FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:25667 core dump dir: /tmp secrets file: /etc/ipsec.secrets leak-detective enabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x55593e34c138 size 40 | libevent_malloc: new ptr-libevent@0x55593e346cd8 size 40 | libevent_malloc: new ptr-libevent@0x55593e346dd8 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x55593e3cb338 size 56 | libevent_malloc: new ptr-libevent@0x55593e36f448 size 664 | libevent_malloc: new ptr-libevent@0x55593e3cb3a8 size 24 | libevent_malloc: new ptr-libevent@0x55593e3cb3f8 size 384 | libevent_malloc: new ptr-libevent@0x55593e3cb2f8 size 16 | libevent_malloc: new ptr-libevent@0x55593e346908 size 40 | libevent_malloc: new ptr-libevent@0x55593e346d38 size 48 | libevent_realloc: new ptr-libevent@0x55593e36f0d8 size 256 | libevent_malloc: new ptr-libevent@0x55593e3cb5a8 size 16 | libevent_free: release ptr-libevent@0x55593e3cb338 | libevent initialized | libevent_realloc: new ptr-libevent@0x55593e3cb338 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds | encryption algorithm assertion checks | encryption algorithm AES_CCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 ESP ID id: 16 enum name: AES_CCM_C | IKEv2 ID id: 16 enum name: AES_CCM_C | encryption algorithm AES_CCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 ESP ID id: 15 enum name: AES_CCM_B | IKEv2 ID id: 15 enum name: AES_CCM_B | encryption algorithm AES_CCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 ESP ID id: 14 enum name: AES_CCM_A | IKEv2 ID id: 14 enum name: AES_CCM_A | encryption algorithm 3DES_CBC, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 3, IKEv2 id: 3 | IKEv1 OAKLEY ID id: 5 enum name: 3DES_CBC | IKEv1 ESP ID id: 3 enum name: 3DES | IKEv2 ID id: 3 enum name: 3DES | encryption algorithm CAMELLIA_CTR, IKEv1 OAKLEY id: 24, IKEv1 ESP_INFO id: 24, IKEv2 id: 24 | IKEv1 OAKLEY ID id: 24 enum name: CAMELLIA_CTR | IKEv1 ESP ID id: 24 enum name: CAMELLIA_CTR | IKEv2 ID id: 24 enum name: CAMELLIA_CTR | encryption algorithm CAMELLIA_CBC, IKEv1 OAKLEY id: 8, IKEv1 ESP_INFO id: 22, IKEv2 id: 23 | IKEv1 OAKLEY ID id: 8 enum name: CAMELLIA_CBC | IKEv1 ESP ID id: 22 enum name: CAMELLIA | IKEv2 ID id: 23 enum name: CAMELLIA_CBC | encryption algorithm AES_GCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 20, IKEv2 id: 20 | IKEv1 ESP ID id: 20 enum name: AES_GCM_C | IKEv2 ID id: 20 enum name: AES_GCM_C | encryption algorithm AES_GCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 19, IKEv2 id: 19 | IKEv1 ESP ID id: 19 enum name: AES_GCM_B | IKEv2 ID id: 19 enum name: AES_GCM_B | encryption algorithm AES_GCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 ESP ID id: 18 enum name: AES_GCM_A | IKEv2 ID id: 18 enum name: AES_GCM_A | encryption algorithm AES_CTR, IKEv1 OAKLEY id: 13, IKEv1 ESP_INFO id: 13, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 13 enum name: AES_CTR | IKEv1 ESP ID id: 13 enum name: AES_CTR | IKEv2 ID id: 13 enum name: AES_CTR | encryption algorithm AES_CBC, IKEv1 OAKLEY id: 7, IKEv1 ESP_INFO id: 12, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 7 enum name: AES_CBC | IKEv1 ESP ID id: 12 enum name: AES | IKEv2 ID id: 12 enum name: AES_CBC | encryption algorithm SERPENT_CBC, IKEv1 OAKLEY id: 65004, IKEv1 ESP_INFO id: 252, IKEv2 id: 65004 | IKEv1 OAKLEY ID id: 65004 enum name: SERPENT_CBC | IKEv1 ESP ID id: 252 enum name: SERPENT | IKEv2 ID id: 65004 enum name: SERPENT_CBC | encryption algorithm TWOFISH_CBC, IKEv1 OAKLEY id: 65005, IKEv1 ESP_INFO id: 253, IKEv2 id: 65005 | IKEv1 OAKLEY ID id: 65005 enum name: TWOFISH_CBC | IKEv1 ESP ID id: 253 enum name: TWOFISH | IKEv2 ID id: 65005 enum name: TWOFISH_CBC | encryption algorithm TWOFISH_SSH, IKEv1 OAKLEY id: 65289, IKEv1 ESP_INFO id: -1, IKEv2 id: 65289 | IKEv1 OAKLEY ID id: 65289 enum name: TWOFISH_CBC_SSH | IKEv2 ID id: 65289 enum name: TWOFISH_CBC_SSH | encryption algorithm NULL_AUTH_AES_GMAC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 23, IKEv2 id: 21 | IKEv1 ESP ID id: 23 enum name: NULL_AUTH_AES_GMAC | IKEv2 ID id: 21 enum name: NULL_AUTH_AES_GMAC | encryption algorithm NULL, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 11, IKEv2 id: 11 | IKEv1 ESP ID id: 11 enum name: NULL | IKEv2 ID id: 11 enum name: NULL | encryption algorithm CHACHA20_POLY1305, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 28 | IKEv2 ID id: 28 enum name: CHACHA20_POLY1305 Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 | hash algorithm assertion checks | hash algorithm MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | hash algorithm SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | hash algorithm SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | hash algorithm SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | hash algorithm SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 | PRF algorithm assertion checks | PRF algorithm HMAC_MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5 | PRF algorithm HMAC_SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1 | PRF algorithm HMAC_SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv2 ID id: 5 enum name: HMAC_SHA2_256 | PRF algorithm HMAC_SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: 6 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv2 ID id: 6 enum name: HMAC_SHA2_384 | PRF algorithm HMAC_SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: 7 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv2 ID id: 7 enum name: HMAC_SHA2_512 | PRF algorithm AES_XCBC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 4 | IKEv2 ID id: 4 enum name: AES128_XCBC PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc | integrity algorithm assertion checks | integrity algorithm HMAC_MD5_96, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: 1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv1 ESP ID id: 1 enum name: HMAC_MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5_96 | integrity algorithm HMAC_SHA1_96, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: 2, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv1 ESP ID id: 2 enum name: HMAC_SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1_96 | integrity algorithm HMAC_SHA2_512_256, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: 7, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv1 ESP ID id: 7 enum name: HMAC_SHA2_512 | IKEv2 ID id: 14 enum name: HMAC_SHA2_512_256 | integrity algorithm HMAC_SHA2_384_192, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 6, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv1 ESP ID id: 6 enum name: HMAC_SHA2_384 | IKEv2 ID id: 13 enum name: HMAC_SHA2_384_192 | integrity algorithm HMAC_SHA2_256_128, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: 5, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv1 ESP ID id: 5 enum name: HMAC_SHA2_256 | IKEv2 ID id: 12 enum name: HMAC_SHA2_256_128 | integrity algorithm HMAC_SHA2_256_TRUNCBUG, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 252, IKEv2 id: -1 | IKEv1 ESP ID id: 252 enum name: HMAC_SHA2_256_TRUNCBUG | integrity algorithm AES_XCBC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 9, IKEv2 id: 5 | IKEv1 ESP ID id: 9 enum name: AES_XCBC | IKEv2 ID id: 5 enum name: AES_XCBC_96 | integrity algorithm AES_CMAC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 250, IKEv2 id: 8 | IKEv1 ESP ID id: 250 enum name: AES_CMAC_96 | IKEv2 ID id: 8 enum name: AES_CMAC_96 | integrity algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 0, IKEv2 id: 0 | IKEv1 ESP ID id: 0 enum name: NONE | IKEv2 ID id: 0 enum name: NONE Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null | DH algorithm assertion checks | DH algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 0 | IKEv2 ID id: 0 enum name: NONE | DH algorithm MODP1536, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 5, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 5 enum name: MODP1536 | IKEv1 ESP ID id: 5 enum name: MODP1536 | IKEv2 ID id: 5 enum name: MODP1536 | DH algorithm MODP2048, IKEv1 OAKLEY id: 14, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 14 enum name: MODP2048 | IKEv1 ESP ID id: 14 enum name: MODP2048 | IKEv2 ID id: 14 enum name: MODP2048 | DH algorithm MODP3072, IKEv1 OAKLEY id: 15, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 OAKLEY ID id: 15 enum name: MODP3072 | IKEv1 ESP ID id: 15 enum name: MODP3072 | IKEv2 ID id: 15 enum name: MODP3072 | DH algorithm MODP4096, IKEv1 OAKLEY id: 16, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 OAKLEY ID id: 16 enum name: MODP4096 | IKEv1 ESP ID id: 16 enum name: MODP4096 | IKEv2 ID id: 16 enum name: MODP4096 | DH algorithm MODP6144, IKEv1 OAKLEY id: 17, IKEv1 ESP_INFO id: 17, IKEv2 id: 17 | IKEv1 OAKLEY ID id: 17 enum name: MODP6144 | IKEv1 ESP ID id: 17 enum name: MODP6144 | IKEv2 ID id: 17 enum name: MODP6144 | DH algorithm MODP8192, IKEv1 OAKLEY id: 18, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 OAKLEY ID id: 18 enum name: MODP8192 | IKEv1 ESP ID id: 18 enum name: MODP8192 | IKEv2 ID id: 18 enum name: MODP8192 | DH algorithm DH19, IKEv1 OAKLEY id: 19, IKEv1 ESP_INFO id: -1, IKEv2 id: 19 | IKEv1 OAKLEY ID id: 19 enum name: ECP_256 | IKEv2 ID id: 19 enum name: ECP_256 | DH algorithm DH20, IKEv1 OAKLEY id: 20, IKEv1 ESP_INFO id: -1, IKEv2 id: 20 | IKEv1 OAKLEY ID id: 20 enum name: ECP_384 | IKEv2 ID id: 20 enum name: ECP_384 | DH algorithm DH21, IKEv1 OAKLEY id: 21, IKEv1 ESP_INFO id: -1, IKEv2 id: 21 | IKEv1 OAKLEY ID id: 21 enum name: ECP_521 | IKEv2 ID id: 21 enum name: ECP_521 | DH algorithm DH31, IKEv1 OAKLEY id: 31, IKEv1 ESP_INFO id: -1, IKEv2 id: 31 | IKEv1 OAKLEY ID id: 31 enum name: CURVE25519 | IKEv2 ID id: 31 enum name: CURVE25519 DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5430 | result: symkey-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5418 | result: symkey-key@0x55593e34d080 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: cipertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55593e34d080 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5430 | result: symkey-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5418 | result: symkey-key@0x55593e34d080 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: cipertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55593e34d080 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5430 | result: symkey-key@0x55593e3ce5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x55593e3ce5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5418 | result: symkey-key@0x55593e34d080 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: cipertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55593e34d080 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF FF EE DD CC BB AA 99 88 77 66 55 44 33 22 11 00" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11 00 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5430 | result: symkey-key@0x55593e3ce5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x55593e3ce5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5418 | result: symkey-key@0x55593e34d080 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: cipertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55593e34d080 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed testing AES_GCM_16: empty string | decode_to_chunk: raw_key: input "0xcf063a34d4a9a76c2c86787d3f96db71" | decode_to_chunk: output: | cf 06 3a 34 d4 a9 a7 6c 2c 86 78 7d 3f 96 db 71 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53d0 | result: symkey-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53b8 | result: symkey-key@0x55593e34d080 (16-bytes, AES_GCM) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: salted IV: input "0x113b9785971864c83b01c787" | decode_to_chunk: output: | 11 3b 97 85 97 18 64 c8 3b 01 c7 87 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "" | decode_to_chunk: output: | | decode_to_chunk: ciphertext: input "" | decode_to_chunk: output: | | decode_to_chunk: tag: input "0x72ac8493e3a5228b5d130a69d2510e42" | decode_to_chunk: output: | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: release sym_key-key@0x55593e34d080 | test_gcm_vector: passed one block | decode_to_chunk: raw_key: input "0xe98b72a9881a84ca6b76e0f43e68647a" | decode_to_chunk: output: | e9 8b 72 a9 88 1a 84 ca 6b 76 e0 f4 3e 68 64 7a | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53d0 | result: symkey-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53b8 | result: symkey-key@0x55593e34d080 (16-bytes, AES_GCM) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: salted IV: input "0x8b23299fde174053f3d652ba" | decode_to_chunk: output: | 8b 23 29 9f de 17 40 53 f3 d6 52 ba | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0x28286a321293253c3e0aa2704a278032" | decode_to_chunk: output: | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | decode_to_chunk: ciphertext: input "0x5a3c1cf1985dbb8bed818036fdd5ab42" | decode_to_chunk: output: | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | decode_to_chunk: tag: input "0x23c7ab0f952b7091cd324835043b5eb5" | decode_to_chunk: output: | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: release sym_key-key@0x55593e34d080 | test_gcm_vector: passed two blocks | decode_to_chunk: raw_key: input "0xbfd414a6212958a607a0f5d3ab48471d" | decode_to_chunk: output: | bf d4 14 a6 21 29 58 a6 07 a0 f5 d3 ab 48 47 1d | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53d0 | result: symkey-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53b8 | result: symkey-key@0x55593e34d080 (16-bytes, AES_GCM) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: salted IV: input "0x86d8ea0ab8e40dcc481cd0e2" | decode_to_chunk: output: | 86 d8 ea 0a b8 e4 0d cc 48 1c d0 e2 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0xa6b76a066e63392c9443e60272ceaeb9d25c991b0f2e55e2804e168c05ea591a" | decode_to_chunk: output: | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | decode_to_chunk: ciphertext: input "0x62171db33193292d930bf6647347652c1ef33316d7feca99d54f1db4fcf513f8" | decode_to_chunk: output: | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | decode_to_chunk: tag: input "0xc28280aa5c6c7a8bd366f28c1cfd1f6e" | decode_to_chunk: output: | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: release sym_key-key@0x55593e34d080 | test_gcm_vector: passed two blocks with associated data | decode_to_chunk: raw_key: input "0x006c458100fc5f4d62949d2c833b82d1" | decode_to_chunk: output: | 00 6c 45 81 00 fc 5f 4d 62 94 9d 2c 83 3b 82 d1 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53d0 | result: symkey-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53b8 | result: symkey-key@0x55593e34d080 (16-bytes, AES_GCM) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: salted IV: input "0xa4e9c4bc5725a21ff42c82b2" | decode_to_chunk: output: | a4 e9 c4 bc 57 25 a2 1f f4 2c 82 b2 | decode_to_chunk: AAD: input "0x2efb14fb3657cdd6b9a8ff1a5f5a39b9" | decode_to_chunk: output: | 2e fb 14 fb 36 57 cd d6 b9 a8 ff 1a 5f 5a 39 b9 | decode_to_chunk: plaintext: input "0xf381d3bfbee0a879f7a4e17b623278cedd6978053dd313530a18f1a836100950" | decode_to_chunk: output: | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | decode_to_chunk: ciphertext: input "0xf39b4db3542d8542fb73fd2d66be568f26d7f814b3f87d1eceac3dd09a8d697e" | decode_to_chunk: output: | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | decode_to_chunk: tag: input "0x39f045cb23b698c925db134d56c5" | decode_to_chunk: output: | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: decrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: encrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: release sym_key-key@0x55593e34d080 | test_gcm_vector: passed testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x AE 68 52 F8 12 10 67 CC 4B F7 A5 76 55 77 F3 9E" | decode_to_chunk: output: | ae 68 52 f8 12 10 67 cc 4b f7 a5 76 55 77 f3 9e | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5430 | result: symkey-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5418 | result: symkey-key@0x55593e34d080 (16-bytes, AES_CTR) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55593e34d080 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 128-bit key passed Encrypting 32 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 7E 24 06 78 17 FA E0 D7 43 D6 CE 1F 32 53 91 63" | decode_to_chunk: output: | 7e 24 06 78 17 fa e0 d7 43 d6 ce 1f 32 53 91 63 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5430 | result: symkey-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5418 | result: symkey-key@0x55593e34d080 (16-bytes, AES_CTR) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55593e34d080 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 128-bit key passed Encrypting 36 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 76 91 BE 03 5E 50 20 A8 AC 6E 61 85 29 F9 A0 DC" | decode_to_chunk: output: | 76 91 be 03 5e 50 20 a8 ac 6e 61 85 29 f9 a0 dc | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5430 | result: symkey-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5418 | result: symkey-key@0x55593e34d080 (16-bytes, AES_CTR) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55593e34d080 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 128-bit key passed Encrypting 16 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x16 AF 5B 14 5F C9 F5 79 C1 75 F9 3E 3B FB 0E ED86 3D 06 CC FD B7 85 15" | decode_to_chunk: output: | 16 af 5b 14 5f c9 f5 79 c1 75 f9 3e 3b fb 0e ed | 86 3d 06 cc fd b7 85 15 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5430 | result: symkey-key@0x55593e3ce5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x55593e3ce5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5418 | result: symkey-key@0x55593e34d080 (24-bytes, AES_CTR) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55593e34d080 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 192-bit key passed Encrypting 32 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x7C 5C B2 40 1B 3D C3 3C 19 E7 34 08 19 E0 F6 9C67 8C 3D B8 E6 F6 A9 1A" | decode_to_chunk: output: | 7c 5c b2 40 1b 3d c3 3c 19 e7 34 08 19 e0 f6 9c | 67 8c 3d b8 e6 f6 a9 1a | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5430 | result: symkey-key@0x55593e3ce5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x55593e3ce5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5418 | result: symkey-key@0x55593e34d080 (24-bytes, AES_CTR) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55593e34d080 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 192-bit key passed Encrypting 36 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x02 BF 39 1E E8 EC B1 59 B9 59 61 7B 09 65 27 9BF5 9B 60 A7 86 D3 E0 FE" | decode_to_chunk: output: | 02 bf 39 1e e8 ec b1 59 b9 59 61 7b 09 65 27 9b | f5 9b 60 a7 86 d3 e0 fe | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5430 | result: symkey-key@0x55593e3ce5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x55593e3ce5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5418 | result: symkey-key@0x55593e34d080 (24-bytes, AES_CTR) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55593e34d080 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 192-bit key passed Encrypting 16 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0x77 6B EF F2 85 1D B0 6F 4C 8A 05 42 C8 69 6F 6C6A 81 AF 1E EC 96 B4 D3 7F C1 D6 89 E6 C1 C1 04" | decode_to_chunk: output: | 77 6b ef f2 85 1d b0 6f 4c 8a 05 42 c8 69 6f 6c | 6a 81 af 1e ec 96 b4 d3 7f c1 d6 89 e6 c1 c1 04 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5430 | result: symkey-key@0x55593e3ce5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x55593e3ce5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5418 | result: symkey-key@0x55593e34d080 (32-bytes, AES_CTR) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55593e34d080 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 256-bit key passed Encrypting 32 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xF6 D6 6D 6B D5 2D 59 BB 07 96 36 58 79 EF F8 86C6 6D D5 1A 5B 6A 99 74 4B 50 59 0C 87 A2 38 84" | decode_to_chunk: output: | f6 d6 6d 6b d5 2d 59 bb 07 96 36 58 79 ef f8 86 | c6 6d d5 1a 5b 6a 99 74 4b 50 59 0c 87 a2 38 84 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5430 | result: symkey-key@0x55593e3ce5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x55593e3ce5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5418 | result: symkey-key@0x55593e34d080 (32-bytes, AES_CTR) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55593e34d080 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 256-bit key passed Encrypting 36 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xFF 7A 61 7C E6 91 48 E4 F1 72 6E 2F 43 58 1D E2AA 62 D9 F8 05 53 2E DF F1 EE D6 87 FB 54 15 3D" | decode_to_chunk: output: | ff 7a 61 7c e6 91 48 e4 f1 72 6e 2f 43 58 1d e2 | aa 62 d9 f8 05 53 2e df f1 ee d6 87 fb 54 15 3d | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5430 | result: symkey-key@0x55593e3ce5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x55593e3ce5b0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5418 | result: symkey-key@0x55593e34d080 (32-bytes, AES_CTR) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55593e34d080 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 256-bit key passed testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x06a9214036b8a15b512e03d534120006" | decode_to_chunk: output: | 06 a9 21 40 36 b8 a1 5b 51 2e 03 d5 34 12 00 06 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5430 | result: symkey-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5418 | result: symkey-key@0x55593e34d080 (16-bytes, AES_CBC) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: ciphertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: cipertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55593e34d080 | test_ctr_vector: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key passed Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0xc286696d887c9aa0611bbb3e2025a45a" | decode_to_chunk: output: | c2 86 69 6d 88 7c 9a a0 61 1b bb 3e 20 25 a4 5a | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5430 | result: symkey-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5418 | result: symkey-key@0x55593e34d080 (16-bytes, AES_CBC) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: ciphertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: cipertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55593e34d080 | test_ctr_vector: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key passed Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x6c3ea0477630ce21a2ce334aa746c2cd" | decode_to_chunk: output: | 6c 3e a0 47 76 30 ce 21 a2 ce 33 4a a7 46 c2 cd | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5430 | result: symkey-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5418 | result: symkey-key@0x55593e34d080 (16-bytes, AES_CBC) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | decode_to_chunk: ciphertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: cipertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55593e34d080 | test_ctr_vector: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key passed Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x56e47a38c5598974bc46903dba290349" | decode_to_chunk: output: | 56 e4 7a 38 c5 59 89 74 bc 46 90 3d ba 29 03 49 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5430 | result: symkey-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5418 | result: symkey-key@0x55593e34d080 (16-bytes, AES_CBC) | symkey: release tmp-key@0x55593e3ce5b0 | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | decode_to_chunk: ciphertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: cipertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55593e34d080 | test_ctr_vector: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key passed testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "" | decode_to_chunk: output: | | decode_to_chunk: test_prf_vector: input "0x75f0251d528ac01c4573dfd584d79f29" | decode_to_chunk: output: | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55593e3d0098 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53b0 | result: key-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5398 | result: key-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55593e3ce5b0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5378 | result: key-key@0x55593e3ce5b0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55593e34d080 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55593e3cb5e8 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55593e3d0148 (length 0) | | XCBC: data | K extracting all 16 bytes of key@0x55593e3ce5b0 | K: symkey-key@0x55593e3ce5b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1027306384: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0a48 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5310 | result: k1-key@0x55593e3d1030 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d1030 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d52f8 | result: k1-key@0x55593e34d080 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3d1030 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x55593e34d080 | PRF chunk interface: release key-key@0x55593e3ce5b0 | PRF chunk interface PRF aes_xcbc final-chunk@0x55593e3d0758 (length 16) | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | chunk output 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: key symkey-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: key symkey-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55593e34d080 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55593e3ce5b0 (size 16) | PRF symkey interface: key symkey-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: key symkey-key@0x55593e34d080 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55593e3cb5e8 | PRF symkey interface PRF aes_xcbc update symkey message-key@(nil) (size 0) | PRF symkey interface: symkey message-key@NULL | symkey message NULL key has no bytes | XCBC: data | K extracting all 16 bytes of key@0x55593e34d080 | K: symkey-key@0x55593e34d080 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1023: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0058 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5330 | result: k1-key@0x55593e3d28b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d28b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5318 | result: k1-key@0x55593e3d1030 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3d28b0 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x55593e3d1030 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53c0 | result: xcbc-key@0x55593e3d28b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d28b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: xcbc-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55593e3d28b0 | PRF symkey interface: release key-key@0x55593e34d080 | PRF symkey interface PRF aes_xcbc final-key@0x55593e3d1030 (size 16) | PRF symkey interface: key-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracting all 16 bytes of key@0x55593e3d1030 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: symkey-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: new slot-key@0x55593e3d0e50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1027190634: 4e 85 2b 87 42 cf 18 cd 81 b1 ec e9 b1 db 48 5c | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: release slot-key-key@0x55593e3d0e50 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracted len 16 bytes at 0x55593e3d0718 | unwrapped: 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | test_prf_vector: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input passed | test_prf_vector: release symkey-key@0x55593e3d1030 | test_prf_vector: release message-key@NULL | test_prf_vector: release key-key@0x55593e3ce5b0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102" | decode_to_chunk: output: | 00 01 02 | decode_to_chunk: test_prf_vector: input "0x5b376580ae2f19afe7219ceef172756f" | decode_to_chunk: output: | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | PRF chunk interface PRF aes_xcbc init key-chunk@0x55593e3d0148 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53b0 | result: key-key@0x55593e3d1030 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d1030 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5398 | result: key-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55593e3d1030 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5378 | result: key-key@0x55593e3d1030 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55593e3ce5b0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55593e3cb5e8 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55593e3d0718 (length 3) | 00 01 02 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x55593e3d1030 | K: symkey-key@0x55593e3d1030 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1027306384: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0b68 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5310 | result: k1-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d52f8 | result: k1-key@0x55593e3ce5b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e34d080 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x55593e3ce5b0 | PRF chunk interface: release key-key@0x55593e3d1030 | PRF chunk interface PRF aes_xcbc final-chunk@0x55593e3d0c08 (length 16) | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | chunk output 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: key symkey-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: key symkey-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55593e3ce5b0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55593e3d1030 (size 16) | PRF symkey interface: key symkey-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: key symkey-key@0x55593e3ce5b0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55593e3cb5e8 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: message symkey-key@0x55593e3d28b0 (19-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 3 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 3-bytes | base: base-key@0x55593e3d28b0 (19-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: message symkey-key@0x55593e34d080 (3-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55593e3d28b0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55593e34d080 (size 3) | PRF symkey interface: symkey message-key@0x55593e34d080 (3-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 3 bytes of key@0x55593e34d080 | symkey message: symkey-key@0x55593e34d080 (3-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55593e3d0e50 (3-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1027190688: d0 8e 79 dc b0 13 8e 1f b2 dd cf 3c 11 8e 81 db | symkey message: release slot-key-key@0x55593e3d0e50 | symkey message extracted len 16 bytes at 0x55593e3d0058 | unwrapped: 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x55593e3ce5b0 | K: symkey-key@0x55593e3ce5b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0a48 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5330 | result: k1-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5318 | result: k1-key@0x55593e3d28b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3d4130 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x55593e3d28b0 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53c0 | result: xcbc-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: xcbc-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55593e3d4130 | PRF symkey interface: release key-key@0x55593e3ce5b0 | PRF symkey interface PRF aes_xcbc final-key@0x55593e3d28b0 (size 16) | PRF symkey interface: key-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracting all 16 bytes of key@0x55593e3d28b0 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: symkey-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: new slot-key@0x55593e3d0e50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1027190634: ec ed 47 1c 10 0b 98 76 e2 be 0c cf 54 7e d8 30 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: release slot-key-key@0x55593e3d0e50 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracted len 16 bytes at 0x55593e3d0058 | unwrapped: 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | test_prf_vector: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input passed | test_prf_vector: release symkey-key@0x55593e3d28b0 | test_prf_vector: release message-key@0x55593e34d080 | test_prf_vector: release key-key@0x55593e3d1030 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xd2a246fa349b68a79998a4394ff7a263" | decode_to_chunk: output: | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55593e3d0718 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53b0 | result: key-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5398 | result: key-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55593e34d080 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5378 | result: key-key@0x55593e34d080 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55593e3d1030 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55593e3cb5e8 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55593e3d0058 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x55593e34d080 | K: symkey-key@0x55593e34d080 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0188 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5310 | result: k1-key@0x55593e3d28b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d28b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d52f8 | result: k1-key@0x55593e3d1030 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3d28b0 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x55593e3d1030 | PRF chunk interface: release key-key@0x55593e34d080 | PRF chunk interface PRF aes_xcbc final-chunk@0x55593e3d0098 (length 16) | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | chunk output d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: key symkey-key@0x55593e3d1030 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d1030 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: key symkey-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55593e3d1030 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55593e34d080 (size 16) | PRF symkey interface: key symkey-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: key symkey-key@0x55593e3d1030 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55593e3cb5e8 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: message symkey-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: message symkey-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55593e3ce5b0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55593e3d28b0 (size 16) | PRF symkey interface: symkey message-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 16 bytes of key@0x55593e3d28b0 | symkey message: symkey-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55593e3d0e50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1027190688: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 | symkey message: release slot-key-key@0x55593e3d0e50 | symkey message extracted len 16 bytes at 0x55593e3d0a48 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x55593e3d1030 | K: symkey-key@0x55593e3d1030 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0b68 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5330 | result: k1-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5318 | result: k1-key@0x55593e3ce5b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3d4130 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x55593e3ce5b0 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53c0 | result: xcbc-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: xcbc-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55593e3d4130 | PRF symkey interface: release key-key@0x55593e3d1030 | PRF symkey interface PRF aes_xcbc final-key@0x55593e3ce5b0 (size 16) | PRF symkey interface: key-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracting all 16 bytes of key@0x55593e3ce5b0 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: symkey-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: new slot-key@0x55593e3d0e50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1027190634: 86 46 1b 37 ce 42 c3 06 12 e7 4f df c4 c0 c5 ef | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: release slot-key-key@0x55593e3d0e50 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracted len 16 bytes at 0x55593e3d0a48 | unwrapped: d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | test_prf_vector: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input passed | test_prf_vector: release symkey-key@0x55593e3ce5b0 | test_prf_vector: release message-key@0x55593e3d28b0 | test_prf_vector: release key-key@0x55593e34d080 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55593e3d0058 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53b0 | result: key-key@0x55593e3d28b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d28b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5398 | result: key-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55593e3d28b0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5378 | result: key-key@0x55593e3d28b0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55593e34d080 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55593e3cfe58 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55593e3cb5e8 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55593e3d28b0 | K: symkey-key@0x55593e3d28b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0148 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5310 | result: k1-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d52f8 | result: k1-key@0x55593e34d080 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3ce5b0 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x55593e34d080 | PRF chunk interface: release key-key@0x55593e3d28b0 | PRF chunk interface PRF aes_xcbc final-chunk@0x55593e3d0098 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: key symkey-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: key symkey-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55593e34d080 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55593e3d28b0 (size 16) | PRF symkey interface: key symkey-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: key symkey-key@0x55593e34d080 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55593e3cfe58 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: message symkey-key@0x55593e3d1030 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3d1030 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: message symkey-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55593e3d1030 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55593e3ce5b0 (size 20) | PRF symkey interface: symkey message-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x55593e3ce5b0 | symkey message: symkey-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027190688: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 fc 12 f3 33 66 94 24 99 70 6d 77 f5 2c 90 97 be | symkey message: release slot-key-key@0x55593e3d0e50 | symkey message extracted len 32 bytes at 0x55593e3cfef8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55593e34d080 | K: symkey-key@0x55593e34d080 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0b68 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5330 | result: k1-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5318 | result: k1-key@0x55593e3d1030 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3d4130 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x55593e3d1030 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53c0 | result: xcbc-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: xcbc-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55593e3d4130 | PRF symkey interface: release key-key@0x55593e34d080 | PRF symkey interface PRF aes_xcbc final-key@0x55593e3d1030 (size 16) | PRF symkey interface: key-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracting all 16 bytes of key@0x55593e3d1030 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: symkey-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: new slot-key@0x55593e3d0e50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1027190634: eb ec d9 dd e0 ed 31 c8 40 de 21 af 14 5e 5c 37 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: release slot-key-key@0x55593e3d0e50 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracted len 16 bytes at 0x55593e3d0b68 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | test_prf_vector: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input passed | test_prf_vector: release symkey-key@0x55593e3d1030 | test_prf_vector: release message-key@0x55593e3ce5b0 | test_prf_vector: release key-key@0x55593e3d28b0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: test_prf_vector: input "0xf54f0ec8d2b9f3d36807734bd5283fd4" | decode_to_chunk: output: | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55593e3d0a48 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53b0 | result: key-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5398 | result: key-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55593e3ce5b0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5378 | result: key-key@0x55593e3ce5b0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55593e3d28b0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55593e3cfe58 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55593e3cb5e8 (length 32) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x55593e3ce5b0 | K: symkey-key@0x55593e3ce5b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0758 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5310 | result: k1-key@0x55593e3d1030 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d1030 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d52f8 | result: k1-key@0x55593e3d28b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3d1030 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x55593e3d28b0 | PRF chunk interface: release key-key@0x55593e3ce5b0 | PRF chunk interface PRF aes_xcbc final-chunk@0x55593e3d0b68 (length 16) | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | chunk output f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: key symkey-key@0x55593e3d28b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d28b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: key symkey-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55593e3d28b0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55593e3ce5b0 (size 16) | PRF symkey interface: key symkey-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: key symkey-key@0x55593e3d28b0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55593e3cfe58 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: message symkey-key@0x55593e34d080 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55593e34d080 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: message symkey-key@0x55593e3d1030 (32-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55593e34d080 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55593e3d1030 (size 32) | PRF symkey interface: symkey message-key@0x55593e3d1030 (32-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 32 bytes of key@0x55593e3d1030 | symkey message: symkey-key@0x55593e3d1030 (32-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55593e3d0e50 (32-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027190688: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 a8 b7 4f 0a b9 33 c4 f4 d8 4f 47 4b 6b 5d 04 11 | symkey message: release slot-key-key@0x55593e3d0e50 | symkey message extracted len 32 bytes at 0x55593e3cfef8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x55593e3d28b0 | K: symkey-key@0x55593e3d28b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0098 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5330 | result: k1-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5318 | result: k1-key@0x55593e34d080 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3d4130 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x55593e34d080 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53c0 | result: xcbc-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: xcbc-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55593e3d4130 | PRF symkey interface: release key-key@0x55593e3d28b0 | PRF symkey interface PRF aes_xcbc final-key@0x55593e34d080 (size 16) | PRF symkey interface: key-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracting all 16 bytes of key@0x55593e34d080 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: symkey-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: new slot-key@0x55593e3d0e50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1027190634: 97 07 d6 b5 1a 26 dc 1b c8 fd a4 39 60 b8 0c 52 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: release slot-key-key@0x55593e3d0e50 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracted len 16 bytes at 0x55593e3d0098 | unwrapped: f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | test_prf_vector: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input passed | test_prf_vector: release symkey-key@0x55593e34d080 | test_prf_vector: release message-key@0x55593e3d1030 | test_prf_vector: release key-key@0x55593e3ce5b0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2021" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | decode_to_chunk: test_prf_vector: input "0xbecbb3bccdb518a30677d5481fb6b4d8" | decode_to_chunk: output: | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55593e3d0058 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53b0 | result: key-key@0x55593e3d1030 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d1030 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5398 | result: key-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55593e3d1030 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5378 | result: key-key@0x55593e3d1030 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55593e3ce5b0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55593e3cb5e8 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55593e3d0ba8 (length 34) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x55593e3d1030 | K: symkey-key@0x55593e3d1030 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0188 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5310 | result: k1-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d52f8 | result: k1-key@0x55593e3ce5b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e34d080 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x55593e3ce5b0 | PRF chunk interface: release key-key@0x55593e3d1030 | PRF chunk interface PRF aes_xcbc final-chunk@0x55593e3d0098 (length 16) | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | chunk output be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: key symkey-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: key symkey-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55593e3ce5b0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55593e3d1030 (size 16) | PRF symkey interface: key symkey-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: key symkey-key@0x55593e3ce5b0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55593e3cb5e8 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: message symkey-key@0x55593e3d28b0 (50-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 34 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 34-bytes | base: base-key@0x55593e3d28b0 (50-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: message symkey-key@0x55593e34d080 (34-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55593e3d28b0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55593e34d080 (size 34) | PRF symkey interface: symkey message-key@0x55593e34d080 (34-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 34 bytes of key@0x55593e34d080 | symkey message: symkey-key@0x55593e34d080 (34-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55593e3d0e50 (34-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1027190688: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 a8 b7 4f 0a b9 33 c4 f4 d8 4f 47 4b 6b 5d 04 11 35 38 c7 69 56 96 0e bb 4a ba 70 e1 fb 85 72 cd | symkey message: release slot-key-key@0x55593e3d0e50 | symkey message extracted len 48 bytes at 0x55593e3d0da8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | unwrapped: 20 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x55593e3ce5b0 | K: symkey-key@0x55593e3ce5b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0718 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5330 | result: k1-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5318 | result: k1-key@0x55593e3d28b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3d4130 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x55593e3d28b0 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53c0 | result: xcbc-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: xcbc-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55593e3d4130 | PRF symkey interface: release key-key@0x55593e3ce5b0 | PRF symkey interface PRF aes_xcbc final-key@0x55593e3d28b0 (size 16) | PRF symkey interface: key-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracting all 16 bytes of key@0x55593e3d28b0 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: symkey-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: new slot-key@0x55593e3d0e50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1027190634: f4 aa e8 3a 42 dd b3 5c b1 77 bc cf 91 94 a8 91 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: release slot-key-key@0x55593e3d0e50 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracted len 16 bytes at 0x55593e3d0718 | unwrapped: be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | test_prf_vector: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input passed | test_prf_vector: release symkey-key@0x55593e3d28b0 | test_prf_vector: release message-key@0x55593e34d080 | test_prf_vector: release key-key@0x55593e3d1030 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xf0dafee895db30253761103b5d84528f" | decode_to_chunk: output: | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | PRF chunk interface PRF aes_xcbc init key-chunk@0x55593e3d0718 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53b0 | result: key-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5398 | result: key-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55593e34d080 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5378 | result: key-key@0x55593e34d080 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55593e3d1030 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55593e3cb5e8 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55593e3d59d8 (length 1000) | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x55593e34d080 | K: symkey-key@0x55593e34d080 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540028960: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0188 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5310 | result: k1-key@0x55593e3d28b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d28b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d52f8 | result: k1-key@0x55593e3d1030 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3d28b0 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x55593e3d1030 | PRF chunk interface: release key-key@0x55593e34d080 | PRF chunk interface PRF aes_xcbc final-chunk@0x55593e3d0b68 (length 16) | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | chunk output f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: key symkey-key@0x55593e3d1030 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d1030 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: key symkey-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55593e3d1030 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55593e34d080 (size 16) | PRF symkey interface: key symkey-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: key symkey-key@0x55593e3d1030 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55593e3cb5e8 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: message symkey-key@0x55593e3ce5b0 (1016-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 1000 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 1000-bytes | base: base-key@0x55593e3ce5b0 (1016-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: message symkey-key@0x55593e3d28b0 (1000-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55593e3ce5b0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55593e3d28b0 (size 1000) | PRF symkey interface: symkey message-key@0x55593e3d28b0 (1000-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 1000 bytes of key@0x55593e3d28b0 | symkey message: symkey-key@0x55593e3d28b0 (1000-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55593e3d0e50 (1000-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 1008 | wrapper: (SECItemType)1027190688: cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 | symkey message: release slot-key-key@0x55593e3d0e50 | symkey message extracted len 1008 bytes at 0x55593e3d7fd8 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x55593e3d1030 | K: symkey-key@0x55593e3d1030 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0098 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5330 | result: k1-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5318 | result: k1-key@0x55593e3ce5b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3d4130 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x55593e3ce5b0 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53c0 | result: xcbc-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: xcbc-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55593e3d4130 | PRF symkey interface: release key-key@0x55593e3d1030 | PRF symkey interface PRF aes_xcbc final-key@0x55593e3ce5b0 (size 16) | PRF symkey interface: key-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracting all 16 bytes of key@0x55593e3ce5b0 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: symkey-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: new slot-key@0x55593e3d0e50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1027190634: 6a 4a ff e3 33 d8 b7 f3 dd 00 a8 ab 97 cd 6a 03 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: release slot-key-key@0x55593e3d0e50 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracted len 16 bytes at 0x55593e3d0098 | unwrapped: f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | test_prf_vector: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input passed | test_prf_vector: release symkey-key@0x55593e3ce5b0 | test_prf_vector: release message-key@0x55593e3d28b0 | test_prf_vector: release key-key@0x55593e34d080 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55593e3d0c08 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53b0 | result: key-key@0x55593e3d28b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d28b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5398 | result: key-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55593e3d28b0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5378 | result: key-key@0x55593e3d28b0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55593e34d080 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55593e3cfe58 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55593e3cb5e8 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55593e3d28b0 | K: symkey-key@0x55593e3d28b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0758 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5310 | result: k1-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d52f8 | result: k1-key@0x55593e34d080 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3ce5b0 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x55593e34d080 | PRF chunk interface: release key-key@0x55593e3d28b0 | PRF chunk interface PRF aes_xcbc final-chunk@0x55593e3d0098 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: key symkey-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: key symkey-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55593e34d080 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55593e3d28b0 (size 16) | PRF symkey interface: key symkey-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: key symkey-key@0x55593e34d080 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55593e3cfe58 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: message symkey-key@0x55593e3d1030 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3d1030 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: message symkey-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55593e3d1030 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55593e3ce5b0 (size 20) | PRF symkey interface: symkey message-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x55593e3ce5b0 | symkey message: symkey-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027190688: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 fc 12 f3 33 66 94 24 99 70 6d 77 f5 2c 90 97 be | symkey message: release slot-key-key@0x55593e3d0e50 | symkey message extracted len 32 bytes at 0x55593e3cfef8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55593e34d080 | K: symkey-key@0x55593e34d080 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0b68 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5330 | result: k1-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5318 | result: k1-key@0x55593e3d1030 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3d4130 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x55593e3d1030 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53c0 | result: xcbc-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: xcbc-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55593e3d4130 | PRF symkey interface: release key-key@0x55593e34d080 | PRF symkey interface PRF aes_xcbc final-key@0x55593e3d1030 (size 16) | PRF symkey interface: key-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracting all 16 bytes of key@0x55593e3d1030 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): symkey-key@0x55593e3d1030 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): new slot-key@0x55593e3d0e50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1027190634: eb ec d9 dd e0 ed 31 c8 40 de 21 af 14 5e 5c 37 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): release slot-key-key@0x55593e3d0e50 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracted len 16 bytes at 0x55593e3d0b68 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) passed | test_prf_vector: release symkey-key@0x55593e3d1030 | test_prf_vector: release message-key@0x55593e3ce5b0 | test_prf_vector: release key-key@0x55593e3d28b0 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) | decode_to_chunk: test_prf_vector: input "0x00010203040506070809" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x0fa087af7d866e7653434e602fdde835" | decode_to_chunk: output: | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55593e3d0718 (length 10) | 00 01 02 03 04 05 06 07 08 09 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53b0 | result: key-key@0x55593e3ce5b0 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x55593e3ce5b0 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5398 | result: key-key@0x55593e3d28b0 (10-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55593e3ce5b0 | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x55593e3d28b0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3d28b0 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d5350 | result: tmp+=0-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3d28b0 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5378 | result: PRF chunk interface-key@0x55593e3d1030 (16-bytes, AES_ECB) | PRF chunk interface: release tmp-key@0x55593e3ce5b0 | PRF chunk interface: release clone-key@0x55593e3d28b0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55593e3cfe58 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55593e3cb5e8 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55593e3d1030 | K: symkey-key@0x55593e3d1030 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 8c 6f e9 62 78 9f 2c e5 cc 84 e2 6f d7 5e 74 79 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0148 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5310 | result: k1-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d52f8 | result: k1-key@0x55593e3d28b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3ce5b0 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x55593e3d28b0 | PRF chunk interface: release key-key@0x55593e3d1030 | PRF chunk interface PRF aes_xcbc final-chunk@0x55593e3d0b68 (length 16) | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | chunk output 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: key symkey-key@0x55593e3d28b0 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x55593e3d28b0 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: key symkey-key@0x55593e3d1030 (10-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55593e3d28b0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55593e3d1030 (size 10) | PRF symkey interface: key symkey-key@0x55593e3d1030 (10-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x55593e3d1030 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3d1030 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d5380 | result: tmp+=0-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3d1030 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d28b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: PRF symkey interface-key@0x55593e3ce5b0 (16-bytes, AES_ECB) | PRF symkey interface: release tmp-key@0x55593e3d28b0 | PRF symkey interface PRF aes_xcbc crypt-prf@0x55593e3cfe58 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: message symkey-key@0x55593e34d080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e34d080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: message symkey-key@0x55593e3d28b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55593e34d080 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55593e3d28b0 (size 20) | PRF symkey interface: symkey message-key@0x55593e3d28b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x55593e3d28b0 | symkey message: symkey-key@0x55593e3d28b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027190688: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 fc 12 f3 33 66 94 24 99 70 6d 77 f5 2c 90 97 be | symkey message: release slot-key-key@0x55593e3d0e50 | symkey message extracted len 32 bytes at 0x55593e3cfef8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55593e3ce5b0 | K: symkey-key@0x55593e3ce5b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 8c 6f e9 62 78 9f 2c e5 cc 84 e2 6f d7 5e 74 79 | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0098 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5330 | result: k1-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5318 | result: k1-key@0x55593e34d080 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3d4130 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x55593e34d080 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53c0 | result: xcbc-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: xcbc-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55593e3d4130 | PRF symkey interface: release key-key@0x55593e3ce5b0 | PRF symkey interface PRF aes_xcbc final-key@0x55593e34d080 (size 16) | PRF symkey interface: key-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracting all 16 bytes of key@0x55593e34d080 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): symkey-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): new slot-key@0x55593e3d0e50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1027190634: 85 86 8f 84 05 38 4f ea 69 97 f1 1d ec 12 a3 5a | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): release slot-key-key@0x55593e3d0e50 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracted len 16 bytes at 0x55593e3d0098 | unwrapped: 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) passed | test_prf_vector: release symkey-key@0x55593e34d080 | test_prf_vector: release message-key@0x55593e3d28b0 | test_prf_vector: release key-key@0x55593e3d1030 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0fedcb" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x8cd3c93ae598a9803006ffb67c40e9e4" | decode_to_chunk: output: | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55593e3cb5e8 (length 18) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53b0 | result: key-key@0x55593e3d28b0 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x55593e3d28b0 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5398 | result: key-key@0x55593e3d1030 (18-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55593e3d28b0 | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5350 | result: key-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5338 | result: key-key@0x55593e3d28b0 (16-bytes, AES_ECB) | key: release tmp-key@0x55593e34d080 | key extracting all 18 bytes of key@0x55593e3d1030 | key: symkey-key@0x55593e3d1030 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | key: new slot-key@0x55593e3d0e50 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 4e aa 6a c4 27 f7 ec 40 35 4c 3e ea 09 06 f1 49 | key: release slot-key-key@0x55593e3d0e50 | key extracted len 32 bytes at 0x55593e3cfef8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x55593e3d28b0 | K: symkey-key@0x55593e3d28b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0098 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d52d0 | result: k1-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d52b8 | result: k1-key@0x55593e34d080 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3ce5b0 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x55593e34d080 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5350 | result: key-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5338 | result: key-key@0x55593e34d080 (16-bytes, AES_ECB) | key: release tmp-key@0x55593e3ce5b0 | PRF chunk interface: release clone-key@0x55593e3d1030 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55593e3cfef8 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55593e3cfe58 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55593e34d080 | K: symkey-key@0x55593e34d080 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 8c 39 5e f3 98 e0 31 27 37 f7 f9 55 14 f0 ea 2c | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0188 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5310 | result: k1-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d52f8 | result: k1-key@0x55593e3d1030 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3ce5b0 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x55593e3d1030 | PRF chunk interface: release key-key@0x55593e34d080 | PRF chunk interface PRF aes_xcbc final-chunk@0x55593e3d0718 (length 16) | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | chunk output 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: key symkey-key@0x55593e3d1030 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x55593e3d1030 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: key symkey-key@0x55593e34d080 (18-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55593e3d1030 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55593e34d080 (size 18) | PRF symkey interface: key symkey-key@0x55593e34d080 (18-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5380 | result: key symkey-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5368 | result: key symkey-key@0x55593e3d1030 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x55593e3ce5b0 | key symkey extracting all 18 bytes of key@0x55593e34d080 | key symkey: symkey-key@0x55593e34d080 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | key symkey: new slot-key@0x55593e3d0e50 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 4e aa 6a c4 27 f7 ec 40 35 4c 3e ea 09 06 f1 49 | key symkey: release slot-key-key@0x55593e3d0e50 | key symkey extracted len 32 bytes at 0x55593e3cfea8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x55593e3d1030 | K: symkey-key@0x55593e3d1030 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: cb 59 47 82 f9 95 30 96 94 b4 9d 92 0c 13 33 ce | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0098 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5300 | result: k1-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d52e8 | result: k1-key@0x55593e3ce5b0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3d4130 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x55593e3ce5b0 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5380 | result: key symkey-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5368 | result: key symkey-key@0x55593e3ce5b0 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x55593e3d4130 | PRF symkey interface PRF aes_xcbc crypt-prf@0x55593e3cfea8 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: message symkey-key@0x55593e3d5be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: message symkey-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55593e3d5be0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55593e3d4130 (size 20) | PRF symkey interface: symkey message-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x55593e3d4130 | symkey message: symkey-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027190688: 4b 6b ca 12 90 88 38 77 b1 1d d0 36 96 8e 8d d2 fc 12 f3 33 66 94 24 99 70 6d 77 f5 2c 90 97 be | symkey message: release slot-key-key@0x55593e3d0e50 | symkey message extracted len 32 bytes at 0x55593e3d5d88 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55593e3ce5b0 | K: symkey-key@0x55593e3ce5b0 (16-bytes, AES_ECB) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55593e3d0e50 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 8c 39 5e f3 98 e0 31 27 37 f7 f9 55 14 f0 ea 2c | K: release slot-key-key@0x55593e3d0e50 | K extracted len 16 bytes at 0x55593e3d0098 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5330 | result: k1-key@0x55593e3d7640 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55593e3d7640 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5318 | result: k1-key@0x55593e3d5be0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55593e3d7640 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x55593e3d5be0 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53c0 | result: xcbc-key@0x55593e3d7640 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d7640 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d53a8 | result: xcbc-key@0x55593e3d5be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55593e3d7640 | PRF symkey interface: release key-key@0x55593e3ce5b0 | PRF symkey interface PRF aes_xcbc final-key@0x55593e3d5be0 (size 16) | PRF symkey interface: key-key@0x55593e3d5be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55593e3d5be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracting all 16 bytes of key@0x55593e3d5be0 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): symkey-key@0x55593e3d5be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): new slot-key@0x55593e3d0e50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1027190634: f5 c2 df 10 6e eb 5b fb 78 e7 18 f0 73 59 10 bc | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): release slot-key-key@0x55593e3d0e50 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracted len 16 bytes at 0x55593e3d0098 | unwrapped: 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) passed | test_prf_vector: release symkey-key@0x55593e3d5be0 | test_prf_vector: release message-key@0x55593e3d4130 | test_prf_vector: release key-key@0x55593e34d080 | test_prf_vector: release output-key@NULL testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 | decode_to_chunk: test_prf_vector: input "0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b" | decode_to_chunk: output: | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | decode_to_chunk: test_prf_vector: input "Hi There" | decode_to_chunk: output: | 48 69 20 54 68 65 72 65 | decode_to_chunk: test_prf_vector: input "0x9294727a3638bb1c13f48ef8158bfc9d" | decode_to_chunk: output: | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface PRF md5 init key-chunk@0x55593e3d0c08 (length 16) | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53a0 | result: PRF chunk interface-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5388 | result: PRF chunk interface-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x55593e3d4130 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d52e0 | result: trimed key-key@0x55593e3d4130 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e34d080 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d4130 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d5320 | result: result-key@0x55593e34d080 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x55593e3d5b58 | PRF chunk interface PRF md5 update message-bytes@0x55593e3d0098 (length 8) | 48 69 20 54 68 65 72 65 | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e34d080 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7ffe993d5410 | result: message-key@0x55593e3d5be0 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x55593e34d080 | PRF HMAC inner hash hash md5 inner-key@0x55593e3d5be0 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55593e3d5be0 (size 72) | PRF HMAC inner hash: inner-key@0x55593e3d5be0 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55593e3d0148 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d52a0 | result: PRF HMAC inner hash-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5288 | result: PRF HMAC inner hash-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55593e3ce5b0 | PRF chunk interface: release inner-key@0x55593e3d5be0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d4130 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d5310 | result: result-key@0x55593e3d5be0 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d5be0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe993d52f8 | result: result-key@0x55593e3ce5b0 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55593e3d5be0 | PRF chunk interface: release hashed-inner-key@0x55593e34d080 | PRF chunk interface: release key-key@0x55593e3d4130 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55593e3ce5b0 (size 80) | PRF HMAC outer hash: outer-key@0x55593e3ce5b0 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x55593e3d0188 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface: release outer-key@0x55593e3ce5b0 | PRF chunk interface PRF md5 final-chunk@0x55593e3d0188 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | chunk output 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: key symkey-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: key symkey-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55593e3d4130 | PRF symkey interface PRF md5 init key symkey-key@0x55593e3ce5b0 (size 16) | PRF symkey interface: key symkey-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x55593e3ce5b0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d52e0 | result: trimed key-key@0x55593e3d4130 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3ce5b0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d4130 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d5320 | result: result-key@0x55593e34d080 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x55593e3d5d88 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: message symkey-key@0x55593e3d7640 (24-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 8 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 8-bytes | base: base-key@0x55593e3d7640 (24-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: message symkey-key@0x55593e3d5be0 (8-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55593e3d7640 | PRF symkey interface PRF md5 update symkey message-key@0x55593e3d5be0 (size 8) | PRF symkey interface: symkey message-key@0x55593e3d5be0 (8-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e34d080 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe993d5438 | result: result-key@0x55593e3d7640 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55593e34d080 | PRF HMAC inner hash hash md5 inner-key@0x55593e3d7640 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55593e3d7640 (size 72) | PRF HMAC inner hash: inner-key@0x55593e3d7640 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55593e3d0188 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d52c0 | result: PRF HMAC inner hash-key@0x55593e3d7a20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d7a20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d52a8 | result: PRF HMAC inner hash-key@0x55593e34d080 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55593e3d7a20 | PRF symkey interface: release inner-key@0x55593e3d7640 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d4130 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d5330 | result: result-key@0x55593e3d7640 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d7640 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe993d5318 | result: result-key@0x55593e3d7a20 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55593e3d7640 | PRF symkey interface: release hashed-inner-key@0x55593e34d080 | PRF symkey interface: release key-key@0x55593e3d4130 | PRF HMAC outer hash hash md5 outer-key@0x55593e3d7a20 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55593e3d7a20 (size 80) | PRF HMAC outer hash: outer-key@0x55593e3d7a20 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x55593e3d0188 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5380 | result: PRF HMAC outer hash-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5368 | result: PRF HMAC outer hash-key@0x55593e3d4130 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x55593e34d080 | PRF symkey interface: release outer-key@0x55593e3d7a20 | : hashed-outer-key@0x55593e3d4130 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x55593e3d4130 (size 16) | PRF symkey interface: key-key@0x55593e3d4130 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55593e3d4130 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 1 extracting all 16 bytes of key@0x55593e3d4130 | RFC 2104: MD5_HMAC test 1: symkey-key@0x55593e3d4130 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 1: new slot-key@0x55593e3d0e50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1027190634: 8a 87 24 0b 3a 4e da 82 26 b1 7b bf d2 dc 26 2a | RFC 2104: MD5_HMAC test 1: release slot-key-key@0x55593e3d0e50 | RFC 2104: MD5_HMAC test 1 extracted len 16 bytes at 0x55593e3d0148 | unwrapped: 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | test_prf_vector: RFC 2104: MD5_HMAC test 1 passed | test_prf_vector: release symkey-key@0x55593e3d4130 | test_prf_vector: release message-key@0x55593e3d5be0 | test_prf_vector: release key-key@0x55593e3ce5b0 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 2 | decode_to_chunk: test_prf_vector: input "Jefe" | decode_to_chunk: output: | 4a 65 66 65 | decode_to_chunk: test_prf_vector: input "what do ya want for nothing?" | decode_to_chunk: output: | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | decode_to_chunk: test_prf_vector: input "0x750c783e6ab0b503eaa86e310a5db738" | decode_to_chunk: output: | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface PRF md5 init key-chunk@0x55593e3d0718 (length 4) | 4a 65 66 65 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53a0 | result: PRF chunk interface-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5388 | result: PRF chunk interface-key@0x55593e3ce5b0 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x55593e3d5be0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3ce5b0 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d52e0 | result: trimed key-key@0x55593e3d5be0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3ce5b0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d5be0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d5320 | result: result-key@0x55593e3ce5b0 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x55593e3d79a8 | PRF chunk interface PRF