1 /* 2 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* We need to use some engine deprecated APIs */ 11 #define OPENSSL_SUPPRESS_DEPRECATED 12 13 #include <string.h> 14 #include <openssl/core_dispatch.h> 15 #include <openssl/core_names.h> 16 #include <openssl/params.h> 17 #include <openssl/err.h> 18 #include <openssl/evp.h> 19 #include <openssl/proverr.h> 20 #include <openssl/param_build.h> 21 #ifndef FIPS_MODULE 22 #include <openssl/engine.h> 23 #endif 24 #include "internal/param_build_set.h" 25 #include "prov/implementations.h" 26 #include "prov/providercommon.h" 27 #include "prov/provider_ctx.h" 28 #include "prov/macsignature.h" 29 30 static OSSL_FUNC_keymgmt_new_fn mac_new; 31 static OSSL_FUNC_keymgmt_free_fn mac_free; 32 static OSSL_FUNC_keymgmt_gen_init_fn mac_gen_init; 33 static OSSL_FUNC_keymgmt_gen_fn mac_gen; 34 static OSSL_FUNC_keymgmt_gen_cleanup_fn mac_gen_cleanup; 35 static OSSL_FUNC_keymgmt_gen_set_params_fn mac_gen_set_params; 36 static OSSL_FUNC_keymgmt_gen_settable_params_fn mac_gen_settable_params; 37 static OSSL_FUNC_keymgmt_get_params_fn mac_get_params; 38 static OSSL_FUNC_keymgmt_gettable_params_fn mac_gettable_params; 39 static OSSL_FUNC_keymgmt_set_params_fn mac_set_params; 40 static OSSL_FUNC_keymgmt_settable_params_fn mac_settable_params; 41 static OSSL_FUNC_keymgmt_has_fn mac_has; 42 static OSSL_FUNC_keymgmt_match_fn mac_match; 43 static OSSL_FUNC_keymgmt_import_fn mac_import; 44 static OSSL_FUNC_keymgmt_import_types_fn mac_imexport_types; 45 static OSSL_FUNC_keymgmt_export_fn mac_export; 46 static OSSL_FUNC_keymgmt_export_types_fn mac_imexport_types; 47 48 static OSSL_FUNC_keymgmt_new_fn mac_new_cmac; 49 static OSSL_FUNC_keymgmt_gettable_params_fn cmac_gettable_params; 50 static OSSL_FUNC_keymgmt_import_types_fn cmac_imexport_types; 51 static OSSL_FUNC_keymgmt_export_types_fn cmac_imexport_types; 52 static OSSL_FUNC_keymgmt_gen_init_fn cmac_gen_init; 53 static OSSL_FUNC_keymgmt_gen_set_params_fn cmac_gen_set_params; 54 static OSSL_FUNC_keymgmt_gen_settable_params_fn cmac_gen_settable_params; 55 56 struct mac_gen_ctx { 57 OSSL_LIB_CTX *libctx; 58 int selection; 59 unsigned char *priv_key; 60 size_t priv_key_len; 61 PROV_CIPHER cipher; 62 }; 63 64 MAC_KEY *ossl_mac_key_new(OSSL_LIB_CTX *libctx, int cmac) 65 { 66 MAC_KEY *mackey; 67 68 if (!ossl_prov_is_running()) 69 return NULL; 70 71 mackey = OPENSSL_zalloc(sizeof(*mackey)); 72 if (mackey == NULL) 73 return NULL; 74 75 if (!CRYPTO_NEW_REF(&mackey->refcnt, 1)) { 76 OPENSSL_free(mackey); 77 return NULL; 78 } 79 mackey->libctx = libctx; 80 mackey->cmac = cmac; 81 82 return mackey; 83 } 84 85 void ossl_mac_key_free(MAC_KEY *mackey) 86 { 87 int ref = 0; 88 89 if (mackey == NULL) 90 return; 91 92 CRYPTO_DOWN_REF(&mackey->refcnt, &ref); 93 if (ref > 0) 94 return; 95 96 OPENSSL_secure_clear_free(mackey->priv_key, mackey->priv_key_len); 97 OPENSSL_free(mackey->properties); 98 ossl_prov_cipher_reset(&mackey->cipher); 99 CRYPTO_FREE_REF(&mackey->refcnt); 100 OPENSSL_free(mackey); 101 } 102 103 int ossl_mac_key_up_ref(MAC_KEY *mackey) 104 { 105 int ref = 0; 106 107 /* This is effectively doing a new operation on the MAC_KEY and should be 108 * adequately guarded again modules' error states. However, both current 109 * calls here are guarded properly in signature/mac_legacy.c. Thus, it 110 * could be removed here. The concern is that something in the future 111 * might call this function without adequate guards. It's a cheap call, 112 * it seems best to leave it even though it is currently redundant. 113 */ 114 if (!ossl_prov_is_running()) 115 return 0; 116 117 CRYPTO_UP_REF(&mackey->refcnt, &ref); 118 return 1; 119 } 120 121 static void *mac_new(void *provctx) 122 { 123 return ossl_mac_key_new(PROV_LIBCTX_OF(provctx), 0); 124 } 125 126 static void *mac_new_cmac(void *provctx) 127 { 128 return ossl_mac_key_new(PROV_LIBCTX_OF(provctx), 1); 129 } 130 131 static void mac_free(void *mackey) 132 { 133 ossl_mac_key_free(mackey); 134 } 135 136 static int mac_has(const void *keydata, int selection) 137 { 138 const MAC_KEY *key = keydata; 139 int ok = 0; 140 141 if (ossl_prov_is_running() && key != NULL) { 142 /* 143 * MAC keys always have all the parameters they need (i.e. none). 144 * Therefore we always return with 1, if asked about parameters. 