2
0

ts_rsp_verify.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571
  1. /*
  2. * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <openssl/objects.h>
  11. #include <openssl/ts.h>
  12. #include <openssl/pkcs7.h>
  13. #include "internal/cryptlib.h"
  14. #include "internal/sizes.h"
  15. #include "crypto/ess.h"
  16. #include "ts_local.h"
  17. static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
  18. X509 *signer, STACK_OF(X509) **chain);
  19. static int ts_check_signing_certs(const PKCS7_SIGNER_INFO *si,
  20. const STACK_OF(X509) *chain);
  21. static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
  22. PKCS7 *token, TS_TST_INFO *tst_info);
  23. static int ts_check_status_info(TS_RESP *response);
  24. static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text);
  25. static int ts_check_policy(const ASN1_OBJECT *req_oid,
  26. const TS_TST_INFO *tst_info);
  27. static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
  28. X509_ALGOR **md_alg,
  29. unsigned char **imprint, unsigned *imprint_len);
  30. static int ts_check_imprints(X509_ALGOR *algor_a,
  31. const unsigned char *imprint_a, unsigned len_a,
  32. TS_TST_INFO *tst_info);
  33. static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info);
  34. static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer);
  35. static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names,
  36. GENERAL_NAME *name);
  37. /*
  38. * This must be large enough to hold all values in ts_status_text (with
  39. * comma separator) or all text fields in ts_failure_info (also with comma).
  40. */
  41. #define TS_STATUS_BUF_SIZE 256
  42. /*
  43. * Local mapping between response codes and descriptions.
  44. */
  45. static const char *ts_status_text[] = {
  46. "granted",
  47. "grantedWithMods",
  48. "rejection",
  49. "waiting",
  50. "revocationWarning",
  51. "revocationNotification"
  52. };
  53. #define TS_STATUS_TEXT_SIZE OSSL_NELEM(ts_status_text)
  54. static struct {
  55. int code;
  56. const char *text;
  57. } ts_failure_info[] = {
  58. {TS_INFO_BAD_ALG, "badAlg"},
  59. {TS_INFO_BAD_REQUEST, "badRequest"},
  60. {TS_INFO_BAD_DATA_FORMAT, "badDataFormat"},
  61. {TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable"},
  62. {TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy"},
  63. {TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension"},
  64. {TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable"},
  65. {TS_INFO_SYSTEM_FAILURE, "systemFailure"}
  66. };
  67. /*-
  68. * This function carries out the following tasks:
  69. * - Checks if there is one and only one signer.
  70. * - Search for the signing certificate in 'certs' and in the response.
  71. * - Check the extended key usage and key usage fields of the signer
  72. * certificate (done by the path validation).
  73. * - Build and validate the certificate path.
  74. * - Check if the certificate path meets the requirements of the
  75. * SigningCertificate ESS signed attribute.
  76. * - Verify the signature value.
  77. * - Returns the signer certificate in 'signer', if 'signer' is not NULL.
  78. */
  79. int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
  80. X509_STORE *store, X509 **signer_out)
  81. {
  82. STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL;
  83. PKCS7_SIGNER_INFO *si;
  84. STACK_OF(X509) *untrusted = NULL;
  85. STACK_OF(X509) *signers = NULL;
  86. X509 *signer;
  87. STACK_OF(X509) *chain = NULL;
  88. char buf[4096];
  89. int i, j = 0, ret = 0;
  90. BIO *p7bio = NULL;
  91. /* Some sanity checks first. */
  92. if (!token) {
  93. ERR_raise(ERR_LIB_TS, TS_R_INVALID_NULL_POINTER);
  94. goto err;
  95. }
  96. if (!PKCS7_type_is_signed(token)) {
  97. ERR_raise(ERR_LIB_TS, TS_R_WRONG_CONTENT_TYPE);
  98. goto err;
  99. }
  100. sinfos = PKCS7_get_signer_info(token);
  101. if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) {
  102. ERR_raise(ERR_LIB_TS, TS_R_THERE_MUST_BE_ONE_SIGNER);
  103. goto err;
  104. }
  105. si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0);
  106. if (PKCS7_get_detached(token)) {
  107. ERR_raise(ERR_LIB_TS, TS_R_NO_CONTENT);
  108. goto err;
  109. }
  110. /*
  111. * Get hold of the signer certificate, search only internal certificates
  112. * if it was requested.
