1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-11 21:48:50 +01:00
Commit Graph

2603 Commits

Author SHA1 Message Date
Werner Koch
3390951ffd
gpg: Show just keyserver and port with --send-keys.
* g10/call-dirmngr.c (ks_status_cb): Mangle the keyserver url
2022-09-30 16:40:31 +02:00
Werner Koch
2e22184ba5
gpg: Avoid to emit a compliance mode line if libgcrypt is non-compliant.
* g10/encrypt.c (check_encryption_compliance): Check gcrypt compliance
before emitting an ENCRYPTION_COMPLIANCE_MODE status.
--

GnuPG-bug-id: 6221
Ported-from: 07c6743148
2022-09-29 15:16:35 +02:00
Werner Koch
46f9b0071f
gpg: Fix assertion failure due to errors in encrypt_filter.
* common/iobuf.c (iobuf_copy): Use log_assert.  Explicitly cast error
return value.
* g10/build-packet.c (do_plaintext): Check for iobuf_copy error.

* g10/encrypt.c (encrypt_filter): Immediately set header_okay.
--

The second fix avoids repeated error message about non-compliant keys.

Updates-commit: a51067a21f
Ported-from: aa0c942521
GnuPG-bug-id: 6174
2022-09-29 15:09:56 +02:00
Werner Koch
a51067a21f
gpg: Make --require-compliance work for -se
* g10/encrypt.c (encrypt_crypt, encrypt_filter): Factor common code
out to ...
(create_dek_with_warnings): new
(check_encryption_compliance): and new.

* g10/encrypt.c (encrypt_filter): Add the compliance check.
--

GnuPG-bug-id: 6174
Ported-from: f88cb12f8e
2022-09-29 15:03:26 +02:00
Werner Koch
1b0c17dfab
gpg: Silence some diagnostics.
* g10/parse-packet.c (enum_sig_subpkt): Show "buffer shorter than
subpacket" only in debug mode.
(parse_signature): Show "signature packet without timestamp / keyid"
only in souble verbose mode.

* g10/sig-check.c (check_signature_metadata_validity): Use ISO
timestamp in UTC for the signature expired note.
--

I have seen to many of these diagnostics and in particular the first
one seems to be a connected to the others.  Thus it does not make
sense to show them in standard verbose mode.

The ISO timestamp is much easier to read than than the localized
timestamp and switching from localtime to UTC should not harm.
2022-09-28 11:14:26 +02:00
Werner Koch
1b2ac21c4c
gpg: Don't consider unknown keys as non-compliant while decrypting.
* g10/mainproc.c (proc_encrypted):  Change compliance logic.
--

For the description of the proplem see
  https://dev.gnupg.org/T6205#163306

GnuPG-bug-id: 6205
2022-09-26 14:40:34 +02:00
NIIBE Yutaka
d5e29991c0
dirmngr:dns,doc,gpg: Fix for noreturn for C11.
* dirmngr/dns.c: Use __noreturn__.
* doc/yat2m.c: Likewise.
* g10/main.h: Likewise.