145 * Similarly for public keys. 146 */ 147 ok = 1; 148 149 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) 150 ok = key->priv_key != NULL; 151 } 152 return ok; 153 } 154 155 static int mac_match(const void *keydata1, const void *keydata2, int selection) 156 { 157 const MAC_KEY *key1 = keydata1; 158 const MAC_KEY *key2 = keydata2; 159 int ok = 1; 160 161 if (!ossl_prov_is_running()) 162 return 0; 163 164 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 165 if ((key1->priv_key == NULL && key2->priv_key != NULL) 166 || (key1->priv_key != NULL && key2->priv_key == NULL) 167 || key1->priv_key_len != key2->priv_key_len 168 || (key1->cipher.cipher == NULL && key2->cipher.cipher != NULL) 169 || (key1->cipher.cipher != NULL && key2->cipher.cipher == NULL)) 170 ok = 0; 171 else 172 ok = ok && (key1->priv_key == NULL /* implies key2->privkey == NULL */ 173 || CRYPTO_memcmp(key1->priv_key, key2->priv_key, key1->priv_key_len) == 0); 174 if (key1->cipher.cipher != NULL) 175 ok = ok && EVP_CIPHER_is_a(key1->cipher.cipher, EVP_CIPHER_get0_name(key2->cipher.cipher)); 176 } 177 return ok; 178 } 179 180 static int mac_key_fromdata(MAC_KEY *key, const OSSL_PARAM params[]) 181 { 182 const OSSL_PARAM *p; 183 184 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); 185 if (p != NULL) { 186 if (p->data_type != OSSL_PARAM_OCTET_STRING) { 187 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); 188 return 0; 189 } 190 OPENSSL_secure_clear_free(key->priv_key, key->priv_key_len); 191 /* allocate at least one byte to distinguish empty key from no key set */ 192 key->priv_key = OPENSSL_secure_malloc(p->data_size > 0 ? p->data_size : 1); 193 if (key->priv_key == NULL) 194 return 0; 195 memcpy(key->priv_key, p->data, p->data_size); 196 key->priv_key_len = p->data_size; 197 } 198 199 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PROPERTIES); 200 if (p != NULL) { 201 if (p->data_type != OSSL_PARAM_UTF8_STRING) { 202 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); 203 return 0; 204 } 205 OPENSSL_free(key->properties); 206 key->properties = OPENSSL_strdup(p->data); 207 if (key->properties == NULL) 208 return 0; 209 } 210 211 if (key->cmac && !ossl_prov_cipher_load_from_params(&key->cipher, params, key->libctx)) { 212 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); 213 return 0; 214 } 215 216 if (key->priv_key != NULL) 217 return 1; 218 219 return 0; 220 } 221 222 static int mac_import(void *keydata, int selection, const OSSL_PARAM params[]) 223 { 224 MAC_KEY *key = keydata; 225 226 if (!ossl_prov_is_running() || key == NULL) 227 return 0; 228 229 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0) 230 return 0; 231 232 return mac_key_fromdata(key, params); 233 } 234 235 static int key_to_params(MAC_KEY *key, OSSL_PARAM_BLD *tmpl, 236 OSSL_PARAM params[]) 237 { 238 if (key == NULL) 239 return 0; 240 241 if (key->priv_key != NULL 242 && !ossl_param_build_set_octet_string(tmpl, params, 243 OSSL_PKEY_PARAM_PRIV_KEY, 244 key->priv_key, key->priv_key_len)) 245 return 0; 246 247 if (key->cipher.cipher != NULL 248 && !ossl_param_build_set_utf8_string(tmpl, params, 249 OSSL_PKEY_PARAM_CIPHER, 250 EVP_CIPHER_get0_name(key->cipher.cipher))) 251 return 0; 252 253 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) 254 if (key->cipher.engine != NULL 255 && !ossl_param_build_set_utf8_string(tmpl, params, 256 OSSL_PKEY_PARAM_ENGINE, 257 ENGINE_get_id(key->cipher.engine))) 258 return 0; 259 #endif 260 261 return 1; 262 } 263 264 static int mac_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, 265 void *cbarg) 266 { 267 MAC_KEY *key = keydata; 268 OSSL_PARAM_BLD *tmpl; 269 OSSL_PARAM *params = NULL; 270 int ret = 0; 271 272 if (!ossl_prov_is_running() || key == NULL) 273 return 0; 274 275 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0) 276 return 0; 277 278 tmpl = OSSL_PARAM_BLD_new(); 279 if (tmpl == NULL) 280 return 0; 281 282 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 283 && !key_to_params(key, tmpl, NULL)) 284 goto err; 285 286 params = OSSL_PARAM_BLD_to_param(tmpl); 287 if (params == NULL) 288 goto err; 289 290 ret = param_cb(params, cbarg); 291 OSSL_PARAM_free(params); 292 err: 293 OSSL_PARAM_BLD_free(tmpl); 294 return ret; 295 } 296 297 static const OSSL_PARAM mac_key_types[] = { 298 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), 299 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_PROPERTIES, NULL, 0), 300 OSSL_PARAM_END 301 }; 302 static const OSSL_PARAM *mac_imexport_types(int selection) 303 { 304 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) 305 return mac_key_types; 306 return NULL; 307 } 308 309 static const OSSL_PARAM cmac_key_types[] = { 310 