  113. */
  114. signers = PKCS7_get0_signers(token, certs, 0);
  115. if (!signers || sk_X509_num(signers) != 1)
  116. goto err;
  117. signer = sk_X509_value(signers, 0);
  118. untrusted = sk_X509_new_reserve(NULL, sk_X509_num(certs)
  119. + sk_X509_num(token->d.sign->cert));
  120. if (untrusted == NULL
  121. || !X509_add_certs(untrusted, certs, 0)
  122. || !X509_add_certs(untrusted, token->d.sign->cert, 0))
  123. goto err;
  124. if (!ts_verify_cert(store, untrusted, signer, &chain))
  125. goto err;
  126. if (!ts_check_signing_certs(si, chain))
  127. goto err;
  128. p7bio = PKCS7_dataInit(token, NULL);
  129. /* We now have to 'read' from p7bio to calculate digests etc. */
  130. while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0)
  131. continue;
  132. j = PKCS7_signatureVerify(p7bio, token, si, signer);
  133. if (j <= 0) {
  134. ERR_raise(ERR_LIB_TS, TS_R_SIGNATURE_FAILURE);
  135. goto err;
  136. }
  137. if (signer_out) {
  138. *signer_out = signer;
  139. X509_up_ref(signer);
  140. }
  141. ret = 1;
  142. err:
  143. BIO_free_all(p7bio);
  144. sk_X509_free(untrusted);
  145. OSSL_STACK_OF_X509_free(chain);
  146. sk_X509_free(signers);
  147. return ret;
  148. }
  149. /*
  150. * The certificate chain is returned in chain. Caller is responsible for
  151. * freeing the vector.
  152. */
  153. static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
  154. X509 *signer, STACK_OF(X509) **chain)
  155. {
  156. X509_STORE_CTX *cert_ctx = NULL;
  157. int i;
  158. int ret = 0;
  159. *chain = NULL;
  160. cert_ctx = X509_STORE_CTX_new();
  161. if (cert_ctx == NULL) {
  162. ERR_raise(ERR_LIB_TS, ERR_R_X509_LIB);
  163. goto err;
  164. }
  165. if (!X509_STORE_CTX_init(cert_ctx, store, signer, untrusted))
  166. goto end;
  167. X509_STORE_CTX_set_purpose(cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN);
  168. i = X509_verify_cert(cert_ctx);
  169. if (i <= 0) {
  170. int j = X509_STORE_CTX_get_error(cert_ctx);
  171. ERR_raise_data(ERR_LIB_TS, TS_R_CERTIFICATE_VERIFY_ERROR,
  172. "Verify error:%s", X509_verify_cert_error_string(j));
  173. goto err;
  174. }
  175. *chain = X509_STORE_CTX_get1_chain(cert_ctx);
  176. ret = 1;
  177. goto end;
  178. err:
  179. ret = 0;
  180. end:
  181. X509_STORE_CTX_free(cert_ctx);
  182. return ret;
  183. }
  184. static ESS_SIGNING_CERT *ossl_ess_get_signing_cert(const PKCS7_SIGNER_INFO *si)
  185. {
  186. ASN1_TYPE *attr;
  187. const unsigned char *p;
  188. attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
  189. if (attr == NULL)
  190. return NULL;
  191. p = attr->value.sequence->data;
  192. return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
  193. }
  194. static
  195. ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO *si)
  196. {
  197. ASN1_TYPE *attr;
  198. const unsigned char *p;
  199. attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
  200. if (attr == NULL)
  201. return NULL;
  202. p = attr->value.sequence->data;
  203. return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
  204. }
  205. static int ts_check_signing_certs(const PKCS7_SIGNER_INFO *si,
  206. const STACK_OF(X509) *chain)
  207. {
  208. ESS_SIGNING_CERT *ss = ossl_ess_get_signing_cert(si);
  209. ESS_SIGNING_CERT_V2 *ssv2 = ossl_ess_get_signing_cert_v2(si);
  210. int ret = OSSL_ESS_check_signing_certs(ss, ssv2, chain, 1) > 0;
  211. ESS_SIGNING_CERT_free(ss);
  212. ESS_SIGNING_CERT_V2_free(ssv2);
  213. return ret;
  214. }
  215. /*-
  216. * Verifies whether 'response' contains a valid response with regards
  217. * to the settings of the context:
  218. * - Gives an error message if the TS_TST_INFO is not present.
