OpenVPN
test_crypto.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2016-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27 
28 #include "syshead.h"
29 
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <stdarg.h>
33 #include <string.h>
34 #include <setjmp.h>
35 #include <cmocka.h>
36 
37 #include "crypto.h"
38 #include "options.h"
39 #include "ssl_backend.h"
40 
41 #include "mss.h"
42 #include "test_common.h"
43 
44 static const char testtext[] = "Dummy text to test PEM encoding";
45 
46 static void
48 {
49  struct gc_arena gc = gc_new();
50  struct buffer src_buf;
51  buf_set_read(&src_buf, (void *)testtext, sizeof(testtext));
52 
53  uint8_t dec[sizeof(testtext)];
54  struct buffer dec_buf;
55  buf_set_write(&dec_buf, dec, sizeof(dec));
56 
57  struct buffer pem_buf;
58 
59  assert_true(crypto_pem_encode("TESTKEYNAME", &pem_buf, &src_buf, &gc));
60  assert_true(BLEN(&src_buf) < BLEN(&pem_buf));
61 
62  /* Wrong key name */
63  assert_false(crypto_pem_decode("WRONGNAME", &dec_buf, &pem_buf));
64 
65  assert_true(crypto_pem_decode("TESTKEYNAME", &dec_buf, &pem_buf));
66  assert_int_equal(BLEN(&src_buf), BLEN(&dec_buf));
67  assert_memory_equal(BPTR(&src_buf), BPTR(&dec_buf), BLEN(&src_buf));
68 
69  gc_free(&gc);
70 }
71 
72 static void
73 test_translate_cipher(const char *ciphername, const char *openvpn_name)
74 {
75  bool cipher = cipher_valid(ciphername);
76 
77  /* Empty cipher is fine */
78  if (!cipher)
79  {
80  return;
81  }
82 
83  const char *kt_name = cipher_kt_name(ciphername);
84 
85  assert_string_equal(kt_name, openvpn_name);
86 }
87 
88 static void
89 test_cipher_names(const char *ciphername, const char *openvpn_name)
90 {
91  struct gc_arena gc = gc_new();
92  /* Go through some variants, if the cipher library accepts these, they
93  * should be normalised to the openvpn name */
94  char *upper = string_alloc(ciphername, &gc);
95  char *lower = string_alloc(ciphername, &gc);
96  char *random_case = string_alloc(ciphername, &gc);
97 
98  for (int i = 0; i < strlen(ciphername); i++)
99  {
100  upper[i] = toupper(ciphername[i]);
101  lower[i] = tolower(ciphername[i]);
102  if (rand() & 0x1)
103  {
104  random_case[i] = upper[i];
105  }
106  else
107  {
108  random_case[i] = lower[i];
109  }
110  }
111 
112  if (!openvpn_name)
113  {
114  openvpn_name = upper;
115  }
116 
117  test_translate_cipher(upper, openvpn_name);
118  test_translate_cipher(lower, openvpn_name);
119  test_translate_cipher(random_case, openvpn_name);
120  test_translate_cipher(ciphername, openvpn_name);
121 
122 
123  gc_free(&gc);
124 }
125 
126 static void
128 {
129  /* Test that a number of ciphers to see that they turn out correctly */
130  test_cipher_names("BF-CBC", NULL);
131  test_cipher_names("BLOWFISH-CBC", "BF-CBC");
132  test_cipher_names("Chacha20-Poly1305", NULL);
133  test_cipher_names("AES-128-GCM", NULL);
134  test_cipher_names("AES-128-CBC", NULL);
135  test_cipher_names("CAMELLIA-128-CFB128", "CAMELLIA-128-CFB");
136  test_cipher_names("id-aes256-GCM", "AES-256-GCM");
137 }
138 
139 
140 static const char *ipsumlorem = "Lorem ipsum dolor sit amet, consectetur "