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), 311 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_CIPHER, NULL, 0), 312 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_ENGINE, NULL, 0), 313 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_PROPERTIES, NULL, 0), 314 OSSL_PARAM_END 315 }; 316 static const OSSL_PARAM *cmac_imexport_types(int selection) 317 { 318 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) 319 return cmac_key_types; 320 return NULL; 321 } 322 323 static int mac_get_params(void *key, OSSL_PARAM params[]) 324 { 325 return key_to_params(key, NULL, params); 326 } 327 328 static const OSSL_PARAM *mac_gettable_params(void *provctx) 329 { 330 static const OSSL_PARAM gettable_params[] = { 331 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), 332 OSSL_PARAM_END 333 }; 334 return gettable_params; 335 } 336 337 static const OSSL_PARAM *cmac_gettable_params(void *provctx) 338 { 339 static const OSSL_PARAM gettable_params[] = { 340 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), 341 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_CIPHER, NULL, 0), 342 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_ENGINE, NULL, 0), 343 OSSL_PARAM_END 344 }; 345 return gettable_params; 346 } 347 348 static int mac_set_params(void *keydata, const OSSL_PARAM params[]) 349 { 350 MAC_KEY *key = keydata; 351 const OSSL_PARAM *p; 352 353 if (key == NULL) 354 return 0; 355 356 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); 357 if (p != NULL) 358 return mac_key_fromdata(key, params); 359 360 return 1; 361 } 362 363 static const OSSL_PARAM *mac_settable_params(void *provctx) 364 { 365 static const OSSL_PARAM settable_params[] = { 366 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), 367 OSSL_PARAM_END 368 }; 369 return settable_params; 370 } 371 372 static void *mac_gen_init_common(void *provctx, int selection) 373 { 374 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); 375 struct mac_gen_ctx *gctx = NULL; 376 377 if (!ossl_prov_is_running()) 378 return NULL; 379 380 if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { 381 gctx->libctx = libctx; 382 gctx->selection = selection; 383 } 384 return gctx; 385 } 386 387 static void *mac_gen_init(void *provctx, int selection, 388 const OSSL_PARAM params[]) 389 { 390 struct mac_gen_ctx *gctx = mac_gen_init_common(provctx, selection); 391 392 if (gctx != NULL && !mac_gen_set_params(gctx, params)) { 393 mac_gen_cleanup(gctx); 394 gctx = NULL; 395 } 396 return gctx; 397 } 398 399 static void *cmac_gen_init(void *provctx, int selection, 400 const OSSL_PARAM params[]) 401 { 402 struct mac_gen_ctx *gctx = mac_gen_init_common(provctx, selection); 403 404 if (gctx != NULL && !cmac_gen_set_params(gctx, params)) { 405 mac_gen_cleanup(gctx); 406 gctx = NULL; 407 } 408 return gctx; 409 } 410 411 static int mac_gen_set_params(void *genctx, const OSSL_PARAM params[]) 412 { 413 struct mac_gen_ctx *gctx = genctx; 414 const OSSL_PARAM *p; 415 416 if (gctx == NULL) 417 return 0; 418 419 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); 420 if (p != NULL) { 421 if (p->data_type != OSSL_PARAM_OCTET_STRING) { 422 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); 423 return 0; 424 } 425 gctx->priv_key = OPENSSL_secure_malloc(p->data_size); 426 if (gctx->priv_key == NULL) 427 return 0; 428 memcpy(gctx->priv_key, p->data, p->data_size); 429 gctx->priv_key_len = p->data_size; 430 } 431 432 return 1; 433 } 434 435 static int cmac_gen_set_params(void *genctx, const OSSL_PARAM params[]) 436 { 437 struct mac_gen_ctx *gctx = genctx; 438 439 if (!mac_gen_set_params(genctx, params)) 440 return 0; 441 442 if (!ossl_prov_cipher_load_from_params(&gctx->cipher, params, 443 gctx->libctx)) { 444 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); 445 return 0; 446 } 447 448 return 1; 449 } 450 451 static const OSSL_PARAM *mac_gen_settable_params(ossl_unused void *genctx, 452 ossl_unused void *provctx) 453 { 454 static OSSL_PARAM settable[] = { 455 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), 456 OSSL_PARAM_END 457 }; 458 return settable; 459 } 460 461 static const OSSL_PARAM *cmac_gen_settable_params(ossl_unused void *genctx, 462 ossl_unused void *provctx) 463 { 464 static OSSL_PARAM settable[] = { 465 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), 466 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_CIPHER, NULL, 0), 467 OSSL_PARAM_END 468 }; 469 return settable; 470 } 471 472 static void *mac_gen(void *genctx, OSSL_CALLBACK *cb, void *cbarg) 473 { 474 struct mac_gen_ctx *gctx = genctx; 475 MAC_KEY *key; 476 477 if (!ossl_prov_is_running() || gctx == NULL) 478 return NULL; 479 480 if ((key = ossl_mac_key_new(gctx->libctx, 0)) == NULL) { 481 ERR_raise(ERR_LIB_PROV, ERR_R_PROV_LIB); 482 return NULL; 483 } 484 485 /* If we're doing parameter generation then we just return a blank key */ 486 if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) 487 return key; 488 489 if (gctx->priv_key == NULL) { 490 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); 491 ossl_mac_key_free(key); 492 return NULL; 493 } 494 495 /* 496 * This is horrible but required for backwards compatibility. We don't 497 * actually do real key generation at all. We simply copy the key that was 498 * previously set in the gctx. Hopefully at some point in the future all 499 * of this can be removed and we will only support the EVP_KDF APIs. 500 */ 501 if (!ossl_prov_cipher_copy(&key->cipher, &gctx->cipher)) { 502 ossl_mac_key_free(key); 503 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); 504 return NULL; 505 } 506 ossl_prov_cipher_reset(&gctx->cipher); 507 key->priv_key = gctx->priv_key; 508 key->priv_key_len = gctx->priv_key_len; 509 gctx->priv_key_len = 0; 510 gctx->priv_key = NULL; 511 512 return key; 513 } 514 515 static void mac_gen_cleanup(void *genctx) 516 { 517 struct mac_gen_ctx *gctx = genctx; 518 519 if (gctx == NULL) 520 return; 521 522 OPENSSL_secure_clear_free(gctx->priv_key, gctx->priv_key_len); 523 ossl_prov_cipher_reset(&gctx->cipher); 524 OPENSSL_free(gctx); 525 } 526 527 const OSSL_DISPATCH ossl_mac_legacy_keymgmt_functions[] = { 528 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))mac_new }, 529 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))mac_free }, 530 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))mac_get_params }, 531 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))mac_gettable_params }, 532 { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))mac_set_params }, 533 { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))mac_settable_params }, 534 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))mac_has }, 535 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))mac_match }, 536 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))mac_import }, 537 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))mac_imexport_types }, 538 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))mac_export }, 539 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))mac_imexport_types }, 540 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))mac_gen_init }, 541 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))mac_gen_set_params }, 542 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, 543 (void (*)(void))mac_gen_settable_params }, 544 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))mac_gen }, 545 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))mac_gen_cleanup }, 546 OSSL_DISPATCH_END 547 }; 548 549 const OSSL_DISPATCH ossl_cmac_legacy_keymgmt_functions[] = { 550 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))mac_new_cmac }, 551 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))mac_free }, 552 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))mac_get_params }, 553 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))cmac_gettable_params }, 554 { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))mac_set_params }, 555 { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))mac_settable_params }, 556 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))mac_has }, 557 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))mac_match }, 558 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))mac_import }, 559 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))cmac_imexport_types }, 560 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))mac_export }, 561 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))cmac_imexport_types }, 562 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))cmac_gen_init }, 563 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))cmac_gen_set_params }, 564 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, 565 (void (*)(void))cmac_gen_settable_params }, 566 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))mac_gen }, 567 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))mac_gen_cleanup }, 568 OSSL_DISPATCH_END 569 }; 570
Indexes created Sat Feb 28 05:31:39 UTC 2026