--

GnuPG-bug-id: 4002
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-16 14:33:50 +09:00
NIIBE Yutaka
3d7dbf1661
agent,dirmngr,gpg,scd: Clean up for modern compiler.
* agent/protect.c (agent_get_shadow_info_type): It's a write only
variable, useful for debugging.
* g10/key-check.c (key_check_all_keysigs): Likewise.
* g10/keyedit.c (show_basic_key_info, menu_expire): Likewise.
* scd/app-sc-hsm.c (read_ef_prkd): Likewise.
* dirmngr/crlfetch.c (fetch_next_ksba_cert): Initialize the vars.
* dirmngr/ks-action.c (ks_action_help): Remove unused variables.
* dirmngr/server.c (make_keyserver_item): Likewise.
* dirmngr/validate.c (check_cert_sig): Initialize the variable.
* scd/app-p15.c (select_and_read_record): Likewise.
* tests/gpgscm/scheme.c (scheme_init_new): A function with no args.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-14 12:08:58 +09:00
NIIBE Yutaka
87d4338ed1
gpg,common,scd,sm: Function prototype fixes for modern compiler.
* common/gettime.c (gnupg_get_time): It has no arguments.
* common/signal.c (gnupg_block_all_signals): Likewise.
(gnupg_unblock_all_signals): Likewise.
* common/utf8conv.c (get_native_charset): Likewise.
* g10/cpr.c (is_status_enabled, cpr_enabled): Likewise.
* g10/getkey.c (getkey_disable_caches): Likewise.
* g10/keygen.c (ask_expiredate): Likewise.
* g10/passphrase.c (have_static_passphrase): Likewise.
(get_last_passphrase): Likewise.
* g10/tdbio.c (tdbio_is_dirty, tdbio_sync): Likewise.
(tdbio_get_dbname, open_db, tdbio_db_matches_options): Likewise.
(tdbio_read_nextcheck): Likewise.
* g10/trustdb.c (how_to_fix_the_trustdb): Likewise.
* scd/scdaemon.c (scd_get_socket_name): Likewise.
* sm/passphrase.c (have_static_passphrase): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-13 16:34:00 +09:00
Werner Koch
0988e49c45
gpg: Support key flags for RENC, TIME, and GROUP.
* g10/packet.h (PUBKEY_USAGE_RENC): New.
(PUBKEY_USAGE_TIME): New.
(PUBKEY_USAGE_GROUP): New.
* g10/getkey.c (parse_key_usage): Set the new key flags.
* g10/keyedit.c (show_key_with_all_names_colon): Show the new key
flags.
* g10/keyid.c (usagestr_from_pk): Ditto
* g10/keylist.c (print_capabilities): Ditto.
* g10/keygen.c (parse_usagestr): Parse line and set new flags.
(quickgen_set_para): Show flags.
--

See draft-koch-openpgp-2015-rfc4880bis-00 for the current version.
Actually these flags have been in the draft for years now.  This patch
is a first step to make use of them.
2022-09-07 11:54:23 +02:00
Werner Koch
203dcc19eb
common: New common option no-autostart.
* common/comopt.c (opts): Add "no-autostart".
(parse_comopt): Set it.
* common/comopt.h (comopt): Add no_autostart.

* g10/gpg.c (main): Take care of the new option.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (INCLUDED_BY_MAIN_MODULE): Add.
(main): Parse common options and handle new option.
* tools/gpg-card.c (main): Ditto.
(cmd_yubikey): Fix minor error reporting issue.

* common/util.h (GNUPG_MODULE_NAME_CARD): New const.
* common/homedir.c (gnupg_module_name): Support it.
--

Having a global option makes it easier to use disable autostart on a
server which is required to use a remote gpg-agent reliable.
2022-08-22 12:05:02 +02:00
Werner Koch
287597cb22
gpg: Fix --card-status to handle lowercase APPTYPEs
* g10/card-util.c (current_card_status): Use ascii_strcasecmp.
2022-08-16 12:34:00 +02:00
Werner Koch
1908fa8b83
gpg: Improve --edit-key setpref.
* g10/keygen.c (keygen_set_std_prefs): Allow extra spaces before
preference elements.  Detect the bracketed versions of the strings.
Ignore "aead".
--

This allows to c+p the list shown by pref with out remove the
brackets.
2022-08-12 11:46:30 +02:00
Ingo Klöcker
2cbb5760d7 gpg: Emit an ERROR status if --quick-set-primary-uid fails
* g10/keyedit.c (keyedit_quick_set_primary): Issue a status error.
--

This allows GpgME to detect and report a failure if setting the primary
user ID of a key failed.

