From 3882ba6fbfdbdc2d25ab6cee6401de2e0684acce Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Fri, 3 Feb 2017 11:23:49 -0800 Subject: [PATCH] Add support for the signed_certificate_timestamp TLS extension. --- src/analyzer/protocol/ssl/events.bif | 23 +++++++++++++++++- .../protocol/ssl/tls-handshake-analyzer.pac | 22 ++++++++++++++++- .../protocol/ssl/tls-handshake-protocol.pac | 20 +++++++++++++++ .../.stdout | 3 +++ .../tls/signed_certificate_timestamp.pcap | Bin 0 -> 36501 bytes .../ssl/signed_certificate_timestamp.test | 7 ++++++ 6 files changed, 73 insertions(+), 2 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssl.signed_certificate_timestamp/.stdout create mode 100644 testing/btest/Traces/tls/signed_certificate_timestamp.pcap create mode 100644 testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif index 2855dd7fe9..3fb565b8aa 100644 --- a/src/analyzer/protocol/ssl/events.bif +++ b/src/analyzer/protocol/ssl/events.bif @@ -192,7 +192,7 @@ event ssl_dh_server_params%(c: connection, p: string, q: string, Ys: string%); ## the initial handshake. It contains the list of client supported application ## protocols by the client or the server, respectively. ## -## At the moment it is mostly used to negotiate the use of SPDY / HTTP2-drafts. +## At the moment it is mostly used to negotiate the use of SPDY / HTTP2. ## ## c: The connection. ## @@ -225,6 +225,27 @@ event ssl_extension_application_layer_protocol_negotiation%(c: connection, is_or ## ssl_extension_key_share event ssl_extension_server_name%(c: connection, is_orig: bool, names: string_vec%); +## Generated for the signed_certificate_timestamp TLS extension as defined in +## :rfc:`6962`. The extension is used to transmit signed proofs that are +## used for Certificate Transparency. +## +## c: The connection. +## +## is_orig: True if event is raised for originator side of the connection. +## +## version: the version of the protocol to which the SCT conforms. Always +## should be 0 (representing version 1) +## +## logid: 32 bit key id +## +## timestamp: the current NTP Time +## +## signature_and_hashalgorithm: signature and hash algorithm used for the +## digitally_signed struct +## +## signature: signature part of the digitally_signed struct +event ssl_extension_signed_certificate_timestamp%(c: connection, is_orig: bool, version: count, logid: string, timestamp: time, signature_and_hashalgorithm: SSL::SignatureAndHashAlgorithm, signature: string%); + ## Generated at the end of an SSL/TLS handshake. SSL/TLS sessions start with ## an unencrypted handshake, and Bro extracts as much information out of that ## as it can. This event signals the time when an SSL/TLS has finished the diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac index a4f4f94c6f..7f4eb2ba3c 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac @@ -231,6 +231,24 @@ refine connection Handshake_Conn += { return true; %} + function proc_signedcertificatetimestamp(rec: HandshakeRecord, version: uint8, logid: const_bytestring, timestamp: uint64, digitally_signed_algorithms: SignatureAndHashAlgorithm, digitally_signed_signature: const_bytestring) : bool + %{ + RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); + ha->Assign(0, new Val(digitally_signed_algorithms->HashAlgorithm(), TYPE_COUNT)); + ha->Assign(1, new Val(digitally_signed_algorithms->SignatureAlgorithm(), TYPE_COUNT)); + + BifEvent::generate_ssl_extension_signed_certificate_timestamp(bro_analyzer(), + bro_analyzer()->Conn(), ${rec.is_orig}, + version, + new StringVal(logid.length(), reinterpret_cast(logid.begin())), + ((double)timestamp)/1000, + ha, + new StringVal(digitally_signed_signature.length(), reinterpret_cast(digitally_signed_signature.begin())) + ); + + return true; + %} + function proc_dh_server_key_exchange(rec: HandshakeRecord, p: bytestring, g: bytestring, Ys: bytestring) : bool %{ BifEvent::generate_ssl_dh_server_params(bro_analyzer(), @@ -251,7 +269,6 @@ refine connection Handshake_Conn += { return true; %} - }; refine typeattr ClientHello += &let { @@ -333,3 +350,6 @@ refine typeattr Handshake += &let { proc : bool = $context.connection.proc_handshake(rec.is_orig, rec.msg_type, rec.msg_length); }; +refine typeattr SignedCertificateTimestamp += &let { + proc : bool = $context.connection.proc_signedcertificatetimestamp(rec, version, logid, timestamp, digitally_signed_algorithms, digitally_signed_signature); +}; diff --git a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac index da01a27f1d..65da41e0db 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac @@ -485,11 +485,31 @@ type SSLExtension(rec: HandshakeRecord) = record { # EXT_STATUS_REQUEST -> status_request: StatusRequest(rec)[] &until($element == 0 || $element != 0); EXT_SERVER_NAME -> server_name: ServerNameExt(rec)[] &until($element == 0 || $element != 0); EXT_SIGNATURE_ALGORITHMS -> signature_algorithm: SignatureAlgorithm(rec)[] &until($element == 0 || $element != 0); + EXT_SIGNED_CERTIFICATE_TIMESTAMP -> certificate_timestamp: SignedCertificateTimestampList(rec)[] &until($element == 0 || $element != 0); EXT_KEY_SHARE -> key_share: KeyShare(rec)[] &until($element == 0 || $element != 0); default -> data: bytestring &restofdata; }; } &length=data_len+4 &exportsourcedata; +type SignedCertificateTimestampList(rec: HandshakeRecord) = record { + length: uint16; + SCTs: SignedCertificateTimestamp(rec)[] &until($input.length() == 0); +} &length=length+2; + +type SignedCertificateTimestamp(rec: HandshakeRecord) = record { + # before - framing + length: uint16; + # from here: SignedCertificateTimestamp + version: uint8; + logid: bytestring &length=32; + timestamp: uint64; + extensions_length: uint16; # extensions are not actually defined yet, so we cannot parse them + extensions: bytestring &length=extensions_length; + digitally_signed_algorithms: SignatureAndHashAlgorithm; + digitally_signed_signature_length: uint16; + digitally_signed_signature: bytestring &length=digitally_signed_signature_length; +} &length=length+2; + type ServerNameHostName() = record { length: uint16; host_name: bytestring &length=length; diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.signed_certificate_timestamp/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.signed_certificate_timestamp/.stdout new file mode 100644 index 0000000000..abed68df42 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.signed_certificate_timestamp/.stdout @@ -0,0 +1,3 @@ +0, 1406997753.366, [HashAlgorithm=4, SignatureAlgorithm=3] +0, 1407002457.456, [HashAlgorithm=4, SignatureAlgorithm=3] +0, 1410299366.023, [HashAlgorithm=4, SignatureAlgorithm=3] diff --git a/testing/btest/Traces/tls/signed_certificate_timestamp.pcap b/testing/btest/Traces/tls/signed_certificate_timestamp.pcap new file mode 100644 index 0000000000000000000000000000000000000000..50efed9cea5db93fddffb4cdb338f03479625b98 GIT binary patch literal 36501 zcmd?QWmH_t*6-bodvGVXTjTET5L`lV3GN!)B{;!@yL)hgI|L67fe@S!+-{S-v(L`i z=Q+>&&yFhyj5C z*+t*Q+{MrZ8Z8+u9>pBR=)&m21Y`g*0n7jn00LO90v{g$cmyASUmJh|Kmq{Z9W9-m zO&ytB%>g*zYvka948R1SLqWnpK>?v5;h>>`a4;}H2p|9&0R8hh06O?4)ThTGELh>*Y0o`TExT21%{cvT8Q7Kfy zmy*(Syy9oD07mdbK=31o2&JXI=#Y?*5RgCs0{9OOtU&~>7B2V?3S57Ph=?amEWi%f z)c*sYC%3|jg#OD>|1kvEw<4Z~0MP#5h5*l{rogEmDqz3n>mP0fcG5bIjwrP!MMALR zCN$t@`FBO=nXSkt#oO`!NzrZKcSUSSNMJYERofvUjU?ZG^AE_n2gta;v4kZ=-58#Q zI^uTNd5&F8o<1Pd3Fu-50F$2j?GFz`1VBLoz;6EJbKv>_(1DgfbASsV{{wt%J+2mJ zXe&nUsJT4?KSv7GHNjf*mfIN0Ao4OQxB^n|Qjf5~oPY#Kg2W+62;~A^CfS_!W3_;?gMqulkQ~d_5ZRaeQ`JEa5WyBX$${6$?c0A8M zW#OIxTmcprDObcM0Uf+iM;~a26wNcdBSQLF8AeT%TK1+o$opA#}3W!0cF;P(xpN+ybBCi!oV1qsr zQ_opE8tZf5h+C1FLIm4Al51~r88>Lz5Va&O+sHD@d*<`1+HoNe(CZcMS$sbNwkxe? z5)t|@yR_kR)vD8}1GdrvlS#>t<;UokrR~6C1ir@c2ap!2dOP!M%vOfCxaH0iaF+pv6G}(88bqD4J|Y z2p|Lms+Yl7ik7U#K?bQrFOu372!sp+PZuH`a)}HCB0>W|{;@2GAb1!^bto7N2q{q( z0ubKQ2^4~|B?k8#{{AOaSNidos*@rrK_o`syqui2=$LD{R^F-03g}l8wCgrfD8aW1Awn1 zKm>r{){>+}!<`N(F(!JB7>Ej>h%f9zMqdo~GAG&q3`1jB*tXT}H9OTa_2o zyHi3X*#;i?fdi>Ww~`|zuEsdWjhy`G6m|1$Q`J*8e*N$8!jiEpx+ zQXsI(0JrCQNYrHe?ZJ0)HpItp&Wr7d3-~N5B~WD}5o-=aQ-y&Cx@;TwBpaMU;0S;F z>!c^51M>oabKn;F^t0iK$f0mS*nXI?Rj+vybr2U~_s}(**2L<0X+D1i5rG?+2n7lo z3bV;@e1w96gn-TlAwAuW@pKLW0{rnXB@{LY z69$eR1_%ue3km$|2m+-1bTbK*3`h#Z2ZIE@0SZ{l0uFDGP#}5`?XMdlfY?M&k=kr+w=BnOhomdch05qo+P{GhR; z^`B1}8$KN{|KY=67yiTL{^h`b`0pR?D<;AOeh}mz{HrcNAe0Bl4W#tz90c(<3(o(G zg(u<@{deL={UrX_@5F~){1ro}p9lm_&VI#^UxV%+b#?|({8dF@2=1SaU}x-P|63hF z)BSGCaGkSS&4Jt2L(xp|fxT zuKnIK^+Z{{<%Wmn7TPK%xWQ6!TF{h)B70tbe5b@=0FtaU`rI;Y=PXe78^E%+%L3t` z3ZK8|P(qc2n0-SmK&KAKT^icdeDav7P9#AAwdd2r0`Y9>ScTEeEU!2hRGQ z^`(iFcTXqZdS`sGRJX!