From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1kgoWA-0006yW-NP for mharc-grub-devel@gnu.org; Sun, 22 Nov 2020 07:30:58 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:37540) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kgoW7-0006yI-AO for grub-devel@gnu.org; Sun, 22 Nov 2020 07:30:56 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:41229) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kgoW4-0002o8-Jl for grub-devel@gnu.org; Sun, 22 Nov 2020 07:30:55 -0500 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 218E75C012E; Sun, 22 Nov 2020 07:30:50 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Sun, 22 Nov 2020 07:30:50 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm2; bh=Cu2Lfx03BmuOcqA0DLua/rnTNIB DPyWa2mdDi61W5Ww=; b=FYBjcbOExvRu4ftcqPAk/usOaxId/L58SVCufWzpM++ FrFxpLqW+c+HIx3QllWGMiiqKb6PsviENfcgRoeOfmS+DQvL7q1UpMWp9MLdvxk4 tfeXsvZi5vdKWjxG3HMY+jwUA0aPDwh0wdu10liVPwG37BonmW4ohBkcUcEMtskp HXoACiYMZP0gbJ+cWvZwnx+llYpQP+jXmi52o195pv+wY7rUoAhJ+oVsbaEQyru+ qt/126tsXuxxk5VUMiWIgbVt+98Y82Yjn0ijNNemKAq6VO8lH5v5Zd6ds2cmmdq9 HRJYPTohY1DzQ4LdJGUZVQBMtQXLtJiI7jBIR6Ihg5A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=Cu2Lfx 03BmuOcqA0DLua/rnTNIBDPyWa2mdDi61W5Ww=; b=YY41NBMjhbkpj1NQdAM3LN hBBNAmlIc/QKkvGrdnbZnnZtuSDYjcqvcIUrTMvQ8KytWjJgEDgDJynkeVhdu5O+ la2OGg1Zy7z2aK5a29Mh6fqY5SkDVyKE1ztb9HFsGqGnFHOHTU7ccCMQQ65AxSWm dpO6ooebiOJaowrbTGqHljA3H8uQ+944E3LI7FdQN6fQr/JnDK2CkYd46WZZ9Z6K PyB67irO0KU7h6W439+8ysFfUOtugnPAtb6SFagkFYvpWPmCKHBG5NeZc+HstotI EZALJXixGVPFbeDEjz5luqCF9LVH6cUnNYEuvfqeG8UtmnK3DUUJ4gbLBIax1gqg == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudeggedggeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefrrghtrhhi tghkucfuthgvihhnhhgrrhguthcuoehpshesphhkshdrihhmqeenucggtffrrghtthgvrh hnpeehgefhtdefueffheekgfffudelffejtdfhvdejkedthfehvdelgfetgfdvtedthfen ucfkphepjeejrdduledurddufedrvdduheenucevlhhushhtvghrufhiiigvpedtnecurf grrhgrmhepmhgrihhlfhhrohhmpehpshesphhkshdrihhm X-ME-Proxy: Received: from vm-mail.pks.im (x4dbf0dd7.dyn.telefonica.de [77.191.13.215]) by mail.messagingengine.com (Postfix) with ESMTPA id F07B23280059; Sun, 22 Nov 2020 07:30:48 -0500 (EST) Received: from localhost (ncase [10.192.0.11]) by vm-mail.pks.im (OpenSMTPD) with ESMTPSA id 88f9b454 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sun, 22 Nov 2020 12:30:47 +0000 (UTC) Date: Sun, 22 Nov 2020 13:30:46 +0100 From: Patrick Steinhardt To: Glenn Washburn Cc: grub-devel@gnu.org, Daniel Kiper Subject: Re: [PATCH v4 13/15] cryptodisk: Properly handle non-512 byte sized sectors. Message-ID: References: <20201119203210.6b5562a4@crass-HP-ZBook-15-G2> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="EdcpsLSSRPcS4eqI" Content-Disposition: inline In-Reply-To: <20201119203210.6b5562a4@crass-HP-ZBook-15-G2> Received-SPF: pass client-ip=66.111.4.27; envelope-from=ps@pks.im; helo=out3-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Nov 2020 12:30:57 -0000 --EdcpsLSSRPcS4eqI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Nov 20, 2020 at 02:42:35AM -0600, Glenn Washburn wrote: > On Sun, 15 Nov 2020 11:07:27 +0100 > Patrick Steinhardt wrote: >=20 > > On Fri, Nov 06, 2020 at 10:44:33PM -0600, Glenn Washburn wrote: > > > By default, dm-crypt internally uses an IV that corresponds