md5 update message-bytes@0x55593e3cb5e8 (length 28) | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3ce5b0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7ffe993d5410 | result: message-key@0x55593e3d4130 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x55593e3ce5b0 | PRF HMAC inner hash hash md5 inner-key@0x55593e3d4130 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55593e3d4130 (size 92) | PRF HMAC inner hash: inner-key@0x55593e3d4130 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55593e3d0148 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d52a0 | result: PRF HMAC inner hash-key@0x55593e3d7a20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d7a20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5288 | result: PRF HMAC inner hash-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55593e3d7a20 | PRF chunk interface: release inner-key@0x55593e3d4130 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d5be0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d5310 | result: result-key@0x55593e3d4130 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d4130 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe993d52f8 | result: result-key@0x55593e3d7a20 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55593e3d4130 | PRF chunk interface: release hashed-inner-key@0x55593e3ce5b0 | PRF chunk interface: release key-key@0x55593e3d5be0 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55593e3d7a20 (size 80) | PRF HMAC outer hash: outer-key@0x55593e3d7a20 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x55593e3d0098 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface: release outer-key@0x55593e3d7a20 | PRF chunk interface PRF md5 final-chunk@0x55593e3d0098 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | chunk output 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: key symkey-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: key symkey-key@0x55593e3d7a20 (4-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55593e3d5be0 | PRF symkey interface PRF md5 init key symkey-key@0x55593e3d7a20 (size 4) | PRF symkey interface: key symkey-key@0x55593e3d7a20 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x55593e3d7a20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3d7a20 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d52e0 | result: trimed key-key@0x55593e3d5be0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3d7a20 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d5be0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d5320 | result: result-key@0x55593e3ce5b0 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x55593e3d5b58 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: message symkey-key@0x55593e34d080 (44-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 28 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 28-bytes | base: base-key@0x55593e34d080 (44-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: message symkey-key@0x55593e3d4130 (28-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55593e34d080 | PRF symkey interface PRF md5 update symkey message-key@0x55593e3d4130 (size 28) | PRF symkey interface: symkey message-key@0x55593e3d4130 (28-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3ce5b0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe993d5438 | result: result-key@0x55593e34d080 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55593e3ce5b0 | PRF HMAC inner hash hash md5 inner-key@0x55593e34d080 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55593e34d080 (size 92) | PRF HMAC inner hash: inner-key@0x55593e34d080 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55593e3d0098 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d52c0 | result: PRF HMAC inner hash-key@0x55593e3d7640 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d7640 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d52a8 | result: PRF HMAC inner hash-key@0x55593e3ce5b0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55593e3d7640 | PRF symkey interface: release inner-key@0x55593e34d080 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d5be0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d5330 | result: result-key@0x55593e34d080 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e34d080 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe993d5318 | result: result-key@0x55593e3d7640 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55593e34d080 | PRF symkey interface: release hashed-inner-key@0x55593e3ce5b0 | PRF symkey interface: release key-key@0x55593e3d5be0 | PRF HMAC outer hash hash md5 outer-key@0x55593e3d7640 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55593e3d7640 (size 80) | PRF HMAC outer hash: outer-key@0x55593e3d7640 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x55593e3d0098 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5380 | result: PRF HMAC outer hash-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5368 | result: PRF HMAC outer hash-key@0x55593e3d5be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x55593e3ce5b0 | PRF symkey interface: release outer-key@0x55593e3d7640 | : hashed-outer-key@0x55593e3d5be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x55593e3d5be0 (size 16) | PRF symkey interface: key-key@0x55593e3d5be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55593e3d5be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 2 extracting all 16 bytes of key@0x55593e3d5be0 | RFC 2104: MD5_HMAC test 2: symkey-key@0x55593e3d5be0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 2: new slot-key@0x55593e3d0e50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1027190634: cd f1 df 41 55 02 7f 97 47 a0 47 af a0 be bf d8 | RFC 2104: MD5_HMAC test 2: release slot-key-key@0x55593e3d0e50 | RFC 2104: MD5_HMAC test 2 extracted len 16 bytes at 0x55593e3d0148 | unwrapped: 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | test_prf_vector: RFC 2104: MD5_HMAC test 2 passed | test_prf_vector: release symkey-key@0x55593e3d5be0 | test_prf_vector: release message-key@0x55593e3d4130 | test_prf_vector: release key-key@0x55593e3d7a20 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 3 | decode_to_chunk: test_prf_vector: input "0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" | decode_to_chunk: output: | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | decode_to_chunk: test_prf_vector: input "0xDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD" | decode_to_chunk: output: | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | decode_to_chunk: test_prf_vector: input "0x56be34521d144c88dbb8c733f0e8b3f6" | decode_to_chunk: output: | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface PRF md5 init key-chunk@0x55593e3d0c08 (length 16) | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d53a0 | result: PRF chunk interface-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5388 | result: PRF chunk interface-key@0x55593e3d7a20 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x55593e3d4130 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3d7a20 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d52e0 | result: trimed key-key@0x55593e3d4130 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3d7a20 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d4130 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d5320 | result: result-key@0x55593e3d7a20 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x55593e3d79f8 | PRF chunk interface PRF md5 update message-bytes@0x55593e3cff48 (length 50) | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d7a20 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7ffe993d5410 | result: message-key@0x55593e3d5be0 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x55593e3d7a20 | PRF HMAC inner hash hash md5 inner-key@0x55593e3d5be0 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55593e3d5be0 (size 114) | PRF HMAC inner hash: inner-key@0x55593e3d5be0 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55593e3d0098 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d52a0 | result: PRF HMAC inner hash-key@0x55593e3d7640 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d7640 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5288 | result: PRF HMAC inner hash-key@0x55593e3d7a20 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55593e3d7640 | PRF chunk interface: release inner-key@0x55593e3d5be0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d4130 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d5310 | result: result-key@0x55593e3d5be0 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d5be0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe993d52f8 | result: result-key@0x55593e3d7640 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55593e3d5be0 | PRF chunk interface: release hashed-inner-key@0x55593e3d7a20 | PRF chunk interface: release key-key@0x55593e3d4130 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55593e3d7640 (size 80) | PRF HMAC outer hash: outer-key@0x55593e3d7640 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x55593e3d0148 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface: release outer-key@0x55593e3d7640 | PRF chunk interface PRF md5 final-chunk@0x55593e3d0148 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | chunk output 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: key symkey-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: key symkey-key@0x55593e3d7640 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55593e3d4130 | PRF symkey interface PRF md5 init key symkey-key@0x55593e3d7640 (size 16) | PRF symkey interface: key symkey-key@0x55593e3d7640 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x55593e3d7640 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3d7640 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d52e0 | result: trimed key-key@0x55593e3d4130 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3d7640 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d4130 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d5320 | result: result-key@0x55593e3d7a20 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x55593e3cfef8 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5420 | result: message symkey-key@0x55593e3ce5b0 (66-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 50 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 50-bytes | base: base-key@0x55593e3ce5b0 (66-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5408 | result: message symkey-key@0x55593e3d5be0 (50-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55593e3ce5b0 | PRF symkey interface PRF md5 update symkey message-key@0x55593e3d5be0 (size 50) | PRF symkey interface: symkey message-key@0x55593e3d5be0 (50-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d7a20 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe993d5438 | result: result-key@0x55593e3ce5b0 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55593e3d7a20 | PRF HMAC inner hash hash md5 inner-key@0x55593e3ce5b0 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55593e3ce5b0 (size 114) | PRF HMAC inner hash: inner-key@0x55593e3ce5b0 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55593e3d0148 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d52c0 | result: PRF HMAC inner hash-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e34d080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d52a8 | result: PRF HMAC inner hash-key@0x55593e3d7a20 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55593e34d080 | PRF symkey interface: release inner-key@0x55593e3ce5b0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3d4130 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d5330 | result: result-key@0x55593e3ce5b0 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55593e3ce5b0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe993d5318 | result: result-key@0x55593e34d080 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55593e3ce5b0 | PRF symkey interface: release hashed-inner-key@0x55593e3d7a20 | PRF symkey interface: release key-key@0x55593e3d4130 | PRF HMAC outer hash hash md5 outer-key@0x55593e34d080 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55593e34d080 (size 80) | PRF HMAC outer hash: outer-key@0x55593e34d080 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x55593e3d0148 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d5380 | result: PRF HMAC outer hash-key@0x55593e3d7a20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55593e3d7a20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d5368 | result: PRF HMAC outer hash-key@0x55593e3d4130 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x55593e3d7a20 | PRF symkey interface: release outer-key@0x55593e34d080 | : hashed-outer-key@0x55593e3d4130 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x55593e3d4130 (size 16) | PRF symkey interface: key-key@0x55593e3d4130 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55593e3d4130 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 3 extracting all 16 bytes of key@0x55593e3d4130 | RFC 2104: MD5_HMAC test 3: symkey-key@0x55593e3d4130 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 3: new slot-key@0x55593e3d0e50 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1027190634: f5 84 a4 07 92 88 39 cc af eb 85 13 a7 a9 e1 52 | RFC 2104: MD5_HMAC test 3: release slot-key-key@0x55593e3d0e50 | RFC 2104: MD5_HMAC test 3 extracted len 16 bytes at 0x55593e3d0098 | unwrapped: 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | test_prf_vector: RFC 2104: MD5_HMAC test 3 passed | test_prf_vector: release symkey-key@0x55593e3d4130 | test_prf_vector: release message-key@0x55593e3d5be0 | test_prf_vector: release key-key@0x55593e3d7640 | test_prf_vector: release output-key@NULL 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 | starting up helper thread 0 | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting (nothing to do) started thread for crypto helper 1 | starting up helper thread 1 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) started thread for crypto helper 2 | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 2) 22 | crypto helper 2 waiting (nothing to do) started thread for crypto helper 3 started thread for crypto helper 4 | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 4 waiting (nothing to do) started thread for crypto helper 5 | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) started thread for crypto helper 6 | starting up helper thread 6 | checking IKEv1 state table | status value returned by setting the priority of this thread (crypto helper 6) 22 | crypto helper 6 waiting (nothing to do) | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 | starting up helper thread 3 | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55593e3cff48 | libevent_malloc: new ptr-libevent@0x55593e3b44a8 size 128 | libevent_malloc: new ptr-libevent@0x55593e3d0718 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55593e3d0a88 | libevent_malloc: new ptr-libevent@0x55593e372448 size 128 | libevent_malloc: new ptr-libevent@0x55593e3d0c08 size 16 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf20b (length 11) | 4b 41 4d 45 2f 72 61 63 6f 6f 6e | vendor id hash md5 final bytes@0x55593e3d0148 (length 16) | 70 03 cb c1 09 7d be 9c 26 00 ba 69 83 bc 8b 35 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c0000 (length 46) | 4e 4c 42 53 5f 50 52 45 53 45 4e 54 28 4e 4c 42 | 2f 4d 53 43 53 20 66 61 73 74 20 66 61 69 6c 6f | 76 65 72 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x55593e3d0188 (length 16) | ec 22 62 b5 12 32 63 83 67 12 3b ce 3d 37 3c 5e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c0030 (length 32) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 28 41 | 75 74 68 49 50 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x55593e3d0b68 (length 16) | 6f fe a4 ae ec 37 f4 9a 02 6f 97 cf b5 53 30 6d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf38e (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x55593e3d0758 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c0058 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x55593e3d0c48 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf3a0 (length 23) | 4d 69 63 72 6f 73 6f 66 74 20 58 62 6f 78 20 4f | 6e 65 20 32 30 31 33 | vendor id hash md5 final bytes@0x55593e3d0058 (length 16) | 8a a3 94 cf 8a 55 77 dc 31 10 c1 13 b0 27 a4 f2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf3b8 (length 22) | 58 62 6f 78 20 49 4b 45 76 32 20 4e 65 67 6f 74 | 69 61 74 69 6f 6e | vendor id hash md5 final bytes@0x55593e3d0a48 (length 16) | aa 28 1f cc d6 8c f8 a8 dc b8 5c c0 a7 10 40 2a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf3cf (length 28) | 4d 53 46 54 20 49 50 73 65 63 20 53 65 63 75 72 | 69 74 79 20 52 65 61 6c 6d 20 49 64 | vendor id hash md5 final bytes@0x55593e3d7b88 (length 16) | 68 6a 8c bd fe 63 4b 40 51 46 fb 2b af 33 e9 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c0080 (length 39) | 41 20 47 53 53 2d 41 50 49 20 41 75 74 68 65 6e | 74 69 63 61 74 69 6f 6e 20 4d 65 74 68 6f 64 20 | 66 6f 72 20 49 4b 45 | vendor id hash md5 final bytes@0x55593e3dcee8 (length 16) | ad 2c 0d d0 b9 c3 20 83 cc ba 25 b8 86 1e c4 55 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf3ec (length 6) | 47 53 53 41 50 49 | vendor id hash md5 final bytes@0x55593e3dcf28 (length 16) | 62 1b 04 bb 09 88 2a c1 e1 59 35 fe fa 24 ae ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf3f3 (length 12) | 53 53 48 20 53 65 6e 74 69 6e 65 6c | vendor id hash md5 final bytes@0x55593e3dcf68 (length 16) | 05 41 82 a0 7c 7a e2 06 f9 d2 cf 9d 24 32 c4 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf400 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 31 | vendor id hash md5 final bytes@0x55593e3dcfa8 (length 16) | b9 16 23 e6 93 ca 18 a5 4c 6a 27 78 55 23 05 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf411 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 32 | vendor id hash md5 final bytes@0x55593e3dcfe8 (length 16) | 54 30 88 8d e0 1a 31 a6 fa 8f 60 22 4e 44 99 58 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf422 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 33 | vendor id hash md5 final bytes@0x55593e3dd028 (length 16) | 7e e5 cb 85 f7 1c e2 59 c9 4a 5c 73 1e e4 e7 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf433 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | vendor id hash md5 final bytes@0x55593e3dd068 (length 16) | 63 d9 a1 a7 00 94 91 b5 a0 a6 fd eb 2a 82 84 f0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf444 (length 18) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | 2e 31 | vendor id hash md5 final bytes@0x55593e3dd0a8 (length 16) | eb 4b 0d 96 27 6b 4e 22 0a d1 62 21 a7 b2 a5 e6 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c00a8 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 30 | vendor id hash md5 final bytes@0x55593e3dd0e8 (length 16) | fb f4 76 14 98 40 31 fa 8e 3b b6 19 80 89 b2 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c00e0 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 31 | vendor id hash md5 final bytes@0x55593e3dd128 (length 16) | 19 52 dc 91 ac 20 f6 46 fb 01 cf 42 a3 3a ee 30 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c0118 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 32 | vendor id hash md5 final bytes@0x55593e3dd168 (length 16) | e8 bf fa 64 3e 5c 8f 2c d1 0f da 73 70 b6 eb e5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c0150 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 31 | vendor id hash md5 final bytes@0x55593e3dd1a8 (length 16) | c1 11 1b 2d ee 8c bc 3d 62 05 73 ec 57 aa b9 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c0188 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 32 | vendor id hash md5 final bytes@0x55593e3dd1e8 (length 16) | 09 ec 27 bf bc 09 c7 58 23 cf ec bf fe 56 5a 2e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c01c0 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 30 2e 30 | vendor id hash md5 final bytes@0x55593e3dd228 (length 16) | 7f 21 a5 96 e4 e3 18 f0 b2 f4 94 4c 23 84 cb 84 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c01f8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 30 | vendor id hash md5 final bytes@0x55593e3dd268 (length 16) | 28 36 d1 fd 28 07 bc 9e 5a e3 07 86 32 04 51 ec | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c0230 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 31 | vendor id hash md5 final bytes@0x55593e3dd2a8 (length 16) | a6 8d e7 56 a9 c5 22 9b ae 66 49 80 40 95 1a d5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c0268 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 32 | vendor id hash md5 final bytes@0x55593e3dd2e8 (length 16) | 3f 23 72 86 7e 23 7c 1c d8 25 0a 75 55 9c ae 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c02a0 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 30 | vendor id hash md5 final bytes@0x55593e3dd328 (length 16) | 0e 58 d5 77 4d f6 02 00 7d 0b 02 44 36 60 f7 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c02d8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 31 | vendor id hash md5 final bytes@0x55593e3dd368 (length 16) | f5 ce 31 eb c2 10 f4 43 50 cf 71 26 5b 57 38 0f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c0310 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x55593e3dd3a8 (length 16) | f6 42 60 af 2e 27 42 da dd d5 69 87 06 8a 99 a0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c0348 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x55593e3dd3e8 (length 16) | 7a 54 d3 bd b3 b1 e6 d9 23 89 20 64 be 2d 98 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c0380 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x55593e3dd428 (length 16) | 9a a1 f3 b4 34 72 a4 5d 5f 50 6a eb 26 0c f2 14 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c03b8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x55593e3dd468 (length 16) | 68 80 c7 d0 26 09 91 14 e4 86 c5 54 30 e7 ab ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c03f0 (length 41) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 50 4c 55 54 4f 5f 53 45 4e 44 53 | 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7ffe993d5500 (length 16) | 44 76 1b d7 6b 80 85 41 74 87 ee 8a 51 cf fc f3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c0420 (length 53) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 50 4c 55 54 4f 5f 53 45 4e 44 53 5f 56 45 4e | 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7ffe993d5500 (length 16) | b7 0e 8a c3 92 b1 6e 05 48 2f c4 dc 36 10 91 68 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c0458 (length 58) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 4c 44 41 50 20 50 4c 55 54 4f 5f 53 45 4e 44 | 53 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7ffe993d5500 (length 16) | 97 1d ea 93 c3 c2 06 74 f9 ae 35 40 83 de 3e 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf531 (length 14) | 4f 70 65 6e 73 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x7ffe993d5500 (length 16) | 08 72 0b ee 9e 28 95 3c e0 8f 0a 18 b6 e2 9d da | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c04c0 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 31 | vendor id hash md5 final bytes@0x55593e3dd628 (length 16) | 27 ba b5 dc 01 ea 07 60 ea 4e 31 90 ac 27 c0 d0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c04e8 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 32 | vendor id hash md5 final bytes@0x55593e3dd668 (length 16) | 61 05 c4 22 e7 68 47 e4 3f 96 84 80 12 92 ae cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf559 (length 10) | 45 53 50 54 68 72 75 4e 41 54 | vendor id hash md5 final bytes@0x55593e3dd6a8 (length 16) | 50 76 0f 62 4c 63 e5 c5 3e ea 38 6c 68 5c a0 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c0510 (length 38) | 64 72 61 66 74 2d 68 75 74 74 75 6e 65 6e 2d 69 | 70 73 65 63 2d 65 73 70 2d 69 6e 2d 75 64 70 2d | 30 30 2e 74 78 74 | vendor id hash md5 final bytes@0x55593e3dd6e8 (length 16) | 6a 74 34 c1 9d 7e 36 34 80 90 a0 23 34 c9 c8 05 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf564 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 30 | vendor id hash md5 final bytes@0x55593e3dd728 (length 16) | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf582 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 31 | vendor id hash md5 final bytes@0x55593e3dd768 (length 16) | 16 f6 ca 16 e4 a4 06 6d 83 82 1a 0f 0a ea a8 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf5a0 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 | vendor id hash md5 final bytes@0x55593e3dd7a8 (length 16) | cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c0538 (length 30) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 0a | vendor id hash md5 final bytes@0x55593e3dd7e8 (length 16) | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf5be (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 33 | vendor id hash md5 final bytes@0x55593e3dd828 (length 16) | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf5dc (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 34 | vendor id hash md5 final bytes@0x55593e3dd868 (length 16) | 99 09 b6 4e ed 93 7c 65 73 de 52 ac e9 52 fa 6b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf5fa (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 35 | vendor id hash md5 final bytes@0x55593e3dd8a8 (length 16) | 80 d0 bb 3d ef 54 56 5e e8 46 45 d4 c8 5c e3 ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf618 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 36 | vendor id hash md5 final bytes@0x55593e3dd8e8 (length 16) | 4d 1e 0e 13 6d ea fa 34 c4 f3 ea 9f 02 ec 72 85 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf636 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 37 | vendor id hash md5 final bytes@0x55593e3dd928 (length 16) | 43 9b 59 f8 ba 67 6c 4c 77 37 ae 22 ea b8 f5 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf654 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 38 | vendor id hash md5 final bytes@0x55593e3dd968 (length 16) | 8f 8d 83 82 6d 24 6b 6f c7 a8 a6 a4 28 c1 1d e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf672 (length 26) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 | vendor id hash md5 final bytes@0x55593e3dd9a8 (length 16) | 4d f3 79 28 e9 fc 4f d1 b3 26 21 70 d5 15 c6 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf68d (length 8) | 52 46 43 20 33 39 34 37 | vendor id hash md5 final bytes@0x55593e3dd9e8 (length 16) | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c84f9 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x55593e3ddaa8 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf73d (length 19) | 56 69 64 2d 49 6e 69 74 69 61 6c 2d 43 6f 6e 74 | 61 63 74 | vendor id hash md5 final bytes@0x55593e3ddae8 (length 16) | 26 24 4d 38 ed db 61 b3 17 2a 36 e3 d0 cf b8 19 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c0058 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x55593e3ddb28 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf38e (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x55593e3ddb68 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf751 (length 14) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 | vendor id hash md5 final bytes@0x55593e3ddba8 (length 16) | 21 4c a4 fa ff a7 f3 2d 67 48 e5 30 33 95 ae 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3ae8dd (length 10) | 73 74 72 6f 6e 67 53 77 61 6e | vendor id hash md5 final bytes@0x55593e3ddbe8 (length 16) | 88 2f e5 6d 6f d2 0d bc 22 51 61 3b 2e be 5b eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf760 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x55593e3ddc28 (length 16) | 2c e9 c9 46 a4 c8 79 bf 11 b5 0b 76 cc 56 92 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf771 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x55593e3ddc68 (length 16) | 9d bb af cf 1d b0 dd 59 5a e0 65 29 40 03 ad 3e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf782 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 32 | vendor id hash md5 final bytes@0x55593e3ddca8 (length 16) | 77 e8 ee a6 f5 56 a4 99 de 3f fe 7f 7f 95 66 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf793 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 33 | vendor id hash md5 final bytes@0x55593e3ddce8 (length 16) | b1 81 b1 8e 11 4f c2 09 b3 c6 e2 6c 3a 80 71 8e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf7a4 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 34 | vendor id hash md5 final bytes@0x55593e3ddd28 (length 16) | 1e f2 83 f8 35 49 b5 ff 96 08 b6 d6 34 f8 4d 75 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf7b5 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 35 | vendor id hash md5 final bytes@0x55593e3ddd68 (length 16) | dd 18 0d 21 e5 ce 65 5a 76 8b a3 22 11 dd 8a d9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf7c6 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 36 | vendor id hash md5 final bytes@0x55593e3ddda8 (length 16) | 4c 90 13 69 46 57 7b 51 91 9d 8d 9a 6b 8e 4a 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf7d7 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 37 | vendor id hash md5 final bytes@0x55593e3ddde8 (length 16) | ab 07 46 22 1c c8 fd 0d 52 38 f7 3a 9b 3d a5 57 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf7e8 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x55593e3dde28 (length 16) | 47 94 ce f6 84 34 22 98 0d 1a 3d 06 af 41 c5 cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf7f9 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | vendor id hash md5 final bytes@0x55593e3dde68 (length 16) | d3 f1 c4 88 c3 68 17 5d 5f 40 a8 f5 ca 5f 5e 12 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf80a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 32 | vendor id hash md5 final bytes@0x55593e3ddea8 (length 16) | 15 a1 ac e7 ee 52 fd df ef 04 f9 28 db 2d d1 34 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf81b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 33 | vendor id hash md5 final bytes@0x55593e3ddee8 (length 16) | 58 49 ab 6d 8b ea bd 6e 4d 09 e5 a3 b8 8c 08 9a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf82c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 34 | vendor id hash md5 final bytes@0x55593e3ddf28 (length 16) | 31 2f 9c b1 a6 b9 0e 19 de 75 28 c9 04 ac 30 87 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf83d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 35 | vendor id hash md5 final bytes@0x55593e3ddf68 (length 16) | bf 0f bf 73 06 eb b7 82 70 42 d8 93 53 98 86 e2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf84e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 36 | vendor id hash md5 final bytes@0x55593e3ddfa8 (length 16) | d1 96 83 36 8a f4 b0 ed c2 1c cd e9 82 b1 d1 b0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf85f (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 37 | vendor id hash md5 final bytes@0x55593e3ddfe8 (length 16) | ea 84 0a a4 df c9 71 2d 6c 32 b5 a1 6e b3 29 a3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf870 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 38 | vendor id hash md5 final bytes@0x55593e3de028 (length 16) | 66 a2 04 55 07 c1 19 da 78 a4 66 62 59 cd ea 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf881 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 39 | vendor id hash md5 final bytes@0x55593e3de068 (length 16) | 78 fd d2 87 de f0 1a 3f 07 4b 53 69 ea b4 fd 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf892 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 30 | vendor id hash md5 final bytes@0x55593e3de0a8 (length 16) | bf 3a 89 ae 5b ef 8e 72 d4 4d ac 8b b8 8d 7d 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf8a4 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 31 | vendor id hash md5 final bytes@0x55593e3de0e8 (length 16) | b7 bd 9f 2f 97 8e 32 59 a7 aa 9f 7a 13 96 ad 6c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf8b6 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x55593e3de128 (length 16) | 9f 68 90 13 25 a9 72 89 43 35 30 2a 95 31 ab 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf8c7 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 31 | vendor id hash md5 final bytes@0x55593e3de168 (length 16) | ba b2 53 f4 cb 10 a8 10 8a 7c 92 7c 56 c8 78 86 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf8d8 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 32 | vendor id hash md5 final bytes@0x55593e3de1a8 (length 16) | 2a 51 7d 0d 23 c3 7d 08 bc e7 c2 92 a0 21 7b 39 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf8e9 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 33 | vendor id hash md5 final bytes@0x55593e3de1e8 (length 16) | 2d 1f 40 61 18 fb d5 d2 84 74 79 1f fa 00 48 8a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf8fa (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 38 | vendor id hash md5 final bytes@0x55593e3de228 (length 16) | 8c 4a 3b cb 72 9b 11 f7 03 d2 2a 5b 39 64 0c a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf90b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 37 | vendor id hash md5 final bytes@0x55593e3de268 (length 16) | 3a 0d 4e 7c a4 e4 92 ed 4d fe 47 6d 1a c6 01 8b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf91c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 36 | vendor id hash md5 final bytes@0x55593e3de2a8 (length 16) | fe 3f 49 70 6e 26 a9 fb 36 a8 7b fc e9 ea 36 ce | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf92d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 35 | vendor id hash md5 final bytes@0x55593e3de2e8 (length 16) | 4c 7e fa 31 b3 9e 51 04 32 a3 17 57 0d 97 bb b9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf93e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 34 | vendor id hash md5 final bytes@0x55593e3de328 (length 16) | 76 c7 2b fd 39 84 24 dd 00 1b 86 d0 01 2f e0 61 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf94f (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 33 | vendor id hash md5 final bytes@0x55593e3de368 (length 16) | fb 46 41 ad 0e eb 2a 34 49 1d 15 f4 ef f5 10 63 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf960 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 32 | vendor id hash md5 final bytes@0x55593e3de3a8 (length 16) | 29 99 32 27 7b 7d fe 38 2c e2 34 65 33 3a 7d 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf971 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 31 | vendor id hash md5 final bytes@0x55593e3de3e8 (length 16) | e3 7f 2d 5b a8 9a 62 cd 20 2e e2 7d ac 06 c8 a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf982 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 30 | vendor id hash md5 final bytes@0x55593e3de428 (length 16) | 32 f0 e9 b9 c0 6d fe 8c 9a d5 59 9a 63 69 71 a1 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf993 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 33 | vendor id hash md5 final bytes@0x55593e3de468 (length 16) | 7f 50 cc 4e bf 04 c2 d9 da 73 ab fd 69 b7 7a a2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf9a4 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 32 | vendor id hash md5 final bytes@0x55593e3de4a8 (length 16) | a1 94 e2 aa dd d0 ba fb 95 25 3d d9 6d c7 33 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf9b5 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 31 | vendor id hash md5 final bytes@0x55593e3de4e8 (length 16) | 81 34 87 85 82 12 17 85 ba 65 ea 34 5d 6b a7 24 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf9c6 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 30 | vendor id hash md5 final bytes@0x55593e3de528 (length 16) | 07 fa 12 8e 47 54 f9 44 7b 1d d4 63 74 ee f3 60 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf9d7 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 34 | vendor id hash md5 final bytes@0x55593e3de568 (length 16) | b9 27 f9 52 19 a0 fe 36 00 db a3 c1 18 2a e5 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf9e8 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 33 | vendor id hash md5 final bytes@0x55593e3de5a8 (length 16) | b2 86 0e 78 37 f7 11 be f3 d0 ee b1 06 87 2d ed | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bf9f9 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 32 | vendor id hash md5 final bytes@0x55593e3de5e8 (length 16) | 5b 1c d6 fe 7d 05 0e da 6c 93 87 1c 10 7d b3 d2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfa0a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 31 | vendor id hash md5 final bytes@0x55593e3de628 (length 16) | 66 af bc 12 bb fe 6c e1 08 b1 f6 9f 4b c9 17 b7 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfa1b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 30 | vendor id hash md5 final bytes@0x55593e3de668 (length 16) | 3f 32 66 49 9f fd bd 85 95 0e 70 22 98 06 28 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfa2c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 37 | vendor id hash md5 final bytes@0x55593e3de6a8 (length 16) | 1f 44 42 29 6b 83 d7 e3 3a 8b 45 20 9b a0 e5 90 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfa3d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 36 | vendor id hash md5 final bytes@0x55593e3de6e8 (length 16) | 3c 5e ba 3d 85 64 92 8e 32 ae 43 c3 d9 92 4d ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfa4e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 35 | vendor id hash md5 final bytes@0x55593e3de728 (length 16) | 3f 26 7e d6 21 ad a7 ee 6c 7d 88 93 cc b0 b1 4b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfa5f (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 34 | vendor id hash md5 final bytes@0x55593e3de768 (length 16) | 7a 6b f5 b7 df 89 64 2a 75 a7 8e f7 d6 57 c1 c0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfa70 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 33 | vendor id hash md5 final bytes@0x55593e3de7a8 (length 16) | df 5b 1f 0f 1d 56 79 d9 f8 51 2b 16 c5 5a 60 65 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfa81 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 32 | vendor id hash md5 final bytes@0x55593e3de7e8 (length 16) | 86 1c e5 eb 72 16 4b 19 0e 9e 62 9a 31 cf 49 01 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfa92 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 31 | vendor id hash md5 final bytes@0x55593e3de828 (length 16) | 9a 4a 46 48 f6 0f 8e da 7c fc bf e2 71 ee 5b 7d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfaa3 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 30 | vendor id hash md5 final bytes@0x55593e3de868 (length 16) | 9e b3 d9 07 ed 7a da 4e 3c bc ac b9 17 ab c8 e4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfab4 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 34 | vendor id hash md5 final bytes@0x55593e3de8a8 (length 16) | 48 5a 70 36 1b 44 33 b3 1d ea 1c 6b e0 df 24 3e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfac5 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 33 | vendor id hash md5 final bytes@0x55593e3de8e8 (length 16) | 98 2b 7a 06 3a 33 c1 43 a8 ea dc 88 24 9f 6b cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfad6 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 32 | vendor id hash md5 final bytes@0x55593e3de928 (length 16) | e7 a3 fd 0c 6d 77 1a 8f 1b 8a 86 a4 16 9c 9e a4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfae7 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 31 | vendor id hash md5 final bytes@0x55593e3de968 (length 16) | 75 b0 65 3c b2 81 eb 26 d3 1e de 38 c8 e1 e2 28 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfaf8 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 30 | vendor id hash md5 final bytes@0x55593e3de9a8 (length 16) | e8 29 c8 81 49 ba b3 c0 ce e8 5d a6 0e 18 ae 9b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfb09 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 32 | vendor id hash md5 final bytes@0x55593e3de9e8 (length 16) | 42 a4 83 4c 92 ab 9a 77 77 06 3a fa 25 4b cb 69 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfb1a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 31 | vendor id hash md5 final bytes@0x55593e3dea28 (length 16) | f6 97 c1 af cc 2e c8 dd cd f9 9d c7 af 03 a6 7f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfb2b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 30 | vendor id hash md5 final bytes@0x55593e3dea68 (length 16) | b8 f9 2b 2f a2 d3 fe 5f e1 58 34 4b da 1c c6 ae | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfb3c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 32 | vendor id hash md5 final bytes@0x55593e3deaa8 (length 16) | 99 dc 7c c8 23 37 6b 3b 33 d0 43 57 89 6a e0 7b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfb4d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 31 | vendor id hash md5 final bytes@0x55593e3deae8 (length 16) | d9 11 8b 1e 9d e5 ef ce d9 cc 9d 88 3f 21 68 ff | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3bfb5e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x55593e3deb28 (length 16) | 85 b6 cb ec 48 0d 5c 8c d9 88 2c 82 5a c2 c2 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55593d3c84f9 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x55593e3deb68 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55593e3d0af8 | libevent_malloc: new ptr-libevent@0x55593e3dce38 size 128 | libevent_malloc: new ptr-libevent@0x55593e3e8008 size 16 | libevent_realloc: new ptr-libevent@0x55593e3e8048 size 256 | libevent_malloc: new ptr-libevent@0x55593e3e8178 size 8 | libevent_realloc: new ptr-libevent@0x55593e3e81b8 size 144 | libevent_malloc: new ptr-libevent@0x55593e36ffa8 size 152 | libevent_malloc: new ptr-libevent@0x55593e3e8278 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x55593e3e82b8 size 8 | libevent_malloc: new ptr-libevent@0x55593e373f38 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x55593e3e82f8 size 8 | libevent_malloc: new ptr-libevent@0x55593e3e8338 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x55593e3e8408 size 8 | libevent_realloc: release ptr-libevent@0x55593e3e81b8 | libevent_realloc: new ptr-libevent@0x55593e3e8448 size 256 | libevent_malloc: new ptr-libevent@0x55593e3e8578 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:25845) using fork+execve | forked child 25845 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.23:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.2.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x55593e3e8b58 | libevent_malloc: new ptr-libevent@0x55593e3dcd88 size 128 | libevent_malloc: new ptr-libevent@0x55593e3e8bc8 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x55593e3e8c08 | libevent_malloc: new ptr-libevent@0x55593e370898 size 128 | libevent_malloc: new ptr-libevent@0x55593e3e8c78 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x55593e3e8cb8 | libevent_malloc: new ptr-libevent@0x55593e372ed8 size 128 | libevent_malloc: new ptr-libevent@0x55593e3e8d28 size 16 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x55593e3e8d68 | libevent_malloc: new ptr-libevent@0x55593e373aa8 size 128 | libevent_malloc: new ptr-libevent@0x55593e3e8dd8 size 16 | setup callback for interface eth0 192.0.2.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x55593e3e8e18 | libevent_malloc: new ptr-libevent@0x55593e3474e8 size 128 | libevent_malloc: new ptr-libevent@0x55593e3e8e88 size 16 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x55593e3e8ec8 | libevent_malloc: new ptr-libevent@0x55593e3471d8 size 128 | libevent_malloc: new ptr-libevent@0x55593e3e8f38 size 16 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x55593e342b58) PKK_PSK: @east | id type added to secret(0x55593e342b58) PKK_PSK: @west | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.616 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 | no interfaces to sort | libevent_free: release ptr-libevent@0x55593e3dcd88 | free_event_entry: release EVENT_NULL-pe@0x55593e3e8b58 | add_fd_read_event_handler: new ethX-pe@0x55593e3e8b58 | libevent_malloc: new ptr-libevent@0x55593e3dcd88 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x55593e370898 | free_event_entry: release EVENT_NULL-pe@0x55593e3e8c08 | add_fd_read_event_handler: new ethX-pe@0x55593e3e8c08 | libevent_malloc: new ptr-libevent@0x55593e370898 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x55593e372ed8 | free_event_entry: release EVENT_NULL-pe@0x55593e3e8cb8 | add_fd_read_event_handler: new ethX-pe@0x55593e3e8cb8 | libevent_malloc: new ptr-libevent@0x55593e372ed8 size 128 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | libevent_free: release ptr-libevent@0x55593e373aa8 | free_event_entry: release EVENT_NULL-pe@0x55593e3e8d68 | add_fd_read_event_handler: new ethX-pe@0x55593e3e8d68 | libevent_malloc: new ptr-libevent@0x55593e373aa8 size 128 | setup callback for interface eth0 192.0.2.254:500 fd 19 | libevent_free: release ptr-libevent@0x55593e3474e8 | free_event_entry: release EVENT_NULL-pe@0x55593e3e8e18 | add_fd_read_event_handler: new ethX-pe@0x55593e3e8e18 | libevent_malloc: new ptr-libevent@0x55593e3474e8 size 128 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | libevent_free: release ptr-libevent@0x55593e3471d8 | free_event_entry: release EVENT_NULL-pe@0x55593e3e8ec8 | add_fd_read_event_handler: new ethX-pe@0x55593e3e8ec8 | libevent_malloc: new ptr-libevent@0x55593e3471d8 size 128 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x55593e342b58) PKK_PSK: @east | id type added to secret(0x55593e342b58) PKK_PSK: @west | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.346 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 25845 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0173 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection east with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048, 3DES_CBC-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048,3des-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048, 3DES_CBC-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none | new hp@0x55593e3ea108 added connection description "east" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.115 milliseconds in whack | spent 0.00266 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | a3 28 a4 06 50 ac 66 0b 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 df 79 23 e4 c4 b5 a3 bb 68 a4 38 4e | f5 a7 89 76 a6 38 f1 dd 94 3d 84 32 7f bd 5b 8e | 41 b1 e9 44 c9 46 2b a9 b1 0f ef 1a cb 28 27 3c | 6a 08 f3 1c 77 96 22 93 16 e0 d0 71 27 d0 b4 2a | 27 42 06 85 f1 3a b4 e2 4e e3 fc db 29 f6 bf e6 | 5e b7 39 51 14 8d 55 b5 e4 8e 58 9e c3 21 45 e5 | 2e 67 37 cc 34 89 d1 57 ac fc fc 71 ac 2c 92 98 | 57 b9 3b e0 d8 4a 2a 68 e2 c3 db 19 7a ff 14 a2 | 4d 2e 62 bf 44 0a b5 95 ae 6b ea da 2c ac 7d 55 | 48 60 53 8a ba 56 67 53 1c 76 d4 fc ad d4 48 9f | b1 aa 23 95 56 2f 20 62 a4 3e 63 44 eb 95 37 f2 | 89 28 9d 85 35 20 20 f2 0f 6b 71 7b b4 39 62 19 | c7 db 8c 45 99 b7 a4 f9 9e d3 9e c4 82 ee 33 07 | 9b c9 30 fc 8d 8d c3 34 f3 7a bb e3 73 86 c9 29 | f7 04 bc ef 9e 5e a7 51 ff 98 c5 84 d7 4b 12 c4 | d7 7e 20 f4 9d e4 1a e2 89 cb 3a 76 22 67 84 66 | 28 17 75 d9 29 00 00 24 0a aa aa 01 3e 47 4d 47 | d6 3c 56 77 62 da 3f 80 b5 ed d0 59 c2 a9 fc 2c | 23 c9 31 e0 a1 e9 87 47 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 07 0d a8 32 c3 4e 46 ac | 17 8b 05 71 15 fc 70 d2 4f f7 f1 09 00 00 00 1c | 00 00 40 05 9e b9 c7 9f 46 b9 92 aa 21 77 d0 5e | 25 74 32 d7 ab fb 96 35 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a3 28 a4 06 50 ac 66 0b | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x55593e3ea5d8 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x55593d434700 (length 32) | c4 5b 99 07 46 d6 b8 54 7e b5 91 29 51 b8 2a 78 | a9 67 8c 5b f0 7f 01 45 df c1 c8 27 69 7e 9f f4 | IKE SPIr hash sha2_256 digest counter-bytes@0x55593d4346e0 (length 4) | 01 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7ffe993d3d80 (length 32) | 7b 9b 0e b0 51 12 e9 cd cb 94 42 f0 15 fb 8b 85 | 98 45 47 01 94 5f 68 e9 08 f5 0e 5a d2 9d e4 32 | creating state object #1 at 0x55593e3ebde8 | State DB: adding IKEv2 state #1 in UNDEFINED | pstats #1 ikev2.ike started | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #1 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #1 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | constructing local IKE proposals for east (IKE SA responder matching remote proposals) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting ike_info 3DES_CBC-HMAC_SHA1-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_IKE 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east": constructed local IKE proposals for east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #1: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | df 79 23 e4 c4 b5 a3 bb 68 a4 38 4e f5 a7 89 76 | a6 38 f1 dd 94 3d 84 32 7f bd 5b 8e 41 b1 e9 44 | c9 46 2b a9 b1 0f ef 1a cb 28 27 3c 6a 08 f3 1c | 77 96 22 93 16 e0 d0 71 27 d0 b4 2a 27 42 06 85 | f1 3a b4 e2 4e e3 fc db 29 f6 bf e6 5e b7 39 51 | 14 8d 55 b5 e4 8e 58 9e c3 21 45 e5 2e 67 37 cc | 34 89 d1 57 ac fc fc 71 ac 2c 92 98 57 b9 3b e0 | d8 4a 2a 68 e2 c3 db 19 7a ff 14 a2 4d 2e 62 bf | 44 0a b5 95 ae 6b ea da 2c ac 7d 55 48 60 53 8a | ba 56 67 53 1c 76 d4 fc ad d4 48 9f b1 aa 23 95 | 56 2f 20 62 a4 3e 63 44 eb 95 37 f2 89 28 9d 85 | 35 20 20 f2 0f 6b 71 7b b4 39 62 19 c7 db 8c 45 | 99 b7 a4 f9 9e d3 9e c4 82 ee 33 07 9b c9 30 fc | 8d 8d c3 34 f3 7a bb e3 73 86 c9 29 f7 04 bc ef | 9e 5e a7 51 ff 98 c5 84 d7 4b 12 c4 d7 7e 20 f4 | 9d e4 1a e2 89 cb 3a 76 22 67 84 66 28 17 75 d9 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3780 (length 8) | a3 28 a4 06 50 ac 66 0b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3788 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe993d3714 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe993d3706 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3790 (length 20) | 9e b9 c7 9f 46 b9 92 aa 21 77 d0 5e 25 74 32 d7 | ab fb 96 35 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= a3 28 a4 06 50 ac 66 0b | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 9e b9 c7 9f 46 b9 92 aa 21 77 d0 5e 25 74 32 d7 | natd_hash: hash= ab fb 96 35 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3780 (length 8) | a3 28 a4 06 50 ac 66 0b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3788 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe993d3714 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe993d3706 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d37b0 (length 20) | 07 0d a8 32 c3 4e 46 ac 17 8b 05 71 15 fc 70 d2 | 4f f7 f1 09 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= a3 28 a4 06 50 ac 66 0b | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 07 0d a8 32 c3 4e 46 ac 17 8b 05 71 15 fc 70 d2 | natd_hash: hash= 4f f7 f1 09 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 1 for state #1 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55593e3eb9c8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55593e3ed858 size 128 | #1 spent 0.389 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | crypto helper 0 resuming | crypto helper 0 starting work-order 1 for state #1 | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #1 and saving MD | #1 is busy; has a suspended MD | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 0.87 milliseconds in ikev2_process_packet() | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | spent 0.887 milliseconds in comm_handle_cb() reading and processing packet | DH secret MODP2048@0x7f8498003a28: created | NSS: Local DH MODP2048 secret (pointer): 0x7f8498003a28 | NSS: Public DH wire value: | d0 db 04 80 65 00 a0 5c 69 4d 35 20 9c 62 ab d0 | e0 c3 60 6d 69 99 4c 35 6d ce 81 a0 aa 2a 5b 30 | 0e fc 7e 89 5d 74 e4 10 ce 3f f3 9d 63 6f ca 90 | 26 c5 47 4a a9 97 7b 3a 2b 03 23 ce 1d 39 ba 98 | 67 0a 84 22 d0 82 38 df d2 7f 10 30 3d fa d6 b9 | 82 f6 ac cc 36 d6 44 7e 40 c7 13 9a c9 9e 10 e6 | a9 fe 1c 41 e8 34 91 39 d0 54 cd 0a cd 0d 3c c3 | 60 83 51 3b 14 ab 0d 3d 75 cc d9 1a 90 87 d1 99 | 21 0e f4 99 23 2b dd 81 19 12 9a 4d 59 ea 0e ff | c7 f1 29 50 3a 00 e6 58 e2 a1 80 38 49 53 7e cf | 10 6e 13 ea 1f 02 0d 1f 36 ea 2e dc b6 27 22 93 | 54 60 ae 07 d5 94 7c f8 4b 6b dd 40 60 68 8c f9 | 9d 0c d3 be 3b 58 48 38 6d d0 75 6e ee f8 89 e5 | c5 ad 98 90 5e 09 e4 63 cf b6 90 52 88 ca 16 ef | dc 87 19 4f 4a 78 a0 9c 8e 1e af f8 e4 90 ff 7c | 46 e2 40 43 e9 36 7b 14 31 30 b3 86 55 5e 08 f9 | Generated nonce: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | Generated nonce: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000737 seconds | (#1) spent 0.726 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) | crypto helper 0 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f8498002888 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 1 | calling continuation function 0x55593d342b50 | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | a3 28 a4 06 50 ac 66 0b | responder cookie: | 7b 9b 0e b0 51 12 e9 cd | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f8498003a28: transferring ownership from helper KE to state #1 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x d0 db 04 80 65 00 a0 5c 69 4d 35 20 9c 62 ab d0 | ikev2 g^x e0 c3 60 6d 69 99 4c 35 6d ce 81 a0 aa 2a 5b 30 | ikev2 g^x 0e fc 7e 89 5d 74 e4 10 ce 3f f3 9d 63 6f ca 90 | ikev2 g^x 26 c5 47 4a a9 97 7b 3a 2b 03 23 ce 1d 39 ba 98 | ikev2 g^x 67 0a 84 22 d0 82 38 df d2 7f 10 30 3d fa d6 b9 | ikev2 g^x 82 f6 ac cc 36 d6 44 7e 40 c7 13 9a c9 9e 10 e6 | ikev2 g^x a9 fe 1c 41 e8 34 91 39 d0 54 cd 0a cd 0d 3c c3 | ikev2 g^x 60 83 51 3b 14 ab 0d 3d 75 cc d9 1a 90 87 d1 99 | ikev2 g^x 21 0e f4 99 23 2b dd 81 19 12 9a 4d 59 ea 0e ff | ikev2 g^x c7 f1 29 50 3a 00 e6 58 e2 a1 80 38 49 53 7e cf | ikev2 g^x 10 6e 13 ea 1f 02 0d 1f 36 ea 2e dc b6 27 22 93 | ikev2 g^x 54 60 ae 07 d5 94 7c f8 4b 6b dd 40 60 68 8c f9 | ikev2 g^x 9d 0c d3 be 3b 58 48 38 6d d0 75 6e ee f8 89 e5 | ikev2 g^x c5 ad 98 90 5e 09 e4 63 cf b6 90 52 88 ca 16 ef | ikev2 g^x dc 87 19 4f 4a 78 a0 9c 8e 1e af f8 e4 90 ff 7c | ikev2 g^x 46 e2 40 43 e9 36 7b 14 31 30 b3 86 55 5e 08 f9 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | IKEv2 nonce 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3cc0 (length 8) | a3 28 a4 06 50 ac 66 0b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3cc8 (length 8) | 7b 9b 0e b0 51 12 e9 cd | NATD hash sha digest IP addr-bytes@0x7ffe993d3bf4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe993d3be6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3c70 (length 20) | c5 81 9c a4 d4 6a d6 f6 4b 57 94 1f c1 7a 29 01 | 0c 52 ec 7c | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= a3 28 a4 06 50 ac 66 0b | natd_hash: rcookie= 7b 9b 0e b0 51 12 e9 cd | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= c5 81 9c a4 d4 6a d6 f6 4b 57 94 1f c1 7a 29 01 | natd_hash: hash= 0c 52 ec 7c | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data c5 81 9c a4 d4 6a d6 f6 4b 57 94 1f c1 7a 29 01 | Notify data 0c 52 ec 7c | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3cc0 (length 8) | a3 28 a4 06 50 ac 66 0b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3cc8 (length 8) | 7b 9b 0e b0 51 12 e9 cd | NATD hash sha digest IP addr-bytes@0x7ffe993d3bf4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe993d3be6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3c70 (length 20) | b9 bc 98 30 c9 88 f3 a4 fc 6b 26 72 3f e1 8f c2 | 7b 32 43 82 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= a3 28 a4 06 50 ac 66 0b | natd_hash: rcookie= 7b 9b 0e b0 51 12 e9 cd | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= b9 bc 98 30 c9 88 f3 a4 fc 6b 26 72 3f e1 8f c2 | natd_hash: hash= 7b 32 43 82 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data b9 bc 98 30 c9 88 f3 a4 fc 6b 26 72 3f e1 8f c2 | Notify data 7b 32 43 82 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #1 to 0 after switching state | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 d0 db 04 80 65 00 a0 5c 69 4d 35 20 | 9c 62 ab d0 e0 c3 60 6d 69 99 4c 35 6d ce 81 a0 | aa 2a 5b 30 0e fc 7e 89 5d 74 e4 10 ce 3f f3 9d | 63 6f ca 90 26 c5 47 4a a9 97 7b 3a 2b 03 23 ce | 1d 39 ba 98 67 0a 84 22 d0 82 38 df d2 7f 10 30 | 3d fa d6 b9 82 f6 ac cc 36 d6 44 7e 40 c7 13 9a | c9 9e 10 e6 a9 fe 1c 41 e8 34 91 39 d0 54 cd 0a | cd 0d 3c c3 60 83 51 3b 14 ab 0d 3d 75 cc d9 1a | 90 87 d1 99 21 0e f4 99 23 2b dd 81 19 12 9a 4d | 59 ea 0e ff c7 f1 29 50 3a 00 e6 58 e2 a1 80 38 | 49 53 7e cf 10 6e 13 ea 1f 02 0d 1f 36 ea 2e dc | b6 27 22 93 54 60 ae 07 d5 94 7c f8 4b 6b dd 40 | 60 68 8c f9 9d 0c d3 be 3b 58 48 38 6d d0 75 6e | ee f8 89 e5 c5 ad 98 90 5e 09 e4 63 cf b6 90 52 | 88 ca 16 ef dc 87 19 4f 4a 78 a0 9c 8e 1e af f8 | e4 90 ff 7c 46 e2 40 43 e9 36 7b 14 31 30 b3 86 | 55 5e 08 f9 29 00 00 24 61 2b 76 d7 49 cb 1d ff | 6a 1d 86 dd a0 e1 7e be 4a fa 5b 19 60 19 34 a0 | 4d c8 e0 fc 90 50 2e 09 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 c5 81 9c a4 d4 6a d6 f6 | 4b 57 94 1f c1 7a 29 01 0c 52 ec 7c 00 00 00 1c | 00 00 40 05 b9 bc 98 30 c9 88 f3 a4 fc 6b 26 72 | 3f e1 8f c2 7b 32 43 82 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55593e3ed858 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55593e3eb9c8 | event_schedule: new EVENT_SO_DISCARD-pe@0x55593e3eb9c8 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 | libevent_malloc: new ptr-libevent@0x55593e3ee828 size 128 | resume sending helper answer for #1 suppresed complete_v2_state_transition() | #1 spent 0.351 milliseconds in resume sending helper answer | stop processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f8498002888 | spent 0.00344 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 220 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 49 be 68 39 fb fb 25 e9 27 dd 38 48 54 43 da fc | 51 6d 37 26 56 88 d5 48 4b cd f5 98 d4 b6 89 06 | 88 b6 e9 12 ea 83 f7 4f 68 3b 73 ba cc 2d 0a 6e | a5 09 57 a5 58 62 40 a2 ac 8e bb 46 6d 6b 70 f9 | 92 a4 e9 ab b0 15 94 f8 d7 43 35 50 05 8f 64 5a | 34 85 2a d1 ef aa 28 a8 82 65 49 db 89 7d a5 aa | 8a 3b e4 00 cc b4 4b 5a b7 23 42 fe 8b 83 0c d3 | 8b 04 83 1d 89 eb a2 fc a7 36 f9 0f 6c c3 3c 52 | f0 e6 a9 df 1f 91 76 e4 18 48 6b dc fb fa 44 6e | 8a 5a ab 43 c1 7a 50 e7 ef f8 3c ce ab 88 d0 fa | 9f 80 47 48 10 25 45 39 78 61 68 04 e3 60 9e 78 | 8c a0 cd fd 5a 4e a8 7f ed 96 19 b2 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a3 28 a4 06 50 ac 66 0b | responder cookie: | 7b 9b 0e b0 51 12 e9 cd | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 220 (0xdc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 192 (0xc0) | processing payload: ISAKMP_NEXT_v2SK (len=188) | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #1 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f8498003a28: transferring ownership from state #1 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 2 for state #1 | state #1 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x55593e3ee828 | free_event_entry: release EVENT_SO_DISCARD-pe@0x55593e3eb9c8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55593e3eb9c8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x7f8498002888 size 128 | #1 spent 0.0246 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | crypto helper 1 resuming | crypto helper 1 starting work-order 2 for state #1 | suspending state #1 and saving MD | #1 is busy; has a suspended MD | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | crypto helper 1 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | peer's g: df 79 23 e4 c4 b5 a3 bb 68 a4 38 4e f5 a7 89 76 | peer's g: a6 38 f1 dd 94 3d 84 32 7f bd 5b 8e 41 b1 e9 44 | peer's g: c9 46 2b a9 b1 0f ef 1a cb 28 27 3c 6a 08 f3 1c | peer's g: 77 96 22 93 16 e0 d0 71 27 d0 b4 2a 27 42 06 85 | peer's g: f1 3a b4 e2 4e e3 fc db 29 f6 bf e6 5e b7 39 51 | peer's g: 14 8d 55 b5 e4 8e 58 9e c3 21 45 e5 2e 67 37 cc | peer's g: 34 89 d1 57 ac fc fc 71 ac 2c 92 98 57 b9 3b e0 | peer's g: d8 4a 2a 68 e2 c3 db 19 7a ff 14 a2 4d 2e 62 bf | peer's g: 44 0a b5 95 ae 6b ea da 2c ac 7d 55 48 60 53 8a | peer's g: ba 56 67 53 1c 76 d4 fc ad d4 48 9f b1 aa 23 95 | peer's g: 56 2f 20 62 a4 3e 63 44 eb 95 37 f2 89 28 9d 85 | peer's g: 35 20 20 f2 0f 6b 71 7b b4 39 62 19 c7 db 8c 45 | peer's g: 99 b7 a4 f9 9e d3 9e c4 82 ee 33 07 9b c9 30 fc | peer's g: 8d 8d c3 34 f3 7a bb e3 73 86 c9 29 f7 04 bc ef | peer's g: 9e 5e a7 51 ff 98 c5 84 d7 4b 12 c4 d7 7e 20 f4 | peer's g: 9d e4 1a e2 89 cb 3a 76 22 67 84 66 28 17 75 d9 | #1 spent 0.151 milliseconds in ikev2_process_packet() | Started DH shared-secret computation in NSS: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.188 milliseconds in comm_handle_cb() reading and processing packet | new : g_ir-key@0x55593e3d7640 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f8498003a28: computed shared DH secret key@0x55593e3d7640 | dh-shared : g^ir-key@0x55593e3d7640 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f8490001f18 (length 64) | 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a27806e0 | result: Ni | Nr-key@0x55593e3d4130 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55593e3d4130 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a27806c8 | result: Ni | Nr-key@0x55593e3d5be0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x55593e3d4130 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f8490002fa0 from Ni | Nr-key@0x55593e3d5be0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f8490002fa0 from Ni | Nr-key@0x55593e3d5be0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x55593e3d5be0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f8490003a78 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x55593e3d7640 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x55593e3d7640 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x55593e3d7640 | nss hmac digest hack: symkey-key@0x55593e3d7640 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1027334338: 37 ce 8e a0 90 b0 af e4 34 26 22 ed 62 ae f9 eb 9f bd 43 9b 78 72 09 de f4 2a 79 16 28 29 54 d1 ce 09 6c 25 b1 b9 e5 a9 65 0d a9 ec ce c6 13 48 f0 c6 0b a3 34 8f a7 69 01 1a a3 01 31 27 4d 0f ed 32 4f 97 55 d1 45 2f 34 86 5a b5 18 b7 a7 bb ea 95 52 99 20 68 d8 ee bd 05 82 f1 95 4c 83 d7 e4 48 b1 8a 13 e5 b1 61 d3 11 66 c4 e6 83 b0 bf cb 60 29 f3 1b 26 c9 65 b2 55 1c 54 48 69 5c f0 ac ee b8 bc db d0 f9 ab 41 1d 19 a6 17 f8 d5 13 a1 6e 37 43 65 9a b4 c6 d3 84 15 58 0e a3 31 35 12 ad 99 0e 66 ac b8 f6 22 72 00 6f df 93 bc bb ce 3a 62 3a b5 9f b0 16 ca 0b 24 da f0 2e 13 18 62 8d ca 4f 36 61 f2 c2 44 2e 27 22 98 7f 17 06 66 9e 5b d8 8d 73 c8 67 0c b7 b2 c6 63 af 8c c8 23 f8 69 ef be 17 26 5e fd 29 55 2f 9b e0 e2 ef 52 21 bf 41 3e 49 98 dc c4 fb 8b 20 64 95 95 90 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 256 bytes at 0x7f8490003fa8 | unwrapped: a0 df 30 f8 1f 5d 9b 2a bf e5 3e be 60 fb 05 91 | unwrapped: 27 7e 84 f6 fb 42 72 5e bf 80 2a b5 0a 5c 64 a8 | unwrapped: 0b e0 01 f0 49 a5 d9 ff 9d c5 d7 99 91 c1 59 01 | unwrapped: ba 60 b1 76 ff 71 e1 f2 59 93 3d 86 74 72 61 14 | unwrapped: 77 05 d6 20 f3 7e 0c ca 79 e1 96 7d 85 47 f9 39 | unwrapped: b3 fb 52 d1 aa 13 97 d2 0b 7e 26 a9 76 24 d7 0a | unwrapped: 32 9c 4a c4 7b af b0 6d e6 2d ee 85 84 97 2b bd | unwrapped: 2b 58 c4 e4 87 d9 71 60 f1 f5 f6 f1 db 38 41 43 | unwrapped: 5e dc 66 fd b0 c9 0f c3 92 4d 13 d9 bd 65 af 3f | unwrapped: f0 7a d0 b6 07 33 ba 0d ac fb e5 b3 ec 88 dd 19 | unwrapped: 6b b9 c2 0a 34 82 a2 3e 8b 5d e6 d4 c7 a8 38 5f | unwrapped: 09 42 08 2b e9 8b f6 8f c6 a9 54 a7 fc aa 8a 5c | unwrapped: 54 4f df b8 f0 9c eb 1c ba 2f 9a 15 1b 40 25 88 | unwrapped: a8 97 db 6a 41 38 de 52 bf 3c 89 65 77 bf 1b 26 | unwrapped: 76 15 01 89 90 49 ba 50 96 db 7d 44 4f 65 98 4b | unwrapped: 0a 54 cf 8a ad c0 28 5a 84 7d 0c 66 ed 4e 86 d2 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2780700 | result: final-key@0x55593e3d4130 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3d4130 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a27806e8 | result: final-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3d4130 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x55593e3d5be0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2780670 | result: data=Ni-key@0x55593e34d080 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55593e34d080 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2780658 | result: data=Ni-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55593e34d080 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3d4130 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a2780660 | result: data+=Nr-key@0x55593e34d080 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3d4130 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e34d080 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a2780660 | result: data+=SPIi-key@0x55593e3d4130 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e34d080 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3d4130 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a2780660 | result: data+=SPIr-key@0x55593e34d080 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3d4130 | prf+0 PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+0: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2780588 | result: clone-key@0x55593e3d4130 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f8490002fa0 from key-key@0x55593e3d4130 | prf+0 prf: begin sha with context 0x7f8490002fa0 from key-key@0x55593e3d4130 | prf+0: release clone-key@0x55593e3d4130 | prf+0 PRF sha crypt-prf@0x7f8490002f78 | prf+0 PRF sha update seed-key@0x55593e34d080 (size 80) | prf+0: seed-key@0x55593e34d080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e34d080 | nss hmac digest hack: symkey-key@0x55593e34d080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: b5 b3 df b1 1e a8 ab 82 8a 60 66 2a 3f 0e 95 25 ac 74 0b 83 0f ce e3 ab 64 e9 4c ea d2 77 e0 10 39 c6 cf 56 10 bd 16 b9 5b b1 4d 2b 82 90 35 5e 8b df 06 62 cf bc 73 54 eb e4 3e 9b 24 5e ef b1 3f c8 4f 79 c8 2c c8 72 b2 8e 7e 38 54 99 b2 6e | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f84900069d8 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | unwrapped: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2780590 | result: final-key@0x55593e3d7a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3d7a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2780578 | result: final-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3d7a20 | prf+0 PRF sha final-key@0x55593e3d4130 (size 20) | prf+0: key-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x55593e3d4130 | prf+N PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+N: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2780588 | result: clone-key@0x55593e3d7a20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8490002fa0 from key-key@0x55593e3d7a20 | prf+N prf: begin sha with context 0x7f8490002fa0 from key-key@0x55593e3d7a20 | prf+N: release clone-key@0x55593e3d7a20 | prf+N PRF sha crypt-prf@0x7f84900030d8 | prf+N PRF sha update old_t-key@0x55593e3d4130 (size 20) | prf+N: old_t-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3d4130 | nss hmac digest hack: symkey-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 27 b2 33 b4 40 48 b5 af 30 d2 6a be 53 6a 44 19 a0 74 d5 62 ea c4 cf 27 a8 d7 ac 19 2d e0 a0 e3 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8490002f28 | unwrapped: 54 67 34 1c 36 fc 7d 68 bb f0 74 5d 05 15 cf 92 | unwrapped: de ef 9f eb 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e34d080 (size 80) | prf+N: seed-key@0x55593e34d080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e34d080 | nss hmac digest hack: symkey-key@0x55593e34d080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: b5 b3 df b1 1e a8 ab 82 8a 60 66 2a 3f 0e 95 25 ac 74 0b 83 0f ce e3 ab 64 e9 4c ea d2 77 e0 10 39 c6 cf 56 10 bd 16 b9 5b b1 4d 2b 82 90 35 5e 8b df 06 62 cf bc 73 54 eb e4 3e 9b 24 5e ef b1 3f c8 4f 79 c8 2c c8 72 b2 8e 7e 38 54 99 b2 6e | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8490006958 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | unwrapped: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2780590 | result: final-key@0x55593e3ce5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3ce5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2780578 | result: final-key@0x55593e3d7a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3ce5b0 | prf+N PRF sha final-key@0x55593e3d7a20 (size 20) | prf+N: key-key@0x55593e3d7a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a2780608 | result: result-key@0x55593e3ce5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3d4130 | prfplus: release old_t[N]-key@0x55593e3d4130 | prf+N PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+N: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2780588 | result: clone-key@0x55593e3d4130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8490002fa0 from key-key@0x55593e3d4130 | prf+N prf: begin sha with context 0x7f8490002fa0 from key-key@0x55593e3d4130 | prf+N: release clone-key@0x55593e3d4130 | prf+N PRF sha crypt-prf@0x7f8490002f78 | prf+N PRF sha update old_t-key@0x55593e3d7a20 (size 20) | prf+N: old_t-key@0x55593e3d7a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3d7a20 | nss hmac digest hack: symkey-key@0x55593e3d7a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 7b 8e a5 ab 40 c8 ae 9f 42 75 fd 31 87 e6 a8 0b 38 fa 09 e2 8a 75 c0 cd 19 87 b5 e1 3b b8 f5 55 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8490003a78 | unwrapped: 10 80 4f 58 38 b9 34 13 43 e7 32 89 e6 16 be 0b | unwrapped: b0 f2 d7 a8 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e34d080 (size 80) | prf+N: seed-key@0x55593e34d080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e34d080 | nss hmac digest hack: symkey-key@0x55593e34d080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: b5 b3 df b1 1e a8 ab 82 8a 60 66 2a 3f 0e 95 25 ac 74 0b 83 0f ce e3 ab 64 e9 4c ea d2 77 e0 10 39 c6 cf 56 10 bd 16 b9 5b b1 4d 2b 82 90 35 5e 8b df 06 62 cf bc 73 54 eb e4 3e 9b 24 5e ef b1 3f c8 4f 79 c8 2c c8 72 b2 8e 7e 38 54 99 b2 6e | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f84900069d8 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | unwrapped: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2780590 | result: final-key@0x7f8490006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2780578 | result: final-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f8490006bb0 | prf+N PRF sha final-key@0x55593e3d4130 (size 20) | prf+N: key-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3ce5b0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a2780608 | result: result-key@0x7f8490006bb0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3ce5b0 | prfplus: release old_t[N]-key@0x55593e3d7a20 | prf+N PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+N: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2780588 | result: clone-key@0x55593e3d7a20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8490002fa0 from key-key@0x55593e3d7a20 | prf+N prf: begin sha with context 0x7f8490002fa0 from key-key@0x55593e3d7a20 | prf+N: release clone-key@0x55593e3d7a20 | prf+N PRF sha crypt-prf@0x7f8490002f28 | prf+N PRF sha update old_t-key@0x55593e3d4130 (size 20) | prf+N: old_t-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3d4130 | nss hmac digest hack: symkey-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 27 26 24 04 ce 28 a1 11 92 6d 4e 9f e3 ef 9d 0a ac d9 43 99 18 ae 22 7e dc ce 80 06 01 1a e5 f9 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f849000a408 | unwrapped: 58 8e ca 06 3b 2b ca 95 3c bc e9 af 3f 1a fc 14 | unwrapped: ec 04 1d 02 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e34d080 (size 80) | prf+N: seed-key@0x55593e34d080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e34d080 | nss hmac digest hack: symkey-key@0x55593e34d080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: b5 b3 df b1 1e a8 ab 82 8a 60 66 2a 3f 0e 95 25 ac 74 0b 83 0f ce e3 ab 64 e9 4c ea d2 77 e0 10 39 c6 cf 56 10 bd 16 b9 5b b1 4d 2b 82 90 35 5e 8b df 06 62 cf bc 73 54 eb e4 3e 9b 24 5e ef b1 3f c8 4f 79 c8 2c c8 72 b2 8e 7e 38 54 99 b2 6e | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8490006958 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | unwrapped: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2780590 | result: final-key@0x55593e3ce5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3ce5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2780578 | result: final-key@0x55593e3d7a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3ce5b0 | prf+N PRF sha final-key@0x55593e3d7a20 (size 20) | prf+N: key-key@0x55593e3d7a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f8490006bb0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a2780608 | result: result-key@0x55593e3ce5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f8490006bb0 | prfplus: release old_t[N]-key@0x55593e3d4130 | prf+N PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+N: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2780588 | result: clone-key@0x55593e3d4130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8490002fa0 from key-key@0x55593e3d4130 | prf+N prf: begin sha with context 0x7f8490002fa0 from key-key@0x55593e3d4130 | prf+N: release clone-key@0x55593e3d4130 | prf+N PRF sha crypt-prf@0x7f84900030d8 | prf+N PRF sha update old_t-key@0x55593e3d7a20 (size 20) | prf+N: old_t-key@0x55593e3d7a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3d7a20 | nss hmac digest hack: symkey-key@0x55593e3d7a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 3e cb c3 b8 c2 64 81 34 1b 41 ea 46 dd 0f d4 21 69 fc f8 4f 0b 67 dc ee 0d 75 ca ff 64 cc d2 07 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8490003a78 | unwrapped: a9 37 f3 d3 20 c5 f7 46 6d a7 56 d6 6d 0a c3 2f | unwrapped: 17 1b 55 3c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e34d080 (size 80) | prf+N: seed-key@0x55593e34d080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e34d080 | nss hmac digest hack: symkey-key@0x55593e34d080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: b5 b3 df b1 1e a8 ab 82 8a 60 66 2a 3f 0e 95 25 ac 74 0b 83 0f ce e3 ab 64 e9 4c ea d2 77 e0 10 39 c6 cf 56 10 bd 16 b9 5b b1 4d 2b 82 90 35 5e 8b df 06 62 cf bc 73 54 eb e4 3e 9b 24 5e ef b1 3f c8 4f 79 c8 2c c8 72 b2 8e 7e 38 54 99 b2 6e | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f84900069d8 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | unwrapped: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2780590 | result: final-key@0x7f8490006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2780578 | result: final-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f8490006bb0 | prf+N PRF sha final-key@0x55593e3d4130 (size 20) | prf+N: key-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3ce5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a2780608 | result: result-key@0x7f8490006bb0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3ce5b0 | prfplus: release old_t[N]-key@0x55593e3d7a20 | prf+N PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+N: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2780588 | result: clone-key@0x55593e3d7a20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f849000a070 from key-key@0x55593e3d7a20 | prf+N prf: begin sha with context 0x7f849000a070 from key-key@0x55593e3d7a20 | prf+N: release clone-key@0x55593e3d7a20 | prf+N PRF sha crypt-prf@0x7f8490002f78 | prf+N PRF sha update old_t-key@0x55593e3d4130 (size 20) | prf+N: old_t-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3d4130 | nss hmac digest hack: symkey-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 87 f3 27 6a 7e 6b 6f 65 1e c6 51 ea 62 ed d6 e4 47 b3 77 c9 63 33 87 26 fa 5a e2 58 a3 92 2c 05 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8490002f28 | unwrapped: 91 b3 02 92 62 97 b5 99 cc 66 4c 17 69 59 fa 6d | unwrapped: 0d 66 ed db 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e34d080 (size 80) | prf+N: seed-key@0x55593e34d080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e34d080 | nss hmac digest hack: symkey-key@0x55593e34d080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: b5 b3 df b1 1e a8 ab 82 8a 60 66 2a 3f 0e 95 25 ac 74 0b 83 0f ce e3 ab 64 e9 4c ea d2 77 e0 10 39 c6 cf 56 10 bd 16 b9 5b b1 4d 2b 82 90 35 5e 8b df 06 62 cf bc 73 54 eb e4 3e 9b 24 5e ef b1 3f c8 4f 79 c8 2c c8 72 b2 8e 7e 38 54 99 b2 6e | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8490006958 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | unwrapped: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2780590 | result: final-key@0x55593e3ce5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3ce5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2780578 | result: final-key@0x55593e3d7a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3ce5b0 | prf+N PRF sha final-key@0x55593e3d7a20 (size 20) | prf+N: key-key@0x55593e3d7a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f8490006bb0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a2780608 | result: result-key@0x55593e3ce5b0 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f8490006bb0 | prfplus: release old_t[N]-key@0x55593e3d4130 | prf+N PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+N: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2780588 | result: clone-key@0x55593e3d4130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8490002fa0 from key-key@0x55593e3d4130 | prf+N prf: begin sha with context 0x7f8490002fa0 from key-key@0x55593e3d4130 | prf+N: release clone-key@0x55593e3d4130 | prf+N PRF sha crypt-prf@0x7f84900030d8 | prf+N PRF sha update old_t-key@0x55593e3d7a20 (size 20) | prf+N: old_t-key@0x55593e3d7a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3d7a20 | nss hmac digest hack: symkey-key@0x55593e3d7a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 68 8b d8 8e b6 de 6e 8a c8 2d 48 a9 e4 96 74 de d4 9f 5f 9e 29 99 99 b8 12 15 c0 4f a7 de ef aa | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8490003a78 | unwrapped: 1e 15 11 fe 01 5f ad 18 6f 77 dc 50 88 21 a2 ce | unwrapped: 1d 1b ba 3f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e34d080 (size 80) | prf+N: seed-key@0x55593e34d080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e34d080 | nss hmac digest hack: symkey-key@0x55593e34d080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: b5 b3 df b1 1e a8 ab 82 8a 60 66 2a 3f 0e 95 25 ac 74 0b 83 0f ce e3 ab 64 e9 4c ea d2 77 e0 10 39 c6 cf 56 10 bd 16 b9 5b b1 4d 2b 82 90 35 5e 8b df 06 62 cf bc 73 54 eb e4 3e 9b 24 5e ef b1 3f c8 4f 79 c8 2c c8 72 b2 8e 7e 38 54 99 b2 6e | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f849000aa08 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | unwrapped: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2780590 | result: final-key@0x7f8490006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2780578 | result: final-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f8490006bb0 | prf+N PRF sha final-key@0x55593e3d4130 (size 20) | prf+N: key-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3ce5b0 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a2780608 | result: result-key@0x7f8490006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3ce5b0 | prfplus: release old_t[N]-key@0x55593e3d7a20 | prfplus: release old_t[final]-key@0x55593e3d4130 | ike_sa_keymat: release data-key@0x55593e34d080 | calc_skeyseed_v2: release skeyseed_k-key@0x55593e3d5be0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a27807a8 | result: result-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a27807a8 | result: result-key@0x55593e34d080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a27807a8 | result: result-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f8490006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a27807b8 | result: SK_ei_k-key@0x55593e3d7a20 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f8490006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a27807b8 | result: SK_er_k-key@0x55593e3ce5b0 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a27807b8 | result: result-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f849000a0e0 | chunk_SK_pi: symkey-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 5b 5b 54 a2 d3 14 71 06 58 64 1a e8 85 bd 8c c6 27 54 f3 5a 48 36 0d c2 93 48 9e 18 6f 78 d1 0c | chunk_SK_pi: release slot-key-key@0x55593e3d0e50 | chunk_SK_pi extracted len 32 bytes at 0x7f8490002f78 | unwrapped: 69 59 fa 6d 0d 66 ed db 1e 15 11 fe 01 5f ad 18 | unwrapped: 6f 77 dc 50 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a27807b8 | result: result-key@0x7f849000d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f849000d840 | chunk_SK_pr: symkey-key@0x7f849000d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: a4 cd 72 22 da d9 54 ce 23 b1 8a 7e c7 07 cb 7f ec 91 80 5f d2 99 0c 37 6b 4d 8c 73 9d 29 94 cb | chunk_SK_pr: release slot-key-key@0x55593e3d0e50 | chunk_SK_pr extracted len 32 bytes at 0x7f8490003a78 | unwrapped: 88 21 a2 ce 1d 1b ba 3f 0e cb 80 18 11 b7 f5 ed | unwrapped: d7 f2 4f 36 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f8490006bb0 | calc_skeyseed_v2 pointers: shared-key@0x55593e3d7640, SK_d-key@0x55593e3d5be0, SK_ai-key@0x55593e34d080, SK_ar-key@0x55593e3d4130, SK_ei-key@0x55593e3d7a20, SK_er-key@0x55593e3ce5b0, SK_pi-key@0x7f849000a0e0, SK_pr-key@0x7f849000d840 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 69 59 fa 6d 0d 66 ed db 1e 15 11 fe 01 5f ad 18 | 6f 77 dc 50 | calc_skeyseed_v2 SK_pr | 88 21 a2 ce 1d 1b ba 3f 0e cb 80 18 11 b7 f5 ed | d7 f2 4f 36 | crypto helper 1 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.002341 seconds | (#1) spent 2.32 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) | crypto helper 1 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f8490005088 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 2 | calling continuation function 0x55593d342b50 | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f8498003a28: transferring ownership from helper IKEv2 DH to state #1 | finish_dh_v2: release st_shared_nss-key@NULL | #1 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x55593e34d080 (size 20) | hmac: symkey-key@0x55593e34d080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e34d080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3618 | result: clone-key@0x7f8490006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8498002b50 from symkey-key@0x7f8490006bb0 | hmac prf: begin sha with context 0x7f8498002b50 from symkey-key@0x7f8490006bb0 | hmac: release clone-key@0x7f8490006bb0 | hmac PRF sha crypt-prf@0x55593e3ee8d8 | hmac PRF sha update data-bytes@0x55593e34b5d8 (length 208) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 49 be 68 39 fb fb 25 e9 27 dd 38 48 54 43 da fc | 51 6d 37 26 56 88 d5 48 4b cd f5 98 d4 b6 89 06 | 88 b6 e9 12 ea 83 f7 4f 68 3b 73 ba cc 2d 0a 6e | a5 09 57 a5 58 62 40 a2 ac 8e bb 46 6d 6b 70 f9 | 92 a4 e9 ab b0 15 94 f8 d7 43 35 50 05 8f 64 5a | 34 85 2a d1 ef aa 28 a8 82 65 49 db 89 7d a5 aa | 8a 3b e4 00 cc b4 4b 5a b7 23 42 fe 8b 83 0c d3 | 8b 04 83 1d 89 eb a2 fc a7 36 f9 0f 6c c3 3c 52 | f0 e6 a9 df 1f 91 76 e4 18 48 6b dc fb fa 44 6e | 8a 5a ab 43 c1 7a 50 e7 ef f8 3c ce ab 88 d0 fa | 9f 80 47 48 10 25 45 39 78 61 68 04 e3 60 9e 78 | hmac PRF sha final-bytes@0x7ffe993d37e0 (length 20) | 8c a0 cd fd 5a 4e a8 7f ed 96 19 b2 96 63 fa 26 | 99 fb 44 4c | data for hmac: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data for hmac: 49 be 68 39 fb fb 25 e9 27 dd 38 48 54 43 da fc | data for hmac: 51 6d 37 26 56 88 d5 48 4b cd f5 98 d4 b6 89 06 | data for hmac: 88 b6 e9 12 ea 83 f7 4f 68 3b 73 ba cc 2d 0a 6e | data for hmac: a5 09 57 a5 58 62 40 a2 ac 8e bb 46 6d 6b 70 f9 | data for hmac: 92 a4 e9 ab b0 15 94 f8 d7 43 35 50 05 8f 64 5a | data for hmac: 34 85 2a d1 ef aa 28 a8 82 65 49 db 89 7d a5 aa | data for hmac: 8a 3b e4 00 cc b4 4b 5a b7 23 42 fe 8b 83 0c d3 | data for hmac: 8b 04 83 1d 89 eb a2 fc a7 36 f9 0f 6c c3 3c 52 | data for hmac: f0 e6 a9 df 1f 91 76 e4 18 48 6b dc fb fa 44 6e | data for hmac: 8a 5a ab 43 c1 7a 50 e7 ef f8 3c ce ab 88 d0 fa | data for hmac: 9f 80 47 48 10 25 45 39 78 61 68 04 e3 60 9e 78 | calculated auth: 8c a0 cd fd 5a 4e a8 7f ed 96 19 b2 | provided auth: 8c a0 cd fd 5a 4e a8 7f ed 96 19 b2 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 49 be 68 39 fb fb 25 e9 27 dd 38 48 54 43 da fc | payload before decryption: | 51 6d 37 26 56 88 d5 48 4b cd f5 98 d4 b6 89 06 | 88 b6 e9 12 ea 83 f7 4f 68 3b 73 ba cc 2d 0a 6e | a5 09 57 a5 58 62 40 a2 ac 8e bb 46 6d 6b 70 f9 | 92 a4 e9 ab b0 15 94 f8 d7 43 35 50 05 8f 64 5a | 34 85 2a d1 ef aa 28 a8 82 65 49 db 89 7d a5 aa | 8a 3b e4 00 cc b4 4b 5a b7 23 42 fe 8b 83 0c d3 | 8b 04 83 1d 89 eb a2 fc a7 36 f9 0f 6c c3 3c 52 | f0 e6 a9 df 1f 91 76 e4 18 48 6b dc fb fa 44 6e | 8a 5a ab 43 c1 7a 50 e7 ef f8 3c ce ab 88 d0 fa | 9f 80 47 48 10 25 45 39 78 61 68 04 e3 60 9e 78 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | e0 c5 bd 45 58 ff 36 ce c2 90 ce 0a c2 a7 3d f2 | d8 d2 db d4 2c 00 00 2c 00 00 00 28 01 03 04 03 | bc 69 69 5f 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | stripping 16 octets as pad | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #1: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7f849000a0e0 (size 20) | hmac: symkey-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3098 | result: clone-key@0x7f8490006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8498002b50 from symkey-key@0x7f8490006bb0 | hmac prf: begin sha with context 0x7f8498002b50 from symkey-key@0x7f8490006bb0 | hmac: release clone-key@0x7f8490006bb0 | hmac PRF sha crypt-prf@0x55593e3ed758 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x55593e34b60c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffe993d3240 (length 20) | 6c 52 15 c3 ad 5b dd ad 84 c8 69 5e 7d f9 4b 9f | 95 0f 2e bb | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | inputs to hash1 (first packet) | a3 28 a4 06 50 ac 66 0b 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 df 79 23 e4 c4 b5 a3 bb 68 a4 38 4e | f5 a7 89 76 a6 38 f1 dd 94 3d 84 32 7f bd 5b 8e | 41 b1 e9 44 c9 46 2b a9 b1 0f ef 1a cb 28 27 3c | 6a 08 f3 1c 77 96 22 93 16 e0 d0 71 27 d0 b4 2a | 27 42 06 85 f1 3a b4 e2 4e e3 fc db 29 f6 bf e6 | 5e b7 39 51 14 8d 55 b5 e4 8e 58 9e c3 21 45 e5 | 2e 67 37 cc 34 89 d1 57 ac fc fc 71 ac 2c 92 98 | 57 b9 3b e0 d8 4a 2a 68 e2 c3 db 19 7a ff 14 a2 | 4d 2e 62 bf 44 0a b5 95 ae 6b ea da 2c ac 7d 55 | 48 60 53 8a ba 56 67 53 1c 76 d4 fc ad d4 48 9f | b1 aa 23 95 56 2f 20 62 a4 3e 63 44 eb 95 37 f2 | 89 28 9d 85 35 20 20 f2 0f 6b 71 7b b4 39 62 19 | c7 db 8c 45 99 b7 a4 f9 9e d3 9e c4 82 ee 33 07 | 9b c9 30 fc 8d 8d c3 34 f3 7a bb e3 73 86 c9 29 | f7 04 bc ef 9e 5e a7 51 ff 98 c5 84 d7 4b 12 c4 | d7 7e 20 f4 9d e4 1a e2 89 cb 3a 76 22 67 84 66 | 28 17 75 d9 29 00 00 24 0a aa aa 01 3e 47 4d 47 | d6 3c 56 77 62 da 3f 80 b5 ed d0 59 c2 a9 fc 2c | 23 c9 31 e0 a1 e9 87 47 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 07 0d a8 32 c3 4e 46 ac | 17 8b 05 71 15 fc 70 d2 4f f7 f1 09 00 00 00 1c | 00 00 40 05 9e b9 c7 9f 46 b9 92 aa 21 77 d0 5e | 25 74 32 d7 ab fb 96 35 | verify: initiator inputs to hash2 (responder nonce) | 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | idhash 6c 52 15 c3 ad 5b dd ad 84 c8 69 5e 7d f9 4b 9f | idhash 95 0f 2e bb | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55593e3d0da8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2e90 | result: shared secret-key@0x55593e3e8620 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55593e3e8620 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2e78 | result: shared secret-key@0x7f8490006bb0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f8498002b50 from shared secret-key@0x7f8490006bb0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f8498002b50 from shared secret-key@0x7f8490006bb0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f8490006bb0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55593e3ee8d8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55593d3d54d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2eb0 | result: final-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2e98 | result: final-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f8490006bb0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f8490006bb0 (size 20) | = prf(, ): -key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2ea8 | result: clone-key@0x55593e3e8620 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f8498002b50 from -key@0x55593e3e8620 | = prf(, ) prf: begin sha with context 0x7f8498002b50 from -key@0x55593e3e8620 | = prf(, ): release clone-key@0x55593e3e8620 | = prf(, ) PRF sha crypt-prf@0x55593e3ed758 | = prf(, ) PRF sha update first-packet-bytes@0x55593e3ee518 (length 440) | a3 28 a4 06 50 ac 66 0b 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 df 79 23 e4 c4 b5 a3 bb 68 a4 38 4e | f5 a7 89 76 a6 38 f1 dd 94 3d 84 32 7f bd 5b 8e | 41 b1 e9 44 c9 46 2b a9 b1 0f ef 1a cb 28 27 3c | 6a 08 f3 1c 77 96 22 93 16 e0 d0 71 27 d0 b4 2a | 27 42 06 85 f1 3a b4 e2 4e e3 fc db 29 f6 bf e6 | 5e b7 39 51 14 8d 55 b5 e4 8e 58 9e c3 21 45 e5 | 2e 67 37 cc 34 89 d1 57 ac fc fc 71 ac 2c 92 98 | 57 b9 3b e0 d8 4a 2a 68 e2 c3 db 19 7a ff 14 a2 | 4d 2e 62 bf 44 0a b5 95 ae 6b ea da 2c ac 7d 55 | 48 60 53 8a ba 56 67 53 1c 76 d4 fc ad d4 48 9f | b1 aa 23 95 56 2f 20 62 a4 3e 63 44 eb 95 37 f2 | 89 28 9d 85 35 20 20 f2 0f 6b 71 7b b4 39 62 19 | c7 db 8c 45 99 b7 a4 f9 9e d3 9e c4 82 ee 33 07 | 9b c9 30 fc 8d 8d c3 34 f3 7a bb e3 73 86 c9 29 | f7 04 bc ef 9e 5e a7 51 ff 98 c5 84 d7 4b 12 c4 | d7 7e 20 f4 9d e4 1a e2 89 cb 3a 76 22 67 84 66 | 28 17 75 d9 29 00 00 24 0a aa aa 01 3e 47 4d 47 | d6 3c 56 77 62 da 3f 80 b5 ed d0 59 c2 a9 fc 2c | 23 c9 31 e0 a1 e9 87 47 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 07 0d a8 32 c3 4e 46 ac | 17 8b 05 71 15 fc 70 d2 4f f7 f1 09 00 00 00 1c | 00 00 40 05 9e b9 c7 9f 46 b9 92 aa 21 77 d0 5e | 25 74 32 d7 ab fb 96 35 | = prf(, ) PRF sha update nonce-bytes@0x7f8498001278 (length 32) | 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | = prf(, ) PRF sha update hash-bytes@0x7ffe993d3240 (length 20) | 6c 52 15 c3 ad 5b dd ad 84 c8 69 5e 7d f9 4b 9f | 95 0f 2e bb | = prf(, ) PRF sha final-chunk@0x55593e3ef0a8 (length 20) | e0 c5 bd 45 58 ff 36 ce c2 90 ce 0a c2 a7 3d f2 | d8 d2 db d4 | psk_auth: release prf-psk-key@0x7f8490006bb0 | Received PSK auth octets | e0 c5 bd 45 58 ff 36 ce c2 90 ce 0a c2 a7 3d f2 | d8 d2 db d4 | Calculated PSK auth octets | e0 c5 bd 45 58 ff 36 ce c2 90 ce 0a c2 a7 3d f2 | d8 d2 db d4 "east" #1: Authenticated using authby=secret | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f8498002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55593e3eb9c8 | event_schedule: new EVENT_SA_REKEY-pe@0x55593e3eb9c8 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 | libevent_malloc: new ptr-libevent@0x55593e3ee828 size 128 | pstats #1 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | a3 28 a4 06 50 ac 66 0b | responder cookie: | 7b 9b 0e b0 51 12 e9 cd | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7f849000d840 (size 20) | hmac: symkey-key@0x7f849000d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f849000d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2a18 | result: clone-key@0x7f8490006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8498002b50 from symkey-key@0x7f8490006bb0 | hmac prf: begin sha with context 0x7f8498002b50 from symkey-key@0x7f8490006bb0 | hmac: release clone-key@0x7f8490006bb0 | hmac PRF sha crypt-prf@0x55593e3ed758 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x55593d4408f4 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffe993d2d10 (length 20) | 32 a7 07 d7 26 13 bf 9f e0 37 93 29 5c 61 92 08 | 7a 10 00 ea | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | inputs to hash1 (first packet) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 d0 db 04 80 65 00 a0 5c 69 4d 35 20 | 9c 62 ab d0 e0 c3 60 6d 69 99 4c 35 6d ce 81 a0 | aa 2a 5b 30 0e fc 7e 89 5d 74 e4 10 ce 3f f3 9d | 63 6f ca 90 26 c5 47 4a a9 97 7b 3a 2b 03 23 ce | 1d 39 ba 98 67 0a 84 22 d0 82 38 df d2 7f 10 30 | 3d fa d6 b9 82 f6 ac cc 36 d6 44 7e 40 c7 13 9a | c9 9e 10 e6 a9 fe 1c 41 e8 34 91 39 d0 54 cd 0a | cd 0d 3c c3 60 83 51 3b 14 ab 0d 3d 75 cc d9 1a | 90 87 d1 99 21 0e f4 99 23 2b dd 81 19 12 9a 4d | 59 ea 0e ff c7 f1 29 50 3a 00 e6 58 e2 a1 80 38 | 49 53 7e cf 10 6e 13 ea 1f 02 0d 1f 36 ea 2e dc | b6 27 22 93 54 60 ae 07 d5 94 7c f8 4b 6b dd 40 | 60 68 8c f9 9d 0c d3 be 3b 58 48 38 6d d0 75 6e | ee f8 89 e5 c5 ad 98 90 5e 09 e4 63 cf b6 90 52 | 88 ca 16 ef dc 87 19 4f 4a 78 a0 9c 8e 1e af f8 | e4 90 ff 7c 46 e2 40 43 e9 36 7b 14 31 30 b3 86 | 55 5e 08 f9 29 00 00 24 61 2b 76 d7 49 cb 1d ff | 6a 1d 86 dd a0 e1 7e be 4a fa 5b 19 60 19 34 a0 | 4d c8 e0 fc 90 50 2e 09 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 c5 81 9c a4 d4 6a d6 f6 | 4b 57 94 1f c1 7a 29 01 0c 52 ec 7c 00 00 00 1c | 00 00 40 05 b9 bc 98 30 c9 88 f3 a4 fc 6b 26 72 | 3f e1 8f c2 7b 32 43 82 | create: responder inputs to hash2 (initiator nonce) | 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | idhash 32 a7 07 d7 26 13 bf 9f e0 37 93 29 5c 61 92 08 | idhash 7a 10 00 ea | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55593e3d0da8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2800 | result: shared secret-key@0x55593e3e8620 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55593e3e8620 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27e8 | result: shared secret-key@0x7f8490006bb0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f8498002b50 from shared secret-key@0x7f8490006bb0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f8498002b50 from shared secret-key@0x7f8490006bb0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f8490006bb0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55593e3ef0a8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55593d3d54d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2820 | result: final-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2808 | result: final-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f8490006bb0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f8490006bb0 (size 20) | = prf(, ): -key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2818 | result: clone-key@0x55593e3e8620 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f8498002b50 from -key@0x55593e3e8620 | = prf(, ) prf: begin sha with context 0x7f8498002b50 from -key@0x55593e3e8620 | = prf(, ): release clone-key@0x55593e3e8620 | = prf(, ) PRF sha crypt-prf@0x55593e3ed758 | = prf(, ) PRF sha update first-packet-bytes@0x55593e3eeb18 (length 440) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 d0 db 04 80 65 00 a0 5c 69 4d 35 20 | 9c 62 ab d0 e0 c3 60 6d 69 99 4c 35 6d ce 81 a0 | aa 2a 5b 30 0e fc 7e 89 5d 74 e4 10 ce 3f f3 9d | 63 6f ca 90 26 c5 47 4a a9 97 7b 3a 2b 03 23 ce | 1d 39 ba 98 67 0a 84 22 d0 82 38 df d2 7f 10 30 | 3d fa d6 b9 82 f6 ac cc 36 d6 44 7e 40 c7 13 9a | c9 9e 10 e6 a9 fe 1c 41 e8 34 91 39 d0 54 cd 0a | cd 0d 3c c3 60 83 51 3b 14 ab 0d 3d 75 cc d9 1a | 90 87 d1 99 21 0e f4 99 23 2b dd 81 19 12 9a 4d | 59 ea 0e ff c7 f1 29 50 3a 00 e6 58 e2 a1 80 38 | 49 53 7e cf 10 6e 13 ea 1f 02 0d 1f 36 ea 2e dc | b6 27 22 93 54 60 ae 07 d5 94 7c f8 4b 6b dd 40 | 60 68 8c f9 9d 0c d3 be 3b 58 48 38 6d d0 75 6e | ee f8 89 e5 c5 ad 98 90 5e 09 e4 63 cf b6 90 52 | 88 ca 16 ef dc 87 19 4f 4a 78 a0 9c 8e 1e af f8 | e4 90 ff 7c 46 e2 40 43 e9 36 7b 14 31 30 b3 86 | 55 5e 08 f9 29 00 00 24 61 2b 76 d7 49 cb 1d ff | 6a 1d 86 dd a0 e1 7e be 4a fa 5b 19 60 19 34 a0 | 4d c8 e0 fc 90 50 2e 09 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 c5 81 9c a4 d4 6a d6 f6 | 4b 57 94 1f c1 7a 29 01 0c 52 ec 7c 00 00 00 1c | 00 00 40 05 b9 bc 98 30 c9 88 f3 a4 fc 6b 26 72 | 3f e1 8f c2 7b 32 43 82 | = prf(, ) PRF sha update nonce-bytes@0x55593e3ea3d8 (length 32) | 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | = prf(, ) PRF sha update hash-bytes@0x7ffe993d2d10 (length 20) | 32 a7 07 d7 26 13 bf 9f e0 37 93 29 5c 61 92 08 | 7a 10 00 ea | = prf(, ) PRF sha final-chunk@0x55593e3ee8d8 (length 20) | 1e 74 52 ed f3 a0 c0 02 1f 0a 94 a5 68 26 27 31 | 08 5a 97 ff | psk_auth: release prf-psk-key@0x7f8490006bb0 | PSK auth octets 1e 74 52 ed f3 a0 c0 02 1f 0a 94 a5 68 26 27 31 | PSK auth octets 08 5a 97 ff | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 1e 74 52 ed f3 a0 c0 02 1f 0a 94 a5 68 26 27 31 | PSK auth 08 5a 97 ff | emitting length of IKEv2 Authentication Payload: 28 | creating state object #2 at 0x55593e3ef0f8 | State DB: adding IKEv2 state #2 in UNDEFINED | pstats #2 ikev2.child started | duplicating state object #1 "east" as #2 for IPSEC SA | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x55593e3d5be0 | duplicate_state: reference st_skey_ai_nss-key@0x55593e34d080 | duplicate_state: reference st_skey_ar_nss-key@0x55593e3d4130 | duplicate_state: reference st_skey_ei_nss-key@0x55593e3d7a20 | duplicate_state: reference st_skey_er_nss-key@0x55593e3ce5b0 | duplicate_state: reference st_skey_pi_nss-key@0x7f849000a0e0 | duplicate_state: reference st_skey_pr_nss-key@0x7f849000d840 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | constructing ESP/AH proposals with all DH removed for east (IKE_AUTH responder matching remote ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | converting proposal 3DES_CBC-HMAC_SHA1_96-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_ESP 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "east": constructed local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI bc 69 69 5f | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 "east" #1: proposal 1:ESP:SPI=bc69695f;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=bc69695f;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0x6acb1e21 for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 6a cb 1e 21 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2890 | result: data=Ni-key@0x55593e3e8620 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55593e3e8620 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2878 | result: data=Ni-key@0x7f8490006bb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55593e3e8620 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f8490006bb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d2880 | result: data+=Nr-key@0x55593e3e8620 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f8490006bb0 | prf+0 PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+0: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x7f8490006bb0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f8498002b50 from key-key@0x7f8490006bb0 | prf+0 prf: begin sha with context 0x7f8498002b50 from key-key@0x7f8490006bb0 | prf+0: release clone-key@0x7f8490006bb0 | prf+0 PRF sha crypt-prf@0x55593e3f0ad8 | prf+0 PRF sha update seed-key@0x55593e3e8620 (size 64) | prf+0: seed-key@0x55593e3e8620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3e8620 | nss hmac digest hack: symkey-key@0x55593e3e8620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: b5 b3 df b1 1e a8 ab 82 8a 60 66 2a 3f 0e 95 25 ac 74 0b 83 0f ce e3 ab 64 e9 4c ea d2 77 e0 10 39 c6 cf 56 10 bd 16 b9 5b b1 4d 2b 82 90 35 5e 8b df 06 62 cf bc 73 54 eb e4 3e 9b 24 5e ef b1 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e3f2308 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e3eef50 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3eef50 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3eef50 | prf+0 PRF sha final-key@0x7f8490006bb0 (size 20) | prf+0: key-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f8490006bb0 | prf+N PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+N: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x55593e3eef50 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8498002b50 from key-key@0x55593e3eef50 | prf+N prf: begin sha with context 0x7f8498002b50 from key-key@0x55593e3eef50 | prf+N: release clone-key@0x55593e3eef50 | prf+N PRF sha crypt-prf@0x55593e3ef028 | prf+N PRF sha update old_t-key@0x7f8490006bb0 (size 20) | prf+N: old_t-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f8490006bb0 | nss hmac digest hack: symkey-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 42 14 76 6f 84 5a f9 ba 33 0a bb bd b9 7a a0 a2 b4 77 b2 cd 5b 29 9f 6e 7d 86 af 6e 64 bc 09 04 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x55593e3f2218 | unwrapped: 59 82 41 74 02 aa ca b7 cf a9 f4 cd a1 ba 4f b7 | unwrapped: 59 7a b0 b3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3e8620 (size 64) | prf+N: seed-key@0x55593e3e8620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3e8620 | nss hmac digest hack: symkey-key@0x55593e3e8620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: b5 b3 df b1 1e a8 ab 82 8a 60 66 2a 3f 0e 95 25 ac 74 0b 83 0f ce e3 ab 64 e9 4c ea d2 77 e0 10 39 c6 cf 56 10 bd 16 b9 5b b1 4d 2b 82 90 35 5e 8b df 06 62 cf bc 73 54 eb e4 3e 9b 24 5e ef b1 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e3ee708 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e3f0990 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f0990 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f0990 | prf+N PRF sha final-key@0x55593e3eef50 (size 20) | prf+N: key-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe993d2828 | result: result-key@0x55593e3f0990 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f8490006bb0 | prfplus: release old_t[N]-key@0x7f8490006bb0 | prf+N PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+N: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x7f8490006bb0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8498002b50 from key-key@0x7f8490006bb0 | prf+N prf: begin sha with context 0x7f8498002b50 from key-key@0x7f8490006bb0 | prf+N: release clone-key@0x7f8490006bb0 | prf+N PRF sha crypt-prf@0x55593e3f0ad8 | prf+N PRF sha update old_t-key@0x55593e3eef50 (size 20) | prf+N: old_t-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3eef50 | nss hmac digest hack: symkey-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 58 6d d9 4b 65 df 0d cf 04 f1 68 61 b4 0b 08 8b c8 63 87 c5 ee 09 a2 23 5b b7 84 33 a3 fb 8e d5 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x55593e3f0b28 | unwrapped: 5a f2 26 df 07 c3 33 aa 69 96 c2 da 57 b6 1d 00 | unwrapped: 34 c6 35 89 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3e8620 (size 64) | prf+N: seed-key@0x55593e3e8620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3e8620 | nss hmac digest hack: symkey-key@0x55593e3e8620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: b5 b3 df b1 1e a8 ab 82 8a 60 66 2a 3f 0e 95 25 ac 74 0b 83 0f ce e3 ab 64 e9 4c ea d2 77 e0 10 39 c6 cf 56 10 bd 16 b9 5b b1 4d 2b 82 90 35 5e 8b df 06 62 cf bc 73 54 eb e4 3e 9b 24 5e ef b1 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e3f2308 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e3f0a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f0a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f0a20 | prf+N PRF sha final-key@0x7f8490006bb0 (size 20) | prf+N: key-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3f0990 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe993d2828 | result: result-key@0x55593e3f0a20 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3f0990 | prfplus: release old_t[N]-key@0x55593e3eef50 | prf+N PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+N: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x55593e3eef50 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8498002b50 from key-key@0x55593e3eef50 | prf+N prf: begin sha with context 0x7f8498002b50 from key-key@0x55593e3eef50 | prf+N: release clone-key@0x55593e3eef50 | prf+N PRF sha crypt-prf@0x55593e3f2218 | prf+N PRF sha update old_t-key@0x7f8490006bb0 (size 20) | prf+N: old_t-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f8490006bb0 | nss hmac digest hack: symkey-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: bb 89 67 ee 34 bc 4a de 33 52 5b a3 64 29 79 84 91 5f df f9 7b 59 42 02 c4 3a 6e 2d 81 80 42 56 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x55593e3f5868 | unwrapped: 53 b9 e4 0e 11 05 5a 62 07 57 f3 18 6f 37 02 64 | unwrapped: 19 14 fa b9 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3e8620 (size 64) | prf+N: seed-key@0x55593e3e8620 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3e8620 | nss hmac digest hack: symkey-key@0x55593e3e8620 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: b5 b3 df b1 1e a8 ab 82 8a 60 66 2a 3f 0e 95 25 ac 74 0b 83 0f ce e3 ab 64 e9 4c ea d2 77 e0 10 39 c6 cf 56 10 bd 16 b9 5b b1 4d 2b 82 90 35 5e 8b df 06 62 cf bc 73 54 eb e4 3e 9b 24 5e ef b1 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e3ee708 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e3f0990 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f0990 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f0990 | prf+N PRF sha final-key@0x55593e3eef50 (size 20) | prf+N: key-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3f0a20 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe993d2828 | result: result-key@0x55593e3f0990 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3f0a20 | prfplus: release old_t[N]-key@0x7f8490006bb0 | prfplus: release old_t[final]-key@0x55593e3eef50 | child_sa_keymat: release data-key@0x55593e3e8620 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x55593e3f0990 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2908 | result: result-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x55593e3e8620 | initiator to responder keys: symkey-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x55593e3d0e50 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)924869474: 42 14 76 6f 84 5a f9 ba 33 0a bb bd b9 7a a0 a2 ff 1f 90 65 c1 8c 88 3f 35 17 90 52 3a ee aa 42 a2 10 af bb a2 92 c2 1e 3a 0e 6d da ab 95 aa af | initiator to responder keys: release slot-key-key@0x55593e3d0e50 | initiator to responder keys extracted len 48 bytes at 0x55593e3f3d98 | unwrapped: 59 82 41 74 02 aa ca b7 cf a9 f4 cd a1 ba 4f b7 | unwrapped: 59 7a b0 b3 5a f2 26 df 07 c3 33 aa 69 96 c2 da | unwrapped: 57 b6 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x55593e3e8620 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x55593e3f0990 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2908 | result: result-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x55593e3e8620 | responder to initiator keys:: symkey-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x55593e3d0e50 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)924869474: 00 8c e8 84 08 7a f5 31 a7 ed 24 6c b5 9b e7 3d e3 4c c4 35 2c b4 62 b6 b0 c6 24 85 57 e9 04 11 f8 2b 4c 7b 5c f1 9c 6d 21 a1 f6 da 19 78 e0 43 | responder to initiator keys:: release slot-key-key@0x55593e3d0e50 | responder to initiator keys: extracted len 48 bytes at 0x55593e3f3df8 | unwrapped: 34 c6 35 89 53 b9 e4 0e 11 05 5a 62 07 57 f3 18 | unwrapped: 6f 37 02 64 19 14 fa b9 4b ad cd cc d0 0f 1d 70 | unwrapped: 2d 9d 2a 4a 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x55593e3e8620 | ikev2_derive_child_keys: release keymat-key@0x55593e3f0990 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #1 spent 1.82 milliseconds | install_ipsec_sa() for #2: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.bc69695f@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.6acb1e21@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #2: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xbc69695f SPI_OUT=0x6ac | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0xbc69695f SPI_OUT=0x6acb1e21 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xbc69695f SPI | popen cmd is 1025 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@e: | cmd( 160):ast' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' : | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: | cmd( 960):ARED='no' SPI_IN=0xbc69695f SPI_OUT=0x6acb1e21 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xbc69695f SPI_OUT | popen cmd is 1023 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTE: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@eas: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIEN: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: | cmd( 320):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PE: | cmd( 400):ER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MAS: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: | cmd( 960):ED='no' SPI_IN=0xbc69695f SPI_OUT=0x6acb1e21 ipsec _updown 2>&1: | route_and_eroute: instance "east", setting eroute_owner {spd=0x55593e3e95b8,sr=0x55593e3e95b8} to #2 (was #0) (newest_ipsec_sa=#0) | #1 spent 1.45 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 | adding 12 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 176 | emitting length of ISAKMP Message: 204 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 26 1d 67 c2 66 7a 0a 7f 45 75 9d 25 ee 26 37 12 | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 1e 74 52 ed f3 a0 c0 02 1f 0a 94 a5 | 68 26 27 31 08 5a 97 ff 2c 00 00 2c 00 00 00 28 | 01 03 04 03 6a cb 1e 21 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | a3 e7 5d f2 69 5a 2c 16 9d d1 99 0c a2 54 7b 1b | 38 f1 14 63 83 72 f3 f8 03 45 e8 a4 67 8c c9 38 | d8 d2 6d 72 65 69 4e 29 eb f6 67 2a a1 7b 58 53 | 7a 83 7b ea 3a f5 5f 93 98 16 73 26 e7 3e 12 32 | fe 53 c6 21 36 53 7f fb 4c 8b 69 b1 30 3a 25 87 | 04 f0 e9 f6 56 1d c7 28 6e 4c a8 22 ba a1 ad c3 | e0 7f 68 21 59 e2 bd 98 61 61 86 2b d7 49 4d 05 | 95 10 eb dd 22 d2 c9 95 5a 37 8a a2 bb d0 a6 64 | df 14 9e e8 a7 ae df 91 72 3c 20 6d 57 9f f8 1f | hmac PRF sha init symkey-key@0x55593e3d4130 (size 20) | hmac: symkey-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2928 | result: clone-key@0x55593e3f0990 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8498002b50 from symkey-key@0x55593e3f0990 | hmac prf: begin sha with context 0x7f8498002b50 from symkey-key@0x55593e3f0990 | hmac: release clone-key@0x55593e3f0990 | hmac PRF sha crypt-prf@0x55593e3f0ad8 | hmac PRF sha update data-bytes@0x55593d4408c0 (length 192) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 26 1d 67 c2 66 7a 0a 7f 45 75 9d 25 ee 26 37 12 | a3 e7 5d f2 69 5a 2c 16 9d d1 99 0c a2 54 7b 1b | 38 f1 14 63 83 72 f3 f8 03 45 e8 a4 67 8c c9 38 | d8 d2 6d 72 65 69 4e 29 eb f6 67 2a a1 7b 58 53 | 7a 83 7b ea 3a f5 5f 93 98 16 73 26 e7 3e 12 32 | fe 53 c6 21 36 53 7f fb 4c 8b 69 b1 30 3a 25 87 | 04 f0 e9 f6 56 1d c7 28 6e 4c a8 22 ba a1 ad c3 | e0 7f 68 21 59 e2 bd 98 61 61 86 2b d7 49 4d 05 | 95 10 eb dd 22 d2 c9 95 5a 37 8a a2 bb d0 a6 64 | df 14 9e e8 a7 ae df 91 72 3c 20 6d 57 9f f8 1f | hmac PRF sha final-bytes@0x55593d440980 (length 20) | 05 67 58 81 49 10 8c ed 09 17 98 b2 1a bc e7 65 | 50 25 55 94 | data being hmac: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data being hmac: 26 1d 67 c2 66 7a 0a 7f 45 75 9d 25 ee 26 37 12 | data being hmac: a3 e7 5d f2 69 5a 2c 16 9d d1 99 0c a2 54 7b 1b | data being hmac: 38 f1 14 63 83 72 f3 f8 03 45 e8 a4 67 8c c9 38 | data being hmac: d8 d2 6d 72 65 69 4e 29 eb f6 67 2a a1 7b 58 53 | data being hmac: 7a 83 7b ea 3a f5 5f 93 98 16 73 26 e7 3e 12 32 | data being hmac: fe 53 c6 21 36 53 7f fb 4c 8b 69 b1 30 3a 25 87 | data being hmac: 04 f0 e9 f6 56 1d c7 28 6e 4c a8 22 ba a1 ad c3 | data being hmac: e0 7f 68 21 59 e2 bd 98 61 61 86 2b d7 49 4d 05 | data being hmac: 95 10 eb dd 22 d2 c9 95 5a 37 8a a2 bb d0 a6 64 | data being hmac: df 14 9e e8 a7 ae df 91 72 3c 20 6d 57 9f f8 1f | out calculated auth: | 05 67 58 81 49 10 8c ed 09 17 98 b2 | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #1 spent 3.51 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #2 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #2 to 1 after switching state | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #2 ikev2.child established "east" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xbc69695f <0x6acb1e21 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 204 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 26 1d 67 c2 66 7a 0a 7f 45 75 9d 25 ee 26 37 12 | a3 e7 5d f2 69 5a 2c 16 9d d1 99 0c a2 54 7b 1b | 38 f1 14 63 83 72 f3 f8 03 45 e8 a4 67 8c c9 38 | d8 d2 6d 72 65 69 4e 29 eb f6 67 2a a1 7b 58 53 | 7a 83 7b ea 3a f5 5f 93 98 16 73 26 e7 3e 12 32 | fe 53 c6 21 36 53 7f fb 4c 8b 69 b1 30 3a 25 87 | 04 f0 e9 f6 56 1d c7 28 6e 4c a8 22 ba a1 ad c3 | e0 7f 68 21 59 e2 bd 98 61 61 86 2b d7 49 4d 05 | 95 10 eb dd 22 d2 c9 95 5a 37 8a a2 bb d0 a6 64 | df 14 9e e8 a7 ae df 91 72 3c 20 6d 57 9f f8 1f | 05 67 58 81 49 10 8c ed 09 17 98 b2 | releasing whack for #2 (sock=fd@-1) | releasing whack and unpending for parent #1 | unpending state #1 connection "east" | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f8498002b78 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 | libevent_malloc: new ptr-libevent@0x55593e3eee28 size 128 | resume sending helper answer for #1 suppresed complete_v2_state_transition() | #1 spent 3.82 milliseconds in resume sending helper answer | stop processing: state #2 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f8490005088 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00439 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00301 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00278 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00266 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | be 63 e1 fd 6f 2d 6f 7c 38 ce 3b 7d 9c 64 f9 43 | 7d 52 59 3d 5d d7 97 cc b7 67 e1 94 4c ff b8 a3 | 3b 9b fc 3c 4b a5 00 0e 1b f9 fa 9d | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a3 28 a4 06 50 ac 66 0b | responder cookie: | 7b 9b 0e b0 51 12 e9 cd | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #1 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x55593e34d080 (size 20) | hmac: symkey-key@0x55593e34d080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e34d080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3558 | result: clone-key@0x55593e3f0990 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x55593e3ee6e0 from symkey-key@0x55593e3f0990 | hmac prf: begin sha with context 0x55593e3ee6e0 from symkey-key@0x55593e3f0990 | hmac: release clone-key@0x55593e3f0990 | hmac PRF sha crypt-prf@0x55593e3eef28 | hmac PRF sha update data-bytes@0x55593e3dc198 (length 64) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | be 63 e1 fd 6f 2d 6f 7c 38 ce 3b 7d 9c 64 f9 43 | 7d 52 59 3d 5d d7 97 cc b7 67 e1 94 4c ff b8 a3 | hmac PRF sha final-bytes@0x7ffe993d3720 (length 20) | 3b 9b fc 3c 4b a5 00 0e 1b f9 fa 9d 02 5b 08 a6 | 36 2a 77 ab | data for hmac: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data for hmac: be 63 e1 fd 6f 2d 6f 7c 38 ce 3b 7d 9c 64 f9 43 | data for hmac: 7d 52 59 3d 5d d7 97 cc b7 67 e1 94 4c ff b8 a3 | calculated auth: 3b 9b fc 3c 4b a5 00 0e 1b f9 fa 9d | provided auth: 3b 9b fc 3c 4b a5 00 0e 1b f9 fa 9d | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | be 63 e1 fd 6f 2d 6f 7c 38 ce 3b 7d 9c 64 f9 43 | payload before decryption: | 7d 52 59 3d 5d d7 97 cc b7 67 e1 94 4c ff b8 a3 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 bc 69 69 5f 00 01 02 03 | stripping 4 octets as pad | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | a3 28 a4 06 50 ac 66 0b | responder cookie: | 7b 9b 0e b0 51 12 e9 cd | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI bc 69 69 5f | delete PROTO_v2_ESP SA(0xbc69695f) | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #2 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xbc69695f) "east" #1: received Delete SA payload: delete IPsec State #2 now | pstats #2 ikev2.child deleted completed | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #2 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #2: deleting other state #2 (STATE_V2_IPSEC_R) aged 0.085s and NOT sending notification | child state #2: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.bc69695f@192.1.2.45 | get_sa_info esp.6acb1e21@192.1.2.23 "east" #2: ESP traffic information: in=84B out=84B | child state #2: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #2 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55593e3eee28 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f8498002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825161' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xbc69695f | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1566825161' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0xbc69695f SPI_OUT=0x6acb1e21 ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.bc69695f@192.1.2.45 | netlink response for Del SA esp.bc69695f@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.6acb1e21@192.1.2.23 | netlink response for Del SA esp.6acb1e21@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #2 in CHILDSA_DEL | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #1 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55593e3d5be0 | delete_state: release st->st_skey_ai_nss-key@0x55593e34d080 | delete_state: release st->st_skey_ar_nss-key@0x55593e3d4130 | delete_state: release st->st_skey_ei_nss-key@0x55593e3d7a20 | delete_state: release st->st_skey_er_nss-key@0x55593e3ce5b0 | delete_state: release st->st_skey_pi_nss-key@0x7f849000a0e0 | delete_state: release st->st_skey_pr_nss-key@0x7f849000d840 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs 6a cb 1e 21 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 6c ca 14 4e 71 46 33 2b bb 2f f3 b2 79 ff 84 a3 | data before encryption: | 00 00 00 0c 03 04 00 01 6a cb 1e 21 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 78 e3 2f f2 4d ab bf da 71 51 09 51 6c a0 4f 2d | hmac PRF sha init symkey-key@0x55593e3d4130 (size 20) | hmac: symkey-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3108 | result: clone-key@0x55593e3f0990 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8498002b50 from symkey-key@0x55593e3f0990 | hmac prf: begin sha with context 0x7f8498002b50 from symkey-key@0x55593e3f0990 | hmac: release clone-key@0x55593e3f0990 | hmac PRF sha crypt-prf@0x55593e3f0ad8 | hmac PRF sha update data-bytes@0x55593d4408c0 (length 64) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 6c ca 14 4e 71 46 33 2b bb 2f f3 b2 79 ff 84 a3 | 78 e3 2f f2 4d ab bf da 71 51 09 51 6c a0 4f 2d | hmac PRF sha final-bytes@0x55593d440900 (length 20) | f8 2a d6 5e 52 01 a2 0a 9a e4 f4 41 73 4f 5e 1e | d7 61 d6 83 | data being hmac: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: 6c ca 14 4e 71 46 33 2b bb 2f f3 b2 79 ff 84 a3 | data being hmac: 78 e3 2f f2 4d ab bf da 71 51 09 51 6c a0 4f 2d | out calculated auth: | f8 2a d6 5e 52 01 a2 0a 9a e4 f4 41 | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 6c ca 14 4e 71 46 33 2b bb 2f f3 b2 79 ff 84 a3 | 78 e3 2f f2 4d ab bf da 71 51 09 51 6c a0 4f 2d | f8 2a d6 5e 52 01 a2 0a 9a e4 f4 41 | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #1 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #1 spent 0.93 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #1 to 2 after switching state | Message ID: recv #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #1 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #1: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 1.19 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.2 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00138 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 3f f6 5f 70 05 fe a1 b7 6c 93 fe 5c cf 97 06 97 | 52 a0 6b 6d 67 00 c1 36 f8 19 f7 e9 fe a9 13 0d | 21 ad 0b bc 38 83 b7 be 9a db 1a 20 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a3 28 a4 06 50 ac 66 0b | responder cookie: | 7b 9b 0e b0 51 12 e9 cd | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #1 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #1 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x55593e34d080 (size 20) | hmac: symkey-key@0x55593e34d080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e34d080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3558 | result: clone-key@0x55593e3f0990 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8498002b50 from symkey-key@0x55593e3f0990 | hmac prf: begin sha with context 0x7f8498002b50 from symkey-key@0x55593e3f0990 | hmac: release clone-key@0x55593e3f0990 | hmac PRF sha crypt-prf@0x55593e3eef28 | hmac PRF sha update data-bytes@0x55593e3dc198 (length 64) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 3f f6 5f 70 05 fe a1 b7 6c 93 fe 5c cf 97 06 97 | 52 a0 6b 6d 67 00 c1 36 f8 19 f7 e9 fe a9 13 0d | hmac PRF sha final-bytes@0x7ffe993d3720 (length 20) | 21 ad 0b bc 38 83 b7 be 9a db 1a 20 fd 60 ea 81 | 82 fa 65 17 | data for hmac: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data for hmac: 3f f6 5f 70 05 fe a1 b7 6c 93 fe 5c cf 97 06 97 | data for hmac: 52 a0 6b 6d 67 00 c1 36 f8 19 f7 e9 fe a9 13 0d | calculated auth: 21 ad 0b bc 38 83 b7 be 9a db 1a 20 | provided auth: 21 ad 0b bc 38 83 b7 be 9a db 1a 20 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 3f f6 5f 70 05 fe a1 b7 6c 93 fe 5c cf 97 06 97 | payload before decryption: | 52 a0 6b 6d 67 00 c1 36 f8 19 f7 e9 fe a9 13 0d | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | a3 28 a4 06 50 ac 66 0b | responder cookie: | 7b 9b 0e b0 51 12 e9 cd | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | d5 a2 6c d1 36 05 7f 1c ca 67 1d ab 96 52 49 84 | data before encryption: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | d2 70 2a 93 27 ce 9f 77 19 08 d4 3a e9 f2 2a 27 | hmac PRF sha init symkey-key@0x55593e3d4130 (size 20) | hmac: symkey-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3108 | result: clone-key@0x55593e3f0990 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8498002b50 from symkey-key@0x55593e3f0990 | hmac prf: begin sha with context 0x7f8498002b50 from symkey-key@0x55593e3f0990 | hmac: release clone-key@0x55593e3f0990 | hmac PRF sha crypt-prf@0x55593e3f0ad8 | hmac PRF sha update data-bytes@0x55593d4408c0 (length 64) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | d5 a2 6c d1 36 05 7f 1c ca 67 1d ab 96 52 49 84 | d2 70 2a 93 27 ce 9f 77 19 08 d4 3a e9 f2 2a 27 | hmac PRF sha final-bytes@0x55593d440900 (length 20) | 14 70 aa 3f 44 da f8 76 44 b6 bb 3a d0 75 84 15 | d8 69 98 a9 | data being hmac: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | data being hmac: d5 a2 6c d1 36 05 7f 1c ca 67 1d ab 96 52 49 84 | data being hmac: d2 70 2a 93 27 ce 9f 77 19 08 d4 3a e9 f2 2a 27 | out calculated auth: | 14 70 aa 3f 44 da f8 76 44 b6 bb 3a | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | d5 a2 6c d1 36 05 7f 1c ca 67 1d ab 96 52 49 84 | d2 70 2a 93 27 ce 9f 77 19 08 d4 3a e9 f2 2a 27 | 14 70 aa 3f 44 da f8 76 44 b6 bb 3a | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #1 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #1: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #1 ikev2.ike deleted completed | #1 spent 9.43 milliseconds in total | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #1: deleting state (STATE_IKESA_DEL) aged 0.103s and NOT sending notification | parent state #1: IKESA_DEL(established IKE SA) => delete | state #1 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55593e3ee828 | free_event_entry: release EVENT_SA_REKEY-pe@0x55593e3eb9c8 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #1 in IKESA_DEL | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f8498003a28: destroyed | stop processing: state #1 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x55593e3d7640 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55593e3d5be0 | delete_state: release st->st_skey_ai_nss-key@0x55593e34d080 | delete_state: release st->st_skey_ar_nss-key@0x55593e3d4130 | delete_state: release st->st_skey_ei_nss-key@0x55593e3d7a20 | delete_state: release st->st_skey_er_nss-key@0x55593e3ce5b0 | delete_state: release st->st_skey_pi_nss-key@0x7f849000a0e0 | delete_state: release st->st_skey_pr_nss-key@0x7f849000d840 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #1 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #1 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.542 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.004 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00308 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | a9 37 54 0b 27 15 5f ee 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 d7 6d c8 34 ad 79 22 d4 04 1d 9b 7d | 1a ff ec a3 bc 80 9c ef 7b 1c c8 1b a0 c2 3c 8b | 3c 00 39 60 0f 1e a4 67 e9 eb 29 ed 89 fe e4 2c | 2d 95 68 13 69 f4 64 0d ba 0d 9b e8 9f 44 32 fd | 92 45 08 e4 26 7f 51 f9 93 46 ae ed 13 00 d2 fd | 23 ad 0b cd 54 58 30 91 3a 6b b3 bf 8b e5 d7 81 | cb 26 12 1e 17 64 bf 10 7b a8 8c 32 5c 46 dd c9 | 49 cb 1c 6c 03 9f 19 d5 14 45 e7 53 29 f9 66 eb | 34 b0 0c 54 66 df eb be a4 a1 6b 16 7e 77 4f f2 | 7e 59 c1 25 b0 55 31 ee 1a 28 cc c6 99 b0 0e 04 | df 7d f1 d5 4e 91 09 2e c1 6d 73 50 bd 5a 61 f4 | d7 06 38 9f a4 e9 40 6f 28 16 07 56 0c 5b 9b ca | f6 ab 52 83 56 d4 25 b0 32 6f 2c 88 83 05 bb 39 | 66 47 d9 9c ed 47 9e 77 4b 46 bb 64 f3 32 60 5f | b8 6e 8f 8d 2c bb af b6 14 cb 34 6f 92 05 32 d4 | 29 43 01 b1 3a a5 78 bb 7d f2 10 c3 9d e0 d7 15 | e0 26 5f c8 29 00 00 24 91 1d a2 fd 4e ea be f1 | fd 66 3e a8 94 2e f5 5e 9c 16 37 c6 0e 59 ad d4 | ed 4d 35 1d f4 67 69 84 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 73 a5 28 29 29 0f 59 78 | 49 e5 1b 49 b8 bc 4e 51 4b 96 43 e4 00 00 00 1c | 00 00 40 05 a0 b1 b1 68 16 f5 4d 50 4c 62 8e 71 | 91 ee dc 54 e9 37 2f 8d | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a9 37 54 0b 27 15 5f ee | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x55593e3ea5d8 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x55593d434700 (length 32) | c4 5b 99 07 46 d6 b8 54 7e b5 91 29 51 b8 2a 78 | a9 67 8c 5b f0 7f 01 45 df c1 c8 27 69 7e 9f f4 | IKE SPIr hash sha2_256 digest counter-bytes@0x55593d4346e0 (length 4) | 02 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7ffe993d3d80 (length 32) | ac 8a 57 d4 a8 86 78 00 15 f3 a1 2c f3 88 db 94 | cd 41 1b 21 81 25 24 8e bd c3 c1 5b 39 ea 64 d8 | creating state object #3 at 0x55593e3ebde8 | State DB: adding IKEv2 state #3 in UNDEFINED | pstats #3 ikev2.ike started | Message ID: init #3: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #3: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #3; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #3 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #3 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #3 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #3 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #3 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #3 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #3 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #3: no local proposal matches remote proposals 1:IKE:ENCR=AES_CBC;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #3: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | a9 37 54 0b 27 15 5f ee | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | a9 37 54 0b 27 15 5f ee 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #3 spent 0.133 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #3 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #3 has no whack fd | pstats #3 ikev2.ike deleted other | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #3: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #3: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #3 in PARENT_R0 | parent state #3: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #3 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #3 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.531 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00318 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 75 f4 b3 20 16 59 35 3f 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 db 0c bb 83 4d ef 27 83 e9 7f 42 55 | 49 d0 25 64 78 ba e0 8d 2e 43 2b 86 57 0b 2b e6 | df dd ce ac 03 70 66 28 1d 0c e6 85 6d 84 49 f9 | b2 6c bf 6e 54 82 67 59 ba 16 a4 f6 8f 39 1a ac | 2f c1 86 1a 6d ac 47 0e 64 1d 28 54 93 2e ee fa | 7c 5b 94 16 41 28 94 69 da 5e f0 1e a4 80 41 c1 | f8 e4 94 75 8d b4 d0 fd 10 4b 3e 45 fd e0 e3 05 | 17 4f 03 a3 c9 dc a8 5b 7d db b9 f8 41 4e 18 2a | e3 af 64 35 b4 f4 39 8f 52 bf 70 0d e9 f4 b9 93 | 92 6b 38 4f 23 c6 d5 f0 26 46 b4 a7 5e 83 5d d9 | df 60 b2 85 9d 32 d1 43 f0 4a c6 19 9a da 17 71 | d5 b3 fd ed ce c1 29 4c dd 13 4d d3 de 91 b8 89 | 57 2e 06 14 cb 3a 44 2a f0 93 f5 f9 9c e8 6c 0a | e0 d3 de 4b 33 b2 98 4c 41 91 11 5f 34 19 b7 b8 | 53 c0 32 78 3c 83 8d ec e8 8e 21 fe 1d 46 33 62 | 67 08 04 40 aa 0f 72 af 06 4d 99 7d 0f 1f 0b f8 | 4d dc f5 3b 29 00 00 24 e1 76 38 ee 2f 3f 4e d2 | 0e 6d 81 af 1f 7c 80 54 20 45 28 69 bb 30 65 21 | d1 aa a3 6c ac 20 9c 38 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 98 94 84 ca 0b ae cb a4 | 9b d5 f2 36 89 37 41 f7 4a c0 34 f6 00 00 00 1c | 00 00 40 05 cc 01 67 e3 70 e5 ef b0 23 bc 71 4e | ad 9a f1 9f c8 09 d6 e9 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 75 f4 b3 20 16 59 35 3f | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x55593e3ea5d8 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x55593d434700 (length 32) | c4 5b 99 07 46 d6 b8 54 7e b5 91 29 51 b8 2a 78 | a9 67 8c 5b f0 7f 01 45 df c1 c8 27 69 7e 9f f4 | IKE SPIr hash sha2_256 digest counter-bytes@0x55593d4346e0 (length 4) | 03 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7ffe993d3d80 (length 32) | dd d8 ac 15 09 30 a6 1d a4 a3 f3 c5 b9 fe be 60 | 2c 99 09 d3 70 d8 61 07 12 cc 84 a6 09 62 9f a7 | creating state object #4 at 0x55593e3ebde8 | State DB: adding IKEv2 state #4 in UNDEFINED | pstats #4 ikev2.ike started | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #4: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #4 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #4 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #4 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #4 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #4 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #4 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #4 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #4: no local proposal matches remote proposals 1:IKE:ENCR=AES_CBC;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #4: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 75 f4 b3 20 16 59 35 3f | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 75 f4 b3 20 16 59 35 3f 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #4 spent 0.203 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #4 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #4 has no whack fd | pstats #4 ikev2.ike deleted other | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #4: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #4: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #4 in PARENT_R0 | parent state #4: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #4 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #4 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.698 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00305 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 33 f0 f4 e3 3a 9f 15 4f 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 48 dd 31 6b 4c b1 49 55 93 b4 5b 2c | f4 36 d5 06 ad 4a 23 54 71 b3 bb bc 54 38 f7 23 | 6a 77 05 35 3f 95 a7 7a 1b cf ee 0a 33 17 b1 cb | c9 a6 59 c5 bb 6e 39 bd 12 91 54 83 ec aa 76 59 | d8 f7 e5 9c 52 8f 33 bf 65 99 e1 5c b4 2c 9f 82 | 72 33 e1 d2 ff 52 fa e6 58 dd e5 ce da 30 8a 6c | fb 3a f1 3d 74 ad 0d 3c f3 33 46 6b 93 d7 d8 3d | 85 8a bd 86 2e 39 00 5a 16 d2 6e 2d e1 d8 73 fa | b3 c8 e3 3a 88 c8 65 25 79 80 90 12 28 38 72 b2 | c6 f8 62 43 11 75 65 b5 20 14 53 b1 38 c0 16 6a | 44 92 01 fb 9e 19 91 e7 87 62 2f 19 b1 4c 37 88 | bc 4c 91 26 56 e0 1a ab 8b 37 76 8a 00 26 9d b4 | 10 49 5e a6 81 57 e9 27 d5 45 e0 d9 a1 b1 16 c6 | 5f aa c0 c9 fc af b8 72 84 a2 49 3c a4 f0 34 e2 | f1 3a 2c 5d 30 ae b9 40 a6 4e 71 ca 1b a8 ab c4 | 75 49 79 57 78 60 eb f9 ea 85 7b 7e ed 76 f2 09 | d5 4e 9d 10 29 00 00 24 90 cc 73 ea 3a 23 bc ca | eb 1e 13 3e 6c e0 86 7f dc c9 f9 61 96 b1 83 ad | bc 7c 55 38 a6 0f dd 51 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 89 55 4e e0 41 f1 c5 9a | 62 fc 07 bb 85 93 86 74 c7 ff 1c cd 00 00 00 1c | 00 00 40 05 2a 4c 31 5f 30 eb b1 a2 23 70 68 ab | d5 c8 28 a2 35 a3 69 01 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 33 f0 f4 e3 3a 9f 15 4f | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x55593e3ea5d8 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x55593d434700 (length 32) | c4 5b 99 07 46 d6 b8 54 7e b5 91 29 51 b8 2a 78 | a9 67 8c 5b f0 7f 01 45 df c1 c8 27 69 7e 9f f4 | IKE SPIr hash sha2_256 digest counter-bytes@0x55593d4346e0 (length 4) | 04 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7ffe993d3d80 (length 32) | 26 2f 74 3b 36 e8 b1 a8 57 7d dc d7 76 c8 6b da | fa 3c 1d 09 25 55 87 ea 72 1e 42 a0 aa 8a f0 bb | creating state object #5 at 0x55593e3ebde8 | State DB: adding IKEv2 state #5 in UNDEFINED | pstats #5 ikev2.ike started | Message ID: init #5: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #5: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #5; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #5 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #5 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #5 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #5 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #5 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #5 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #5 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #5: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 48 dd 31 6b 4c b1 49 55 93 b4 5b 2c f4 36 d5 06 | ad 4a 23 54 71 b3 bb bc 54 38 f7 23 6a 77 05 35 | 3f 95 a7 7a 1b cf ee 0a 33 17 b1 cb c9 a6 59 c5 | bb 6e 39 bd 12 91 54 83 ec aa 76 59 d8 f7 e5 9c | 52 8f 33 bf 65 99 e1 5c b4 2c 9f 82 72 33 e1 d2 | ff 52 fa e6 58 dd e5 ce da 30 8a 6c fb 3a f1 3d | 74 ad 0d 3c f3 33 46 6b 93 d7 d8 3d 85 8a bd 86 | 2e 39 00 5a 16 d2 6e 2d e1 d8 73 fa b3 c8 e3 3a | 88 c8 65 25 79 80 90 12 28 38 72 b2 c6 f8 62 43 | 11 75 65 b5 20 14 53 b1 38 c0 16 6a 44 92 01 fb | 9e 19 91 e7 87 62 2f 19 b1 4c 37 88 bc 4c 91 26 | 56 e0 1a ab 8b 37 76 8a 00 26 9d b4 10 49 5e a6 | 81 57 e9 27 d5 45 e0 d9 a1 b1 16 c6 5f aa c0 c9 | fc af b8 72 84 a2 49 3c a4 f0 34 e2 f1 3a 2c 5d | 30 ae b9 40 a6 4e 71 ca 1b a8 ab c4 75 49 79 57 | 78 60 eb f9 ea 85 7b 7e ed 76 f2 09 d5 4e 9d 10 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3780 (length 8) | 33 f0 f4 e3 3a 9f 15 4f | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3788 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe993d3714 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe993d3706 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3790 (length 20) | 2a 4c 31 5f 30 eb b1 a2 23 70 68 ab d5 c8 28 a2 | 35 a3 69 01 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= 33 f0 f4 e3 3a 9f 15 4f | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 2a 4c 31 5f 30 eb b1 a2 23 70 68 ab d5 c8 28 a2 | natd_hash: hash= 35 a3 69 01 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3780 (length 8) | 33 f0 f4 e3 3a 9f 15 4f | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3788 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe993d3714 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe993d3706 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d37b0 (length 20) | 89 55 4e e0 41 f1 c5 9a 62 fc 07 bb 85 93 86 74 | c7 ff 1c cd | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= 33 f0 f4 e3 3a 9f 15 4f | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 89 55 4e e0 41 f1 c5 9a 62 fc 07 bb 85 93 86 74 | natd_hash: hash= c7 ff 1c cd | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 3 for state #5 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55593e3eb9c8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x7f8490005088 size 128 | #5 spent 0.353 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | crypto helper 2 resuming | crypto helper 2 starting work-order 3 for state #5 | #5 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #5 and saving MD | #5 is busy; has a suspended MD | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #5 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | crypto helper 2 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 3 | stop processing: state #5 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #5 spent 0.699 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | spent 0.714 milliseconds in comm_handle_cb() reading and processing packet | DH secret MODP2048@0x7f8494003a28: created | NSS: Local DH MODP2048 secret (pointer): 0x7f8494003a28 | NSS: Public DH wire value: | f7 d2 f4 06 3b f9 f2 71 a9 a5 eb 08 9e c0 42 43 | 9a fe db 61 15 75 e4 72 6a 85 17 1c 94 4b e3 f8 | 4e 85 e1 11 5b 5c 36 d6 e2 4b 16 a1 e1 9e 7e 8c | 31 f3 a9 bb 15 4b ac 6e 96 45 6e 5f bb 20 12 82 | 9e 6b 5e f3 81 39 4c b9 1d 9d a5 80 35 de 54 41 | 60 83 17 bc 30 03 9e fa 4f bd 1c c9 50 6b 9d 20 | ec 59 1a cf 19 25 29 de 3a ba 7f 4f 85 9c 9a 80 | 49 23 70 3c 33 1a 0d 5a 02 ba 9f 1d c5 9e 36 ae | 24 8b 5e b4 f5 c7 48 3c 63 90 de c9 3a 29 f9 58 | 21 f3 6b 7c b1 a9 fb 63 b1 81 ef bf 17 ea 6f 45 | f3 ea bc 43 c2 af c8 85 e2 a7 0f 1e dd 16 d9 e2 | 33 f2 cc 25 78 cc 64 fd 5b 88 54 1f 60 e9 6c 19 | 17 1d 41 c2 27 42 c3 f7 b3 67 46 1e 7d 66 6e 61 | 14 9e 5b 71 9f 44 95 69 ea 0b 80 cf 22 74 df 29 | c2 3c cc 77 60 28 92 6e 0a ba 3d 6a 30 f1 4b 6c | e1 80 ce c4 50 6c a3 5a 56 26 52 a3 92 00 f7 58 | Generated nonce: 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | Generated nonce: 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | crypto helper 2 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 3 time elapsed 0.000785 seconds | (#5) spent 0.775 milliseconds in crypto helper computing work-order 3: ikev2_inI1outR1 KE (pcr) | crypto helper 2 sending results from work-order 3 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f8494002888 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #5 | start processing: state #5 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 3 | calling continuation function 0x55593d342b50 | ikev2_parent_inI1outR1_continue for #5: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 33 f0 f4 e3 3a 9f 15 4f | responder cookie: | 26 2f 74 3b 36 e8 b1 a8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f8494003a28: transferring ownership from helper KE to state #5 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x f7 d2 f4 06 3b f9 f2 71 a9 a5 eb 08 9e c0 42 43 | ikev2 g^x 9a fe db 61 15 75 e4 72 6a 85 17 1c 94 4b e3 f8 | ikev2 g^x 4e 85 e1 11 5b 5c 36 d6 e2 4b 16 a1 e1 9e 7e 8c | ikev2 g^x 31 f3 a9 bb 15 4b ac 6e 96 45 6e 5f bb 20 12 82 | ikev2 g^x 9e 6b 5e f3 81 39 4c b9 1d 9d a5 80 35 de 54 41 | ikev2 g^x 60 83 17 bc 30 03 9e fa 4f bd 1c c9 50 6b 9d 20 | ikev2 g^x ec 59 1a cf 19 25 29 de 3a ba 7f 4f 85 9c 9a 80 | ikev2 g^x 49 23 70 3c 33 1a 0d 5a 02 ba 9f 1d c5 9e 36 ae | ikev2 g^x 24 8b 5e b4 f5 c7 48 3c 63 90 de c9 3a 29 f9 58 | ikev2 g^x 21 f3 6b 7c b1 a9 fb 63 b1 81 ef bf 17 ea 6f 45 | ikev2 g^x f3 ea bc 43 c2 af c8 85 e2 a7 0f 1e dd 16 d9 e2 | ikev2 g^x 33 f2 cc 25 78 cc 64 fd 5b 88 54 1f 60 e9 6c 19 | ikev2 g^x 17 1d 41 c2 27 42 c3 f7 b3 67 46 1e 7d 66 6e 61 | ikev2 g^x 14 9e 5b 71 9f 44 95 69 ea 0b 80 cf 22 74 df 29 | ikev2 g^x c2 3c cc 77 60 28 92 6e 0a ba 3d 6a 30 f1 4b 6c | ikev2 g^x e1 80 ce c4 50 6c a3 5a 56 26 52 a3 92 00 f7 58 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | IKEv2 nonce 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3cc0 (length 8) | 33 f0 f4 e3 3a 9f 15 4f | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3cc8 (length 8) | 26 2f 74 3b 36 e8 b1 a8 | NATD hash sha digest IP addr-bytes@0x7ffe993d3bf4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe993d3be6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3c70 (length 20) | 81 8b 5b 41 80 a4 8a 1d 07 2a 6e 91 43 86 b1 47 | 65 1d 77 fa | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= 33 f0 f4 e3 3a 9f 15 4f | natd_hash: rcookie= 26 2f 74 3b 36 e8 b1 a8 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 81 8b 5b 41 80 a4 8a 1d 07 2a 6e 91 43 86 b1 47 | natd_hash: hash= 65 1d 77 fa | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 81 8b 5b 41 80 a4 8a 1d 07 2a 6e 91 43 86 b1 47 | Notify data 65 1d 77 fa | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3cc0 (length 8) | 33 f0 f4 e3 3a 9f 15 4f | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3cc8 (length 8) | 26 2f 74 3b 36 e8 b1 a8 | NATD hash sha digest IP addr-bytes@0x7ffe993d3bf4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe993d3be6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3c70 (length 20) | 83 06 94 67 52 f4 80 5f c3 42 98 99 79 da ef 87 | ec 62 58 09 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= 33 f0 f4 e3 3a 9f 15 4f | natd_hash: rcookie= 26 2f 74 3b 36 e8 b1 a8 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 83 06 94 67 52 f4 80 5f c3 42 98 99 79 da ef 87 | natd_hash: hash= ec 62 58 09 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 83 06 94 67 52 f4 80 5f c3 42 98 99 79 da ef 87 | Notify data ec 62 58 09 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #5 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #5: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #5 to 0 after switching state | Message ID: recv #5 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #5 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #5: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #5) | 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 f7 d2 f4 06 3b f9 f2 71 a9 a5 eb 08 | 9e c0 42 43 9a fe db 61 15 75 e4 72 6a 85 17 1c | 94 4b e3 f8 4e 85 e1 11 5b 5c 36 d6 e2 4b 16 a1 | e1 9e 7e 8c 31 f3 a9 bb 15 4b ac 6e 96 45 6e 5f | bb 20 12 82 9e 6b 5e f3 81 39 4c b9 1d 9d a5 80 | 35 de 54 41 60 83 17 bc 30 03 9e fa 4f bd 1c c9 | 50 6b 9d 20 ec 59 1a cf 19 25 29 de 3a ba 7f 4f | 85 9c 9a 80 49 23 70 3c 33 1a 0d 5a 02 ba 9f 1d | c5 9e 36 ae 24 8b 5e b4 f5 c7 48 3c 63 90 de c9 | 3a 29 f9 58 21 f3 6b 7c b1 a9 fb 63 b1 81 ef bf | 17 ea 6f 45 f3 ea bc 43 c2 af c8 85 e2 a7 0f 1e | dd 16 d9 e2 33 f2 cc 25 78 cc 64 fd 5b 88 54 1f | 60 e9 6c 19 17 1d 41 c2 27 42 c3 f7 b3 67 46 1e | 7d 66 6e 61 14 9e 5b 71 9f 44 95 69 ea 0b 80 cf | 22 74 df 29 c2 3c cc 77 60 28 92 6e 0a ba 3d 6a | 30 f1 4b 6c e1 80 ce c4 50 6c a3 5a 56 26 52 a3 | 92 00 f7 58 29 00 00 24 09 a6 b4 60 eb d3 b2 3a | e4 4c e0 68 3a d6 a8 df 7c 1d 61 0c d9 6c 2c d6 | de 6b 57 27 2b 8c 03 cd 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 81 8b 5b 41 80 a4 8a 1d | 07 2a 6e 91 43 86 b1 47 65 1d 77 fa 00 00 00 1c | 00 00 40 05 83 06 94 67 52 f4 80 5f c3 42 98 99 | 79 da ef 87 ec 62 58 09 | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f8490005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55593e3eb9c8 | event_schedule: new EVENT_SO_DISCARD-pe@0x55593e3eb9c8 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #5 | libevent_malloc: new ptr-libevent@0x55593e3eee28 size 128 | resume sending helper answer for #5 suppresed complete_v2_state_transition() | #5 spent 0.476 milliseconds in resume sending helper answer | stop processing: state #5 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f8494002888 | spent 0.0023 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 220 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | e6 bc 78 f9 0d a1 86 de 13 cd ad f5 43 27 68 88 | 77 ec 56 5c 7c 60 c6 35 24 09 9d 2c 8a 73 96 88 | 91 05 00 a2 f5 44 18 51 a8 ea d4 98 9f 2d 9a ee | 64 eb e7 22 91 4c 6c 58 02 59 dd 71 bf 79 f4 87 | 2f ae 3a 00 a9 41 59 d3 b7 dc 37 12 6c 02 8a 0e | 92 2e 5e 72 ca b1 e3 52 ea 88 e7 d5 72 54 91 60 | b9 62 96 18 bf 45 61 61 c3 a7 77 65 50 5f c2 b9 | c0 4a 91 d0 80 61 f4 9a d7 eb af 86 77 ab 44 43 | f1 f1 41 bd 59 14 87 7e e5 df 53 c3 a1 c0 6c 51 | d6 a9 e5 d8 ff f3 68 b5 f1 1b 99 9f fd f8 09 3c | bf 04 ec e5 98 60 a9 87 1b 2f b8 4a de 9f 67 66 | 26 56 e3 51 a2 61 c3 72 91 58 98 43 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 33 f0 f4 e3 3a 9f 15 4f | responder cookie: | 26 2f 74 3b 36 e8 b1 a8 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 220 (0xdc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #5 in PARENT_R1 (find_v2_ike_sa) | start processing: state #5 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #5 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #5 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 192 (0xc0) | processing payload: ISAKMP_NEXT_v2SK (len=188) | Message ID: start-responder #5 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #5 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f8494003a28: transferring ownership from state #5 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 4 for state #5 | state #5 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x55593e3eee28 | free_event_entry: release EVENT_SO_DISCARD-pe@0x55593e3eb9c8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55593e3eb9c8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x7f8494002888 size 128 | #5 spent 0.0324 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | crypto helper 4 resuming | #5 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #5 and saving MD | #5 is busy; has a suspended MD | crypto helper 4 starting work-order 4 for state #5 | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #5 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | crypto helper 4 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 4 | stop processing: state #5 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | peer's g: 48 dd 31 6b 4c b1 49 55 93 b4 5b 2c f4 36 d5 06 | peer's g: ad 4a 23 54 71 b3 bb bc 54 38 f7 23 6a 77 05 35 | peer's g: 3f 95 a7 7a 1b cf ee 0a 33 17 b1 cb c9 a6 59 c5 | peer's g: bb 6e 39 bd 12 91 54 83 ec aa 76 59 d8 f7 e5 9c | peer's g: 52 8f 33 bf 65 99 e1 5c b4 2c 9f 82 72 33 e1 d2 | peer's g: ff 52 fa e6 58 dd e5 ce da 30 8a 6c fb 3a f1 3d | peer's g: 74 ad 0d 3c f3 33 46 6b 93 d7 d8 3d 85 8a bd 86 | peer's g: 2e 39 00 5a 16 d2 6e 2d e1 d8 73 fa b3 c8 e3 3a | #5 spent 0.18 milliseconds in ikev2_process_packet() | peer's g: 88 c8 65 25 79 80 90 12 28 38 72 b2 c6 f8 62 43 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | peer's g: 11 75 65 b5 20 14 53 b1 38 c0 16 6a 44 92 01 fb | peer's g: 9e 19 91 e7 87 62 2f 19 b1 4c 37 88 bc 4c 91 26 | peer's g: 56 e0 1a ab 8b 37 76 8a 00 26 9d b4 10 49 5e a6 | peer's g: 81 57 e9 27 d5 45 e0 d9 a1 b1 16 c6 5f aa c0 c9 | peer's g: fc af b8 72 84 a2 49 3c a4 f0 34 e2 f1 3a 2c 5d | peer's g: 30 ae b9 40 a6 4e 71 ca 1b a8 ab c4 75 49 79 57 | peer's g: 78 60 eb f9 ea 85 7b 7e ed 76 f2 09 d5 4e 9d 10 | processing: STOP state #0 (in process_md() at demux.c:382) | Started DH shared-secret computation in NSS: | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.226 milliseconds in comm_handle_cb() reading and processing packet | new : g_ir-key@0x7f849000d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f8494003a28: computed shared DH secret key@0x7f849000d840 | dh-shared : g^ir-key@0x7f849000d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f8488001f18 (length 64) | 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a0f7d6e0 | result: Ni | Nr-key@0x55593e3ce5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55593e3ce5b0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d6c8 | result: Ni | Nr-key@0x7f849000a0e0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x55593e3ce5b0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f8488002fa0 from Ni | Nr-key@0x7f849000a0e0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f8488002fa0 from Ni | Nr-key@0x7f849000a0e0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f849000a0e0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f8488003a78 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f849000d840 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f849000d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f849000d840 | nss hmac digest hack: symkey-key@0x7f849000d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1027334338: 92 5c 8b 89 40 59 84 ff 44 09 a7 51 95 09 08 35 2d 15 a5 b3 55 44 e4 f3 a5 c9 ca 17 ef 09 73 1d 36 b9 42 d7 3a 25 e6 0e bf 6e 1c 07 3d 77 0a 92 20 d6 b5 dd 19 6b 39 f5 4c 5b 93 6b d1 17 60 02 40 b0 62 5a 0d 4f ce a3 56 29 90 f7 3e 45 c7 4b bb 5c 08 24 ee 35 92 a6 41 1c f6 11 64 5e 1d 51 db 27 e9 dd 81 47 fe f4 e0 53 f7 c2 12 24 d1 4f 8c 86 14 d6 d7 60 f1 0c 77 50 c2 d1 b6 fa fb 25 be d3 3d 8a 3c 81 fd 0a 8b a3 e3 c3 d8 45 ae 04 c9 35 6f bb 98 98 10 0c 94 41 17 1a 4c e9 33 e2 43 13 70 33 c8 3b 9a ce 23 9a be ce 97 2e b1 d6 6e fd 0b 48 bb 31 2d e1 8e 1e 34 70 7a b5 79 06 ae e3 1d da 5c f8 29 f3 0d 25 46 71 2d 54 b9 04 cd 17 5d ba 4e c3 2e d5 43 94 82 76 1e 91 14 c7 75 7b ab 45 de 15 45 30 ba a2 61 fb 72 c8 31 48 8d b0 57 69 40 d2 4e fc c9 60 e5 6e 4b b8 f4 c1 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 256 bytes at 0x7f8488003fa8 | unwrapped: 76 1c ce b5 f3 94 39 65 71 96 3f 74 b3 fe 2d 7c | unwrapped: 39 3d 2a c0 15 21 00 1f 7f 71 b6 4f da 9d 62 e9 | unwrapped: 12 44 e8 16 e4 78 ab 48 8d a2 f7 4c f1 3e 9f 56 | unwrapped: 75 33 35 51 b0 f8 6b 23 ea 78 94 44 c3 ef ad 84 | unwrapped: 5d 66 94 b3 dc 5e 7b e5 ad 56 f8 5b c6 6f ea f8 | unwrapped: fb 4b ce fc 68 1c 55 76 dc 12 60 49 22 86 0b 38 | unwrapped: b1 34 37 f3 44 cd 66 ee 41 19 9c 61 7e db d9 10 | unwrapped: b5 38 a5 cb 1a db 42 f6 c0 24 b3 1b 03 aa e2 79 | unwrapped: 8a c4 01 75 ac 2e 2c a8 0e 4e 87 ce 3b 3b b8 55 | unwrapped: 02 40 1d 93 7d 0f dc 9f 58 ae fe 11 7b fa 79 eb | unwrapped: d0 ef 4c 86 3a 95 02 49 63 07 f4 0f 7c f5 f3 75 | unwrapped: 46 84 27 1d ef d9 59 6a 7c a5 47 da e3 4e dd 4b | unwrapped: 10 d0 1b 99 e6 9f c6 9a eb f8 bf 40 86 cb c1 05 | unwrapped: 79 13 a2 37 2b fc f2 ab 39 37 ba f4 6b f2 bb 3d | unwrapped: ec 0f 6c 7f 10 9c 58 b2 75 6a f9 09 b1 00 7f 43 | unwrapped: 27 11 df 10 94 c9 af f4 a2 5d 5e da f8 f6 9f f1 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a0f7d700 | result: final-key@0x55593e3ce5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3ce5b0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d6e8 | result: final-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3ce5b0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f849000a0e0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a0f7d670 | result: data=Ni-key@0x55593e3d7a20 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55593e3d7a20 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d658 | result: data=Ni-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55593e3d7a20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3ce5b0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a0f7d660 | result: data+=Nr-key@0x55593e3d7a20 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3ce5b0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3d7a20 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a0f7d660 | result: data+=SPIi-key@0x55593e3ce5b0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3d7a20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3ce5b0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a0f7d660 | result: data+=SPIr-key@0x55593e3d7a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3ce5b0 | prf+0 PRF sha init key-key@0x7f849000a0e0 (size 20) | prf+0: key-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d588 | result: clone-key@0x55593e3ce5b0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f8488002fa0 from key-key@0x55593e3ce5b0 | prf+0 prf: begin sha with context 0x7f8488002fa0 from key-key@0x55593e3ce5b0 | prf+0: release clone-key@0x55593e3ce5b0 | prf+0 PRF sha crypt-prf@0x7f8488002f78 | prf+0 PRF sha update seed-key@0x55593e3d7a20 (size 80) | prf+0: seed-key@0x55593e3d7a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3d7a20 | nss hmac digest hack: symkey-key@0x55593e3d7a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 5e d0 4e 4c de 09 7a b1 92 8e 3a ea a0 ca cb b6 6f be 66 2c be d3 a9 96 c8 83 ed 65 16 49 0e 74 c4 53 76 7a 3b 02 b0 6c 65 15 3f ff 5b fa a3 f6 9a 80 aa ec e1 1b 6b b9 d6 fd c2 ce eb c3 37 96 ed d2 29 09 52 4b d4 c1 b1 18 1a d6 52 6a a7 4c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8488005338 | unwrapped: 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | unwrapped: dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | unwrapped: 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | unwrapped: 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | unwrapped: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a0f7d590 | result: final-key@0x55593e3d4130 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3d4130 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d578 | result: final-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3d4130 | prf+0 PRF sha final-key@0x55593e3ce5b0 (size 20) | prf+0: key-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x55593e3ce5b0 | prf+N PRF sha init key-key@0x7f849000a0e0 (size 20) | prf+N: key-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d588 | result: clone-key@0x55593e3d4130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8488002fa0 from key-key@0x55593e3d4130 | prf+N prf: begin sha with context 0x7f8488002fa0 from key-key@0x55593e3d4130 | prf+N: release clone-key@0x55593e3d4130 | prf+N PRF sha crypt-prf@0x7f84880030d8 | prf+N PRF sha update old_t-key@0x55593e3ce5b0 (size 20) | prf+N: old_t-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3ce5b0 | nss hmac digest hack: symkey-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 8b 7f 2e 85 dc 85 e1 93 7f de a8 c6 8a f3 ff 85 da 04 b1 d9 17 b0 c9 64 2a 2a ba a0 98 43 e0 c3 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8488002f28 | unwrapped: 0b 5f 94 d9 52 06 c0 bc 73 54 c0 e8 66 c9 9c 08 | unwrapped: 73 fb d5 a3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3d7a20 (size 80) | prf+N: seed-key@0x55593e3d7a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3d7a20 | nss hmac digest hack: symkey-key@0x55593e3d7a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 5e d0 4e 4c de 09 7a b1 92 8e 3a ea a0 ca cb b6 6f be 66 2c be d3 a9 96 c8 83 ed 65 16 49 0e 74 c4 53 76 7a 3b 02 b0 6c 65 15 3f ff 5b fa a3 f6 9a 80 aa ec e1 1b 6b b9 d6 fd c2 ce eb c3 37 96 ed d2 29 09 52 4b d4 c1 b1 18 1a d6 52 6a a7 4c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f84880052b8 | unwrapped: 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | unwrapped: dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | unwrapped: 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | unwrapped: 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | unwrapped: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a0f7d590 | result: final-key@0x55593e34d080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e34d080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d578 | result: final-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e34d080 | prf+N PRF sha final-key@0x55593e3d4130 (size 20) | prf+N: key-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a0f7d608 | result: result-key@0x55593e34d080 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3ce5b0 | prfplus: release old_t[N]-key@0x55593e3ce5b0 | prf+N PRF sha init key-key@0x7f849000a0e0 (size 20) | prf+N: key-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d588 | result: clone-key@0x55593e3ce5b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8488002fa0 from key-key@0x55593e3ce5b0 | prf+N prf: begin sha with context 0x7f8488002fa0 from key-key@0x55593e3ce5b0 | prf+N: release clone-key@0x55593e3ce5b0 | prf+N PRF sha crypt-prf@0x7f8488002f78 | prf+N PRF sha update old_t-key@0x55593e3d4130 (size 20) | prf+N: old_t-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3d4130 | nss hmac digest hack: symkey-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 9f 5b ef 9b 53 53 d3 8b fa 2b 0e a6 c2 48 b4 c6 b8 2e 71 bc ee ea 4e b5 03 a6 df fb 34 42 1b 1c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8488003a78 | unwrapped: 72 ef 6a 63 09 9b 62 a9 2c 39 fd f1 5e 5f 6d 97 | unwrapped: bb 53 78 32 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3d7a20 (size 80) | prf+N: seed-key@0x55593e3d7a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3d7a20 | nss hmac digest hack: symkey-key@0x55593e3d7a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 5e d0 4e 4c de 09 7a b1 92 8e 3a ea a0 ca cb b6 6f be 66 2c be d3 a9 96 c8 83 ed 65 16 49 0e 74 c4 53 76 7a 3b 02 b0 6c 65 15 3f ff 5b fa a3 f6 9a 80 aa ec e1 1b 6b b9 d6 fd c2 ce eb c3 37 96 ed d2 29 09 52 4b d4 c1 b1 18 1a d6 52 6a a7 4c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8488005338 | unwrapped: 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | unwrapped: dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | unwrapped: 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | unwrapped: 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | unwrapped: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a0f7d590 | result: final-key@0x55593e3d5be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d578 | result: final-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3d5be0 | prf+N PRF sha final-key@0x55593e3ce5b0 (size 20) | prf+N: key-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e34d080 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a0f7d608 | result: result-key@0x55593e3d5be0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e34d080 | prfplus: release old_t[N]-key@0x55593e3d4130 | prf+N PRF sha init key-key@0x7f849000a0e0 (size 20) | prf+N: key-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d588 | result: clone-key@0x55593e3d4130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8488002fa0 from key-key@0x55593e3d4130 | prf+N prf: begin sha with context 0x7f8488002fa0 from key-key@0x55593e3d4130 | prf+N: release clone-key@0x55593e3d4130 | prf+N PRF sha crypt-prf@0x7f8488002f28 | prf+N PRF sha update old_t-key@0x55593e3ce5b0 (size 20) | prf+N: old_t-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3ce5b0 | nss hmac digest hack: symkey-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 01 7e 82 2a 5b 21 62 d6 d4 f0 ca 22 0e 3a 30 36 9b 80 3b 6c b9 c6 01 82 36 7a e5 d5 72 d4 6d 43 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8488005e88 | unwrapped: 5f 25 3b 2b 0c 50 c0 18 70 d3 71 03 20 54 c8 b8 | unwrapped: 42 eb c5 31 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3d7a20 (size 80) | prf+N: seed-key@0x55593e3d7a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3d7a20 | nss hmac digest hack: symkey-key@0x55593e3d7a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 5e d0 4e 4c de 09 7a b1 92 8e 3a ea a0 ca cb b6 6f be 66 2c be d3 a9 96 c8 83 ed 65 16 49 0e 74 c4 53 76 7a 3b 02 b0 6c 65 15 3f ff 5b fa a3 f6 9a 80 aa ec e1 1b 6b b9 d6 fd c2 ce eb c3 37 96 ed d2 29 09 52 4b d4 c1 b1 18 1a d6 52 6a a7 4c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f84880052b8 | unwrapped: 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | unwrapped: dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | unwrapped: 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | unwrapped: 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | unwrapped: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a0f7d590 | result: final-key@0x55593e34d080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e34d080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d578 | result: final-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e34d080 | prf+N PRF sha final-key@0x55593e3d4130 (size 20) | prf+N: key-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3d5be0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a0f7d608 | result: result-key@0x55593e34d080 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3d5be0 | prfplus: release old_t[N]-key@0x55593e3ce5b0 | prf+N PRF sha init key-key@0x7f849000a0e0 (size 20) | prf+N: key-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d588 | result: clone-key@0x55593e3ce5b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8488002fa0 from key-key@0x55593e3ce5b0 | prf+N prf: begin sha with context 0x7f8488002fa0 from key-key@0x55593e3ce5b0 | prf+N: release clone-key@0x55593e3ce5b0 | prf+N PRF sha crypt-prf@0x7f84880030d8 | prf+N PRF sha update old_t-key@0x55593e3d4130 (size 20) | prf+N: old_t-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3d4130 | nss hmac digest hack: symkey-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: f5 14 28 e0 d1 cc 24 bd 00 e2 c2 ff aa e9 3d d5 1d 0e ff d7 15 2e 55 e1 a6 fc cd e8 cc 19 98 bd | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8488003a78 | unwrapped: dc 1a 83 6e 28 9f 63 86 ed 6c 77 e7 aa 7b bc 47 | unwrapped: 17 75 93 49 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3d7a20 (size 80) | prf+N: seed-key@0x55593e3d7a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3d7a20 | nss hmac digest hack: symkey-key@0x55593e3d7a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 5e d0 4e 4c de 09 7a b1 92 8e 3a ea a0 ca cb b6 6f be 66 2c be d3 a9 96 c8 83 ed 65 16 49 0e 