%G^~RZE)_%B7=Xv#M>C=q1|m<5JIU2$K+xPl-lev*qfh#& zw3&Ph8Z=tS6O<9wW_l*uy+s#JYs?7S zr9AH_*uS?L(i512|9=DX(^&ZlX0pG5SM73 zRvr*53(GGW|6dqD{x_n({Rn}#k*%G-&&?6da1WfEmgzDXKs17uz~(K^?m~j_B^q7o z&9QNV%zGAcy#NMc6h(44JFai~RuH*L{$q8Mg#HU=_El*LlX{U# zz`M&1^VO_L&mvVnKJSY2WOciDQV8C`k!0_p>w?ykH7D(H4U%Jy7-17Kb6SR{#=O4u z(xuUm#wpmvD^V7F_vBciT9z!BEZ63UdQ^-PQx?)rcy6sidZdL}_TZxIE+}737=m$Q zmD0A(m-syR#WG|91+MJ~wTi@!{VJtcKJtca!C|A%;F!%36A`u3%Vi0WU+Gq@2x3*c zcg_1_95aob zwfOO^g_H)+(gusq8@P^9CHk!w*Y%UA>h>%0J{vq+xC zby2|r5IBdeYz%NiiP3z+zF&l%c_~G0Fn7z%XYH7qcqNLzc4!9^CGimkQ2J$ed9h)` z$^GDhe0gfc`YnD;!Je9Ta#PQP`rBw3{X3J^3BmT{eao@Vb?H;10Mu6 z5BrG|p_66tkf6E9lCTbV^Y0s^}Kzzc|}YWQ}-!*olBR7 zk7XN0lToL+!lPWD#0O388r{ZcjySRPsK= zuCpc9{*#7Vu>0{IWeLu>vSSp0w{&aCnEm|~j012pfMn*uuDu2T?GDcToxz#E-k$-6 z+U!VUU*_y>*}Q%3UC`=pN$yjCvHM$mQI+_WFe6|f{&I2>5m6Q@a9;2;(}Ka^#X<%mdAbi01Mi>rfu{s7?ChMMA_+K#aIk?`K;v`hQKt3xN2ot$t1jAf6@!5a0;`c<{#Us>Odo(5NX#rda8l5I1*DrRU0fLv9an zXj5J5y`e*ok@H2>Xn$|-*ktHCB=-!bNMNfP%JAqB?cKnS5J7|+LA~pQ9d^$}OslUM zb-~#Io~~66vGWJ_$Tu0*H*3`aKQMi+J9-P5m3&iu8}7`-9NUoqbK(0|4AX}(DTJ71 zKHFQicMHW|;we6hSs68}-|uy|SvN+Wp+u*BNw>C4y>gcZNz7JkAoEKY+_5IBP`8=) z3^O%a?MV&{kYv{oo32X3wd5<7d=Hf53fkWt^_LbiS9GLH*K3z2po!2U^QtdPSv*=- z3G9KFRJ0LHy-C9P?9HYr!XK@2h}fuC#bAuTra36o_U&bFdX+@#W}Xg3eM^akz=U1t zql{L^N%7;4=8A7zw=K;-5P7e6#YCTnF9eNXoG!L*gc~$R(P)%o5@jHKb=aRkSrI5n z&XI2CzpQFNCX??%^FPqwyO_@1)NQJTB72eKm+(YHlK-9qzx|m5kNi$V^uN|oY`}|+ zf9AjqPwOa_yKm)9PvamN?VTa^BF(XAEnh&i&aWxIR+sF|&Z9B(wV&+CEoC4rl^UnX zfRS+R48WzXpRKGPQQoooAs^xZ`c}Ax9kRagD7R6Z9;Z3n6T z5s>|Vfc#H?3&$1hDW2^0RF^lsRBFeN?dudHYWRN($Nw=}|9d!o_7pyUPOzXskl=6( zLVLPE0)+qqhvz?ot@zU=VkiL+ABZQLE1M&P?XO5^&E(<)&J3S|-p^^!ui^cR0%9Uh zWBX@l<@gm!!J(BFL=B?+bq)fC;Qf6@@tfkm<-I>=3nra`r?1k2C&!v|Xf=^{buOpA z34V8lvORra-};>YQ32Wc^{9UU<#bOr-AnoNmdG5NUNv}^fh}s3mq8v}!WeGn_2q<< zd}TQ3bI0tsKJ?!_rpq)Xkg8~ICYQFAlfqipf;BDQ#4o%UcJl8eJlkouHA920d!ESX z8SK7-IFmer>+#;KL*=#uFX=#>VFMtJfdGhoFn7L!*MGAE zAlAW$%P{bNOpHO`Rt|s|178{fr*Sp8;0gDCO3!egv4U8*KrAdQ;G~_6om&Tda}c=r zfn>nTKG5_ikP!IL04Pk)4Z+>)UOI+)nvt)C(2{tpY9v*JJ3l>7kyu#%1T*CmcW z4d(;^5y6IG!37cq;pgOi&I7!I0OkJ!%KsE_{QubM;otrK*DN`59~SieF`qhR@N%L^ zMCg@5&Uv{l3y%5~x~}3e6_U!Q*kOPTp?~sK>OtWcWIv&#n;E;;V>MPAs`aR=R(6w) zPfLERN zVw43O%GkQ?Fx#tfeN9J~e%UES(+`P>v>H<cH0_7uK9~_lg%gybXK_yVh+-`}x zJO4<<$mF{TD&;Q8d9>0*Ov2}-@0_xoI&hAn1K7v9>e3@^Hn42UvIyWxx`U@PfNG}e zSbL`>m$1-;un%7=RP}_`vu#p6o~M7}%o;YLj^)_X=L}X|!is@^BadI}%aI0?=TDS- z;T}-zeJolThMOMJS2at(y!?)zyJKL6z}|RX3Y8>^Qbr-eB`zFvJycl|)xx+IwF0C0 zTnF3W;Q_oe^$hFin`vk=`vZu%)MB{*XpoL!_dD(K#MQuI^aVfS8J51VQ!T1@eWUmD zQC<~~_irMYg)USN@d`3(ynTjMJ6!L-VW;$W3bZ>1iA8sr>uK8GwD@@M+@=1NrxjGl5fdM`RB_)MuaGVg1oh;Hdogv_kd2 zE7F)eDb^(7kHqU-3MgyMe_|!#` z;H?%>5hw%`Y#W8zWEzDOyDp9>;#-o4^Rt$kA$6mqRBt+NQl*R)NM1DaF(J-S`i@He zBjaX|H$)l4SF!oBt=C5Z&=QznDIoAkkOo|}pC1*M(j11{y1eLhmr9@mBW#%l#q>mz z!z<>d9qPx?cV$m4bUp|T*anZ?r}FRb1DtU?zz*@+($g#@=bs)^aCn&>z!p7 zx!Cl`Y3%~HHL~oP8V+IZ;%>I&b*+oqwYKDBYN6Ty0^1vY{pb0YLPnGNCQt*+=i=0DpTFolhbDipEnb1hdK}oO zq+o#RC|Ge?H9;s+S%=5Nv87r!c|~n~6u8*Ulq9r}6-*LLVJdjuh%}P0vVDt8@2oZ< zbdatrp6O;gZz`d&tUfwBoZkK#1F?N~?UhX!nzPHf_v(2Raem-;hH*NiM+se}3hMXD zPn|AI3kOgGclcBJ2ec)(Vt+zg>vw45F<)v5+WCQ@ZQS@rr-u%2>T`5N1D<^DGx&!K zbKuJifXQ#)n&I|yw|tJO0{OD{FQ2cQ@y-s6W18~4Shi~|FWx$3Z^5+E%3UalH6r*n zy=^m)@m`SHgd`iq5Xpv6JrT}{?!@7sNp`sjEke?`e?vLbb~8`0rOcK3=8eP~6HJkh zO*)+0rrc8m`pkVtgY*wD^$5=a*&@h~`^2Z#M3@B>CwN!+B8}tfut3 z9~jXlp}AQQ_~=rx&M&)h&xQQj*_Gp7l|+qvl8_%wrs-Sb=T&bSGhj{jE`xf2!!yM` z(35c7x1XQ;+rS!L9=xOCA~GM3N3i)KAFzp~U-m_wS$%m2D(4s?J_S+o)uH#BthAh` zHkJan@#g=$0UY;pDm3_e8{>;yY6_!+x0KJ20{&`aXK))Mg9jF5`k&@4hIvwM$r}|; z;a_YNJvi%WvZ-usiL$yRB>%V$=7??SNOIG-7f`7!5EH?(B(X#;Nu|G=cV~OPBZo=e zbUmd3F*r^qs{A=tXIsTzlL(K0Am4%4Q#jfY=3r!zD=R%6?jAXzqu5F<&gr{wG#-S? zE!+YJJ%FW}cv`VU`Hign65j`L(=i-c;T=>ehN5}|ueBP)@ysW7EgqZMVZmrp9 zHRG10Bx#5os>GyVP7;Ly;e&Gb!O(~L zUZx3IURNBs$d8$9UnuuSS9DinAUY=tR_&Vis~%huQ=jF}Y3V1@5%Eu#= z_s{4T^}RC^4N4_OJdT{o9df>{yobfm5t5P9pDU|P7P5LptfjIRoqLqY!z7BrbZz1t z$bMnA3d{1{+b=C%2$k#nWK$vGB|B6}T;ywV4}r|iW0KdJR*7mjb=|i#W~V0go^^sU zzO0s4gu{>g44yt1!Lwe^#vss5LGNP@hdAEnL=cQSR%xB)aw1)0_04FjvUrAfE5_g} zhoN~v7Wdw)Af;exHr(k6zdz0G6NuaF3L}Lm!t1O9$v3t2?xxU6Og(>0(m75?*t2d4 z$;3K-z}`T8mO}t95W;T|>LO4Xdqz;ex{4oI3S5Kcfv+bnC4oh1b~w{}U)|MST5+xG z6FyugBeZ~XKQ4{Qt)m>EzK$r+-&5Tp@;X$lo^@7)0`8!egjLv)X4!i=4lS^=7Ag%* zuk~_dfq82uY2FKAU=h*~XHr-eFMsfenUrDA1I|$5L!Ep*7iaFaOSr(1rYJ-~X@o>2 z&SK2??en$l)_i%+3sgg-Pqg`Sy$c(GBy}myNp`@fhlVH{M@;S|(EL{1pz$o=#<$ZT zRvdm`$deUd$3g8_j)D{q3$mXL2o%Q%cXkv9k5A&}KgXwKnc-G+!L4B-0W4x4MNrNj z+hXbs>jS2S@k9gMOV~4>w1+u@AyI}*H2t2Ly-55?