  219. * - Calls _TS_RESP_verify_token to verify the token content.
  220. */
  221. int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response)
  222. {
  223. PKCS7 *token = response->token;
  224. TS_TST_INFO *tst_info = response->tst_info;
  225. int ret = 0;
  226. if (!ts_check_status_info(response))
  227. goto err;
  228. if (!int_ts_RESP_verify_token(ctx, token, tst_info))
  229. goto err;
  230. ret = 1;
  231. err:
  232. return ret;
  233. }
  234. /*
  235. * Tries to extract a TS_TST_INFO structure from the PKCS7 token and
  236. * calls the internal int_TS_RESP_verify_token function for verifying it.
  237. */
  238. int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token)
  239. {
  240. TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token);
  241. int ret = 0;
  242. if (tst_info) {
  243. ret = int_ts_RESP_verify_token(ctx, token, tst_info);
  244. TS_TST_INFO_free(tst_info);
  245. }
  246. return ret;
  247. }
  248. /*-
  249. * Verifies whether the 'token' contains a valid timestamp token
  250. * with regards to the settings of the context. Only those checks are
  251. * carried out that are specified in the context:
  252. * - Verifies the signature of the TS_TST_INFO.
  253. * - Checks the version number of the response.
  254. * - Check if the requested and returned policies math.
  255. * - Check if the message imprints are the same.
  256. * - Check if the nonces are the same.
  257. * - Check if the TSA name matches the signer.
  258. * - Check if the TSA name is the expected TSA.
  259. */
  260. static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
  261. PKCS7 *token, TS_TST_INFO *tst_info)
  262. {
  263. X509 *signer = NULL;
  264. GENERAL_NAME *tsa_name = tst_info->tsa;
  265. X509_ALGOR *md_alg = NULL;
  266. unsigned char *imprint = NULL;
  267. unsigned imprint_len = 0;
  268. int ret = 0;
  269. int flags = ctx->flags;
  270. /* Some options require us to also check the signature */
  271. if (((flags & TS_VFY_SIGNER) && tsa_name != NULL)
  272. || (flags & TS_VFY_TSA_NAME)) {
  273. flags |= TS_VFY_SIGNATURE;
  274. }
  275. if ((flags & TS_VFY_SIGNATURE)
  276. && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer))
  277. goto err;
  278. if ((flags & TS_VFY_VERSION)
  279. && TS_TST_INFO_get_version(tst_info) != 1) {
  280. ERR_raise(ERR_LIB_TS, TS_R_UNSUPPORTED_VERSION);
  281. goto err;
  282. }
  283. if ((flags & TS_VFY_POLICY)
  284. && !ts_check_policy(ctx->policy, tst_info))
  285. goto err;
  286. if ((flags & TS_VFY_IMPRINT)
  287. && !ts_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
  288. tst_info))
  289. goto err;
  290. if ((flags & TS_VFY_DATA)
  291. && (!ts_compute_imprint(ctx->data, tst_info,
  292. &md_alg, &imprint, &imprint_len)
  293. || !ts_check_imprints(md_alg, imprint, imprint_len, tst_info)))
  294. goto err;
  295. if ((flags & TS_VFY_NONCE)
  296. && !ts_check_nonces(ctx->nonce, tst_info))
  297. goto err;
  298. if ((flags & TS_VFY_SIGNER)
  299. && tsa_name && !ts_check_signer_name(tsa_name, signer)) {
  300. ERR_raise(ERR_LIB_TS, TS_R_TSA_NAME_MISMATCH);
  301. goto err;
  302. }
  303. if ((flags & TS_VFY_TSA_NAME)
  304. && !ts_check_signer_name(ctx->tsa_name, signer)) {
  305. ERR_raise(ERR_LIB_TS, TS_R_TSA_UNTRUSTED);
  306. goto err;
  307. }
  308. ret = 1;