74 c4 53 76 7a 3b 02 b0 6c 65 15 3f ff 5b fa a3 f6 9a 80 aa ec e1 1b 6b b9 d6 fd c2 ce eb c3 37 96 ed d2 29 09 52 4b d4 c1 b1 18 1a d6 52 6a a7 4c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8488005338 | unwrapped: 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | unwrapped: dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | unwrapped: 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | unwrapped: 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | unwrapped: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a0f7d590 | result: final-key@0x55593e3d5be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d578 | result: final-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3d5be0 | prf+N PRF sha final-key@0x55593e3ce5b0 (size 20) | prf+N: key-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e34d080 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a0f7d608 | result: result-key@0x55593e3d5be0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e34d080 | prfplus: release old_t[N]-key@0x55593e3d4130 | prf+N PRF sha init key-key@0x7f849000a0e0 (size 20) | prf+N: key-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d588 | result: clone-key@0x55593e3d4130 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8488005510 from key-key@0x55593e3d4130 | prf+N prf: begin sha with context 0x7f8488005510 from key-key@0x55593e3d4130 | prf+N: release clone-key@0x55593e3d4130 | prf+N PRF sha crypt-prf@0x7f8488002f78 | prf+N PRF sha update old_t-key@0x55593e3ce5b0 (size 20) | prf+N: old_t-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3ce5b0 | nss hmac digest hack: symkey-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 87 55 61 49 aa b4 be 6c a4 0c a2 e7 f3 02 3c 69 b6 83 c2 48 91 c4 49 d8 96 31 bf 1b 05 0f 9a 5a | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8488002f28 | unwrapped: de 5f 19 ff b6 39 0b 05 fd 88 0b a9 d8 d7 3b 7e | unwrapped: 26 ea 3d b0 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3d7a20 (size 80) | prf+N: seed-key@0x55593e3d7a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3d7a20 | nss hmac digest hack: symkey-key@0x55593e3d7a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 5e d0 4e 4c de 09 7a b1 92 8e 3a ea a0 ca cb b6 6f be 66 2c be d3 a9 96 c8 83 ed 65 16 49 0e 74 c4 53 76 7a 3b 02 b0 6c 65 15 3f ff 5b fa a3 f6 9a 80 aa ec e1 1b 6b b9 d6 fd c2 ce eb c3 37 96 ed d2 29 09 52 4b d4 c1 b1 18 1a d6 52 6a a7 4c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f84880052b8 | unwrapped: 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | unwrapped: dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | unwrapped: 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | unwrapped: 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | unwrapped: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a0f7d590 | result: final-key@0x55593e34d080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e34d080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d578 | result: final-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e34d080 | prf+N PRF sha final-key@0x55593e3d4130 (size 20) | prf+N: key-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3d5be0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a0f7d608 | result: result-key@0x55593e34d080 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3d5be0 | prfplus: release old_t[N]-key@0x55593e3ce5b0 | prf+N PRF sha init key-key@0x7f849000a0e0 (size 20) | prf+N: key-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d588 | result: clone-key@0x55593e3ce5b0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8488002fa0 from key-key@0x55593e3ce5b0 | prf+N prf: begin sha with context 0x7f8488002fa0 from key-key@0x55593e3ce5b0 | prf+N: release clone-key@0x55593e3ce5b0 | prf+N PRF sha crypt-prf@0x7f84880030d8 | prf+N PRF sha update old_t-key@0x55593e3d4130 (size 20) | prf+N: old_t-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3d4130 | nss hmac digest hack: symkey-key@0x55593e3d4130 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 10 21 ed 29 fe f1 34 47 94 ec b4 7b d6 69 44 be 24 16 49 b1 ab ea fc 5d 62 7e 2a 0f 88 78 59 83 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8488003a78 | unwrapped: 17 e9 31 69 1b b9 66 69 24 c0 56 42 1f 5f 92 60 | unwrapped: 1a 4d 01 c2 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3d7a20 (size 80) | prf+N: seed-key@0x55593e3d7a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3d7a20 | nss hmac digest hack: symkey-key@0x55593e3d7a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 5e d0 4e 4c de 09 7a b1 92 8e 3a ea a0 ca cb b6 6f be 66 2c be d3 a9 96 c8 83 ed 65 16 49 0e 74 c4 53 76 7a 3b 02 b0 6c 65 15 3f ff 5b fa a3 f6 9a 80 aa ec e1 1b 6b b9 d6 fd c2 ce eb c3 37 96 ed d2 29 09 52 4b d4 c1 b1 18 1a d6 52 6a a7 4c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f84880064e8 | unwrapped: 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | unwrapped: dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | unwrapped: 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | unwrapped: 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | unwrapped: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a0f7d590 | result: final-key@0x55593e3d5be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d578 | result: final-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3d5be0 | prf+N PRF sha final-key@0x55593e3ce5b0 (size 20) | prf+N: key-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e34d080 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a0f7d608 | result: result-key@0x55593e3d5be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e34d080 | prfplus: release old_t[N]-key@0x55593e3d4130 | prfplus: release old_t[final]-key@0x55593e3ce5b0 | ike_sa_keymat: release data-key@0x55593e3d7a20 | calc_skeyseed_v2: release skeyseed_k-key@0x7f849000a0e0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d7a8 | result: result-key@0x7f849000a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d7a8 | result: result-key@0x55593e3d7a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d7a8 | result: result-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55593e3d5be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d7b8 | result: SK_ei_k-key@0x55593e3d4130 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55593e3d5be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d7b8 | result: SK_er_k-key@0x55593e34d080 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d7b8 | result: result-key@0x55593e3d7640 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x55593e3d7640 | chunk_SK_pi: symkey-key@0x55593e3d7640 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 5d 88 e7 88 3e 95 6c ed 71 e9 51 94 91 ba 69 85 8b 2e af 7e 64 6c 81 26 47 01 b2 02 78 4a 91 f8 | chunk_SK_pi: release slot-key-key@0x55593e3d0e50 | chunk_SK_pi extracted len 32 bytes at 0x7f8488002f78 | unwrapped: d8 d7 3b 7e 26 ea 3d b0 17 e9 31 69 1b b9 66 69 | unwrapped: 24 c0 56 42 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a0f7d7b8 | result: result-key@0x55593e3f0990 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x55593e3f0990 | chunk_SK_pr: symkey-key@0x55593e3f0990 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 99 2a c4 22 76 7d 66 2c 52 84 b6 e1 01 37 14 66 72 ca a6 df c2 6f 16 9d 4e 25 42 03 cb 3e 56 ea | chunk_SK_pr: release slot-key-key@0x55593e3d0e50 | chunk_SK_pr extracted len 32 bytes at 0x7f8488003a78 | unwrapped: 1f 5f 92 60 1a 4d 01 c2 1a 12 4c 9b d6 4c 50 36 | unwrapped: d3 8f 2a 21 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x55593e3d5be0 | calc_skeyseed_v2 pointers: shared-key@0x7f849000d840, SK_d-key@0x7f849000a0e0, SK_ai-key@0x55593e3d7a20, SK_ar-key@0x55593e3ce5b0, SK_ei-key@0x55593e3d4130, SK_er-key@0x55593e34d080, SK_pi-key@0x55593e3d7640, SK_pr-key@0x55593e3f0990 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | d8 d7 3b 7e 26 ea 3d b0 17 e9 31 69 1b b9 66 69 | 24 c0 56 42 | calc_skeyseed_v2 SK_pr | 1f 5f 92 60 1a 4d 01 c2 1a 12 4c 9b d6 4c 50 36 | d3 8f 2a 21 | crypto helper 4 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 4 time elapsed 0.002239 seconds | (#5) spent 2.18 milliseconds in crypto helper computing work-order 4: ikev2_inI2outR2 KE (pcr) | crypto helper 4 sending results from work-order 4 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f8488005088 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #5 | start processing: state #5 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 4 | calling continuation function 0x55593d342b50 | ikev2_parent_inI2outR2_continue for #5: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f8494003a28: transferring ownership from helper IKEv2 DH to state #5 | finish_dh_v2: release st_shared_nss-key@NULL | #5 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x55593e3d7a20 (size 20) | hmac: symkey-key@0x55593e3d7a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d7a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3618 | result: clone-key@0x55593e3d5be0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8494002b50 from symkey-key@0x55593e3d5be0 | hmac prf: begin sha with context 0x7f8494002b50 from symkey-key@0x55593e3d5be0 | hmac: release clone-key@0x55593e3d5be0 | hmac PRF sha crypt-prf@0x55593e3ef028 | hmac PRF sha update data-bytes@0x7f8490000b48 (length 208) | 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | e6 bc 78 f9 0d a1 86 de 13 cd ad f5 43 27 68 88 | 77 ec 56 5c 7c 60 c6 35 24 09 9d 2c 8a 73 96 88 | 91 05 00 a2 f5 44 18 51 a8 ea d4 98 9f 2d 9a ee | 64 eb e7 22 91 4c 6c 58 02 59 dd 71 bf 79 f4 87 | 2f ae 3a 00 a9 41 59 d3 b7 dc 37 12 6c 02 8a 0e | 92 2e 5e 72 ca b1 e3 52 ea 88 e7 d5 72 54 91 60 | b9 62 96 18 bf 45 61 61 c3 a7 77 65 50 5f c2 b9 | c0 4a 91 d0 80 61 f4 9a d7 eb af 86 77 ab 44 43 | f1 f1 41 bd 59 14 87 7e e5 df 53 c3 a1 c0 6c 51 | d6 a9 e5 d8 ff f3 68 b5 f1 1b 99 9f fd f8 09 3c | bf 04 ec e5 98 60 a9 87 1b 2f b8 4a de 9f 67 66 | hmac PRF sha final-bytes@0x7ffe993d37e0 (length 20) | 26 56 e3 51 a2 61 c3 72 91 58 98 43 bd 96 10 8a | b7 99 fa db | data for hmac: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data for hmac: e6 bc 78 f9 0d a1 86 de 13 cd ad f5 43 27 68 88 | data for hmac: 77 ec 56 5c 7c 60 c6 35 24 09 9d 2c 8a 73 96 88 | data for hmac: 91 05 00 a2 f5 44 18 51 a8 ea d4 98 9f 2d 9a ee | data for hmac: 64 eb e7 22 91 4c 6c 58 02 59 dd 71 bf 79 f4 87 | data for hmac: 2f ae 3a 00 a9 41 59 d3 b7 dc 37 12 6c 02 8a 0e | data for hmac: 92 2e 5e 72 ca b1 e3 52 ea 88 e7 d5 72 54 91 60 | data for hmac: b9 62 96 18 bf 45 61 61 c3 a7 77 65 50 5f c2 b9 | data for hmac: c0 4a 91 d0 80 61 f4 9a d7 eb af 86 77 ab 44 43 | data for hmac: f1 f1 41 bd 59 14 87 7e e5 df 53 c3 a1 c0 6c 51 | data for hmac: d6 a9 e5 d8 ff f3 68 b5 f1 1b 99 9f fd f8 09 3c | data for hmac: bf 04 ec e5 98 60 a9 87 1b 2f b8 4a de 9f 67 66 | calculated auth: 26 56 e3 51 a2 61 c3 72 91 58 98 43 | provided auth: 26 56 e3 51 a2 61 c3 72 91 58 98 43 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | e6 bc 78 f9 0d a1 86 de 13 cd ad f5 43 27 68 88 | payload before decryption: | 77 ec 56 5c 7c 60 c6 35 24 09 9d 2c 8a 73 96 88 | 91 05 00 a2 f5 44 18 51 a8 ea d4 98 9f 2d 9a ee | 64 eb e7 22 91 4c 6c 58 02 59 dd 71 bf 79 f4 87 | 2f ae 3a 00 a9 41 59 d3 b7 dc 37 12 6c 02 8a 0e | 92 2e 5e 72 ca b1 e3 52 ea 88 e7 d5 72 54 91 60 | b9 62 96 18 bf 45 61 61 c3 a7 77 65 50 5f c2 b9 | c0 4a 91 d0 80 61 f4 9a d7 eb af 86 77 ab 44 43 | f1 f1 41 bd 59 14 87 7e e5 df 53 c3 a1 c0 6c 51 | d6 a9 e5 d8 ff f3 68 b5 f1 1b 99 9f fd f8 09 3c | bf 04 ec e5 98 60 a9 87 1b 2f b8 4a de 9f 67 66 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 16 9d d8 b6 1e 91 be 1d 84 33 b9 6c 19 6c 4c fd | 88 8a 1d 77 2c 00 00 2c 00 00 00 28 01 03 04 03 | ba 42 f3 35 03 00 00 0c 01 00 00 0c 80 0e 00 00 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | stripping 16 octets as pad | #5 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #5: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #5 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #5: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x55593e3d7640 (size 20) | hmac: symkey-key@0x55593e3d7640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d7640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3098 | result: clone-key@0x55593e3d5be0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8494002b50 from symkey-key@0x55593e3d5be0 | hmac prf: begin sha with context 0x7f8494002b50 from symkey-key@0x55593e3d5be0 | hmac: release clone-key@0x55593e3d5be0 | hmac PRF sha crypt-prf@0x55593e3f0ad8 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x7f8490000b7c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffe993d3240 (length 20) | 96 fb 30 44 47 60 91 0e 93 d7 e7 1f 4b ec cc 97 | fd 21 9c 82 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | inputs to hash1 (first packet) | 33 f0 f4 e3 3a 9f 15 4f 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 48 dd 31 6b 4c b1 49 55 93 b4 5b 2c | f4 36 d5 06 ad 4a 23 54 71 b3 bb bc 54 38 f7 23 | 6a 77 05 35 3f 95 a7 7a 1b cf ee 0a 33 17 b1 cb | c9 a6 59 c5 bb 6e 39 bd 12 91 54 83 ec aa 76 59 | d8 f7 e5 9c 52 8f 33 bf 65 99 e1 5c b4 2c 9f 82 | 72 33 e1 d2 ff 52 fa e6 58 dd e5 ce da 30 8a 6c | fb 3a f1 3d 74 ad 0d 3c f3 33 46 6b 93 d7 d8 3d | 85 8a bd 86 2e 39 00 5a 16 d2 6e 2d e1 d8 73 fa | b3 c8 e3 3a 88 c8 65 25 79 80 90 12 28 38 72 b2 | c6 f8 62 43 11 75 65 b5 20 14 53 b1 38 c0 16 6a | 44 92 01 fb 9e 19 91 e7 87 62 2f 19 b1 4c 37 88 | bc 4c 91 26 56 e0 1a ab 8b 37 76 8a 00 26 9d b4 | 10 49 5e a6 81 57 e9 27 d5 45 e0 d9 a1 b1 16 c6 | 5f aa c0 c9 fc af b8 72 84 a2 49 3c a4 f0 34 e2 | f1 3a 2c 5d 30 ae b9 40 a6 4e 71 ca 1b a8 ab c4 | 75 49 79 57 78 60 eb f9 ea 85 7b 7e ed 76 f2 09 | d5 4e 9d 10 29 00 00 24 90 cc 73 ea 3a 23 bc ca | eb 1e 13 3e 6c e0 86 7f dc c9 f9 61 96 b1 83 ad | bc 7c 55 38 a6 0f dd 51 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 89 55 4e e0 41 f1 c5 9a | 62 fc 07 bb 85 93 86 74 c7 ff 1c cd 00 00 00 1c | 00 00 40 05 2a 4c 31 5f 30 eb b1 a2 23 70 68 ab | d5 c8 28 a2 35 a3 69 01 | verify: initiator inputs to hash2 (responder nonce) | 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | idhash 96 fb 30 44 47 60 91 0e 93 d7 e7 1f 4b ec cc 97 | idhash fd 21 9c 82 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55593e3d0da8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2e90 | result: shared secret-key@0x55593e3e8620 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55593e3e8620 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2e78 | result: shared secret-key@0x55593e3d5be0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f8494002b50 from shared secret-key@0x55593e3d5be0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f8494002b50 from shared secret-key@0x55593e3d5be0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x55593e3d5be0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55593e3ef028 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55593d3d54d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2eb0 | result: final-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2e98 | result: final-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x55593e3d5be0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x55593e3d5be0 (size 20) | = prf(, ): -key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2ea8 | result: clone-key@0x55593e3e8620 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f8494002b50 from -key@0x55593e3e8620 | = prf(, ) prf: begin sha with context 0x7f8494002b50 from -key@0x55593e3e8620 | = prf(, ): release clone-key@0x55593e3e8620 | = prf(, ) PRF sha crypt-prf@0x55593e3f0ad8 | = prf(, ) PRF sha update first-packet-bytes@0x55593e3eeb18 (length 440) | 33 f0 f4 e3 3a 9f 15 4f 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 48 dd 31 6b 4c b1 49 55 93 b4 5b 2c | f4 36 d5 06 ad 4a 23 54 71 b3 bb bc 54 38 f7 23 | 6a 77 05 35 3f 95 a7 7a 1b cf ee 0a 33 17 b1 cb | c9 a6 59 c5 bb 6e 39 bd 12 91 54 83 ec aa 76 59 | d8 f7 e5 9c 52 8f 33 bf 65 99 e1 5c b4 2c 9f 82 | 72 33 e1 d2 ff 52 fa e6 58 dd e5 ce da 30 8a 6c | fb 3a f1 3d 74 ad 0d 3c f3 33 46 6b 93 d7 d8 3d | 85 8a bd 86 2e 39 00 5a 16 d2 6e 2d e1 d8 73 fa | b3 c8 e3 3a 88 c8 65 25 79 80 90 12 28 38 72 b2 | c6 f8 62 43 11 75 65 b5 20 14 53 b1 38 c0 16 6a | 44 92 01 fb 9e 19 91 e7 87 62 2f 19 b1 4c 37 88 | bc 4c 91 26 56 e0 1a ab 8b 37 76 8a 00 26 9d b4 | 10 49 5e a6 81 57 e9 27 d5 45 e0 d9 a1 b1 16 c6 | 5f aa c0 c9 fc af b8 72 84 a2 49 3c a4 f0 34 e2 | f1 3a 2c 5d 30 ae b9 40 a6 4e 71 ca 1b a8 ab c4 | 75 49 79 57 78 60 eb f9 ea 85 7b 7e ed 76 f2 09 | d5 4e 9d 10 29 00 00 24 90 cc 73 ea 3a 23 bc ca | eb 1e 13 3e 6c e0 86 7f dc c9 f9 61 96 b1 83 ad | bc 7c 55 38 a6 0f dd 51 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 89 55 4e e0 41 f1 c5 9a | 62 fc 07 bb 85 93 86 74 c7 ff 1c cd 00 00 00 1c | 00 00 40 05 2a 4c 31 5f 30 eb b1 a2 23 70 68 ab | d5 c8 28 a2 35 a3 69 01 | = prf(, ) PRF sha update nonce-bytes@0x7f8494001278 (length 32) | 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | = prf(, ) PRF sha update hash-bytes@0x7ffe993d3240 (length 20) | 96 fb 30 44 47 60 91 0e 93 d7 e7 1f 4b ec cc 97 | fd 21 9c 82 | = prf(, ) PRF sha final-chunk@0x55593e3f2218 (length 20) | 16 9d d8 b6 1e 91 be 1d 84 33 b9 6c 19 6c 4c fd | 88 8a 1d 77 | psk_auth: release prf-psk-key@0x55593e3d5be0 | Received PSK auth octets | 16 9d d8 b6 1e 91 be 1d 84 33 b9 6c 19 6c 4c fd | 88 8a 1d 77 | Calculated PSK auth octets | 16 9d d8 b6 1e 91 be 1d 84 33 b9 6c 19 6c 4c fd | 88 8a 1d 77 "east" #5: Authenticated using authby=secret | parent state #5: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #5 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f8494002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55593e3eb9c8 | event_schedule: new EVENT_SA_REKEY-pe@0x55593e3eb9c8 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #5 | libevent_malloc: new ptr-libevent@0x55593e3eee28 size 128 | pstats #5 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 33 f0 f4 e3 3a 9f 15 4f | responder cookie: | 26 2f 74 3b 36 e8 b1 a8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x55593e3f0990 (size 20) | hmac: symkey-key@0x55593e3f0990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f0990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2a18 | result: clone-key@0x55593e3d5be0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8494002b50 from symkey-key@0x55593e3d5be0 | hmac prf: begin sha with context 0x7f8494002b50 from symkey-key@0x55593e3d5be0 | hmac: release clone-key@0x55593e3d5be0 | hmac PRF sha crypt-prf@0x55593e3f0ad8 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x55593d4408f4 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffe993d2d10 (length 20) | a5 af d0 78 fa d4 88 07 d8 9d 79 76 8d 4a 1e 44 | 23 d7 8e c0 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | inputs to hash1 (first packet) | 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 f7 d2 f4 06 3b f9 f2 71 a9 a5 eb 08 | 9e c0 42 43 9a fe db 61 15 75 e4 72 6a 85 17 1c | 94 4b e3 f8 4e 85 e1 11 5b 5c 36 d6 e2 4b 16 a1 | e1 9e 7e 8c 31 f3 a9 bb 15 4b ac 6e 96 45 6e 5f | bb 20 12 82 9e 6b 5e f3 81 39 4c b9 1d 9d a5 80 | 35 de 54 41 60 83 17 bc 30 03 9e fa 4f bd 1c c9 | 50 6b 9d 20 ec 59 1a cf 19 25 29 de 3a ba 7f 4f | 85 9c 9a 80 49 23 70 3c 33 1a 0d 5a 02 ba 9f 1d | c5 9e 36 ae 24 8b 5e b4 f5 c7 48 3c 63 90 de c9 | 3a 29 f9 58 21 f3 6b 7c b1 a9 fb 63 b1 81 ef bf | 17 ea 6f 45 f3 ea bc 43 c2 af c8 85 e2 a7 0f 1e | dd 16 d9 e2 33 f2 cc 25 78 cc 64 fd 5b 88 54 1f | 60 e9 6c 19 17 1d 41 c2 27 42 c3 f7 b3 67 46 1e | 7d 66 6e 61 14 9e 5b 71 9f 44 95 69 ea 0b 80 cf | 22 74 df 29 c2 3c cc 77 60 28 92 6e 0a ba 3d 6a | 30 f1 4b 6c e1 80 ce c4 50 6c a3 5a 56 26 52 a3 | 92 00 f7 58 29 00 00 24 09 a6 b4 60 eb d3 b2 3a | e4 4c e0 68 3a d6 a8 df 7c 1d 61 0c d9 6c 2c d6 | de 6b 57 27 2b 8c 03 cd 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 81 8b 5b 41 80 a4 8a 1d | 07 2a 6e 91 43 86 b1 47 65 1d 77 fa 00 00 00 1c | 00 00 40 05 83 06 94 67 52 f4 80 5f c3 42 98 99 | 79 da ef 87 ec 62 58 09 | create: responder inputs to hash2 (initiator nonce) | 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | idhash a5 af d0 78 fa d4 88 07 d8 9d 79 76 8d 4a 1e 44 | idhash 23 d7 8e c0 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55593e3d0da8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2800 | result: shared secret-key@0x55593e3e8620 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55593e3e8620 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27e8 | result: shared secret-key@0x55593e3d5be0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f8494002b50 from shared secret-key@0x55593e3d5be0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f8494002b50 from shared secret-key@0x55593e3d5be0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x55593e3d5be0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55593e3f2218 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55593d3d54d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2820 | result: final-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2808 | result: final-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x55593e3d5be0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x55593e3d5be0 (size 20) | = prf(, ): -key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2818 | result: clone-key@0x55593e3e8620 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f8494002b50 from -key@0x55593e3e8620 | = prf(, ) prf: begin sha with context 0x7f8494002b50 from -key@0x55593e3e8620 | = prf(, ): release clone-key@0x55593e3e8620 | = prf(, ) PRF sha crypt-prf@0x55593e3f0ad8 | = prf(, ) PRF sha update first-packet-bytes@0x55593e3ea1e8 (length 440) | 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 f7 d2 f4 06 3b f9 f2 71 a9 a5 eb 08 | 9e c0 42 43 9a fe db 61 15 75 e4 72 6a 85 17 1c | 94 4b e3 f8 4e 85 e1 11 5b 5c 36 d6 e2 4b 16 a1 | e1 9e 7e 8c 31 f3 a9 bb 15 4b ac 6e 96 45 6e 5f | bb 20 12 82 9e 6b 5e f3 81 39 4c b9 1d 9d a5 80 | 35 de 54 41 60 83 17 bc 30 03 9e fa 4f bd 1c c9 | 50 6b 9d 20 ec 59 1a cf 19 25 29 de 3a ba 7f 4f | 85 9c 9a 80 49 23 70 3c 33 1a 0d 5a 02 ba 9f 1d | c5 9e 36 ae 24 8b 5e b4 f5 c7 48 3c 63 90 de c9 | 3a 29 f9 58 21 f3 6b 7c b1 a9 fb 63 b1 81 ef bf | 17 ea 6f 45 f3 ea bc 43 c2 af c8 85 e2 a7 0f 1e | dd 16 d9 e2 33 f2 cc 25 78 cc 64 fd 5b 88 54 1f | 60 e9 6c 19 17 1d 41 c2 27 42 c3 f7 b3 67 46 1e | 7d 66 6e 61 14 9e 5b 71 9f 44 95 69 ea 0b 80 cf | 22 74 df 29 c2 3c cc 77 60 28 92 6e 0a ba 3d 6a | 30 f1 4b 6c e1 80 ce c4 50 6c a3 5a 56 26 52 a3 | 92 00 f7 58 29 00 00 24 09 a6 b4 60 eb d3 b2 3a | e4 4c e0 68 3a d6 a8 df 7c 1d 61 0c d9 6c 2c d6 | de 6b 57 27 2b 8c 03 cd 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 81 8b 5b 41 80 a4 8a 1d | 07 2a 6e 91 43 86 b1 47 65 1d 77 fa 00 00 00 1c | 00 00 40 05 83 06 94 67 52 f4 80 5f c3 42 98 99 | 79 da ef 87 ec 62 58 09 | = prf(, ) PRF sha update nonce-bytes@0x55593e3eef28 (length 32) | 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | = prf(, ) PRF sha update hash-bytes@0x7ffe993d2d10 (length 20) | a5 af d0 78 fa d4 88 07 d8 9d 79 76 8d 4a 1e 44 | 23 d7 8e c0 | = prf(, ) PRF sha final-chunk@0x55593e3ef028 (length 20) | c3 b6 43 a3 0b 7a fb 88 ef f7 38 ad 77 a7 21 6a | d3 4f 27 8c | psk_auth: release prf-psk-key@0x55593e3d5be0 | PSK auth octets c3 b6 43 a3 0b 7a fb 88 ef f7 38 ad 77 a7 21 6a | PSK auth octets d3 4f 27 8c | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth c3 b6 43 a3 0b 7a fb 88 ef f7 38 ad 77 a7 21 6a | PSK auth d3 4f 27 8c | emitting length of IKEv2 Authentication Payload: 28 | creating state object #6 at 0x55593e3ef0f8 | State DB: adding IKEv2 state #6 in UNDEFINED | pstats #6 ikev2.child started | duplicating state object #5 "east" as #6 for IPSEC SA | #6 setting local endpoint to 192.1.2.23:500 from #5.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f849000a0e0 | duplicate_state: reference st_skey_ai_nss-key@0x55593e3d7a20 | duplicate_state: reference st_skey_ar_nss-key@0x55593e3ce5b0 | duplicate_state: reference st_skey_ei_nss-key@0x55593e3d4130 | duplicate_state: reference st_skey_er_nss-key@0x55593e34d080 | duplicate_state: reference st_skey_pi_nss-key@0x55593e3d7640 | duplicate_state: reference st_skey_pr_nss-key@0x55593e3f0990 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #5.#6; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #5 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #5.#6 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI ba 42 f3 35 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: INTEG+ESN; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #5: no local proposal matches remote proposals 1:ESP:ENCR=AES_CBC;INTEG=HMAC_SHA1_96;ESN=DISABLED "east" #5: IKE_AUTH responder matching remote ESP/AH proposals failed, responder SA processing returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | ikev2_child_sa_respond returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | ikev2_parent_inI2outR2_continue_tail returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | #5 spent 1.39 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #5 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #6 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #6 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | sending a notification reply "east" #6: responding to IKE_AUTH message (ID 1) from 192.1.2.45:500 with encrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS encrypted notification | **emit ISAKMP Message: | initiator cookie: | 33 f0 f4 e3 3a 9f 15 4f | responder cookie: | 26 2f 74 3b 36 e8 b1 a8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'encrypted notification' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Adding a v2N Payload | ****emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'encrypted notification' | emitting length of IKEv2 Notify Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 93 cd cb 4d 75 a4 a0 bc 6f 8c db 56 69 61 ab 9c | data before encryption: | 00 00 00 08 00 00 00 0e 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 15 c4 22 f7 69 f6 3a 16 45 f6 80 1e d3 83 1f 5f | hmac PRF sha init symkey-key@0x55593e3ce5b0 (size 20) | hmac: symkey-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2af8 | result: clone-key@0x55593e3d5be0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8494002b50 from symkey-key@0x55593e3d5be0 | hmac prf: begin sha with context 0x7f8494002b50 from symkey-key@0x55593e3d5be0 | hmac: release clone-key@0x55593e3d5be0 | hmac PRF sha crypt-prf@0x55593e3f0b28 | hmac PRF sha update data-bytes@0x7ffe993d2f20 (length 64) | 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 93 cd cb 4d 75 a4 a0 bc 6f 8c db 56 69 61 ab 9c | 15 c4 22 f7 69 f6 3a 16 45 f6 80 1e d3 83 1f 5f | hmac PRF sha final-bytes@0x7ffe993d2f60 (length 20) | 0b da cd 9f d4 4e 44 88 2c 75 55 41 ab 1d e3 1d | 25 22 91 4f | data being hmac: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | data being hmac: 93 cd cb 4d 75 a4 a0 bc 6f 8c db 56 69 61 ab 9c | data being hmac: 15 c4 22 f7 69 f6 3a 16 45 f6 80 1e d3 83 1f 5f | out calculated auth: | 0b da cd 9f d4 4e 44 88 2c 75 55 41 | sending 76 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #5) | 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 93 cd cb 4d 75 a4 a0 bc 6f 8c db 56 69 61 ab 9c | 15 c4 22 f7 69 f6 3a 16 45 f6 80 1e d3 83 1f 5f | 0b da cd 9f d4 4e 44 88 2c 75 55 41 | forcing #6 to a discard event | event_schedule: new EVENT_SO_DISCARD-pe@0x7f8494002b78 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #6 | libevent_malloc: new ptr-libevent@0x55593e3ee828 size 128 | state transition function for STATE_UNDEFINED failed: v2N_NO_PROPOSAL_CHOSEN | resume sending helper answer for #5 suppresed complete_v2_state_transition() | #5 spent 1.88 milliseconds in resume sending helper answer | stop processing: state #6 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f8488005088 | spent 0.00284 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 444 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | ae 1b cd 2e da cd 37 42 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 6e 13 10 d9 0b db 0e 76 | ce 8e 8d a9 16 aa 4c 6a 48 18 61 df bf 08 3e 11 | a4 2e 59 51 2b 85 27 50 7d 12 90 df e5 7b 67 52 | a5 04 51 81 e5 66 66 0f 8a 2d 15 16 e7 34 5f ae | ba 86 4e 83 19 a2 19 21 a6 70 ad fd 3f d5 91 3f | b9 fa fe b8 49 f1 63 79 69 e3 70 80 78 5a ab 01 | 1d 42 12 a9 77 f4 63 0a d8 db 9b d8 cc fe 86 98 | 9b 70 32 37 12 2b 37 9b 8d 22 92 43 66 95 f6 79 | 09 ce 3c 40 0e 39 9d 19 1b 3a 8f dd 19 c6 8b df | 2c cf b7 cd d0 d6 14 1d eb 61 7f de 98 03 93 1d | 93 70 88 e2 78 32 9b 52 9a ec 06 9f 35 d5 7c 77 | c1 e1 a4 ae f3 47 14 e6 5b 2d 92 51 87 90 b5 0f | 6a 8b 1f 60 1c 97 df c9 45 0d 89 1e 42 33 8b 9a | 77 6d ab 11 cc 7a 4d c5 c1 7b 17 48 8f 47 1e 5e | d0 43 d7 5d cc e5 e6 40 10 d9 83 20 8f a3 fd da | f9 b4 37 be 27 fe 4d 0b 5a b8 d8 b5 6e bd 8e 3b | 45 7e 61 de 4e 89 b7 c8 29 00 00 24 4b 26 a9 4a | 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 72 e1 6b 24 | a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 b6 bc dc 59 | 83 46 94 b7 a5 43 e5 3e a8 95 e4 6a fa 8d 62 26 | 00 00 00 1c 00 00 40 05 43 cd 90 4f 0f 61 2b 13 | 69 87 35 b5 64 66 76 ef c1 59 31 00 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ae 1b cd 2e da cd 37 42 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 444 (0x1bc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 52 (0x34) | processing payload: ISAKMP_NEXT_v2SA (len=48) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x55593e3ea5d8 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x55593d434700 (length 32) | c4 5b 99 07 46 d6 b8 54 7e b5 91 29 51 b8 2a 78 | a9 67 8c 5b f0 7f 01 45 df c1 c8 27 69 7e 9f f4 | IKE SPIr hash sha2_256 digest counter-bytes@0x55593d4346e0 (length 4) | 05 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7ffe993d3d80 (length 32) | 2a c7 2c 58 e6 75 73 b1 c7 aa f3 bd a3 1c f9 91 | 33 cb 54 d6 7f 50 04 d6 bf 53 ef 3b 42 cf 70 af | creating state object #7 at 0x55593e3ed858 | State DB: adding IKEv2 state #7 in UNDEFINED | pstats #7 ikev2.ike started | Message ID: init #7: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #7: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #7; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #7 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #7 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #7 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #7 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #7 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #7 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #7 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 48 (0x30) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 16 (0x10) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #7: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 6e 13 10 d9 0b db 0e 76 ce 8e 8d a9 16 aa 4c 6a | 48 18 61 df bf 08 3e 11 a4 2e 59 51 2b 85 27 50 | 7d 12 90 df e5 7b 67 52 a5 04 51 81 e5 66 66 0f | 8a 2d 15 16 e7 34 5f ae ba 86 4e 83 19 a2 19 21 | a6 70 ad fd 3f d5 91 3f b9 fa fe b8 49 f1 63 79 | 69 e3 70 80 78 5a ab 01 1d 42 12 a9 77 f4 63 0a | d8 db 9b d8 cc fe 86 98 9b 70 32 37 12 2b 37 9b | 8d 22 92 43 66 95 f6 79 09 ce 3c 40 0e 39 9d 19 | 1b 3a 8f dd 19 c6 8b df 2c cf b7 cd d0 d6 14 1d | eb 61 7f de 98 03 93 1d 93 70 88 e2 78 32 9b 52 | 9a ec 06 9f 35 d5 7c 77 c1 e1 a4 ae f3 47 14 e6 | 5b 2d 92 51 87 90 b5 0f 6a 8b 1f 60 1c 97 df c9 | 45 0d 89 1e 42 33 8b 9a 77 6d ab 11 cc 7a 4d c5 | c1 7b 17 48 8f 47 1e 5e d0 43 d7 5d cc e5 e6 40 | 10 d9 83 20 8f a3 fd da f9 b4 37 be 27 fe 4d 0b | 5a b8 d8 b5 6e bd 8e 3b 45 7e 61 de 4e 89 b7 c8 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3780 (length 8) | ae 1b cd 2e da cd 37 42 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3788 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe993d3714 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe993d3706 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3790 (length 20) | 43 cd 90 4f 0f 61 2b 13 69 87 35 b5 64 66 76 ef | c1 59 31 00 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= ae 1b cd 2e da cd 37 42 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 43 cd 90 4f 0f 61 2b 13 69 87 35 b5 64 66 76 ef | natd_hash: hash= c1 59 31 00 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3780 (length 8) | ae 1b cd 2e da cd 37 42 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3788 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe993d3714 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe993d3706 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d37b0 (length 20) | b6 bc dc 59 83 46 94 b7 a5 43 e5 3e a8 95 e4 6a | fa 8d 62 26 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= ae 1b cd 2e da cd 37 42 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= b6 bc dc 59 83 46 94 b7 a5 43 e5 3e a8 95 e4 6a | natd_hash: hash= fa 8d 62 26 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 5 for state #7 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f8498002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f8488005088 size 128 | #7 spent 0.298 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #7 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #7 and saving MD | #7 is busy; has a suspended MD | crypto helper 5 resuming | crypto helper 5 starting work-order 5 for state #7 | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | crypto helper 5 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 5 | "east" #7 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 0.693 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f848c003a28: created | NSS: Local DH MODP2048 secret (pointer): 0x7f848c003a28 | NSS: Public DH wire value: | 71 87 60 59 b3 25 92 fa 3b f4 8b 5f 1a 17 0f 4d | 7d 66 37 9f 62 c8 11 92 3d 76 d5 ba 1c b3 8e 0a | 69 0c 33 96 e3 be d9 33 1a ba f0 50 1c 69 e3 89 | 13 93 3b b7 56 a1 38 d0 66 3a c6 34 0c bc 16 a6 | 84 9c 15 5b 7c 67 78 72 b0 d2 12 6e 69 57 57 83 | ad 5e 79 f9 af 84 3d 95 5a 51 24 24 a7 73 2c 72 | bd ce 18 86 bd a5 44 88 2b 20 f4 28 c9 c5 4e b9 | e1 5d da c7 86 81 55 fa 78 d6 ac 5c 40 51 21 b1 | 82 78 e2 ff cb 55 01 41 49 1f 4b 32 c1 4e 99 15 | d6 48 35 de 58 9a ed 52 cc 4e 3e e1 8e b8 57 92 | 1f c5 80 c9 8f 05 d4 28 36 69 f7 2d 07 50 b8 b2 | 77 a7 fc 61 70 fa 1f 31 15 f0 af 44 4e 41 f9 f9 | c7 64 6a 97 95 bb be 9d 98 f3 64 c1 3c be d6 7a | 08 cb a5 5b dd 37 e4 4d 28 3f 82 4b a8 d2 52 b6 | 47 63 5e 02 b7 ee 3f 64 4b ff 18 a6 62 91 0f 09 | 0d 87 43 6e cf 69 25 ff 93 cd 07 63 e3 bc e1 8e | Generated nonce: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | Generated nonce: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | crypto helper 5 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 5 time elapsed 0.000992 seconds | (#7) spent 0.972 milliseconds in crypto helper computing work-order 5: ikev2_inI1outR1 KE (pcr) | crypto helper 5 sending results from work-order 5 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7f848c002888 size 128 | libevent_realloc: release ptr-libevent@0x55593e3cb338 | libevent_realloc: new ptr-libevent@0x7f848c0027d8 size 128 | crypto helper 5 waiting (nothing to do) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.715 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #7 | start processing: state #7 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 5 | calling continuation function 0x55593d342b50 | ikev2_parent_inI1outR1_continue for #7: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | ae 1b cd 2e da cd 37 42 | responder cookie: | 2a c7 2c 58 e6 75 73 b1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f848c003a28: transferring ownership from helper KE to state #7 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 71 87 60 59 b3 25 92 fa 3b f4 8b 5f 1a 17 0f 4d | ikev2 g^x 7d 66 37 9f 62 c8 11 92 3d 76 d5 ba 1c b3 8e 0a | ikev2 g^x 69 0c 33 96 e3 be d9 33 1a ba f0 50 1c 69 e3 89 | ikev2 g^x 13 93 3b b7 56 a1 38 d0 66 3a c6 34 0c bc 16 a6 | ikev2 g^x 84 9c 15 5b 7c 67 78 72 b0 d2 12 6e 69 57 57 83 | ikev2 g^x ad 5e 79 f9 af 84 3d 95 5a 51 24 24 a7 73 2c 72 | ikev2 g^x bd ce 18 86 bd a5 44 88 2b 20 f4 28 c9 c5 4e b9 | ikev2 g^x e1 5d da c7 86 81 55 fa 78 d6 ac 5c 40 51 21 b1 | ikev2 g^x 82 78 e2 ff cb 55 01 41 49 1f 4b 32 c1 4e 99 15 | ikev2 g^x d6 48 35 de 58 9a ed 52 cc 4e 3e e1 8e b8 57 92 | ikev2 g^x 1f c5 80 c9 8f 05 d4 28 36 69 f7 2d 07 50 b8 b2 | ikev2 g^x 77 a7 fc 61 70 fa 1f 31 15 f0 af 44 4e 41 f9 f9 | ikev2 g^x c7 64 6a 97 95 bb be 9d 98 f3 64 c1 3c be d6 7a | ikev2 g^x 08 cb a5 5b dd 37 e4 4d 28 3f 82 4b a8 d2 52 b6 | ikev2 g^x 47 63 5e 02 b7 ee 3f 64 4b ff 18 a6 62 91 0f 09 | ikev2 g^x 0d 87 43 6e cf 69 25 ff 93 cd 07 63 e3 bc e1 8e | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | IKEv2 nonce cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3cc0 (length 8) | ae 1b cd 2e da cd 37 42 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3cc8 (length 8) | 2a c7 2c 58 e6 75 73 b1 | NATD hash sha digest IP addr-bytes@0x7ffe993d3bf4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe993d3be6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3c70 (length 20) | 21 b4 b4 ba 04 f8 93 5f 42 57 32 c2 61 fe 8e 04 | c1 f5 4c ea | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= ae 1b cd 2e da cd 37 42 | natd_hash: rcookie= 2a c7 2c 58 e6 75 73 b1 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 21 b4 b4 ba 04 f8 93 5f 42 57 32 c2 61 fe 8e 04 | natd_hash: hash= c1 f5 4c ea | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 21 b4 b4 ba 04 f8 93 5f 42 57 32 c2 61 fe 8e 04 | Notify data c1 f5 4c ea | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3cc0 (length 8) | ae 1b cd 2e da cd 37 42 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3cc8 (length 8) | 2a c7 2c 58 e6 75 73 b1 | NATD hash sha digest IP addr-bytes@0x7ffe993d3bf4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe993d3be6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3c70 (length 20) | e6 df 5c 1d 21 4c 9f a3 6e f2 ab bb 20 42 85 36 | 90 25 a8 d1 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= ae 1b cd 2e da cd 37 42 | natd_hash: rcookie= 2a c7 2c 58 e6 75 73 b1 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= e6 df 5c 1d 21 4c 9f a3 6e f2 ab bb 20 42 85 36 | natd_hash: hash= 90 25 a8 d1 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data e6 df 5c 1d 21 4c 9f a3 6e f2 ab bb 20 42 85 36 | Notify data 90 25 a8 d1 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #7 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #7: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #7 to 0 after switching state | Message ID: recv #7 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #7 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #7: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #7) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 71 87 60 59 b3 25 92 fa 3b f4 8b 5f | 1a 17 0f 4d 7d 66 37 9f 62 c8 11 92 3d 76 d5 ba | 1c b3 8e 0a 69 0c 33 96 e3 be d9 33 1a ba f0 50 | 1c 69 e3 89 13 93 3b b7 56 a1 38 d0 66 3a c6 34 | 0c bc 16 a6 84 9c 15 5b 7c 67 78 72 b0 d2 12 6e | 69 57 57 83 ad 5e 79 f9 af 84 3d 95 5a 51 24 24 | a7 73 2c 72 bd ce 18 86 bd a5 44 88 2b 20 f4 28 | c9 c5 4e b9 e1 5d da c7 86 81 55 fa 78 d6 ac 5c | 40 51 21 b1 82 78 e2 ff cb 55 01 41 49 1f 4b 32 | c1 4e 99 15 d6 48 35 de 58 9a ed 52 cc 4e 3e e1 | 8e b8 57 92 1f c5 80 c9 8f 05 d4 28 36 69 f7 2d | 07 50 b8 b2 77 a7 fc 61 70 fa 1f 31 15 f0 af 44 | 4e 41 f9 f9 c7 64 6a 97 95 bb be 9d 98 f3 64 c1 | 3c be d6 7a 08 cb a5 5b dd 37 e4 4d 28 3f 82 4b | a8 d2 52 b6 47 63 5e 02 b7 ee 3f 64 4b ff 18 a6 | 62 91 0f 09 0d 87 43 6e cf 69 25 ff 93 cd 07 63 | e3 bc e1 8e 29 00 00 24 a6 0a ff 48 17 18 60 6a | 3a 98 89 9e 53 40 73 53 cf c3 95 e7 0d 13 d1 e5 | fb 45 06 3e 23 4b 45 47 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 21 b4 b4 ba 04 f8 93 5f | 42 57 32 c2 61 fe 8e 04 c1 f5 4c ea 00 00 00 1c | 00 00 40 05 e6 df 5c 1d 21 4c 9f a3 6e f2 ab bb | 20 42 85 36 90 25 a8 d1 | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f8488005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f8498002b78 | event_schedule: new EVENT_SO_DISCARD-pe@0x7f8498002b78 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #7 | libevent_malloc: new ptr-libevent@0x55593e3ee348 size 128 | resume sending helper answer for #7 suppresed complete_v2_state_transition() | #7 spent 0.451 milliseconds in resume sending helper answer | stop processing: state #7 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f848c002888 | spent 0.00283 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 220 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 29 40 d7 fe 9a 66 21 17 14 12 14 e8 72 a6 a7 ae | 27 cf b8 77 30 e6 ed e4 06 5e 1f 3a c8 d7 07 1d | e5 cd 4a 8b 0a b3 53 c2 44 40 ef b4 dd 73 ad 30 | 3c 3c 43 e8 fa 7d 15 e6 d1 3e 5c 7e 61 13 f7 7f | 01 a4 4a 5d 87 ee 70 2f 92 05 dc d6 8b f2 e7 f8 | b6 01 2c 9b 10 d9 5a 00 7b 5e 0a fc 2e db 65 a0 | 26 f0 f0 ae 61 c3 26 6a 90 22 48 a2 8c 48 eb aa | ec 7c 10 f2 df 32 49 65 c9 2c 26 30 84 3d c2 2a | d1 41 d1 93 b8 f3 0f 3f 38 b2 15 d7 18 80 21 c7 | 9f 2f 1b 84 fd 20 2e bc c1 a9 03 be 6c c6 c6 49 | f8 f4 40 7c 2c be 21 b5 0d 73 8e 37 10 79 e7 0a | 35 36 d1 7b 75 e4 7f e6 c1 fb 7b a1 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ae 1b cd 2e da cd 37 42 | responder cookie: | 2a c7 2c 58 e6 75 73 b1 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 220 (0xdc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #7 in PARENT_R1 (find_v2_ike_sa) | start processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #7 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #7 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 192 (0xc0) | processing payload: ISAKMP_NEXT_v2SK (len=188) | Message ID: start-responder #7 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #7 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f848c003a28: transferring ownership from state #7 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 6 for state #7 | state #7 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x55593e3ee348 | free_event_entry: release EVENT_SO_DISCARD-pe@0x7f8498002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f8498002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f848c002888 size 128 | #7 spent 0.0416 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #7 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #7 and saving MD | #7 is busy; has a suspended MD | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #7 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 0.186 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.198 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 6 resuming | crypto helper 6 starting work-order 6 for state #7 | crypto helper 6 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 6 | peer's g: 6e 13 10 d9 0b db 0e 76 ce 8e 8d a9 16 aa 4c 6a | peer's g: 48 18 61 df bf 08 3e 11 a4 2e 59 51 2b 85 27 50 | peer's g: 7d 12 90 df e5 7b 67 52 a5 04 51 81 e5 66 66 0f | peer's g: 8a 2d 15 16 e7 34 5f ae ba 86 4e 83 19 a2 19 21 | peer's g: a6 70 ad fd 3f d5 91 3f b9 fa fe b8 49 f1 63 79 | peer's g: 69 e3 70 80 78 5a ab 01 1d 42 12 a9 77 f4 63 0a | peer's g: d8 db 9b d8 cc fe 86 98 9b 70 32 37 12 2b 37 9b | peer's g: 8d 22 92 43 66 95 f6 79 09 ce 3c 40 0e 39 9d 19 | peer's g: 1b 3a 8f dd 19 c6 8b df 2c cf b7 cd d0 d6 14 1d | peer's g: eb 61 7f de 98 03 93 1d 93 70 88 e2 78 32 9b 52 | peer's g: 9a ec 06 9f 35 d5 7c 77 c1 e1 a4 ae f3 47 14 e6 | peer's g: 5b 2d 92 51 87 90 b5 0f 6a 8b 1f 60 1c 97 df c9 | peer's g: 45 0d 89 1e 42 33 8b 9a 77 6d ab 11 cc 7a 4d c5 | peer's g: c1 7b 17 48 8f 47 1e 5e d0 43 d7 5d cc e5 e6 40 | peer's g: 10 d9 83 20 8f a3 fd da f9 b4 37 be 27 fe 4d 0b | peer's g: 5a b8 d8 b5 6e bd 8e 3b 45 7e 61 de 4e 89 b7 c8 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x55593e3d5be0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f848c003a28: computed shared DH secret key@0x55593e3d5be0 | dh-shared : g^ir-key@0x55593e3d5be0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f8480001f18 (length 64) | 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f849ff7b6e0 | result: Ni | Nr-key@0x55593e3eef50 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55593e3eef50 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b6c8 | result: Ni | Nr-key@0x55593e3e8620 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x55593e3eef50 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f8480002fa0 from Ni | Nr-key@0x55593e3e8620 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f8480002fa0 from Ni | Nr-key@0x55593e3e8620 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x55593e3e8620 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f8480003a78 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x55593e3d5be0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x55593e3d5be0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x55593e3d5be0 | nss hmac digest hack: symkey-key@0x55593e3d5be0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1027334338: 71 99 a1 6a 90 1c af b9 52 ee 16 1a 83 d1 8b 25 58 3e 17 3a 88 dc 1f 36 f1 07 57 ee 66 08 68 21 08 06 43 69 7a 6e 93 13 8f 26 b4 9c e8 e5 57 fd 0d 35 4b 69 7a e5 63 5f 66 0e 2d d0 e4 58 2d 13 b1 0a 93 3f b3 5c 79 b0 a7 a0 99 5e 1e ce 7a 35 45 3d 93 80 3a c0 7e 0f ba c6 ab 65 5a d3 24 29 71 2b 98 76 b1 cf f7 ae ce 48 64 3a 9f 87 91 bb 27 c0 28 db 61 31 53 93 26 da c3 28 3e 40 96 fb b6 84 48 da 42 54 f5 aa 62 f3 5c ae 7f 6e 6b f4 07 fb fa 87 39 da 9e f6 b9 06 79 e9 1f 72 e7 47 d9 80 45 25 26 3f ea 55 c5 de 80 07 45 5a fe d4 b8 f7 1a 10 20 1e b9 ab 88 95 1e a7 cc 84 ac 6e 9e 14 8e 79 70 43 e1 7c bf 4a a4 c7 05 21 63 66 cd 5e 2e 3c ea 26 1c a1 24 67 e5 61 88 b3 a5 53 eb 9b 01 de 24 71 f7 61 b4 58 89 f0 6a bc db bb b5 6b 87 ac d8 c7 0e 88 1d f8 62 a8 07 d8 bf 5a | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 256 bytes at 0x7f8480003fa8 | unwrapped: a2 66 72 9b 48 28 c7 d0 bd b5 f4 4d b3 c7 38 85 | unwrapped: 9e 7f 96 e4 1b 20 45 eb 6c 0c 84 11 cb a5 7e ac | unwrapped: 75 4c 55 da ae 05 62 ce 41 66 49 44 04 bf cc be | unwrapped: 00 d4 70 8f 4d 39 66 84 a4 a5 c8 a4 cc 6d e2 e4 | unwrapped: d3 3f 2e 81 24 3d e5 69 e2 b4 f1 45 2e a3 82 c4 | unwrapped: c2 ba e9 7d c7 91 68 61 a6 e2 82 14 46 23 bf d2 | unwrapped: 1d 5d 5e 7b d3 5a 7d b8 14 81 4c 56 5e 44 ad 4f | unwrapped: 1f 9a 45 2b 07 95 3c f4 d8 1c 9c 26 26 f7 56 74 | unwrapped: fa f7 d0 2c c3 44 1e fc 75 fb 6c 4f 29 12 fa 4e | unwrapped: 74 59 cd bb db 65 7f 72 dd 39 38 bc 85 70 02 e3 | unwrapped: 6b 0c b8 d0 dd 44 9b 9f 9c 08 6f 6b 3d 9b fa 53 | unwrapped: ce b7 a9 c8 4a 85 a3 f0 5d 3d 28 30 5e ef ea 2e | unwrapped: bd 78 0f d4 19 93 8f e3 30 01 6b 01 bc ad 6d 5a | unwrapped: 73 dd 52 97 95 50 06 d6 44 6e 45 4a 5c fd 89 89 | unwrapped: 1d 65 14 26 e5 e5 9b 5a a1 b2 d6 1b f5 1a 39 c6 | unwrapped: e4 9e a2 9b 46 c3 b5 98 d9 81 b4 14 63 e6 41 b4 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f849ff7b700 | result: final-key@0x55593e3eef50 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3eef50 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b6e8 | result: final-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3eef50 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x55593e3e8620 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f849ff7b670 | result: data=Ni-key@0x7f8490006bb0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f8490006bb0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b658 | result: data=Ni-key@0x55593e3eef50 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f8490006bb0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3eef50 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f849ff7b660 | result: data+=Nr-key@0x7f8490006bb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3eef50 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f8490006bb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f849ff7b660 | result: data+=SPIi-key@0x55593e3eef50 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f8490006bb0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3eef50 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f849ff7b660 | result: data+=SPIr-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3eef50 | prf+0 PRF sha init key-key@0x55593e3e8620 (size 20) | prf+0: key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b588 | result: clone-key@0x55593e3eef50 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f8480002fa0 from key-key@0x55593e3eef50 | prf+0 prf: begin sha with context 0x7f8480002fa0 from key-key@0x55593e3eef50 | prf+0: release clone-key@0x55593e3eef50 | prf+0 PRF sha crypt-prf@0x7f8480002f78 | prf+0 PRF sha update seed-key@0x7f8490006bb0 (size 80) | prf+0: seed-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f8490006bb0 | nss hmac digest hack: symkey-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 7c b3 b6 2f ad 83 76 92 af f2 3b fd df 41 d5 72 6a f5 f7 44 5b d7 cd 62 f9 28 ab 92 4a 4e 0b a1 78 dc 80 da de 2e ca e4 a4 5b 10 c3 80 69 6a 00 86 18 10 8d 67 05 db 3b 19 18 ff f2 b6 73 59 2e 64 15 b3 e0 82 6f 9c a7 bc 0a cc 73 7b 48 b8 75 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8480008078 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | unwrapped: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f849ff7b590 | result: final-key@0x55593e3f0a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f0a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b578 | result: final-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f0a20 | prf+0 PRF sha final-key@0x55593e3eef50 (size 20) | prf+0: key-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x55593e3eef50 | prf+N PRF sha init key-key@0x55593e3e8620 (size 20) | prf+N: key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b588 | result: clone-key@0x55593e3f0a20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8480002fa0 from key-key@0x55593e3f0a20 | prf+N prf: begin sha with context 0x7f8480002fa0 from key-key@0x55593e3f0a20 | prf+N: release clone-key@0x55593e3f0a20 | prf+N PRF sha crypt-prf@0x7f84800030d8 | prf+N PRF sha update old_t-key@0x55593e3eef50 (size 20) | prf+N: old_t-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3eef50 | nss hmac digest hack: symkey-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: ff 7f d2 06 5c 21 94 9e 97 17 7d 19 7d 65 7c 05 b6 57 30 0d 83 81 ff f3 d6 c1 bb fb 7e cf 64 36 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8480002f28 | unwrapped: 48 2a e4 9b 97 54 29 54 6d ea 05 d3 cb 29 13 e3 | unwrapped: 9f ef 1d 06 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f8490006bb0 (size 80) | prf+N: seed-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f8490006bb0 | nss hmac digest hack: symkey-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 7c b3 b6 2f ad 83 76 92 af f2 3b fd df 41 d5 72 6a f5 f7 44 5b d7 cd 62 f9 28 ab 92 4a 4e 0b a1 78 dc 80 da de 2e ca e4 a4 5b 10 c3 80 69 6a 00 86 18 10 8d 67 05 db 3b 19 18 ff f2 b6 73 59 2e 64 15 b3 e0 82 6f 9c a7 bc 0a cc 73 7b 48 b8 75 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8480007ff8 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | unwrapped: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f849ff7b590 | result: final-key@0x7f8480006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f8480006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b578 | result: final-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f8480006650 | prf+N PRF sha final-key@0x55593e3f0a20 (size 20) | prf+N: key-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f849ff7b608 | result: result-key@0x7f8480006650 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3eef50 | prfplus: release old_t[N]-key@0x55593e3eef50 | prf+N PRF sha init key-key@0x55593e3e8620 (size 20) | prf+N: key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b588 | result: clone-key@0x55593e3eef50 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8480002fa0 from key-key@0x55593e3eef50 | prf+N prf: begin sha with context 0x7f8480002fa0 from key-key@0x55593e3eef50 | prf+N: release clone-key@0x55593e3eef50 | prf+N PRF sha crypt-prf@0x7f8480002f78 | prf+N PRF sha update old_t-key@0x55593e3f0a20 (size 20) | prf+N: old_t-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3f0a20 | nss hmac digest hack: symkey-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 9d cc fb 13 54 a1 ba d9 62 a3 53 10 ea fa 08 29 39 03 8f 5c 01 bc 76 3a 7d df 6b 63 28 02 32 e6 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8480003a78 | unwrapped: ef e1 4a bc bc 66 bb 76 31 42 84 aa f4 ba 44 1b | unwrapped: 64 ca 3f a4 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f8490006bb0 (size 80) | prf+N: seed-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f8490006bb0 | nss hmac digest hack: symkey-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 7c b3 b6 2f ad 83 76 92 af f2 3b fd df 41 d5 72 6a f5 f7 44 5b d7 cd 62 f9 28 ab 92 4a 4e 0b a1 78 dc 80 da de 2e ca e4 a4 5b 10 c3 80 69 6a 00 86 18 10 8d 67 05 db 3b 19 18 ff f2 b6 73 59 2e 64 15 b3 e0 82 6f 9c a7 bc 0a cc 73 7b 48 b8 75 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8480008078 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | unwrapped: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f849ff7b590 | result: final-key@0x7f848000a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b578 | result: final-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f848000a000 | prf+N PRF sha final-key@0x55593e3eef50 (size 20) | prf+N: key-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f8480006650 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f849ff7b608 | result: result-key@0x7f848000a000 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f8480006650 | prfplus: release old_t[N]-key@0x55593e3f0a20 | prf+N PRF sha init key-key@0x55593e3e8620 (size 20) | prf+N: key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b588 | result: clone-key@0x55593e3f0a20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8480002fa0 from key-key@0x55593e3f0a20 | prf+N prf: begin sha with context 0x7f8480002fa0 from key-key@0x55593e3f0a20 | prf+N: release clone-key@0x55593e3f0a20 | prf+N PRF sha crypt-prf@0x7f8480002f28 | prf+N PRF sha update old_t-key@0x55593e3eef50 (size 20) | prf+N: old_t-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3eef50 | nss hmac digest hack: symkey-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: ae 0f 5a 0d b0 89 66 72 b0 fb 3b 3a 95 26 72 ef 24 b4 c6 94 ca 64 12 b8 7f 26 86 1d 7c 3a 4e b2 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f848000bca8 | unwrapped: 42 97 96 4e ef 30 33 95 03 99 f0 6e 16 27 a1 7c | unwrapped: cf 9d 8e 6d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f8490006bb0 (size 80) | prf+N: seed-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f8490006bb0 | nss hmac digest hack: symkey-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 7c b3 b6 2f ad 83 76 92 af f2 3b fd df 41 d5 72 6a f5 f7 44 5b d7 cd 62 f9 28 ab 92 4a 4e 0b a1 78 dc 80 da de 2e ca e4 a4 5b 10 c3 80 69 6a 00 86 18 10 8d 67 05 db 3b 19 18 ff f2 b6 73 59 2e 64 15 b3 e0 82 6f 9c a7 bc 0a cc 73 7b 48 b8 75 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8480007ff8 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | unwrapped: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f849ff7b590 | result: final-key@0x7f8480006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f8480006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b578 | result: final-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f8480006650 | prf+N PRF sha final-key@0x55593e3f0a20 (size 20) | prf+N: key-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848000a000 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f849ff7b608 | result: result-key@0x7f8480006650 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f848000a000 | prfplus: release old_t[N]-key@0x55593e3eef50 | prf+N PRF sha init key-key@0x55593e3e8620 (size 20) | prf+N: key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b588 | result: clone-key@0x55593e3eef50 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8480002fa0 from key-key@0x55593e3eef50 | prf+N prf: begin sha with context 0x7f8480002fa0 from key-key@0x55593e3eef50 | prf+N: release clone-key@0x55593e3eef50 | prf+N PRF sha crypt-prf@0x7f84800030d8 | prf+N PRF sha update old_t-key@0x55593e3f0a20 (size 20) | prf+N: old_t-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3f0a20 | nss hmac digest hack: symkey-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: e4 2b 3c 4c 39 4e 5e e9 82 cb e3 00 da 4d ba b0 95 82 e4 70 f0 e8 d5 c1 54 f9 9d a2 dd 05 45 0b | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8480003a78 | unwrapped: a3 f3 8e 87 31 ee d0 9a 69 a7 f0 ea a9 e1 19 51 | unwrapped: 55 0a 7b be 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f8490006bb0 (size 80) | prf+N: seed-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f8490006bb0 | nss hmac digest hack: symkey-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 7c b3 b6 2f ad 83 76 92 af f2 3b fd df 41 d5 72 6a f5 f7 44 5b d7 cd 62 f9 28 ab 92 4a 4e 0b a1 78 dc 80 da de 2e ca e4 a4 5b 10 c3 80 69 6a 00 86 18 10 8d 67 05 db 3b 19 18 ff f2 b6 73 59 2e 64 15 b3 e0 82 6f 9c a7 bc 0a cc 73 7b 48 b8 75 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8480008078 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | unwrapped: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f849ff7b590 | result: final-key@0x7f848000a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b578 | result: final-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f848000a000 | prf+N PRF sha final-key@0x55593e3eef50 (size 20) | prf+N: key-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f8480006650 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f849ff7b608 | result: result-key@0x7f848000a000 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f8480006650 | prfplus: release old_t[N]-key@0x55593e3f0a20 | prf+N PRF sha init key-key@0x55593e3e8620 (size 20) | prf+N: key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b588 | result: clone-key@0x55593e3f0a20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f848000b910 from key-key@0x55593e3f0a20 | prf+N prf: begin sha with context 0x7f848000b910 from key-key@0x55593e3f0a20 | prf+N: release clone-key@0x55593e3f0a20 | prf+N PRF sha crypt-prf@0x7f8480002f78 | prf+N PRF sha update old_t-key@0x55593e3eef50 (size 20) | prf+N: old_t-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3eef50 | nss hmac digest hack: symkey-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: d9 5d 9d 5a 90 33 b1 48 d1 0b 36 f0 4d 0c 5a 90 a7 3b 45 dd c4 5f 33 00 3f 87 8c d1 4f db 62 db | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8480002f28 | unwrapped: d6 4d 85 00 cb 53 ed 1d 29 b7 c7 22 07 48 24 cc | unwrapped: 51 9d 71 76 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f8490006bb0 (size 80) | prf+N: seed-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f8490006bb0 | nss hmac digest hack: symkey-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 7c b3 b6 2f ad 83 76 92 af f2 3b fd df 41 d5 72 6a f5 f7 44 5b d7 cd 62 f9 28 ab 92 4a 4e 0b a1 78 dc 80 da de 2e ca e4 a4 5b 10 c3 80 69 6a 00 86 18 10 8d 67 05 db 3b 19 18 ff f2 b6 73 59 2e 64 15 b3 e0 82 6f 9c a7 bc 0a cc 73 7b 48 b8 75 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8480007ff8 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | unwrapped: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f849ff7b590 | result: final-key@0x7f8480006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f8480006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b578 | result: final-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f8480006650 | prf+N PRF sha final-key@0x55593e3f0a20 (size 20) | prf+N: key-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848000a000 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f849ff7b608 | result: result-key@0x7f8480006650 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f848000a000 | prfplus: release old_t[N]-key@0x55593e3eef50 | prf+N PRF sha init key-key@0x55593e3e8620 (size 20) | prf+N: key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b588 | result: clone-key@0x55593e3eef50 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8480002fa0 from key-key@0x55593e3eef50 | prf+N prf: begin sha with context 0x7f8480002fa0 from key-key@0x55593e3eef50 | prf+N: release clone-key@0x55593e3eef50 | prf+N PRF sha crypt-prf@0x7f84800030d8 | prf+N PRF sha update old_t-key@0x55593e3f0a20 (size 20) | prf+N: old_t-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3f0a20 | nss hmac digest hack: symkey-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 07 be c9 cd 0d d9 4b f3 b0 60 4b dd 23 8e e6 bb 0c 4f 3a cf 96 6c 21 10 36 6f f2 19 d8 c5 dc 02 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8480003a78 | unwrapped: 6b f3 79 84 49 70 8b 1f fe cc 90 fa ae c6 d7 a5 | unwrapped: 03 a8 45 37 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f8490006bb0 (size 80) | prf+N: seed-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7f8490006bb0 | nss hmac digest hack: symkey-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 7c b3 b6 2f ad 83 76 92 af f2 3b fd df 41 d5 72 6a f5 f7 44 5b d7 cd 62 f9 28 ab 92 4a 4e 0b a1 78 dc 80 da de 2e ca e4 a4 5b 10 c3 80 69 6a 00 86 18 10 8d 67 05 db 3b 19 18 ff f2 b6 73 59 2e 64 15 b3 e0 82 6f 9c a7 bc 0a cc 73 7b 48 b8 75 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f848000c2a8 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | unwrapped: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f849ff7b590 | result: final-key@0x7f848000a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b578 | result: final-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f848000a000 | prf+N PRF sha final-key@0x55593e3eef50 (size 20) | prf+N: key-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f8480006650 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f849ff7b608 | result: result-key@0x7f848000a000 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f8480006650 | prfplus: release old_t[N]-key@0x55593e3f0a20 | prfplus: release old_t[final]-key@0x55593e3eef50 | ike_sa_keymat: release data-key@0x7f8490006bb0 | calc_skeyseed_v2: release skeyseed_k-key@0x55593e3e8620 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000a000 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b7a8 | result: result-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000a000 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b7a8 | result: result-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000a000 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b7a8 | result: result-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f848000a000 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b7b8 | result: SK_ei_k-key@0x55593e3f0a20 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f848000a000 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b7b8 | result: SK_er_k-key@0x7f8480006650 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000a000 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b7b8 | result: result-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f848000b980 | chunk_SK_pi: symkey-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: dc 0b 75 68 20 d2 72 3d 41 8e 0e 31 52 c5 cc c7 d5 d4 ce 68 18 15 3d fe b1 de fc 28 71 3f 80 f9 | chunk_SK_pi: release slot-key-key@0x55593e3d0e50 | chunk_SK_pi extracted len 32 bytes at 0x7f8480002f78 | unwrapped: 07 48 24 cc 51 9d 71 76 6b f3 79 84 49 70 8b 1f | unwrapped: fe cc 90 fa 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000a000 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f849ff7b7b8 | result: result-key@0x7f848000f0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f848000f0e0 | chunk_SK_pr: symkey-key@0x7f848000f0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 32 1d cb 14 80 1f a1 70 7b e7 9f 9d 76 e3 7a 67 18 9f f8 35 e6 48 94 d6 8a cb 81 ae 6e 46 d2 be | chunk_SK_pr: release slot-key-key@0x55593e3d0e50 | chunk_SK_pr extracted len 32 bytes at 0x7f8480003a78 | unwrapped: ae c6 d7 a5 03 a8 45 37 3c c4 24 93 10 6c 6b 76 | unwrapped: 1d 8b 81 2d 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f848000a000 | calc_skeyseed_v2 pointers: shared-key@0x55593e3d5be0, SK_d-key@0x55593e3e8620, SK_ai-key@0x7f8490006bb0, SK_ar-key@0x55593e3eef50, SK_ei-key@0x55593e3f0a20, SK_er-key@0x7f8480006650, SK_pi-key@0x7f848000b980, SK_pr-key@0x7f848000f0e0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 07 48 24 cc 51 9d 71 76 6b f3 79 84 49 70 8b 1f | fe cc 90 fa | calc_skeyseed_v2 SK_pr | ae c6 d7 a5 03 a8 45 37 3c c4 24 93 10 6c 6b 76 | 1d 8b 81 2d | crypto helper 6 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 6 time elapsed 0.002296 seconds | (#7) spent 2.28 milliseconds in crypto helper computing work-order 6: ikev2_inI2outR2 KE (pcr) | crypto helper 6 sending results from work-order 6 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7f8480005088 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #7 | start processing: state #7 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 6 | calling continuation function 0x55593d342b50 | ikev2_parent_inI2outR2_continue for #7: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f848c003a28: transferring ownership from helper IKEv2 DH to state #7 | finish_dh_v2: release st_shared_nss-key@NULL | #7 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x7f8490006bb0 (size 20) | hmac: symkey-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3618 | result: clone-key@0x7f848000a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f848c002b50 from symkey-key@0x7f848000a000 | hmac prf: begin sha with context 0x7f848c002b50 from symkey-key@0x7f848000a000 | hmac: release clone-key@0x7f848000a000 | hmac PRF sha crypt-prf@0x55593e3f5868 | hmac PRF sha update data-bytes@0x7f8490000b48 (length 208) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 29 40 d7 fe 9a 66 21 17 14 12 14 e8 72 a6 a7 ae | 27 cf b8 77 30 e6 ed e4 06 5e 1f 3a c8 d7 07 1d | e5 cd 4a 8b 0a b3 53 c2 44 40 ef b4 dd 73 ad 30 | 3c 3c 43 e8 fa 7d 15 e6 d1 3e 5c 7e 61 13 f7 7f | 01 a4 4a 5d 87 ee 70 2f 92 05 dc d6 8b f2 e7 f8 | b6 01 2c 9b 10 d9 5a 00 7b 5e 0a fc 2e db 65 a0 | 26 f0 f0 ae 61 c3 26 6a 90 22 48 a2 8c 48 eb aa | ec 7c 10 f2 df 32 49 65 c9 2c 26 30 84 3d c2 2a | d1 41 d1 93 b8 f3 0f 3f 38 b2 15 d7 18 80 21 c7 | 9f 2f 1b 84 fd 20 2e bc c1 a9 03 be 6c c6 c6 49 | f8 f4 40 7c 2c be 21 b5 0d 73 8e 37 10 79 e7 0a | hmac PRF sha final-bytes@0x7ffe993d37e0 (length 20) | 35 36 d1 7b 75 e4 7f e6 c1 fb 7b a1 ac 87 1e 93 | 01 fb 5c 75 | data for hmac: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data for hmac: 29 40 d7 fe 9a 66 21 17 14 12 14 e8 72 a6 a7 ae | data for hmac: 27 cf b8 77 30 e6 ed e4 06 5e 1f 3a c8 d7 07 1d | data for hmac: e5 cd 4a 8b 0a b3 53 c2 44 40 ef b4 dd 73 ad 30 | data for hmac: 3c 3c 43 e8 fa 7d 15 e6 d1 3e 5c 7e 61 13 f7 7f | data for hmac: 01 a4 4a 5d 87 ee 70 2f 92 05 dc d6 8b f2 e7 f8 | data for hmac: b6 01 2c 9b 10 d9 5a 00 7b 5e 0a fc 2e db 65 a0 | data for hmac: 26 f0 f0 ae 61 c3 26 6a 90 22 48 a2 8c 48 eb aa | data for hmac: ec 7c 10 f2 df 32 49 65 c9 2c 26 30 84 3d c2 2a | data for hmac: d1 41 d1 93 b8 f3 0f 3f 38 b2 15 d7 18 80 21 c7 | data for hmac: 9f 2f 1b 84 fd 20 2e bc c1 a9 03 be 6c c6 c6 49 | data for hmac: f8 f4 40 7c 2c be 21 b5 0d 73 8e 37 10 79 e7 0a | calculated auth: 35 36 d1 7b 75 e4 7f e6 c1 fb 7b a1 | provided auth: 35 36 d1 7b 75 e4 7f e6 c1 fb 7b a1 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 29 40 d7 fe 9a 66 21 17 14 12 14 e8 72 a6 a7 ae | payload before decryption: | 27 cf b8 77 30 e6 ed e4 06 5e 1f 3a c8 d7 07 1d | e5 cd 4a 8b 0a b3 53 c2 44 40 ef b4 dd 73 ad 30 | 3c 3c 43 e8 fa 7d 15 e6 d1 3e 5c 7e 61 13 f7 7f | 01 a4 4a 5d 87 ee 70 2f 92 05 dc d6 8b f2 e7 f8 | b6 01 2c 9b 10 d9 5a 00 7b 5e 0a fc 2e db 65 a0 | 26 f0 f0 ae 61 c3 26 6a 90 22 48 a2 8c 48 eb aa | ec 7c 10 f2 df 32 49 65 c9 2c 26 30 84 3d c2 2a | d1 41 d1 93 b8 f3 0f 3f 38 b2 15 d7 18 80 21 c7 | 9f 2f 1b 84 fd 20 2e bc c1 a9 03 be 6c c6 c6 49 | f8 f4 40 7c 2c be 21 b5 0d 73 8e 37 10 79 e7 0a | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | a5 38 a9 d4 2c ec 34 f6 eb db fc 5e 87 e2 81 95 | e0 69 96 e9 2c 00 00 2c 00 00 00 28 01 03 04 03 | f4 28 fd 6d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | stripping 16 octets as pad | #7 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #7: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #7 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #7: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7f848000b980 (size 20) | hmac: symkey-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3098 | result: clone-key@0x7f848000a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f848c002b50 from symkey-key@0x7f848000a000 | hmac prf: begin sha with context 0x7f848c002b50 from symkey-key@0x7f848000a000 | hmac: release clone-key@0x7f848000a000 | hmac PRF sha crypt-prf@0x55593e3f0b28 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x7f8490000b7c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffe993d3240 (length 20) | db 33 8e 86 c2 56 eb 2e cf bd 3b 87 00 65 50 c5 | bb b3 ca 83 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | inputs to hash1 (first packet) | ae 1b cd 2e da cd 37 42 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 6e 13 10 d9 0b db 0e 76 | ce 8e 8d a9 16 aa 4c 6a 48 18 61 df bf 08 3e 11 | a4 2e 59 51 2b 85 27 50 7d 12 90 df e5 7b 67 52 | a5 04 51 81 e5 66 66 0f 8a 2d 15 16 e7 34 5f ae | ba 86 4e 83 19 a2 19 21 a6 70 ad fd 3f d5 91 3f | b9 fa fe b8 49 f1 63 79 69 e3 70 80 78 5a ab 01 | 1d 42 12 a9 77 f4 63 0a d8 db 9b d8 cc fe 86 98 | 9b 70 32 37 12 2b 37 9b 8d 22 92 43 66 95 f6 79 | 09 ce 3c 40 0e 39 9d 19 1b 3a 8f dd 19 c6 8b df | 2c cf b7 cd d0 d6 14 1d eb 61 7f de 98 03 93 1d | 93 70 88 e2 78 32 9b 52 9a ec 06 9f 35 d5 7c 77 | c1 e1 a4 ae f3 47 14 e6 5b 2d 92 51 87 90 b5 0f | 6a 8b 1f 60 1c 97 df c9 45 0d 89 1e 42 33 8b 9a | 77 6d ab 11 cc 7a 4d c5 c1 7b 17 48 8f 47 1e 5e | d0 43 d7 5d cc e5 e6 40 10 d9 83 20 8f a3 fd da | f9 b4 37 be 27 fe 4d 0b 5a b8 d8 b5 6e bd 8e 3b | 45 7e 61 de 4e 89 b7 c8 29 00 00 24 4b 26 a9 4a | 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 72 e1 6b 24 | a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 b6 bc dc 59 | 83 46 94 b7 a5 43 e5 3e a8 95 e4 6a fa 8d 62 26 | 00 00 00 1c 00 00 40 05 43 cd 90 4f 0f 61 2b 13 | 69 87 35 b5 64 66 76 ef c1 59 31 00 | verify: initiator inputs to hash2 (responder nonce) | a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | idhash db 33 8e 86 c2 56 eb 2e cf bd 3b 87 00 65 50 c5 | idhash bb b3 ca 83 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55593e3d0da8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2e90 | result: shared secret-key@0x55593e3f3e30 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55593e3f3e30 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2e78 | result: shared secret-key@0x7f848000a000 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55593e3f3e30 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f848c002b50 from shared secret-key@0x7f848000a000 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f848c002b50 from shared secret-key@0x7f848000a000 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f848000a000 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55593e3f5868 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55593d3d54d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2eb0 | result: final-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2e98 | result: final-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f3e30 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f848000a000 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f848000a000 (size 20) | = prf(, ): -key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2ea8 | result: clone-key@0x55593e3f3e30 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f848c002b50 from -key@0x55593e3f3e30 | = prf(, ) prf: begin sha with context 0x7f848c002b50 from -key@0x55593e3f3e30 | = prf(, ): release clone-key@0x55593e3f3e30 | = prf(, ) PRF sha crypt-prf@0x55593e3f0b28 | = prf(, ) PRF sha update first-packet-bytes@0x55593e3f6598 (length 444) | ae 1b cd 2e da cd 37 42 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 6e 13 10 d9 0b db 0e 76 | ce 8e 8d a9 16 aa 4c 6a 48 18 61 df bf 08 3e 11 | a4 2e 59 51 2b 85 27 50 7d 12 90 df e5 7b 67 52 | a5 04 51 81 e5 66 66 0f 8a 2d 15 16 e7 34 5f ae | ba 86 4e 83 19 a2 19 21 a6 70 ad fd 3f d5 91 3f | b9 fa fe b8 49 f1 63 79 69 e3 70 80 78 5a ab 01 | 1d 42 12 a9 77 f4 63 0a d8 db 9b d8 cc fe 86 98 | 9b 70 32 37 12 2b 37 9b 8d 22 92 43 66 95 f6 79 | 09 ce 3c 40 0e 39 9d 19 1b 3a 8f dd 19 c6 8b df | 2c cf b7 cd d0 d6 14 1d eb 61 7f de 98 03 93 1d | 93 70 88 e2 78 32 9b 52 9a ec 06 9f 35 d5 7c 77 | c1 e1 a4 ae f3 47 14 e6 5b 2d 92 51 87 90 b5 0f | 6a 8b 1f 60 1c 97 df c9 45 0d 89 1e 42 33 8b 9a | 77 6d ab 11 cc 7a 4d c5 c1 7b 17 48 8f 47 1e 5e | d0 43 d7 5d cc e5 e6 40 10 d9 83 20 8f a3 fd da | f9 b4 37 be 27 fe 4d 0b 5a b8 d8 b5 6e bd 8e 3b | 45 7e 61 de 4e 89 b7 c8 29 00 00 24 4b 26 a9 4a | 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 72 e1 6b 24 | a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 b6 bc dc 59 | 83 46 94 b7 a5 43 e5 3e a8 95 e4 6a fa 8d 62 26 | 00 00 00 1c 00 00 40 05 43 cd 90 4f 0f 61 2b 13 | 69 87 35 b5 64 66 76 ef c1 59 31 00 | = prf(, ) PRF sha update nonce-bytes@0x7f848c001278 (length 32) | a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | = prf(, ) PRF sha update hash-bytes@0x7ffe993d3240 (length 20) | db 33 8e 86 c2 56 eb 2e cf bd 3b 87 00 65 50 c5 | bb b3 ca 83 | = prf(, ) PRF sha final-chunk@0x55593e3f25e8 (length 20) | a5 38 a9 d4 2c ec 34 f6 eb db fc 5e 87 e2 81 95 | e0 69 96 e9 | psk_auth: release prf-psk-key@0x7f848000a000 | Received PSK auth octets | a5 38 a9 d4 2c ec 34 f6 eb db fc 5e 87 e2 81 95 | e0 69 96 e9 | Calculated PSK auth octets | a5 38 a9 d4 2c ec 34 f6 eb db fc 5e 87 e2 81 95 | e0 69 96 e9 "east" #7: Authenticated using authby=secret | parent state #7: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #7 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f848c002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f8498002b78 | event_schedule: new EVENT_SA_REKEY-pe@0x7f8498002b78 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #7 | libevent_malloc: new ptr-libevent@0x55593e3f6b68 size 128 | pstats #7 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | ae 1b cd 2e da cd 37 42 | responder cookie: | 2a c7 2c 58 e6 75 73 b1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7f848000f0e0 (size 20) | hmac: symkey-key@0x7f848000f0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000f0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2a18 | result: clone-key@0x7f848000a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f848c002b50 from symkey-key@0x7f848000a000 | hmac prf: begin sha with context 0x7f848c002b50 from symkey-key@0x7f848000a000 | hmac: release clone-key@0x7f848000a000 | hmac PRF sha crypt-prf@0x55593e3f0b28 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x55593d4408f4 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffe993d2d10 (length 20) | ba f8 a7 95 21 9b f4 40 d5 9d 1f f2 d7 9a 1f 28 | 69 75 43 a7 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | inputs to hash1 (first packet) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 71 87 60 59 b3 25 92 fa 3b f4 8b 5f | 1a 17 0f 4d 7d 66 37 9f 62 c8 11 92 3d 76 d5 ba | 1c b3 8e 0a 69 0c 33 96 e3 be d9 33 1a ba f0 50 | 1c 69 e3 89 13 93 3b b7 56 a1 38 d0 66 3a c6 34 | 0c bc 16 a6 84 9c 15 5b 7c 67 78 72 b0 d2 12 6e | 69 57 57 83 ad 5e 79 f9 af 84 3d 95 5a 51 24 24 | a7 73 2c 72 bd ce 18 86 bd a5 44 88 2b 20 f4 28 | c9 c5 4e b9 e1 5d da c7 86 81 55 fa 78 d6 ac 5c | 40 51 21 b1 82 78 e2 ff cb 55 01 41 49 1f 4b 32 | c1 4e 99 15 d6 48 35 de 58 9a ed 52 cc 4e 3e e1 | 8e b8 57 92 1f c5 80 c9 8f 05 d4 28 36 69 f7 2d | 07 50 b8 b2 77 a7 fc 61 70 fa 1f 31 15 f0 af 44 | 4e 41 f9 f9 c7 64 6a 97 95 bb be 9d 98 f3 64 c1 | 3c be d6 7a 08 cb a5 5b dd 37 e4 4d 28 3f 82 4b | a8 d2 52 b6 47 63 5e 02 b7 ee 3f 64 4b ff 18 a6 | 62 91 0f 09 0d 87 43 6e cf 69 25 ff 93 cd 07 63 | e3 bc e1 8e 29 00 00 24 a6 0a ff 48 17 18 60 6a | 3a 98 89 9e 53 40 73 53 cf c3 95 e7 0d 13 d1 e5 | fb 45 06 3e 23 4b 45 47 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 21 b4 b4 ba 04 f8 93 5f | 42 57 32 c2 61 fe 8e 04 c1 f5 4c ea 00 00 00 1c | 00 00 40 05 e6 df 5c 1d 21 4c 9f a3 6e f2 ab bb | 20 42 85 36 90 25 a8 d1 | create: responder inputs to hash2 (initiator nonce) | 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | idhash ba f8 a7 95 21 9b f4 40 d5 9d 1f f2 d7 9a 1f 28 | idhash 69 75 43 a7 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55593e3d0da8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2800 | result: shared secret-key@0x55593e3f3e30 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55593e3f3e30 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27e8 | result: shared secret-key@0x7f848000a000 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55593e3f3e30 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f848c002b50 from shared secret-key@0x7f848000a000 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f848c002b50 from shared secret-key@0x7f848000a000 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f848000a000 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55593e3f25e8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55593d3d54d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2820 | result: final-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2808 | result: final-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f3e30 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f848000a000 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f848000a000 (size 20) | = prf(, ): -key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2818 | result: clone-key@0x55593e3f3e30 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f848c002b50 from -key@0x55593e3f3e30 | = prf(, ) prf: begin sha with context 0x7f848c002b50 from -key@0x55593e3f3e30 | = prf(, ): release clone-key@0x55593e3f3e30 | = prf(, ) PRF sha crypt-prf@0x55593e3f0b28 | = prf(, ) PRF sha update first-packet-bytes@0x55593e3f6978 (length 440) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 71 87 60 59 b3 25 92 fa 3b f4 8b 5f | 1a 17 0f 4d 7d 66 37 9f 62 c8 11 92 3d 76 d5 ba | 1c b3 8e 0a 69 0c 33 96 e3 be d9 33 1a ba f0 50 | 1c 69 e3 89 13 93 3b b7 56 a1 38 d0 66 3a c6 34 | 0c bc 16 a6 84 9c 15 5b 7c 67 78 72 b0 d2 12 6e | 69 57 57 83 ad 5e 79 f9 af 84 3d 95 5a 51 24 24 | a7 73 2c 72 bd ce 18 86 bd a5 44 88 2b 20 f4 28 | c9 c5 4e b9 e1 5d da c7 86 81 55 fa 78 d6 ac 5c | 40 51 21 b1 82 78 e2 ff cb 55 01 41 49 1f 4b 32 | c1 4e 99 15 d6 48 35 de 58 9a ed 52 cc 4e 3e e1 | 8e b8 57 92 1f c5 80 c9 8f 05 d4 28 36 69 f7 2d | 07 50 b8 b2 77 a7 fc 61 70 fa 1f 31 15 f0 af 44 | 4e 41 f9 f9 c7 64 6a 97 95 bb be 9d 98 f3 64 c1 | 3c be d6 7a 08 cb a5 5b dd 37 e4 4d 28 3f 82 4b | a8 d2 52 b6 47 63 5e 02 b7 ee 3f 64 4b ff 18 a6 | 62 91 0f 09 0d 87 43 6e cf 69 25 ff 93 cd 07 63 | e3 bc e1 8e 29 00 00 24 a6 0a ff 48 17 18 60 6a | 3a 98 89 9e 53 40 73 53 cf c3 95 e7 0d 13 d1 e5 | fb 45 06 3e 23 4b 45 47 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 21 b4 b4 ba 04 f8 93 5f | 42 57 32 c2 61 fe 8e 04 c1 f5 4c ea 00 00 00 1c | 00 00 40 05 e6 df 5c 1d 21 4c 9f a3 6e f2 ab bb | 20 42 85 36 90 25 a8 d1 | = prf(, ) PRF sha update nonce-bytes@0x55593e3f2218 (length 32) | 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | = prf(, ) PRF sha update hash-bytes@0x7ffe993d2d10 (length 20) | ba f8 a7 95 21 9b f4 40 d5 9d 1f f2 d7 9a 1f 28 | 69 75 43 a7 | = prf(, ) PRF sha final-chunk@0x55593e3f5868 (length 20) | 7e c7 68 b4 10 95 1f 13 62 fd e4 08 35 ae 04 fb | 38 10 19 e5 | psk_auth: release prf-psk-key@0x7f848000a000 | PSK auth octets 7e c7 68 b4 10 95 1f 13 62 fd e4 08 35 ae 04 fb | PSK auth octets 38 10 19 e5 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 7e c7 68 b4 10 95 1f 13 62 fd e4 08 35 ae 04 fb | PSK auth 38 10 19 e5 | emitting length of IKEv2 Authentication Payload: 28 | creating state object #8 at 0x55593e3f6cc8 | State DB: adding IKEv2 state #8 in UNDEFINED | pstats #8 ikev2.child started | duplicating state object #7 "east" as #8 for IPSEC SA | #8 setting local endpoint to 192.1.2.23:500 from #7.