>cRV9RS&@zky~r|$SK&u@6)@KT&@eY?_D=ec9XJ$FVAHML%VHk{UIl$GqoS&*z$4>+r$Pbp z#FW$A03AsPhI)Mx+bF}(zcqsXewh*2yKbAH6T$%uy3Ej#YV?`IE~fM&`^uQ9>1kW9 zW~n~`ADy=Lk`IniL%zc3MrpT)omCrv#yB&CkPrF8f=zJpGFl*T?PEQ+KysaP_h1Lq8r z_QTecK()nJKhqCg+7zp=KDvQXk1iv_`b1Ze&;)RNXZ`^M2o!BivDz* z#Jo812Nc_EpBWuyxHvwSa6A!T`o9xD{wMJVekVTh#xLRzGX75d3Q%FsgeQ!N0YPzV zdJ7FbADi1Cl0WODN{d{|!fkQ}5fmT)6xeBq#N3n^%Mffdjhj>tai zci42&i@r4v0jG@CkN=*+{lHXTEo)~E)R@ZV^5dhE)>NU3vnm}Y;=yS{TAdrJ&73D* zi68m5rOp^CH#g&kp@>Ky$@w-{kn&I$uHT_QY^l09Zv^?^I z)mPr>jR-`L6FwiqMY}pSh3Gk26enU@aI+3KGE*}py&NXq9f>^p8|eCxDv|c8uM=O) z5ht-wM)B$hC4@0g;7stp%D*xTTsV^xS(c4ES|AN~EY)YLV-Nl~=eJcMIv992#}a?5 z-ROJFi+SfPS?~GdS$`0~o8MLCvLF*zBv>6f7vgQ`zK=yej>hgmj78U_JCeDq1V%^f z2ps%;DZtcEeJj)>O!GyxMghHOCdAIiCGm+j<}&@GR0|vHQZFXseaXZXBQj8II$9wI zcx??LAg-1eoJt`C0kl6zVp0vm%7YOh1Ga19%>5@g%ZX!ZGFt{>^czy;LvSlJPq*CZ z@E$Z)iPn#pKdN{Pvg#{3uaoX5bP!*@Vn{srL@nZ!b>9x%={+^_wWSHUGd&;RHyw)U;y@~8(-8Cu~ff^bJY*^65&W2zjGDNMi zyK;{}0c~^y9-g;!L^9Uyj>5*|(fX8%a&5bvxwwU9S_bEONF-Pen(xvV%M+#z_(CKl=09R+3yvhc235WHxmL?7aJ3QwnA7;0Nn&j#5)?b zw~ecQX%Wb8i|J+G^xbKvaj+M6g-WwEeP@{}+%vzzFNJqH?l4ArE~YA7s`9};M}SZ! z0fg)8@Hr-z!)PMMSJYYF_{IGSA%oYo!DixNl=ZMbjQ$H%&{Bl-kf8}?gW1l}s5zr_ zY6<@j4usMjSTtpR@#MQ(DpvMThK8???MB`zWlBU{%lR3_2gm&*Kf)3+$v6-co8Ot6 zz`i-YA|+5gMaA7_e__{CbPp?^yZA*n{Hy>A>44eY?JnK{`g!|em#2!D3am7P>l`fV zHv89QE=om%WLxqp)ifd+etA~-VH(wq*LHA~TJ<@${U5S}ZX~o$%7lpq@R+w=y4k6% zhYW`?&|hw`DA|-|y^}DDS8AO6wobuYqF{W-OxP68946=YBA4_%zCWO}H3g=y#9K5I zc|4&@;Eja%8f6{Z7>(gY(7xRLiNFq&Dz8|P<+6A*A$~-+G{I;9MbxXD2h5e^&hcuP zVnx{yXs#eiFa`cj8m}{~~@- z?C->P!@WNgdBG^E2O`qVerd6VgtkNQcs%WbkobWuX+&*zT4sBRR3UI?)AUV+W0J;W zcoKw=J&Tgy0bPa@nQUCSYWYVEMIqlXvM#hPLO?(u1H0W_4rYvZm0)q;x@{XBiQlsb zqIqiNjZq8jt3`BrQ$RNXe*q4@-x_^(llWB(z7uLQ>ut~qP4=4^pEsR8_ET^W3=_*` z>q_VupQ^&}`f@W6v1R6b`ajBF5PZ81`++}qv9T`49*O~ivwRWMqUhfohVcn+$wuxQ z!w@P5M()5?HSch{q)0Td!}g*?3<%3h^{KgER5KyU@}(g}g@SNLP8{Q??Q#=l6JBx$75R+0ObT+2gQDIyqD+@_ z_Ej|0lHqkA=FPd)!}4dGbN8IOjsfy6+zAaY`NU51JAzvuCLsFHe$=o}qV--fa7>4H zoCgVCb?du}vvYNzJ!B3^LaKi}24=*+II@?`JNZ8DqyJKx2J&-Iman=Y>oB4XaO2q( zPTV5`C$768&EW)+>?*8h-Q^1=>owDjkUMx|GqNV`bg9$viHdSq0H8d&jeJ%(BO5RqkyPw~k}ABX6^d=AaDSytlYM_!wEJIa+C6=5&u@ND_k-7h(g(2)t^=)K^7l(6~>7aEKy%|Jjp2X=) zzz&9pk5$B2iC0?R>}NOD3xzAxEhJmJ={zi8M1kJ3786&!YTlwAj7@UcUjkiBBAP8QogJU)%`6%qUYAcF0)zn&{lV6>#A7TWXct)C-8?> zBoM7QqmpmCs**g=E+=HSx!}RZV{Fd`Fp;23VoX%C*g7kfXN&@LZq7Z82tqyY)P(qo zN3O6LL42wg7-l;iJL_WMEY~zwz+U~)vp!QO8$cXQM+;9wo{I1U$oS2j0a)r8c zqwPWICsNHRsG~HE0z7s0U|hcnYz~xcx7^0u_3TlhU|cNJ3nl4mUX>pwZ(UuY66qCW z?X~GE8I zMW(x({VL%m*&%{ewgC&sleN%Kc-N#&l!psB9!TXIK&+8EvuP->BO!fT{q)sEno zerST_Ks=la3ifISmowDone;~?g4*aBwgvo|F$?eMK+Afp`}xW8%5;w6A94$Eu?Ws_ zJib(5GmDi{m$pmI^etjd;{jmem2iosRj9oc9_)u7N1S;As+;qWbi(;!-1iTngM$Pa8gY##oK+z@m$NK^v;4`;ZV2&;*0NER zZHlJz&Jj28mhXz-MrSK>UkB(l+833_4Qh1{-R}jD%-Xv}8$_jkqkKh8rKXsWNYK}# z!y|KEF5o6#Q{=owX@7ZZlZvL~SCf*S6WW{Xd6Qb$({oG9 zmJtxA zx5M|@LHrUvGR1Fz5K{3?UYyw#2fZqk+)ipTv{h* zQW1sSnqiClUee*Br&(6BqOmxPmbcGvsCG!R3ufglxB0t4HHA5D6WR;}aR_Otd|Fwv zT)i)#356@4YuC$QB0rA{Q>PhgeDw|l@9*eew>`5D zbz(b91mmOfodaXsf2$hwAck$i?fKF>9BZ7WChj}>JA#!T=Q6;TgXBuxDT?-r?5AY_ z<;7f*&gS0cYNaR%J=FGR-Dc?CrJQcA;i%%EDSsHDNJ!xm->Z#dkWIG`>i)TG^kc0-S8dA@2*cUuGd z%r9xpLd;cP^%Q}i78>XK<_qG@x3Bzf?$w&I!-x)wKjy@#5AjoWR&a?hSb=$Z$~ zEro=y(P>oop@au8KS#RyJQ}rsUGhv%SegoSzNFdX;n>5GW*SZnI~}g5YrmUZKN+ghK0dbvd97w;w`up3D_$klK% z)o$9Jb(-=010FT3A3zAi6;c-lZ{=lU zm(YS+%`GNAxwQI542Yb5Vz(=wLDxi~p5N{L+LnduKK5XiM%>VlrtENgLLNw}x@Xx$ zRigg3e9>P~&_V3@03yCobp4)4`ov0b=&r6>F3qE2-CU3&-A{FXdev!8O~T_5S0c6& zwyS|h5|gP$NY{ESDnuKZ2R-u!ekHGJi6ccN$EH&MZON2i zfoSU0&8o_JFDr3?=ax!lFzkn@*I}EY?-}$?C^J)-XH#MCL~9vD09koQQ+kGe-xJ=& zzVW*TZpIs3lD-Fg7A=Mxf3YgESFZ8}XO)Jb&fEOEJE5?lM?fsE>MqLVF-}9LO9s&C zn{WK!7oM)8pWuyP zv#+dr&4yKx$m9$q(^8EZ*5H1;MJgoVvDhru^bxR&ou}k-G>OnF;pyEu8n+Uhm3$Vk z4JBaLvD6-g@S1R=4<6{4y}%6`s$r_wz<3m~alAm3x*fvV!x~h+4K+cWp)qkXAdd9j z-<-has92!e?|b{~NXVu>umtk)TkA7K{`*5uu^%4&7lpxT=0!p>7h&}j?`~tyJZf44 z23i~A`yw0VHYta$Fp<`Okf7$Tlr$JKC8={1y?@_XSRouJJm)ut^Qz$W)weO2QDfMV z_#A+A&CL#q$eA4L6iw|zbwlTi^~By<7j;-U1;v0oxgGJ;SGivXFE~dHY;%U%8C>Ki zCa)piZf@fG7qg5icXc8r>6z#}^sRoX9n>Ja(XfsMC*kqz}mdA6#*CdDj{+&lI$F!ed-}MCtQ($VKW?~s;5MS>R}@&J54(X zfwQg;NXoV=z6ZRmLT=*Ar8|w+9b`lJDuqquBJ#~&`go}P+{yfXvZ7V1w10GIH2cwV zs&YbaT5|kE0(rCPcrf9Vm?