpenPGP_Message::parse($data); - } catch (Exception $ex) { $msg = NULL; } - if($msg) return $msg; /* Otherwise keep trying */ - } - } else { - // TODO + try { + $msg = OpenPGP_Message::parse($data); + } catch (Exception $ex) { $msg = NULL; } + if($msg) return $msg; /* Otherwise keep trying */ } } } @@ -71,6 +55,34 @@ public static function decryptSymmetric($pass, $m) { return NULL; /* If we get here, we failed */ } + public static function getCipher($algo) { + switch($algo) { + case 2: + $cipher = new Crypt_TripleDES(CRYPT_DES_MODE_CFB); + $key_bytes = 24; + $key_block_bytes = 8; + break; + case 7: + $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); + $cipher->setKeyLength(128); + break; + case 8: + $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); + $cipher->setKeyLength(192); + break; + case 9: + $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); + $cipher->setKeyLength(256); + break; + default: + $cipher = NULL; + } + if(!$cipher) return array(NULL, NULL, NULL); // Unsupported cipher + if(!isset($key_bytes)) $key_bytes = $cipher->key_size; + if(!isset($key_block_bytes)) $key_block_bytes = $cipher->block_size; + return array($cipher, $key_bytes, $key_block_bytes); + } + public static function getEncryptedData($m) { foreach($m as $p) { if($p instanceof OpenPGP_EncryptedDataPacket) return $p; diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index c5c0e8d..f9cf725 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -84,11 +84,9 @@ public function testDecrypt3DES() { $this->oneSymmetric("hello", "PGP\n", "symmetric-3des.gpg"); } -/* TODO public function testDecryptSessionKey() { $this->oneSymmetric("hello", "PGP\n", "symmetric-with-session-key.gpg"); } -*/ public function testDecryptNoMDC() { $this->oneSymmetric("hello", "PGP\n", "symmetric-no-mdc.gpg"); From cd15aec6f98ea1c02f14325ed163bc7e9b153ab1 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 26 Jan 2013 14:00:00 -0500 Subject: [PATCH 063/176] Asymmetric decryption --- lib/openpgp.php | 32 +++++++++++- lib/openpgp_crypt_aes_tripledes.php | 78 ++++++++++++++++------------ lib/openpgp_crypt_rsa.php | 61 ++++++++++++++++++++++ tests/data/hello.gpg | Bin 0 -> 238 bytes tests/phpseclib_suite.php | 12 +++++ 5 files changed, 149 insertions(+), 34 deletions(-) create mode 100644 tests/data/hello.gpg diff --git a/lib/openpgp.php b/lib/openpgp.php index 0e63968..06e354f 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -568,7 +568,37 @@ function read_bytes($count = 1) { * @see http://tools.ietf.org/html/rfc4880#section-5.1 */ class OpenPGP_AsymmetricSessionKeyPacket extends OpenPGP_Packet { - // TODO + public $version, $keyid, $key_algorithm, $encrypted_data; + + function read() { + switch($this->version = ord($this->read_byte())) { + case 3: + $rawkeyid = $this->read_bytes(8); + $this->keyid = ''; + for($i = 0; $i < strlen($rawkeyid); $i++) { // Store KeyID in Hex + $this->keyid .= sprintf('%02X',ord($rawkeyid{$i})); + } + + $this->key_algorithm = ord($this->read_byte()); + + $this->encrypted_data = $this->input; + break; + default: + throw new Exception("Unsupported AsymmetricSessionKeyPacket version: " . $this->version); + } + } + + function body() { + $bytes = ord($this->version); + + for($i = 0; $i < strlen($this->keyid); $i += 2) { + $bytes .= chr(hexdec($this->keyid{$i}.$this->keyid{$i+1})); + } + + $bytes .= chr($this->key_algorithm); + $bytes .= $this->encrypted_data; + return $bytes; + } } /** diff --git a/lib/openpgp_crypt_aes_tripledes.php b/lib/openpgp_crypt_aes_tripledes.php index 87145d3..d0cf24c 100644 --- a/lib/openpgp_crypt_aes_tripledes.php +++ b/lib/openpgp_crypt_aes_tripledes.php @@ -6,53 +6,65 @@ class OpenPGP_Crypt_AES_TripleDES { public static function decryptSymmetric($pass, $m) { + $epacket = self::getEncryptedData($m); + foreach($m as $p) { if($p instanceof OpenPGP_SymmetricSessionKeyPacket) { - list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($p->symmetric_algorithm); - if(!$cipher) continue; - $cipher->setKey($p->s2k->make_key($pass, $key_bytes)); - if(strlen($p->encrypted_data) > 0) { + list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($p->symmetric_algorithm); + if(!$cipher) continue; + $cipher->setKey($p->s2k->make_key($pass, $key_bytes)); + $padAmount = $key_block_bytes - (strlen($p->encrypted_data) % $key_block_bytes); $data = substr($cipher->decrypt($p->encrypted_data . str_repeat("\0", $padAmount)), 0, strlen($p->encrypted_data)); - list($cipher, $key_bytes, $key_block_bytes) = self::getCipher(ord($data{0})); - if(!$cipher) continue; - $cipher->setKey(substr($data, 1)); + $decrypted = self::decryptPacket($epacket, ord($data{0}), substr($data, 1)); + } else { + list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($p->symmetric_algorithm); + $decrypted = self::decryptPacket($epacket, $p->symmetric_algorithm, $p->s2k->make_key($pass, $key_bytes)); } - $epacket = self::getEncryptedData($m); - $padAmount = $key_block_bytes - (strlen($epacket->data) % $key_block_bytes); + if($decrypted) return $decrypted; + } + } - if($epacket instanceof OpenPGP_IntegrityProtectedDataPacket) { - $data = substr($cipher->decrypt($epacket->data . str_repeat("\0", $padAmount)), 0, strlen($epacket->data)); - $prefix = substr($data, 0, $key_block_bytes + 2); - $mdc = substr(substr($data, -22, 22), 2); - $data = substr($data, $key_block_bytes + 2, -22); + return NULL; /* If we get here, we failed */ + } - $mkMDC = hash("sha1", $prefix . $data . "\xD3\x14", true); - if($mkMDC !== $mdc) return false; + public static function decryptPacket($epacket, $symmetric_algorithm, $key) { + list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($symmetric_algorithm); + if(!$cipher) return NULL; + $cipher->setKey($key); - try { - $msg = OpenPGP_Message::parse($data); - } catch (Exception $ex) { $msg = NULL; } - if($msg) return $msg; /* Otherwise keep trying */ - } else { - // No MDC mean decrypt with resync - $iv = substr($epacket->data, 2, $key_block_bytes); - $edata = substr($epacket->data, $key_block_bytes + 2); + $padAmount = $key_block_bytes - (strlen($epacket->data) % $key_block_bytes); - $cipher->setIV($iv); - $data = substr($cipher->decrypt($edata . str_repeat("\0", $padAmount)), 0, strlen($edata)); + if($epacket instanceof OpenPGP_IntegrityProtectedDataPacket) { + $data = substr($cipher->decrypt($epacket->data . str_repeat("\0", $padAmount)), 0, strlen($epacket->data)); + $prefix = substr($data, 0, $key_block_bytes + 2); + $mdc = substr(substr($data, -22, 22), 2); + $data = substr($data, $key_block_bytes + 2, -22); - try { - $msg = OpenPGP_Message::parse($data); - } catch (Exception $ex) { $msg = NULL; } - if($msg) return $msg; /* Otherwise keep trying */ - } - } + $mkMDC = hash("sha1", $prefix . $data . "\xD3\x14", true); + if($mkMDC !== $mdc) return false; + + try { + $msg = OpenPGP_Message::parse($data); + } catch (Exception $ex) { $msg = NULL; } + if($msg) return $msg; /* Otherwise keep trying */ + } else { + // No MDC mean decrypt with resync + $iv = substr($epacket->data, 2, $key_block_bytes); + $edata = substr($epacket->data, $key_block_bytes + 2); + + $cipher->setIV($iv); + $data = substr($cipher->decrypt($edata . str_repeat("\0", $padAmount)), 0, strlen($edata)); + + try { + $msg = OpenPGP_Message::parse($data); + } catch (Exception $ex) { $msg = NULL; } + if($msg) return $msg; /* Otherwise keep trying */ } - return NULL; /* If we get here, we failed */ + return NULL; /* Failed */ } public static function getCipher($algo) { diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index 7953d6b..80850f7 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -12,6 +12,9 @@ // From http://phpseclib.sourceforge.net/ require 'Crypt/RSA.php'; +require_once dirname(__FILE__).'/openpgp.php'; +@include_once dirname(__FILE__).'/openpgp_cryph_aes_tripledes.php'; /* For encrypt/decrypt */ + class OpenPGP_Crypt_RSA { protected $key, $message; @@ -157,6 +160,64 @@ function sign_key_userid($packet, $hash='SHA256', $keyid=NULL) { return $packet; } + function decrypt($packet) { + if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet); + + if($packet instanceof OpenPGP_SecretKeyPacket || $packet instanceof Crypt_RSA + || ($packet instanceof ArrayAccess && $packet[0] instanceof OpenPGP_SecretKeyPacket)) { + $keys = $packet; + $message = $this->message; + } else { + $keys = $this->key; + $message = $packet; + } + + if(!$keys || !$message) return NULL; // Missing some data + + if(!($keys instanceof Crypt_RSA)) { + $keys = new self($keys); + } + + foreach($message as $p) { + if($p instanceof OpenPGP_AsymmetricSessionKeyPacket) { + if($keys instanceof Crypt_RSA) { + $sk = self::try_decrypt_session($keys, $p->encyrpted_data); + } else if(strlen(str_replace('0', '', $p->keyid)) < 1) { + foreach($keys->key as $k) { + $sk = self::try_decrypt_session(self::convert_private_key($k), $p->encyrpted_data); + if($sk) break; + } + } else { + $key = $keys->private_key($p->keyid); + $sk = self::try_decrypt_session($key, substr($p->encrypted_data, 2)); + } + + if(!$sk) continue; + + $r = OpenPGP_Crypt_AES_TripleDES::decryptPacket(OpenPGP_Crypt_AES_TripleDES::getEncryptedData($message), $sk[0], $sk[1]); + if($r) return $r; + } + } + + return NULL; /* Failed */ + } + + static function try_decrypt_session($key, $edata) { + $key->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1); + $data = $key->decrypt($edata); + $sk = substr($data, 1, strlen($data)-3); + $chk = unpack('n', substr($data, -2)); + $chk = reset($chk); + + $sk_chk = 0; + for($i = 0; $i < strlen($sk); $i++) { + $sk_chk = ($sk_chk + ord($sk{$i})) % 65536; + } + + if($sk_chk != $chk) return NULL; + return array(ord($data{0}), $sk); + } + static function crypt_rsa_key($mod, $exp, $hash='SHA256') { $rsa = new Crypt_RSA(); $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); diff --git a/tests/data/hello.gpg b/tests/data/hello.gpg new file mode 100644 index 0000000000000000000000000000000000000000..986de95f9fb7d9a5dea187532514b6daf2fc0a1c GIT binary patch literal 238 zcmV~f*2-%0j1LgE57G+1g zZXeuDHb)qy2Nt(gy@Pk>6?bK!-B*fdj*UoH_Q$kE-=TDsu903nY^}4!qO=V~R6|22 z&l75`-4_g2xyJQf>mJAoI^jj0jM72@86HwZsHBSs1RNuI@udreiL^&p#9Sbp%-Pp> oiCT>0h*5=-Mv!)aZ`XWF(e?V^6KeXCmm3njx>(|Ig`)F$j=pwv2mk;8 literal 0 HcmV?d00001 diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index f9cf725..9b400e5 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -91,4 +91,16 @@ public function testDecryptSessionKey() { public function testDecryptNoMDC() { $this->oneSymmetric("hello", "PGP\n", "symmetric-no-mdc.gpg"); } + + public function testDecryptAsymmetric() { + $m = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/hello.gpg')); + $key = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/helloKey.gpg')); + $m2 = (new OpenPGP_Crypt_RSA($key))->decrypt($m); + while($m2[0] instanceof OpenPGP_CompressedDataPacket) $m2 = $m2[0]->data; + foreach($m2 as $p) { + if($p instanceof OpenPGP_LiteralDataPacket) { + $this->assertEquals($p->data, "hello\n"); + } + } + } } From ae062433b765f0190c32f22d25bb591e9ce155b8 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 26 Jan 2013 14:15:09 -0500 Subject: [PATCH 064/176] Fix for PHP 5.3 grammar --- tests/phpseclib_suite.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index 9b400e5..9b291c2 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -95,7 +95,8 @@ public function testDecryptNoMDC() { public function testDecryptAsymmetric() { $m = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/hello.gpg')); $key = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/helloKey.gpg')); - $m2 = (new OpenPGP_Crypt_RSA($key))->decrypt($m); + $decryptor = new OpenPGP_Crypt_RSA($key); + $m2 = $decryptor->decrypt($m); while($m2[0] instanceof OpenPGP_CompressedDataPacket) $m2 = $m2[0]->data; foreach($m2 as $p) { if($p instanceof OpenPGP_LiteralDataPacket) { From a56799955faa9e3c346fe476e945050b336a188b Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 26 Jan 2013 14:55:51 -0500 Subject: [PATCH 065/176] Decrypt secret key --- lib/openpgp.php | 8 +++--- lib/openpgp_crypt_aes_tripledes.php | 38 ++++++++++++++++++++++++++++ tests/data/encryptedSecretKey.gpg | Bin 0 -> 1291 bytes tests/phpseclib_suite.php | 6 +++++ 4 files changed, 48 insertions(+), 4 deletions(-) create mode 100644 tests/data/encryptedSecretKey.gpg diff --git a/lib/openpgp.php b/lib/openpgp.php index 06e354f..3fdd9d9 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -1454,15 +1454,15 @@ class OpenPGP_PublicSubkeyPacket extends OpenPGP_PublicKeyPacket { * @see http://tools.ietf.org/html/rfc4880#section-12 */ class OpenPGP_SecretKeyPacket extends OpenPGP_PublicKeyPacket { - public $s2k_useage, $s2k, $symmetric_type, $private_hash, $encrypted_data; + public $s2k_useage, $s2k, $symmetric_algorithm, $private_hash, $encrypted_data; function read() { parent::read(); // All the fields from PublicKey $this->s2k_useage = ord($this->read_byte()); if($this->s2k_useage == 255 || $this->s2k_useage == 254) { - $this->symmetric_type = ord($this->read_byte()); + $this->symmetric_algorithm = ord($this->read_byte()); $this->s2k = OpenPGP_S2k::parse($this->input); } else if($this->s2k_useage > 0) { - $this->symmetric_type = $this->s2k_useage; + $this->symmetric_algorithm = $this->s2k_useage; } if($this->s2k_useage > 0) { // TODO: IV of the same length as cipher's block size @@ -1503,7 +1503,7 @@ function body() { $bytes = parent::body() . chr($this->s2k_useage); $secret_material = NULL; if($this->s2k_useage == 255 || $this->s2k_useage == 254) { - $bytes .= chr($this->symmetric_type); + $bytes .= chr($this->symmetric_algorithm); $bytes .= $this->s2k->to_bytes(); } if($this->s2k_useage > 0) { diff --git a/lib/openpgp_crypt_aes_tripledes.php b/lib/openpgp_crypt_aes_tripledes.php index d0cf24c..8309819 100644 --- a/lib/openpgp_crypt_aes_tripledes.php +++ b/lib/openpgp_crypt_aes_tripledes.php @@ -30,6 +30,44 @@ public static function decryptSymmetric($pass, $m) { return NULL; /* If we get here, we failed */ } + public static function decryptSecretKey($pass, $packet) { + $packet = clone $packet; // Do not mutate orinigal + + list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($packet->symmetric_algorithm); + $cipher->setKey($packet->s2k->make_key($pass, $key_bytes)); + $cipher->setIV(substr($packet->encrypted_data, 0, $key_block_bytes)); + $material = $cipher->decrypt(substr($packet->encrypted_data, $key_block_bytes)); + + if($packet->s2k_useage == 254) { + $chk = substr($material, -20); + $material = substr($material, 0, -20); + if($chk != hash('sha1', $material)) return NULL; + } else { + $chk = unpack('n', substr($material, -2)); + $chk = reset($chk); + $material = substr($material, 0, -2); + + $mkChk = 0; + for($i = 0; $i < strlen($material); $i++) { + $mkChk = ($mkChk + ord($material{$i})) % 65536; + } + if($chk != $mkChk) return NULL; + } + + $packet->s2k_useage = 0; + $packet->symmetric_algorithm = 0; + $packet->encrypted_data = NULL; + + foreach($packet::$secret_key_fields[$packet->algorithm] as $f) { + $length = unpack('n', substr($material, 0, 2)); // in bits + $length = (int)floor((reset($length) + 7) / 8); // in bytes + $packet->key[$f] = substr($material, 2, $length); + $material = substr($material, 2 + $length); + } + + return $packet; + } + public static function decryptPacket($epacket, $symmetric_algorithm, $key) { list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($symmetric_algorithm); if(!$cipher) return NULL; diff --git a/tests/data/encryptedSecretKey.gpg b/tests/data/encryptedSecretKey.gpg new file mode 100644 index 0000000000000000000000000000000000000000..af700e80f0f870ff7299efb853cd1a9743a7c6c4 GIT binary patch literal 1291 zcmV+m1@!ur1GEH8D4nwb2mt8zmLTMxZZR6QeaEPxI`X|7A=lc$*O_tFz zRQ#e|nyFIAVC9~Hj&3G~*twvINgr9O9_~)F>)5P^is#RP^8Ru}+rrXr6IxFLHK#mG*CFifSd4)g z$lks*!iCeN>6`e#w>JP00RRF22Ll2UC-!hQ;*^14KD=IJ`XCgaX;tgU(2$+=teKJd zpBrX^z@1Q#T%jk}xC#T6PMV+9cXAV{%B``A;POQ^>r56V%w)K6 zLK5gAwFZQ{r^@^`FsVcJ63rR+FkH}GT~+w9L1p{b>%A-aYEmNs%brq@sJOnm;tN&jYTG7d)M zrM52^7@1JBoaOPDG67yzzX2s}5E&2G^BO3*I@K!xdYy92U3F1)s$1(eJ1oIIUUsxt z3GJM;Z%5BL<`*`=GVOpRFZzumq62>LIA|=T_-v#&MH?ZfP6BoKhZfwc8)SsL{k!4# z!vY|YgDe4J#7EN7#P;Md{o8K5TM_8*>_PPxr_HP;VzUJGiM!}T7vb+O^E6J(Vq8WN zMp8SYvxMvX7P2_>k>t_fwYrTSNo-LI;$LW0=4zQtNS|G9Ig0yZw9MNC$K;$}dQ;p(Z`InWz}&+dl+uBr}7&0Ga>7 zV08vg0K7Z5pF+I9K2IDw(F{=^TV(8E*%s%?lMwf2?-_u6cC_GDBU%CHG265szBX0H zhL#}H1#-}TCmRsxH&4p_%bC~3LQ1q4R7F!%AWu$ASs*-QZ$NHubS`vqb#rt+i2*kR z69EVSAq4_VD4nwc8v_Lk2?z%R1r-Vj2nz)k0s{d60v-VZ7k~f?2@nQrON|Tc2S5CJ z2msFO0s@S#bBF{aY8-uWkN&f33rMFZ6e0UaDQbmweUC*za0FMy^AHOu$nSfmEa)5P z&+6LdLY7d*ycS5vz0VhIDjrGdX_d>j^TfRo5vpdbMMDF-6HX^EZR{JZ;T`nU9=INs z_g>nbQ!c(S)JdV+VYZrQZm-qZbi;8a=LGA6A-k=qWy(oYYRte>(5BrRFow&vh{N8B zk=ZZb%pD+ck8}jVN}O$a4b+^0Sx~D5wyT^l)W<4K%Nb9=UxTSLgmG_#O#WTG3|6Nu z)163l%r~(`Po~assertSame(!!$skey, true); + } } From 7d776fd605292fb488d1484dd0ccc2718624fd46 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 26 Jan 2013 17:01:26 -0500 Subject: [PATCH 066/176] Encryption support --- lib/openpgp.php | 44 +++++++++++++++++++- lib/openpgp_crypt_aes_tripledes.php | 63 ++++++++++++++++++++++++++--- phpunit.xml | 8 ++++ tests/phpseclib_suite.php | 18 +++++++++ 4 files changed, 127 insertions(+), 6 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 3fdd9d9..927126c 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -113,6 +113,13 @@ static function encode_s2k_count($iterations) { class OpenPGP_S2K { public $type, $hash_algorithm, $salt, $count; + function __construct($salt='BADSALT', $hash_algorithm=10, $count=65536, $type=3) { + $this->type = $type; + $this->hash_algorithm = $hash_algorithm; + $this->salt = $salt; + $this->count = $count; + } + static function parse(&$input) { $s2k = new OpenPGP_S2k(); switch($s2k->type = ord($input{0})) { @@ -570,6 +577,13 @@ function read_bytes($count = 1) { class OpenPGP_AsymmetricSessionKeyPacket extends OpenPGP_Packet { public $version, $keyid, $key_algorithm, $encrypted_data; + function __construct($key_algorithm='', $keyid='', $encrypted_data='', $version=3) { + $this->version = $version; + $this->keyid = substr($keyid, -16); + $this->key_algorithm = $key_algorithm; + $this->encrypted_data = $encrypted_data; + } + function read() { switch($this->version = ord($this->read_byte())) { case 3: @@ -1230,6 +1244,13 @@ function header_and_body() { class OpenPGP_SymmetricSessionKeyPacket extends OpenPGP_Packet { public $version, $symmetric_algorithm, $s2k, $encrypted_data; + function __construct($s2k=NULL, $encrypted_data='', $symmetric_algorithm=9, $version=3) { + $this->version = $version; + $this->symmetric_algorithm = $symmetric_algorithm; + $this->s2k = $s2k; + $this->encrypted_data = $encrypted_data; + } + function read() { $this->version = ord($this->read_byte()); $this->symmetric_algorithm = ord($this->read_byte()); @@ -1775,6 +1796,10 @@ class OpenPGP_UserAttributePacket extends OpenPGP_Packet { class OpenPGP_IntegrityProtectedDataPacket extends OpenPGP_EncryptedDataPacket { public $version; + function __construct($data='', $version=1) { + $this->data = $data; + } + function read() { $this->version = ord($this->read_byte()); $this->data = $this->input; @@ -1791,7 +1816,24 @@ function body() { * @see http://tools.ietf.org/html/rfc4880#section-5.14 */ class OpenPGP_ModificationDetectionCodePacket extends OpenPGP_Packet { - // TODO + function __construct($sha1='') { + $this->data = $sha1; + } + + function read() { + $this->data = $this->input; + if(strlen($this->input) != 20) throw new Exception("Bad ModificationDetectionCodePacket"); + } + + function header_and_body() { + $body = $this->body(); // Get body first, we will need it's length + if(strlen($body) != 20) throw new Exception("Bad ModificationDetectionCodePacket"); + return array('header' => "\xD3\x14", 'body' => $body); + } + + function body() { + return $this->data; + } } /** diff --git a/lib/openpgp_crypt_aes_tripledes.php b/lib/openpgp_crypt_aes_tripledes.php index 8309819..46d5985 100644 --- a/lib/openpgp_crypt_aes_tripledes.php +++ b/lib/openpgp_crypt_aes_tripledes.php @@ -1,10 +1,49 @@ setKey($key); + + $to_encrypt = $prefix . $message->to_bytes(); + $mdc = new OpenPGP_ModificationDetectionCodePacket(hash('sha1', $to_encrypt . "\xD3\x14", true)); + $to_encrypt .= $mdc->to_bytes(); + $encrypted = array(new OpenPGP_IntegrityProtectedDataPacket($cipher->encrypt($to_encrypt))); + + if(!is_array($passphrases_and_keys) && !($passphrases_and_keys instanceof IteratorAggregate)) { + $passphrases_and_keys = (array)$passphrases_and_keys; + } + + foreach($passphrases_and_keys as $pass) { + if($pass instanceof OpenPGP_PublicKeyPacket) { + if(!in_array($pass->algorithm, array(1,2,3))) throw new Exception("Only RSA keys are supported."); + $crypt_rsa = new OpenPGP_Crypt_RSA($pass); + $rsa = $crypt_rsa->public_key(); + $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1); + $esk = $rsa->encrypt(chr($symmetric_algorithm) . $key . pack('n', self::checksum($key))); + $esk = pack('n', OpenPGP::bitlength($esk)) . $esk; + array_unshift($encrypted, new OpenPGP_AsymmetricSessionKeyPacket($pass->algorithm, $pass->fingerprint(), $esk)); + } else if(is_string($pass)) { + $s2k = new OpenPGP_S2K(crypt_random() . crypt_random() . crypt_random()); + $cipher->setKey($s2k->make_key($pass, $key_bytes)); + $esk = $cipher->encrypt(chr($symmetric_algorithm) . $key); + array_unshift($encrypted, new OpenPGP_SymmetricSessionKeyPacket($s2k, $esk, $symmetric_algorithm)); + } + } + + return new OpenPGP_Message($encrypted); + } + public static function decryptSymmetric($pass, $m) { $epacket = self::getEncryptedData($m); @@ -41,16 +80,13 @@ public static function decryptSecretKey($pass, $packet) { if($packet->s2k_useage == 254) { $chk = substr($material, -20); $material = substr($material, 0, -20); - if($chk != hash('sha1', $material)) return NULL; + if($chk != hash('sha1', $material, true)) return NULL; } else { $chk = unpack('n', substr($material, -2)); $chk = reset($chk); $material = substr($material, 0, -2); - $mkChk = 0; - for($i = 0; $i < strlen($material); $i++) { - $mkChk = ($mkChk + ord($material{$i})) % 65536; - } + $mkChk = self::checksum($material); if($chk != $mkChk) return NULL; } @@ -139,4 +175,21 @@ public static function getEncryptedData($m) { } throw new Exception("Can only decrypt EncryptedDataPacket"); } + + public static function randomBytes($n) { + $key = ''; + for($i = 0; $i < $n; $i++) { + $key .= crypt_random(); + } + $s2k = new OpenPGP_S2K(crypt_random() . crypt_random() . crypt_random()); + return $s2k->make_key($key, $n); + } + + public static function checksum($s) { + $mkChk = 0; + for($i = 0; $i < strlen($s); $i++) { + $mkChk = ($mkChk + ord($s{$i})) % 65536; + } + return $mkChk; + } } diff --git a/phpunit.xml b/phpunit.xml index 41b0d95..a071d34 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -15,5 +15,13 @@ tests/phpseclib_suite.php + + + tests/phpseclib_suite.php + + + + tests/phpseclib_suite.php + diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index 8044fbf..e5ed903 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -111,3 +111,21 @@ public function testDecryptSecretKey() { $this->assertSame(!!$skey, true); } } + +class Encryption extends PHPUnit_Framework_TestCase { + public function testEncryptSymmetric() { + $data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt')); + $encrypted = OpenPGP_Crypt_AES_TripleDES::encrypt('secret', new OpenPGP_Message(array($data))); + $decrypted = OpenPGP_Crypt_AES_TripleDES::decryptSymmetric('secret', $encrypted); + $this->assertEquals($decrypted[0]->data, 'This is text.'); + } + + public function testEncryptAsymmetric() { + $key = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/helloKey.gpg')); + $data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt')); + $encrypted = OpenPGP_Crypt_AES_TripleDES::encrypt($key, new OpenPGP_Message(array($data))); + $decryptor = new OpenPGP_Crypt_RSA($key); + $decrypted = $decryptor->decrypt($encrypted); + $this->assertEquals($decrypted[0]->data, 'This is text.'); + } +} From cb9f9180229a49083a56f3f88f150f123d0eb7ee Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 26 Jan 2013 17:01:36 -0500 Subject: [PATCH 067/176] encrypt/decrypt example --- examples/encryptDecrypt.php | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 examples/encryptDecrypt.php diff --git a/examples/encryptDecrypt.php b/examples/encryptDecrypt.php new file mode 100644 index 0000000..159bf05 --- /dev/null +++ b/examples/encryptDecrypt.php @@ -0,0 +1,8 @@ + 'u', 'filename' => 'stuff.txt')); + $encrypted = OpenPGP_Crypt_AES_TripleDES::encrypt($key, new OpenPGP_Message(array($data))); + + // Now decrypt it with the same key + $decryptor = new OpenPGP_Crypt_RSA($key); + $decrypted = $decryptor->decrypt($encrypted); From 2a331f74031258276095279a2f962945997d4fc9 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 26 Jan 2013 17:14:38 -0500 Subject: [PATCH 068/176] better random string --- lib/openpgp_crypt_aes_tripledes.php | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/lib/openpgp_crypt_aes_tripledes.php b/lib/openpgp_crypt_aes_tripledes.php index 46d5985..c889d7e 100644 --- a/lib/openpgp_crypt_aes_tripledes.php +++ b/lib/openpgp_crypt_aes_tripledes.php @@ -9,10 +9,10 @@ class OpenPGP_Crypt_AES_TripleDES { public static function encrypt($passphrases_and_keys, $message, $symmetric_algorithm=9) { list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($symmetric_algorithm); - $prefix = self::randomBytes($key_block_bytes); + $prefix = crypt_random_string($key_block_bytes); $prefix .= substr($prefix, -2); - $key = self::randomBytes($key_bytes); + $key = crypt_random_string($key_bytes); $cipher->setKey($key); $to_encrypt = $prefix . $message->to_bytes(); @@ -34,7 +34,7 @@ public static function encrypt($passphrases_and_keys, $message, $symmetric_algor $esk = pack('n', OpenPGP::bitlength($esk)) . $esk; array_unshift($encrypted, new OpenPGP_AsymmetricSessionKeyPacket($pass->algorithm, $pass->fingerprint(), $esk)); } else if(is_string($pass)) { - $s2k = new OpenPGP_S2K(crypt_random() . crypt_random() . crypt_random()); + $s2k = new OpenPGP_S2K(crypt_random_string(10)); $cipher->setKey($s2k->make_key($pass, $key_bytes)); $esk = $cipher->encrypt(chr($symmetric_algorithm) . $key); array_unshift($encrypted, new OpenPGP_SymmetricSessionKeyPacket($s2k, $esk, $symmetric_algorithm)); @@ -176,15 +176,6 @@ public static function getEncryptedData($m) { throw new Exception("Can only decrypt EncryptedDataPacket"); } - public static function randomBytes($n) { - $key = ''; - for($i = 0; $i < $n; $i++) { - $key .= crypt_random(); - } - $s2k = new OpenPGP_S2K(crypt_random() . crypt_random() . crypt_random()); - return $s2k->make_key($key, $n); - } - public static function checksum($s) { $mkChk = 0; for($i = 0; $i < strlen($s); $i++) { From 216ee4156da96277fdeeabcd32c6978de88ad73e Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 26 Jan 2013 17:19:14 -0500 Subject: [PATCH 069/176] Add features to README --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index abc7d9d..302b502 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,8 @@ Features * Encodes and decodes ASCII-armored OpenPGP messages. * Parses OpenPGP messages into their constituent packets. * Supports both old-format (PGP 2.6.x) and new-format (RFC 4880) packets. -* Helper class for verifying and signing messages using Crypt_RSA from +* Helper class for verifying, signing, encrypting, and decrypting messages using Crypt_RSA from +* Helper class for encrypting and decrypting messages and keys using Crypt_AES and Crypt_TripleDES from Users ----- From aab2a5e12b1c7a5696b280528b4959b517649222 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 18 Feb 2013 18:39:24 -0500 Subject: [PATCH 070/176] Data representation bugs in signature subpackets --- lib/openpgp.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 927126c..5c090f4 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -946,7 +946,7 @@ function body() { class OpenPGP_SignaturePacket_ExportableCertificationPacket extends OpenPGP_SignaturePacket_Subpacket { function read() { - $this->data = (ord($this->input) == 0); + $this->data = (ord($this->input) != 0); } function body() { @@ -977,7 +977,7 @@ function body() { class OpenPGP_SignaturePacket_RevocablePacket extends OpenPGP_SignaturePacket_Subpacket { function read() { - $this->data = (ord($this->input) == 0); + $this->data = (ord($this->input) != 0); } function body() { @@ -1066,7 +1066,7 @@ function read() { $flags = $this->read_bytes(4); $namelen = $this->read_unpacked(2, 'n'); $datalen = $this->read_unpacked(2, 'n'); - $this->human_readable = $flags[0] & 0x80 == 0x80; + $this->human_readable = ord($flags[0]) & 0x80 == 0x80; $this->name = $this->read_bytes($namelen); $this->data = $this->read_bytes($datalen); } @@ -1137,7 +1137,7 @@ function body() { class OpenPGP_SignaturePacket_PrimaryUserIDPacket extends OpenPGP_SignaturePacket_Subpacket { function read() { - $this->data = (ord($this->input) == 0); + $this->data = (ord($this->input) != 0); } function body() { From 778c83dbc3493cb7184825c74ab22070b62598dd Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 18 Feb 2013 18:41:11 -0500 Subject: [PATCH 071/176] Better pubring.gpg --- tests/data/pubring.gpg | Bin 7368 -> 179272 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/tests/data/pubring.gpg b/tests/data/pubring.gpg index 56e0599f63a7b674c10e924d6dcde67483fbbdfb..a1519ee74b87062c7892b8a94205704f2b764161 100644 GIT binary patch literal 179272 zcmb5W1yodR+xNYP?hd6>N z@BN;&-tAf-%$nam&V9xa|6@okMo{s_qXQu<4L##_D_tpRDfXJCjnd@_I>>ttw7a44 zYC343FrkUO+4_)n7CW|>(*NaI8lnOQ)9K1+yqjbpHmyvm#i0S(?n5g)AGM|pa(9Tm;Hb%QM) zLCON{aVO2m4rBT*oHTL#g@T+KrO)dwLgY*9&H!8x0IH$Wv~>5NQn2);VpP`XMJ4bAV9qu_rMfsD9|HBDwR0SLW{~tG%g5DHn+5i2fA}qiaX41w^2W|S3 zFReyu898KM0vz{W@E*cbSJ18LWRi}ufPi^kmaj_@nn=BB$oQ5Y`o1YX=h_6C`lp^b z#ALAt1mXU<=?nrs2o7L`jTDa#juajd6=!QS5D6U>1sNU=i4X-26%8GM2o4?uM*)H( z4ulPTVp2KB`7Hugk}$#o{}JZLMT14wt@QJ!W#oJyX^Yn%N(8H4%?zd49beYbn>@`i z+Pn=jMZ5f!9!{Y|;SbKriGHI6$K}!h+4@r9X|w0^qptGX^C@hdu(F6q``VSzUJa{X z5>recB)Q1u(aHAc(~D3fF$`@UWAA}+Z+#9~6RZYO&T!h~(9{f*>QXXTi5zS_CBK^% z(U~|7I`H&ZK4}>#AkL}WcltBFOavV0_>f@Zll6vKzc42$y(<%&sjMLSoOR2lkDwNNrpgr6A|4r5AjW#~7yS z<&<(W%xugj54paQI%b*OtbWAY@HofTAs~f`-24E&d|_QLgzG!#w-eI(dA(t(mY?aI z)NOgtE1Ksqi^>nmXmRt_P5)SEgn$EGYkw@1SFert4~ zia^4CGjbgj>f~yQu%CH)0|LI}aGd?3zSRpq+G=aGE~$mHAHDL5t8e8fk_FqPB|U)M zqv3xxXj68&Gi|~;ReDJXs=dA~yZXJ3^aU*Fi1SGLS zZpWA@;f4Qf(6A1K2ha(_zFUwO|18M+>+UHE!aQD`I%<8of%=3IUOvb%@%-XEGf#Oi zxgX2H7uo$YXmE65K#kt#_d)Z7FxJ;kX3uCG3c{@>v8d^DWSEm6-ibFM6_dl!)-4U) zinP>cMnktt#snn=bFRn^Jgz#W!`WZO#Q=&59s3QJ&_DQw zLLL+xnkJ3-?!u=u>}oQ*43ZB}_&u9ZtddS?ICxF1A>9_OSl{_mN?CNA`W2m*+H8B3FIi^x7B|XtSV;MZ z+)XTq>CI{~;rZnO;!Hm^H~<;_hL04_ zm^5mZyD#Z=Lq*H+E|r{Xg&|&q7Nd@&30gsiT=D8d)6FThn1gkVNVhYJ8IDPZ{-qt zg+F?RY-;0)I6ceRcx_H*v%0v#`SXF!yTv^0qCn-KsjerBvKSd%xx;XD4PC^>JHEK! z`E0qLh7V~StTU!q7d{TVIV5~=ki(4#U6tkyQB?W*1s-!~ls&x=LCSr|1)@oh#9fL( z!m1oeCso`dlC37oRol7jl{dvC;R(wy^pO25z6r9p*G$7*(9aH|HHbiRIzO_(Hu< zL@TnhHq3CI@MS>{H8fkE)#QEFFGU>g4Rf7-rKi2m^QHa9v{-667`Qgb*sEj{LKLig zUhlX}eZz?#$$km{TAKO0l$yYII}9MwxnAPkBggbfg-4{>RmP}Iud_8c6C~0pdyKDX zAb7MK%DvLxJku)+9>&PH_0MYaOgfslJ8nag{X%g=b-#0O;k9Q_uouW;sxKlPv6giT zw)0RljBxWmCu@2r_&k`wJ;golB>dd0?cX>?} zS#un7+z-o~h%_Fo;R>1D*PPkYGqSzKB#w`Ywid!TVw6-exhyMgLJ{DZhc0-gM^S|K zn4{-xf?R?Gt-Xp^k2S{RV&(PuJABl;O!a@vr9`NmoF7P)>5)B-LYgvn-*HdKZ))85 z{q$Xk_|Hxio-Oo;CWaDfroS4m-uPCh4LA%vU6;pjdy9hZ!FS|7uaIwg=$NK})lr;= z$wu`9^U`v;QA)NJL&~)?QxI7~cyHqO3&ee7DV*w!FJDMjrxCYE?R}qv-qu2HEWASq z^Y>O>EdM%Xy+k2i>?yB2C0qD<cIQ z4fx}AqG?ZEiU(TMArmUEi`5ecK)`VR8Rc`lEk(oXnd-;o7k)10gC||(tV<>=$PX?Q zzf{1^%lmPe)c-XuGk10r2@6EPhZ^}$v@-N3T0wq20{pMh%3YvVZVe6842Z+e)eze0 z&P?75Qlou648)40Z2iukg2b22CF-pV0%Glu6L6T_6zDS_#01dqE>N`+i8rhvm2Km7 zwa)r`w*K+h4fkRS?)#p}I}%~(gOYDWIJ@C9{Lgwrc8KqPB^)ioBkP|LDE$#^Pi zBniZC-f{JLzi!kS`uC1mwy$hcq#E)A9K{AOg?5xJ)lJb$18z%Dg6DpKU24|H=cO*z zsv@UuaycT#YP$F4-ms&5?*S*A(88>5gfsl(nQ&0WQYrb69B_Y`Vqj5fnTm$pnEo;$ zsOaidz*~h>XBQl~zU<085R>J6$-rsL@#|z16Z_#1niNaRkuY!XBB@OTzrA6+a@aP! zqh6eW-=(203j#e+P3bl^&R{p*ahc}PtGe7kO`>GT5Cm0ty`Em%(`-*laMs9Vd^0}v zc#++vJGX= z!>qs__bzP~6*^I6Pmv1T$5smt%E5O#e!%OqaQ?dEt(wJL0+&MUNXZbQKm<~HsH_O% za9^t0w_2-jdu&Tai(CZjeU8=M9aH?O%zotW7}dPT-Ks2n7?>PCxRPkAa#~km1bR1Z zWZsf2oqjgGAwvb_y?2a#7DWs|qhb*u>zgcl8C!6fzO)NrsT($nOC;^svmLw#4Zm-+ ztqwE-e@;|QI{zXlFL8}<0KQqw;5=I|o zw8ug&X+aPFRFca-{7U!{0=k}uFqP+M8EP}~rzp5UGt|@)wt{WN0jzQVAR%6(CVLgF z@G;*aIsU1cN0vx&)cpKoylhAt(q~&g_VRW@N{c9ExgWkFk2VUx(v)O=cZt0ar16wS zvj*)GGbP~qFsGddL3I9w@M1?&78$zcnjYf-ml$8LK;aY2>>G+MRzbXLI*DSZ&<`@t zww8zAvSe&!!gI)ce8#7Ny68;Mn^*v3(i!fc{UC{yV?$YdFZ@NsfKDPIl~+=5Cw+R^ z7Gb53%!nJnRS&a9cmUm_{{(Q*JqiurV0-lbvB5+K+&))1*WE!d*_H1#;Waprd!FUI zh!YVFh+(T#!6>~lRnzeh3%6gRX!Rx&CcZ>PyytlLRsZyS;Q6J~*O zp^F(m5ElXXNld~;O+@GS^kE;G&dN~rF+9;C(nTDC=j8N+JHAlz@#*&CeNo!-4>g2S z>{LJTPJf#0C_f*hF}Lm^)p~v`hv+2wdzqJ`hNPNe!J}6sQtHV|&Ogc=soO%6P zn1Nmg0mzJxv|jyreSid)xh*x5e=8*p=QuY;f`4dRJdwULhLr5a9}L)x?TO6ONi4GG zY?d>4DCuKN)o*NU*(Wm=rfd3ySvM0HwF`DJ6?`ci+o1aWCJJPc` zMl)r+`9@lOwT&MJF2``Sdo@k=W9Ciz`4%eMl0A<_98TLCJZZ~4H+b>jLNZGf{^<=# zt@r`mie8v0)V09<>ssDIT?^>5FPAh}uMhLE>-XMWKK8F`x$`tm;sDrqeU7!7_;kk* zDF=YJBg*P@#`6Ur?_3^P){^`HvN_$*&b~pqb+eFr{2^-6QoKbdL~FgAjnR&TRVCB>9;h=LBQcqtLp` zd=7A)@Wd=Nfyee#J|9OpZJbhtfyJW=1*gU$S>GDDv$tq!j&HY6BUIr!#&Mr@3SK3F z2NBg3EA3`vsA-hxo_aiuI}dDHg6IF??WIE_M^D0Dbv+c8uXw1uvHCM|EGPd3W{q;t zZBeCf4Gw_%PYH(Y?>s?EF#n%GgWPWOB4jueL*&-WqkV7b!cSPO3pWy_w`gZ1W&{(0gEe|Fh`V2fys0Vb#D3Ms;HNvW#(5lg zuPI(v+BKNPczpIsbnzPs`|w`w^v^WQK$HBtGKA&*C36f1Kr*R_L`@a+g}gi#7YxiX zMmn8uEC5K(;p9(W4 zad96|KOi9|r=+CBC#IpJp`at9prn97K+v}$BOzm$KVP@)0MsWC1IF+m z8UPL#1dj{4?FL8z01h62zZ(MVJ2C~O^~8VU12Fb__`7cYh$-ZsjkJsO(TZLEnJW?WhWT9@ z$QT>NSos!M+w}LEj&Zf$qwQ{JgfQ0%n8cx(biNUtC9hz>lWCUsh+}dJ7nssGL&Wpw z&E;u63sG)!=nKyf5HR9xjV*eD&bu+FTrNa?3HI=>r9Inp-bMQGme)@lQL_9i68n&B z!_T<0QBu1$?$F6Iie;&$NhOTF)UoJp+cK{47ArXs2~>o+& zazqwH*20=_mGu|lsX%liyp)*sj3)l^)n;MeYf+88n5lgKYYLoel_pXBxZlUAFFhu$ zI&<4SwVsB1s&|KeU6jO@#d!KveCXqYQ24a&kUlbF!(ru?LM9IK6wSgM&w{#{?AXwL z17nn}O8wXZ`1J;a_*cbhtHvrKqlX^wX|FT~u7_OsRxxK|+FfhJs1hbXi;Bm_Ljg^W z6O$AfN=a%NO=ps7W>xhI#%*+^1ayRq-xw22umNK&mwHSR&2`fNLT8)uHdjk7iwT;y zg!aqvKV=`aA7CEW%pVae7HV%ssbtZR?Y0W{@G+||GP>5}@X0632U34^ed#Oxv9!3F zUOeH> z2bFVF@49f2Ir&X$5P!e8m|FO#TcEz?qbFGH-AqTvs@MbORS1{c(M*nr5U*SfnpKne zIXhUyBb>F-yvn_khshYj`?BmL811uVzM;wM{P*)TU3!imbzK`gL%B)aAaKZ zBT85GQZ=3uyg1g8S&<*kuZyYW0w3U$%Z^Y(P=mlq++J%=7#AgHRy*@F76t|y_*U`~ zJXrx}r;;)|3}83BxAk=PaxQqaZ~pRm_Vgs-@>wR$ z1+!YoBp$I_@?yfIq*(kD1W>}m5QcvJFmW9J^rq8+oe@W?+>f8@giaV-6u(8f(8&S_ z1vbo7^kM)C9UNj$*b%MW*wk#*rj}G5?^GRKMNMd6etZ($%+fDxCvKamzL`=q?VS|O ziXnFjv9x2Z?Sk)5ePw>~=n=&!$57Xg6&XC2+4anJ9s9oP5&Hi1jrN4In~Z;sTGEqo z#WawO23x~S1iVrnAwit02L)!IsC%AFb!3mTR$8bA9f&Ix*#rCGcGTI3r^}b36^;C_ zOZ{(#q+b^#vwp!0<<+mK=*|z$=3m+lJN~JN^ukWn)-E;Vg*#B=1KQ{&b*1~p|dh*?} zZ}4efW@}C%%Ug?$C%NKbjGz33tCf0@6+V^BDvg`zhzkBFyu+(t6IlCkD6%%L}=k6b+tOdIoE z$icYLLe!S@e`nDvz`}#+34uB3Mi3@6=#oDGp#a;@tR?eSnl`A7k@A`|v%>W|pV_Zx_CePj>DSyXe0=y}&4{9RGU(xCeK0e09 zYp8G#bj7L+UVUq|pkh=ZQq0AOwKXq>wTsCw1a>EtR6L~UF`^F+e6mK0gJ`yK?rZ`d zlR)bK>zTS0WoE~08->@xQ*oVk(&O@UVE7@qsrLuHP3^EUiBCW1Us08PTP?`5*w-?S zZ@NhtK**fWBB6^^XVXQX`LLF*S_l$7Rkq7RY*vd{7+LobCZdk%c!S_ZX(n!v)|dH> zX3AUhJ7HwWdn{~_y5_HwnFT)wOM(NoQpP_bn~Ix%cMaNN9c2~SMSj+wPX?*IDD zOx>d9v!TTOPD!_DVI&S5`1cT}C4c_YH`s_{CtRj##xHi{8o|M;1Q{KxX!WfehC6$DIDyX8{IUHJds|FiV~dJzm^fy3+>mMXu#W?x@Pj;gxpX{{PIHS z`-PlfM78K~AdHsttw1(YkiWQW$4uOt>9HsH$Cd48noyRX9*K;<7r< z!3QRt4wJr%xn+V^M_}vi6;^V4ic<2p^=kke&}Hi8`8(bkMD5A(5_caC4;-)qBx0au zea;UaE!XJYOm_}W69f|r-@}v}M8YsJ#SzYXyDmpDff3<5&TOwAo2Hv}%~dsR*#Bez{AgAAFw86h8h+k%W6O8}0JiLXe6d;TIb5mmJReOn~ zsUy$}Mmt&t^9J7I2yT9daYAgG^{jq(MA5wiz%m??&HA(ue9@5hD#T+HuOuck79bOy z4RKJ^VOd{U-BFHwy6`pG)lTGn&JiYzGvGo0yG+3_o)QTF+iS`sf9HrLwlZ^5a*7c4 z%MiosfTry6KRTh3g9(-?Qcxu^UdM=bP@03Ebu_O^CJGllLL z0NducQ(p3>JGFyLg`7PEZ+{%RmH?2qc0SiJK{7SyE%g58FG`;sl?=My<4ArihS|gV z#)5CAJrCcgg6+@I5h#na(IxBXlCMAZ|34Bo7*x3?pSo9>W{r3of$)%S_o z-{WX|Yr{CWQmY?}XrlOK7@@nuNk>!B@(pf{O+Hqv;4O#iJg5f%`>{VR7mCQuM&(oH z#umZ~L;CQ3@g8SqB^<`_nu!f43)f8pGXU9w-7=ps^l;=wji`G+C=2k(2cd!hNCeyG zM!~d%krVuGuXn?Ug-@^fweEBF4`H0BJce0GLC9OiD*&v6EHj)egyOs_NB+E|igR|x z7V#T&l?$Ng-#R;}t^&V(HMwZ)eII9V-{b5e>%lk&Z$}0e5puPtbO5lN3q2dQzl-Zm zk_z1^!>FP|`5QAJo7)`z<3qQp{9!J25avTwxaQaJJoh=K!7z??#S>$Y^&tPL9gvBw zze~GLuUeYcpzN}4_d$BuBD@)Zgd4gJTBN#hsJT*4>>2j*Z6Zjr+~XWb@4+}jWEd%8 zW3#$wxzL@&EQ$n_INBWex@qf?V_n;fG-(4_gfU-ZBn1Sdm{vu{7M6eOZB|Yl+~XXs z#KSlfxhq_x9U+DF!$3NmwkH>nqMbbd8Um65E4*qFSwD2wRohl(h4)-ohQ+l7SNQEg z_Q{kK?{R)%_rN%^1@^@;F$#=~*3c33)-Up07%;;VEEH3SD=x{DyH)`iNVh%jFdvfV z(2=%RMyAjX3mTXt-{Tw!J%w=|9IC$p0$%b@w?dD1^a`XG zYGJ}S6Axsf$UMvO#9AMmm6{HP2#u9FzL9)+k8`a3=UfflN}Pt|Hf0Fv1CSl(){FKZ z5ZzqsuX#E_ANr|N;lBZ3sSEfWO~fLFr@n+bV;9BI;Ofwy_c*^r&tT*F@NOc*AnZ1a zCIQI8CmeaYK|y$UIf5xd7UW61wLPg0K*}c<7ElD#V7 zalkBfk1v5WwU z;a(i~^3S|)fmyzP?U8bdM}=`-9i5aj$$?F8V*#*=;5zyB7#*b+96Vd)v4#&-T;V0u z9fxD|d0p}b%i}VNM0>p5v>bnAbf1$@3gbLg>WRaeM%Z#~0w5bTKstrE`m4uuj0A%Q z3sT}mc-H`=rkPqL;7f=eF*#AUzq{UH4WPAhpHqAZ<7lG2G;;KKWShtaWb?P+>JRr8 z3cdFvNV3>^=u3>5(gpQKyow&fCadfzvmrm7bF*AT>Dh1ZbE@WHoK!O7>0VcQKkkn} zCYDl7w2XrNR~E&grSa{Tx#sYR_E7rHx+-4vM=s6|1tAbeGFC%bJ#NLZucGli~mSkiZ`@;oo1tm0cesWw9;WLLZgQ#zxo9} z2iphK#7Yi3396Gt7;4|=+-$)(XH^{?)zYnBZB(F@b=*p)F(1(+3S|=_=kG|(uG?H9 zKsKMQuOa8}fiScwFWT*H8s0A-&KU1;eDz&m9MjF{QKIiIy{<$6SW-KbuG@P>Eq1Nh zd9%LOv5mOH3;;XfFLbb5W3{YCAM9QVw-}i6e3HJ$@mr09alT<4=||QwlyjQ^kXVGD znM|jCq9uo0; z2jkdcnh_Kr+zi$@0@)&8H^(GpuaRaZQL_5J|1>!*|0xFbj>RRR_9Zl!%(GD!7d6id zN?p66?{T_iYGIsiw68D8$%)~1egKdaj%E$sr(ZpslS|FQrc8Bd-VeJ&cS{&LzBZh* z@Wqefs&+s&SY6As`5tF?^^boygO5;{&q%}ZNr6T>GTE%{3FA4JOOa)Q`<*!0KRYp? z>pAMH^CaIV%$)X*`OIi@@2b#*Hve*@qb&bqS=_3-YNA8Tv2}hx7A4_f=$t&$3n3f~ z)5H0a9X5GAX!IbDHd3FEZa@gXS;QFl=@&Jz`N_yVPF(13*tm=w_sNvm2BGB|AY1hH zA@PF_nvquhFnDuksngM8Hm^?F(Vh&ll5vwij4zg8e#w3s`2>%}j7yJ8YA08)#}xTLdJmBf!a6CJ{h zV`i6>QFoui`6ryOES?XZ3sOLpl825fPNFLxZZ4w^vxm^vZS64j^a>lg8ooeYp7VO5jgjOh%!uYNBY7n{34Ie7ml6%q`@AuvvG zCC1<0MDqX0J@&r;Qf>tBgJm_ zGn`lpUZ%XNQ^JFCU_u?VJyL?X?9V>^&2?R`pn=!q?hK9Rr@7~}y*v%MRico73_Vdg zpPBXmvM3_vA94a2hL5MQR$gl(k)$6A6x`#m(agf^skZ6;t(bjWG8GSiHJ0LkZ>p%y zat7{UyhyKBh)^Dg2O#e=kY?rJYV)la=GRs?WgZA1sPx?9NH706e{R2hN;e!q42f$3 zvY(7p5Zepket7&Fe`0jv$AHcbAJoe_^@xxYdA0STss|}9&|8q=%Q08{<;X-X{Av3< zo#%qXxm5ge2+bh}5tgKIW%AGNmPZ z$g$Zw*O^jJ{5*mf$%et{xU_xlQ-$R_$WPDc5>5DBv9^KOpl6M{#?@pJRm_lGRmJNF zqp3Jrkz&wwGl6)$RaeA?&R`c4?%tdHgP^*?rTd*lC4Q3eD`ZASn`gi=>?_bmiJsl2&hIT_XO zovR)4e(1=OxnFo{5@eO;Z6r4_d)+qX@%Re;4VJpK^qVSu8ER4KX@~Ephbunf~>qN4DYmQDoN={fFBoT?6z$uHzOQ*w zkJDc8!O)0O`5(J@!hbSr&Ku_nS!Vu3ajH_%9;%0Mdx7i|pQjx3)~+Zaiq>hi}I z+He20D+*P5D}FaL%M51#1hW5x0L0`{Z~WL1F#QUGnIb{XPUHw;!dKcQ(c)Z4q|FV@dB^GcU#=%7KUsR6&wJR0%9b=1vo-CPt z5(w1k16}vn^p3gNedNW_v2Oj;rbN89rmLop={=4BqfW*Kd-FL_Htt8Qthd;62R#L( zbsPe>PT$|CDQ}e@y$=uKWkQo(D#xel|i+L7?+SXx;Iq zUO^$%@ny<7IoIQZ;diGb#M!-9rt~Bm&KzR2_O@}~6v-U;{m8s(=t~qIt&h>^#bXO; zaXo-X?3}%>9Z6EDIhL}Od%nMCU1enQgZER62-fd_m>rsK3ffpMeRbELRPuy20x?Ex z&D#FlYbM46-Bj%+8!ye~zb$;%Wkzzlv+JS6U%R5J;cxvLw?Fy3ur=em7!qC?%3XMA z|I!}~&Vz)U3bGF7U8}?r@$MRBlu44Tnr&xBV%n_c=fxF}-6^-)%XC8R^jt_VGmgqF z%2GjconD3?T!~Fn0EOk!_?4ioXtJ!Cn$)(ynU~`*Ew#S0W*Q}vtf{Om**K91i~n@~ zrowU{k|pb3yJox(7hbjGMd0TSgFxcZ(C1ajNkBg|R(XYIRHzaiq%p+P^&!JbEcmcw zMw)|crpI3v8>uHln)+O5Csw)L`8~I5-2$GQeU+-YI$`RDE$I@c#7zE`2z3G6TgOTK zaiASdzN|bT!jPl?%;CWEsZM%l!InW{@7%o91UT=3#RN0s5+y?a=XcIgtXmvZu~+}t z#Vca+-d@u6{eq=EA_zn)1%IpG>SnE$sOn$pViS40xP^OUdJrr@T~s7$zd50hsxua!e`Ert)?N;k9Xo>shsiGKW4-KYleQ)_#>7H{5jh%`vs(m=c9)5j ztF%R?w?lC0o9h++EjZ0YW0BiB*)MqZ_PbE>kJ%sTJ9pP91jn^kC$99LT3Y;_5TRUO)|Es+S@A7}INbZH4N zJP>qi`^gy77mPB6e2y84+*#wrj6GES%x2|AQkIi7kaWnopGobD9`)ue88h|tzvLh+DQ78yRiOSGNJvWinu{@vZLNo|ipzMeC}G9+WNnrwM=#iSk*sOSiSB zK?5d60;*tjBb~dj%fEIV8Ql6mQ7!Zm+=Mp7e3M52!Wih*s0cBmI8x%r#S^TYdw)rF zjP)dZXK)=pBe8k>gNNg-aML(ZmAV71>#C3t<Sq)s-@K$O$ZO)s+FyDI@9Zj}N_jxB9i*Lac9A$@lR2gP4tM=@zc%zA zyQBj2{A%pu1sx;WTtT4E67aXiR@;;tv~%w%+kS{=&vu zR~q-+`bJL1Kf7#e|CMp{v`v)T*IPC6sajIgP%PsVRLtV)>8hq zXt0od|BK&ddAegwBRLY#828Y?h)*W(Y>n|*%?^l5jB`h^8^_jDVM+jTQp zXx|xLy})*@RYSNzlHgZoS~z{*sYGu?uhq9pWV=*BTB9@>+&b9Uoy~{bvr*!>V#}U^ zNqN7rAw(kAXUuCS$<`5TA?a^ul6G8ngRMd9*Rp8b!W9b7Mb-<=n5nL& z_%(H2@w7VD#fzzZ2R{0>?|TD09H1q@**Y@Rm%|qL? z+Ub&wVMxNSne3CMfTw|-tT#K!?ABy)Y~%z{Y-tg z@f(plDJ-`XO(Rd3I4{gMmb&e7>Q&yUrn6MV2KpL``S64fV{Mfn&k!rXm(*Hf=tYis z_kDhf{!uV?YhLgT0pa4U+8uBeuzuIpC zWH#3O9;~Q<;TumvfRU@gN(EYYjyzrO`AY#NjxM})6EK{N6oI13qBp6N>#x)=DHJ}P z8x4&LJBXX;^>&UQ>MOob=^5~-%+`}O+A3-2uW~<^8Hj33uYEU)BgOi*lD+Y;02mK z3R4|A+hI*b!c8S%Q>X|%@*3sa1NwN)x~;d_gdNO|KOs-q=^pD6y06#a_FGjLwIyol zJ?gZVi$O_NeXzYRr$f~c%;M_q!VxXNB*JuSrE1 zvI>>10)4C(o(-js2m7VWYdH01m7a0q$azd-<8DKp!*Lz`dIg5R6_uxqBXqC)ELq4z z)Gj=HqJ)gh-#Ea9Z*0vYMKq>L3z`uKDoDi)W>}ji1*2Nzzh^OknA#Y<=AW!X(QPEz zhQkqbR9&F$eJEON^J&B{xV@ipT%fgS7>C4K9|Vq>;xnYE7{0psOs&Y>%FOBTF)A&3-oN#c zS410{EHUB}C01_(TRv0tNRxMHNw9m0B$U5!_Pi{FMDKUjJED=!Rz#xE6%s`mZR^7wqI}A{^ zKr1{!(QWk^1&5i)rvXX1$4b}h-xn=X0E0Nj&ex!)9hAF1e9|IYiY_B_%f*oE&L=j4 z$%HRLw#z@!yU{h*(ETr>ysf3>zaMP=M^v9f{VS^Da{`bvUwPNKX@0{WgvFG>X$i>3 z#65%1wp1dICxSkq%mlU@KJ$he9HufF#`n~4AI@;tnS571LmmS%5EO&?&KtZuEi$>L ziadTR!;?-10jY@$pUi0>C=a5tgL-1l1E!IT-axA#|MtW3*3PNGFyvHz-`SVls{c{_?o{=IX&{^D39Der%3Nt0!eUcnce_+}Sc4Fd%@%X%GJ4akkRtReN)88Q z!_y(P`yNMda~fvPovO}=2V@Z;2b{Bd?E^|j5$7FBE&i+55EcLuo%qVryst$L3@_?*a%uHJTmW_{LM}% z|Na@by0cvmjwY_D)=HIHfuWT#0q3fB=+;}mwf_Vqa! zs+G2&d|WlrK+f*ho07#7Xe}gmSP#F?*NIgs9jaqd)Xi^ov)=R09ivSWa= zvHY|2M&}q>j_D7Z&|ZX=cPBF`UN-Hi(YC)2zOuLnzwy4u`7afl7COTm{`|3ChL6)@ z(iAPa5RNX9LQ)ffEP`I*9!31P`is_X>O}Ioz3(V3mG?Nmu-jqw+^N_u=umZo$@SAi zFhR19S9!o#;Nt$}SBG2Z=S4^kcG+0GnZyP@GUw*iGjoZf3E$%!3Hrh~cPjRqbpWjX zvcKe43yJ1VY0H!=#RFf=OVcd?(o4l5vamQNWChV*|K3Fwki#u@eV-G>1>@YQ*!05C zCovDk z`ET{P9~D|(hqN#S|31NBes*|{Qhe#~L#JX2$QFJw_&}jP*{oyydd*OM{m}jk;@o}C zf2z+oXaFP_F^bzSh`a0D+R*@Iq>@$H;R?D>%L=x%E%R8A4A5ITp?|A^HmG~!Ue}70 z(|@YZDbTK`jv>)=U&#j(MMWjjZ+tt391>$~lNaaNX|P z^PlQ-?G5xKo{K&>ir5mrrE*X{I7w~R*33x&z^XnxNcrCj3+H;JEk4PQ$F^77F5Kr- z{ZSL{)Mxf30PLA~Y1M|S70W_0ZE_Bhnk5F+bTd+^_Ik^#T6X9(vM?uC}$a7*9Q=DKv%ggDO)!)@-*gwkYFih zjrT_ra@~6zUwsD{=T0^5hU$%mBdEXi!n-{?8&3x$NVQ*T7+eRbY%H5$gbQ;j7v0Pw3U#s0y<^nzs@4Rc#sn!}XYB5J7Wr)}5l-kZ|- z+$Uqo{}Gr=qCfv$w+S@O{iE94sm9S409d!KWgdZGV>SB(Ly zr$2FCK^Tj^LUh#cH_C;nNdLwyQqA2pFnjJ)qTH> zVJA8-Ae+5TVm1r%kSz5`H7)TiVc59r%02%s^Pw=6wOli{)lK zpZ8EJ*ALzw$08jw1iqP@c-`&wB+j-^_V2i)|4TI{IE1RLHZ`)=QxT2b-r;T6Bpi55qB@-aA)i{!2CfSqVU5Sd)`|LbR%HPnO4D zUamXns7!qUAk8TJV9~w+3S0AnNV_*F%1Wk741dQZ<4c7Ao3A^y*Bshkko$RxW}X%D z>@5d%mSt6cH9kSOs1LOh&K7Pii@W-66)(B8EW@|w9JWoTtKWvQa1Y;@~0Cc-^Vpzxo+M|7w5GOR%Ta-o9I z_lNlL8`-Q|{3%g{ecxqmpkA&22#H-+qg{k?ZyEpSg}7dwK-xV{@M=N(0;)}iMl;R#;ci=gxz^eEk`SSaVO`s@ee z+^Ns@FQ9!l09#O1-D4KCP))R3JtEEYc6T3WFP+AgbgZiGx5fB=)BrLhPWM{glD{0N z`m6`z+^NsGD^ULx@9Gd ztQ+UA`dkI$+^Ns#j?jLqt~Nt!rF1E!a?$orf%CIivBT{^HiN&91D!b?YYkP;z7=BF zLYo%y^LrdNnkg9PPJO=2gZ6vIcwb;9e|C-_HlXT=xA??T#t-dju!t|M9M$2jI$YXP z_&xPji`>Fb|^Cg(hBlhdd z=(nlzlGOvYahxZCga`_yWe==SNDr zsD92@cjOc*g~WrqTL%rEPf2})iHD|1S5=f$?;v()S?TQY>7t4-#O<_2i$7R0ET#){ zq7EAzuzyQ3qh$^!gOiAMv_iO*y^%zwC-;CcNUW%kp*D%nT$Ntlp>HPQ3`+!_Y#E9xb6N~lv zFl~J)`S$h$`nZMcWc_xtNNnOs`7dTRoVYDJrKeaDKhGUoX7bkF~b%&)Txc zkkRNkX(&a{m8V)J8)6yBv_NOxF!~<#5=|ue4t4bPEE6GZd-?m7oWe>zlU9W*x6qWK zpyk`UF=)4&5G9saX>u=>)PH<&2;lO)M8MkFRZ1FxfVgvmx`co!UzW~NuV(z{?qMH) zpXl)gIXNr>B6!Y<%anofbH=(sEp!%g*;!T=u3^fXr+(>mjOQ8(xhp3t8Du6VHd5bS zDWT9q`8T<@qEY4E7~bm>=}Df}uhHR&H(7fNt7i+(D$VGhqvzu3Wza5us1Jg1ZJ1o| zUQDHU)sy*Y`JVZYFC)qK4>YV=59(g++d0+<9JStJRy^tL&2nz1!SJ?7g^p9gj@*tC~FzL)3QnI|zqN2Kt)1mnbwg z7;Z$A`Q2703GG;mRaV~?n{MMbEa!z-$J4e(VOI6u&Htuwg^pCCo^(AHT zKo4a+pzg>d8K<_!NRVQ+JwKw;`%e7O+E&2O>#%+kuhrZMv9vOCbmAL%8qRK+K`?^m zY8qSX|FZnDrQ}v`Y2J}U+ToP_IXVKh!`m85=NZ+&X1A_6DN1QvOxJOwJKCvylBmGf!yu_32j*b9QXqi^4!qkGTu zR<`y=4U#=sQ?N*vC+Eu(MQIox-#MJ2w;Y~IsMt?KKx7#t>|`O*~Wur_n`5usTv9%@*zz-UmEul3|C z!nyaaKfcsm{T`^MbQjbeXH3xuM8j()$1tfQ0`s;DMxn2E^Dw;so7^7XM6YVG4 z&y)uDUv`}ICqd5dIpGRoXw zv=?0{2XQo#WKt4Mg$U{&Tuj7M)tU?Icq@f&5%Z-uF{l}M)BsCb-goV2I z2y*rhETfaMJ-nQFJ%XDO<|@lCbcJW|glAcZ>|^xpM*PzA(FXpnQ@lSrc?xAQIodhs z%WcG?eDfy{B%j0Krg^QXUSxn-(GbJ)G zB&YC&QLHkp6slkUJEA|IelqT_)ZG-FGYgO4xB>ka+lNK-;_=l(FcqKp47S$i_N15#Wh zq^3dUIXed4I-Q3r%Ed&_9$)6-rX$fys=^=PQGDn>8K@Z!WR1*zrte}?{QvZD`ZLTO z-7;R^iW#-U%17kacxI}Mlq##l#ER1dF@P@ah6^soV@ig@AlG5p zIi9*pozz=P(|F;X;XQpfSYIVAi1L;54O#Bylm)zdXnZJc#LMVIpK7VRehV!WX72GXD+ zvw!qCFpkPm*P?*V{OP5`)r^%^KMw6-;syOM7^=q`d@D+SuK!<3ru0C`tnc9Nfk80o z9=4iOPv(3Ma&ygCk%-&I$mFo!W}pSB zG%vc48##QoWI;`w(_#+Ng}lJ(=Oy$Mj5by>e@|HH?mX5V-%m`i7T5pNQYitC;GPy z_rr$G2b@$K(7lq)YA%Jlg(`)PSRfRqh50;z^!?>D$?z2|md8$7=o~u-na~Slf{!KZ z&`1G-n?v8HulzJz)0IVFu$!V*vqo6yradQEvWwj$ZTp@_RH)4$;x+S5-f87vp(;Qd z7gFF^_zlEm$j;Q#ph7Nsn2X)5^G0-VNfS^>4N-@(O&;Ai%fr0<)(W*nto(ugd=Ivh zmU07wJzgR-H;1&N<7Rg87WqDX%uo6UURKk!m`%=|n(}*@uHDWFn=Ml!S0@BI%~uh@ zJHBs@v|--%9qlsEn~lj9z?0%5aNZCc{C*OBvmk~a>_ePRvj&HnXrJeJ{Q zvhIae2ImOp>7VrK-1i62W)le{m<}c~*3w2h1JuT<#!v!<*UfxGf%+Veo8z%9rG6J8 zq@ErYwz(kfBH;sQ<9$S2ssn&pB92;+K^>Ec&ZiJjhO6!UsHHqAP*O~iU3VAx>({nh zU*0i~wWK4Dc|6F7+5a5_Nl5}e>AYobh&`%aWfEVasl7m4s3$<*03}K$DLxO@(7Inz zGEA8@bq{AsTmrrq|J1!6r&rx^0RrI$Gg`ULI609@dE&Beq}(ndA_JtOu&2IwiQGi4 zKAkbnq#Sa6UKywcrt>(xx&%rm91w=U)7YM)b#$lfK;4`j6SV0Asu^&xgGr?L5;eax zj2HZZ+7?$9!0OYF)2p~`0C{?;d1*R`qT(4EeR}2NJ*>E+p94zAJ=o%Yi`-unGQ_M~ zsbNYSw(ai!;O8-Ci}3pc}H^F1<<8FvIEdK;@I9ozvPC0 z-d;U51UUbBlwO6j0cDkRb)R4DbLxQ#*Vr5!lg=uOBZ5E~+$ia;>GxK+J}}j_))HrO zt@UZ(sZ-uxPkw)w|C?S#A^_5mkWF3X_2s_v1OzhJuXX0;BeQyE2;rhufjW-or z`*>MZbotjzYPC8Vn9ifrsZRkY>*H8O{Ywex#zczuSg6EnS(S%54nVfiO0?>YP0CY8 z=gHmAR#zjxSf;_x^P|-1RWvB;8{667b~dpKh=w55zcDCMo(O6Vl$EmJ@+1t$+&m+! z(^;2+G=x28mlVv;{@V}`ltW-KopuGdrd6YV}04mXMoqTV&#Vsq3pmS>-@2=vwU%uT3>f9f{@uHzS9`b3% zPb)IELa2n8oRcpA4RkRwghH9pu&_of zKE6n3Q_B|o)CK0}QRcC<${ewBh2PMcOWH_e=J%8#E!6w5jp>*+Fa!p)Kv`$3aCY}%O-nU__-k1E zOWo#goxs*HG26enUo5af1ZE(>p1tKb%FN_a{~%Ip8xZE52Ji&D*@dvX8g>eGSu5n1 zwCd(E*I?_0nC;)GQ+R+w`neV?{ERgxXJ%0)srZ4(f>!db8sIJI4N}6GT@6WMh?ULx ztJs1x7+`gGu}7)XXcK^_q0G5*^`R5I75r`n7;wp^KWGi{7|3lumuSAfTw<~N^Y;+?BO#bsI#;+ zqSDhUP$ZbnqqOL-Ex-?dmMzuwlMvr@PI!&FHhod=(HsNj+)149Mv_dA8#{{6i84!S zCj0RH0@Hbv7VV4#o;y(APw&#qp^ArP{RFzdZ7{A(;Q{Ho)ldCx*^6)`xPsC9Plak+ zE0dVPbRKa(OA%0}$a6U?1$q$~#+LUqjAME6mN6azpsdm_Mv+W8HkC z={(|ozb=7!AD?`m8FNHvyOtIW#F{0>=-@8^l%WWB^eM?E<8tPr84TU9FwL#V0rG>+ zW9}zZ0g(8{OlnI{E>?pYKPejcIPn;*QQ&!@HT}YtK`j`R+Qo-vc5<~!0o@PQ&-Ix5 zz4!v;4AV85Jp|_DGue&{b26QI8J3l&fGG~GMT02!AtU-KR@^2MUEHF*?{FUcJWh*d zqylenDk4j02pEE`HQlxix>tl12_EM_mseOti)X*8Gi0Hc*v|xUlA+=noGf2I1BCYfabd84hZ4n3HIxK&sMG<^K z>G+k{$BpA0eJ8K1Ud69s@-7-512aa9$I@O!2^#b&LuBQIVCiLbJA7pT(|ME@wcrPG z&i(J@H`m^sEs>iIR-G@4Df73T0@EPmJB}x7=sD7O9ka^}AcuZnBb$KfJmQB>vw%0# ziGz!+iUe!o8d5g3g6S&keyAx0hYwCK+JbQ`!J5BpX2jF%8 z;o<-CIyXX~FYJ8V4~F~=shhg=*I@=-jE;lmbx@{}0;vmE$0#=~*M9c*PexEjpL+ZL z;&qSHqE5#E`uk*IbG{ujTHq$z-B!x5&|I|&#B9ZX$|~ywg9@Zwm0s;ijVh3OnEXk9 zu=rk#J@C5fBWTduQNd9g+vpac4<8o;wum&OVxU!L$xZyI8^VP+u;>}t!6(Va<-_gx z{A1blXvK&Ga^vf>nj~}=v$DKYdSR70^q;Gu%ymtSS1;4DG(2UBm9HzCo5kq;SPQE& zu;-fTOgakUR}McczJFCb&>8>z*s(!-q*IsS%~l?JKv_A;KlMl;wMqKmix3;?Ug$-+ zH-4*S-8WO)lrRJY74>wsw(v3c#cwQ14eY{n<~@|CR-wv!C}MLKg*O|QH6%}CyQkjD zCt3(T6SSao|iW5x77Icu2aSl<>hKQ?7+koy_i+)Ry7>o zJM2K#SgC4Y%pAfksYJUB!;8t5l=6Rk0jbTG52;Of2B>?lP?ZfsIw*RbC$F{XpCqk- zp7|izejvM7OE%$D?Bulf{&JW6s%bb8qp{sYq8pXUV*5sSHTN4*;@3P83i?*hn!7gp zLSzN5+xJ!jCWs61RYCcVeraVSGU6M!s{^pLYlj(0$%{+5=cK<58tMAxej-Dp-l*51 zTGTwP&YXbc`Qs}(-}oUN`P35X-nu^7H*8{nZg>Va15Yy*5sHX!?I7>UD_7^hKNpkr zE>D8Sd{@N=Yte%O`ARQ)yZmEBrKou~DXHJbDn0GO(9+rAs>QE3S*!O4WGDKsbRtm% z3f>M%4SdkRN-W!vg}InJ_?-Q^AET-KZ7beqB0dz2fnH18=HbQ;ezb{$ZIeH~lF(Wo z(vfj-(4g9ulIizC@y=J7DE`E$_x4(Xx?jx$N!;08L(US>b5PUAn0M&di`9i;dCW^X zu)V^D_GN;mLP3f(Yh@UzMwLTMwsLK~WFz~$w>S)R~vhmn?ikN@YOKwo%gDHDJwq|59xN<5&Ao*H}wj{MT{B| zy{q>F%KNfTillb|RHSYxf6iC#T+M^8brh&O0Z%@ml{8)|!Y7V0f+!e!(M@xx{gj9{ zd>qLp#0q^pvi^;wp%e0|l}89`mTt52Zh=Rohy2qqe6~VSq4t?E&*nMt@w&=8fKIJb z5&jyCuU^Z=o*b$4AG~`+8TXywMytQpuaSeM@}J+5lABw@Pj!c?3-)3#-?a)a`@z7G z|M4~J#`eI2si>juEja6~`~9A7r5<;RKv1Y^Fjm~!_~}-F)MyJ;i)jLMw?^}MCP45o)eLLBdomxL3@K4=>qAH?$hP+V`^J)n@-PN07ShdIz5;YK)r|S4^C8AZZw@f2 zl=8LY%#XCBiZ6#zuI7l_I7Nyz@4750*UNKCnjEB3XDLRIr~dK9!IBBJKMv8i)U^%d zZw82=L4gr*5F2H+iLuz8$GLLdS};G#h$Stco=rF(KV8No4-*>os1ndLCPJf`lp1p-k&X{T{&1|xaO~SnUTxVDno6|-y54D&-^jXs6fiK&+>|HUzk;ku8O4wc@dT^rgPb* zP)mL|XRyi}1!Z#`s(%dsudkd39&A4ib?<0z3N`$^!;1@Q9oG>J$Kt6*Je+8=Kd?m< zrUUgjm5gQ(tZvIPz0fs`GY5-%B<_r*DIU9rhQKH^1w&{Eb72EY|Jr;&-76$7A+%9! z8bhM2+itcy;pITfh0`I_8%IHW?@dR!QdA!}+j-5g6r=C!2I~PXo zDRJjGX`KpBamiT5s1yn^rSTX-joqFE%cE_F%cjKFb*i%O4V`}x%vF~9D^@}UaH;E{ z#A^jS-+FUEfACbESA;%3sYz%YGF;~enzC3Nj1Pm&%Rj#UN^OoMK!ZYj(X1*jAb5ms zmU%2yyGQvJK(MQ#t4Tj()qXmaz3J%~rwjP17TXv#;fud0v{9%C(MrpK{FeNfC1h~w zm|C1#T!~Qk-S9$)#Ya~$Cn=ngDhy$QLi?nn_FnBm#9VYK3aYQh&o_WnVOs!arl#I_ zaG2YVk>iG`H*(H+b+Lc?MtF^+(jWNd6AWlj0KH7IrskK7T;q734?WsFm#O(WPm^mDtLN+e%sgmzcspqd-!2j6#j*Td;m_c_ zl0WC`uheF6CDbkEcyk!PYt1`(hk^BZLe(S|af~>*x!f+>o+|agX7_YTP|bktD-H;o zoE`J6_5>+p=rzcUr`qjpqDuqleXafrCpT=-cz5=j`IB|8H_AMd8iP~6qPK)KR&cZ^ zt5jLkJ2ac$Kf$2eEHi@%8YIGUd4o@+YMhnY{jIozCJ1Z&kFRTC7_ijlDAc`pVo+;0 z%lDDbBT|@HMEA3Ey?r3mKYZZ`&g}A zdOR>q1GtJLCkNsqKyX}YU z0@4*v-2q>_e{;p8l(R^}7<^J-?HKix)y4p^1Qem;uP;B{lX@&%G zo4uEBL@mt1-Tbo8I%?vYt(npHizyLyz6$9IMU-i(%4NY|yW$#CGOWIz%Wq{v`t&TL z>Gl85U7vKrf`a737&YDhwD=^(t2A4>2sYx%`=ueyF8|D#wpqSOVwuT)`3Eg>Z8X+-JKfK{IKX;+G%!6N5 z@6!7-LhD6C+ZwcTYLI?Gy`f=drEg!~Tl6loNyFuiue`;`OYZliGAK0LSJKdn?ns8e zl3pE-NY|Sr&t@bOSM@AG3QZ3Pzkb2+J+KKyH<)&5JG{O$kX-wdQo=HqPXp+`sm+>) z)aIoU+#Rj0T|=B{>?tid&V6Zjf$_r94Kpzxw_c;TYWz2^-1l@`6m-_^vw4dcR+mrDe-q~H!vKl&xzRYPs za%!F`LTahvN-=Nu&WwTSyRk0a?)J!&ek-hsweY^Z_l8$Fm~V`FK>#tZK;GRw8zG5^ z4o823gOxy)YT-4_6M7B5s1hwZqyd^MQDL0iA38!f7kvk>IG&Ho-Zd-LU0gL+^h4-Z zfT%3~%cC71c(if>JSZp4Auwh$zA@H5*-uDIF0ll0A*VEzw7%jMA4^Q5oZULb zz@Zb=+H!6A3aQOd2yTKEW6W~4J+)y|L?Y!62no%_Ou1E7OOryw>u8aw->O8NrEHf_ zMmI6gmFJkGap}nXbyV~C8(l<7WpeqvF)C#}e@Wx4xm@*88VNklIl=9`pp7?v(b!^TKmYwM7`o;I!V`-XFzUDMM|=^Yp>fx;%B;fj7#N z_H?kg!LjEOy>`>0vhMUv>(G~w)`U92W~2aiVCK)ctxl-SDX2`}D!%2+1mqixWpBk4J>i$b7O+Pr0;tB(3> z*chefD6gnXL!fA64hok@QycdiNts#l)OJCulhO|-WN}2H0r*vaWX{oW7teFzo0@M8CHgh|M!oJPw9JCV z%+%E)_4!5AG98K21splkwkttO2`0VO+`18lMkxOGF?ESAD%-xqdxv}1bOjKoIH_pi z`^)NW_!fg*d!H_ou9R8TFxb$j3$79Pg`XCkz7Ne7VFVe@N z31D5@bt5{6ekRnkkW}2W)Mx=A+H6MVoFi=Y0pz)Oan$3iK*lTA0 zLXn-lt_2?rD2eHnIfW6CzS|06Tj+7KyRJIle+HBg{vU+fxCzSYFG{p@Gg>`*CUzy# zsWeR7qi`h&${OUbgi2oc*iRUD5hG8c2K)5<)C!_zYpXUY zdeWp1O8_EBo?I#1Gl|6Sx2UTlBz*#RUct%upz|2v_6-0fUeS{)MJ!U~%ZTA^-5}Aq z{ws2J099ezHHZ|aWR#Az6~}xz9xuDieet047~!@6kd>K`eAu^efE%>KSPgf8M7ZvQ12ro~q z7v+F4lkZi;HW~<5Fd(ke2v~s_oK+oINtO2zdQB+-Mi$=>zV!ulWB616*2I;1oh|o;eCW&pZp%p`T|0Mv^y;uuRpW`joR6O z|3zId(BjWsz*%COuhserAJZ}eLB9h9lalDh>pXUi~6fr?}9Rqxk4 z_A3&Uj)QhRDh(owI3MFYyq-ldd%J5J4W{!5y~ff2Q9yy}xNr7o$1zb&b#KLabr2O5 zVu6xjYjZ<_-WJSKexbAs=fq;Nq&Fh+Y(?ab^` zP#S_-{GA=+Iill|KMA=lD~9_Ru?LvWBlMb90~BEc<}X!5YCdn-CyG=$AlRoi8!iB) zMJ30UCOMnc_tO#z5V2u2a4q_AlKVmL05CTy zsxH@jsaR|GJ(cnhc^jvm{0>a#5qcG)074~{iyIe$Iqu>MNhA#lR!?Y>Ef)YJ7|j3S zdvLz~dmR42jX2q5kLq3(Fr8m~Jio8Qf1{F^#=xBfA<<{$xnI!tj( zgqbAZ(fB69d#aKDWM}I|GcK5)YvBfP^!lO*2u(n~=phq!PetSZKEd3Bur;$C4@7z_ zl+r!nyKD?2d+FI1JVkBir%Aw2`D66zehSKJS>6iD@@<`Yw zbVA$Ui^5WzV-Wuo0@wK)y@EafcjOK503sWL`&+I#L7IA=~^#giqPnX!BRDNJO zkI?H2AnaMR(Vgi<``)XuCZvvl&^}WrrzswkHR}MKbn^2{cQy0ofpcl=s9aq%*!})E za(M^|45E#!IgXo7?A^Kgl9nCc`xBSmbOb=<)dY-)O&lEWUt8V;3GY8wDM|y20zO8s zvwQ$rT=Lnd+=~vkJ0PA zCx903DQe5>BH>I+178<@ICFEAtI7ceNaVQbMC7&T=l#4RR*b*2eJvCHcjWS~LA~_= zJWf_quD<8PVyReQG@9D$BR534iUaOCcgJ+Dn*=^tySz#04RtraEi16!>v80grw^1> zAgBoP9j*>y=xe+-#0}KNj%ERVMMdN_7nAh?u9IR-sc);VV)n;SUOya{gxlZfmGcOA z!emg&N1*R}T`3>k$NTJiU^#C1fifLQRQ4=8=`lQo+;n>MLuygwDDJ^@9--GjVDNNO zU(u44a=zfTj&(VRgxUZBQ>6=d`}~n8{iID}tbFam>JDMhGWYq}2AIwx^a_L-Gj08- z8V4Y%c!$1A(ZV>36NSNjUk1kR@+zrwn!fPtuvFz$4WV`VLaQPNrt=8BTIK_-pp95U ziF!I_w&{9yGGwYdgRZs!QWjx(s$qA`?D{blH}qI5Q`Mzyk`PSi(e@^rA;8cB+6p%g zf4)x}#XjvS9kNUd%XIz#*iBIlW@aRSP5;7EZqCwvIat68J~;T%{w88T(~^5kA|95x z>k}V^e zs2!ylRDPMOqFd<$0p*y8#q*UwZa=k-6F;-2<#)B6N55MI|3$Bl1_#RlTM~Q;#fMMl zy2F@BB;HoNg8Rk!f_4&UOk!k_uGftiAkMp>+q@rF=75a&y>9%g^9TjQI0L`1jddE6 z2usYUCf92lnDEHOSq}?fbvrI9dTH$gC8+#7j!ahEx65Oq22AG>3QlnYr6D5R&iP5& zDjIzh(XOh#zbH617HDGV zui3%6(A=7(<<`Hd;}{C3_eQcq_&@IID9{@qE!ERt}WaFKXM!z zAi#VSA$#6&Ogc?8efe~>V~~=lO?