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x55593e3e8620 | duplicate_state: reference st_skey_ai_nss-key@0x7f8490006bb0 | duplicate_state: reference st_skey_ar_nss-key@0x55593e3eef50 | duplicate_state: reference st_skey_ei_nss-key@0x55593e3f0a20 | duplicate_state: reference st_skey_er_nss-key@0x7f8480006650 | duplicate_state: reference st_skey_pi_nss-key@0x7f848000b980 | duplicate_state: reference st_skey_pr_nss-key@0x7f848000f0e0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #7.#8; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #7 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #7.#8 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI f4 28 fd 6d | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 "east" #7: proposal 1:ESP:SPI=f428fd6d;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=f428fd6d;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0x8155e56f for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 81 55 e5 6f | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2890 | result: data=Ni-key@0x55593e3f3e30 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55593e3f3e30 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2878 | result: data=Ni-key@0x7f848000a000 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55593e3f3e30 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848000a000 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d2880 | result: data+=Nr-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f848000a000 | prf+0 PRF sha init key-key@0x55593e3e8620 (size 20) | prf+0: key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x7f848000a000 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f848c002b50 from key-key@0x7f848000a000 | prf+0 prf: begin sha with context 0x7f848c002b50 from key-key@0x7f848000a000 | prf+0: release clone-key@0x7f848000a000 | prf+0 PRF sha crypt-prf@0x55593e3eeed8 | prf+0 PRF sha update seed-key@0x55593e3f3e30 (size 64) | prf+0: seed-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3f3e30 | nss hmac digest hack: symkey-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: 7c b3 b6 2f ad 83 76 92 af f2 3b fd df 41 d5 72 6a f5 f7 44 5b d7 cd 62 f9 28 ab 92 4a 4e 0b a1 78 dc 80 da de 2e ca e4 a4 5b 10 c3 80 69 6a 00 86 18 10 8d 67 05 db 3b 19 18 ff f2 b6 73 59 2e | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e3f2308 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e3f7af0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f7af0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f7af0 | prf+0 PRF sha final-key@0x7f848000a000 (size 20) | prf+0: key-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f848000a000 | prf+N PRF sha init key-key@0x55593e3e8620 (size 20) | prf+N: key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x55593e3f7af0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f848c002b50 from key-key@0x55593e3f7af0 | prf+N prf: begin sha with context 0x7f848c002b50 from key-key@0x55593e3f7af0 | prf+N: release clone-key@0x55593e3f7af0 | prf+N PRF sha crypt-prf@0x55593e3ee8d8 | prf+N PRF sha update old_t-key@0x7f848000a000 (size 20) | prf+N: old_t-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f848000a000 | nss hmac digest hack: symkey-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 3f a7 b2 82 5c 30 80 1f 3a 71 2c 34 db 8e 1d d2 bf e9 8d 4f bc e2 d1 49 0e eb 10 27 e5 07 cf 13 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x55593e3f9438 | unwrapped: e0 03 dc 8b 70 ee d6 3f ab 35 8c c3 71 25 50 4f | unwrapped: e9 70 a8 4f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f3e30 (size 64) | prf+N: seed-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3f3e30 | nss hmac digest hack: symkey-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: 7c b3 b6 2f ad 83 76 92 af f2 3b fd df 41 d5 72 6a f5 f7 44 5b d7 cd 62 f9 28 ab 92 4a 4e 0b a1 78 dc 80 da de 2e ca e4 a4 5b 10 c3 80 69 6a 00 86 18 10 8d 67 05 db 3b 19 18 ff f2 b6 73 59 2e | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e3ee708 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e3f7c30 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f7c30 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f7c30 | prf+N PRF sha final-key@0x55593e3f7af0 (size 20) | prf+N: key-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe993d2828 | result: result-key@0x55593e3f7c30 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f848000a000 | prfplus: release old_t[N]-key@0x7f848000a000 | prf+N PRF sha init key-key@0x55593e3e8620 (size 20) | prf+N: key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x7f848000a000 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f848c002b50 from key-key@0x7f848000a000 | prf+N prf: begin sha with context 0x7f848c002b50 from key-key@0x7f848000a000 | prf+N: release clone-key@0x7f848000a000 | prf+N PRF sha crypt-prf@0x55593e3eeed8 | prf+N PRF sha update old_t-key@0x55593e3f7af0 (size 20) | prf+N: old_t-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3f7af0 | nss hmac digest hack: symkey-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: c4 5f 05 05 94 cc 16 1e a8 85 ef c5 7a 5d 9d 78 a3 d3 2e db 85 7d ef 1c 99 e6 8d 3a 16 9d 53 ad | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x55593e3ed758 | unwrapped: e9 cd b7 3e 43 5c c7 41 00 58 ee 7c 9a 0a ff 98 | unwrapped: 93 3f 95 b7 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f3e30 (size 64) | prf+N: seed-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3f3e30 | nss hmac digest hack: symkey-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: 7c b3 b6 2f ad 83 76 92 af f2 3b fd df 41 d5 72 6a f5 f7 44 5b d7 cd 62 f9 28 ab 92 4a 4e 0b a1 78 dc 80 da de 2e ca e4 a4 5b 10 c3 80 69 6a 00 86 18 10 8d 67 05 db 3b 19 18 ff f2 b6 73 59 2e | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e3f2308 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e3fae10 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3fae10 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3fae10 | prf+N PRF sha final-key@0x7f848000a000 (size 20) | prf+N: key-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3f7c30 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe993d2828 | result: result-key@0x55593e3fae10 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3f7c30 | prfplus: release old_t[N]-key@0x55593e3f7af0 | prf+N PRF sha init key-key@0x55593e3e8620 (size 20) | prf+N: key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x55593e3f7af0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f848c002b50 from key-key@0x55593e3f7af0 | prf+N prf: begin sha with context 0x7f848c002b50 from key-key@0x55593e3f7af0 | prf+N: release clone-key@0x55593e3f7af0 | prf+N PRF sha crypt-prf@0x55593e3f9438 | prf+N PRF sha update old_t-key@0x7f848000a000 (size 20) | prf+N: old_t-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f848000a000 | nss hmac digest hack: symkey-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 1f 87 e5 45 7c 45 eb 8a 26 2b 68 ac 13 87 62 3e 7c 83 f3 3e 68 44 16 29 9a 27 5a 59 14 f9 08 78 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x55593e3fc908 | unwrapped: a3 d8 fb c3 0a 45 f6 1e 46 f5 21 e6 db 39 e0 4f | unwrapped: 2c 51 33 fd 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f3e30 (size 64) | prf+N: seed-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3f3e30 | nss hmac digest hack: symkey-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: 7c b3 b6 2f ad 83 76 92 af f2 3b fd df 41 d5 72 6a f5 f7 44 5b d7 cd 62 f9 28 ab 92 4a 4e 0b a1 78 dc 80 da de 2e ca e4 a4 5b 10 c3 80 69 6a 00 86 18 10 8d 67 05 db 3b 19 18 ff f2 b6 73 59 2e | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e3ee708 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e3f7c30 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f7c30 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f7c30 | prf+N PRF sha final-key@0x55593e3f7af0 (size 20) | prf+N: key-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3fae10 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe993d2828 | result: result-key@0x55593e3f7c30 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3fae10 | prfplus: release old_t[N]-key@0x7f848000a000 | prfplus: release old_t[final]-key@0x55593e3f7af0 | child_sa_keymat: release data-key@0x55593e3f3e30 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x55593e3f7c30 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2908 | result: result-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x55593e3f3e30 | initiator to responder keys: symkey-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x55593e3d0e50 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1679832368: 3f a7 b2 82 5c 30 80 1f 3a 71 2c 34 db 8e 1d d2 1d 08 66 a6 56 ff be 85 9b 0e 17 c0 a2 6e b2 f8 09 db c3 f0 c9 6f 53 af a0 b0 30 fd 43 6a 3f 36 | initiator to responder keys: release slot-key-key@0x55593e3d0e50 | initiator to responder keys extracted len 48 bytes at 0x7f8490002e68 | unwrapped: e0 03 dc 8b 70 ee d6 3f ab 35 8c c3 71 25 50 4f | unwrapped: e9 70 a8 4f e9 cd b7 3e 43 5c c7 41 00 58 ee 7c | unwrapped: 9a 0a ff 98 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x55593e3f3e30 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x55593e3f7c30 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2908 | result: result-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x55593e3f3e30 | responder to initiator keys:: symkey-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x55593e3d0e50 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1679832368: bd 2c ad af 76 8c 0e 34 32 22 65 68 75 97 48 4a 03 10 e8 12 51 09 43 6c 3b 78 a2 d6 ac 12 36 ac 2a 98 c7 8a 0f b9 9d 3d 48 e9 bb bc c4 0a 36 75 | responder to initiator keys:: release slot-key-key@0x55593e3d0e50 | responder to initiator keys: extracted len 48 bytes at 0x55593e3f56a8 | unwrapped: 93 3f 95 b7 a3 d8 fb c3 0a 45 f6 1e 46 f5 21 e6 | unwrapped: db 39 e0 4f 2c 51 33 fd 4f e6 b4 5f 17 44 cf d4 | unwrapped: 91 58 14 52 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x55593e3f3e30 | ikev2_derive_child_keys: release keymat-key@0x55593e3f7c30 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #7 spent 2.71 milliseconds | install_ipsec_sa() for #8: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.f428fd6d@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.8155e56f@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #8: prospective erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #8 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xf428fd6d SPI_OUT=0x815 | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0xf428fd6d SPI_OUT=0x8155e56f ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "east", setting eroute_owner {spd=0x55593e3e95b8,sr=0x55593e3e95b8} to #8 (was #0) (newest_ipsec_sa=#0) | #7 spent 0.814 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #8 (was #0) (spd.eroute=#8) cloned from #7 | adding 12 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 176 | emitting length of ISAKMP Message: 204 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | df b7 e6 d4 ad 7f 01 eb 59 a4 71 07 9e c1 4e 49 | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 7e c7 68 b4 10 95 1f 13 62 fd e4 08 | 35 ae 04 fb 38 10 19 e5 2c 00 00 2c 00 00 00 28 | 01 03 04 03 81 55 e5 6f 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | f5 6d 89 01 85 cb 4a 8a ee 5b 29 94 97 b2 39 8d | 95 0d d9 25 a0 70 bb c7 ec ac 6c 19 ce f6 15 13 | 61 eb 82 30 22 fc 91 af 86 16 ee ec a7 d4 69 cf | 60 96 29 e7 8b 4b ad 98 99 3c 0d 94 0c 3a 48 c9 | 00 58 d6 f7 f4 ed 83 cd 94 08 42 3d 10 6f b6 79 | a1 e3 3f 08 3c 45 93 db ef 9c c8 75 35 69 e3 59 | a8 88 bc af 56 71 f4 0c 11 9e ca b3 82 8a e2 0e | 22 89 13 aa 95 e4 40 eb 4c 1f e8 e5 34 1d ae 48 | d3 3b 4e 42 5f ad ea 56 c3 b4 fa 01 d1 75 01 eb | hmac PRF sha init symkey-key@0x55593e3eef50 (size 20) | hmac: symkey-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2928 | result: clone-key@0x55593e3f7c30 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f848c002b50 from symkey-key@0x55593e3f7c30 | hmac prf: begin sha with context 0x7f848c002b50 from symkey-key@0x55593e3f7c30 | hmac: release clone-key@0x55593e3f7c30 | hmac PRF sha crypt-prf@0x55593e3eeed8 | hmac PRF sha update data-bytes@0x55593d4408c0 (length 192) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | df b7 e6 d4 ad 7f 01 eb 59 a4 71 07 9e c1 4e 49 | f5 6d 89 01 85 cb 4a 8a ee 5b 29 94 97 b2 39 8d | 95 0d d9 25 a0 70 bb c7 ec ac 6c 19 ce f6 15 13 | 61 eb 82 30 22 fc 91 af 86 16 ee ec a7 d4 69 cf | 60 96 29 e7 8b 4b ad 98 99 3c 0d 94 0c 3a 48 c9 | 00 58 d6 f7 f4 ed 83 cd 94 08 42 3d 10 6f b6 79 | a1 e3 3f 08 3c 45 93 db ef 9c c8 75 35 69 e3 59 | a8 88 bc af 56 71 f4 0c 11 9e ca b3 82 8a e2 0e | 22 89 13 aa 95 e4 40 eb 4c 1f e8 e5 34 1d ae 48 | d3 3b 4e 42 5f ad ea 56 c3 b4 fa 01 d1 75 01 eb | hmac PRF sha final-bytes@0x55593d440980 (length 20) | ac a5 1a a5 0c fe ad 56 90 50 0b 17 07 9c a2 53 | 11 32 5d 62 | data being hmac: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data being hmac: df b7 e6 d4 ad 7f 01 eb 59 a4 71 07 9e c1 4e 49 | data being hmac: f5 6d 89 01 85 cb 4a 8a ee 5b 29 94 97 b2 39 8d | data being hmac: 95 0d d9 25 a0 70 bb c7 ec ac 6c 19 ce f6 15 13 | data being hmac: 61 eb 82 30 22 fc 91 af 86 16 ee ec a7 d4 69 cf | data being hmac: 60 96 29 e7 8b 4b ad 98 99 3c 0d 94 0c 3a 48 c9 | data being hmac: 00 58 d6 f7 f4 ed 83 cd 94 08 42 3d 10 6f b6 79 | data being hmac: a1 e3 3f 08 3c 45 93 db ef 9c c8 75 35 69 e3 59 | data being hmac: a8 88 bc af 56 71 f4 0c 11 9e ca b3 82 8a e2 0e | data being hmac: 22 89 13 aa 95 e4 40 eb 4c 1f e8 e5 34 1d ae 48 | data being hmac: d3 3b 4e 42 5f ad ea 56 c3 b4 fa 01 d1 75 01 eb | out calculated auth: | ac a5 1a a5 0c fe ad 56 90 50 0b 17 | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #7 spent 3.77 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #8 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #8 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #8: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #8 to 1 after switching state | Message ID: recv #7.#8 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #7.#8 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #8 ikev2.child established "east" #8: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #8: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xf428fd6d <0x8155e56f xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 204 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #7) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | df b7 e6 d4 ad 7f 01 eb 59 a4 71 07 9e c1 4e 49 | f5 6d 89 01 85 cb 4a 8a ee 5b 29 94 97 b2 39 8d | 95 0d d9 25 a0 70 bb c7 ec ac 6c 19 ce f6 15 13 | 61 eb 82 30 22 fc 91 af 86 16 ee ec a7 d4 69 cf | 60 96 29 e7 8b 4b ad 98 99 3c 0d 94 0c 3a 48 c9 | 00 58 d6 f7 f4 ed 83 cd 94 08 42 3d 10 6f b6 79 | a1 e3 3f 08 3c 45 93 db ef 9c c8 75 35 69 e3 59 | a8 88 bc af 56 71 f4 0c 11 9e ca b3 82 8a e2 0e | 22 89 13 aa 95 e4 40 eb 4c 1f e8 e5 34 1d ae 48 | d3 3b 4e 42 5f ad ea 56 c3 b4 fa 01 d1 75 01 eb | ac a5 1a a5 0c fe ad 56 90 50 0b 17 | releasing whack for #8 (sock=fd@-1) | releasing whack and unpending for parent #7 | unpending state #7 connection "east" | #8 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f848c002b78 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #8 | libevent_malloc: new ptr-libevent@0x55593e3f6c18 size 128 | resume sending helper answer for #7 suppresed complete_v2_state_transition() | #7 spent 4.15 milliseconds in resume sending helper answer | stop processing: state #8 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f8480005088 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00366 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00257 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 3c c7 e7 32 a2 61 31 ca 22 e8 2c 6a 77 f2 23 d8 | 6a de 81 7d 3b 47 29 d1 9d f7 1c ac 4e 84 1e 59 | 25 33 89 88 66 e5 b9 0e 79 cb d1 e0 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ae 1b cd 2e da cd 37 42 | responder cookie: | 2a c7 2c 58 e6 75 73 b1 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #7 in PARENT_R2 (find_v2_ike_sa) | start processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #7 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #7 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #7 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #7 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x7f8490006bb0 (size 20) | hmac: symkey-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3558 | result: clone-key@0x55593e3f7c30 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x55593e3ee6e0 from symkey-key@0x55593e3f7c30 | hmac prf: begin sha with context 0x55593e3ee6e0 from symkey-key@0x55593e3f7c30 | hmac: release clone-key@0x55593e3f7c30 | hmac PRF sha crypt-prf@0x55593e3ea3d8 | hmac PRF sha update data-bytes@0x55593e3dc198 (length 64) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 3c c7 e7 32 a2 61 31 ca 22 e8 2c 6a 77 f2 23 d8 | 6a de 81 7d 3b 47 29 d1 9d f7 1c ac 4e 84 1e 59 | hmac PRF sha final-bytes@0x7ffe993d3720 (length 20) | 25 33 89 88 66 e5 b9 0e 79 cb d1 e0 05 55 1c d6 | 29 b4 26 23 | data for hmac: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data for hmac: 3c c7 e7 32 a2 61 31 ca 22 e8 2c 6a 77 f2 23 d8 | data for hmac: 6a de 81 7d 3b 47 29 d1 9d f7 1c ac 4e 84 1e 59 | calculated auth: 25 33 89 88 66 e5 b9 0e 79 cb d1 e0 | provided auth: 25 33 89 88 66 e5 b9 0e 79 cb d1 e0 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 3c c7 e7 32 a2 61 31 ca 22 e8 2c 6a 77 f2 23 d8 | payload before decryption: | 6a de 81 7d 3b 47 29 d1 9d f7 1c ac 4e 84 1e 59 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 f4 28 fd 6d 00 01 02 03 | stripping 4 octets as pad | #7 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | ae 1b cd 2e da cd 37 42 | responder cookie: | 2a c7 2c 58 e6 75 73 b1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI f4 28 fd 6d | delete PROTO_v2_ESP SA(0xf428fd6d) | v2 CHILD SA #8 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #8 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xf428fd6d) "east" #7: received Delete SA payload: delete IPsec State #8 now | pstats #8 ikev2.child deleted completed | suspend processing: state #7 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #8 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #8: deleting other state #8 (STATE_V2_IPSEC_R) aged 0.083s and NOT sending notification | child state #8: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.f428fd6d@192.1.2.45 | get_sa_info esp.8155e56f@192.1.2.23 "east" #8: ESP traffic information: in=84B out=84B | child state #8: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #8 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55593e3f6c18 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f848c002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825163' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xf428fd6d | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1566825163' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0xf428fd6d SPI_OUT=0x8155e56f ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.f428fd6d@192.1.2.45 | netlink response for Del SA esp.f428fd6d@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.8155e56f@192.1.2.23 | netlink response for Del SA esp.8155e56f@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #8 in CHILDSA_DEL | child state #8: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #8 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #7 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55593e3e8620 | delete_state: release st->st_skey_ai_nss-key@0x7f8490006bb0 | delete_state: release st->st_skey_ar_nss-key@0x55593e3eef50 | delete_state: release st->st_skey_ei_nss-key@0x55593e3f0a20 | delete_state: release st->st_skey_er_nss-key@0x7f8480006650 | delete_state: release st->st_skey_pi_nss-key@0x7f848000b980 | delete_state: release st->st_skey_pr_nss-key@0x7f848000f0e0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs 81 55 e5 6f | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | b5 c6 9c 72 f6 73 a2 47 9a 36 70 85 b1 f1 a3 b4 | data before encryption: | 00 00 00 0c 03 04 00 01 81 55 e5 6f 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 13 31 cf 0b 85 e2 ce ae 08 6e 29 83 7d 41 e9 22 | hmac PRF sha init symkey-key@0x55593e3eef50 (size 20) | hmac: symkey-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3108 | result: clone-key@0x55593e3f7c30 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f848c002b50 from symkey-key@0x55593e3f7c30 | hmac prf: begin sha with context 0x7f848c002b50 from symkey-key@0x55593e3f7c30 | hmac: release clone-key@0x55593e3f7c30 | hmac PRF sha crypt-prf@0x55593e3eeed8 | hmac PRF sha update data-bytes@0x55593d4408c0 (length 64) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | b5 c6 9c 72 f6 73 a2 47 9a 36 70 85 b1 f1 a3 b4 | 13 31 cf 0b 85 e2 ce ae 08 6e 29 83 7d 41 e9 22 | hmac PRF sha final-bytes@0x55593d440900 (length 20) | af 2a f5 73 27 2d 23 43 f3 86 11 bb 87 69 9c f5 | a1 ca 44 58 | data being hmac: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: b5 c6 9c 72 f6 73 a2 47 9a 36 70 85 b1 f1 a3 b4 | data being hmac: 13 31 cf 0b 85 e2 ce ae 08 6e 29 83 7d 41 e9 22 | out calculated auth: | af 2a f5 73 27 2d 23 43 f3 86 11 bb | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #7) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | b5 c6 9c 72 f6 73 a2 47 9a 36 70 85 b1 f1 a3 b4 | 13 31 cf 0b 85 e2 ce ae 08 6e 29 83 7d 41 e9 22 | af 2a f5 73 27 2d 23 43 f3 86 11 bb | Message ID: #7 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #7 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #7 spent 1.16 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #7 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #7 to 2 after switching state | Message ID: recv #7 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #7 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #7: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 1.45 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.46 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00209 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 05 e9 c5 5b 7e 8a 5f 7e 42 f8 9d 28 cf 43 4e 8f | 44 92 e3 da 85 69 1d bc 8b cf 68 15 3b 63 fd 4b | 0b 72 ac d7 c8 58 46 d7 24 28 49 45 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ae 1b cd 2e da cd 37 42 | responder cookie: | 2a c7 2c 58 e6 75 73 b1 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #7 in PARENT_R2 (find_v2_ike_sa) | start processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #7 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #7 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #7 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #7 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x7f8490006bb0 (size 20) | hmac: symkey-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3558 | result: clone-key@0x55593e3f7c30 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f848c002b50 from symkey-key@0x55593e3f7c30 | hmac prf: begin sha with context 0x7f848c002b50 from symkey-key@0x55593e3f7c30 | hmac: release clone-key@0x55593e3f7c30 | hmac PRF sha crypt-prf@0x55593e3ea3d8 | hmac PRF sha update data-bytes@0x55593e3dc198 (length 64) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 05 e9 c5 5b 7e 8a 5f 7e 42 f8 9d 28 cf 43 4e 8f | 44 92 e3 da 85 69 1d bc 8b cf 68 15 3b 63 fd 4b | hmac PRF sha final-bytes@0x7ffe993d3720 (length 20) | 0b 72 ac d7 c8 58 46 d7 24 28 49 45 98 00 e6 cf | 9c 8a 73 d9 | data for hmac: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data for hmac: 05 e9 c5 5b 7e 8a 5f 7e 42 f8 9d 28 cf 43 4e 8f | data for hmac: 44 92 e3 da 85 69 1d bc 8b cf 68 15 3b 63 fd 4b | calculated auth: 0b 72 ac d7 c8 58 46 d7 24 28 49 45 | provided auth: 0b 72 ac d7 c8 58 46 d7 24 28 49 45 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 05 e9 c5 5b 7e 8a 5f 7e 42 f8 9d 28 cf 43 4e 8f | payload before decryption: | 44 92 e3 da 85 69 1d bc 8b cf 68 15 3b 63 fd 4b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #7 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | ae 1b cd 2e da cd 37 42 | responder cookie: | 2a c7 2c 58 e6 75 73 b1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 54 85 5f 4e 2f f6 5a 92 7c 27 74 cc d9 9b b9 cf | data before encryption: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 76 09 dc bd fd 8c 80 79 1e 31 64 16 4b 16 22 56 | hmac PRF sha init symkey-key@0x55593e3eef50 (size 20) | hmac: symkey-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3108 | result: clone-key@0x55593e3f7c30 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f848c002b50 from symkey-key@0x55593e3f7c30 | hmac prf: begin sha with context 0x7f848c002b50 from symkey-key@0x55593e3f7c30 | hmac: release clone-key@0x55593e3f7c30 | hmac PRF sha crypt-prf@0x55593e3eeed8 | hmac PRF sha update data-bytes@0x55593d4408c0 (length 64) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 54 85 5f 4e 2f f6 5a 92 7c 27 74 cc d9 9b b9 cf | 76 09 dc bd fd 8c 80 79 1e 31 64 16 4b 16 22 56 | hmac PRF sha final-bytes@0x55593d440900 (length 20) | 99 25 96 10 d0 de c0 84 42 2a c2 f3 3b cf 2d 18 | 5d 45 05 ac | data being hmac: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | data being hmac: 54 85 5f 4e 2f f6 5a 92 7c 27 74 cc d9 9b b9 cf | data being hmac: 76 09 dc bd fd 8c 80 79 1e 31 64 16 4b 16 22 56 | out calculated auth: | 99 25 96 10 d0 de c0 84 42 2a c2 f3 | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #7) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 54 85 5f 4e 2f f6 5a 92 7c 27 74 cc d9 9b b9 cf | 76 09 dc bd fd 8c 80 79 1e 31 64 16 4b 16 22 56 | 99 25 96 10 d0 de c0 84 42 2a c2 f3 | Message ID: #7 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #7 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #7: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #7 ikev2.ike deleted completed | #7 spent 10.2 milliseconds in total | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #7: deleting state (STATE_IKESA_DEL) aged 0.105s and NOT sending notification | parent state #7: IKESA_DEL(established IKE SA) => delete | state #7 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55593e3f6b68 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f8498002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #7 in IKESA_DEL | parent state #7: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f848c003a28: destroyed | stop processing: state #7 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x55593e3d5be0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55593e3e8620 | delete_state: release st->st_skey_ai_nss-key@0x7f8490006bb0 | delete_state: release st->st_skey_ar_nss-key@0x55593e3eef50 | delete_state: release st->st_skey_ei_nss-key@0x55593e3f0a20 | delete_state: release st->st_skey_er_nss-key@0x7f8480006650 | delete_state: release st->st_skey_pi_nss-key@0x7f848000b980 | delete_state: release st->st_skey_pr_nss-key@0x7f848000f0e0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #7 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #7 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.723 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00509 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00277 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | a1 a5 ef 5f b6 53 4e 06 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 58 c4 51 48 8f 18 8d 84 f7 39 d4 48 | 3a 1c fe ad c8 5f 2e 8e 63 98 34 0e 87 67 59 bf | 35 39 51 5d d6 4e b7 0a 5c 59 2f e8 d7 fc 33 94 | fc 66 6e 77 ae f2 99 a6 b1 fe 4d 11 a8 e4 c2 d4 | 4b dd 41 74 4b b6 3e 49 1c bb 90 6c 8f 27 e1 59 | 6a 31 38 4b b7 2d e2 29 31 fb 7b 46 45 4d 59 27 | 03 40 e3 ee 8a 1e bd 16 cb 0e 1f ec 28 4d 09 66 | fe e4 ec 25 9b 57 94 f7 45 12 a1 52 f6 51 ed e5 | f1 ae 95 15 27 d5 cd d6 f2 9b 71 ab 11 31 af 2e | 67 13 93 a1 38 e0 62 ea a4 ac ef 5a 02 1d b6 91 | 04 6e a4 d7 ae 8b b4 00 7f dc ee 87 b4 15 d8 6b | 32 09 bb 32 de 11 6c cb 3b 6b 8b fa 41 91 25 5c | 08 97 1b 83 4c b5 cd 92 87 82 75 98 cf 8e 58 a3 | 60 04 22 1e bc 55 0d 1d 90 c4 73 8e 47 69 71 22 | 7e 45 0f 79 53 bd af f0 bc 78 b6 89 53 29 f2 7a | 13 df d7 f6 86 df e7 61 40 30 eb de d8 8a ae f3 | b1 b9 43 04 29 00 00 24 8c 36 27 bd 7f 73 ac df | 7f 16 79 e3 5e d4 c9 1c 1b 63 52 c4 b8 7c 4f 1a | 39 6e dd f3 b8 1c a2 1e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 d4 d8 c2 c0 cf 69 ce a7 | 36 f8 2e f6 e8 49 32 69 c6 26 b9 8f 00 00 00 1c | 00 00 40 05 e5 72 1c 20 df fc fe 83 70 a2 09 85 | a8 b2 59 98 f6 c6 f1 c6 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a1 a5 ef 5f b6 53 4e 06 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x55593e3ea5d8 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x55593d434700 (length 32) | c4 5b 99 07 46 d6 b8 54 7e b5 91 29 51 b8 2a 78 | a9 67 8c 5b f0 7f 01 45 df c1 c8 27 69 7e 9f f4 | IKE SPIr hash sha2_256 digest counter-bytes@0x55593d4346e0 (length 4) | 06 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7ffe993d3d80 (length 32) | e8 44 78 5d d7 ab 7d 93 34 30 40 d7 3d 74 51 f3 | d4 e8 9e 17 52 fb 3a fc 38 b4 3a 62 ac 70 4a bc | creating state object #9 at 0x55593e3ed858 | State DB: adding IKEv2 state #9 in UNDEFINED | pstats #9 ikev2.ike started | Message ID: init #9: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #9: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #9; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #9 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #9 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #9 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #9 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #9 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #9 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #9 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #9: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 58 c4 51 48 8f 18 8d 84 f7 39 d4 48 3a 1c fe ad | c8 5f 2e 8e 63 98 34 0e 87 67 59 bf 35 39 51 5d | d6 4e b7 0a 5c 59 2f e8 d7 fc 33 94 fc 66 6e 77 | ae f2 99 a6 b1 fe 4d 11 a8 e4 c2 d4 4b dd 41 74 | 4b b6 3e 49 1c bb 90 6c 8f 27 e1 59 6a 31 38 4b | b7 2d e2 29 31 fb 7b 46 45 4d 59 27 03 40 e3 ee | 8a 1e bd 16 cb 0e 1f ec 28 4d 09 66 fe e4 ec 25 | 9b 57 94 f7 45 12 a1 52 f6 51 ed e5 f1 ae 95 15 | 27 d5 cd d6 f2 9b 71 ab 11 31 af 2e 67 13 93 a1 | 38 e0 62 ea a4 ac ef 5a 02 1d b6 91 04 6e a4 d7 | ae 8b b4 00 7f dc ee 87 b4 15 d8 6b 32 09 bb 32 | de 11 6c cb 3b 6b 8b fa 41 91 25 5c 08 97 1b 83 | 4c b5 cd 92 87 82 75 98 cf 8e 58 a3 60 04 22 1e | bc 55 0d 1d 90 c4 73 8e 47 69 71 22 7e 45 0f 79 | 53 bd af f0 bc 78 b6 89 53 29 f2 7a 13 df d7 f6 | 86 df e7 61 40 30 eb de d8 8a ae f3 b1 b9 43 04 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3780 (length 8) | a1 a5 ef 5f b6 53 4e 06 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3788 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe993d3714 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe993d3706 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3790 (length 20) | e5 72 1c 20 df fc fe 83 70 a2 09 85 a8 b2 59 98 | f6 c6 f1 c6 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= a1 a5 ef 5f b6 53 4e 06 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= e5 72 1c 20 df fc fe 83 70 a2 09 85 a8 b2 59 98 | natd_hash: hash= f6 c6 f1 c6 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3780 (length 8) | a1 a5 ef 5f b6 53 4e 06 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3788 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe993d3714 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe993d3706 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d37b0 (length 20) | d4 d8 c2 c0 cf 69 ce a7 36 f8 2e f6 e8 49 32 69 | c6 26 b9 8f | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= a1 a5 ef 5f b6 53 4e 06 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= d4 d8 c2 c0 cf 69 ce a7 36 f8 2e f6 e8 49 32 69 | natd_hash: hash= c6 26 b9 8f | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 7 for state #9 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f8498002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f8480005088 size 128 | #9 spent 0.207 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #9 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #9 and saving MD | #9 is busy; has a suspended MD | crypto helper 3 resuming | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | crypto helper 3 starting work-order 7 for state #9 | "east" #9 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | crypto helper 3 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 7 | stop processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 0.52 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.528 milliseconds in comm_handle_cb() reading and processing packet | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f8484003a28: created | NSS: Local DH MODP2048 secret (pointer): 0x7f8484003a28 | NSS: Public DH wire value: | c4 1e 8b 7d 62 1e 50 13 6b 35 55 83 81 5e 57 88 | ff cd ef 1b 91 fc 46 65 70 0e 42 86 ce 8f f2 87 | cb 8f d6 eb d1 44 f3 c4 3f 31 6a ff 2e 32 f2 48 | 79 56 2c 8f 34 e6 65 ea ac 4f bf f8 f0 5e 32 ac | 4f f7 ce 4d 68 f8 b2 0e 41 07 67 89 dc 16 9d 9f | 6c ca e5 02 69 ed 5c 6c 2a 21 c9 8f 9b 42 28 a2 | ab e2 1a 33 09 7c b3 cc 86 b6 da c4 d4 02 c1 47 | a8 c7 72 c1 d8 9a ff e0 ac 79 cc 92 be 7d 17 31 | 02 9c 57 8d e0 ff 1f 0b c9 ba 53 be 1a 59 2b aa | c4 43 0f b3 b2 5e 67 c1 1d eb 4e 06 08 ca 15 42 | 88 34 5a f1 e5 99 f1 9d 43 6b ee 32 41 87 79 c3 | ae e3 cb 0c 87 54 cb 94 3c f2 f5 d7 3e 12 71 30 | 30 4a 3e 88 fd b7 16 b5 de cd 89 36 ea 11 00 2a | ce 5d e1 fe c2 1d 64 d1 c6 37 f4 c8 ea 31 25 e4 | 9f 74 f2 80 aa a0 68 79 ea 7e ee 9e 43 77 b9 5b | 8d 97 aa f3 03 85 ae 6b 07 4c 36 87 f3 8b c8 c0 | Generated nonce: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | Generated nonce: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | crypto helper 3 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 7 time elapsed 0.000734 seconds | (#9) spent 0.739 milliseconds in crypto helper computing work-order 7: ikev2_inI1outR1 KE (pcr) | crypto helper 3 sending results from work-order 7 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f8484002888 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #9 | start processing: state #9 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 7 | calling continuation function 0x55593d342b50 | ikev2_parent_inI1outR1_continue for #9: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | a1 a5 ef 5f b6 53 4e 06 | responder cookie: | e8 44 78 5d d7 ab 7d 93 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f8484003a28: transferring ownership from helper KE to state #9 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x c4 1e 8b 7d 62 1e 50 13 6b 35 55 83 81 5e 57 88 | ikev2 g^x ff cd ef 1b 91 fc 46 65 70 0e 42 86 ce 8f f2 87 | ikev2 g^x cb 8f d6 eb d1 44 f3 c4 3f 31 6a ff 2e 32 f2 48 | ikev2 g^x 79 56 2c 8f 34 e6 65 ea ac 4f bf f8 f0 5e 32 ac | ikev2 g^x 4f f7 ce 4d 68 f8 b2 0e 41 07 67 89 dc 16 9d 9f | ikev2 g^x 6c ca e5 02 69 ed 5c 6c 2a 21 c9 8f 9b 42 28 a2 | ikev2 g^x ab e2 1a 33 09 7c b3 cc 86 b6 da c4 d4 02 c1 47 | ikev2 g^x a8 c7 72 c1 d8 9a ff e0 ac 79 cc 92 be 7d 17 31 | ikev2 g^x 02 9c 57 8d e0 ff 1f 0b c9 ba 53 be 1a 59 2b aa | ikev2 g^x c4 43 0f b3 b2 5e 67 c1 1d eb 4e 06 08 ca 15 42 | ikev2 g^x 88 34 5a f1 e5 99 f1 9d 43 6b ee 32 41 87 79 c3 | ikev2 g^x ae e3 cb 0c 87 54 cb 94 3c f2 f5 d7 3e 12 71 30 | ikev2 g^x 30 4a 3e 88 fd b7 16 b5 de cd 89 36 ea 11 00 2a | ikev2 g^x ce 5d e1 fe c2 1d 64 d1 c6 37 f4 c8 ea 31 25 e4 | ikev2 g^x 9f 74 f2 80 aa a0 68 79 ea 7e ee 9e 43 77 b9 5b | ikev2 g^x 8d 97 aa f3 03 85 ae 6b 07 4c 36 87 f3 8b c8 c0 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | IKEv2 nonce 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3cc0 (length 8) | a1 a5 ef 5f b6 53 4e 06 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3cc8 (length 8) | e8 44 78 5d d7 ab 7d 93 | NATD hash sha digest IP addr-bytes@0x7ffe993d3bf4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe993d3be6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3c70 (length 20) | 1e 11 bd 1d f7 6a ec c7 25 b8 d4 e5 86 27 73 4a | 78 a9 24 bd | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= a1 a5 ef 5f b6 53 4e 06 | natd_hash: rcookie= e8 44 78 5d d7 ab 7d 93 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 1e 11 bd 1d f7 6a ec c7 25 b8 d4 e5 86 27 73 4a | natd_hash: hash= 78 a9 24 bd | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 1e 11 bd 1d f7 6a ec c7 25 b8 d4 e5 86 27 73 4a | Notify data 78 a9 24 bd | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3cc0 (length 8) | a1 a5 ef 5f b6 53 4e 06 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3cc8 (length 8) | e8 44 78 5d d7 ab 7d 93 | NATD hash sha digest IP addr-bytes@0x7ffe993d3bf4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe993d3be6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3c70 (length 20) | 74 5c 12 01 32 d7 d6 9b e8 74 77 d2 86 ce b4 b4 | 8c fb 28 85 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= a1 a5 ef 5f b6 53 4e 06 | natd_hash: rcookie= e8 44 78 5d d7 ab 7d 93 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 74 5c 12 01 32 d7 d6 9b e8 74 77 d2 86 ce b4 b4 | natd_hash: hash= 8c fb 28 85 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 74 5c 12 01 32 d7 d6 9b e8 74 77 d2 86 ce b4 b4 | Notify data 8c fb 28 85 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #9 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #9: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #9 to 0 after switching state | Message ID: recv #9 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #9 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #9: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #9) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 c4 1e 8b 7d 62 1e 50 13 6b 35 55 83 | 81 5e 57 88 ff cd ef 1b 91 fc 46 65 70 0e 42 86 | ce 8f f2 87 cb 8f d6 eb d1 44 f3 c4 3f 31 6a ff | 2e 32 f2 48 79 56 2c 8f 34 e6 65 ea ac 4f bf f8 | f0 5e 32 ac 4f f7 ce 4d 68 f8 b2 0e 41 07 67 89 | dc 16 9d 9f 6c ca e5 02 69 ed 5c 6c 2a 21 c9 8f | 9b 42 28 a2 ab e2 1a 33 09 7c b3 cc 86 b6 da c4 | d4 02 c1 47 a8 c7 72 c1 d8 9a ff e0 ac 79 cc 92 | be 7d 17 31 02 9c 57 8d e0 ff 1f 0b c9 ba 53 be | 1a 59 2b aa c4 43 0f b3 b2 5e 67 c1 1d eb 4e 06 | 08 ca 15 42 88 34 5a f1 e5 99 f1 9d 43 6b ee 32 | 41 87 79 c3 ae e3 cb 0c 87 54 cb 94 3c f2 f5 d7 | 3e 12 71 30 30 4a 3e 88 fd b7 16 b5 de cd 89 36 | ea 11 00 2a ce 5d e1 fe c2 1d 64 d1 c6 37 f4 c8 | ea 31 25 e4 9f 74 f2 80 aa a0 68 79 ea 7e ee 9e | 43 77 b9 5b 8d 97 aa f3 03 85 ae 6b 07 4c 36 87 | f3 8b c8 c0 29 00 00 24 e4 12 d1 81 ce 74 fb 40 | fa 67 f0 1f 7f 49 83 58 3b 9a 3e 26 c6 7b 8b 8c | 92 28 3c b2 78 c0 1d 44 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 1e 11 bd 1d f7 6a ec c7 | 25 b8 d4 e5 86 27 73 4a 78 a9 24 bd 00 00 00 1c | 00 00 40 05 74 5c 12 01 32 d7 d6 9b e8 74 77 d2 | 86 ce b4 b4 8c fb 28 85 | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f8480005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f8498002b78 | event_schedule: new EVENT_SO_DISCARD-pe@0x7f8498002b78 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #9 | libevent_malloc: new ptr-libevent@0x55593e3f95d8 size 128 | resume sending helper answer for #9 suppresed complete_v2_state_transition() | #9 spent 0.347 milliseconds in resume sending helper answer | stop processing: state #9 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f8484002888 | spent 0.00264 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 220 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | f1 70 62 27 80 ef c5 32 c9 9a 70 71 3d f7 94 9b | 03 7d e4 39 f9 d0 28 dd 97 5c 77 41 bb 17 c5 e3 | ba 9e 8e 5b 02 11 c6 09 30 cb 0c 82 23 01 e8 d1 | 77 49 b7 ca f6 73 57 d9 d8 d9 04 cb ca df 23 99 | 34 5b 06 a2 0d c5 e3 1e 5d 42 02 67 8a 80 1f 39 | 20 5b 0e be 53 c2 f8 db a7 2e 4a ad 39 77 27 c1 | b9 1b e2 c3 cd 73 fc 1c 6a 2b d6 f4 54 e4 c0 fd | 4f 8e 82 2b 37 74 0c ba f5 89 45 ef a4 d1 2e 49 | 96 2a 96 28 cf 9a cb 40 bb 6a 91 c2 d2 91 8f 48 | 97 9e b0 32 16 c2 b8 c9 27 80 c1 66 37 d7 2d 54 | 8d 87 c1 1e 9b d4 08 53 7a 64 47 a9 6a 9e c2 df | 3c 91 dd 2b cc fb 55 8d 4b 10 e5 b7 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a1 a5 ef 5f b6 53 4e 06 | responder cookie: | e8 44 78 5d d7 ab 7d 93 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 220 (0xdc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #9 in PARENT_R1 (find_v2_ike_sa) | start processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #9 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #9 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 192 (0xc0) | processing payload: ISAKMP_NEXT_v2SK (len=188) | Message ID: start-responder #9 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #9 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f8484003a28: transferring ownership from state #9 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 8 for state #9 | state #9 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x55593e3f95d8 | free_event_entry: release EVENT_SO_DISCARD-pe@0x7f8498002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f8498002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f8484002888 size 128 | #9 spent 0.0255 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #9 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #9 and saving MD | #9 is busy; has a suspended MD | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #9 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 0.128 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.136 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 0 resuming | crypto helper 0 starting work-order 8 for state #9 | crypto helper 0 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 8 | peer's g: 58 c4 51 48 8f 18 8d 84 f7 39 d4 48 3a 1c fe ad | peer's g: c8 5f 2e 8e 63 98 34 0e 87 67 59 bf 35 39 51 5d | peer's g: d6 4e b7 0a 5c 59 2f e8 d7 fc 33 94 fc 66 6e 77 | peer's g: ae f2 99 a6 b1 fe 4d 11 a8 e4 c2 d4 4b dd 41 74 | peer's g: 4b b6 3e 49 1c bb 90 6c 8f 27 e1 59 6a 31 38 4b | peer's g: b7 2d e2 29 31 fb 7b 46 45 4d 59 27 03 40 e3 ee | peer's g: 8a 1e bd 16 cb 0e 1f ec 28 4d 09 66 fe e4 ec 25 | peer's g: 9b 57 94 f7 45 12 a1 52 f6 51 ed e5 f1 ae 95 15 | peer's g: 27 d5 cd d6 f2 9b 71 ab 11 31 af 2e 67 13 93 a1 | peer's g: 38 e0 62 ea a4 ac ef 5a 02 1d b6 91 04 6e a4 d7 | peer's g: ae 8b b4 00 7f dc ee 87 b4 15 d8 6b 32 09 bb 32 | peer's g: de 11 6c cb 3b 6b 8b fa 41 91 25 5c 08 97 1b 83 | peer's g: 4c b5 cd 92 87 82 75 98 cf 8e 58 a3 60 04 22 1e | peer's g: bc 55 0d 1d 90 c4 73 8e 47 69 71 22 7e 45 0f 79 | peer's g: 53 bd af f0 bc 78 b6 89 53 29 f2 7a 13 df d7 f6 | peer's g: 86 df e7 61 40 30 eb de d8 8a ae f3 b1 b9 43 04 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f848000f0e0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f8484003a28: computed shared DH secret key@0x7f848000f0e0 | dh-shared : g^ir-key@0x7f848000f0e0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f8498003b28 (length 64) | 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2f816e0 | result: Ni | Nr-key@0x7f8480006650 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x7f8480006650 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f816c8 | result: Ni | Nr-key@0x7f848000b980 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x7f8480006650 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f8498001410 from Ni | Nr-key@0x7f848000b980 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f8498001410 from Ni | Nr-key@0x7f848000b980 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f848000b980 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f8498001278 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f848000f0e0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f848000f0e0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f848000f0e0 | nss hmac digest hack: symkey-key@0x7f848000f0e0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1027334338: 38 d8 66 45 c8 76 86 a9 06 6b 6c 04 61 8a 34 79 98 ed 15 84 c1 95 a2 49 63 17 a6 bd 39 13 aa a6 23 6a 7d bd fd 3f 13 de f8 4f 73 52 0d 0a b6 6a 00 ba ed f0 51 19 9b 0c d9 e2 d6 ba 8c 91 26 66 ff 1f 3f a6 a9 4e 7f 9d b1 a6 93 13 af ad 50 2c 4c fd b4 8f 03 b1 94 65 4d cc 31 13 3a 51 14 97 f5 da df 40 d5 85 02 54 c1 a9 3e e5 2d a3 5f ee 57 0d ae 82 f9 dc 7c bc c3 2a 97 16 b4 57 cd aa bc 5e 30 24 7e d6 6b 76 1e aa a4 95 f2 6d 80 9d a7 80 e2 65 98 af 30 de 86 03 96 8b 00 9a 7c 69 40 07 00 10 b2 33 35 0f f9 5c 6a 1c f5 5c 21 94 fc 3d f8 cb ae bd 74 af 74 51 ab e4 b0 00 d2 c9 37 57 50 07 44 03 24 8c 56 ac 6a b6 84 f0 b9 93 16 ca 57 db 23 d5 7f e1 68 38 98 11 78 3a 7d 55 af 9d d7 fb a8 63 7e 82 58 86 ea f0 16 95 93 bc ba bc f8 6a a7 0b f8 99 b6 12 de ba 80 11 0a 97 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 256 bytes at 0x7f84980047c8 | unwrapped: 88 7e 39 b6 16 36 db 61 4f a2 fb 99 7d cb 96 8a | unwrapped: e1 85 4d 21 66 ef ad 23 ef f2 43 9e d5 e2 90 30 | unwrapped: cd 98 bf 1c ad 15 7b 07 ae a9 88 ba f9 89 c4 3b | unwrapped: 19 7b a0 48 df ea ff 5b 8b 48 f5 9b db 68 b3 41 | unwrapped: 3c f5 1a 00 ab 9b 7a 62 dc 1c d4 a8 a4 31 2b d6 | unwrapped: ba 1a 1e 40 80 f1 c7 6e 30 7c e4 1e 80 f6 b2 78 | unwrapped: 1c 74 89 48 91 62 7f 4b de aa 49 a9 d9 7c 8f 88 | unwrapped: eb 85 56 10 9e 16 ec b4 0f 87 a0 bf d6 50 dc d5 | unwrapped: ba 20 32 f0 5f d0 ad 95 3b 8a 56 0e 0a db 2d ce | unwrapped: 0d 67 96 59 13 e6 bd 47 0a d3 0b 80 8f 7e bc 23 | unwrapped: c2 fd 2d 5f 00 fc db b5 0a a7 15 54 7f fe 42 2a | unwrapped: 2a 3b 9a fc d7 ad 06 0e 8d ea 6e 20 10 ae 2e cf | unwrapped: d0 d5 1e f3 10 5a f8 03 30 8a 1b 59 9d 96 2b 1b | unwrapped: 33 1d 36 be a3 6f 1f 89 03 86 ab 65 d1 bc 7d 55 | unwrapped: 3b 51 c9 de 25 52 8a 62 e4 47 c4 a0 ac f1 55 ff | unwrapped: 41 26 0a 93 07 0b b8 53 34 ec 80 38 f2 41 20 95 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2f81700 | result: final-key@0x7f8480006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f8480006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f816e8 | result: final-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f8480006650 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f848000b980 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2f81670 | result: data=Ni-key@0x55593e3f0a20 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55593e3f0a20 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f81658 | result: data=Ni-key@0x7f8480006650 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55593e3f0a20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f8480006650 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a2f81660 | result: data+=Nr-key@0x55593e3f0a20 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f8480006650 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3f0a20 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a2f81660 | result: data+=SPIi-key@0x7f8480006650 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3f0a20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f8480006650 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a2f81660 | result: data+=SPIr-key@0x55593e3f0a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f8480006650 | prf+0 PRF sha init key-key@0x7f848000b980 (size 20) | prf+0: key-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f81588 | result: clone-key@0x7f8480006650 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f8498001410 from key-key@0x7f8480006650 | prf+0 prf: begin sha with context 0x7f8498001410 from key-key@0x7f8480006650 | prf+0: release clone-key@0x7f8480006650 | prf+0 PRF sha crypt-prf@0x7f8498002168 | prf+0 PRF sha update seed-key@0x55593e3f0a20 (size 80) | prf+0: seed-key@0x55593e3f0a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3f0a20 | nss hmac digest hack: symkey-key@0x55593e3f0a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 76 6e 8b 12 00 27 26 31 b7 7a cd 6c d3 1b 8b 52 64 94 90 7d e3 20 3a 96 ca df 20 df 59 35 87 a2 9e 92 be fd a0 a7 90 76 6a 85 37 67 bb b1 c1 9f 8a 4f 4f 93 6d eb bf 9e 70 97 c2 0e c0 86 48 1c 93 9a 4c da 7b b4 46 6b 23 ac db ae a0 29 b1 2d | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8498005938 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | unwrapped: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2f81590 | result: final-key@0x55593e3eef50 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3eef50 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f81578 | result: final-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3eef50 | prf+0 PRF sha final-key@0x7f8480006650 (size 20) | prf+0: key-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f8480006650 | prf+N PRF sha init key-key@0x7f848000b980 (size 20) | prf+N: key-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f81588 | result: clone-key@0x55593e3eef50 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8498001410 from key-key@0x55593e3eef50 | prf+N prf: begin sha with context 0x7f8498001410 from key-key@0x55593e3eef50 | prf+N: release clone-key@0x55593e3eef50 | prf+N PRF sha crypt-prf@0x7f84980048f8 | prf+N PRF sha update old_t-key@0x7f8480006650 (size 20) | prf+N: old_t-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f8480006650 | nss hmac digest hack: symkey-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 9d 2d 4e 48 89 5a b3 66 46 1a 97 e5 2e ff 3a bc bb 71 b5 f7 eb 28 97 fd 65 d2 9f 6b 69 eb 16 28 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8498002b28 | unwrapped: b0 32 79 1d 90 17 a0 2c 80 e9 cf 25 43 23 65 0f | unwrapped: 90 29 60 39 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f0a20 (size 80) | prf+N: seed-key@0x55593e3f0a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3f0a20 | nss hmac digest hack: symkey-key@0x55593e3f0a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 76 6e 8b 12 00 27 26 31 b7 7a cd 6c d3 1b 8b 52 64 94 90 7d e3 20 3a 96 ca df 20 df 59 35 87 a2 9e 92 be fd a0 a7 90 76 6a 85 37 67 bb b1 c1 9f 8a 4f 4f 93 6d eb bf 9e 70 97 c2 0e c0 86 48 1c 93 9a 4c da 7b b4 46 6b 23 ac db ae a0 29 b1 2d | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f84980058b8 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | unwrapped: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2f81590 | result: final-key@0x7f8490006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f81578 | result: final-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f8490006bb0 | prf+N PRF sha final-key@0x55593e3eef50 (size 20) | prf+N: key-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a2f81608 | result: result-key@0x7f8490006bb0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f8480006650 | prfplus: release old_t[N]-key@0x7f8480006650 | prf+N PRF sha init key-key@0x7f848000b980 (size 20) | prf+N: key-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f81588 | result: clone-key@0x7f8480006650 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8498001410 from key-key@0x7f8480006650 | prf+N prf: begin sha with context 0x7f8498001410 from key-key@0x7f8480006650 | prf+N: release clone-key@0x7f8480006650 | prf+N PRF sha crypt-prf@0x7f8498002168 | prf+N PRF sha update old_t-key@0x55593e3eef50 (size 20) | prf+N: old_t-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3eef50 | nss hmac digest hack: symkey-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 1e 82 b7 9a c3 39 a1 e4 f2 17 90 ba e3 ff ff ed a9 98 0f 9a e2 21 27 32 58 a1 c5 ef 46 fd 4b e9 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8498001278 | unwrapped: 20 ff 13 33 a3 07 d4 16 2c 5b 31 71 11 f4 f8 65 | unwrapped: 0c bd 05 3d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f0a20 (size 80) | prf+N: seed-key@0x55593e3f0a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3f0a20 | nss hmac digest hack: symkey-key@0x55593e3f0a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 76 6e 8b 12 00 27 26 31 b7 7a cd 6c d3 1b 8b 52 64 94 90 7d e3 20 3a 96 ca df 20 df 59 35 87 a2 9e 92 be fd a0 a7 90 76 6a 85 37 67 bb b1 c1 9f 8a 4f 4f 93 6d eb bf 9e 70 97 c2 0e c0 86 48 1c 93 9a 4c da 7b b4 46 6b 23 ac db ae a0 29 b1 2d | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8498005938 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | unwrapped: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2f81590 | result: final-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f81578 | result: final-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3e8620 | prf+N PRF sha final-key@0x7f8480006650 (size 20) | prf+N: key-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f8490006bb0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a2f81608 | result: result-key@0x55593e3e8620 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f8490006bb0 | prfplus: release old_t[N]-key@0x55593e3eef50 | prf+N PRF sha init key-key@0x7f848000b980 (size 20) | prf+N: key-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f81588 | result: clone-key@0x55593e3eef50 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8498001410 from key-key@0x55593e3eef50 | prf+N prf: begin sha with context 0x7f8498001410 from key-key@0x55593e3eef50 | prf+N: release clone-key@0x55593e3eef50 | prf+N PRF sha crypt-prf@0x7f8498002b28 | prf+N PRF sha update old_t-key@0x7f8480006650 (size 20) | prf+N: old_t-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f8480006650 | nss hmac digest hack: symkey-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 13 5f 17 d4 65 d2 4f c5 3a e4 21 35 58 77 15 b1 82 04 8c 83 44 c4 d6 74 9b 83 bc fc bc 84 17 6a | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8498006338 | unwrapped: 95 42 35 74 61 05 9f 5f 50 ff a2 23 36 1a 62 7f | unwrapped: c0 9a 53 8d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f0a20 (size 80) | prf+N: seed-key@0x55593e3f0a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3f0a20 | nss hmac digest hack: symkey-key@0x55593e3f0a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 76 6e 8b 12 00 27 26 31 b7 7a cd 6c d3 1b 8b 52 64 94 90 7d e3 20 3a 96 ca df 20 df 59 35 87 a2 9e 92 be fd a0 a7 90 76 6a 85 37 67 bb b1 c1 9f 8a 4f 4f 93 6d eb bf 9e 70 97 c2 0e c0 86 48 1c 93 9a 4c da 7b b4 46 6b 23 ac db ae a0 29 b1 2d | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f84980058b8 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | unwrapped: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2f81590 | result: final-key@0x7f8490006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f81578 | result: final-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f8490006bb0 | prf+N PRF sha final-key@0x55593e3eef50 (size 20) | prf+N: key-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3e8620 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a2f81608 | result: result-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3e8620 | prfplus: release old_t[N]-key@0x7f8480006650 | prf+N PRF sha init key-key@0x7f848000b980 (size 20) | prf+N: key-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f81588 | result: clone-key@0x7f8480006650 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8498001410 from key-key@0x7f8480006650 | prf+N prf: begin sha with context 0x7f8498001410 from key-key@0x7f8480006650 | prf+N: release clone-key@0x7f8480006650 | prf+N PRF sha crypt-prf@0x7f84980048f8 | prf+N PRF sha update old_t-key@0x55593e3eef50 (size 20) | prf+N: old_t-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3eef50 | nss hmac digest hack: symkey-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 7e 2d 78 b4 dd 5f b3 7d 17 e0 e9 f3 52 77 ff 41 85 13 47 90 82 8c 38 d5 1a 00 6d b2 0b ce 25 a9 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8498001278 | unwrapped: fc 50 01 c6 4b e8 65 87 81 90 d9 2a c5 b2 ee 0d | unwrapped: 8d d5 07 87 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f0a20 (size 80) | prf+N: seed-key@0x55593e3f0a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3f0a20 | nss hmac digest hack: symkey-key@0x55593e3f0a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 76 6e 8b 12 00 27 26 31 b7 7a cd 6c d3 1b 8b 52 64 94 90 7d e3 20 3a 96 ca df 20 df 59 35 87 a2 9e 92 be fd a0 a7 90 76 6a 85 37 67 bb b1 c1 9f 8a 4f 4f 93 6d eb bf 9e 70 97 c2 0e c0 86 48 1c 93 9a 4c da 7b b4 46 6b 23 ac db ae a0 29 b1 2d | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8498005938 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | unwrapped: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2f81590 | result: final-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f81578 | result: final-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3e8620 | prf+N PRF sha final-key@0x7f8480006650 (size 20) | prf+N: key-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a2f81608 | result: result-key@0x55593e3e8620 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f8490006bb0 | prfplus: release old_t[N]-key@0x55593e3eef50 | prf+N PRF sha init key-key@0x7f848000b980 (size 20) | prf+N: key-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f81588 | result: clone-key@0x55593e3eef50 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8498005b10 from key-key@0x55593e3eef50 | prf+N prf: begin sha with context 0x7f8498005b10 from key-key@0x55593e3eef50 | prf+N: release clone-key@0x55593e3eef50 | prf+N PRF sha crypt-prf@0x7f8498002168 | prf+N PRF sha update old_t-key@0x7f8480006650 (size 20) | prf+N: old_t-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f8480006650 | nss hmac digest hack: symkey-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 71 12 8f f6 52 7a cc 2e c8 e8 57 83 f0 1a 63 e6 a9 f4 08 3e 49 0c ad 3b 13 2d 7a 03 3f 67 5a a3 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8498002b28 | unwrapped: d0 27 57 83 38 3d 2c 91 b0 cb b5 bd 48 29 9f 87 | unwrapped: ed c0 0a e1 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f0a20 (size 80) | prf+N: seed-key@0x55593e3f0a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3f0a20 | nss hmac digest hack: symkey-key@0x55593e3f0a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 76 6e 8b 12 00 27 26 31 b7 7a cd 6c d3 1b 8b 52 64 94 90 7d e3 20 3a 96 ca df 20 df 59 35 87 a2 9e 92 be fd a0 a7 90 76 6a 85 37 67 bb b1 c1 9f 8a 4f 4f 93 6d eb bf 9e 70 97 c2 0e c0 86 48 1c 93 9a 4c da 7b b4 46 6b 23 ac db ae a0 29 b1 2d | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f84980058b8 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | unwrapped: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2f81590 | result: final-key@0x7f8490006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f81578 | result: final-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f8490006bb0 | prf+N PRF sha final-key@0x55593e3eef50 (size 20) | prf+N: key-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3e8620 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a2f81608 | result: result-key@0x7f8490006bb0 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3e8620 | prfplus: release old_t[N]-key@0x7f8480006650 | prf+N PRF sha init key-key@0x7f848000b980 (size 20) | prf+N: key-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f81588 | result: clone-key@0x7f8480006650 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8498001410 from key-key@0x7f8480006650 | prf+N prf: begin sha with context 0x7f8498001410 from key-key@0x7f8480006650 | prf+N: release clone-key@0x7f8480006650 | prf+N PRF sha crypt-prf@0x7f84980048f8 | prf+N PRF sha update old_t-key@0x55593e3eef50 (size 20) | prf+N: old_t-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3eef50 | nss hmac digest hack: symkey-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 15 04 ff c9 10 f3 8b 88 67 04 82 e9 8f e7 40 18 5c d0 05 5c e5 c5 61 d4 55 9b 30 37 f7 22 dc 0f | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8498001278 | unwrapped: ad a0 89 01 df ab 13 c9 44 c0 c3 d7 ad d6 5e 80 | unwrapped: 56 6c 67 76 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f0a20 (size 80) | prf+N: seed-key@0x55593e3f0a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3f0a20 | nss hmac digest hack: symkey-key@0x55593e3f0a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 76 6e 8b 12 00 27 26 31 b7 7a cd 6c d3 1b 8b 52 64 94 90 7d e3 20 3a 96 ca df 20 df 59 35 87 a2 9e 92 be fd a0 a7 90 76 6a 85 37 67 bb b1 c1 9f 8a 4f 4f 93 6d eb bf 9e 70 97 c2 0e c0 86 48 1c 93 9a 4c da 7b b4 46 6b 23 ac db ae a0 29 b1 2d | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f84980068d8 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | unwrapped: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a2f81590 | result: final-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f81578 | result: final-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3e8620 | prf+N PRF sha final-key@0x7f8480006650 (size 20) | prf+N: key-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f8490006bb0 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a2f81608 | result: result-key@0x55593e3e8620 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f8490006bb0 | prfplus: release old_t[N]-key@0x55593e3eef50 | prfplus: release old_t[final]-key@0x7f8480006650 | ike_sa_keymat: release data-key@0x55593e3f0a20 | calc_skeyseed_v2: release skeyseed_k-key@0x7f848000b980 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f817a8 | result: result-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f817a8 | result: result-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f817a8 | result: result-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55593e3e8620 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f817b8 | result: SK_ei_k-key@0x55593e3eef50 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55593e3e8620 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f817b8 | result: SK_er_k-key@0x7f8490006bb0 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f817b8 | result: result-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x55593e3d5be0 | chunk_SK_pi: symkey-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: d2 7d 41 c3 ad 93 5c 8b 0d ef e5 9a 53 58 d8 b7 b4 67 c3 7d 6d 2c 27 a2 bb 28 32 d1 bb d1 6a 3a | chunk_SK_pi: release slot-key-key@0x55593e3d0e50 | chunk_SK_pi extracted len 32 bytes at 0x7f8498002168 | unwrapped: 48 29 9f 87 ed c0 0a e1 ad a0 89 01 df ab 13 c9 | unwrapped: 44 c0 c3 d7 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a2f817b8 | result: result-key@0x55593e3f7c30 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x55593e3f7c30 | chunk_SK_pr: symkey-key@0x55593e3f7c30 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 85 6d ff d8 cd 7a 5c 74 30 de fe f7 26 33 13 f9 c7 76 ca 59 b1 31 87 1e 9c d4 8d 4c f8 c3 8b fb | chunk_SK_pr: release slot-key-key@0x55593e3d0e50 | chunk_SK_pr extracted len 32 bytes at 0x7f8498001278 | unwrapped: ad d6 5e 80 56 6c 67 76 d3 71 0f ee ed 2b 33 6f | unwrapped: f1 15 12 b7 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x55593e3e8620 | calc_skeyseed_v2 pointers: shared-key@0x7f848000f0e0, SK_d-key@0x7f848000b980, SK_ai-key@0x55593e3f0a20, SK_ar-key@0x7f8480006650, SK_ei-key@0x55593e3eef50, SK_er-key@0x7f8490006bb0, SK_pi-key@0x55593e3d5be0, SK_pr-key@0x55593e3f7c30 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 48 29 9f 87 ed c0 0a e1 ad a0 89 01 df ab 13 c9 | 44 c0 c3 d7 | calc_skeyseed_v2 SK_pr | ad d6 5e 80 56 6c 67 76 d3 71 0f ee ed 2b 33 6f | f1 15 12 b7 | crypto helper 0 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 8 time elapsed 0.001873 seconds | (#9) spent 1.87 milliseconds in crypto helper computing work-order 8: ikev2_inI2outR2 KE (pcr) | crypto helper 0 sending results from work-order 8 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f84980044f8 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #9 | start processing: state #9 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 8 | calling continuation function 0x55593d342b50 | ikev2_parent_inI2outR2_continue for #9: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f8484003a28: transferring ownership from helper IKEv2 DH to state #9 | finish_dh_v2: release st_shared_nss-key@NULL | #9 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x55593e3f0a20 (size 20) | hmac: symkey-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3618 | result: clone-key@0x55593e3e8620 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8484002b50 from symkey-key@0x55593e3e8620 | hmac prf: begin sha with context 0x7f8484002b50 from symkey-key@0x55593e3e8620 | hmac: release clone-key@0x55593e3e8620 | hmac PRF sha crypt-prf@0x55593e3ee8d8 | hmac PRF sha update data-bytes@0x7f8490000b48 (length 208) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | f1 70 62 27 80 ef c5 32 c9 9a 70 71 3d f7 94 9b | 03 7d e4 39 f9 d0 28 dd 97 5c 77 41 bb 17 c5 e3 | ba 9e 8e 5b 02 11 c6 09 30 cb 0c 82 23 01 e8 d1 | 77 49 b7 ca f6 73 57 d9 d8 d9 04 cb ca df 23 99 | 34 5b 06 a2 0d c5 e3 1e 5d 42 02 67 8a 80 1f 39 | 20 5b 0e be 53 c2 f8 db a7 2e 4a ad 39 77 27 c1 | b9 1b e2 c3 cd 73 fc 1c 6a 2b d6 f4 54 e4 c0 fd | 4f 8e 82 2b 37 74 0c ba f5 89 45 ef a4 d1 2e 49 | 96 2a 96 28 cf 9a cb 40 bb 6a 91 c2 d2 91 8f 48 | 97 9e b0 32 16 c2 b8 c9 27 80 c1 66 37 d7 2d 54 | 8d 87 c1 1e 9b d4 08 53 7a 64 47 a9 6a 9e c2 df | hmac PRF sha final-bytes@0x7ffe993d37e0 (length 20) | 3c 91 dd 2b cc fb 55 8d 4b 10 e5 b7 f0 d4 f6 c0 | 66 54 e2 75 | data for hmac: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data for hmac: f1 70 62 27 80 ef c5 32 c9 9a 70 71 3d f7 94 9b | data for hmac: 03 7d e4 39 f9 d0 28 dd 97 5c 77 41 bb 17 c5 e3 | data for hmac: ba 9e 8e 5b 02 11 c6 09 30 cb 0c 82 23 01 e8 d1 | data for hmac: 77 49 b7 ca f6 73 57 d9 d8 d9 04 cb ca df 23 99 | data for hmac: 34 5b 06 a2 0d c5 e3 1e 5d 42 02 67 8a 80 1f 39 | data for hmac: 20 5b 0e be 53 c2 f8 db a7 2e 4a ad 39 77 27 c1 | data for hmac: b9 1b e2 c3 cd 73 fc 1c 6a 2b d6 f4 54 e4 c0 fd | data for hmac: 4f 8e 82 2b 37 74 0c ba f5 89 45 ef a4 d1 2e 49 | data for hmac: 96 2a 96 28 cf 9a cb 40 bb 6a 91 c2 d2 91 8f 48 | data for hmac: 97 9e b0 32 16 c2 b8 c9 27 80 c1 66 37 d7 2d 54 | data for hmac: 8d 87 c1 1e 9b d4 08 53 7a 64 47 a9 6a 9e c2 df | calculated auth: 3c 91 dd 2b cc fb 55 8d 4b 10 e5 b7 | provided auth: 3c 91 dd 2b cc fb 55 8d 4b 10 e5 b7 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | f1 70 62 27 80 ef c5 32 c9 9a 70 71 3d f7 94 9b | payload before decryption: | 03 7d e4 39 f9 d0 28 dd 97 5c 77 41 bb 17 c5 e3 | ba 9e 8e 5b 02 11 c6 09 30 cb 0c 82 23 01 e8 d1 | 77 49 b7 ca f6 73 57 d9 d8 d9 04 cb ca df 23 99 | 34 5b 06 a2 0d c5 e3 1e 5d 42 02 67 8a 80 1f 39 | 20 5b 0e be 53 c2 f8 db a7 2e 4a ad 39 77 27 c1 | b9 1b e2 c3 cd 73 fc 1c 6a 2b d6 f4 54 e4 c0 fd | 4f 8e 82 2b 37 74 0c ba f5 89 45 ef a4 d1 2e 49 | 96 2a 96 28 cf 9a cb 40 bb 6a 91 c2 d2 91 8f 48 | 97 9e b0 32 16 c2 b8 c9 27 80 c1 66 37 d7 2d 54 | 8d 87 c1 1e 9b d4 08 53 7a 64 47 a9 6a 9e c2 df | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | c0 80 24 41 bd 22 e6 ab 52 5a 81 ef 9a 8b 80 39 | f5 ff ec 74 2c 00 00 30 00 00 00 2c 01 03 04 03 | cd 45 a6 91 03 00 00 10 01 00 00 0c 80 0e 00 80 | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | stripping 12 octets as pad | #9 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #9: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #9 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #9: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x55593e3d5be0 (size 20) | hmac: symkey-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3098 | result: clone-key@0x55593e3e8620 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8484002b50 from symkey-key@0x55593e3e8620 | hmac prf: begin sha with context 0x7f8484002b50 from symkey-key@0x55593e3e8620 | hmac: release clone-key@0x55593e3e8620 | hmac PRF sha crypt-prf@0x55593e3eeed8 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x7f8490000b7c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffe993d3240 (length 20) | 27 c6 3f 77 08 3f 3d 7d 72 33 76 69 54 7a dd 92 | 8c b8 ab 2d | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | inputs to hash1 (first packet) | a1 a5 ef 5f b6 53 4e 06 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 58 c4 51 48 8f 18 8d 84 f7 39 d4 48 | 3a 1c fe ad c8 5f 2e 8e 63 98 34 0e 87 67 59 bf | 35 39 51 5d d6 4e b7 0a 5c 59 2f e8 d7 fc 33 94 | fc 66 6e 77 ae f2 99 a6 b1 fe 4d 11 a8 e4 c2 d4 | 4b dd 41 74 4b b6 3e 49 1c bb 90 6c 8f 27 e1 59 | 6a 31 38 4b b7 2d e2 29 31 fb 7b 46 45 4d 59 27 | 03 40 e3 ee 8a 1e bd 16 cb 0e 1f ec 28 4d 09 66 | fe e4 ec 25 9b 57 94 f7 45 12 a1 52 f6 51 ed e5 | f1 ae 95 15 27 d5 cd d6 f2 9b 71 ab 11 31 af 2e | 67 13 93 a1 38 e0 62 ea a4 ac ef 5a 02 1d b6 91 | 04 6e a4 d7 ae 8b b4 00 7f dc ee 87 b4 15 d8 6b | 32 09 bb 32 de 11 6c cb 3b 6b 8b fa 41 91 25 5c | 08 97 1b 83 4c b5 cd 92 87 82 75 98 cf 8e 58 a3 | 60 04 22 1e bc 55 0d 1d 90 c4 73 8e 47 69 71 22 | 7e 45 0f 79 53 bd af f0 bc 78 b6 89 53 29 f2 7a | 13 df d7 f6 86 df e7 61 40 30 eb de d8 8a ae f3 | b1 b9 43 04 29 00 00 24 8c 36 27 bd 7f 73 ac df | 7f 16 79 e3 5e d4 c9 1c 1b 63 52 c4 b8 7c 4f 1a | 39 6e dd f3 b8 1c a2 1e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 d4 d8 c2 c0 cf 69 ce a7 | 36 f8 2e f6 e8 49 32 69 c6 26 b9 8f 00 00 00 1c | 00 00 40 05 e5 72 1c 20 df fc fe 83 70 a2 09 85 | a8 b2 59 98 f6 c6 f1 c6 | verify: initiator inputs to hash2 (responder nonce) | e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | idhash 27 c6 3f 77 08 3f 3d 7d 72 33 76 69 54 7a dd 92 | idhash 8c b8 ab 2d | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55593e3d0da8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2e90 | result: shared secret-key@0x55593e3f3e30 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55593e3f3e30 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2e78 | result: shared secret-key@0x55593e3e8620 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55593e3f3e30 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f8484002b50 from shared secret-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f8484002b50 from shared secret-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2"): release clone-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55593e3ee8d8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55593d3d54d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2eb0 | result: final-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2e98 | result: final-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f3e30 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x55593e3e8620 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x55593e3e8620 (size 20) | = prf(, ): -key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2ea8 | result: clone-key@0x55593e3f3e30 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f8484002b50 from -key@0x55593e3f3e30 | = prf(, ) prf: begin sha with context 0x7f8484002b50 from -key@0x55593e3f3e30 | = prf(, ): release clone-key@0x55593e3f3e30 | = prf(, ) PRF sha crypt-prf@0x55593e3eeed8 | = prf(, ) PRF sha update first-packet-bytes@0x55593e3f6978 (length 440) | a1 a5 ef 5f b6 53 4e 06 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 58 c4 51 48 8f 18 8d 84 f7 39 d4 48 | 3a 1c fe ad c8 5f 2e 8e 63 98 34 0e 87 67 59 bf | 35 39 51 5d d6 4e b7 0a 5c 59 2f e8 d7 fc 33 94 | fc 66 6e 77 ae f2 99 a6 b1 fe 4d 11 a8 e4 c2 d4 | 4b dd 41 74 4b b6 3e 49 1c bb 90 6c 8f 27 e1 59 | 6a 31 38 4b b7 2d e2 29 31 fb 7b 46 45 4d 59 27 | 03 40 e3 ee 8a 1e bd 16 cb 0e 1f ec 28 4d 09 66 | fe e4 ec 25 9b 57 94 f7 45 12 a1 52 f6 51 ed e5 | f1 ae 95 15 27 d5 cd d6 f2 9b 71 ab 11 31 af 2e | 67 13 93 a1 38 e0 62 ea a4 ac ef 5a 02 1d b6 91 | 04 6e a4 d7 ae 8b b4 00 7f dc ee 87 b4 15 d8 6b | 32 09 bb 32 de 11 6c cb 3b 6b 8b fa 41 91 25 5c | 08 97 1b 83 4c b5 cd 92 87 82 75 98 cf 8e 58 a3 | 60 04 22 1e bc 55 0d 1d 90 c4 73 8e 47 69 71 22 | 7e 45 0f 79 53 bd af f0 bc 78 b6 89 53 29 f2 7a | 13 df d7 f6 86 df e7 61 40 30 eb de d8 8a ae f3 | b1 b9 43 04 29 00 00 24 8c 36 27 bd 7f 73 ac df | 7f 16 79 e3 5e d4 c9 1c 1b 63 52 c4 b8 7c 4f 1a | 39 6e dd f3 b8 1c a2 1e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 d4 d8 c2 c0 cf 69 ce a7 | 36 f8 2e f6 e8 49 32 69 c6 26 b9 8f 00 00 00 1c | 00 00 40 05 e5 72 1c 20 df fc fe 83 70 a2 09 85 | a8 b2 59 98 f6 c6 f1 c6 | = prf(, ) PRF sha update nonce-bytes@0x7f8484001278 (length 32) | e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | = prf(, ) PRF sha update hash-bytes@0x7ffe993d3240 (length 20) | 27 c6 3f 77 08 3f 3d 7d 72 33 76 69 54 7a dd 92 | 8c b8 ab 2d | = prf(, ) PRF sha final-chunk@0x55593e3f9438 (length 20) | c0 80 24 41 bd 22 e6 ab 52 5a 81 ef 9a 8b 80 39 | f5 ff ec 74 | psk_auth: release prf-psk-key@0x55593e3e8620 | Received PSK auth octets | c0 80 24 41 bd 22 e6 ab 52 5a 81 ef 9a 8b 80 39 | f5 ff ec 74 | Calculated PSK auth octets | c0 80 24 41 bd 22 e6 ab 52 5a 81 ef 9a 8b 80 39 | f5 ff ec 74 "east" #9: Authenticated using authby=secret | parent state #9: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #9 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f8484002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f8498002b78 | event_schedule: new EVENT_SA_REKEY-pe@0x7f8498002b78 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #9 | libevent_malloc: new ptr-libevent@0x55593e3fc698 size 128 | pstats #9 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | a1 a5 ef 5f b6 53 4e 06 | responder cookie: | e8 44 78 5d d7 ab 7d 93 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x55593e3f7c30 (size 20) | hmac: symkey-key@0x55593e3f7c30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f7c30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2a18 | result: clone-key@0x55593e3e8620 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8484002b50 from symkey-key@0x55593e3e8620 | hmac prf: begin sha with context 0x7f8484002b50 from symkey-key@0x55593e3e8620 | hmac: release clone-key@0x55593e3e8620 | hmac PRF sha crypt-prf@0x55593e3eeed8 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x55593d4408f4 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffe993d2d10 (length 20) | 3c 66 35 d4 9b 57 15 14 7d 32 cb 86 6f cb 98 84 | e0 89 d4 bd | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | inputs to hash1 (first packet) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 c4 1e 8b 7d 62 1e 50 13 6b 35 55 83 | 81 5e 57 88 ff cd ef 1b 91 fc 46 65 70 0e 42 86 | ce 8f f2 87 cb 8f d6 eb d1 44 f3 c4 3f 31 6a ff | 2e 32 f2 48 79 56 2c 8f 34 e6 65 ea ac 4f bf f8 | f0 5e 32 ac 4f f7 ce 4d 68 f8 b2 0e 41 07 67 89 | dc 16 9d 9f 6c ca e5 02 69 ed 5c 6c 2a 21 c9 8f | 9b 42 28 a2 ab e2 1a 33 09 7c b3 cc 86 b6 da c4 | d4 02 c1 47 a8 c7 72 c1 d8 9a ff e0 ac 79 cc 92 | be 7d 17 31 02 9c 57 8d e0 ff 1f 0b c9 ba 53 be | 1a 59 2b aa c4 43 0f b3 b2 5e 67 c1 1d eb 4e 06 | 08 ca 15 42 88 34 5a f1 e5 99 f1 9d 43 6b ee 32 | 41 87 79 c3 ae e3 cb 0c 87 54 cb 94 3c f2 f5 d7 | 3e 12 71 30 30 4a 3e 88 fd b7 16 b5 de cd 89 36 | ea 11 00 2a ce 5d e1 fe c2 1d 64 d1 c6 37 f4 c8 | ea 31 25 e4 9f 74 f2 80 aa a0 68 79 ea 7e ee 9e | 43 77 b9 5b 8d 97 aa f3 03 85 ae 6b 07 4c 36 87 | f3 8b c8 c0 29 00 00 24 e4 12 d1 81 ce 74 fb 40 | fa 67 f0 1f 7f 49 83 58 3b 9a 3e 26 c6 7b 8b 8c | 92 28 3c b2 78 c0 1d 44 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 1e 11 bd 1d f7 6a ec c7 | 25 b8 d4 e5 86 27 73 4a 78 a9 24 bd 00 00 00 1c | 00 00 40 05 74 5c 12 01 32 d7 d6 9b e8 74 77 d2 | 86 ce b4 b4 8c fb 28 85 | create: responder inputs to hash2 (initiator nonce) | 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | idhash 3c 66 35 d4 9b 57 15 14 7d 32 cb 86 6f cb 98 84 | idhash e0 89 d4 bd | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55593e3d0da8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2800 | result: shared secret-key@0x55593e3f3e30 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55593e3f3e30 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27e8 | result: shared secret-key@0x55593e3e8620 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55593e3f3e30 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f8484002b50 from shared secret-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f8484002b50 from shared secret-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2"): release clone-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55593e3f9438 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55593d3d54d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2820 | result: final-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2808 | result: final-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f3e30 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x55593e3e8620 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x55593e3e8620 (size 20) | = prf(, ): -key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2818 | result: clone-key@0x55593e3f3e30 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f8484002b50 from -key@0x55593e3f3e30 | = prf(, ) prf: begin sha with context 0x7f8484002b50 from -key@0x55593e3f3e30 | = prf(, ): release clone-key@0x55593e3f3e30 | = prf(, ) PRF sha crypt-prf@0x55593e3eeed8 | = prf(, ) PRF sha update first-packet-bytes@0x55593e3ee518 (length 440) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 c4 1e 8b 7d 62 1e 50 13 6b 35 55 83 | 81 5e 57 88 ff cd ef 1b 91 fc 46 65 70 0e 42 86 | ce 8f f2 87 cb 8f d6 eb d1 44 f3 c4 3f 31 6a ff | 2e 32 f2 48 79 56 2c 8f 34 e6 65 ea ac 4f bf f8 | f0 5e 32 ac 4f f7 ce 4d 68 f8 b2 0e 41 07 67 89 | dc 16 9d 9f 6c ca e5 02 69 ed 5c 6c 2a 21 c9 8f | 9b 42 28 a2 ab e2 1a 33 09 7c b3 cc 86 b6 da c4 | d4 02 c1 47 a8 c7 72 c1 d8 9a ff e0 ac 79 cc 92 | be 7d 17 31 02 9c 57 8d e0 ff 1f 0b c9 ba 53 be | 1a 59 2b aa c4 43 0f b3 b2 5e 67 c1 1d eb 4e 06 | 08 ca 15 42 88 34 5a f1 e5 99 f1 9d 43 6b ee 32 | 41 87 79 c3 ae e3 cb 0c 87 54 cb 94 3c f2 f5 d7 | 3e 12 71 30 30 4a 3e 88 fd b7 16 b5 de cd 89 36 | ea 11 00 2a ce 5d e1 fe c2 1d 64 d1 c6 37 f4 c8 | ea 31 25 e4 9f 74 f2 80 aa a0 68 79 ea 7e ee 9e | 43 77 b9 5b 8d 97 aa f3 03 85 ae 6b 07 4c 36 87 | f3 8b c8 c0 29 00 00 24 e4 12 d1 81 ce 74 fb 40 | fa 67 f0 1f 7f 49 83 58 3b 9a 3e 26 c6 7b 8b 8c | 92 28 3c b2 78 c0 1d 44 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 1e 11 bd 1d f7 6a ec c7 | 25 b8 d4 e5 86 27 73 4a 78 a9 24 bd 00 00 00 1c | 00 00 40 05 74 5c 12 01 32 d7 d6 9b e8 74 77 d2 | 86 ce b4 b4 8c fb 28 85 | = prf(, ) PRF sha update nonce-bytes@0x55593e3ea3d8 (length 32) | 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | = prf(, ) PRF sha update hash-bytes@0x7ffe993d2d10 (length 20) | 3c 66 35 d4 9b 57 15 14 7d 32 cb 86 6f cb 98 84 | e0 89 d4 bd | = prf(, ) PRF sha final-chunk@0x55593e3ee8d8 (length 20) | bb 05 8d 78 a0 96 f4 cd ac 4d 02 6b 6e 71 3c 26 | 4d a1 dd 5c | psk_auth: release prf-psk-key@0x55593e3e8620 | PSK auth octets bb 05 8d 78 a0 96 f4 cd ac 4d 02 6b 6e 71 3c 26 | PSK auth octets 4d a1 dd 5c | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth bb 05 8d 78 a0 96 f4 cd ac 4d 02 6b 6e 71 3c 26 | PSK auth 4d a1 dd 5c | emitting length of IKEv2 Authentication Payload: 28 | creating state object #10 at 0x55593e3f6b68 | State DB: adding IKEv2 state #10 in UNDEFINED | pstats #10 ikev2.child started | duplicating state object #9 "east" as #10 for IPSEC SA | #10 setting local endpoint to 192.1.2.23:500 from #9.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f848000b980 | duplicate_state: reference st_skey_ai_nss-key@0x55593e3f0a20 | duplicate_state: reference st_skey_ar_nss-key@0x7f8480006650 | duplicate_state: reference st_skey_ei_nss-key@0x55593e3eef50 | duplicate_state: reference st_skey_er_nss-key@0x7f8490006bb0 | duplicate_state: reference st_skey_pi_nss-key@0x55593e3d5be0 | duplicate_state: reference st_skey_pr_nss-key@0x55593e3f7c30 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #9.#10; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #9 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #9.