141  "adipisici elit, sed eiusmod tempor incidunt "
142  "ut labore et dolore magna aliqua.";
143 
144 static void
145 crypto_test_tls_prf(void **state)
146 {
147  const char *seedstr = "Quis aute iure reprehenderit in voluptate "
148  "velit esse cillum dolore";
149  const unsigned char *seed = (const unsigned char *)seedstr;
150  const size_t seed_len = strlen(seedstr);
151 
152 
153  const unsigned char *secret = (const unsigned char *) ipsumlorem;
154  size_t secret_len = strlen((const char *)secret);
155 
156 
157  uint8_t out[32];
158  bool ret = ssl_tls1_PRF(seed, seed_len, secret, secret_len, out, sizeof(out));
159 
160 #if defined(LIBRESSL_VERSION_NUMBER) || defined(ENABLE_CRYPTO_WOLFSSL)
161  /* No TLS1 PRF support in these libraries */
162  assert_false(ret);
163 #else
164  assert_true(ret);
165  uint8_t good_prf[32] = {0xd9, 0x8c, 0x85, 0x18, 0xc8, 0x5e, 0x94, 0x69,
166  0x27, 0x91, 0x6a, 0xcf, 0xc2, 0xd5, 0x92, 0xfb,
167  0xb1, 0x56, 0x7e, 0x4b, 0x4b, 0x14, 0x59, 0xe6,
168  0xa9, 0x04, 0xac, 0x2d, 0xda, 0xb7, 0x2d, 0x67};
169  assert_memory_equal(good_prf, out, sizeof(out));
170 #endif
171 }
172 
173 static uint8_t testkey[20] = {0x0b, 0x00};
174 static uint8_t goodhash[20] = {0x58, 0xea, 0x5a, 0xf0, 0x42, 0x94, 0xe9, 0x17,
175  0xed, 0x84, 0xb9, 0xf0, 0x83, 0x30, 0x23, 0xae,
176  0x8b, 0xa7, 0x7e, 0xb8};
177 
178 static void
179 crypto_test_hmac(void **state)
180 {
181  hmac_ctx_t *hmac = hmac_ctx_new();
182 
183  assert_int_equal(md_kt_size("SHA1"), 20);
184 
185  uint8_t key[20];
186  memcpy(key, testkey, sizeof(key));
187 
188  hmac_ctx_init(hmac, key, "SHA1");
189  hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem));
190  hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem));
191 
192  uint8_t hash[20];
193  hmac_ctx_final(hmac, hash);
194 
195  assert_memory_equal(hash, goodhash, sizeof(hash));
196  memset(hash, 0x00, sizeof(hash));
197 
198  /* try again */
199  hmac_ctx_reset(hmac);
200  hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem));
201  hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem));
202  hmac_ctx_final(hmac, hash);
203 
204  assert_memory_equal(hash, goodhash, sizeof(hash));
205 
206  /* Fill our key with random data to ensure it is not used by hmac anymore */
207  memset(key, 0x55, sizeof(key));
208 
209  hmac_ctx_reset(hmac);
210  hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem));
211  hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem));
212  hmac_ctx_final(hmac, hash);
213 
214  assert_memory_equal(hash, goodhash, sizeof(hash));
215  hmac_ctx_cleanup(hmac);
216  hmac_ctx_free(hmac);
217 }
218 
219 /* This test is in test_crypto as it calls into the functions that calculate
220  * the crypto overhead */
221 static void
223 {
224  struct gc_arena gc = gc_new();
225 
226  struct frame f = { 0 };
227  struct options o = { 0 };
228  size_t linkmtu;
229 
230  /* common defaults */
231  o.ce.tun_mtu = 1400;
232  o.ce.proto = PROTO_UDP;
233 
234  /* No crypto at all */
235  o.ciphername = "none";
236  o.authname = "none";
237  linkmtu = calc_options_string_link_mtu(&o, &f);
238  assert_int_equal(linkmtu, 1400);
239 