GnuPG-bug-id: 6126
2022-08-09 12:02:28 +02:00
Ingo Klöcker
82c53efd63 gpg: Look up user ID to mark as primary by UID hash
* g10/keyedit.c (find_userid_by_namehash, find_userid): Add argument
want_valid. Skip invalid user IDs if valid is wanted.
(keyedit_quick_revuid): Ask find_userid() for any matching user ID.
(keyedit_quick_set_primary): Use find_userid() to find the user ID to
mark as primary.
* tests/openpgp/quick-key-manipulation.scm: Change second call of the
quick-set-primary-uid test to specify the user ID by its hash.
--

This makes it possible to specify the user ID to mark as primary via its
UID hash when calling --quick-set-primary-uid.

GnuPG-bug-id: 6126
2022-08-08 12:31:15 +02:00
Werner Koch
189102ac17
gpg: Fix wrong error message for keytocard.
* g10/call-agent.c (agent_keytocard): Emit SC_OP_FAILURE.
--

GnuPG-bug-id: 6122
2022-08-04 12:41:33 +02:00
Werner Koch
e542c4af18
gpg: Make symmetric + pubkey encryption de-vs compliant.
* g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption
de-vs compliant.

* g10/mainproc.c (struct symlist_item): New.
(struct mainproc_context): Add field symenc_list.
(release_list): Free that list.
(proc_symkey_enc): Record infos from symmetric session packet.
(proc_encrypted): Check symkey packet algos
--

The original check was too strong because it is in fact compliant to
encrypt with a symmetric key and and public key.  Thus decryption
should issue a compliance status.

In addition we now check that the cipher algorithms used to
symmetrically encrypt the session key are all compliant.  This is
similar to our check for all public key encrypted session key packets.

GnuPG-bug-id: 6119
Fixes-commit: b03fab09e1

Backported from 2.2

Signed-off-by: Werner Koch <wk@gnupg.org>
2022-08-02 18:41:23 +02:00
Werner Koch
eb675fbc4e
gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.
* g10/pkclist.c (select_algo_from_prefs): Change implicit hash
algorithm.
--

GnuPG-bug-id: 6043
2022-07-28 10:41:02 +02:00
NIIBE Yutaka
424aa3543d gpg,build: Fix message for newer gettext.
* g10/keyserver.c (keyserver_refresh): Use ngettext.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-05 13:27:41 +09:00
Werner Koch
ae2f1f0785
agent: Do not consider --min-passphrase-len for the magic wand.
* agent/call-pinentry.c (generate_pin): Lock to exactly 30 octets.
* g10/gpg.c (main) <aGenRandom>: Add Level 30.
2022-06-27 18:06:40 +02:00
Werner Koch
34c649b360
g10: Fix garbled status messages in NOTATION_DATA
* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
--

Depending on the escaping and line wrapping the computed remaining
buffer length could be wrong.  Fixed by always using a break to
terminate the escape detection loop.  Might have happened for all
status lines which may wrap.

GnuPG-bug-id: T6027
2022-06-14 11:34:17 +02:00
Jakub Jelen
4dbef2addc keygen: Fix reading AEAD preference
* g10/keygen.c (keygen_set_std_prefs): Use the right variable when
  reading AEAD preference string
--

GnuPG-bug-id: 6019
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-06-14 15:37:15 +09:00
Werner Koch
d2d7a2b128
Remove remaining support for WindowsCE
--
2022-06-03 10:08:21 +02:00
Werner Koch
7aabd94b81
gpg: Setup the 'usage' filter property for export.
* g10/export.c (do_export_stream): Merge the key to get the properties
ready.
--

This makes

  gpg --export --export-filter 'drop-subkey=usage=~a'

(Export all subkeys but those with the auth usage)
work without using the workaound of adding
--export-options export-clean
2022-05-28 17:38:13 +02:00
Ingo Klöcker
35b1755070 gpg: Look up user ID to revoke by UID hash
* g10/keyedit.c (find_userid_by_namehash, find_userid): New.
(keyedit_quick_revuid): Use find_userid() instead of iterating over the
nodes of the keyblock.
* tests/openpgp/quick-key-manipulation.scm: Add test for revoking a
user ID specified by its hash.
--

This makes it possible to specify the user ID to revoke as UID hash when
calling --quick-revoke-uid.