#10 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI cd 45 a6 91 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 16 (0x10) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 "east" #9: proposal 1:ESP:SPI=cd45a691;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=cd45a691;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0x5dfedb6a for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 5d fe db 6a | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2890 | result: data=Ni-key@0x55593e3f3e30 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55593e3f3e30 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2878 | result: data=Ni-key@0x55593e3e8620 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55593e3f3e30 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3e8620 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d2880 | result: data+=Nr-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3e8620 | prf+0 PRF sha init key-key@0x7f848000b980 (size 20) | prf+0: key-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x55593e3e8620 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f8484002b50 from key-key@0x55593e3e8620 | prf+0 prf: begin sha with context 0x7f8484002b50 from key-key@0x55593e3e8620 | prf+0: release clone-key@0x55593e3e8620 | prf+0 PRF sha crypt-prf@0x55593e3faec8 | prf+0 PRF sha update seed-key@0x55593e3f3e30 (size 64) | prf+0: seed-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3f3e30 | nss hmac digest hack: symkey-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: 76 6e 8b 12 00 27 26 31 b7 7a cd 6c d3 1b 8b 52 64 94 90 7d e3 20 3a 96 ca df 20 df 59 35 87 a2 9e 92 be fd a0 a7 90 76 6a 85 37 67 bb b1 c1 9f 8a 4f 4f 93 6d eb bf 9e 70 97 c2 0e c0 86 48 1c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e3ee708 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e3f7af0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f7af0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f7af0 | prf+0 PRF sha final-key@0x55593e3e8620 (size 20) | prf+0: key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x55593e3e8620 | prf+N PRF sha init key-key@0x7f848000b980 (size 20) | prf+N: key-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x55593e3f7af0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8484002b50 from key-key@0x55593e3f7af0 | prf+N prf: begin sha with context 0x7f8484002b50 from key-key@0x55593e3f7af0 | prf+N: release clone-key@0x55593e3f7af0 | prf+N PRF sha crypt-prf@0x55593e3fc908 | prf+N PRF sha update old_t-key@0x55593e3e8620 (size 20) | prf+N: old_t-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3e8620 | nss hmac digest hack: symkey-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: ce 16 9e 06 82 32 a4 b5 c0 ec 96 d6 7e 33 e9 b0 15 1f e9 0c 29 9c 96 1f 82 bf 7d 8b 45 e0 91 2d | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x55593e3f5868 | unwrapped: 09 cc 84 ba b7 2b 19 31 21 01 14 22 a2 16 2e 9b | unwrapped: 1d 36 19 01 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f3e30 (size 64) | prf+N: seed-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3f3e30 | nss hmac digest hack: symkey-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: 76 6e 8b 12 00 27 26 31 b7 7a cd 6c d3 1b 8b 52 64 94 90 7d e3 20 3a 96 ca df 20 df 59 35 87 a2 9e 92 be fd a0 a7 90 76 6a 85 37 67 bb b1 c1 9f 8a 4f 4f 93 6d eb bf 9e 70 97 c2 0e c0 86 48 1c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x7f848c002b78 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x7f848000a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f848000a000 | prf+N PRF sha final-key@0x55593e3f7af0 (size 20) | prf+N: key-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe993d2828 | result: result-key@0x7f848000a000 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3e8620 | prfplus: release old_t[N]-key@0x55593e3e8620 | prf+N PRF sha init key-key@0x7f848000b980 (size 20) | prf+N: key-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x55593e3e8620 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8484002b50 from key-key@0x55593e3e8620 | prf+N prf: begin sha with context 0x7f8484002b50 from key-key@0x55593e3e8620 | prf+N: release clone-key@0x55593e3e8620 | prf+N PRF sha crypt-prf@0x55593e3faec8 | prf+N PRF sha update old_t-key@0x55593e3f7af0 (size 20) | prf+N: old_t-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3f7af0 | nss hmac digest hack: symkey-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 1e 84 54 c6 bf ad 93 c5 96 01 65 9c f7 eb a6 3c 1e aa f2 be 29 b6 8a bd 5c 6e 53 23 51 bd 73 42 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x55593e3f25e8 | unwrapped: ca f7 45 a6 bb 79 ac 89 38 de 7b e2 9f 51 0b 98 | unwrapped: 26 e1 1e 1c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f3e30 (size 64) | prf+N: seed-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3f3e30 | nss hmac digest hack: symkey-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: 76 6e 8b 12 00 27 26 31 b7 7a cd 6c d3 1b 8b 52 64 94 90 7d e3 20 3a 96 ca df 20 df 59 35 87 a2 9e 92 be fd a0 a7 90 76 6a 85 37 67 bb b1 c1 9f 8a 4f 4f 93 6d eb bf 9e 70 97 c2 0e c0 86 48 1c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e3ee708 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e3fae10 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3fae10 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3fae10 | prf+N PRF sha final-key@0x55593e3e8620 (size 20) | prf+N: key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848000a000 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe993d2828 | result: result-key@0x55593e3fae10 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f848000a000 | prfplus: release old_t[N]-key@0x55593e3f7af0 | prf+N PRF sha init key-key@0x7f848000b980 (size 20) | prf+N: key-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x55593e3f7af0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8484002b50 from key-key@0x55593e3f7af0 | prf+N prf: begin sha with context 0x7f8484002b50 from key-key@0x55593e3f7af0 | prf+N: release clone-key@0x55593e3f7af0 | prf+N PRF sha crypt-prf@0x55593e3f5868 | prf+N PRF sha update old_t-key@0x55593e3e8620 (size 20) | prf+N: old_t-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3e8620 | nss hmac digest hack: symkey-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 03 0e 3d c7 2d 9d 52 47 54 31 d8 5d 6a b2 2d 7c e2 bd 3e b0 e6 74 c4 7d 94 d8 18 b4 99 d9 56 39 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x55593e3f2218 | unwrapped: 01 e1 ff 76 6f 25 94 d2 92 48 21 06 d3 14 ff 58 | unwrapped: 80 50 7d 49 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f3e30 (size 64) | prf+N: seed-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3f3e30 | nss hmac digest hack: symkey-key@0x55593e3f3e30 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: 76 6e 8b 12 00 27 26 31 b7 7a cd 6c d3 1b 8b 52 64 94 90 7d e3 20 3a 96 ca df 20 df 59 35 87 a2 9e 92 be fd a0 a7 90 76 6a 85 37 67 bb b1 c1 9f 8a 4f 4f 93 6d eb bf 9e 70 97 c2 0e c0 86 48 1c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x7f848c002b78 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x7f848000a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000a000 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f848000a000 | prf+N PRF sha final-key@0x55593e3f7af0 (size 20) | prf+N: key-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3fae10 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe993d2828 | result: result-key@0x7f848000a000 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3fae10 | prfplus: release old_t[N]-key@0x55593e3e8620 | prfplus: release old_t[final]-key@0x55593e3f7af0 | child_sa_keymat: release data-key@0x55593e3f3e30 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f848000a000 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2908 | result: result-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x55593e3f3e30 | initiator to responder keys: symkey-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x55593e3d0e50 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1646289509: ce 16 9e 06 82 32 a4 b5 c0 ec 96 d6 7e 33 e9 b0 27 44 3f ec ee 45 d5 98 5b 92 39 c4 50 69 c9 ef 5f 87 78 14 e2 f5 07 df bb d9 23 0f 6f 12 70 0e | initiator to responder keys: release slot-key-key@0x55593e3d0e50 | initiator to responder keys extracted len 48 bytes at 0x55593e3f3df8 | unwrapped: 09 cc 84 ba b7 2b 19 31 21 01 14 22 a2 16 2e 9b | unwrapped: 1d 36 19 01 ca f7 45 a6 bb 79 ac 89 38 de 7b e2 | unwrapped: 9f 51 0b 98 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x55593e3f3e30 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f848000a000 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2908 | result: result-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x55593e3f3e30 | responder to initiator keys:: symkey-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x55593e3d0e50 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1646289509: 5e ef 9d 8e 90 7d 3d fd 5e bf 82 df 40 af c8 65 f3 55 4f a4 ee 1b d3 e8 0c 18 a3 67 a5 38 c1 a0 16 0a 12 0f f8 05 55 33 d2 ab 46 2e e6 81 38 96 | responder to initiator keys:: release slot-key-key@0x55593e3d0e50 | responder to initiator keys: extracted len 48 bytes at 0x55593e3f3d98 | unwrapped: 26 e1 1e 1c 01 e1 ff 76 6f 25 94 d2 92 48 21 06 | unwrapped: d3 14 ff 58 80 50 7d 49 fe 99 60 6e 3b c9 f5 e8 | unwrapped: ea 81 ff 29 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x55593e3f3e30 | ikev2_derive_child_keys: release keymat-key@0x7f848000a000 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #9 spent 1.72 milliseconds | install_ipsec_sa() for #10: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.cd45a691@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.5dfedb6a@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #10: prospective erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #10 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xcd45a691 SPI_OUT=0x5df | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0xcd45a691 SPI_OUT=0x5dfedb6a ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "east", setting eroute_owner {spd=0x55593e3e95b8,sr=0x55593e3e95b8} to #10 (was #0) (newest_ipsec_sa=#0) | #9 spent 0.609 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #10 (was #0) (spd.eroute=#10) cloned from #9 | adding 12 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 176 | emitting length of ISAKMP Message: 204 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | d3 11 13 7a 1c 41 37 35 03 65 19 17 60 62 78 b3 | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 bb 05 8d 78 a0 96 f4 cd ac 4d 02 6b | 6e 71 3c 26 4d a1 dd 5c 2c 00 00 2c 00 00 00 28 | 01 03 04 03 5d fe db 6a 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 52 76 a3 6c e1 26 c6 f5 e8 f0 8f a1 f8 82 38 2e | 26 ec f0 6e 60 cd d3 34 20 1a b4 63 bf 28 fb bf | 92 67 82 72 8c 43 2c b3 62 3a a0 8c 0d e9 4c c3 | d3 e5 4c c0 a9 f3 32 f7 b5 15 bf ce 8b 66 e9 af | 96 b8 bd 77 c9 af a3 14 3d 91 06 fc 93 f9 0b 15 | e2 46 b6 35 a8 ca ae d8 11 25 54 f2 4d 3a f1 85 | 04 bb 9a f4 fd 1d 7f 37 40 6e cc 32 53 0a c2 a2 | 82 c7 eb ea 09 e8 bc 44 0a 89 91 4a 9e f5 db 9f | e1 40 26 62 32 be 90 c2 31 e7 d5 dc c8 70 aa e2 | hmac PRF sha init symkey-key@0x7f8480006650 (size 20) | hmac: symkey-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2928 | result: clone-key@0x7f848000a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8484002b50 from symkey-key@0x7f848000a000 | hmac prf: begin sha with context 0x7f8484002b50 from symkey-key@0x7f848000a000 | hmac: release clone-key@0x7f848000a000 | hmac PRF sha crypt-prf@0x55593e3faec8 | hmac PRF sha update data-bytes@0x55593d4408c0 (length 192) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | d3 11 13 7a 1c 41 37 35 03 65 19 17 60 62 78 b3 | 52 76 a3 6c e1 26 c6 f5 e8 f0 8f a1 f8 82 38 2e | 26 ec f0 6e 60 cd d3 34 20 1a b4 63 bf 28 fb bf | 92 67 82 72 8c 43 2c b3 62 3a a0 8c 0d e9 4c c3 | d3 e5 4c c0 a9 f3 32 f7 b5 15 bf ce 8b 66 e9 af | 96 b8 bd 77 c9 af a3 14 3d 91 06 fc 93 f9 0b 15 | e2 46 b6 35 a8 ca ae d8 11 25 54 f2 4d 3a f1 85 | 04 bb 9a f4 fd 1d 7f 37 40 6e cc 32 53 0a c2 a2 | 82 c7 eb ea 09 e8 bc 44 0a 89 91 4a 9e f5 db 9f | e1 40 26 62 32 be 90 c2 31 e7 d5 dc c8 70 aa e2 | hmac PRF sha final-bytes@0x55593d440980 (length 20) | 6b 54 6a b0 ac 2e 2e db 28 c3 9e 38 84 eb 2e 81 | f8 60 d8 93 | data being hmac: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data being hmac: d3 11 13 7a 1c 41 37 35 03 65 19 17 60 62 78 b3 | data being hmac: 52 76 a3 6c e1 26 c6 f5 e8 f0 8f a1 f8 82 38 2e | data being hmac: 26 ec f0 6e 60 cd d3 34 20 1a b4 63 bf 28 fb bf | data being hmac: 92 67 82 72 8c 43 2c b3 62 3a a0 8c 0d e9 4c c3 | data being hmac: d3 e5 4c c0 a9 f3 32 f7 b5 15 bf ce 8b 66 e9 af | data being hmac: 96 b8 bd 77 c9 af a3 14 3d 91 06 fc 93 f9 0b 15 | data being hmac: e2 46 b6 35 a8 ca ae d8 11 25 54 f2 4d 3a f1 85 | data being hmac: 04 bb 9a f4 fd 1d 7f 37 40 6e cc 32 53 0a c2 a2 | data being hmac: 82 c7 eb ea 09 e8 bc 44 0a 89 91 4a 9e f5 db 9f | data being hmac: e1 40 26 62 32 be 90 c2 31 e7 d5 dc c8 70 aa e2 | out calculated auth: | 6b 54 6a b0 ac 2e 2e db 28 c3 9e 38 | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #9 spent 2.52 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #10 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #10 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #10: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #10 to 1 after switching state | Message ID: recv #9.#10 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #9.#10 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #10 ikev2.child established "east" #10: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #10: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xcd45a691 <0x5dfedb6a xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 204 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #9) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | d3 11 13 7a 1c 41 37 35 03 65 19 17 60 62 78 b3 | 52 76 a3 6c e1 26 c6 f5 e8 f0 8f a1 f8 82 38 2e | 26 ec f0 6e 60 cd d3 34 20 1a b4 63 bf 28 fb bf | 92 67 82 72 8c 43 2c b3 62 3a a0 8c 0d e9 4c c3 | d3 e5 4c c0 a9 f3 32 f7 b5 15 bf ce 8b 66 e9 af | 96 b8 bd 77 c9 af a3 14 3d 91 06 fc 93 f9 0b 15 | e2 46 b6 35 a8 ca ae d8 11 25 54 f2 4d 3a f1 85 | 04 bb 9a f4 fd 1d 7f 37 40 6e cc 32 53 0a c2 a2 | 82 c7 eb ea 09 e8 bc 44 0a 89 91 4a 9e f5 db 9f | e1 40 26 62 32 be 90 c2 31 e7 d5 dc c8 70 aa e2 | 6b 54 6a b0 ac 2e 2e db 28 c3 9e 38 | releasing whack for #10 (sock=fd@-1) | releasing whack and unpending for parent #9 | unpending state #9 connection "east" | #10 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f8484002b78 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #10 | libevent_malloc: new ptr-libevent@0x55593e3f95d8 size 128 | resume sending helper answer for #9 suppresed complete_v2_state_transition() | #9 spent 2.81 milliseconds in resume sending helper answer | stop processing: state #10 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f84980044f8 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00488 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00303 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | f2 f3 90 5d 53 ac 9b 77 db db e1 cf 1b 99 f4 b7 | 51 62 18 28 44 4f b9 97 06 e4 d3 c8 0f 8e 96 ba | 2e d0 4a 5a 8d 31 11 aa 58 e7 54 c6 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a1 a5 ef 5f b6 53 4e 06 | responder cookie: | e8 44 78 5d d7 ab 7d 93 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #9 in PARENT_R2 (find_v2_ike_sa) | start processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #9 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #9 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #9 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #9 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x55593e3f0a20 (size 20) | hmac: symkey-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3558 | result: clone-key@0x7f848000a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f848c002b50 from symkey-key@0x7f848000a000 | hmac prf: begin sha with context 0x7f848c002b50 from symkey-key@0x7f848000a000 | hmac: release clone-key@0x7f848000a000 | hmac PRF sha crypt-prf@0x55593e3ed758 | hmac PRF sha update data-bytes@0x55593e3dc198 (length 64) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | f2 f3 90 5d 53 ac 9b 77 db db e1 cf 1b 99 f4 b7 | 51 62 18 28 44 4f b9 97 06 e4 d3 c8 0f 8e 96 ba | hmac PRF sha final-bytes@0x7ffe993d3720 (length 20) | 2e d0 4a 5a 8d 31 11 aa 58 e7 54 c6 a5 9c b4 92 | 92 80 ba 0f | data for hmac: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data for hmac: f2 f3 90 5d 53 ac 9b 77 db db e1 cf 1b 99 f4 b7 | data for hmac: 51 62 18 28 44 4f b9 97 06 e4 d3 c8 0f 8e 96 ba | calculated auth: 2e d0 4a 5a 8d 31 11 aa 58 e7 54 c6 | provided auth: 2e d0 4a 5a 8d 31 11 aa 58 e7 54 c6 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | f2 f3 90 5d 53 ac 9b 77 db db e1 cf 1b 99 f4 b7 | payload before decryption: | 51 62 18 28 44 4f b9 97 06 e4 d3 c8 0f 8e 96 ba | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 cd 45 a6 91 00 01 02 03 | stripping 4 octets as pad | #9 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | a1 a5 ef 5f b6 53 4e 06 | responder cookie: | e8 44 78 5d d7 ab 7d 93 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI cd 45 a6 91 | delete PROTO_v2_ESP SA(0xcd45a691) | v2 CHILD SA #10 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #10 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xcd45a691) "east" #9: received Delete SA payload: delete IPsec State #10 now | pstats #10 ikev2.child deleted completed | suspend processing: state #9 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #10 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #10: deleting other state #10 (STATE_V2_IPSEC_R) aged 0.074s and NOT sending notification | child state #10: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.cd45a691@192.1.2.45 | get_sa_info esp.5dfedb6a@192.1.2.23 "east" #10: ESP traffic information: in=84B out=84B | child state #10: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #10 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55593e3f95d8 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f8484002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825164' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xcd45a691 | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1566825164' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0xcd45a691 SPI_OUT=0x5dfedb6a ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.cd45a691@192.1.2.45 | netlink response for Del SA esp.cd45a691@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.5dfedb6a@192.1.2.23 | netlink response for Del SA esp.5dfedb6a@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #10 in CHILDSA_DEL | child state #10: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #10 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #9 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f848000b980 | delete_state: release st->st_skey_ai_nss-key@0x55593e3f0a20 | delete_state: release st->st_skey_ar_nss-key@0x7f8480006650 | delete_state: release st->st_skey_ei_nss-key@0x55593e3eef50 | delete_state: release st->st_skey_er_nss-key@0x7f8490006bb0 | delete_state: release st->st_skey_pi_nss-key@0x55593e3d5be0 | delete_state: release st->st_skey_pr_nss-key@0x55593e3f7c30 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs 5d fe db 6a | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 19 da e4 19 41 07 df 11 cd b8 20 b1 21 1c b0 6b | data before encryption: | 00 00 00 0c 03 04 00 01 5d fe db 6a 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | f0 fb a5 6c c9 33 ce 3b 96 32 60 ae 76 d6 2c e2 | hmac PRF sha init symkey-key@0x7f8480006650 (size 20) | hmac: symkey-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3108 | result: clone-key@0x7f848000a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8484002b50 from symkey-key@0x7f848000a000 | hmac prf: begin sha with context 0x7f8484002b50 from symkey-key@0x7f848000a000 | hmac: release clone-key@0x7f848000a000 | hmac PRF sha crypt-prf@0x55593e3faec8 | hmac PRF sha update data-bytes@0x55593d4408c0 (length 64) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 19 da e4 19 41 07 df 11 cd b8 20 b1 21 1c b0 6b | f0 fb a5 6c c9 33 ce 3b 96 32 60 ae 76 d6 2c e2 | hmac PRF sha final-bytes@0x55593d440900 (length 20) | 16 17 ed 90 8b ef 84 c9 8f be ba b9 58 54 df cd | 13 2a 00 0c | data being hmac: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: 19 da e4 19 41 07 df 11 cd b8 20 b1 21 1c b0 6b | data being hmac: f0 fb a5 6c c9 33 ce 3b 96 32 60 ae 76 d6 2c e2 | out calculated auth: | 16 17 ed 90 8b ef 84 c9 8f be ba b9 | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #9) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 19 da e4 19 41 07 df 11 cd b8 20 b1 21 1c b0 6b | f0 fb a5 6c c9 33 ce 3b 96 32 60 ae 76 d6 2c e2 | 16 17 ed 90 8b ef 84 c9 8f be ba b9 | Message ID: #9 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #9 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #9 spent 1.16 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #9 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #9 to 2 after switching state | Message ID: recv #9 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #9 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #9: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 1.43 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.46 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00151 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | e1 30 0c 43 97 29 8b 4d 01 03 40 b7 5a 75 20 12 | 00 e7 e5 3d d5 84 0e 93 bc 36 f2 d0 e8 8f fa 5e | 12 5b 21 20 7f bd 15 df 5e 54 e5 d2 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a1 a5 ef 5f b6 53 4e 06 | responder cookie: | e8 44 78 5d d7 ab 7d 93 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #9 in PARENT_R2 (find_v2_ike_sa) | start processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #9 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #9 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #9 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #9 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x55593e3f0a20 (size 20) | hmac: symkey-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f0a20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3558 | result: clone-key@0x7f848000a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8484002b50 from symkey-key@0x7f848000a000 | hmac prf: begin sha with context 0x7f8484002b50 from symkey-key@0x7f848000a000 | hmac: release clone-key@0x7f848000a000 | hmac PRF sha crypt-prf@0x55593e3ed758 | hmac PRF sha update data-bytes@0x55593e3dc198 (length 64) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | e1 30 0c 43 97 29 8b 4d 01 03 40 b7 5a 75 20 12 | 00 e7 e5 3d d5 84 0e 93 bc 36 f2 d0 e8 8f fa 5e | hmac PRF sha final-bytes@0x7ffe993d3720 (length 20) | 12 5b 21 20 7f bd 15 df 5e 54 e5 d2 d1 ca f3 8b | 19 56 65 8f | data for hmac: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data for hmac: e1 30 0c 43 97 29 8b 4d 01 03 40 b7 5a 75 20 12 | data for hmac: 00 e7 e5 3d d5 84 0e 93 bc 36 f2 d0 e8 8f fa 5e | calculated auth: 12 5b 21 20 7f bd 15 df 5e 54 e5 d2 | provided auth: 12 5b 21 20 7f bd 15 df 5e 54 e5 d2 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | e1 30 0c 43 97 29 8b 4d 01 03 40 b7 5a 75 20 12 | payload before decryption: | 00 e7 e5 3d d5 84 0e 93 bc 36 f2 d0 e8 8f fa 5e | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #9 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | a1 a5 ef 5f b6 53 4e 06 | responder cookie: | e8 44 78 5d d7 ab 7d 93 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | fb fb cb 3f 25 37 a3 dc 83 f8 c7 eb e8 6b 01 6c | data before encryption: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | ec 7e 96 d6 9c c1 03 d2 3e d4 32 07 3e bb 6a 72 | hmac PRF sha init symkey-key@0x7f8480006650 (size 20) | hmac: symkey-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3108 | result: clone-key@0x7f848000a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8484002b50 from symkey-key@0x7f848000a000 | hmac prf: begin sha with context 0x7f8484002b50 from symkey-key@0x7f848000a000 | hmac: release clone-key@0x7f848000a000 | hmac PRF sha crypt-prf@0x55593e3faec8 | hmac PRF sha update data-bytes@0x55593d4408c0 (length 64) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | fb fb cb 3f 25 37 a3 dc 83 f8 c7 eb e8 6b 01 6c | ec 7e 96 d6 9c c1 03 d2 3e d4 32 07 3e bb 6a 72 | hmac PRF sha final-bytes@0x55593d440900 (length 20) | ff ad b9 a1 a7 c0 52 89 f4 36 9a 36 93 7d 54 fa | d4 e0 ff dd | data being hmac: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | data being hmac: fb fb cb 3f 25 37 a3 dc 83 f8 c7 eb e8 6b 01 6c | data being hmac: ec 7e 96 d6 9c c1 03 d2 3e d4 32 07 3e bb 6a 72 | out calculated auth: | ff ad b9 a1 a7 c0 52 89 f4 36 9a 36 | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #9) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | fb fb cb 3f 25 37 a3 dc 83 f8 c7 eb e8 6b 01 6c | ec 7e 96 d6 9c c1 03 d2 3e d4 32 07 3e bb 6a 72 | ff ad b9 a1 a7 c0 52 89 f4 36 9a 36 | Message ID: #9 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #9 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #9: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #9 ikev2.ike deleted completed | #9 spent 7.85 milliseconds in total | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #9: deleting state (STATE_IKESA_DEL) aged 0.096s and NOT sending notification | parent state #9: IKESA_DEL(established IKE SA) => delete | state #9 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55593e3fc698 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f8498002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #9 in IKESA_DEL | parent state #9: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f8484003a28: destroyed | stop processing: state #9 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f848000f0e0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f848000b980 | delete_state: release st->st_skey_ai_nss-key@0x55593e3f0a20 | delete_state: release st->st_skey_ar_nss-key@0x7f8480006650 | delete_state: release st->st_skey_ei_nss-key@0x55593e3eef50 | delete_state: release st->st_skey_er_nss-key@0x7f8490006bb0 | delete_state: release st->st_skey_pi_nss-key@0x55593e3d5be0 | delete_state: release st->st_skey_pr_nss-key@0x55593e3f7c30 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #9 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #9 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.783 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00453 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00277 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 60 b2 33 cd a9 5d 09 e4 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | f9 b8 b4 f6 2c ef 24 dc 0c 70 be 8e 7b 86 2d 6a | 5d df 6b 54 49 a7 e2 9e 01 8f 6d e4 2f 7d 9e 06 | d0 1f 6f 6b 7d e8 18 42 32 52 b4 6b f1 62 ba 22 | fd 3e 45 e1 38 08 28 07 e0 f6 ea 59 92 de 50 1f | 4f c3 ba cf 85 5d 4c 75 67 13 2e c4 85 66 fe 58 | e9 a5 61 6b 76 0c 75 29 d4 47 68 30 a3 38 40 16 | 9a 5d 88 f6 58 73 06 11 3d 97 a1 e0 b4 30 d3 fb | 13 10 5a b4 0e 0e 4d 8f 18 01 71 50 a3 9d 21 c9 | cb 2e 7d d4 92 62 d7 6d 2c b2 05 c6 e4 40 a6 90 | 5a ac c0 d4 0e 67 41 5a 12 93 be ca c8 14 7a d7 | b9 03 c7 db 9a f7 cf d0 e3 82 c5 f4 96 dd a2 e8 | c5 a2 7b 8a db 20 fb 50 d1 78 65 20 95 c5 88 36 | ab f3 98 8d 83 1f f4 73 55 0f 58 f9 ec 56 a6 4a | 49 67 76 e4 78 f7 d0 9e 2f d5 37 c2 00 5d c8 f4 | 9e a5 4e 44 45 b1 b8 34 76 9a 67 a1 5f 2c 30 1d | 03 e6 6a 44 64 71 76 45 40 3b 93 2a 38 45 f8 9a | 29 00 00 24 6b 57 0e 43 02 b0 e1 93 b7 1b 82 d6 | 73 20 45 90 e7 89 18 db 91 99 f0 2b a8 f9 6c 47 | 11 c7 ca 61 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 46 f7 58 c1 64 08 36 bd c6 79 71 a7 | 0f 50 f9 0d 6e df 57 2f 00 00 00 1c 00 00 40 05 | 84 bd 62 e9 fc fc 21 10 58 cc 7c 70 53 52 5f 50 | bf dc 6d 00 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 60 b2 33 cd a9 5d 09 e4 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x55593e3ea5d8 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x55593d434700 (length 32) | c4 5b 99 07 46 d6 b8 54 7e b5 91 29 51 b8 2a 78 | a9 67 8c 5b f0 7f 01 45 df c1 c8 27 69 7e 9f f4 | IKE SPIr hash sha2_256 digest counter-bytes@0x55593d4346e0 (length 4) | 07 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7ffe993d3d80 (length 32) | 59 cf dc a9 89 59 d6 7b 6e 49 b1 eb ab 7b 74 8a | 09 91 76 9e 9e 4f 22 43 81 be f3 27 ed 5c e9 38 | creating state object #11 at 0x55593e3ed858 | State DB: adding IKEv2 state #11 in UNDEFINED | pstats #11 ikev2.ike started | Message ID: init #11: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #11: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #11; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #11 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #11 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #11 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #11 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #11 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #11 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #11 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #11: no local proposal matches remote proposals 1:IKE:ENCR=AES_CBC;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #11: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 60 b2 33 cd a9 5d 09 e4 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 60 b2 33 cd a9 5d 09 e4 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #11 spent 0.211 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #11 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #11 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #11 has no whack fd | pstats #11 ikev2.ike deleted other | [RE]START processing: state #11 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #11: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #11: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #11 in PARENT_R0 | parent state #11: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #11 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #11 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.684 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00279 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 22 ae 7f 15 59 e5 72 a1 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | f8 4a e0 36 91 71 4b 67 1c 25 34 58 36 1e b4 61 | 70 20 5f 12 23 ab 76 1f b1 c0 ce 57 0c 98 9c db | 04 1c 22 19 ca d4 cd d1 7f 91 3e 0b 1e d9 92 cc | fa aa e6 48 73 df 22 3e 37 73 2b eb e0 97 13 41 | 9b 76 8e 56 ab 29 a5 b2 c2 94 64 3d be b0 ff 13 | 00 cd ef 25 66 4d 73 b7 52 d0 67 e5 32 95 c4 11 | b4 3e e6 fa a4 68 5d 7c af 87 23 dd 9e 70 f7 e0 | 92 b6 99 d5 7a cd 0f 6a e6 2c 0f 0c 6b 9c ea dc | 26 b6 fe cc 95 3b 46 c5 8c 63 a0 bc 93 df e4 18 | 73 e7 ce af 40 93 3a a7 bf 81 15 db 1c af bf 67 | 8c 13 c9 0c ea 46 44 8e e0 3a d5 4d 77 d0 4a fd | 12 80 f4 d9 32 82 6b 34 55 69 a2 09 3e 6f c1 aa | 85 db b8 bb 71 23 11 2e c8 2a 4d c3 2b 7c d6 00 | 97 c6 e3 18 51 cf 76 f5 e0 19 29 57 85 52 00 e5 | a6 da 9a 6f fd 59 95 21 98 f4 de d3 e7 ca de a6 | 35 1e 1f 54 d3 86 b0 5a 71 12 ab 05 6f 80 c0 08 | 29 00 00 24 32 cb 47 fc a2 09 fc b7 73 2e ee d7 | ae 19 39 45 ca 57 96 11 6b 04 52 2c d3 ed 9b b8 | 3d fa 4a 69 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 a3 5c a5 f8 fe 9c 58 0a 9c 91 25 be | 07 70 b4 35 6e 7b 8f d3 00 00 00 1c 00 00 40 05 | 56 9c fd 81 2c 7b db 07 d0 95 3c 4f 3b 4e ee c1 | 0d 4d 8e 25 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 22 ae 7f 15 59 e5 72 a1 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x55593e3ea5d8 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x55593d434700 (length 32) | c4 5b 99 07 46 d6 b8 54 7e b5 91 29 51 b8 2a 78 | a9 67 8c 5b f0 7f 01 45 df c1 c8 27 69 7e 9f f4 | IKE SPIr hash sha2_256 digest counter-bytes@0x55593d4346e0 (length 4) | 08 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7ffe993d3d80 (length 32) | 32 e5 f7 89 ab 84 7c 99 15 f2 ce 57 73 54 61 28 | 69 69 b9 8a 97 a8 31 e8 c2 27 2c 7e f9 0a e1 f0 | creating state object #12 at 0x55593e3ed858 | State DB: adding IKEv2 state #12 in UNDEFINED | pstats #12 ikev2.ike started | Message ID: init #12: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #12: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #12; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #12 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #12 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #12 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #12 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #12 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #12 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #12 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #12: no local proposal matches remote proposals 1:IKE:ENCR=AES_CBC;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #12: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 22 ae 7f 15 59 e5 72 a1 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 22 ae 7f 15 59 e5 72 a1 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #12 spent 0.138 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #12 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #12 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #12 has no whack fd | pstats #12 ikev2.ike deleted other | [RE]START processing: state #12 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #12: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #12: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #12 in PARENT_R0 | parent state #12: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #12 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #12 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.771 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00329 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 4d 43 64 2b 14 89 89 a8 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 81 8b 15 c5 fc 8a 9c 97 b7 7b 26 f3 | e5 a5 5a 43 35 b9 32 51 79 94 ec b9 87 c1 a7 20 | f7 62 4e e5 2b 0e 49 b7 60 fe 31 f8 a9 7f 52 c8 | ee 1d 62 7f 87 c3 25 b2 42 af ac a5 55 77 54 60 | ae 96 99 aa 23 dd 8a ea 5d df e2 c3 f9 10 83 92 | 6f 09 b3 81 1e b5 41 9e c7 aa 24 2b cf 05 22 00 | 9a 1d 63 91 0f 0c a7 09 08 55 93 bd 35 11 ea 43 | 03 a7 3d a7 e2 c2 eb b5 a5 a4 4f 22 a7 31 40 11 | d0 29 13 61 69 00 46 bd d1 6f 77 4a dd 02 6b ea | 67 d5 ab d6 36 45 7b 9f 52 b6 13 56 74 78 77 0e | 7f a8 e7 32 26 e3 dd 34 e9 8e f1 c9 be 36 cb 17 | 0a 1c 45 09 ff 4e 08 3b 1c 8e 93 1c 76 34 65 f8 | 21 46 25 08 13 e8 ba ac 50 1d 87 a8 43 e1 19 ab | af 71 cd 39 97 7e d9 d2 31 b6 ca c9 ca f5 22 fd | 4f 34 82 32 7f 86 d6 5e f7 28 b3 2b 7e db 07 6c | e8 1a 53 ba d7 9a 59 a3 37 45 62 5f 5e 6b 86 e0 | ac 8c 64 e3 29 00 00 24 75 df dc ee 1d d4 9b ea | d6 d4 fe 43 e1 f4 92 f3 18 a9 d9 eb 4b 08 2c 48 | c2 3f 8b 6a ef 9c f2 f2 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 4a 5d 89 a3 85 6f fe 71 | c6 5a d0 9b 49 b7 4c a3 27 7c 52 77 00 00 00 1c | 00 00 40 05 2b 64 75 e1 1d 54 66 bb 6d 45 e1 d2 | 89 e4 1a a1 4b 8b c3 64 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 4d 43 64 2b 14 89 89 a8 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x55593e3ea5d8 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x55593d434700 (length 32) | c4 5b 99 07 46 d6 b8 54 7e b5 91 29 51 b8 2a 78 | a9 67 8c 5b f0 7f 01 45 df c1 c8 27 69 7e 9f f4 | IKE SPIr hash sha2_256 digest counter-bytes@0x55593d4346e0 (length 4) | 09 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7ffe993d3d80 (length 32) | 8d 1d b1 78 1a 7b 37 8b 29 18 bb af 49 6d 9a a5 | cc 3d 8e 45 44 13 d8 cb d4 e1 41 1f bd 3d f0 94 | creating state object #13 at 0x55593e3ed858 | State DB: adding IKEv2 state #13 in UNDEFINED | pstats #13 ikev2.ike started | Message ID: init #13: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #13: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #13; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #13 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #13 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #13 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #13 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #13 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #13 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #13 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #13: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 81 8b 15 c5 fc 8a 9c 97 b7 7b 26 f3 e5 a5 5a 43 | 35 b9 32 51 79 94 ec b9 87 c1 a7 20 f7 62 4e e5 | 2b 0e 49 b7 60 fe 31 f8 a9 7f 52 c8 ee 1d 62 7f | 87 c3 25 b2 42 af ac a5 55 77 54 60 ae 96 99 aa | 23 dd 8a ea 5d df e2 c3 f9 10 83 92 6f 09 b3 81 | 1e b5 41 9e c7 aa 24 2b cf 05 22 00 9a 1d 63 91 | 0f 0c a7 09 08 55 93 bd 35 11 ea 43 03 a7 3d a7 | e2 c2 eb b5 a5 a4 4f 22 a7 31 40 11 d0 29 13 61 | 69 00 46 bd d1 6f 77 4a dd 02 6b ea 67 d5 ab d6 | 36 45 7b 9f 52 b6 13 56 74 78 77 0e 7f a8 e7 32 | 26 e3 dd 34 e9 8e f1 c9 be 36 cb 17 0a 1c 45 09 | ff 4e 08 3b 1c 8e 93 1c 76 34 65 f8 21 46 25 08 | 13 e8 ba ac 50 1d 87 a8 43 e1 19 ab af 71 cd 39 | 97 7e d9 d2 31 b6 ca c9 ca f5 22 fd 4f 34 82 32 | 7f 86 d6 5e f7 28 b3 2b 7e db 07 6c e8 1a 53 ba | d7 9a 59 a3 37 45 62 5f 5e 6b 86 e0 ac 8c 64 e3 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3780 (length 8) | 4d 43 64 2b 14 89 89 a8 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3788 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe993d3714 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe993d3706 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3790 (length 20) | 2b 64 75 e1 1d 54 66 bb 6d 45 e1 d2 89 e4 1a a1 | 4b 8b c3 64 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= 4d 43 64 2b 14 89 89 a8 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 2b 64 75 e1 1d 54 66 bb 6d 45 e1 d2 89 e4 1a a1 | natd_hash: hash= 4b 8b c3 64 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3780 (length 8) | 4d 43 64 2b 14 89 89 a8 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3788 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe993d3714 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe993d3706 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d37b0 (length 20) | 4a 5d 89 a3 85 6f fe 71 c6 5a d0 9b 49 b7 4c a3 | 27 7c 52 77 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= 4d 43 64 2b 14 89 89 a8 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 4a 5d 89 a3 85 6f fe 71 c6 5a d0 9b 49 b7 4c a3 | natd_hash: hash= 27 7c 52 77 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 9 for state #13 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f8498002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f84980044f8 size 128 | #13 spent 0.248 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | crypto helper 1 resuming | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | crypto helper 1 starting work-order 9 for state #13 | #13 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #13 and saving MD | crypto helper 1 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 9 | #13 is busy; has a suspended MD | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #13 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | NSS: Value of Prime: | stop processing: state #13 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | #13 spent 0.585 milliseconds in ikev2_process_packet() | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | NSS: Value of base: 02 | spent 0.618 milliseconds in comm_handle_cb() reading and processing packet | DH secret MODP2048@0x7f849000f398: created | NSS: Local DH MODP2048 secret (pointer): 0x7f849000f398 | NSS: Public DH wire value: | c7 61 ca a3 30 15 2a 16 1d c2 0a 58 16 2c 98 07 | b2 49 24 5a e3 48 83 61 c7 0b 97 92 94 d5 5c 00 | 72 6b 70 78 e4 2b 25 5a 72 81 11 bf a0 44 51 1d | 94 1b 4c f9 44 60 eb 89 f9 09 b6 32 a4 b6 ed 95 | 47 75 86 02 b3 0f b4 a6 9a 56 f6 65 3e 8d 2d 21 | 5a 99 7f da 51 d2 5e 64 24 32 06 2c f6 c2 20 1b | 97 9f ef 14 4d f0 fd 94 6e 72 6f 3e 44 9e 93 49 | a7 d4 ac 8a 84 17 db ee ca 41 d7 d9 96 29 a7 7e | d7 ad 54 73 11 b3 98 02 a5 99 27 77 95 05 5c 45 | 80 e4 b0 5c 3d dd 9a f0 39 4f d5 07 01 97 5c 22 | 75 bc 00 60 c2 dc d8 7e 1d 50 85 15 02 2c e3 2e | d0 54 73 fc e8 ae 20 05 a5 0e ea 48 c4 35 95 6d | c2 dd 93 ce c2 7b e6 c1 0c f7 25 b4 89 6b 2a 57 | 36 d9 2b 7e c0 5e 75 20 fe 98 50 31 32 a4 ba 99 | 7a 42 48 22 49 1e 99 71 2a 8b d8 2d 12 89 fc 49 | cd 52 9d a5 ea 25 56 f7 92 ac 7a 12 a1 0f c8 5f | Generated nonce: 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | Generated nonce: fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | crypto helper 1 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 9 time elapsed 0.000807 seconds | (#13) spent 0.793 milliseconds in crypto helper computing work-order 9: ikev2_inI1outR1 KE (pcr) | crypto helper 1 sending results from work-order 9 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7f8490005088 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #13 | start processing: state #13 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 9 | calling continuation function 0x55593d342b50 | ikev2_parent_inI1outR1_continue for #13: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 4d 43 64 2b 14 89 89 a8 | responder cookie: | 8d 1d b1 78 1a 7b 37 8b | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f849000f398: transferring ownership from helper KE to state #13 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x c7 61 ca a3 30 15 2a 16 1d c2 0a 58 16 2c 98 07 | ikev2 g^x b2 49 24 5a e3 48 83 61 c7 0b 97 92 94 d5 5c 00 | ikev2 g^x 72 6b 70 78 e4 2b 25 5a 72 81 11 bf a0 44 51 1d | ikev2 g^x 94 1b 4c f9 44 60 eb 89 f9 09 b6 32 a4 b6 ed 95 | ikev2 g^x 47 75 86 02 b3 0f b4 a6 9a 56 f6 65 3e 8d 2d 21 | ikev2 g^x 5a 99 7f da 51 d2 5e 64 24 32 06 2c f6 c2 20 1b | ikev2 g^x 97 9f ef 14 4d f0 fd 94 6e 72 6f 3e 44 9e 93 49 | ikev2 g^x a7 d4 ac 8a 84 17 db ee ca 41 d7 d9 96 29 a7 7e | ikev2 g^x d7 ad 54 73 11 b3 98 02 a5 99 27 77 95 05 5c 45 | ikev2 g^x 80 e4 b0 5c 3d dd 9a f0 39 4f d5 07 01 97 5c 22 | ikev2 g^x 75 bc 00 60 c2 dc d8 7e 1d 50 85 15 02 2c e3 2e | ikev2 g^x d0 54 73 fc e8 ae 20 05 a5 0e ea 48 c4 35 95 6d | ikev2 g^x c2 dd 93 ce c2 7b e6 c1 0c f7 25 b4 89 6b 2a 57 | ikev2 g^x 36 d9 2b 7e c0 5e 75 20 fe 98 50 31 32 a4 ba 99 | ikev2 g^x 7a 42 48 22 49 1e 99 71 2a 8b d8 2d 12 89 fc 49 | ikev2 g^x cd 52 9d a5 ea 25 56 f7 92 ac 7a 12 a1 0f c8 5f | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | IKEv2 nonce fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3cc0 (length 8) | 4d 43 64 2b 14 89 89 a8 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3cc8 (length 8) | 8d 1d b1 78 1a 7b 37 8b | NATD hash sha digest IP addr-bytes@0x7ffe993d3bf4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe993d3be6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3c70 (length 20) | d5 32 23 af d9 d7 9a 6f 37 90 30 b2 85 d0 e1 96 | ed 69 eb 8e | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= 4d 43 64 2b 14 89 89 a8 | natd_hash: rcookie= 8d 1d b1 78 1a 7b 37 8b | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= d5 32 23 af d9 d7 9a 6f 37 90 30 b2 85 d0 e1 96 | natd_hash: hash= ed 69 eb 8e | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data d5 32 23 af d9 d7 9a 6f 37 90 30 b2 85 d0 e1 96 | Notify data ed 69 eb 8e | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3cc0 (length 8) | 4d 43 64 2b 14 89 89 a8 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3cc8 (length 8) | 8d 1d b1 78 1a 7b 37 8b | NATD hash sha digest IP addr-bytes@0x7ffe993d3bf4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe993d3be6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3c70 (length 20) | 31 b5 87 f2 7e f9 2b d9 ef 58 f3 b6 7c 30 6f 90 | de 34 7f 51 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= 4d 43 64 2b 14 89 89 a8 | natd_hash: rcookie= 8d 1d b1 78 1a 7b 37 8b | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 31 b5 87 f2 7e f9 2b d9 ef 58 f3 b6 7c 30 6f 90 | natd_hash: hash= de 34 7f 51 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 31 b5 87 f2 7e f9 2b d9 ef 58 f3 b6 7c 30 6f 90 | Notify data de 34 7f 51 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #13 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #13: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #13 to 0 after switching state | Message ID: recv #13 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #13 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #13: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #13) | 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 c7 61 ca a3 30 15 2a 16 1d c2 0a 58 | 16 2c 98 07 b2 49 24 5a e3 48 83 61 c7 0b 97 92 | 94 d5 5c 00 72 6b 70 78 e4 2b 25 5a 72 81 11 bf | a0 44 51 1d 94 1b 4c f9 44 60 eb 89 f9 09 b6 32 | a4 b6 ed 95 47 75 86 02 b3 0f b4 a6 9a 56 f6 65 | 3e 8d 2d 21 5a 99 7f da 51 d2 5e 64 24 32 06 2c | f6 c2 20 1b 97 9f ef 14 4d f0 fd 94 6e 72 6f 3e | 44 9e 93 49 a7 d4 ac 8a 84 17 db ee ca 41 d7 d9 | 96 29 a7 7e d7 ad 54 73 11 b3 98 02 a5 99 27 77 | 95 05 5c 45 80 e4 b0 5c 3d dd 9a f0 39 4f d5 07 | 01 97 5c 22 75 bc 00 60 c2 dc d8 7e 1d 50 85 15 | 02 2c e3 2e d0 54 73 fc e8 ae 20 05 a5 0e ea 48 | c4 35 95 6d c2 dd 93 ce c2 7b e6 c1 0c f7 25 b4 | 89 6b 2a 57 36 d9 2b 7e c0 5e 75 20 fe 98 50 31 | 32 a4 ba 99 7a 42 48 22 49 1e 99 71 2a 8b d8 2d | 12 89 fc 49 cd 52 9d a5 ea 25 56 f7 92 ac 7a 12 | a1 0f c8 5f 29 00 00 24 69 5f 03 28 4f d8 42 20 | 8f f0 0a 8a 73 c9 a0 13 fa 61 e9 65 22 8d f5 a4 | 27 1d 47 65 e8 07 7b f7 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 d5 32 23 af d9 d7 9a 6f | 37 90 30 b2 85 d0 e1 96 ed 69 eb 8e 00 00 00 1c | 00 00 40 05 31 b5 87 f2 7e f9 2b d9 ef 58 f3 b6 | 7c 30 6f 90 de 34 7f 51 | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f84980044f8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f8498002b78 | event_schedule: new EVENT_SO_DISCARD-pe@0x7f8498002b78 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #13 | libevent_malloc: new ptr-libevent@0x55593e3f95d8 size 128 | resume sending helper answer for #13 suppresed complete_v2_state_transition() | #13 spent 0.368 milliseconds in resume sending helper answer | stop processing: state #13 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f8490005088 | spent 0.00283 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 204 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | fb 84 e4 ad bb 34 3e dd 1e 8d 2a ae ea d9 33 c5 | 80 1c 25 a6 78 0b 2b 32 93 3b 7a 1f 46 2d 68 d0 | 12 3e b8 aa 17 d0 75 2e 8c bb 21 83 af 61 9f 75 | bf d5 9a 29 99 bf 1a 44 86 46 20 2e 33 d0 70 1a | 7c 10 3e ec d2 17 c3 7d 79 83 85 be 47 7c 88 73 | be fa 20 9f 4d 68 b5 4a cc 89 d9 10 72 1f 67 5f | 6c fd 36 46 1e 92 c7 eb 6d 65 f5 5b 17 5c 5e c4 | 6a 18 4a d8 2d b2 4b 2f cb 28 34 d1 74 f1 cf 1e | 49 58 c6 b9 33 63 02 4e 2b b8 ff 79 7e 49 ea c9 | 13 b7 31 d2 d2 1e db 06 46 fa 96 92 7e 37 9a f9 | a2 8f af 5b 1d 93 3d e3 70 9e 3d e8 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 4d 43 64 2b 14 89 89 a8 | responder cookie: | 8d 1d b1 78 1a 7b 37 8b | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 204 (0xcc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #13 in PARENT_R1 (find_v2_ike_sa) | start processing: state #13 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #13 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #13 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 176 (0xb0) | processing payload: ISAKMP_NEXT_v2SK (len=172) | Message ID: start-responder #13 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #13 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f849000f398: transferring ownership from state #13 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 10 for state #13 | state #13 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x55593e3f95d8 | free_event_entry: release EVENT_SO_DISCARD-pe@0x7f8498002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f8498002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f8490005088 size 128 | #13 spent 0.0258 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #13 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #13 and saving MD | #13 is busy; has a suspended MD | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #13 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #13 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #13 spent 0.126 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.134 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 2 resuming | crypto helper 2 starting work-order 10 for state #13 | crypto helper 2 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 10 | peer's g: 81 8b 15 c5 fc 8a 9c 97 b7 7b 26 f3 e5 a5 5a 43 | peer's g: 35 b9 32 51 79 94 ec b9 87 c1 a7 20 f7 62 4e e5 | peer's g: 2b 0e 49 b7 60 fe 31 f8 a9 7f 52 c8 ee 1d 62 7f | peer's g: 87 c3 25 b2 42 af ac a5 55 77 54 60 ae 96 99 aa | peer's g: 23 dd 8a ea 5d df e2 c3 f9 10 83 92 6f 09 b3 81 | peer's g: 1e b5 41 9e c7 aa 24 2b cf 05 22 00 9a 1d 63 91 | peer's g: 0f 0c a7 09 08 55 93 bd 35 11 ea 43 03 a7 3d a7 | peer's g: e2 c2 eb b5 a5 a4 4f 22 a7 31 40 11 d0 29 13 61 | peer's g: 69 00 46 bd d1 6f 77 4a dd 02 6b ea 67 d5 ab d6 | peer's g: 36 45 7b 9f 52 b6 13 56 74 78 77 0e 7f a8 e7 32 | peer's g: 26 e3 dd 34 e9 8e f1 c9 be 36 cb 17 0a 1c 45 09 | peer's g: ff 4e 08 3b 1c 8e 93 1c 76 34 65 f8 21 46 25 08 | peer's g: 13 e8 ba ac 50 1d 87 a8 43 e1 19 ab af 71 cd 39 | peer's g: 97 7e d9 d2 31 b6 ca c9 ca f5 22 fd 4f 34 82 32 | peer's g: 7f 86 d6 5e f7 28 b3 2b 7e db 07 6c e8 1a 53 ba | peer's g: d7 9a 59 a3 37 45 62 5f 5e 6b 86 e0 ac 8c 64 e3 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x55593e3f7c30 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f849000f398: computed shared DH secret key@0x55593e3f7c30 | dh-shared : g^ir-key@0x55593e3f7c30 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f8494003b28 (length 64) | 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a1f7f6e0 | result: Ni | Nr-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x7f8490006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f6c8 | result: Ni | Nr-key@0x55593e3d5be0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x7f8490006bb0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f8494006e00 from Ni | Nr-key@0x55593e3d5be0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f8494006e00 from Ni | Nr-key@0x55593e3d5be0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x55593e3d5be0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f84940028b8 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x55593e3f7c30 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x55593e3f7c30 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x55593e3f7c30 | nss hmac digest hack: symkey-key@0x55593e3f7c30 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1027334338: de 4c 05 e4 3a 11 51 7b 37 7c 6b 49 10 dc 01 48 ca 43 63 e5 8a 30 1e 3e 2f 6f cf 8a 3d 4d 58 7d 64 e6 0c a9 1d bb b7 20 79 f1 4e c3 1e 72 5f 34 49 86 c9 6d 41 45 76 fd fa ee 94 e7 88 d1 a1 e1 b3 70 f9 3a 2e 5e 03 e3 2d bb 8e 49 2e 6f e4 f7 e2 cc 1a 1b a6 13 97 ea 0d ca 45 d3 65 dd ad fb ab 78 63 29 dd f5 b5 fa 0d 56 1b 7c ca 4e ca 49 82 f8 8b c8 3b f4 54 1c 3d a9 49 c7 74 01 a9 ee 89 5f 79 6a d7 78 20 54 eb b1 4c af 30 34 df 35 5a f0 f7 8c 1c f0 dd 41 81 30 78 a7 c0 e9 4d 30 ae ea a0 33 84 f2 02 be e9 3d ed 61 87 ce 7e ab b9 3d 35 fb 6e 66 70 9b 49 fe 78 d0 dc ef f4 1c 2d 52 7e bc 13 95 8c 11 48 60 88 de 39 2e 42 b6 92 07 f6 ee bb 67 da a6 04 bd 5f 81 69 94 84 25 b0 24 37 d7 30 71 c5 6b 30 36 f0 24 0b 6e d5 10 32 89 9f b1 08 dd df f3 4d 65 55 37 c3 a8 f9 58 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 256 bytes at 0x7f8494007918 | unwrapped: 14 fc 51 18 fc 3c f7 11 a3 c5 71 7c ab 4f 84 88 | unwrapped: 4f cf 5e 34 73 24 d1 be d6 84 36 a6 9d be 68 29 | unwrapped: 97 f3 f8 0f 01 45 b5 45 ed 8e 87 38 70 1e b6 53 | unwrapped: 34 73 95 9e 18 fe 0f 65 64 8e 8c b2 6b 62 3b 33 | unwrapped: 5c 73 98 7d 48 55 1e ca 6e 04 84 1e b4 0a 52 1a | unwrapped: 32 d0 5d 47 67 cc 8c 87 e5 70 38 72 58 fa a1 9a | unwrapped: 23 ba 5e 5a 03 d0 f2 e1 2d 5a a7 c5 95 5e cf c9 | unwrapped: 7a a5 35 c3 94 05 af 7d 04 14 3b d2 57 8a 9a a8 | unwrapped: 4b b4 bf 19 60 77 f4 a4 25 bd a1 a4 5d 7b c4 db | unwrapped: 53 24 f6 e4 d6 ca 0e 6c 61 dc f8 6e 00 18 cb e6 | unwrapped: 54 f7 4b 12 7b 32 f2 98 d4 fb ab 62 38 80 a2 65 | unwrapped: 7e 2f 62 d0 5f f5 7d 51 f8 68 c7 41 15 63 ed 49 | unwrapped: 58 99 c6 b3 2b 5f 18 01 76 a1 77 48 b7 fe fb a7 | unwrapped: 7e e8 d7 8c 2a fb 89 6c 16 b4 02 3e e3 7e bb 23 | unwrapped: c0 6c 67 a6 f4 51 10 93 61 4a 78 6e e5 4b 4b d3 | unwrapped: e0 96 28 16 ef 2a 4c 13 69 55 b6 bf 9f 31 77 04 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a1f7f700 | result: final-key@0x7f8490006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f6e8 | result: final-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f8490006bb0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x55593e3d5be0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a1f7f670 | result: data=Ni-key@0x55593e3eef50 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55593e3eef50 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f658 | result: data=Ni-key@0x7f8490006bb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55593e3eef50 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f8490006bb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a1f7f660 | result: data+=Nr-key@0x55593e3eef50 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f8490006bb0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3eef50 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a1f7f660 | result: data+=SPIi-key@0x7f8490006bb0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3eef50 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f8490006bb0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a1f7f660 | result: data+=SPIr-key@0x55593e3eef50 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f8490006bb0 | prf+0 PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+0: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f588 | result: clone-key@0x7f8490006bb0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f8494006e00 from key-key@0x7f8490006bb0 | prf+0 prf: begin sha with context 0x7f8494006e00 from key-key@0x7f8490006bb0 | prf+0: release clone-key@0x7f8490006bb0 | prf+0 PRF sha crypt-prf@0x7f8494006dd8 | prf+0 PRF sha update seed-key@0x55593e3eef50 (size 80) | prf+0: seed-key@0x55593e3eef50 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3eef50 | nss hmac digest hack: symkey-key@0x55593e3eef50 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 44 00 46 14 7d 93 21 e7 2f 31 97 62 bd eb 04 a0 e6 31 71 04 a1 6e a4 b5 79 a4 a7 65 96 cb e7 6e 63 78 f9 cd 05 49 08 0b f6 f5 3a 49 19 29 89 76 c2 d4 31 7c a8 3e 4c 7d 44 c4 ee 5e 2b 71 7a 48 04 e9 b2 ee 14 a1 34 73 9a 7f 17 3d 7a f4 90 d4 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8494007e48 | unwrapped: 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | unwrapped: 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | unwrapped: 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | unwrapped: fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | unwrapped: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a1f7f590 | result: final-key@0x7f8480006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f8480006650 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f578 | result: final-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f8480006650 | prf+0 PRF sha final-key@0x7f8490006bb0 (size 20) | prf+0: key-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f8490006bb0 | prf+N PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+N: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f588 | result: clone-key@0x7f8480006650 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8494006e00 from key-key@0x7f8480006650 | prf+N prf: begin sha with context 0x7f8494006e00 from key-key@0x7f8480006650 | prf+N: release clone-key@0x7f8480006650 | prf+N PRF sha crypt-prf@0x7f8494007a48 | prf+N PRF sha update old_t-key@0x7f8490006bb0 (size 20) | prf+N: old_t-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f8490006bb0 | nss hmac digest hack: symkey-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: dd a2 95 1d a3 bd e1 62 98 18 75 03 d4 3c 10 54 81 a6 d3 6b 42 23 45 63 c0 82 f4 af 9b 93 90 d4 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8494006d88 | unwrapped: a5 c1 21 61 20 2d bf 90 c5 05 5a 74 b8 09 97 a8 | unwrapped: 14 fd d1 82 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3eef50 (size 80) | prf+N: seed-key@0x55593e3eef50 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3eef50 | nss hmac digest hack: symkey-key@0x55593e3eef50 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 44 00 46 14 7d 93 21 e7 2f 31 97 62 bd eb 04 a0 e6 31 71 04 a1 6e a4 b5 79 a4 a7 65 96 cb e7 6e 63 78 f9 cd 05 49 08 0b f6 f5 3a 49 19 29 89 76 c2 d4 31 7c a8 3e 4c 7d 44 c4 ee 5e 2b 71 7a 48 04 e9 b2 ee 14 a1 34 73 9a 7f 17 3d 7a f4 90 d4 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8494007dc8 | unwrapped: 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | unwrapped: 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | unwrapped: 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | unwrapped: fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | unwrapped: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a1f7f590 | result: final-key@0x55593e3f0a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f0a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f578 | result: final-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f0a20 | prf+N PRF sha final-key@0x7f8480006650 (size 20) | prf+N: key-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a1f7f608 | result: result-key@0x55593e3f0a20 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f8490006bb0 | prfplus: release old_t[N]-key@0x7f8490006bb0 | prf+N PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+N: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f588 | result: clone-key@0x7f8490006bb0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8494006e00 from key-key@0x7f8490006bb0 | prf+N prf: begin sha with context 0x7f8494006e00 from key-key@0x7f8490006bb0 | prf+N: release clone-key@0x7f8490006bb0 | prf+N PRF sha crypt-prf@0x7f8494006dd8 | prf+N PRF sha update old_t-key@0x7f8480006650 (size 20) | prf+N: old_t-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f8480006650 | nss hmac digest hack: symkey-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 9d f8 d9 8e c2 a6 f0 4a 13 55 5d 83 cb ff eb 54 5f a6 86 ec 7a db 2c de d3 96 99 3e 6a bf aa 9c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f84940028b8 | unwrapped: b4 20 97 3d 1c ab 20 7f d9 8a d5 e6 91 09 c2 19 | unwrapped: d7 7d a5 fc 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3eef50 (size 80) | prf+N: seed-key@0x55593e3eef50 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3eef50 | nss hmac digest hack: symkey-key@0x55593e3eef50 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 44 00 46 14 7d 93 21 e7 2f 31 97 62 bd eb 04 a0 e6 31 71 04 a1 6e a4 b5 79 a4 a7 65 96 cb e7 6e 63 78 f9 cd 05 49 08 0b f6 f5 3a 49 19 29 89 76 c2 d4 31 7c a8 3e 4c 7d 44 c4 ee 5e 2b 71 7a 48 04 e9 b2 ee 14 a1 34 73 9a 7f 17 3d 7a f4 90 d4 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8494007e48 | unwrapped: 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | unwrapped: 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | unwrapped: 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | unwrapped: fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | unwrapped: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a1f7f590 | result: final-key@0x7f848000b980 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000b980 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f578 | result: final-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f848000b980 | prf+N PRF sha final-key@0x7f8490006bb0 (size 20) | prf+N: key-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3f0a20 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a1f7f608 | result: result-key@0x7f848000b980 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3f0a20 | prfplus: release old_t[N]-key@0x7f8480006650 | prf+N PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+N: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f588 | result: clone-key@0x7f8480006650 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8494006e00 from key-key@0x7f8480006650 | prf+N prf: begin sha with context 0x7f8494006e00 from key-key@0x7f8480006650 | prf+N: release clone-key@0x7f8480006650 | prf+N PRF sha crypt-prf@0x7f8494006d88 | prf+N PRF sha update old_t-key@0x7f8490006bb0 (size 20) | prf+N: old_t-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f8490006bb0 | nss hmac digest hack: symkey-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: bf ea 36 7c e4 26 65 34 e6 9f 55 e3 34 af 70 f5 3a 24 af d0 6a 31 c1 33 9e b1 b3 bd cb 68 be ec | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8494008848 | unwrapped: 22 9f 76 76 68 81 0d 30 a0 fe b0 27 a7 b1 9e 84 | unwrapped: cf 39 5d 38 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3eef50 (size 80) | prf+N: seed-key@0x55593e3eef50 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3eef50 | nss hmac digest hack: symkey-key@0x55593e3eef50 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 44 00 46 14 7d 93 21 e7 2f 31 97 62 bd eb 04 a0 e6 31 71 04 a1 6e a4 b5 79 a4 a7 65 96 cb e7 6e 63 78 f9 cd 05 49 08 0b f6 f5 3a 49 19 29 89 76 c2 d4 31 7c a8 3e 4c 7d 44 c4 ee 5e 2b 71 7a 48 04 e9 b2 ee 14 a1 34 73 9a 7f 17 3d 7a f4 90 d4 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8494007dc8 | unwrapped: 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | unwrapped: 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | unwrapped: 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | unwrapped: fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | unwrapped: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a1f7f590 | result: final-key@0x55593e3f0a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f0a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f578 | result: final-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f0a20 | prf+N PRF sha final-key@0x7f8480006650 (size 20) | prf+N: key-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848000b980 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a1f7f608 | result: result-key@0x55593e3f0a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f848000b980 | prfplus: release old_t[N]-key@0x7f8490006bb0 | prf+N PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+N: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f588 | result: clone-key@0x7f8490006bb0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8494006e00 from key-key@0x7f8490006bb0 | prf+N prf: begin sha with context 0x7f8494006e00 from key-key@0x7f8490006bb0 | prf+N: release clone-key@0x7f8490006bb0 | prf+N PRF sha crypt-prf@0x7f8494007a48 | prf+N PRF sha update old_t-key@0x7f8480006650 (size 20) | prf+N: old_t-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f8480006650 | nss hmac digest hack: symkey-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 35 2c c6 cd 86 83 66 19 ea ef 28 06 16 93 36 1c a1 76 62 1d a6 0a c2 e6 e4 d1 01 b4 26 89 6d 48 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f84940028b8 | unwrapped: 23 43 b5 58 ea 96 d5 a7 3c 8e 16 0e 76 92 24 2a | unwrapped: 55 8c 92 88 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3eef50 (size 80) | prf+N: seed-key@0x55593e3eef50 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3eef50 | nss hmac digest hack: symkey-key@0x55593e3eef50 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 44 00 46 14 7d 93 21 e7 2f 31 97 62 bd eb 04 a0 e6 31 71 04 a1 6e a4 b5 79 a4 a7 65 96 cb e7 6e 63 78 f9 cd 05 49 08 0b f6 f5 3a 49 19 29 89 76 c2 d4 31 7c a8 3e 4c 7d 44 c4 ee 5e 2b 71 7a 48 04 e9 b2 ee 14 a1 34 73 9a 7f 17 3d 7a f4 90 d4 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8494007e48 | unwrapped: 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | unwrapped: 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | unwrapped: 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | unwrapped: fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | unwrapped: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a1f7f590 | result: final-key@0x7f848000b980 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000b980 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f578 | result: final-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f848000b980 | prf+N PRF sha final-key@0x7f8490006bb0 (size 20) | prf+N: key-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3f0a20 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a1f7f608 | result: result-key@0x7f848000b980 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3f0a20 | prfplus: release old_t[N]-key@0x7f8480006650 | prf+N PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+N: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f588 | result: clone-key@0x7f8480006650 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8494008020 from key-key@0x7f8480006650 | prf+N prf: begin sha with context 0x7f8494008020 from key-key@0x7f8480006650 | prf+N: release clone-key@0x7f8480006650 | prf+N PRF sha crypt-prf@0x7f8494006dd8 | prf+N PRF sha update old_t-key@0x7f8490006bb0 (size 20) | prf+N: old_t-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f8490006bb0 | nss hmac digest hack: symkey-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 18 9c 61 70 e2 40 d2 61 8d 19 97 16 8c 76 5b 23 4e 0e 30 c8 f5 5b 85 67 fa 57 8c b9 b8 32 7f 24 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8494006d88 | unwrapped: ba 90 dd 29 c0 b7 53 5d 61 57 da 4d ce 1e 86 42 | unwrapped: 82 ae 7f 23 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3eef50 (size 80) | prf+N: seed-key@0x55593e3eef50 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3eef50 | nss hmac digest hack: symkey-key@0x55593e3eef50 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 44 00 46 14 7d 93 21 e7 2f 31 97 62 bd eb 04 a0 e6 31 71 04 a1 6e a4 b5 79 a4 a7 65 96 cb e7 6e 63 78 f9 cd 05 49 08 0b f6 f5 3a 49 19 29 89 76 c2 d4 31 7c a8 3e 4c 7d 44 c4 ee 5e 2b 71 7a 48 04 e9 b2 ee 14 a1 34 73 9a 7f 17 3d 7a f4 90 d4 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8494007dc8 | unwrapped: 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | unwrapped: 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | unwrapped: 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | unwrapped: fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | unwrapped: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a1f7f590 | result: final-key@0x55593e3f0a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f0a20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f578 | result: final-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f0a20 | prf+N PRF sha final-key@0x7f8480006650 (size 20) | prf+N: key-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848000b980 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a1f7f608 | result: result-key@0x55593e3f0a20 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f848000b980 | prfplus: release old_t[N]-key@0x7f8490006bb0 | prf+N PRF sha init key-key@0x55593e3d5be0 (size 20) | prf+N: key-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f588 | result: clone-key@0x7f8490006bb0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f8494006e00 from key-key@0x7f8490006bb0 | prf+N prf: begin sha with context 0x7f8494006e00 from key-key@0x7f8490006bb0 | prf+N: release clone-key@0x7f8490006bb0 | prf+N PRF sha crypt-prf@0x7f8494007a48 | prf+N PRF sha update old_t-key@0x7f8480006650 (size 20) | prf+N: old_t-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f8480006650 | nss hmac digest hack: symkey-key@0x7f8480006650 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 4e 9b bf 12 6d eb ed dd 8f 48 2d 27 08 3b 55 00 0c 8a dc 83 fe b0 76 46 ef 4d 82 91 dc ff 86 f7 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f84940028b8 | unwrapped: d7 60 75 16 82 e8 eb 79 6d b7 48 85 98 3e 17 36 | unwrapped: 68 a2 66 8f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3eef50 (size 80) | prf+N: seed-key@0x55593e3eef50 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3eef50 | nss hmac digest hack: symkey-key@0x55593e3eef50 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: 44 00 46 14 7d 93 21 e7 2f 31 97 62 bd eb 04 a0 e6 31 71 04 a1 6e a4 b5 79 a4 a7 65 96 cb e7 6e 63 78 f9 cd 05 49 08 0b f6 f5 3a 49 19 29 89 76 c2 d4 31 7c a8 3e 4c 7d 44 c4 ee 5e 2b 71 7a 48 04 e9 b2 ee 14 a1 34 73 9a 7f 17 3d 7a f4 90 d4 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8494008de8 | unwrapped: 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | unwrapped: 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | unwrapped: 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | unwrapped: fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | unwrapped: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a1f7f590 | result: final-key@0x7f848000b980 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000b980 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f578 | result: final-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f848000b980 | prf+N PRF sha final-key@0x7f8490006bb0 (size 20) | prf+N: key-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3f0a20 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a1f7f608 | result: result-key@0x7f848000b980 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3f0a20 | prfplus: release old_t[N]-key@0x7f8480006650 | prfplus: release old_t[final]-key@0x7f8490006bb0 | ike_sa_keymat: release data-key@0x55593e3eef50 | calc_skeyseed_v2: release skeyseed_k-key@0x55593e3d5be0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000b980 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f7a8 | result: result-key@0x55593e3d5be0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000b980 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f7a8 | result: result-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000b980 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f7a8 | result: result-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f848000b980 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f7b8 | result: SK_ei_k-key@0x7f8480006650 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f848000b980 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f7b8 | result: SK_er_k-key@0x55593e3f0a20 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000b980 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f7b8 | result: result-key@0x7f848000f0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f848000f0e0 | chunk_SK_pi: symkey-key@0x7f848000f0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: f5 c6 f2 bf 77 6e 4e 55 f1 45 04 2f 0a d8 8e 30 8c 4a 7f 78 8e b1 bc 9d 40 24 5a 28 57 b4 dd 27 | chunk_SK_pi: release slot-key-key@0x55593e3d0e50 | chunk_SK_pi extracted len 32 bytes at 0x7f8494006dd8 | unwrapped: ce 1e 86 42 82 ae 7f 23 d7 60 75 16 82 e8 eb 79 | unwrapped: 6d b7 48 85 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848000b980 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a1f7f7b8 | result: result-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f848000a000 | chunk_SK_pr: symkey-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: cd 53 90 d9 f5 99 fb 9a 28 54 de cf 2a 30 16 1e 33 cb 12 dc 98 a8 c6 e5 57 d5 65 9b c0 b6 89 47 | chunk_SK_pr: release slot-key-key@0x55593e3d0e50 | chunk_SK_pr extracted len 32 bytes at 0x7f84940028b8 | unwrapped: 98 3e 17 36 68 a2 66 8f 83 3b c9 1d c7 fe c6 23 | unwrapped: c2 90 99 60 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f848000b980 | calc_skeyseed_v2 pointers: shared-key@0x55593e3f7c30, SK_d-key@0x55593e3d5be0, SK_ai-key@0x55593e3eef50, SK_ar-key@0x7f8490006bb0, SK_ei-key@0x7f8480006650, SK_er-key@0x55593e3f0a20, SK_pi-key@0x7f848000f0e0, SK_pr-key@0x7f848000a000 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | ce 1e 86 42 82 ae 7f 23 d7 60 75 16 82 e8 eb 79 | 6d b7 48 85 | calc_skeyseed_v2 SK_pr | 98 3e 17 36 68 a2 66 8f 83 3b c9 1d c7 fe c6 23 | c2 90 99 60 | crypto helper 2 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 10 time elapsed 0.002499 seconds | (#13) spent 2.48 milliseconds in crypto helper computing work-order 10: ikev2_inI2outR2 KE (pcr) | crypto helper 2 sending results from work-order 10 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7f8494007648 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #13 | start processing: state #13 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 10 | calling continuation function 0x55593d342b50 | ikev2_parent_inI2outR2_continue for #13: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f849000f398: transferring ownership from helper IKEv2 DH to state #13 | finish_dh_v2: release st_shared_nss-key@NULL | #13 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x55593e3eef50 (size 20) | hmac: symkey-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3eef50 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3618 | result: clone-key@0x7f848000b980 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8484002b50 from symkey-key@0x7f848000b980 | hmac prf: begin sha with context 0x7f8484002b50 from symkey-key@0x7f848000b980 | hmac: release clone-key@0x7f848000b980 | hmac PRF sha crypt-prf@0x55593e3fc908 | hmac PRF sha update data-bytes@0x55593e37c368 (length 192) | 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | fb 84 e4 ad bb 34 3e dd 1e 8d 2a ae ea d9 33 c5 | 80 1c 25 a6 78 0b 2b 32 93 3b 7a 1f 46 2d 68 d0 | 12 3e b8 aa 17 d0 75 2e 8c bb 21 83 af 61 9f 75 | bf d5 9a 29 99 bf 1a 44 86 46 20 2e 33 d0 70 1a | 7c 10 3e ec d2 17 c3 7d 79 83 85 be 47 7c 88 73 | be fa 20 9f 4d 68 b5 4a cc 89 d9 10 72 1f 67 5f | 6c fd 36 46 1e 92 c7 eb 6d 65 f5 5b 17 5c 5e c4 | 6a 18 4a d8 2d b2 4b 2f cb 28 34 d1 74 f1 cf 1e | 49 58 c6 b9 33 63 02 4e 2b b8 ff 79 7e 49 ea c9 | 13 b7 31 d2 d2 1e db 06 46 fa 96 92 7e 37 9a f9 | hmac PRF sha final-bytes@0x7ffe993d37e0 (length 20) | a2 8f af 5b 1d 93 3d e3 70 9e 3d e8 00 11 a5 03 | f6 0e ef c4 | data for hmac: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | data for hmac: fb 84 e4 ad bb 34 3e dd 1e 8d 2a ae ea d9 33 c5 | data for hmac: 80 1c 25 a6 78 0b 2b 32 93 3b 7a 1f 46 2d 68 d0 | data for hmac: 12 3e b8 aa 17 d0 75 2e 8c bb 21 83 af 61 9f 75 | data for hmac: bf d5 9a 29 99 bf 1a 44 86 46 20 2e 33 d0 70 1a | data for hmac: 7c 10 3e ec d2 17 c3 7d 79 83 85 be 47 7c 88 73 | data for hmac: be fa 20 9f 4d 68 b5 4a cc 89 d9 10 72 1f 67 5f | data for hmac: 6c fd 36 46 1e 92 c7 eb 6d 65 f5 5b 17 5c 5e c4 | data for hmac: 6a 18 4a d8 2d b2 4b 2f cb 28 34 d1 74 f1 cf 1e | data for hmac: 49 58 c6 b9 33 63 02 4e 2b b8 ff 79 7e 49 ea c9 | data for hmac: 13 b7 31 d2 d2 1e db 06 46 fa 96 92 7e 37 9a f9 | calculated auth: a2 8f af 5b 1d 93 3d e3 70 9e 3d e8 | provided auth: a2 8f af 5b 1d 93 3d e3 70 9e 3d e8 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | fb 84 e4 ad bb 34 3e dd 1e 8d 2a ae ea d9 33 c5 | payload before decryption: | 80 1c 25 a6 78 0b 2b 32 93 3b 7a 1f 46 2d 68 d0 | 12 3e b8 aa 17 d0 75 2e 8c bb 21 83 af 61 9f 75 | bf d5 9a 29 99 bf 1a 44 86 46 20 2e 33 d0 70 1a | 7c 10 3e ec d2 17 c3 7d 79 83 85 be 47 7c 88 73 | be fa 20 9f 4d 68 b5 4a cc 89 d9 10 72 1f 67 5f | 6c fd 36 46 1e 92 c7 eb 6d 65 f5 5b 17 5c 5e c4 | 6a 18 4a d8 2d b2 4b 2f cb 28 34 d1 74 f1 cf 1e | 49 58 c6 b9 33 63 02 4e 2b b8 ff 79 7e 49 ea c9 | 13 b7 31 d2 d2 1e db 06 46 fa 96 92 7e 37 9a f9 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 6d e0 38 8f 11 39 6b bf 25 17 58 fd f5 fc 7b ee | 18 d2 67 ec 2c 00 00 28 00 00 00 24 01 03 04 03 | 62 aa 57 24 03 00 00 08 01 00 00 0c 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | stripping 4 octets as pad | #13 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #13: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #13 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #13: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7f848000f0e0 (size 20) | hmac: symkey-key@0x7f848000f0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000f0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3098 | result: clone-key@0x7f848000b980 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8484002b50 from symkey-key@0x7f848000b980 | hmac prf: begin sha with context 0x7f8484002b50 from symkey-key@0x7f848000b980 | hmac: release clone-key@0x7f848000b980 | hmac PRF sha crypt-prf@0x55593e3faec8 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x55593e37c39c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffe993d3240 (length 20) | 42 b9 e3 7c 50 8b ef f0 e1 bd dd 7c d9 d7 9a 50 | 43 fd a1 e7 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | inputs to hash1 (first packet) | 4d 43 64 2b 14 89 89 a8 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 81 8b 15 c5 fc 8a 9c 97 b7 7b 26 f3 | e5 a5 5a 43 35 b9 32 51 79 94 ec b9 87 c1 a7 20 | f7 62 4e e5 2b 0e 49 b7 60 fe 31 f8 a9 7f 52 c8 | ee 1d 62 7f 87 c3 25 b2 42 af ac a5 55 77 54 60 | ae 96 99 aa 23 dd 8a ea 5d df e2 c3 f9 10 83 92 | 6f 09 b3 81 1e b5 41 9e c7 aa 24 2b cf 05 22 00 | 9a 1d 63 91 0f 0c a7 09 08 55 93 bd 35 11 ea 43 | 03 a7 3d a7 e2 c2 eb b5 a5 a4 4f 22 a7 31 40 11 | d0 29 13 61 69 00 46 bd d1 6f 77 4a dd 02 6b ea | 67 d5 ab d6 36 45 7b 9f 52 b6 13 56 74 78 77 0e | 7f a8 e7 32 26 e3 dd 34 e9 8e f1 c9 be 36 cb 17 | 0a 1c 45 09 ff 4e 08 3b 1c 8e 93 1c 76 34 65 f8 | 21 46 25 08 13 e8 ba ac 50 1d 87 a8 43 e1 19 ab | af 71 cd 39 97 7e d9 d2 31 b6 ca c9 ca f5 22 fd | 4f 34 82 32 7f 86 d6 5e f7 28 b3 2b 7e db 07 6c | e8 1a 53 ba d7 9a 59 a3 37 45 62 5f 5e 6b 86 e0 | ac 8c 64 e3 29 00 00 24 75 df dc ee 1d d4 9b ea | d6 d4 fe 43 e1 f4 92 f3 18 a9 d9 eb 4b 08 2c 48 | c2 3f 8b 6a ef 9c f2 f2 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 4a 5d 89 a3 85 6f fe 71 | c6 5a d0 9b 49 b7 4c a3 27 7c 52 77 00 00 00 1c | 00 00 40 05 2b 64 75 e1 1d 54 66 bb 6d 45 e1 d2 | 89 e4 1a a1 4b 8b c3 64 | verify: initiator inputs to hash2 (responder nonce) | 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | idhash 42 b9 e3 7c 50 8b ef f0 e1 bd dd 7c d9 d7 9a 50 | idhash 43 fd a1 e7 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55593e3d0da8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2e90 | result: shared secret-key@0x55593e3f3e30 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55593e3f3e30 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2e78 | result: shared secret-key@0x7f848000b980 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55593e3f3e30 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f8484002b50 from shared secret-key@0x7f848000b980 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f8484002b50 from shared secret-key@0x7f848000b980 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f848000b980 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55593e3fc908 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55593d3d54d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2eb0 | result: final-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2e98 | result: final-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f3e30 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f848000b980 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f848000b980 (size 20) | = prf(, ): -key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2ea8 | result: clone-key@0x55593e3f3e30 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f8484002b50 from -key@0x55593e3f3e30 | = prf(, ) prf: begin sha with context 0x7f8484002b50 from -key@0x55593e3f3e30 | = prf(, ): release clone-key@0x55593e3f3e30 | = prf(, ) PRF sha crypt-prf@0x55593e3faec8 | = prf(, ) PRF sha update first-packet-bytes@0x55593e3ee518 (length 440) | 4d 43 64 2b 14 89 89 a8 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 81 8b 15 c5 fc 8a 9c 97 b7 7b 26 f3 | e5 a5 5a 43 35 b9 32 51 79 94 ec b9 87 c1 a7 20 | f7 62 4e e5 2b 0e 49 b7 60 fe 31 f8 a9 7f 52 c8 | ee 1d 62 7f 87 c3 25 b2 42 af ac a5 55 77 54 60 | ae 96 99 aa 23 dd 8a ea 5d df e2 c3 f9 10 83 92 | 6f 09 b3 81 1e b5 41 9e c7 aa 24 2b cf 05 22 00 | 9a 1d 63 91 0f 0c a7 09 08 55 93 bd 35 11 ea 43 | 03 a7 3d a7 e2 c2 eb b5 a5 a4 4f 22 a7 31 40 11 | d0 29 13 61 69 00 46 bd d1 6f 77 4a dd 02 6b ea | 67 d5 ab d6 36 45 7b 9f 52 b6 13 56 74 78 77 0e | 7f a8 e7 32 26 e3 dd 34 e9 8e f1 c9 be 36 cb 17 | 0a 1c 45 09 ff 4e 08 3b 1c 8e 93 1c 76 34 65 f8 | 21 46 25 08 13 e8 ba ac 50 1d 87 a8 43 e1 19 ab | af 71 cd 39 97 7e d9 d2 31 b6 ca c9 ca f5 22 fd | 4f 34 82 32 7f 86 d6 5e f7 28 b3 2b 7e db 07 6c | e8 1a 53 ba d7 9a 59 a3 37 45 62 5f 5e 6b 86 e0 | ac 8c 64 e3 29 00 00 24 75 df dc ee 1d d4 9b ea | d6 d4 fe 43 e1 f4 92 f3 18 a9 d9 eb 4b 08 2c 48 | c2 3f 8b 6a ef 9c f2 f2 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 4a 5d 89 a3 85 6f fe 71 | c6 5a d0 9b 49 b7 4c a3 27 7c 52 77 00 00 00 1c | 00 00 40 05 2b 64 75 e1 1d 54 66 bb 6d 45 e1 d2 | 89 e4 1a a1 4b 8b c3 64 | = prf(, ) PRF sha update nonce-bytes@0x7f8490003a78 (length 32) | 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | = prf(, ) PRF sha update hash-bytes@0x7ffe993d3240 (length 20) | 42 b9 e3 7c 50 8b ef f0 e1 bd dd 7c d9 d7 9a 50 | 43 fd a1 e7 | = prf(, ) PRF sha final-chunk@0x55593e3f5868 (length 20) | 6d e0 38 8f 11 39 6b bf 25 17 58 fd f5 fc 7b ee | 18 d2 67 ec | psk_auth: release prf-psk-key@0x7f848000b980 | Received PSK auth octets | 6d e0 38 8f 11 39 6b bf 25 17 58 fd f5 fc 7b ee | 18 d2 67 ec | Calculated PSK auth octets | 6d e0 38 8f 11 39 6b bf 25 17 58 fd f5 fc 7b ee | 18 d2 67 ec "east" #13: Authenticated using authby=secret | parent state #13: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #13 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f8490005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f8498002b78 | event_schedule: new EVENT_SA_REKEY-pe@0x7f8498002b78 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #13 | libevent_malloc: new ptr-libevent@0x55593e3f95d8 size 128 | pstats #13 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 4d 43 64 2b 14 89 89 a8 | responder cookie: | 8d 1d b1 78 1a 7b 37 8b | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7f848000a000 (size 20) | hmac: symkey-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000a000 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2a18 | result: clone-key@0x7f848000b980 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8484002b50 from symkey-key@0x7f848000b980 | hmac prf: begin sha with context 0x7f8484002b50 from symkey-key@0x7f848000b980 | hmac: release clone-key@0x7f848000b980 | hmac PRF sha crypt-prf@0x55593e3faec8 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x55593d4408f4 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffe993d2d10 (length 20) | 7a 11 fb 8a f0 ce 9b 39 c4 2a 27 f4 8e f8 ec 4c | dc 3e fd fa | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | inputs to hash1 (first packet) | 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 c7 61 ca a3 30 15 2a 16 1d c2 0a 58 | 16 2c 98 07 b2 49 24 5a e3 48 83 61 c7 0b 97 92 | 94 d5 5c 00 72 6b 70 78 e4 2b 25 5a 72 81 11 bf | a0 44 51 1d 94 1b 4c f9 44 60 eb 89 f9 09 b6 32 | a4 b6 ed 95 47 75 86 02 b3 0f b4 a6 9a 56 f6 65 | 3e 8d 2d 21 5a 99 7f da 51 d2 5e 64 24 32 06 2c | f6 c2 20 1b 97 9f ef 14 4d f0 fd 94 6e 72 6f 3e | 44 9e 93 49 a7 d4 ac 8a 84 17 db ee ca 41 d7 d9 | 96 29 a7 7e d7 ad 54 73 11 b3 98 02 a5 99 27 77 | 95 05 5c 45 80 e4 b0 5c 3d dd 9a f0 39 4f d5 07 | 01 97 5c 22 75 bc 00 60 c2 dc d8 7e 1d 50 85 15 | 02 2c e3 2e d0 54 73 fc e8 ae 20 05 a5 0e ea 48 | c4 35 95 6d c2 dd 93 ce c2 7b e6 c1 0c f7 25 b4 | 89 6b 2a 57 36 d9 2b 7e c0 5e 75 20 fe 98 50 31 | 32 a4 ba 99 7a 42 48 22 49 1e 99 71 2a 8b d8 2d | 12 89 fc 49 cd 52 9d a5 ea 25 56 f7 92 ac 7a 12 | a1 0f c8 5f 29 00 00 24 69 5f 03 28 4f d8 42 20 | 8f f0 0a 8a 73 c9 a0 13 fa 61 e9 65 22 8d f5 a4 | 27 1d 47 65 e8 07 7b f7 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 d5 32 23 af d9 d7 9a 6f | 37 90 30 b2 85 d0 e1 96 ed 69 eb 8e 00 00 00 1c | 00 00 40 05 31 b5 87 f2 7e f9 2b d9 ef 58 f3 b6 | 7c 30 6f 90 de 34 7f 51 | create: responder inputs to hash2 (initiator nonce) | 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | idhash 7a 11 fb 8a f0 ce 9b 39 c4 2a 27 f4 8e f8 ec 4c | idhash dc 3e fd fa | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55593e3d0da8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2800 | result: shared secret-key@0x55593e3f3e30 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55593e3f3e30 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27e8 | result: shared secret-key@0x7f848000b980 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55593e3f3e30 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f8484002b50 from shared secret-key@0x7f848000b980 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f8484002b50 from shared secret-key@0x7f848000b980 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f848000b980 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55593e3f5868 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55593d3d54d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2820 | result: final-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2808 | result: final-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f3e30 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f848000b980 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f848000b980 (size 20) | = prf(, ): -key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2818 | result: clone-key@0x55593e3f3e30 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f8484002b50 from -key@0x55593e3f3e30 | = prf(, ) prf: begin sha with context 0x7f8484002b50 from -key@0x55593e3f3e30 | = prf(, ): release clone-key@0x55593e3f3e30 | = prf(, ) PRF sha crypt-prf@0x55593e3faec8 | = prf(, ) PRF sha update first-packet-bytes@0x55593e3f6598 (length 440) | 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 c7 61 ca a3 30 15 2a 16 1d c2 0a 58 | 16 2c 98 07 b2 49 24 5a e3 48 83 61 c7 0b 97 92 | 94 d5 5c 00 72 6b 70 78 e4 2b 25 5a 72 81 11 bf | a0 44 51 1d 94 1b 4c f9 44 60 eb 89 f9 09 b6 32 | a4 b6 ed 95 47 75 86 02 b3 0f b4 a6 9a 56 f6 65 | 3e 8d 2d 21 5a 99 7f da 51 d2 5e 64 24 32 06 2c | f6 c2 20 1b 97 9f ef 14 4d f0 fd 94 6e 72 6f 3e | 44 9e 93 49 a7 d4 ac 8a 84 17 db ee ca 41 d7 d9 | 96 29 a7 7e d7 ad 54 73 11 b3 98 02 a5 99 27 77 | 95 05 5c 45 80 e4 b0 5c 3d dd 9a f0 39 4f d5 07 | 01 97 5c 22 75 bc 00 60 c2 dc d8 7e 1d 50 85 15 | 02 2c e3 2e d0 54 73 fc e8 ae 20 05 a5 0e ea 48 | c4 35 95 6d c2 dd 93 ce c2 7b e6 c1 0c f7 25 b4 | 89 6b 2a 57 36 d9 2b 7e c0 5e 75 20 fe 98 50 31 | 32 a4 ba 99 7a 42 48 22 49 1e 99 71 2a 8b d8 2d | 12 89 fc 49 cd 52 9d a5 ea 25 56 f7 92 ac 7a 12 | a1 0f c8 5f 29 00 00 24 69 5f 03 28 4f d8 42 20 | 8f f0 0a 8a 73 c9 a0 13 fa 61 e9 65 22 8d f5 a4 | 27 1d 47 65 e8 07 7b f7 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 d5 32 23 af d9 d7 9a 6f | 37 90 30 b2 85 d0 e1 96 ed 69 eb 8e 00 00 00 1c | 00 00 40 05 31 b5 87 f2 7e f9 2b d9 ef 58 f3 b6 | 7c 30 6f 90 de 34 7f 51 | = prf(, ) PRF sha update nonce-bytes@0x55593e3ed758 (length 32) | 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | = prf(, ) PRF sha update hash-bytes@0x7ffe993d2d10 (length 20) | 7a 11 fb 8a f0 ce 9b 39 c4 2a 27 f4 8e f8 ec 4c | dc 3e fd fa | = prf(, ) PRF sha final-chunk@0x55593e3fc908 (length 20) | 2f a6 84 cf ce e9 ce 2f 9d d8 9a ce 5c 86 b4 3c | 3f 07 ba ad | psk_auth: release prf-psk-key@0x7f848000b980 | PSK auth octets 2f a6 84 cf ce e9 ce 2f 9d d8 9a ce 5c 86 b4 3c | PSK auth octets 3f 07 ba ad | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 2f a6 84 cf ce e9 ce 2f 9d d8 9a ce 5c 86 b4 3c | PSK auth 3f 07 ba ad | emitting length of IKEv2 Authentication Payload: 28 | creating state object #14 at 0x55593e3f6b68 | State DB: adding IKEv2 state #14 in UNDEFINED | pstats #14 ikev2.child started | duplicating state object #13 "east" as #14 for IPSEC SA | #14 setting local endpoint to 192.1.2.23:500 from #13.