240  /* Static key OCC examples */
241  o.shared_secret_file = "not null";
242 
243  /* secret, auth none, cipher none */
244  o.ciphername = "none";
245  o.authname = "none";
246  linkmtu = calc_options_string_link_mtu(&o, &f);
247  assert_int_equal(linkmtu, 1408);
248 
249  /* secret, cipher AES-128-CBC, auth none */
250  o.ciphername = "AES-128-CBC";
251  o.authname = "none";
252  linkmtu = calc_options_string_link_mtu(&o, &f);
253  assert_int_equal(linkmtu, 1440);
254 
255  /* secret, cipher none, auth SHA256 */
256  o.ciphername = "none";
257  o.authname = "SHA256";
258  linkmtu = calc_options_string_link_mtu(&o, &f);
259  assert_int_equal(linkmtu, 1440);
260 
261  /* secret, cipher BF-CBC, auth SHA1 */
262  o.ciphername = "BF-CBC";
263  o.authname = "SHA1";
264  linkmtu = calc_options_string_link_mtu(&o, &f);
265  assert_int_equal(linkmtu, 1444);
266 
267  /* secret, cipher BF-CBC, auth SHA1, tcp-client */
269  linkmtu = calc_options_string_link_mtu(&o, &f);
270  assert_int_equal(linkmtu, 1446);
271 
272  o.ce.proto = PROTO_UDP;
273 
274 #if defined(USE_COMP)
275  o.comp.alg = COMP_ALG_LZO;
276 
277  /* secret, comp-lzo yes, cipher BF-CBC, auth SHA1 */
278  linkmtu = calc_options_string_link_mtu(&o, &f);
279  assert_int_equal(linkmtu, 1445);
280 
281 #if defined(ENABLE_FRAGMENT)
282  /* secret, comp-lzo yes, cipher BF-CBC, auth SHA1, fragment 1200 */
283  o.ce.fragment = 1200;
284  linkmtu = calc_options_string_link_mtu(&o, &f);
285  assert_int_equal(linkmtu, 1449);
286  o.ce.fragment = 0;
287 #endif
288 
289  o.comp.alg = COMP_ALG_UNDEF;
290 #endif
291 
292  /* TLS mode */
293  o.shared_secret_file = NULL;
294  o.tls_client = true;
295  o.pull = true;
296 
297  /* tls client, cipher AES-128-CBC, auth SHA1, tls-auth */
298  o.authname = "SHA1";
299  o.ciphername = "AES-128-CBC";
300  o.tls_auth_file = "dummy";
301 
302  linkmtu = calc_options_string_link_mtu(&o, &f);
303  assert_int_equal(linkmtu, 1457);
304 
305  /* tls client, cipher AES-128-CBC, auth SHA1 */
306  o.tls_auth_file = NULL;
307 
308  linkmtu = calc_options_string_link_mtu(&o, &f);
309  assert_int_equal(linkmtu, 1457);
310 
311  /* tls client, cipher none, auth none */
312  o.authname = "none";
313  o.ciphername = "none";
314 
315  linkmtu = calc_options_string_link_mtu(&o, &f);
316  assert_int_equal(linkmtu, 1405);
317 
318  /* tls client, auth SHA1, cipher AES-256-GCM */
319  o.authname = "SHA1";
320  o.ciphername = "AES-256-GCM";
321  linkmtu = calc_options_string_link_mtu(&o, &f);
322  assert_int_equal(linkmtu, 1449);
323 
324 
325 #if defined(USE_COMP) && defined(ENABLE_FRAGMENT)
326  o.comp.alg = COMP_ALG_LZO;
327 
328  /* tls client, auth SHA1, cipher AES-256-GCM, fragment, comp-lzo yes */
329  o.ce.fragment = 1200;
330  linkmtu = calc_options_string_link_mtu(&o, &f);
331  assert_int_equal(linkmtu, 1454);
332 
333  /* tls client, auth SHA1, cipher AES-256-GCM, fragment, comp-lzo yes, socks */
334  o.ce.socks_proxy_server = "socks.example.com";
335  linkmtu = calc_options_string_link_mtu(&o, &f);
336  assert_int_equal(linkmtu, 1464);
337 #endif
338 
339  gc_free(&gc);
340 }
341 
342 static void
344 {