GnuPG-bug-id: 5936
2022-04-26 11:48:47 +02:00
Werner Koch
f6caf5b173
gpg: Avoid NULL ptr access due to corrupted packets.
* g10/parse-packet.c (parse_signature): Do not create an opaque MPI
with NULL and length > 0
(parse_key): Ditto.
--

GnuPG-bug-id: 5940, 5946
2022-04-25 15:21:05 +02:00
Werner Koch
0f8623d518
gpg: Emit an ERROR status as hint for a bad passphrase.
* g10/mainproc.c (proc_symkey_enc): Issue new error code.
(proc_encrypted): Ditto.
--

This allows GPGME to return a better error message than "bad session
key" to the user.  Technically we could get run into these errors also
in other cases but this more unlikley.  For the command line use we
don't do anything to not change the expected output of the command
line interface.

GnuPG-bug-id: 5943
2022-04-25 11:24:14 +02:00
Ingo Klöcker
8b3a24e517 gpg: Fix line end in error message
* g10/keyedit.c (menu_adduid): Move linefeed character to the format
string.
--

This fixes a literal '\n' in the error message and a missing line feed
after the error message.
2022-04-22 10:10:36 +02:00
Werner Koch
22fef189b1
w32: Do no use Registry item DefaultLogFile for the main tools.
* g10/gpg.c (main): Set LOG_NO_REGISTRY.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpgconf.c (main): Ditto.
(show_other_registry_entries): Print "DefaultLogFile".
--

The intention of this mostly forgotten registry entry was to allow for
easy debugging of the tools.  However, with the global config file
common.conf things are anyway better.  We disable the use for the
commonly used tools so that it does not look like calling gpg on the
command line seems to block with no output if the log
server (e.g. tcp://1.2.3.4:11111) is not reachable.
2022-04-20 09:30:56 +02:00
Werner Koch
41fb46007e
gpg: Replace an assert by a log_fatal.
* g10/build-packet.c (do_signature): Use log_fatal.
--
GnuPG-bug-id: 5809
2022-04-14 13:56:10 +02:00
Werner Koch
8945f1aedf
gpg: Remove restrictions for the name part of a user-id.
* g10/keygen.c (ask_user_id): Allow for the name to start with a
digit.  Allow names shorter than 5.
--

The reason for this change is that we don't enforce these constraints
in the --quick-gen-key interface.  I added the constraints right in the
beginning of gnupg to make sure that we have a uniform style for
user-ids.  However, this is all problematic with non-Latin names
and we prefer to use mail addresses anyway.
2022-04-08 16:03:12 +02:00
NIIBE Yutaka
2cebba7274 gpg,tools: Remove use of repo only zlib-riscos.h.
* g10/compress.c: Don't use zlib-riscos.h.
* tools/gpgsplit.c: Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-29 12:07:18 +09:00
Werner Koch
253fcb9777
gpg: Remove EAX from the preference list.
* g10/gpg.c (main): Remove note about rfc4880bis.
* g10/keygen.c (keygen_set_std_prefs): Use only OCB in the AEAD
preference list.
--

It is more than unlikely that EAX will ever be used in practice and
thus we remove it from the preference list.
2022-03-28 15:25:55 +02:00
NIIBE Yutaka
0ba69e5581 gpg: Always use version >= 4 to generate signature.
* g10/sign.c (update_keysig_packet): Make sure sig->version >= 4.

--

GnuPG-bug-id: 5809
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-19 13:38:37 +09:00
Werner Koch
06b70daa50
gpg: Print info about the used AEAD algorithm in the compliance msg.
* g10/misc.c (openpgp_cipher_algo_mode_name): New.
* g10/decrypt-data.c (decrypt_data): Use function here.
--

Note that openpgp_cipher_algo_mode_name is different from the version
2.2 becuase we append ".CFB" here.