  309. err:
  310. X509_free(signer);
  311. X509_ALGOR_free(md_alg);
  312. OPENSSL_free(imprint);
  313. return ret;
  314. }
  315. static int ts_check_status_info(TS_RESP *response)
  316. {
  317. TS_STATUS_INFO *info = response->status_info;
  318. long status = ASN1_INTEGER_get(info->status);
  319. const char *status_text = NULL;
  320. char *embedded_status_text = NULL;
  321. char failure_text[TS_STATUS_BUF_SIZE] = "";
  322. if (status == 0 || status == 1)
  323. return 1;
  324. /* There was an error, get the description in status_text. */
  325. if (0 <= status && status < (long) OSSL_NELEM(ts_status_text))
  326. status_text = ts_status_text[status];
  327. else
  328. status_text = "unknown code";
  329. if (sk_ASN1_UTF8STRING_num(info->text) > 0
  330. && (embedded_status_text = ts_get_status_text(info->text)) == NULL)
  331. return 0;
  332. /* Fill in failure_text with the failure information. */
  333. if (info->failure_info) {
  334. int i;
  335. int first = 1;
  336. for (i = 0; i < (int)OSSL_NELEM(ts_failure_info); ++i) {
  337. if (ASN1_BIT_STRING_get_bit(info->failure_info,
  338. ts_failure_info[i].code)) {
  339. if (!first)
  340. strcat(failure_text, ",");
  341. else
  342. first = 0;
  343. strcat(failure_text, ts_failure_info[i].text);
  344. }
  345. }
  346. }
  347. if (failure_text[0] == '\0')
  348. strcpy(failure_text, "unspecified");
  349. ERR_raise_data(ERR_LIB_TS, TS_R_NO_TIME_STAMP_TOKEN,
  350. "status code: %s, status text: %s, failure codes: %s",
  351. status_text,
  352. embedded_status_text ? embedded_status_text : "unspecified",
  353. failure_text);
  354. OPENSSL_free(embedded_status_text);
  355. return 0;
  356. }
  357. static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
  358. {
  359. return ossl_sk_ASN1_UTF8STRING2text(text, "/", TS_MAX_STATUS_LENGTH);
  360. }
  361. static int ts_check_policy(const ASN1_OBJECT *req_oid,
  362. const TS_TST_INFO *tst_info)
  363. {
  364. const ASN1_OBJECT *resp_oid = tst_info->policy_id;
  365. if (OBJ_cmp(req_oid, resp_oid) != 0) {
  366. ERR_raise(ERR_LIB_TS, TS_R_POLICY_MISMATCH);
  367. return 0;
  368. }
  369. return 1;
  370. }
  371. static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
  372. X509_ALGOR **md_alg,
  373. unsigned char **imprint, unsigned *imprint_len)
  374. {
  375. TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint;
  376. X509_ALGOR *md_alg_resp = msg_imprint->hash_algo;
  377. EVP_MD *md = NULL;
  378. EVP_MD_CTX *md_ctx = NULL;
  379. unsigned char buffer[4096];
  380. char name[OSSL_MAX_NAME_SIZE];
  381. int length;
  382. *md_alg = NULL;
  383. *imprint = NULL;
  384. if ((*md_alg = X509_ALGOR_dup(md_alg_resp)) == NULL)
  385. goto err;
  386. OBJ_obj2txt(name, sizeof(name), md_alg_resp->algorithm, 0);
  387. (void)ERR_set_mark();
  388. md = EVP_MD_fetch(NULL, name, NULL);
  389. if (md == NULL)
  390. md = (EVP_MD *)EVP_get_digestbyname(name);
  391. if (md == NULL) {
  392. (void)ERR_clear_last_mark();
  393. goto err;
  394. }
  395. (void)ERR_pop_to_mark();
  396. length = EVP_MD_get_size(md);
  397. if (length < 0)
  398. goto err;
  399. *imprint_len = length;
  400. if ((*imprint = OPENSSL_malloc(*imprint_len)) == NULL)
  401. goto err;
  402. md_ctx = EVP_MD_CTX_new();
  403. if (md_ctx == NULL) {