%(z(jd?9tWJ6ziV8VRP&k;%lefgbd~`x6SPrem zR3!anJ`JAuK9FON)rf^}lwF z+cm_I9+l;b!o?!C40iOYBzb!rjr|H1$}7;d!-1RTDVL#y@4FstdbxtwZzD0BJUlv% z*zA)$Og`A3g$%6`w0F~2%B^Dtsp+nhc3IEad14b2%2S{PS_m!FjUl)>=|4B@-)|Sg zp@S?g`Dc6iga7q4FZ|#uBMa(|=a*iI5#|R{&B_7W0_)d)odl;b9*oy6FF-IH3G6!q zrXRbN?V(7u`4PH!>2)A|@68X;PWB=RaV#;^F!L$S-y;PsK+ZR05`w&y2A8*>5ii}| zZlxm##wyO|!0axUiOzt`Q3KjjRP?z9ljDtiacQ+$Nmdd2XFf!}x!kwz`QvNWP4xlQ z!RG-3R(s1^mv$q9-l7uX?!$kxaj-4Z5Zg9;MZ3CliE3gLp2I6ZTpE0U^^+X=zI*~l z)B^R}$JKc<<55LMy^$iqaeM!|7f)>y$X?vC7;u-qQB%HU*B!X%b83o3?<$@<+%jii zwM3*5UT2Hrz~I&aT}miwBye!djdB09SZ!;B&Hl$1hmn-b0}^v^hPq=EF}gcYo20wM zNi?r@hup@-o6gf&*GFLh0x)IfPrnOnb{T6dIp7_Cw_)|ktx!0gKGos1jLZ}a#^Pn1 z`poh=ZcH#e^$j(*ho;om);Jb^I+0U2Lx$(Ou9kh8W9uF&2x%F95keU}<$KUJ#Lz+f zR_BNb)VY2I294h-k0vet>udZ0iS=+pgK}4#Ffqgu@bue#Vdq?r)pH|3zDY@@JS$(% z*tZYSn2yAO0U)1}&hi@N>NNKVIYcT>*BcyzJXZPi4x?tE-C$ojD>H=Ee7|5t(q=N9 z3Lz36Yv8H@VNC{!vU4d83XBEE<9;_Tt=I3#c(QSdC+`{uCOawgUgF!`?I$MpaO{G zO1hMMEu2`d{C@6XytTTx_lXXAnL~D($Nuu_7T+=IkFURwSUx&%eQ_!m9xcz9>Uq$L zH!La?N+DpNqmFuvu2_%~RdK@1wxy^_WociuVr4#ua9XH_gamzM9k7HBZj+~L$UQvV zpAyD}u*sj2*juhdu*LjpJM+BLbnUYwvsNX1A7&NC(*z{O#=0*|`R~39Bu~Ydv_$fd z4^~R&)GW@3PRr$s#QgDPB-QzV#Kaw-ZqZ5A-|e8q4_{!E8^a$-2)d45Mssr-rF*Bt zCQ{$NAh?C4i(opanZxi2eEUJCCkGd%(r4hzAmt0RhClb06{}ds0ADBBahE-%*|wp{ z<*31QPgstDEjyeEL%YkYl73t7jso4iVb8wTx78B%UA50njda}uT>@1jwE`vT(C{|mS@Q}aKBx?(Kx*Bbj z?2F*?GGbTQTrb#QI>7S@m8I0o@(;7gHGu^jqX6Gw%5`0fdP@sx*~$r+JTrvAt&sG_ znX;%TYqYWsSB$-qwc9K!xg{zCB00Fy;?$Of)YTo#KfbPo+aHivKmmX@5!l+?4#{I} z8MCGY6Rv;IAEFC-?@@*9tI3Z`PTRymp7uPCtBv+P>6!X|mw2k0#2MPL-kfX`|HC-&<wZJ6)6kv0N9ID}>8|BSvZU_p5|7@t6Rd=XM=^TDoc<#h-{7?thXZ|C%c}hPby@%YYE~)w^Dm-_&#a4a z+nTSQ6MeMGXIA^AAAlQ1d^e9kZRFd<$4pV<)?St%8LPuOI!b_#wkSKbv9L85q5}z` z75XAFWKAL5vt&i}CZOiPFEu$K6jiiJcv9DwLG|a=!Rl4fhDt8ox{GPXf6-6a1N!N& zhX(~j>+_54UX zJ9|Dcpd(#(S+svLa*Qxl!hnFIvp9pH(%SwcU&_EMP=}^ni4&Xo!?+KdTXP-O{}zH- zPpNR=$7Uju$!YxOmwhT7g2C*9(&UN*Mr@&_@vB!>C>Hg6YS5}OB9vSVQKj>@=-gJ6 zUyBmjmJUNB2;+8t_|-`bNEsgusUP~J-nqIMl4Z58GQ@Rdw*{0)l|vFUmW2?AMT9Uc zQMdDV;1{}(v?V-~UE)0}x*{U8HhJ0`6RC6WzA|gZU!_{_%|R)9M~S|x==EcyYb zK{`L)PHLE$B4EpwiQS~A^h$O2U)MloNDG~NIuNH2*4HGl} zTXXT=W+0c}3L(qO=`|SPt^wcR=#=Tq-9r+BSJq1?ff0AF2VoIFc< zvT=HJ@*jJPmD&jza1!j|7%kz89Wl=*g)`)F)z;?5d_?VnPOB)Snd3fD!tJCZd|QwS zgVrv*x~AazT*=T}mr8GEz~&$87F>{9BNsBxu4Khu;`TH`)|(ELHJq@rjTW?ly5T2N z+1MbQV`#wxv~ot#kGQ|+mw_-VRjazTD`OD!sST4~ebr08r?}IhVCv#9Y8u#i8km5W z&MZzV=-ELBEg@k33^`E#mB$#|4s5{BM1PPNE9@Tm#MZ~xeOK!^vn$IVk?{KunQNiC zwW~ePUZYpliBZ0X3yNB-!|4v!dNJ5az>MqwVz;Ci)gna$M#2xGrM#_E4xV^wva7h? z_H$LEMO@G>t?kG0Ovf7E%5w~|_iX9G_>ipEW!cIyJsTxQ$j=iN@pJCvOr=wJqkpZm zY@?mCNpdI}vxZJkBx(+F!neK>q^6C4MP_9dc(ue3x|wiGUF7n;hNkrxJq$^$tYX@W zPg_!VEh6RO)plqNvAmt5p*yLtwY8xwDWA>nKZL+@qT>HT5s_(GyWbyU(gN4fx+WL) zX&1l%)s%M4uQR!W3?d5`k|b;qhl1|hpro8a)7TGhFhWeKNRSkaF9^i01b}b4KWs&a z*GA*FOjaG_AzZdbcPlU`>1_!-LRVGwa^mN7!zA&qOZzR@$v|^;1%gz5T4AcH+jQ7& z9~lpea@g;&KL6^(E$aW)`F9g39AFb5lS5GpHEG2@CZ%qB&y4PGK@Mi-z_+SlEDdvP zAL%>inj+$E5FA0sULTlFhu43`YyLZSZS4st4M}v=eJG+aecs3_?U$}l6}DN(XP~z5 zRY=jRJ@`a`bp}TKgQ;2*nkX3S5t<|W{M(Q5FZeljTkL_;6W~+QyIm=yyHv_Xiwlnm zZn~$Q%{&w6fq3DG?|4)02!|#R+5kD3J!T&fodzhZx7z|Idvd%pfu=4wdAK&{@%mT~=jSb1`|^81v}mqeM(Ea0k& zFjpk)#I`T)9wDLEB3h7R-$c{^)A8S@`K@D8@U`H02;!5L2k;BS7(OFtfQc<=*DfpW zGuPc>;MfGNs;pTljZ|RYtP=y|QKG8UseZmLFr8`Y|7@!F@1|(4yntGw+dG4&n037= z2@1uMO7S%J`hldNtOZF8I?~1&wdTAacdV1PpQ51ENpKw&)Zc#2p6|s)+uv>U6?N+no^)9eQ+Jor@wVjUvZWs zU1gP;ZUR;L&u=E{aGNW$S>u0RG?K>34~#kj=lP&2fRex9Obb>z*J4xXrp)~_SnXG2 zTIxTWO~z~@M(EqT#cDqW{xiR~%hKVocs!H?!kyaI6GE0H_%Xx*E9m%LbI}xHm7|OFRr3@9BIh^i z0)UkG5qgjq#)df%bwz2N=&IpiS!IFiTtocUQMKn=#CX2vjDZ1A_i{8DoWzXgvlwk^ zM*NZmyFt+=P*x)&WD*_uvz>$>Q6c?4A@~1S@W%IFVvXfIHz@~cjoIei&U9ao9Ij*A1 zx|MpMRh7Wb&y3QK-#YIjY_1}t3k5zG0E{M)fxBKCUPXZ%I@IrOpv(2;b0EH>`h}er zBiEUBP$;(MARrAVS8D(cT<2BWZ=JpPS)c9MAssn@dTkY8md+V_3|D-U#NN13R6cit z-U8z0!p6*o#S94qT1-0JiHhA;!DC=7Ok_rz`M1t9-FKmAOa+sqz<6lEy{0iVpPuk- zj@0g!k(!$dl+!Ta>~nXew&N@?4PodZjp3wIZhEygfcw#r|E+`aom&iZ92V(g8c^L| zu6o%JeNUM_mcpSWtm-jwi*gH8-fk@C|rgF+7se>ybCzMo`WK@5dVocmA5CC z^Y0Y&>COV#oncUTX?X6fact|YF=cQ$-;-A0SM+MXgUYs)IxH`BHZYWvs`X`qgaq?5 z%krPi6txh!Q+B;hO9@qg?xA`)ivtuE8i`WTZ`@ongmJGg0hS>L^`r}3GPRE;J41do79d21JZqfd9~u2-lCcgc)GnSbq3|eRFc5c zn(3pO%WeC)LTS0{{dc?gsO>Qfa2=KL-#Y(pnwt!4wyos57iQjWE<+pR@*WvhmL%1D z8|W$W4fO9|Ok3^jzbJ|-(G{X7kMPd`*XjGunCacMdG^DpaTziLpc`dh`F7*zN7(x) z!SLvW4yxy-#`*v&9O#Q@_*K5SQ!nIgxpm|+uPsmlrZdOy^xMzZ+#{l8E5XD!%)ojW za@qom9z!qplRzG#zAm-`>HjEu>!_-uuJM!ZEF$sc1f;vWJEWw$OQa+vq?MBH zkWOhNML-D^i8+_|@qO<6*34Qn|FV`J_xauvyZ0y3146xs^)~* z4_)5z*mJx6@|QC7S#>*-hK{+`LtAo6#tUxn~8=I=H8 z;wRE;h3Jm<2r~tw*S-vU;G3rr$~C08}WgY{@fPyV3E4C2JLkBCO|d8S;R`V1_IbS zEi=PvAeLII7qY{yP_O(r`V|}-SQ? z2#2|_?XOV9_%=rdh~mC$eb+}Vww$XIYU55;&?iwZ`4u!Vz!vNoOXip+U*o{}RX_(1avlPtmNyfVP3SgGN8m+cDJEQV3##Rd!@~IYESVS?!EaIaqYl z_`a`drTnjurjQXd$36|hA!qv9wfW=}SKS(%uXOWknd2!D@?DI9x%u8k(ms4Nm;!~? zJ03W1kkEI^ERy`=9zI@gL=l?f_yWS|-$ZZp(7L{l-3HNDR56N|B3oi~b!G1bEf;xO zZCXJQy0p@HTX?+?1&d93bAy3sS}xxV3>0Ubn+3w*R2Yi$3op6NvjRJ1u9A-;l-?fW zxql-p4dZj_HN|LJrpXS#v1x|UT3(gYbcxLVC;&nys zX8Kjf&M<`sd#EnUjWtX^S+U(s_40scu$&ocU7J|C5YBJDq_;oAMAMMWfgaxYsG330 z6(#W(e`P$X)K^7>taPBw2u7bqZSrX2w{a~0da6NZBe)n3#o5AfgK++}O&KIX|lV;g+i(WxZ%x)ih# z@(3*VxO1`LE@#2)YLrY5nYw_=*^}OmdKmw3A?|K1IvkJM@(VB=$I-Vc4GDb>cdC2uhwE3J-`pVd{Oow$(aMWx&`E((~f< z>WjxVMUi}Tu?v*26Ac0bz}~5mJc$;=YIb%QFy%G!DsqkFV}Rzo%7$=6TT<1Y6nC(L zM(g<;Q8Jk-UmPaP0*@nwHA9{W6R4VlHYd3nj;Lk9r+4%-#-+L6l5l^SXhL)TKAf+o zNR-spzcm{)yFq&i%(+L$G89!P7VQG%eWp=LUMYUyT$q)uO9$e`_4p!`3Q-4-%J~Sa zLvePO*C6tomTK~6O66>?8-n{e%QQc3ziqzhtrPF>6R2v5Az2t{;A$fF*zEwb+C>05lM?mkU#QFVuQr~+^70LB2*FHQOa6ju2 zFmvyX2Chj@>0nQ3DW7&cBJ_ZgXD>qnBG1_0zdEOtJY1cijR#HOG8tm}haX}Lj{HB@ zAKB3=Fy;b(%aak_cS>rC0Xd1^e|`%oKue&78b2d_kpCXS;cn(pOxb!dAZ`N&scgUI z_+_l_FLrb7e4{o@>UR>V3UZ2~)Nez|`*%PzwOA+0J@PV}u>eY*BX&Uu=gs_Zqs`KR z%^t9uR6`D~g=?=8P4Pb;K37Q#y{66qIhKk1?0LORTJbLOLNUf7L7OjY&{Lo|--!kw z9NvgFl&NE6+UMXT<)h2Y2ct)|TUH@q{XyNLv0Dy$4))<@tNrhgIA=@Rh#$?&TFn(0 z1cFeU6SIf5Sn($fdX2rI7un#w@V4CM=1z;DD!#tW*F-c^M9F(1476C%CNoT)IqOfA z8Ax`pq#Dn77NBzWq)(rPLgWb;4l87qHobCQ2k(w&o$s6O3?`D+mDILp`Qhw zWO2rBZb08~OEO1`R&+9O_ao1ye7yAOwiQ|rKO6ZAkq7ya=O)b31d#{0A>yl}eyn$q z%DK!|8`uw6xDx6q@&LbI;!*taX?(}1ccrq)pshw5b{w?5bB=Zh;rPV_?yq%!#QY@# zQ($B`8R3J_pU$-qmA}39)v$o(^_{OG9`xs! z31wp6MCn568tG-tr$#$*JnFo5*OO}Z0=3ehgHKz}@C#c`})JW#RuSl4gTBY!$*z&`j z!)mf#Je9l=R68^ov_&Ea$CT56tGi%U-|Zac4R$}JUn2>BI~$gw5Hl$OR+X0?(8H4p z><9k4E*Xr|hkf|sRfFi}V>ct>vzd`&1w+n$&O|pD(=R%5mtH>0s9EyWeeGQQ(Jf>bH8d)P34}8&37z4-G zkLRY|?8xwx=YFNON8btu8TQSuar! zQBf0^#wA{Ti7-^^O%gW~fenw&xMvEZ2()wfmv-FxXd8}eHDz$)i7`Vu>X=X*Qq~7Q zq}@yz`L@N)96JGMr$<$Pf#E_GU%91+e3EWM%4&^|>!uH>c##1RFPV zK11DyGNdMCkae9dsG#B@nIki%0u9&B$538a(d?XZk=s{!cR*=d@%@U z`BEuPBg5;e?N4D2YR63qzxCt#LUBAMAKLC0NXKU~OoqK|7=S5wk&Tr2WSikW?u6tu zje>93#r*dga6fO{&I^8{-GHBy%X6Liqnzm9paI2s&Hs=qb+R-!PW~7fH=O-ul1-?LW@>U=GQLpW+dTyR~ zF%96rC9~@P6ku!qWAS1^8*{E4s3>QeS47X-UX38tx$rAT~NeaoVvT z^zd!8*U`7Pwv?jCpsAxl4MKZ~maRaQ@fjbp*z5uS(MOQcmF)5Ad%@=*d8CET*kYlQ zP1W)^D9#f6SIBp!!!a9GLy`*ZDhKZ}MNQ&+30kMl!)MIp^IMdzWCo+aN<5Vv4gGB3 zM>hHbr!m$x_R&5Q^nPA~f4DdPar8jem{4WdYLBo$P2dMf?X+Ppv9=MxLa;8i#}u@1 zl}@6zuB!KcKlWc`Wsmn#zrJm7POH=GoO#A9_=e z!K+5G?P`n37ZokONUkgJH0jIHb^_G8{sekM*7bsUA|!6`^VrTk&{uy_q^7mUO%G1V zghqccii|W<{tWIz?)X2}fA8;C|F}dfL@t=>A&EfwA!Tmnn;@J}fgq(Q+xnSV@B*8^ z7DejB9MvytnQ7d$+x-5d;U{RXb@2Sh(_9QuwEiRUpgVNOEa@o;C_k+%%xh!_htV)n zonCE!2Nn417z1;BR**M7D&mM~#e3c6M~FTK+HitEoc^_k2-V47dwG6eCtu{03)cUx zOBU|30>b$cKIe_+B;UPn2+l=(TA|O)ecg-w@b zjs$7NJUcr-C=R?)B!uJW{V2Zhdp7$<7-%?U8g;08-azCpb@fJpIhFl(`xh2WVZnzY z;Tg3B)3Vac#m&2>m2PE^SZI#LgP%XXFKPufSkv|iJT5sS7fJ{)OYqKe%xl+^o@Qt70gs(8dztus@6YB%vytoSXbTb)T!~*9u z=?WQLYIDy{@2WM{8qed>r}mEK?wLsPN&iP9SaAKjq?^m zE2ZzgvJ*nx&$0-7&mrIEA7=yH^Asd@^5l4p+y9Nz0?kqR3pAZJvSshG1TO=t@bc^a z#Al_H7momkc!i$g@AGjnt5bogR4?M>}T*FubMs|xGgUlf^awF7Mn#gHy2&D$9WSMhz`C%%+LI$5@W z=GYxUufXf=hKF={+`PbV+=#Ug^%M@|)k#!@k_#>%7- z!M$-rnmV5wbg^7cvGv-t{de`|4wRon7R9X(BG2cL)Bcol@ zo*KgGr(I;{p)g#mJ_VYxpiJ3%O4HU64wm?n){&Rv)9OcHm$x2XIeZR2uZB_jimv9% z#Db-54#mNZd+;ZGWGa@B^HKlRU<2%nyPt*^QhfAUTl;V`(q5`CEq!1={ z4+fkD6D`HdZCW8XvN2Cc06V1v)7N%sp|bmx5fw>xC5ljL>?^I!k~cI zkr5b>2C~7e@OZHAM_{hehtn!iG&qV*7;yWC3k2LSyW=rF`TNGg)r_0tWJ3yy^Q7qE zT!`34>Mz-2l4RV0INC5t3BlB{l^Yq+9^#<9S%Yy1u*ThG@SL7Wz=&}m;YqhKtaK8> zra<|zWi3H08^}{I$u=P&Zpk2G2CB8NbjGIanrK_ggIAu@!Dy0G!VUv}OLoR-G^P1W z6FtrIsCS3G;j={0=fXMR!4F`$ZsG4i;4mi)Jj8)AdW{i^I!kHdaSYs=s@oeq#K2l0 zE%ggSecoS9ntPk)Rg&p9@6ZFS|2U^EK;(fTTeo-cn}cO(12s5KjJW5_t6Bl!^)=cJ zH@yk{gY+PZU@gE-L)TQWcQw`=aa%_S|3nA6ZL0H|GYCf$Ex_2xlfiCs4>Z_K&Mv%K z#&a>@$o}+E&5==lP67CTo~=Hk)gq%}bgHYeSJ4;{$H&8fvM*$vD`+7cbyKzk7(w+a!0Jkq9EZVaQ4B^P6$fN>m}pl$L&1N4*>5UY%Zz>H zLjULo)bH+ch6|DB-xx?Epofd@D6qm@S`MA8qaQvkowoGwB<%-U8m1CXT9}XCn^jbn zfsC_t4Y&v>f0V2%{DU8<<7yDwIn-_jjt%Hh$2gL1*0174iC))W)y6y426GPqJu~Hd z#SfDb2Laz(Gq_;b5@FFKcq!FMy3WCN`qx}EVsINRS3WZdK>tTAH1j+2Su zm`TMJq0vD(>21=p^VkI5+rltP-bU8NY%|(3QCb5hglMxQb?A4{Lq`?Dfz1Jt|B((R zS>VBnvz6O*Ukq|28|N<(cPm@0&ezljwMDV3u<-UcW|qrvv;4fU{0$kBP&NLtewq*d z`G4arhj@YK;E_yASE+Kt1p`iP_A?CwOHH&L@QQc|K62*ORTxxdswMo>nCO{R4CP0X z^|xSz$n!5wRQMKr(aKYk|sJU1-`#U5Bhn{P*H#fE5UzMg-_>8y7a-`H%W?wxqqL ztS{SE-R3_-Jl9D2qyEckQBa(uAPa~*WD^7825@$A=ioa(?E#5f zMb-CBD;aRoquTj->F0-_Ha087ZQ)%XVyu*(pqdM5d~aKg4HPHy;10rxX*}f~J*tII zzz6Rs{1l-nAN&}f3R`A5Gs!hg#8M;BuI$RJqqAlN>?l7~D~G znWLz*>S7+s-y&B8MmGSCvC}D;D#xh)9s%$iC@h?>(r?Ley)U~liuxF(Rw1GY&c!Z! zARkkuAbjnnPxeT1F2~n2E|!mlZD7LbV=Pq)9`Bax*tTS5KOx0-pA}q zTea;mW2ApB^GA#ZV`vB3O-TfQPgq}XjI~I<9w+*oQVcl%scn=DdqWA~$XDHck?|SZ zMjVAHEYwqSo+!>w;ty2eML%-8=5cQR0QBA%gCM2uo~1)A{p_uLDQos9qD&}GyB|4( z^KZOmAwNuECT;3XQ*hJv?C^Q{T|jXLogeZcuYy>N$bK%cIDkAEtpRs4F$eRrXn`rKCsq^OwC!_c;1;mU zB>lq{0AEWvkl--u>Y1!BLJq|lQ+v?Im>M$rE}U!Hk3jxdfN6R}%983C4*mP#uAGf} z9^(;RV5clhQcZoryoI-gq$7_Mdf0aeYXEa9D>WiKuLSGd!k%{pCBpLKGT1K~@=w%(jE9oE($> z6|`5UH84oZW=UFYU-WXAWG@|wfP>ug|2UdMZy=mUnWQx2!IbU8uYq4(gjsn0fY@v2 zv2!Yy0ehGKiv<+$TB~36-406JAsi5|kDVI9NIIR)LUBIz!9q9!re7v+t>vl^ghA%o zch@eobNu}~>#^~C&N=I1<^wQvm)#id)ok7O%$IS$%Wex$k4!-B$bUJ~OX92$&b;6; z>WdJar#rGBF3jxvTn8^?^RfP)&YGQ{8N7G-@h}A@oR38a9D0h02z0-%Z|HZe3El8R zaW>IuAe^2k53PcOd4yjiK(ojQH;|RheuFBiAEsuB-}r>5y9WGToW%FxQ4DO+7iZyt z7gS5d!<2uaIeriKyg*CRglB~i+9w^L!M(ogExQ!_)wiki#|i(A#S?xm4p>1sCyZHd z+kzg~VBE3nh56ttJ%YqR{_~w>5Of~={1c`k`W%zl$_1bZprtB#=_UGDuiQCHXfD@t z*B8kSn;>eaME^CjA(=GR1T)60n$)d#op|NH99hG3Imo*77)2+vIFG&a#es#*mtno8 zzRQsL{N!0dLIs}C;f4elrb8KikpLgV-+CTHh4ChkNko7G;!pTbZMCFe_k-PifZg9y zfkerj`5AZ|v&vVB?%7|*oU|9e3l~)Vtj-t!@ag)FcS3ID7II(={oU6Y~n0Ap}R%{4*R@8}Bw^1)62aoo4V(~rk( zi|Em~AbRFMd4w(>@}s(xr}hx?TKwQKL55dwkt2tpI)Cc$mX{$#cjLL*Dd8%@30XRXQ!Gl z|J6uO3DaVnP}0-{`Moi+SgTCUwK9QbHR)UY)+mi|3dGQyKy3&Ibp^Lr`kn;L~YF5Z*f zx3_3+pI{2#={q7B;pJtezAY@q8=R+;dz}Z#bNDBZ7~z9|zL6+!y`YdHs0>6n75ne{ zZ)o49&#TLQ*I1ya-3}Na2YUFkwcM`nYEH{54D^KrsgrY_Z+D?MlB+Thd8$Ok(#Bpa znz15)!h8-`=OqzMo!^`UqHfrYS00ue?O<00drl_@P^}$RwRQ!OAL}!hx-&v?q?$V* z9DO7&GG%?S+d?;>MWkm%w2}eLl{sTEGu*2Ayj#XmEO!hggEHHV{P+f?Bs% zE+F^(zjaBiC_^~){T`3R1C%}1L0+Zo-sB%l7xuT-y-gm}a%Z$DABdj76qb(c**UP) zg&xu4g#~9LvTF}-%RzIlS0Nl0G^dIAoVOp}4uK4~z!A0E7)8ZG>WTmsax=4^n4s1Sl27|jo~Oa)@4i~Yf-l-W9@h~f|H}HZ zosxM!P3#HR7AP)2&7Z_RTyCu!iIV{Nuck9)ieoosm!)e4X7ibq`ZG z@qA^?Pe1zK;$>3X-O$huyn1f7RvVBC!r;gV8#U#>g6OCR#AG29f z@fv=7P}cfRbeu7Wln*ye9ZDX<-UoSpo$X_D25NtQRS7JT_3d8O60Ca-N8F39cU#8o z$W(v8@T1m`s0SlhDPoH+157kBDQ7sa4WKx-3J-A*7TwR48g_{VTnXStukm^}RFZUQ z?Qw*3O~Py?F4YY3h#JEjhN7A)%CF4Xzm-!j%Bcs*>_c&UxN{%Av$zu@-m9nsOwd!v z+iH-(&a))|odgj#&);8Q=Jt zi-tDBs1CZw$W80)ZhWF~eDxHK+VpURxGBsYXnUSTmQ?BbxM@erew{x4c>1W+y)#gp z%;E=m;5wu~%4{1^n1cv|XA5(uKPj$sX9A{1l5$UV4t`iN&|;B3Bz<*#RZpum8-$}E z#qfLn=OGlQ^8JH9O1ZJPSexXr(=N~mP$kTs+e#MYQ-r&tcL%V1`}!gloOg-h$4>9* z;rr&p+BgIQ;p!q|ZpNWFjZRUJbqQZ#98ib(tGOBhkL(Vh*=#b)vK>+ zygEa&@^@egcXE6yOxNou&hFzwoSmg~@3DDg!7bqQJDB^h{;66C<2xy197|=gWaxXo z-TdL*iBIMYPC^R7Bk~3rc{orNM4mzX)kASA)9P-JcY*(h1x^T+H;j=# zSE-Hb6&5D_^&`-W?1a|RBic8u|6P;ax<&^}%$DsrH0K*0gi}!Wg}a+hvV|Vp#G2>m zHCcWV`KpBhc46gSOIu4cU}z(ydGcG1rPcEZ)Rpt>%b8S85nhNM{%>8Kl4uYP)B5{h z=4=lAh<6}<%6xJS6gNYmX1hsRVZ`=l&sD%a>_9V#z|~x)PES5hz_uh9-kecpr*DeF0W3JO#$-{ufNg!y0r{ z(_Nx)b6qG-PZ&2e#|3zrO=}94LZ5_mFp!v?B{qDjTAJ=a2HLRG=U+s$7M0y3zU?C3 z%g#@BxS-$V-pnxw2e!$BcXKX3CkOaNl|RvWc}onZ7^N+7Mr(R*Khv(82ioV0H`hng zB;sC=d#UFN!!Y^nPS>I2=@XrUaDIGJ{%RltZ^H>Plxc`+qcmxJt@T}J%nm*VIsa@N z0(wI9(eSp!4;gHY1Q%4a!qqR?BW(B3oX!XTYUCy+21yA!$(u}&Clf2#k@WYmI6dcT zB%gY-1Cx*X7m#l}gLtXGFMif*a6)`YEz9GHHnaf6=~okl$nz7s8a*IPXLkzpMjH`V zT{s`mcm4BS>Cc$m`=&Qs)ORq2AHNGT{x;n3*ZC6o<5cO`mRQ4H4~jGJf(pXvA0oJ> zK%6HE12;sd;THaq*1@8)aQM-yOnewa$rYe)SjBJ2BydOuC%kR><-1Ze(e#K6T3;RV zdC+@5YL~}Hvp6d6`~rDR;pAk;*hp66W&6z%lmtvc+{Gjyx;8mZb{*nMbZ^Q}Ofa&8 z)^Oqoy`P8X>ml-_qo)rUDBQpIjt2QHr2b#%^h2eUteAwZS-1Y!i#UTU9K-Ee^^3q@ zq(eC6y{DX0wNDKk9ii4W-1|TNmJA6tk2?C)eNc(=evMPZR%^Ge8dturcC6stoaw^I0YK;5m)ci*Z$iAyFE`7wzS+Gr?w#>m|uoQl}jb&(1TeI%a10|DPy z>3YAnNl&_$MWTY<&+iE<3bg!hl7C;FDmYXk(DgTpu~e-eJraWE#CAeBTG)?aczHfi zU)2E(?#_VqZ2Xn$EtYnoqPmDdPNN+KIA5xE%&Q5L?fDqI28Ti)1p@9cqo6ry0}xK_ zg$+8ke*!FaGl*2sm1ptB-qur$y`#xOCeB$oZbk!kH(W7}lRH{>C`ans%(JML&Q5j* zD9(7o0fd7c!gJO(`k{9QWN;(WG@JLW<{pZ2R!m}~aO8P8dp*T}9!w`8cv+?PLQLQ>SLEWFsJ)vN82m7pEoa2c$nM>CQ z9it)eF6k8WZU$P|P0Qym*Vp$8IgWgV))Q7zZy_8hRtm0A{~UYNO_;)^mu5*i4Ij*^ zZH6Znl4~0~KCyzlZqBD2-Rw2GecY2poBJWi(XS>T(FY!R6 z>o6FpBcq0OUZD2!;}0_mDsMhGP}=_$Rp)A)o|@OWMnoSz0r&fl1|=xYrbHuzL;c)V zO5G&aQ^O4WGKJIhJ#!!B;=(uGTXC=UFDv^FFuMsuY;ek24!qtkCCu zGvErs`JOh)jHk?S{!0SXY0jHqjIt+4kbg*evYO^ScHGAW{HwB5x*mu;HJzgNTO1CQ z&b1?Z&!O#t%>pwBM|Y~efl-G|z7VXSvT{+NG3V6Ol!3U}VEyKA-Fl%auut_~S+ZQ< zD_CUiV=7QILBvpCA;?r3{;>}HV}*xgX)nXq=@LVI^=a(ty0(Hr zw&f>DQITd0zBBp@HN7A{MOpp1cw{KfSK>AZ$MGmRyc5rmWrY;fdBO*_ zeKi&mev-g|->X3zHyS%)S?40n_fW0Bo}uW60(jN*dYIY%zF_HLH4a9=33+a390lc< zkn;0-$ZJw_pW?69<)hM|1v`%5iYZ*Ku(%?UykAT(b68w0{0jI=-(kX zgr}Dz4gGixB~N|qF+`q=rn+&zpsp$(NZcH2O6tdr1Z{+{rg>@ZdSK)YxgGEdF_xbY zwuJEDS_^fj%n4>m7qnmhmm^KXlLz4pFSW8gcYBIx4D4lDw2sGtpD{%WDea7nJw21B zbGU+l)%y1{N}IoUNAGW5uMAy92GOu3Nc`(R-$$Aj`{DP3r*{okp~atPY6lwSU`x#a z53zVqo>$zAa4@keMTIc13m$*C+=2JBtrSmhYmf5$+tNkw0-A%14Uxx5;-_CU|H#XD zO5ou;e@ zD`CmItdc^(zc6~gr zn*MiP+QbmfuIxH;?n~|j?+1Ou*>IhDs@|24@~JqJ(7c#{EvQZ;jus(t;kR(RP-00j zp`b6>P#rLa=7dN?IRD0|;(^|t>w$J%r2~vO0$1qcZ2}q$?Uc$|;Fg@_m_Pb{`BMZH zCq?qaL5LTmdqQ&(9`uC1W2eqFC%jM8piX>sEt7VX;Zb-k!!%{74MSR;u@i{Hu5w_D zXfD+|mDRzfG*BYljri?A*%#8Zwe%2q+8p)Y#+}c=7=U~mYlq%pLt@;ED#J;9S z%QGWWe+U8ox{gGr3C;8@B1491;XT=@__QyOxWhjVUGz1Cvu5egUE(@#V>k>n3uWB6 zYF#GgEyBoN-HXO4)jQe|aQh=JmLYNNL`qfPjyg{AGlX3?e~0GGc|$nPc3Gmo4mvE7 zhCqJH))SRKTSp!a==P>s%kLD)LLyIK3TI2ATGa0K$I)yY>gyVOlw&+o2%tGfC=ia+ zDp|6-Y!>>)A<($d(uQmjAMa{l=<8g+&MU;zQ4Rvt0vJ1D4T~E=aBts|MGQy3+}pN- zmPZyO^Z*Wryu>eZk8s}PD_{>QRia&LrZat8TvrwTdoALpnGd279z1KTw%W{cKe$@V zllDW6f1y}FpNnTo91srwGt(e~-FK?RufXhpI^_6AERA$}wxN`dBQWYG->H@XDb22; zEIgw5=*_kgiaJaES>N*VLal2V^+6wdDdOiEJ=F6H47JZinm)up=3_$nC7ow;zkK{f zjkA9O`1u1=EMG@8NU@yj6%#%gwg3|>q3kc|)s6@K2Xmj%$r#b+r@JSJo7;bz|Ez>r z;Xykj>p%J}DbiTu7|7GFtoe?3(PMOWJcF*Ui-O~7=@v?!wV;RhV%@*iIlcQ$a2r1O z-KE$ui@SWi1zYhEcG+;gpa$)Ldw#e&3IogG_uThky1z>7{n{9XZmdw8Z|)C%KVmOD zv|_AY*3Ujb@3nyoM?QNIa8Q)Y#~?zk;c<=892sU|pVi1cRrB8IJhcksBf0*dCm>2tcy#Mg zAxcFj7(c6U_!gQI^bi+52~92gDzmWE)&w*Hfs_qn*1LDR!FDGO^dF<&R|JDReBa|k zlg(GiA+C^h#nYc)V|IUBICB7gb#MPcc;gY>ewI31;~zG1ZS!@4LC;Utj_yWvRTk=?YdDWjIrY=mJKFmH6Cdxtd}J$mHF+4=|DXR4XjBJ>h$ET4p)|nsco)HPe-{?^ zpdHM3OKp7G?#BLK|+L+fq{95Pg`2M!rUOP z*wJVs!0fsqWERYLU7Cy&Vdl>|F2{%!)YDDy_BSUuS0&Uoq0%|;BT71-XwwtSgeDn$ z?ImY*i|}3ho?hvPvY~L@-i@{T;z#jISC#{BOGVS8T#RyYWo37lfg-xuvkSVg$;&`{ z+imJ~B5g%w+L@_W^t740eukB8!IUx|TM>1R!`%NXooukmgBQBVAyvdFw$ts}8Ud!m zqfP#F)W;^@28;jFr;F;KOc*lEoAo+2TzRqL_GZsg(R$V?`JT5Wg=kq$f6DPoVTC$h z3hXzj&3!JuzwD&!(kXNA5Jhc}c!N94S~(q)%*ZPzXJ2-3N0nZAF{OVP-Y(h844_vV z$S5BFu-EK#NVSSTF(NoYcYOUO$9Nh@hyOp{PSUsU!Ix8YkKFY1oSMBz2LT3j-SZ>r zDM`#3ecRC|>M|dr&LH4~M~|mDbd9QlRm7EmNIk_kUz|q&1=n>%(ZQ=h+Pg3Cgw|t) zR)x1@Dc+wcKUGNxHIP?xz`xQaE)NauJM(w=xwT4%Ur$%)*2#R{S$mQ2 zmJQ;5F|S4VPOC0F7q&krh-619nksa7`-96lP{D}pm?Q0Ny-+dlP}k5pu-e@J1}G(T+T)^B~qqqdm$U9COCFtjo=AVB!z zM-)iB^HzfR;}e8OyK~SD63v?-=l66v@UZr^Qd63l_>x-SJ!r_kdA*%d0w4eB_& z-@`3?WFzW`=PFuNAvt%9W;wEoQ||ur}@3~h8XS9$c$l3x0s8glfe|Fb1PM$&-|}oR4m6+ zMEP7qts*H}or94a`{o5-8mo$t37;kXakg)loX$+ojDHZ-WK(I+HK=??qAZ_w$sjha zeRX&Iy#DS=fCh2fTIDx(Xbgu%3@q8dVGJP0pOc6O_TKUTn!86JP5m*a7`qjBmrBU{D-)3NjmnBGIz-5!TZn2Ie04p z`SlC7u7xY}evV|cAm7mugy^K!zA7s@-ICgpOrXtExu&&!J#Q)Stj24%QLbYaOLN&> z{iH0cf_dFFCzWOem*iZdVUVlD_*{x1fTK5_HkOb__8>V|!{GCG0b300{HuP28g$0& z*8-B9`*#;Jvw57nPwTRDG`^z0H7Cv?e!`;U860+-kIn188+i1^)6qHq`{UA}yx45F zO2=VI*%vMMapm1)uKbtsMuC;dm-3j>ylrR1xRFyB3ytvm1~o;9_mZM0De%7et$n{6 zq@b2$FAPwU;iGGu)tZSGxZm%07^>Bq^;trNyZl0Mp` zI9V!$^3YmKA<64JBgp6ZcXXG7b|Iff$^{9>;%-mxBQ6TeP|vLi$LISul#`7)E{_`z zur)FW$L>TQhgGtoMC$U0IcXjFaD7)bUUhmN$rQJe)m*t(9ln+@VLwZBiB`QM9ln%#r>*^{f#x&-ukI#l{?P+D^vorQ&{>3 zEBdj-4Ca0*dVztjCpo3MzO$KIH?5An@2nL6t{-soX>+V)Z2L|R*>}$AH>m=@uBDme z?l!6sdhNnfa(9?C6Ku(zemFaf^`?BElT%&NvzOhQkruf~lyHyD3}oP@9Y<1UJzMB$ z^5e`u6U-ycv(oexNX>YU+R<&#Az6}Wr@&XC-Sy{#L#}FZG)I@O ztP6t(Huf!Xe#eeQ`i;WSzRhLLd|Z_kqvX9VLrjHEjKgrq?r_SzzU;1l_%4>go-dY5 zosfrR{@);?!`aC#Oob{fE@znBGG)Wxv|p02V0W;I^K$GG1{L~fbG0Z!VOdf3&8X-+ z#rK@@6hb9oQ&g(5%5U;pSiBEHZu=O2R?4YX_h_B5wz)muqp5W775?0`7=iz>Y#v@L z^c4)gQ|sxxL4vUdrSJ#uSmp7!pJNSDe{#JQI(!m!mVwEU_iE=kzUWI+D5jdbc0f>};Wv5v10)%{?jg`_;~4 zoC+L{z7Aa@R15EUoUyBl&}0~{EYZo1%WXx0bY@{m6$Hjb{rcpcNV9wPcr8i;>ZvVD zGzt~X2`XCDdTauV_E`P5VV<}#lBrQ!jzI+{91`8AUKuY?B#cylq_rvUk0iSl_0<=qk-{fHD%RA(+3iY z{J<*AQU9;uW43HXDd#6`Id-CP$v0%h+fB=o%Ud491>f7hM4mbZ`Xz+nIGp&pSEFPk zEQmpGk5#&drv>NoDm_Yq{znoU_Pt-YIMHR7_R;3Om*~Pm2G91uW5(X-u*hqevz&s5ViD?YmwS3@<|E3mBsLAuu0K%H}%5TsaVFp z&9AIg*b#a~wBDJyZ3yca8}_pZpScFY){(xQ3-Au(K4ZI_Il4Vbcyj2lE7MpLOLr_7 zEk*DXyY-}J_}-HxxoQ?y_5^WUPzta9)A|B32HwrB`UKk-7#U-uu}aAwFh9po#rxL= z-R5LfWIH?M(uG#CDoK3GDrnu?60 z^dq8otY6A6xW*%tf4V#D4UTIt60Mtm<`VK#44 z?kw}22_iZ2bH|KlMGpIQ7P12jzvB1_`pTG_GnMXnzsl_AUx;M)eK%Lrkj>=bEosx( z+m|50`YA-OKP{M$3*!Wc`DSk~*;&v2*)0#_30Nx&7a55_bHHeIRE`Bnt_buo?=%1IAT->y|8kBi zyQ{3FS%TZR(ZoIz#VQ(`==E3KWEC*};1fubbgLr#HknM8VcaB7c5$eDQ&)Z-RS&Zx zUI)_*g`we7gSRA+w@4|DOB&%Mk z)?Tlu-v%Zj!+4l}o4}C~F*W*t#m&V^h}{)rq~?A7B?#t zg27dv!f~*N^3mPMl@mC|tt4%IRW+SLUUb^;bQ>}2Vfyo4$nRWG-oBf(b)C}EqLxz` za$S35`Zu+MBRc)h?G~em`Hxe3$M{yUXDAC$cR!-XO)l%j>Lp&E<{$$JT-d`PNAvL8PVp z`3ppsJ(rZ=H3o z`f7bi>*+%A%+KZeLGwL_Kbo`nt6=E10@h~5)2bf2?cke}>0!m!jx#qDr-|)^_b{F~ zH;4Lg7z+F^QH)4Yh#PdvEPhWDQAKQ9*x(Yve;^X7PVdZG+!r^S?`NYEA&(+iAiK~mF zorT|nev;v*u{g;K`_7XX2j-Q@;R3A!rA(bAVv9cLvECywde?H7SP?Pgz~H}{6*!w1!6u1PHN!q>yMw!RgE zXpM^@Y!xL0b%WlaUp!}cHWw3wU6e4S0tkF}nC3rea60TwTo${bT2;{GnyNT8xWbj; zGj{fytEf%HcdHLRV{R7QT@Jt)HyOvWdcMrWiU9X2W={R{NxsORLwL9E1yN3Z2PUHYJv4|6xC}MBudCo~RV=zm^Ai;e0Bz{-=l0qlF z2EXZP*(@nV@)@CP^H7q>4U6TuTCz3yIQJkLLc1Z%2}WF+a6pG= z$r;1pBacKj;Teamr#NewsVW&GA6`x?FD>_^{Q5G+@jfk*GOd34I>H7!f&?Fay@_XV z;GS=tgYnrVll9H7G{LRhld9<>U%xJHKJ{N}-*zJ@o>-}%nOH>hM!$_Mq$JE{#dAI;QM|H3~6adztw2>#$1s6esb#j-KMnAnUFIJ6O?6 zW(xPwgw{p}E%)fhoh`ael>ZM6rai3Oo$NgP{%7v1-2awr!(G0G+(7?Y2NDI3$| z_r3cK)9yBi#cJl_%agv1Yww%;Q+Glubzt0a45E|&RK<(R8X;KPm}b+}b95$mI&ndq zKa1&3GL9NSjyS963w&%8a^9qA5UVyKxa#xv&mJ|4+XNTRj88B<-U1xQ2NAVT|4Ng_ zX4boC)&r{MC=IH<^f=Bm`_l3^PS#%+xoYAMI2sw>s#xc*kQ2(b`jI?p=fS3-hO&?U zvnR+98diwq;IFSOTSV++fJek0=`T%s>rfIyJe#`aNN0$$)4iZ)DMX;}u@pSz>2s^*&LOe7_`#(CjB~Q@I#RH3f<^R5Q(}{hE)fNYBwrCIDuvYwe-!8la4Atc8${NsC>L* zJ0g&D1Br2Ph&7yfgpP7JO^B?Zthv68!gM zVxhe-oGoV(2xnl2Hf^c8wkW6r@G5y+F3YWXeliLwsgv50X4>|Tss$W6wMt!T)x{8D zJG)Tr_-P93d(21w;)p5S`vT!0t2d2BK-Gayb?P2D>#9;$a&nnouVX?0=QyaTl25F~ z&Y50lo$(RSF!Sv(_#LJI!%=m64&kKnd{)NN@|`#A09oFUm|=Ibq^oOqpCg4B@Jq|y zcN+nAth5-L$I?f=f(OBYvXMDW>VI(AU^sgCzabp!xB9H8zS@mRpq~TP&G{P}F*Vnt zB2@OVs!3EF2~o-byU0&EE{M?Zx}LO5|7btQHtSM4lm-9idx<^ziirM4cezDz*6JHz zIDu^O!zcLj*r`d*L7~T$afdcF)1IoJXUx5>7vf{xo?kwUp%oBjUrHz~gMD`~m-JZ3 z9`usQpNGWp&Krav-`(zo${#B*V4cU`>-j>vq}=8JWUu2qjiyeD7LWZXG66mLYU(Z7 zR#TWg$vTKEotbbDo4Wf_{>T={7AK?moHPpavtkgHG$pLY%n_Y|>P;KI3ROS(OY4_^ zB+gRI`>kO1>_hAa;`yzh+rEwCG7M+S2(f;U)f96vC|Q~IZe!cFL9t(-@yXP6-&5?5 zmmmUF-i zm%Pwj$JxUZ?&MIwa{KCR@uvKRoUjpAQt4zgJ?4F{HieY`I_uQU>pY;Fc$@}Y&; zjsMKEI4*GtWKSZ!)v&a)sm2hQj{hT#zB+=T2I6{)%u|EGsP73@f3-7fT} z0#XEbLz+T68(v{B^3GELg~Hu+hRMU?vAQP_?tA2+527mg@?kh6R6`KX5arQc4C~vF ztskIXPkDNW{FZ+k5t-bVR(&+mXOx`MfCG+t_+23}{Y5rOR*wB`DdE(;B>1>Uj1kq* zrQ2M?RPlGd`DXzhBi+Nw+gFKs!Z&oZIF9DZ8r{ozL62~U(n1T9z;K;`&nF|-6k9l6 z+=q2d5-06SgY4m8_Hz4thi#-a3_L3;K$~^TyV@g}s9{W(zm7jDe-3)0h&&mJM~%ox zxh9)9VTqY}xBK90Dr{V2AJrioxjsX)1B!g>Q5=-4mq`IL#!Itv&5!2%JQMTY6d&@0 zfZK89Zl;}F?TIT!JgxV@z>O^agljMy3QHCU2iaY^8t@Zh7$~)c6LWhSElgkEdP-YD z)XUih?o;1IylPBz`pz21-tvo;7)HGpTW}m_#C}J1$?pTzCLvgro;Y{YU!oMwIwT~P zr#$#h2D*R=ZNxdF;(gz4&G)^)VHdr)PLEj&!=VWpf$WLBbN_|E!Jfwle$bsfWU0}k zgA%VQ#m=z+^}7X7>2dwzHbIFf9Rk^9&DJJot5D_(56U>E^}RaR-X)YZwmeC?X5~ zj4`}bbxI#k-VN|2avqKHf2oQ(Q+Z%cd|*v(_8^o6e0TQWg+*k=&-5${e`3g<4r3<@ z!0sJ!Zi@iOp7?b%?=FW80(_|3(d?g><%)WCqMLG3!w0C3%TP-I3y@*d&EM;jVoEQU zgIk1C!(Jhp48*cU?sxtLL^tpT{*>Z)^*fs^XdmW{+ zP4D8VbS#;IDyEe&nCEea^Jmbq)dwQ|byvKe`rFUF{;TVJ=x~Q~=AN%wbmT^oo z1Gcv!cQQT(bKozVFsl{($?vxlE9y|v$!kw;7z%s5vmX*n`tj>NOM>+d>^&ylcS{u- zS5{N{N8u1VA5FkxRPnbF3}Cw(PX9i#UNKDEHr{Sg2_+3@LW9s>oH$SG`m@DdhSg=< z#di?f2{}I-R1OdhQqAHmz%jEfTMubG0rFUPC7oV|%VQeln}F5uDv-D?+=nZ%BQ9U= zSrti36lU1JI1+;5h&&KVge<#^Ts{w-5qKw{vlH512|SSu&*ZT@5-Cf_31I@&K`iu~ zY^ooMm{o37U&WBWbPJEU1coDQtAQBTKWaKPpc+}2Z2Od_ejxmw-&v?Fb8v5@J~KFN zwfq-!O!KMq4`c>XPQ~es$U;TyU^vqZh|n=oz2@>cc+UrYb0vK=Y5vE7rf#^YpgO{5 z7_6$SqZ{9rr7nvqqm}2k`c#rI5|cgq7e`V>6X7%|(S1YtR?-rDSOoZ@`ER)SjDK=A zD}S{Ab=NYD8$Uz|Xxc1SBuZ-hPI&D(J5Rt8vTc8J=OYZKksDDZf>gn2EC#G!Hq7a@ zPA6ik=6LiLUc^(iJR-tH<|m#HfAv+^Gbv@nJ({)+=taN?nPMylYf zf&K|^=KH0U+qr9gxH_|tRJ9) z^BTfIs^I*-3F=BJuI1lJmZh*J_uJV!K16HKvZ4arBG_1t=t5L2?|iMLH@YL?+QHAd z2g6|mo&dl>s^EN1K*?$eeVna)aIA$^!Gigc;2d084Z~qdnSyYTDmZBFpuUn%yeXPzPn=S8ld+=lB;s2f8mMygOUe9fni&|RcX8SAxhQor=2H_ypYka`V>*GzEN9L!t&t^j<b05jxe!EvBu+Ql^9F6(JzG7S>V=Bbc_t< z`@rPfrD5!;^u^`DZD#oV{G}FSLJdxcs5i8i-@1$~-LLfSX!DT!ZVeCV>4VubDSZVR7gFWrC3q1S>mGPxrc;TZ#1fKgPCGZ~J+TP|ss>s! zgu*HX^6O>Q0`GAy%B=SNf5LJ8tMU>G`Zc|s;j^`nEdOxeaqY~7lr+-CDb5+x2y&@# z;_qH((9ZA_swAbsGJh#P0>}BU2v01$uDqHE z0u|bek=25lD3=4M15aq-IGViBxR7cw(r3V9yHV2}!$O_)yT(Of@6O{y`eORIwfS#VYfRSZjk{pCl>2+g zoLCv@b!|MbJ1Eh;{`niMi^|_>F}#2+XJmr0FGcftH|7`feUXtyL9Z}@eb9waqwI1o z6+!Lm!395wtw79!P}fk{xc*X$8O{M+LROf6(aTv_P_-{y{^%7ket4$#9{4+F<2KdQ z93-iuM=bcUU#SY`g6_a^)Dhi6kt#13d!WlOtNeX0(b6grSH9&+-5xPICP_!|p3kb+ zx`Ti0B;78v!m6|!p*MvIu>g_h#@GLwi^Vet^2jc1eByxCxeCT&s|XT4LAIIFmKt zb#UTG5feyVFp{UwSSZa17nH33fSvO|L8`pGSOYBf&bk}eyG&OqL#{D26cLQ~ zD9TGiy>&}C@5uzRhJB0jJ~kfI`a$4)6E?0XK1pajBUN5*eF8Ty7RAr_K&!5KAul7M z<%{bbLQcSIWe})paGX!8%o}l&-3Ltd@6RN0;W+swdIuKG5=tFA;B zS=wxs*9POdiQ>?UTP+>Qp)+a{T8z?u)dFIFBEQ$vf7MwkK$lpY;e5t%PwyisYHg3B z&D5pp_|-MQYF!IFZQ!atc~kV7M8Ve~hpff`_D+zR`mZ|61bEMn=a7)d`%NZZD_`Fn zIVltVmbC@A($+oQN6m?Xy`~SFZg%wCnhiC_m513gEsE%Vf>dXb0w-T#?E-79jc2ZV z>s7^uH(X66xS!@gT#Hr8_hF&0kYG{L^Yyp0c~UG|oN%0AM4Sz&&cX?*k#}kMQd9XJ zY>2w-xhB(M&H2Znoddt%`}cb}y)J|T;d$m$AvH{2*rg#hJaT^iQfE1O4g8(v(k674 z6%49gjkA56Maj|kzwd+ZF0__bOtOaiMSw2ysvYl}!WT2lFq|1abm+VL|D(<#3tqTd zMil10X-h#UeabB?)xhsO7v=%HRl^Sd;LF>ss{L{%YDo#g`H z7@Pm5zsE9RoYPk`Rw4Q>D)xI6DOgpEoD(qxHpBkE@a=8l3b^RNQ{`zI^g}hCA}B zY+#C~5q=Xa-XisvI*SFUPP9+#Dpww$bz6&Sk2bHqTg7=4Z`;kL$mxDwwF?r1`=fE$Ql}<3~Sm_w@K};~Uw_0U#cw;qbD`Rk4z|5+%g) zijUTpr+M)8^OvehNeZaiRb#nn!4OZD_Wtmq>>{tl$)OW;5A+OT?t6wV!9+8Z>HM3c zuuQ{zD;H+Z{1Kv>3#qC?(gJ>&WVptq08?T{AoNU~T%>JWKrQVK|F~&!F#xR8=7b{)J%{o6E$pl}=aN1d-CYO4zM<3quh9`OS4woKS6< zhp~K5lRW&?u+*;xjzfgl7f4l=v~-lLoY%d5fdkKXc5+J}ol)wWn4i_xgPtEt^{YQ^ zUDzB{SKLq^?Qd#3|L}w3{8v@Qo(Aae)bGmEm` zRyd5fM|(Y;J7(>;NE3Vy$MH{qaFA*!ch^AwpAYvZq`7XZtmR@y5L8p&Pw-#dyiMXzCZ`> z%(q?5)3@H2R@&}$WxdeZyS_(O-wCs4^((^PL8_t1$pOETJ4D6*r#yOsm0^)?Vg=#s z`|Dhwi%P~}lPJfVEG#^%^xbL^HB#L+n4b&OP*fm$kZLHuJ;95c#;U{Uf+D9QLI#a0 zWV?Yk85;%EbV}e6GHwNWGO{LUHGXba{6J@W1!m7$yaH0!*}bX4JU4}as8!+(q@a2RlaN6 z@}=94#`>%F!CcA{;bUf?@s;)Y-m&#Z#sj=5_0dj`KR0yQsxjdEV%G%We<9USXhA;C zqg_^F>DKL7OrI$Y!u2Jq*hDmNFI#4m;=KPgI5}YQ1<#UJMp|f<*bZjTp0W=#E~FYt zBdAWy+56@t8!67se7lFnxK!4_O+JzwM9oZI#ZrEJB>aVYLZ3PDI(Z4_W2j3A^4|I0 zeGK6sRZJX!Ixi2-(>(dQF0z+HP2ClSl3d~JCTgJP>vL>kr=F#c5uppmXx8-XaaE}B z^Z5X01;Rn9nD_>O1aJK@A`ysV{|Y2@!xwy`RF}navK!$8rA_Qj0wmoE};b*LWy9 zi8FVhvia})NE2Nkx^f`ZKHh=2)?w$7O|EVckBZ@%r@1A|uF`u9kRRlYw12adA(YVfWk%h#+CqcY8#J^MN_^(Q{!yxG;o^e#VKGq zcB027@2z{87`s-p&A{S*(zH%)(EK2)K)*(SI@ZfJ2F7@`3oG;uk~rAB0(}}UK)1CQ z4t{9!FDW-sX?Pv)kw*y5bv8eOjf)Wjv3`(hADUn$L|>svbOn-!T@^MeS;WBWT2muR z2KVXY)8W@vtd~QH+YU7%x(AO=1fi_oHa9$3$^;P0WZWmM3@o)arxn?LLaifh4<~K>F&miLJNVN}pGZ5jUd61@v zp8h8~N~o>%vgGINb^>hBjirg8Cdum~+HR>s%GEhG+`AuA>0tKM6Fh+IL8^Utu!4N9 zg@)e|<8}69?R?|b$#3*OS@D3@6aV+%y|hauZM%{-aR>B$+luD7uyaHD|4Qv+Nf^O( zM5=Vm9|K0i(0nn+3!U=X=IY#?(GUAdHJaVvJX}V3m~$ZXJ}@i%*=Fqq0~1SG0c>2y zKDN-fkSZOIL7nDASzT$L@HcMfq6C9`gaaY>Ub8#~J-wES3S5TTRD96QYWnhSX z^=F)e`Hg#f5*!EJY#PErs$vK;0$u4@L1)n`1*=A=RV=56IBCCzok6cVZ7f1D2K4X6 z9eY1tN=`-ZUD~08swMwf&ob!NI}i?16(bAeFDlbK{3dEjEa%joxYy$64)o=!kD+AE ztE)Pd;`gy&);}D<`WUm?NOt=Z9Os!KgyX6paY^Cb)=!{gm{oISBxQG5^&IW0-Y)6$ z@U7yRN*fSW)JMyEq_G%cyO52U!8YTh@{=tJjuVE+cO%s`?32Kb92PXMu`s&sCTx6f zIuW~&w4?tHsFsXHz0)|m^NxV`X~uJfq9zVQE4zE);DZiRyFG$AC-_kua>C8mQR3nruW#MVWD32KM zoNwngb06e-1G5Lq9MNqJsUFeP05WeuKRk7L`+F@De)DV;rB|NVr-OI6zo>gDWy}-u zz?#7{ueU1Lv{9O{_cKtBXo2iOsz;zRfESbW<16+k7?;fD?aNxSGO1S|xP!l1U$n6B z^3@l;2`hW?vW7Kc+;(gRZcl(bgo9L%z-tCo=sOOygVXwIG9;#2TOEgTlN$tiAbNXO zz{7mtmiIKq^f^8|zqG`yWehmZf7K(>LB`eXO{>Apu~n1O;Q@!{%*Z2yy{cHi!YOa7 zU)l3Alwy2fT<2gm6`@Hdd^5j84+k5pEbl~BWCzND;{8$SIwvBaJYcrVof zcx=W>KMsqoV&CIW*}Ku|*vA9I!9}Nn#)VXmSO+UbHD{w*X>?HLWE2bcKI@PJvEhAi zny9nf|1>XWcIye-(EGfi_rKnBYjD7Dh{9bU9He>#^Dda5-`-v;L7DdwUo!OI2YJx; zTi*=;+5+>8^Vu#bp&w7W#;t4W;sXlB50w$DSNs@yS&SxH8ed+P@ z?YcROukxTL+|aPl5t-(+cus;N>BOhE4_CM@v$J40%Pi)_coG7Di-{S7f1dVFy5EUU#bs2po^R=dD1&W z0Sr$w&GS>^^rFRc#%Fq9JximwZ(2{}kltBp4?=&sN-IPe4YTJjwT3_t`F?cG%mj;4 zeTmLns6lD1$|+dZ8)R#owF_xN4KgT3(dLqe+J62Vm%Pv}qZ~9wn*!11bx2(Dy>BEVSJQncLmU zL4nhY>``F?@s021{R7P03E#%J68 z3%p?c*hO);<%nHd47Fh!__incMe)`?U|T-^WQOr#Ty-pd$;f<#;dN2#@B{e0Y}a)g z!pUx^=ecP!e?XE1UT{PFxpFj2G8^yudQ$k%rw8%`r%=)<-Zj^ta`Ms=Ptd$Af9$Og zl{~2mv*(!(qPrPBZ~uyVON_;L(CzWIR_Cxew_Jgfe{H2~s2{Pc!}om}{^rke^OsMU;pgfz_pgvWNc9M?nlc}F&Hwbu7kFRf-SxQAv`$58qbCLAPY+Ga z_0U-|`7@GjD6#V|Zr8|)!|nNw@CT9V5mF#-+~mAWVc^F;DAFdTQA>i!IzyofX|nZ3 z|EO^6c%a>^D<;4<5r2zp02bGhu`fpOWRR*4BQ;=t7)#%p-SBpBmcSE<(&fDKmRJe& z;1?AlURSGTNEn>|ipyqsx3&E9*gVW0`)vzoTu9Z2g98v3wQ}a3Y4~m${-KXela&(7 zQSEy>c-KA7|E$FOuF(ajy(*YEWI^eZ)-B+mEXooo7>jO%a z8P+w?G@=@yYryDlR1Ds4zE|*hxkj$K%+rnQX~S^-Qhmq-krhe1cGCJ;(0xSb%?Bcd z_wMW$C5#}R&>KzNkP^J~QK9X5r*r2B(ZUsS7>O()^~%;x4y=Z$4Ewux&WHBv8~s1~R9}@ZmuQ6H{H6L3{tEPC)UTX!l5`1I%G9gK z`c!_?Vp$OdC95;o+dC{O_1Qqy2gMPWyTvUf!Amflzf>PYGC>^jOV|YG4!ySQ%ErSg zH61d`SNoNqr$y+J^|>*VgV4TSNAY_N{c-g$zd$DJ3F7^ORDEc+1DQZ(iPz2F z%Z5=&l;olgj0&~xUC;HKYyt{U?qYG zmKd!re*~iy?qEvK4bflhyVnN_!8)ueQr0jw_3?O$rTu-;qM77M%QF~GejS3Rhg5x# zS_Bb&#+Y!fctN{#8oXO>`Mq|5*1Ye*xjIPc_OPqMU*&SD}pzO zRDE#M11}5P>&x%;MM=C*eu_m8RFm8qR|EI5md9&iNx%L1qTrG-ao-9Vt*Kv^VL0tF z2)+bT^`Q=A$j3z630MYVj33>tmn{||sFo7gs{+xbxzCE9%0~9x4DY=inyERHk-KU7 zFV5ep52uG9Un$sADtYxHLhUkjEiL2eRYnxWRluXBscYo9XZ$)p>?HNxb+5V~xMVOt zd$Fk)xSgT=9x zbtBuMeKFRPim~6$*Z`9ES%Z?!N?h5tFDo_*@Lp}N&PecVa)K_FNh(uyISyCSFW=!6 zwazp!=EMHREuOQWj87o3S5h?;b2_Zd=5wFOzQUjmWcbM*08oAw;esrB#t z(UPB&Q%E?>0q-Ii6T2fyF+A>pUeeJ zJW(G0Wed9142@K-+k0eK%qoOc(FvqIm6VmMBPtK3$QJpw;Xyw!#FzVZY05tpYT`FjDPPE*}& zs2)W61(&Q}r-1m_ca}afCfUt!YD|lQeP^lT>G>2G4k;!g-h%9smfHg|T^0BJHus~> zV!ttAEUA&cZ^xe51>-8PBGY_QVI@y9>mT;Rm7Cz#ju;&0$`8n%Pm+2DPL4VGF6tnj zAgXF28AlYU>?Hn9d;O~L#~QzQluXTqL9aKnlX^;{w60Ewf=|0 z)d}GsRigW(fJgG1=7jL9rJ3--+0LwAc_cx_B-#w>SZeN|vj2FSjYqex{ zf#WzM;`831%-_$mL+B$|aTEndzeX2Wj3}@ay;)5??PU~(B|-kw(0gR+stiL@tciCV z@t@4od!A=79P-PE_o3Tw(p&ZT>z$WZLA-aQLIL+vFd8*s8O_fpU$ZS!oMeF)WOVO7 z#&MBau4o9UT4sZ?!zlGH7!HM(5Hzk^xai?FX3n;f4Iqwm@4ce((7tEu$3CAH!c=9} zmrLNidc%4r7~}iB9`CkEm&oE1s&2is$8enI2>-OAc-DXBg%UQ256GMdHz%f`3Q8V3 z7O&=*XUee10FC!diLNTsfY!IFm7$@BH*X328M@nw4#T13Kz#Sd^Zd=6kAjv-X26b= zS1TK@p%^lqt?p^#;fd}EWy1%nO3wLq2%mqm9VS4b^eL;-RFq~_#Nzk~q@yi@; zyZJHy;s&Z<`=)=yZJ58%E1~sxHtc1;O-vI9r{rm>l`cy2ws%`rHr{i)=a*1q?!s|4 z5pk_a`~&^)YSuFUTHujjNO2 z!tR~-$9Umko&(IQ55K|p#dSMGT&s(~S+BG;qaW~T)3DH(SiSKZSIHF=)W10VdaUuc8m29Z9mkY;&^chW)Dp=0W?4SYCG!UeH=0IpzAtcazkb5MG%g~ zr*wfg*?C;NmrkU-?oFJtIhsXYfz37@+*O ze=k3k4?0yk*H|-ROc~7Fh@yw#Fs38;Hb~VXP782TS+pFSt}Cy)G6!Cqkl zq8>Jy3nsB=ex}>+uc3>)xucT3MFqoQ!l{DhCxIzoQQNeWU$z}3Q_r?_^|N7c@Xkmc z*2jvSSjvJeey}=G=~*H&Q_~nKP^77*_;&X%%zR-uEKLIt&Y_s2g-BNfwl1ifc!u>- zug`|uPNwpQaU4yLd*Xq2c|ji!r#0+86=$90f^d*(i{dyS zB62cjqSo?O@|@;)nknaOo9Ai#IPmW7G{*Eizf$#6<~6t5&5l1@qt`8A_T2b?bz8*P zX6ZzVMTU5%AVPe4WtrDDr9o64uIaFEXc!K3~lP@u5z5u>FHoHSZ!OH0>iMdA{LG%R1ref?mEDqf7sq13U2bqdtt|woVEH95ub$?#y5ozl`4Uqw>T;RSi zkItC%Eflq8ckT6P4ubI^7>-OYF@%Flz|KDZVmF}U7swZchq$~N)^kxS6i0DG57}Oz z#uNtG8a=y~f?soobD7eEudJzw-wBaMz;I@C5##E(S{9|0huU_k5B%I~_r%oOJLDU( ztj`m+Rj&s{s1?*T!^lkNENPT(EV2Q__q+Q z9~UmGuGCc{?2z3j17F^NJY$D$B2Bi;(*<8U4{Kp1C5L_oD;Q2|hCMVcqH&R^j_R-_&sl{mHx|sZE1Zh{>-w#CR|UotjCr8d&oo1h(s99tmA9Q z9;ABK2f*L3_$4PkAw(GY!%WEm-+nWhl!^Kq$fi$(dx!C$aI8KIclK_SWH$+ng8bZn z&M}F<)U!H4GHd!8{gZmH4`Q+lY~e> zbwEg*^=wSY9;A9!3>7#bC{{o5>8`&Ma>y+@cX54jStv#t@Fmm=-ZOTh9u4N{)Jdxu z$~`(JoQB~X9o>L%km^}h)qn@`)uzrh5aT_~TZva6!zl||l`FyPDsK2^SSfavO}~4; zaPAYz1YND^fq!u%H9M0b9Hi=%IbiOmwYISsjw?xt9gy?Zisv?o&xy97WOZy_DbY-n z=vCl!_ieVM5y^bG4SR=6Hn#qOaFD83iSuCn*c)Vsf@TlK1733z^9uXxgD%UE{$<|Z_?%$}t9+ye1%BceGb zWB=*ilJE(;gn;J9aeZm9^(^(5>QxIK_`-oCE#=ieCyCyQu0?7YR;VIlU#7 z&v%NS@5aVnQ{Y-)CeDTO`2Tz_sRa*&pNmwznyUu>#fnf_I(3D-j411jD$in5^=B5K z!X-a1q~}x6rgab(lk4#{|APCNsQq7@zg4fY$H00f^pTVr=x|Ik?6{dHF+h}d_y-T1 zKO-V4hArklbtIYV&BtyL_cp~ramatF) zPGoq5aVG;iKkI*_@g(-ywNB8B0& z7jQ!Mi17x`Y1nSXTZ8@8)iGUh;cu(MMGRn_+bWM^So1j-C$ScHoTU{?33`_ z^XNqLJ{}AwoDboDapKbN5PR2R{mBM>?6(XfJQi`th`A<~}=r$_N zPw=jry}R7;XV_NdL*Vo40WMM{gV%fEI1)_|&WndtvqqY^C=zlYZoI90nx}4FBPPF| zws~TEAGcvX58T#lK0eDPeW;q#^zf@_RKuaf5Jl3QROem0mOIB!NiJ zwThLm1w~UAQR}R4T#oZcS)yD)H3e4squ&A+F{IsFVU;;2uTK#O(7p@uaV7?Y?p2ee+o}_meohgPcCrp7LyuN8@YSJ> zzJvK*)T_+`juT`A;h4!5Jy-g8|VEmQ~a{BXaiFO~3Q`iC7gH&I`>IYr&AO7swWY9^9RJ;>9*)eZ+ zb1lCWta44hGegyfF0zf?>ah0<4R()7+^h-k-}6x(?}_auxwpJaM7Jsv zcbL(*e*=aiZ-|KZ9$jiIxs_>H0yG!0QXD>b>|~$`d-Mu1OuNRBzRK%m1Lw~$Bc%#k zYa$u%bZIs=s`4hLqB|VtJOUcmi0{^shTb8G&_htaBm98v{cj(dlEFClfHS7-QVIHF z;C1+%yB7Apx77FLd>x-+qpDhb^%WfF;snAexurfnO?v|^6~rN_)zlV(>9d|**{8## zcsW*wFly{l!{~@C{GfTr z|HEnc2H7)*`Ke{{$Q`o*@O$NnUlgd&_N`<1(yVZ1Vtz;cx&e5(zLVq(!9S#wS5X45 z6en!4<8cW-hv6uAB6!QlZr6ezKpltwFE7R?4|AVY-fRD2k5)4GQw4m*O-xd=rxk4R z9mAw{HwUMp^xK!=`%5v$AF}6Bm#-~pXl_Cvh={Q4);;Vui)7!tzFe~@9h%g3LwpZ( zf#K4j(9O%ib`3Y!pc)90)z+^GhS_r;M8p8jK$yow5~^)ywl&xn9e$djZPpY9oLT4l zO-6Jazf*Hi(s0nN_d;#@sQSvtZbxrFZN1WN1G`Vf?oabUIB3ZYZakBP!f!nQKLHJ^ z>3Rc!r*tY0X}~qTPo=!nA>cfG<3~$U>aa<<#X)6sL9!loLV^RgXR!^!G3uFL6hK|; zcoK+`PULp$@W;iQI$=-aT;BG^-SwzJNt6u6X9Ilutvj;Te6D6MBJfbXtNaLHII6MB z5YF^UN8D}oVb3psho-~i@~kWB5}E!D<=@^OO|LLtP^SU*9;bTi)H#E=o*{+a)2#k0 zPeYEn;W#6k5DrqE4*M7AFTrS$A%SDk&)s<`AbYf%2rD5Guw&aX-%gGkQE6$msfl^4 z*nDk|4e*BJj3MqpTVA}xO;X1n3}D51DQlH6j*+4kVsH_{Ci4!{DQ#Oy(0bvlPDM$=bE?OdHU`?@Q` zpqi`m%ZC+0blm{bc2Y7X?H?>ywY4yN)CBh-oY?DXog>%Q$iESSN))#EU)(iUkB#TG zxz@GtY1Ceu3xiW>OmWI2$SFO03Qgh~MRy~cF^KnmGF6({jyX)`PWPK1N~R_ty(0p{vDrrK zFQi(YhCNuhr5osOZcp@f15Iqx+~&sC@;3gUWa_3>+iZ(@JdgS4==RpS6w4xh0m?fd z_j|ApA|90(Oxc>Sx66RG0sPZhjwpj0!d_@QO%8ImCJGBk4qkw-nDTT1JF`&p*Lda? zDfOs&x&sgRcaJH30?p4Y)vU)inrj{}#RC1Wg_zM@Ip=T&diS^28BB2LvJLvc{FEgH zy4cTgSlH3A{V^v0%prCP`Ef{llBG2v97DpFVIQLXGR(Zdf5;KHldGd8hF$qH<#ik7 zrWWnvIq(|B@Ww0fh#l06emBPXw33jMdRP&Lvo@##;hcTqR$?Y&PWT1<_q6biXn{QJ zZa2+t$72fH-!bj&(I8rihwH1Za@ABnozAvgl7r)C3>w6rN7}P#9|qwd)gQYa0p_*; zt{L^$frpvGvlRWb5mYhSV&hO^~~@Z(5pcO=`g z_$_t-Ly*a0>29W`rcRXU(rixv8-Y~r*Z}ZzpI?hr8~=qbDtjFt@9@S?6cbVfIF1jZ z{z6jmV^m<&#$gHYzl?6S|IuFhtcFHYrFv1#Ph7ig0eIbMQ4s_K2R8}Lb=3u|H)LM~ z`JiUOaK1mChQ?*i%>1VVli>6z@W0%-4O^9{#x_;OYi_#oeu$N?;!^=p>7pTP5BhPw z@z6`c_I=kghH^I`o)vO_zPmkyaDLuA6C-f_Y;n61B@G|zWU{|eRYh!)_G$V8+qT!9 zBv|E&12Y`KbS%jXwJ3qtcrQx|`sJ3xaeVL~oX1BSruv32swaV;TfuRxVBV?N81eSc z!R>Gwos8R8z-_HjRN?%h-$pnv1;w@_vhiZyPzd{99C7@w;Sdh%pZsC7^(KE@5x}$3 zc}Mp8w$&~Um#5dUlK}M_Mq7FitynGDiq>G5x4T!*rFk?X;TrbsF${;0GaJIG;{Sq` zz%w#ur3~`;7L8e-k`nnwRxn(0>pd|s-8+EFi)4xZm3TQ7v>Z(9yFM3u`pikXh5 zj-{I!!B^beUk{Qo@0O0O2br*su{Y|Bp}f`qa14*3`JwzXDYDd*D;ZD=;=Ki>0Ydsz zcgD<&cX%&-;B6O@0rhAuc4C`kQy48md}W_2S+gr{-;ILLGg0;ygwxU7(McakF@dK8 zcn)=C94)?IOLp{3mb>bVWLTD$T0!=ji&K#^GTAVT8vDzS$0S_Ia;&iREKZb%$QQ7E zK6?7XTfmYF#1Gk7Qg1vc`c2(TGvGAvJaA(iC&C)kS2jHyNhBSdr)}(-F&hLZ~GEy9dCrKe= zoZF8?=4U&gd;xNPh+iW1X;#eXmqg0UHn~u+a-~&EZqsSL*yg|T?8e?U)>RId`(Rv! zD!0x^I!$b7HLlZhFy?iW-fe;7yh7Z|+P1g3cCp>odBHo1lb*06`wv>+$%i2U6G}Ov z@5bgJ-Xc*#R*4Z+6GyCfVZQ5u@(=(=Qw`&+y}n7|F3+57FK+OL@_ zb;F|JO;4O2v|pGw0h~d~NTcB6m`I~5{N^6;#~p=b_*=ACSZy-K0~I@9_WMqiS%axs9_#Md4ao7=8gOGW!*H&m zAmWg9{=H+(%e2({b6`fdNaYlgrHJHZp1N06B$QLye*pbA^ceMV_SiFjT1=GRWF!=? zSNF~cg5yvj=Go7M73Fb}RDCR!c@_l~o{stirQ1FD%9v`nO)>L1I9Vs!zpyHKAb zh9sYZS`EEmJ(`?_ZN(LK&Wm5Q6@_r#yDVXTtoCQmeg$6K))hOCiGMpe%&~WisBNX1 z`Y=iW^_mC;83}Bwj%T#isaKS);}yOrhTZP~M;XG2iyqHfBv89C*#>rY;G2gHrY9`p zeFyQ;0hNRD_ixIfWVH%3vrSaiei2SG`?g__c1*2A7z-cQGX(#zzVqsE+LQi-?;s;| zzxR0%`K#)Uj;f!I8FGY8*{Ojb+ND)^KaWw&ROSA3x(|^GE1P@jF~mDX&JQUqVt#bl zb<{4Q1cXBf(znpF|Sq?f5wU*U;%nnx&) z!*QPILF398a^F)DA~D=Q0q1i&H|>F|y#)1yJL>61MR)1l#R%{^A6$JACz(VLE40t} zKnd$UYN9xGaIx27`bHk|wW&`eCDh_9yzrr1${grKM-y!C;iH>S zIK9An_98W-F5x;#6=S!~Xc@}U6c=ZcfoBKQ(Ydn`;0^Af?~mva+Lg@~o@0#5qz-!8`V5&UCiI09t7hKu~r0L7W&#+x(S2tKcz99tx3JT@4@IC`3A5|t~04d zP=-IuaUVXiKu}v;RmPe%1yU?iAev(NqV&BqxMhd~bg4 zp8WU}M3Y$pEyma1JTa(

R-Foid&Lfe*!d|A%w053+~K`MK=Pg}O;rP(hMrS+?J8 zB0i_0*MMhAa#wFnTY3n@=Zkj(ZtIhUcNLxQ3y;qOP8o^T&AFi-#y#S!C-y`|@!&hdX8I+UYe_UT>%z!f_OMAbUcU zZ;EU!(;P9p2j9J)Lhlj%bSu~LtHFxLYtBN?{dhq)4P`1O*2KrLA1(6BgC>?tgPb~D zVK`LlzaX3~zd7n~hc9_WUqNI=aE`D1Y$7aNJrB!NQa!kON)&i^3bn?us7_CLEXz30 z>jYHt*mbHmVK~>t>>wQBPlIla;g_zAgUSz5MI%R7nlk=DGSMXO&!4GFhUy1F9c$yk zY3?f=ZAT4ZGQWz_>+OdX-EbVWeh8-zHKqN6Yu?nDN;^(tX%SQheZcv&^Oa6?iRM08u=dHN6BaWiIF2WRM}#}AQIRtkb~nZnc(f<> z<@+T)&rc>hV@!w@%4_M|@c^sL-d4ijlEs4G;?c9FxQtA-A6l?Dn>e*q3S`f3y_j;Q zuq~&lEfA-jx_c6&CNimna&{an9n_D3wR9EuarVD*c}IHtZ0$j*!sSEj`-!1#Fng%I z5IiES&Ro7={TSzG0icgiDV5XgSp$8a-LUmB>XSCL&F9I$p4HXg<4fjG`^i35HVgX| zxkn7a{3dbgI913V&MpZuI!pKXP)oqC^A)=MxDfwdkUz^$>cP6n{j98WP*;Mbp)cv0 zDNNzwRf#M2K%OCm4$3bh_XW*YDG29PL!7Hw9LvK~O~B`$ygg5>5H>|2XF{?_oFGw# zQMdqhOI!Q?|Cww-FodND@9PEu1%Ac={oyUsV*0Ka$W$r&J=Q2Oeb ze$t|V5l|sWBnz++P^4T`wuNTtC+ zb?qRBZYwNfm3s$72l|_(7Nqwt)wF)IJMy6(wLQ>)pFeEmi_o|*_-=0zI#Iga&IB)u zpN0G^c+PB-Vci6E!KNJ*j(vQ9t-J3TBt_TMsn`#n zXU=KFd5F8f$wu^;{%iRNN>+19lxL@Fqh%e*%*7+rLP~k6Z`mMQOmao-)77^>lpPpv zcJ5?f>!rnk#cjlIFwsNya3zW9kA!KB$3FpnuA{;zpCCV;c-H2g6>WFXtoU1Rz?blU z_|?)xywt=ux^bw9EmNe?fDtyX8&0SYPX6V!(ODI>kR8CR;ql0O7fMI9qPB*@uI@=C zC35LX0f^c=@-edfI8Rr9&C~fZx+ukD6$2fHb2AO`y&N8nXFc}{>$U;$UelFTmQtH= z4SCVJ+0P29Y}Z9=BEhSX;vVKkS(oesNvtY2l|U(C`{(d|!OM@xgVc3P06xvM7YbKT}YL9MS!v2&VNykyD^Xb7U%${3&>(IEg zS`4k2Kh@szP63e~jSHoDBi%<4t5Ojv3vC3R#=;;v@M&MFO6fV}tW}#}d77%Uo_|+7 z84O2|5y6*`ZKjvEdONFG0O}nS+_(a*Q)SO4qk_e(FbH>@G7edRzkK6<0sZu$Llni} z&Gv^aBVPG)DKH#iH^hC~P~RT!5cW!Y79B(i)qQ*N^7b)AJ(2_1P6lw)<^-RDSIFsm z6$1L+=A}_OCEvmhQ}TUdh?jy~hqAW2(72Fllw;sUnaut*C$VVJ-h0BxqL`bsp47B z>gk#3dAfU+{mKrOeX|r(`CtCixE7!uTmFMp3<@6hPlmMI#WuCx>T&kVS2$wWyw5m; z?=aJ-{&I#b0!qAr(=BtnlmrT=5)))}`AVa z)LOS=+1qwr@i8)c>ANv8vG-W;S9Sl^2E++{Am%EGij0GxRWF$#3{C>szCPf5q2uCc zj!L(XpLSgl;@nnDcqsPT4~@(?p5F^GQQAc9o%KFn3!pf9R9z}284@k#C;mlCLu1Zi ziCh5Al^kn^Ty%;g**z{SP;I)9<0~il|Ba8_GmacYNg4i3wNEn=prC`)hLe_|mCzOz}e!LP=ZLhfcvi++(dPtc}n0ng5QLmB#ur&g~fbDd#|7B={+? zzrUB#b5D8~h+BnwPy|cv)z4 z@|IlP%>3X40d&~d{CtR_{m4ylI71|9C(N`cVsol0i(L1o9Wu*Bvzo@k(!W*^UF@^0_XT5%d6mR)_v7$CHsv7_VKm zrQl?zr=j*zAO7!qWs$#(yPn5jAd_44iT5mUK0S@lL92pf-E|=cnXn%nU8|e{=Tlqb zQ%#@ET~%4?$Px++E1JzvB=%Q)>W@jE-|Op_grpOWC#p1He(58jZ>dN>3H@ZT?%+*n z&r9KuhXc^xJFviy^J0bKGgPslS(o#L`MlOi8c|;2v43$Ua)G+9$@Uw_4XgJ+2DVH= z{)YCvr{4ysvMm|>LzG*L?bd@`X_i>SP1!d4N`Dp@u91D_qxk8UEg2-wQ@AydaaF(4 zkSurA;#|?kkweT(g)vG5ZtvPGi)|j;=~soCCFU+21yQ2_> zkcBxP=uc7NK6YK}ZyLZm;D(VBT#eb(c*#3t^u-#U-ntMub*F>AGRB@Dzsk#ixPH4m z^O@Dq;gEJnBsb>-%lu>j`NUU~_dpfEEJ#B#$G~wx+z8m&x*GF>`zdn$ScMCv)CZo@ z<6GW;>N9^pW|_?eR9JkSk3!+>aJu<1 zr|KIhLe*@rn+53DNvr9Ycv5Y@jSc0je}h7)x8PA;;qXAd<&jw!`)_@nDL-aKWp19whj8@)?H)-ul;ca!%bGkjZg^bIIXU z&*UJ%`!+wRw9yRJ1C0Sxl}XFCJ?17*VHGQ|{3%N*vIN6feZ@!lpL;m-;2F5ur0p`y zfq6=*(rpSZx0T6$i0_ibq=QZ;8afa3Mg9R#x~_-f6lXvkebYKQ-v+MnO0NTbWORDw zGZdC)RCY2>i3xN>)f^23&vH1^^9O5B!;`E>W(5ladZzZOy_H;z($Eq^u-ch7Q|}U2Fr?6InX2dQ}Gxu z1nGQ?f0Sd3;Mw;I$4r9r#XjmIMM~yTnO8t1ltLWAypOpVk2rMuk{b^flmB~Mp!<$C z{a3CcMNu1}AM0+BreX;h%ERm{9JjW}XPn`c%~W{!0m^ki=f|=50*NQ=xsR0}Ox6fO zt(&3^2KKMd1l1_4$5ROHr4Zxo4#ojdH#)EOK~Q4u%RRRc%|dm;>pBEF-vCSagIT2E zq$|XFd*{A`judAasH_2^D?h##?n5chx#5kEw_i={1u*3lU-2pAg?{EU9_$acgDV{c z2h?xm3{IuyADJ)!$!;Y{>=mL=JU$E{&Qwtw)-ahsDRpM%7Ld&MU>W`UdcGHxzSQMP zSLf!cV&ho*I0NYyYVWd(ksR`+s)f88yJ_qXX;VEzE>Zg1R+WlQJ)iy)Wgo=Od5@`Eomg zI$21(3b78fgejm--gpST(w{+f5ifm+*@g(wPOEh$hOWRlWv`uS|6@(10iyar)yBwK zym=Ebpd0u2Vd%vQGnohq86I!6;pgfxyvkdFnhajfO%X94yrW@!P?w+Yvog}38uof5Fa{7!bEJtVBk&8Ot2gN#Q0z`&LP-0s1n&3pVu1AgBLqzRxGfzlY#2jH-HmAejZ&Z+s|wk4L4`(nM`zlW~(DWKg{)c z$hob3FK2T}w)d$u-Ila{`4vtp=;gdawOr;+{f$9W2n*0Rlmsbby6@X%imzI3une9A zL#Kf#twcwlH7(}!eXptvt<{{jkr%V%>+x!J4|smBsjZ`uc62`afgm7%`ta=*Q-FPP zL1CLg3+w9b8Hxx{w`2X~BqrdOAqxY?#?#av*h-%uqvBV5I{aVGasT2_11B~i>LvKS zy1t`AYiRb?m;^e8nYaj`zE_#kmR{TXOAmKfUSW|RvH*8~+bf*T#KC7i;5CjPR;MzO zyWRu&Wluks#x(go75T#wlOCazE?(IIAUk_`nuOb!De6gt=Ep3X=qA^s`S%r07w?M> zdDbGmsU-|)iUtiRpw<3DXu*3Tcz-@eSydYRq)~l;1JqgFwVVY{a}ett*wA}51g&8Z zwlclOY1Mt^6SRtmfSpH=-FXA#E3e1U@Ut&1SDeUs$)pfyjqqf1fU4HxtB^S4^Gd9? znKp!lx%^Ne!dG!Ps9V188Rs0S@##^@d&cSRL;p(vJ&pN;5y(5dpK<%E>OrPtnCm5f zXplqF_EQy@7b7ao@s#gG%v*CPVo<(MkESfY=F=zkQYTZVS`ZOJVw%#!mPHUh(OhE_&t@|2Do)OX8{Q zR{*f`MM`^x$3&>)LrHi08)9ljpg5NS)kO}=c{->F5DBgNMjhF<#XWeJugEYfiBW1P#>jpeu$loV(!aI0rhTB>2_+gC%V1CVdW@p`=42UA4 z+G86nSP90{?>^VP{~K=%;lJpIg<&ZbK@t>QBfv>C42hmqrnsv0f+=`-;f@RaID2n4k={_%@j4t`!F<7CWUaaQNC$Fh4HoRW;5@52-dZ*6IJHN{Nm-q{ff^of{156 zQ*&(kCg-BWa05VR6^_;}8a!wBvD7`OMfm~mbhcv~;0@_hM+B?M$RFTuKQ3v&lRXX_ zKKFP3Yv-}hm-o8-hDOf)#<;nJ78v*bpIUoM?1Wew6Z{Yn(24&)@3qfzF`RS?*$h zbyYC4!TVYYOFwp4;eARe6Y;s>tGoG&1f_ zYzuKICRo~A=Y6E&6!NzQ-QoR3Uct<6rNjncSuJ2VLLa4B~U*)Yp ztFCd+IEpzcSbq?;AwyvS{l}_@961SHQrQ(>++yrLkd{x=8!S`$L98auX!NsEYR)84 z)rORTXwU2O;OgfW-R9`)AT_Eq#YL_vpomz$2i2bYJ8iY7@YC#F*TFd@12~d=ItnnS zi;eMdYAP!*m!UdQXs_}zpw-Nmbya<=vWilTPFx+h5vSP!MrzLs-1=|j?9Qz-vKmqt z1E9~BjL5ra^9=4Npn(5|1MB_T8Ek_3%FgS=FZbKr350a2>}xz;G6TA?6Xv<8H9S^X zZO|d+tS3yZ84V{;rH%gECOw~{hgoch(+XDOyHk8?`74|agO@s)=F}Kd^hBxtKU+Yj zvXFZMP6=FKwaf)LlbH7ZMUJ@YN}#?D^E1f5{w`CndQ)tX-j@ zw&;l@?)@t7AP5EdQun?fGb~NRG)oO549p}!J8iX(bpfH>@Dv2A(C4{z+dy}s*>{Of zo)dMDE*hO~GEEKZqj|9Zf8I-w6cy^3Pe9MQo6=0=`QkZnAIR#QrTyh2!njvH&99zK z2FCeoC_op@S@}KDZy5uP^A{gwlqJ9~!{wDeCPc!T^o-L#*FYz4F9zMH57fPf)C+;S z!li#*3v-v55%e*5>$(6cL)Ns$ltF>7%xSCMa?Hol*$;8wT%;88kA3KK|#ugh)|f zpK+`O&fP=U2fi2pnYYA4YUhe+RNl1lz$rGIxousmvkTy!$@f9%i2O|%Qu~x~=W^kR zo@yem^aLT&f9fF_@Qc9l+l-@un<+Cz-E4%-ZSZRvapemE*II*YX6mNN#< z1)0m6oFFiq-*)q>))na14vgR;ORsT!Ui$U8WP4)Y%|h)D0DZnxm6jc3^f}pY%o2tj zr`0SrE}Vh;91IT=XJrs4C|L1p*b&m0%GCGspZos)Ykd|XjeOBpyAG{em#k4+RM7!H zY~`}Oz3ds{OO!(&d_r=aA4$CivRT7*>p5)05{-W#w=HMW91K&&9A4v;zr=@)R=~Y4 z7ZYIdOTft{MJ)^Yb|4{_?kPTZ-e)s0J_yr;^`Y;A;* z@ksnevQw)2^|+Hwz3A#T=1IKQyUm6KKY%)ix(}VRcb=m&?Y4BRId*CZ5n|~;R}Ys4 zE9b1np3}syp&Hf(*_hgZSMjqD+5SsBFSv*o;~Ujo-@zuZ391F6tCXr^+6k{b;$62;h~9d*w)1v~S9}(mU-I3E zJCxSC(5~l7)xdn;`whQb_HDf5O|ZP0xNo*51R6eYYVF-eT2C$dIT4>ifBX0gh1t99 zl`bK4;Nbbp2g?~1KKETGZGs}8uhvhE&D{uFD)_Z{&dFDVTP$`l0;loGgw|o$AG!=N zKi#)!wLS^fSfBofj|ljum%e_p3-zlGE~77t2K5tqEiFr7tT1)!vrpvv?)^h{#HM#uXc{=6%LY*?K4gU`7sh=d)>?`0nn!zo>v|} zMDXkU)=U}_u6Fb`Z5Y@^VkIWD&|Mdj+4v$+?z_o~wMvJ!LeyU7>3e7h-o$TC&~IVk zA)z2KAR!*VJ(~Xon|v7(aW&+LFg8M$q>b94D0VOxX$53xV}?=6k`2Kir0!y1b#h=YOuPc3fn z|7jT1f06(5tpDLl{2x5yKiL01?SJ?Tihy)*YRi2gkuT4Z1)gQ4Q6={JW8h8>`i^EVUjz4YGPAYTcQp9-v*4D-?vCcB zHs&^_jQ{zS!Nu5tnSqJH$?Zjr&2#_Nty!aI@p&4kf;xO+b(OeNJ6JcYOQ&LFh9db1 zb7$C9zQg)&bf*6=(s74&iFOXSoQnmTaPh}MYr;xl*GG3~ zU##Y8A##TlQM#hX@*4EBW9*oa6qW@=<=vkPUSm~KK{?}+N2m0T%wC!@T z1G3qzUtsbZmCkL}0R6W$74MBc|H{w-N@Rq*E%-TF8qlcM2*@Tr=4KNqaEF2=KtLl4 zi2GmnP~mJr8SQL=gPR3GKB;qIPMFG&v`X5Ztok>eDh-+K|BCobN+C;~R!NE`WleR9 z(Z&lu0v4i45<%Fge8(8nfOyi}RAdVoqBW(?Y*-@bE>H-ngtx_e0IN(wR8y-p{hM(| zW-`DT8*jnsQ>lz2D`1Uz;{705sV3>QqnI}_v=SjdV?E|@6SHC^YBKg8W_B{r(=|324^J2~Baw%~PI z7D2#dy3Hb+<+?ZLW*A#qym@nvo7CC;Xt+4%YPQpM&4qv}^IyF7b%Pbaa+>8JHWwX}|<$7D@U4La$Ki6s=wByT_2o{Bn8M6vj~Rt7tlkFDdd=PV`~+0ShB& z)F!{tuqQN6YkAn3P5(YR^&xgxxzUjQ!`WsAzJh6JtUPmc5CS79zTeiOQ(f>I zC`5mrwLyrlcOCT1l!S6E+)V4OFhf6lv_BJT4PE_*oiG^KOKGH$i5=KI^t`##TgXS= zM5u}wYnzb@G;di!g^FWP5v;G?Z1f*utNg}f3_W;U{v|D?L>^WrcVq!lO-P@pR`pm zKIu$!gV}5jV8cwFh048`2(WlJ#OdFvF`9zQ5_V6P6

h8S5mH@)J}BtB#=$XQvGI zd&$yrn@MEAg6Ju7y8$;tSRzLk1|zv2Kbr&sf3L-?t+T}EMBtdsVj~1qIKRy)d*_#)3|BNge3(7OQ8p}8y>#$b)dIiWQPq{;?;yPb0 zHbLZuF)UTCr=W?6`3{}OT7HVTDaNpSzF;|L2C;C1fqrUso_87NH*kpuId41G?xck$ za_U_!xky2TM;KJ6#N(~F(smPdP80l0?EN<{M&B*Qaim1zLfq9?julmZ`r9 zrNf~|IC8VMA3ZoVFE)Kwea(*jCARsO9TpETvQ_sngGaY!-)59N(YQ%*Y17r}b>*Q( zzCU&_4uc(!(GF562eNuaG#Qd za2`%AuP*xhyCuKC_Hjb6SV9-HFihaGAh}aZ;=K7|#ta&QqR@PB-R1V%$8~$G|yAt3wfa5jx3*^^k%OY4a#;FCY>};2wy1^rzp@ zpjf*j^kDS}aU5joX`BeDe1*YUuvulkEhEX}&i9NveM6CGEb$Wr!vWXL75^W0Ah)ix zXLiL;ur*>A#Po_GP+*mRS*~)C443VdFmaP|F81)!XFgHiEILJn7=mLUZ-dPos8FZE<4KCbxG^FP=oR05WvbHvW1q~wrc$~GZJ%_3^THqiN{kEHTuLZ6i`WHZ)-L? z#O>|2OIxE^L1No*ty=oU17!9wmaP$V5=)p|0#~%SG2z|p_2=#tyDt8hS^Dbi&gcA{*nj-OZ4oFZ&se!jMLxe6Bx>8S9>E!T6az34urQ_J&E;mr9WExBkLf z^+#nRb?Jz@gwe4)LCB@+BIs!oyM@}8>xJGB2=&1qL(g73~; z9Vs$yG-`}S=m*Rp`=F<9>b%NBcwxs29du&i%><#wmJh}xmeL!}u!UfWE&PN7`@Ry> zE5ZS%RHAzkagf@3kG!nxmSd;FZ66gszxS9F;=S@|w_1Vx8Ix<=bmMBUHKN&2^W!=# z0Cnqay)N9J>`#0oWxLi}zyKRO8`obuJ25<3|pvg)JvTsU@xFD&5Z~Q)E zCJ+gJ>!;Sgn$3Zr9jnG>yb0bK+^LSx333T4U}4kM_@34yj^{V9&_vKf!8H633J(4f z1a&-bRsnuN=ssY;4-S~&b9kfg0K=vQ^ru=*XT(K$*F2T=x02l`#&dj={1ILi zk&R_kPZb;-97_lG$qG9;b)>tkjWVa9ez&B(O{}i_cY`;}AQ;X!(^zq-(U}t0wBg{k z>05fO-|Js4gF5cfT-7m8I-5M^S_fEeF<7cGXxqy;^+!M&t~ai_ZU%S0^U}8$6U2wX zZs3cD#7b3);cx9xh@r&eau>Q1Ow;J4z54Suw`DyYpgaoR$@>{3`=yL5UscF1rqGj7 z-YNO&bu@Z=Y|94@opIZ6IZZRV+^fKU*O&VH(>!}Jc|$uak~MibLg?#JQAA!ccaU_M zoKwMi*Aj&0b`V~jPgMG`U9tenPRX|_xghMQ>iNwR4^+NKN^|L|9;^FP2@L>*eqV*?mVCg>@>7_Qze7`xh^D-WqUDABd z8zKYqsoZIg(a>hbSpuSxfy{w2Z!zE1UCoE_TEe#ow^U{+K2$`dM=6($$PXoo1Fo1A zW4bM=b<{_l+GJ$!-#5||k8TyG53x?6+Gv^uh;yBSmkFYqPU=dmcnf!zo+G^N^*&u9 zt)d#g22ZQnZ}#-y&~h)_=bm1v`RUrF5y72jG57hyh0w=$)Pt$(hZ)wsXOez|Im-$ZiBa|%8LY@@3kE+B;;`5WCf_?u;%++vjstawu z+BESNqJvZHBPg7sW0rogU_+@pf1PN+rqypm_xdAia3R$$_FUK2+OTu7XgB+%_9k=fFLzP;`9Q*3*hgYynMC>|PulJ~;ZMG=auHIM?CG z5VvNCypVa6O6atpTu6qeLVIE`vA^r37nrDo(|`Sh@&3v!@E8n&*yKaHz%W$7@zOHa z7V10Gklq-}d zjIV+4D0x5Lou7n$tt^FQl4x+~vw8k2(iK2~o_O{i5DdmU(3|}ukzv>;4S`_b{wGRE z<(9KyV{t>tD5E~Y2Ra6^reGB$Vs4YoyPF!HBL=j*Z$sElu6MsVO(bTCH6e{uzaSti z|IO?jpZ(a(r3K}%wBGMkO0Y6XC@ejfBeEOSPUKJAnLbZU^fU!oU0E*Isr4@(;*HRJ)wjJDlp0A$4=l znFQNrm8-t|-s^M_7uom+(Xh&34j4Rrupi0#(XwU}<@)}sc!}SgItvg|-=CaVQ^Fm; zk*RHxva6__1c`-$gI=PNe^jLO|5Fv|=VArjFC3)??0wiLwM{q@YE02wuXY3vWRb4{ zEE(*F)1g8R50wHbQn9{D%TnJZ%+^=0P;OUI`^qW17l{w2E#x0*-W#s`rJttX4>ok| zvNG3fQ^M>375Q;AQFmV4WtXoDjMfdHTuqW94;JH%l|-{DCG0F__;^;vAUc_?6j|mE zY7U?*%h2vdLJc4bpPKa&wsmNrxP!E3SAwq+divc>S8ML?bnc~aE#ZxJ)rhZzTxr-B zPCnGMt=WWFqe?WN#H5(g|Ded(Lla+p9PDB(bLeDw$`B)}_=FhAADc&cxnno`Mtr9f zrVKo=;LhN9AGymJ;mXsMKdt(rRTd_?P~LPxrgoimD-_)D#f1NeW3B%e)u`Jqw;SBj z-a1{Ea9~A#L`ck1_u*MJ>V8o~`yL31>R4wWo& zXMCPy=AGFIHh$9Q-4%UMtxn`x#%`}L;rq~YBW8@9mscUJs!BBJ#Nr_fwblahq0#Az z5oNQZrg=~D3_fodDzh^$Em?U58BR5mJ;_THl6S=TCq3;4k7z9^t6Z?oBEo_ zFc9?{TadeQQu5)!a{kHWhOMa22sff5-7oezDt|@M$;0$KA1n$aUQLe+e}W83XHXy?Ilw*@MEERU}Y z6wm4ye1JGdGS29p)zNx?bNH#N4E@W#^Fx(7OU@QZ8%yvoS(5yzw$%}ZwP34hqVVS)B$&f{8@op>@IQp= z#fzjLEv7vJsKia2DAv`D9SrmA!fCuIX)tUIzS3A*!WSjKA?z^db-RQMt2q`O=C+L) zCM89T4nDE|*zPcY`zA8R%#DAF5xbKn4-^XVzoJ8--|t?+@7xfEHa8JliZOU(u$J;v z5D%Yf=G%gt>$etfE*lpUoR^2Fc5&M@b7R3pv_lYY6Lxy5Yt9X|-M1T#MZ#nX<#1X# zFUsaRo>b*@N40y&-)@P}L&9ZL9sA^~o=!jb{wNL~(+C|h^xs+VS^U_XG`#@>O{^gU zb49U)kQ6mO$kkaVnD@aW^FkJ}BFhdwQdip82mPs#q@o%~ar{BW(4D^RtuYg6-toEf+J9pvTv}hI`~x*f zoG;^3F#UYQwK03UGJcE_;sQb)xZ=H1HcRgCPb0hU5DUaYo#>uD}f{BX+HQ#IZSR|`? z-oTMBui}FR$j?~fkip_%OJa;iH?~FEcbtnL9$`=#q(bUDKTeLK*y)A#e%Z_E{OZnc zHyeXG+JufONKT(=KYK5wC6pVAWpn>yc4Hu?YMpso7^mbB5i}19vZASRMCPk^ocdh+ z{;-pZ!IsyvkVSg>+GT$zBj^@lJL;sn#W6MC-pmc6I9$wfMpYSKDJ9DWI#~JAV%mC; zm{#0dLW$EYo9#!>paB9|{^HsBjWPF`S4@ngDxK_GUpFF`k7VzpzD?q!jHl?pZjT)j ztF-VHy$RN=BPr&Cu54cXc3-lcmNB`00+-Ge&5P)gXs|@iVMP*EX`&>scUUvPr#ulV z=a`IbinIPDZ_22R zFKMz^-}~H(oBqaG>&h(r2vJ$ndf($?e}J{drGowOom8Yhx8i;TvG3#}ZH{fPkl*TV zqeJreQfK4P9>rh;*s0)=S6J4Ji0(SI3lnbDN{6l;u99X;R(qI?WGKx}=P^M8e44dFUNI^F+empFd!ryrcpb+D zob&Xa_0|aH`!Ek5**$jx&~mPVhLBCrH>r>DiJE&MJANkrDGfvh9ni@Z-S(5iAO$4C zEAm(V##<%0^ObwZ=wzxsyGJI{RxpQjtM3&GGFX~{<(XkBwQ~Cnx0@E|ojO{$9-~NH z?#A|;1sBt3sSN%aZZ7w|Xhag0FVUKV(Z~z}`t@`N1rls)H=_hHiR}JDWPjFzQ|eA9 zCseQhpr!I`Vt)(=AGxFt?u(BalV7sVK{F+YW!`KL*TWcQ+(EN2(IH1^jHX<;t(Blv zYRudZdL*=jGEDh!AYe|ut5w}CznA%AY}ntEvYUSu*2sKY7oj$`xu}oV?hAO|)Xd-R zX{^a*vuW;YQv+YdTgx8Eb$7!@(w240`OSp=`U_bW+>~@&8!Z+4i}s=Q=_Z8vAIztN z^_LbT6EIkMjO3(t7b5dQlCZVmMI+vigvibEo~M{u*G5reI41#udus2M1`qdn3yKcB zJ}+MBb9l36e1%~VJd0WQMLo&2xfF}T*VMCv;1xl#Z9-p)EOmvkCZkp!VVRTwA|c+6 za5@AHY(y?)qdOohBbjgUdX3;)d_1)#P3w^fS#zMG!`N;{q-|<9W~&&A9xS&cl4?`2 zf&iEIjc>US?~Xb5;VRsWRf}LPSFaw{bjwi_k+vR%WWHSy>^dJqMx4KV~P4EK*&F1a*h=ltTV(i;j%S1 z!Tf97UhVuTqOY4;bOL?#LDL)p#1&jYv{kb%)eeDMeyE~AaWK>&bB{?X2^ad)hL?%^ z{`AkjZ4oX7(s-8%`6$U5DyiT5$6EuqBT{5X+KG+)Rx{EWgq+`&m&nwvh~Cc{*lcKh zHm`~Zwu}{f83$b)$KkhGOB0oW39c zStiLimGc<8_DrU3(*xVocOwm56v)9-A$;NNB%NVeENW)y49XvLC4zXAG+FeEGXHOOcALv?kq$D0* z@6HAbs~$uRg}wHN9sS6BP-YQ6BcVw|wbVq0Jk~V_jog0rK#*dl)QUKD$R!W7>{> zRw56WE7Ajwm`nA$!QH%(!*2>wE+fHqf9!h=W)WG;x1bz|!$Rf|Y^U*@J(bMxXp9Oo z=OO$%GXu)uQL(&M9QmuQe6`ITh)vrqLqn7vl&v?0yrGM!CDTZvTyIE+g>x!ZPkxZm zxgteySSczl8OtYlDBRbk?nR%THI{>WpmZ+_ZpTE4D&mCG_1s`l_Sz_k?&jOGUzMcb zO?p809fOPZp0V~*nM?M;4Za&>NaJ7Tpv96L2vH{@RQ#o*^6|UCX*YQpD-RaBuB2Mi zhD^PmdRyktw~y3ALAfD_np#&{Bt>oO279p3mW(t9yO+QRp(@o_p@@^RYw&+q*(?OUp8k)0#<*t)9i0uFg6-PqI6DQ!oo&H_?``oie7g!fxqw= zwwjk4#eY;t7aDve-dcrq1lf15kxa#Q1eb235J}_^`|XA}p+uw&@YRAG z|I9(pku+;QCcX7~DYYPUuc(W3oRXKU{xc`{K!fU2mf==6j>M0@<~Sa4cUFyjb}pb8 zjr`Z{VZ1y0>>hpCF3DA?q%=FCNRQ+NvvNx?26XRJT89&&y!=17GF__wIXaKqKlpOW zkHNT@xC7~H8djmBC5O2oXA|*cI#mG93vWEsr_hQAwM9rMiWPj+%ZC3B@0}k_pA;Hr z;qEV5T?)05cGZn^xhvIUtoOO?%ZIgciteNYHBxvQeuL?6snY_)TXeA%&^h}Abe-&JKs=w6k@9(Y7lkO64xoThkT@&(YaxUK~uq0ke!MjtTZ&_K!GY#Bw;A} zU|moCHG+Wc7E9MpcB7|0G`ONx6vG%nbxG(X(7xWLQwDn6riJ%!q6(9i^r){vCF8I! zTrnN(CfyhWxk24OgFaMlBTfyR3)Z|@7y|TI2{5`CLK&L;lwUU8uI)RBJ z4Tl_NNJMW2-%>1f03}jMfEHccT4!A6gXi*^If4+K5NI7Ts`yAz9)c$V^2uy>feM|t znER}de=NhDv!b+b@ow+;n}`MEN7K3zi8whuM4G9**1vUDAIzAONfCxfKfYn%7rol% zLr`VI6c%k)b#rwqC^_6D&{Ra%ByelA=^;>fBbZHSH+s%T^N@%5h43L~MlOL4xC#?K z@H%NWX{yxfkC|=!YD^4#I2QfQddXBEev(3gMe$#`(5bzlbk)W4f-#^;y~RWIZ72bl}%D)Ib_xetY5Ug&3?VAAef#5e18 z;W?q+=znVNVhx>@9&l#&r`Rj*t_;8C_Y|SzsPP(j8sRLsy-sU}!f32^7G}W}NMNZo zLtov;p>5w2+On4%twd1GI71LM2(L+44uji1I5kH5$35VlYY=4ATVF0Mu}zVeTCY+T*6FYX#rbYRV#D{ad)qO0DMERf?+k#(znQv2?8pSN zB+>dGT-mi>CG?+>1z5dxi- zIh-vk3T+W5H3G(iXRaKsaSH8i&oMH%=X>#|#`rFR(8PptG*If&zJK$yxR(Jd^!uk7 z1Z{mWBvP$@(3tN;ALGexSOTTdW25l>3O)S#Cbm@lDap*eJ%mQS+?%YsobQqwoa}f} zxm|Qn@=j;01(76oS)5`zFcBkXDwNV2Q?)``E1$vf@;bw9O{N`T5<_v6i}w7rSDUJ)$W+TbA6X1FZ560#rMZ z?p}MRP7~ZlUOPY39f3e4q7aYY>P&x;vmd?**XtY{XAgO9qcX&JMC1F}!|0k@mB|+H zX3?H-dGVK8&2Q{NHpFPd5;Gs8;wZ2dkcMd4!6O%|p=I$9OnSlTPL?S%LTYQt?BoY* ziMXUBg5<*>i5+!REwHM(+P5_s%0km|`G_XjM_vv4-5uf~Xg=b;3w+v(X`lK!?J2ZWI-U ze=Z9v`Zd#kXP=7V($%`E(FnjQ)(U;OLtS4ZL~NN!R1a`Co3m9P=< z`NrX@2;l%EO{27lvqF7R3$e4l=KUtug2J;fcJPkdf%il7OBVhIDWuGcC`SZ`??(60 z{qL0XC<$wj+ZLT&VB{|s{$51FZDwi=nr_br$EVSg8emm)ps(;)a7~@P**wH5pb&nN zWk&@w!C~o&H*@ECqprK$X+mQ3T~{ZTZ~Te-n8?ab5Nfx$)LP1ZwpGfOjE>0naqs=bvGiGZp&Bg(^IZ9`!In^UhXj-l_W zFy1^=J5j&iJcH;s9FsAaNe?tK{g>MPq2t>KltxvDy33EBiZb9Ct}|wlAaPvl17@u& zZUwl1Hp={xix7E>V)<27`mSD?aTHa}>a9tI?6BTH?g9V2xkz0Ph&{W932byg3!5pZ zybtM-d2<*qx9lN~H4tvXDF0L>>B|bPrD&RsIY)}R4w@+3S6>VTedvyA{zSPgkEE@v=Ouqj?+RH`}olxgGkip>V3|Cp{H(l z^_`A)qx9FCde-3fI$-{u%Q*C*`R4C5;y;mTNNw%3^-jvkot7wxsSV8f!{pk$Ul1?f z+0gy)*8r-;$fVMrfx7Va^fo99kTcT$v`-M4W>|cLwOMQFT4WGSe6ChFh;Q8!OQS2X z#nfR>E%H9LYcH`%iIfvMNs(Qhd;u?3(`S@gax}@*%g1KUjSe63Jb1&k;JBVpn{qoY zl4G!A#<`B4mPY$i3ep5(-|#5CBJ|MW;AiCby9ZI_rKeub3XdM1h~_{A@wQdh8g5tr zXZQH8Y9mmS@k`}596EN_TVan-!cRy~W^JZ|!o58%g$$;;9m{FaN5o`h4o*d#wsIez zxCp8&9mlwvs3nBpKaYVAZuTs|qlJu_gf`Ysu`kR-bbCE~@(XQEA4Wc`1Ft;Q3lLFQ zYnnsplxd@F+OlZ1-N5VW*^dIj%-|<*A7X*mShRM69cZzS?FYh+4&o*}D1|VIG4k$u zDi4Ph)&&dXcGG<8kIfh$Js+_k0az7T#girS|x(DP?RV(xJ6SgGjCo= z%~~9mM}dl&R_(Fho*m9HxF- zXWg|qyRx<3*~zgAdDdGTmpBqf92cqpDVKuTYuDf}gaJc;W>Z?);hEOUXXAw?Z|J8T zJarYUc@rb+uDCjz?hH04)Gg(##USoserFR4&-m*~jL8*HTZx~4zN|15MFKn31ly_h zfy;$=`k?#GD$}6A%kRGW{h(DOZC$n_Pqt;fguhZ$BHE+tubyH0LkZdJP1M`J#qMSI z+MSJs_@1_QtVkuI{|{AX;ZVi%{rxMQ64KI0iG9WzDpJx7 zO1G2>NJ)v5&+L6Ze%;?6z>BkcXJ<~$`#68AO?|&Pm4NcUvad8#^ZNfO``WoUx+DAf zZM*_JeB8PJ>y3hTn5+QpsS&;_&lpt*5pS;FT<{|gPG;Qxif=()=d&+Y+#|K;%U=A8 z;=Oz2)5=iE6PlLJxQShlyJoek*YtkT+oSccCQ>av9z!j~wN@;C6EP}iG5D*40{3m) zZzA{k?(g5wH-wc+XB`K>R|McWF)~Qdv=Jcad)qSaR_*5aI=Qake5ap`%n0PnF~s_2 zN4`)j6O)LAOHRI{Z@HCr%QKth-31$OGFKswVAUMtihI zlF4!E$&I^mf494#vb!vGBgNT&?Haqu#FwkLmY$S#&_|i-t4>U$C15(IIO!p7Psx)> zKZ|RmAdEV18kepapp^@X7qi1+B)r)mw)!TgN2ZjTMR6w1crdf-;N4!1CCax4b*C8H zS{`c@_&6qVb@@%Q66Mv-b+^Ux76!a3$m$r>+`X&<=%rj-tla3uTwSg12upf<+1PXW z+E}?lw@)PE<p2VaQP=r8Xk|B)<~w$*?|@XdTk9t+g(3?-J>CBC@Eu^28OdKi)B0 z;%|)=6k40j2ErPqPxw?23Ovuy&WcL!iQj2@bdst34ZH1IKtGZ`2Qm?{+?X zin)gW9+53YOCiX^i#a9P)$7fS5-{!j5L~F&+3NR{3tS|4WE4{`^sD)`!GUlq!2CA= z?(Pj7qyWp`L7#Ibh@4*zQYKG74KQCD`9l0hD{H4qsT(vRN_J`0+A>wjV?V zY~cR%?AuSv*}?g_esprbF_t*6Kfm_^>fa6MkFxxg9=%9?^7CYwXzw{zdJT-DJU|a| za`6nq0|FYzkMFx?{1cIi!fcDeLagqbZ~zV+>KWt7qWUJ z7o~cfAY11rJR3demjvVJH>*PSMBDJcXZUEB;|X+#pX7U`%!eN>`atF0rbIT#(rsg@~(I28u=G$!lr4RKB2YLTD8W0jMqw&}@| zRwN~lh2GQCgS(e+=dACdiQaT@V@#(%rsMbeqAAb|<8*y`0dWdv=|1Q7%rm8x0d>$? z`2{?_-vyroq^zhN3L~ESzC=fqbX@&Dt<-@bs#$6BV)QC=7PH$3HH`Da=Q_k0-li*9 zsefNt`ySjkwW?fJQx#d$xlW;~eaxZx zB8NR{6zjwL)Z_xU2lCWAdPt8UwbH*FqpQe`(CLLS>yp$Q?m!$PREEbK&V+ z-ZSfW8yUhti+R!e9!yFoufjFYryd&WW z7gx;#OYFWV?6juAPHZoAa5p}M!mS4p{g_5=C_E@^mNPcnKlmT#E}=eB6>akLbRmoT z?w=x3pl?w-74b0Jn<=eUpr*0rY20po&N9#rKzSV3ZiGL>|8P-khcxn2`VT@u7>7tO zAF}7jndM1^aFI6)m@AUJy2Vs^b~agl@!%e*)}HwX98^J|UDA3n@lIWs@p^Zd1aE_j zmQ$=8q?+>I`?*W}m>1%Vi@ib5y6oq()&x@woK;zPoyBMnxX(YQFc)Ct7taZT-@Wnk zE!U!@KC1C6d$%;w=){Py;Lml9Y7F9hqCDD7V|@|d)eLk^(hFXlRLVSKbXj-YC=v)# zx!tM=REZ)aobPdY+k_8DhaMi@>2IRuN`u*R%@VnOUT)p`OqC`0{Vuqto~~1e8!7E+ zL5S;e!Fe+e?eb-m1-JztCv?RicHGMS!rZXSWpLa8#j#&cLLA3z3l*tzC%yCm(0`2s> z+Jd3b?f$NAqL~n#v3jS!JzqJfMzKJL{#PR*qKk|Xwj47Wv5w%iNmjwZ-ru==+ zd`q7pP7_~VPTjVqEyZ<2$zY&$Xu8L4e`mFViA(mlXxV}SP}i?44P_p_ewdM}bg95o zqnLY*FF^yw;g3S93Edm5pjojwAFl^0qqoFgtKRA7DO=><<{5b`ke7H`<|`Hdy=QQZCe@qswEF-`pE13_PwmG$X4?2ky=a&79hJ;>IbuD zg9>?m**^XFbbsVZr79UX2eodSa6Vs(g$&>x|1^B+%ge5 zeFF5tZ_oF1+j2@uZLCRUEgE#T9je_sI`hTs$QT%w%7Kg*$X$3MpuXFdtfa;#Sbd&A950jI zc3Tc&nrNWYV>n4a_x9d58oguvDaA07hhKEw0dH8i=F{tf2a7(Bd@r@@oy*L~oz!9H zj`TF^Lx^Kqrn#v7PBBzY7O2z;D&iT`#y))ZLPVuwbk~HhbDPygOnO=o>CdNs!%4Dm4JU1<17Eh;fbOBg(^LE;zAIjfo%9zz zA7{a|8cqQM?BKEjhf$Je9K9#*Ck^lhW1771rFIa0OXB~LVJwcs4FREX0zM2P!(25qF_E6}Txj$@_6*CE{h;U)Z) zLb}tI%E<~*vY7io$%m-jU`O|R9)0=26+RQEFK~_)QhhEh$@Mfz>6rvBBlu-HNt%wS z>m#lfn`8!RQYd{p?cuD&mN8~$J>r%-oSJ+`aE?(MWY3SR+0gab5mOdV zM9Jt{*U&_prC!{pn^#>#8Ln2oC0+-sp-8=urh77x)A+NI<)8;jnyG&@oMUnu;xL${ z#uM;7ozwx-(lhdY?PpIue)!GQQp|a@uY6tm<7>zFGtV`MwhnI{UVi? zP3dI!KVtHaVfM^kc?;Q7-JV-5zVWml6+{3IbDLBf$Jo4xYig=bc?v?ghDyN{OM-Bm zT-n|HkmL%fpZvcw{LMf1o4`4DkgD&-IKp|G!ACER<$+9)_eGe_Cq@+Ia{FkOsW&<~ z&o*9w_j5zWyQ^91QJm(WG7(pZ)cp5IO*lt11+s^>U2sN6E_!{?15qTBt?<*sLC-$r z&k&ucUUhGM9v$#AUG+1o3g3`|R zUb_sNw6Hq{^})JzK7MEdBlIA;v$Vd;W>a)^NA=-PBFV_KS6v4$VVpT}q`u3?vY#|d z&Udp_#DLB>!G%1glJ%^x-=d6Buk(D-)WI6?$JU3BLedSt;Iq;YMr&Nzq7S3lhjZcx zAbVK-3zxiIV%!{5!4zGI406fadg4NnL*rLGg0o+^*_k7X^~O2A`%8Yx$EMVgVEY!I z%H>O)4d;AMgE*1y{q3~zIML%EE>M^A?YL*nAdtwEw82|`dCLvQ2h3=hEu=haGZ*yk z*b;svXJ{~T;LHWzpXcu&Mi zHowxQ2^4aSU?n&`!Z_&zd5Iqn`R|xGb{t7Kh#I}OROL)megfxUAXQk|OFohD+`G#YaIOW}^k5o^9+UnOBqp(-T^`fzlgm1AkH;q^C`PjHUH3S>{j z#{|ak2Lzw?5`dnTGyZjI;cWlgRv2&J`b(hjFZ%BRtzpb+rZN|aLDAcvsW}{Sf4-p3 z{6F@%=s=v#CEPdOdZ&LdPY@-s4g7zwiUmtEa^s4st)7ycDVb7$xO>EHq)o)etBB&N z*zYmL8Y5hHNNw`(zPfk^88`7L_9O*Fmt8b|0aHG66c32qzM9+0GhYpt=?`)Am6-ur zjUw+*a`3N7hR$D|<~CUL#1^}M0OuGXRqSLPHNAh|jSy}7j3~fb^(WhV8~F(hon7G7 z*3tDh>uBIz~numV89C>UzAlp@sDsNbjJHxW(j{h1Red6~m;W9Xf`+=v5XJEAG5ml^_@7Yl|_tUcH))dFqCNSPCt-6d5O_& zIETWG9xH4sau+}4RBRd>##tss#yiaZC!r(-3$;rKM9H{)Jq6*^{NZ=3JTDGh9j3W` z_kJ+Lra^`EVMwCe11XBEr09(MfyrjDI9Gbv4jEVS@;oMWpwD0QW&o;suII7TUcm)y z`nM6uI5Wn2g%Wo`mJ_`s?