Without this change we would see

  gpg: cipher algorithm 'AES256' may not be used in
  --compliance=de-vs mode

This is confusing because AES256 is compliant.  Now we see

  gpg: cipher algorithm 'AES256.OCB' may not be used in
  --compliance=de-vs mode

which gives a hint on the problem.
2022-03-18 14:19:24 +01:00
Werner Koch
8631d4cfe2
gpg: Allow decryption of symencr even for non-compliant cipher.
* g10/decrypt-data.c (decrypt_data): Add arg compliance_error.  Adjust
all callers.  Fail on compliance error only in --require-compliance
mode.  Make sure to return an error if the buffer is missing; actually
that should be an assert.
* g10/mainproc.c (proc_encrypted): Delay printing of the compliance
mode status.  Consult the compliance error now returned by
decrypt_data.
--

The actual case here is that we fail hard if a message has been AEAD
encrypted with one AEAD capable key and also with one passphrase.  In
general the preference system takes care of not using AEAD if one
recipient's key does not support it.  However, if the sender uses her
own AEAD-capable key _and_ a passphrase the message will be AEAD
encrypted.  This change allows to decrypt that anyway along with a
warning message.

Note that this does currently not work in 2.3 due to a non-compliant
libgcrypt.  We will however, backport this to 2.2.
2022-03-18 11:14:54 +01:00
Jakub Jelen
eadf12a52c sign: Construct valid AEAD packets.
* g10/sign.c (sign_symencrypt_file): Insert correct version and AEAD
  information into symkey packet.

--

GnuPG-bug-id: 5856
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-03-09 11:06:42 +09:00
Werner Koch
ee013c5350
gpg: New option --require-compliance.
* g10/options.h (opt): Add field flags.require_compliance.
* g10/gpg.c (oRequireCompliance): New.
(opts): Add --require-compliance.
(main): Set option.
* g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant.
(check_sig_and_print): Ditto.
* g10/encrypt.c (encrypt_crypt): Ditto.
--

Note that in the --encrypt and --verify cased other checks may kick in
earlier than this new --require-compliance controlled one.
2022-03-08 19:26:01 +01:00
Jussi Kivilinna
49c6e58394 gpg: fix --enarmor with zero length source file
* common/iobuf.c (filter_flush): Remove "src_len == 0" check.
* g10/compress-bz2.c (do_compress): Exit early if flush not
forced and input length is zero.
* g10/compress.c (do_compress): Likewise.
--

Remove "(src_len == 0)" check in filter_flush which was
introduced to fix compress failure caused by zero length
flush from iobuf_close. However this check broke enarmoring
file with length of zero. Patch instead fixes zero length
flush problem in compress filters.

GnuPG-bug-id: T5828
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-03-08 20:03:08 +02:00
Jussi Kivilinna
99e2c178c7 g10/cipher-aead: add fast path for avoid memcpy when AEAD encrypting
* g10/cipher-aead.c (do_hash): Add faster path for encrypting directly
from input buffer instead of memcpying then encrypting inplace.
--

When encrypting with AES256.OCB on AMD Ryzen 5800X, memcpy shows as
taking largest portion of computation time. Patch adds fast path for
AEAD encryption which largely eliminates need for memcpying when
doing AEAD encryption. AES256.OCB throughput increases from 2.2GB/s
to 4.2GB/s on said system (1.9x faster).

GnuPG-bug-id: T5828
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-03-08 20:00:31 +02:00
Jussi Kivilinna
6c95d52a22 g10/decrypt-data: disable output estream buffering to reduce overhead
* g10/decrypt-data.c (decrypt_data): Disable estream buffering for
output file.
--

Here estream is filled with iobuf_copy which already uses large buffers
so additional buffering in estream was just adding memory copy overhead.

