Received: by 2002:a05:7412:d024:b0:f9:90c9:de9f with SMTP id bd36csp267871rdb; Wed, 20 Dec 2023 11:36:37 -0800 (PST) X-Google-Smtp-Source: AGHT+IFpJyJiZeESZ6r4ArutIuS4fGdVh2KtxdP+TnfO93oF8Ep2lk+hx0G5oENl+S3WfuRDmxnv X-Received: by 2002:a05:6e02:20e3:b0:35f:cace:45e3 with SMTP id q3-20020a056e0220e300b0035fcace45e3mr1767305ilv.19.1703100997629; Wed, 20 Dec 2023 11:36:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703100997; cv=none; d=google.com; s=arc-20160816; b=PvA54BvqUcbXGwSEynGBsWbQcuzGQn/+qChWD/WGC9O3GmIoC0BSCLGDZNCpY+k2ik 0IV2EvvvdTCKaxnBsp9/Q3uMnekc3Xkd9Myx3HBxohSZ+92jQLDCDu5mBhKFFN+EQgEs KDhVF0Epw//9j7fFn2/75gLvavAP9UzBzgTLRefC+sqL+PaXXXylm0/AmIT4bbEYrFIo Ezlaa+NBnlAKDbyxPSNOkJrp/m006gtpZ9sUd//LusjP0dFnFgApLxWO88MJPwTtkRg/ 3IGUHXOtskqYi2xQR0KPJDgLHPDXxfJw3nlKjx8pvxEndCgmb5gx/+Tynpw1z6IY80BK OuRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:autocrypt:from:references:cc:to:subject:user-agent :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :date:message-id:dkim-signature; bh=jfay4AcEk5Ks7/fVIZzdfowyIx0Cp9kVEXvfsfsqe9s=; fh=p/KJn9kcy6P4WAcuHHK8KbvjMmEpvfg6JmEjt4Wz42M=; b=ZaZqVgv4oSQfvQ4wBJ318/pIX1RRo/nlu5EzUdGUuQTayG/lzVNKz3O4FIfM1U1iCO LLiBJOrqmcSOq32ppNCbp3as7MjKbW5PlvM1r3zpnScJ/BvY0BTKzmRQfXJkUSbNkQDU U1oqpJxzzgjgmlZ7+4yq3RkZA7Rrzucv+k/JvIdi09a2eSpYRyjxp7wau8QlS098xEyq yCpJlUZoX7MJhYijX0Ci1+Rw0INBMmCEzGyFup+ArBv3RKJ/Exijzn0iQuWravHltbn+ GGRMIecVdahd5KTfTeQl47xuDac2SqN6FeKH+t1Sxe6BNQWpNk667bXEag73+WfzYQRQ 6T6Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=CTHuGOuF; spf=pass (google.com: domain of linux-wireless+bounces-1118-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-wireless+bounces-1118-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id v62-20020a632f41000000b005c65e697bb3si210846pgv.518.2023.12.20.11.36.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Dec 2023 11:36:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless+bounces-1118-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=CTHuGOuF; spf=pass (google.com: domain of linux-wireless+bounces-1118-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-wireless+bounces-1118-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id A848C288D27 for ; Wed, 20 Dec 2023 19:36:36 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 74E653A29A; Wed, 20 Dec 2023 19:36:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b="CTHuGOuF" X-Original-To: linux-wireless@vger.kernel.org Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com [209.85.208.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ADB18482F8 for ; Wed, 20 Dec 2023 19:36:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=broadcom.