to > > > 512-byte sectors, even when a larger sector size is specified. What > > > this means is that when using a larger sector size, the IV is > > > incremented every sector. However, the amount the IV is incremented > > > is the number of 512 byte blocks in a sector (ie 8 for 4K sectors). > > > Confusingly the IV does not corespond to the number of, for > > > example, 4K sectors. So each 512 byte cipher block in a sector will > > > be encrypted with the same IV and the IV will be incremented > > > afterwards by the number of 512 byte cipher blocks in the sector. > > >=20 > > > There are some encryption utilities which do it the intuitive way > > > and have the IV equal to the sector number regardless of sector > > > size (ie. the fifth sector would have an IV of 4 for each cipher > > > block). And this is supported by dm-crypt with the iv_large_sectors > > > option and also cryptsetup as of 2.3.3 with the --iv-large-sectors, > > > though not with LUKS headers (only with --type plain). However, > > > support for this has not been included as grub does not support > > > plain devices right now. > > >=20 > > > One gotcha here is that the encrypted split keys are encrypted with > > > a hard- coded 512-byte sector size. So even if your data is > > > encrypted with 4K sector sizes, the split key encrypted area must > > > be decrypted with a block size of 512 (ie the IV increments every > > > 512 bytes). This made these changes less aestetically pleasing than > > > desired. > > >=20 > > > Signed-off-by: Glenn Washburn > > > --- > > > grub-core/disk/cryptodisk.c | 55 > > > ++++++++++++++++++++++--------------- grub-core/disk/luks.c | > > > 5 ++-- grub-core/disk/luks2.c | 7 ++++- > > > include/grub/cryptodisk.h | 8 +++++- > > > 4 files changed, 49 insertions(+), 26 deletions(-) > > >=20 > > > diff --git a/grub-core/disk/cryptodisk.c > > > b/grub-core/disk/cryptodisk.c index 31b73c535..61f8e57f4 100644 > > > --- a/grub-core/disk/cryptodisk.c > > > +++ b/grub-core/disk/cryptodisk.c > > > @@ -224,7 +224,8 @@ lrw_xor (const struct lrw_sector *sec, > > > static gcry_err_code_t > > > grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev, > > > grub_uint8_t * data, grub_size_t len, > > > - grub_disk_addr_t sector, int do_encrypt) > > > + grub_disk_addr_t sector, grub_size_t > > > log_sector_size, > > > + int do_encrypt) > > > { > > > grub_size_t i; > > > gcry_err_code_t err; > > > @@ -237,12 +238,12 @@ grub_cryptodisk_endecrypt (struct > > > grub_cryptodisk *dev, return (do_encrypt ? grub_crypto_ecb_encrypt > > > (dev->cipher, data, data, len) : grub_crypto_ecb_decrypt > > > (dev->cipher, data, data, len));=20 > > > - for (i =3D 0; i < len; i +=3D (1U << dev->log_sector_size)) > > > + for (i =3D 0; i < len; i +=3D (1U << log_sector_size)) > > > { > > > grub_size_t sz =3D ((dev->cipher->cipher->blocksize > > > + sizeof (grub_uint32_t) - 1) > > > / sizeof (grub_uint32_t)); > > > - grub_uint32_t iv[(GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE + 3) / 4]; > > > + grub_uint32_t iv[(GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE + 3) / 4] > > > __attribute__((aligned (sizeof (grub_uint64_t))));=20 > > > if (dev->rekey) > > > { > > > @@ -270,7 +271,7 @@ grub_cryptodisk_endecrypt (struct > > > grub_cryptodisk *dev, if (!ctx) > > > return GPG_ERR_OUT_OF_MEMORY; > > > =20 > > > - tmp =3D grub_cpu_to_le64 (sector << > > > dev->log_sector_size); > > > + tmp =3D grub_cpu_to_le64 (sector << log_sector_size); > > > dev->iv_hash->init (ctx); > > > dev->iv_hash->write (ctx, dev->iv_prefix, > > > dev->iv_prefix_len); dev->iv_hash->write (ctx, &tmp, sizeof (tmp)); > > > @@ -281,15 +282,25 @@ grub_cryptodisk_endecrypt (struct > > > grub_cryptodisk *dev, } > > > break; > > > case GRUB_CRYPTODISK_MODE_IV_PLAIN64: > > > - iv[1] =3D grub_cpu_to_le32 (sector >> 32); > > > - /* FALLTHROUGH */ > > > case GRUB_CRYPTODISK_MODE_IV_PLAIN: > > > - iv[0] =3D grub_cpu_to_le32 (sector & GRUB_TYPE_U_MAX > > > (iv[0])); > > > + /* > > > + * The IV is a 32 or 64 bit value of the dm-crypt native > > > sector > > > + * number. If using 32 bit IV mode, zero out the most > > > significant > > > + * 32 bits. > > > + */ > > > + { > > > + grub_uint64_t *iv64 =3D (grub_uint64_t *) iv; > > > + *iv64 =3D grub_cpu_to_le64 (sector << (log_sector_size > > > + - > > > GRUB_CRYPTODISK_IV_LOG_SIZE)); > > > + if (dev->mode_iv =3D=3D GRUB_CRYPTODISK_MODE_IV_PLAIN) > > > + iv[1] =3D 0; > > > + } > > > break; > > > case GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64: > > > + /* The IV is the 64 bit byte offset of the sector. */ > > > iv[1] =3D grub_cpu_to_le32 (sector >> (GRUB_TYPE_BITS > > > (iv[1]) > > > - - > > > dev->log_sector_size)); > > > - iv[0] =3D grub_cpu_to_le32 ((sector << > > > dev->log_sector_size) > > > + - log_sector_size)); > > > + iv[0] =3D grub_cpu_to_le32 ((sector << log_sector_size) > > > & GRUB_TYPE_U_MAX (iv[0])); > > > break; > > > case GRUB_CRYPTODISK_MODE_IV_BENBI: > > > @@ -312,10 +323,10 @@ grub_cryptodisk_endecrypt (struct > > > grub_cryptodisk *dev, case GRUB_CRYPTODISK_MODE_CBC: > > > if (do_encrypt) > > > err =3D grub_crypto_cbc_encrypt (dev->cipher, data + i, > > > data + i, > > > - (1U << > > > dev->log_sector_size), iv); > > > + (1U << > > > log_sector_size), iv); else > > > err =3D grub_crypto_cbc_decrypt (dev->cipher, data + i, > > > data + i, > > > - (1U << > > > dev->log_sector_size), iv); > > > + (1U << > > > log_sector_size), iv); if (err) > > > return err; > > > break; > > > @@ -323,10 +334,10 @@ grub_cryptodisk_endecrypt (struct > > > grub_cryptodisk *dev, case GRUB_CRYPTODISK_MODE_PCBC: > > > if (do_encrypt) > > > err =3D grub_crypto_pcbc_encrypt (dev->cipher, data + i, > > > data + i, > > > - (1U << > > > dev->log_sector_size), iv); > > > + (1U << > > > log_sector_size), iv); else > > > err =3D grub_crypto_pcbc_decrypt (dev->cipher, data + i, > > > data + i, > > > - (1U << > > > dev->log_sector_size), iv); > > > + (1U << > > > log_sector_size), iv); if (err) > > > return err; > > > break; > > > @@ -338,7 +349,7 @@ grub_cryptodisk_endecrypt (struct > > > grub_cryptodisk *dev, if (err) > > > return err; > > > =20 > > > - for (j =3D 0; j < (1U << dev->log_sector_size); > > > + for (j =3D 0; j < (1U << log_sector_size); > > > j +=3D dev->cipher->cipher->blocksize) > > > { > > > grub_crypto_xor (data + i + j, data + i + j, iv, > > > @@ -369,11 +380,11 @@ grub_cryptodisk_endecrypt (struct > > > grub_cryptodisk *dev, if (do_encrypt) > > > err =3D grub_crypto_ecb_encrypt (dev->cipher, data + > > > i, data + i, > > > - (1U << > > > dev->log_sector_size)); > > > + (1U << > > > log_sector_size)); else > > > err =3D grub_crypto_ecb_decrypt (dev->cipher, data + > > > i, data + i, > > > - (1U << > > > dev->log_sector_size)); > > > + (1U << > > > log_sector_size)); if (err) > > > return err; > > > lrw_xor (&sec, dev, data + i); > > > @@ -382,10 +393,10 @@ grub_cryptodisk_endecrypt (struct > > > grub_cryptodisk *dev, case GRUB_CRYPTODISK_MODE_ECB: > > > if (do_encrypt) > > > err =3D grub_crypto_ecb_encrypt (dev->cipher, data + i, > > > data + i, > > > - (1U << > > > dev->log_sector_size)); > > > + (1U << > > > log_sector_size)); else > > > err =3D grub_crypto_ecb_decrypt (dev->cipher, data + i, > > > data + i, > > > - (1U << > > > dev->log_sector_size)); > > > + (1U << > > > log_sector_size)); if (err) > > > return err; > > > break; > > > @@ -400,9 +411,9 @@ grub_cryptodisk_endecrypt (struct > > > grub_cryptodisk *dev, gcry_err_code_t > > > grub_cryptodisk_decrypt (struct grub_cryptodisk *dev, > > > grub_uint8_t * data, grub_size_t len, > > > - grub_disk_addr_t sector) > > > + grub_disk_addr_t sector, grub_size_t > > > log_sector_size) { > > > - return grub_cryptodisk_endecrypt (dev, data, len, sector, 0); > > > + return grub_cryptodisk_endecrypt (dev, data, len, sector, > > > log_sector_size, 0); } > > > =20 > > > grub_err_t > > > @@ -767,7 +778,7 @@ grub_cryptodisk_read (grub_disk_t disk, > > > grub_disk_addr_t sector, } > > > gcry_err =3D grub_cryptodisk_endecrypt (dev, (grub_uint8_t *) buf, > > > size << > > > disk->log_sector_size, > > > - sector, 0); > > > + sector, > > > dev->log_sector_size, 0); return grub_crypto_gcry_error (gcry_err); > > > } > > > =20 > > > @@ -808,7 +819,7 @@ grub_cryptodisk_write (grub_disk_t disk, > > > grub_disk_addr_t sector,=20 > > > gcry_err =3D grub_cryptodisk_endecrypt (dev, (grub_uint8_t *) tmp, > > > size << > > > disk->log_sector_size, > > > - sector, 1); > > > + sector, > > > disk->log_sector_size, 1); if (gcry_err) > > > { > > > grub_free (tmp); > > > diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c > > > index aa9877b68..84c3fa73a 100644 > > > --- a/grub-core/disk/luks.c > > > +++ b/grub-core/disk/luks.c > > > @@ -124,7 +124,7 @@ configure_ciphers (grub_disk_t disk, const char > > > *check_uuid, return NULL; > > > newdev->offset_sectors =3D grub_be_to_cpu32 (header.payloadOffset); > > > newdev->source_disk =3D NULL; > > > - newdev->log_sector_size =3D 9; > > > + newdev->log_sector_size =3D GRUB_LUKS1_LOG_SECTOR_SIZE; > > > newdev->total_sectors =3D grub_disk_get_size (disk) - > > > newdev->offset_sectors; grub_memcpy (newdev->uuid, uuid, sizeof > > > (uuid)); newdev->modname =3D "luks"; > > > @@ -247,7 +247,8 @@ luks_recover_key (grub_disk_t source, > > > return err; > > > } > > > =20 > > > - gcry_err =3D grub_cryptodisk_decrypt (dev, split_key, length, > > > 0); > > > + gcry_err =3D grub_cryptodisk_decrypt (dev, split_key, length, > > > 0, > > > + > > > GRUB_LUKS1_LOG_SECTOR_SIZE); if (gcry_err) > > > { > > > grub_free (split_key); > > > diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c > > > index 355bb4aec..4a4a0dec4 100644 > > > --- a/grub-core/disk/luks2.c > > > +++ b/grub-core/disk/luks2.c > > > @@ -504,7 +504,12 @@ luks2_decrypt_key (grub_uint8_t *out_key, > > > goto err; > > > } > > > =20 > > > - gcry_ret =3D grub_cryptodisk_decrypt (crypt, split_key, > > > k->area.size, 0); > > > + /* > > > + * The key slots area is always encrypted in 512-byte sectors, > > > + * regardless of encrypted data sector size. > > > + */ > > > + gcry_ret =3D grub_cryptodisk_decrypt (crypt, split_key, > > > k->area.size, 0, > > > + GRUB_LUKS1_LOG_SECTOR_SIZE); > > > if (gcry_ret) > > > { > > > ret =3D grub_crypto_gcry_error (gcry_ret); > > > diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h > > > index 258b777bf..ee30e4537 100644 > > > --- a/include/grub/cryptodisk.h > > > +++ b/include/grub/cryptodisk.h > > > @@ -48,6 +48,12 @@ typedef enum > > > =20 > > > #define GRUB_CRYPTODISK_MAX_UUID_LENGTH 71 > > > =20 > > > +/* LUKS1 specification defines the block size to always be 512 > > > bytes. */ +#define GRUB_LUKS1_LOG_SECTOR_SIZE 9 > >=20 > > Sorry to be nitpicky, but this constant is used for both LUKS1 and > > LUKS2. Shouldn't it just be called `GRUB_LUKS_LOG_SECTOR_SIZE`? > >=20 > > Patrick >=20 > Its named LUKS1 because that macro is meant to represent the log of the > sector size for the encrypted data segment, which is fixed at > 512-bytes (as you know LUKS2 is variable). I think a name suggesting > its only for the encrypted key data would be even longer and more > unwieldy. And I don't think just removing the '1' would be an accurate > name. Do you have other suggestions? >=20 > Glenn I mean we could split it up into two constants, `GRUB_LUKS1_LOG_SECTOR_SIZE` and `GRUB_LUKS2_KEYSLOT_LOG_SECTOR_SIZE`. Not sure if it's worth it, though. Patrick > >=20 > > > +/* By default dm-crypt increments the IV every 512 bytes. */ > > > +#define GRUB_CRYPTODISK_IV_LOG_SIZE 9 > > > + > > > #define GRUB_CRYPTODISK_GF_LOG_SIZE 7 > > > #define GRUB_CRYPTODISK_GF_SIZE (1U << GRUB_CRYPTODISK_GF_LOG_SIZE) > > > #define GRUB_CRYPTODISK_GF_LOG_BYTES (GRUB_CRYPTODISK_GF_LOG_SIZE > > > - 3) @@ -145,7 +151,7 @@ grub_cryptodisk_setkey (grub_cryptodisk_t > > > dev, gcry_err_code_t > > > grub_cryptodisk_decrypt (struct grub_cryptodisk *dev, > > > grub_uint8_t * data, grub_size_t len, > > > - grub_disk_addr_t sector); > > > + grub_disk_addr_t sector, grub_size_t > > > log_sector_size); grub_err_t > > > grub_cryptodisk_insert (grub_cryptodisk_t newdev, const char *name, > > > grub_disk_t source); > > > --=20 > > > 2.27.0 > > >=20 --EdcpsLSSRPcS4eqI Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEF9hrgiFbCdvenl/rVbJhu7ckPpQFAl+6WfUACgkQVbJhu7ck PpSFtQ//emt3BnYruQNlnQy6eV5p6xsz+y8JCZI22vQqUFX1iCBPR1lY/yRIYG/B GVVkqR2UY5PxehvaCpw0TrZ9Y+hkPoYhQ5vRBEHrO3vK9rPuNrHyDVLWjZJ/68uo ExWY0VJ6dopgZtlmQnHLHD8eddsGikU/a9mHR+CK8YaU9tkUO4yZW3IopvbMggWV KILURFpETzptBo2DN2cfV+xnZ0k/XFB3Z6/6t/mjg+2QAQ+9I+EbOJOjlgjWDdma swwFJy4ZrG2y29uGfGGv9Wi6bnuXO6p+wZTQnAPVxieHTIMgjQNeTqYUFJWMf0wu CxGJ2GCUNGKQmA70BODNg4gFcFBBvU9biW4i5t6Fir7MJk1DzgznOwqzGfaty4Ni nIod+UOB2E8HM3MjxVPVne05e8E80lbfalU1CiS73iGgsuHMNulT2L6xF2pIgP8V BroaJqK/Akls3n2n9cysjLzMZDDFDfAvdAbQN2nLI220mweDUyjhxFLvMnFueEgE vJwuMT4OVIYfAbf7z7Ih/wKpyrM1/O+KXCCtZgM5/Kl1nJPZCy1+f4Eufm4QUD8e UA9a66DoNpzJRb0HRfegqZ7q/LR8rZEkpcK9TuQIlhDolDm+yCbUYAAE8x7p+98C QVIu58pwB605xWOUrZfq0B5t/f3bn471PoKt9IAlV/DDFK7Q0x0= =edSR -----END PGP SIGNATURE----- --EdcpsLSSRPcS4eqI--