  404. ERR_raise(ERR_LIB_TS, ERR_R_EVP_LIB);
  405. goto err;
  406. }
  407. if (!EVP_DigestInit(md_ctx, md))
  408. goto err;
  409. EVP_MD_free(md);
  410. md = NULL;
  411. while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) {
  412. if (!EVP_DigestUpdate(md_ctx, buffer, length))
  413. goto err;
  414. }
  415. if (!EVP_DigestFinal(md_ctx, *imprint, NULL))
  416. goto err;
  417. EVP_MD_CTX_free(md_ctx);
  418. return 1;
  419. err:
  420. EVP_MD_CTX_free(md_ctx);
  421. EVP_MD_free(md);
  422. X509_ALGOR_free(*md_alg);
  423. *md_alg = NULL;
  424. OPENSSL_free(*imprint);
  425. *imprint_len = 0;
  426. *imprint = 0;
  427. return 0;
  428. }
  429. static int ts_check_imprints(X509_ALGOR *algor_a,
  430. const unsigned char *imprint_a, unsigned len_a,
  431. TS_TST_INFO *tst_info)
  432. {
  433. TS_MSG_IMPRINT *b = tst_info->msg_imprint;
  434. X509_ALGOR *algor_b = b->hash_algo;
  435. int ret = 0;
  436. if (algor_a) {
  437. if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm))
  438. goto err;
  439. /* The parameter must be NULL in both. */
  440. if ((algor_a->parameter
  441. && ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL)
  442. || (algor_b->parameter
  443. && ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL))
  444. goto err;
  445. }
  446. ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg) &&
  447. memcmp(imprint_a, ASN1_STRING_get0_data(b->hashed_msg), len_a) == 0;
  448. err:
  449. if (!ret)
  450. ERR_raise(ERR_LIB_TS, TS_R_MESSAGE_IMPRINT_MISMATCH);
  451. return ret;
  452. }
  453. static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
  454. {
  455. const ASN1_INTEGER *b = tst_info->nonce;
  456. if (!b) {
  457. ERR_raise(ERR_LIB_TS, TS_R_NONCE_NOT_RETURNED);
  458. return 0;
  459. }
  460. /* No error if a nonce is returned without being requested. */
  461. if (ASN1_INTEGER_cmp(a, b) != 0) {
  462. ERR_raise(ERR_LIB_TS, TS_R_NONCE_MISMATCH);
  463. return 0;
  464. }
  465. return 1;
  466. }
  467. /*
  468. * Check if the specified TSA name matches either the subject or one of the
  469. * subject alternative names of the TSA certificate.
  470. */
  471. static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)
  472. {
  473. STACK_OF(GENERAL_NAME) *gen_names = NULL;
  474. int idx = -1;
  475. int found = 0;
  476. if (tsa_name->type == GEN_DIRNAME
  477. && X509_name_cmp(tsa_name->d.dirn, X509_get_subject_name(signer)) == 0)
  478. return 1;
  479. gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
  480. while (gen_names != NULL) {
  481. found = ts_find_name(gen_names, tsa_name) >= 0;
  482. if (found)
  483. break;
  484. /*
  485. * Get the next subject alternative name, although there should be no
  486. * more than one.
  487. */
  488. GENERAL_NAMES_free(gen_names);
  489. gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
  490. }
  491. GENERAL_NAMES_free(gen_names);
  492. return found;
  493. }
  494. /* Returns 1 if name is in gen_names, 0 otherwise. */
  495. static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name)
  496. {
  497. int i, found;
  498. for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); ++i) {
  499. GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i);
  500. found = GENERAL_NAME_cmp(current, name) == 0;
  501. }
  502. return found ? i - 1 : -1;
  503. }