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=broadcom.com Received: by mail-ed1-f54.google.com with SMTP id 4fb4d7f45d1cf-5534dcfdd61so63730a12.0 for ; Wed, 20 Dec 2023 11:36:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1703100990; x=1703705790; darn=vger.kernel.org; h=in-reply-to:autocrypt:from:references:cc:to:subject:user-agent :mime-version:date:message-id:from:to:cc:subject:date:message-id :reply-to; bh=jfay4AcEk5Ks7/fVIZzdfowyIx0Cp9kVEXvfsfsqe9s=; b=CTHuGOuFBLML5HjnBH9CFF26XY6hMeoPZjrzJwMPPOayR/modwY+oN+hyNgxnbqWQL g8Jma8a/xPp0QNtZ8a8A4DPN/WXuXf/G2N/5XMDyLRS4M1Jojgio0hWd+7HMBGsrEJBu cY0IbFIYXCEDSVNwXsmKSo16O+iOhcHvpT0Iw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703100990; x=1703705790; h=in-reply-to:autocrypt:from:references:cc:to:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=jfay4AcEk5Ks7/fVIZzdfowyIx0Cp9kVEXvfsfsqe9s=; b=kxjjNQrdYa8XEOvPV00LQ3sD/Jp9p751+e/gn52JM/nD9nVkYVgW9CvlduwA/4LPuy ME/uGmv8Muegd6jsWZxhfcpDAMtn5LC5HUWjTJwEW7p0SesxdCA2A3kFPi45ujtl0PM7 ui0fCw7jaGt+0DG2h/u/dTnVCE6UusWTf1YGsol+RRaz9wXgtWXi855UiJl11lYzSgMl lFlkZEXiOqVp3hETh4khWAHJs0cABaqkN7vYOxAk9/O1qnc4v30KbRlzX1H7uTAzfqqA iHASUGG6x68R6Md/sNBFUWmc593cfKiQsSL0XenPoDwmsmWuwDGwr49m82mbgT1x0cCW 5ekQ== X-Gm-Message-State: AOJu0YzQgJPoFht2MlihGfxckwaaGQftB4+n0N0ZNN7qBDwQVEV6oOIf nGqmbmDCdek67AJDHLwjHeN0H/j7Bbvy X-Received: by 2002:aa7:c393:0:b0:553:451c:c047 with SMTP id k19-20020aa7c393000000b00553451cc047mr3559823edq.1.1703100989947; Wed, 20 Dec 2023 11:36:29 -0800 (PST) Received: from [192.168.178.137] (f215227.upc-f.chello.nl. [80.56.215.227]) by smtp.gmail.com with ESMTPSA id u17-20020a05640207d100b005538d504793sm175846edy.23.2023.12.20.11.36.27 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 20 Dec 2023 11:36:28 -0800 (PST) Message-ID: Date: Wed, 20 Dec 2023 20:36:26 +0100 Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] wifi: brcmfmac: cfg80211: Use WSEC to set SAE password To: Hector Martin , Kalle Valo , Linus Torvalds Cc: Daniel Berlin , Arend van Spriel , Franky Lin , Hante Meuleman , SHA-cyfmac-dev-list@infineon.com, asahi@lists.linux.dev, brcm80211-dev-list.pdl@broadcom.com, linux-kernel@vger.kernel.org, linux-wireless@vger.kernel.org, David Airlie , Daniel Vetter References: <20231107-brcmfmac-wpa3-v1-1-4c7db8636680@marcan.st> <170281231651.2255653.7498073085103487666.kvalo@kernel.org> <18c80d15e30.279b.9b12b7fc0a3841636cfb5e919b41b954@broadcom.com> <1b51997f-2994-46e8-ac58-90106d1c486d@marcan.st> <87r0jiqmnx.fsf@kernel.org> <01bd8c68-1b9c-49b2-8ace-1c7d1b5192ad@marcan.st> <871qbhqio8.fsf@kernel.org> <4c89b71e-8667-40fe-add0-205748de51ef@marcan.st> From: Arend van Spriel Autocrypt: addr=arend.vanspriel@broadcom.com; keydata= xsFNBGP96SABEACfErEjSRi7TA1ttHYaUM3GuirbgqrNvQ41UJs1ag1T0TeyINqG+s6aFuO8 evRHRnyAqTjMQoo4tkfy21XQX/OsBlgvMeNzfs6jnVwlCVrhqPkX5g5GaXJnO3c4AvXHyWik SOd8nOIwt9MNfGn99tkRAmmsLaMiVLzYfg+n3kNDsqgylcSahbd+gVMq+32q8QA+L1B9tAkM