@eEDll*BLCt|u)m-kij8r&Y|N6>SrEEzJV`KJ*5ehl&( zdr}p{@r;fw!&H}+u03uoVm08@Hy+kmceHvg(9yf1Rl~LM*0-)57UxQ@(t1OjD6Nim z$0`GPMlhB2Hgmp(SXqL3uTWa%S*Lx7$p>r~M9JJ}UISL{T`w~^P#%Mh!Tv96jd z4ccF$+i7MC9r)#y%Q>+3^L1tcvS+tkSKyIU?#c^splW{F8YxsmDf*GT=!-GFFuDMF z+Af%l%HY1^X~$N)#a@mkd3KKz`>TmCjPotc5aLK~Uf?blQ>4iAg7OPV+r6ddo&6IV zkMu;!ABL=zG^*x_91&$!K|G(>bz33HW&z*W+ zrH9KpUD^jAPb)Zmp9A$(6zhnuogan5fWhbOW)Kh7nM*cP>qe-~W`89Xo9{vyI&g<^ zHaUeLPQgU)8;9w2hvQqoGc71Q>n07j{w^>&Lm7j39Y4Ow4^hM;j4zSVz1|NaduTBAWl$kR0+GZ<#E;~@Dqr8?j186&>xIj zpyD1?Cm{$MQ-N2ch`R0S8@R=(Oo_AevNP$1qZcWRv)6Y9aWKh!mJriJWK^ZVv#=|+ zR8I3>af%BTZ73A0r<6GJ0=sQ&m51mW9m|9JxtqaVlWgr_zS1zx0nP@*2}lU}zVPuK ze)}@W8&3uK)m>>heN88!dut$+Yf38ue5YZr9x&1+WZo!|^+w;cwKaaN7oYKuBZIe# ze9tF^*?mbZqLV1d4 zb66bN$dcP|E_d(=VH~1ANY&-f>M<_MAFF{iUF7wJN`r z&(Y6s_f2Vm*5^PXm7UwC=K~HT__4#@xsv44F#kt}&N~R=XnK7Ts50cIe+Z`1i>D`i z`5}?E>G%EC*f4emWAC8KFj(a@C-xYxRGOqwrCI2-+`Dd6r&Gb~VL}UoI6mArrBiH- z&7T4_U`Mkgt;=vV0j{53Bxu9M6E>7eAdju1{3^P30FOV>Ns6$e4YQ@kd=i$IkntX= zg*e61$&Xk@qJqy_K@k~GZT!=^O^^>w-;8e1=jLNX%tufs;{7VCcK3-x#D@~)wEZ(; zon4|Cm_2y{;t*$NdVG-PN6M>6;IBsdip8WC{9wonvO2TaASNwEw5x-ue?6rcrpj94 zQ@boA!Ovtop9s<=!8nEU$hbT2o?Y9yMk^bgCaB~Xpf18`SFv!nnOn;G*o4tN7CE0gTf~fb^qQaPs0WE*$AHfH6M1G%E7DxIt*uuZbZQL7WKUQ|n#a z=Wot-GvmW#b>EvkWObZv27b8hu!%+P=We{!)@kckgl&q}HL$o_W_j5jhyiyt=7^)oSSTkD02YxSd^R|pwhBmub{B71ri4l`KPlVFy28DGJ@)$dpNZ9`Fb=8>GC!8w5jTq+rt2sG{KMJj zzWLV+`)P>rq6B1v^t#)~GDbml1n+ekWq~na;}?pJ6?^S_I3HN;;2bApomwdpk9yMx zHD#*}OhX7dy=J7!zWR2a$d;66R^)@L5XdKd;GvgwmD<>@(VOa3Mxd@!jr#l_dlLPi z=h8V2^YOIko{9l}LWhRb$~A2s-j0Uzc%Sy4gNKRT+lZ3Q9+8=9)JRT5nRGO{m%SS6 zrbZ*o9yE$7h=cMyY$l#MrgI*==YGDN&#CKoL|-DV4iFP7c?Jl3sDo*|c>3*jH?HYl z*K+)@_E>myZ%cm3Pn_I%HpGyqfE zLX*yGFcwV?{2g!NK5ux*u8RpfPi4_s10ha?;ThKvIqf3X3^?C8oB|%-^sHK)^U9Lf z5q)IWnadAE5 z*_=>vxUH25C*M6z7zfLi9O5J?cScmvdYWegp;~v*YhNBl2ll0<^b`tyGAODTU{VIV zQci}?MSyh)!RK2m@9(~H3Z_Va#b2^mQK}G!JBt+S`8O1<&Uz^Se3U&I!+PR59i?ZX zF?7Ml6=4jbj$?UZ88%K~igA_rt{@4H#;0@86pa7;I$5kF3TI+><8d1+0jltG?9vwVd=LF&^9g_N0ihrKJv=F||=$M@o}efh#r^WlV`VSTn`@DUs*pptp#b%gB8# zE;7v1J{G&M#wFnGlO-7E8Xoey$S=uoHs-&OHUZMP*DX!9F;G>6#}g(nQY|skm;>5# z04F;R|J7cyPrKuqnOh9;Q!|elSbb3T8X2<3>b7FzF6}PM;pGo-k_&zHbSf3hy8Lm_ zn&NexOh7?x1njG;-^0%lG-ieN15e2BWxuL_oS_D@hr1NHencH(ji;UPDJ{H#-hAXy zHhy-aj$gJI4Mk^4*%LEza2iSf*0p#~TGps+luOIVK}Tv(K{F5IxIIAn;kJu5f!-v} z;}@XA0zJgKgN^7o?@2N0ty#j2f{`wd5k!#$g>I$-hs?s`-2pzAXD{`cpz>fik+RY z!;BiIUu@n}{&Ks7!X}pj<^R~zBnok)RHB*Ow}zJDdqKu=PgN|^O(e1c?Z;P~OPM9Q z2){hwCnyh%lx_BPRnr8|#h??%&m8)~@>;U){>byoOzeBuga(#EtPAj04J2Hao;^NP zohFkU>CzeAHY%0^`EacQm(*cp_7iazkvhH26Xo$|u=<6p`yLTw5A8|;UU=#uW-|KgiwNltwnC9byD;uMG@39>NxnpEk+%nQB~oIH~6 z8)EYbG+^vCL1$ zGr((fLD~9rKNtI5tF-av7i?uyGjxwc7$-m%nMbnPNEsoU@#tRv3H((>DNaVYIVN@X zjSqT;*MBx{p@akPyy=`(ZWf!7$=SW&Fx@j~_1q9vFOUtiVTJ7Zn?JMx`@H(G#_4>k z!k_3l?D*4|#PNbTC_AY)a(e9M^RxKjJ>i}lO~$g)XThN`d&1Q8AWm1cpR%DAu5lSq zvUk!JJww;&tYEaK{rz%9ck5$eXg8Qmc&lpe_@U6~*X@8k_xwvb%Q|~lAERveH{>+T zV*eAd^-ex36R<;gM;_(Zqt$z5kY?%H{ao$TlX|2Cs)n7>gg4lRW}-cHZzgvVTHZN%#;53ZQywdOG)%qpfsJ41T4&+5=`4~oix|3y3 zUpk9^n739GV)BA6 zb5bau&lD&^OwF22C=9yD^w?pX)KH|qK|RzZVS;i`?t>%fpwxD8nlZe+(xtJ{OX_I% zUFA0u$PQS?>@ykSEKuuzjSE>6wSTnyWRC39sT7`Z4H*LvQE0=sT5uPuce-zW2c4Pgm`l z?~;o*^=sgdNozD(lXd4lcexCu*ffBsJ z%bw!f#`^1ntc(<=A}L!Sp7`Q#4=X{b@VazoRp{%cwmSF%B#7mai8 zBsya3+5fl!&#QDugN{$S^7B)lTy}_r@NZOGD(z z!G=;gSzk6(ul#FIeUU!IIbPsJAv{(6>;*b&0-q>(k+xN?SaxIt%sKIm?H0(OgX+k( zF7xJ>o0VHE4~oie=Um4RPK*1;k&tgf=CPmTED4(8j%-$PAd0n5A=1*l$H@pr4#YgB(<{i1(m9UjVqL&?-42~7!hmHIf|~z-AS3c zp49{GtAFhw#Xo>Jtx`rN-d>N(>-oUSP16>d;-Du}DkUWk)0q{3k7YxGU&JE*_UOqd28<#`jTX zsBdz1vvLQ0o-*0(`<-HYifXS3Uh*fAGk(K&oaCBEovMa|pj6;qg266mONO>EtuJ=gN zgFJs~7M@~_f!rJ}?TOTDOBIZ-w76gzug;a}{fL&llDP$|gG3y^?C)fkFb+kK62#%f zMNM+C@o`=I0X&`4Yu>fuYBK4J35F|(Ot1R%)FiN~-Vn}NVF^E7&{DD?dgu1DNyelF z&IzT2I5p1}BIhGiu(cphIWLlNythu9RlweVW3cYo5Bggl!CRx5#5SrsQ6acdP}GgP zZN^qmfd}JI-uwx1?7r}QVa_*xPI8y4Eo}c> z=(+pEdE(iNGgm-AZ$(T{xqjm9O$FbVXw`fY+FD?O1^#`;VO5{SKM(%+z&UOKkUhNwK1MIw zi-y>?!90@#$&-cU46EV%v|D^;7?Kaog~@>*j!hxtfe|~kDoATQrZOGZ>QKRYy`96wJZlT z(2`%fybrh0O7D1zaYd6d2*#mjO@%n9%gN4BUx^6bJ_Y+~kf(}g!Gr@V6?(YN310Y^ zjXvnF8oxjKjF)3fXg-BAAw@C3L6~2l~*A zFy(awDrm>KG%LmDRqLJ6lR+MPz_ADIm4IIAC64U#>cQV7Vh?_k!8lBXNPm^0WblCj zMp+%}OYnY<@8bNSBAa!zRi~D_uu4jON!|zQUoSM($NYmrcWO!wPo}~sek3&5`T563hnBuLks!Z8`e5@`mcs$MQE?(F zU)L2SlnwZI!McEqFN#NQ4c(QnWw{j(;_h=A=C8kdi!fYyDayoba48fd6~I3KDBTi+b$ir6xG%5_!I>A3lrT?{DbERRooa z*DvvwZ=mhV@v~|bM-=3jw&s=rduqCtTK7sV_tOapVhmZ{u@|-4z&Nt~KOlQ>3E0`c zMC?SBzXN%jyO?#SY7#BahO_jW<*NFwg%<$2-wW~Q+rdXlm>06B!=Aj8IzOI;!#MMX z$huw^Np*@!*_Doyad3V~b?VdAstrC>d~bBSY;oR)Oc3P#4kt&0O`J>2o4B`dnZhkC z&O=yX=c!~=0UczI!i&o}8NY#*pJ`zIw0X8?qUBTj2jZU3Xw$~@Inob+&OA?Z3+ZyMtnA0?IH&k(u4GfwB z{aO_JLW-OCQ+H23TFs*C9rG`GL4C{r{qB+-7gUfveLl=*uT;#^L1n3k>2>^RFkVyP zI;TpIZdW>DBIEXTL;=p`2gK9nE{mAN%O(V#&&KE1X;A*~FQ?lL8FwFt-ZZ1$pS;QA z3jAKu%aoWS^-$Z&qleW6-UssRYe}H5+kU|>_#5T{m9X<8z6ZyNJ4#poz&Hb%){s4H zwOJj9ZZ8{^{Sk#!%XP`!Y7MB_sBt_&JjzWk!<2y+>zuuya*Tt5`(;7nRA91Y^X#<} z)W7l9o&_&toqC6P@hFmUit@f*J=~D9WEIS^osR4~5%w9K zj*zv+Ib_%iks~01ah4)WA$u6SjiQAOj6cxGf;Zv(<;O=afsk5?2z`~HFfXbmG*+j&m;V{e<0$w1kUa|J+5XzI4q^wuS^t?mnO*$tx!w#|xfP{&ToHx`Q8v3t zmb{+J&)HO^K{eDiA2XP5M|yWxmyTVv1m7#JZWzWn0`pS=hn~E9`JOBJ-Yq52hyN*y zN+s#xc%Acu`|2I1(-#XHe}GriovC+U@OYZn5_7&WQBR#V|n$3=ujXW!VHcNH(k0U)T z!2xk5gtoAC!VTo-!8|TL)!k#mv`XglpjPi!Ph#Ug*F6X8`M%na=M&dAhmo4Uj2L_I zi3_p2-@-Ucpi>ZV+Ty(Riq|L5&@{jfA>FtCy<;6qQ+b!IV!lrpwhL=%S4&6 zy3AAYv7~=&LBV54%Mf%sbzFT_(}R0QPJWQ{;650;feD{}E3Pbu?5|_BbDT1@(s>DX z&|+n|r;FFSNM160WUQ`<$(%0HCJ$|M(WaX+;&t?&lx$FiX2 z6IcDh!kdY!UaWP!v<(YTedjO7zk(CuNZgKF)N%ch6$B#eF3oSu8e;7OdD+4mlfvj) zj|*;=fnDiOR>AP0U9J=II0r~;1$KWRE#?BPp&drHqk{C(M z!droHz(h%iV^CqGL#mR&bP)#Xafcj38dA2!`x@-^rbd2E_gA#I!B^K9r*X?((Q9N5 z^Gx8rpx9c>b@G2433eW2-njjB!1+;+w!ZZ)=-Z*fa$NJjG+~`y65U4&b zjM{QZAKf4i>Ax$wiTKbRg9*k({qMOXNqiN8u`W!a<2 z_e5W+stW1iKsRA}Mu)=#SN$-jvoU>>5?yQ!i*z_A#tC{Z8@b9*l@CY3J!rtA6mDnM z`-Vkm9auD>$$sv&k2D0uw)I>?N=|Fj7b%j$-d8*UmmzX=iq<8mxTON zWE|J3^648|;rjp)aL?C1=HS_DE_LkbJOOo#!^jimD z`nGxg=EZrmK^rHRDPMEOyE6w53;6FY|FIb2v@zmkF`|XBD7*&mIqfu~W8rA4^x>;dZm5_b8(3u!S2?aspx;@gmtlx8ZxA0y4dW=7Iz#px zp*L6Y7MoVR2n2PIu%ChMwicX^C{9SFzH9X*xp@wOeZKuNYYZh5gVi(WT#WvR%tgG0 z3C_7lhd85QKaO;a4zKk}f!_=7f!i;Jl8o5S2AQt<6gEjvphA?)D27P3^H*5Z6z;~K zCa=6|epeO+=lnT`I90q_lXG-jDBR$_Fuh*5`}f3~6pC&?9?A4LPI+}EeFVGP-ESNB zLw`$FlFyj31`w7u4xB*sufOX@ksKG|MBkbVl=Um3Kpz5MfPQ=0mR2FQaEnrrxKFR< z<42O9uSxbAx{H=ilKIL#^*Fbfw5*h0YiMu|6Vl&URGGb{dvVjS_criM)eoZQv3jOr zEaTY*8q+YupdUg{oQ);{0b>`4J!`0(yzfQ zLdPI0t@XQIt?=rh1h)BN%yRj=898iPIAEhygkpFR7?{PR`-_r957f@ozf_)gt+8%QmEmEKQ3r*m8^=qI8&0C54?(-{9q zm!H?PqQ}j;u`SC76_w{;98F6YW4&xZzIEJ1Jdu2#T_S?V^i4mftC?tjZhtJNG z1K|^eF6Q4I11(x?*+V`5SN4d?uHFk2 zfpOwOkolPY#1lDx+M|b2IG7iL7u1Qt(+>%WXzA~r9ek;5o0RlNSVh0 zvz0kXrJU2vr%m%9J6T&*I-&ZE4e$64gGT@pF*k7oW^AKC7LQqi=~-0b^@3^Z&% z?EM&6=QYS4TW03VE=+@Kt>U45hW!e+%WW&b#Lug;`F9M;S7&o=8VkrU@&2W`zGSxp(g zCwV(P=Mlg2^{n_lP>1!X_$^*!PpWre{N~rDsrW!*m#{62L&$+V2jB3GVLjp=U9`D_ zDA^I^N2}n9QB_Yw94cymz>7ET0$Hk`HNW(ygJQOKz9^f`gd(PXzF@6^afq(XLG~=i zFir(~at!d~gOk%&_jK?nhs8K1*(d4P#XzlhYalED%-|sc54@xGgq5AQodwvu+Rj8y|)0@Ebpqx&3+oxk)J}$ zqy_XjE=+E4jsh`ck3a9$&w5!!QqXNz#JbMs^V7Gku{OmgKiW-f|7MaB_}(oBb9IV; zul_opTv!@@-yN$!|;G&io*r?8@0|Ug8q4R65fHw5tsc%PL*_Htx{sVAg83a$z!Mm= zb5u4mRCy@T|D04}mt)ARj|P6Y&s$CNCvH#7ncI)dbC2oD#(Cw7;GDK-=($=7VjrMc zs=pr*0{xImn!n@5+U8N12M)z{o^!F$I4Xm$&dtO^?X;me=IT!_w+ReITXHcY7>76( zdEcQV?QATYvbbZYAM6{m@z3(jd{_r)gcJE9*h(j(QxCvByYyk>-pK|-iW;nl>K7~W zVj`F5a85e%x%6EHZtY}ph_1Ti}l7f`nPBH z`812+=a1(1~~@*ta_iDGFp_{UTEZ> zBi^yQ3fPS>hv1^5-c4OYJitzaKh&1d*x zKz-27?twt0;xI*cZO5_T_{vsVZVIT!l}+|*vn0AaqRVTNnl1f>XQ2<}!~d>l5~^K@ z6Yk53u&b2Xb_4wh%-8vI^De&EsHY0(>N>TeJmI^z2C|B87_TIsjndfE{*jZG>XFzm z+=cpW{>Qn2j8CAUJsC6n$)~)u6&pO z_i|AP`VI?ygx*vdoa2i059@qaFhA5svQMOg8|oBdMEg=5z4V2QKi+p^_N1P>f^3Cp za_hl$Ga^@EHG4UFo^pLEIgAhghlA`J%uJmuStiirqQgd%v|sH!Vz(_feeyNy=54DE z63ewrOK_W_H7V}{xF3IRrY+=xPOV+&^$g}e-zB9(p38>p2Ab%IsHD3sV1J$}X%ULM z>7^lr`&NYd3k8?u0PyQ}U0Deu&JBY!mQ(Vh0#VW_wifGz<_6cV04 z#fuo(CpW3Zc-k(9?~pITIAli1{-5uCbJeT*yB{gRJ>M$*vi*s9NkRFgaxSfTS#RgI z1(4_8xrT#}Gxlq^!{)X|CeQ3rM>(}Kj6*(_3)!Rd_B~CT*bXMU0*H{juKg~3W7M%b z_lle!qfpfO?9DfjMBYXvSIcks;WU_5TM3jC5x~ord~i{- zMR%{05gp}Nqwt;e+Q_B>oTJ18*^{8kBlcsJ_NW(hYV6hhq4(g^ott~V$=X6u-+rz6 zI0xL9SzhT`R%$-Ka!KZKTU)0F_lgh|j6=1K%me%gU!+O$94lLT4Bk&7@0~n}@Qyi$ zTqA2c*-d}*2$1hJkC6cvM%f*%EE~=ug0B13r`E&b)4S9X$o){Xb;PeZ2^~Kw1Vl*B z-dIRdM8>&;SMoal zkWH><^dL$e)y0K-;*om$zWXCd5Sc!p=6VNIeX>wFG3D2H88CF}R+s3Q`qCo0L+OHgfjEM1YGk)pP^0V_>Q)%Zeo8-_!2*(tK1Ni$x><0njATMgv6^%vnv9?1Ld~OX# z`^3XqsM7V@^R)WzvXPZ{6*!Iie-_4#^=hVsO|4KQa6R)p;Q;BZ{yujSV1WlXH#&*6 z)X@iS@z+4UNrCfxPQoN+i9aXZ+Ig_sos6m)(6ePte^<$1c$e2Qx<7H5JjZzu3jUpv z_&vvwH2aG=B6Jho)5(Ae+HXsG5o1*(_=dr)3ibsre7@SL0=f&;&p+Bq(ji0{3G9y^ zuevjk8|A_6Nqt^_n0|=jl3RPHy#W*rlG{c|%R3T>PyP?eyeGNHLSHb6fYatk`M`dlhE3XRx&o=h|vi6QRhqP zWzGH`T;vXKpxx5%t6AG6fVxOV(sZLAmYZviwN(cb)#VE&aRFc)3OpJRCyL_p(g;pP z7$wljhRXW9Z=={T``h$6s`6wRFLYR;8AKjszAJ~~{&}R`gfCuI8SV}fUp(qqKv?Z)2ywzi*7Sd_p#{!yrkBvc3>6iTe7SWuL8z^l zkaw-%_S9j6I5AL`I!$p#LF9D67l|5_5PVO8U?j$SGClW-?L1)v2l&%s;Ii!N1F2-J z$%iRMGsg%aA5b3u?|Vq~{nN8ODt+a)w#e;VG(fyg(z#7)RD?iR67J2&3QS)#8j{9Z2IJ7gNr5=$pBW91jG7`4ffMc3>hXIDT%oeSG*Ng= zouR!xrG^ZMf?eIAC5Q2M4IyiXtu)augv~xcegWgqWxM<|{*vC&39zFE}^H1>GJrAz0Nx}UDrp4zt z67m`oJ%$CvJUnm$NPT!yZ64nlcDV5^l!D(tBE$8&I}i_VoN0S=l%=(Py)we?T9-ccv4(IoyRLext6O09u;o1K6I={u3j+P32awMI-5~N>`|k`hp{QRg zUH8KNmgUS}fheBR8of2Xc(sB!A7n5#A<5ui#lc%J4m(#2Xr7&k>x&nR=_#?_0TB_O zZ#JV@icz~zSW;6fN_q5GHlDzG_;_7;|LY5*8zH97j4wu!?khr&Zs+f~I1uGQ9Ah>; z_OARX-J=%Z$w&r;%ZyZ_Hy{nptzvS+K_3N$0e*r30(qkgCdzEITSzxqLZ_wNB3PVO zgd>*)#DRm$IZsd3J~fAeD9C?rO_hcx+GTWo1FfFL$84*&2Y6Thmkqfvug4-18C`bs zqNJ^2Zb-rMUm~0*&(B@6Ti=G}Ym4jwpxie;vt{kQCth6J6^-vI;PdkQ1N6&o?`}lJ!us&b^Uwap4sUV4s=v`V3q-J-9ME6H&h8CrN+I}XQ2Ha{`}-3Dd1`w0n=JdK zIlfKmTb8lz8Q-jWE--t{|LHeqY3bs-7^dYTGYZ53s&EqXVGV@d{OV84+LdBQljZ`} zd2U4f^AfWgaugxo0_?3?6ho2hiT~mVfX0QAu3)K+>agEr07SlRi|S@}bO$MW>FWwfZ<~Wl#4QJZK?9a|h$iZ@wz&vc99zWPS`EZehN`M2nQaKRvj+YK#L6R3 zwu&GO9s45+;r&@whXc@E5fj#EXrgbFSQ(9KP?X>1<6b{29hg1Vq|b2@?c$&gwXwH& zb3i89i7#+0r%FJJifpIOdH_CJewM8VP+RUvaiZ*2^vpRVBFl;d%U`CRR)BHrb)MrS zx8vBSd;{Tec|boa_pe(HncBHFmj;*1T_S$sE$;!HUcMNM1+gJ3(ot8E7;K^TO!*;u zJ^?t#^jW`QfEFaTww2Fy2=wzLPTa&A)YnJSp@!(-Ej04aIf5$yx@9>_`G(~OYe*P< zNJjfa5J9PNF$l)VuY1-Bca8Nmj3}byl3PI(G>ny`Rum&_V>#8WUi6(V;PejxS)UPw zl(o#|&KBQ4az5Sf$uE{75|qI>1vDz4c{cVP3}^FBIMDzzTe8WwMS6LNj>*$L|s7_xU;wHfI<|1tv&*!+moPGiz4xop` z_aUD%oARl?>^nThH~j@THK022Z5>(=n>5)yPStD~_hyRI4n6q$JlyykH&!zmaiWG6 zeEMk)_)$8A30eE=y9`8m`$ToGmJJ!&Fd*_}yhY|*gQx5*G}#war4PSYwxxo-&!T)? z&*%3&w4Uw?I5LhqGr+Ht?UCJKuF&L*#fMgc<6OP|H4W4y`6q=W;|`)3t(xRW$#~Bb z&}(mZ{%3wf`R9E>^ZZlCfLFmaod)#@IG-vI;3F2ej|}x9FHF?QeB3~wegeLCpuiA) zaZ+F^WtmyKQmaaQQ>PT1b59K7Oz&cUiy~YLEvp9NEw=qq0-D2==O)3G3ZW=GSw~{W>OS)zsV09~|iNKp#AIay^t6Y$Fxk*JyfE5>9Wv=Yho` zMFrWP{rN97(YbZLtpf5nK>eVw3F!-|jK?pPWyPK!GVb2-@XG_y_Rnx$*+#c^jIW)N zq(bR1UPUo}2eaoD&hviJfE%!qUqBid#0IQM+WNHBDWLLy6^QG}O0Jwv94^$BbrDi=%Ldg2W{=q25{Scyeks6GNn@poI{c4g4ca?V- z4=nB{`kM9myBLbjF|R(EpzALHep!>?!D6|5-u3D=)%k)q&%pK9L*QKSrz0P z;!1&?TT3;bvswjgT(3o>LF01V$7p*;>s@xv0C<80kMY!{mIfcYBDJyeE2!QdH2~|X z>D}9kOp2=$LkVS`GZXxla%+1RFpjmX?DPD*8U3hk6Q8gA1JFxECcI~kMRUukcYbN0 zjM0f_f&{1^{w)3WIPEv8NE_>@%NwzH3JvrE)1`=dab$xyCBhDLn4uAS62RYx)iR1h zF2PdIYxtO+Y4BcM;LZYw`@J61`FSArGosBM8h!Y-*P^1U5Nsb5_5S*Neji@l%0@yO zpeqgsB87s&tO2Dnb=Yp^%7whyvZuZ3HlXge3l+lRPPVG$LoIp)W*t4WQ(*BH(e&cy zJSkYg?8HW2HN5=XcI6kum+Xxp zHbwft=BGjk0W_|Oh%ksx5_6ZLRE|5q z^E#uqK=S1$oOr9{vQ=bPOTrKUs&D$&e->?Uhy-y2u3zj?g!!uSbOQO5`45Y~BhF>Rcr; zEK1re@+bG#Lf5dD!`CMsJ?wknl$dpWB`AZhrh(o(fl6;eLgsG-rb`iRjztC8Q)u=g z!F{dS@+~J&L4w*ShVj_bF4jZt-QX8H8n))m4fykJ=-D1}KX_@YgQ|k6DMBqv|A6@| zqF+oaL7dn`uAl_CV9a$WAR{evWpW7_QTA}kAZ3=55|5&B53B--1>CYF1=7hKo|+VK z^!!#donyja4bV#4t%QYWkMHosXu%#I47wG#G&+aZqiJHmoEbCoR7tyMBA|6G1*54p^>L`wZBCG z`a&p6UbvU>xP>?$_}P%t+k02H*i?dZ(n~;`KCGo*!sNzPR6yTm4=GeHx(>;HtI~Hp zqs?<{!c$5>SE-lS#4#A3+FJ;89XGm$ zJ5zjXBH}96k-enz3ReTL(uw9;g(4Jznf^)C+mmbdtaMg49L%0hQ7jOLex*8yA(KT{ z?H1@rq4t0qBtYysP}@4RUKT|XFoQDyctxQ{l-ffKD5QX$9N_Ed#qN2RACR<*5&^UJfMyalgVMW(&(-f9wJgzM#+kzK5Mh z1m|>z(Sq#x%Lya`Dq6}6AM^REG_pCUm#@;}vBQssEr2Q!L$6GVCF~JclYZ9H%P&IL zw{_tA*SGW`5C^i+jcaW>FDow#@WcK1kWlPY)Sz{o7^y$&1q}Mz0A3M$cI6***mH5} z+0GZozT{`+kWFfe7q~xyLa;n$iaZLkp zwif1dYWw`G*?GeD*>w*q7#xUAa8Bp5UgF&v$_s*$mjv}WfWHBAHgC0-zrd9pimdk0 z%da+S{twXq@OX9&f11%G+rEZi0ye2oJ=^O7jMJl92O8HoS{1TinD(|Z;Bk9J2Uck; zhT6WbVjeISrZ7>Vs{`WC10|t-dyh9x(D&4p@ArNoxY-|rir!E5o69oD1M!-`lJ;6iCkyby z-&!kLs<)P)*uS0FUNPP#=~9;@zCylxOs?gYY-Afe&P2Dj59>y0^(Fezps5KOZ)va0(inh zXN=2V9JS4~c5#SEKl|L7MF9O<;?@xN=^DgCt6ghK+9SGh+SL)oz&X*KAdV&)Ap{p^ z2Zi=H@MN4PMZc;^>bOxqj$RgN?jDF+0naP`@JEUhaqnJ@i(eUu_L1kR+XgH+C#4s} zskyX5M)Qq>WWNFY4JQ(BD37}}-5oh?{t~0;sKD>QzHEXWsX(Z4{kr1UD;ZC3C;Rd* zGSy(5;kYdj2Q8TMv~95I8v@`l1y7G;F%L0lXNWf_Y|c-6wAGN8Dy+5!*$)mV0sw-vH7b)2;{f$ zSq>YGlbgo8d?n`flColZaRiJr9`!t~t4u5!0Yr;-6BJ+twd06WIEAiEZ3uxujNr$- ztBnG5O{BPN7xKkbma3Kx+NuXb8Wy+zz z&Po3(Zo`oNm30dQ8hS;POjr1q1)#nl+0Snp&u6O$&V0l--`uravegQFUtSYw0C6Z( zti{xfvfXt79rcU(crnyh10>yxl$GLdm(1X3ynrYD0O-|4E|amO#nuPmbI@ zFniX#p5xCMQE|zaNgWhvKzyt)Oi;)RLa2wCcn|H(ru+izhiM?YRD|dJ}?m=k~>f1$dd;FetXh$i7444YE7rj7yKE%{3J*z*YY%qwno=upJ zf`y9*q#tWkTtT(K-o#h4nwBf3bjz$=R|DtdKd-BA#_Q_ow3%fhfF0Nof%n(#$M`4; zgyQd2q}%)kJ|w(ATw=n^!n1_bkv9>wRd(I$J1N_nSuoB9g*Rwi_ac$sH1~BLmw?Qz zU)VvOp0!`NjmiXe5Q=xH$!uLJuwOKcxOKjBX=D7tTq#cU3Rd3Z7<~WQluZJ0+Ord_ zu+!y#c-;dYtkj6;Ri2I4@|IKNe*!kU38 z0P4Hd9+SI;RN-aQy`3W;N5XwY)yaYHU5eai=b+;_1FG#?P$tp$A$pcVa1I6iGi3I(pAjjGM>~$&MlPevKuCu1ydSX z2jKT+A-Ys5I@=1hb3^dfNId)=a#i%AH2azKYBG1xf# zUQ2{%wL9I*X);@S2p;I08p%F?)7X;iwZQN8h?B7r=Bc7E0M2P70OuHE0+psXoYg`J zQJYQ}MS3-6_ni)R1g$_+(TJ;i#K)5#gBZb{Nj1%k&MV6dj6)sytfyTzx9ci#p0N`7 z4V;$=_qmNauY44XD@)R=j^(Mk8#!n=GS}O<=XU zIQn=@0nXWfK39q@5huDzW+2m10V|ecsHGlhT_EX<%N$fE=ZEGS9x@=_TklICn_w-I zd7=Mlz(ZVVuPL7djH4+3oCo1iG!Dex{-CU*2h{61KTdqTO=0&1nj3_2e>pp!ttAK6 zF==Q@V#{vw{F2Go*GPqbUN$8?fN_@EpY@q2yL1kQuwLi($ABInuh{=5RbY6&h_#Fc zQt#RRuGe=UyT8ajY-iTzB)E z`)?Eh9(Pql*pF94mlFK&X$8cO=+*FIG=Nv#yzlWoQf;HOY41%s%7!mhHUXHQAPE_W z1L7QqB$sVT%+4ua0Q(meZ^31{VS10j?eY>tGr{8tJR)$8yA92^Yy2Zu!uf+Ae*)3b z?&u0E4j_pZ{H$|`r8!1J>1v+c`U0%0%-I`8ek&N5DQjWF4&&%K^UQ+~IcSsh$o>jA z;w8*ZWiybF>q_;!87hCG^SnDm#C zanHY{1pJo0PLnjDwY$5s04uAPmlun>tBITS^JS}n?$%BYCT^yz|K7T4XW`>!W94Y$ zXvO-U|77vBaAjvx zNSPxWqU^tJGI>8{ns6gFAhsxE}deEQpf^BPms$BBHc--83WPpJzuIm>n{>78&r_aR8o#1@JE$ zI~ET|o0q0G7WNjF7WU>W<`%4h4h|mfzO0}*dil>&ddb1Y#`%(s_kW(&N_f~!$JaeR z+Y;cmCTBuOKk^bK1@5<54NrGHSSfP(z|OCp`t^w}C769;VD!xwI8qlT%$z8QG$>ef z5t*>ZUV6f981vn2NXV!;7>L-;<~s_fsgIUX?iOE4v11#ZwwJ~~y_+sRzF94tC%bUw zM7tjx^QB} zd4LD5+9sqV4kRQF&{(?(&9tiC?NA?H+gHH#SS+1{bviDApyOvJsT)I!4F0TtmCQY@ zOEzNSnPK+;0{+2Ch+-#+O7Z9lPF_6hYtcCTR7V*5mjgdBw~3AQWZI7@-Ih3$yLG2o z_LXA@(H%@~V@@keaeC6Zna`_s@d$U+8B@s8J_<{ekOgXR(fP>yYuCPEf+|E&yE4=! zD+?6n*U8Qu{f_%yF9yseb~vg;A;7H=qhUv!P|A=c>X=K>!yTZ@w^UA2*zg@>r` z`bnlx6b7?ui$IN+x>62*$vZCXoi~${UzXUtt2M8ZB6DESA^*927B}R1uRU=H6*~<00Rs_k zXMozltWqTAx2H=_SNbkaY=_TlAVUR`I>T{Gs64t9hQ04(#nvq*DGm;Xo%J_N#QP69 zuYDc!c_z`3U8E)O><%%n`wJ)sJARU)u>Q8*KA0<;MYpv|p@+;6Pq9Q}b*$HpO7%{v zMlmpDb?IHGZ<#K+5g{R$P_0Rtz!_=*tiytY1l=wFN-Vw+wA4tNZ_k{V24tyj!ayV? zQZUroU?-ycVil2_kM*ORt2dFIHWPD=mHb`_TD}3 z5hRt?KXfcb-?Ijr(Rui)SfisDP(B9Y?(p^3b|`LqfNH5E((_azpBc!azjEH2ew;+6 zXQRf!pZN2t`ruO$ZhRa$B@MWBJRzXD`)eJfKJ){&o=60rrSXj8{~j z%+v=AX#KS1)d>cjP#2c5TfdKEbtdpS5Bc}v=!9BU9bp{3kJ8pd@A%;#r};anq){oL?3h9u z{_al!n05B16d>z}YGb}KCUekO+5k`X$&Rky3zZfn;lmzzx@ctisT^IK$lhZrLR=AR zrp?SA0mBcKl)(n!0f;Z!n~YdjI;qXv0ZlJx@ixtb`qoVIUSNf4mvvTuct2{V|NTjK z6ieDm)&KM7{oCZ%3%tTBr3_bbzjEbiz9e1<$0(D`!{NhaWo9hP!O1zVeS?Vq@*nF& zy}uuWtgC#2Zuaw2qQNyIW(1BMs+|s3$wa*$ zT*%dhJPzQNb>FvVc9gnOZl*BBS8dyQEx5H1Rp85c&Jr>i$Z8Jrtsn@@y6?iDLDsc~ zXHqKl>^{ukK|eBg_;DQHc4kh`K>v<$XjS^OAH++(1D_TnMO2S1x*GL@QI>cSDw~HZ zgN0r8%3|$?YF()tiT&b3^t%vQJK<^^v2F~;RsEFrZy7B2izqdZ-kp59R~Y&vW!3do zL^n}#YhbC+LH`H!kjBk6oA4*3T;p^Q-l4u;WlOhk%yHyVp=80XdYg&=~r38i(PaZ0clS zC(3q>7y;%&KI4nMr*;Ad+9w+4WXXy0*SMctby+%6^@pmRcn#53VWGJEGjnI%X+L4| zv7+)Px_H?+41MC*;HPCqNusjfyts$#J~t#tIp`(d&{X&!{-(Td7r1@_7#-HXt2xu! z^GW4fv4K3b02afR0_+26U4{cf`pox%ylq1^pb`r@1P!X3VYj6uN$LMQ)d0#Vci6!Yz(0f#W+3;*#NETy;-#aLyM>#mvxTFThm9lP08xT@k^lKq z)<9FhgLHCqH!*W(1>DzX{|N9Q-B_RhJ_|P=4<|1#I~$vnI6J!phoqP!uN1pDr<4>g zmm~+jI3I_&6g!V38#{}Mn;9i1xG(m<`Hg?vFIG=>7IxO>ZptpvGfa#2Zn$~QBB*LqiL$j z+mq~D{}rTYo1O`}k4{;eankM-SJ5mFZ-?72b5-*)u_c+R<95WpiwOCIeHz(=7%bTs z)YEu7v6$v8)lN`FfFdzv;~rNX*9+%Q>l;kgb&`Za{T_)F#wcW5-Ry3Uoj zb|3NWUtYO(zsGRT1FZ|3ins?^hIYBZL5Bft=8{ihfQpJtl$p*yj$FbY zcoiCtDDy`+3X=Hmhb@93PYRk~#9y~a(XPr;?4}41airp+q06E0u6a0_boAVw#+!B6 z$b``NzN946X?VAp`?Z-&@EI~sJRBrkW#X>0cvNJsK5#X+%jnKa6wK)d9v;^01Z;VA zO<2X>Hd;bUK)p6O5cE$BkB-MfaQdA{_^A!e9+S2^>JAse6=L1&+ z@DI3*%6z9{RQfW7IB4rHAz?D%jMN?!P7Y{0O88fxvhD2(C2u!AnG_Qcit-)Q(<_HyPLemBzy*A-hP)4wtu@8zhHz7=^;E|F!4|V9ars?{o>4N9F zK?IMWYrc7w)*hsSjB?bk6ba?Hu7Z(wP7AXpEl!s!WRi01afX7ZUye;3Ky2YM$ED$! z1}~@{zKZc8NCQ*B+GYUrI(_C(`Ia5EOxr0Qy=}} zSTh~nUd2}sQ%5ef@3y9q-q&u;^BtZ&0>kQAf!L zpy~P7l@q~$T>-s4qHs8V;A96Ok~x*=g~hupbD|1&GrTMX!y4gor*JJc5v&a6<|W1s zk|}hy@22H820*`Sb*t6*^!JJ7M*+bxm7YIvcKZ}!vj`TNnvys(2&`6296pIY8n`_ zx>LYfsr)?#iRmYw6u3V%LY3P5dTlfz%B53Z2)XrP zm~!$mXj;sElV}YQ$Jh+ls@B6kk?o)9dG;km=Yups(<9~thi>+`qa$(w|3Lg@GrG$f zktV}c3`0795&<{UDu>(5t7AqoR9)iS2T?E?r;}c%&MD@poYaVC`en8yqe$i`)38*+x{4CHidNrpt6z$A8Kx*pDZmtG z8(#xI&_D^b{_ew$I)XeM!RiZx)Wo77%!^t0wbZ`$$XfV^Z?AnOcH7mWAVr_I-G9O) zx&ME|Buz`T%p-*At%IoWPr4bkzE{It*4JZLTHR^S)6JyX$_W*nvTdiM0-ry_s>URi~X1^u_c>Rf*M=O+4cv~-|$dD$ymU=Vw2b4ZVYqg zB`ZZK5{2kVle8Z>gAuijf;4-c!hfPaz5f@(Ew}!+n*s_!2EkGAPoCxOvQcA%O`j}G z_&Hq{^44=@u&tESLn~@-RV=S<1L_MV-t^R|vwz?znJa!u)LCX_%x)`5BC?3MgnK>j|L>ub(HWk z&DU&#nA@ug8`D*)fXX1_jP@S}9#nLuehZ)z2REstCA2a{Zxc5V5`ikE6po4{{ zFsS(Q0RIh5u8yA1j(wxs4Z}<|YDUnmoZjep=u_|!$}ho#X`5G3kUyVi`5y<$ES{8m7dfVKy@_c$s z=FG|nU_j@Bk(ytMqawHb z&Ki0x7jgUR>99uP>&8UF5yyq^`9D^B8cLQWw|yo8{W&1a>{jIYrlODBk4mdVzdd46 zbab}7rG$F z!TUrXGb*6^E+;{|x(9kWZGW?m|y7mF5E6 zbS|hpGST6FN-5tzIsbK(J~~UL$rCjz2@6gUzmk8qDL_J6NJrg z)rYvF3b!5qmbT=PxMc9=x^o|UdIwqL(u-1?Nj~WH>VKGM6Q{{vme>I1lmqtfgiwpfW{SRK$i!gNe zao6|0U9QZZx?;>>0yujKA3jym5>Zs)?iBA?j|*mzw}=&o$GUtk_7bol9g|Jrt~#`o z`P{F)>n#Tjv9@;mhPS#Z<;t$s{la`H>ATyyd$ffv|H>qq2*uKdr(;d6PaAUX3IRXf z8bjF5b&bs=mH(13TDQO}(@ThWRRZ%;7*ZR`HCRD8r|FCoxb3He4Y>rCq(@Ssmg3{B zpU^O~7}SKRI7fFPp|z+aCg>gQuG`qg!6gb2-94KLas6s8cZ z=$5Zk>0Xaf#hLvTc*?&pWkQeGc@1BRUgo^${bl;6z4}h-NiAMXFyn$fA}E?NS)HSf z`h_Su&WROUn+wK+;jj4G*S%-`$Gri!vSL|nI>OxfgfV(@u}=gyO;yMczDmVtibTop zbGRy+66eC*e{y|AridNG-=v=k)C)l3*GSPl`ur2`SHfya&wX#)2bRXbnl(Z~T3D?? z4<|G$iAzF6SUW>iZ z9cD&oyW~c&9qYVIqO}|uT(oZwY`(vJPigLz50z;4 zlu95YGM-dxdz)kx#@BSieuH`^*TW?hk z9%fttf!6isGmj@{{tDLpBSh8l*1eZjMcd}l!{}foXu_u4-J@PYO;sL&LhdCyK?Eu`~6CR6WfU| zW8O_TV@QVk|B?&(ys6sv^Wsy>1wN78O=|bR9y(zal)&!&=?ng+lhnXG3=|G)B!i^u zPNi$CiNSSyqMaA`5vNr|imK%obU(}wL^enN0EHr16&)&*+zy)@=5$G2jedCef%UBe zT*km_D|sl6?O?~w5K>W)rolt;HhPTpKiL~VN2BMXRO?sFwzX=om*d^9XT zz_Zr#6++zg?1p=o7t)GVHk%8Hc`59g{ECypx{rw&cTc%k|K=U%holY4oBcVb%m{0} zJo76R;!VR;(g)D%@o!j3^oxZf==DIrCispl;TvTE)F7t6#Zj*?G+$r>Jk;)EzKD%= zrX)ui<|^gkq&bZq9i1R7GQk~&(RKC>&ETEnEOZxw`NfmH@4n_{;TJtocdm2iy}3+H z42b2KMWxGSM)&AFZxDM{=D)36!;A}2THBJn!gGzC3E`zLeAqK*(V%M^4xtXCr=^rr zHC)}SxxeN7Op((cXvdwgb9Mx^>}AYP*!h;c@a}!oJ8@shZSNlzguS-emvV8{OBOP# z@2%Tk44rq<^pEuqfA6g*FRm;Kpzvl}#HMw}abl1-@cy;Exs)sM_=jn&Okgh~cAB^BO>TB#bcSIPzbYU=TR)cRzk z)Idqg$qDek&(vq}!OC8F;F#oxwkk)vupB;x->elN51j*8gj zKqm0L2X2Ln(WgA87k63yKcuiy?nBsm7-AZYI$(X?;(UkLvZA|6CnLV^5qPZN(uw2r z>st-;?&E9-B&3`dbpN%TNcut12a4mA;Z7M+VT=9mte%2H^eSCP9T zTQ-pa*M6VPT+V2|;wJ3Nb!ujRqoN=3=aLPaE94_lQ2%rM5vS@n_^;!Sg}t@YbK>^j zeC@wMFwiTM=A-^|j0^IE8zVYI$E4K5Oj6R%W&+Rd_o+BL^m2-@RlVOfsXl)TeqdFU zQYE#pPsn$DNeP=Wl3G94^3GD*Z*i7pQgGj7PEk5N$W(5{0J%JJxt~xTg>p4P3Ai<} zuOjQcA>1n+f<=ND2VPBggkx$fqY-Jx0t-SNzmS2VqES>JKsv!xM*AUspQqoIkmoYC zOM}hyWRQ5~+-<4QkTSX@#cY@86{?>xdls_H#dMg(yGnA z>8(K}No(^gBt93)eg9(rqCU}z6BCCZWq_$`8L@GB%(X|$C5wo{*Q|Uerz^%pj(L-! zxw60siy!bNCQ)5qhWxOlMxmt6So%H(??c||?nDecX7OUb{4l6ih2VOsl{nM9);*CU z*R0AVkkd<9oA|dYy`ls}I>k+Vkac7J9g3GOzt`F{>DOGKd5-R~MKDhm^XD51qN)-H z!j7rju?zt7x2PH8znekf-auqVqME#zsFk}#e&G^dqH^_ON_iXTS=%5`7My{btaxfu z97@OJdaXy01%~-wdfsfFKxAHym%;>X?=dE-`74_nbKI6)A_Kxwm4>My;qVy@OwrCcVtYK}BER)T))yseIDdal%%HxL=3TH>E-2BvOU z51DDdaa!v`s)9O8|9f-aD=7nd5C-0C@$(9~3GWR7L_s+Q+S7pD&n;9=fyc(elK9rp zNTB}KC0RQ-Qd`Jh2tmYv<;S2NCiO4|I41xH#L1l}&7n6NT0fTnl=;J#*L|x@Zo=OV zRxXG}ZXn)>Q3Lwjrl?-Uo|HF(&~ijA$w7rghFbgJobYGmXQcJm@A>WnjNnQ@MS?#O zz?A>fgQ!$Hk0({O^cDRiQ17ap`_15Ui~)4xNC``IZ3>zMws-&-M}CMLWKY(MH^DyW z{kzo4Ky5)5>eG9X8&Xn&04X{?FXZ)vWuOCwv+=c(fmN0w7JPoRFoaQE{`?cDGv43% zk)J*RaWp;$&-44pFpim45HQcjVdrR#+oiIdvz;+(~T2!JSl5VE`LCmQMUCuj|I z;nw`+fF6)y{4YnVR_{Hp2JJ8*o6hZ6IuOBR0V+2$qO3=rk4l3 zt;h~ZHR)7{KXLZ_5m1!z4Tv>J`c4ebWIvACFk~MG#g~I|4%~@A^D}xxmb3A>rQ-7( zP%}y+?^j>@FtqpDTH#|N>3qJ6ehi><4O@R~j*QfcdI1|OYK*3uI@t>981V1>2+PUN zf;jEheQ1s$Hj}c@KrR0M-c80k(p%}I$F|uhp=)87%q2jPXh>ghq_{f&f)cprOyno) z^4qV?U>p^%XQ5RNYo8*5X3#2`AHaD^;-&vq&0|oN5MQ>I+V(V@%Lr7^ND=v%=sbqQ z^;e*78Rozvh+Bdbq<`(vLHz@=$F@?J4l+oq!yf23N_cwa(fsrG=^7)?CYd;#a3{nZ zP~m8lfv3^$4#VK3F+M!%%HmUT{~n|m|I0C&f6mV({P2orYSGnuWCMCAZbxw|Y3&bN zw0Qf66Ty+c7ZtGuI$&(hh8%G=y~kt7HI+XqNyGb11P8|P$V~&;16?(DeTkXo{stSU zfIxF$F~6D+y?EUFeagsk==r-)5BR<&uB+L&)}=4A;`0K}8Hh#`mUh56S=v4zj+tOM zy_)w%sdzhZL*mcO$@uo5HyrY2xNS9X?8#ooK;=t}!>O?h(#gT{U43TfX2S%5E_<)jQj=-l428D+q{JSX}q8h+b5V6+%U2tI}G35TMe zA`@(O&eb|roxwN<2Am*{4xP}5CflK>K`OBRpdQMd>0XX)*0jX&VX-^@#^~__IyuKJ zEsQzVT$$h{JtbwFGO0MZ&Vg|b6D&X++semPR}R;aM&Nz+ck!pbC{NGco4KE3iK5os ziM3Gz>hXR_x@O7~_w8drod2Vy? zK!qcxub75_!>-g?b8~@DN^7xoi~t}5^n;FkM36CYE~kp$+k2?&LEQo=b^o1b5zM0J z`I#1KfK7WG;dh< zp%8i$jDrRAF9XIkPH=USNLLxzi2&5t4b**>T4nu>D3_Drq7r$bL~F1ND3G;wU)L3u z+}I4mAH{eYeQqA%0x9bM+Jj~M5ybg)$UH%q#=ASc18ArhY@w%e#2Xe;-y-Sg;?$rn z#!LcreQrK@xnV~o61v}W#+F@SoGdU+z&JQRN`XZ|Pcyf;^4S%eYAiJ{2~dQ*)Oo5K12=Gr%~wZEryw>0y1d3;a^sU10x> z3boP}&0ezk)oDxl4I@SdX8xRKF75 z|3eu@Vo7x{Na_989@2Nu6~sxr$|0e8Cq5QHMFugpkN?mvvfmTlX_IfydgyhfjRH`o z8j^THZ^=8rjNP2W{?&=lMq?e+A^(3kS7o62p?xDjVu1I#aTe~XELw1Mdu;MeKg$dm<`AfZ%3ph4TE>FxN!x?+ z|KairZS_0Q)93->!9fP1eYD!WI=O=Tsn@1p z9Imwq5T~8%eP-j4s(E-npf$cii+Rw=D@z!mn5ORg#VX&BcntKjh|wv;qemd6zJB|z zQg7`O4tJO<7>7Ho4#csUEF;-4`!jt6*yF5bD0e*!Phn8Aa5E?`_$`RS%ogY<)#4TJ z{P{JxE=rG)(^K@^Mwpxc7)M6zx${5Q6XFoHOrEnf@V#r9#Wf8qb_%`js4I6gGV4}K zCkX`l7eg`5HGPVwz>59oPIEjDUslR!4bBNm1=(W?9j&mOorSIo+!cV!gwYyrlsXx~ ztoxfVKD30pK^U;ob?t0Mhxru&$CA4`HFST!@oRnX?@KTGxl*Yo<~CrsyoT{A8`y#O z)Y{BGLbJqtdhMLS@Uy9u7P%NA-=S>TgY);om5$n@HC=9Z8>X=psAA>s^BU$<2ia55 zncF59=@^ik3iOg`P$YzuaPP1=O((Y@l{x2aY%B!45Kc##ctQwe>?hB2V(IPCgW5$! zFwQT+=Y7z;ysP|t46?#a2dFscFHg^Jds%qngc!GUu8^?)xU3A^r-dO!Uf;+3YgbAp zQMx@|wk5?6Q~~<0J)(jR+RyehL7l=EYWFV!H<;|WTd?&@A9nYA)_R%TBH~n2oCnOl z&dh9eTO%o9{^h$FALB)i%jE$}FwP=n3y5QOfw0K!h&%EG)SADx@JrXSvWe2JXCD~h zh_lM2^b-eG6Y*QM-i+P2Gb~6Fq+f;Zn^(+?|KW&rykrJ(!l6)%>J`ukmbrj0n}_Pf zS7TM#*adkVVrH175>EVgK!4Rj=FucmJd~UdYM4}4*s~7IH8)_K;m!dNr>ZX|wSifW zPn`{@0os@(+jseqKEXYSL16Dc0g1Me3-tHFT+esgWKJ)d-^!ZJS&Spe8WR5xN1Rgq zxspq7oSEBPMcnB~1vp3?QSAFf?KH!U&I}TAD~B1U`@#cW(Kq|zEEf^eRcPGl!&fai zx3gzY;GCN*kUi%i`?GB}iyyUMfC|uL<2TVRS&7B&5|`8Q1V5*59=3oEDnzKGobY*_ z(j6hOuXm(}-_2NqIwAb~yu_(I{y(bDGN7tpYuJYnq#FSd=};*N>F$t5K)OS^L%JKJ zr9)6ax{*eZ5Jiw~1tbI!4Dy?OzU#gF{d;~qXU*)1)q~W-tC{yhUkqPs%K{xaG71i+ zzaDJR(xP>qJz9AbKPL7QbgJn|@c#Wg*twUIuovS>!TXG~ClTs2@{hy#+yRnDE|}~_ zk)7jR8cp{Y5=b7m#|M3ucZqMIfw#6)rcIEe_r?2! zdRqvJAO&WX?`CgDi~*$B?aObmZ~pnwkQPRFMy6oeHt}#VlwGHI_nj+S@RAr z$YWAKg-DXgbPG!aXZ|PNhcve|1!Kq!xZxaW5{QGZ|DY=Cw6Hoz4CrIgQjG=}g9So4 zv!fJ^n(em56jh*dL9}`7Q6srAJ_$2V|Wq-V!oBymS$Gdf_NCb@-W}`qlD2oTH7@ zf26p%6pd#n6AQ3GC6_H-aP}o<5_lEPnrd-syf2s%)VGh^?8o)*dSL0j;nyIt>e7#2 zIUEA#%pk)de~i23m=dBwHv2#)mQO)eW8%9^_=s!qUF*c?cmHlN18um8MycF;FgP=} zT~23-Y?Z@1^8awokiG%|AfHwoIlCCjk9)Zu3ho z{CMCgTyN~OHDjsHpDpnicCJdz5u-x$bBia}DlWmxf)mt?Mh_Iw*oX@isAyl-t(%Hf z4UG@zfq5pd(~b_KG)n9HBc5I86`y%aFu`lG6XuL`FOueJ8kdyyX~j$@7Yd5ky|GV>Rp*yP67`sZ}OBI zd-({&E=8Q?Ho`fEst^ZnR8WR=3InGC2lW0S%a`jN+Lt7L)4ZLIZD8z5X9YU`>Fkx` zxUx=vx@Y&&Ii{$Ei?HL{9E>xM(hPBG`m$?8zm<=?YX>*O=4?9Ef`?DjrcN~RkKt~| zk|Q(V2e{Zf7{J@>=8hRsGYwI}$o!cO(|@Gq?<+tY18l*Zoq&^SkME$vFby^105ACv zQ?KW+zTAf@0zJQ{px(7@;V@ny?2K1Q@D83f??COgYcpIP;Y5f-)AwLbOE!F44!lW~ z_GL>;uqAZ;nG?HqpmJStkxt_XsHZ}4!n#n8d?)hu&5cm3TN|g@8~=wh(gSgJHWv8~ zXQq_uzJZ#4&750PmW`nVn^P-wQ;V5VJz?N}SGQm6Ym%#|HY(e*HJb?MSASpxyHBMS zM3F@}J*7WxtvZNjeicO&Xyq<>7!>Zms}xiizS>jMTj=n;4k|a7y4C#}s_R7GJ>$miOCcAxE8jOAx^0CNFPl!cDTkOxKBN59=AUu@(Y}+$_ly=&o7;s zjRc*Ani2QXOT-G@9}he%CV82E;1uTvlV|Zh(jE*=Q?uP+zb9z~YMmsjvGa=0i~hd- zJvI}&BVu$~Mydh&tCqgC&#&CTSwut)Uuep+9}_UXf^$w^Lh^WC$86HM`9&TV__fr6 z^iC&*9q0YtGv4>K$DaMJTQ3jRVaO9^4aNkuotwhtqO@fua(g_uFwPP>vhxx>&TtqH zu9D}63}CVOj5%6z4mhsQk%;q6%-*H{LVcg>G)cw# z=XtiFO7?%}#*+L7#QFC^{V6-Rfu-Llo%#1)l3>)_L3?FKaA_U@?DsUQucM>~D{KjV zt!(wKZr%C};8u8paF~1FxB!NA^$RY_F+V#h?x=aY=zlZ9@UrxR&oD-K$&*Lvg<0r5DMBz+RsBkxs9n zD%+Eh%(^a!rJnUm5`1?zH%%*<$b4`6AWjYZeNp8fp*I!b+`892%8eu0nI)Rw)x zkwKfiKI#R$3>Up)c);-rqW$FB^nyGXb*^t=@~q za~_N(TvM`Nake5-@$3Nop#;O2ChyEmkc4mHO`<$46Am%c08y7vW_w*8<$d~dP)6XoR_ znEfub=8yr6OL>Sf*V!l$$83qZ_=`5QU{4dJrp3;NLpjI76;OIgHzM)_=6?jli4Ick+gB zo6MQ$+MZP z2XQ2JE^yWgC=!1F4`_y!$h*)cBjGXai)}U|j2+w2QEAW#q4PAXjPq1nk5|t>@LsF9Zv`J1 z*Z5`p^R=1DH?QqIM|S_{B>qu!f^l}(1t3oD^l*dC?6%F{Y;eDqCA#^jcr3N)KHlc& zV%((+(pLeuqK zWz{bQbo!XiBdKOX&?y4{DrR?p)?kNKD~`|`Iq&aUCDa(ZFwS=~LWmRpy72rt7SSD`htGSoK-wKC}y8#zGJ-M^3Z)eC28IE9L70N34u8N z!(oMNQl`JAfj{c?gDvBZpzenTNpzQi_~`x{>>OZ~KbtSmHtWM^ILEJk>ooF2?*keN zTpv4pcLs4VZ+NUCX2;1tr~xi^13_&pQ5H2^dEj_W(K1TA}sIn{_P=6P2KckVr_V5%28!*v7ind()8%CeW<4_nUhhG%pe4m{fyS1D6`UL1LZe4kCNfg}1 zqYTgGv8h$5q!z!UfYaY!_`{E2i0 zO&_Jn*5askxS!Yj`@ZpQI`TJfK}Uu6?}(TE)flGYJ+=vt$)b7Nq78%zL4+FcG`;nS!P)+TI_lKHgGb=|bpEX$A zL3$Pqxi1(A%|_HQBtuNW4U-+oF?r@>F`_p)6RHv_5Wsrd8T3_sf9@~o^J!!yaL9u|r6}9FNonxU{%2XE zcB+9Z!h>St>@@_s6~VY4!D$;5g?d|t*<|;M`N|J>9Oy}X^|M>jN#wr!qskx$rCfcIH)HT z5N9EL%8S@hzUMjU@lRCB&savk%e&-P{M(mF%dau=!5-+prgDBU^hG7i{-MtIRm_s( zc;EY)Fb*1cy9;pQ`=jQug0yW@6hYkca~ju>%1vj3kPoRz?xr2p2K}1g^xs4YR)73G zKaA&IN*cM(lOjsyJUGW588=r9#iicSM@t+}0+GpN^(YgOTBj+@lleKxa($~9lL6qB zM&Z%iCzBD**LEYNy7SorU*QdGpUR-cdLzHruOJUsleaVHVc?$~-Xx1BD>4Lh5p9D) z?`1=ErVOweie6M{UCid~IuMLWRvb#=_K8ozWBeuQV@5DrL#Tp zM?xxd0 za5Lzr`8s#-+jFs%Uvbv{8@GNOXQY$^Z=k6V;i36WYL0x1+A3UK9?MCcI0v{q-N^V( zh~62;$qkz2ok-x}YjiDO_z@duwHbAl!1JP6gC4U6+^0FWM;hGHS< zDi?>E&wO;PN+YOyem|=DYu)7z<6vST{o(r*%?ad`vRXnwACnpRJvDR-ArmA1`E5FT z7`BnOq!7?o*SGm@FD+a|s@}5Wl69rQ<$&j<$Y9#-K;xqEdF@;gr6W)I97Lp}1@&>h zy?CE}?!Z54)Vt61q776}TJ#V`o(?ApaHR!Qwq^~Ec|20Fg2{7TCj#O$x9^BbZaU0q zU4mXsCwbpzWDKoL3WaGonb7DR@+yHHXG5$=ht`WjM$32E>U| z8VISPaWx)30X=f0J{o!6?kMA@H8*w3=dr%;zN88|^?fYUxHOq)axzg7AkO>XgMpNC%rCb;06ihu(c_$61NUk^Mf_ob#r;2G(yQPc^V8(AVxL*zDH5R0 zx_jPyjr}KlJzoz~fjFG$pt1HQD#xN1ScklpUqWpQ-CCZB9%=Fok!MN?_aO?4<*b}M zJZWq6>5SLgZhqcI&#i|#OaJE_ler#;ymyA!UcK##ci>Qt1e#7DgFKgJ@hGo4)r0K#4`*F&e$V4oaBeWdI5=o@5NCj4hMkATaAvU^ zkw@`&BehKUfpg`ka%k|VEjEV8@;Z2@N3>I-WtEdTY=|$=k3wcJ3WfWxecin_?iz4PsM;fZ?Rf`yHgDBZrRy0KEbyoF%s=D z6)<^7aFP4;dEqk$1HKEX7~mpxyrh^e9(frS)T~#=hk} z>VqoQKuOUOsAJNq&?68t=YI17ll6@GYnOr7yBv7N9wxwE zj_{=KekYT*(dA$Mr|O_R(_9QbF3uw4Iuy2zG?=x=qdYAEmPEwMru+w0wh}w&sV?X# zdPm3Rw?RCY?@oC$Zz-h{6F2WuESk~?O^-~NJWdHnyTEeU!q1)5VTuh0qYW2;yW>o6Nj*WqO(nB1`G$)-=UCtO?xmYh)slM~prEkxSrKBfi;PtSO`)leqEW z^_4PXk9{F5jxXa>!2oeIOz$Ni42465p>wP$Sy3dZuh1a8C%nSYUlSFP1>#>UD$D)q zmpzZ_^2g2$iGy=oaP#}&@^lJA97*MH2Isx;RWEQe$UX{1!&ylyNb2n~F=E%1U8b@r z1X(7Ex3#qTYoiJ~#RtCGb!R(DkTAnI&OXR{*+^t7Xj<*MJbojh;IVIAWJ<2_D-x^> zPuDBNVe(KJJBU;3VNv<1hDp{)tG}o&bPgOLbqauU4v8RnXx4LagX=$H*F}MU{(FFF zVkgLs$+VWcYehw%^qxB!QTQ{gw5e?aBj(~hL-;ID8$tyyS#9zw3K@8)V;n z`ui7*%c6non{>%*ZGK=9M51?SUuA-KmDoNVC?{XekGhJ|5oVpS&#)9y^}*zE*+ZTi z*j)G@lE03~DT6OVJa@S%8aeC5ZNnA2aN4n*K=%O~>=w$rRY%7z?0~$Do%7FooY)V4 z55YLDhkTGc>-*c%uJYp6X&6B7-SMNicXE=%dWf?j%1c-qokj^7Y#Hj?*QFeA&+c|i z3zcJpi-uiapM`PUA3cOPDA{2Y)$cl4?}1)uiRaq%-$&>7(@UdKi|x&DK1RLD1j&}q zP}6Os?w}0}S7|;Y8_`d1YG#9Re6^AOF|%)p6XbI)Z;Qc;4}yzV^Y_ol17$iH-SD^+ z;)|BQn*c8Z+cziWC+isERVe05%vxUYi}A2{lT47R4kXWDjkl7X29Cih=(Ha{@Wlje zSK{sCtOQP>S^7KD1!}n9++cMuHwz<}^zwF{!53kbZ6zRsI!piCU%{LIzq7Q@ACc_= zUNiAra2}4K_Iwch#8fbZs`1$>FlW+?`Pwb^4j1y~P z3CR;(O3Mv+U1xbIsv}5EsHRKXI&%Y7 zKN2Ou;)61A>PWjXYCGBNU7!nDH}Gp&as@w0csLs1yj3r6O5JjRgBbJz)`A?}g^V7t zLyW~PPU=sR+eP`z691D&w#ab=lE>KbfchcFhygwD^K09LkqnWr2^~|W&-rFcKKfa@ zU<0CA@n~fuh&7gHX7{fDyb68(6Z;y}k^VpPqogR832_RxTgP1oKUS2Uf?m1DUakEv zhMfENn@SOu4_Pj}AApxE$XT?ato*n!R+Ra};<-wn@5w-%p%c1Z`ufn3 zVm4p_9Q&I5)RU7K=&@m-X1hnB;4x?o;>#1oULk9I+F`*#Wm__XD>vH&p|}Gv5wiYT zRM7%?{&Xy~i1kNUvxU2Y6Dz>b?O6DV#Nf>rmWdXn1fo_l4e%}?A~s3BuP}K^C4{VH z>hqFe^pYuzQ)7h8(<>kDum4T6LT&B}@|p@UU*dXa=N z1!bKtpHxh^w}Zt*2!X$s?~B-`tEu2aEEp&{8xH1Z4@uM$K=#gmo-80b%A)373if&XpH*QQN|+EqF>*#j+)8{ z#v#L;gE+^HwPU`4-Ib3#!OL{3RC9*EACjqiyeVKZVzJ^n;sJe8IbusFf*w$DNyv%b z|JCpzf(DxevJ3vnLx%Sg;&e;uKX!L3E*sAQm;V^wJP#`r&KkcUdlVBzT}xsDDnS?c(8p{3AB(H0#}0 zp6tu2z*`aIp>I4!U_Y>@)SM-|LQ~hLXbI=s8-_SBLSjW9>hmt91~|u~7UBfZ_ZI~F4GP_71K)kg zfq;xy14ZCSzJ5t(e%?lo6X^3QGIvw6Bgl%jtTC&d`>yb1(G(#4`QQB9zz~5r-haq= zI`FrLm@$AyZE{<4>t?#IocQ&*@_ILp=DQ?^;8qj5pLuCx*FydEtlUiF3HdkXu_zda z!e0^M@Zg}uJ+bg`)WHK8D5qZc@fuweQ7Jf_RDuIG+E^2qz-{#OuEh&AuSPqres#$y z?AGk5x7~0~ASJ}9d$|<47@~|trw8=aXSnUL&)9Gjm{~Q64F}}Yf8vva{LI!5;sjXE zpQ1?A4twlh>P)k|g7lw%`0+`8kS6X;x*Bpt zz5?se@T$K}w0pi*Yq2>i0Y7I*@-M47oU^kJ$uo=p(;%*irRD|5zzy*d@^5x`aHyK^ z$@N%PVh9;Z>;`cM*k;!Ot)~|QabR5KNm-a&?hmgXm{2}l|>PRrf z9n{@Xys1T+t&xVWM0%GVCJ(JDGX9QVuG>VaAbrAL0wN5wM622@w|UYeRV_+?xt?Y{ zPapv=bohKVRp+hE`k5DO-S|2U@AgkFNRRrre(3icA$d*{A0#Jh2pm7XL=>)|yg;L5 zDjP-_{lT7;qHei5VWSIXzsjlpE!Nz7wXIA_`O#~imS@)pU>t@#q~1bNIF|4TqqOl& z49HmQyj&OWQ%cv{!z!U*eV+ zWiW=V>6#DmQbmK4?>KaTE2qiOv+qfFyMrwKcrPz0&{xM8UOZ9r>4-)xTD$tpqV;2{ z7t){qaafj+dS=1Iy>W3dOJ*M>a07F{!gnoXlbJal&hVO7jZd-%+DzU}`CHY9jXtiS z&6bk$zB^CwdAhk^91ia=Xnu&XEb@qyDhxgSft~XDuN2Y7$)D}r5(EP#^@Wa52q%al z$fl!I*tlSN;dAmxKM;KSQI{LagZ(EDr!F!NwuSG7;%Ym3?+oDR8-Li7xN_!u!uwf^ zF00^9Mm@OXo@101mv$x5?MIDS4~g^9VRk4*)xkNJ7mz#;k6(r#jkFD4H~>9CC7$7{ z_7~!Yqdx+MvDn;VE58E~1v(5ZuEwqwYAD+=Xkr%aVP)|z7GWHjQ7(vsL%_zi67oHa zav0>vNZ(MM4a+)CjB?J-L_km$K>mYMJ;WIYj^w&${yWCiQz1ngcGU(`d! ztp-VJ5|v9)`cr|1@`RdORVKgTv?blrg8J%ADeq_oyknF#_-xjju`n^fI-FnRD+yk% za-`e;_wpAXw@Q5V zM>kqaurcvvCV#9mL3-VP=2@aIAGr=C%DVR5K8V!SBEU`6!rj{SMOW=ra*yX4>kJr=@HL@w^(eTk|K>jx`$?0ynm`W+jJ%fjwKiMP&3zr?S=J4Vz;pYM>K zfJ_!4&KeZu+kB?%0cu4b`zzc-IMRTBm4xek&BsCECe-KM5%y$ER}0o(l#>ovJ%3Kz>U$cf>sLO`dKtcc)oGy17T6KmBb5=RCuW3}=sAqZodfT{2@-Gu-;> z6&Pp9Ef?Z^XId7gULe?b9|k-$0a(G;HwWJ$tlWE2!$KeLgy9MTuh8B4Yq#$ce)+bS z|6Avr)QK@9FBisH4K0E=bng1$f{zT^qYXj*MPxOzvj^{-mY%Sj^>*;n&m7jF!2Wuw z;@EzAnkYm{$Zb99g+6o659#y&=6Sm$9^!2O$o!mHu=#54C&(bET{&lTO!~p+ZQ=Ol zEVgXQK4=l-rHEr?MMg`}AO6W~53rH;ZpPQR0ppyUAoIRxZ@gWzbG&i*vk1J<@k+FR z|96nZU6e3kCfAuRtjfOU8M}p`mTA_;kTfE# z@2vm3GWB~f&MFQ)#OaN4*D2VZMmGuu8s!+TEu#I1iaz>_nEB{!#-EzhK#TQWqp_7Z zpwdF=yDI7$bK1(d#_y^88rN?ip{}(obIp z+QV?Amd1OlR&KR0$Ra@^O z3Xd-RMx)4X?a+$_AG!@RD>`tmwSbrM(mp7s2Y%{kDB?n0mNy%coFrC-b4ngTob2Ib z&zl1qcOw-Ld8C8umVDQLtD#1BJd`LL=tc1zQ@#>WC;T%&b+QzKtiNc`W{7H$S<#J2z(!XfweU=G8U%QEkiz z^l~aH%3>CjOfZhm3wDSj#vQe+<+z(}1bW8bm+sV})z@k?M_{S3Fx#UjQp|(i&PFNO zDfXih$AfkG4{e28tkjPM?O~j_`!*2gE)Ly3aX{ zpGDz-YA&hIxa>d8xEKuw;`CBJF;9)n%fUD`w~^VSqO<`#q=eALiOEJuMVZ#LskfVII{6`5Q;P#)kqJF=>Nzs=Fa;GZ%v*ke>OU z?F3~A~<)&leMB6(hd4bB+;Z-%K4e&h>TF6 z6|93~GZ1a`$7xI8zaJ}5rN$A#O#tT8qv6W@Zms&>ta85bW{_0l#u!)}6>U#t{ z`r#iDn4iWrDbUAfrF+AQ^jQX_gMpSm=n!L2C#jDJOw_#dQQUXE+XDm6=}LgcWq{#H zt!yBAu|)(dB+M0jhN9!2RK&r?;R4UdYqQjpK$gI(gzCvLez|LrHCb;)ct(RGYz^U@ zZf%I8-5J($F<+L{0`%|}{$%>?7^$KQ^sFzxc{&(Sqo06%At!((z%t8r)@w5qFCd7) zM9_9i2hQm!fH=MMxasuhLCi_e`OFlUQnk0->1I8h{{Ueo3-46ClF!OkW%o5$~NbHlA=x5zhA zU_9sh8V#~_Z$9SQIn0-32yGTqzDxTsRCfZ(+xai&A{F9H2JN0`=^vBWiy{ht%>13{ z9X|O>rmmh`p%NY7L&(q#{5FquHX1dhHEr8)LcIBx5XpN5g?W$P&2nr9gA^p)Nxq#_FJi@1EG%l0)1^U0p*PkyhPCjUzc z=P)4kgk|OVd)gOw^b|%w{Is_Dh{y_ogFz}iI2=H))y3!mqO*o{!L&UB8e^Ub({l|h z51a5UBa7jj&SOZPWz6p0*%KekIgnYSHg;|9P)GOSb!I86E*aF6pb}f4M;WZtUO8rQ z8C7Ml@h6#A5?fV=O2Rmb{%A;!UyV~*Pi{~u$nYYPb?PJ?oM<-t`c*a9G|gH_?0y5# z!;@diiyCc778}m~sJb&`6q`Tk0^=wZ$3PsD;UGt{n39Z23=sJbW9*HrxsjhiqbBmq zO~u{+bj%5O-~3Y17UFYbg1!;sNvRi!N4P$K^q+s<{b9)j#Cad;_ndGA90=l^mRknuRw>`rga z*>YjaDnuUj@7za8V`H^um~nS9Y=_jpJkh7H;rlLh=I7Z(`Q}A#D985G`XM`@P!lyYUQX} z&sSN2ah~iW_1@oyTLfHBb@vOY!522~(yEL&-m1K0R@6-#mUXMtd=B)w8I~v^!}M>_ zR>b~19>!-(CV&6JI8jfL{-4Y!%D#+)@AQ2MAoIFPMGl|v`L1Ch%D1L=BktJQR^X)) zjylK4O}i}knmMvJqASSlj&=77jFVjL42_FNtjX8>631C!;Q9Mfz#kcxm@oXN+j2g)xy`FZavds4C?HI;+6lt*X9KB{yOhwS7st- z$|wda<@wFOSI zUu8!wtXMZ*e#rzc<&6|fp!M6d2OYDUx+vomOv%?D1OKyhZD!WfHlevWe3t!aY_()& zYe^OuXV;Gh8W&mXzGQzPuXP?D$UwQm(q=V47zB5&uv1G-WIcRd3i3ROWX9~QXUNgb zNR52(jO7bP=#ruM*S~QcI(&sVmP|~SgO~(oXT89KWkVTKF;sMtkz5$9XYClg-aPLL zb_-2S{D}otIg1%XR{pI$7z`N|#)C++J4O8C|{ss&Q2*Wspcair_1MjEn z8Jv^L32(ssNM66B4@sEo+4WDPP*C=wcJ>SdQE-*jXiCbrGq*oVKQ6^q-^?)J`T^q* zkt{&+tVPhz1i0QEy+{O}FdqK&mI#uY2$>%hhp!*}2|W6X06n_%zrH41sWMTiB5w?~ zy4S{_k^+0lOPoj?8L!--%a&yH9{KZp1!S_^$#0og#mv7)Q#AD3etVx!;BP-TwTrD6 z5${OceZEML8VqUI1U@v>hsz^R0?FgUv-hJ(MuF_+N26!e3EP>TxhpDi!=}zj`$0I*;$;(5NUr=Ue1cFca=zTf%WseRoDH8F*==I zb$INXz|#D1VW)Jk4m;?4v_GsSx9s~nnS2wfaxwR~2A8L37m{bNXK;uvfnsKc3cMLe zx#6L!83ovrn0n1^o(-fqpnkd$p(Ekj2P6gL!5-m$7k|hz{thboAUAvsiwXcKIqF z_t$<}eOH3%KjOrxNPoDlBmcecSl-(ai(sXUv$GDlRFOYIn{j zXzpM&_>gy;HxSKCxUu~133ojSi7F$8bC%JeaXs<65ns5U#hwa0j=z)Q*zkT}1VAz?<2D^=%B!DhH>o0th$Kj!MQ zPxPOS9tdW*)mbPdebVvx1*&n3x#IOaf9x;loW&%6SMatwGKcAz;-m-{NS?OP(dnLz z+qWzq1JCXWCe6~sFWb;&Z0yF`d0$H95TGCW-w5F(erNc0jya?9B4u|l5#xm~Ode9I z1Bess$%3$|klgoXf-gM zoos;e)&H#@QbwfxrBU^(+OsP-Qy6&kXVwC;-t#Hc=_WJ=5bSJEpSojw0N#@@tS+Bc zYct~)%jv=kBlc^rd0_UkIH@C2k81Q>$82v3WupTbXLWkZ0!Pm|dCpI)${k`V=Yhd$?1>CaLG#q*3%7tW7S08X*`11zn{G5i#LuP}_Z#iW6gTowt z>v1#4%-T#14K%`g-ZQ=N1lw7r5C8q{171+oY@Wu;MacIy>*FIUj%9Znp3kgMy~DqG zCUaDW#?_%y8uSjOU(6U-ev+u9yNCd#io6ykvwG6-_P|(YuGMZKPT zln3GvXH)FbDHwT2F#A-TtQEO_(k*X0Fp24Hs0jm)?15MB+oIw*iX-s>a(D3ykHf40 zMBxXvLNSx6?FKZ%N90yKRm{_;2OHsJxQH76%zfp=Of`Maz|Tb-1Kx7hq3j6*>n z0daICnUC0hJpY&uI)6yWUdTQ%4~`laA0)Pki~XYS`GpGVdUL~dGp?0OvEtTA#OBSa zJ<{$%I7eX&;!t@6%5tr?%?1F^L3_xj-42hl34Z5!$c zYziqUP0}*IxDLe&{;eNM`dNrWx2LukUTyQl>kl{&wK_HMXQlss7d;bSq<@++IaWdp z^j^~r-@5k5%2C&QF<3Z__=w-RJcTTH)u{IIDv;x<-ln4Jy{FwGm)*& zC3JZbUK*foD^-x5Ab*4z^OcdchV$EOY;I47eV9B{+emwPH+cD0oa?7j4sgyh6|7#q z6EV_Q{47VuKO7yD*|F{f>f@+JtRGIP6)Kq9Y(_25xrasSLixu3#zifLJP(DtC%oUp zUBhE8K;(<1Cv07gReRaoR&B2vWD0tKpw0sQ$2NtcJZUQV(W8IP|I}P?>of_fgmcu9 z_TU&w&H!ixzCCV=DBKoAWYb#|eq^S57|r8Vz_ZD}+I=ixhs!KwegbI@>zNi(61thW~GEriwm2<<%D_ z3d=56&Cj|vp*phvj>{hbac~y2>WU{~1?cR+Jl{nCw?nU1LE8rmLR9K^-1rQ0RBVTRau^g z?0(n%Oy!&r#kL;>R6t%O)va|;3fTb7Ey?#ub(LZlm-tdJ{aKu54tX!9cBXk*q%j-& zf=t6!)k0NnHv5uig0v@((wJ|RWI2JCXJs!$KEBnk{WxiVpw|uKL>;8ReLH8MKUfuVLj!k@ zUJu5(-BApUE2*u8pmgG$lZzk72XL0$ek@=Ah*ExjEr^=>_cVL*1<=D?Y9^KbN{yaL)Wx8PF4}7@D!})m7m9{##P{b4Bb)9)Z>TDz9)*M-GQc@*Pa#g)bEZ8^88=Ny;191>Rs8kPQg`;4nMdI1 z(|(sz{f4`s%L7*!;dk~%i^prMSRqakvom;)Y~Y+aQiv0WYOUX#U=nl%G;T2_eXeN6 z<$!gWToNVXSDqCrC+!2p2EStDc~+ZR@R>?1^l%1xm!)qu?lYv z$#ot^nBMpyl$rZ~I7t5n&gxxOA}hMNAyA=}ZAn(^f4$=Gg(%u(z{EsM%TX%u-qx6Q zYTXN+yw`IWPs1v^Hld}5jDP);hl7zBlILEQn89SM&SwvPpw}s#9V}{J3*q&Ry1t$N zqniyg!5?VV5#RcRWG4Ou$cCbN4Jy6eX?gz}CJ%=@(mz&)u{pJ*svaF;30|xY##GC2 zA9kWTdCe3ankb!%EepDUy{E_({OhxypOK_V5;C}{VDbCzDvZOGi;Q=>8h~MHHmT9Tc7DV2DYFkafPdnL1>KYvTJbNr6*m~y$6@R3Y zER1s>O9|qbay{nmDfna{QVL$E-#nf_%9yzm%{;i=dJ*cesL=*q3cmG=9$m*j@@SPl zh5j1%hzd~(FI?}vpNF)&F)(tEGSVI$8iRT(S$^l>yZ1fGQHxdbGKl8#2{D?tfS)8d zfC-(sr08c^?UMuJ>*T@AU#=11$w};x+R@O9f-E zg8aP%M_|9(#Pc<9WGl%OeqI)3?f1Yq!rsXEX=lekx@&BzZjUth z?m;u+qaK$L$wot!FNMp-Bd@!bf@s!!bbqpIUO?l;9^%*f?Y7C=UnpQ4*#}6!amNtp z$6TB741C~8MK5LEJsCRgRyq z7O`eHeyT&rH8dDUj#32TjNp^!vYraW_Rb;-dk^fa@>B8^{uJkqcQ^W>;IeyF04eeP z&d(E36KIY?Nrh(v=K}*g_+cFRw8s#K8`J7+#c;jR3dF5q*Vi>xzCSlpiNd^{o|ATN z#nhn*)-&BrOLc}KY+kQdN9wjw%*NQ2BQTET|L+%PZSCr}5T@(9o&oyFj48LoY{her ze;|9B!htW#Q%+G2qSxNSYxnwEE6z2X9V0$SBnb(pLiL0H=Eu@j2$BacL)rQfzT=Kp z2k?BKNOj!)T6A;5;{jhd1!}BFwe(lug`qI&Sx^gAA^AZi2YNnAH!+*N8Vnpjk9vuIM9d6W4EwKyNPd$hV%49jb!q`AP;VT zJ<;ETr{`8tmwf8VI?Z}-T$3OW6gHhW;dD;{1? zEXgf6%zh$4g(aJ^{ZZAB1jZ?-L*{w*OuTIvSHa8MB}5dCXUQjL-*tN2J9%wKx(1!l zgVihz=<_;WgjGIMVtZ2W_eiJlN<2Al;KMkDOh|jj)Ndq$%O~l89auI;MK8j)OSl>p z?#})-c(zXJJ4^_?+e?PWbT|X{RAPd*6!8Osehq|bTrf^M5mFy}7LcBK@ZgFS^ChUv z%VjXb)=sUaa~XYj%#p_?eGkf4ulp9n@#W3#xSNn2c2bZdeQ}$d7K}62i1b5hn2b9! zq6uHsfzDn;kKQoeQjR~0DXUoAM9@^DRhWV3NZ?zE-p0*T8JRzuk%JQzXbCLig8$=4 z2=u5x^Sn(k&|86V`~EdhH{nMw)tZ{l*>&OejNcNcyTJ9m$ZHU-!E~=lLGih^s%(EcQn?C`{j^vts^k=>fdbwXfLU z&Jzyh_HtB;j$Jd`^9tpE0Oy?Dg5;UnBJGQzS`8JR0vd_~iAfLP)pqxJ_D$T;nkRAo z_VvIE>=c(4UGST&fkK2cxJUms86h3a|12S-gp3bnIz%g9C($j?1m}i};v{FP(uJmg3BpOZcJF}e*om|ZC$jMfK@OZe_r zbJ7%nOv@n94@6*mY{@UYyobD+XN{eznb$ju1)R@MCkTnV9PKeK5w^Z~_5;3Up|E(0 zgfRF2x4Ua%^XmNCgy_UUe=t02cU>H2G zURgtWfbkhNE>W^bNS+4rr^^L}G=U%ww(yu>fJz~kDD^<5fcp(Ge`R-UQbgh6d|jPzOp~A@ z?i($|in11ir-om_x!RUCuvcMVBmb^7DAMHB*S|qiu=_$n@^ldz*Bxxf@#*a1mKV8T z<$CCaJ;+`~+#|`7jAK>`XQatp0RDNSp7Qx(IYBRRxspask-?cYE_s+dTGB{;wG^8} zuv^(BKP3a)Fevd1@3B+pL&;*_gQu#o*5rplwt>%G4CUPJZ24D(YlbAE4hP=vx#8w?)Zd9=mlpm90v5Vc1#`@CpD1${V4IE)!pOZRLrvPbC|2!hC%=s`AWL8HFX z;*W?TP2z(z#Bokh+~GWwU-zH;Lc&%-0XaW~n)rDBdO#Gz5!_!OYeQv5RI zuX(z9tdtk^>Cf*~V6UTG165CN5-LADTIYZ5Y!&M=_eh_upl}!_k53N~#2H)p@*Erc z9SarcEXY4~Lv`9`vq7-&C8}o9o0~*o3@6~0ol;WjcVk5#^45K5mG=AYgfyEijFVA< z^tYgPO0`I@8`0b|1S>9c;$yQkR<_EopEOJx>P9=ug&g!v z3FSl`#;FiN>Mb9m!Vp_Gl@q0xfk!P-5>>K1#O{m2M(Tu(WRC(~&JWQ4&~x&8pAU6E zMh8p(-LAkKzCH(680Xb%254N$4J9SIlvIxQK>ac^>&UGx&C=20@}ed=eO6VqKh2GFMgt>xIH0RnWt@fP&j1st&usvFCR_4UE$gi}WAL4mbBxTee~1C?E=xN^+CP zbI%FBF%dU(y;_m2+QxGC5!Nm|uxl<0)&|`fyG>J|s_(1#XhZYK!&E zM-Z2x@Fj58(e+?M{o(qp=m+gV+lDsaJbdkLq>oLP9o0B$e1~u4Lga5FjMHIW331|+ zd4rNLf{7P&LFaN2gzqPWMW)C5$r8=(U&LQl_Q5@vE|O&8b!Kw>fbd$c^~GoR@8}hK zaE|{b#EDI|@udi66+r|0!pN4pfbHB7je*6S@80i;8U0naUtqsSR^#Vxm0sx7wVAq$ zag_QUBVh3+iH;Ox{tvysOS4Worjo-i5NW4d9TRykqMEoQM@)^8uEM-6(g3tHjRfz0 zZ^~Nctkx$&XEsk4jSVs3@?^Y#HX##$_%yxa|fb9MRDtLhSErQ zGdlW1vA4b%sDGERBH*-Z?LXBiTx>4-wrJZIa`y?0(-xnojaHTmdkQ$KB=L^klh`!CIljm|hpDgoRXwDl z?3A8BQ(o^0A=k>lloI9d)?Iu??fZ8E#JfuwJKkxOr;d2l9!J(a5jZnf;Mjt3dc*EQ z^8Di{gGvI!o!8g%zHx~vdC-zZH~adk-mEVJ)h|Se321+~HxiQGCn_XRcQs9W!t_Il zzKl_bgVN~EyE>Jhy#*pCX^+nK8&Z!BKTfpmOc5?{&ThQ~er)&D0b#`g*U7L_%eLwL zD+P`d1kA54(J%55;{14{{N=GUnhmNe(0?o>8w6(@V-1JoVm%7!`rJ*cK|iAV<+c@e z3at_aw6=>&>f3KJyQ>oC{exOoFSLP zdk1~o#7+m~l=ZT=>&5<}-s`@Ii+9o6ZQxh}so3A16>&-%q~$+87}{7*Whi@!l2X3G z`K5~eg45H7aYqC>jdfB8+6U<~Jb7XxrMBb(IoS_1d6lvUu|ai2(v)=81nM=%{;0B} z!!hJD`_XUWheCbs1ur-a>P1muv^Fvf_#l57=A2y`4SntjL7PUC!XV_n?k@%Cd;#3I zXg}8?@{fB}!2y~=H;oSMGH>|wO~3XdN`g=7)0TR!jIjs#mBvsQGuOota`wNX9G%u{ zF*;H~r$BY2>{Jm9edgg$>>&wdW5Spu3*Y3eg!;SmUijc73(`ARQzT@`f)u5^=OE4d zd2|*=@KdaUn`7Bw2T)e5e}mMh3}t-1tew}wbxPQ06u;(8{8?zAsP_fOG56U3|K<j^b|t!qsW9XV4^-S%i4a_cU(Sxu`TV3YCP@>vxI6eP*uITq85$yRbB}lWhz@{OL^*e z+?#lv&`{#97o4gKb9iL0Xkb1_AC`^fSGt}DiPKGnA0s$<$ z6{{5-y>CUlR?0nlswBjKv{pKTr(KvnhKn$vI}gar02k6N`G8_tMx@!$BlLVqorU-(1~udYmX z6v`ul{1iud=TS|&;jMhpRC;5MKTTCgo2Q_e2=~ zZMN|@u9USK)8_66f+Lpbf5UmTvr?WK&IO_lI3g&L%Ktf#cf#MrM}3MHhs~Wg{8RYz z8OXojY;t6QqM$xmHw6UIY%bIE4`OpQfR z5%t4)P2$KLQ2HRhpl)s?a}%S#P5^aRFYx*gKW_A!{Dm+XsMZLC6Z~t=ZQa zvO$loUyMYBbGGBGe)mTDLp~FOR@-ovnh*8y0Xm2^-df|rXdP?<>~HEWMBcGxzTouF zHPI_LN?qK-wb>Y1SZ^mNV9wZY$*%LjuOo0S`Jtc3Z^ zekwwS{PP6|oWdbkjtqU8ZU+<(ch(0-`TM?Y3W}I@trLT3rI8;NkV!y*&(csX_d|XF z$H1K@!=HKiZT?Gy4E1$CwG}+`4C5H^F$4ASFvD71=9rrnD%G8uTpww;NMT6^g2sJh zOm4Hzc)iMRu0kI(GDTv?=8gX@LPmc1!iRyd6iC=^8k_cVQ^5xFD9Zc<83hB=e0Rrp zLg-ZOF3`Tbl-Xu*h?;xv)+M>!#}-yB>@)8=C_pfBLbJJ1t|k>nfylRwsSyue4- z@a4Qron||QIJ~8Y+|{ ziT7%7q>wQR_O5`ORqTgH91i=5z0`|S*01S;>AZ~|Hg3d*zgEm^5bPKfTEl;-{1dEO4UAf!LAf^>Y;A-Kz~y|FCunc{({3G zDR@oj9L#o22a1TK(J=$<0#o-xpw`PSkXbJg&)h-&GHtB{PuF71>PW=BU~fzxtLOBa zyt#<1G{XxHhpfRTjLj1HsCz)pSbLYy-k9g@d%}cc^ZIHi6xKk{xqyne$_&pw7i(4N za`zu1ZHhmUKV6omC9Ay93JZu!j5i(*&!%RLW zsM7`pY*2;*miQvWv6=Vny+TMe)f8w}0S%L!oSoIDFKR5CTcn(u;GjanKECq7h6Lj$ zJQRY2hlT@(0LKIe1IGdbf?@l=5ZsodX{1}V1=e4H4v2ggO$ca5A@k=Kfz+9&V4JID zwE?w1(p=xyr@4ptC=RwFV-}V^DOJ=RrvEL1OB;UJmbIJ zvFBvyV!>eVWX@>rVE)hjdJGmWwy#;sl8T0#N_i2Tf=bXjdi^0mfCqx@eWNzAVsD8; z?(D-k=oPE)@&DF1($G*q$RWW!EazV@j)q0QKI@;mxEuZ#@8bUEIntw5YhVT64QgV? z_T_#Ik49$|P@A!qa>b%i;DvfBcr>!JA*A~BuqiSEUg(_?JVCLS(@6Inwi>|FqoJ!ezLW7 zb@5_!wlueU|IaABXJKMueb2=CU!(OWB>SzrsDDZTsa5c#a9Z~0 zgaFDJ{4lR=HDkQ2>P}-&?X3=~kMW`M4+kWJL81ss20i_v#@mE2+1>=rEp+f_ahuS- z)=*q9*!=VuR_e5zsZA_P3W5!oC0&^5;T%C-7cyi5!t=g_DBrtJ+jOH8iAj6Z9WBK; zdA?u>J(G$@xvI4#jJf?Ib;zr*_RY@82(k)xqQ3T?O&wO36l-7Y_m_T5)I0PWYd#JFK)!zQA z@HO5D0;7ThnBq>shnAXIZPqe^S_vaRzbUVPQ%arkZPRh*X1?g}aAy}2QY17kkuXw> zPEK9-n{1pK^Vsaw0iHnw97lT{9Nq)x#kR_7skQU0%*X3SRTH&qR;SL!-AdIut&j}E zx8n^31gF$|V`jAr$S|<~;ZrT@gpx7D*(!(qpE{Ze9(m=cUThKP!q$rHv^t+AiQ%2-50)t#=G$ zsextM$lXvBZu9%B5T!LD#}JU3ta93iqK&4<9V|adhCj<1-)}4fY~5qyk_f~sQmX!q zJ(YDelhCCgJwf1zzbUvMwa)2aH*lM^&Rv!_jIKzqK!>kZ= zg%jN%$KiV2t)(^EJd-Y5&oWDUf@cjmVGvQfM2J>SkU7VQ0VDHx*e}xg(bE_X31y+h{8TnUJ$4q49nLsq@6V}M>K;B*~6P)*uFo6<~{p|d1v#;#_ z8Ci4|^cQxu)(O0}5p9lHGZ29A0xyF1#rUFErJQ0IUMb;&lmtaPRf=Za`i7d=3GL6l zN&ASVKJe&&ec1FTb&77WhNDCjk( zt=cFZyK!;|()Sh_bUWUF^wc;nVk2UH-G?{qY>eK$u*0v8Y^P0Np@8s#03==0crt=X zR({T!PiNbkj_(ikDlJ5b|TT5HX%L1vzz~!p7F4gA)dyH5|ZWbD_Ab0>kW;ta^+7 z^MjuSOTD3Y_&9!LOb|UG@pS&1osdTl)(g9`XXsjqbJF*bQs9qRbm*?ba-`aM0kTb$ z0r#UC5&`e#{!%7nrTmYDRT}xg%j!0qHr8DzqY@RY(XfmUc^BgQg9=H&9yW%CuT7_U7>N|D{>PZxFR)9 zfTG&Zvg2Y#;OcFA!>(JP>4jZWNa{Pep6$nJ(7gK`s&#?=o*e;K*pBego!RUsh7FUl zjQTUjrYBGFY;KXF`9cGT8yaN-rZx7(AEYxH|30)HcO_WOe1_q(S}wk{_yESa(q zh)FRkpNWDdW zI-s}zyS`mo!p6Ei=Wws#QirdTEb>-_ylk=d{P+vkm+tMf3d72R8cshS8aojdM zPDGuG@$S63OGDdIq+U9Wu>8TrMnzPgJMUo!WkDwKxd&Tqflb`#K8gY#rWu_1k1Yik zRj|5Yvqi1gt%kga1p?xJ3@^ypxUZ*x<}ly0(S}N<6!};x|M1U!FlI6hj zTd)xga{un0s+z#T5$jHkM({jOR4iMUbPU3c+xh)NT`&=U)t#g*DYv~SZKTAF*_Y3~ zM9*5)(6X=>yxI8Me;PZN57goezJ~*WuOg@uB!aMlgFj>V13*7`0OJ>VW9Z`QWcuFD z-o?~e$idXk+||+!B!J$%(MkXQE8{04BSvF;I~PM^7eHNEU%y!*83PGdYof?0&?ze6nhU?QXsrIOZt;rW?TALnV4zOPg7_cvCBG><$Iaj1 z{>@q=;TzA&2nS-m=$o&qi0X*!EMo@hKp?O-7y8-4ToSH;&-GT8F*~dTJJ!m}PiwP8 zd92Q$Qb;FVeJwA5PO_Wm_jtjdjN`!0g)J6J9|%diIB0Q-PI2qITjoY;y&}1*yJ`sE zo;KJidOHn9ol2DY`#_|lFsD>Se6xs0QiksNt&9v;(_Wc&?myrjM=moctldKlGPGbj ziBNu_X9zZMaW&-vJf$NAV*InotFbC)QWQk^ek6azDp>QQ3H!v48xCEM^j1~~U}(AG z)Y)A`iDCkwKbRw2@{fgt(mhxCB#~t80z<4-bP$8Ok#N&R2k=?Xs)||BbhRb*Z=gH- zbn*k+A?=?|f!b(wvRD!1(!ygl5a3SEmRaoKK!X4Lumw@2iCzp0yL$^4;Uq7fY7YG* zIMWEODms2JhmBGbTC-rw7w$h^wuG0$+5cH6+D`17+5s6usNQrQ#B|VOeJ)fIcnQJ+ z>x!_GnK8E?s|tai7Ys29AOROfC8(ooCt*I_GU3s*F^@YNf0_-3C{Wex0GHoWgEvXP z&Hm7TN50+*-aqj#&lmM4(VCGMO$$CTVm>SclE1i1WtjnnFm+u|lr^x6PDpuWt{z`h zY!ZmR5z(Zsi{=VN4I`@c@1vq{2~!Y1QwR%|(*x3!*ZHeO!t7v1w|BUPTu{E&4;Cv6 zLrL{bd=3=n`k6v(8qZ_`x&Zk>2)TX(isl3+fjJd>nzN6;*RtOZZ>Wz6s z$opnq%+u*FnS%iUbGu}L0fd3qlllX!hfPz-Srq!_qQva?Tg^HUCz3c*;FxdMN`jT7 z@^pJ{oc|oO%0>`u#1J89K;zGb*s~K0j&)99pRQ`*9-RtmMXj#DwBw6K8g8;GaRg$3}!oqn+y#d`9^_k zC7lZ6KJ{}}7SvWb{(t~Xqmy-xoxaV2i5B=LezGS_nXLF3r)Q^Bs#bsF$x+ekG8`(X zbV_!*+4(uLzbbJ3!>2FiLHkDr3+?3RznCX`^^T`B^K77F82X820P21sPjw=iUHD_z z;1v|uPhJ%S-U0F^zF$#gB0m6DI5}3hK2V%Xhl-+bmHGAB;BunGMYPtQoK8UwMA5g5 z&hgk>pCZQ_Bac;?!>^!lQl&8T!=k9*a+5w{>*aGH;gv=2(%$4uI`goti&Hr1+glC! z^z_J6R;tl|K-o~CqL$IRD!oc4=+rqVJe_j0Eq%t(*3cKqd>MH#lii+TQ~bOli%Ups#aL17{Z z!R{TBxk5jS0a)C3cxFnHZ&|*vIb5KPFWO#zdLVIK-ZG^1o_eISwyc}l)kbksH8u2U zm>yzuKe7hLl`7zH zS-GFaCGsL;7r4NZp@BnQ!1q&>b@Wr~nJ)1b{_FNR-x+qk!xXEpmN&&uA;ROeU&jfj z5lKq<0Z!26bGpffI_zHiHprz3X3p@6DaF1gAq427L@c7wqVUoZgo%r&2IZ|1WY)FO zSSn_glbhwV;MJ=alD{o2LA@EpPq z$62N+SxP zWZp4J#PL-#CycF9a#{vE^?gk|%BWJ)U%_AzU*}%k-h3gFZuq6W{letp za_+VTL7{YI;d%3pJZIkuY!XPz{D#o_Y&kSM$qUv3s}W-vB@_=%v;RB>f(^?pU9!y5 zpQo%J<5Vb|7sl6Pv9aMM`vHlc~Y24 z8CyJE$e;Y-rU#g}b!BcKBl7PMi zR(Ym$AVsd&JLCI(ak|N6l8}cE%~6yffvUJ z-gLuRa*^nuC~!|E?9&p?dcYP6fxlqoLyO zb<>KTWYDtD@A3#A7ZuA*XNz)YsD2MAS3EdQn-Eu`_5nsNCXK{=${rk}6?IZC-KRFV z<1aRrvS?RtHG~fk$fT&yJvWk{l+jkPW<2*Fa|8ZLmR}?j9@E#0c*ybM4)1VkWIj|7 znCwu%TYK*cJ#c#QAhhvNrDhTioPD+OKl;-3|8sqbn`Z$V#`TzV;0FDOmmhsH!hKT= zWg$S$RqIDATPXV5&?+sA9UAV6cP;d>l8|PQn$$#0_-jW+QUp{LQ+&CXuo^OEMMl$d^1}*n&1Q`)c2uwYk_6hTS&(HqaF+AFsI6&65m)o~M%Snx z24o0R5K_i+D`(0AZDxF3@UG2}&bzMN!?4`+Sud`#We)J-x#V{;ksW|puF|Qxa3R_|pe<((%!45(xpDG!p~yU#!J+&-W|U9{%J)H0Bqb zzik{78OLeUgWi)(4Ed?JCXDPbW&}327%gue8({rI+F(*hS*8c?kl2w!sDBh%XQopL z^~J8YIrmNI#CZI{rW^<#GaF^^G^7l}`DdHeU zoFuRCQ!j5qHy&l8Q#@YE`(SU2FpGfYMF>-E15|q2+U~{h<3><-cE)Q?Q2=|ko1Yzq z6G`iWL`H(ls~JV%8o^_`^fXa9&srhC%=n&#d@30dkPQ7r5Sq{j(mKz13C|_EK8GGZ z$&tzvmvRvO1Yz9=vf#hbn_hUw0Q^~%^lhUVhO9oGPR&mZO=Fn1bR=`o8(Yc!jMpro zpI6^0v+PKHd_M{P+cux~gC&Kceq9%#tb-`VM4M|1*wxYB&+Z@4$Q=x(WYT!T?&bRC zb<5i@s0q06#ZPA{MESH3yQC3&?gfA-VH_oJ`)I$wukAVH25#Kg(1dAX)GeCxRgM;> z0dZj|H+wt*{v0!d(E9Tswb^|TzE7EZdmet=c>T~Jq&a+-NZQ2%aGYK`GnN&xf{7dh z*<>my4Y(#e1&jF7_Q;!NGU%(>X`Xil;)+P%1iGy1{TU_zxA%((x zRM(B+`CRM-Pk|=WJklS*syoTB4_{49E!20l?e}zrn3hAnkchRWOH{FZ{8Y?g(&QX~ z4^LeslZQ`ZP1P&WFUoNp_A7Xac()TpiHfWcROO|?1bIr7L~;)=!}7-Am;?Fuoc>AP zZ_8v?v)P@g`C*NSzq(hOW56m<;e0d-6|r1tQ@q4#`}(M+b9z)oYUTOG!l}2l z;YO0)9h~?n7`oTH?qjVo=(NR{~a$Rs!CmidYMQGgoNi$Pe=>PfT!{- z5v%JzgNYw{VOrzm%K;uKomu&HH(vx^`kTjG2uQgunhY`gM*7-v;DiH2wu(w!T8~Ab#yEhed|C1FLFPDIuuP!X9zS)VM=!oJZq&6Y z(W1I}H<1#J{PeKHq0aN$>v=T50mI2KOr(QTNxefjD1X|4@SLjH6SKt<-EfKT8 z!J*C12+21(2H?9=Ut)pZQAdRI+exs45K_ue=yqEihM2 zF(m9@41AR%+bD`QXUB%;p$qhE5InjH*ti)e68&8@$3x6Z9Ne^x7qDXQ@;*F`ay5cs zg@gT<`y)cuy8qwYA5$9(dj>mG7e-?zPX`x!#(%{KUsjl8PvzM$HegAy910-G)J)8X zZFXCc1y&P5=^!{*V!V;Z?{UZrl`MzleEm3|afA4q*pRSw*974LG(XchmCD+A0ZhB6 zm&!>{dwdF0|EScA8PkJV6B&6nm%=n!mwnqwmwj5iZe)9QT!UqUMi0+ft3#b_!+jQ! zu7Ii0R5ERSzf#zOxKo|+294W>p*O?)}LiEtf7Re>fQ0F ztTpoyEpI`e)2=DsR=&a?0W#tH!rc+qWIRduD2d`MGp2oAG@te}&Mn&qqdte9^y_Oo zOIIeS10`YO0`8vN4-PNfNYW-y|!UwhK=00!dBx1X8aN z+FTq3IbU5XWp9|T;SjK1flfa?)G26e5V6<&gSHQr}(7J zq|hLeYAC{I3mf%%@7VKMsGvVnmWP*U9;v&N)TU>;6b8(7$EjS!H31PJ_)=0mQ6K>A z+8wPDK_`-`rFw=tDDs8a$fYrx(IKpu)WHKn_n?bYHJdoL2>3fkNdKgkd|*@Fa6GT7 zBqR9IO{^_IpZX`TT7&KRh=So)*Jrq)8X#L%g-|eK$p`ukTf~|~Zoj-(f^XTA@Hwd^ zI1-RDW|peQAc;AbEk8K$jHkJ{Ccm}T>lkP*zQO&z zvD`ue{NRpPjH2pkkVq#}<#*vjF`wegFoMdsOQ{>cRViNc^Bo_B)t(zF#l>QOb9DRP zA@?wO2%LW|rg*Um;QvtOa+3pU^#JXafzaAvzq`en|DHHnSbPu$)b`06gL Date: Sun, 24 Feb 2013 18:10:46 -0500 Subject: [PATCH 072/176] Use key_from_input as originally intended --- lib/openpgp.php | 19 +++---------------- lib/openpgp_crypt_aes_tripledes.php | 11 +++-------- 2 files changed, 6 insertions(+), 24 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 5c090f4..38667a7 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -1486,11 +1486,10 @@ function read() { $this->symmetric_algorithm = $this->s2k_useage; } if($this->s2k_useage > 0) { - // TODO: IV of the same length as cipher's block size $this->encrypted_data = $this->input; // Rest of input is MPIs and checksum (encrypted) } else { - $this->data = $this->input; // Rest of input is MPIs and checksum - $this->key_from_data(); + $this->key_from_input(); + $this->private_hash = $this->read_bytes(2); // TODO: Validate checksum? } } @@ -1502,22 +1501,10 @@ function read() { 17 => array('x'), // DSA ); - function key_from_data() { - if(!$this->data) return NULL; // Not decrypted yet - $this->input = $this->data; - + function key_from_input() { foreach(self::$secret_key_fields[$this->algorithm] as $field) { $this->key[$field] = $this->read_mpi(); } - - // TODO: Validate checksum? - if($this->s2k_useage == 254) { // 20 octet sha1 hash - $this->private_hash = $this->read_bytes(20); - } else { // two-octet checksum - $this->private_hash = $this->read_bytes(2); - } - - unset($this->input); } function body() { diff --git a/lib/openpgp_crypt_aes_tripledes.php b/lib/openpgp_crypt_aes_tripledes.php index c889d7e..6f9eb54 100644 --- a/lib/openpgp_crypt_aes_tripledes.php +++ b/lib/openpgp_crypt_aes_tripledes.php @@ -93,14 +93,9 @@ public static function decryptSecretKey($pass, $packet) { $packet->s2k_useage = 0; $packet->symmetric_algorithm = 0; $packet->encrypted_data = NULL; - - foreach($packet::$secret_key_fields[$packet->algorithm] as $f) { - $length = unpack('n', substr($material, 0, 2)); // in bits - $length = (int)floor((reset($length) + 7) / 8); // in bytes - $packet->key[$f] = substr($material, 2, $length); - $material = substr($material, 2 + $length); - } - + $packet->input = $material; + $packet->key_from_input(); + unset($packet->input); return $packet; } From 04b89decd1be56b9a75522142b1eb50c4fa9d906 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sun, 24 Feb 2013 18:10:57 -0500 Subject: [PATCH 073/176] Should not throw away the version --- lib/openpgp.php | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/openpgp.php b/lib/openpgp.php index 38667a7..bc9ea4c 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -1784,6 +1784,7 @@ class OpenPGP_IntegrityProtectedDataPacket extends OpenPGP_EncryptedDataPacket { public $version; function __construct($data='', $version=1) { + $this->version = $version; $this->data = $data; } From 3afd4016881a7ea124db27c7627c64c96336af4f Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sun, 24 Feb 2013 18:11:11 -0500 Subject: [PATCH 074/176] Whitespace and proper padAmount --- lib/openpgp_crypt_aes_tripledes.php | 50 ++++++++++++++--------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/lib/openpgp_crypt_aes_tripledes.php b/lib/openpgp_crypt_aes_tripledes.php index 6f9eb54..9609ce1 100644 --- a/lib/openpgp_crypt_aes_tripledes.php +++ b/lib/openpgp_crypt_aes_tripledes.php @@ -104,33 +104,33 @@ public static function decryptPacket($epacket, $symmetric_algorithm, $key) { if(!$cipher) return NULL; $cipher->setKey($key); - $padAmount = $key_block_bytes - (strlen($epacket->data) % $key_block_bytes); - if($epacket instanceof OpenPGP_IntegrityProtectedDataPacket) { - $data = substr($cipher->decrypt($epacket->data . str_repeat("\0", $padAmount)), 0, strlen($epacket->data)); - $prefix = substr($data, 0, $key_block_bytes + 2); - $mdc = substr(substr($data, -22, 22), 2); - $data = substr($data, $key_block_bytes + 2, -22); - - $mkMDC = hash("sha1", $prefix . $data . "\xD3\x14", true); - if($mkMDC !== $mdc) return false; - - try { - $msg = OpenPGP_Message::parse($data); - } catch (Exception $ex) { $msg = NULL; } - if($msg) return $msg; /* Otherwise keep trying */ + $padAmount = $key_block_bytes - (strlen($epacket->data) % $key_block_bytes); + $data = substr($cipher->decrypt($epacket->data . str_repeat("\0", $padAmount)), 0, strlen($epacket->data)); + $prefix = substr($data, 0, $key_block_bytes + 2); + $mdc = substr(substr($data, -22, 22), 2); + $data = substr($data, $key_block_bytes + 2, -22); + + $mkMDC = hash("sha1", $prefix . $data . "\xD3\x14", true); + if($mkMDC !== $mdc) return false; + + try { + $msg = OpenPGP_Message::parse($data); + } catch (Exception $ex) { $msg = NULL; } + if($msg) return $msg; /* Otherwise keep trying */ } else { - // No MDC mean decrypt with resync - $iv = substr($epacket->data, 2, $key_block_bytes); - $edata = substr($epacket->data, $key_block_bytes + 2); - - $cipher->setIV($iv); - $data = substr($cipher->decrypt($edata . str_repeat("\0", $padAmount)), 0, strlen($edata)); - - try { - $msg = OpenPGP_Message::parse($data); - } catch (Exception $ex) { $msg = NULL; } - if($msg) return $msg; /* Otherwise keep trying */ + // No MDC mean decrypt with resync + $iv = substr($epacket->data, 2, $key_block_bytes); + $edata = substr($epacket->data, $key_block_bytes + 2); + $padAmount = $key_block_bytes - (strlen($edata) % $key_block_bytes); + + $cipher->setIV($iv); + $data = substr($cipher->decrypt($edata . str_repeat("\0", $padAmount)), 0, strlen($edata)); + + try { + $msg = OpenPGP_Message::parse($data); + } catch (Exception $ex) { $msg = NULL; } + if($msg) return $msg; /* Otherwise keep trying */ } return NULL; /* Failed */ From 05b757ab6c33e295f90f99232fcd18752aa36c4c Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sun, 24 Feb 2013 18:11:22 -0500 Subject: [PATCH 075/176] No index anymore --- lib/openpgp_crypt_rsa.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index 80850f7..7492edf 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -52,7 +52,7 @@ function private_key($keyid=NULL) { // Pass a message to verify with this key, or a key (OpenPGP or Crypt_RSA) to check this message with // Second optional parameter to specify which signature to verify (if there is more than one) - function verify($packet, $index=0) { + function verify($packet) { $self = $this; // For old PHP if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet); if(!