=u4xnQG`pi7R|LP`;grD#je2h}bbCjE;aq|e{dTwnLc z-UK)s#5^u7N5*YxD~a394BN85K8janYwx6C`XFMz28Aj?F%v5uH$I7`fo>*+=F<2O zL>f}p9^Q@mxTQC|>dcA`y|C6ZNSQgZ=<0aXp}h4lLW}A<&$J!0V2nY8mjET;DVIgr z{&slSaSj9@%>pMZ(Hdj{OrAv4-%mZe968-n$bZ;$S;NY~I zuFGxY7BvBxZS?T`Dg$>3?=s&dR}{GOeo?b`?IjU-cE`p@cu817&YZbVIQS#Z^pggl z!A`4fbPv9Yq1`D7=3Mb*Vg;2J1MlJI)?0b1a_1DDQmK&e6LCbAk0tV9**b#X8 z;XBZ2TjRpKaC$r#((DLl>s9EA_(&>5*}7Ckd*sn{cfLns79A5aCm-UswR?hrv+50F z@$U1fQfq8xd${RBmb^Y`%4W=d+uQeXs^qS4bCv8)5@ch3reuorOpvl8uU}4uyyXZb z-l^&fNqsGb$GE%`?LJEQA%0!DaK=7|^@;fM|DE{BKZ)P-JMlRUe-WRN=Xc^S)o>+B zS9B}7C9?HHZ#=h#bQP^ksyf;t1)Xu zg}J$AVZd=@mm8);5_Efl$~Z zrz9MY5SO%t8{)|Q-4~F-P5C^@jUZQ{fwIRYnzQb;coC%gT%cZ27g2thL@WLa8@-Kq z>1?#C~~5=}UELO+fC@KG1*YSLEO=uzz|N)j+;CMwkT1wfB; zUw;vGLzfja!(@w&O@p2&;LJ9o>L(tI6dje8J+K~3t{rZ}8r17SZdm~_4uASEkNTK~ zg(wurmn0V)SO8DnO1-q;9?rPST_0|PC8p$#eyq50_&y6>4@xmf5#3edTN|CMkF@); zrPQW4rNa#du(}_=r4h1eBxBYwfA$5b?H56DlNfF&#d&MJVLKU_h1$WLkCKcWo)+ET zqAz4C8>n=!Tc~8!i>wW~gU(s?V)g_ideoIxd;5=eawBqDa9gEo>x1+q)(3)HWw(s$LY>xzDk@0sM$qe|L&y%xV?n2%b~=j*IztAn65 z9vT_ZmC@yQ(N~qk>k0xYb$q-yt;c$A=i6^=xfolaG{pa7utCdHV8cIK23{?UR=L$D z`<31jy*)zEz+o9&pySFiF&mv#I~vjMks*nflDcJ)OtN@;W#PpB#hO?VSCNV501y4z z#3RqWV_fw3Su%Wu?WPLZc$Vh)XPzNq*iAOE14i0Uoyzo)4&?0*4U5rsHYkcKvS*>g_X~^%2no7;!=k!3V>FJxgqHwZ0@`E_Jq|i!8@tR@ih2EK2 zjcF)3UHh|F7ow{cMpG_u&ksg@=qwVtQf>X4X@w5f)8RC}EO4-z>UL6X8TRk%KHk87 zCCXWC%li^aIX^2+BSwi|mTBTw&5=qc!4CUz^S{LAE`E&h#aQ6Fs^%)jLaAOCGthadQp__%lbrW5acUan{GtoJ@i zb>{=8-C_6#AQaX2#}@ze_9Fh0UYt>j?aNEFl{M?fQ0zKbM)PK_YkoJk-3^2e)R(hC z>LioX#)>R&W>9$)F`^b~xgyR3>A$;`P zl(JfV#nF@5iC>|%oX!eMudi&AZstYx zE5;B(9x~9WG%<(U1KkfWH?n8EJsJ0%X!EZ7wUh4buebDMb- z;i>B0X0XLVHSrRBh^*W8;^6=drGen*H#-hks`Hk}9%ZR)2t8p~g&B<|-EK1|Itr7$ z1y1Wn7{Z*RZy<<}&rB$*iXY08#$M^=wCWR9&I^n+sd;uPA-_jY0c=nr&v#jln5cWq!S2im-V`K zzx|lx4%@(Nk{+6kL;rE&gEB>>D-LdiiVRn+sKf zGiUm~yk=O0D|D1lRmSgC1r>hG5BTaom^*8wW>w(EW1C(WR2L^Q8Fjgr+onBQ?)zP% zHU~seh`kqL;^|y0_)aOnWOt-^d?ZqfyLjVxg&p`4*Ze6cj-G?D#bMH*HMRZVY8 zBchWp_meddit_2`hy4l`@mB(av@xoc7nOc0=nS*kW{_NYIKC^F4tg0fZJudjf`|To z-A*P}yktYB@SYVbtC1cm?9?^309|irm*q(8lP{FB!YTSAAF)NVuv_K(bD-2?VfQ^i zw0)^{hbI{Bxr0&tu5NaM2i)f>u0*xw1r-e-oVRE}RwDZ-UPAhxw8>D6QIm3G53OvA zgbF!BUKwbh@1B+7qj`gRVMOkvbfwHqp+vr##HzM_IK<08WFf8>X+cZrF@e z{i-Bf?uY@4>!sM^_HLo=yzAVJsMqs>ij29g;!MwKS4gQ5WG&bn{b%A{ah??&nk6d` z4}8mB0}C@AEt9-73@QV))w`=a(V)>PM?fVtBec}s>u z11kDKNDYyMh#CoFDY|a6}97BFLR03!ekDdN62w)nD=RrJ9JGnGe+YsY-CVG&0~0=_A27 zen3i)#`$Qo)iWMf!}$a1^M_Wrd~xg#6k`KB`eJ(=Y8ZFh2tY7LF^gvWFt$_+m?zEA(TStWX4;|>jI892WCRgO zQX6TJY#5R9r(@V!|AnQJZg)RgAC}JsOol zrWNqs?lh3hZ-r6^PLQi;wJ!#kF48iz%=>v(@;9d7BE-WdLGL4JEGEMeMr=<{3Owc= zGQbNj2p1&(L%9W24@#n^fD}#OVklxVU*a5AEJ(ieFcb5JLURkm7M;c%HA=^ zvaM^kP1}{W?MmCuO53(=R@%00+qPY4+vcs>=Y3DyefK##?)PK;Z8650GurGiqCb7G z>^|k>K5lIr(>wwt_s_rR{_y&EJsP3?wtuyaI~zy8`;OXz+h`H`<4jcnNy66h?nNX< zgsP=uJ;E-eVDU`hJXH^rFv$^$8_-Risj4T4Yv-1MKbhy__Y0Qu5IfYk`~#*Nbo&XU zGUTRn)S)ErEBIFcWJQ>w@8c>3k$tzQ&;c0CYOQH9NOZ%AiR&jBlgJW*cO3Mq>kcAsiW>o(J_u;C~I;`)l< z(mW0{J}*8!AS_s{`nih||IvxXqv;eB5Et3iXE|@bI9(F!WV&N!k6)M zwen$k4|{+74DA|>>!&=%R~xU;ommp|1#>56&x;tR#3&3;k}UA zgoVBtY0~&WBxOIg^XlvJ1Pen+q?mFc z^$~HecdEKmCkI0YQjh123E&^GOSx)X0H4fIF7`~rxVb27?a}-X5fmf9Rni}A)+J@5 z$h`5UT^h#4&kaEO=*QEA=)F))g|e>Zv8JD0c>HGe_C5lfOT5*)#IqrBx8^-XypWIv zAy+hN;EBMDXKnPun1$iNUZzE20Jp+@M=ue+R7c+o(DwV%o8W_YBcATx*At|H@!a6l ztbV{T)1SedUsbBg0_V|UW9K=jKCAO4-F}|Tg~@9BIy#$(g%1V|jhI@TeO_d@?oE_` zFv6z{DJ}yNO*G1~I`;QGynB0?^kDa*>r2JFH@UcxVmLTRs*tQ_!iK+` z6rjH>tZ9iZW+gHsoo5mRqr`spLkm5cLyh3ErYcHWs(wK22Q1E=l4+-kz&c_3lQoO> z7F86Sf>nBa8;u4J8#8~`sbGKBoVx52zU95(-)*8EJbAz0q_g@$S);$KK}_15oiiy0 z>bJB8Uyunukfr9m2c_6afr76RQR}YhXcEKI-+URDQt=R_*ob_h??c`svD$<}w^QeK zjhRn-gfW5Qwa3#IugCnR27O#Ww9X{K4j!s;XPG5|h#f~vt*X5etLfw(!9J>otebD8 zcrM$o?yBj|)zc@7_AHPV3#c!Ji7nC#SRGI1B%+gPro^oLT^E!n)Iie)zO3`$%&wM6 z#Js;8W4=ZDMuP%ZZPSmYhk!Tw$03$O%|0gubcJi+8^Bt?nOwb;Fa;@P5V%BGb2m_f zO@`=(+j&ZZT*?i2v=f5gK-GMMPonKqXrrl%_?f82dUzcAq(M|hp7#ePd^}KE;R@X) znZP4#2nCc*QtT^4Q}b7=-O3nH+S>s zje4~wwdsV|!-Gu%CsAzkH!)nz@}I=(eWASJUGphu6M3>dsRdwr zG`RqXtu??xp9-zD$gzUS;CMLWV7LxD5t$mZQBPPtJSU0Px_B4>20xpQc=SwQ1+`i9 z$U+Sj3kdth80?iXl%#e>y-5|w5yG$)11uvoAa*aj&7Q|RWr(9}8Qtqz(WDUI(XVo@ z?rU8g_9}&MSw$#kYtiy0;fI0;icpW{29r4?3J+QO9Z82z=IFT_9ze(26f$(OG&LUf z8u0qi=D}XlC60aJnrz_NJT@Z9dSx5R?cNU~Er5J_s=4_l;>BVG7nbLlR-ihVsfaO% z`4+-k46+RWrV^t_(kltQLv+(JrF6Q#Tp-35?fYR^x!sq&Z*|!