UccmSXuhilER70gFMJeM9ZQwD/WPOQ2jHpd0hDVoQsTbBxZZnr2GSjSNr7r5ilGV7a3uaRUU HLWPOuGUngSktUTpjwgGYZ87Edp+BpxO62h0aKMyjzWNTkt6UVnMPOwvb70hNA2v58Pt4kHh 8ApHky6IepI6SOCcMpUEHQuoKxTMw/pzmlb4A8PY//Xu/SJF8xpkpWPVcQxNTqkjbpazOUw3 12u4EK1lzwH7wjnhM3Fs5aNBgyg+STS1VWIwoXJ7Q2Z51odh0XecsjL8EkHbp9qHdRvZQmMu Ns8lBPBkzpS7y2Q6Sp7DcRvDfQQxPrE2sKxKLZVGcRYAD90r7NANryRA/i+785MSPUNSTWK3 MGZ3Xv3fY7phISvYAklVn/tYRh88Zthf6iDuq86m5mr+qOO8s1JnCz6uxd/SSWLVOWov9Gx3 uClOYpVsUSu3utTta3XVcKVMWG/M+dWkbdt2KES2cv4P5twxyQARAQABzS9BcmVuZCB2YW4g U3ByaWVsIDxhcmVuZC52YW5zcHJpZWxAYnJvYWRjb20uY29tPsLBhwQTAQgAMRYhBLX1Z69w T4l/vfdb0pZ6NOIYA/1RBQJj/ek9AhsDBAsJCAcFFQgJCgsFFgIDAQAACgkQlno04hgD/VGw 8A//VEoGTamfCks+a12yFtT1d/GjDdf3i9agKMk3esn08JwjJ96x9OFFl2vFaQCSiefeXITR K4T/yT+n/IXntVWT3pOBfb343cAPjpaZvBMh8p32z3CuV1H0Y+753HX7gdWTEojGWaWmKkZh w3nGoRZQEeAcwcF3gMNwsM5Gemj7aInIhRLUeoKh/0yV85lNE1D7JkyNheQ+v91DWVj5/a9X 7kiL18fH1iC9kvP3lq5VE54okpGqUj5KE5pmHNFBp7HZO3EXFAd3Zxm9ol5ic9tggY0oET28 ucARi1wXLD/oCf1R9sAoWfSTnvOcJjG+kUwK7T+ZHTF8YZ4GAT3k5EwZ2Mk3+Rt62R81gzRF A6+zsewqdymbpwgyPDKcJ8YUHbqvspMQnPTmXNk+7p7fXReVPOYFtzzfBGSCByIkh1bB45jO +TM5ZbMmhsUbqA0dFT5JMHjJIaGmcw21ocgBcLsJ730fbLP/L08udgWHywPoq7Ja7lj5W0io ZDLz5uQ6CEER6wzD07vZwSl/NokljVexnOrwbR3wIhdr6B0Hc/0Bh7T8gpeM+QcK6EwJBG7A xCHLEacOuKo4jinf94YQrOEMnOmvucuQRm9CIwZrQ69Mg6rLn32pA4cK4XWQN1N3wQXnRUnb MTymLAoxE4MInhDVsZCtIDFxMVvBUgZiZZszN33OwU0EY/3pIgEQAN35Ii1Hn90ghm/qlvz/ L+wFi3PTQ90V6UKPv5Q5hq+1BtLA6aj2qmdFBO9lgO9AbzHo8Eizrgtxp41GkKTgHuYChijI kdhTVPm+Pv44N/3uHUeFhN3wQ3sTs1ZT/0HhwXt8JvjqbhvtNmoGosZvpUCTwiyM1VBF/ICT ltzFmXd5z7sEuDyZcz9Q1t1Bb2cmbhp3eIgLmVA4Lc9ZS3sK1UMgSDwaR4KYBhF0OKMC1OH8 M5jfcPHR8OLTLIM/Thw0YIUiYfj6lWwWkb82qa4IQvIEmz0LwvHkaLU1TCXbehO0pLWB9HnK r3nofx5oMfhu+cMa5C6g3fBB8Z43mDi2m/xM6p5c3q/EybOxBzhujeKN7smBTlkvAdwQfvuD jKr9lvrC2oKIjcsO+MxSGY4zRU0WKr4KD720PV2DCn54ZcOxOkOGR624d5bhDbjw1l2r+89V WLRLirBZn7VmWHSdfq5Xl9CyHT1uY6X9FRr3sWde9kA/C7Z2tqy0MevXAz+MtavOJb9XDUlI 7Bm0OPe5BTIuhtLvVZiW4ivT2LJOpkokLy2K852u32Z1QlOYjsbimf77avcrLBplvms0D7j6 OaKOq503UKfcSZo3lF70J5UtJfXy64noI4oyVNl1b+egkV2iSXifTGGzOjt50/efgm1bKNkX iCVOYt9sGTrVhiX1ABEBAAHCwXYEGAEIACAWIQS19WevcE+Jf733W9KWejTiGAP9UQUCY/3p PgIbDAAKCRCWejTiGAP9UaC/EACZvViKrMkFooyACGaukqIo/s94sGuqxj308NbZ4g5jgy/T +lYBzlurnFmIbJESFOEq0MBZorozDGk+/p8pfAh4S868i1HFeLivVIujkcL6unG1UYEnnJI9 uSwUbEqgA8vwdUPEGewYkPH6AaQoh1DdYGOleQqDq1Mo62xu+bKstYHpArzT2islvLdrBtjD MEzYThskDgDUk/aGPgtPlU9mB7IiBnQcqbS/V5f01ZicI1esy9ywnlWdZCHy36uTUfacshpz LsTCSKICXRotA0p6ZiCQloW7uRH28JFDBEbIOgAcuXGojqYx5vSM6o+03W9UjKkBGYFCqjIy Ku843p86Ky4JBs5dAXN7msLGLhAhtiVx8ymeoLGMoYoxqIoqVNaovvH9y1ZHGqS/IYXWf+jE H4MX7ucv4N8RcsoMGzXyi4UbBjxgljAhTYs+c5YOkbXfkRqXQeECOuQ4prsc6/zxGJf7MlPy NKowQLrlMBGXT4NnRNV0+yHmusXPOPIqQCKEtbWSx9s2slQxmXukPYvLnuRJqkPkvrTgjn5d eSE0Dkhni4292/Nn/TnZf5mxCNWH1p3dz/vrT6EIYk2GSJgCLoTkCcqaM6+5E4IwgYOq3UYu