345  struct gc_arena gc = gc_new();
346 
347  struct frame f = { 0 };
348  struct options o = { 0 };
349 
350  /* common defaults */
351  o.ce.tun_mtu = 1400;
352  o.ce.mssfix = 1000;
353  o.ce.proto = PROTO_UDP;
354 
355  /* No crypto at all */
356  o.ciphername = "none";
357  o.authname = "none";
358  struct key_type kt;
359  init_key_type(&kt, o.ciphername, o.authname, false, false);
360 
361  /* No encryption, just packet id (8) + TCP payload(20) + IP payload(20) */
362  frame_calculate_dynamic(&f, &kt, &o, NULL);
363  assert_int_equal(f.mss_fix, 952);
364 
365  /* Static key OCC examples */
366  o.shared_secret_file = "not null";
367 
368  /* secret, auth none, cipher none */
369  o.ciphername = "none";
370  o.authname = "none";
371  init_key_type(&kt, o.ciphername, o.authname, false, false);
372  frame_calculate_dynamic(&f, &kt, &o, NULL);
373  assert_int_equal(f.mss_fix, 952);
374 
375  /* secret, cipher AES-128-CBC, auth none */
376  o.ciphername = "AES-128-CBC";
377  o.authname = "none";
378  init_key_type(&kt, o.ciphername, o.authname, false, false);
379 
380  for (int i = 990; i <= 1010; i++)
381  {
382  /* 992 - 1008 should end up with the same mssfix value all they
383  * all result in the same CBC block size/padding and <= 991 and >=1008
384  * should be one block less and more respectively */
385  o.ce.mssfix = i;
386  frame_calculate_dynamic(&f, &kt, &o, NULL);
387  if (i <= 991)
388  {
389  assert_int_equal(f.mss_fix, 911);
390  }
391  else if (i >= 1008)
392  {
393  assert_int_equal(f.mss_fix, 943);
394  }
395  else
396  {
397  assert_int_equal(f.mss_fix, 927);
398  }
399  }
400 #ifdef USE_COMP
401  o.comp.alg = COMP_ALG_LZO;
402 
403  /* Same but with compression added. Compression adds one byte extra to the
404  * payload so the payload should be reduced by compared to the no
405  * compression calculation before */
406  for (int i = 990; i <= 1010; i++)
407  {
408  /* 992 - 1008 should end up with the same mssfix value all they
409  * all result in the same CBC block size/padding and <= 991 and >=1008
410  * should be one block less and more respectively */
411  o.ce.mssfix = i;
412  frame_calculate_dynamic(&f, &kt, &o, NULL);
413  if (i <= 991)
414  {
415  assert_int_equal(f.mss_fix, 910);
416  }
417  else if (i >= 1008)
418  {
419  assert_int_equal(f.mss_fix, 942);
420  }
421  else
422  {
423  assert_int_equal(f.mss_fix, 926);
424  }
425  }
426  o.comp.alg = COMP_ALG_UNDEF;
427 #endif /* ifdef USE_COMP */
428 
429  /* tls client, auth SHA1, cipher AES-256-GCM */
430  o.authname = "SHA1";
431  o.ciphername = "AES-256-GCM";
432  o.tls_client = true;
433  o.peer_id = 77;
434  o.use_peer_id = true;
435  init_key_type(&kt, o.ciphername, o.authname, true, false);
436 
437  for (int i = 900; i <= 1200; i++)
438  {
439  /* For stream ciphers, the value should not be influenced by block
440  * sizes or similar but always have the same difference */
441  o.ce.mssfix = i;
442  frame_calculate_dynamic(&f, &kt, &o, NULL);
443 
444  /* 4 byte opcode/peerid, 4 byte pkt ID, 16 byte tag, 40 TCP+IP */
445  assert_int_equal(f.mss_fix, i - 4 - 4 - 16 - 40);
446  }
447 
448  gc_free(&gc);