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x55593e3d5be0 | duplicate_state: reference st_skey_ai_nss-key@0x55593e3eef50 | duplicate_state: reference st_skey_ar_nss-key@0x7f8490006bb0 | duplicate_state: reference st_skey_ei_nss-key@0x7f8480006650 | duplicate_state: reference st_skey_er_nss-key@0x55593e3f0a20 | duplicate_state: reference st_skey_pi_nss-key@0x7f848000f0e0 | duplicate_state: reference st_skey_pr_nss-key@0x7f848000a000 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #13.#14; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #13 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #13.#14 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 62 aa 57 24 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: INTEG+ESN; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #13: no local proposal matches remote proposals 1:ESP:ENCR=AES_CBC;INTEG=HMAC_SHA1_96;ESN=DISABLED "east" #13: IKE_AUTH responder matching remote ESP/AH proposals failed, responder SA processing returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | ikev2_child_sa_respond returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | ikev2_parent_inI2outR2_continue_tail returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | #13 spent 1.36 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #13 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #14 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #14 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | sending a notification reply "east" #14: responding to IKE_AUTH message (ID 1) from 192.1.2.45:500 with encrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS encrypted notification | **emit ISAKMP Message: | initiator cookie: | 4d 43 64 2b 14 89 89 a8 | responder cookie: | 8d 1d b1 78 1a 7b 37 8b | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'encrypted notification' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Adding a v2N Payload | ****emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'encrypted notification' | emitting length of IKEv2 Notify Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 4d 7d be dc a5 f2 ca 6e 4c 75 3e db ec 16 cb e8 | data before encryption: | 00 00 00 08 00 00 00 0e 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 3f d7 bf 20 4f a4 7a 1d 97 d2 53 5a 7a 4d 30 7f | hmac PRF sha init symkey-key@0x7f8490006bb0 (size 20) | hmac: symkey-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2af8 | result: clone-key@0x7f848000b980 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8484002b50 from symkey-key@0x7f848000b980 | hmac prf: begin sha with context 0x7f8484002b50 from symkey-key@0x7f848000b980 | hmac: release clone-key@0x7f848000b980 | hmac PRF sha crypt-prf@0x55593e3f25e8 | hmac PRF sha update data-bytes@0x7ffe993d2f20 (length 64) | 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 4d 7d be dc a5 f2 ca 6e 4c 75 3e db ec 16 cb e8 | 3f d7 bf 20 4f a4 7a 1d 97 d2 53 5a 7a 4d 30 7f | hmac PRF sha final-bytes@0x7ffe993d2f60 (length 20) | 79 60 62 d4 50 c1 e4 a0 8f b8 55 d6 8e 18 7d 9f | 1a 96 66 e7 | data being hmac: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | data being hmac: 4d 7d be dc a5 f2 ca 6e 4c 75 3e db ec 16 cb e8 | data being hmac: 3f d7 bf 20 4f a4 7a 1d 97 d2 53 5a 7a 4d 30 7f | out calculated auth: | 79 60 62 d4 50 c1 e4 a0 8f b8 55 d6 | sending 76 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #13) | 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 4d 7d be dc a5 f2 ca 6e 4c 75 3e db ec 16 cb e8 | 3f d7 bf 20 4f a4 7a 1d 97 d2 53 5a 7a 4d 30 7f | 79 60 62 d4 50 c1 e4 a0 8f b8 55 d6 | forcing #14 to a discard event | event_schedule: new EVENT_SO_DISCARD-pe@0x7f8484002b78 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #14 | libevent_malloc: new ptr-libevent@0x55593e3fc698 size 128 | state transition function for STATE_UNDEFINED failed: v2N_NO_PROPOSAL_CHOSEN | resume sending helper answer for #13 suppresed complete_v2_state_transition() | #13 spent 1.87 milliseconds in resume sending helper answer | stop processing: state #14 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f8494007648 | spent 0.00303 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | cd 27 53 3b d0 6f c5 49 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 1c 6e 21 f1 4d c9 20 b1 b1 70 48 b1 | ed 3e 5f ff c0 17 6c 00 f5 8b 96 93 e8 92 15 0f | 00 d7 b0 be ef 0b 6e 40 6d 6d 60 4f a2 c0 a4 fc | 71 9e ae 3c b1 e8 29 56 f6 c4 d4 27 a4 fd 88 ee | 0f a6 1f af bc 48 d7 c4 d1 41 e6 e8 7e 01 d5 82 | 4c da c7 0c f1 4b c5 c2 e8 1e 70 80 25 8b ed 39 | 20 c0 50 63 ad b4 03 80 a7 ab 03 ad ed ac 07 10 | 8f 0b 23 9a 91 f2 a7 f1 8a 2c 80 9c b4 f8 80 56 | 0e a3 90 54 a1 9e a2 04 96 55 64 9c b4 44 09 00 | d6 c5 9e 65 53 87 ad df c8 52 dd 4b 8d dc eb 7b | b6 53 0d 23 ae 80 e4 ff 4b 49 c2 de 19 df da 8f | 19 85 0d f3 5c ce 77 f5 19 24 d8 07 57 97 d2 8a | 30 70 9a e6 fc 7f 14 48 97 2e ca 28 26 d6 73 fe | 3a d3 c1 a9 b1 5c 2c 38 3c 53 a0 42 9a 28 72 a2 | ae 81 60 e2 9f 83 84 b6 ec e6 39 ef 3c ae d2 d9 | 14 a8 81 bf 8f 7b 97 7b c7 c8 1b ec bf 89 0e aa | 7d 6f 5b 53 29 00 00 24 fd bb a2 9b 09 33 48 61 | 37 18 b0 c2 62 12 88 9a c2 22 88 4a 55 02 81 69 | f7 5e 97 17 35 e4 79 dd 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 46 14 5f 88 aa 25 e0 f2 | 1d 5a fa d3 4a f8 b1 cc 0d e0 fa e3 00 00 00 1c | 00 00 40 05 96 f7 df 26 0e 42 5e 01 e1 e1 36 2c | f2 d6 be d1 6b f8 17 36 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cd 27 53 3b d0 6f c5 49 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x55593e3ea5d8 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x55593d434700 (length 32) | c4 5b 99 07 46 d6 b8 54 7e b5 91 29 51 b8 2a 78 | a9 67 8c 5b f0 7f 01 45 df c1 c8 27 69 7e 9f f4 | IKE SPIr hash sha2_256 digest counter-bytes@0x55593d4346e0 (length 4) | 0a 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7ffe993d3d80 (length 32) | 9d b2 3c d4 0b 06 12 a7 66 bf f7 55 99 fb 6a 04 | 69 e6 56 42 06 be 9f 43 1e 3b 5b 0c b7 ea 88 34 | creating state object #15 at 0x55593e3f59c8 | State DB: adding IKEv2 state #15 in UNDEFINED | pstats #15 ikev2.ike started | Message ID: init #15: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #15: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #15; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #15 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #15 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #15 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #15 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #15 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #15 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #15 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) "east" #15: af+type of IKEv2 Attribute Substructure Payload has an unknown value: 14 (0xe) "east" #15: remote proposal 1 transform 0 contains corrupt attribute "east" #15: partial list of remote proposals: 1:IKE:[corrupt-attribute] "east" #15: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification INVALID_SYNTAX | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | cd 27 53 3b d0 6f c5 49 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | cd 27 53 3b d0 6f c5 49 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | #15 spent 0.155 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #15 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #15 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #15 has no whack fd | pstats #15 ikev2.ike deleted other | [RE]START processing: state #15 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #15: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #15: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #15 in PARENT_R0 | parent state #15: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #15 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #15 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.647 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00314 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 2a 0b 3d 54 f7 50 12 5b 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 87 7d bd 09 dd 1e 05 78 a5 a5 57 10 | 5b a0 9d f8 20 23 52 2c 60 f7 62 ba c4 a3 a4 7c | 38 7d d1 ec 7a d6 a4 6d 06 a6 86 ff 93 28 06 e6 | f8 b6 fd cc c5 f7 70 3b 8e 07 11 fa 1c 96 68 b1 | ee 0f 96 32 38 66 4d fd 30 3c 5a 4c 19 4e e2 3f | b3 05 8b a7 f6 ff a8 c7 18 44 87 4f d6 df ab 52 | 77 9a 60 29 c3 07 80 4b c4 61 87 8c 56 22 c2 6c | d8 86 c2 20 b4 61 0d 2c b8 22 48 84 a4 c5 db 59 | 18 58 8f e6 f1 52 9f 2d e0 af 42 4c f3 00 30 a8 | 72 57 54 c3 fa b4 bb 24 4f b0 bf 73 9b b3 03 68 | bc a6 16 c3 cf b8 61 fc 15 78 4e 67 eb 1e a7 88 | 09 cf 3b 7f ac 38 80 48 08 27 04 d9 02 71 60 20 | 81 ca 4a 5d d2 37 7c 2c 3a 05 4e dd c4 cb ff a8 | 02 8c 14 69 02 cf e3 8e 47 be 93 b1 25 ca 0b 93 | 48 ce 34 00 e9 b2 82 be e5 fc b7 21 08 dd 8c 43 | d0 c2 01 84 4b 38 ca a5 93 47 96 e3 d4 1c 7f f9 | 97 ac 9e dc 29 00 00 24 e9 69 63 8c be e4 65 47 | 42 99 1e 8d 5e bf 3b b4 7e 38 a1 13 6a 04 a0 dc | 1b 7e ab a7 0d 94 b6 0d 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 2f 85 be 5a 13 e8 ac 02 | 78 87 11 c9 8b 87 d5 da f9 d9 62 b2 00 00 00 1c | 00 00 40 05 13 93 d0 5e 73 8a 7a bb e5 e4 85 60 | 0a 58 74 2f ff b0 66 e3 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 2a 0b 3d 54 f7 50 12 5b | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x55593e3ea5d8 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x55593d434700 (length 32) | c4 5b 99 07 46 d6 b8 54 7e b5 91 29 51 b8 2a 78 | a9 67 8c 5b f0 7f 01 45 df c1 c8 27 69 7e 9f f4 | IKE SPIr hash sha2_256 digest counter-bytes@0x55593d4346e0 (length 4) | 0b 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7ffe993d3d80 (length 32) | 8e e7 49 1b a7 de 86 58 3d 31 b2 8e a3 97 54 f3 | 1b 01 6c 9a e1 7f 9c f2 ae b0 36 16 47 09 14 69 | creating state object #16 at 0x55593e3f59c8 | State DB: adding IKEv2 state #16 in UNDEFINED | pstats #16 ikev2.ike started | Message ID: init #16: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #16: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #16; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #16 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #16 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #16 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #16 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #16 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #16 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #16 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) "east" #16: af+type of IKEv2 Attribute Substructure Payload has an unknown value: 14 (0xe) "east" #16: remote proposal 1 transform 0 contains corrupt attribute "east" #16: partial list of remote proposals: 1:IKE:[corrupt-attribute] "east" #16: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification INVALID_SYNTAX | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 2a 0b 3d 54 f7 50 12 5b | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 2a 0b 3d 54 f7 50 12 5b 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | #16 spent 0.103 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #16 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #16 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #16 has no whack fd | pstats #16 ikev2.ike deleted other | [RE]START processing: state #16 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #16: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #16: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #16 in PARENT_R0 | parent state #16: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #16 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #16 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.48 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00289 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 4c f5 04 2a 45 a2 dd 5c 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 db 76 e7 a1 32 ad c4 2b 8f e4 ae 11 | dd a4 ea e0 54 d8 67 67 d8 63 3c e6 3e a4 43 6d | c6 b1 84 73 65 e1 a2 62 49 aa 95 24 67 5e 90 f6 | f1 0d 07 c6 46 0d 69 25 14 a5 2c b1 74 ef 36 6a | e9 70 f9 5f de 86 c0 9d 03 3b 9a 4b a5 a1 75 c2 | 00 74 7c dc 52 2b 5f 51 b2 71 6b ce 51 b1 9b c9 | d9 f3 78 ad 99 4f b9 1a 4f 30 d4 ed 5d 35 d0 55 | a4 63 7d c4 28 04 cf e5 db 95 ae c3 3e 09 6e e0 | 9c 17 be 28 16 e8 b9 cd 2c 28 14 b5 5b 8e 50 cd | ef 82 3b b6 e2 d9 62 8b 40 d0 b4 3f 70 81 d4 f8 | 3e 82 6e 24 49 79 16 d1 53 e6 e2 ff 26 c0 0a 18 | b8 86 75 60 f9 08 f4 a8 f4 ab 6a 56 11 c4 83 56 | 81 f3 8a 10 60 dd 70 c8 b2 06 5a 14 dc ce 41 51 | 3f 77 15 e1 9e ae fb f8 98 e8 14 31 19 ec 19 d2 | 1e 1d 61 28 7d d4 29 52 25 7d 15 c1 69 d3 28 25 | 2b ae 10 6b 75 cf 9a 42 7b 27 d7 0b 90 4a a9 5b | d2 88 07 15 29 00 00 24 fc a1 c7 3c 4c 3a 6f c7 | 04 7b 95 88 eb 4e 4d a2 97 b6 c0 c5 94 12 52 25 | b3 cf b3 78 94 3e c1 b8 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a0 eb 0e e3 0a 88 35 71 | 66 38 b4 9b 33 6d ab 27 ca 2b 2f 3c 00 00 00 1c | 00 00 40 05 be 77 30 20 de 23 47 94 8a 86 df 3a | 2a b1 a2 9e fe 69 d5 0f | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 4c f5 04 2a 45 a2 dd 5c | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x55593e3ea5d8 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x55593d434700 (length 32) | c4 5b 99 07 46 d6 b8 54 7e b5 91 29 51 b8 2a 78 | a9 67 8c 5b f0 7f 01 45 df c1 c8 27 69 7e 9f f4 | IKE SPIr hash sha2_256 digest counter-bytes@0x55593d4346e0 (length 4) | 0c 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7ffe993d3d80 (length 32) | d3 1e 78 a9 51 99 d0 f7 4f 92 95 73 f6 55 1b b2 | 9c 56 80 65 00 8b bd ff cc 3a 72 71 2b c1 f6 65 | creating state object #17 at 0x55593e3f59c8 | State DB: adding IKEv2 state #17 in UNDEFINED | pstats #17 ikev2.ike started | Message ID: init #17: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #17: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #17; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #17 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #17 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #17 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #17 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #17 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #17 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #17 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) "east" #17: af+type of IKEv2 Attribute Substructure Payload has an unknown value: 14 (0xe) "east" #17: remote proposal 1 transform 0 contains corrupt attribute "east" #17: partial list of remote proposals: 1:IKE:[corrupt-attribute] "east" #17: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification INVALID_SYNTAX | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 4c f5 04 2a 45 a2 dd 5c | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 4c f5 04 2a 45 a2 dd 5c 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | #17 spent 0.11 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #17 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #17 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #17 has no whack fd | pstats #17 ikev2.ike deleted other | [RE]START processing: state #17 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #17: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #17: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #17 in PARENT_R0 | parent state #17: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #17 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #17 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.557 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00306 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 7b b1 55 66 ac 32 cf 71 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 68 e9 d1 67 31 1c 74 4c 1f c6 06 69 | 35 e0 c8 60 78 e4 78 86 7f 8b a2 47 12 c1 fe 0c | c0 65 a4 ea 6b cb 4f 31 73 54 8f 4e b3 31 ee ba | b5 d9 d6 a8 08 a5 28 27 19 86 9c b6 c3 76 4c 6a | b1 9b 20 55 60 c3 95 f8 6f 65 2d e1 d2 cb 01 32 | 72 fe 18 30 cc 54 17 5a f7 81 b6 21 cd f2 45 59 | d5 4b e4 54 6a 80 48 2d cf 95 05 2f f9 e0 54 06 | c4 b1 60 4a cc 31 c9 01 a9 2a 12 ef 1c c4 52 eb | f1 64 14 fb 67 79 01 01 c8 b1 a0 ae 36 fc 57 1b | e8 09 c0 d2 6f 0b 26 ab 30 c8 5b 81 da 92 b3 ea | bb c0 42 c0 19 9f fd 08 a1 93 9f 9b 44 17 29 99 | 42 b4 13 dc 97 1c 74 2d 28 98 17 2e 8c 34 40 88 | 34 aa a0 7c 1e 04 d9 c6 b3 21 22 af 67 40 fb d8 | 84 96 a2 d5 26 26 b5 d2 6a 7b bb cc 38 21 57 c1 | 96 8e 55 c7 9e 40 a1 55 33 4b c2 05 41 61 29 d5 | 3e e9 a0 da 4b b9 e6 36 bc fd 1c 18 8f 25 e7 01 | 6f a4 77 9f 29 00 00 24 81 3c 1d 8d 34 a6 61 d1 | 25 a8 84 3d 7e a8 b7 ea 24 5e fc 08 74 35 eb eb | c7 75 77 eb 74 9d 92 3c 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 15 25 10 f4 ff ae 4d 5d | e4 9a e2 0c fa 55 e9 0c 30 b5 9a f4 00 00 00 1c | 00 00 40 05 87 14 3a df df b2 b5 01 3b 7b 38 24 | bc c4 84 15 2e 1a 20 9b | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 7b b1 55 66 ac 32 cf 71 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x55593e3ea5d8 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x55593d434700 (length 32) | c4 5b 99 07 46 d6 b8 54 7e b5 91 29 51 b8 2a 78 | a9 67 8c 5b f0 7f 01 45 df c1 c8 27 69 7e 9f f4 | IKE SPIr hash sha2_256 digest counter-bytes@0x55593d4346e0 (length 4) | 0d 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7ffe993d3d80 (length 32) | f7 03 32 e8 f2 06 1e ee e1 0c 03 e3 3a 06 c8 1e | ac 8c 06 d6 dd 08 d3 d7 13 3e 87 03 b9 cd 7c df | creating state object #18 at 0x55593e3f59c8 | State DB: adding IKEv2 state #18 in UNDEFINED | pstats #18 ikev2.ike started | Message ID: init #18: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #18: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #18; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #18 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #18 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #18 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #18 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #18 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #18 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #18 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) "east" #18: af+type of IKEv2 Attribute Substructure Payload has an unknown value: 14 (0xe) "east" #18: remote proposal 1 transform 0 contains corrupt attribute "east" #18: partial list of remote proposals: 1:IKE:[corrupt-attribute] "east" #18: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification INVALID_SYNTAX | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 7b b1 55 66 ac 32 cf 71 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 7b b1 55 66 ac 32 cf 71 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | #18 spent 0.15 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #18 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #18 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #18 has no whack fd | pstats #18 ikev2.ike deleted other | [RE]START processing: state #18 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #18: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #18: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #18 in PARENT_R0 | parent state #18: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #18 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #18 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.682 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00275 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | cb c5 b5 f0 c8 84 7d fe 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | c9 51 af 3e 93 c2 18 4d c6 9a 26 49 3a 7f 4c 33 | 45 77 e8 15 9a c9 d8 f0 0a 63 f6 d1 a2 a3 1e 1d | c3 c9 3d c5 9d 96 25 fd 50 48 c7 14 a1 cb c4 41 | 2e 63 c5 6a 87 fc 75 80 2f 93 fb 17 3e 6f e5 1b | f5 a9 4f 1c 07 e6 d1 51 1c 49 1f f3 f0 6b 84 71 | 7d e7 54 1d 73 a4 ce f5 47 24 ef e9 47 e5 1a c5 | c9 74 8e cd e6 7f 57 45 72 ed 14 22 78 fb c4 6b | b1 99 c2 a8 88 43 52 39 b8 1a ea 1d e1 41 da 9d | 99 4f 9f 66 d7 5d 8b 11 5c c4 79 9a 1c 8b 03 88 | a9 69 ef e8 a4 cf 97 f0 ce 5b 3b 30 c1 1e 54 ae | 54 e8 af f2 0a 87 4f 6e 32 45 e9 38 7a c7 16 30 | 14 2a 2c 9c ef ac a7 55 01 34 6c c3 3d 62 0c be | 25 ad da 1c e6 eb 34 4b 97 50 01 a5 56 92 ba f5 | 5a 1b 3b fe cb 39 9b 03 6c 36 0a 05 e5 29 c2 e9 | 83 db 88 62 5b c9 14 67 04 a7 7d 5e fe e6 bd c7 | 8f 0b d6 7f e3 24 56 c0 af 94 84 cd 40 68 e9 32 | 29 00 00 24 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 | b5 20 1f 50 57 cc b3 0b 96 29 01 2e 97 f1 db ed | 8a 08 d1 6b 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 cc d8 2d 4d c4 bd 76 bc aa 85 26 0e | 01 b2 a3 af bb 22 1b 9c 00 00 00 1c 00 00 40 05 | a9 b7 c7 51 18 43 48 77 df e3 2c 8f 05 10 a4 b0 | 0d a2 9b 40 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cb c5 b5 f0 c8 84 7d fe | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x55593e3ea5d8 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x55593d434700 (length 32) | c4 5b 99 07 46 d6 b8 54 7e b5 91 29 51 b8 2a 78 | a9 67 8c 5b f0 7f 01 45 df c1 c8 27 69 7e 9f f4 | IKE SPIr hash sha2_256 digest counter-bytes@0x55593d4346e0 (length 4) | 0e 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7ffe993d3d80 (length 32) | 10 8f 3c dd 34 67 78 f3 13 22 34 cf b7 a3 9b 13 | 41 25 7d 3b 46 bb 04 0a f9 5e 92 7e 2b dd 5e 90 | creating state object #19 at 0x55593e3f59c8 | State DB: adding IKEv2 state #19 in UNDEFINED | pstats #19 ikev2.ike started | Message ID: init #19: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #19: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #19; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #19 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #19 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #19 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #19 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #19 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #19 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #19 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 2 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: PRF+INTEG+DH | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR; missing transforms: ENCR | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 2; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 2 "east" #19: proposal 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | c9 51 af 3e 93 c2 18 4d c6 9a 26 49 3a 7f 4c 33 | 45 77 e8 15 9a c9 d8 f0 0a 63 f6 d1 a2 a3 1e 1d | c3 c9 3d c5 9d 96 25 fd 50 48 c7 14 a1 cb c4 41 | 2e 63 c5 6a 87 fc 75 80 2f 93 fb 17 3e 6f e5 1b | f5 a9 4f 1c 07 e6 d1 51 1c 49 1f f3 f0 6b 84 71 | 7d e7 54 1d 73 a4 ce f5 47 24 ef e9 47 e5 1a c5 | c9 74 8e cd e6 7f 57 45 72 ed 14 22 78 fb c4 6b | b1 99 c2 a8 88 43 52 39 b8 1a ea 1d e1 41 da 9d | 99 4f 9f 66 d7 5d 8b 11 5c c4 79 9a 1c 8b 03 88 | a9 69 ef e8 a4 cf 97 f0 ce 5b 3b 30 c1 1e 54 ae | 54 e8 af f2 0a 87 4f 6e 32 45 e9 38 7a c7 16 30 | 14 2a 2c 9c ef ac a7 55 01 34 6c c3 3d 62 0c be | 25 ad da 1c e6 eb 34 4b 97 50 01 a5 56 92 ba f5 | 5a 1b 3b fe cb 39 9b 03 6c 36 0a 05 e5 29 c2 e9 | 83 db 88 62 5b c9 14 67 04 a7 7d 5e fe e6 bd c7 | 8f 0b d6 7f e3 24 56 c0 af 94 84 cd 40 68 e9 32 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3780 (length 8) | cb c5 b5 f0 c8 84 7d fe | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3788 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe993d3714 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe993d3706 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3790 (length 20) | a9 b7 c7 51 18 43 48 77 df e3 2c 8f 05 10 a4 b0 | 0d a2 9b 40 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= cb c5 b5 f0 c8 84 7d fe | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= a9 b7 c7 51 18 43 48 77 df e3 2c 8f 05 10 a4 b0 | natd_hash: hash= 0d a2 9b 40 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3780 (length 8) | cb c5 b5 f0 c8 84 7d fe | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3788 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe993d3714 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe993d3706 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d37b0 (length 20) | cc d8 2d 4d c4 bd 76 bc aa 85 26 0e 01 b2 a3 af | bb 22 1b 9c | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= cb c5 b5 f0 c8 84 7d fe | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= cc d8 2d 4d c4 bd 76 bc aa 85 26 0e 01 b2 a3 af | natd_hash: hash= bb 22 1b 9c | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 11 for state #19 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f848c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f8494007648 size 128 | #19 spent 0.221 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | crypto helper 4 resuming | crypto helper 4 starting work-order 11 for state #19 | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | crypto helper 4 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 11 | #19 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #19 and saving MD | #19 is busy; has a suspended MD | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | "east" #19 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | stop processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | #19 spent 0.51 milliseconds in ikev2_process_packet() | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | spent 0.54 milliseconds in comm_handle_cb() reading and processing packet | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f8488007848: created | NSS: Local DH MODP2048 secret (pointer): 0x7f8488007848 | NSS: Public DH wire value: | d1 78 1b 74 de 03 45 2e 07 51 a2 8e 70 a3 65 2d | 3f 74 cc 57 c4 34 da 0f bf e4 c6 fe 85 4e 84 b7 | ec 37 fe 8d 1f 09 80 95 2f 2d eb 0f 59 92 c4 17 | d3 f2 2b 43 37 89 f6 f1 5d 32 cf 58 19 fe dd b9 | 20 74 b6 79 01 8a 57 c1 6e 2e d9 16 66 bc d2 2e | a5 f0 20 b8 a5 52 43 ae 58 54 48 e4 ba 3a 73 2f | e3 1e 2d b0 3b 73 5b 3e b3 4f 1e 36 c4 22 4f 72 | 32 9d 32 04 4e 69 ee 4e b2 41 f3 49 85 2b e4 cd | be 2f 8d 62 ab 08 a3 5a 58 6d 65 64 81 df d4 59 | 4e 75 09 76 bd 1e 9d 97 7d d1 a3 ce d6 6d 6b 02 | 9a f4 5b ab 7c 34 26 ef d0 ad 5b e8 41 58 d6 15 | e4 d3 6a ac c5 0c 87 80 bd 0c 72 fe de ae 36 b0 | 7b c3 2d 43 29 48 84 1d c5 0d a0 6e 73 a1 d7 32 | 1e c6 c5 88 47 5c 6b 0c 19 ee 2e c1 b9 02 2e aa | 79 6f cb 4f e2 0c 73 f3 e3 27 5d b4 f4 d5 3e 9e | 6e 7d 35 42 48 98 14 48 3e 30 bd 64 41 3f 0b 40 | Generated nonce: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | Generated nonce: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | crypto helper 4 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 11 time elapsed 0.000756 seconds | (#19) spent 0.733 milliseconds in crypto helper computing work-order 11: ikev2_inI1outR1 KE (pcr) | crypto helper 4 sending results from work-order 11 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7f8488004f28 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #19 | start processing: state #19 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 11 | calling continuation function 0x55593d342b50 | ikev2_parent_inI1outR1_continue for #19: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | cb c5 b5 f0 c8 84 7d fe | responder cookie: | 10 8f 3c dd 34 67 78 f3 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f8488007848: transferring ownership from helper KE to state #19 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x d1 78 1b 74 de 03 45 2e 07 51 a2 8e 70 a3 65 2d | ikev2 g^x 3f 74 cc 57 c4 34 da 0f bf e4 c6 fe 85 4e 84 b7 | ikev2 g^x ec 37 fe 8d 1f 09 80 95 2f 2d eb 0f 59 92 c4 17 | ikev2 g^x d3 f2 2b 43 37 89 f6 f1 5d 32 cf 58 19 fe dd b9 | ikev2 g^x 20 74 b6 79 01 8a 57 c1 6e 2e d9 16 66 bc d2 2e | ikev2 g^x a5 f0 20 b8 a5 52 43 ae 58 54 48 e4 ba 3a 73 2f | ikev2 g^x e3 1e 2d b0 3b 73 5b 3e b3 4f 1e 36 c4 22 4f 72 | ikev2 g^x 32 9d 32 04 4e 69 ee 4e b2 41 f3 49 85 2b e4 cd | ikev2 g^x be 2f 8d 62 ab 08 a3 5a 58 6d 65 64 81 df d4 59 | ikev2 g^x 4e 75 09 76 bd 1e 9d 97 7d d1 a3 ce d6 6d 6b 02 | ikev2 g^x 9a f4 5b ab 7c 34 26 ef d0 ad 5b e8 41 58 d6 15 | ikev2 g^x e4 d3 6a ac c5 0c 87 80 bd 0c 72 fe de ae 36 b0 | ikev2 g^x 7b c3 2d 43 29 48 84 1d c5 0d a0 6e 73 a1 d7 32 | ikev2 g^x 1e c6 c5 88 47 5c 6b 0c 19 ee 2e c1 b9 02 2e aa | ikev2 g^x 79 6f cb 4f e2 0c 73 f3 e3 27 5d b4 f4 d5 3e 9e | ikev2 g^x 6e 7d 35 42 48 98 14 48 3e 30 bd 64 41 3f 0b 40 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | IKEv2 nonce 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3cc0 (length 8) | cb c5 b5 f0 c8 84 7d fe | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3cc8 (length 8) | 10 8f 3c dd 34 67 78 f3 | NATD hash sha digest IP addr-bytes@0x7ffe993d3bf4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe993d3be6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3c70 (length 20) | 88 d6 01 e9 25 8f 4c 49 2b 22 fa cf ea 53 7a 34 | c5 a6 3c 68 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= cb c5 b5 f0 c8 84 7d fe | natd_hash: rcookie= 10 8f 3c dd 34 67 78 f3 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 88 d6 01 e9 25 8f 4c 49 2b 22 fa cf ea 53 7a 34 | natd_hash: hash= c5 a6 3c 68 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 88 d6 01 e9 25 8f 4c 49 2b 22 fa cf ea 53 7a 34 | Notify data c5 a6 3c 68 | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3cc0 (length 8) | cb c5 b5 f0 c8 84 7d fe | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3cc8 (length 8) | 10 8f 3c dd 34 67 78 f3 | NATD hash sha digest IP addr-bytes@0x7ffe993d3bf4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe993d3be6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3c70 (length 20) | 74 3e fe e0 9b 23 0a e9 f7 8c ea 32 cb b9 ed 69 | e8 60 f1 4f | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= cb c5 b5 f0 c8 84 7d fe | natd_hash: rcookie= 10 8f 3c dd 34 67 78 f3 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 74 3e fe e0 9b 23 0a e9 f7 8c ea 32 cb b9 ed 69 | natd_hash: hash= e8 60 f1 4f | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 74 3e fe e0 9b 23 0a e9 f7 8c ea 32 cb b9 ed 69 | Notify data e8 60 f1 4f | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #19 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #19: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #19 to 0 after switching state | Message ID: recv #19 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #19 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #19: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=3DES_CBC_192 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 436 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #19) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | d1 78 1b 74 de 03 45 2e 07 51 a2 8e 70 a3 65 2d | 3f 74 cc 57 c4 34 da 0f bf e4 c6 fe 85 4e 84 b7 | ec 37 fe 8d 1f 09 80 95 2f 2d eb 0f 59 92 c4 17 | d3 f2 2b 43 37 89 f6 f1 5d 32 cf 58 19 fe dd b9 | 20 74 b6 79 01 8a 57 c1 6e 2e d9 16 66 bc d2 2e | a5 f0 20 b8 a5 52 43 ae 58 54 48 e4 ba 3a 73 2f | e3 1e 2d b0 3b 73 5b 3e b3 4f 1e 36 c4 22 4f 72 | 32 9d 32 04 4e 69 ee 4e b2 41 f3 49 85 2b e4 cd | be 2f 8d 62 ab 08 a3 5a 58 6d 65 64 81 df d4 59 | 4e 75 09 76 bd 1e 9d 97 7d d1 a3 ce d6 6d 6b 02 | 9a f4 5b ab 7c 34 26 ef d0 ad 5b e8 41 58 d6 15 | e4 d3 6a ac c5 0c 87 80 bd 0c 72 fe de ae 36 b0 | 7b c3 2d 43 29 48 84 1d c5 0d a0 6e 73 a1 d7 32 | 1e c6 c5 88 47 5c 6b 0c 19 ee 2e c1 b9 02 2e aa | 79 6f cb 4f e2 0c 73 f3 e3 27 5d b4 f4 d5 3e 9e | 6e 7d 35 42 48 98 14 48 3e 30 bd 64 41 3f 0b 40 | 29 00 00 24 3b 80 63 3c d1 0f f8 6e 33 25 95 ef | b1 16 20 16 22 30 1f 60 3c de 93 9c d7 47 06 90 | e8 5f 48 44 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 88 d6 01 e9 25 8f 4c 49 2b 22 fa cf | ea 53 7a 34 c5 a6 3c 68 00 00 00 1c 00 00 40 05 | 74 3e fe e0 9b 23 0a e9 f7 8c ea 32 cb b9 ed 69 | e8 60 f1 4f | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f8494007648 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f848c002b78 | event_schedule: new EVENT_SO_DISCARD-pe@0x7f848c002b78 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #19 | libevent_malloc: new ptr-libevent@0x55593e3fc748 size 128 | resume sending helper answer for #19 suppresed complete_v2_state_transition() | #19 spent 0.334 milliseconds in resume sending helper answer | stop processing: state #19 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f8488004f28 | spent 0.00322 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 196 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | db d3 12 5b 7b ef 79 35 35 e4 db 34 30 9e 20 93 | 46 f5 d6 d9 84 fe 7a f4 15 14 58 00 27 fa 86 2f | cb cc 7f 52 e2 e3 c9 7e 18 15 37 58 3e 34 29 95 | 18 f4 4d ee aa 31 ad d1 04 38 03 6a 36 88 37 9d | 8b d8 fc 72 be 0f f7 c6 3d b0 b8 6b 7a 72 2e 1b | 61 b7 d3 a3 7c 93 fa f9 dc da 5c c9 c4 82 4c 3f | 69 c7 34 9e bb 50 85 c3 6f c3 f1 98 54 c5 be 3b | e6 3a a2 73 78 52 11 bd 3b 8e a2 45 0a 34 66 4b | cf e6 f6 5e e6 34 70 72 9a e9 22 55 c6 9f 61 1c | f6 4c 9d a5 7d ad ac c8 2a 6c 28 11 e3 63 c1 ca | fe 71 36 d5 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cb c5 b5 f0 c8 84 7d fe | responder cookie: | 10 8f 3c dd 34 67 78 f3 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 196 (0xc4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #19 in PARENT_R1 (find_v2_ike_sa) | start processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #19 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #19 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 168 (0xa8) | processing payload: ISAKMP_NEXT_v2SK (len=164) | Message ID: start-responder #19 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #19 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=3DES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f8488007848: transferring ownership from state #19 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 12 for state #19 | state #19 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x55593e3fc748 | free_event_entry: release EVENT_SO_DISCARD-pe@0x7f848c002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f848c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f8488004f28 size 128 | #19 spent 0.0253 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #19 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #19 and saving MD | #19 is busy; has a suspended MD | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #19 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 0.155 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.163 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 5 resuming | crypto helper 5 starting work-order 12 for state #19 | crypto helper 5 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 12 | peer's g: c9 51 af 3e 93 c2 18 4d c6 9a 26 49 3a 7f 4c 33 | peer's g: 45 77 e8 15 9a c9 d8 f0 0a 63 f6 d1 a2 a3 1e 1d | peer's g: c3 c9 3d c5 9d 96 25 fd 50 48 c7 14 a1 cb c4 41 | peer's g: 2e 63 c5 6a 87 fc 75 80 2f 93 fb 17 3e 6f e5 1b | peer's g: f5 a9 4f 1c 07 e6 d1 51 1c 49 1f f3 f0 6b 84 71 | peer's g: 7d e7 54 1d 73 a4 ce f5 47 24 ef e9 47 e5 1a c5 | peer's g: c9 74 8e cd e6 7f 57 45 72 ed 14 22 78 fb c4 6b | peer's g: b1 99 c2 a8 88 43 52 39 b8 1a ea 1d e1 41 da 9d | peer's g: 99 4f 9f 66 d7 5d 8b 11 5c c4 79 9a 1c 8b 03 88 | peer's g: a9 69 ef e8 a4 cf 97 f0 ce 5b 3b 30 c1 1e 54 ae | peer's g: 54 e8 af f2 0a 87 4f 6e 32 45 e9 38 7a c7 16 30 | peer's g: 14 2a 2c 9c ef ac a7 55 01 34 6c c3 3d 62 0c be | peer's g: 25 ad da 1c e6 eb 34 4b 97 50 01 a5 56 92 ba f5 | peer's g: 5a 1b 3b fe cb 39 9b 03 6c 36 0a 05 e5 29 c2 e9 | peer's g: 83 db 88 62 5b c9 14 67 04 a7 7d 5e fe e6 bd c7 | peer's g: 8f 0b d6 7f e3 24 56 c0 af 94 84 cd 40 68 e9 32 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f848000b980 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f8488007848: computed shared DH secret key@0x7f848000b980 | dh-shared : g^ir-key@0x7f848000b980 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=24 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x55593e3cb338 (length 64) | 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a077c6e0 | result: Ni | Nr-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c6c8 | result: Ni | Nr-key@0x55593e3f3e30 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x55593e3f7af0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f848c003b00 from Ni | Nr-key@0x55593e3f3e30 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f848c003b00 from Ni | Nr-key@0x55593e3f3e30 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x55593e3f3e30 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f848c001658 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f848000b980 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f848000b980 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f848000b980 | nss hmac digest hack: symkey-key@0x7f848000b980 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1027334338: ce e6 c8 51 fc 6e fb 8e a7 b3 58 95 58 33 a2 1a 3f e9 f0 15 43 67 d3 35 e1 e7 99 13 67 25 83 22 38 64 1d 31 18 cf 2a bd 19 56 68 36 32 d3 e6 f5 b8 3c 8f fe 60 65 95 fd 0f bb 8b 33 c0 77 5c 92 8f 5c 07 c5 ca 93 59 d1 29 23 db 6c 9f a1 60 39 74 4f 06 e3 d6 ad 6d 98 f6 1c c6 b9 89 ec 7b 7f 15 c4 82 8e 35 75 31 29 0f 00 74 9d 56 81 66 01 03 a9 87 46 1d 3f 57 8d 5e 57 76 79 e5 84 bb 5a 8d e0 60 87 71 11 cf 09 31 7b 58 db 4a 4d 8e 12 6c b3 12 ce 09 e9 f1 1d 52 52 83 0a 57 0c c7 1d b4 dd f1 d7 47 c9 dc e7 0e 26 c8 38 f5 30 12 17 7d 8a 61 13 e5 d6 f2 61 0d 14 64 48 93 36 fd 68 7e a2 a4 30 67 07 39 4a 85 52 da 99 b9 a4 89 f4 d5 9a 1f 80 d1 d6 c9 ae 52 2b 6a b3 41 a8 9f ea 9b 2b bf 57 7d 71 c4 61 b7 8b 50 06 2a d3 d7 ae 76 e4 80 e1 c4 53 13 53 cb c8 30 52 be 79 d2 52 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 256 bytes at 0x7f848c0045a8 | unwrapped: 98 74 62 01 3e 2f a5 59 f9 76 11 e4 d9 23 66 68 | unwrapped: 6f 05 29 b5 f1 0f 76 f8 f8 9b cf 74 f0 81 df d1 | unwrapped: 28 d5 8e 3d b9 e8 d3 97 3b a8 3f f8 83 4f e4 92 | unwrapped: 56 c6 75 b0 80 23 9c e5 1a 1d 25 ad 45 2a 0d 74 | unwrapped: d8 61 1e 80 3b 1c fc 7a 1f 89 01 cb 7a 93 01 9c | unwrapped: 8c eb 52 67 c0 24 7b 01 56 fd b1 08 fa e1 dd 16 | unwrapped: 18 fd 06 d8 ce 15 fb 22 3d e4 e4 3b 86 e8 7d 48 | unwrapped: 6e cc 0a bf 2c 10 c7 18 a4 b7 d4 29 8b d8 33 8b | unwrapped: fd c6 c3 87 97 2e a0 ca fa 3e fe 6b 6f 51 48 8a | unwrapped: ad cb fc c0 99 e0 d1 57 8f ac 37 f4 c4 47 67 3a | unwrapped: 6e 77 13 d4 31 a0 b7 4d f0 94 31 b1 05 a1 bc cd | unwrapped: f7 28 04 c6 3a b1 66 72 c4 8f b7 fd b6 ba ee 40 | unwrapped: b8 7c d0 c0 c7 db 2b cc 73 d1 59 0f 3f 01 41 e2 | unwrapped: 3f 11 6d 4b 64 bf 9f 28 00 9a 2f c5 14 90 46 8f | unwrapped: c1 9a 80 e2 0f b9 47 c3 6b 11 4d 91 89 57 1f 37 | unwrapped: 62 9f 2a 05 5c 83 50 f2 a1 27 66 7a 3f 3c e0 99 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a077c700 | result: final-key@0x55593e3f7af0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f7af0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c6e8 | result: final-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f7af0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x55593e3f3e30 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a077c670 | result: data=Ni-key@0x55593e3e8620 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55593e3e8620 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c658 | result: data=Ni-key@0x55593e3f7af0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55593e3e8620 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3f7af0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a077c660 | result: data+=Nr-key@0x55593e3e8620 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3f7af0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3e8620 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a077c660 | result: data+=SPIi-key@0x55593e3f7af0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3e8620 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3f7af0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a077c660 | result: data+=SPIr-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3f7af0 | prf+0 PRF sha init key-key@0x55593e3f3e30 (size 20) | prf+0: key-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c588 | result: clone-key@0x55593e3f7af0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f848c003b00 from key-key@0x55593e3f7af0 | prf+0 prf: begin sha with context 0x7f848c003b00 from key-key@0x55593e3f7af0 | prf+0: release clone-key@0x55593e3f7af0 | prf+0 PRF sha crypt-prf@0x7f848c002168 | prf+0 PRF sha update seed-key@0x55593e3e8620 (size 80) | prf+0: seed-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3e8620 | nss hmac digest hack: symkey-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: e7 2f 00 74 70 45 a7 f4 fb b5 bd 5a 2f 27 86 76 fc 89 8b 18 50 71 06 f7 e1 57 20 45 71 85 47 d7 25 32 7d d3 3f 75 69 47 1f 63 af 41 12 ae c5 b3 e3 d2 aa 0f e7 a2 15 fb ed 67 c6 52 cf 09 65 9e 4b ab 50 6a bf ed 11 79 41 42 a8 cb 55 30 dd 34 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f848c008498 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | unwrapped: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a077c590 | result: final-key@0x55593e3fae10 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3fae10 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c578 | result: final-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3fae10 | prf+0 PRF sha final-key@0x55593e3f7af0 (size 20) | prf+0: key-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x55593e3f7af0 | prf+N PRF sha init key-key@0x55593e3f3e30 (size 20) | prf+N: key-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c588 | result: clone-key@0x55593e3fae10 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f848c003b00 from key-key@0x55593e3fae10 | prf+N prf: begin sha with context 0x7f848c003b00 from key-key@0x55593e3fae10 | prf+N: release clone-key@0x55593e3fae10 | prf+N PRF sha crypt-prf@0x7f848c0048d8 | prf+N PRF sha update old_t-key@0x55593e3f7af0 (size 20) | prf+N: old_t-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3f7af0 | nss hmac digest hack: symkey-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 4a 61 2c e5 f2 e3 39 f8 c8 dc d7 7e d1 7c c6 55 9a 6c af f3 fe e6 97 13 e6 11 26 23 3a bb e0 b0 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f848c001278 | unwrapped: 7b a1 f0 88 eb db 4f 1f 2e 42 2c ce b7 ea db 85 | unwrapped: 4a f4 3f 81 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3e8620 (size 80) | prf+N: seed-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3e8620 | nss hmac digest hack: symkey-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: e7 2f 00 74 70 45 a7 f4 fb b5 bd 5a 2f 27 86 76 fc 89 8b 18 50 71 06 f7 e1 57 20 45 71 85 47 d7 25 32 7d d3 3f 75 69 47 1f 63 af 41 12 ae c5 b3 e3 d2 aa 0f e7 a2 15 fb ed 67 c6 52 cf 09 65 9e 4b ab 50 6a bf ed 11 79 41 42 a8 cb 55 30 dd 34 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f848c001b08 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | unwrapped: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a077c590 | result: final-key@0x7f848c004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848c004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c578 | result: final-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f848c004900 | prf+N PRF sha final-key@0x55593e3fae10 (size 20) | prf+N: key-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a077c608 | result: result-key@0x7f848c004900 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3f7af0 | prfplus: release old_t[N]-key@0x55593e3f7af0 | prf+N PRF sha init key-key@0x55593e3f3e30 (size 20) | prf+N: key-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c588 | result: clone-key@0x55593e3f7af0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f848c003b00 from key-key@0x55593e3f7af0 | prf+N prf: begin sha with context 0x7f848c003b00 from key-key@0x55593e3f7af0 | prf+N: release clone-key@0x55593e3f7af0 | prf+N PRF sha crypt-prf@0x7f848c002168 | prf+N PRF sha update old_t-key@0x55593e3fae10 (size 20) | prf+N: old_t-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3fae10 | nss hmac digest hack: symkey-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: b2 0f e2 76 32 cd da 71 ba c9 fb 8e 60 18 d7 3c 73 71 09 5d f9 8a 16 ab 94 70 6d 43 bf 9b 04 22 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f848c001658 | unwrapped: 6e 11 99 cf a8 3e dd b4 38 57 da ae 73 0a de 5d | unwrapped: b3 33 c6 4b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3e8620 (size 80) | prf+N: seed-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3e8620 | nss hmac digest hack: symkey-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: e7 2f 00 74 70 45 a7 f4 fb b5 bd 5a 2f 27 86 76 fc 89 8b 18 50 71 06 f7 e1 57 20 45 71 85 47 d7 25 32 7d d3 3f 75 69 47 1f 63 af 41 12 ae c5 b3 e3 d2 aa 0f e7 a2 15 fb ed 67 c6 52 cf 09 65 9e 4b ab 50 6a bf ed 11 79 41 42 a8 cb 55 30 dd 34 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f848c008498 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | unwrapped: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a077c590 | result: final-key@0x7f848c00a2d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848c00a2d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c578 | result: final-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f848c00a2d0 | prf+N PRF sha final-key@0x55593e3f7af0 (size 20) | prf+N: key-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848c004900 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a077c608 | result: result-key@0x7f848c00a2d0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f848c004900 | prfplus: release old_t[N]-key@0x55593e3fae10 | prf+N PRF sha init key-key@0x55593e3f3e30 (size 20) | prf+N: key-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c588 | result: clone-key@0x55593e3fae10 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f848c003b00 from key-key@0x55593e3fae10 | prf+N prf: begin sha with context 0x7f848c003b00 from key-key@0x55593e3fae10 | prf+N: release clone-key@0x55593e3fae10 | prf+N PRF sha crypt-prf@0x7f848c001278 | prf+N PRF sha update old_t-key@0x55593e3f7af0 (size 20) | prf+N: old_t-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3f7af0 | nss hmac digest hack: symkey-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 16 51 60 62 db 10 d8 eb f6 70 af 11 e0 5b 3c 00 fe 47 af ba b1 7b a6 17 f1 22 d1 cb 4a e3 18 49 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f848c00c028 | unwrapped: 6d c9 5c 38 1f 2c 0d 26 7d 45 df 9d 6b 33 6f 66 | unwrapped: dd 45 cb 4d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3e8620 (size 80) | prf+N: seed-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3e8620 | nss hmac digest hack: symkey-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: e7 2f 00 74 70 45 a7 f4 fb b5 bd 5a 2f 27 86 76 fc 89 8b 18 50 71 06 f7 e1 57 20 45 71 85 47 d7 25 32 7d d3 3f 75 69 47 1f 63 af 41 12 ae c5 b3 e3 d2 aa 0f e7 a2 15 fb ed 67 c6 52 cf 09 65 9e 4b ab 50 6a bf ed 11 79 41 42 a8 cb 55 30 dd 34 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f848c001b08 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | unwrapped: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a077c590 | result: final-key@0x7f848c004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848c004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c578 | result: final-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f848c004900 | prf+N PRF sha final-key@0x55593e3fae10 (size 20) | prf+N: key-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848c00a2d0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a077c608 | result: result-key@0x7f848c004900 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f848c00a2d0 | prfplus: release old_t[N]-key@0x55593e3f7af0 | prf+N PRF sha init key-key@0x55593e3f3e30 (size 20) | prf+N: key-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c588 | result: clone-key@0x55593e3f7af0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f848c003b00 from key-key@0x55593e3f7af0 | prf+N prf: begin sha with context 0x7f848c003b00 from key-key@0x55593e3f7af0 | prf+N: release clone-key@0x55593e3f7af0 | prf+N PRF sha crypt-prf@0x7f848c0048d8 | prf+N PRF sha update old_t-key@0x55593e3fae10 (size 20) | prf+N: old_t-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3fae10 | nss hmac digest hack: symkey-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 62 f0 6d 2e 32 71 7a 1a d3 ac a2 89 39 31 9a 34 3a 8c 58 58 b1 fd 5e ce 77 08 73 77 90 1a 83 07 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f848c001658 | unwrapped: 4e 3c b6 86 9a b2 14 6f 2e 29 47 e0 82 a2 4e 4c | unwrapped: 6c 46 a5 80 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3e8620 (size 80) | prf+N: seed-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3e8620 | nss hmac digest hack: symkey-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: e7 2f 00 74 70 45 a7 f4 fb b5 bd 5a 2f 27 86 76 fc 89 8b 18 50 71 06 f7 e1 57 20 45 71 85 47 d7 25 32 7d d3 3f 75 69 47 1f 63 af 41 12 ae c5 b3 e3 d2 aa 0f e7 a2 15 fb ed 67 c6 52 cf 09 65 9e 4b ab 50 6a bf ed 11 79 41 42 a8 cb 55 30 dd 34 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f848c008498 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | unwrapped: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a077c590 | result: final-key@0x7f848c00a2d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848c00a2d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c578 | result: final-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f848c00a2d0 | prf+N PRF sha final-key@0x55593e3f7af0 (size 20) | prf+N: key-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848c004900 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a077c608 | result: result-key@0x7f848c00a2d0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f848c004900 | prfplus: release old_t[N]-key@0x55593e3fae10 | prf+N PRF sha init key-key@0x55593e3f3e30 (size 20) | prf+N: key-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c588 | result: clone-key@0x55593e3fae10 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x55593e3cb310 from key-key@0x55593e3fae10 | prf+N prf: begin sha with context 0x55593e3cb310 from key-key@0x55593e3fae10 | prf+N: release clone-key@0x55593e3fae10 | prf+N PRF sha crypt-prf@0x7f848c002168 | prf+N PRF sha update old_t-key@0x55593e3f7af0 (size 20) | prf+N: old_t-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3f7af0 | nss hmac digest hack: symkey-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 09 51 74 0e f7 39 47 eb b0 5c 07 8f 54 4b 98 0a 7b af 12 8e 41 51 50 b0 cf 6a 74 1a cd 7f 4e 6d | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f848c001278 | unwrapped: 02 b4 13 ac 7a 49 e1 5a 53 f9 14 b8 9d 34 5e ff | unwrapped: 57 f4 6b 77 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3e8620 (size 80) | prf+N: seed-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3e8620 | nss hmac digest hack: symkey-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: e7 2f 00 74 70 45 a7 f4 fb b5 bd 5a 2f 27 86 76 fc 89 8b 18 50 71 06 f7 e1 57 20 45 71 85 47 d7 25 32 7d d3 3f 75 69 47 1f 63 af 41 12 ae c5 b3 e3 d2 aa 0f e7 a2 15 fb ed 67 c6 52 cf 09 65 9e 4b ab 50 6a bf ed 11 79 41 42 a8 cb 55 30 dd 34 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f848c001b08 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | unwrapped: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a077c590 | result: final-key@0x7f848c004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848c004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c578 | result: final-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f848c004900 | prf+N PRF sha final-key@0x55593e3fae10 (size 20) | prf+N: key-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848c00a2d0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a077c608 | result: result-key@0x7f848c004900 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f848c00a2d0 | prfplus: release old_t[N]-key@0x55593e3f7af0 | prf+N PRF sha init key-key@0x55593e3f3e30 (size 20) | prf+N: key-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c588 | result: clone-key@0x55593e3f7af0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f848c003b00 from key-key@0x55593e3f7af0 | prf+N prf: begin sha with context 0x7f848c003b00 from key-key@0x55593e3f7af0 | prf+N: release clone-key@0x55593e3f7af0 | prf+N PRF sha crypt-prf@0x7f848c0048d8 | prf+N PRF sha update old_t-key@0x55593e3fae10 (size 20) | prf+N: old_t-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3fae10 | nss hmac digest hack: symkey-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: ab 9f 42 f4 9f 23 06 e6 3c 17 65 28 57 6d 65 c5 3f 5e de 05 79 26 f5 a9 05 2e ae 6d 85 9a bb c7 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f848c001658 | unwrapped: 13 aa d9 53 3f 82 69 36 65 38 78 ac 46 70 05 91 | unwrapped: bf 11 a2 2c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3e8620 (size 80) | prf+N: seed-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3e8620 | nss hmac digest hack: symkey-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: e7 2f 00 74 70 45 a7 f4 fb b5 bd 5a 2f 27 86 76 fc 89 8b 18 50 71 06 f7 e1 57 20 45 71 85 47 d7 25 32 7d d3 3f 75 69 47 1f 63 af 41 12 ae c5 b3 e3 d2 aa 0f e7 a2 15 fb ed 67 c6 52 cf 09 65 9e 4b ab 50 6a bf ed 11 79 41 42 a8 cb 55 30 dd 34 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f848c00c608 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | unwrapped: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a077c590 | result: final-key@0x7f848c00a2d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848c00a2d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c578 | result: final-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f848c00a2d0 | prf+N PRF sha final-key@0x55593e3f7af0 (size 20) | prf+N: key-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848c004900 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a077c608 | result: result-key@0x7f848c00a2d0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f848c004900 | prfplus: release old_t[N]-key@0x55593e3fae10 | prf+N PRF sha init key-key@0x55593e3f3e30 (size 20) | prf+N: key-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c588 | result: clone-key@0x55593e3fae10 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f848c003b00 from key-key@0x55593e3fae10 | prf+N prf: begin sha with context 0x7f848c003b00 from key-key@0x55593e3fae10 | prf+N: release clone-key@0x55593e3fae10 | prf+N PRF sha crypt-prf@0x7f848c002168 | prf+N PRF sha update old_t-key@0x55593e3f7af0 (size 20) | prf+N: old_t-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3f7af0 | nss hmac digest hack: symkey-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: e2 52 a8 bf 17 ba 69 d9 16 65 a4 bc 92 d2 50 47 0a b0 23 1f 12 87 92 78 20 a4 82 76 48 ee 74 35 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f848c001278 | unwrapped: 5e d0 56 f0 8a bb 1b 18 0d cb 66 81 25 8d 1a f6 | unwrapped: 60 11 a3 61 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3e8620 (size 80) | prf+N: seed-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3e8620 | nss hmac digest hack: symkey-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: e7 2f 00 74 70 45 a7 f4 fb b5 bd 5a 2f 27 86 76 fc 89 8b 18 50 71 06 f7 e1 57 20 45 71 85 47 d7 25 32 7d d3 3f 75 69 47 1f 63 af 41 12 ae c5 b3 e3 d2 aa 0f e7 a2 15 fb ed 67 c6 52 cf 09 65 9e 4b ab 50 6a bf ed 11 79 41 42 a8 cb 55 30 dd 34 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f848c008498 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | unwrapped: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | prf+N PRF sha update N++-byte@0x8 (8) | 08 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a077c590 | result: final-key@0x7f848c004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848c004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c578 | result: final-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f848c004900 | prf+N PRF sha final-key@0x55593e3fae10 (size 20) | prf+N: key-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848c00a2d0 (140-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a077c608 | result: result-key@0x7f848c004900 (160-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f848c00a2d0 | prfplus: release old_t[N]-key@0x55593e3f7af0 | prfplus: release old_t[final]-key@0x55593e3fae10 | ike_sa_keymat: release data-key@0x55593e3e8620 | calc_skeyseed_v2: release skeyseed_k-key@0x55593e3f3e30 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848c004900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c7a8 | result: result-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848c004900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c7a8 | result: result-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848c004900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c7a8 | result: result-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x7f848c004900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c7b8 | result: SK_ei_k-key@0x55593e3f7af0 (24-bytes, DES3_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 84, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x7f848c004900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c7b8 | result: SK_er_k-key@0x7f848c00a2d0 (24-bytes, DES3_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 108, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848c004900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c7b8 | result: result-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f848c00c660 | chunk_SK_pi: symkey-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 4d 9d 04 ba 5c aa c7 8f 68 b8 c3 85 95 f9 a6 72 9b 40 a7 ea af 68 36 e1 fd 83 f6 63 5c 11 5a 7e | chunk_SK_pi: release slot-key-key@0x55593e3d0e50 | chunk_SK_pi extracted len 32 bytes at 0x7f848c0048d8 | unwrapped: 65 38 78 ac 46 70 05 91 bf 11 a2 2c 5e d0 56 f0 | unwrapped: 8a bb 1b 18 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 128, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848c004900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a077c7b8 | result: result-key@0x7f848c00c6f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f848c00c6f0 | chunk_SK_pr: symkey-key@0x7f848c00c6f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: b8 e7 f3 6f 73 17 d3 06 27 50 33 b5 1f e6 83 0e 8d 03 6f bf b9 d9 d6 bb 62 6e ee 7d 21 5e 24 19 | chunk_SK_pr: release slot-key-key@0x55593e3d0e50 | chunk_SK_pr extracted len 32 bytes at 0x7f848c001278 | unwrapped: 0d cb 66 81 25 8d 1a f6 60 11 a3 61 07 3b ff d5 | unwrapped: 79 14 8e c1 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f848c004900 | calc_skeyseed_v2 pointers: shared-key@0x7f848000b980, SK_d-key@0x55593e3f3e30, SK_ai-key@0x55593e3e8620, SK_ar-key@0x55593e3fae10, SK_ei-key@0x55593e3f7af0, SK_er-key@0x7f848c00a2d0, SK_pi-key@0x7f848c00c660, SK_pr-key@0x7f848c00c6f0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 65 38 78 ac 46 70 05 91 bf 11 a2 2c 5e d0 56 f0 | 8a bb 1b 18 | calc_skeyseed_v2 SK_pr | 0d cb 66 81 25 8d 1a f6 60 11 a3 61 07 3b ff d5 | 79 14 8e c1 | crypto helper 5 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 12 time elapsed 0.00241 seconds | (#19) spent 2.38 milliseconds in crypto helper computing work-order 12: ikev2_inI2outR2 KE (pcr) | crypto helper 5 sending results from work-order 12 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7f848c00f588 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #19 | start processing: state #19 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 12 | calling continuation function 0x55593d342b50 | ikev2_parent_inI2outR2_continue for #19: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f8488007848: transferring ownership from helper IKEv2 DH to state #19 | finish_dh_v2: release st_shared_nss-key@NULL | #19 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x55593e3e8620 (size 20) | hmac: symkey-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3618 | result: clone-key@0x7f848c004900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x55593e3ee6e0 from symkey-key@0x7f848c004900 | hmac prf: begin sha with context 0x55593e3ee6e0 from symkey-key@0x7f848c004900 | hmac: release clone-key@0x7f848c004900 | hmac PRF sha crypt-prf@0x55593e3f2218 | hmac PRF sha update data-bytes@0x55593e37c368 (length 184) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | db d3 12 5b 7b ef 79 35 35 e4 db 34 30 9e 20 93 | 46 f5 d6 d9 84 fe 7a f4 15 14 58 00 27 fa 86 2f | cb cc 7f 52 e2 e3 c9 7e 18 15 37 58 3e 34 29 95 | 18 f4 4d ee aa 31 ad d1 04 38 03 6a 36 88 37 9d | 8b d8 fc 72 be 0f f7 c6 3d b0 b8 6b 7a 72 2e 1b | 61 b7 d3 a3 7c 93 fa f9 dc da 5c c9 c4 82 4c 3f | 69 c7 34 9e bb 50 85 c3 6f c3 f1 98 54 c5 be 3b | e6 3a a2 73 78 52 11 bd 3b 8e a2 45 0a 34 66 4b | cf e6 f6 5e e6 34 70 72 9a e9 22 55 c6 9f 61 1c | f6 4c 9d a5 7d ad ac c8 | hmac PRF sha final-bytes@0x7ffe993d37e0 (length 20) | 2a 6c 28 11 e3 63 c1 ca fe 71 36 d5 82 62 64 4d | fd 40 33 db | data for hmac: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | data for hmac: db d3 12 5b 7b ef 79 35 35 e4 db 34 30 9e 20 93 | data for hmac: 46 f5 d6 d9 84 fe 7a f4 15 14 58 00 27 fa 86 2f | data for hmac: cb cc 7f 52 e2 e3 c9 7e 18 15 37 58 3e 34 29 95 | data for hmac: 18 f4 4d ee aa 31 ad d1 04 38 03 6a 36 88 37 9d | data for hmac: 8b d8 fc 72 be 0f f7 c6 3d b0 b8 6b 7a 72 2e 1b | data for hmac: 61 b7 d3 a3 7c 93 fa f9 dc da 5c c9 c4 82 4c 3f | data for hmac: 69 c7 34 9e bb 50 85 c3 6f c3 f1 98 54 c5 be 3b | data for hmac: e6 3a a2 73 78 52 11 bd 3b 8e a2 45 0a 34 66 4b | data for hmac: cf e6 f6 5e e6 34 70 72 9a e9 22 55 c6 9f 61 1c | data for hmac: f6 4c 9d a5 7d ad ac c8 | calculated auth: 2a 6c 28 11 e3 63 c1 ca fe 71 36 d5 | provided auth: 2a 6c 28 11 e3 63 c1 ca fe 71 36 d5 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | db d3 12 5b 7b ef 79 35 | payload before decryption: | 35 e4 db 34 30 9e 20 93 46 f5 d6 d9 84 fe 7a f4 | 15 14 58 00 27 fa 86 2f cb cc 7f 52 e2 e3 c9 7e | 18 15 37 58 3e 34 29 95 18 f4 4d ee aa 31 ad d1 | 04 38 03 6a 36 88 37 9d 8b d8 fc 72 be 0f f7 c6 | 3d b0 b8 6b 7a 72 2e 1b 61 b7 d3 a3 7c 93 fa f9 | dc da 5c c9 c4 82 4c 3f 69 c7 34 9e bb 50 85 c3 | 6f c3 f1 98 54 c5 be 3b e6 3a a2 73 78 52 11 bd | 3b 8e a2 45 0a 34 66 4b cf e6 f6 5e e6 34 70 72 | 9a e9 22 55 c6 9f 61 1c f6 4c 9d a5 7d ad ac c8 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | cb c2 b6 8e a3 11 2b ff 5e 74 e0 a2 54 13 81 6c | 93 ba 39 fe 2c 00 00 28 00 00 00 24 01 03 04 03 | bf fb 9c 9f 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | stripping 4 octets as pad | #19 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #19: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #19 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #19: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7f848c00c660 (size 20) | hmac: symkey-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3098 | result: clone-key@0x7f848c004900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x55593e3ee6e0 from symkey-key@0x7f848c004900 | hmac prf: begin sha with context 0x55593e3ee6e0 from symkey-key@0x7f848c004900 | hmac: release clone-key@0x7f848c004900 | hmac PRF sha crypt-prf@0x55593e3f25e8 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x55593e37c394 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffe993d3240 (length 20) | 0c ad 70 d0 fa 28 d8 2e 33 40 51 ff b6 8e 7c 25 | 99 43 1b 5f | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | inputs to hash1 (first packet) | cb c5 b5 f0 c8 84 7d fe 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | c9 51 af 3e 93 c2 18 4d c6 9a 26 49 3a 7f 4c 33 | 45 77 e8 15 9a c9 d8 f0 0a 63 f6 d1 a2 a3 1e 1d | c3 c9 3d c5 9d 96 25 fd 50 48 c7 14 a1 cb c4 41 | 2e 63 c5 6a 87 fc 75 80 2f 93 fb 17 3e 6f e5 1b | f5 a9 4f 1c 07 e6 d1 51 1c 49 1f f3 f0 6b 84 71 | 7d e7 54 1d 73 a4 ce f5 47 24 ef e9 47 e5 1a c5 | c9 74 8e cd e6 7f 57 45 72 ed 14 22 78 fb c4 6b | b1 99 c2 a8 88 43 52 39 b8 1a ea 1d e1 41 da 9d | 99 4f 9f 66 d7 5d 8b 11 5c c4 79 9a 1c 8b 03 88 | a9 69 ef e8 a4 cf 97 f0 ce 5b 3b 30 c1 1e 54 ae | 54 e8 af f2 0a 87 4f 6e 32 45 e9 38 7a c7 16 30 | 14 2a 2c 9c ef ac a7 55 01 34 6c c3 3d 62 0c be | 25 ad da 1c e6 eb 34 4b 97 50 01 a5 56 92 ba f5 | 5a 1b 3b fe cb 39 9b 03 6c 36 0a 05 e5 29 c2 e9 | 83 db 88 62 5b c9 14 67 04 a7 7d 5e fe e6 bd c7 | 8f 0b d6 7f e3 24 56 c0 af 94 84 cd 40 68 e9 32 | 29 00 00 24 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 | b5 20 1f 50 57 cc b3 0b 96 29 01 2e 97 f1 db ed | 8a 08 d1 6b 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 cc d8 2d 4d c4 bd 76 bc aa 85 26 0e | 01 b2 a3 af bb 22 1b 9c 00 00 00 1c 00 00 40 05 | a9 b7 c7 51 18 43 48 77 df e3 2c 8f 05 10 a4 b0 | 0d a2 9b 40 | verify: initiator inputs to hash2 (responder nonce) | 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | idhash 0c ad 70 d0 fa 28 d8 2e 33 40 51 ff b6 8e 7c 25 | idhash 99 43 1b 5f | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55593e3d0da8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2e90 | result: shared secret-key@0x55593e3fc720 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55593e3fc720 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2e78 | result: shared secret-key@0x7f848c004900 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55593e3fc720 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x55593e3ee6e0 from shared secret-key@0x7f848c004900 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x55593e3ee6e0 from shared secret-key@0x7f848c004900 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f848c004900 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55593e3f2218 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55593d3d54d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2eb0 | result: final-key@0x55593e3fc720 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3fc720 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2e98 | result: final-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3fc720 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f848c004900 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f848c004900 (size 20) | = prf(, ): -key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2ea8 | result: clone-key@0x55593e3fc720 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x55593e3ee6e0 from -key@0x55593e3fc720 | = prf(, ) prf: begin sha with context 0x55593e3ee6e0 from -key@0x55593e3fc720 | = prf(, ): release clone-key@0x55593e3fc720 | = prf(, ) PRF sha crypt-prf@0x55593e3f25e8 | = prf(, ) PRF sha update first-packet-bytes@0x55593e3fd528 (length 436) | cb c5 b5 f0 c8 84 7d fe 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | c9 51 af 3e 93 c2 18 4d c6 9a 26 49 3a 7f 4c 33 | 45 77 e8 15 9a c9 d8 f0 0a 63 f6 d1 a2 a3 1e 1d | c3 c9 3d c5 9d 96 25 fd 50 48 c7 14 a1 cb c4 41 | 2e 63 c5 6a 87 fc 75 80 2f 93 fb 17 3e 6f e5 1b | f5 a9 4f 1c 07 e6 d1 51 1c 49 1f f3 f0 6b 84 71 | 7d e7 54 1d 73 a4 ce f5 47 24 ef e9 47 e5 1a c5 | c9 74 8e cd e6 7f 57 45 72 ed 14 22 78 fb c4 6b | b1 99 c2 a8 88 43 52 39 b8 1a ea 1d e1 41 da 9d | 99 4f 9f 66 d7 5d 8b 11 5c c4 79 9a 1c 8b 03 88 | a9 69 ef e8 a4 cf 97 f0 ce 5b 3b 30 c1 1e 54 ae | 54 e8 af f2 0a 87 4f 6e 32 45 e9 38 7a c7 16 30 | 14 2a 2c 9c ef ac a7 55 01 34 6c c3 3d 62 0c be | 25 ad da 1c e6 eb 34 4b 97 50 01 a5 56 92 ba f5 | 5a 1b 3b fe cb 39 9b 03 6c 36 0a 05 e5 29 c2 e9 | 83 db 88 62 5b c9 14 67 04 a7 7d 5e fe e6 bd c7 | 8f 0b d6 7f e3 24 56 c0 af 94 84 cd 40 68 e9 32 | 29 00 00 24 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 | b5 20 1f 50 57 cc b3 0b 96 29 01 2e 97 f1 db ed | 8a 08 d1 6b 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 cc d8 2d 4d c4 bd 76 bc aa 85 26 0e | 01 b2 a3 af bb 22 1b 9c 00 00 00 1c 00 00 40 05 | a9 b7 c7 51 18 43 48 77 df e3 2c 8f 05 10 a4 b0 | 0d a2 9b 40 | = prf(, ) PRF sha update nonce-bytes@0x7f84880030d8 (length 32) | 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | = prf(, ) PRF sha update hash-bytes@0x7ffe993d3240 (length 20) | 0c ad 70 d0 fa 28 d8 2e 33 40 51 ff b6 8e 7c 25 | 99 43 1b 5f | = prf(, ) PRF sha final-chunk@0x55593e3f0b28 (length 20) | cb c2 b6 8e a3 11 2b ff 5e 74 e0 a2 54 13 81 6c | 93 ba 39 fe | psk_auth: release prf-psk-key@0x7f848c004900 | Received PSK auth octets | cb c2 b6 8e a3 11 2b ff 5e 74 e0 a2 54 13 81 6c | 93 ba 39 fe | Calculated PSK auth octets | cb c2 b6 8e a3 11 2b ff 5e 74 e0 a2 54 13 81 6c | 93 ba 39 fe "east" #19: Authenticated using authby=secret | parent state #19: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #19 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f8488004f28 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f848c002b78 | event_schedule: new EVENT_SA_REKEY-pe@0x7f848c002b78 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #19 | libevent_malloc: new ptr-libevent@0x55593e3f64b8 size 128 | pstats #19 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | cb c5 b5 f0 c8 84 7d fe | responder cookie: | 10 8f 3c dd 34 67 78 f3 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7f848c00c6f0 (size 20) | hmac: symkey-key@0x7f848c00c6f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848c00c6f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2a18 | result: clone-key@0x7f848c004900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x55593e3ee6e0 from symkey-key@0x7f848c004900 | hmac prf: begin sha with context 0x55593e3ee6e0 from symkey-key@0x7f848c004900 | hmac: release clone-key@0x7f848c004900 | hmac PRF sha crypt-prf@0x55593e3f25e8 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x55593d4408ec (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffe993d2d10 (length 20) | c0 6f 99 84 67 10 70 86 16 15 34 00 0c d1 b0 24 | 37 2f b6 18 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | inputs to hash1 (first packet) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | d1 78 1b 74 de 03 45 2e 07 51 a2 8e 70 a3 65 2d | 3f 74 cc 57 c4 34 da 0f bf e4 c6 fe 85 4e 84 b7 | ec 37 fe 8d 1f 09 80 95 2f 2d eb 0f 59 92 c4 17 | d3 f2 2b 43 37 89 f6 f1 5d 32 cf 58 19 fe dd b9 | 20 74 b6 79 01 8a 57 c1 6e 2e d9 16 66 bc d2 2e | a5 f0 20 b8 a5 52 43 ae 58 54 48 e4 ba 3a 73 2f | e3 1e 2d b0 3b 73 5b 3e b3 4f 1e 36 c4 22 4f 72 | 32 9d 32 04 4e 69 ee 4e b2 41 f3 49 85 2b e4 cd | be 2f 8d 62 ab 08 a3 5a 58 6d 65 64 81 df d4 59 | 4e 75 09 76 bd 1e 9d 97 7d d1 a3 ce d6 6d 6b 02 | 9a f4 5b ab 7c 34 26 ef d0 ad 5b e8 41 58 d6 15 | e4 d3 6a ac c5 0c 87 80 bd 0c 72 fe de ae 36 b0 | 7b c3 2d 43 29 48 84 1d c5 0d a0 6e 73 a1 d7 32 | 1e c6 c5 88 47 5c 6b 0c 19 ee 2e c1 b9 02 2e aa | 79 6f cb 4f e2 0c 73 f3 e3 27 5d b4 f4 d5 3e 9e | 6e 7d 35 42 48 98 14 48 3e 30 bd 64 41 3f 0b 40 | 29 00 00 24 3b 80 63 3c d1 0f f8 6e 33 25 95 ef | b1 16 20 16 22 30 1f 60 3c de 93 9c d7 47 06 90 | e8 5f 48 44 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 88 d6 01 e9 25 8f 4c 49 2b 22 fa cf | ea 53 7a 34 c5 a6 3c 68 00 00 00 1c 00 00 40 05 | 74 3e fe e0 9b 23 0a e9 f7 8c ea 32 cb b9 ed 69 | e8 60 f1 4f | create: responder inputs to hash2 (initiator nonce) | 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | idhash c0 6f 99 84 67 10 70 86 16 15 34 00 0c d1 b0 24 | idhash 37 2f b6 18 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55593e3d0da8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2800 | result: shared secret-key@0x55593e3fc720 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55593e3fc720 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27e8 | result: shared secret-key@0x7f848c004900 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55593e3fc720 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x55593e3ee6e0 from shared secret-key@0x7f848c004900 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x55593e3ee6e0 from shared secret-key@0x7f848c004900 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f848c004900 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55593e3f0b28 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55593d3d54d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2820 | result: final-key@0x55593e3fc720 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3fc720 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2808 | result: final-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3fc720 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f848c004900 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f848c004900 (size 20) | = prf(, ): -key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2818 | result: clone-key@0x55593e3fc720 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x55593e3ee6e0 from -key@0x55593e3fc720 | = prf(, ) prf: begin sha with context 0x55593e3ee6e0 from -key@0x55593e3fc720 | = prf(, ): release clone-key@0x55593e3fc720 | = prf(, ) PRF sha crypt-prf@0x55593e3f25e8 | = prf(, ) PRF sha update first-packet-bytes@0x55593e3fd908 (length 436) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | d1 78 1b 74 de 03 45 2e 07 51 a2 8e 70 a3 65 2d | 3f 74 cc 57 c4 34 da 0f bf e4 c6 fe 85 4e 84 b7 | ec 37 fe 8d 1f 09 80 95 2f 2d eb 0f 59 92 c4 17 | d3 f2 2b 43 37 89 f6 f1 5d 32 cf 58 19 fe dd b9 | 20 74 b6 79 01 8a 57 c1 6e 2e d9 16 66 bc d2 2e | a5 f0 20 b8 a5 52 43 ae 58 54 48 e4 ba 3a 73 2f | e3 1e 2d b0 3b 73 5b 3e b3 4f 1e 36 c4 22 4f 72 | 32 9d 32 04 4e 69 ee 4e b2 41 f3 49 85 2b e4 cd | be 2f 8d 62 ab 08 a3 5a 58 6d 65 64 81 df d4 59 | 4e 75 09 76 bd 1e 9d 97 7d d1 a3 ce d6 6d 6b 02 | 9a f4 5b ab 7c 34 26 ef d0 ad 5b e8 41 58 d6 15 | e4 d3 6a ac c5 0c 87 80 bd 0c 72 fe de ae 36 b0 | 7b c3 2d 43 29 48 84 1d c5 0d a0 6e 73 a1 d7 32 | 1e c6 c5 88 47 5c 6b 0c 19 ee 2e c1 b9 02 2e aa | 79 6f cb 4f e2 0c 73 f3 e3 27 5d b4 f4 d5 3e 9e | 6e 7d 35 42 48 98 14 48 3e 30 bd 64 41 3f 0b 40 | 29 00 00 24 3b 80 63 3c d1 0f f8 6e 33 25 95 ef | b1 16 20 16 22 30 1f 60 3c de 93 9c d7 47 06 90 | e8 5f 48 44 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 88 d6 01 e9 25 8f 4c 49 2b 22 fa cf | ea 53 7a 34 c5 a6 3c 68 00 00 00 1c 00 00 40 05 | 74 3e fe e0 9b 23 0a e9 f7 8c ea 32 cb b9 ed 69 | e8 60 f1 4f | = prf(, ) PRF sha update nonce-bytes@0x55593e3f5868 (length 32) | 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | = prf(, ) PRF sha update hash-bytes@0x7ffe993d2d10 (length 20) | c0 6f 99 84 67 10 70 86 16 15 34 00 0c d1 b0 24 | 37 2f b6 18 | = prf(, ) PRF sha final-chunk@0x55593e3f2218 (length 20) | 9c a9 a8 72 c7 03 b1 48 cd 07 ca 73 03 4e 0c 70 | f8 e4 12 41 | psk_auth: release prf-psk-key@0x7f848c004900 | PSK auth octets 9c a9 a8 72 c7 03 b1 48 cd 07 ca 73 03 4e 0c 70 | PSK auth octets f8 e4 12 41 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 9c a9 a8 72 c7 03 b1 48 cd 07 ca 73 03 4e 0c 70 | PSK auth f8 e4 12 41 | emitting length of IKEv2 Authentication Payload: 28 | creating state object #20 at 0x55593e3fdaf8 | State DB: adding IKEv2 state #20 in UNDEFINED | pstats #20 ikev2.child started | duplicating state object #19 "east" as #20 for IPSEC SA | #20 setting local endpoint to 192.1.2.23:500 from #19.