AAgeEbPV1QeTVAPrntrLb0t0U5vdwG7Xl40baV9OydTv7ghjYZU349w1d5mdxg== In-Reply-To: <4c89b71e-8667-40fe-add0-205748de51ef@marcan.st> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="0000000000008ab1d5060cf6197e" --0000000000008ab1d5060cf6197e Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 12/20/2023 7:14 PM, Hector Martin wrote: > > > On 2023/12/20 19:20, Kalle Valo wrote: >> Linus Torvalds writes: >> >>>> Just recently a patch was posted to remove the Infineon list from >>>> MAINTAINERS because that company cares so little they have literally >>>> stopped accepting emails from us. Meanwhile they are telling their >>>> customers that they do not recommend upstream brcmfmac and they should >>>> use their downstream driver [1]. >>> >>> Unquestionably broadcom is not helping maintain things, and I think it >>> should matter. >>> >>> As Hector says, they point to their random driver dumps on their site >>> that you can't even download unless you are a "Broadcom community >>> member" or whatever, and hey - any company that works that way should >>> be seen as pretty much hostile to any actual maintenance and proper >>> development. >> >> Sadly this is the normal in the wireless world. All vendors focus on the >> latest generation, currently it's Wi-Fi 7, and lose interest on older >> generations. And vendors lose focus on the upstream drivers even faster, >> usually after a customer project ends. >> >> So in practise what we try to do is keep the drivers working somehow on >> our own, even after the vendors are long gone. If we would deliberately >> allow breaking drivers because vendor/corporations don't support us, I >> suspect we would have sevaral broken drivers in upstream. >> >>> If Daniel and Hector are responsive to actual problem reports for the >>> changes they cause, I do think that should count a lot. >> >> Sure, but they could also respect to the review comments. I find Arend's >> proposal is reasonable and that's what I would implement in v2. We >> (linux-wireless) make abstractions to workaround firmware problems or >> interface conflicts all the time, just look at ath10k for example. I >> would not be surprised if we need to add even more abstractions to >> brcmfmac in the future. And Arend is the expert here, he has best >> knowledge of Broadcom devices and I trust him. >> >> Has anyone even investigated what it would need to implement Arend's >> proposal? At least I don't see any indication of that. > > Of course we can implement it (and we will as we actually got a report > of this patch breaking Cypress now, finally). > > The question was never whether it could be done, we're already doing a > bunch of abstractions to deal with just the Broadcom-only side of things > too. The point I was trying to make is that