&sO>2yYbiHb}ZX_rGHX6JbR66)v=8w(0dVj}irds}r#vDJY zc`mlt$zs7Khdud0ZzvvfSP**O(4ZuW*_vHl~yaV*Bg|u5|a2A-kM$CDYQS zcb3@8$t(?l0+Nh0YnGo5KXb#oue}$)ySsm<6U+#>qp|!ZeW^CP_{MJz9}c|Rc@81Z zoJpiA;bM{rq#A>hk(1ydpmtn*&_D|kQ0gZme$VRQXL!zypf&*$~F zwh8W)DffPT;k=0GcfP@Cx$w&UulMTOL97}PLTxTXGd``x(eYSZq@g#>RG6g;!k3~{ znOk)=%xWpQsmyQ;bsv7oQHLMoOEVj`lyHZ34LY)sz|SPl;61=)o{IesXVQ}kZ=j|# zjyymLWqx$M6V<|%n;6~WttKzeagPs=FkL9#8DyLni*@=yi6lfQlRVf9f*qfl4d?YK zb5lHTz%CD`w)rBkZ#78KXoo}r6wxRn#3U!N zuPwmS;kELwshy<*$<9C&tatOoos6x)VUTT3_WRRJL3~lSu+s(1n_cF3UVE;S2wDAN zx3pkJubFz|?nuI@+YlohO6-pk0M=O+C`-?_+_Xh|vQ&^-?Z{hKLoCaj2xsNom${Us zKV9}{CK#aE>RWc1xR*mg(0?>xH9+SZ)YxFMNe^IzDIYL=+zd@5-c@9qOWUV8y}l6V z+blNg;i{_V4byl@$k=;Z7iO6qj40iu^~v|UwB$-Y@$qKVDwrcuFbr~R$E!~|e+p@d zD!}r6jr7@m7g}=dT5mSt&Qzvgt^}@V)j+^^u#+2Rx;)|`P-78BkSG%^M%>|?VAXPH z71)`^4FhgvE=o7!Uj)9y%@zk`2OC;{?(WzP%Xeps ze?LP0!A=B;nsURBVptDcGpYorw<8Wukt47*@c=%5L;F}XRA)#nVKM|*b3He=kPR+* z;9$mSX1kERYT*m{aXOvQ>PXtEvfOW@5Nw-k^eE>wvD)~w!z>pMnTubGILLmH_BN`A!) zt^4{dZr#sWOml7c>U86(+#sB|W&4@GC}G?HP`|F+kmItJ+&}SC2pN8Wya$5xUFk$k zUen?-R2k1X@a4KBP@K{X!b5~UPv=Je`4&_EyYbWiGJeeo*mAh5XmF8MM#z|8$7PkaOG3Glw2Oqn2iES*| zf#*2dZxE3V)Gom<&n?;a#VfdH_HSL@EVr$En1zfL5V2dRl z$xA0s(ywE`g`|8NkWM(-I9nz~DD&&gxdT*$>{zC@pY8c}m`>q0ZX!sA1`0IRx|DbL z>T|~*aV3jw8>?;GUFTI20nx5O2*JIoJ0e}&IjA|(r!&DttBpzV`m;ScN~=Lof!pp3 zro2{oLp#+x6W7$)oY;I$hr!<|!& z3M#Iu9#qg#i^f()%)K|l$n2O0b_SCR)4{G9tnvVf)5{MvvQWlx^BS+LZpyJ-S2K** zQE0n&8N;3-i>@Y;^+iPL_8U&A)^F=KfT1YB`qjb~zv>mpsGU2JDH<1|%1N|f&myw0 zN12TzRK}fu`n9hiGK%79GP4lroKq60kaW{%wt_*tqL882be8RYEoozOI9*XaTP9cm zx{_U8ZMnO62%`vvxU9#v5g#&BF@bCQRN8db~L04tEk?~dED8L z;n^eKcY^c#9No?d7VU*;sC1gWg8&bH^G1FGY^J^ThgD2{$FpC!9|uo=jI8WXpF;w{ z-u08b_zct_^>Fm-B)XX2op+nRXv~*D=TwXACaJpEOo%CvqkQ#X*3nI_wPYXBpq)iZ zzy}f6<}|8|qTso1-S9Z@^>l6OdD8?)I-}r7?w*C7_P*!^rB}$73Ftvgx56tEhZB4d z6c5{h7+c?bnk(kTTuYZ}0tAa?TJz@^$sw-Aply(3F5%){L<2MlE3<7sGfGaPF4yKO zH!S$!h;W~M{le%aYnJ0TP8uFGln6`OyISeqZco)%H;%2V*}iPEq;VmJOauDpiNOfo zUrs_zrm1Aw{5aK8{Awo$P|H8{=4bumW#Fgslex-Vh-HOF$|-95AcECR((jeF0%5_^ zK5W@fn=kBYlqh-xkd-0w22pl&RDs72C#iZ{RyI%aMgTrKG}t3JenQ>M^$*O_zL}#6 zF^Hb?DCAf++~vtOfEiS&r^$b-xzMc*Q%_I#gQt-`lgx(D!R?#0h*kc^>`kjv8ezH|S&D+0Ey@*kzl<3(BXnspj!k<&Y2k0-Lq%u$rQvGpbaD^7`@Cq+Zj1p?QzR)?s6! z=A1MLf>5so!sv)IDeNPLQsLNw!NYXnkwMU)e`h8SM~-TA+5bx_Ygylin&A*RZ-ORV z!7Anw4Z)lzHEcA9MMDrkMO~e6*2Y`cwv$_E?;g~rq4@ZZ@oE0u_!)m0zw__LSH%6V z@lopjxADRM)c7Pt6hj^nKew8{;tWid(B*3{F#1AujSgh?z_zyU*>_BhBj;RHON_K*~5sJ67zeDq4@=+9MKGIUll z-R@e#qeVoV%CH^@c89rj+v0+sfJL@@0neKrTCIWP-EVwgxa*Vc>y7U;2#4k3h-*xD zCLq-(ZeXMY`G$6#dN55xD;_~t=cn~Yni-M7dtTm zr$K16M&wa?yaC^9?@Dw^QY+CnExei(W5dRsztG?dS}!DF_k6F&+Y;qG7U?J_^ui^Z zWyvzD^kVvjnPz7DPyz{lg3EQuStU2@O}5vA_CLV(!&+|3ASn1A{ptD&B3ZGjlu>E)!8(8=83-B>N?B++@!Blp@E*TN`16pumHoGpBoOD5By%o<)Aq8%dcMy0r07CSzFOe;^RZ*_Mr zI-LpFOA(g4pdZ}218`+ik$NM6p--=64MIiW&Ppv2KW&`4BVtF3j3!E}aL=KYfu6Lw z{<&)ZyLzav+!4^ad%wZ5-%v>zX^9%lw!*Sq7`_F+DzP|*&GRZXV{a{U_f*#cta%tx zj?!ynUHU^(FG6E9I6EqeBEU~AXhK0t7ZXLHb1n8N;l^r8$4h%f1w??7Rw;glFeQqP6@ic*J^u5|(8%{o)QMrrm~gc(a$4)@hF=Lh9@S;EG$J;s$;0t%rW7V}9Nk$Vj@ z1aL*Wc2CVb<_VxvXQ2S1P))z+a{B{cR@mUYurqFD0MT#w2~PS$z(hVbWQA?MYPHx@ zx5g^EK98YZ^}ha887T+PhilT})!5{Kg{fjbi?v0RUK;+mcelfLoZKOAB9=7+EpQF; zl_#Suk)UN%m=peKKx1ol@G%2lWh?w#q0lb%6qDuuOGVlP3?&SA@CX(8(MWCx(Noe-*xO|MU zPJE1)sQgLI!ugk3_O75|7e<{=!VYSRd95w$feHa=)R?-rJqIJ^?jt=@Qw}%b<%~}sZY0mG2jyWQ} zKxm{2@Wc^=AgVKtVVZQ>dR_T5i3C93MV#CF-=m5;dZy6Mn4Ic5Ysh=YDb(q(_Q<=D zIBt$3$u^-?CQlR%sF1tKU>^|qBG_uT?qtdw8OTMkvzq5W36pVPkF}s<*y~@bU>H}Ze7Xi_xw&dp{urO` z-;JO7m+?FPZhW<_{~A9h{_n;wPdEg!@pGylIFKrd6q9Lk8Z`k^^~4(qo^mV4uC)Oo zDBkQo%!=`pC*=HWy!&?4Cr~XHkm+&O(a?-%IQo1!CH%b3uwT7BTs(L(S$sN;A&4N^ z%s{tqxZ|GK%15F>_oA7~%8iw=cFH9wV~Er#3JMOPDWP@I%Qdj&&Dd2_3)5GgphnE- z47T`exDt=>bJ+M`p8o=2fXRx2i17Si12pPFnDDmpUROk~H2&%+9i}1e%Zt)?b!+TK zd}dO8;o-HZXJ{Z5K+cHlnHtr1Ka%@|@*yFd{Y15{*o%;H%j=Qyqx$Q6Hs!%o%_YI4 zaYEq0x$p8iI)bs9hU(n}vs)%pN@l+ew!n_SB~({g?*XZn3&dckCiUD=jbIe>uuop$ z7;t=8pR{=|kv}Mm@GMQrR9i-3kowBCd~ml|tfad%ynfU$V!lO;f606b1moPMm__%j z0c8hg^vo?@_)>-t4Yw;@+Jis_MgSZh?#tG8U|{8N8-lbYUt!ce9AYd8zuoV6({7h4 z%}sBebP*1b$aXXIlpdIX$An6K{)^m0QASgX*e=Qpx;q8NGj%JeQJ;SXi6;6jTsEW! ztH~g|45f9)tsCIaCA@VHf(iVo0W|E6ZE_tRLv#@^o&XadXWVSBIz%u>J89vKgS-qz z`9%)e&V?hQpOl9K<)q7dPBqk;?Cg3ODwR|dg!{m(y z+^h@37U{MVbWAc!VR)nvoW4C3Jc1uIH|NI^ShRgbJJVAKvH>?YSM6JT-!i$rM@K4! zG=AkmRmp`i!