$this->message) { From 58d1b5cee0f331f4a5bb2f696b8682a72ed37960 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 24 Jun 2013 11:20:46 -0500 Subject: [PATCH 076/176] Clean up encryptDecrypt example --- examples/encryptDecrypt.php | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/examples/encryptDecrypt.php b/examples/encryptDecrypt.php index 159bf05..11b522f 100644 --- a/examples/encryptDecrypt.php +++ b/examples/encryptDecrypt.php @@ -1,8 +1,17 @@ 'u', 'filename' => 'stuff.txt')); - $encrypted = OpenPGP_Crypt_AES_TripleDES::encrypt($key, new OpenPGP_Message(array($data))); - // Now decrypt it with the same key - $decryptor = new OpenPGP_Crypt_RSA($key); - $decrypted = $decryptor->decrypt($encrypted); +require dirname(__FILE__).'/../lib/openpgp.php'; +require dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php'; +require dirname(__FILE__).'/../lib/openpgp_crypt_aes_tripledes.php'; + +$key = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/../tests/data/helloKey.gpg')); +$data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt')); +$encrypted = OpenPGP_Crypt_AES_TripleDES::encrypt($key, new OpenPGP_Message(array($data))); + +echo $encrypted->to_bytes();exit; + +// Now decrypt it with the same key +$decryptor = new OpenPGP_Crypt_RSA($key); +$decrypted = $decryptor->decrypt($encrypted); + +var_dump($decrypted); From c341d7f09ebddf8a2975023f95035f812cb12e3f Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 24 Jun 2013 11:21:10 -0500 Subject: [PATCH 077/176] Fix byte encoding of some packets --- lib/openpgp.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index bc9ea4c..dd46930 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -578,6 +578,7 @@ class OpenPGP_AsymmetricSessionKeyPacket extends OpenPGP_Packet { public $version, $keyid, $key_algorithm, $encrypted_data; function __construct($key_algorithm='', $keyid='', $encrypted_data='', $version=3) { + parent::__construct(); $this->version = $version; $this->keyid = substr($keyid, -16); $this->key_algorithm = $key_algorithm; @@ -603,7 +604,7 @@ function read() { } function body() { - $bytes = ord($this->version); + $bytes = chr($this->version); for($i = 0; $i < strlen($this->keyid); $i += 2) { $bytes .= chr(hexdec($this->keyid{$i}.$this->keyid{$i+1})); @@ -1245,6 +1246,7 @@ class OpenPGP_SymmetricSessionKeyPacket extends OpenPGP_Packet { public $version, $symmetric_algorithm, $s2k, $encrypted_data; function __construct($s2k=NULL, $encrypted_data='', $symmetric_algorithm=9, $version=3) { + parent::__construct(); $this->version = $version; $this->symmetric_algorithm = $symmetric_algorithm; $this->s2k = $s2k; @@ -1784,6 +1786,7 @@ class OpenPGP_IntegrityProtectedDataPacket extends OpenPGP_EncryptedDataPacket { public $version; function __construct($data='', $version=1) { + parent::__construct(); $this->version = $version; $this->data = $data; } @@ -1805,6 +1808,7 @@ function body() { */ class OpenPGP_ModificationDetectionCodePacket extends OpenPGP_Packet { function __construct($sha1='') { + parent::__construct(); $this->data = $sha1; } From 26860d3b98ba189547b3bc44b3f68f808e388c80 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 24 Jun 2013 11:21:26 -0500 Subject: [PATCH 078/176] Always an MPI for RSA --- lib/openpgp_crypt_rsa.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index 7492edf..fe12669 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -181,10 +181,10 @@ function decrypt($packet) { foreach($message as $p) { if($p instanceof OpenPGP_AsymmetricSessionKeyPacket) { if($keys instanceof Crypt_RSA) { - $sk = self::try_decrypt_session($keys, $p->encyrpted_data); + $sk = self::try_decrypt_session($keys, substr($p->encyrpted_data, 2)); } else if(strlen(str_replace('0', '', $p->keyid)) < 1) { foreach($keys->key as $k) { - $sk = self::try_decrypt_session(self::convert_private_key($k), $p->encyrpted_data); + $sk = self::try_decrypt_session(self::convert_private_key($k), substr($p->encyrpted_data, 2)); if($sk) break; } } else { From e27f9e236fec5fcbef9c1ee63fc5c27c87d787ea Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 24 Jun 2013 11:22:01 -0500 Subject: [PATCH 079/176] Full example of decrypting a message --- examples/deASCIIdeCrypt.php | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 examples/deASCIIdeCrypt.php diff --git a/examples/deASCIIdeCrypt.php b/examples/deASCIIdeCrypt.php new file mode 100644 index 0000000..d567b32 --- /dev/null +++ b/examples/deASCIIdeCrypt.php @@ -0,0 +1,27 @@ +decrypt($msg); + + var_dump($decrypted); +} From e78424131eaea50471bc1df0054238c9412c9726 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 24 Jun 2013 14:34:00 -0500 Subject: [PATCH 080/176] Any secret key Spews warnings, but that's fine for now --- examples/deASCIIdeCrypt.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/deASCIIdeCrypt.php b/examples/deASCIIdeCrypt.php index d567b32..1afbcfd 100644 --- a/examples/deASCIIdeCrypt.php +++ b/examples/deASCIIdeCrypt.php @@ -14,7 +14,7 @@ // Try each secret key packet foreach($keyEncrypted as $p) { - if(!($p instanceof OpenPGP_SecretSubkeyPacket)) continue; + if(!($p instanceof OpenPGP_SecretKeyPacket)) continue; $key = OpenPGP_Crypt_AES_TripleDES::decryptSecretKey($argv[2], $p); From 7ae4d539f2333e7b199ef658f8c93fab1c3a84e0 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 14 Sep 2013 11:28:35 -0500 Subject: [PATCH 081/176] Better errors for unsupported ciphers. --- lib/openpgp_crypt_aes_tripledes.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/openpgp_crypt_aes_tripledes.php b/lib/openpgp_crypt_aes_tripledes.php index 9609ce1..4f208bf 100644 --- a/lib/openpgp_crypt_aes_tripledes.php +++ b/lib/openpgp_crypt_aes_tripledes.php @@ -9,6 +9,7 @@ class OpenPGP_Crypt_AES_TripleDES { public static function encrypt($passphrases_and_keys, $message, $symmetric_algorithm=9) { list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($symmetric_algorithm); + if(!$cipher) throw new Exception("Only AES/3DES are supported."); $prefix = crypt_random_string($key_block_bytes); $prefix .= substr($prefix, -2); @@ -73,6 +74,7 @@ public static function decryptSecretKey($pass, $packet) { $packet = clone $packet; // Do not mutate orinigal list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($packet->symmetric_algorithm); + if(!$cipher) throw new Exception("Only AES/3DES are supported."); $cipher->setKey($packet->s2k->make_key($pass, $key_bytes)); $cipher->setIV(substr($packet->encrypted_data, 0, $key_block_bytes)); $material = $cipher->decrypt(substr($packet->encrypted_data, $key_block_bytes)); From 82ed7d85bdab1ccd02281173dcfaa1717ec3de5b Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 14 Sep 2013 11:36:58 -0500 Subject: [PATCH 082/176] Rename symmetric encrypt/decrypt class I'm going to make this one more generic than one library, and have it support ciphers based on what libraries are available, so this more generic name is appropriate. --- examples/deASCIIdeCrypt.php | 4 ++-- examples/encryptDecrypt.php | 4 ++-- lib/openpgp_crypt_rsa.php | 4 ++-- ...aes_tripledes.php => openpgp_crypt_symmetric.php} | 2 +- tests/phpseclib_suite.php | 12 ++++++------ 5 files changed, 13 insertions(+), 13 deletions(-) rename lib/{openpgp_crypt_aes_tripledes.php => openpgp_crypt_symmetric.php} (99%) diff --git a/examples/deASCIIdeCrypt.php b/examples/deASCIIdeCrypt.php index 1afbcfd..b346a89 100644 --- a/examples/deASCIIdeCrypt.php +++ b/examples/deASCIIdeCrypt.php @@ -5,7 +5,7 @@ require dirname(__FILE__).'/../lib/openpgp.php'; require dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php'; -require dirname(__FILE__).'/../lib/openpgp_crypt_aes_tripledes.php'; +require dirname(__FILE__).'/../lib/openpgp_crypt_symmetric.php'; $keyASCII = file_get_contents($argv[1]); $msgASCII = file_get_contents($argv[3]); @@ -16,7 +16,7 @@ foreach($keyEncrypted as $p) { if(!($p instanceof OpenPGP_SecretKeyPacket)) continue; - $key = OpenPGP_Crypt_AES_TripleDES::decryptSecretKey($argv[2], $p); + $key = OpenPGP_Crypt_Symmetric::decryptSecretKey($argv[2], $p); $msg = OpenPGP_Message::parse(OpenPGP::unarmor($msgASCII, 'PGP MESSAGE')); diff --git a/examples/encryptDecrypt.php b/examples/encryptDecrypt.php index 11b522f..88649ba 100644 --- a/examples/encryptDecrypt.php +++ b/examples/encryptDecrypt.php @@ -2,11 +2,11 @@ require dirname(__FILE__).'/../lib/openpgp.php'; require dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php'; -require dirname(__FILE__).'/../lib/openpgp_crypt_aes_tripledes.php'; +require dirname(__FILE__).'/../lib/openpgp_crypt_symmetric.php'; $key = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/../tests/data/helloKey.gpg')); $data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt')); -$encrypted = OpenPGP_Crypt_AES_TripleDES::encrypt($key, new OpenPGP_Message(array($data))); +$encrypted = OpenPGP_Crypt_Symmetric::encrypt($key, new OpenPGP_Message(array($data))); echo $encrypted->to_bytes();exit; diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index fe12669..dc955cd 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -13,7 +13,7 @@ require 'Crypt/RSA.php'; require_once dirname(__FILE__).'/openpgp.php'; -@include_once dirname(__FILE__).'/openpgp_cryph_aes_tripledes.php'; /* For encrypt/decrypt */ +@include_once dirname(__FILE__).'/openpgp_crypt_symmetric.php'; /* For encrypt/decrypt */ class OpenPGP_Crypt_RSA { protected $key, $message; @@ -194,7 +194,7 @@ function decrypt($packet) { if(!$sk) continue; - $r = OpenPGP_Crypt_AES_TripleDES::decryptPacket(OpenPGP_Crypt_AES_TripleDES::getEncryptedData($message), $sk[0], $sk[1]); + $r = OpenPGP_Crypt_Symmetric::decryptPacket(OpenPGP_Crypt_Symmetric::getEncryptedData($message), $sk[0], $sk[1]); if($r) return $r; } } diff --git a/lib/openpgp_crypt_aes_tripledes.php b/lib/openpgp_crypt_symmetric.php similarity index 99% rename from lib/openpgp_crypt_aes_tripledes.php rename to lib/openpgp_crypt_symmetric.php index 4f208bf..e5992b5 100644 --- a/lib/openpgp_crypt_aes_tripledes.php +++ b/lib/openpgp_crypt_symmetric.php @@ -6,7 +6,7 @@ require_once 'Crypt/TripleDES.php'; require_once 'Crypt/Random.php'; -class OpenPGP_Crypt_AES_TripleDES { +class OpenPGP_Crypt_Symmetric { public static function encrypt($passphrases_and_keys, $message, $symmetric_algorithm=9) { list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($symmetric_algorithm); if(!$cipher) throw new Exception("Only AES/3DES are supported."); diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index e5ed903..90e5f7d 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -4,7 +4,7 @@ require_once dirname(__FILE__).'/../lib/openpgp.php'; require_once dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php'; -require_once dirname(__FILE__).'/../lib/openpgp_crypt_aes_tripledes.php'; +require_once dirname(__FILE__).'/../lib/openpgp_crypt_symmetric.php'; class MessageVerification extends PHPUnit_Framework_TestCase { public function oneMessageRSA($pkey, $path) { @@ -67,7 +67,7 @@ public function testHelloKey() { class Decryption extends PHPUnit_Framework_TestCase { public function oneSymmetric($pass, $cnt, $path) { $m = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/' . $path)); - $m2 = OpenPGP_Crypt_AES_TripleDES::decryptSymmetric($pass, $m); + $m2 = OpenPGP_Crypt_Symmetric::decryptSymmetric($pass, $m); while($m2[0] instanceof OpenPGP_CompressedDataPacket) $m2 = $m2[0]->data; foreach($m2 as $p) { if($p instanceof OpenPGP_LiteralDataPacket) { @@ -107,7 +107,7 @@ public function testDecryptAsymmetric() { public function testDecryptSecretKey() { $key = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/encryptedSecretKey.gpg')); - $skey = OpenPGP_Crypt_AES_TripleDES::decryptSecretKey("hello", $key[0]); + $skey = OpenPGP_Crypt_Symmetric::decryptSecretKey("hello", $key[0]); $this->assertSame(!!$skey, true); } } @@ -115,15 +115,15 @@ public function testDecryptSecretKey() { class Encryption extends PHPUnit_Framework_TestCase { public function testEncryptSymmetric() { $data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt')); - $encrypted = OpenPGP_Crypt_AES_TripleDES::encrypt('secret', new OpenPGP_Message(array($data))); - $decrypted = OpenPGP_Crypt_AES_TripleDES::decryptSymmetric('secret', $encrypted); + $encrypted = OpenPGP_Crypt_Symmetric::encrypt('secret', new OpenPGP_Message(array($data))); + $decrypted = OpenPGP_Crypt_Symmetric::decryptSymmetric('secret', $encrypted); $this->assertEquals($decrypted[0]->data, 'This is text.'); } public function testEncryptAsymmetric() { $key = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/helloKey.gpg')); $data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt')); - $encrypted = OpenPGP_Crypt_AES_TripleDES::encrypt($key, new OpenPGP_Message(array($data))); + $encrypted = OpenPGP_Crypt_Symmetric::encrypt($key, new OpenPGP_Message(array($data))); $decryptor = new OpenPGP_Crypt_RSA($key); $decrypted = $decryptor->decrypt($encrypted); $this->assertEquals($decrypted[0]->data, 'This is text.'); From 6075d057d012c9ce466313a614f2e7ad26a6b01e Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 14 Sep 2013 11:41:46 -0500 Subject: [PATCH 083/176] Use require_once in examples. --- examples/deASCIIdeCrypt.php | 6 +++--- examples/encryptDecrypt.php | 6 +++--- examples/keygen.php | 4 ++-- examples/sign.php | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/examples/deASCIIdeCrypt.php b/examples/deASCIIdeCrypt.php index b346a89..9ab6cdd 100644 --- a/examples/deASCIIdeCrypt.php +++ b/examples/deASCIIdeCrypt.php @@ -3,9 +3,9 @@ // USAGE: php examples/deASCIIdeCrypt.php secretkey.asc password message.asc // This will fail if the algo on key or message is not 3DES or AES -require dirname(__FILE__).'/../lib/openpgp.php'; -require dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php'; -require dirname(__FILE__).'/../lib/openpgp_crypt_symmetric.php'; +require_once dirname(__FILE__).'/../lib/openpgp.php'; +require_once dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php'; +require_once dirname(__FILE__).'/../lib/openpgp_crypt_symmetric.php'; $keyASCII = file_get_contents($argv[1]); $msgASCII = file_get_contents($argv[3]); diff --git a/examples/encryptDecrypt.php b/examples/encryptDecrypt.php index 88649ba..70b2fbf 100644 --- a/examples/encryptDecrypt.php +++ b/examples/encryptDecrypt.php @@ -1,8 +1,8 @@ 'u', 'filename' => 'stuff.txt')); diff --git a/examples/keygen.php b/examples/keygen.php index f0a8b56..4dd61f7 100644 --- a/examples/keygen.php +++ b/examples/keygen.php @@ -1,7 +1,7 @@ createKey(512); diff --git a/examples/sign.php b/examples/sign.php index b22c81c..5e68d64 100644 --- a/examples/sign.php +++ b/examples/sign.php @@ -1,7 +1,7 @@ Date: Sat, 14 Sep 2013 11:45:49 -0500 Subject: [PATCH 084/176] Support for AES and 3DES are now optional --- lib/openpgp_crypt_symmetric.php | 39 +++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/lib/openpgp_crypt_symmetric.php b/lib/openpgp_crypt_symmetric.php index e5992b5..a8b52d6 100644 --- a/lib/openpgp_crypt_symmetric.php +++ b/lib/openpgp_crypt_symmetric.php @@ -2,14 +2,14 @@ require_once dirname(__FILE__).'/openpgp.php'; @include_once dirname(__FILE__).'/openpgp_crypt_rsa.php'; -require_once 'Crypt/AES.php'; -require_once 'Crypt/TripleDES.php'; -require_once 'Crypt/Random.php'; +@include_once 'Crypt/AES.php'; +@include_once 'Crypt/TripleDES.php'; +require_once 'Crypt/Random.php'; // part of phpseclib is absolutely required class OpenPGP_Crypt_Symmetric { public static function encrypt($passphrases_and_keys, $message, $symmetric_algorithm=9) { list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($symmetric_algorithm); - if(!$cipher) throw new Exception("Only AES/3DES are supported."); + if(!$cipher) throw new Exception("Unsupported cipher"); $prefix = crypt_random_string($key_block_bytes); $prefix .= substr($prefix, -2); @@ -74,7 +74,7 @@ public static function decryptSecretKey($pass, $packet) { $packet = clone $packet; // Do not mutate orinigal list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($packet->symmetric_algorithm); - if(!$cipher) throw new Exception("Only AES/3DES are supported."); + if(!$cipher) throw new Exception("Unsupported cipher"); $cipher->setKey($packet->s2k->make_key($pass, $key_bytes)); $cipher->setIV(substr($packet->encrypted_data, 0, $key_block_bytes)); $material = $cipher->decrypt(substr($packet->encrypted_data, $key_block_bytes)); @@ -139,26 +139,33 @@ public static function decryptPacket($epacket, $symmetric_algorithm, $key) { } public static function getCipher($algo) { + $cipher = NULL; switch($algo) { case 2: - $cipher = new Crypt_TripleDES(CRYPT_DES_MODE_CFB); - $key_bytes = 24; - $key_block_bytes = 8; + if(class_exists('Crypt_TripleDES')) { + $cipher = new Crypt_TripleDES(CRYPT_DES_MODE_CFB); + $key_bytes = 24; + $key_block_bytes = 8; + } break; case 7: - $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); - $cipher->setKeyLength(128); + if(class_exists('Crypt_AES')) { + $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); + $cipher->setKeyLength(128); + } break; case 8: - $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); - $cipher->setKeyLength(192); + if(class_exists('Crypt_AES')) { + $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); + $cipher->setKeyLength(192); + } break; case 9: - $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); - $cipher->setKeyLength(256); + if(class_exists('Crypt_AES')) { + $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); + $cipher->setKeyLength(256); + } break; - default: - $cipher = NULL; } if(!$cipher) return array(NULL, NULL, NULL); // Unsupported cipher if(!isset($key_bytes)) $key_bytes = $cipher->key_size; From d2913ccb8aa2f49918b16f1099aa32a5955b45e9 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 14 Sep 2013 13:17:30 -0500 Subject: [PATCH 085/176] Add support for CAST5 using mcrypt --- lib/openpgp_crypt_symmetric.php | 6 ++++++ lib/openpgp_mcrypt_wrapper.php | 31 +++++++++++++++++++++++++++++++ tests/data/symmetric-cast5.gpg | 1 + tests/phpseclib_suite.php | 4 ++++ 4 files changed, 42 insertions(+) create mode 100644 lib/openpgp_mcrypt_wrapper.php create mode 100644 tests/data/symmetric-cast5.gpg diff --git a/lib/openpgp_crypt_symmetric.php b/lib/openpgp_crypt_symmetric.php index a8b52d6..9833a46 100644 --- a/lib/openpgp_crypt_symmetric.php +++ b/lib/openpgp_crypt_symmetric.php @@ -2,6 +2,7 @@ require_once dirname(__FILE__).'/openpgp.php'; @include_once dirname(__FILE__).'/openpgp_crypt_rsa.php'; +@include_once dirname(__FILE__).'/openpgp_mcrypt_wrapper.php'; @include_once 'Crypt/AES.php'; @include_once 'Crypt/TripleDES.php'; require_once 'Crypt/Random.php'; // part of phpseclib is absolutely required @@ -148,6 +149,11 @@ public static function getCipher($algo) { $key_block_bytes = 8; } break; + case 3: + if(defined('MCRYPT_CAST_128')) { + $cipher = new MCryptWrapper(MCRYPT_CAST_128); + } + break; case 7: if(class_exists('Crypt_AES')) { $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); diff --git a/lib/openpgp_mcrypt_wrapper.php b/lib/openpgp_mcrypt_wrapper.php new file mode 100644 index 0000000..1030700 --- /dev/null +++ b/lib/openpgp_mcrypt_wrapper.php @@ -0,0 +1,31 @@ +cipher = $cipher; + $this->key_size = mcrypt_module_get_algo_key_size($cipher); + $this->block_size = mcrypt_module_get_algo_block_size($cipher); + $this->iv = str_repeat("\0", mcrypt_get_iv_size($cipher, 'ncfb')); + } + + function setKey($key) { + $this->key = $key; + } + + function setIV($iv) { + $this->iv = $iv; + } + + function encrypt($data) { + return mcrypt_encrypt($this->cipher, $this->key, $data, 'ncfb', $this->iv); + } + + function decrypt($data) { + return mcrypt_decrypt($this->cipher, $this->key, $data, 'ncfb', $this->iv); + } + } +} diff --git a/tests/data/symmetric-cast5.gpg b/tests/data/symmetric-cast5.gpg new file mode 100644 index 0000000..950b791 --- /dev/null +++ b/tests/data/symmetric-cast5.gpg @@ -0,0 +1 @@ +Œ “9ÆÖF‡-`Ò2¾è—w¦¨D¿Êº0q˜,Èù‚zøý}Zϲ֣‡#Ö¾Ÿí aÙ›!þ!Í \ No newline at end of file diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index 90e5f7d..0f6ae30 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -84,6 +84,10 @@ public function testDecrypt3DES() { $this->oneSymmetric("hello", "PGP\n", "symmetric-3des.gpg"); } + public function testDecryptCAST5() { // Requires mcrypt + $this->oneSymmetric("hello", "PGP\n", "symmetric-cast5.gpg"); + } + public function testDecryptSessionKey() { $this->oneSymmetric("hello", "PGP\n", "symmetric-with-session-key.gpg"); } From 775aa9611882673aa0c36596c198e526065c2593 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 28 Jun 2014 11:38:14 -0500 Subject: [PATCH 086/176] Remove debug code --- examples/encryptDecrypt.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/examples/encryptDecrypt.php b/examples/encryptDecrypt.php index 70b2fbf..7804967 100644 --- a/examples/encryptDecrypt.php +++ b/examples/encryptDecrypt.php @@ -8,8 +8,6 @@ $data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt')); $encrypted = OpenPGP_Crypt_Symmetric::encrypt($key, new OpenPGP_Message(array($data))); -echo $encrypted->to_bytes();exit; - // Now decrypt it with the same key $decryptor = new OpenPGP_Crypt_RSA($key); $decrypted = $decryptor->decrypt($encrypted); From 0262b038f143a840833e78f79005a823144a0ea6 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 28 Jun 2014 12:27:25 -0500 Subject: [PATCH 087/176] Fix sign_key_userid --- lib/openpgp_crypt_rsa.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index dc955cd..db6c16f 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -131,7 +131,8 @@ function sign($packet, $hash='SHA256', $keyid=NULL) { return new OpenPGP_Message(array($sig, $message)); } - // Pass a message with a key and userid packet to sign + /** Pass a message with a key and userid packet to sign */ + // TODO: merge this with the normal sign function function sign_key_userid($packet, $hash='SHA256', $keyid=NULL) { if(is_array($packet)) { $packet = new OpenPGP_Message($packet); @@ -145,8 +146,10 @@ function sign_key_userid($packet, $hash='SHA256', $keyid=NULL) { if(!$keyid) $keyid = substr($this->key->fingerprint, -16); $key->setHash(strtolower($hash)); - $sig = $packet->signature_and_data(); - $sig = $sig[1]; + $sig = NULL; + foreach($packet as $p) { + if($p instanceof OpenPGP_SignaturePacket) $sig = $p; + } if(!$sig) { $sig = new OpenPGP_SignaturePacket($packet, 'RSA', strtoupper($hash)); $sig->signature_type = 0x13; @@ -155,7 +158,7 @@ function sign_key_userid($packet, $hash='SHA256', $keyid=NULL) { $packet[] = $sig; } - $sig->sign_data(array('RSA' => array($hash => array($key, 'sign')))); + $sig->sign_data(array('RSA' => array($hash => function($data) use($key) {return array($key->sign($data));}))); return $packet; } From d6568d492588678debbb9d346c66b0540f3334f3 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 28 Jun 2014 14:26:12 -0500 Subject: [PATCH 088/176] Initial doxygen setup --- Doxyfile | 1890 +++++++++++++++++++++++++++++++++++++ lib/openpgp.php | 4 +- lib/openpgp_crypt_rsa.php | 3 - 3 files changed, 1892 insertions(+), 5 deletions(-) create mode 100644 Doxyfile diff --git a/Doxyfile b/Doxyfile new file mode 100644 index 0000000..a3f7542 --- /dev/null +++ b/Doxyfile @@ -0,0 +1,1890 @@ +# Doxyfile 1.8.4 + +# This file describes the settings to be used by the documentation system +# doxygen (www.doxygen.org) for a project. +# +# All text after a double hash (##) is considered a comment and is placed +# in front of the TAG it is preceding . +# All text after a hash (#) is considered a comment and will be ignored. +# The format is: +# TAG = value [value, ...] +# For lists items can also be appended using: +# TAG += value [value, ...] +# Values that contain spaces should be placed between quotes (" "). + +#--------------------------------------------------------------------------- +# Project related configuration options +#--------------------------------------------------------------------------- + +# This tag specifies the encoding used for all characters in the config file +# that follow. The default is UTF-8 which is also the encoding used for all +# text before the first occurrence of this tag. Doxygen uses libiconv (or the +# iconv built into libc) for the transcoding. See +# http://www.gnu.org/software/libiconv for the list of possible encodings. + +DOXYFILE_ENCODING = UTF-8 + +# The PROJECT_NAME tag is a single word (or sequence of words) that should +# identify the project. Note that if you do not use Doxywizard you need +# to put quotes around the project name if it contains spaces. + +PROJECT_NAME = "OpenPGP PHP" + +# The PROJECT_NUMBER tag can be used to enter a project or revision number. +# This could be handy for archiving the generated documentation or +# if some version control system is used. + +PROJECT_NUMBER = + +# Using the PROJECT_BRIEF tag one can provide an optional one line description +# for a project that appears at the top of each page and should give viewer +# a quick idea about the purpose of the project. Keep the description short. + +PROJECT_BRIEF = + +# With the PROJECT_LOGO tag one can specify an logo or icon that is +# included in the documentation. The maximum height of the logo should not +# exceed 55 pixels and the maximum width should not exceed 200 pixels. +# Doxygen will copy the logo to the output directory. + +PROJECT_LOGO = + +# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) +# base path where the generated documentation will be put. +# If a relative path is entered, it will be relative to the location +# where doxygen was started. If left blank the current directory will be used. + +OUTPUT_DIRECTORY = doc + +# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create +# 4096 sub-directories (in 2 levels) under the output directory of each output +# format and will distribute the generated files over these directories. +# Enabling this option can be useful when feeding doxygen a huge amount of +# source files, where putting all generated files in the same directory would +# otherwise cause performance problems for the file system. + +CREATE_SUBDIRS = NO + +# The OUTPUT_LANGUAGE tag is used to specify the language in which all +# documentation generated by doxygen is written. Doxygen will use this +# information to generate all constant output in the proper language. +# The default language is English, other supported languages are: +# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, +# Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German, +# Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English +# messages), Korean, Korean-en, Latvian, Lithuanian, Norwegian, Macedonian, +# Persian, Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrillic, +# Slovak, Slovene, Spanish, Swedish, Ukrainian, and Vietnamese. + +OUTPUT_LANGUAGE = English + +# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will +# include brief member descriptions after the members that are listed in +# the file and class documentation (similar to JavaDoc). +# Set to NO to disable this. + +BRIEF_MEMBER_DESC = YES + +# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend +# the brief description of a member or function before the detailed description. +# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the +# brief descriptions will be completely suppressed. + +REPEAT_BRIEF = YES + +# This tag implements a quasi-intelligent brief description abbreviator +# that is used to form the text in various listings. Each string +# in this list, if found as the leading text of the brief description, will be +# stripped from the text and the result after processing the whole list, is +# used as the annotated text. Otherwise, the brief description is used as-is. +# If left blank, the following values are used ("$name" is automatically +# replaced with the name of the entity): "The $name class" "The $name widget" +# "The $name file" "is" "provides" "specifies" "contains" +# "represents" "a" "an" "the" + +ABBREVIATE_BRIEF = + +# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then +# Doxygen will generate a detailed section even if there is only a brief +# description. + +ALWAYS_DETAILED_SEC = NO + +# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all +# inherited members of a class in the documentation of that class as if those +# members were ordinary class members. Constructors, destructors and assignment +# operators of the base classes will not be shown. + +INLINE_INHERITED_MEMB = NO + +# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full +# path before files name in the file list and in the header files. If set +# to NO the shortest path that makes the file name unique will be used. + +FULL_PATH_NAMES = YES + +# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag +# can be used to strip a user-defined part of the path. Stripping is +# only done if one of the specified strings matches the left-hand part of +# the path. The tag can be used to show relative paths in the file list. +# If left blank the directory from which doxygen is run is used as the +# path to strip. Note that you specify absolute paths here, but also +# relative paths, which will be relative from the directory where doxygen is +# started. + +STRIP_FROM_PATH = + +# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of +# the path mentioned in the documentation of a class, which tells +# the reader which header file to include in order to use a class. +# If left blank only the name of the header file containing the class +# definition is used. Otherwise one should specify the include paths that +# are normally passed to the compiler using the -I flag. + +STRIP_FROM_INC_PATH = + +# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter +# (but less readable) file names. This can be useful if your file system +# doesn't support long names like on DOS, Mac, or CD-ROM. + +SHORT_NAMES = NO + +# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen +# will interpret the first line (until the first dot) of a JavaDoc-style +# comment as the brief description. If set to NO, the JavaDoc +# comments will behave just like regular Qt-style comments +# (thus requiring an explicit @brief command for a brief description.) + +JAVADOC_AUTOBRIEF = YES + +# If the QT_AUTOBRIEF tag is set to YES then Doxygen will +# interpret the first line (until the first dot) of a Qt-style +# comment as the brief description. If set to NO, the comments +# will behave just like regular Qt-style comments (thus requiring +# an explicit \brief command for a brief description.) + +QT_AUTOBRIEF = NO + +# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen +# treat a multi-line C++ special comment block (i.e. a block of //! or /// +# comments) as a brief description. This used to be the default behaviour. +# The new default is to treat a multi-line C++ comment block as a detailed +# description. Set this tag to YES if you prefer the old behaviour instead. + +MULTILINE_CPP_IS_BRIEF = NO + +# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented +# member inherits the documentation from any documented member that it +# re-implements. + +INHERIT_DOCS = YES + +# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce +# a new page for each member. If set to NO, the documentation of a member will +# be part of the file/class/namespace that contains it. + +SEPARATE_MEMBER_PAGES = NO + +# The TAB_SIZE tag can be used to set the number of spaces in a tab. +# Doxygen uses this value to replace tabs by spaces in code fragments. + +TAB_SIZE = 4 + +# This tag can be used to specify a number of aliases that acts +# as commands in the documentation. An alias has the form "name=value". +# For example adding "sideeffect=\par Side Effects:\n" will allow you to +# put the command \sideeffect (or @sideeffect) in the documentation, which +# will result in a user-defined paragraph with heading "Side Effects:". +# You can put \n's in the value part of an alias to insert newlines. + +ALIASES = + +# This tag can be used to specify a number of word-keyword mappings (TCL only). +# A mapping has the form "name=value". For example adding +# "class=itcl::class" will allow you to use the command class in the +# itcl::class meaning. + +TCL_SUBST = + +# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C +# sources only. Doxygen will then generate output that is more tailored for C. +# For instance, some of the names that are used will be different. The list +# of all members will be omitted, etc. + +OPTIMIZE_OUTPUT_FOR_C = NO + +# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java +# sources only. Doxygen will then generate output that is more tailored for +# Java. For instance, namespaces will be presented as packages, qualified +# scopes will look different, etc. + +OPTIMIZE_OUTPUT_JAVA = NO + +# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran +# sources only. Doxygen will then generate output that is more tailored for +# Fortran. + +OPTIMIZE_FOR_FORTRAN = NO + +# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL +# sources. Doxygen will then generate output that is tailored for +# VHDL. + +OPTIMIZE_OUTPUT_VHDL = NO + +# Doxygen selects the parser to use depending on the extension of the files it +# parses. With this tag you can assign which parser to use for a given +# extension. Doxygen has a built-in mapping, but you can override or extend it +# using this tag. The format is ext=language, where ext is a file extension, +# and language is one of the parsers supported by doxygen: IDL, Java, +# Javascript, CSharp, C, C++, D, PHP, Objective-C, Python, Fortran, VHDL, C, +# C++. For instance to make doxygen treat .inc files as Fortran files (default +# is PHP), and .f files as C (default is Fortran), use: inc=Fortran f=C. Note +# that for custom extensions you also need to set FILE_PATTERNS otherwise the +# files are not read by doxygen. + +EXTENSION_MAPPING = + +# If MARKDOWN_SUPPORT is enabled (the default) then doxygen pre-processes all +# comments according to the Markdown format, which allows for more readable +# documentation. See http://daringfireball.net/projects/markdown/ for details. +# The output of markdown processing is further processed by doxygen, so you +# can mix doxygen, HTML, and XML commands with Markdown formatting. +# Disable only in case of backward compatibilities issues. + +MARKDOWN_SUPPORT = YES + +# When enabled doxygen tries to link words that correspond to documented +# classes, or namespaces to their corresponding documentation. Such a link can +# be prevented in individual cases by by putting a % sign in front of the word +# or globally by setting AUTOLINK_SUPPORT to NO. + +AUTOLINK_SUPPORT = NO + +# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want +# to include (a tag file for) the STL sources as input, then you should +# set this tag to YES in order to let doxygen match functions declarations and +# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. +# func(std::string) {}). This also makes the inheritance and collaboration +# diagrams that involve STL classes more complete and accurate. + +BUILTIN_STL_SUPPORT = NO + +# If you use Microsoft's C++/CLI language, you should set this option to YES to +# enable parsing support. + +CPP_CLI_SUPPORT = NO + +# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. +# Doxygen will parse them like normal C++ but will assume all classes use public +# instead of private inheritance when no explicit protection keyword is present. + +SIP_SUPPORT = NO + +# For Microsoft's IDL there are propget and propput attributes to indicate +# getter and setter methods for a property. Setting this option to YES (the +# default) will make doxygen replace the get and set methods by a property in +# the documentation. This will only work if the methods are indeed getting or +# setting a simple type. If this is not the case, or you want to show the +# methods anyway, you should set this option to NO. + +IDL_PROPERTY_SUPPORT = YES + +# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC +# tag is set to YES, then doxygen will reuse the documentation of the first +# member in the group (if any) for the other members of the group. By default +# all members of a group must be documented explicitly. + +DISTRIBUTE_GROUP_DOC = NO + +# Set the SUBGROUPING tag to YES (the default) to allow class member groups of +# the same type (for instance a group of public functions) to be put as a +# subgroup of that type (e.g. under the Public Functions section). Set it to +# NO to prevent subgrouping. Alternatively, this can be done per class using +# the \nosubgrouping command. + +SUBGROUPING = YES + +# When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and +# unions are shown inside the group in which they are included (e.g. using +# @ingroup) instead of on a separate page (for HTML and Man pages) or +# section (for LaTeX and RTF). + +INLINE_GROUPED_CLASSES = NO + +# When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and +# unions with only public data fields or simple typedef fields will be shown +# inline in the documentation of the scope in which they are defined (i.e. file, +# namespace, or group documentation), provided this scope is documented. If set +# to NO (the default), structs, classes, and unions are shown on a separate +# page (for HTML and Man pages) or section (for LaTeX and RTF). + +INLINE_SIMPLE_STRUCTS = NO + +# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum +# is documented as struct, union, or enum with the name of the typedef. So +# typedef struct TypeS {} TypeT, will appear in the documentation as a struct +# with name TypeT. When disabled the typedef will appear as a member of a file, +# namespace, or class. And the struct will be named TypeS. This can typically +# be useful for C code in case the coding convention dictates that all compound +# types are typedef'ed and only the typedef is referenced, never the tag name. + +TYPEDEF_HIDES_STRUCT = NO + +# The size of the symbol lookup cache can be set using LOOKUP_CACHE_SIZE. This +# cache is used to resolve symbols given their name and scope. Since this can +# be an expensive process and often the same symbol appear multiple times in +# the code, doxygen keeps a cache of pre-resolved symbols. If the cache is too +# small doxygen will become slower. If the cache is too large, memory is wasted. +# The cache size is given by this formula: 2^(16+LOOKUP_CACHE_SIZE). The valid +# range is 0..9, the default is 0, corresponding to a cache size of 2^16 = 65536 +# symbols. + +LOOKUP_CACHE_SIZE = 0 + +#--------------------------------------------------------------------------- +# Build related configuration options +#--------------------------------------------------------------------------- + +# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in +# documentation are documented, even if no documentation was available. +# Private class members and static file members will be hidden unless +# the EXTRACT_PRIVATE respectively EXTRACT_STATIC tags are set to YES + +EXTRACT_ALL = YES + +# If the EXTRACT_PRIVATE tag is set to YES all private members of a class +# will be included in the documentation. + +EXTRACT_PRIVATE = NO + +# If the EXTRACT_PACKAGE tag is set to YES all members with package or internal +# scope will be included in the documentation. + +EXTRACT_PACKAGE = NO + +# If the EXTRACT_STATIC tag is set to YES all static members of a file +# will be included in the documentation. + +EXTRACT_STATIC = NO + +# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) +# defined locally in source files will be included in the documentation. +# If set to NO only classes defined in header files are included. + +EXTRACT_LOCAL_CLASSES = YES + +# This flag is only useful for Objective-C code. When set to YES local +# methods, which are defined in the implementation section but not in +# the interface are included in the documentation. +# If set to NO (the default) only methods in the interface are included. + +EXTRACT_LOCAL_METHODS = NO + +# If this flag is set to YES, the members of anonymous namespaces will be +# extracted and appear in the documentation as a namespace called +# 'anonymous_namespace{file}', where file will be replaced with the base +# name of the file that contains the anonymous namespace. By default +# anonymous namespaces are hidden. + +EXTRACT_ANON_NSPACES = NO + +# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all +# undocumented members of documented classes, files or namespaces. +# If set to NO (the default) these members will be included in the +# various overviews, but no documentation section is generated. +# This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_MEMBERS = NO + +# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all +# undocumented classes that are normally visible in the class hierarchy. +# If set to NO (the default) these classes will be included in the various +# overviews. This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_CLASSES = NO + +# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all +# friend (class|struct|union) declarations. +# If set to NO (the default) these declarations will be included in the +# documentation. + +HIDE_FRIEND_COMPOUNDS = NO + +# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any +# documentation blocks found inside the body of a function. +# If set to NO (the default) these blocks will be appended to the +# function's detailed documentation block. + +HIDE_IN_BODY_DOCS = NO + +# The INTERNAL_DOCS tag determines if documentation +# that is typed after a \internal command is included. If the tag is set +# to NO (the default) then the documentation will be excluded. +# Set it to YES to include the internal documentation. + +INTERNAL_DOCS = NO + +# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate +# file names in lower-case letters. If set to YES upper-case letters are also +# allowed. This is useful if you have classes or files whose names only differ +# in case and if your file system supports case sensitive file names. Windows +# and Mac users are advised to set this option to NO. + +CASE_SENSE_NAMES = YES + +# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen +# will show members with their full class and namespace scopes in the +# documentation. If set to YES the scope will be hidden. + +HIDE_SCOPE_NAMES = NO + +# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen +# will put a list of the files that are included by a file in the documentation +# of that file. + +SHOW_INCLUDE_FILES = YES + +# If the FORCE_LOCAL_INCLUDES tag is set to YES then Doxygen +# will list include files with double quotes in the documentation +# rather than with sharp brackets. + +FORCE_LOCAL_INCLUDES = NO + +# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] +# is inserted in the documentation for inline members. + +INLINE_INFO = YES + +# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen +# will sort the (detailed) documentation of file and class members +# alphabetically by member name. If set to NO the members will appear in +# declaration order. + +SORT_MEMBER_DOCS = YES + +# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the +# brief documentation of file, namespace and class members alphabetically +# by member name. If set to NO (the default) the members will appear in +# declaration order. + +SORT_BRIEF_DOCS = NO + +# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen +# will sort the (brief and detailed) documentation of class members so that +# constructors and destructors are listed first. If set to NO (the default) +# the constructors will appear in the respective orders defined by +# SORT_MEMBER_DOCS and SORT_BRIEF_DOCS. +# This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO +# and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO. + +SORT_MEMBERS_CTORS_1ST = NO + +# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the +# hierarchy of group names into alphabetical order. If set to NO (the default) +# the group names will appear in their defined order. + +SORT_GROUP_NAMES = NO + +# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be +# sorted by fully-qualified names, including namespaces. If set to +# NO (the default), the class list will be sorted only by class name, +# not including the namespace part. +# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. +# Note: This option applies only to the class list, not to the +# alphabetical list. + +SORT_BY_SCOPE_NAME = NO + +# If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to +# do proper type resolution of all parameters of a function it will reject a +# match between the prototype and the implementation of a member function even +# if there is only one candidate or it is obvious which candidate to choose +# by doing a simple string match. By disabling STRICT_PROTO_MATCHING doxygen +# will still accept a match between prototype and implementation in such cases. + +STRICT_PROTO_MATCHING = NO + +# The GENERATE_TODOLIST tag can be used to enable (YES) or +# disable (NO) the todo list. This list is created by putting \todo +# commands in the documentation. + +GENERATE_TODOLIST = YES + +# The GENERATE_TESTLIST tag can be used to enable (YES) or +# disable (NO) the test list. This list is created by putting \test +# commands in the documentation. + +GENERATE_TESTLIST = YES + +# The GENERATE_BUGLIST tag can be used to enable (YES) or +# disable (NO) the bug list. This list is created by putting \bug +# commands in the documentation. + +GENERATE_BUGLIST = YES + +# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or +# disable (NO) the deprecated list. This list is created by putting +# \deprecated commands in the documentation. + +GENERATE_DEPRECATEDLIST= YES + +# The ENABLED_SECTIONS tag can be used to enable conditional +# documentation sections, marked by \if section-label ... \endif +# and \cond section-label ... \endcond blocks. + +ENABLED_SECTIONS = + +# The MAX_INITIALIZER_LINES tag determines the maximum number of lines +# the initial value of a variable or macro consists of for it to appear in +# the documentation. If the initializer consists of more lines than specified +# here it will be hidden. Use a value of 0 to hide initializers completely. +# The appearance of the initializer of individual variables and macros in the +# documentation can be controlled using \showinitializer or \hideinitializer +# command in the documentation regardless of this setting. + +MAX_INITIALIZER_LINES = 30 + +# Set the SHOW_USED_FILES tag to NO to disable the list of files generated +# at the bottom of the documentation of classes and structs. If set to YES the +# list will mention the files that were used to generate the documentation. + +SHOW_USED_FILES = NO + +# Set the SHOW_FILES tag to NO to disable the generation of the Files page. +# This will remove the Files entry from the Quick Index and from the +# Folder Tree View (if specified). The default is YES. + +SHOW_FILES = NO + +# Set the SHOW_NAMESPACES tag to NO to disable the generation of the +# Namespaces page. +# This will remove the Namespaces entry from the Quick Index +# and from the Folder Tree View (if specified). The default is YES. + +SHOW_NAMESPACES = NO + +# The FILE_VERSION_FILTER tag can be used to specify a program or script that +# doxygen should invoke to get the current version for each file (typically from +# the version control system). Doxygen will invoke the program by executing (via +# popen()) the command , where is the value of +# the FILE_VERSION_FILTER tag, and is the name of an input file +# provided by doxygen. Whatever the program writes to standard output +# is used as the file version. See the manual for examples. + +FILE_VERSION_FILTER = "git log --pretty=\"format:%ci, author:%aN <%aE>, commit:%h\" -1" + +# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed +# by doxygen. The layout file controls the global structure of the generated +# output files in an output format independent way. To create the layout file +# that represents doxygen's defaults, run doxygen with the -l option. +# You can optionally specify a file name after the option, if omitted +# DoxygenLayout.xml will be used as the name of the layout file. + +LAYOUT_FILE = + +# The CITE_BIB_FILES tag can be used to specify one or more bib files +# containing the references data. This must be a list of .bib files. The +# .bib extension is automatically appended if omitted. Using this command +# requires the bibtex tool to be installed. See also +# http://en.wikipedia.org/wiki/BibTeX for more info. For LaTeX the style +# of the bibliography can be controlled using LATEX_BIB_STYLE. To use this +# feature you need bibtex and perl available in the search path. Do not use +# file names with spaces, bibtex cannot handle them. + +CITE_BIB_FILES = + +#--------------------------------------------------------------------------- +# configuration options related to warning and progress messages +#--------------------------------------------------------------------------- + +# The QUIET tag can be used to turn on/off the messages that are generated +# by doxygen. Possible values are YES and NO. If left blank NO is used. + +QUIET = NO + +# The WARNINGS tag can be used to turn on/off the warning messages that are +# generated by doxygen. Possible values are YES and NO. If left blank +# NO is used. + +WARNINGS = YES + +# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings +# for undocumented members. If EXTRACT_ALL is set to YES then this flag will +# automatically be disabled. + +WARN_IF_UNDOCUMENTED = YES + +# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for +# potential errors in the documentation, such as not documenting some +# parameters in a documented function, or documenting parameters that +# don't exist or using markup commands wrongly. + +WARN_IF_DOC_ERROR = YES + +# The WARN_NO_PARAMDOC option can be enabled to get warnings for +# functions that are documented, but have no documentation for their parameters +# or return value. If set to NO (the default) doxygen will only warn about +# wrong or incomplete parameter documentation, but not about the absence of +# documentation. + +WARN_NO_PARAMDOC = NO + +# The WARN_FORMAT tag determines the format of the warning messages that +# doxygen can produce. The string should contain the $file, $line, and $text +# tags, which will be replaced by the file and line number from which the +# warning originated and the warning text. Optionally the format may contain +# $version, which will be replaced by the version of the file (if it could +# be obtained via FILE_VERSION_FILTER) + +WARN_FORMAT = "$file:$line: $text" + +# The WARN_LOGFILE tag can be used to specify a file to which warning +# and error messages should be written. If left blank the output is written +# to stderr. + +WARN_LOGFILE = + +#--------------------------------------------------------------------------- +# configuration options related to the input files +#--------------------------------------------------------------------------- + +# The INPUT tag can be used to specify the files and/or directories that contain +# documented source files. You may enter file names like "myfile.cpp" or +# directories like "/usr/src/myproject". Separate the files or directories +# with spaces. + +INPUT = lib/ README.md + +# This tag can be used to specify the character encoding of the source files +# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is +# also the default input encoding. Doxygen uses libiconv (or the iconv built +# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for +# the list of possible encodings. + +INPUT_ENCODING = UTF-8 + +# If the value of the INPUT tag contains directories, you can use the +# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank the following patterns are tested: +# *.c *.cc *.cxx *.cpp *.c++ *.d *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh +# *.hxx *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.dox *.py +# *.f90 *.f *.for *.vhd *.vhdl + +FILE_PATTERNS = + +# The RECURSIVE tag can be used to turn specify whether or not subdirectories +# should be searched for input files as well. Possible values are YES and NO. +# If left blank NO is used. + +RECURSIVE = YES + +# The EXCLUDE tag can be used to specify files and/or directories that should be +# excluded from the INPUT source files. This way you can easily exclude a +# subdirectory from a directory tree whose root is specified with the INPUT tag. +# Note that relative paths are relative to the directory from which doxygen is +# run. + +EXCLUDE = + +# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or +# directories that are symbolic links (a Unix file system feature) are excluded +# from the input. + +EXCLUDE_SYMLINKS = NO + +# If the value of the INPUT tag contains directories, you can use the +# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude +# certain files from those directories. Note that the wildcards are matched +# against the file with absolute path, so to exclude all test directories +# for example use the pattern */test/* + +EXCLUDE_PATTERNS = + +# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names +# (namespaces, classes, functions, etc.) that should be excluded from the +# output. The symbol name can be a fully qualified name, a word, or if the +# wildcard * is used, a substring. Examples: ANamespace, AClass, +# AClass::ANamespace, ANamespace::*Test + +EXCLUDE_SYMBOLS = + +# The EXAMPLE_PATH tag can be used to specify one or more files or +# directories that contain example code fragments that are included (see +# the \include command). + +EXAMPLE_PATH = examples/ + +# If the value of the EXAMPLE_PATH tag contains directories, you can use the +# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank all files are included. + +EXAMPLE_PATTERNS = + +# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be +# searched for input files to be used with the \include or \dontinclude +# commands irrespective of the value of the RECURSIVE tag. +# Possible values are YES and NO. If left blank NO is used. + +EXAMPLE_RECURSIVE = NO + +# The IMAGE_PATH tag can be used to specify one or more files or +# directories that contain image that are included in the documentation (see +# the \image command). + +IMAGE_PATH = + +# The INPUT_FILTER tag can be used to specify a program that doxygen should +# invoke to filter for each input file. Doxygen will invoke the filter program +# by executing (via popen()) the command , where +# is the value of the INPUT_FILTER tag, and is the name of an +# input file. Doxygen will then use the output that the filter program writes +# to standard output. +# If FILTER_PATTERNS is specified, this tag will be ignored. +# Note that the filter must not add or remove lines; it is applied before the +# code is scanned, but not when the output code is generated. If lines are added +# or removed, the anchors will not be placed correctly. + +INPUT_FILTER = + +# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern +# basis. +# Doxygen will compare the file name with each pattern and apply the +# filter if there is a match. +# The filters are a list of the form: +# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further +# info on how filters are used. If FILTER_PATTERNS is empty or if +# non of the patterns match the file name, INPUT_FILTER is applied. + +FILTER_PATTERNS = + +# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using +# INPUT_FILTER) will be used to filter the input files when producing source +# files to browse (i.e. when SOURCE_BROWSER is set to YES). + +FILTER_SOURCE_FILES = NO + +# The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file +# pattern. A pattern will override the setting for FILTER_PATTERN (if any) +# and it is also possible to disable source filtering for a specific pattern +# using *.ext= (so without naming a filter). This option only has effect when +# FILTER_SOURCE_FILES is enabled. + +FILTER_SOURCE_PATTERNS = + +# If the USE_MDFILE_AS_MAINPAGE tag refers to the name of a markdown file that +# is part of the input, its contents will be placed on the main page +# (index.html). This can be useful if you have a project on for instance GitHub +# and want reuse the introduction page also for the doxygen output. + +USE_MDFILE_AS_MAINPAGE = README.md + +#--------------------------------------------------------------------------- +# configuration options related to source browsing +#--------------------------------------------------------------------------- + +# If the SOURCE_BROWSER tag is set to YES then a list of source files will +# be generated. Documented entities will be cross-referenced with these sources. +# Note: To get rid of all source code in the generated output, make sure also +# VERBATIM_HEADERS is set to NO. + +SOURCE_BROWSER = YES + +# Setting the INLINE_SOURCES tag to YES will include the body +# of functions and classes directly in the documentation. + +INLINE_SOURCES = NO + +# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct +# doxygen to hide any special comment blocks from generated source code +# fragments. Normal C, C++ and Fortran comments will always remain visible. + +STRIP_CODE_COMMENTS = YES + +# If the REFERENCED_BY_RELATION tag is set to YES +# then for each documented function all documented +# functions referencing it will be listed. + +REFERENCED_BY_RELATION = NO + +# If the REFERENCES_RELATION tag is set to YES +# then for each documented function all documented entities +# called/used by that function will be listed. + +REFERENCES_RELATION = NO + +# If the REFERENCES_LINK_SOURCE tag is set to YES (the default) +# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from +# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will +# link to the source code. +# Otherwise they will link to the documentation. + +REFERENCES_LINK_SOURCE = YES + +# If the USE_HTAGS tag is set to YES then the references to source code +# will point to the HTML generated by the htags(1) tool instead of doxygen +# built-in source browser. The htags tool is part of GNU's global source +# tagging system (see http://www.gnu.org/software/global/global.html). You +# will need version 4.8.6 or higher. + +USE_HTAGS = NO + +# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen +# will generate a verbatim copy of the header file for each class for +# which an include is specified. Set to NO to disable this. + +VERBATIM_HEADERS = YES + +#--------------------------------------------------------------------------- +# configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- + +# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index +# of all compounds will be generated. Enable this if the project +# contains a lot of classes, structs, unions or interfaces. + +ALPHABETICAL_INDEX = YES + +# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then +# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns +# in which this list will be split (can be a number in the range [1..20]) + +COLS_IN_ALPHA_INDEX = 5 + +# In case all classes in a project start with a common prefix, all +# classes will be put under the same header in the alphabetical index. +# The IGNORE_PREFIX tag can be used to specify one or more prefixes that +# should be ignored while generating the index headers. + +IGNORE_PREFIX = + +#--------------------------------------------------------------------------- +# configuration options related to the HTML output +#--------------------------------------------------------------------------- + +# If the GENERATE_HTML tag is set to YES (the default) Doxygen will +# generate HTML output. + +GENERATE_HTML = YES + +# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `html' will be used as the default path. + +HTML_OUTPUT = html + +# The HTML_FILE_EXTENSION tag can be used to specify the file extension for +# each generated HTML page (for example: .htm,.php,.asp). If it is left blank +# doxygen will generate files with .html extension. + +HTML_FILE_EXTENSION = .html + +# The HTML_HEADER tag can be used to specify a personal HTML header for +# each generated HTML page. If it is left blank doxygen will generate a +# standard header. Note that when using a custom header you are responsible +# for the proper inclusion of any scripts and style sheets that doxygen +# needs, which is dependent on the configuration options used. +# It is advised to generate a default header using "doxygen -w html +# header.html footer.html stylesheet.css YourConfigFile" and then modify +# that header. Note that the header is subject to change so you typically +# have to redo this when upgrading to a newer version of doxygen or when +# changing the value of configuration settings such as GENERATE_TREEVIEW! + +HTML_HEADER = + +# The HTML_FOOTER tag can be used to specify a personal HTML footer for +# each generated HTML page. If it is left blank doxygen will generate a +# standard footer. + +HTML_FOOTER = + +# The HTML_STYLESHEET tag can be used to specify a user-defined cascading +# style sheet that is used by each HTML page. It can be used to +# fine-tune the look of the HTML output. If left blank doxygen will +# generate a default style sheet. Note that it is recommended to use +# HTML_EXTRA_STYLESHEET instead of this one, as it is more robust and this +# tag will in the future become obsolete. + +HTML_STYLESHEET = + +# The HTML_EXTRA_STYLESHEET tag can be used to specify an additional +# user-defined cascading style sheet that is included after the standard +# style sheets created by doxygen. Using this option one can overrule +# certain style aspects. This is preferred over using HTML_STYLESHEET +# since it does not replace the standard style sheet and is therefor more +# robust against future updates. Doxygen will copy the style sheet file to +# the output directory. + +HTML_EXTRA_STYLESHEET = + +# The HTML_EXTRA_FILES tag can be used to specify one or more extra images or +# other source files which should be copied to the HTML output directory. Note +# that these files will be copied to the base HTML output directory. Use the +# $relpath^ marker in the HTML_HEADER and/or HTML_FOOTER files to load these +# files. In the HTML_STYLESHEET file, use the file name only. Also note that +# the files will be copied as-is; there are no commands or markers available. + +HTML_EXTRA_FILES = + +# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. +# Doxygen will adjust the colors in the style sheet and background images +# according to this color. Hue is specified as an angle on a colorwheel, +# see http://en.wikipedia.org/wiki/Hue for more information. +# For instance the value 0 represents red, 60 is yellow, 120 is green, +# 180 is cyan, 240 is blue, 300 purple, and 360 is red again. +# The allowed range is 0 to 359. + +HTML_COLORSTYLE_HUE = 220 + +# The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of +# the colors in the HTML output. For a value of 0 the output will use +# grayscales only. A value of 255 will produce the most vivid colors. + +HTML_COLORSTYLE_SAT = 100 + +# The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to +# the luminance component of the colors in the HTML output. Values below +# 100 gradually make the output lighter, whereas values above 100 make +# the output darker. The value divided by 100 is the actual gamma applied, +# so 80 represents a gamma of 0.8, The value 220 represents a gamma of 2.2, +# and 100 does not change the gamma. + +HTML_COLORSTYLE_GAMMA = 80 + +# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML +# page will contain the date and time when the page was generated. Setting +# this to NO can help when comparing the output of multiple runs. + +HTML_TIMESTAMP = YES + +# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML +# documentation will contain sections that can be hidden and shown after the +# page has loaded. + +HTML_DYNAMIC_SECTIONS = NO + +# With HTML_INDEX_NUM_ENTRIES one can control the preferred number of +# entries shown in the various tree structured indices initially; the user +# can expand and collapse entries dynamically later on. Doxygen will expand +# the tree to such a level that at most the specified number of entries are +# visible (unless a fully collapsed tree already exceeds this amount). +# So setting the number of entries 1 will produce a full collapsed tree by +# default. 0 is a special value representing an infinite number of entries +# and will result in a full expanded tree by default. + +HTML_INDEX_NUM_ENTRIES = 100 + +# If the GENERATE_DOCSET tag is set to YES, additional index files +# will be generated that can be used as input for Apple's Xcode 3 +# integrated development environment, introduced with OSX 10.5 (Leopard). +# To create a documentation set, doxygen will generate a Makefile in the +# HTML output directory. Running make will produce the docset in that +# directory and running "make install" will install the docset in +# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find +# it at startup. +# See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html +# for more information. + +GENERATE_DOCSET = NO + +# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the +# feed. A documentation feed provides an umbrella under which multiple +# documentation sets from a single provider (such as a company or product suite) +# can be grouped. + +DOCSET_FEEDNAME = "Doxygen generated docs" + +# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that +# should uniquely identify the documentation set bundle. This should be a +# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen +# will append .docset to the name. + +DOCSET_BUNDLE_ID = org.doxygen.Project + +# When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely +# identify the documentation publisher. This should be a reverse domain-name +# style string, e.g. com.mycompany.MyDocSet.documentation. + +DOCSET_PUBLISHER_ID = org.doxygen.Publisher + +# The GENERATE_PUBLISHER_NAME tag identifies the documentation publisher. + +DOCSET_PUBLISHER_NAME = Publisher + +# If the GENERATE_HTMLHELP tag is set to YES, additional index files +# will be generated that can be used as input for tools like the +# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) +# of the generated HTML documentation. + +GENERATE_HTMLHELP = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can +# be used to specify the file name of the resulting .chm file. You +# can add a path in front of the file if the result should not be +# written to the html output directory. + +CHM_FILE = + +# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can +# be used to specify the location (absolute path including file name) of +# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run +# the HTML help compiler on the generated index.hhp. + +HHC_LOCATION = + +# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag +# controls if a separate .chi index file is generated (YES) or that +# it should be included in the master .chm file (NO). + +GENERATE_CHI = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING +# is used to encode HtmlHelp index (hhk), content (hhc) and project file +# content. + +CHM_INDEX_ENCODING = + +# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag +# controls whether a binary table of contents is generated (YES) or a +# normal table of contents (NO) in the .chm file. + +BINARY_TOC = NO + +# The TOC_EXPAND flag can be set to YES to add extra items for group members +# to the contents of the HTML help documentation and to the tree view. + +TOC_EXPAND = NO + +# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and +# QHP_VIRTUAL_FOLDER are set, an additional index file will be generated +# that can be used as input for Qt's qhelpgenerator to generate a +# Qt Compressed Help (.qch) of the generated HTML documentation. + +GENERATE_QHP = NO + +# If the QHG_LOCATION tag is specified, the QCH_FILE tag can +# be used to specify the file name of the resulting .qch file. +# The path specified is relative to the HTML output folder. + +QCH_FILE = + +# The QHP_NAMESPACE tag specifies the namespace to use when generating +# Qt Help Project output. For more information please see +# http://doc.trolltech.com/qthelpproject.html#namespace + +QHP_NAMESPACE = org.doxygen.Project + +# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating +# Qt Help Project output. For more information please see +# http://doc.trolltech.com/qthelpproject.html#virtual-folders + +QHP_VIRTUAL_FOLDER = doc + +# If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to +# add. For more information please see +# http://doc.trolltech.com/qthelpproject.html#custom-filters + +QHP_CUST_FILTER_NAME = + +# The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the +# custom filter to add. For more information please see +# +# Qt Help Project / Custom Filters. + +QHP_CUST_FILTER_ATTRS = + +# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this +# project's +# filter section matches. +# +# Qt Help Project / Filter Attributes. + +QHP_SECT_FILTER_ATTRS = + +# If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can +# be used to specify the location of Qt's qhelpgenerator. +# If non-empty doxygen will try to run qhelpgenerator on the generated +# .qhp file. + +QHG_LOCATION = + +# If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files +# will be generated, which together with the HTML files, form an Eclipse help +# plugin. To install this plugin and make it available under the help contents +# menu in Eclipse, the contents of the directory containing the HTML and XML +# files needs to be copied into the plugins directory of eclipse. The name of +# the directory within the plugins directory should be the same as +# the ECLIPSE_DOC_ID value. After copying Eclipse needs to be restarted before +# the help appears. + +GENERATE_ECLIPSEHELP = NO + +# A unique identifier for the eclipse help plugin. When installing the plugin +# the directory name containing the HTML and XML files should also have +# this name. + +ECLIPSE_DOC_ID = org.doxygen.Project + +# The DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) +# at top of each HTML page. The value NO (the default) enables the index and +# the value YES disables it. Since the tabs have the same information as the +# navigation tree you can set this option to NO if you already set +# GENERATE_TREEVIEW to YES. + +DISABLE_INDEX = NO + +# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index +# structure should be generated to display hierarchical information. +# If the tag value is set to YES, a side panel will be generated +# containing a tree-like index structure (just like the one that +# is generated for HTML Help). For this to work a browser that supports +# JavaScript, DHTML, CSS and frames is required (i.e. any modern browser). +# Windows users are probably better off using the HTML help feature. +# Since the tree basically has the same information as the tab index you +# could consider to set DISABLE_INDEX to NO when enabling this option. + +GENERATE_TREEVIEW = NO + +# The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values +# (range [0,1..20]) that doxygen will group on one line in the generated HTML +# documentation. Note that a value of 0 will completely suppress the enum +# values from appearing in the overview section. + +ENUM_VALUES_PER_LINE = 4 + +# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be +# used to set the initial width (in pixels) of the frame in which the tree +# is shown. + +TREEVIEW_WIDTH = 250 + +# When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open +# links to external symbols imported via tag files in a separate window. + +EXT_LINKS_IN_WINDOW = NO + +# Use this tag to change the font size of Latex formulas included +# as images in the HTML documentation. The default is 10. Note that +# when you change the font size after a successful doxygen run you need +# to manually remove any form_*.png images from the HTML output directory +# to force them to be regenerated. + +FORMULA_FONTSIZE = 10 + +# Use the FORMULA_TRANPARENT tag to determine whether or not the images +# generated for formulas are transparent PNGs. Transparent PNGs are +# not supported properly for IE 6.0, but are supported on all modern browsers. +# Note that when changing this option you need to delete any form_*.png files +# in the HTML output before the changes have effect. + +FORMULA_TRANSPARENT = YES + +# Enable the USE_MATHJAX option to render LaTeX formulas using MathJax +# (see http://www.mathjax.org) which uses client side Javascript for the +# rendering instead of using prerendered bitmaps. Use this if you do not +# have LaTeX installed or if you want to formulas look prettier in the HTML +# output. When enabled you may also need to install MathJax separately and +# configure the path to it using the MATHJAX_RELPATH option. + +USE_MATHJAX = NO + +# When MathJax is enabled you can set the default output format to be used for +# the MathJax output. Supported types are HTML-CSS, NativeMML (i.e. MathML) and +# SVG. The default value is HTML-CSS, which is slower, but has the best +# compatibility. + +MATHJAX_FORMAT = HTML-CSS + +# When MathJax is enabled you need to specify the location relative to the +# HTML output directory using the MATHJAX_RELPATH option. The destination +# directory should contain the MathJax.js script. For instance, if the mathjax +# directory is located at the same level as the HTML output directory, then +# MATHJAX_RELPATH should be ../mathjax. The default value points to +# the MathJax Content Delivery Network so you can quickly see the result without +# installing MathJax. +# However, it is strongly recommended to install a local +# copy of MathJax from http://www.mathjax.org before deployment. + +MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest + +# The MATHJAX_EXTENSIONS tag can be used to specify one or MathJax extension +# names that should be enabled during MathJax rendering. + +MATHJAX_EXTENSIONS = + +# The MATHJAX_CODEFILE tag can be used to specify a file with javascript +# pieces of code that will be used on startup of the MathJax code. + +MATHJAX_CODEFILE = + +# When the SEARCHENGINE tag is enabled doxygen will generate a search box +# for the HTML output. The underlying search engine uses javascript +# and DHTML and should work on any modern browser. Note that when using +# HTML help (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets +# (GENERATE_DOCSET) there is already a search function so this one should +# typically be disabled. For large projects the javascript based search engine +# can be slow, then enabling SERVER_BASED_SEARCH may provide a better solution. + +SEARCHENGINE = YES + +# When the SERVER_BASED_SEARCH tag is enabled the search engine will be +# implemented using a web server instead of a web client using Javascript. +# There are two flavours of web server based search depending on the +# EXTERNAL_SEARCH setting. When disabled, doxygen will generate a PHP script for +# searching and an index file used by the script. When EXTERNAL_SEARCH is +# enabled the indexing and searching needs to be provided by external tools. +# See the manual for details. + +SERVER_BASED_SEARCH = NO + +# When EXTERNAL_SEARCH is enabled doxygen will no longer generate the PHP +# script for searching. Instead the search results are written to an XML file +# which needs to be processed by an external indexer. Doxygen will invoke an +# external search engine pointed to by the SEARCHENGINE_URL option to obtain +# the search results. Doxygen ships with an example indexer (doxyindexer) and +# search engine (doxysearch.cgi) which are based on the open source search +# engine library Xapian. See the manual for configuration details. + +EXTERNAL_SEARCH = NO + +# The SEARCHENGINE_URL should point to a search engine hosted by a web server +# which will returned the search results when EXTERNAL_SEARCH is enabled. +# Doxygen ships with an example search engine (doxysearch) which is based on +# the open source search engine library Xapian. See the manual for configuration +# details. + +SEARCHENGINE_URL = + +# When SERVER_BASED_SEARCH and EXTERNAL_SEARCH are both enabled the unindexed +# search data is written to a file for indexing by an external tool. With the +# SEARCHDATA_FILE tag the name of this file can be specified. + +SEARCHDATA_FILE = searchdata.xml + +# When SERVER_BASED_SEARCH AND EXTERNAL_SEARCH are both enabled the +# EXTERNAL_SEARCH_ID tag can be used as an identifier for the project. This is +# useful in combination with EXTRA_SEARCH_MAPPINGS to search through multiple +# projects and redirect the results back to the right project. + +EXTERNAL_SEARCH_ID = + +# The EXTRA_SEARCH_MAPPINGS tag can be used to enable searching through doxygen +# projects other than the one defined by this configuration file, but that are +# all added to the same external search index. Each project needs to have a +# unique id set via EXTERNAL_SEARCH_ID. The search mapping then maps the id +# of to a relative location where the documentation can be found. +# The format is: EXTRA_SEARCH_MAPPINGS = id1=loc1 id2=loc2 ... + +EXTRA_SEARCH_MAPPINGS = + +#--------------------------------------------------------------------------- +# configuration options related to the LaTeX output +#--------------------------------------------------------------------------- + +# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will +# generate Latex output. + +GENERATE_LATEX = NO + +# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `latex' will be used as the default path. + +LATEX_OUTPUT = latex + +# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be +# invoked. If left blank `latex' will be used as the default command name. +# Note that when enabling USE_PDFLATEX this option is only used for +# generating bitmaps for formulas in the HTML output, but not in the +# Makefile that is written to the output directory. + +LATEX_CMD_NAME = latex + +# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to +# generate index for LaTeX. If left blank `makeindex' will be used as the +# default command name. + +MAKEINDEX_CMD_NAME = makeindex + +# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact +# LaTeX documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_LATEX = NO + +# The PAPER_TYPE tag can be used to set the paper type that is used +# by the printer. Possible values are: a4, letter, legal and +# executive. If left blank a4 will be used. + +PAPER_TYPE = a4 + +# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX +# packages that should be included in the LaTeX output. + +EXTRA_PACKAGES = + +# The LATEX_HEADER tag can be used to specify a personal LaTeX header for +# the generated latex document. The header should contain everything until +# the first chapter. If it is left blank doxygen will generate a +# standard header. Notice: only use this tag if you know what you are doing! + +LATEX_HEADER = + +# The LATEX_FOOTER tag can be used to specify a personal LaTeX footer for +# the generated latex document. The footer should contain everything after +# the last chapter. If it is left blank doxygen will generate a +# standard footer. Notice: only use this tag if you know what you are doing! + +LATEX_FOOTER = + +# The LATEX_EXTRA_FILES tag can be used to specify one or more extra images +# or other source files which should be copied to the LaTeX output directory. +# Note that the files will be copied as-is; there are no commands or markers +# available. + +LATEX_EXTRA_FILES = + +# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated +# is prepared for conversion to pdf (using ps2pdf). The pdf file will +# contain links (just like the HTML output) instead of page references +# This makes the output suitable for online browsing using a pdf viewer. + +PDF_HYPERLINKS = YES + +# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of +# plain latex in the generated Makefile. Set this option to YES to get a +# higher quality PDF documentation. + +USE_PDFLATEX = YES + +# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. +# command to the generated LaTeX files. This will instruct LaTeX to keep +# running if errors occur, instead of asking the user for help. +# This option is also used when generating formulas in HTML. + +LATEX_BATCHMODE = NO + +# If LATEX_HIDE_INDICES is set to YES then doxygen will not +# include the index chapters (such as File Index, Compound Index, etc.) +# in the output. + +LATEX_HIDE_INDICES = NO + +# If LATEX_SOURCE_CODE is set to YES then doxygen will include +# source code with syntax highlighting in the LaTeX output. +# Note that which sources are shown also depends on other settings +# such as SOURCE_BROWSER. + +LATEX_SOURCE_CODE = NO + +# The LATEX_BIB_STYLE tag can be used to specify the style to use for the +# bibliography, e.g. plainnat, or ieeetr. The default style is "plain". See +# http://en.wikipedia.org/wiki/BibTeX for more info. + +LATEX_BIB_STYLE = plain + +#--------------------------------------------------------------------------- +# configuration options related to the RTF output +#--------------------------------------------------------------------------- + +# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output +# The RTF output is optimized for Word 97 and may not look very pretty with +# other RTF readers or editors. + +GENERATE_RTF = NO + +# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `rtf' will be used as the default path. + +RTF_OUTPUT = rtf + +# If the COMPACT_RTF tag is set to YES Doxygen generates more compact +# RTF documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_RTF = NO + +# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated +# will contain hyperlink fields. The RTF file will +# contain links (just like the HTML output) instead of page references. +# This makes the output suitable for online browsing using WORD or other +# programs which support those fields. +# Note: wordpad (write) and others do not support links. + +RTF_HYPERLINKS = NO + +# Load style sheet definitions from file. Syntax is similar to doxygen's +# config file, i.e. a series of assignments. You only have to provide +# replacements, missing definitions are set to their default value. + +RTF_STYLESHEET_FILE = + +# Set optional variables used in the generation of an rtf document. +# Syntax is similar to doxygen's config file. + +RTF_EXTENSIONS_FILE = + +#--------------------------------------------------------------------------- +# configuration options related to the man page output +#--------------------------------------------------------------------------- + +# If the GENERATE_MAN tag is set to YES (the default) Doxygen will +# generate man pages + +GENERATE_MAN = NO + +# The MAN_OUTPUT tag is used to specify where the man pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `man' will be used as the default path. + +MAN_OUTPUT = man + +# The MAN_EXTENSION tag determines the extension that is added to +# the generated man pages (default is the subroutine's section .3) + +MAN_EXTENSION = .3 + +# If the MAN_LINKS tag is set to YES and Doxygen generates man output, +# then it will generate one additional man file for each entity +# documented in the real man page(s). These additional files +# only source the real man page, but without them the man command +# would be unable to find the correct page. The default is NO. + +MAN_LINKS = NO + +#--------------------------------------------------------------------------- +# configuration options related to the XML output +#--------------------------------------------------------------------------- + +# If the GENERATE_XML tag is set to YES Doxygen will +# generate an XML file that captures the structure of +# the code including all documentation. + +GENERATE_XML = NO + +# The XML_OUTPUT tag is used to specify where the XML pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `xml' will be used as the default path. + +XML_OUTPUT = xml + +# The XML_SCHEMA tag can be used to specify an XML schema, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_SCHEMA = + +# The XML_DTD tag can be used to specify an XML DTD, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_DTD = + +# If the XML_PROGRAMLISTING tag is set to YES Doxygen will +# dump the program listings (including syntax highlighting +# and cross-referencing information) to the XML output. Note that +# enabling this will significantly increase the size of the XML output. + +XML_PROGRAMLISTING = YES + +#--------------------------------------------------------------------------- +# configuration options related to the DOCBOOK output +#--------------------------------------------------------------------------- + +# If the GENERATE_DOCBOOK tag is set to YES Doxygen will generate DOCBOOK files +# that can be used to generate PDF. + +GENERATE_DOCBOOK = NO + +# The DOCBOOK_OUTPUT tag is used to specify where the DOCBOOK pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be put in +# front of it. If left blank docbook will be used as the default path. + +DOCBOOK_OUTPUT = docbook + +#--------------------------------------------------------------------------- +# configuration options for the AutoGen Definitions output +#--------------------------------------------------------------------------- + +# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will +# generate an AutoGen Definitions (see autogen.sf.net) file +# that captures the structure of the code including all +# documentation. Note that this feature is still experimental +# and incomplete at the moment. + +GENERATE_AUTOGEN_DEF = NO + +#--------------------------------------------------------------------------- +# configuration options related to the Perl module output +#--------------------------------------------------------------------------- + +# If the GENERATE_PERLMOD tag is set to YES Doxygen will +# generate a Perl module file that captures the structure of +# the code including all documentation. Note that this +# feature is still experimental and incomplete at the +# moment. + +GENERATE_PERLMOD = NO + +# If the PERLMOD_LATEX tag is set to YES Doxygen will generate +# the necessary Makefile rules, Perl scripts and LaTeX code to be able +# to generate PDF and DVI output from the Perl module output. + +PERLMOD_LATEX = NO + +# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be +# nicely formatted so it can be parsed by a human reader. +# This is useful +# if you want to understand what is going on. +# On the other hand, if this +# tag is set to NO the size of the Perl module output will be much smaller +# and Perl will parse it just the same. + +PERLMOD_PRETTY = YES + +# The names of the make variables in the generated doxyrules.make file +# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. +# This is useful so different doxyrules.make files included by the same +# Makefile don't overwrite each other's variables. + +PERLMOD_MAKEVAR_PREFIX = + +#--------------------------------------------------------------------------- +# Configuration options related to the preprocessor +#--------------------------------------------------------------------------- + +# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will +# evaluate all C-preprocessor directives found in the sources and include +# files. + +ENABLE_PREPROCESSING = YES + +# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro +# names in the source code. If set to NO (the default) only conditional +# compilation will be performed. Macro expansion can be done in a controlled +# way by setting EXPAND_ONLY_PREDEF to YES. + +MACRO_EXPANSION = NO + +# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES +# then the macro expansion is limited to the macros specified with the +# PREDEFINED and EXPAND_AS_DEFINED tags. + +EXPAND_ONLY_PREDEF = NO + +# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files +# pointed to by INCLUDE_PATH will be searched when a #include is found. + +SEARCH_INCLUDES = YES + +# The INCLUDE_PATH tag can be used to specify one or more directories that +# contain include files that are not input files but should be processed by +# the preprocessor. + +INCLUDE_PATH = + +# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard +# patterns (like *.h and *.hpp) to filter out the header-files in the +# directories. If left blank, the patterns specified with FILE_PATTERNS will +# be used. + +INCLUDE_FILE_PATTERNS = + +# The PREDEFINED tag can be used to specify one or more macro names that +# are defined before the preprocessor is started (similar to the -D option of +# gcc). The argument of the tag is a list of macros of the form: name +# or name=definition (no spaces). If the definition and the = are +# omitted =1 is assumed. To prevent a macro definition from being +# undefined via #undef or recursively expanded use the := operator +# instead of the = operator. + +PREDEFINED = + +# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then +# this tag can be used to specify a list of macro names that should be expanded. +# The macro definition that is found in the sources will be used. +# Use the PREDEFINED tag if you want to use a different macro definition that +# overrules the definition found in the source code. + +EXPAND_AS_DEFINED = + +# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then +# doxygen's preprocessor will remove all references to function-like macros +# that are alone on a line, have an all uppercase name, and do not end with a +# semicolon, because these will confuse the parser if not removed. + +SKIP_FUNCTION_MACROS = YES + +#--------------------------------------------------------------------------- +# Configuration::additions related to external references +#--------------------------------------------------------------------------- + +# The TAGFILES option can be used to specify one or more tagfiles. For each +# tag file the location of the external documentation should be added. The +# format of a tag file without this location is as follows: +# +# TAGFILES = file1 file2 ... +# Adding location for the tag files is done as follows: +# +# TAGFILES = file1=loc1 "file2 = loc2" ... +# where "loc1" and "loc2" can be relative or absolute paths +# or URLs. Note that each tag file must have a unique name (where the name does +# NOT include the path). If a tag file is not located in the directory in which +# doxygen is run, you must also specify the path to the tagfile here. + +TAGFILES = + +# When a file name is specified after GENERATE_TAGFILE, doxygen will create +# a tag file that is based on the input files it reads. + +GENERATE_TAGFILE = + +# If the ALLEXTERNALS tag is set to YES all external classes will be listed +# in the class index. If set to NO only the inherited external classes +# will be listed. + +ALLEXTERNALS = NO + +# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed +# in the modules index. If set to NO, only the current project's groups will +# be listed. + +EXTERNAL_GROUPS = YES + +# If the EXTERNAL_PAGES tag is set to YES all external pages will be listed +# in the related pages index. If set to NO, only the current project's +# pages will be listed. + +EXTERNAL_PAGES = YES + +# The PERL_PATH should be the absolute path and name of the perl script +# interpreter (i.e. the result of `which perl'). + +PERL_PATH = /usr/bin/perl + +#--------------------------------------------------------------------------- +# Configuration options related to the dot tool +#--------------------------------------------------------------------------- + +# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will +# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base +# or super classes. Setting the tag to NO turns the diagrams off. Note that +# this option also works with HAVE_DOT disabled, but it is recommended to +# install and use dot, since it yields more powerful graphs. + +CLASS_DIAGRAMS = YES + +# You can define message sequence charts within doxygen comments using the \msc +# command. Doxygen will then run the mscgen tool (see +# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the +# documentation. The MSCGEN_PATH tag allows you to specify the directory where +# the mscgen tool resides. If left empty the tool is assumed to be found in the +# default search path. + +MSCGEN_PATH = + +# If set to YES, the inheritance and collaboration graphs will hide +# inheritance and usage relations if the target is undocumented +# or is not a class. + +HIDE_UNDOC_RELATIONS = YES + +# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is +# available from the path. This tool is part of Graphviz, a graph visualization +# toolkit from AT&T and Lucent Bell Labs. The other options in this section +# have no effect if this option is set to NO (the default) + +HAVE_DOT = NO + +# The DOT_NUM_THREADS specifies the number of dot invocations doxygen is +# allowed to run in parallel. When set to 0 (the default) doxygen will +# base this on the number of processors available in the system. You can set it +# explicitly to a value larger than 0 to get control over the balance +# between CPU load and processing speed. + +DOT_NUM_THREADS = 0 + +# By default doxygen will use the Helvetica font for all dot files that +# doxygen generates. When you want a differently looking font you can specify +# the font name using DOT_FONTNAME. You need to make sure dot is able to find +# the font, which can be done by putting it in a standard location or by setting +# the DOTFONTPATH environment variable or by setting DOT_FONTPATH to the +# directory containing the font. + +DOT_FONTNAME = Helvetica + +# The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs. +# The default size is 10pt. + +DOT_FONTSIZE = 10 + +# By default doxygen will tell dot to use the Helvetica font. +# If you specify a different font using DOT_FONTNAME you can use DOT_FONTPATH to +# set the path where dot can find it. + +DOT_FONTPATH = + +# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect inheritance relations. Setting this tag to YES will force the +# CLASS_DIAGRAMS tag to NO. + +CLASS_GRAPH = YES + +# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect implementation dependencies (inheritance, containment, and +# class references variables) of the class with other documented classes. + +COLLABORATION_GRAPH = YES + +# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for groups, showing the direct groups dependencies + +GROUP_GRAPHS = YES + +# If the UML_LOOK tag is set to YES doxygen will generate inheritance and +# collaboration diagrams in a style similar to the OMG's Unified Modeling +# Language. + +UML_LOOK = NO + +# If the UML_LOOK tag is enabled, the fields and methods are shown inside +# the class node. If there are many fields or methods and many nodes the +# graph may become too big to be useful. The UML_LIMIT_NUM_FIELDS +# threshold limits the number of items for each type to make the size more +# manageable. Set this to 0 for no limit. Note that the threshold may be +# exceeded by 50% before the limit is enforced. + +UML_LIMIT_NUM_FIELDS = 10 + +# If set to YES, the inheritance and collaboration graphs will show the +# relations between templates and their instances. + +TEMPLATE_RELATIONS = NO + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT +# tags are set to YES then doxygen will generate a graph for each documented +# file showing the direct and indirect include dependencies of the file with +# other documented files. + +INCLUDE_GRAPH = YES + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and +# HAVE_DOT tags are set to YES then doxygen will generate a graph for each +# documented header file showing the documented files that directly or +# indirectly include this file. + +INCLUDED_BY_GRAPH = YES + +# If the CALL_GRAPH and HAVE_DOT options are set to YES then +# doxygen will generate a call dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable call graphs +# for selected functions only using the \callgraph command. + +CALL_GRAPH = NO + +# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then +# doxygen will generate a caller dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable caller +# graphs for selected functions only using the \callergraph command. + +CALLER_GRAPH = NO + +# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen +# will generate a graphical hierarchy of all classes instead of a textual one. + +GRAPHICAL_HIERARCHY = YES + +# If the DIRECTORY_GRAPH and HAVE_DOT tags are set to YES +# then doxygen will show the dependencies a directory has on other directories +# in a graphical way. The dependency relations are determined by the #include +# relations between the files in the directories. + +DIRECTORY_GRAPH = YES + +# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images +# generated by dot. Possible values are svg, png, jpg, or gif. +# If left blank png will be used. If you choose svg you need to set +# HTML_FILE_EXTENSION to xhtml in order to make the SVG files +# visible in IE 9+ (other browsers do not have this requirement). + +DOT_IMAGE_FORMAT = png + +# If DOT_IMAGE_FORMAT is set to svg, then this option can be set to YES to +# enable generation of interactive SVG images that allow zooming and panning. +# Note that this requires a modern browser other than Internet Explorer. +# Tested and working are Firefox, Chrome, Safari, and Opera. For IE 9+ you +# need to set HTML_FILE_EXTENSION to xhtml in order to make the SVG files +# visible. Older versions of IE do not have SVG support. + +INTERACTIVE_SVG = NO + +# The tag DOT_PATH can be used to specify the path where the dot tool can be +# found. If left blank, it is assumed the dot tool can be found in the path. + +DOT_PATH = + +# The DOTFILE_DIRS tag can be used to specify one or more directories that +# contain dot files that are included in the documentation (see the +# \dotfile command). + +DOTFILE_DIRS = + +# The MSCFILE_DIRS tag can be used to specify one or more directories that +# contain msc files that are included in the documentation (see the +# \mscfile command). + +MSCFILE_DIRS = + +# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of +# nodes that will be shown in the graph. If the number of nodes in a graph +# becomes larger than this value, doxygen will truncate the graph, which is +# visualized by representing a node as a red box. Note that doxygen if the +# number of direct children of the root node in a graph is already larger than +# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note +# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. + +DOT_GRAPH_MAX_NODES = 50 + +# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the +# graphs generated by dot. A depth value of 3 means that only nodes reachable +# from the root by following a path via at most 3 edges will be shown. Nodes +# that lay further from the root node will be omitted. Note that setting this +# option to 1 or 2 may greatly reduce the computation time needed for large +# code bases. Also note that the size of a graph can be further restricted by +# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. + +MAX_DOT_GRAPH_DEPTH = 0 + +# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent +# background. This is disabled by default, because dot on Windows does not +# seem to support this out of the box. Warning: Depending on the platform used, +# enabling this option may lead to badly anti-aliased labels on the edges of +# a graph (i.e. they become hard to read). + +DOT_TRANSPARENT = NO + +# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output +# files in one run (i.e. multiple -o and -T options on the command line). This +# makes dot run faster, but since only newer versions of dot (>1.8.10) +# support this, this feature is disabled by default. + +DOT_MULTI_TARGETS = YES + +# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will +# generate a legend page explaining the meaning of the various boxes and +# arrows in the dot generated graphs. + +GENERATE_LEGEND = YES + +# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will +# remove the intermediate dot files that are used to generate +# the various graphs. + +DOT_CLEANUP = YES diff --git a/lib/openpgp.php b/lib/openpgp.php index dd46930..d8e45c2 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -8,7 +8,7 @@ * @version 0.0.1 * @author Arto Bendiken * @author Stephen Paul Weber - * @link http://github.com/bendiken/openpgp-php + * @see http://github.com/bendiken/openpgp-php */ ////////////////////////////////////////////////////////////////////////////// @@ -260,7 +260,7 @@ function to_bytes() { * * Recurses into CompressedDataPacket * - * + * @see http://tools.ietf.org/html/rfc4880#section-11 */ function signatures() { $msg = $this; diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index db6c16f..472e74c 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -4,9 +4,6 @@ * OpenPGP_Crypt_RSA.php is a wrapper for using the classes from OpenPGP.php with Crypt_RSA * * @package OpenPGP - * @version 0.0.1 - * @author Stephen Paul Weber - * @link http://github.com/singpolyma/openpgp-php */ // From http://phpseclib.sourceforge.net/ From 68514c11c24746da2f4e94d7c064c8338b6fb743 Mon Sep 17 00:00:00 2001 From: Stefan Vetsch Date: Sat, 14 Mar 2015 10:50:06 +0100 Subject: [PATCH 089/176] Add simple composer.json --- composer.json | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 composer.json diff --git a/composer.json b/composer.json new file mode 100644 index 0000000..e1ff974 --- /dev/null +++ b/composer.json @@ -0,0 +1,29 @@ +{ + "name": "singpolyma/openpgp-php", + "description": "Pure-PHP implementation of the OpenPGP Message Format (RFC 4880)", + "minimum-stability": "stable", + "license": "Unlicense", + "authors": [ + { + "name": "Arto Bendiken", + "email": "arto.bendiken@gmail.com" + }, + { + "name": "Stephen Paul Weber", + "email": "singpolyma@singpolyma.net" + } + ], + "require": { + "phpseclib/phpseclib": "~0.3" + }, + "require-dev": { + "phpunit/phpunit": "~4.0" + }, + "autoload": { + "psr-0": { + "OpenPGP": "lib/" + }, + "files": [ + ] + } +} \ No newline at end of file From ae21dd0f566e7ce867505daedd396de5830ffc01 Mon Sep 17 00:00:00 2001 From: Stefan Vetsch Date: Sat, 14 Mar 2015 10:59:21 +0100 Subject: [PATCH 090/176] Make autoload work for phpunit tests --- phpunit.xml | 2 +- tests/bootstrap.php | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 tests/bootstrap.php diff --git a/phpunit.xml b/phpunit.xml index a071d34..a38403e 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -1,4 +1,4 @@ - + tests/suite.php diff --git a/tests/bootstrap.php b/tests/bootstrap.php new file mode 100644 index 0000000..744fe6b --- /dev/null +++ b/tests/bootstrap.php @@ -0,0 +1,2 @@ + Date: Sat, 14 Mar 2015 13:22:14 +0100 Subject: [PATCH 091/176] Make use of the classmap, the current class/file structure does not allow for PSR-0 autoloading. --- composer.json | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/composer.json b/composer.json index e1ff974..52e2f52 100644 --- a/composer.json +++ b/composer.json @@ -20,10 +20,6 @@ "phpunit/phpunit": "~4.0" }, "autoload": { - "psr-0": { - "OpenPGP": "lib/" - }, - "files": [ - ] + "classmap": ["lib/"] } } \ No newline at end of file From ec8df93d1923cf867b0e789c3ba3164dc30961fd Mon Sep 17 00:00:00 2001 From: Stefan Vetsch Date: Sat, 14 Mar 2015 17:17:28 +0100 Subject: [PATCH 092/176] Don't make a scene if there is no autoload.php (if someone isn't using composer). --- tests/bootstrap.