we need to *know* what > firmware abstractions we need and *why* they are needed. We can't just > say, for every change, "well, nobody knows if the existing code works or > not, so let's just add an abstraction just in case the change breaks > something". As far as anyone involved in the discussions until now could > tell, this code was just something some Cypress person dumped upstream, > and nobody involved was being responsive to any of our inquiries, so > there was no way to be certain it worked at all, whether it was > supported in public firmware, or anything else. > > *Now* that we know the existing code is actually functional and not just > dead/broken, and that the WSEC approach is conversely not functional on > the Cypress firmwares, it makes sense to introduce an abstraction. Just a quick look in the git history could have told you that it was not just dumped upstream and at least one person was using it and extended it for 802.11r support (fast-roaming): author Paweł Drewniak 2021-08-24 23:13:30 +0100 committer Kalle Valo 2021-08-29 11:33:07 +0300 commit 4b51de063d5310f1fb297388b7955926e63e45c9 (patch) tree ba2ccb5cbd055d482a8daa263f5e53531c07667f /drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c parent 81f9ebd43659320a88cae8ed5124c50b4d47ab66 (diff) download wireless-4b51de063d5310f1fb297388b7955926e63e45c9.tar.gz brcmfmac: Add WPA3 Personal with FT to supported cipher suites This allows the driver to connect to BSSIDs supporting SAE with 802.11r. Tested on Raspberry Pi 4 Model B (STA) and UniFi 6LR/OpenWRT 21.02.0-rc2. AP was set to 'sae-mixed' (WPA2/3 Personal). Signed-off-by: Paweł Drewniak Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20210824221330.3847139-1-czajernia@gmail.com > Here's an example of the case where an abstraction was *not* needed: I > switched over WPA PSK configuration from hex-encoded to binary. That was > needed to make more recent Apple firmwares work. My evidence at the time > that that change *was* at least fairly backwards compatible was that the > OpenBSD driver had been doing it that way all along. Had we introduced > an abstraction/conditional for that case "just in case", it would have > generated superfluous technical debt for no reason. Fully agreeing here and you already given the argument for that in the commit message. Hence there was no discussion whatsoever about that. Regards, Arend --0000000000008ab1d5060cf6197e Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIQdwYJKoZIhvcNAQcCoIIQaDCCEGQCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg gg3OMIIFDTCCA/WgAwIBAgIQeEqpED+lv77edQixNJMdADANBgkqhkiG9w0BAQsFADBMMSAwHgYD VQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UE AxMKR2xvYmFsU2lnbjAeFw0yMDA5MTYwMDAwMDBaFw0yODA5MTYwMDAwMDBaMFsxCzAJBgNVBAYT AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIEdDQyBS MyBQZXJzb25hbFNpZ24gMiBDQSAyMDIwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA vbCmXCcsbZ/a0fRIQMBxp4gJnnyeneFYpEtNydrZZ+GeKSMdHiDgXD1UnRSIudKo+moQ6YlCOu4t rVWO/EiXfYnK7zeop26ry1RpKtogB7/O115zultAz64ydQYLe+a1e/czkALg3sgTcOOcFZTXk38e aqsXsipoX1vsNurqPtnC27TWsA7pk4uKXscFjkeUE8JZu9BDKaswZygxBOPBQBwrA5+20Wxlk6k1 e6EKaaNaNZUy30q3ArEf30ZDpXyfCtiXnupjSK8WU2cK4qsEtj09JS4+mhi0CTCrCnXAzum3tgcH cHRg0prcSzzEUDQWoFxyuqwiwhHu3sPQNmFOMwIDAQABo4IB2jCCAdYwDgYDVR0PAQH/BAQDAgGG MGAGA1UdJQRZMFcGCCsGAQUFBwMCBggrBgEFBQcDBAYKKwYBBAGCNxQCAgYKKwYBBAGCNwoDBAYJ KwYBBAGCNxUGBgorBgEEAYI3CgMMBggrBgEFBQcDBwYIKwYBBQUHAxEwEgYDVR0TAQH/BAgwBgEB /wIBADAdBgNVHQ4EFgQUljPR5lgXWzR1ioFWZNW+SN6hj88wHwYDVR0jBBgwFoAUj/BLf6guRSSu TVD6Y5qL3uLdG7wwegYIKwYBBQUHAQEEbjBsMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9i YWxzaWduLmNvbS9yb290cjMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5j b20vY2FjZXJ0L3Jvb3QtcjMuY3J0MDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs c2lnbi5jb20vcm9vdC1yMy5jcmwwWgYDVR0gBFMwUTALBgkrBgEEAaAyASgwQgYKKwYBBAGgMgEo CjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAN BgkqhkiG9w0BAQsFAAOCAQEAdAXk/XCnDeAOd9nNEUvWPxblOQ/5o/q6OIeTYvoEvUUi2qHUOtbf jBGdTptFsXXe4RgjVF9b6DuizgYfy+cILmvi5hfk3Iq8MAZsgtW+A/otQsJvK2wRatLE61RbzkX8 9/OXEZ1zT7t/q2RiJqzpvV8NChxIj+P7WTtepPm9AIj0Keue+gS2qvzAZAY34ZZeRHgA7g5O4TPJ /oTd+4rgiU++wLDlcZYd/slFkaT3xg4qWDepEMjT4T1qFOQIL+ijUArYS4owpPg9NISTKa1qqKWJ jFoyms0d0GwOniIIbBvhI2MJ7BSY9MYtWVT5jJO3tsVHwj4cp92CSFuGwunFMzCCA18wggJHoAMC AQICCwQAAAAAASFYUwiiMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9v dCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTA5 MDMxODEwMDAwMFoXDTI5MDMxODEwMDAwMFowTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENB IC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMJXaQeQZ4Ihb1wIO2hMoonv0FdhHFrYhy/EYCQ8eyip0E XyTLLkvhYIJG4VKrDIFHcGzdZNHr9SyjD4I9DCuul9e2FIYQebs7E4B3jAjhSdJqYi8fXvqWaN+J J5U4nwbXPsnLJlkNc96wyOkmDoMVxu9bi9IEYMpJpij2aTv2y8gokeWdimFXN6x0FNx04Druci8u nPvQu7/1PQDhBjPogiuuU6Y6FnOM3UEOIDrAtKeh6bJPkC4yYOlXy7kEkmho5TgmYHWyn3f/kRTv riBJ/K1AFUjRAjFhGV64l++td7dkmnq/X8ET75ti+w1s4FRpFqkD2m7pg5NxdsZphYIXAgMBAAGj QjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSP8Et/qC5FJK5N UPpjmove4t0bvDANBgkqhkiG9w0BAQsFAAOCAQEAS0DbwFCq/sgM7/eWVEVJu5YACUGssxOGhigH M8pr5nS5ugAtrqQK0/Xx8Q+Kv3NnSoPHRHt44K9ubG8DKY4zOUXDjuS5V2yq/BKW7FPGLeQkbLmU Y/vcU2hnVj6DuM81IcPJaP7O2sJTqsyQiunwXUaMld16WCgaLx3ezQA3QY/tRG3XUyiXfvNnBB4V 14qWtNPeTCekTBtzc3b0F5nCH3oO4y0IrQocLP88q1UOD5F+NuvDV0m+4S4tfGCLw0FREyOdzvcy a5QBqJnnLDMfOjsl0oZAzjsshnjJYS8Uuu7bVW/fhO4FCU29KNhyztNiUGUe65KXgzHZs7XKR1g/ XzCCBVYwggQ+oAMCAQICDE79bW6SMzVJMuOi1zANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJC RTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTExMC8GA1UEAxMoR2xvYmFsU2lnbiBHQ0MgUjMg