449 }
450 
451 int
452 main(void)
453 {
455  const struct CMUnitTest tests[] = {
456  cmocka_unit_test(crypto_pem_encode_decode_loopback),
457  cmocka_unit_test(crypto_translate_cipher_names),
458  cmocka_unit_test(crypto_test_tls_prf),
459  cmocka_unit_test(crypto_test_hmac),
460  cmocka_unit_test(test_occ_mtu_calculation),
461  cmocka_unit_test(test_mssfix_mtu_calculation)
462  };
463 
464 #if defined(ENABLE_CRYPTO_OPENSSL)
465  OpenSSL_add_all_algorithms();
466 #endif
467 
468  int ret = cmocka_run_group_tests_name("crypto tests", tests, NULL, NULL);
469 
470 #if defined(ENABLE_CRYPTO_OPENSSL)
471  EVP_cleanup();
472 #endif
473 
474  return ret;
475 }
main
int main(void)
Definition: test_crypto.c:452
cipher_valid
static bool cipher_valid(const char *ciphername)
Returns if the cipher is valid, based on the given cipher name.
Definition: crypto_backend.h:204
hmac_ctx_cleanup
void hmac_ctx_cleanup(hmac_ctx_t *ctx)
connection_entry::mssfix
int mssfix
Definition: options.h:135
compress_options::alg
int alg
Definition: comp.h:66
options::use_peer_id
bool use_peer_id
Definition: options.h:682
ssl_backend.h
gc_new
static struct gc_arena gc_new(void)
Definition: buffer.h:1030
hmac_ctx_t
mbedtls_md_context_t hmac_ctx_t
Generic HMAC context.
Definition: crypto_mbedtls.h:46
connection_entry::socks_proxy_server
const char * socks_proxy_server
Definition: options.h:114
crypto_test_tls_prf
static void crypto_test_tls_prf(void **state)
Definition: test_crypto.c:145
hash
Definition: list.h:56
test_common.h
options::authname
const char * authname
Definition: options.h:560
options::tls_client
bool tls_client
Definition: options.h:574
options::shared_secret_file
const char * shared_secret_file
Definition: options.h:552
testtext
static const char testtext[]
Definition: test_crypto.c:44
options::ce
struct connection_entry ce
Definition: options.h:275
hmac_ctx_update
void hmac_ctx_update(hmac_ctx_t *ctx, const uint8_t *src, int src_len)
options.h
cipher_kt_name
const char * cipher_kt_name(const char *ciphername)
Retrieve a normalised string describing the cipher (e.g.
Definition: crypto_openssl.c:659
frame
Packet geometry parameters.
Definition: mtu.h:98
test_occ_mtu_calculation
static void test_occ_mtu_calculation(void **state)
Definition: test_crypto.c:222
key
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:149
ipsumlorem
static const char * ipsumlorem
Definition: test_crypto.c:140
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:667
test_translate_cipher
static void test_translate_cipher(const char *ciphername, const char *openvpn_name)
Definition: test_crypto.c:73
testkey
static uint8_t testkey[20]
Definition: test_crypto.c:173
PROTO_TCP_CLIENT
@ PROTO_TCP_CLIENT
Definition: socket.h:558
test_cipher_names
static void test_cipher_names(const char *ciphername, const char *openvpn_name)
Definition: test_crypto.c:89
BLEN
#define BLEN(buf)
Definition: buffer.h:127
options::comp
struct compress_options comp
Definition: options.h:395
calc_options_string_link_mtu
size_t calc_options_string_link_mtu(const struct options *o, const struct frame *frame)
Calculate the link-mtu to advertise to our peer.