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/bootstrap.php b/tests/bootstrap.php index 744fe6b..1980dd4 100644 --- a/tests/bootstrap.php +++ b/tests/bootstrap.php @@ -1,2 +1,2 @@ Date: Sat, 14 Mar 2015 17:41:25 +0100 Subject: [PATCH 093/176] Not needed at this point --- composer.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/composer.json b/composer.json index 52e2f52..a310173 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,6 @@ { "name": "singpolyma/openpgp-php", "description": "Pure-PHP implementation of the OpenPGP Message Format (RFC 4880)", - "minimum-stability": "stable", "license": "Unlicense", "authors": [ { @@ -22,4 +21,4 @@ "autoload": { "classmap": ["lib/"] } -} \ No newline at end of file +} From 2fb1666bb5eb40f99be2ce7c7752003a04294fae Mon Sep 17 00:00:00 2001 From: Stefan Vetsch Date: Sat, 14 Mar 2015 19:36:35 +0100 Subject: [PATCH 094/176] Use composer to load dependencies --- .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 4cfe693..debd056 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,5 +3,4 @@ php: - "5.4" - "5.3" before_script: - - git clone git://github.com/phpseclib/phpseclib.git phpseclib - - mv phpseclib/phpseclib/* ./ + - composer install --prefer-source --dev From 9d6d736a5dab5d10e48227e3974eec263bc9f330 Mon Sep 17 00:00:00 2001 From: Stefan Vetsch Date: Sun, 15 Mar 2015 21:55:40 +0100 Subject: [PATCH 095/176] Add newline before end-of-file (PSR-2) --- tests/bootstrap.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/bootstrap.php b/tests/bootstrap.php index 1980dd4..9635a9c 100644 --- a/tests/bootstrap.php +++ b/tests/bootstrap.php @@ -1,2 +1,2 @@ Date: Thu, 18 Jun 2015 13:32:51 +0200 Subject: [PATCH 096/176] Changed require Crypt/RSA.php to require_once This change allows the lib usage with an autoloader. --- lib/openpgp_crypt_rsa.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index 472e74c..e6b5752 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -7,7 +7,7 @@ */ // From http://phpseclib.sourceforge.net/ -require 'Crypt/RSA.php'; +require_once 'Crypt/RSA.php'; require_once dirname(__FILE__).'/openpgp.php'; @include_once dirname(__FILE__).'/openpgp_crypt_symmetric.php'; /* For encrypt/decrypt */ From 055b5c54598c45c48a6c560ff9ba6dbdb9c51d56 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 4 Jul 2015 16:14:42 -0500 Subject: [PATCH 097/176] Add clearsign example --- examples/clearsign.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 examples/clearsign.php diff --git a/examples/clearsign.php b/examples/clearsign.php new file mode 100644 index 0000000..ead57e0 --- /dev/null +++ b/examples/clearsign.php @@ -0,0 +1,25 @@ + 'u', 'filename' => 'stuff.txt')); + +/* Create a signer from the key */ +$sign = new OpenPGP_Crypt_RSA($wkey); + +/* The message is the signed data packet */ +$m = $sign->sign($data); + +/* Generate clearsigned data */ +$packets = $m->signatures()[0]; +echo "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n"; +echo preg_replace("/^-/", "- -", $packets[0]->data)."\n"; +echo OpenPGP::enarmor($packets[1][0]->to_bytes(), "PGP SIGNATURE"); + +?> From 9bffda3ef2c8cd3ad27b9b981e75a7f611c3a449 Mon Sep 17 00:00:00 2001 From: adecaneda Date: Fri, 31 Jul 2015 11:12:17 +0200 Subject: [PATCH 098/176] Update openpgp_crypt_rsa.php Typo in variable $p->encrypted_data --- lib/openpgp_crypt_rsa.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index e6b5752..db6156f 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -181,10 +181,10 @@ function decrypt($packet) { foreach($message as $p) { if($p instanceof OpenPGP_AsymmetricSessionKeyPacket) { if($keys instanceof Crypt_RSA) { - $sk = self::try_decrypt_session($keys, substr($p->encyrpted_data, 2)); + $sk = self::try_decrypt_session($keys, substr($p->encrypted_data, 2)); } else if(strlen(str_replace('0', '', $p->keyid)) < 1) { foreach($keys->key as $k) { - $sk = self::try_decrypt_session(self::convert_private_key($k), substr($p->encyrpted_data, 2)); + $sk = self::try_decrypt_session(self::convert_private_key($k), substr($p->encrypted_data, 2)); if($sk) break; } } else { From 01a1f00edb5766dbb228eef11127e7dc3972bc39 Mon Sep 17 00:00:00 2001 From: adecaneda Date: Wed, 5 Aug 2015 10:54:57 +0200 Subject: [PATCH 099/176] Inclued partial body lengths Partial body lengths based on https://github.com/toofishes/python-pgpdump/blob/master/pgpdump/packet.py --- lib/openpgp.php | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index d8e45c2..b48ebe8 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -411,6 +411,8 @@ static function class_for($tag) { /** * Parses an OpenPGP packet. + * + * Partial body lengths based on https://github.com/toofishes/python-pgpdump/blob/master/pgpdump/packet.py * * @see http://tools.ietf.org/html/rfc4880#section-4.2 */ @@ -418,18 +420,33 @@ static function parse(&$input) { $packet = NULL; if (strlen($input) > 0) { $parser = ord($input[0]) & 64 ? 'parse_new_format' : 'parse_old_format'; - list($tag, $head_length, $data_length) = self::$parser($input); - $input = substr($input, $head_length); + + $header_start0 = 0; + $consumed = 0; + $packet_data = ""; + do { + list($tag, $data_offset, $data_length, $partial) = self::$parser($input, $header_start0); + + $data_start0 = $header_start0 + $data_offset; + $header_start0 = $data_start0 + $data_length - 1; + $packet_data .= substr($input, $data_start0, $data_length); + + $consumed += $data_offset + $data_length; + if ($partial) { + $consumed -= 1; + } + } while ($partial === true && $parser === 'parse_new_format'); + if ($tag && ($class = self::class_for($tag))) { $packet = new $class(); $packet->tag = $tag; - $packet->input = substr($input, 0, $data_length); - $packet->length = $data_length; + $packet->input = $packet_data; + $packet->length = strlen($packet_data); $packet->read(); unset($packet->input); unset($packet->length); } - $input = substr($input, $data_length); + $input = substr($input, $consumed); } return $packet; } @@ -441,18 +458,19 @@ static function parse(&$input) { */ static function parse_new_format($input) { $tag = ord($input[0]) & 63; - $len = ord($input[1]); + $len = ord($input[$header_start + 1]); if($len < 192) { // One octet length - return array($tag, 2, $len); + return array($tag, 2, $len, false); } if($len > 191 && $len < 224) { // Two octet length - return array($tag, 3, (($len - 192) << 8) + ord($input[2]) + 192); + return array($tag, 3, (($len - 192) << 8) + ord($input[$header_start + 2]) + 192, false); } if($len == 255) { // Five octet length - $unpacked = unpack('N', substr($input, 2, 4)); - return array($tag, 6, reset($unpacked)); + $unpacked = unpack('N', substr($input, $header_start + 2, 4)); + return array($tag, 6, reset($unpacked), false); } - // TODO: Partial body lengths. 1 << ($len & 0x1F) + // Partial body lengths + return array($tag, 2, 1 << ($len & 0x1f), true); } /** From 4281c8fa97f21f3ce93519bfa18154b809f52889 Mon Sep 17 00:00:00 2001 From: adecaneda Date: Wed, 5 Aug 2015 11:18:28 +0200 Subject: [PATCH 100/176] Missing parameter --- lib/openpgp.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index b48ebe8..62597f8 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -456,7 +456,7 @@ static function parse(&$input) { * * @see http://tools.ietf.org/html/rfc4880#section-4.2.2 */ - static function parse_new_format($input) { + static function parse_new_format($input, $header_start = 0) { $tag = ord($input[0]) & 63; $len = ord($input[$header_start + 1]); if($len < 192) { // One octet length From cc52cb9dab20ef91a18bbf56e706a48a66c667de Mon Sep 17 00:00:00 2001 From: adecaneda Date: Wed, 5 Aug 2015 11:35:23 +0200 Subject: [PATCH 101/176] Missing parameter in parse_old_format --- lib/openpgp.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 62597f8..360fc79 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -501,7 +501,7 @@ static function parse_old_format($input) { $data_length = strlen($input) - $head_length; break; } - return array($tag, $head_length, $data_length); + return array($tag, $head_length, $data_length, false); } function __construct($data=NULL) { From d37e91efdae960582b7932cf2be7d59c1894c3b1 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 16 Nov 2015 10:40:44 -0500 Subject: [PATCH 102/176] Example to serialize public key message --- examples/keygen.php | 7 +++++++ lib/openpgp.php | 33 +++++++++++++++++++++++++-------- 2 files changed, 32 insertions(+), 8 deletions(-) diff --git a/examples/keygen.php b/examples/keygen.php index 4dd61f7..bd3ac5b 100644 --- a/examples/keygen.php +++ b/examples/keygen.php @@ -21,4 +21,11 @@ $wkey = new OpenPGP_Crypt_RSA($nkey); $m = $wkey->sign_key_userid(array($nkey, $uid)); +// Serialize private key print $m->to_bytes(); + +// Serialize public key message +$pubm = clone($m); +$pubm[0] = new OpenPGP_PublicKeyPacket($pubm[0]); + +$public_bytes = $pubm->to_bytes(); diff --git a/lib/openpgp.php b/lib/openpgp.php index 360fc79..b8e1565 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -1327,15 +1327,32 @@ class OpenPGP_PublicKeyPacket extends OpenPGP_Packet { function __construct($key=array(), $algorithm='RSA', $timestamp=NULL, $version=4) { parent::__construct(); - $this->key = $key; - if(is_string($this->algorithm = $algorithm)) { - $this->algorithm = array_search($this->algorithm, self::$algorithms); - } - $this->timestamp = $timestamp ? $timestamp : time(); - $this->version = $version; - if(count($this->key) > 0) { - $this->key_id = substr($this->fingerprint(), -8); + if($key instanceof OpenPGP_PublicKeyPacket) { + $this->algorithm = $key->algorithm; + $this->key = array(); + + // Restrict to only the fields we need + foreach (self::$key_fields[$this->algorithm] as $field) { + $this->key[$field] = $key->key[$field]; + } + + $this->key_id = $key->key_id; + $this->fingerprint = $key->fingerprint; + $this->timestamp = $key->timestamp; + $this->version = $key->version; + $this->v3_days_of_validity = $key->v3_days_of_validity; + } else { + $this->key = $key; + if(is_string($this->algorithm = $algorithm)) { + $this->algorithm = array_search($this->algorithm, self::$algorithms); + } + $this->timestamp = $timestamp ? $timestamp : time(); + $this->version = $version; + + if(count($this->key) > 0) { + $this->key_id = substr($this->fingerprint(), -8); + } } } From ff4bd67e6be861401e0f577332c64c0ea8990d7b Mon Sep 17 00:00:00 2001 From: Vitaliy Solovey Date: Fri, 20 Nov 2015 11:39:37 +0200 Subject: [PATCH 103/176] use phpseclib 2.0 --- composer.json | 2 +- lib/openpgp_crypt_rsa.php | 6 +++++- lib/openpgp_crypt_symmetric.php | 24 ++++++++++-------------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/composer.json b/composer.json index a310173..81b0d04 100644 --- a/composer.json +++ b/composer.json @@ -13,7 +13,7 @@ } ], "require": { - "phpseclib/phpseclib": "~0.3" + "phpseclib/phpseclib": "2.0.0" }, "require-dev": { "phpunit/phpunit": "~4.0" diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index db6156f..b7dc762 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -7,7 +7,11 @@ */ // From http://phpseclib.sourceforge.net/ -require_once 'Crypt/RSA.php'; +use phpseclib\Crypt\RSA as Crypt_RSA; +use phpseclib\Math\BigInteger as Math_BigInteger; + +define('CRYPT_RSA_ENCRYPTION_PKCS1', Crypt_RSA::ENCRYPTION_PKCS1); +define('CRYPT_RSA_SIGNATURE_PKCS1', Crypt_RSA::SIGNATURE_PKCS1); require_once dirname(__FILE__).'/openpgp.php'; @include_once dirname(__FILE__).'/openpgp_crypt_symmetric.php'; /* For encrypt/decrypt */ diff --git a/lib/openpgp_crypt_symmetric.php b/lib/openpgp_crypt_symmetric.php index 9833a46..32af72a 100644 --- a/lib/openpgp_crypt_symmetric.php +++ b/lib/openpgp_crypt_symmetric.php @@ -1,20 +1,24 @@ setKey($key); $to_encrypt = $prefix . $message->to_bytes(); @@ -36,7 +40,7 @@ public static function encrypt($passphrases_and_keys, $message, $symmetric_algor $esk = pack('n', OpenPGP::bitlength($esk)) . $esk; array_unshift($encrypted, new OpenPGP_AsymmetricSessionKeyPacket($pass->algorithm, $pass->fingerprint(), $esk)); } else if(is_string($pass)) { - $s2k = new OpenPGP_S2K(crypt_random_string(10)); + $s2k = new OpenPGP_S2K(Random::string(10)); $cipher->setKey($s2k->make_key($pass, $key_bytes)); $esk = $cipher->encrypt(chr($symmetric_algorithm) . $key); array_unshift($encrypted, new OpenPGP_SymmetricSessionKeyPacket($s2k, $esk, $symmetric_algorithm)); @@ -143,11 +147,9 @@ public static function getCipher($algo) { $cipher = NULL; switch($algo) { case 2: - if(class_exists('Crypt_TripleDES')) { $cipher = new Crypt_TripleDES(CRYPT_DES_MODE_CFB); $key_bytes = 24; $key_block_bytes = 8; - } break; case 3: if(defined('MCRYPT_CAST_128')) { @@ -155,22 +157,16 @@ public static function getCipher($algo) { } break; case 7: - if(class_exists('Crypt_AES')) { $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); $cipher->setKeyLength(128); - } break; case 8: - if(class_exists('Crypt_AES')) { $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); $cipher->setKeyLength(192); - } break; case 9: - if(class_exists('Crypt_AES')) { $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); $cipher->setKeyLength(256); - } break; } if(!$cipher) return array(NULL, NULL, NULL); // Unsupported cipher From b2607741475b58190528c9d49d98ba9cf9266124 Mon Sep 17 00:00:00 2001 From: Meitar Moscovitz Date: Sat, 20 Feb 2016 17:17:53 -0700 Subject: [PATCH 104/176] Link to new project that uses OpenPGP.php as library. --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 302b502..099f520 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,8 @@ Users OpenPGP.php is currently being used in the following projects: -* +* +* Download -------- From bcc9c920a065a1847b6d856c628e20c07ef9aa12 Mon Sep 17 00:00:00 2001 From: Daniel Ruf Date: Tue, 23 Feb 2016 20:33:23 +0100 Subject: [PATCH 105/176] fixed keygen example for the phpseclib 2.0 branch Starting with phpseclib 2.0, it is fully namespaced and we have to use the fully qualified name. --- examples/keygen.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/keygen.php b/examples/keygen.php index bd3ac5b..729ea39 100644 --- a/examples/keygen.php +++ b/examples/keygen.php @@ -3,7 +3,7 @@ require_once dirname(__FILE__).'/../lib/openpgp.php'; require_once dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php'; -$rsa = new Crypt_RSA(); +$rsa = new \phpseclib\Crypt\RSA(); $k = $rsa->createKey(512); $rsa->loadKey($k['privatekey']); From cefaef242df6bdb85e19bcf0c23e4fff697737c9 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 24 Feb 2016 11:06:36 -0500 Subject: [PATCH 106/176] Update normalise and example for clearsigning Trailing whitespace must be removed when generating the signature and must not be included in output. --- examples/clearsign.php | 8 +++++++- lib/openpgp.php | 11 ++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/examples/clearsign.php b/examples/clearsign.php index ead57e0..686af02 100644 --- a/examples/clearsign.php +++ b/examples/clearsign.php @@ -7,8 +7,11 @@ $wkey = OpenPGP_Message::parse(file_get_contents('php://stdin')); $wkey = $wkey[0]; +$string = "This\nis\na\ntest."; + /* Create a new literal data packet */ -$data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt')); +$data = new OpenPGP_LiteralDataPacket($string, array('format' => 'u', 'filename' => 'stuff.txt')); +$data->normalize(true); // Clearsign-style normalization of the LiteralDataPacket /* Create a signer from the key */ $sign = new OpenPGP_Crypt_RSA($wkey); @@ -19,6 +22,9 @@ /* Generate clearsigned data */ $packets = $m->signatures()[0]; echo "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n"; +// Output normalised data. You could convert line endings here +// without breaking the signature, but do not add any +// trailing whitespace to lines. echo preg_replace("/^-/", "- -", $packets[0]->data)."\n"; echo OpenPGP::enarmor($packets[1][0]->to_bytes(), "PGP SIGNATURE"); diff --git a/lib/openpgp.php b/lib/openpgp.php index b8e1565..43a8f0f 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -1702,10 +1702,19 @@ function __construct($data=NULL, $opt=array()) { $this->timestamp = isset($opt['timestamp']) ? $opt['timestamp'] : time(); } - function normalize() { + function normalize($clearsign=false) { + if($clearsign && ($this->format != 'u' && $this->format != 't')) { + $this->format = 'u'; // Clearsign must be text + } + if($this->format == 'u' || $this->format == 't') { // Normalize line endings $this->data = str_replace("\n", "\r\n", str_replace("\r", "\n", str_replace("\r\n", "\n", $this->data))); } + + if($clearsign) { + // When clearsigning, do not sign over trailing whitespace + $this->data = preg_replace('/\s+\r/', "\r", $this->data); + } } function read() { From 08ae2c57d1689df570b7f8db39f129da2e933cca Mon Sep 17 00:00:00 2001 From: Daniel Ruf Date: Mon, 14 Mar 2016 12:10:17 +0100 Subject: [PATCH 107/176] use $cipher->key_length starting with phpseclib 2.0.1, `key_size` was renamed to `key_length` --- lib/openpgp_crypt_symmetric.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/openpgp_crypt_symmetric.php b/lib/openpgp_crypt_symmetric.php index 32af72a..120d4d9 100644 --- a/lib/openpgp_crypt_symmetric.php +++ b/lib/openpgp_crypt_symmetric.php @@ -170,7 +170,7 @@ public static function getCipher($algo) { break; } if(!$cipher) return array(NULL, NULL, NULL); // Unsupported cipher - if(!isset($key_bytes)) $key_bytes = $cipher->key_size; + if(!isset($key_bytes)) $key_bytes = isset($cipher->key_size)?$cipher->key_size:$cipher->key_length; if(!isset($key_block_bytes)) $key_block_bytes = $cipher->block_size; return array($cipher, $key_bytes, $key_block_bytes); } From a87e6ac0c902064fb46fea912fb7d816ec2fd156 Mon Sep 17 00:00:00 2001 From: Daniel Ruf Date: Tue, 15 Mar 2016 09:31:57 +0100 Subject: [PATCH 108/176] added more PHP versions to the travis file 5.3 and 5.4 could be possibly removed. Nightly builds and HHVM should be ok. --- .travis.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index debd056..793b424 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,11 @@ language: php php: - - "5.4" - - "5.3" + - 5.3 + - 5.4 + - 5.5 + - 5.6 + - 7.0 + - hhvm + - nightly before_script: - composer install --prefer-source --dev From de41f143e62346f2b1fce2ede32f06b860734f33 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 26 Jul 2016 18:44:49 -0500 Subject: [PATCH 109/176] Throw exception if using CAST5 without mcrypt --- lib/openpgp_crypt_symmetric.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/openpgp_crypt_symmetric.php b/lib/openpgp_crypt_symmetric.php index 120d4d9..844c53b 100644 --- a/lib/openpgp_crypt_symmetric.php +++ b/lib/openpgp_crypt_symmetric.php @@ -154,6 +154,8 @@ public static function getCipher($algo) { case 3: if(defined('MCRYPT_CAST_128')) { $cipher = new MCryptWrapper(MCRYPT_CAST_128); + } else { + throw new Exception("Unsupported cipher: you must have mcrypt installed to use CAST5"); } break; case 7: From 6d9ed34224cc23d466d474c0e8bd23947ce5fe34 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 26 Jul 2016 18:58:16 -0500 Subject: [PATCH 110/176] Less strict phpseclib requirement Still test against 2.0.0 as well as latest --- .travis.yml | 7 +++++-- composer.json | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 793b424..5d6bcae 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,5 +7,8 @@ php: - 7.0 - hhvm - nightly -before_script: - - composer install --prefer-source --dev + +matrix: + include: + - install: composer install --prefer-source --dev + - install: "sed -i 's/\"phpseclib\\/phpseclib\": \"[^\"]*/\"phpseclib\\/phpseclib\": \"2.0.0/' && composer install --prefer-source --dev" diff --git a/composer.json b/composer.json index 81b0d04..96b81ab 100644 --- a/composer.json +++ b/composer.json @@ -13,7 +13,7 @@ } ], "require": { - "phpseclib/phpseclib": "2.0.0" + "phpseclib/phpseclib": "^2.0" }, "require-dev": { "phpunit/phpunit": "~4.0" From 02fbcbf7e65e982cdf4592822d745cfab663df82 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 26 Jul 2016 18:59:02 -0500 Subject: [PATCH 111/176] nightly not working, can't find docs on the deprecation yet --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 5d6bcae..9727208 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,7 +6,7 @@ php: - 5.6 - 7.0 - hhvm - - nightly +# - nightly matrix: include: From 46ec5079e8cc82aa76eb95322829d41391b10bb5 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 26 Jul 2016 19:01:18 -0500 Subject: [PATCH 112/176] Only env can matrix --- .travis.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9727208..2de646f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,7 +8,8 @@ php: - hhvm # - nightly -matrix: - include: - - install: composer install --prefer-source --dev - - install: "sed -i 's/\"phpseclib\\/phpseclib\": \"[^\"]*/\"phpseclib\\/phpseclib\": \"2.0.0/' && composer install --prefer-source --dev" +env: + - PHPSECLIB="^2.0" + - PHPSECLIB="2.0.0" + +before_script: 'sed -i "s/\"phpseclib\/phpseclib\": \"[^\"]*/\"phpseclib\/phpseclib\": \"$PHPSECLIB/" composer.json && composer install --prefer-source --dev' From 4531815ef290612344467a09e576bc71969aa57b Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 26 Jul 2016 19:21:57 -0500 Subject: [PATCH 113/176] The code in fact expects an array of OR'd bytes As the spec specifies. Closes #32 --- lib/openpgp_crypt_rsa.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index b7dc762..cd782bc 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -154,7 +154,7 @@ function sign_key_userid($packet, $hash='SHA256', $keyid=NULL) { if(!$sig) { $sig = new OpenPGP_SignaturePacket($packet, 'RSA', strtoupper($hash)); $sig->signature_type = 0x13; - $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_KeyFlagsPacket(array(0x01, 0x02)); + $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_KeyFlagsPacket(array(0x01 | 0x02)); $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid); $packet[] = $sig; } From 741fec24a6a31d6eb4844b15d5bcecad09e1b53d Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 26 Jul 2016 20:09:15 -0500 Subject: [PATCH 114/176] These coefficients go in the other order --- examples/keygen.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/keygen.php b/examples/keygen.php index 729ea39..1bc03af 100644 --- a/examples/keygen.php +++ b/examples/keygen.php @@ -11,8 +11,8 @@ 'n' => $rsa->modulus->toBytes(), 'e' => $rsa->publicExponent->toBytes(), 'd' => $rsa->exponent->toBytes(), - 'p' => $rsa->primes[1]->toBytes(), - 'q' => $rsa->primes[2]->toBytes(), + 'p' => $rsa->primes[2]->toBytes(), + 'q' => $rsa->primes[1]->toBytes(), 'u' => $rsa->coefficients[2]->toBytes() )); From 7538c62edde8039a7258543296a946af67489c2d Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 8 Apr 2017 11:13:52 -0500 Subject: [PATCH 115/176] Seems phpseclib 2.0.3 breaks us --- .travis.yml | 3 ++- composer.json | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 2de646f..ae42734 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,7 +9,8 @@ php: # - nightly env: - - PHPSECLIB="^2.0" - PHPSECLIB="2.0.0" + - PHPSECLIB="2.0.1" + - PHPSECLIB="2.0.2" before_script: 'sed -i "s/\"phpseclib\/phpseclib\": \"[^\"]*/\"phpseclib\/phpseclib\": \"$PHPSECLIB/" composer.json && composer install --prefer-source --dev' diff --git a/composer.json b/composer.json index 96b81ab..04a1109 100644 --- a/composer.json +++ b/composer.json @@ -13,7 +13,7 @@ } ], "require": { - "phpseclib/phpseclib": "^2.0" + "phpseclib/phpseclib": ">=2.0.0 <2.0.3" }, "require-dev": { "phpunit/phpunit": "~4.0" From cea5b176fc1b812bfaffe144f6e5d212633b486b Mon Sep 17 00:00:00 2001 From: Jason Gallavin Date: Mon, 10 Apr 2017 20:27:48 -0400 Subject: [PATCH 116/176] https://github.com/phpseclib/phpseclib/issues/1113 Add compatibility with phpseclib 2.0.3 - 2.0.4 --- .travis.yml | 2 ++ composer.json | 2 +- lib/openpgp_crypt_rsa.php | 14 ++++++++++++-- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index ae42734..3829874 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,5 +12,7 @@ env: - PHPSECLIB="2.0.0" - PHPSECLIB="2.0.1" - PHPSECLIB="2.0.2" + - PHPSECLIB="2.0.3" + - PHPSECLIB="2.0.4" before_script: 'sed -i "s/\"phpseclib\/phpseclib\": \"[^\"]*/\"phpseclib\/phpseclib\": \"$PHPSECLIB/" composer.json && composer install --prefer-source --dev' diff --git a/composer.json b/composer.json index 04a1109..6acc8c4 100644 --- a/composer.json +++ b/composer.json @@ -13,7 +13,7 @@ } ], "require": { - "phpseclib/phpseclib": ">=2.0.0 <2.0.3" + "phpseclib/phpseclib": ">=2.0.0 <=2.0.4" }, "require-dev": { "phpunit/phpunit": "~4.0" diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index cd782bc..bce11e1 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -245,8 +245,18 @@ static function convert_key($packet, $private=false) { $rsa = self::crypt_rsa_key($mod, $exp); if($private) { - if($packet->key['p'] && $packet->key['q']) $rsa->primes = array($packet->key['p'], $packet->key['q']); - if($packet->key['u']) $rsa->coefficients = array($packet->key['u']); + /** + * @see https://github.com/phpseclib/phpseclib/issues/1113 + * Primes and coefficients now use BigIntegers. + **/ + //set the primes + if($packet->key['p'] && $packet->key['q']) + $rsa->primes = array( + 1 => new Math_BigInteger($packet->key['p'], 256), + 2 => new Math_BigInteger($packet->key['q'], 256) + ); + // set the coefficients + if($packet->key['u']) $rsa->coefficients = array(2 => new Math_BigInteger($packet->key['u'], 256)); } return $rsa; From 6006111bbc4c3b6cb8f0acb7d6c4a7047df366e8 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 12 Apr 2017 16:23:15 -0500 Subject: [PATCH 117/176] Bump version number --- VERSION | 2 +- lib/openpgp.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index 8acdd82..0d91a54 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.0.1 +0.3.0 diff --git a/lib/openpgp.php b/lib/openpgp.php index 43a8f0f..dc659d7 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -5,7 +5,7 @@ * (RFC 4880). * * @package OpenPGP - * @version 0.0.1 + * @version 0.3.0 * @author Arto Bendiken * @author Stephen Paul Weber * @see http://github.com/bendiken/openpgp-php From 95facfb57fdfae4b380c4abc2b26dc8e2b983ffe Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 18 Jul 2017 19:35:20 -0500 Subject: [PATCH 118/176] Travis wants trusty for HHVM now --- .travis.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.travis.yml b/.travis.yml index 3829874..f9e7d42 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,6 +8,8 @@ php: - hhvm # - nightly +dist: trusty + env: - PHPSECLIB="2.0.0" - PHPSECLIB="2.0.1" From c9ae8251b67e5d5a8122c5be8dfbcc1f47d86142 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 18 Jul 2017 19:41:34 -0500 Subject: [PATCH 119/176] New list of supported PHPs on Travis --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index f9e7d42..2a6cd79 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,10 +1,10 @@ language: php php: - - 5.3 - 5.4 - 5.5 - 5.6 - 7.0 +# - 7.1 - hhvm # - nightly From a8e7690a693e33cf595316b82d0130605bc17858 Mon Sep 17 00:00:00 2001 From: Rotzbua Date: Fri, 15 Dec 2017 15:23:00 +0100 Subject: [PATCH 120/176] change links to https --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 099f520..21a6eca 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ OpenPGP.php: OpenPGP for PHP This is a pure-PHP implementation of the OpenPGP Message Format (RFC 4880). -* +* ### About OpenPGP @@ -13,8 +13,8 @@ Force (IETF) Proposed Standard RFC 4880. The OpenPGP standard was originally derived from PGP (Pretty Good Privacy), first created by Phil Zimmermann in 1991. -* -* +* +* Features -------- @@ -43,16 +43,16 @@ To get a local working copy of the development repository, do: Alternatively, you can download the latest development version as a tarball as follows: - % wget http://github.com/bendiken/openpgp-php/tarball/master + % wget https://github.com/bendiken/openpgp-php/tarball/master Authors ------- * [Arto Bendiken](mailto:arto.bendiken@gmail.com) - -* [Stephen Paul Weber](mailto:singpolyma@singpolyma.net) - +* [Stephen Paul Weber](mailto:singpolyma@singpolyma.net) - License ------- OpenPGP.php is free and unencumbered public domain software. For more -information, see or the accompanying UNLICENSE file. +information, see or the accompanying UNLICENSE file. From 69d935435cdbe25e21334c66d2f427b00a1ef5e1 Mon Sep 17 00:00:00 2001 From: Rotzbua Date: Fri, 15 Dec 2017 16:10:39 +0100 Subject: [PATCH 121/176] add php 7.1 7.2 --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 2a6cd79..d8a8ef6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,7 +4,8 @@ php: - 5.5 - 5.6 - 7.0 -# - 7.1 + - 7.1 + - 7.2 - hhvm # - nightly From e8a56241a535a8b04fbacae1f7d78a2258476b6e Mon Sep 17 00:00:00 2001 From: Rotzbua Date: Fri, 15 Dec 2017 16:30:18 +0100 Subject: [PATCH 122/176] Update .travis.yml --- .travis.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.travis.yml b/.travis.yml index d8a8ef6..f8876f4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,4 +18,11 @@ env: - PHPSECLIB="2.0.3" - PHPSECLIB="2.0.4" +matrix: + allow_failures: + - php: 7.1 + - php: 7.2 + + fast_finish: true + before_script: 'sed -i "s/\"phpseclib\/phpseclib\": \"[^\"]*/\"phpseclib\/phpseclib\": \"$PHPSECLIB/" composer.json && composer install --prefer-source --dev' From f42afa0ca3a98744777b7e20958bb047187d3368 Mon Sep 17 00:00:00 2001 From: Rotzbua Date: Fri, 15 Dec 2017 16:35:33 +0100 Subject: [PATCH 123/176] Update .travis.yml --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index f8876f4..dcfe19f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,7 +7,6 @@ php: - 7.1 - 7.2 - hhvm -# - nightly dist: trusty From ebce9c014cd617f4a50d4b2d8c767bbdf8b0c414 Mon Sep 17 00:00:00 2001 From: Rotzbua Date: Fri, 15 Dec 2017 16:37:53 +0100 Subject: [PATCH 124/176] add travis build status to reamde --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 21a6eca..636a0f9 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +[![Build Status](https://travis-ci.org/singpolyma/openpgp-php.svg?branch=master)](https://travis-ci.org/singpolyma/openpgp-php) + OpenPGP.php: OpenPGP for PHP ============================ From ba3c3fd42d24feddef6177d98285431473e86f31 Mon Sep 17 00:00:00 2001 From: Rotzbua Date: Tue, 26 Dec 2017 21:53:31 +0100 Subject: [PATCH 125/176] add suggestion to composer --- composer.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/composer.json b/composer.json index 6acc8c4..d2c15b3 100644 --- a/composer.json +++ b/composer.json @@ -18,6 +18,9 @@ "require-dev": { "phpunit/phpunit": "~4.0" }, + "suggest": { + "ext-mcrypt": "required if you use encryption cast5" + }, "autoload": { "classmap": ["lib/"] } From 413741fa84e6874aa88a1ae6029adf4060e89374 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 25 Jul 2018 09:56:57 -0500 Subject: [PATCH 126/176] Throw more helpful exception when already decrypted --- lib/openpgp_crypt_symmetric.php | 3 +++ tests/phpseclib_suite.php | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/lib/openpgp_crypt_symmetric.php b/lib/openpgp_crypt_symmetric.php index 844c53b..c853379 100644 --- a/lib/openpgp_crypt_symmetric.php +++ b/lib/openpgp_crypt_symmetric.php @@ -146,6 +146,9 @@ public static function decryptPacket($epacket, $symmetric_algorithm, $key) { public static function getCipher($algo) { $cipher = NULL; switch($algo) { + case NULL: + case 0: + throw new Exception("Data is already unencrypted"); case 2: $cipher = new Crypt_TripleDES(CRYPT_DES_MODE_CFB); $key_bytes = 24; diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index 0f6ae30..6e7f2e5 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -114,6 +114,13 @@ public function testDecryptSecretKey() { $skey = OpenPGP_Crypt_Symmetric::decryptSecretKey("hello", $key[0]); $this->assertSame(!!$skey, true); } + + public function testAlreadyDecryptedSecretKey() { + $this->expectException(Exception::class); + $this->expectExceptionMessage("Data is already unencrypted"); + $key = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/helloKey.gpg')); + OpenPGP_Crypt_Symmetric::decryptSecretKey("hello", $key[0]); + } } class Encryption extends PHPUnit_Framework_TestCase { From 498e60602b5847b3d3927394c86b796a2843d122 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 25 Jul 2018 09:57:33 -0500 Subject: [PATCH 127/176] If session decryption fails, return NULL Otherwise it returns false, we try to unpack that, and generally bad things happen. --- lib/openpgp_crypt_rsa.php | 3 ++- tests/phpseclib_suite.php | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index bce11e1..70925ef 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -208,7 +208,8 @@ function decrypt($packet) { static function try_decrypt_session($key, $edata) { $key->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1); - $data = $key->decrypt($edata); + $data = @$key->decrypt($edata); + if(!$data) return NULL; $sk = substr($data, 1, strlen($data)-3); $chk = unpack('n', substr($data, -2)); $chk = reset($chk); diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index 6e7f2e5..d592db5 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -109,6 +109,24 @@ public function testDecryptAsymmetric() { } } + public function testDecryptRoundtrip() { + $m = new OpenPGP_Message(array(new OpenPGP_LiteralDataPacket("hello\n"))); + $key = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/helloKey.gpg')); + $em = OpenPGP_Crypt_Symmetric::encrypt($key, $m); + + foreach($key as $packet) { + if(!($packet instanceof OpenPGP_SecretKeyPacket)) continue; + $decryptor = new OpenPGP_Crypt_RSA($packet); + $m2 = $decryptor->decrypt($em); + + foreach($m2 as $p) { + if($p instanceof OpenPGP_LiteralDataPacket) { + $this->assertEquals($p->data, "hello\n"); + } + } + } + } + public function testDecryptSecretKey() { $key = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/encryptedSecretKey.gpg')); $skey = OpenPGP_Crypt_Symmetric::decryptSecretKey("hello", $key[0]); From 26560f7bcac1d2a682c59f45635d41ba7beec7bc Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 25 Jul 2018 10:27:30 -0500 Subject: [PATCH 128/176] Upgrade phpunit version to use in Travis --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index d2c15b3..d952a62 100644 --- a/composer.json +++ b/composer.json @@ -16,7 +16,7 @@ "phpseclib/phpseclib": ">=2.0.0 <=2.0.4" }, "require-dev": { - "phpunit/phpunit": "~4.0" + "phpunit/phpunit": "~5.0" }, "suggest": { "ext-mcrypt": "required if you use encryption cast5" From 724d5b16f3b808d552f3b9df446db98a8fe5b38e Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 25 Jul 2018 10:31:52 -0500 Subject: [PATCH 129/176] Newer phpunit can't support older PHP They're very old, and 5.6 is available in Debian stable and oldstable, so drop support. --- .travis.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index dcfe19f..145aedb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,5 @@ language: php php: - - 5.4 - - 5.5 - 5.6 - 7.0 - 7.1 From d756110821a4639916284a560c0d88a179fad48b Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 25 Jul 2018 10:32:41 -0500 Subject: [PATCH 130/176] Test support for all newer versions of phpseclib It seems only 2.0.8 is broken --- .travis.yml | 7 +++++++ composer.json | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 145aedb..fd777fa 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,11 +9,18 @@ php: dist: trusty env: + - PHPSECLIB='^2.0 !=2.0.8' - PHPSECLIB="2.0.0" - PHPSECLIB="2.0.1" - PHPSECLIB="2.0.2" - PHPSECLIB="2.0.3" - PHPSECLIB="2.0.4" + - PHPSECLIB="2.0.5" + - PHPSECLIB="2.0.6" + - PHPSECLIB="2.0.7" + - PHPSECLIB="2.0.9" + - PHPSECLIB="2.0.10" + - PHPSECLIB="2.0.11" matrix: allow_failures: diff --git a/composer.json b/composer.json index d952a62..56372b7 100644 --- a/composer.json +++ b/composer.json @@ -13,10 +13,10 @@ } ], "require": { - "phpseclib/phpseclib": ">=2.0.0 <=2.0.4" + "phpseclib/phpseclib": "^2.0 !=2.0.8" }, "require-dev": { - "phpunit/phpunit": "~5.0" + "phpunit/phpunit": "^5.0" }, "suggest": { "ext-mcrypt": "required if you use encryption cast5" From 5a6b60571067d1ac690c0aaf9c69a96d80966267 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 25 Jul 2018 11:06:49 -0500 Subject: [PATCH 131/176] Support Twofish and Blowfish --- lib/openpgp_crypt_symmetric.php | 42 ++++++++++++++++++++----------- tests/data/symmetric-blowfish.gpg | 1 + tests/data/symmetric-twofish.gpg | 3 +++ tests/phpseclib_suite.php | 18 ++++++++++--- 4 files changed, 45 insertions(+), 19 deletions(-) create mode 100644 tests/data/symmetric-blowfish.gpg create mode 100644 tests/data/symmetric-twofish.gpg diff --git a/lib/openpgp_crypt_symmetric.php b/lib/openpgp_crypt_symmetric.php index c853379..ab7804e 100644 --- a/lib/openpgp_crypt_symmetric.php +++ b/lib/openpgp_crypt_symmetric.php @@ -1,12 +1,11 @@ setKeyLength(128); + $cipher = new Crypt_AES(Crypt_AES::MODE_CFB); + $cipher->setKeyLength(128); break; case 8: - $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); - $cipher->setKeyLength(192); + $cipher = new Crypt_AES(Crypt_AES::MODE_CFB); + $cipher->setKeyLength(192); break; case 9: - $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); + $cipher = new Crypt_AES(Crypt_AES::MODE_CFB); + $cipher->setKeyLength(256); + break; + case 10: + $cipher = new Crypt_Twofish(Crypt_Twofish::MODE_CFB); + if(method_exists($cipher, 'setKeyLength')) { $cipher->setKeyLength(256); + } else { + $cipher = NULL; + } break; } if(!$cipher) return array(NULL, NULL, NULL); // Unsupported cipher diff --git a/tests/data/symmetric-blowfish.gpg b/tests/data/symmetric-blowfish.gpg new file mode 100644 index 0000000..0dda30c --- /dev/null +++ b/tests/data/symmetric-blowfish.gpg @@ -0,0 +1 @@ +Œ óè¢hœ±Ï³ÖÉfuÜhè‚ý’sÅþ®Ùø°¼þ_VF•4Ó \ No newline at end of file diff --git a/tests/data/symmetric-twofish.gpg b/tests/data/symmetric-twofish.gpg new file mode 100644 index 0000000..14255d8 --- /dev/null +++ b/tests/data/symmetric-twofish.gpg @@ -0,0 +1,3 @@ +Œ  +cýІ èÑÔÖÒ9=õ­Çâ]¼TföA ¼c«vìåeøkº€Èʲõ¡©n}%.lòëuÛ?\êåI +ð[øõblÊ \ No newline at end of file diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index d592db5..2517e6e 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -76,10 +76,6 @@ public function oneSymmetric($pass, $cnt, $path) { } } - public function testDecryptAES() { - $this->oneSymmetric("hello", "PGP\n", "symmetric-aes.gpg"); - } - public function testDecrypt3DES() { $this->oneSymmetric("hello", "PGP\n", "symmetric-3des.gpg"); } @@ -88,6 +84,20 @@ public function testDecryptCAST5() { // Requires mcrypt $this->oneSymmetric("hello", "PGP\n", "symmetric-cast5.gpg"); } + public function testDecryptBlowfish() { + $this->oneSymmetric("hello", "PGP\n", "symmetric-blowfish.gpg"); + } + + public function testDecryptAES() { + $this->oneSymmetric("hello", "PGP\n", "symmetric-aes.gpg"); + } + + public function testDecryptTwofish() { + if(OpenPGP_Crypt_Symmetric::getCipher(10)[0]) { + $this->oneSymmetric("hello", "PGP\n", "symmetric-twofish.gpg"); + } + } + public function testDecryptSessionKey() { $this->oneSymmetric("hello", "PGP\n", "symmetric-with-session-key.gpg"); } From 43497a15c00a993d699759cb010203e3f6564157 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 25 Jul 2018 13:38:41 -0500 Subject: [PATCH 132/176] Use OpenSSL for CAST5 Mcrypt is deprecated, so use OpenSSL when we can, mcrypt when we can't. --- lib/openpgp_crypt_symmetric.php | 5 ++++- lib/openpgp_openssl_wrapper.php | 33 ++++++++++++++++++++++++++++++ tests/phpseclib_suite.php | 36 ++++++++++++++++++++++++++++++--- 3 files changed, 70 insertions(+), 4 deletions(-) create mode 100644 lib/openpgp_openssl_wrapper.php diff --git a/lib/openpgp_crypt_symmetric.php b/lib/openpgp_crypt_symmetric.php index ab7804e..997d530 100644 --- a/lib/openpgp_crypt_symmetric.php +++ b/lib/openpgp_crypt_symmetric.php @@ -9,6 +9,7 @@ require_once dirname(__FILE__).'/openpgp.php'; @include_once dirname(__FILE__).'/openpgp_crypt_rsa.php'; @include_once dirname(__FILE__).'/openpgp_mcrypt_wrapper.php'; +@include_once dirname(__FILE__).'/openpgp_openssl_wrapper.php'; class OpenPGP_Crypt_Symmetric { public static function encrypt($passphrases_and_keys, $message, $symmetric_algorithm=9) { @@ -154,7 +155,9 @@ public static function getCipher($algo) { $key_block_bytes = 8; break; case 3: - if(defined('MCRYPT_CAST_128')) { + if(class_exists('OpenSSLWrapper')) { + $cipher = new OpenSSLWrapper("CAST5-CFB"); + } else if(defined('MCRYPT_CAST_128')) { $cipher = new MCryptWrapper(MCRYPT_CAST_128); } else { throw new Exception("Unsupported cipher: you must have mcrypt installed to use CAST5"); diff --git a/lib/openpgp_openssl_wrapper.php b/lib/openpgp_openssl_wrapper.php new file mode 100644 index 0000000..83d5ad6 --- /dev/null +++ b/lib/openpgp_openssl_wrapper.php @@ -0,0 +1,33 @@ +cipher = $cipher; + $this->key_size = 16; + $this->block_size = 8; + $this->iv = str_repeat("\0", 8); + } + + function setKey($key) { + $this->key = $key; + } + + function setIV($iv) { + $this->iv = $iv; + } + + function encrypt($data) { + return openssl_encrypt($data, $this->cipher, $this->key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $this->iv); + } + + function decrypt($data) { + return openssl_decrypt($data, $this->cipher, $this->key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $this->iv); + } + } +} diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index 2517e6e..70b93aa 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -80,7 +80,7 @@ public function testDecrypt3DES() { $this->oneSymmetric("hello", "PGP\n", "symmetric-3des.gpg"); } - public function testDecryptCAST5() { // Requires mcrypt + public function testDecryptCAST5() { // Requires mcrypt or openssl $this->oneSymmetric("hello", "PGP\n", "symmetric-cast5.gpg"); } @@ -152,13 +152,43 @@ public function testAlreadyDecryptedSecretKey() { } class Encryption extends PHPUnit_Framework_TestCase { - public function testEncryptSymmetric() { + public function oneSymmetric($algorithm) { $data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt')); - $encrypted = OpenPGP_Crypt_Symmetric::encrypt('secret', new OpenPGP_Message(array($data))); + $encrypted = OpenPGP_Crypt_Symmetric::encrypt('secret', new OpenPGP_Message(array($data)), $algorithm); $decrypted = OpenPGP_Crypt_Symmetric::decryptSymmetric('secret', $encrypted); $this->assertEquals($decrypted[0]->data, 'This is text.'); } + public function testEncryptSymmetric3DES() { + $this->oneSymmetric(2); + } + + public function testEncryptSymmetricCAST5() { + $this->oneSymmetric(3); + } + + public function testEncryptSymmetricBlowfish() { + $this->oneSymmetric(4); + } + + public function testEncryptSymmetricAES128() { + $this->oneSymmetric(7); + } + + public function testEncryptSymmetricAES192() { + $this->oneSymmetric(8); + } + + public function testEncryptSymmetricAES256() { + $this->oneSymmetric(9); + } + + public function testEncryptSymmetricTwofish() { + if(OpenPGP_Crypt_Symmetric::getCipher(10)[0]) { + $this->oneSymmetric(10); + } + } + public function testEncryptAsymmetric() { $key = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/helloKey.gpg')); $data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt')); From 44e1bb2902caaac855da46645cc13fcffe19645a Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 25 Jul 2018 13:48:12 -0500 Subject: [PATCH 133/176] Do not throw when CAST5 unsupported While this message may be more helpful, it will break some cases, such as when there are multiple ciphers that could be used and we can just skip CAST5 and move on. Return NULL when CAST5 unsupported, just like for other unsupported ciphers. --- lib/openpgp_crypt_symmetric.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/openpgp_crypt_symmetric.php b/lib/openpgp_crypt_symmetric.php index 997d530..3f608cb 100644 --- a/lib/openpgp_crypt_symmetric.php +++ b/lib/openpgp_crypt_symmetric.php @@ -159,8 +159,6 @@ public static function getCipher($algo) { $cipher = new OpenSSLWrapper("CAST5-CFB"); } else if(defined('MCRYPT_CAST_128')) { $cipher = new MCryptWrapper(MCRYPT_CAST_128); - } else { - throw new Exception("Unsupported cipher: you must have mcrypt installed to use CAST5"); } break; case 4: From f2e1710da5b671e4e4a7fd275ca35328b2cf2d4e Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 25 Jul 2018 14:16:18 -0500 Subject: [PATCH 134/176] Tell composer what versions of PHP we test against Closes #61 --- composer.json | 1 + 1 file changed, 1 insertion(+) diff --git a/composer.json b/composer.json index 56372b7..4db5859 100644 --- a/composer.json +++ b/composer.json @@ -13,6 +13,7 @@ } ], "require": { + "php": "^5.6 || ^7.0", "phpseclib/phpseclib": "^2.0 !=2.0.8" }, "require-dev": { From cba1ecce8a07ebdb80cdd7d43e092d3309a0da27 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 25 Jul 2018 14:35:51 -0500 Subject: [PATCH 135/176] Do not rely on asserts for behaviour Closes #35 --- lib/openpgp.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index dc659d7..565f09b 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -685,7 +685,9 @@ function read() { switch($this->version = ord($this->read_byte())) { case 2: case 3: - assert(ord($this->read_byte()) == 5); + if(ord($this->read_byte()) != 5) { + throw new Exception("Invalid version 2 or 3 SignaturePacket"); + } $this->signature_type = ord($this->read_byte()); $creation_time = $this->read_timestamp(); $keyid = $this->read_bytes(8); From aeb919abc33491fe9b626f4f38a01614d3180fd1 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 25 Jul 2018 14:37:07 -0500 Subject: [PATCH 136/176] Whitespace --- tests/suite.php | 175 ++++++++++++++++++++++++------------------------ 1 file changed, 87 insertions(+), 88 deletions(-) diff --git a/tests/suite.php b/tests/suite.php index 1752d0b..f7b064a 100644 --- a/tests/suite.php +++ b/tests/suite.php @@ -14,355 +14,354 @@ public function test000001006public_key() { $this->oneSerialization("000001-006.public_key"); } - public function test000002013user_id() { $this->oneSerialization("000002-013.user_id"); } - + public function test000003002sig() { $this->oneSerialization("000003-002.sig"); } - + public function test000004012ring_trust() { $this->oneSerialization("000004-012.ring_trust"); } - + public function test000005002sig() { $this->oneSerialization("000005-002.sig"); } - + public function test000006012ring_trust() { $this->oneSerialization("000006-012.ring_trust"); } - + public function test000007002sig() { $this->oneSerialization("000007-002.sig"); } - + public function test000008012ring_trust() { $this->oneSerialization("000008-012.ring_trust"); } - + public function test000009002sig() { $this->oneSerialization("000009-002.sig"); } - + public function test000010012ring_trust() { $this->oneSerialization("000010-012.ring_trust"); } - + public function test000011002sig() { $this->oneSerialization("000011-002.sig"); } - + public function test000012012ring_trust() { $this->oneSerialization("000012-012.ring_trust"); } - + public function test000013014public_subkey() { $this->oneSerialization("000013-014.public_subkey"); } - + public function test000014002sig() { $this->oneSerialization("000014-002.sig"); } - + public function test000015012ring_trust() { $this->oneSerialization("000015-012.ring_trust"); } - + public function test000016006public_key() { $this->oneSerialization("000016-006.public_key"); } - + public function test000017002sig() { $this->oneSerialization("000017-002.sig"); } - + public function test000018012ring_trust() { $this->oneSerialization("000018-012.ring_trust"); } - + public function test000019013user_id() { $this->oneSerialization("000019-013.user_id"); } - + public function test000020002sig() { $this->oneSerialization("000020-002.sig"); } - + public function test000021012ring_trust() { $this->oneSerialization("000021-012.ring_trust"); } - + public function test000022002sig() { $this->oneSerialization("000022-002.sig"); } - + public function test000023012ring_trust() { $this->oneSerialization("000023-012.ring_trust"); } - + public function test000024014public_subkey() { $this->oneSerialization("000024-014.public_subkey"); } - + public function test000025002sig() { $this->oneSerialization("000025-002.sig"); } - + public function test000026012ring_trust() { $this->oneSerialization("000026-012.ring_trust"); } - + public function test000027006public_key() { $this->oneSerialization("000027-006.public_key"); } - + public function test000028002sig() { $this->oneSerialization("000028-002.sig"); } - + public function test000029012ring_trust() { $this->oneSerialization("000029-012.ring_trust"); } - + public function test000030013user_id() { $this->oneSerialization("000030-013.user_id"); } - + public function test000031002sig() { $this->oneSerialization("000031-002.sig"); } - + public function test000032012ring_trust() { $this->oneSerialization("000032-012.ring_trust"); } - + public function test000033002sig() { $this->oneSerialization("000033-002.sig"); } - + public function test000034012ring_trust() { $this->oneSerialization("000034-012.ring_trust"); } - + public function test000035006public_key() { $this->oneSerialization("000035-006.public_key"); } - + public function test000036013user_id() { $this->oneSerialization("000036-013.user_id"); } - + public function test000037002sig() { $this->oneSerialization("000037-002.sig"); } - + public function test000038012ring_trust() { $this->oneSerialization("000038-012.ring_trust"); } - + public function test000039002sig() { $this->oneSerialization("000039-002.sig"); } - + public function test000040012ring_trust() { $this->oneSerialization("000040-012.ring_trust"); } - + public function test000041017attribute() { $this->oneSerialization("000041-017.attribute"); } - + public function test000042002sig() { $this->oneSerialization("000042-002.sig"); } - + public function test000043012ring_trust() { $this->oneSerialization("000043-012.ring_trust"); } - + public function test000044014public_subkey() { $this->oneSerialization("000044-014.public_subkey"); } - + public function test000045002sig() { $this->oneSerialization("000045-002.sig"); } - + public function test000046012ring_trust() { $this->oneSerialization("000046-012.ring_trust"); } - + public function test000047005secret_key() { $this->oneSerialization("000047-005.secret_key"); } - + public function test000048013user_id() { $this->oneSerialization("000048-013.user_id"); } - + public function test000049002sig() { $this->oneSerialization("000049-002.sig"); } - + public function test000050012ring_trust() { $this->oneSerialization("000050-012.ring_trust"); } - + public function test000051007secret_subkey() { $this->oneSerialization("000051-007.secret_subkey"); } - + public function test000052002sig() { $this->oneSerialization("000052-002.sig"); } - + public function test000053012ring_trust() { $this->oneSerialization("000053-012.ring_trust"); } - + public function test000054005secret_key() { $this->oneSerialization("000054-005.secret_key"); } - + public function test000055002sig() { $this->oneSerialization("000055-002.sig"); } - + public function test000056012ring_trust() { $this->oneSerialization("000056-012.ring_trust"); } - + public function test000057013user_id() { $this->oneSerialization("000057-013.user_id"); } - + public function test000058002sig() { $this->oneSerialization("000058-002.sig"); } - + public function test000059012ring_trust() { $this->oneSerialization("000059-012.ring_trust"); } - + public function test000060007secret_subkey() { $this->oneSerialization("000060-007.secret_subkey"); } - + public function test000061002sig() { $this->oneSerialization("000061-002.sig"); } - + public function test000062012ring_trust() { $this->oneSerialization("000062-012.ring_trust"); } - + public function test000063005secret_key() { $this->oneSerialization("000063-005.secret_key"); } - + public function test000064002sig() { $this->oneSerialization("000064-002.sig"); } - + public function test000065012ring_trust() { $this->oneSerialization("000065-012.ring_trust"); } - + public function test000066013user_id() { $this->oneSerialization("000066-013.user_id"); } - + public function test000067002sig() { $this->oneSerialization("000067-002.sig"); } - + public function test000068012ring_trust() { $this->oneSerialization("000068-012.ring_trust"); } - + public function test000069005secret_key() { $this->oneSerialization("000069-005.secret_key"); } - + public function test000070013user_id() { $this->oneSerialization("000070-013.user_id"); } - + public function test000071002sig() { $this->oneSerialization("000071-002.sig"); } - + public function test000072012ring_trust() { $this->oneSerialization("000072-012.ring_trust"); } - + public function test000073017attribute() { $this->oneSerialization("000073-017.attribute"); } - + public function test000074002sig() { $this->oneSerialization("000074-002.sig"); } - + public function test000075012ring_trust() { $this->oneSerialization("000075-012.ring_trust"); } - + public function test000076007secret_subkey() { $this->oneSerialization("000076-007.secret_subkey"); } - + public function test000077002sig() { $this->oneSerialization("000077-002.sig"); } - + public function test000078012ring_trust() { $this->oneSerialization("000078-012.ring_trust"); } - + public function test002182002sig() { $this->oneSerialization("002182-002.sig"); } - + public function testpubringgpg() { $this->oneSerialization("pubring.gpg"); } - + public function testsecringgpg() { $this->oneSerialization("secring.gpg"); } - + public function testcompressedsiggpg() { $this->oneSerialization("compressedsig.gpg"); } - + public function testcompressedsigzlibgpg() { $this->oneSerialization("compressedsig-zlib.gpg"); } - + public function testcompressedsigbzip2gpg() { $this->oneSerialization("compressedsig-bzip2.gpg"); } - + public function testonepass_sig() { $this->oneSerialization("onepass_sig"); } - + public function testsymmetrically_encrypted() { $this->oneSerialization("symmetrically_encrypted"); } - + public function testuncompressedopsdsagpg() { $this->oneSerialization("uncompressed-ops-dsa.gpg"); } - + public function testuncompressedopsdsasha384txtgpg() { $this->oneSerialization("uncompressed-ops-dsa-sha384.txt.gpg"); } - + public function testuncompressedopsrsagpg() { $this->oneSerialization("uncompressed-ops-rsa.gpg"); } From 575baaf3f2f8deebaf7ade2040c4dc9dc822c375 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 25 Jul 2018 14:45:16 -0500 Subject: [PATCH 137/176] Set up Travis to check combinations that all work --- .travis.yml | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index fd777fa..993c7ae 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,9 +1,9 @@ language: php php: - - 5.6 - 7.0 - 7.1 - 7.2 + - 5.6 - hhvm dist: trusty @@ -23,10 +23,29 @@ env: - PHPSECLIB="2.0.11" matrix: - allow_failures: + exclude: + - php: 7.1 + - env: PHPSECLIB="2.0.0" + - php: 7.2 + - env: PHPSECLIB="2.0.0" + - php: 7.1 + - env: PHPSECLIB="2.0.1" + - php: 7.2 + - env: PHPSECLIB="2.0.1" - php: 7.1 + - env: PHPSECLIB="2.0.2" + - php: 7.2 + - env: PHPSECLIB="2.0.2" + - php: 7.1 + - env: PHPSECLIB="2.0.3" + - php: 7.2 + - env: PHPSECLIB="2.0.3" + - php: 7.2 + - env: PHPSECLIB="2.0.4" + - php: 7.2 + - env: PHPSECLIB="2.0.5" - php: 7.2 - + - env: PHPSECLIB="2.0.6" fast_finish: true before_script: 'sed -i "s/\"phpseclib\/phpseclib\": \"[^\"]*/\"phpseclib\/phpseclib\": \"$PHPSECLIB/" composer.json && composer install --prefer-source --dev' From 752d80f14a39a79b1abcf7267c3adb59c792cba3 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 25 Jul 2018 15:04:49 -0500 Subject: [PATCH 138/176] S2K salt is *always* 8 bytes Closes #33 --- lib/openpgp.php | 2 ++ lib/openpgp_crypt_symmetric.php | 2 +- tests/phpseclib_suite.php | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 565f09b..531dedf 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -150,10 +150,12 @@ function to_bytes() { $bytes .