|@U@a-%rcbM;^8@BG>gj@J;NMlK5-CkrlY-U~UHCRqJG+NBg#pqU*w z1WX^oP}0*4zSP*>&ID;`%yV9+A|DKDKkzbnsT2f5|8+ZNP}rsIijug>1+}%ilR_vO zO5TuPNLJiKW0~`mO|%IeQYKG35{RSUSMnXrN}G@wcQ6#E#}x`YMe)pXOF$91|HQWU zd=xq^v>7IXFOj&-Rfn#>mgTx;NgS`+!FCwG*Jy=w5pLM50Oi+A<`rdwkxO>aOnR7g zw9ULI0uuOq1gG|1I8ih4SANGEkFBZINbV#ZY3ykc9dVoVW_nO)eCt!kU8GT9e~Oa# z01YM^QFaiiY2xpu9NgUh%ww^@HvzyC{2nDxV$$^UNT%v-Z=UH1o0&?w883ssZG?-_ zxMmzlk{HqkpcFrQvNwAUQ)!Pw#~*zHiA^{QdY4erFTM7G0vz|1YpjASpoF^};5+U4 zx09}c$aVnWkf}q#{oC*9Oc6LZ{;N)Vt#0!~7?@4Q@w};EKU#?WTdHN805sfox2VXqwhq9ml*6!W%kA4^B)&x^zuF_!2-#H7w|LzE zJ)Qf39+W441dda))v*TE4L1$J4@&wFlBZSN5mJeO5LezwPplpl9`0Sl<896&+lSf#j&Z}_=d`pi)jP#O*UC& z6YSojbl3t3e5G+SRhKHNK7r5Q&~(@Yc)NzBliD1UJ>Ajus7EEY?(w|=H12c_Q-oG) zDyR1Uhw-!iGJgBtjjyBqU*p@}{oVMVhB`ByQkf6#{7jTIGvdJ5Dmo%7GAYy4MQl@7 zxui!tqG<-7-YJ6sC$B*#Y3)kZpGvDB4i&b{<*0=j697$sRy>YW!lqb_Fuy{tQv{@@ z@G|Ek++bYCoN>{1Dbi=;{ZRx%vRh0UPIjWijD8d=Cn~hy%GUNftnqCX5;?HHIe9lF zjxXfik%G@{5B8dp{$y=f;s-0DaOE*>p<-Og5(gK2E`%7VX)`;v#nyMo&kuBB#dyh# zro24u0ZGZxkAFQII;qp(XLY9rM;t!(Ho*yW_FS}ugbvmmu@Jgs*=^(-W0^)5`WYKy zbG;|^Hf=NSTe=Ou-y}B$Wgyj;mb7Kk^_2n28oeor<@4n%gftmnp@e2J*;|yX)iv7( zK1nad>1jD*9|s=H5I$G1GWBG0QNe*(6#1gF#W(pFxScR1M^|$fz;&H11_LHQ&q|Wu zI_cHDJt&PizV^$1*FcynaD|GT7lJHZ6izv+{-8uoXz#70sl;RW+`}?m*RD?>v(=qV z7JlTd-yz20rW97AE&hniBB&^hqY{_o4Fbxo5ZQ8?@n?pY(p~skw@c>pjXhr&QA1UW zPRhx8s0EhVy$!J#i8y{P^*mrF3R2#WPiDq^}p zVo+~LmGxK8mdjPoYC3JV&O%}Fiwb9hZ)9)hl9+xmrKCZ}tP z!+0r5qFAx1iORf^8ZXV1)fIbgtZoT(*j1saYOG069b)j}sfe|iqcd)~0*DCL`oFFv zV?qtV$6^zR_&k$DPC21Ir8!l4hoKmP$kPow`TJAd|HLxn$%vWpD(Iy&-(nXUY-dSZc zD1|3YY#haBZ!s;q24p>!_X%DYZNVU@;)`ri9A?GS*Vd(aE_M)C)Xjic<;~p&Qf*(C z{xl6)4^^LXcR5r0l6R7HB&LAAHgwT#9_?QZ)0X0iscEBRQ@!o#>ueDqJ9{p(;BHaX zRsb`*t8vtwjy)p9)nKD}-g$PqXtl!^8U0n~SxC6={gDTcF+Yr8k)DwP{rjFiV^Bd7 z5{i(ZaRSV7hm)){F>Y_oyE|zfPWQZz3E62);&qHyyy>M+XjNQcxmj3 z9!MZ5^ExaExsw`wRpr4c0(H{~QQRXi2Cc6#Cys;P)>@c_30w!!?s|s!Xxba8GHxrq znV9wqMuM-p4S-MhCN1R}4xwP)EhP;PbXIw`2Nwt9YG2q`fG!-W^6b$*Fby}34~UlVDb$X!mEW(7uCxQ2~bj`b0g*XV@QDmF(;uc8WwAI3zc z>9zG*$M+L>Q7_ooXDzTt=zC2+VpAJK(H^K;+ugjZaVthz$m)Gp zII$8OvuNbV-!uf3oS)!I6rRhO}3ie6r_Ay?WS#L<+(iKYoUnV{C%x zh&h32YnL(zY^g(0tD?%ydEnG4p*%adUQUNhN^B4}@(2N?T^Pt~5~THZDmty-5dE;~ z5hQiw%PTx|u6{R%%}i>+)BuVv*|JDK4d7$nKMvO>TVgnQ_gma4U*9`J#!UjqX(kKx z+S5=#D_jz3M*d@b`hTzSv;Q)F+ux0E`1xPsKk)wD_?;eKs^em_B4Ti;?M(+vHMo&- z1H(NtY`eI{w?ZsYtuEs1q@QETb+8PDED&Id^i@7T1%GnE_+gAaIykc)P2O{roHg#h z5C-A-RlZZ;mcoMpM8vh+O&s5KhU56A>OAi`!f^l^+tku*ZBxMtc(}!QmCP(phk)CaPg|H)ri;F ztah3R*7!Z6#J+?_3ocU8;?7R}JB+1wxGv^y=fyp9klD$Wce&iz?6ktKfZ_#_Ky2o# z8Hw?{@oU==NDQH^Us;4sP`f~MM*C`W2kgxVpp#~)_F~9x8NxWO3DF1b z{M__sAu;&uLPg1qz^N4zFJC!IoeR%xg+B)@e>!*qds$P7ZUIiBrmRuMbR^q&dxCqL zIRNVr$n)@F@Q3%1I1~BD4_H74ZH=D6PhHTSc5OL?cFJSfUg{Ik=BnVni7d{tIx9k~ zleq#7gx8n{Lc!|D3Dh66ZjKU>J)wvomvDs6e^Pb<8A33y9I_YIf}cE#g85%6U%^L$ zeQY04jc|w=`}^C@nWbv(#EwO{n||-gWxUeVSy?LT7&gXGG}i_uCX{C$VDWoMv$fx2Y=*+HjBNZ=$8RhE(m{{?PtDn7D zDQG6gQfj{nIN=LTG!?8NMv_ZYz@ta$TH%b#yI}|y^`aoa0SX^ zCfQMo9`j+47|Ss>CoWajPN6ikLhEc@^`Tz%k`PPg@)8}_Zp{)L;8~jkK7>e+TjY`C z#05-+v*1$C=w~v@faFJ{Evt@ssW9JR$d9BB=9G%Ax-Mwcr$}B%4&b~{%QAyzZ#Iz> zRgnBodiU}mt3cTjgc85UGKtGIla8$xSa9)BqihW*GwMs3y{xx>D}m&?F0ZF;K2R+dt&SgfU?f8~iWM2>%)f_f^pSg{zHHf&+(vxnn=w~|y1hbi ziXd0C{_;3WFonbVJPZ|x>m_S^263VoHmsNk^m%R)tgp07V>W-X2lo<;uPuqWztNv5 zzNN~x_SXub87FwH=b448noDde*-d0LSn|^DJUWz8H1HuQc$3lwqiEDj2&@9W#W&2Q zRpF=|S5!EJkAPoHY_n5F#qIpL@b66DfPtQaBXaa=?CQ=VBEgXijuM{W!kc3T+tgN_ zPhO>vswXSk*?|2Q({r&lzhh3B7x?l~4-a&u+B8N-G>Kz~JQliE8M`SicvZ^)lqIV} z`zw`apU&_0|B(4=$;%o7b=sP4V2xCw%TMF2!f$qU)cy2HXm8g-GRRqJ?ps6OYrF=C z2$y4|#W-B_FkI@s2B}E(-$$5cmIQiSJay!HM6&sWyHHQ9qA>`4s*Be#g!U9uyuG8E z_o5ZRoV0@zaU8(2+8iD{{al$&-{XDnNcqfT&MXS}Db?<7k=+%5?vKes=zwwXu2(u* zgG&&Fc>MUdfnYz$r=?ty^;K;{@IU}VzK}4r z-N_$nVXg{9!A4`ej*X@2H%-Hb0QK5?kxr3dk^@mdP)2bVL{%Q*uwOo~w+(QNjGegZ zSP>tCi;ntZa&B{Tu*Nct(sQWh^pEiw|K0dGe;L2^@5VRJ`mgbO|95Zi-e2eVcV!9E zge7Q1d$`ho3oV+0{NZW#Q0QTvi8S1j~`WDEs(-mABJ3JV08p=uxZp*pHHpacI zlS6b4dp{Y3`FF}tBF2QsV7%`Xm3_s9%YnYuv`jYL+N6y=6Lv4~JKrK#{P7GO6b(!@ zi&rravT=cDPvazhGE~6FH0z7Z|7`fKqBZvc@J%H*vZ3Lr^Sy0tptz)^Yw~D8?#Gki zNwOnzhhwVRe%3o+Q?`tM>N8Q?63NLzN@CEQ9bt;TIztbN^ayy6@$ORC&>kTz<8g43 zol*s$6(%{gP?c@VvvWcl83Mo>`E;-?UvdW_Zy-@?%koLSE|a&izLS2SWKQ)iy{2?j zT?2i+Ay9QG4v-4IG06U%Kp@jPm*GNQM#2)1C4Pb69Y{&9Sm+K}5UK(w9V_$tQwsn= zzY*ck8}UpU&$cwAhW&;>Fnn=&^rjADnrCS8b{106nP(SiY`4D^S>lgIg#?+ry_ZUX z-{ZkQSEp#AwJST?ogB!