Definition: mtu.c:152
frame_calculate_dynamic
void frame_calculate_dynamic(struct frame *frame, struct key_type *kt, const struct options *options, struct link_socket_info *lsi)
Set the –mssfix option.
Definition: mss.c:335
COMP_ALG_UNDEF
#define COMP_ALG_UNDEF
Definition: comp.h:45
crypto_translate_cipher_names
static void crypto_translate_cipher_names(void **state)
Definition: test_crypto.c:127
options::tls_auth_file
const char * tls_auth_file
Definition: options.h:644
goodhash
static uint8_t goodhash[20]
Definition: test_crypto.c:174
options
Definition: options.h:236
crypto.h
options::gc
struct gc_arena gc
Definition: options.h:238
md_kt_size
unsigned char md_kt_size(const char *mdname)
Returns the size of the message digest, in bytes.
Definition: crypto_openssl.c:1094
crypto_pem_encode_decode_loopback
static void crypto_pem_encode_decode_loopback(void **state)
Definition: test_crypto.c:47
hmac_ctx_final
void hmac_ctx_final(hmac_ctx_t *ctx, uint8_t *dst)
buffer
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
hmac_ctx_reset
void hmac_ctx_reset(hmac_ctx_t *ctx)
hmac_ctx_free
void hmac_ctx_free(hmac_ctx_t *ctx)
key_type
Definition: crypto.h:139
syshead.h
BPTR
#define BPTR(buf)
Definition: buffer.h:124
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
crypto_pem_encode
bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc)
Encode binary data as PEM.
Definition: crypto_openssl.c:502
buf_set_write
static void buf_set_write(struct buffer *buf, uint8_t *data, int size)
Definition: buffer.h:331
openvpn_unit_test_setup
static void openvpn_unit_test_setup(void)
Sets up the environment for unit tests like making both stderr and stdout non-buffered to avoid messa...
Definition: test_common.h:36
options::peer_id
uint32_t peer_id
Definition: options.h:683
crypto_pem_decode
bool crypto_pem_decode(const char *name, struct buffer *dst, const struct buffer *src)
Decode a PEM buffer to binary data.
Definition: crypto_openssl.c:530
gc_free
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1038
mss.h
config.h
hmac_ctx_new
hmac_ctx_t * hmac_ctx_new(void)
Definition: crypto_openssl.c:1186
connection_entry::fragment
int fragment
Definition: options.h:132
connection_entry::proto
int proto
Definition: options.h:99
hmac_ctx_init
void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const char *mdname)
init_key_type
void init_key_type(struct key_type *kt, const char *ciphername, const char *authname, bool tls_mode, bool warn)
Initialize a key_type structure with.
Definition: crypto.c:744
crypto_test_hmac
static void crypto_test_hmac(void **state)
Definition: test_crypto.c:179
COMP_ALG_LZO
#define COMP_ALG_LZO
Definition: comp.h:47
connection_entry::tun_mtu
int tun_mtu
Definition: options.h:118
options::ciphername
const char * ciphername
Definition: options.h:556
http-client.f
string f
Definition: http-client.py:6
test_mssfix_mtu_calculation
static void test_mssfix_mtu_calculation(void **state)
Definition: test_crypto.c:343
ssl_tls1_PRF
bool ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret, int secret_len, uint8_t *output, int output_len)
Calculates the TLS 1.0-1.1 PRF function.
Definition: crypto_openssl.c:1402
buf_set_read
static void buf_set_read(struct buffer *buf, const uint8_t *data, size_t size)
Definition: buffer.h:348
options::pull
bool pull
Definition: options.h:539
PROTO_UDP
@ PROTO_UDP
Definition: socket.h:555