= chr($this->hash_algorithm); break; case 1: + if(strlen($this->salt) != 8) throw new Exception("Invalid salt length"); $bytes .= chr($this->hash_algorithm); $bytes .= $this->salt; break; case 3: + if(strlen($this->salt) != 8) throw new Exception("Invalid salt length"); $bytes .= chr($this->hash_algorithm); $bytes .= $this->salt; $bytes .= chr(OpenPGP::encode_s2k_count($this->count)); diff --git a/lib/openpgp_crypt_symmetric.php b/lib/openpgp_crypt_symmetric.php index 3f608cb..8c811a5 100644 --- a/lib/openpgp_crypt_symmetric.php +++ b/lib/openpgp_crypt_symmetric.php @@ -40,7 +40,7 @@ public static function encrypt($passphrases_and_keys, $message, $symmetric_algor $esk = pack('n', OpenPGP::bitlength($esk)) . $esk; array_unshift($encrypted, new OpenPGP_AsymmetricSessionKeyPacket($pass->algorithm, $pass->fingerprint(), $esk)); } else if(is_string($pass)) { - $s2k = new OpenPGP_S2K(Random::string(10)); + $s2k = new OpenPGP_S2K(Random::string(8)); $cipher->setKey($s2k->make_key($pass, $key_bytes)); $esk = $cipher->encrypt(chr($symmetric_algorithm) . $key); array_unshift($encrypted, new OpenPGP_SymmetricSessionKeyPacket($s2k, $esk, $symmetric_algorithm)); diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index 70b93aa..1e5cf03 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -155,6 +155,7 @@ class Encryption extends PHPUnit_Framework_TestCase { public function oneSymmetric($algorithm) { $data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt')); $encrypted = OpenPGP_Crypt_Symmetric::encrypt('secret', new OpenPGP_Message(array($data)), $algorithm); + $encrypted = OpenPGP_Message::parse($encrypted->to_bytes()); $decrypted = OpenPGP_Crypt_Symmetric::decryptSymmetric('secret', $encrypted); $this->assertEquals($decrypted[0]->data, 'This is text.'); } @@ -193,6 +194,7 @@ public function testEncryptAsymmetric() { $key = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/helloKey.gpg')); $data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt')); $encrypted = OpenPGP_Crypt_Symmetric::encrypt($key, new OpenPGP_Message(array($data))); + $encrypted = OpenPGP_Message::parse($encrypted->to_bytes()); $decryptor = new OpenPGP_Crypt_RSA($key); $decrypted = $decryptor->decrypt($encrypted); $this->assertEquals($decrypted[0]->data, 'This is text.'); From cd33ba1af11f5ea27452622a44e86e73954f2ae7 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 25 Jul 2018 19:26:13 -0500 Subject: [PATCH 139/176] Upstream isn't coming back --- README.md | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 636a0f9..d371a2d 100644 --- a/README.md +++ b/README.md @@ -5,9 +5,10 @@ OpenPGP.php: OpenPGP for PHP This is a pure-PHP implementation of the OpenPGP Message Format (RFC 4880). -* +* -### About OpenPGP +About OpenPGP +------------- OpenPGP is the most widely-used e-mail encryption standard in the world. It is defined by the OpenPGP Working Group of the Internet Engineering Task @@ -24,15 +25,26 @@ Features * Encodes and decodes ASCII-armored OpenPGP messages. * Parses OpenPGP messages into their constituent packets. * Supports both old-format (PGP 2.6.x) and new-format (RFC 4880) packets. -* Helper class for verifying, signing, encrypting, and decrypting messages using Crypt_RSA from -* Helper class for encrypting and decrypting messages and keys using Crypt_AES and Crypt_TripleDES from +* Helper class for verifying, signing, encrypting, and decrypting messages +* Helper class for encrypting and decrypting messages and keys using + * openssl or mcrypt required for CAST5 encryption and decryption + +Bugs, Feature Requests, Patches +------------------------------- + +This project is primarily maintained by a single volunteer with many other +things vying for their attention, please be patient. + +Bugs, feature request, pull requests, patches, and general discussion may +be submitted publicly via email to: dev@singpolyma.net + +Github users may alternately submit on the web there. Users ----- OpenPGP.php is currently being used in the following projects: -* * Download @@ -40,18 +52,18 @@ Download To get a local working copy of the development repository, do: - % git clone git://github.com/bendiken/openpgp-php.git + git clone https://github.com/singpolyma/openpgp-php.git Alternatively, you can download the latest development version as a tarball as follows: - % wget https://github.com/bendiken/openpgp-php/tarball/master + wget https://github.com/singpolyma/openpgp-php/tarball/master Authors ------- -* [Arto Bendiken](mailto:arto.bendiken@gmail.com) - -* [Stephen Paul Weber](mailto:singpolyma@singpolyma.net) - +* [Arto Bendiken](mailto:arto.bendiken@gmail.com) (Original author) - +* [Stephen Paul Weber](mailto:singpolyma@singpolyma.net) (Maintainer) - License ------- From f43fbdc053a31c1c07f1f6e212c953a19369d967 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 25 Jul 2018 20:18:44 -0500 Subject: [PATCH 140/176] Put version into code In case anyone wants to check it, I guess? Closes #12 --- lib/openpgp.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/openpgp.php b/lib/openpgp.php index 531dedf..65a157d 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -18,6 +18,8 @@ * @see http://tools.ietf.org/html/rfc4880 */ class OpenPGP { + const VERSION = array(0, 3, 0); + /** * @see http://tools.ietf.org/html/rfc4880#section-6 * @see http://tools.ietf.org/html/rfc4880#section-6.2 From fb671e183d1850591026b50e670a72bd2c5740f3 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 20 Nov 2018 20:22:24 -0500 Subject: [PATCH 141/176] Wordwrap enarmor output Closes #74 --- lib/openpgp.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 65a157d..4ce8382 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -30,7 +30,7 @@ static function enarmor($data, $marker = 'MESSAGE', array $headers = array()) { foreach ($headers as $key => $value) { $text .= $key . ': ' . (string)$value . "\n"; } - $text .= "\n" . base64_encode($data); + $text .= "\n" . wordwrap(base64_encode($data), 76, "\n", true); $text .= "\n".'=' . base64_encode(substr(pack('N', self::crc24($data)), 1)) . "\n"; $text .= self::footer($marker) . "\n"; return $text; From f8e0e997fc125b372cfeadfce7cf4263001bad54 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Thu, 20 Dec 2018 13:42:15 -0700 Subject: [PATCH 142/176] Provide more guidance for understanding examples, update `.travis.yml`. This commit adds an `example/README.md` file with a little bit of guidance for running the examples themselves. This is helpful because the examples all rely on the presence of a `phpseclib` installation available to the PHP interpreter, and while there is a `composer.json` file to this effect, none of the examples included the Composer `autoload.php` file. This commit makes no modifications to the example code itself, but does `include_once()` the Composer autoload script so that `phpseclib` loads and avoids causing a fatal error when a new user attempts to run the examples to learn how to use the library. This commit also updates the Travis `before_script` build script, dropping the `--dev` argument to the `composer install` command. Current versions of Composer emit a deprecation notice when `--dev` is passed. --- .travis.yml | 3 ++- examples/README.md | 22 ++++++++++++++++++++++ examples/clearsign.php | 3 +-- examples/deASCIIdeCrypt.php | 1 + examples/encryptDecrypt.php | 1 + examples/keygen.php | 1 + examples/sign.php | 3 +-- examples/verify.php | 3 +-- 8 files changed, 30 insertions(+), 7 deletions(-) create mode 100644 examples/README.md diff --git a/.travis.yml b/.travis.yml index 993c7ae..3205af2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,4 @@ +--- language: php php: - 7.0 @@ -48,4 +49,4 @@ matrix: - env: PHPSECLIB="2.0.6" fast_finish: true -before_script: 'sed -i "s/\"phpseclib\/phpseclib\": \"[^\"]*/\"phpseclib\/phpseclib\": \"$PHPSECLIB/" composer.json && composer install --prefer-source --dev' +before_script: 'sed -i "s/\"phpseclib\/phpseclib\": \"[^\"]*/\"phpseclib\/phpseclib\": \"$PHPSECLIB/" composer.json && composer install --prefer-source' diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 0000000..3f3c3b3 --- /dev/null +++ b/examples/README.md @@ -0,0 +1,22 @@ +OpenPGP.php Examples +==================== + +The scripts in this folder show how to use this library to perform various tasks +such as [generating a new key](keygen.php), [signing a message](sign.php), and +[verifying a message](verify.php) that has been signed. + +To use these examples, make sure [`phpseclib`](http://phpseclib.sourceforge.net/) is available. You can install it +using [Composer](https://getcomposer.org/): + +```sh +git clone https://github.com/singpolyma/openpgp-php.git # Clone the repository. +cd openpgp-php +composer install # Use Composer to install the requirements. +``` + +Once Composer has installed the requirements, run the examples using PHP: + +```sh +# Generate a new OpenPGP key; see the `keygen.php` file for parameters. +php ./examples/keygen.php > mykey.gpg +``` diff --git a/examples/clearsign.php b/examples/clearsign.php index 686af02..1445fa7 100644 --- a/examples/clearsign.php +++ b/examples/clearsign.php @@ -1,5 +1,6 @@ data)."\n"; echo OpenPGP::enarmor($packets[1][0]->to_bytes(), "PGP SIGNATURE"); - -?> diff --git a/examples/deASCIIdeCrypt.php b/examples/deASCIIdeCrypt.php index 9ab6cdd..0326ba6 100644 --- a/examples/deASCIIdeCrypt.php +++ b/examples/deASCIIdeCrypt.php @@ -3,6 +3,7 @@ // USAGE: php examples/deASCIIdeCrypt.php secretkey.asc password message.asc // This will fail if the algo on key or message is not 3DES or AES +@include_once dirname(__FILE__).'/../vendor/autoload.php'; require_once dirname(__FILE__).'/../lib/openpgp.php'; require_once dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php'; require_once dirname(__FILE__).'/../lib/openpgp_crypt_symmetric.php'; diff --git a/examples/encryptDecrypt.php b/examples/encryptDecrypt.php index 7804967..b9c1a52 100644 --- a/examples/encryptDecrypt.php +++ b/examples/encryptDecrypt.php @@ -1,5 +1,6 @@ to_bytes(); - -?> diff --git a/examples/verify.php b/examples/verify.php index 8650199..b5cf5b4 100644 --- a/examples/verify.php +++ b/examples/verify.php @@ -1,5 +1,6 @@ verify($m)); - -?> From c0e6aeb163de340341d2148906dbb8dff6fe4c26 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 30 Apr 2019 19:05:28 -0500 Subject: [PATCH 143/176] Remove support for hhvm Closes #79 --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 3205af2..0cf3e85 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,6 @@ php: - 7.1 - 7.2 - 5.6 - - hhvm dist: trusty From 67aba786991e3cb3e555025b6d357779ab32a0ab Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 1 Aug 2019 13:11:09 -0500 Subject: [PATCH 144/176] Bump to 0.4.0 --- lib/openpgp.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 4ce8382..29b1e0a 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -18,7 +18,7 @@ * @see http://tools.ietf.org/html/rfc4880 */ class OpenPGP { - const VERSION = array(0, 3, 0); + const VERSION = array(0, 4, 0); /** * @see http://tools.ietf.org/html/rfc4880#section-6 From d27d30a3527077cb5c43ead1ac6479ec3db7df02 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 10 Sep 2019 21:31:06 -0500 Subject: [PATCH 145/176] Implement encryptSecretKey Allow encrypting a decrypted secret key, which is especially useful for generating a new encrypted secret key. Defaults to AES256, S2K iter+salt SHA512, always uses s2k_useage 254 with sha1 integrity protection of the encrypted key material. Also add an example to parallel keygen.php that generates a key and then encrypts it with a passphrase. --- examples/keygenEncrypted.php | 28 ++++++++++++++++++++++++++++ lib/openpgp_crypt_symmetric.php | 26 ++++++++++++++++++++++++++ tests/phpseclib_suite.php | 7 +++++++ 3 files changed, 61 insertions(+) create mode 100644 examples/keygenEncrypted.php diff --git a/examples/keygenEncrypted.php b/examples/keygenEncrypted.php new file mode 100644 index 0000000..71f2b27 --- /dev/null +++ b/examples/keygenEncrypted.php @@ -0,0 +1,28 @@ +createKey(512); +$rsa->loadKey($k['privatekey']); + +$nkey = new OpenPGP_SecretKeyPacket(array( + 'n' => $rsa->modulus->toBytes(), + 'e' => $rsa->publicExponent->toBytes(), + 'd' => $rsa->exponent->toBytes(), + 'p' => $rsa->primes[2]->toBytes(), + 'q' => $rsa->primes[1]->toBytes(), + 'u' => $rsa->coefficients[2]->toBytes() +)); + +$uid = new OpenPGP_UserIDPacket('Test '); + +$wkey = new OpenPGP_Crypt_RSA($nkey); +$m = $wkey->sign_key_userid(array($nkey, $uid)); +$m[0] = OpenPGP_Crypt_Symmetric::encryptSecretKey("password", $nkey); + +// Serialize encrypted private key +print $m->to_bytes(); diff --git a/lib/openpgp_crypt_symmetric.php b/lib/openpgp_crypt_symmetric.php index 8c811a5..a69c37a 100644 --- a/lib/openpgp_crypt_symmetric.php +++ b/lib/openpgp_crypt_symmetric.php @@ -75,6 +75,31 @@ public static function decryptSymmetric($pass, $m) { return NULL; /* If we get here, we failed */ } + public static function encryptSecretKey($pass, $packet, $symmetric_algorithm=9) { + $packet = clone $packet; // Do not mutate original + $packet->s2k_useage = 254; + $packet->symmetric_algorithm = $symmetric_algorithm; + + list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($packet->symmetric_algorithm); + if(!$cipher) throw new Exception("Unsupported cipher"); + + $material = ''; + foreach(OpenPGP_SecretKeyPacket::$secret_key_fields[$packet->algorithm] as $field) { + $f = $packet->key[$field]; + $material .= pack('n', OpenPGP::bitlength($f)) . $f; + unset($packet->key[$field]); + } + $material .= hash('sha1', $material, true); + + $iv = Random::string($key_block_bytes); + if(!$packet->s2k) $packet->s2k = new OpenPGP_S2K(Random::string(8)); + $cipher->setKey($packet->s2k->make_key($pass, $key_bytes)); + $cipher->setIV($iv); + $packet->encrypted_data = $iv . $cipher->encrypt($material); + + return $packet; + } + public static function decryptSecretKey($pass, $packet) { $packet = clone $packet; // Do not mutate orinigal @@ -97,6 +122,7 @@ public static function decryptSecretKey($pass, $packet) { if($chk != $mkChk) return NULL; } + $packet->s2k = NULL; $packet->s2k_useage = 0; $packet->symmetric_algorithm = 0; $packet->encrypted_data = NULL; diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index 1e5cf03..fe7a9d6 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -143,6 +143,13 @@ public function testDecryptSecretKey() { $this->assertSame(!!$skey, true); } + public function testEncryptSecretKeyRoundtrip() { + $key = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/helloKey.gpg')); + $enkey = OpenPGP_Crypt_Symmetric::encryptSecretKey("password", $key[0]); + $skey = OpenPGP_Crypt_Symmetric::decryptSecretKey("password", $enkey); + $this->assertEquals($key[0], $skey); + } + public function testAlreadyDecryptedSecretKey() { $this->expectException(Exception::class); $this->expectExceptionMessage("Data is already unencrypted"); From c9cef8e4e6d02ed6e75f1b40fc5050bd0babbc16 Mon Sep 17 00:00:00 2001 From: Ditty Date: Fri, 10 Jan 2020 03:26:14 +0300 Subject: [PATCH 146/176] Remove deprecated curly braces Remove deprecated curly braces --- lib/openpgp.php | 28 ++++++++++++++-------------- lib/openpgp_crypt_rsa.php | 4 ++-- lib/openpgp_crypt_symmetric.php | 4 ++-- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 29b1e0a..7623645 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -124,20 +124,20 @@ function __construct($salt='BADSALT', $hash_algorithm=10, $count=65536, $type=3) static function parse(&$input) { $s2k = new OpenPGP_S2k(); - switch($s2k->type = ord($input{0})) { + switch($s2k->type = ord($input[0])) { case 0: - $s2k->hash_algorithm = ord($input{1}); + $s2k->hash_algorithm = ord($input[1]); $input = substr($input, 2); break; case 1: - $s2k->hash_algorithm = ord($input{1}); + $s2k->hash_algorithm = ord($input[1]); $s2k->salt = substr($input, 2, 8); $input = substr($input, 10); break; case 3: - $s2k->hash_algorithm = ord($input{1}); + $s2k->hash_algorithm = ord($input[1]); $s2k->salt = substr($input, 2, 8); - $s2k->count = OpenPGP::decode_s2k_count(ord($input{10})); + $s2k->count = OpenPGP::decode_s2k_count(ord($input[10])); $input = substr($input, 11); break; } @@ -613,7 +613,7 @@ function read() { $rawkeyid = $this->read_bytes(8); $this->keyid = ''; for($i = 0; $i < strlen($rawkeyid); $i++) { // Store KeyID in Hex - $this->keyid .= sprintf('%02X',ord($rawkeyid{$i})); + $this->keyid .= sprintf('%02X',ord($rawkeyid[$i])); } $this->key_algorithm = ord($this->read_byte()); @@ -629,7 +629,7 @@ function body() { $bytes = chr($this->version); for($i = 0; $i < strlen($this->keyid); $i += 2) { - $bytes .= chr(hexdec($this->keyid{$i}.$this->keyid{$i+1})); + $bytes .= chr(hexdec($this->keyid[$i].$this->keyid[$i+1])); } $bytes .= chr($this->key_algorithm); @@ -697,7 +697,7 @@ function read() { $keyid = $this->read_bytes(8); $keyidHex = ''; for($i = 0; $i < strlen($keyid); $i++) { // Store KeyID in Hex - $keyidHex .= sprintf('%02X',ord($keyid{$i})); + $keyidHex .= sprintf('%02X',ord($keyid[$i])); } $this->hashed_subpackets = array(); @@ -774,7 +774,7 @@ function body() { foreach((array)$this->unhashed_subpackets as $p) { if($p instanceof OpenPGP_SignaturePacket_IssuerPacket) { for($i = 0; $i < strlen($p->data); $i += 2) { - $body .= chr(hexdec($p->data{$i}.$p->data{$i+1})); + $body .= chr(hexdec($p->data[$i].$p->data[$i+1])); } break; } @@ -981,8 +981,8 @@ function body() { class OpenPGP_SignaturePacket_TrustSignaturePacket extends OpenPGP_SignaturePacket_Subpacket { function read() { - $this->depth = ord($this->input{0}); - $this->trust = ord($this->input{1}); + $this->depth = ord($this->input[0]); + $this->trust = ord($this->input[1]); } function body() { @@ -1058,7 +1058,7 @@ function body() { $bytes .= chr($this->key_algorithm); for($i = 0; $i < strlen($this->fingerprint); $i += 2) { - $bytes .= chr(hexdec($this->fingerprint{$i}.$this->fingerprint{$i+1})); + $bytes .= chr(hexdec($this->fingerprint[$i].$this->fingerprint[$i+1])); } return $bytes; @@ -1078,7 +1078,7 @@ function read() { function body() { $bytes = ''; for($i = 0; $i < strlen($this->data); $i += 2) { - $bytes .= chr(hexdec($this->data{$i}.$this->data{$i+1})); + $bytes .= chr(hexdec($this->data[$i].$this->data[$i+1])); } return $bytes; } @@ -1311,7 +1311,7 @@ function read() { function body() { $body = chr($this->version).chr($this->signature_type).chr($this->hash_algorithm).chr($this->key_algorithm); for($i = 0; $i < strlen($this->key_id); $i += 2) { - $body .= chr(hexdec($this->key_id{$i}.$this->key_id{$i+1})); + $body .= chr(hexdec($this->key_id[$i].$this->key_id[$i+1])); } $body .= chr((int)$this->nested); return $body; diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index 70925ef..2264fcb 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -216,11 +216,11 @@ static function try_decrypt_session($key, $edata) { $sk_chk = 0; for($i = 0; $i < strlen($sk); $i++) { - $sk_chk = ($sk_chk + ord($sk{$i})) % 65536; + $sk_chk = ($sk_chk + ord($sk[$i])) % 65536; } if($sk_chk != $chk) return NULL; - return array(ord($data{0}), $sk); + return array(ord($data[0]), $sk); } static function crypt_rsa_key($mod, $exp, $hash='SHA256') { diff --git a/lib/openpgp_crypt_symmetric.php b/lib/openpgp_crypt_symmetric.php index a69c37a..4d6ef99 100644 --- a/lib/openpgp_crypt_symmetric.php +++ b/lib/openpgp_crypt_symmetric.php @@ -62,7 +62,7 @@ public static function decryptSymmetric($pass, $m) { $padAmount = $key_block_bytes - (strlen($p->encrypted_data) % $key_block_bytes); $data = substr($cipher->decrypt($p->encrypted_data . str_repeat("\0", $padAmount)), 0, strlen($p->encrypted_data)); - $decrypted = self::decryptPacket($epacket, ord($data{0}), substr($data, 1)); + $decrypted = self::decryptPacket($epacket, ord($data[0]), substr($data, 1)); } else { list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($p->symmetric_algorithm); $decrypted = self::decryptPacket($epacket, $p->symmetric_algorithm, $p->s2k->make_key($pass, $key_bytes)); @@ -229,7 +229,7 @@ public static function getEncryptedData($m) { public static function checksum($s) { $mkChk = 0; for($i = 0; $i < strlen($s); $i++) { - $mkChk = ($mkChk + ord($s{$i})) % 65536; + $mkChk = ($mkChk + ord($s[$i])) % 65536; } return $mkChk; } From eee624fb03860dc4eaddaa2964aa1fe8f9d07815 Mon Sep 17 00:00:00 2001 From: Jeff Standen Date: Wed, 12 Feb 2020 18:56:41 -0800 Subject: [PATCH 147/176] Add a keygen example with multiple UIDs and a separate encryption subkey This commit adds a new example to demonstrate how to generate a keypair with the recommended structure. The root secret key is signing only. It is used to sign multiple UIDs and an encryption-only subkey. The current examples generate a root signing key without the encryption bit and without a subkey. There was a discussion in #40 about adding the encryption bit to the root key by passing in a signature packet. However, this is not the recommended structure. This example could be used to generate a master signing key which is kept offline, with separate subkeys for signing and encryption (e.g. laptop keypair for daily use). This may also potentially be important from a legal standpoint, since in some jurisdictions a person can be legally ordered to divulge their encryption key, but not the signing key that proves their identity (e.g. United Kingdom). Subkeys also simplify key rotation and expiration. --- examples/keygenSubkeys.php | 116 +++++++++++++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 examples/keygenSubkeys.php diff --git a/examples/keygenSubkeys.php b/examples/keygenSubkeys.php new file mode 100644 index 0000000..2cb12a9 --- /dev/null +++ b/examples/keygenSubkeys.php @@ -0,0 +1,116 @@ +createKey($key_length); +$rsa->loadKey($k['privatekey']); + +$nkey = new OpenPGP_SecretKeyPacket(array( + 'n' => $rsa->modulus->toBytes(), + 'e' => $rsa->publicExponent->toBytes(), + 'd' => $rsa->exponent->toBytes(), + 'p' => $rsa->primes[2]->toBytes(), + 'q' => $rsa->primes[1]->toBytes(), + 'u' => $rsa->coefficients[2]->toBytes() +)); + +// Start assembling packets for our eventual OpenPGP_Message +$packets = array($nkey); + +$wkey = new OpenPGP_Crypt_RSA($nkey); +$fingerprint = $wkey->key()->fingerprint; +$key = $wkey->private_key(); +$key->setHash('sha256'); +$keyid = substr($fingerprint, -16); + +// Add multiple UID packets and signatures + +$uids = array( + new OpenPGP_UserIDPacket('Support', '', 'support@example.com'), + new OpenPGP_UserIDPacket('Security', '', 'security@example.com'), +); + +foreach($uids as $uid) { + // Append the UID packet + $packets[] = $uid; + + $sig = new OpenPGP_SignaturePacket(new OpenPGP_Message(array($nkey, $uid)), 'RSA', 'SHA256'); + $sig->signature_type = 0x13; + $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_KeyFlagsPacket(array(0x01 | 0x02)); // Certify + sign bits + $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid); + $m = $wkey->sign_key_userid(array($nkey, $uid, $sig)); + + // Append the UID signature from the master key + $packets[] = $m->packets[2]; +} + +// Generate an encryption subkey + +$rsa_subkey = new \phpseclib\Crypt\RSA(); +$sub_k = $rsa_subkey->createKey($key_length); +$rsa_subkey->loadKey($sub_k['privatekey']); + +$subkey = new OpenPGP_SecretSubkeyPacket(array( + 'n' => $rsa_subkey->modulus->toBytes(), + 'e' => $rsa_subkey->publicExponent->toBytes(), + 'd' => $rsa_subkey->exponent->toBytes(), + 'p' => $rsa_subkey->primes[2]->toBytes(), + 'q' => $rsa_subkey->primes[1]->toBytes(), + 'u' => $rsa_subkey->coefficients[2]->toBytes() +)); + +// Append the encryption subkey +$packets[] = $subkey; + +$sub_wkey = new OpenPGP_Crypt_RSA($subkey); + +/* + * Sign the encryption subkey with the master key + * + * OpenPGP_SignaturePacket assumes any message starting with an + * OpenPGP_PublicKeyPacket is followed by a OpenPGP_UserIDPacket. We need + * to pass `null` in the constructor and generate the `->data` ourselves. + */ +$sub_sig = new OpenPGP_SignaturePacket(null, 'RSA', 'SHA256'); +$sub_sig->signature_type = 0x18; +$sub_sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_SignatureCreationTimePacket(time()); +$sub_sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_KeyFlagsPacket(array(0x0C)); // Encrypt bits +$sub_sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid); +$sub_sig->data = implode('', $nkey->fingerprint_material()) . implode('', $subkey->fingerprint_material()); +$sub_sig->sign_data(array('RSA' => array('SHA256' => function($data) use($key) {return array($key->sign($data));}))); + +// Append the subkey signature +$packets[] = $sub_sig; + +// Build the OpenPGP_Message for the secret key from our packets +$m = new OpenPGP_Message($packets); + +// Serialize the private key +print $m->to_bytes(); + +// Clone a public key message from the secret key +$pubm = clone($m); + +// Convert the private key packets to public so we only export public data +// (n+e in RSA) +foreach($pubm as $idx => $p) { + if($p instanceof OpenPGP_SecretSubkeyPacket) { + $pubm[$idx] = new OpenPGP_PublicSubkeyPacket($p); + } else if($p instanceof OpenPGP_SecretKeyPacket) { + $pubm[$idx] = new OpenPGP_PublicKeyPacket($p); + } +} + +// Serialize the public key +$public_bytes = $pubm->to_bytes(); + +// Note: If using PHP 7.4 CLI, disable deprecated warnings: +// php -d error_reporting="E_ALL & ~E_DEPRECATED" examples/keygenSubkeys.php > mykey.gpg \ No newline at end of file From 735721bd70cefc2b52d1a1faee080d90957b9174 Mon Sep 17 00:00:00 2001 From: Otto Szika Date: Thu, 7 May 2020 21:18:53 +0300 Subject: [PATCH 148/176] Fix checking when no bytes are available for reading --- lib/openpgp.php | 2 +- tests/data/000079-002.sig | Bin 0 -> 566 bytes tests/data/000080-006.public_key | Bin 0 -> 2198 bytes tests/data/000081-002.sig | Bin 0 -> 566 bytes tests/data/000082-006.public_key | Bin 0 -> 2197 bytes tests/data/000083-002.sig | Bin 0 -> 566 bytes tests/suite.php | 8 ++++++++ 7 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 tests/data/000079-002.sig create mode 100644 tests/data/000080-006.public_key create mode 100644 tests/data/000081-002.sig create mode 100644 tests/data/000082-006.public_key create mode 100644 tests/data/000083-002.sig diff --git a/lib/openpgp.php b/lib/openpgp.php index 29b1e0a..5657172 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -557,7 +557,7 @@ function read_unpacked($count, $format) { } function read_byte() { - return ($bytes = $this->read_bytes()) ? $bytes[0] : NULL; + return !is_null($bytes = $this->read_bytes()) ? $bytes[0] : NULL; } function read_bytes($count = 1) { diff --git a/tests/data/000079-002.sig b/tests/data/000079-002.sig new file mode 100644 index 0000000000000000000000000000000000000000..d5a51b9cad8c177fa10384706870d2116d63c5e5 GIT binary patch literal 566 zcmV-60?GY}0y6{v0SEvc79j+^t>0?~8Yozg&O-pgP+9tiFuXVg0$#L7CIAWv5W-Md z`iC&QI6=7(0FS&Qp$)elQo?}oFW+#McilX;W-U` z(%%PHjCrRsAl* zNiY65@vDQtC_`nPP6qMwQ$ND{u356~pTg|Yo$6&F9o{3ve)Fq2*};LU*{H|$kSSZE zidFDs0;+EN>a`n+E>N?9TLpGN^2E1p3)3bFq?~Q=5N8ZIqx~K{Ki=o?&e%>2VW`GR zA@aD0b(DT*6@1tg=WEOO7(J)$ARKw;%I(Hq-9%Q&8(4OUh1Ws4<_E|s4zlS}< z5_)KXF7qd9u=3;t972_kGXOFl^}Wt;zc0cA(o1mcr}qY0_God<1b0^CQT-yvntuSJak@yk9|;XEY(mOXi>2so*R6~Ql(6_>at|8b5{YlokchE zNDq2VY7Gb!j@^lRWkrNYhoXOYA=D1*5VL8EmzM!Iv0n34QRpB%tL94WD8PpVa;o$qC?y%u7mDMcT}m|?2={5gdK|WYD{N56lt|^6s)Gy zY(6QCA7B_RJS0hA&;Ls(E!*Vb@Qq_>N3(#lcBOBMLO=>WNqumE?xR8CC_6vn51=!s zDv34}N*TZ%3jnqxDz+xj{^meMVuZuyL&@ih`3-vyL(ySp&yGV19Lhts4&)E5+qOMy zhS}*pD0YYvqicEC*a{Wf%FyM`I`KAvUs`-hLK_65m-ONt!a+EIdj-kYy%KSrh@+&i z&F=D~X$AP^nr%`nrS8XvgSWmVHhHPa&QN9#PgEkStVL4_q{;6D{^4+0?X7ZOYK0!w zytV)&Ey?H}ZXT=S@i-stIlrgM=Lg`yQWCA*q6)P%GW)3#Zp0?DVKGU`==|Ol=}3ta zbHq8nlJ07U^S7W@jY;MF60ov>_j4o$k3=x2mr2ml}j z0$#L5uLcVV2M7ZK1QiGh0t6NU0RRFS0RkHX0v-VX3JDM}N7SdWRA;Ni><|EoqDFGT zqO?Gfjz8B3dF=6m6WO4uS>3VLnVKyn)^;D9(Og$iu+X3&QsSa^h3U@^eX7#qCq`K9 zk=Firw{|5<(ie1ZaHLvVS}fcl!N>>1{0P2Uqw+ zbQN_`3L{0^@vT&_L)_2f9LhmcUbg&EVyu-UGkD}|-!tQzDC-Qx^PFr=)jwodD7fM5 z(8+}0q|3Ws!bi!g!qj8L31eZryk8m&B(t6|HKUoGrQ?h_ATw^G6pYiYNXXLbJ7|~2 z|CI5IMb&i>4_(;mW^Bsq!3$rgqDkWzfqv{l}p#nxR&qm8iC5Gqe|FHgm|SMbGM(E3O6N3nr z$d1;SnozA~?h-_9@6+v^HbXB-*wDM@&A5SJ%SdCF0*Dm^Qw+Mf0u2OSv_-E05CE?T z%r^8j=7&;2%Q~R&0s>fW+1>`?lkp=2wSRoRwzBaQvjHR$`5KQ-s6ghTj$zm2uWOi# zj_K@(?8>Pw))@3qTV^}WRs@wAqrO6)a%8_O+L`dtLEKcZ z(zKI3l%nEs)Itr0=2vj!NBLAFTvCWaBuBOZ0#Mu5l2G92QT#((i{DrotOiq^(4D8! zajk;+4~$LVqv%qGx67WGZR|ydFD6zCGts~z(g8~qMzPe_?gV6r0$l(R0RRDs0v`kz z0SEvI1p;2QMXv%I3;+rV5HLs7r?FILtF#~x0I;LT8E%xu8`4kCBWt-zir3hklspK+ z>I(xy=Omh{#Sz*&Qu0VNY&8z5hAd3K6`w-D?Lm+z3sQt_+nsZit(}IhEDfql`%&Lh>(Lcn-nI%PSJyY{^tG)MU6EsuC$HRCqc|V*e=2GH(mW*ke zPS(mQ0PoGEg>_C*wf(3nnD&22JJ-0mMfYxJ%)NF#a%5bTVzLNH3VODb6jU@Q0NOPrJ_!A>Xj|4K#p#oU#2kG$g*YoK-3 zQzd0ah)*w#8PI4Ef!ED!4ZDm5FPbNiJho-jOgOYF556QZl^L(~?f0LQ8(M;rUA6JL zrh~g2-*YasJZQ0+rOCYhsO-9mDrzP<*7skO%T1q^zQeG`A_gn~vaMRR*BS9)WC+J^ zf-Bbr^)~>o&W0l&uyf2f5_tNh!Ban;dxtslpXffT)~ZPO=L!c(Jnap=D$jCG+5HnU zevpY1`hZQQI7HgikLnIU)pM65fP?lM&+=33P#Jx|h`g*LcyhNQ5|#1MW%Y z3+@SeEUo0#xd2oeXn}PkAdr%!Jz-Xv_3BNKZlk0rvTTcBb_SE4(p(oR^%}_vtl6`v Yr8bQ!_H?<-a3Pjr=9e|4D1ox8e>u&1*Zr*V;6hpcm4rj^8(DiU#8E(zD4;9VIthDt{jV$?V|N zc2P0cb@27z`C}Rs)dfGINJ64(GMU92g|qr4Sl;Vilj2`!afKjK`0f9~W%?Qb;HBo@ z_LXd$$8@2gRLtdk&QC#9pT&`IoSA(f(X9F;@JA95c_o;z5;5I>^N|38y|;WW zzE%`}m&$O-;!6m!DpRF&QYXA_I$y8*S73&gd!Hv5`K)s`G}}<{wG7_2N%i&-Tye>x zi3HCXbQnMWLq23BN0%eD$greY~YgNSgyC38DeO z{RReFV&0=wOBfZ}BVQk#MmF+Jjc%NajO2*=JN8a-(z4Hi%w>)ZMvW#UA-W|+GBwRJ zp1TLigL>U0omd5?a^R6KHRc2t9=WQ zqqu~1Y+h-A_qjMop?}guylhU5`X|dnK26~m=ZglEeL#BR`F?LOaxbCX0=t$$apI`` zPHzN4JXuNov_=s#R+DMrVLkU^iQM>7O>v8B$_M9%=hmD^hbVgIJT|P~xF!Xz?ZXIr z`L3HCj9R|YPOP=9E2N;raD)beg6PXW>U=Cu`5s(R z%Q6Jdk8C~%jf)-^Yc(+rN>P((8A%g67wiUkxs}J}zVi}7j`eNrpX{1ory5JxCTq$Y zFk1JzwEOi;@?QA6FZ^RAP&Nl~#0e$@QM}$bT*Wy_vv~(!RUuiy(X7jfLvAM?a-!0Yhfc5!-hejr&mXMG~p~b1zao~e# zT*e&;niWdPT~PoL0RREC759()N0*@UmGmPvI%=u76OZt`-3~e z3&nP6%eC7-q!e$WduQvFX%^N=57h@>Pyw}eg^G{dSqAx$Fo(v1_bVvcum;z`?af-i z^?Y%mKdwp|vq+%K$WZSgmBZ^gTE`kO<7K|3gsr#tX+*oIHwvjFdgFXaG;&jqyz0deroWM;{1K+65t8Pg+c{NPI>@=jNY#Nj=QAN|EPH@D7c<9lBR zM1M5D&|EAYVL_tEh&zPuFLd{$96pH9O@aEK4WQ}%&YcLMYqe2u9=4I{Z!q1Iapt!o z-DGSj0Pi*~^ss2#!@1x6(cSp5Re`C|zyr zYqGI8Z<=(kpjkpuA|Z_W(*(SIO6P0Y6Br&m(x77@b1#T792~g<4Fq1aN;d%z0QDP2 z)oj)uzLbBy4yYNFfoowexUy?NTDc5BO(|MCch^g|*f*y8W@~M&{m!)YYkpV|b4u-Z z?hkY;P0e2>RdrsRcvxLL^FW(W!-}GCIrs7qT#9#sQG+&9heyM~j=81PqVqOEtO&_H zv4TyvqnRgGo^eLW%!$Azp&*1%IBdD9*Z^4)>g^>3Blq4C!bOSbq5Fl`m6sUXL3hp} zd`)aQp5b#F6qXu2=tw16@g(?nLi7VJ@jA_?=uJ{Yv;<8My=TD9Vj62hNa)ITd}ATF zVf})Ne^uIzXwsYXYz7g|Fm3J1avQi`LBAUZU}A#Zkd;RA89V9|J5t>^CJj^XEq!B9 zYub8S1o>wyED0hQnYu}SG=w*hV(ko&PT`q8G%j)q4Uy2qmKnCy-vNg4>P;9vm2jKV zYBv4(p&@^;INsI#GXbscnI{uY#4Sd-1O6D~k8+`~3>m1Js{yllqL?p!GerTpMSLU^ zExdxYmH+D}eJWI&CWfL`oqR^JocHp#r8g=TohH%YL5)z*H6P9vzb$+~Ty z=+f{So2RHF^?+Lz4+3R+o8+=#Di!#Ri}*hl8}YC|J%Ir4EFq){XN8n_Y@B6BHEUfM z#EkIj!RXBYJ_-+M6wJAOEE6{5TZ#&TqNv8P{l^C4^$}hbSg?esa{v(m00D^t9|RZy z2mlEM0$#LAHv$_B0162Zy?dv;RY&~^uw4)U&TJj4sQWEH7Az|+yrBj#(Ei)anSSu? z%S2+zeP2OLmRwoJvQbm(6M(7JcoSic64`rvR+>29KT0Xh5zseav~{4H5$5$-Br z&TVX)>wL)aR6MwE8oXzLy%+O)Df zq@d&Qty+u3S^HLo}HG{|zzVLtOShd!(n3WRwFC z2ogr00zqfN9E~pLD;s&C2VoMjP@qR6jTmk7&7>I;!)PZpQ>>gyA|>ZdG z=aq(hy~&z((88gH#^IZ&yYnzb#aVi5s+qxIH}&ZP8p{d}i>_G>004X(=0u5W7dW2(Yzi<>Hm>RiivS4%ec-7UB701f%a8SAPWPx_!vZ)#_8`uSTZ32d%e%lUn0X z$}dn?GZC)If> zcWDEuof|~jey)QLxRRn2nkA49m8o4Fq|7^9VQQ(cV}6-Iw&z-U5#|#SP2{6k?@?cF zvZ_xlP6ZxIz0QzeHvq6oaQp%@<1llk+Lx~{w_=>vDFtbYqsSMJpY0OoxN7u01}jW! zaxrkG#m_!-jU|KN;L}88uTn0yYV>O(LLO> zD^*OW>=@O^qgD&M7bxTF>z7_`!1L;!4t8j{=qIB3p`m6JGEquM4+#%y(m!4!= EPf;8W^8f$< literal 0 HcmV?d00001 diff --git a/tests/suite.php b/tests/suite.php index f7b064a..054866b 100644 --- a/tests/suite.php +++ b/tests/suite.php @@ -396,4 +396,12 @@ public function test000027006public_key() { public function test000035006public_key() { $this->oneFingerprint("000035-006.public_key", "CB7933459F59C70DF1C3FBEEDEDC3ECF689AF56D"); } + + public function test000080006public_key() { + $this->oneFingerprint("000080-006.public_key", "AEDA0C4468AE265E8B7CCA1C3047D4A7B15467AB"); + } + + public function test000082006public_key() { + $this->oneFingerprint("000082-006.public_key", "589D7E6884A9235BBE821D35BD7BA7BC5547FD09"); + } } From 573c3364d07229a69356b3c2de7824d9048f28c5 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 18 Jun 2020 21:14:49 -0500 Subject: [PATCH 149/176] Use Dhall to build the increasingly large test matrix --- .travis.dhall | 33 ++++++++++++ .travis.yml | 140 +++++++++++++++++++++++++++++++++----------------- 2 files changed, 127 insertions(+), 46 deletions(-) create mode 100644 .travis.dhall diff --git a/.travis.dhall b/.travis.dhall new file mode 100644 index 0000000..a6ec5d7 --- /dev/null +++ b/.travis.dhall @@ -0,0 +1,33 @@ +let Prelude = https://prelude.dhall-lang.org/v17.0.0/package.dhall +let phpseclib = \(max: Natural) -> \(filter: (Natural -> Bool)) -> + Prelude.List.map Natural Text + (\(m: Natural) -> "PHPSECLIB='2.0.${Prelude.Natural.show m}'") + (Prelude.List.filter Natural filter (Prelude.Natural.enumerate max)) +let Exclusion = { php: Text, env: Text } +in +{ + language = "php", + php = [ + "5.6", + "7.0", + "7.1", + "7.2", + "7.3", + "7.4" + ], + dist = "trusty", + env = [ + "PHPSECLIB='^2.0 !=2.0.8'" + ] # (phpseclib 28 (\(m: Natural) -> Prelude.Bool.not (Prelude.Natural.equal m 8)) + ), + matrix = { + exclude = Prelude.List.concatMap Text Exclusion (\(php: Text) -> + Prelude.List.map Text Exclusion (\(env: Text) -> + { php = php, env = env } + ) (phpseclib 7 (\(_: Natural) -> True)) + ) ["7.1", "7.2", "7.3", "7.4"], + fast_finish = True + }, + before_script = '' + sed -i "s/\"phpseclib\/phpseclib\": \"[^\"]*/\"phpseclib\/phpseclib\": \"$PHPSECLIB/" composer.json && composer install --prefer-source'' +} diff --git a/.travis.yml b/.travis.yml index 0cf3e85..f9777c5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,51 +1,99 @@ ---- -language: php -php: - - 7.0 - - 7.1 - - 7.2 - - 5.6 - +# Code generated by dhall-to-yaml. DO NOT EDIT. +before_script: "sed -i \"s/\\\"phpseclib\\/phpseclib\\\": \\\"[^\\\"]*/\\\"phpseclib\\/phpseclib\\\": \\\"$PHPSECLIB/\" composer.json && composer install --prefer-source" dist: trusty - env: - - PHPSECLIB='^2.0 !=2.0.8' - - PHPSECLIB="2.0.0" - - PHPSECLIB="2.0.1" - - PHPSECLIB="2.0.2" - - PHPSECLIB="2.0.3" - - PHPSECLIB="2.0.4" - - PHPSECLIB="2.0.5" - - PHPSECLIB="2.0.6" - - PHPSECLIB="2.0.7" - - PHPSECLIB="2.0.9" - - PHPSECLIB="2.0.10" - - PHPSECLIB="2.0.11" - +- "PHPSECLIB='^2.0 !=2.0.8'" +- "PHPSECLIB='2.0.0'" +- "PHPSECLIB='2.0.1'" +- "PHPSECLIB='2.0.2'" +- "PHPSECLIB='2.0.3'" +- "PHPSECLIB='2.0.4'" +- "PHPSECLIB='2.0.5'" +- "PHPSECLIB='2.0.6'" +- "PHPSECLIB='2.0.7'" +- "PHPSECLIB='2.0.9'" +- "PHPSECLIB='2.0.10'" +- "PHPSECLIB='2.0.11'" +- "PHPSECLIB='2.0.12'" +- "PHPSECLIB='2.0.13'" +- "PHPSECLIB='2.0.14'" +- "PHPSECLIB='2.0.15'" +- "PHPSECLIB='2.0.16'" +- "PHPSECLIB='2.0.17'" +- "PHPSECLIB='2.0.18'" +- "PHPSECLIB='2.0.19'" +- "PHPSECLIB='2.0.20'" +- "PHPSECLIB='2.0.21'" +- "PHPSECLIB='2.0.22'" +- "PHPSECLIB='2.0.23'" +- "PHPSECLIB='2.0.24'" +- "PHPSECLIB='2.0.25'" +- "PHPSECLIB='2.0.26'" +- "PHPSECLIB='2.0.27'" +language: php matrix: exclude: - - php: 7.1 - - env: PHPSECLIB="2.0.0" - - php: 7.2 - - env: PHPSECLIB="2.0.0" - - php: 7.1 - - env: PHPSECLIB="2.0.1" - - php: 7.2 - - env: PHPSECLIB="2.0.1" - - php: 7.1 - - env: PHPSECLIB="2.0.2" - - php: 7.2 - - env: PHPSECLIB="2.0.2" - - php: 7.1 - - env: PHPSECLIB="2.0.3" - - php: 7.2 - - env: PHPSECLIB="2.0.3" - - php: 7.2 - - env: PHPSECLIB="2.0.4" - - php: 7.2 - - env: PHPSECLIB="2.0.5" - - php: 7.2 - - env: PHPSECLIB="2.0.6" + - env: "PHPSECLIB='2.0.0'" + php: '7.1' + - env: "PHPSECLIB='2.0.1'" + php: '7.1' + - env: "PHPSECLIB='2.0.2'" + php: '7.1' + - env: "PHPSECLIB='2.0.3'" + php: '7.1' + - env: "PHPSECLIB='2.0.4'" + php: '7.1' + - env: "PHPSECLIB='2.0.5'" + php: '7.1' + - env: "PHPSECLIB='2.0.6'" + php: '7.1' + - env: "PHPSECLIB='2.0.0'" + php: '7.2' + - env: "PHPSECLIB='2.0.1'" + php: '7.2' + - env: "PHPSECLIB='2.0.2'" + php: '7.2' + - env: "PHPSECLIB='2.0.3'" + php: '7.2' + - env: "PHPSECLIB='2.0.4'" + php: '7.2' + - env: "PHPSECLIB='2.0.5'" + php: '7.2' + - env: "PHPSECLIB='2.0.6'" + php: '7.2' + - env: "PHPSECLIB='2.0.0'" + php: '7.3' + - env: "PHPSECLIB='2.0.1'" + php: '7.3' + - env: "PHPSECLIB='2.0.2'" + php: '7.3' + - env: "PHPSECLIB='2.0.3'" + php: '7.3' + - env: "PHPSECLIB='2.0.4'" + php: '7.3' + - env: "PHPSECLIB='2.0.5'" + php: '7.3' + - env: "PHPSECLIB='2.0.6'" + php: '7.3' + - env: "PHPSECLIB='2.0.0'" + php: '7.4' + - env: "PHPSECLIB='2.0.1'" + php: '7.4' + - env: "PHPSECLIB='2.0.2'" + php: '7.4' + - env: "PHPSECLIB='2.0.3'" + php: '7.4' + - env: "PHPSECLIB='2.0.4'" + php: '7.4' + - env: "PHPSECLIB='2.0.5'" + php: '7.4' + - env: "PHPSECLIB='2.0.6'" + php: '7.4' fast_finish: true - -before_script: 'sed -i "s/\"phpseclib\/phpseclib\": \"[^\"]*/\"phpseclib\/phpseclib\": \"$PHPSECLIB/" composer.json && composer install --prefer-source' +php: +- '5.6' +- '7.0' +- '7.1' +- '7.2' +- '7.3' +- '7.4' From d73ca1670568a698ccb3326b15b370b1d787ee91 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Thu, 5 Nov 2020 10:10:42 -0500 Subject: [PATCH 150/176] Add funding file --- .github/FUNDING.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..ba2e0ff --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,3 @@ +github: singpolyma +liberapay: singpolyma +patreon: singpolyma From efa964bc1a39296956b66390d625d5cc0baa3bf7 Mon Sep 17 00:00:00 2001 From: Otto Szika Date: Fri, 8 May 2020 00:00:10 +0300 Subject: [PATCH 151/176] Add signature test suite --- phpunit.xml | 4 ++++ tests/suite.php | 19 +++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/phpunit.xml b/phpunit.xml index a38403e..9a2ad2c 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -8,6 +8,10 @@ tests/suite.php + + tests/suite.php + + tests/phpseclib_suite.php diff --git a/tests/suite.php b/tests/suite.php index 054866b..6ee2e88 100644 --- a/tests/suite.php +++ b/tests/suite.php @@ -405,3 +405,22 @@ public function test000082006public_key() { $this->oneFingerprint("000082-006.public_key", "589D7E6884A9235BBE821D35BD7BA7BC5547FD09"); } } + +class Signature extends PHPUnit_Framework_TestCase { + public function oneIssuer($path, $kf) { + $m = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/' . $path)); + $this->assertEquals($m[0]->issuer(), $kf); + } + + public function test000079002sig() { + $this->oneIssuer("000079-002.sig", "C25059FA8730BC38"); + } + + public function test000081002sig() { + $this->oneIssuer("000081-002.sig", "6B799484725130FE"); + } + + public function test000083002sig() { + $this->oneIssuer("000083-002.sig", "BD7BA7BC5547FD09"); + } +} From fd42c9f208637433e808e9952cab5269f15aca53 Mon Sep 17 00:00:00 2001 From: Jeff Standen Date: Tue, 22 Dec 2020 12:43:20 -0800 Subject: [PATCH 152/176] Added 8.0 to the supported PHP versions in `composer.json`. --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 4db5859..74ad6cc 100644 --- a/composer.json +++ b/composer.json @@ -13,7 +13,7 @@ } ], "require": { - "php": "^5.6 || ^7.0", + "php": "^5.6 || ^7.0 || ^8.0", "phpseclib/phpseclib": "^2.0 !=2.0.8" }, "require-dev": { From 93b8db8a63d987c4b06f0414ec63d6a0c08da07d Mon Sep 17 00:00:00 2001 From: Jeff Standen Date: Tue, 22 Dec 2020 12:44:03 -0800 Subject: [PATCH 153/176] Updated tests to PHPUnit 9.x --- composer.json | 2 +- tests/phpseclib_suite.php | 9 +++++---- tests/suite.php | 7 ++++--- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/composer.json b/composer.json index 74ad6cc..a596879 100644 --- a/composer.json +++ b/composer.json @@ -17,7 +17,7 @@ "phpseclib/phpseclib": "^2.0 !=2.0.8" }, "require-dev": { - "phpunit/phpunit": "^5.0" + "phpunit/phpunit": "^9.0" }, "suggest": { "ext-mcrypt": "required if you use encryption cast5" diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index fe7a9d6..b54a6d2 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -1,4 +1,5 @@ 'u', 'filename' => 'stuff.txt')); $encrypted = OpenPGP_Crypt_Symmetric::encrypt('secret', new OpenPGP_Message(array($data)), $algorithm); diff --git a/tests/suite.php b/tests/suite.php index 6ee2e88..57f7ad7 100644 --- a/tests/suite.php +++ b/tests/suite.php @@ -1,8 +1,9 @@ to_bytes(); @@ -375,7 +376,7 @@ public function testSymmetricNoMDC() { } } -class Fingerprint extends PHPUnit_Framework_TestCase { +class Fingerprint extends TestCase { public function oneFingerprint($path, $kf) { $m = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/' . $path)); $this->assertEquals($m[0]->fingerprint(), $kf); @@ -406,7 +407,7 @@ public function test000082006public_key() { } } -class Signature extends PHPUnit_Framework_TestCase { +class Signature extends TestCase { public function oneIssuer($path, $kf) { $m = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/' . $path)); $this->assertEquals($m[0]->issuer(), $kf); From 6dfe2cdb3a962cce4d9a8c297466597a5be87b27 Mon Sep 17 00:00:00 2001 From: Jeff Standen Date: Tue, 29 Dec 2020 12:05:47 -0800 Subject: [PATCH 154/176] Updated the TravisCI matrix to test PHP versions 7.3, 7.4, and 8.0. --- .travis.dhall | 11 ++++------- .travis.yml | 49 ++++++++++++++++--------------------------------- 2 files changed, 20 insertions(+), 40 deletions(-) diff --git a/.travis.dhall b/.travis.dhall index a6ec5d7..06ce035 100644 --- a/.travis.dhall +++ b/.travis.dhall @@ -8,14 +8,11 @@ in { language = "php", php = [ - "5.6", - "7.0", - "7.1", - "7.2", "7.3", - "7.4" + "7.4", + "8.0" ], - dist = "trusty", + dist = "xenial", env = [ "PHPSECLIB='^2.0 !=2.0.8'" ] # (phpseclib 28 (\(m: Natural) -> Prelude.Bool.not (Prelude.Natural.equal m 8)) @@ -25,7 +22,7 @@ in Prelude.List.map Text Exclusion (\(env: Text) -> { php = php, env = env } ) (phpseclib 7 (\(_: Natural) -> True)) - ) ["7.1", "7.2", "7.3", "7.4"], + ) ["7.3", "7.4", "8.0"], fast_finish = True }, before_script = '' diff --git a/.travis.yml b/.travis.yml index f9777c5..00fc4eb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,6 @@ # Code generated by dhall-to-yaml. DO NOT EDIT. before_script: "sed -i \"s/\\\"phpseclib\\/phpseclib\\\": \\\"[^\\\"]*/\\\"phpseclib\\/phpseclib\\\": \\\"$PHPSECLIB/\" composer.json && composer install --prefer-source" -dist: trusty +dist: xenial env: - "PHPSECLIB='^2.0 !=2.0.8'" - "PHPSECLIB='2.0.0'" @@ -33,34 +33,6 @@ env: language: php matrix: exclude: - - env: "PHPSECLIB='2.0.0'" - php: '7.1' - - env: "PHPSECLIB='2.0.1'" - php: '7.1' - - env: "PHPSECLIB='2.0.2'" - php: '7.1' - - env: "PHPSECLIB='2.0.3'" - php: '7.1' - - env: "PHPSECLIB='2.0.4'" - php: '7.1' - - env: "PHPSECLIB='2.0.5'" - php: '7.1' - - env: "PHPSECLIB='2.0.6'" - php: '7.1' - - env: "PHPSECLIB='2.0.0'" - php: '7.2' - - env: "PHPSECLIB='2.0.1'" - php: '7.2' - - env: "PHPSECLIB='2.0.2'" - php: '7.2' - - env: "PHPSECLIB='2.0.3'" - php: '7.2' - - env: "PHPSECLIB='2.0.4'" - php: '7.2' - - env: "PHPSECLIB='2.0.5'" - php: '7.2' - - env: "PHPSECLIB='2.0.6'" - php: '7.2' - env: "PHPSECLIB='2.0.0'" php: '7.3' - env: "PHPSECLIB='2.0.1'" @@ -89,11 +61,22 @@ matrix: php: '7.4' - env: "PHPSECLIB='2.0.6'" php: '7.4' + - env: "PHPSECLIB='2.0.0'" + php: '8.0' + - env: "PHPSECLIB='2.0.1'" + php: '8.0' + - env: "PHPSECLIB='2.0.2'" + php: '8.0' + - env: "PHPSECLIB='2.0.3'" + php: '8.0' + - env: "PHPSECLIB='2.0.4'" + php: '8.0' + - env: "PHPSECLIB='2.0.5'" + php: '8.0' + - env: "PHPSECLIB='2.0.6'" + php: '8.0' fast_finish: true php: -- '5.6' -- '7.0' -- '7.1' -- '7.2' - '7.3' - '7.4' +- '8.0' From a63e53ddc05f546b9ba4cd896e63971e3f62cc7e Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 29 Dec 2020 21:35:21 -0500 Subject: [PATCH 155/176] Try to unarmor even with missing CRC Apparently such data exists in the wild, so log a notice and try anyway. --- lib/openpgp.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index df0d21d..4b47cfa 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -44,8 +44,13 @@ static function unarmor($text, $header = 'PGP PUBLIC KEY BLOCK') { $header = self::header($header); $text = str_replace(array("\r\n", "\r"), array("\n", ''), $text); if (($pos1 = strpos($text, $header)) !== FALSE && - ($pos1 = strpos($text, "\n\n", $pos1 += strlen($header))) !== FALSE && - ($pos2 = strpos($text, "\n=", $pos1 += 2)) !== FALSE) { + ($pos1 = strpos($text, "\n\n", $pos1 += strlen($header))) !== FALSE) { + $pos2 = strpos($text, "\n=", $pos1 += 2); + if ($pos2 === FALSE) { + trigger_error("Invalid ASCII armor, missing CRC"); + $pos2 = strpos($text, "-----END"); + if ($pos2 === FALSE) return NULL; + } return base64_decode($text = substr($text, $pos1, $pos2 - $pos1)); } } From 618645ff0b97de2068fda08626584c79839258b0 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 29 Dec 2020 21:35:59 -0500 Subject: [PATCH 156/176] Throw exception when decrypting unencrypted messages Previously decrypting a not-encrypted message would just return NULL, which is not very indicative to the user of what they did wrong. Throw an exception to be very noisy about it. --- lib/openpgp_crypt_rsa.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index 2264fcb..f5c5d38 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -182,8 +182,10 @@ function decrypt($packet) { $keys = new self($keys); } + $session_key = NULL; foreach($message as $p) { if($p instanceof OpenPGP_AsymmetricSessionKeyPacket) { + $session_key = $p; if($keys instanceof Crypt_RSA) { $sk = self::try_decrypt_session($keys, substr($p->encrypted_data, 2)); } else if(strlen(str_replace('0', '', $p->keyid)) < 1) { @@ -203,6 +205,8 @@ function decrypt($packet) { } } + if (!$session_key) throw new Exception("Not an asymmetrically encrypted message"); + return NULL; /* Failed */ } From dfd0ce59f325433b39c8f35a39f4a5c2205deabe Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 29 Dec 2020 23:05:13 -0500 Subject: [PATCH 157/176] Add constructor to make working with CompressedDataPacket a bit easier --- lib/openpgp.