UGVyc29uYWxTaWduIDIgQ0EgMjAyMDAeFw0yMjA5MTAxMTQzMjNaFw0yNTA5MTAxMTQzMjNaMIGV MQswCQYDVQQGEwJJTjESMBAGA1UECBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxFjAU BgNVBAoTDUJyb2FkY29tIEluYy4xGTAXBgNVBAMTEEFyZW5kIFZhbiBTcHJpZWwxKzApBgkqhkiG 9w0BCQEWHGFyZW5kLnZhbnNwcmllbEBicm9hZGNvbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDxOB8Yu89pZLsG9Ic8ZY3uGibuv+NRsij+E70OMJQIwugrByyNq5xgH0BI22vJ LT7VKCB6YJC88ewEFfYi3EKW/sn6RL16ImUM40beDmQ12WBquJRoxVNyoByNalmTOBNYR95ZQZJw 1nrzaoJtK0XIsv0dNCUcLlAc+jHkngD+I0ptVuWoMO1BcJexqJf5iX2M1CdC8PXTh9g4FIQnG2mc 2Gzj3QNJRLsZu1TLyOyBBIr/BE7UiY3RabgRzknBGAPmzhS+fmyM8OtM5BYBsFBrSUFtZZO2p/tf Nbc24J2zf2peoZ8MK+7WQqummYlOnz+FyDkA9EybeNMcS5C+xi/PAgMBAAGjggHdMIIB2TAOBgNV HQ8BAf8EBAMCBaAwgaMGCCsGAQUFBwEBBIGWMIGTME4GCCsGAQUFBzAChkJodHRwOi8vc2VjdXJl Lmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2djY3IzcGVyc29uYWxzaWduMmNhMjAyMC5jcnQwQQYI KwYBBQUHMAGGNWh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2dzZ2NjcjNwZXJzb25hbHNpZ24y Y2EyMDIwME0GA1UdIARGMEQwQgYKKwYBBAGgMgEoCjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3 dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJBgNVHRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqG OGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3NnY2NyM3BlcnNvbmFsc2lnbjJjYTIwMjAuY3Js MCcGA1UdEQQgMB6BHGFyZW5kLnZhbnNwcmllbEBicm9hZGNvbS5jb20wEwYDVR0lBAwwCgYIKwYB BQUHAwQwHwYDVR0jBBgwFoAUljPR5lgXWzR1ioFWZNW+SN6hj88wHQYDVR0OBBYEFIikAXd8CEtv ZbDflDRnf3tuStPuMA0GCSqGSIb3DQEBCwUAA4IBAQCdS5XCYx6k2GGZui9DlFsFm75khkqAU7rT zBX04sJU1+B1wtgmWTVIzW7ugdtDZ4gzaV0S9xRhpDErjJaltxPbCylb1DEsLj+AIvBR34caW6ZG sQk444t0HPb29HnWYj+OllIGMbdJWr0/P95ZrKk2bP24ub3ZP/8SyzrohfIba9WZKMq6g2nTLZE3 BtkeSGJx/8dy0h8YmRn+adOrxKXHxhSL8BNn8wsmIZyYWe6fRcBtO3Ks2DOLyHCdkoFlN8x9VUQF N2ulEgqCbRKkx+qNirW86eF138lr1gRxzclu/38ko//MmkAYR/+hP3WnBll7zbpIt0jc9wyFkSqH p8a1MYICbTCCAmkCAQEwazBbMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z YTExMC8GA1UEAxMoR2xvYmFsU2lnbiBHQ0MgUjMgUGVyc29uYWxTaWduIDIgQ0EgMjAyMAIMTv1t bpIzNUky46LXMA0GCWCGSAFlAwQCAQUAoIHUMC8GCSqGSIb3DQEJBDEiBCBeYrHevTqLVYKh97F7 AWLfUKlkQF7nxjpOrdNsMsnkVDAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ BTEPFw0yMzEyMjAxOTM2MzBaMGkGCSqGSIb3DQEJDzFcMFowCwYJYIZIAWUDBAEqMAsGCWCGSAFl AwQBFjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwCwYJKoZIhvcNAQEKMAsGCSqGSIb3DQEBBzAL BglghkgBZQMEAgEwDQYJKoZIhvcNAQEBBQAEggEAobWTvc7lcsORrj4Q//NSnVp5/YTvzsbEAaRK zk7VZ9q8AvXAO5fjUebW2bIH5NGKAzi4Yv16AwlzvcQlmYBRXmEiRHJTEIJTWyrsWBOhYvKcST2Q UFXSPxfV6ZqCXCN9g1XkdrwAFDgzMkCIuhbU5eX5yntE/Nt+93b+S8MYaQ8ix8f3Bi+f172Nl0sX ng6mvni/z4+mUcLHhik4wcringxKyeMKlpzazmDQUc9feDoCAPtQunZp7J8BjQpgZg/s5v63x8h7 YyoY5m/50XsSrJ9mvWBSLuLgBXFar/ImMxLkvrdJ3hilkL7S/FnUs4IuYHK693UDjj9aC5nJYn7O bw== --0000000000008ab1d5060cf6197e--