GnuPG-bug-id: T5828
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-03-08 20:00:31 +02:00
Jussi Kivilinna
583b664a07 g10/plaintext: disable estream buffering in binary mode
* g10/plaintext.c (handle_plaintext): Disable estream buffering in
binary modes.
--

Since in binary mode, large buffers are passed from source iobuf to
target estream, extra buffering in estream only causes extra memory
copying and overhead.

GnuPG-bug-id: T5828
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-03-08 20:00:31 +02:00
Jussi Kivilinna
f2322ff942 Use iobuf buffer size for temporary buffer size
* common/iobuf.c (iobuf_copy): Use iobuf buffer size for temporary
buffers.
* g10/plaintext.c (handle_plaintext, do_hash): Likewise.
* g10/sign.c (sign_file): Likewise.
--

As iobuf will have zerocopy operation for read/write, it is better to
use same size buffers as iobuf for temporary copy buffers.

GnuPG-bug-id: T5828
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-03-08 20:00:31 +02:00
Jussi Kivilinna
756c0bd5d8 g10/encrypt: use iobuf_copy instead of manual iobuf_read/iobuf_write
* g10/encrypt.c (encrypt_simple): Use 'iobuf_copy' for no-literal case.
--

GnuPG-bug-id: T5852
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-03-02 21:12:28 +02:00
Jussi Kivilinna
9c313321a8 g10/dearmor: use iobuf_copy
* g10/dearmor.c (dearmor_file, enarmor_file): Use 'iobuf_copy'.
--

GnuPG-bug-id: T5852
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-03-02 21:12:28 +02:00
Jussi Kivilinna
f8943ce098 g10/sign: sign_file: use iobuf_read for higher detached signing speed
* g10/sign.c (sign_file): Use iobuf_read instead of iobuf_get for
reading data from detached file.
--

This patch reduces iobuf_read per byte processing overhead and speeds
up detached signing.

Detached signing speed on AMD Ryzen 5800X (4.3GiB file, SHA256):

         gpg process
         user time
 before: 3.951s
 after:  1.898s (2.0x faster)

GnuPG-bug-id: T5826
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-02-27 18:49:25 +02:00
Jussi Kivilinna
4e27b9defc g10/plaintext: do_hash: use iobuf_read for higher performance
* g10/plaintext.c (do_hash): Use iobuf_read instead of iobuf_get for
reading data; Use gcry_md_write instead of gcry_md_putc for hash data.
--

This patch reduces iobuf_read per byte processing overhead and speeds
up detached signature verifying.

Detached verifying speed on AMD Ryzen 5800X (4.3GiB file, SHA256):

         gpg process
         user time
 before: 9.410s
 after:  1.913s (4.9x faster)

GnuPG-bug-id: T5826
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-02-27 18:49:25 +02:00
NIIBE Yutaka
335805e1d4 gpg: Clarify a call of ask_for_detached_datafile.
* g10/mainproc.c (proc_tree): Call ask_for_detached_datafile
with MD2=NULL.

--

Here, c->mfx.md2 is always NULL, in fact.  But, text-wise
(when searching the use of "mfx.md2"), before the change, it used
mfx.md2, which is irrelevant in the handling of PKT_ONEPASS_SIG.

Note that: One-Pass Signature is not available in PGP2.

This fix removes (text-wise) unmatch of the calls of functions
hash_datafile_by_fd hash_datafiles, and ask_for_detached_datafile.

Fixes-commit: 88a916cdd4
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-02-25 11:55:07 +09:00
NIIBE Yutaka
fb007d93de Fix the previous commit.
--

Fixes-commit: 903c5fe369
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-02-23 09:12:07 +09:00
NIIBE Yutaka
903c5fe369 gpg: Fix generating AEAD packet.
* g10/cipher-aead.c (do_free): Fix the condition of the last chunk.

--

GnuPG-bug-id: 5853
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-02-22 21:12:54 +09:00