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/openpgp.php b/lib/openpgp.php index 4b47cfa..a5eec1e 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -1605,6 +1605,13 @@ class OpenPGP_CompressedDataPacket extends OpenPGP_Packet implements IteratorAgg public $algorithm; /* see http://tools.ietf.org/html/rfc4880#section-9.3 */ static $algorithms = array(0 => 'Uncompressed', 1 => 'ZIP', 2 => 'ZLIB', 3 => 'BZip2'); + + function __construct($m=NULL, $algorithm=1) { + parent::__construct(); + $this->algorithm = $algorithm; + $this->data = $m ? $m : new OpenPGP_Message(); + } + function read() { $this->algorithm = ord($this->read_byte()); $this->data = $this->read_bytes($this->length); From c961eca13df86a4e9af6ef1ebd9da7d3858d75c8 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 29 Dec 2020 23:05:35 -0500 Subject: [PATCH 158/176] Add new example encrypt+sign+compress, armored input and output --- examples/armorEncryptSignCompress.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 examples/armorEncryptSignCompress.php diff --git a/examples/armorEncryptSignCompress.php b/examples/armorEncryptSignCompress.php new file mode 100644 index 0000000..59d5af4 --- /dev/null +++ b/examples/armorEncryptSignCompress.php @@ -0,0 +1,21 @@ + 'u']); +$signed = $signer->sign($data); + +$compressed = new OpenPGP_CompressedDataPacket($signed); +$encrypted = OpenPGP_Crypt_Symmetric::encrypt([$recipientPublicKey, $key], new OpenPGP_Message([$compressed])); + +echo OpenPGP::enarmor($encrypted->to_bytes(), 'PGP MESSAGE'); + + From 69292f6a46ed7f687083bfb8974b161a41ab213c Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 25 May 2021 19:35:20 -0500 Subject: [PATCH 159/176] Bump to 0.5.0 --- lib/openpgp.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index a5eec1e..068f68f 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -5,7 +5,7 @@ * (RFC 4880). * * @package OpenPGP - * @version 0.3.0 + * @version 0.5.0 * @author Arto Bendiken * @author Stephen Paul Weber * @see http://github.com/bendiken/openpgp-php @@ -18,7 +18,7 @@ * @see http://tools.ietf.org/html/rfc4880 */ class OpenPGP { - const VERSION = array(0, 4, 0); + const VERSION = array(0, 5, 0); /** * @see http://tools.ietf.org/html/rfc4880#section-6 From 0b53307d6a31490877d09cac1d885473755ad3c0 Mon Sep 17 00:00:00 2001 From: Caleb Mazalevskis Date: Wed, 16 Jun 2021 14:25:16 +0800 Subject: [PATCH 160/176] Avoid CVE-2021-30130. See: https://github.com/advisories/GHSA-vf4w-fg7r-5v94 --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index a596879..f1e477a 100644 --- a/composer.json +++ b/composer.json @@ -14,7 +14,7 @@ ], "require": { "php": "^5.6 || ^7.0 || ^8.0", - "phpseclib/phpseclib": "^2.0 !=2.0.8" + "phpseclib/phpseclib": "^2.0.31" }, "require-dev": { "phpunit/phpunit": "^9.0" From 3b62407e877fc65900ce7695753b010826043397 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 16 Nov 2021 21:58:45 -0500 Subject: [PATCH 161/176] Add support for ECDH, ECDSA, and EdDSA keys This is just encoding/decoding/fingerprint calculation. --- lib/openpgp.php | 39 ++++++++++++++++++++++++++-------- tests/data/ed25519.public_key | Bin 0 -> 399 bytes tests/data/ed25519.secret_key | Bin 0 -> 473 bytes tests/suite.php | 12 +++++++++++ 4 files changed, 42 insertions(+), 9 deletions(-) create mode 100644 tests/data/ed25519.public_key create mode 100644 tests/data/ed25519.secret_key diff --git a/lib/openpgp.php b/lib/openpgp.php index 068f68f..eb7c38c 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -1423,7 +1423,14 @@ function read() { */ function read_key_material() { foreach (self::$key_fields[$this->algorithm] as $field) { - $this->key[$field] = $this->read_mpi(); + if (strlen($field) == 1) { + $this->key[$field] = $this->read_mpi(); + } else if ($field == 'oid') { + $len = ord($this->read_byte()); + $this->key[$field] = $this->read_bytes($len); + } else { + $this->key[$field] = ord($this->read_byte()); + } } $this->key_id = substr($this->fingerprint(), -8); } @@ -1433,8 +1440,8 @@ function fingerprint_material() { case 3: $material = array(); foreach (self::$key_fields[$this->algorithm] as $i) { - $material[] = pack('n', OpenPGP::bitlength($this->key[$i])); - $material[] = $this->key[$i]; + $material[] = pack('n', OpenPGP::bitlength($this->key[$i])); + $material[] = $this->key[$i]; } return $material; case 4: @@ -1445,8 +1452,15 @@ function fingerprint_material() { ); $material = array(); foreach (self::$key_fields[$this->algorithm] as $i) { - $material[] = pack('n', OpenPGP::bitlength($this->key[$i])); - $material[] = $this->key[$i]; + if (strlen($i) == 1) { + $material[] = pack('n', OpenPGP::bitlength($this->key[$i])); + $material[] = $this->key[$i]; + } else if ($i == 'oid') { + $material[] = chr(strlen($this->key[$i])); + $material[] = $this->key[$i]; + } else { + $material[] = chr($this->key[$i]); + } } $material = implode('', $material); $head[1] = pack('n', 6 + strlen($material)); @@ -1484,9 +1498,12 @@ function body() { } static $key_fields = array( - 1 => array('n', 'e'), // RSA - 16 => array('p', 'g', 'y'), // ELG-E - 17 => array('p', 'q', 'g', 'y'), // DSA + 1 => array('n', 'e'), + 16 => array('p', 'g', 'y'), + 17 => array('p', 'q', 'g', 'y'), + 18 => array('oid', 'p', 'len', 'future', 'hash', 'algorithm'), + 19 => array('oid', 'p'), + 22 => array('oid', 'p') ); static $algorithms = array( @@ -1497,7 +1514,8 @@ function body() { 17 => 'DSA', 18 => 'ECC', 19 => 'ECDSA', - 21 => 'DH' + 21 => 'DH', + 22 => 'EdDSA' ); } @@ -1547,6 +1565,9 @@ function read() { 3 => array('d', 'p', 'q', 'u'), // RSA-S 16 => array('x'), // ELG-E 17 => array('x'), // DSA + 18 => array('x'), // ECDH + 19 => array('x'), // ECDSA + 22 => array('x'), // EdDSA ); function key_from_input() { diff --git a/tests/data/ed25519.public_key b/tests/data/ed25519.public_key new file mode 100644 index 0000000000000000000000000000000000000000..eda21e4c02344ec9d9844d4283d99780025e86e1 GIT binary patch literal 399 zcmbPX%#t`IeU=!fHX9=g<1Kf7Mn-lAY5US?zYZ*2Ri|dNviqHp;j-;3Dz+BME?-ms zbk(-tyJ1^|T%Da2j7&`pEfqpii%S%|Q!6_run3EBFj$BwvUHS7x;fPydgPjU@J15H zKJAJ_byHZGK-MrxGqZAYaE9jf`3PJd3RWVy(Yv3_S*DNMplsDUj5o+*u}`%^7o`-|Mbna9t9JBpN#tQ z{gm7LP33!iZwfIpaj&|!)bQ)zY|GoDy zP_yQ<#-BBEVkcg5M>8^f<(FN(;M=ZEl}YW(`I=)pY8jGS-1uD1U6#Ib{o|IMi~u3j Bo16du literal 0 HcmV?d00001 diff --git a/tests/data/ed25519.secret_key b/tests/data/ed25519.secret_key new file mode 100644 index 0000000000000000000000000000000000000000..acfbdf584e9315cb9448c3ce6ac51b6f3b630282 GIT binary patch literal 473 zcmbOd!IC&7eU=!fHX9=g<1Kf7Mn-lAY5US?zYZ*2Ri|dNviqHp;j-;3Dz+BME?-ms zbk(-tyI~9r{|j|ilz2T}JjEfmIk-t#!eqg6ElaJrtrH%eYJ6sV>7%Vc^cEpkXJ-W? zQ&U4rg^<+Z5(V$n%8m&v!eSf@7GjDl9p#d4PIZSKxn>@`k;Ji2yW&vY6jmmXTbQJo zS-Ckm*qK>Hxi~qvS;d%`85x-57@5Qy7`QkEV2YotW@MPRZ&7Qy%7!HuvV13(mF?{L z{BuRWMf3M1N{T%!y(g7r7#Vh#{MX(6d~)N`4|7}OUk2(GcD1e(Gg`i>((72kzazT5 zb7H~%7vci@e|jh*D<}Y7{n}*M#mL$6_oQO~^v$*&1rvXtjQaBZl-v7F<$HZ^3NbTs zumc03?(y3%+f`Xp#g?9mzPs$G(8W~(e2Pj>7gg5X32|k%Js~ioqk=^O=wSr{9_B&z zSo}^#hNJ&q)h+CfuXnUtpQ6(!bNTPRkAa#spEdrhkrO-dk~^A_;VZxF>IL6+ZK_Oa bU(VMY+fmDq+~UUPa_+M9mFpk3>|_K0a;d${ literal 0 HcmV?d00001 diff --git a/tests/suite.php b/tests/suite.php index 57f7ad7..2c506f4 100644 --- a/tests/suite.php +++ b/tests/suite.php @@ -374,6 +374,14 @@ public function testSymmetricAES() { public function testSymmetricNoMDC() { $this->oneSerialization("symmetric-no-mdc.gpg"); } + + public function tested25519_public() { + $this->oneSerialization("ed25519.public_key"); + } + + public function tested25519_secret() { + $this->oneSerialization("ed25519.secret_key"); + } } class Fingerprint extends TestCase { @@ -405,6 +413,10 @@ public function test000080006public_key() { public function test000082006public_key() { $this->oneFingerprint("000082-006.public_key", "589D7E6884A9235BBE821D35BD7BA7BC5547FD09"); } + + public function tested25519() { + $this->oneFingerprint("ed25519.public_key", "88771946427EC2E24569C1D86208BE2B78C27E94"); + } } class Signature extends TestCase { From ff3d98aca848ee47a29421be83bf65454b1f691a Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 16 Nov 2021 23:27:21 -0500 Subject: [PATCH 162/176] Allow a verifier that supports "all" hash functions --- lib/openpgp.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index eb7c38c..a223830 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -336,7 +336,7 @@ function signatures() { /** * Function to extract verified signatures - * $verifiers is an array of callbacks formatted like array('RSA' => array('SHA256' => CALLBACK)) that take two parameters: raw message and signature packet + * $verifiers is an array of callbacks formatted like array('RSA' => CALLBACK) or array('RSA' => array('SHA256' => CALLBACK)) that take two parameters: raw message and signature packet */ function verified_signatures($verifiers) { $signed = $this->signatures(); @@ -347,7 +347,8 @@ function verified_signatures($verifiers) { $vsigs = array(); foreach($signatures as $sig) { - $verifier = $verifiers[$sig->key_algorithm_name()][$sig->hash_algorithm_name()]; + $verifier = $verifiers[$sig->key_algorithm_name()]; + if(is_array($verifier)) $verifier = $verifier[$sig->hash_algorithm_name()]; if($verifier && $this->verify_one($verifier, $sign, $sig)) { $vsigs[] = $sig; } From fe63af6334c482a4c6f580267a60b09164dc4e4d Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 16 Nov 2021 23:28:50 -0500 Subject: [PATCH 163/176] Support for verifying Ed25519 signatures using Sodium --- lib/openpgp_sodium.php | 24 ++++++++++++++++++++++++ phpunit.xml | 4 ++++ tests/data/ed25519.sig | Bin 0 -> 153 bytes tests/sodium_suite.php | 20 ++++++++++++++++++++ 4 files changed, 48 insertions(+) create mode 100644 lib/openpgp_sodium.php create mode 100644 tests/data/ed25519.sig create mode 100644 tests/sodium_suite.php diff --git a/lib/openpgp_sodium.php b/lib/openpgp_sodium.php new file mode 100644 index 0000000..08a95db --- /dev/null +++ b/lib/openpgp_sodium.php @@ -0,0 +1,24 @@ +fingerprint, strlen($s->issuer())*-1) == $s->issuer()) { + $pk = $p; + break; + } + } + } + } + + if ($pk->algorithm != 22) throw new Exception("Only EdDSA supported"); + if (bin2hex($pk->key['oid']) != '2b06010401da470f01') throw new Exception("Only ed25519 supported"); + return sodium_crypto_sign_verify_detached( + implode($s->data), + hash($s->hash_algorithm_name(), $m, true), + substr($pk->key['p'], 1) + ); + }; +} \ No newline at end of file diff --git a/phpunit.xml b/phpunit.xml index 9a2ad2c..bb86520 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -27,5 +27,9 @@ tests/phpseclib_suite.php + + + tests/sodium_suite.php + diff --git a/tests/data/ed25519.sig b/tests/data/ed25519.sig new file mode 100644 index 0000000000000000000000000000000000000000..7c585a850fceb38e0341a0c8883a6637bcdfc95f GIT binary patch literal 153 zcmV;K0A~NA0h_?f%)lX*#IaAi;!xcb#x>$e+_|a6#fj;udLYq>gGlm3p~ zKF^NMkypumT$pw1C!1ta#VS>X|K;8->!qsP4YZWA`ZKSbFcassertSame($m->verified_signatures(array('EdDSA' => $verify)), $m->signatures()); + } + + public function tested25519() { + $this->oneMessageEdDSA('ed25519.public_key', 'ed25519.sig'); + } +} From e1fdce41ca313e54b7a9c0d7c4936939d4bec380 Mon Sep 17 00:00:00 2001 From: Juan Pablo Ramirez Date: Mon, 14 Feb 2022 15:20:50 +0100 Subject: [PATCH 164/176] Add Passbolt to the projects using the library --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d371a2d..3e164e9 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ Users OpenPGP.php is currently being used in the following projects: * +* [Passbolt API](https://github.com/passbolt/passbolt_api) Download -------- From d54fac4c44200a00c839cad87c46f69b64724d0a Mon Sep 17 00:00:00 2001 From: Remy Bertot Date: Tue, 17 May 2022 14:56:47 +0200 Subject: [PATCH 165/176] Fix misc minor 8.1 compatibility issues --- .gitignore | 4 ++++ composer.json | 3 ++- lib/openpgp.php | 33 +++++++++++++++++++++++++++------ tests/phpseclib_suite.php | 17 +++++++++++++++-- 4 files changed, 48 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index e48cc98..695f336 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,7 @@ .tmp pkg tmp +composer.lock +.phpunit.result.cache +.idea +vendor/ diff --git a/composer.json b/composer.json index f1e477a..7eb2333 100644 --- a/composer.json +++ b/composer.json @@ -20,7 +20,8 @@ "phpunit/phpunit": "^9.0" }, "suggest": { - "ext-mcrypt": "required if you use encryption cast5" + "ext-mcrypt": "required if you use encryption cast5", + "ext-openssl": "required if you use encryption cast5" }, "autoload": { "classmap": ["lib/"] diff --git a/lib/openpgp.php b/lib/openpgp.php index a223830..64b0d58 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -379,24 +379,34 @@ function verify_one($verifier, $sign, $sig) { // IteratorAggregate interface + // function getIterator(): \Traversable { // when php 5 support is dropped + #[\ReturnTypeWillChange] function getIterator() { return new ArrayIterator($this->packets); } // ArrayAccess interface + // function offsetExists($offset): bool // when php 5 support is dropped + #[\ReturnTypeWillChange] function offsetExists($offset) { return isset($this->packets[$offset]); } + // function offsetGet($offset): mixed // when php 7.4 support is dropped + #[\ReturnTypeWillChange] function offsetGet($offset) { return $this->packets[$offset]; } + // function offsetSet($offset, $value): void // when php 5 support is dropped + #[\ReturnTypeWillChange] function offsetSet($offset, $value) { - return is_null($offset) ? $this->packets[] = $value : $this->packets[$offset] = $value; + is_null($offset) ? $this->packets[] = $value : $this->packets[$offset] = $value; } + // function offsetUnset($offset): void // when php 5 support is dropped + #[\ReturnTypeWillChange] function offsetUnset($offset) { unset($this->packets[$offset]); } @@ -421,7 +431,7 @@ static function class_for($tag) { /** * Parses an OpenPGP packet. - * + * * Partial body lengths based on https://github.com/toofishes/python-pgpdump/blob/master/pgpdump/packet.py * * @see http://tools.ietf.org/html/rfc4880#section-4.2 @@ -559,7 +569,7 @@ function read_mpi() { */ function read_unpacked($count, $format) { $unpacked = unpack($format, $this->read_bytes($count)); - return reset($unpacked); + return is_array($unpacked) ? reset($unpacked) : NULL; } function read_byte() { @@ -1377,6 +1387,9 @@ function self_signatures($message) { if(strtoupper($p->issuer()) == $keyid16) { $sigs[] = $p; } else { + if(!is_array($p->hashed_subpackets)) { + break; + } foreach(array_merge($p->hashed_subpackets, $p->unhashed_subpackets) as $s) { if($s instanceof OpenPGP_SignaturePacket_EmbeddedSignaturePacket && strtoupper($s->issuer()) == $keyid16) { $sigs[] = $p; @@ -1677,25 +1690,33 @@ function body() { } // IteratorAggregate interface - + // function getIterator(): \Traversable { // when PHP 5 support is dropped + #[\ReturnTypeWillChange] function getIterator() { return new ArrayIterator($this->data->packets); } // ArrayAccess interface - + // function offsetExists($offset): bool { // when PHP 5 support is dropped + #[\ReturnTypeWillChange] function offsetExists($offset) { return isset($this->data[$offset]); } + // function offsetGet($offset): mixed { // when PHP 7 support is dropped + #[\ReturnTypeWillChange] function offsetGet($offset) { return $this->data[$offset]; } + // function offsetSet($offset, $value): void { // when PHP 5 support is dropped + #[\ReturnTypeWillChange] function offsetSet($offset, $value) { - return is_null($offset) ? $this->data[] = $value : $this->data[$offset] = $value; + is_null($offset) ? $this->data[] = $value : $this->data[$offset] = $value; } + #[\ReturnTypeWillChange] + // function offsetUnset($offset): void { // PHP 5 support is dropped function offsetUnset($offset) { unset($this->data[$offset]); } diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index b54a6d2..a31ab0d 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -64,8 +64,19 @@ public function testHelloKey() { } } +abstract class LibTestCase extends TestCase { + public function assertCast5Support() { + if(in_array('mcrypt', get_loaded_extensions())) { + return; + } + if(in_array('cast5-cfb', openssl_get_cipher_methods()) || in_array('CAST5-CFB', openssl_get_cipher_methods())) { + return; + } + $this->markTestSkipped('Not supported'); + } +} -class Decryption extends TestCase { +class Decryption extends LibTestCase { public function oneSymmetric($pass, $cnt, $path) { $m = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/' . $path)); $m2 = OpenPGP_Crypt_Symmetric::decryptSymmetric($pass, $m); @@ -82,6 +93,7 @@ public function testDecrypt3DES() { } public function testDecryptCAST5() { // Requires mcrypt or openssl + $this->assertCast5Support(); $this->oneSymmetric("hello", "PGP\n", "symmetric-cast5.gpg"); } @@ -159,7 +171,7 @@ public function testAlreadyDecryptedSecretKey() { } } -class Encryption extends TestCase { +class Encryption extends LibTestCase { public function oneSymmetric($algorithm) { $data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt')); $encrypted = OpenPGP_Crypt_Symmetric::encrypt('secret', new OpenPGP_Message(array($data)), $algorithm); @@ -173,6 +185,7 @@ public function testEncryptSymmetric3DES() { } public function testEncryptSymmetricCAST5() { + $this->assertCast5Support(); $this->oneSymmetric(3); } From 872288abd059e897965006b7e0efa7958daaa9b1 Mon Sep 17 00:00:00 2001 From: Remy Bertot Date: Fri, 29 Jul 2022 10:33:33 +0200 Subject: [PATCH 166/176] Fix OpenPGP unarmor should return false if armor contain invalid Base64 characters --- lib/openpgp.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 64b0d58..17d4734 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -51,7 +51,8 @@ static function unarmor($text, $header = 'PGP PUBLIC KEY BLOCK') { $pos2 = strpos($text, "-----END"); if ($pos2 === FALSE) return NULL; } - return base64_decode($text = substr($text, $pos1, $pos2 - $pos1)); + $text = substr($text, $pos1, $pos2 - $pos1); + return base64_decode($text, true); } } From 8b08661a65a2a40cda056a61e6ffa67eec5a4aa6 Mon Sep 17 00:00:00 2001 From: Allan SIMON Date: Thu, 18 Nov 2021 14:01:17 +0100 Subject: [PATCH 167/176] Move dependency phpseclib to v3 main changes: * namespace (eg `phpseclib\Crypt\RSA` -> `phpseclib3\Crypt\RSA`) * it's no more possible to directly set attributes, instead we need to use the loadPrivateKey / loadPublicKey static methods * harmonized the symetric cipher methods to use `getKeyLength` `getBlockLengthInBytes` --- composer.json | 2 +- examples/keygen.php | 22 +++++---- examples/keygenEncrypted.php | 22 +++++---- examples/keygenSubkeys.php | 46 +++++++++---------- lib/openpgp_crypt_rsa.php | 81 ++++++++++++++++++++------------- lib/openpgp_crypt_symmetric.php | 46 +++++++++++-------- lib/openpgp_mcrypt_wrapper.php | 9 ++++ lib/openpgp_openssl_wrapper.php | 9 ++++ 8 files changed, 143 insertions(+), 94 deletions(-) diff --git a/composer.json b/composer.json index 7eb2333..61e468f 100644 --- a/composer.json +++ b/composer.json @@ -14,7 +14,7 @@ ], "require": { "php": "^5.6 || ^7.0 || ^8.0", - "phpseclib/phpseclib": "^2.0.31" + "phpseclib/phpseclib": "^3.0.12" }, "require-dev": { "phpunit/phpunit": "^9.0" diff --git a/examples/keygen.php b/examples/keygen.php index e86450e..4741ce1 100644 --- a/examples/keygen.php +++ b/examples/keygen.php @@ -1,20 +1,24 @@ createKey(512); -$rsa->loadKey($k['privatekey']); +$privateKey = RSA::createKey(512); +$publickey = $privateKey->getPublicKey(); + +$privateKeyComponents = PKCS1::load($privateKey->toString('PKCS1')); $nkey = new OpenPGP_SecretKeyPacket(array( - 'n' => $rsa->modulus->toBytes(), - 'e' => $rsa->publicExponent->toBytes(), - 'd' => $rsa->exponent->toBytes(), - 'p' => $rsa->primes[2]->toBytes(), - 'q' => $rsa->primes[1]->toBytes(), - 'u' => $rsa->coefficients[2]->toBytes() + 'n' => $privateKeyComponents["modulus"]->toBytes(), + 'e' => $privateKeyComponents["publicExponent"]->toBytes(), + 'd' => $privateKeyComponents["privateExponent"]->toBytes(), + 'p' => $privateKeyComponents["primes"][1]->toBytes(), + 'q' => $privateKeyComponents["primes"][2]->toBytes(), + 'u' => $privateKeyComponents["coefficients"][2]->toBytes() )); $uid = new OpenPGP_UserIDPacket('Test '); diff --git a/examples/keygenEncrypted.php b/examples/keygenEncrypted.php index 71f2b27..d560ee0 100644 --- a/examples/keygenEncrypted.php +++ b/examples/keygenEncrypted.php @@ -1,21 +1,25 @@ createKey(512); -$rsa->loadKey($k['privatekey']); +$privateKey = RSA::createKey(512); +$publickey = $privateKey->getPublicKey(); + +$privateKeyComponents = PKCS1::load($privateKey->toString('PKCS1')); $nkey = new OpenPGP_SecretKeyPacket(array( - 'n' => $rsa->modulus->toBytes(), - 'e' => $rsa->publicExponent->toBytes(), - 'd' => $rsa->exponent->toBytes(), - 'p' => $rsa->primes[2]->toBytes(), - 'q' => $rsa->primes[1]->toBytes(), - 'u' => $rsa->coefficients[2]->toBytes() + 'n' => $privateKeyComponents["modulus"]->toBytes(), + 'e' => $privateKeyComponents["publicExponent"]->toBytes(), + 'd' => $privateKeyComponents["privateExponent"]->toBytes(), + 'p' => $privateKeyComponents["primes"][1]->toBytes(), + 'q' => $privateKeyComponents["primes"][2]->toBytes(), + 'u' => $privateKeyComponents["coefficients"][2]->toBytes() )); $uid = new OpenPGP_UserIDPacket('Test '); diff --git a/examples/keygenSubkeys.php b/examples/keygenSubkeys.php index 2cb12a9..9090595 100644 --- a/examples/keygenSubkeys.php +++ b/examples/keygenSubkeys.php @@ -1,5 +1,8 @@ createKey($key_length); -$rsa->loadKey($k['privatekey']); +$privateKey = RSA::createKey(512); +$privateKeyComponents = PKCS1::load($privateKey->toString('PKCS1')); $nkey = new OpenPGP_SecretKeyPacket(array( - 'n' => $rsa->modulus->toBytes(), - 'e' => $rsa->publicExponent->toBytes(), - 'd' => $rsa->exponent->toBytes(), - 'p' => $rsa->primes[2]->toBytes(), - 'q' => $rsa->primes[1]->toBytes(), - 'u' => $rsa->coefficients[2]->toBytes() + 'n' => $privateKeyComponents["modulus"]->toBytes(), + 'e' => $privateKeyComponents["publicExponent"]->toBytes(), + 'd' => $privateKeyComponents["privateExponent"]->toBytes(), + 'p' => $privateKeyComponents["primes"][1]->toBytes(), + 'q' => $privateKeyComponents["primes"][2]->toBytes(), + 'u' => $privateKeyComponents["coefficients"][2]->toBytes() )); // Start assembling packets for our eventual OpenPGP_Message @@ -28,7 +29,7 @@ $wkey = new OpenPGP_Crypt_RSA($nkey); $fingerprint = $wkey->key()->fingerprint; $key = $wkey->private_key(); -$key->setHash('sha256'); +$key = $key->withHash('sha256'); $keyid = substr($fingerprint, -16); // Add multiple UID packets and signatures @@ -54,17 +55,16 @@ // Generate an encryption subkey -$rsa_subkey = new \phpseclib\Crypt\RSA(); -$sub_k = $rsa_subkey->createKey($key_length); -$rsa_subkey->loadKey($sub_k['privatekey']); - -$subkey = new OpenPGP_SecretSubkeyPacket(array( - 'n' => $rsa_subkey->modulus->toBytes(), - 'e' => $rsa_subkey->publicExponent->toBytes(), - 'd' => $rsa_subkey->exponent->toBytes(), - 'p' => $rsa_subkey->primes[2]->toBytes(), - 'q' => $rsa_subkey->primes[1]->toBytes(), - 'u' => $rsa_subkey->coefficients[2]->toBytes() +$rsa_subkey = RSA::createKey(512); +$privateKeyComponents = PKCS1::load($rsa_subkey->toString('PKCS1')); + +$subkey = new OpenPGP_SecretKeyPacket(array( + 'n' => $privateKeyComponents["modulus"]->toBytes(), + 'e' => $privateKeyComponents["publicExponent"]->toBytes(), + 'd' => $privateKeyComponents["privateExponent"]->toBytes(), + 'p' => $privateKeyComponents["primes"][2]->toBytes(), + 'q' => $privateKeyComponents["primes"][1]->toBytes(), + 'u' => $privateKeyComponents["coefficients"][2]->toBytes() )); // Append the encryption subkey @@ -113,4 +113,4 @@ $public_bytes = $pubm->to_bytes(); // Note: If using PHP 7.4 CLI, disable deprecated warnings: -// php -d error_reporting="E_ALL & ~E_DEPRECATED" examples/keygenSubkeys.php > mykey.gpg \ No newline at end of file +// php -d error_reporting="E_ALL & ~E_DEPRECATED" examples/keygenSubkeys.php > mykey.gpg diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index f5c5d38..8d9c10f 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -7,8 +7,10 @@ */ // From http://phpseclib.sourceforge.net/ -use phpseclib\Crypt\RSA as Crypt_RSA; -use phpseclib\Math\BigInteger as Math_BigInteger; +use phpseclib3\Crypt\PublicKeyLoader; +use phpseclib3\Crypt\RSA as Crypt_RSA; +use phpseclib3\Crypt\RSA\PublicKey; +use phpseclib3\Math\BigInteger as Math_BigInteger; define('CRYPT_RSA_ENCRYPTION_PKCS1', Crypt_RSA::ENCRYPTION_PKCS1); define('CRYPT_RSA_SIGNATURE_PKCS1', Crypt_RSA::SIGNATURE_PKCS1); @@ -61,7 +63,7 @@ function verify($packet) { $verifier = function($m, $s) use($self) { $key = $self->public_key($s->issuer()); if(!$key) return false; - $key->setHash(strtolower($s->hash_algorithm_name())); + $key = $key->withHash(strtolower($s->hash_algorithm_name())); return $key->verify($m, reset($s->data)); }; } else { @@ -75,7 +77,7 @@ function verify($packet) { $key = $packet->public_key($s->issuer()); } if(!$key) return false; - $key->setHash(strtolower($s->hash_algorithm_name())); + $key = $key->withHash(strtolower($s->hash_algorithm_name())); return $key->verify($m, reset($s->data)); }; } @@ -123,7 +125,7 @@ function sign($packet, $hash='SHA256', $keyid=NULL) { if(!$keyid) $keyid = substr($key->key()->fingerprint, -16, 16); $key = $key->private_key($keyid); } - $key->setHash(strtolower($hash)); + $key = $key->withHash(strtolower($hash)); $sig = new OpenPGP_SignaturePacket($message, 'RSA', strtoupper($hash)); $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid); @@ -145,7 +147,7 @@ function sign_key_userid($packet, $hash='SHA256', $keyid=NULL) { if(!$key || !$packet) return NULL; // Missing some data if(!$keyid) $keyid = substr($this->key->fingerprint, -16); - $key->setHash(strtolower($hash)); + $key = $key->withHash(strtolower($hash)); $sig = NULL; foreach($packet as $p) { @@ -211,8 +213,13 @@ function decrypt($packet) { } static function try_decrypt_session($key, $edata) { - $key->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1); - $data = @$key->decrypt($edata); + $key = $key->withPadding(CRYPT_RSA_ENCRYPTION_PKCS1 | CRYPT_RSA_SIGNATURE_PKCS1); + try { + $data = $key->decrypt($edata); + } catch (\RuntimeException $e) { + return NULL; + } + if(!$data) return NULL; $sk = substr($data, 1, strlen($data)-3); $chk = unpack('n', substr($data, -2)); @@ -228,43 +235,53 @@ static function try_decrypt_session($key, $edata) { } static function crypt_rsa_key($mod, $exp, $hash='SHA256') { - $rsa = new Crypt_RSA(); - $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); - $rsa->setHash(strtolower($hash)); - $rsa->modulus = new Math_BigInteger($mod, 256); - $rsa->k = strlen($rsa->modulus->toBytes()); - $rsa->exponent = new Math_BigInteger($exp, 256); - $rsa->setPublicKey(); - return $rsa; + return Crypt_RSA::loadPublicKey([ + 'e' => new Math_BigInteger($exp, 256), + 'n' => new Math_BigInteger($mod, 256), + ]) + ->withPadding(CRYPT_RSA_SIGNATURE_PKCS1 | CRYPT_RSA_ENCRYPTION_PKCS1) + ->withHash(strtolower($hash)); } static function convert_key($packet, $private=false) { if(!is_object($packet)) $packet = OpenPGP_Message::parse($packet); if($packet instanceof OpenPGP_Message) $packet = $packet[0]; - $mod = $packet->key['n']; $exp = $packet->key['e']; if($private) $exp = $packet->key['d']; if(!$exp) return NULL; // Packet doesn't have needed data - $rsa = self::crypt_rsa_key($mod, $exp); + /** + * @see https://github.com/phpseclib/phpseclib/issues/1113 + * Primes and coefficients now use BigIntegers. + **/ if($private) { - /** - * @see https://github.com/phpseclib/phpseclib/issues/1113 - * Primes and coefficients now use BigIntegers. - **/ - //set the primes - if($packet->key['p'] && $packet->key['q']) - $rsa->primes = array( - 1 => new Math_BigInteger($packet->key['p'], 256), - 2 => new Math_BigInteger($packet->key['q'], 256) - ); - // set the coefficients - if($packet->key['u']) $rsa->coefficients = array(2 => new Math_BigInteger($packet->key['u'], 256)); - } + // Invert p and q to make u work out as q' + $rawKey = [ + 'e' => new Math_BigInteger($packet->key['e'], 256), + 'n' => new Math_BigInteger($packet->key['n'], 256), + 'd' => new Math_BigInteger($packet->key['d'], 256), + 'q' => new Math_BigInteger($packet->key['p'], 256), + 'p' => new Math_BigInteger($packet->key['q'], 256), + ]; + if (array_key_exists('u', $packet->key)) { + // possible keys for 'u': https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Crypt/RSA/Formats/Keys/Raw.php#L108 + $rawKey['inerseq'] = new Math_BigInteger($packet->key['u'], 256); + } - return $rsa; + return publickeyloader::loadPrivateKey($rawKey) + ->withPadding(CRYPT_RSA_SIGNATURE_PKCS1 | CRYPT_RSA_ENCRYPTION_PKCS1) + ->withHash('sha256'); + } else { + + return publickeyloader::loadPublicKey([ + 'e' => new Math_BigInteger($packet->key['e'], 256), + 'n' => new Math_BigInteger($packet->key['n'], 256), + ]) + ->withPadding(CRYPT_RSA_SIGNATURE_PKCS1 | CRYPT_RSA_ENCRYPTION_PKCS1) + ->withHash('sha256'); + } } static function convert_public_key($packet) { diff --git a/lib/openpgp_crypt_symmetric.php b/lib/openpgp_crypt_symmetric.php index 4d6ef99..17ef96a 100644 --- a/lib/openpgp_crypt_symmetric.php +++ b/lib/openpgp_crypt_symmetric.php @@ -1,10 +1,10 @@ algorithm, array(1,2,3))) throw new Exception("Only RSA keys are supported."); $crypt_rsa = new OpenPGP_Crypt_RSA($pass); - $rsa = $crypt_rsa->public_key(); - $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1); + $rsa = $crypt_rsa->public_key()->withPadding(CRYPT_RSA_ENCRYPTION_PKCS1 | CRYPT_RSA_SIGNATURE_PKCS1); $esk = $rsa->encrypt(chr($symmetric_algorithm) . $key . pack('n', self::checksum($key))); $esk = pack('n', OpenPGP::bitlength($esk)) . $esk; array_unshift($encrypted, new OpenPGP_AsymmetricSessionKeyPacket($pass->algorithm, $pass->fingerprint(), $esk)); @@ -171,12 +170,16 @@ public static function decryptPacket($epacket, $symmetric_algorithm, $key) { public static function getCipher($algo) { $cipher = NULL; + + // https://datatracker.ietf.org/doc/html/rfc4880#section-13.9 + // " 1. The feedback register (FR) is set to the IV, which is all zeros." switch($algo) { case NULL: case 0: throw new Exception("Data is already unencrypted"); case 2: - $cipher = new Crypt_TripleDES(Crypt_TripleDES::MODE_CFB); + $cipher = new Crypt_TripleDES('cfb'); + $cipher->setIV(str_repeat(pack('x'), 8)); $key_bytes = 24; $key_block_bytes = 8; break; @@ -188,34 +191,37 @@ public static function getCipher($algo) { } break; case 4: - $cipher = new Crypt_Blowfish(Crypt_Blowfish::MODE_CFB); + $cipher = new Crypt_Blowfish('cfb'); + $cipher->setIV(str_repeat(pack('x'), 8)); $key_bytes = 16; $key_block_bytes = 8; break; case 7: - $cipher = new Crypt_AES(Crypt_AES::MODE_CFB); + $cipher = new Crypt_AES('cfb'); $cipher->setKeyLength(128); + $cipher->setIV(str_repeat(pack('x'), 16)); break; case 8: - $cipher = new Crypt_AES(Crypt_AES::MODE_CFB); + $cipher = new Crypt_AES('cfb'); $cipher->setKeyLength(192); + $cipher->setIV(str_repeat(pack('x'), 16)); break; case 9: - $cipher = new Crypt_AES(Crypt_AES::MODE_CFB); + $cipher = new Crypt_AES('cfb'); $cipher->setKeyLength(256); + $cipher->setIV(str_repeat(pack('x'), 16)); break; case 10: - $cipher = new Crypt_Twofish(Crypt_Twofish::MODE_CFB); - if(method_exists($cipher, 'setKeyLength')) { - $cipher->setKeyLength(256); - } else { - $cipher = NULL; - } + $cipher = new Crypt_Twofish('cfb'); + $cipher->setIV(str_repeat(pack('x'), 16)); + $key_bytes = 32; break; } if(!$cipher) return array(NULL, NULL, NULL); // Unsupported cipher - if(!isset($key_bytes)) $key_bytes = isset($cipher->key_size)?$cipher->key_size:$cipher->key_length; - if(!isset($key_block_bytes)) $key_block_bytes = $cipher->block_size; + + + if(!isset($key_bytes)) $key_bytes = $cipher->getKeyLength() >> 3; + if(!isset($key_block_bytes)) $key_block_bytes = $cipher->getBlockLengthInBytes(); return array($cipher, $key_bytes, $key_block_bytes); } diff --git a/lib/openpgp_mcrypt_wrapper.php b/lib/openpgp_mcrypt_wrapper.php index 1030700..65fc145 100644 --- a/lib/openpgp_mcrypt_wrapper.php +++ b/lib/openpgp_mcrypt_wrapper.php @@ -12,6 +12,15 @@ function __construct($cipher) { $this->iv = str_repeat("\0", mcrypt_get_iv_size($cipher, 'ncfb')); } + function getBlockLengthInBytes() + { + return $this->block_size; + } + + function getKeyLength() { + return $this->key_size << 3; + } + function setKey($key) { $this->key = $key; } diff --git a/lib/openpgp_openssl_wrapper.php b/lib/openpgp_openssl_wrapper.php index 83d5ad6..7ebbb78 100644 --- a/lib/openpgp_openssl_wrapper.php +++ b/lib/openpgp_openssl_wrapper.php @@ -14,6 +14,15 @@ function __construct($cipher) { $this->iv = str_repeat("\0", 8); } + function getBlockLengthInBytes() + { + return $this->block_size; + } + + function getKeyLength() { + return $this->key_size << 3; + } + function setKey($key) { $this->key = $key; } From 03ad8a8336638d99b577b765c91703b0788f6fc0 Mon Sep 17 00:00:00 2001 From: Allan Simon Date: Sat, 11 Jun 2022 18:08:03 +0200 Subject: [PATCH 168/176] Update composer.json --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 61e468f..c7c1011 100644 --- a/composer.json +++ b/composer.json @@ -14,7 +14,7 @@ ], "require": { "php": "^5.6 || ^7.0 || ^8.0", - "phpseclib/phpseclib": "^3.0.12" + "phpseclib/phpseclib": "^3.0.14" }, "require-dev": { "phpunit/phpunit": "^9.0" From 8dfac4bc20b53049529ec68b8655426485846390 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 11 Oct 2022 19:33:59 -0500 Subject: [PATCH 169/176] Test armor and unarmor --- tests/suite.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/suite.php b/tests/suite.php index 2c506f4..fbd6f3b 100644 --- a/tests/suite.php +++ b/tests/suite.php @@ -437,3 +437,15 @@ public function test000083002sig() { $this->oneIssuer("000083-002.sig", "BD7BA7BC5547FD09"); } } + +class Armor extends TestCase { + public function testRoundTrip() { + $bytes = "abcd\0\xff"; + $this->assertEquals($bytes, OpenPGP::unarmor(OpenPGP::enarmor($bytes), 'MESSAGE')); + } + + public function testInvalidBase64() { + $input = OpenPGP::header('MESSAGE') . "\n\nY~WJjZAD/\n=PE3Q\n" . OpenPGP::footer('MESSAGE'); + $this->assertEquals(false, OpenPGP::unarmor($input, 'MESSAGE')); + } +} \ No newline at end of file From 1c3bdcd2d9c6113c2d6b768e208e7432a48d3a1e Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 31 Oct 2022 08:43:21 -0500 Subject: [PATCH 170/176] Bump to 0.6.0 --- lib/openpgp.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 17d4734..9c4bf12 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -5,7 +5,7 @@ * (RFC 4880). * * @package OpenPGP - * @version 0.5.0 + * @version 0.6.0 * @author Arto Bendiken * @author Stephen Paul Weber * @see http://github.com/bendiken/openpgp-php @@ -18,7 +18,7 @@ * @see http://tools.ietf.org/html/rfc4880 */ class OpenPGP { - const VERSION = array(0, 5, 0); + const VERSION = array(0, 6, 0); /** * @see http://tools.ietf.org/html/rfc4880#section-6 From eb9f81e99ae79d661dfa8caa94e6ddcd6f1d89bc Mon Sep 17 00:00:00 2001 From: Ishan Vyas Date: Mon, 5 Dec 2022 15:16:31 +0530 Subject: [PATCH 171/176] Run travis on PHP 8.1, 8.2 --- .travis.dhall | 6 +- .travis.yml | 176 +++++++++++++++++++++++++++++--------------------- 2 files changed, 107 insertions(+), 75 deletions(-) diff --git a/.travis.dhall b/.travis.dhall index 06ce035..0e098bf 100644 --- a/.travis.dhall +++ b/.travis.dhall @@ -10,7 +10,9 @@ in php = [ "7.3", "7.4", - "8.0" + "8.0", + "8.1", + "8.2" ], dist = "xenial", env = [ @@ -22,7 +24,7 @@ in Prelude.List.map Text Exclusion (\(env: Text) -> { php = php, env = env } ) (phpseclib 7 (\(_: Natural) -> True)) - ) ["7.3", "7.4", "8.0"], + ) ["7.3", "7.4", "8.0", "8.1", "8.2"], fast_finish = True }, before_script = '' diff --git a/.travis.yml b/.travis.yml index 00fc4eb..6a95ca0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,81 +2,111 @@ before_script: "sed -i \"s/\\\"phpseclib\\/phpseclib\\\": \\\"[^\\\"]*/\\\"phpseclib\\/phpseclib\\\": \\\"$PHPSECLIB/\" composer.json && composer install --prefer-source" dist: xenial env: -- "PHPSECLIB='^2.0 !=2.0.8'" -- "PHPSECLIB='2.0.0'" -- "PHPSECLIB='2.0.1'" -- "PHPSECLIB='2.0.2'" -- "PHPSECLIB='2.0.3'" -- "PHPSECLIB='2.0.4'" -- "PHPSECLIB='2.0.5'" -- "PHPSECLIB='2.0.6'" -- "PHPSECLIB='2.0.7'" -- "PHPSECLIB='2.0.9'" -- "PHPSECLIB='2.0.10'" -- "PHPSECLIB='2.0.11'" -- "PHPSECLIB='2.0.12'" -- "PHPSECLIB='2.0.13'" -- "PHPSECLIB='2.0.14'" -- "PHPSECLIB='2.0.15'" -- "PHPSECLIB='2.0.16'" -- "PHPSECLIB='2.0.17'" -- "PHPSECLIB='2.0.18'" -- "PHPSECLIB='2.0.19'" -- "PHPSECLIB='2.0.20'" -- "PHPSECLIB='2.0.21'" -- "PHPSECLIB='2.0.22'" -- "PHPSECLIB='2.0.23'" -- "PHPSECLIB='2.0.24'" -- "PHPSECLIB='2.0.25'" -- "PHPSECLIB='2.0.26'" -- "PHPSECLIB='2.0.27'" + - "PHPSECLIB='^2.0 !=2.0.8'" + - "PHPSECLIB='2.0.0'" + - "PHPSECLIB='2.0.1'" + - "PHPSECLIB='2.0.2'" + - "PHPSECLIB='2.0.3'" + - "PHPSECLIB='2.0.4'" + - "PHPSECLIB='2.0.5'" + - "PHPSECLIB='2.0.6'" + - "PHPSECLIB='2.0.7'" + - "PHPSECLIB='2.0.9'" + - "PHPSECLIB='2.0.10'" + - "PHPSECLIB='2.0.11'" + - "PHPSECLIB='2.0.12'" + - "PHPSECLIB='2.0.13'" + - "PHPSECLIB='2.0.14'" + - "PHPSECLIB='2.0.15'" + - "PHPSECLIB='2.0.16'" + - "PHPSECLIB='2.0.17'" + - "PHPSECLIB='2.0.18'" + - "PHPSECLIB='2.0.19'" + - "PHPSECLIB='2.0.20'" + - "PHPSECLIB='2.0.21'" + - "PHPSECLIB='2.0.22'" + - "PHPSECLIB='2.0.23'" + - "PHPSECLIB='2.0.24'" + - "PHPSECLIB='2.0.25'" + - "PHPSECLIB='2.0.26'" + - "PHPSECLIB='2.0.27'" language: php matrix: exclude: - - env: "PHPSECLIB='2.0.0'" - php: '7.3' - - env: "PHPSECLIB='2.0.1'" - php: '7.3' - - env: "PHPSECLIB='2.0.2'" - php: '7.3' - - env: "PHPSECLIB='2.0.3'" - php: '7.3' - - env: "PHPSECLIB='2.0.4'" - php: '7.3' - - env: "PHPSECLIB='2.0.5'" - php: '7.3' - - env: "PHPSECLIB='2.0.6'" - php: '7.3' - - env: "PHPSECLIB='2.0.0'" - php: '7.4' - - env: "PHPSECLIB='2.0.1'" - php: '7.4' - - env: "PHPSECLIB='2.0.2'" - php: '7.4' - - env: "PHPSECLIB='2.0.3'" - php: '7.4' - - env: "PHPSECLIB='2.0.4'" - php: '7.4' - - env: "PHPSECLIB='2.0.5'" - php: '7.4' - - env: "PHPSECLIB='2.0.6'" - php: '7.4' - - env: "PHPSECLIB='2.0.0'" - php: '8.0' - - env: "PHPSECLIB='2.0.1'" - php: '8.0' - - env: "PHPSECLIB='2.0.2'" - php: '8.0' - - env: "PHPSECLIB='2.0.3'" - php: '8.0' - - env: "PHPSECLIB='2.0.4'" - php: '8.0' - - env: "PHPSECLIB='2.0.5'" - php: '8.0' - - env: "PHPSECLIB='2.0.6'" - php: '8.0' + - env: "PHPSECLIB='2.0.0'" + php: '7.3' + - env: "PHPSECLIB='2.0.1'" + php: '7.3' + - env: "PHPSECLIB='2.0.2'" + php: '7.3' + - env: "PHPSECLIB='2.0.3'" + php: '7.3' + - env: "PHPSECLIB='2.0.4'" + php: '7.3' + - env: "PHPSECLIB='2.0.5'" + php: '7.3' + - env: "PHPSECLIB='2.0.6'" + php: '7.3' + - env: "PHPSECLIB='2.0.0'" + php: '7.4' + - env: "PHPSECLIB='2.0.1'" + php: '7.4' + - env: "PHPSECLIB='2.0.2'" + php: '7.4' + - env: "PHPSECLIB='2.0.3'" + php: '7.4' + - env: "PHPSECLIB='2.0.4'" + php: '7.4' + - env: "PHPSECLIB='2.0.5'" + php: '7.4' + - env: "PHPSECLIB='2.0.6'" + php: '7.4' + - env: "PHPSECLIB='2.0.0'" + php: '8.0' + - env: "PHPSECLIB='2.0.1'" + php: '8.0' + - env: "PHPSECLIB='2.0.2'" + php: '8.0' + - env: "PHPSECLIB='2.0.3'" + php: '8.0' + - env: "PHPSECLIB='2.0.4'" + php: '8.0' + - env: "PHPSECLIB='2.0.5'" + php: '8.0' + - env: "PHPSECLIB='2.0.6'" + php: '8.0' + - env: "PHPSECLIB='2.0.0'" + php: '8.1' + - env: "PHPSECLIB='2.0.1'" + php: '8.1' + - env: "PHPSECLIB='2.0.2'" + php: '8.1' + - env: "PHPSECLIB='2.0.3'" + php: '8.1' + - env: "PHPSECLIB='2.0.4'" + php: '8.1' + - env: "PHPSECLIB='2.0.5'" + php: '8.1' + - env: "PHPSECLIB='2.0.6'" + php: '8.1' + - env: "PHPSECLIB='2.0.0'" + php: '8.2' + - env: "PHPSECLIB='2.0.1'" + php: '8.2' + - env: "PHPSECLIB='2.0.2'" + php: '8.2' + - env: "PHPSECLIB='2.0.3'" + php: '8.2' + - env: "PHPSECLIB='2.0.4'" + php: '8.2' + - env: "PHPSECLIB='2.0.5'" + php: '8.2' + - env: "PHPSECLIB='2.0.6'" + php: '8.2' fast_finish: true php: -- '7.3' -- '7.4' -- '8.0' + - '7.3' + - '7.4' + - '8.0' + - '8.1' + - '8.2' From f4dbc2f370b3d4eaa7e0cf8307b670606038e62e Mon Sep 17 00:00:00 2001 From: Ishan Vyas Date: Mon, 5 Dec 2022 15:32:36 +0530 Subject: [PATCH 172/176] Fix PHP 8.2 deprecation errors --- lib/openpgp.php | 61 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index 9c4bf12..f413fbe 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -538,7 +538,7 @@ function body() { } function header_and_body() { - $body = $this->body(); // Get body first, we will need it's length + $body = $this->body() ?? ''; // Get body first, we will need it's length $tag = chr($this->tag | 0xC0); // First two bits are 1 for new packet format $size = chr(255).pack('N', strlen($body)); // Use 5-octet lengths return array('header' => $tag.$size, 'body' => $body); @@ -616,6 +616,10 @@ function read_bytes($count = 1) { class OpenPGP_AsymmetricSessionKeyPacket extends OpenPGP_Packet { public $version, $keyid, $key_algorithm, $encrypted_data; + public $input; + + public $length; + function __construct($key_algorithm='', $keyid='', $encrypted_data='', $version=3) { parent::__construct(); $this->version = $version; @@ -665,6 +669,10 @@ class OpenPGP_SignaturePacket extends OpenPGP_Packet { public $version, $signature_type, $hash_algorithm, $key_algorithm, $hashed_subpackets, $unhashed_subpackets, $hash_head; public $trailer; // This is the literal bytes that get tacked on the end of the message when verifying the signature + public $input; + + public $length; + function __construct($data=NULL, $key_algorithm=NULL, $hash_algorithm=NULL) { parent::__construct(); $this->version = 4; // Default to version 4 sigs @@ -941,6 +949,10 @@ static function class_for($tag) { } class OpenPGP_SignaturePacket_Subpacket extends OpenPGP_Packet { + public $input; + + public $length; + function __construct($data=NULL) { parent::__construct($data); $this->tag = array_search(substr(substr(get_class($this), 8+16), 0, -6), OpenPGP_SignaturePacket::$subpacket_types); @@ -1199,6 +1211,8 @@ function body() { } class OpenPGP_SignaturePacket_KeyFlagsPacket extends OpenPGP_SignaturePacket_Subpacket { + public $flags; + function __construct($flags=array()) { parent::__construct(); $this->flags = $flags; @@ -1286,6 +1300,10 @@ function header_and_body() { class OpenPGP_SymmetricSessionKeyPacket extends OpenPGP_Packet { public $version, $symmetric_algorithm, $s2k, $encrypted_data; + public $input; + + public $length; + function __construct($s2k=NULL, $encrypted_data='', $symmetric_algorithm=9, $version=3) { parent::__construct(); $this->version = $version; @@ -1314,6 +1332,11 @@ function body() { */ class OpenPGP_OnePassSignaturePacket extends OpenPGP_Packet { public $version, $signature_type, $hash_algorithm, $key_algorithm, $key_id, $nested; + + public $input; + + public $length; + function read() { $this->version = ord($this->read_byte()); $this->signature_type = ord($this->read_byte()); @@ -1348,6 +1371,10 @@ class OpenPGP_PublicKeyPacket extends OpenPGP_Packet { public $key, $key_id, $fingerprint; public $v3_days_of_validity; + public $input; + + public $length; + function __construct($key=array(), $algorithm='RSA', $timestamp=NULL, $version=4) { parent::__construct(); @@ -1544,6 +1571,10 @@ function body() { * @see http://tools.ietf.org/html/rfc4880#section-12 */ class OpenPGP_PublicSubkeyPacket extends OpenPGP_PublicKeyPacket { + public $input; + + public $length; + // TODO } @@ -1642,6 +1673,10 @@ class OpenPGP_CompressedDataPacket extends OpenPGP_Packet implements IteratorAgg /* see http://tools.ietf.org/html/rfc4880#section-9.3 */ static $algorithms = array(0 => 'Uncompressed', 1 => 'ZIP', 2 => 'ZLIB', 3 => 'BZip2'); + public $input; + + public $length; + function __construct($m=NULL, $algorithm=1) { parent::__construct(); $this->algorithm = $algorithm; @@ -1730,6 +1765,10 @@ function offsetUnset($offset) { * @see http://tools.ietf.org/html/rfc4880#section-5.7 */ class OpenPGP_EncryptedDataPacket extends OpenPGP_Packet { + public $input; + + public $length; + function read() { $this->data = $this->input; } @@ -1756,6 +1795,10 @@ class OpenPGP_MarkerPacket extends OpenPGP_Packet { class OpenPGP_LiteralDataPacket extends OpenPGP_Packet { public $format, $filename, $timestamp; + public $input; + + public $length; + function __construct($data=NULL, $opt=array()) { parent::__construct(); $this->data = $data; @@ -1800,6 +1843,10 @@ function body() { * @see http://tools.ietf.org/html/rfc4880#section-5.10 */ class OpenPGP_TrustPacket extends OpenPGP_Packet { + public $input; + + public $length; + function read() { $this->data = $this->input; } @@ -1818,6 +1865,10 @@ function body() { class OpenPGP_UserIDPacket extends OpenPGP_Packet { public $name, $comment, $email; + public $input; + + public $length; + function __construct($name='', $comment='', $email='') { parent::__construct(); if(!$comment && !$email) { @@ -1880,6 +1931,10 @@ function body() { class OpenPGP_UserAttributePacket extends OpenPGP_Packet { public $packets; + public $input; + + public $length; + // TODO } @@ -1891,6 +1946,10 @@ class OpenPGP_UserAttributePacket extends OpenPGP_Packet { class OpenPGP_IntegrityProtectedDataPacket extends OpenPGP_EncryptedDataPacket { public $version; + public $input; + + public $length; + function __construct($data='', $version=1) { parent::__construct(); $this->version = $version; From 92b56f36f15cb98c22e7b580ab97f9a4076850b2 Mon Sep 17 00:00:00 2001 From: Cedric Alfonsi Date: Tue, 20 Feb 2024 16:30:12 +0100 Subject: [PATCH 173/176] PB-26152 parser support of critical subpacket flag --- lib/openpgp.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index f413fbe..749aec1 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -881,10 +881,16 @@ static function get_subpacket(&$input) { } $input = substr($input, $length_of_length); // Chop off length header $tag = ord($input[0]); + // Is the subpacket critical? + $criticalFlagMask = 0x80; + $typeMask = 0x7F; + $isCritical = ($tag & $criticalFlagMask) === $criticalFlagMask; + $tag = $tag & $typeMask; $class = self::class_for($tag); if($class) { $packet = new $class(); $packet->tag = $tag; + $packet->isCritical = $isCritical; $packet->input = substr($input, 1, $len-1); $packet->length = $len-1; $packet->read(); @@ -951,6 +957,8 @@ static function class_for($tag) { class OpenPGP_SignaturePacket_Subpacket extends OpenPGP_Packet { public $input; + public $isCritical = false; + public $length; function __construct($data=NULL) { @@ -1932,7 +1940,7 @@ class OpenPGP_UserAttributePacket extends OpenPGP_Packet { public $packets; public $input; - + public $length; // TODO From 8dce47ea51f22de20e0532e7c99f1fbebbe04be6 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 12 Aug 2024 11:50:21 -0500 Subject: [PATCH 174/176] Fix hash_head Fixes #120 Closes #139 --- examples/keygenSubkeys.php | 4 +++- lib/openpgp.php | 5 +++-- lib/openpgp_crypt_rsa.php | 8 ++++++-- tests/phpseclib_suite.php | 5 +++++ 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/examples/keygenSubkeys.php b/examples/keygenSubkeys.php index 9090595..b8b322c 100644 --- a/examples/keygenSubkeys.php +++ b/examples/keygenSubkeys.php @@ -85,7 +85,9 @@ $sub_sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_KeyFlagsPacket(array(0x0C)); // Encrypt bits $sub_sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid); $sub_sig->data = implode('', $nkey->fingerprint_material()) . implode('', $subkey->fingerprint_material()); -$sub_sig->sign_data(array('RSA' => array('SHA256' => function($data) use($key) {return array($key->sign($data));}))); +$sig->sign_data(array('RSA' => array('SHA256' => function($data) use($key) { + return [ "signed" => $key->sign($data), "hash" => $key->getHash()->hash($data) ]; +}))); // Append the subkey signature $packets[] = $sub_sig; diff --git a/lib/openpgp.php b/lib/openpgp.php index f413fbe..fa1f257 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -705,8 +705,9 @@ function __construct($data=NULL, $key_algorithm=NULL, $hash_algorithm=NULL) { function sign_data($signers) { $this->trailer = $this->calculate_trailer(); $signer = $signers[$this->key_algorithm_name()][$this->hash_algorithm_name()]; - $this->data = call_user_func($signer, $this->data.$this->trailer); - $unpacked = unpack('n', substr(implode('',$this->data), 0, 2)); + $signed = call_user_func($signer, $this->data.$this->trailer); + $this->data = array($signed["signed"]); + $unpacked = unpack('n', substr($signed["hash"], 0, 2)); $this->hash_head = reset($unpacked); } diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index 8d9c10f..b04c946 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -129,7 +129,9 @@ function sign($packet, $hash='SHA256', $keyid=NULL) { $sig = new OpenPGP_SignaturePacket($message, 'RSA', strtoupper($hash)); $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid); - $sig->sign_data(array('RSA' => array($hash => function($data) use($key) {return array($key->sign($data));}))); + $sig->sign_data(array('RSA' => array($hash => function($data) use($key) { + return [ "signed" => $key->sign($data), "hash" => $key->getHash()->hash($data) ]; + }))); return new OpenPGP_Message(array($sig, $message)); } @@ -161,7 +163,9 @@ function sign_key_userid($packet, $hash='SHA256', $keyid=NULL) { $packet[] = $sig; } - $sig->sign_data(array('RSA' => array($hash => function($data) use($key) {return array($key->sign($data));}))); + $sig->sign_data(array('RSA' => array($hash => function($data) use($key) { + return [ "signed" => $key->sign($data), "hash" => $key->getHash()->hash($data) ]; + }))); return $packet; } diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index a31ab0d..742ac43 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -33,10 +33,15 @@ public function testCompressedSigBzip2() { public function testSigningMessages() { $wkey = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/helloKey.gpg')); + if (function_exists('uopz_set_return')) uopz_set_return('time', 0); $data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt')); $sign = new OpenPGP_Crypt_RSA($wkey); $m = $sign->sign($data)->to_bytes(); $reparsedM = OpenPGP_Message::parse($m); + if (function_exists('uopz_unset_return')) { + uopz_unset_return('time'); + $this->assertSame(4871, $reparsedM[0]->hash_head); + } $this->assertSame($sign->verify($reparsedM), $reparsedM->signatures()); } From 3778c4256f7e54bff4d9d97a490bc7d34adf651a Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 12 Aug 2024 13:25:23 -0500 Subject: [PATCH 175/176] Fix typo --- examples/keygenSubkeys.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/keygenSubkeys.php b/examples/keygenSubkeys.php index b8b322c..bdf6f36 100644 --- a/examples/keygenSubkeys.php +++ b/examples/keygenSubkeys.php @@ -85,7 +85,7 @@ $sub_sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_KeyFlagsPacket(array(0x0C)); // Encrypt bits $sub_sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid); $sub_sig->data = implode('', $nkey->fingerprint_material()) . implode('', $subkey->fingerprint_material()); -$sig->sign_data(array('RSA' => array('SHA256' => function($data) use($key) { +$sub_sig->sign_data(array('RSA' => array('SHA256' => function($data) use($key) { return [ "signed" => $key->sign($data), "hash" => $key->getHash()->hash($data) ]; }))); From b55996c1942bf676d4531c9b4c0ed226f7fe2b60 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 12 Aug 2024 14:00:23 -0500 Subject: [PATCH 176/176] Bump to 0.7.0 --- lib/openpgp.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/openpgp.php b/lib/openpgp.php index efb8e84..d7b8147 100644 --- a/lib/openpgp.php +++ b/lib/openpgp.php @@ -5,7 +5,7 @@ * (RFC 4880). * * @package OpenPGP - * @version 0.6.0 + * @version 0.7.0 * @author Arto Bendiken * @author Stephen Paul Weber * @see http://github.com/bendiken/openpgp-php @@ -18,7 +18,7 @@ * @see http://tools.ietf.org/html/rfc4880 */ class OpenPGP { - const VERSION = array(0, 6, 0); + const VERSION = array(0, 7, 0); /** * @see http://tools.ietf.org/html/rfc4880#section-6