%F1R$00m_Oab9G>jC%EHKSK)4b8Oe4{-dWzzE`{(^cK1hR zaas5jOKixE3dLp7%kPFZzVo`q7oEnp0dg;dWt3(~A;limIpk6y-W(nrNwz~a1mwu$|$mzb)kV3kO zGEnonGDQW;sC^f>aVBVE1{j4(SUN>(a0o&g*E(seLT^1q`bFdGsgY0&q#4$<(&i`Su1t< zJwxvXUHSep^W2nR~~y_+U_BGM;r`o=z^C+$+__Cq#RQ~ym{jz?VK3PWr5r=zbh{Di4? zO;)SQYiGyzlU`s8*`Oe5IR12*q8(^h0?uHru8 zqNaSA_L4D+4R6`{I!qAg6mH;WnlExdAZKUj<1Ikl(*Zy(qLzufk=>~^YbR;#2DCoP zB($`zDhA+enFXkmxKdBE+2Pgcnww{c`-y$l)TTypG%7}|hF{_WIsyj>BzLh?_Pe7> zxrPb*9p&y>W-%388iIk}XGy~H6P+gsTN$pF@;12_AfaqkF7IQ9{87pctlM3hP-ius z){Z(g=XHN1=u4VO0UnI^iulNpBXLMa8Tg3!6Tb1yYfUDd`Z5T*IJzf--vo$#ZPxS1 zs1k3X=~b&POJ{EyFSw*+aper#YHNN)bJZ+T&; zt*EZ|}nKg{}})KzZ*aIFXOlT-T1aV z|26)V;@@k00wQkNl;)Tl3?A6Mbqrbm2fkqL3RwIl}j3* zc6^AqZ&uBEgazZ0Ck^ylT{#Bpxj`wk+v)wR$+L1Lx*TA%__nhpeKJ`nH6qLV)!N3= z-&_jegy2-UmrU5hB{nS!z{qKuH9%EwF07u898>p@`|}@#SDMkyo%Ro_9Qve%>#Sp+ zR9H{BGHA!(0l{fl6fdS z;HkMmF`{r2#{usgv0JNs)C-|vU9A*CAE3h6x(!vG-@}3DKf546Fod-A+B_G@2Ss6H zYJ3QAem8Vlhu0#ZJHhG|;NCkH%r?ujed?fq7@VXFQlcN&k8=i(^SGZUQqxxg5MZIj zgYHlCmqCpv=oY&oIt}bC*VCVpQW;?oS$)Ba5?(b9Nn3feFc2k*^y-~$q`?+3>Go>! zEK_~=jm9jM@9r^;Jk(;1XW^dEB08zRYQj+HOEDclqe+zFiDi2Lbj7*xbtsH5t}oVr zXzqU_UDHbR({BEp2nKV)(I1>Mh$^_>{BmnjaVvw{c04D%iR@^Sq#<8Xt;&zZ+^6T@ z0(i98nDQ)lx9d-7HD0WPr_wwBcn-;H=2H&Fa)()CGoI6=7zblQA{&=X{(5FUI@-=9 z;tjoYhg@7o;7!Kww={F=fe-$CC&J z9s%{NbTm)}G<(a;CvpOriqcLT?mZ&EdoKdRP-GKlz@@jO-K9?SEdtPrfMnR?`n!&1k&uD#-z=R&{pms;f?;_t)j7tg3FhX z$*oq6GPi1RTI}Q?@N!geS!zHV`Oo*1F5;;Dt|)hcxrw0w04N5g*w+==RRG<4#k{>w z_F|g1*nt;0l%C(rTMXnApN_r*>M`0_k}@ZCBRvBoV0JaiAZuZg8?Rbw>BFRnzdVJC ztk*|$X}nO_1{sW!BOOP(bq}XC0)Cc{fjPZ{8abbxzCT6wE5f@?8;m~u5JP*8PJvFb zd+F?2-E~3II0xg~7)J4DuYHsuO~Uwa_UA*+CiUBUa3z4chy~fG7+TblR)qnT2m)8B ztH%y#U`9h`@B0Qq){4rOJ-rB^TKdX{+H5j8CAYf_Ew;-|v&;5SW33sk4ukgfiCpKwY*gB)P%9=~kDA3jLquF% ziPW`U&#i6->}zQQ!m_1`^S#oRPUck#u?-4AQ~||Ci$JC1=zDSi0P~2U;*b}45h|({ zBs{e>R(hBkO@BEJ=37>M=}{s%u~cY_XpFBQf)OuPKgsK2>UVkA&vXz8b)Y}SXZm;J z=lx~;=D!=?Y4g9vN9q2%@z;H@6mv{J2NT~yAoukKO@T&fm+HoZI~KYRN`NdZAj_%M zd~{7j*fi3S&o4GcSI6B%QsXJ7CuI?o)L+V0IIP^lM;LNqMSV&qrEml3wYkW~R26@N)AX z2GrWxGI%|dirhY?BB_94r4&5Z80=&p+X|uI{xMq!0EuzPbi9v#wG{}O4 znXE5*ne#9e-EXcjl9^ixa|lxY6zA%l`v&|d_!Zy~!LjP4;>e2OHlpe4k!w{_4vhtE z-P`I@+Mb|aZCPjI2hX0*HOG>>i-_xUwF{O-%|qU&rWcEpy-mydi}d?U(eiDj>y`lb z2KRI7)-6M*g!*FLv>Lo9gxLg?HzBUL{8sP1(pdKMZk%jpLCIUCO^L;bEa3*RlHx>t z6D-!UI->-7CDmH|$*NLn1HpZuZZx1;M1O0J9hz{XP#$i}-V$acDvwae?%PRg@BNk~ z2xQ+2?%rxK>NAWPVKeK=YLqqyS>$V2S#?=YqU2{9_4-wF&1e}}8YsVzEnB$!Z7HFL8FC}Ee`lwkc#`4w^2t~@zsNgw#chx)d z0dlt%L|Tg=aP^|_a9n|VhDv7v`Q}N-;9wk-R$@hp&lnMsA+n7|xKJ)?Mp(tS^i zUUf`LT_TE54hIN3GLTyYas8P7WLs_I-u5<~B;(fKL*L-m^=xZf-IY3;d|>pi^NqtD zM4`-Fb#~-3*JC3#byfS&(hj5iLsrI3-wKS%UJFpwv@tvlz*<0$m0eT-i%BiGb~r%W zO-7nFXEz`PUVY4Q4Cv-eMJ`+m5qUm1%b|!v5oDl1qt5p-5jo~Uv;}r2CpQW!N~`Nj zin3v%iq;?yNUVq&;krhV%<==g68&8W%qf20W**Q91n|Dca~hzVB1_A<9H}U}9x2R6 zDDqXH1D1ngafLp&hvPtqsP~1vXnVzg;ik5&tzFQx{z{hMrr4=;KPx!hu`&)uy8Vde zAK(H3^+~FmG#-GGu;Uo5Oco~{Ie%1-b#7x7`aI&WfvNLvteE_n@3S+arLJ44&=c?zG%jV!7?if zb$kzHxPqZI2#zFXXj2amjwn1m^bXUEW&qH@vw2%Ay z?Kw_@`u70b^7$=oJQgP29~1+8nkQ2Y0?-kPu@Io!d7XsHw9zm1E3!zq0oweT!lhU9 zXeNqjYUN!n=le*&)ppdBSQlfF?L>>Ii)TM3H@#oX?HEF861~1zgum@~$Ib2QPdE<2 zEFGpzz_dajN|?3}devBTOLx6{rNWwmg%6#>X^~e8d?>{QxS%YLY$H&erp!0TvW&(O z0WQ!sm267@j2ibQ#@Wp+aN+^6`rIJ9e2f~b-xvd9`6kR}RBizKV*wy+ABytisO0x^ zXx~i}>yXOi;dI1CXWEbiEMEaaQkwD2?xNK9m9^ z5J(62$N0>@jeq+4Cb2)i|L;f^fc3rnKgI{B{=4x#y#F%(?~yD<|4E7cPGJ3Ys(BKo0iMY=GwJk85u8_0Az8|1s1V;lr-)qXn;+o;{`HmuK?0g-%AMhAw6=|jH zsB9o91t|ulo}#<4!e-U*9B%vvrJZRD$?uK?0Q~=SBv_`l8@@dWmA-3+ZBO>Ta_FM% zL2p+<^;!Pe`On`w|Gy^}Z9@K}*(~h;nPyYO{gX44{BsKzAOsY1SCrhJ{MjF3(7zIA zPyY}h5&q9a1OQ3Te-c;zm1yyML>eEMjp09uI@*8M$d~vxBKV&*{yS02_7Bl3?4Lx# zPhSKC0FLzkDG|x*4{^lnpF~@pKWn7>&y<({{EvUFarIw!&3yicSP1t|qSNMYq8sJ! zhx-3|GXFn_KbZdzBL@FT^zi;olp>z~pAvI^cRcWcacKUN=t=sUC_?<7OKASP>;DHq C-BJz! literal 0 HcmV?d00001 diff --git a/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test b/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test new file mode 100644 index 0000000000..80a041c316 --- /dev/null +++ b/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test @@ -0,0 +1,7 @@ +# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT +# @TEST-EXEC: btest-diff .stdout + +event ssl_extension_signed_certificate_timestamp(c: connection, is_orig: bool, version: count, logid: string, timestamp: time, signature_and_hashalgorithm: SSL::SignatureAndHashAlgorithm, signature: string) + { + print version, timestamp, signature_and_hashalgorithm; + }