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x55593e3f3e30 | duplicate_state: reference st_skey_ai_nss-key@0x55593e3e8620 | duplicate_state: reference st_skey_ar_nss-key@0x55593e3fae10 | duplicate_state: reference st_skey_ei_nss-key@0x55593e3f7af0 | duplicate_state: reference st_skey_er_nss-key@0x7f848c00a2d0 | duplicate_state: reference st_skey_pi_nss-key@0x7f848c00c660 | duplicate_state: reference st_skey_pr_nss-key@0x7f848c00c6f0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #19.#20; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #19 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #19.#20 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI bf fb 9c 9f | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 2 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: INTEG+ESN | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR; missing transforms: ENCR | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 2; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 2 "east" #19: proposal 1:ESP:SPI=bffb9c9f;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=bffb9c9f;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0x26f3df92 for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 26 f3 df 92 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=3des_cbc: .key_size=24 .salt_size=0 keymat_len=44 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2890 | result: data=Ni-key@0x55593e3fc720 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55593e3fc720 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2878 | result: data=Ni-key@0x7f848c004900 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55593e3fc720 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848c004900 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d2880 | result: data+=Nr-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f848c004900 | prf+0 PRF sha init key-key@0x55593e3f3e30 (size 20) | prf+0: key-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x7f848c004900 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x55593e3ee6e0 from key-key@0x7f848c004900 | prf+0 prf: begin sha with context 0x55593e3ee6e0 from key-key@0x7f848c004900 | prf+0: release clone-key@0x7f848c004900 | prf+0 PRF sha crypt-prf@0x55593e3ee8d8 | prf+0 PRF sha update seed-key@0x55593e3fc720 (size 64) | prf+0: seed-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3fc720 | nss hmac digest hack: symkey-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: e7 2f 00 74 70 45 a7 f4 fb b5 bd 5a 2f 27 86 76 fc 89 8b 18 50 71 06 f7 e1 57 20 45 71 85 47 d7 25 32 7d d3 3f 75 69 47 1f 63 af 41 12 ae c5 b3 e3 d2 aa 0f e7 a2 15 fb ed 67 c6 52 cf 09 65 9e | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e400308 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e3fe920 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3fe920 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3fe920 | prf+0 PRF sha final-key@0x7f848c004900 (size 20) | prf+0: key-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f848c004900 | prf+N PRF sha init key-key@0x55593e3f3e30 (size 20) | prf+N: key-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x55593e3fe920 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x55593e3ee6e0 from key-key@0x55593e3fe920 | prf+N prf: begin sha with context 0x55593e3ee6e0 from key-key@0x55593e3fe920 | prf+N: release clone-key@0x55593e3fe920 | prf+N PRF sha crypt-prf@0x55593e3fc7d8 | prf+N PRF sha update old_t-key@0x7f848c004900 (size 20) | prf+N: old_t-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f848c004900 | nss hmac digest hack: symkey-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 05 ef 90 b6 ca 67 68 2b a2 47 9b 62 5e ba 95 7c ff c1 e6 0b 24 a8 71 3d 23 b2 ba 38 eb c7 5a cd | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x55593e3ea3d8 | unwrapped: da 64 e9 44 fd 28 8b 6e 49 a7 72 0b 12 7c 9e 87 | unwrapped: 3d b0 1c f3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3fc720 (size 64) | prf+N: seed-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3fc720 | nss hmac digest hack: symkey-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: e7 2f 00 74 70 45 a7 f4 fb b5 bd 5a 2f 27 86 76 fc 89 8b 18 50 71 06 f7 e1 57 20 45 71 85 47 d7 25 32 7d d3 3f 75 69 47 1f 63 af 41 12 ae c5 b3 e3 d2 aa 0f e7 a2 15 fb ed 67 c6 52 cf 09 65 9e | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e3f2308 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e3fea60 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3fea60 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x55593e3fe920 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3fea60 | prf+N PRF sha final-key@0x55593e3fe920 (size 20) | prf+N: key-key@0x55593e3fe920 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe993d2828 | result: result-key@0x55593e3fea60 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f848c004900 | prfplus: release old_t[N]-key@0x7f848c004900 | prf+N PRF sha init key-key@0x55593e3f3e30 (size 20) | prf+N: key-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x7f848c004900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x55593e3ee6e0 from key-key@0x7f848c004900 | prf+N prf: begin sha with context 0x55593e3ee6e0 from key-key@0x7f848c004900 | prf+N: release clone-key@0x7f848c004900 | prf+N PRF sha crypt-prf@0x55593e3ee8d8 | prf+N PRF sha update old_t-key@0x55593e3fe920 (size 20) | prf+N: old_t-key@0x55593e3fe920 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3fe920 | nss hmac digest hack: symkey-key@0x55593e3fe920 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 6c f7 97 d4 68 14 77 0c 46 45 1a 83 40 14 a2 ab d5 4f fd c8 9e 70 20 3f cf 77 da 92 06 87 5d 47 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x55593e3eeed8 | unwrapped: 2d a1 66 e4 74 c7 4a 41 73 f9 48 2d 1d 78 eb 39 | unwrapped: c7 4a 04 2c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3fc720 (size 64) | prf+N: seed-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3fc720 | nss hmac digest hack: symkey-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: e7 2f 00 74 70 45 a7 f4 fb b5 bd 5a 2f 27 86 76 fc 89 8b 18 50 71 06 f7 e1 57 20 45 71 85 47 d7 25 32 7d d3 3f 75 69 47 1f 63 af 41 12 ae c5 b3 e3 d2 aa 0f e7 a2 15 fb ed 67 c6 52 cf 09 65 9e | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e400308 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e401c60 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e401c60 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e401c60 | prf+N PRF sha final-key@0x7f848c004900 (size 20) | prf+N: key-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3fea60 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe993d2828 | result: result-key@0x55593e401c60 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3fea60 | prfplus: release old_t[N]-key@0x55593e3fe920 | prf+N PRF sha init key-key@0x55593e3f3e30 (size 20) | prf+N: key-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x55593e3fe920 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x55593e3ee6e0 from key-key@0x55593e3fe920 | prf+N prf: begin sha with context 0x55593e3ee6e0 from key-key@0x55593e3fe920 | prf+N: release clone-key@0x55593e3fe920 | prf+N PRF sha crypt-prf@0x55593e3ea3d8 | prf+N PRF sha update old_t-key@0x7f848c004900 (size 20) | prf+N: old_t-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f848c004900 | nss hmac digest hack: symkey-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 94 3f 65 89 e7 26 f8 f1 58 43 69 4c 4c 42 a4 b4 63 00 d5 c6 99 3f 3b ce 9b ae 91 cb 1b f9 13 0e | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x55593e4004d8 | unwrapped: c5 ef 63 71 8f 94 d8 0d 87 3f af 01 a0 6f 50 1e | unwrapped: f5 b5 dd 42 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3fc720 (size 64) | prf+N: seed-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3fc720 | nss hmac digest hack: symkey-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: e7 2f 00 74 70 45 a7 f4 fb b5 bd 5a 2f 27 86 76 fc 89 8b 18 50 71 06 f7 e1 57 20 45 71 85 47 d7 25 32 7d d3 3f 75 69 47 1f 63 af 41 12 ae c5 b3 e3 d2 aa 0f e7 a2 15 fb ed 67 c6 52 cf 09 65 9e | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e3f2308 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e3fea60 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3fea60 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x55593e3fe920 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3fea60 | prf+N PRF sha final-key@0x55593e3fe920 (size 20) | prf+N: key-key@0x55593e3fe920 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e401c60 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe993d2828 | result: result-key@0x55593e3fea60 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e401c60 | prfplus: release old_t[N]-key@0x7f848c004900 | prf+N PRF sha init key-key@0x55593e3f3e30 (size 20) | prf+N: key-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x7f848c004900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x55593e3ee6e0 from key-key@0x7f848c004900 | prf+N prf: begin sha with context 0x55593e3ee6e0 from key-key@0x7f848c004900 | prf+N: release clone-key@0x7f848c004900 | prf+N PRF sha crypt-prf@0x55593e3fc7d8 | prf+N PRF sha update old_t-key@0x55593e3fe920 (size 20) | prf+N: old_t-key@0x55593e3fe920 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3fe920 | nss hmac digest hack: symkey-key@0x55593e3fe920 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 40 65 0d bf d9 06 f2 ed 9d 9a 9c 68 42 03 34 a9 fe 05 5d f2 94 b0 d3 90 86 25 c3 e7 2c 21 f0 b6 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x55593e3eeed8 | unwrapped: 5f 94 f6 94 66 57 c5 29 ae 9d c9 78 cb cc 1a 32 | unwrapped: 79 88 f6 a1 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3fc720 (size 64) | prf+N: seed-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3fc720 | nss hmac digest hack: symkey-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: e7 2f 00 74 70 45 a7 f4 fb b5 bd 5a 2f 27 86 76 fc 89 8b 18 50 71 06 f7 e1 57 20 45 71 85 47 d7 25 32 7d d3 3f 75 69 47 1f 63 af 41 12 ae c5 b3 e3 d2 aa 0f e7 a2 15 fb ed 67 c6 52 cf 09 65 9e | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e400308 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e401c60 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e401c60 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e401c60 | prf+N PRF sha final-key@0x7f848c004900 (size 20) | prf+N: key-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3fea60 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe993d2828 | result: result-key@0x55593e401c60 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3fea60 | prfplus: release old_t[N]-key@0x55593e3fe920 | prfplus: release old_t[final]-key@0x7f848c004900 | child_sa_keymat: release data-key@0x55593e3fc720 | key-offset: 0, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x55593e401c60 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2908 | result: result-key@0x55593e3fc720 (44-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 44 bytes of key@0x55593e3fc720 | initiator to responder keys: symkey-key@0x55593e3fc720 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x55593e3d0e50 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)824193633: 05 ef 90 b6 ca 67 68 2b a2 47 9b 62 5e ba 95 7c bf f1 4c 36 f0 25 2d 58 de eb 9e 7d b4 ac 60 89 a6 97 f6 ed c8 38 ef 3d 1a 98 e9 f1 de 9c 04 7c | initiator to responder keys: release slot-key-key@0x55593e3d0e50 | initiator to responder keys extracted len 48 bytes at 0x7f8498001378 | unwrapped: da 64 e9 44 fd 28 8b 6e 49 a7 72 0b 12 7c 9e 87 | unwrapped: 3d b0 1c f3 2d a1 66 e4 74 c7 4a 41 73 f9 48 2d | unwrapped: 1d 78 eb 39 c7 4a 04 2c c5 ef 63 71 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x55593e3fc720 | key-offset: 44, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x55593e401c60 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2908 | result: result-key@0x55593e3fc720 (44-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 44 bytes of key@0x55593e3fc720 | responder to initiator keys:: symkey-key@0x55593e3fc720 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x55593e3d0e50 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)824193633: b3 9d ab e5 3c 68 dd 45 d2 4b ae 34 bf f5 09 67 40 65 0d bf d9 06 f2 ed 9d 9a 9c 68 42 03 34 a9 f3 04 45 f7 a1 69 43 99 91 a3 2c f4 88 25 26 15 | responder to initiator keys:: release slot-key-key@0x55593e3d0e50 | responder to initiator keys: extracted len 48 bytes at 0x7f8490002e68 | unwrapped: 8f 94 d8 0d 87 3f af 01 a0 6f 50 1e f5 b5 dd 42 | unwrapped: 5f 94 f6 94 66 57 c5 29 ae 9d c9 78 cb cc 1a 32 | unwrapped: 79 88 f6 a1 89 b2 bc 71 14 12 86 c8 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x55593e3fc720 | ikev2_derive_child_keys: release keymat-key@0x55593e401c60 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #19 spent 2.54 milliseconds | install_ipsec_sa() for #20: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.bffb9c9f@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.26f3df92@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #20: prospective erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #20 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xbffb9c9f SPI_OUT=0x26f | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0xbffb9c9f SPI_OUT=0x26f3df92 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "east", setting eroute_owner {spd=0x55593e3e95b8,sr=0x55593e3e95b8} to #20 (was #0) (newest_ipsec_sa=#0) | #19 spent 0.693 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #20 (was #0) (spd.eroute=#20) cloned from #19 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 160 | emitting length of ISAKMP Message: 188 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 38 9c bc b8 05 29 cd 14 | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 9c a9 a8 72 c7 03 b1 48 cd 07 ca 73 | 03 4e 0c 70 f8 e4 12 41 2c 00 00 28 00 00 00 24 | 01 03 04 03 26 f3 df 92 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 04 38 c0 75 a1 67 34 f2 4f e5 65 8c ef ff 4f a0 | c1 9d 0a 6a 8b b5 37 0a c1 e4 5e e9 7d 04 15 40 | 82 6f 07 f7 e3 fb 5a 8f fa df 1b 20 a2 b7 aa 9d | 04 74 f8 dc 0f 93 e5 76 df 0c 15 63 95 a6 35 55 | da 3b 86 fa a4 45 25 63 26 63 52 e7 fc 89 78 ff | fe e3 cf c8 81 7d 2e 3a 40 d4 db ae 96 ee d3 01 | 8d 1d 95 c7 4e 42 48 5a 1b 82 f8 8f e8 66 05 3d | 2e 78 84 c5 87 d5 c8 6d c3 09 31 1c a9 d1 41 dd | ad 46 1a 26 f3 60 14 b7 | hmac PRF sha init symkey-key@0x55593e3fae10 (size 20) | hmac: symkey-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2928 | result: clone-key@0x55593e401c60 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x55593e3ee6e0 from symkey-key@0x55593e401c60 | hmac prf: begin sha with context 0x55593e3ee6e0 from symkey-key@0x55593e401c60 | hmac: release clone-key@0x55593e401c60 | hmac PRF sha crypt-prf@0x55593e3fc7d8 | hmac PRF sha update data-bytes@0x55593d4408c0 (length 176) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 38 9c bc b8 05 29 cd 14 04 38 c0 75 a1 67 34 f2 | 4f e5 65 8c ef ff 4f a0 c1 9d 0a 6a 8b b5 37 0a | c1 e4 5e e9 7d 04 15 40 82 6f 07 f7 e3 fb 5a 8f | fa df 1b 20 a2 b7 aa 9d 04 74 f8 dc 0f 93 e5 76 | df 0c 15 63 95 a6 35 55 da 3b 86 fa a4 45 25 63 | 26 63 52 e7 fc 89 78 ff fe e3 cf c8 81 7d 2e 3a | 40 d4 db ae 96 ee d3 01 8d 1d 95 c7 4e 42 48 5a | 1b 82 f8 8f e8 66 05 3d 2e 78 84 c5 87 d5 c8 6d | c3 09 31 1c a9 d1 41 dd ad 46 1a 26 f3 60 14 b7 | hmac PRF sha final-bytes@0x55593d440970 (length 20) | 9b 72 82 d5 08 c7 27 b7 c7 27 20 f6 ca 88 8d 93 | b5 35 75 1f | data being hmac: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | data being hmac: 38 9c bc b8 05 29 cd 14 04 38 c0 75 a1 67 34 f2 | data being hmac: 4f e5 65 8c ef ff 4f a0 c1 9d 0a 6a 8b b5 37 0a | data being hmac: c1 e4 5e e9 7d 04 15 40 82 6f 07 f7 e3 fb 5a 8f | data being hmac: fa df 1b 20 a2 b7 aa 9d 04 74 f8 dc 0f 93 e5 76 | data being hmac: df 0c 15 63 95 a6 35 55 da 3b 86 fa a4 45 25 63 | data being hmac: 26 63 52 e7 fc 89 78 ff fe e3 cf c8 81 7d 2e 3a | data being hmac: 40 d4 db ae 96 ee d3 01 8d 1d 95 c7 4e 42 48 5a | data being hmac: 1b 82 f8 8f e8 66 05 3d 2e 78 84 c5 87 d5 c8 6d | data being hmac: c3 09 31 1c a9 d1 41 dd ad 46 1a 26 f3 60 14 b7 | out calculated auth: | 9b 72 82 d5 08 c7 27 b7 c7 27 20 f6 | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #19 spent 3.44 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #20 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #20 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #20: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #20 to 1 after switching state | Message ID: recv #19.#20 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #19.#20 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #20 ikev2.child established "east" #20: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #20: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xbffb9c9f <0x26f3df92 xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 188 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #19) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 38 9c bc b8 05 29 cd 14 04 38 c0 75 a1 67 34 f2 | 4f e5 65 8c ef ff 4f a0 c1 9d 0a 6a 8b b5 37 0a | c1 e4 5e e9 7d 04 15 40 82 6f 07 f7 e3 fb 5a 8f | fa df 1b 20 a2 b7 aa 9d 04 74 f8 dc 0f 93 e5 76 | df 0c 15 63 95 a6 35 55 da 3b 86 fa a4 45 25 63 | 26 63 52 e7 fc 89 78 ff fe e3 cf c8 81 7d 2e 3a | 40 d4 db ae 96 ee d3 01 8d 1d 95 c7 4e 42 48 5a | 1b 82 f8 8f e8 66 05 3d 2e 78 84 c5 87 d5 c8 6d | c3 09 31 1c a9 d1 41 dd ad 46 1a 26 f3 60 14 b7 | 9b 72 82 d5 08 c7 27 b7 c7 27 20 f6 | releasing whack for #20 (sock=fd@-1) | releasing whack and unpending for parent #19 | unpending state #19 connection "east" | #20 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x55593e3ee708 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #20 | libevent_malloc: new ptr-libevent@0x55593e3f7708 size 128 | resume sending helper answer for #19 suppresed complete_v2_state_transition() | #19 spent 3.76 milliseconds in resume sending helper answer | stop processing: state #20 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f848c00f588 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00351 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.003 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | 67 18 ad 04 82 8f d6 d1 93 bb fb b2 1c 5f d8 f8 | e4 38 11 82 02 49 55 03 5d 18 08 e5 06 0e c1 02 | d4 af d3 06 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cb c5 b5 f0 c8 84 7d fe | responder cookie: | 10 8f 3c dd 34 67 78 f3 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #19 in PARENT_R2 (find_v2_ike_sa) | start processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #19 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #19 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SK (len=36) | Message ID: start-responder #19 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #19 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x55593e3e8620 (size 20) | hmac: symkey-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3558 | result: clone-key@0x55593e401c60 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x55593e4002e0 from symkey-key@0x55593e401c60 | hmac prf: begin sha with context 0x55593e4002e0 from symkey-key@0x55593e401c60 | hmac: release clone-key@0x55593e401c60 | hmac PRF sha crypt-prf@0x55593e3f9438 | hmac PRF sha update data-bytes@0x55593e3dc198 (length 56) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | 67 18 ad 04 82 8f d6 d1 93 bb fb b2 1c 5f d8 f8 | e4 38 11 82 02 49 55 03 | hmac PRF sha final-bytes@0x7ffe993d3720 (length 20) | 5d 18 08 e5 06 0e c1 02 d4 af d3 06 b9 cb 9c 19 | 11 49 d1 59 | data for hmac: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | data for hmac: 67 18 ad 04 82 8f d6 d1 93 bb fb b2 1c 5f d8 f8 | data for hmac: e4 38 11 82 02 49 55 03 | calculated auth: 5d 18 08 e5 06 0e c1 02 d4 af d3 06 | provided auth: 5d 18 08 e5 06 0e c1 02 d4 af d3 06 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 67 18 ad 04 82 8f d6 d1 | payload before decryption: | 93 bb fb b2 1c 5f d8 f8 e4 38 11 82 02 49 55 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 bf fb 9c 9f 00 01 02 03 | stripping 4 octets as pad | #19 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | cb c5 b5 f0 c8 84 7d fe | responder cookie: | 10 8f 3c dd 34 67 78 f3 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI bf fb 9c 9f | delete PROTO_v2_ESP SA(0xbffb9c9f) | v2 CHILD SA #20 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #20 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xbffb9c9f) "east" #19: received Delete SA payload: delete IPsec State #20 now | pstats #20 ikev2.child deleted completed | suspend processing: state #19 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #20 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #20: deleting other state #20 (STATE_V2_IPSEC_R) aged 0.083s and NOT sending notification | child state #20: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.bffb9c9f@192.1.2.45 | get_sa_info esp.26f3df92@192.1.2.23 "east" #20: ESP traffic information: in=84B out=84B | child state #20: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #20 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55593e3f7708 | free_event_entry: release EVENT_SA_REKEY-pe@0x55593e3ee708 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825168' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xbffb9c9f | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1566825168' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0xbffb9c9f SPI_OUT=0x26f3df92 ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.bffb9c9f@192.1.2.45 | netlink response for Del SA esp.bffb9c9f@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.26f3df92@192.1.2.23 | netlink response for Del SA esp.26f3df92@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #20 in CHILDSA_DEL | child state #20: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #20 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #19 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55593e3f3e30 | delete_state: release st->st_skey_ai_nss-key@0x55593e3e8620 | delete_state: release st->st_skey_ar_nss-key@0x55593e3fae10 | delete_state: release st->st_skey_ei_nss-key@0x55593e3f7af0 | delete_state: release st->st_skey_er_nss-key@0x7f848c00a2d0 | delete_state: release st->st_skey_pi_nss-key@0x7f848c00c660 | delete_state: release st->st_skey_pr_nss-key@0x7f848c00c6f0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs 26 f3 df 92 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 6e ae f2 47 05 82 99 e1 | data before encryption: | 00 00 00 0c 03 04 00 01 26 f3 df 92 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | e2 b1 14 20 59 c6 f4 bd 9e ac 43 08 b8 1d 9d 6e | hmac PRF sha init symkey-key@0x55593e3fae10 (size 20) | hmac: symkey-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3108 | result: clone-key@0x55593e401c60 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x55593e3ee6e0 from symkey-key@0x55593e401c60 | hmac prf: begin sha with context 0x55593e3ee6e0 from symkey-key@0x55593e401c60 | hmac: release clone-key@0x55593e401c60 | hmac PRF sha crypt-prf@0x55593e3fc7d8 | hmac PRF sha update data-bytes@0x55593d4408c0 (length 56) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 6e ae f2 47 05 82 99 e1 e2 b1 14 20 59 c6 f4 bd | 9e ac 43 08 b8 1d 9d 6e | hmac PRF sha final-bytes@0x55593d4408f8 (length 20) | 41 93 af e5 33 01 34 5b 91 96 9a 6a ee ce fa 54 | 5d ae f1 c1 | data being hmac: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | data being hmac: 6e ae f2 47 05 82 99 e1 e2 b1 14 20 59 c6 f4 bd | data being hmac: 9e ac 43 08 b8 1d 9d 6e | out calculated auth: | 41 93 af e5 33 01 34 5b 91 96 9a 6a | sending 68 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #19) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 6e ae f2 47 05 82 99 e1 e2 b1 14 20 59 c6 f4 bd | 9e ac 43 08 b8 1d 9d 6e 41 93 af e5 33 01 34 5b | 91 96 9a 6a | Message ID: #19 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #19 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #19 spent 1.04 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #19 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #19 to 2 after switching state | Message ID: recv #19 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #19 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #19: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 1.29 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.31 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00185 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | 12 cd 1c 35 d4 68 56 ac da fa 41 13 1a 96 2f e9 | 99 81 71 6d 5a 93 7a d6 84 bd 36 56 6c 21 65 45 | d9 85 ad 8b | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cb c5 b5 f0 c8 84 7d fe | responder cookie: | 10 8f 3c dd 34 67 78 f3 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #19 in PARENT_R2 (find_v2_ike_sa) | start processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #19 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #19 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SK (len=36) | Message ID: start-responder #19 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #19 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x55593e3e8620 (size 20) | hmac: symkey-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3558 | result: clone-key@0x55593e401c60 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x55593e3ee6e0 from symkey-key@0x55593e401c60 | hmac prf: begin sha with context 0x55593e3ee6e0 from symkey-key@0x55593e401c60 | hmac: release clone-key@0x55593e401c60 | hmac PRF sha crypt-prf@0x55593e3f9438 | hmac PRF sha update data-bytes@0x55593e3dc198 (length 56) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | 12 cd 1c 35 d4 68 56 ac da fa 41 13 1a 96 2f e9 | 99 81 71 6d 5a 93 7a d6 | hmac PRF sha final-bytes@0x7ffe993d3720 (length 20) | 84 bd 36 56 6c 21 65 45 d9 85 ad 8b 0c 8b 9e d1 | 15 ac eb f7 | data for hmac: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | data for hmac: 12 cd 1c 35 d4 68 56 ac da fa 41 13 1a 96 2f e9 | data for hmac: 99 81 71 6d 5a 93 7a d6 | calculated auth: 84 bd 36 56 6c 21 65 45 d9 85 ad 8b | provided auth: 84 bd 36 56 6c 21 65 45 d9 85 ad 8b | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 12 cd 1c 35 d4 68 56 ac | payload before decryption: | da fa 41 13 1a 96 2f e9 99 81 71 6d 5a 93 7a d6 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #19 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | cb c5 b5 f0 c8 84 7d fe | responder cookie: | 10 8f 3c dd 34 67 78 f3 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 32 | emitting length of ISAKMP Message: 60 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 29 3c f0 65 d8 02 82 2a | data before encryption: | 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 04 e4 a3 4a 23 1d 29 c2 | hmac PRF sha init symkey-key@0x55593e3fae10 (size 20) | hmac: symkey-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3108 | result: clone-key@0x55593e401c60 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x55593e3ee6e0 from symkey-key@0x55593e401c60 | hmac prf: begin sha with context 0x55593e3ee6e0 from symkey-key@0x55593e401c60 | hmac: release clone-key@0x55593e401c60 | hmac PRF sha crypt-prf@0x55593e3fc7d8 | hmac PRF sha update data-bytes@0x55593d4408c0 (length 48) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | 29 3c f0 65 d8 02 82 2a 04 e4 a3 4a 23 1d 29 c2 | hmac PRF sha final-bytes@0x55593d4408f0 (length 20) | a0 c5 c7 23 df 5a 00 d1 67 78 af ba 21 a8 63 99 | 21 43 81 9c | data being hmac: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | data being hmac: 29 3c f0 65 d8 02 82 2a 04 e4 a3 4a 23 1d 29 c2 | out calculated auth: | a0 c5 c7 23 df 5a 00 d1 67 78 af ba | sending 60 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #19) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | 29 3c f0 65 d8 02 82 2a 04 e4 a3 4a 23 1d 29 c2 | a0 c5 c7 23 df 5a 00 d1 67 78 af ba | Message ID: #19 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #19 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #19: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #19 ikev2.ike deleted completed | #19 spent 9.17 milliseconds in total | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #19: deleting state (STATE_IKESA_DEL) aged 0.103s and NOT sending notification | parent state #19: IKESA_DEL(established IKE SA) => delete | state #19 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55593e3f64b8 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f848c002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #19 in IKESA_DEL | parent state #19: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f8488007848: destroyed | stop processing: state #19 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f848000b980 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55593e3f3e30 | delete_state: release st->st_skey_ai_nss-key@0x55593e3e8620 | delete_state: release st->st_skey_ar_nss-key@0x55593e3fae10 | delete_state: release st->st_skey_ei_nss-key@0x55593e3f7af0 | delete_state: release st->st_skey_er_nss-key@0x7f848c00a2d0 | delete_state: release st->st_skey_pi_nss-key@0x7f848c00c660 | delete_state: release st->st_skey_pr_nss-key@0x7f848c00c6f0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #19 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #19 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.644 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0046 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00268 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | db 0d e7 9d 7c be 70 ca 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 e1 4c 71 3a 5a da 81 05 4a e6 9a dd | 7e 81 a8 41 1b 61 d9 42 d4 9c cc d1 37 57 cf 95 | d9 bd 6b d5 0f 2c e1 1a dc c1 c7 b0 1d b0 26 30 | 0f 54 4c c8 e1 a3 9e 7f 83 b7 b3 50 90 e6 3d a0 | 91 0f 93 3a fa ca 1f ff 1d 05 07 fd b6 75 e5 27 | 9e eb 5a df 17 ce a1 e7 6a 54 64 be 3e 8d 9a 51 | e7 36 d3 42 c8 12 f8 3a d1 c0 ce c9 44 5e 17 9f | 1c 90 32 ac 75 e5 46 8f 75 a2 44 73 a1 f2 16 fc | db d9 05 d2 3e 2d ce 37 60 f7 73 3a 7e 71 f1 86 | 76 2c 7a 47 02 22 01 ae f2 22 a1 23 64 04 ee a6 | ed ca 8b c8 03 aa 09 7a 8c 5e 3f 9c c0 35 34 e1 | 8d 5b 58 54 c7 bf ad 7a 13 fa 2f 0e 82 cd 35 f1 | f5 e9 88 21 02 b0 20 67 80 b3 9c b0 ef 3b 76 56 | 5f f7 c3 8c b2 d3 a9 74 60 a5 77 38 28 f7 74 28 | 62 f8 5f d3 8a 3d e2 6f de 46 56 99 37 c8 6f 56 | 60 e8 aa 83 3f c1 19 5f e2 39 5f b5 46 57 9c f5 | 47 b1 74 60 29 00 00 24 6b 13 c7 9a e2 88 62 d3 | 4b c1 aa 1d c9 95 0a d9 bf fb 77 5e d5 65 bf ef | 7d b7 80 5e e6 34 42 96 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 eb e4 21 38 40 b6 f3 63 | 9e 64 01 d6 08 89 56 cf 98 e2 43 d9 00 00 00 1c | 00 00 40 05 8f b9 29 ef 17 b3 7e f9 56 05 4c 3d | 99 cb 42 68 f6 85 1c d5 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | db 0d e7 9d 7c be 70 ca | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x55593e3ea5d8 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x55593d434700 (length 32) | c4 5b 99 07 46 d6 b8 54 7e b5 91 29 51 b8 2a 78 | a9 67 8c 5b f0 7f 01 45 df c1 c8 27 69 7e 9f f4 | IKE SPIr hash sha2_256 digest counter-bytes@0x55593d4346e0 (length 4) | 0f 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7ffe993d3d80 (length 32) | cb 84 1d a1 eb 0c 43 41 7b 67 cb 47 4b b4 29 ba | 1b 7e 37 33 a3 ef b3 7e db 7d 5b 33 8b 9c fe aa | creating state object #21 at 0x55593e3fdaf8 | State DB: adding IKEv2 state #21 in UNDEFINED | pstats #21 ikev2.ike started | Message ID: init #21: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #21: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #21; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #21 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #21 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #21 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #21 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #21 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #21 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #21 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 2 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: PRF+INTEG+DH | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR; missing transforms: ENCR | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 2; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 2 "east" #21: proposal 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | e1 4c 71 3a 5a da 81 05 4a e6 9a dd 7e 81 a8 41 | 1b 61 d9 42 d4 9c cc d1 37 57 cf 95 d9 bd 6b d5 | 0f 2c e1 1a dc c1 c7 b0 1d b0 26 30 0f 54 4c c8 | e1 a3 9e 7f 83 b7 b3 50 90 e6 3d a0 91 0f 93 3a | fa ca 1f ff 1d 05 07 fd b6 75 e5 27 9e eb 5a df | 17 ce a1 e7 6a 54 64 be 3e 8d 9a 51 e7 36 d3 42 | c8 12 f8 3a d1 c0 ce c9 44 5e 17 9f 1c 90 32 ac | 75 e5 46 8f 75 a2 44 73 a1 f2 16 fc db d9 05 d2 | 3e 2d ce 37 60 f7 73 3a 7e 71 f1 86 76 2c 7a 47 | 02 22 01 ae f2 22 a1 23 64 04 ee a6 ed ca 8b c8 | 03 aa 09 7a 8c 5e 3f 9c c0 35 34 e1 8d 5b 58 54 | c7 bf ad 7a 13 fa 2f 0e 82 cd 35 f1 f5 e9 88 21 | 02 b0 20 67 80 b3 9c b0 ef 3b 76 56 5f f7 c3 8c | b2 d3 a9 74 60 a5 77 38 28 f7 74 28 62 f8 5f d3 | 8a 3d e2 6f de 46 56 99 37 c8 6f 56 60 e8 aa 83 | 3f c1 19 5f e2 39 5f b5 46 57 9c f5 47 b1 74 60 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3780 (length 8) | db 0d e7 9d 7c be 70 ca | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3788 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe993d3714 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe993d3706 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3790 (length 20) | 8f b9 29 ef 17 b3 7e f9 56 05 4c 3d 99 cb 42 68 | f6 85 1c d5 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= db 0d e7 9d 7c be 70 ca | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 8f b9 29 ef 17 b3 7e f9 56 05 4c 3d 99 cb 42 68 | natd_hash: hash= f6 85 1c d5 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3780 (length 8) | db 0d e7 9d 7c be 70 ca | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3788 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe993d3714 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe993d3706 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d37b0 (length 20) | eb e4 21 38 40 b6 f3 63 9e 64 01 d6 08 89 56 cf | 98 e2 43 d9 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= db 0d e7 9d 7c be 70 ca | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= eb e4 21 38 40 b6 f3 63 9e 64 01 d6 08 89 56 cf | natd_hash: hash= 98 e2 43 d9 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 13 for state #21 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55593e3ee708 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f848c00f588 size 128 | #21 spent 0.2 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #21 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #21 and saving MD | #21 is busy; has a suspended MD | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #21 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #21 spent 0.465 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.472 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 6 resuming | crypto helper 6 starting work-order 13 for state #21 | crypto helper 6 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 13 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f8480011c58: created | NSS: Local DH MODP2048 secret (pointer): 0x7f8480011c58 | NSS: Public DH wire value: | ec 96 41 18 89 32 e0 13 70 8f 32 13 27 02 65 39 | 1b 60 70 98 17 2c dd 0a 19 e3 ed 08 c1 df 9a ed | d1 11 37 45 e3 34 7e 1a b4 7e 57 0b bd 2d 06 8c | 66 7f 82 57 a3 02 e7 66 c4 79 77 64 54 4e 4a 09 | 96 60 c4 87 8c 43 ad ea 09 10 dc 58 8a 58 39 fe | d2 a4 62 09 73 6f 70 f1 d6 3c 88 4a 6f 82 6b 55 | a9 b5 8f ce 08 42 91 12 1e 6a 4e 28 66 65 bf f8 | a6 e7 4c 87 fa 89 51 32 dc 1f d7 b9 b4 3f 2e 37 | a0 f9 3e ad 7b f2 f7 85 34 51 ee 73 5b 9e 4d 73 | 02 67 b1 e8 53 2b 2c 44 6a 0c 99 28 8e 19 60 e6 | be b1 b9 02 22 b5 89 2f 85 70 54 2f 7f e3 26 2a | 20 d3 be 3a 56 c5 60 ec 9e d7 e6 54 3d d1 d3 0d | 31 83 df 3f 4d 00 19 b3 a4 ee ce 30 68 a7 8d 10 | 84 35 e8 ff 7e ae 99 45 1b b4 9b 8b b8 e1 25 dd | 2d 4b a7 12 19 bc 67 f1 8c 53 8d e8 12 ab 71 d6 | b6 e8 8c da ae 63 54 87 95 50 82 e8 a5 6b 80 2e | Generated nonce: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | Generated nonce: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | crypto helper 6 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 13 time elapsed 0.000587 seconds | (#21) spent 0.589 milliseconds in crypto helper computing work-order 13: ikev2_inI1outR1 KE (pcr) | crypto helper 6 sending results from work-order 13 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7f8480005088 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #21 | start processing: state #21 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 13 | calling continuation function 0x55593d342b50 | ikev2_parent_inI1outR1_continue for #21: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | db 0d e7 9d 7c be 70 ca | responder cookie: | cb 84 1d a1 eb 0c 43 41 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f8480011c58: transferring ownership from helper KE to state #21 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x ec 96 41 18 89 32 e0 13 70 8f 32 13 27 02 65 39 | ikev2 g^x 1b 60 70 98 17 2c dd 0a 19 e3 ed 08 c1 df 9a ed | ikev2 g^x d1 11 37 45 e3 34 7e 1a b4 7e 57 0b bd 2d 06 8c | ikev2 g^x 66 7f 82 57 a3 02 e7 66 c4 79 77 64 54 4e 4a 09 | ikev2 g^x 96 60 c4 87 8c 43 ad ea 09 10 dc 58 8a 58 39 fe | ikev2 g^x d2 a4 62 09 73 6f 70 f1 d6 3c 88 4a 6f 82 6b 55 | ikev2 g^x a9 b5 8f ce 08 42 91 12 1e 6a 4e 28 66 65 bf f8 | ikev2 g^x a6 e7 4c 87 fa 89 51 32 dc 1f d7 b9 b4 3f 2e 37 | ikev2 g^x a0 f9 3e ad 7b f2 f7 85 34 51 ee 73 5b 9e 4d 73 | ikev2 g^x 02 67 b1 e8 53 2b 2c 44 6a 0c 99 28 8e 19 60 e6 | ikev2 g^x be b1 b9 02 22 b5 89 2f 85 70 54 2f 7f e3 26 2a | ikev2 g^x 20 d3 be 3a 56 c5 60 ec 9e d7 e6 54 3d d1 d3 0d | ikev2 g^x 31 83 df 3f 4d 00 19 b3 a4 ee ce 30 68 a7 8d 10 | ikev2 g^x 84 35 e8 ff 7e ae 99 45 1b b4 9b 8b b8 e1 25 dd | ikev2 g^x 2d 4b a7 12 19 bc 67 f1 8c 53 8d e8 12 ab 71 d6 | ikev2 g^x b6 e8 8c da ae 63 54 87 95 50 82 e8 a5 6b 80 2e | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | IKEv2 nonce 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3cc0 (length 8) | db 0d e7 9d 7c be 70 ca | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3cc8 (length 8) | cb 84 1d a1 eb 0c 43 41 | NATD hash sha digest IP addr-bytes@0x7ffe993d3bf4 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe993d3be6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3c70 (length 20) | 79 0f f4 52 05 2f e4 74 38 bd 01 af c7 f6 cf 7a | 8c 48 07 a1 | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= db 0d e7 9d 7c be 70 ca | natd_hash: rcookie= cb 84 1d a1 eb 0c 43 41 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 79 0f f4 52 05 2f e4 74 38 bd 01 af c7 f6 cf 7a | natd_hash: hash= 8c 48 07 a1 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 79 0f f4 52 05 2f e4 74 38 bd 01 af c7 f6 cf 7a | Notify data 8c 48 07 a1 | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe993d3cc0 (length 8) | db 0d e7 9d 7c be 70 ca | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe993d3cc8 (length 8) | cb 84 1d a1 eb 0c 43 41 | NATD hash sha digest IP addr-bytes@0x7ffe993d3bf4 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe993d3be6 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe993d3c70 (length 20) | e9 b0 5e 19 7c c7 91 78 6c 06 5b f2 9a d2 92 54 | d5 d9 8a 4d | natd_hash: hasher=0x55593d417800(20) | natd_hash: icookie= db 0d e7 9d 7c be 70 ca | natd_hash: rcookie= cb 84 1d a1 eb 0c 43 41 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= e9 b0 5e 19 7c c7 91 78 6c 06 5b f2 9a d2 92 54 | natd_hash: hash= d5 d9 8a 4d | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data e9 b0 5e 19 7c c7 91 78 6c 06 5b f2 9a d2 92 54 | Notify data d5 d9 8a 4d | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #21 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #21: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #21 to 0 after switching state | Message ID: recv #21 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #21 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #21: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=3DES_CBC_192 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 436 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #21) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | ec 96 41 18 89 32 e0 13 70 8f 32 13 27 02 65 39 | 1b 60 70 98 17 2c dd 0a 19 e3 ed 08 c1 df 9a ed | d1 11 37 45 e3 34 7e 1a b4 7e 57 0b bd 2d 06 8c | 66 7f 82 57 a3 02 e7 66 c4 79 77 64 54 4e 4a 09 | 96 60 c4 87 8c 43 ad ea 09 10 dc 58 8a 58 39 fe | d2 a4 62 09 73 6f 70 f1 d6 3c 88 4a 6f 82 6b 55 | a9 b5 8f ce 08 42 91 12 1e 6a 4e 28 66 65 bf f8 | a6 e7 4c 87 fa 89 51 32 dc 1f d7 b9 b4 3f 2e 37 | a0 f9 3e ad 7b f2 f7 85 34 51 ee 73 5b 9e 4d 73 | 02 67 b1 e8 53 2b 2c 44 6a 0c 99 28 8e 19 60 e6 | be b1 b9 02 22 b5 89 2f 85 70 54 2f 7f e3 26 2a | 20 d3 be 3a 56 c5 60 ec 9e d7 e6 54 3d d1 d3 0d | 31 83 df 3f 4d 00 19 b3 a4 ee ce 30 68 a7 8d 10 | 84 35 e8 ff 7e ae 99 45 1b b4 9b 8b b8 e1 25 dd | 2d 4b a7 12 19 bc 67 f1 8c 53 8d e8 12 ab 71 d6 | b6 e8 8c da ae 63 54 87 95 50 82 e8 a5 6b 80 2e | 29 00 00 24 ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 | 71 6a 0f ed 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c | d8 5a d4 1a 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 79 0f f4 52 05 2f e4 74 38 bd 01 af | c7 f6 cf 7a 8c 48 07 a1 00 00 00 1c 00 00 40 05 | e9 b0 5e 19 7c c7 91 78 6c 06 5b f2 9a d2 92 54 | d5 d9 8a 4d | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f848c00f588 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55593e3ee708 | event_schedule: new EVENT_SO_DISCARD-pe@0x55593e3ee708 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #21 | libevent_malloc: new ptr-libevent@0x55593e4034e8 size 128 | resume sending helper answer for #21 suppresed complete_v2_state_transition() | #21 spent 0.325 milliseconds in resume sending helper answer | stop processing: state #21 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f8480005088 | spent 0.00175 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 196 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 64 a9 3e 78 30 07 25 7f 14 45 bd 2d 72 11 f0 ce | a1 06 98 91 38 d2 29 70 94 4f ad ce 44 01 3f 0a | 9d e7 54 97 11 e7 bf eb fb a6 45 58 64 ed 3f 1d | 29 87 e6 7e 1b 48 5d 09 6b fd b3 de 1c c6 6c d3 | 4e 34 4b c1 71 e2 35 9f e9 50 ba a8 c2 52 7f ca | fe 23 51 26 ea d0 ab 66 67 10 fe 8b 84 e1 ce f9 | 94 b0 5e 6d 0e 36 3d 70 46 b8 f4 ce dd 84 09 67 | 67 12 f9 a4 51 a4 5c 8e 45 ec 09 9d 70 5e 09 13 | 26 69 a0 48 ea 72 1d b2 e5 ab be be 75 d1 47 95 | 12 d2 b7 3b 3d 00 97 1f 67 c1 43 2e f9 79 05 11 | de e9 74 cb | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | db 0d e7 9d 7c be 70 ca | responder cookie: | cb 84 1d a1 eb 0c 43 41 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 196 (0xc4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #21 in PARENT_R1 (find_v2_ike_sa) | start processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #21 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #21 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 168 (0xa8) | processing payload: ISAKMP_NEXT_v2SK (len=164) | Message ID: start-responder #21 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #21 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=3DES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f8480011c58: transferring ownership from state #21 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 14 for state #21 | state #21 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x55593e4034e8 | free_event_entry: release EVENT_SO_DISCARD-pe@0x55593e3ee708 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55593e3ee708 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f8480005088 size 128 | #21 spent 0.0236 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #21 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | crypto helper 3 resuming | suspending state #21 and saving MD | #21 is busy; has a suspended MD | crypto helper 3 starting work-order 14 for state #21 | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) | "east" #21 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | crypto helper 3 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 14 | stop processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | peer's g: e1 4c 71 3a 5a da 81 05 4a e6 9a dd 7e 81 a8 41 | #21 spent 0.126 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | peer's g: 1b 61 d9 42 d4 9c cc d1 37 57 cf 95 d9 bd 6b d5 | peer's g: 0f 2c e1 1a dc c1 c7 b0 1d b0 26 30 0f 54 4c c8 | spent 0.14 milliseconds in comm_handle_cb() reading and processing packet | peer's g: e1 a3 9e 7f 83 b7 b3 50 90 e6 3d a0 91 0f 93 3a | peer's g: fa ca 1f ff 1d 05 07 fd b6 75 e5 27 9e eb 5a df | peer's g: 17 ce a1 e7 6a 54 64 be 3e 8d 9a 51 e7 36 d3 42 | peer's g: c8 12 f8 3a d1 c0 ce c9 44 5e 17 9f 1c 90 32 ac | peer's g: 75 e5 46 8f 75 a2 44 73 a1 f2 16 fc db d9 05 d2 | peer's g: 3e 2d ce 37 60 f7 73 3a 7e 71 f1 86 76 2c 7a 47 | peer's g: 02 22 01 ae f2 22 a1 23 64 04 ee a6 ed ca 8b c8 | peer's g: 03 aa 09 7a 8c 5e 3f 9c c0 35 34 e1 8d 5b 58 54 | peer's g: c7 bf ad 7a 13 fa 2f 0e 82 cd 35 f1 f5 e9 88 21 | peer's g: 02 b0 20 67 80 b3 9c b0 ef 3b 76 56 5f f7 c3 8c | peer's g: b2 d3 a9 74 60 a5 77 38 28 f7 74 28 62 f8 5f d3 | peer's g: 8a 3d e2 6f de 46 56 99 37 c8 6f 56 60 e8 aa 83 | peer's g: 3f c1 19 5f e2 39 5f b5 46 57 9c f5 47 b1 74 60 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f848c00c6f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f8480011c58: computed shared DH secret key@0x7f848c00c6f0 | dh-shared : g^ir-key@0x7f848c00c6f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=24 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f8484003b28 (length 64) | 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a177e6e0 | result: Ni | Nr-key@0x7f848c00a2d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x7f848c00a2d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e6c8 | result: Ni | Nr-key@0x7f848c00c660 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x7f848c00a2d0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f84840013b0 from Ni | Nr-key@0x7f848c00c660 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f84840013b0 from Ni | Nr-key@0x7f848c00c660 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f848c00c660 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f84840016c8 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f848c00c6f0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f848c00c6f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f848c00c6f0 | nss hmac digest hack: symkey-key@0x7f848c00c6f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1027334338: ca 54 dd 5e a1 91 47 b8 95 e7 27 45 f3 a8 47 df 4c b5 ff 92 28 55 f8 a6 3f e2 75 7f 71 6f f2 a4 7e c5 ce a1 38 42 4e dd 51 5a a1 f0 ec 07 b4 a6 8a bb e9 20 fe f2 20 e7 33 92 a2 ce 71 62 10 94 15 c2 92 81 92 ee 98 d1 87 23 d5 f7 70 c9 d5 de 1b 86 bc 03 f5 20 c7 ef d9 a9 90 92 13 df 5d 54 d1 7e 20 69 85 6a 54 9f bf c4 e0 71 ba 86 17 d1 79 9c d4 87 ed 3d 04 f3 fd e5 fc 2f ae 9b 5f 8f ab a5 15 7d 0d 5c e4 70 93 73 ab c5 fc 4d ca 74 f0 84 90 6f f8 f4 7b 15 93 2f a0 78 fc 18 a3 e0 d6 df fa 08 d4 4f de 55 09 69 4e ad 4d af e8 3c 9f de f4 86 db b3 81 b9 57 28 5f 7e 9b 2a 4a c8 4a 9b 5e 04 11 75 e3 a1 fb 37 4a 54 5d e8 98 49 80 fe 8f 19 bd c4 7e c1 99 89 2a a8 27 ed a2 a5 63 c6 12 f6 76 77 1a 8d 26 1e bb a5 2a 93 16 93 56 cc 3f bc 09 b4 00 8a 72 02 e4 97 73 78 1b a8 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 256 bytes at 0x7f84840045a8 | unwrapped: 94 96 1a d5 fc e6 45 ff a1 d0 b7 6e b4 4c b0 32 | unwrapped: d1 03 1c a8 e8 db e5 a3 a9 cc 69 22 26 0b 50 82 | unwrapped: ce a1 e6 cc a8 e2 42 df eb d7 e8 db 43 94 fa e5 | unwrapped: bf a3 20 d1 f2 fc 2b d5 b7 5e 5d 40 4a 08 5d 46 | unwrapped: d3 26 57 bf 1f f0 d7 45 b6 21 85 7c 07 62 14 0a | unwrapped: 54 d7 26 72 5d 64 c7 44 34 01 60 32 55 60 df c1 | unwrapped: 81 b2 d8 12 25 f8 56 ed fa f6 90 2f 1b 1c 5a 86 | unwrapped: 2d 67 bd 47 6a e3 a5 ae 58 03 3f e1 c4 19 c3 0a | unwrapped: 7f 17 36 a7 17 7b d7 00 30 9d e0 c9 e2 ac ff 77 | unwrapped: ce b7 09 ad 41 c5 e2 1d 7a 42 06 98 12 e8 fb 00 | unwrapped: 80 d0 9d 2c bd 99 3e 7b a9 23 81 55 fd c9 e9 a0 | unwrapped: 55 d8 1f cb 51 6f 1c 75 d1 5b ba 59 27 86 67 9d | unwrapped: 28 34 1f 9f 5e 46 b0 f4 f5 44 68 fd 59 68 ed 9e | unwrapped: 0d d2 12 0e 3a d7 11 3d b9 68 41 d6 8f f1 f1 b5 | unwrapped: d9 b0 47 b6 ae 7f 1f 65 f3 35 82 c9 af 0a f5 39 | unwrapped: 88 ed 06 10 47 c9 6d 03 eb 29 08 c7 75 0f 6a ff | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a177e700 | result: final-key@0x7f848c00a2d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848c00a2d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e6e8 | result: final-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f848c00a2d0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f848c00c660 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a177e670 | result: data=Ni-key@0x55593e3f7af0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55593e3f7af0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e658 | result: data=Ni-key@0x7f848c00a2d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55593e3f7af0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848c00a2d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a177e660 | result: data+=Nr-key@0x55593e3f7af0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f848c00a2d0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3f7af0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a177e660 | result: data+=SPIi-key@0x7f848c00a2d0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3f7af0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848c00a2d0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f84a177e660 | result: data+=SPIr-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f848c00a2d0 | prf+0 PRF sha init key-key@0x7f848c00c660 (size 20) | prf+0: key-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e588 | result: clone-key@0x7f848c00a2d0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f84840013b0 from key-key@0x7f848c00a2d0 | prf+0 prf: begin sha with context 0x7f84840013b0 from key-key@0x7f848c00a2d0 | prf+0: release clone-key@0x7f848c00a2d0 | prf+0 PRF sha crypt-prf@0x7f8484002168 | prf+0 PRF sha update seed-key@0x55593e3f7af0 (size 80) | prf+0: seed-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3f7af0 | nss hmac digest hack: symkey-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: c2 0b 6f a9 5a 54 e6 7b f6 1e c7 24 32 e1 12 dc 68 ce 2b 27 e4 c7 c5 5a ec bd e9 3f 52 b6 ca 75 62 c5 8b d5 64 ec 75 d0 01 89 3e 95 94 d7 b4 ac a9 88 b2 46 e8 bd bf 0f 91 00 f3 20 61 67 de 1c 96 ed c8 b3 4b 7f 42 01 cf 0f 13 11 7e 39 eb e8 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8484004ba8 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | unwrapped: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a177e590 | result: final-key@0x55593e3fae10 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3fae10 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e578 | result: final-key@0x7f848c00a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3fae10 | prf+0 PRF sha final-key@0x7f848c00a2d0 (size 20) | prf+0: key-key@0x7f848c00a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f848c00a2d0 | prf+N PRF sha init key-key@0x7f848c00c660 (size 20) | prf+N: key-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e588 | result: clone-key@0x55593e3fae10 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f84840013b0 from key-key@0x55593e3fae10 | prf+N prf: begin sha with context 0x7f84840013b0 from key-key@0x55593e3fae10 | prf+N: release clone-key@0x55593e3fae10 | prf+N PRF sha crypt-prf@0x7f84840046d8 | prf+N PRF sha update old_t-key@0x7f848c00a2d0 (size 20) | prf+N: old_t-key@0x7f848c00a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f848c00a2d0 | nss hmac digest hack: symkey-key@0x7f848c00a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 52 05 a6 7c 4d a6 91 68 74 76 ba 52 cb 1b 0c d0 9c 11 3a 9c c3 71 c3 db 91 c9 83 1c 60 9a 4d 1b | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8484001278 | unwrapped: ac 10 16 97 91 3a 1e 79 3a 39 06 cb 0d a8 22 9a | unwrapped: d9 50 cd bd 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f7af0 (size 80) | prf+N: seed-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3f7af0 | nss hmac digest hack: symkey-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: c2 0b 6f a9 5a 54 e6 7b f6 1e c7 24 32 e1 12 dc 68 ce 2b 27 e4 c7 c5 5a ec bd e9 3f 52 b6 ca 75 62 c5 8b d5 64 ec 75 d0 01 89 3e 95 94 d7 b4 ac a9 88 b2 46 e8 bd bf 0f 91 00 f3 20 61 67 de 1c 96 ed c8 b3 4b 7f 42 01 cf 0f 13 11 7e 39 eb e8 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8484004b28 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | unwrapped: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a177e590 | result: final-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e578 | result: final-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3e8620 | prf+N PRF sha final-key@0x55593e3fae10 (size 20) | prf+N: key-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f848c00a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a177e608 | result: result-key@0x55593e3e8620 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f848c00a2d0 | prfplus: release old_t[N]-key@0x7f848c00a2d0 | prf+N PRF sha init key-key@0x7f848c00c660 (size 20) | prf+N: key-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e588 | result: clone-key@0x7f848c00a2d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f84840013b0 from key-key@0x7f848c00a2d0 | prf+N prf: begin sha with context 0x7f84840013b0 from key-key@0x7f848c00a2d0 | prf+N: release clone-key@0x7f848c00a2d0 | prf+N PRF sha crypt-prf@0x7f8484002168 | prf+N PRF sha update old_t-key@0x55593e3fae10 (size 20) | prf+N: old_t-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3fae10 | nss hmac digest hack: symkey-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 60 f8 38 42 71 b8 fc bf 66 69 bc a4 15 eb f1 13 18 e0 bf 1f 0a 54 ee a2 8c 50 de 3a b4 8f de ad | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f84840016c8 | unwrapped: 9a d9 aa 75 1c 2b 54 b4 19 1d 5d aa 72 0e 1e c9 | unwrapped: a6 cd 5b d1 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f7af0 (size 80) | prf+N: seed-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3f7af0 | nss hmac digest hack: symkey-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: c2 0b 6f a9 5a 54 e6 7b f6 1e c7 24 32 e1 12 dc 68 ce 2b 27 e4 c7 c5 5a ec bd e9 3f 52 b6 ca 75 62 c5 8b d5 64 ec 75 d0 01 89 3e 95 94 d7 b4 ac a9 88 b2 46 e8 bd bf 0f 91 00 f3 20 61 67 de 1c 96 ed c8 b3 4b 7f 42 01 cf 0f 13 11 7e 39 eb e8 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8484004ba8 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | unwrapped: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a177e590 | result: final-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e578 | result: final-key@0x7f848c00a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f3e30 | prf+N PRF sha final-key@0x7f848c00a2d0 (size 20) | prf+N: key-key@0x7f848c00a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3e8620 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a177e608 | result: result-key@0x55593e3f3e30 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3e8620 | prfplus: release old_t[N]-key@0x55593e3fae10 | prf+N PRF sha init key-key@0x7f848c00c660 (size 20) | prf+N: key-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e588 | result: clone-key@0x55593e3fae10 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f84840013b0 from key-key@0x55593e3fae10 | prf+N prf: begin sha with context 0x7f84840013b0 from key-key@0x55593e3fae10 | prf+N: release clone-key@0x55593e3fae10 | prf+N PRF sha crypt-prf@0x7f8484001278 | prf+N PRF sha update old_t-key@0x7f848c00a2d0 (size 20) | prf+N: old_t-key@0x7f848c00a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f848c00a2d0 | nss hmac digest hack: symkey-key@0x7f848c00a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 18 c4 19 7b 16 63 a6 7c a3 8e ec 85 98 2b d3 62 ad aa ae 7a b3 18 23 ef 7b f9 17 8d ab cf 59 06 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f84840061e8 | unwrapped: f6 98 fa 9d ac 1f e6 8f 2b e6 43 4c 35 5e 21 06 | unwrapped: 7d e3 ee 16 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f7af0 (size 80) | prf+N: seed-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3f7af0 | nss hmac digest hack: symkey-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: c2 0b 6f a9 5a 54 e6 7b f6 1e c7 24 32 e1 12 dc 68 ce 2b 27 e4 c7 c5 5a ec bd e9 3f 52 b6 ca 75 62 c5 8b d5 64 ec 75 d0 01 89 3e 95 94 d7 b4 ac a9 88 b2 46 e8 bd bf 0f 91 00 f3 20 61 67 de 1c 96 ed c8 b3 4b 7f 42 01 cf 0f 13 11 7e 39 eb e8 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8484004b28 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | unwrapped: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a177e590 | result: final-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e578 | result: final-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3e8620 | prf+N PRF sha final-key@0x55593e3fae10 (size 20) | prf+N: key-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3f3e30 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a177e608 | result: result-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3f3e30 | prfplus: release old_t[N]-key@0x7f848c00a2d0 | prf+N PRF sha init key-key@0x7f848c00c660 (size 20) | prf+N: key-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e588 | result: clone-key@0x7f848c00a2d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f84840013b0 from key-key@0x7f848c00a2d0 | prf+N prf: begin sha with context 0x7f84840013b0 from key-key@0x7f848c00a2d0 | prf+N: release clone-key@0x7f848c00a2d0 | prf+N PRF sha crypt-prf@0x7f84840046d8 | prf+N PRF sha update old_t-key@0x55593e3fae10 (size 20) | prf+N: old_t-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3fae10 | nss hmac digest hack: symkey-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: d0 35 aa b2 f9 8f fa f0 e1 ae 78 ca ff 64 12 14 db 59 1e 36 2c 70 53 44 d2 87 f5 28 df 21 eb 2a | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f84840016c8 | unwrapped: 8f 46 76 c0 04 af 97 b2 eb 2b 63 1a a5 4c 93 0b | unwrapped: 66 06 27 11 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f7af0 (size 80) | prf+N: seed-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3f7af0 | nss hmac digest hack: symkey-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: c2 0b 6f a9 5a 54 e6 7b f6 1e c7 24 32 e1 12 dc 68 ce 2b 27 e4 c7 c5 5a ec bd e9 3f 52 b6 ca 75 62 c5 8b d5 64 ec 75 d0 01 89 3e 95 94 d7 b4 ac a9 88 b2 46 e8 bd bf 0f 91 00 f3 20 61 67 de 1c 96 ed c8 b3 4b 7f 42 01 cf 0f 13 11 7e 39 eb e8 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8484004ba8 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | unwrapped: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a177e590 | result: final-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e578 | result: final-key@0x7f848c00a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f3e30 | prf+N PRF sha final-key@0x7f848c00a2d0 (size 20) | prf+N: key-key@0x7f848c00a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3e8620 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a177e608 | result: result-key@0x55593e3f3e30 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3e8620 | prfplus: release old_t[N]-key@0x55593e3fae10 | prf+N PRF sha init key-key@0x7f848c00c660 (size 20) | prf+N: key-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e588 | result: clone-key@0x55593e3fae10 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f84840059e0 from key-key@0x55593e3fae10 | prf+N prf: begin sha with context 0x7f84840059e0 from key-key@0x55593e3fae10 | prf+N: release clone-key@0x55593e3fae10 | prf+N PRF sha crypt-prf@0x7f8484002168 | prf+N PRF sha update old_t-key@0x7f848c00a2d0 (size 20) | prf+N: old_t-key@0x7f848c00a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f848c00a2d0 | nss hmac digest hack: symkey-key@0x7f848c00a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 26 71 f9 7e 47 df c7 e3 c7 6e e2 73 bf a6 86 61 43 01 e2 6b 97 ac d8 7d c2 53 17 7d 95 b7 49 9b | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8484001278 | unwrapped: e7 6c d3 9c 62 a7 61 8e 96 64 a5 26 3d 48 5f 9b | unwrapped: 7e f4 4a aa 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f7af0 (size 80) | prf+N: seed-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3f7af0 | nss hmac digest hack: symkey-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: c2 0b 6f a9 5a 54 e6 7b f6 1e c7 24 32 e1 12 dc 68 ce 2b 27 e4 c7 c5 5a ec bd e9 3f 52 b6 ca 75 62 c5 8b d5 64 ec 75 d0 01 89 3e 95 94 d7 b4 ac a9 88 b2 46 e8 bd bf 0f 91 00 f3 20 61 67 de 1c 96 ed c8 b3 4b 7f 42 01 cf 0f 13 11 7e 39 eb e8 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8484004b28 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | unwrapped: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a177e590 | result: final-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e578 | result: final-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3e8620 | prf+N PRF sha final-key@0x55593e3fae10 (size 20) | prf+N: key-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3f3e30 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a177e608 | result: result-key@0x55593e3e8620 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3f3e30 | prfplus: release old_t[N]-key@0x7f848c00a2d0 | prf+N PRF sha init key-key@0x7f848c00c660 (size 20) | prf+N: key-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e588 | result: clone-key@0x7f848c00a2d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f84840013b0 from key-key@0x7f848c00a2d0 | prf+N prf: begin sha with context 0x7f84840013b0 from key-key@0x7f848c00a2d0 | prf+N: release clone-key@0x7f848c00a2d0 | prf+N PRF sha crypt-prf@0x7f84840046d8 | prf+N PRF sha update old_t-key@0x55593e3fae10 (size 20) | prf+N: old_t-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3fae10 | nss hmac digest hack: symkey-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 70 a8 c4 cf 8a 0a 81 f9 2c 25 41 76 03 0b 42 ee 1d fb 4f 13 2e 22 49 68 8f 38 c5 50 39 cc f9 d3 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f84840016c8 | unwrapped: 51 9e 27 67 05 8b bb cd 78 e7 3d 15 33 29 d6 56 | unwrapped: ea bd 8f a2 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f7af0 (size 80) | prf+N: seed-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3f7af0 | nss hmac digest hack: symkey-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: c2 0b 6f a9 5a 54 e6 7b f6 1e c7 24 32 e1 12 dc 68 ce 2b 27 e4 c7 c5 5a ec bd e9 3f 52 b6 ca 75 62 c5 8b d5 64 ec 75 d0 01 89 3e 95 94 d7 b4 ac a9 88 b2 46 e8 bd bf 0f 91 00 f3 20 61 67 de 1c 96 ed c8 b3 4b 7f 42 01 cf 0f 13 11 7e 39 eb e8 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8484006878 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | unwrapped: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a177e590 | result: final-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3f3e30 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e578 | result: final-key@0x7f848c00a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3f3e30 | prf+N PRF sha final-key@0x7f848c00a2d0 (size 20) | prf+N: key-key@0x7f848c00a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3e8620 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a177e608 | result: result-key@0x55593e3f3e30 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3e8620 | prfplus: release old_t[N]-key@0x55593e3fae10 | prf+N PRF sha init key-key@0x7f848c00c660 (size 20) | prf+N: key-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e588 | result: clone-key@0x55593e3fae10 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f84840013b0 from key-key@0x55593e3fae10 | prf+N prf: begin sha with context 0x7f84840013b0 from key-key@0x55593e3fae10 | prf+N: release clone-key@0x55593e3fae10 | prf+N PRF sha crypt-prf@0x7f8484002168 | prf+N PRF sha update old_t-key@0x7f848c00a2d0 (size 20) | prf+N: old_t-key@0x7f848c00a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f848c00a2d0 | nss hmac digest hack: symkey-key@0x7f848c00a2d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 39 bc 5b 1c e4 31 1a f8 53 03 fa c5 93 d4 f7 7c ec e0 52 82 4e b5 c5 30 17 e8 07 7a 98 64 2b 51 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x7f8484001278 | unwrapped: 7c c6 d6 e4 fd 88 b1 4d 63 1e c3 da 98 8a 9e dd | unwrapped: c4 61 00 99 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3f7af0 (size 80) | prf+N: seed-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55593e3f7af0 | nss hmac digest hack: symkey-key@0x55593e3f7af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1027428861: c2 0b 6f a9 5a 54 e6 7b f6 1e c7 24 32 e1 12 dc 68 ce 2b 27 e4 c7 c5 5a ec bd e9 3f 52 b6 ca 75 62 c5 8b d5 64 ec 75 d0 01 89 3e 95 94 d7 b4 ac a9 88 b2 46 e8 bd bf 0f 91 00 f3 20 61 67 de 1c 96 ed c8 b3 4b 7f 42 01 cf 0f 13 11 7e 39 eb e8 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 80 bytes at 0x7f8484004ba8 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | unwrapped: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | prf+N PRF sha update N++-byte@0x8 (8) | 08 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f84a177e590 | result: final-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e578 | result: final-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3e8620 | prf+N PRF sha final-key@0x55593e3fae10 (size 20) | prf+N: key-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3f3e30 (140-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f84a177e608 | result: result-key@0x55593e3e8620 (160-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3f3e30 | prfplus: release old_t[N]-key@0x7f848c00a2d0 | prfplus: release old_t[final]-key@0x55593e3fae10 | ike_sa_keymat: release data-key@0x55593e3f7af0 | calc_skeyseed_v2: release skeyseed_k-key@0x7f848c00c660 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e7a8 | result: result-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e7a8 | result: result-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e7a8 | result: result-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x55593e3e8620 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e7b8 | result: SK_ei_k-key@0x7f848c00a2d0 (24-bytes, DES3_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 84, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x55593e3e8620 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e7b8 | result: SK_er_k-key@0x55593e3f3e30 (24-bytes, DES3_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 108, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e7b8 | result: result-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f848000b980 | chunk_SK_pi: symkey-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: c8 30 23 f9 8b 14 3b 43 92 71 45 a6 c8 fe 6f 4a 0d f5 71 2e 5f 40 54 19 3a a2 12 e5 e8 61 6f 17 | chunk_SK_pi: release slot-key-key@0x55593e3d0e50 | chunk_SK_pi extracted len 32 bytes at 0x7f84840046d8 | unwrapped: 78 e7 3d 15 33 29 d6 56 ea bd 8f a2 7c c6 d6 e4 | unwrapped: fd 88 b1 4d 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 128, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3e8620 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f84a177e7b8 | result: result-key@0x55593e401c60 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x55593e401c60 | chunk_SK_pr: symkey-key@0x55593e401c60 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: af 2e 03 a5 7d 84 dd 55 5b b3 4c 4b 7d 0c 15 17 4e 12 eb 03 8d 30 ef e5 18 69 93 59 eb 1f 30 d9 | chunk_SK_pr: release slot-key-key@0x55593e3d0e50 | chunk_SK_pr extracted len 32 bytes at 0x7f8484001278 | unwrapped: 63 1e c3 da 98 8a 9e dd c4 61 00 99 e2 f3 96 20 | unwrapped: f6 1e 32 0b 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x55593e3e8620 | calc_skeyseed_v2 pointers: shared-key@0x7f848c00c6f0, SK_d-key@0x7f848c00c660, SK_ai-key@0x55593e3f7af0, SK_ar-key@0x55593e3fae10, SK_ei-key@0x7f848c00a2d0, SK_er-key@0x55593e3f3e30, SK_pi-key@0x7f848000b980, SK_pr-key@0x55593e401c60 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 78 e7 3d 15 33 29 d6 56 ea bd 8f a2 7c c6 d6 e4 | fd 88 b1 4d | calc_skeyseed_v2 SK_pr | 63 1e c3 da 98 8a 9e dd c4 61 00 99 e2 f3 96 20 | f6 1e 32 0b | crypto helper 3 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 14 time elapsed 0.002035 seconds | (#21) spent 2.02 milliseconds in crypto helper computing work-order 14: ikev2_inI2outR2 KE (pcr) | crypto helper 3 sending results from work-order 14 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7f84840060e8 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #21 | start processing: state #21 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 14 | calling continuation function 0x55593d342b50 | ikev2_parent_inI2outR2_continue for #21: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7f8480011c58: transferring ownership from helper IKEv2 DH to state #21 | finish_dh_v2: release st_shared_nss-key@NULL | #21 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x55593e3f7af0 (size 20) | hmac: symkey-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3618 | result: clone-key@0x55593e3e8620 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f848c002b50 from symkey-key@0x55593e3e8620 | hmac prf: begin sha with context 0x7f848c002b50 from symkey-key@0x55593e3e8620 | hmac: release clone-key@0x55593e3e8620 | hmac PRF sha crypt-prf@0x55593e3ee8d8 | hmac PRF sha update data-bytes@0x55593e37c368 (length 184) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 64 a9 3e 78 30 07 25 7f 14 45 bd 2d 72 11 f0 ce | a1 06 98 91 38 d2 29 70 94 4f ad ce 44 01 3f 0a | 9d e7 54 97 11 e7 bf eb fb a6 45 58 64 ed 3f 1d | 29 87 e6 7e 1b 48 5d 09 6b fd b3 de 1c c6 6c d3 | 4e 34 4b c1 71 e2 35 9f e9 50 ba a8 c2 52 7f ca | fe 23 51 26 ea d0 ab 66 67 10 fe 8b 84 e1 ce f9 | 94 b0 5e 6d 0e 36 3d 70 46 b8 f4 ce dd 84 09 67 | 67 12 f9 a4 51 a4 5c 8e 45 ec 09 9d 70 5e 09 13 | 26 69 a0 48 ea 72 1d b2 e5 ab be be 75 d1 47 95 | 12 d2 b7 3b 3d 00 97 1f | hmac PRF sha final-bytes@0x7ffe993d37e0 (length 20) | 67 c1 43 2e f9 79 05 11 de e9 74 cb f9 c9 c8 24 | ad 10 b3 4a | data for hmac: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | data for hmac: 64 a9 3e 78 30 07 25 7f 14 45 bd 2d 72 11 f0 ce | data for hmac: a1 06 98 91 38 d2 29 70 94 4f ad ce 44 01 3f 0a | data for hmac: 9d e7 54 97 11 e7 bf eb fb a6 45 58 64 ed 3f 1d | data for hmac: 29 87 e6 7e 1b 48 5d 09 6b fd b3 de 1c c6 6c d3 | data for hmac: 4e 34 4b c1 71 e2 35 9f e9 50 ba a8 c2 52 7f ca | data for hmac: fe 23 51 26 ea d0 ab 66 67 10 fe 8b 84 e1 ce f9 | data for hmac: 94 b0 5e 6d 0e 36 3d 70 46 b8 f4 ce dd 84 09 67 | data for hmac: 67 12 f9 a4 51 a4 5c 8e 45 ec 09 9d 70 5e 09 13 | data for hmac: 26 69 a0 48 ea 72 1d b2 e5 ab be be 75 d1 47 95 | data for hmac: 12 d2 b7 3b 3d 00 97 1f | calculated auth: 67 c1 43 2e f9 79 05 11 de e9 74 cb | provided auth: 67 c1 43 2e f9 79 05 11 de e9 74 cb | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 64 a9 3e 78 30 07 25 7f | payload before decryption: | 14 45 bd 2d 72 11 f0 ce a1 06 98 91 38 d2 29 70 | 94 4f ad ce 44 01 3f 0a 9d e7 54 97 11 e7 bf eb | fb a6 45 58 64 ed 3f 1d 29 87 e6 7e 1b 48 5d 09 | 6b fd b3 de 1c c6 6c d3 4e 34 4b c1 71 e2 35 9f | e9 50 ba a8 c2 52 7f ca fe 23 51 26 ea d0 ab 66 | 67 10 fe 8b 84 e1 ce f9 94 b0 5e 6d 0e 36 3d 70 | 46 b8 f4 ce dd 84 09 67 67 12 f9 a4 51 a4 5c 8e | 45 ec 09 9d 70 5e 09 13 26 69 a0 48 ea 72 1d b2 | e5 ab be be 75 d1 47 95 12 d2 b7 3b 3d 00 97 1f | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 40 43 8c e2 4e 42 51 24 36 59 95 93 17 83 5a e8 | fa 06 ad 1a 2c 00 00 28 00 00 00 24 01 03 04 03 | de a6 7d 75 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | stripping 4 octets as pad | #21 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #21: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #21 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #21: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7f848000b980 (size 20) | hmac: symkey-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848000b980 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3098 | result: clone-key@0x55593e3e8620 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f848c002b50 from symkey-key@0x55593e3e8620 | hmac prf: begin sha with context 0x7f848c002b50 from symkey-key@0x55593e3e8620 | hmac: release clone-key@0x55593e3e8620 | hmac PRF sha crypt-prf@0x55593e3fc7d8 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x55593e37c394 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffe993d3240 (length 20) | 87 bf 04 74 2c c6 bf ca d5 8d dc 21 70 7c 34 3e | 90 81 06 a1 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | inputs to hash1 (first packet) | db 0d e7 9d 7c be 70 ca 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 e1 4c 71 3a 5a da 81 05 4a e6 9a dd | 7e 81 a8 41 1b 61 d9 42 d4 9c cc d1 37 57 cf 95 | d9 bd 6b d5 0f 2c e1 1a dc c1 c7 b0 1d b0 26 30 | 0f 54 4c c8 e1 a3 9e 7f 83 b7 b3 50 90 e6 3d a0 | 91 0f 93 3a fa ca 1f ff 1d 05 07 fd b6 75 e5 27 | 9e eb 5a df 17 ce a1 e7 6a 54 64 be 3e 8d 9a 51 | e7 36 d3 42 c8 12 f8 3a d1 c0 ce c9 44 5e 17 9f | 1c 90 32 ac 75 e5 46 8f 75 a2 44 73 a1 f2 16 fc | db d9 05 d2 3e 2d ce 37 60 f7 73 3a 7e 71 f1 86 | 76 2c 7a 47 02 22 01 ae f2 22 a1 23 64 04 ee a6 | ed ca 8b c8 03 aa 09 7a 8c 5e 3f 9c c0 35 34 e1 | 8d 5b 58 54 c7 bf ad 7a 13 fa 2f 0e 82 cd 35 f1 | f5 e9 88 21 02 b0 20 67 80 b3 9c b0 ef 3b 76 56 | 5f f7 c3 8c b2 d3 a9 74 60 a5 77 38 28 f7 74 28 | 62 f8 5f d3 8a 3d e2 6f de 46 56 99 37 c8 6f 56 | 60 e8 aa 83 3f c1 19 5f e2 39 5f b5 46 57 9c f5 | 47 b1 74 60 29 00 00 24 6b 13 c7 9a e2 88 62 d3 | 4b c1 aa 1d c9 95 0a d9 bf fb 77 5e d5 65 bf ef | 7d b7 80 5e e6 34 42 96 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 eb e4 21 38 40 b6 f3 63 | 9e 64 01 d6 08 89 56 cf 98 e2 43 d9 00 00 00 1c | 00 00 40 05 8f b9 29 ef 17 b3 7e f9 56 05 4c 3d | 99 cb 42 68 f6 85 1c d5 | verify: initiator inputs to hash2 (responder nonce) | ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | idhash 87 bf 04 74 2c c6 bf ca d5 8d dc 21 70 7c 34 3e | idhash 90 81 06 a1 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55593e3d0da8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2e90 | result: shared secret-key@0x55593e3fc720 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55593e3fc720 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2e78 | result: shared secret-key@0x55593e3e8620 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55593e3fc720 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f848c002b50 from shared secret-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f848c002b50 from shared secret-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2"): release clone-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55593e3ee8d8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55593d3d54d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2eb0 | result: final-key@0x55593e3fc720 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3fc720 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2e98 | result: final-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3fc720 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x55593e3e8620 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x55593e3e8620 (size 20) | = prf(, ): -key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2ea8 | result: clone-key@0x55593e3fc720 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f848c002b50 from -key@0x55593e3fc720 | = prf(, ) prf: begin sha with context 0x7f848c002b50 from -key@0x55593e3fc720 | = prf(, ): release clone-key@0x55593e3fc720 | = prf(, ) PRF sha crypt-prf@0x55593e3fc7d8 | = prf(, ) PRF sha update first-packet-bytes@0x55593e3fd908 (length 440) | db 0d e7 9d 7c be 70 ca 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 e1 4c 71 3a 5a da 81 05 4a e6 9a dd | 7e 81 a8 41 1b 61 d9 42 d4 9c cc d1 37 57 cf 95 | d9 bd 6b d5 0f 2c e1 1a dc c1 c7 b0 1d b0 26 30 | 0f 54 4c c8 e1 a3 9e 7f 83 b7 b3 50 90 e6 3d a0 | 91 0f 93 3a fa ca 1f ff 1d 05 07 fd b6 75 e5 27 | 9e eb 5a df 17 ce a1 e7 6a 54 64 be 3e 8d 9a 51 | e7 36 d3 42 c8 12 f8 3a d1 c0 ce c9 44 5e 17 9f | 1c 90 32 ac 75 e5 46 8f 75 a2 44 73 a1 f2 16 fc | db d9 05 d2 3e 2d ce 37 60 f7 73 3a 7e 71 f1 86 | 76 2c 7a 47 02 22 01 ae f2 22 a1 23 64 04 ee a6 | ed ca 8b c8 03 aa 09 7a 8c 5e 3f 9c c0 35 34 e1 | 8d 5b 58 54 c7 bf ad 7a 13 fa 2f 0e 82 cd 35 f1 | f5 e9 88 21 02 b0 20 67 80 b3 9c b0 ef 3b 76 56 | 5f f7 c3 8c b2 d3 a9 74 60 a5 77 38 28 f7 74 28 | 62 f8 5f d3 8a 3d e2 6f de 46 56 99 37 c8 6f 56 | 60 e8 aa 83 3f c1 19 5f e2 39 5f b5 46 57 9c f5 | 47 b1 74 60 29 00 00 24 6b 13 c7 9a e2 88 62 d3 | 4b c1 aa 1d c9 95 0a d9 bf fb 77 5e d5 65 bf ef | 7d b7 80 5e e6 34 42 96 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 eb e4 21 38 40 b6 f3 63 | 9e 64 01 d6 08 89 56 cf 98 e2 43 d9 00 00 00 1c | 00 00 40 05 8f b9 29 ef 17 b3 7e f9 56 05 4c 3d | 99 cb 42 68 f6 85 1c d5 | = prf(, ) PRF sha update nonce-bytes@0x7f8480003a78 (length 32) | ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | = prf(, ) PRF sha update hash-bytes@0x7ffe993d3240 (length 20) | 87 bf 04 74 2c c6 bf ca d5 8d dc 21 70 7c 34 3e | 90 81 06 a1 | = prf(, ) PRF sha final-chunk@0x55593e3eeed8 (length 20) | 40 43 8c e2 4e 42 51 24 36 59 95 93 17 83 5a e8 | fa 06 ad 1a | psk_auth: release prf-psk-key@0x55593e3e8620 | Received PSK auth octets | 40 43 8c e2 4e 42 51 24 36 59 95 93 17 83 5a e8 | fa 06 ad 1a | Calculated PSK auth octets | 40 43 8c e2 4e 42 51 24 36 59 95 93 17 83 5a e8 | fa 06 ad 1a "east" #21: Authenticated using authby=secret | parent state #21: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #21 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f8480005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55593e3ee708 | event_schedule: new EVENT_SA_REKEY-pe@0x55593e3ee708 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #21 | libevent_malloc: new ptr-libevent@0x55593e3f7708 size 128 | pstats #21 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | db 0d e7 9d 7c be 70 ca | responder cookie: | cb 84 1d a1 eb 0c 43 41 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x55593e401c60 (size 20) | hmac: symkey-key@0x55593e401c60 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e401c60 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2a18 | result: clone-key@0x55593e3e8620 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f848c002b50 from symkey-key@0x55593e3e8620 | hmac prf: begin sha with context 0x7f848c002b50 from symkey-key@0x55593e3e8620 | hmac: release clone-key@0x55593e3e8620 | hmac PRF sha crypt-prf@0x55593e3fc7d8 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x55593d4408ec (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffe993d2d10 (length 20) | 83 53 84 76 4b d7 04 42 4f 1b 2e 12 e5 86 78 12 | f8 fb 49 8b | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x55593e342b58 (line=1) | concluding with best_match=014 best=0x55593e342b58 (lineno=1) | inputs to hash1 (first packet) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | ec 96 41 18 89 32 e0 13 70 8f 32 13 27 02 65 39 | 1b 60 70 98 17 2c dd 0a 19 e3 ed 08 c1 df 9a ed | d1 11 37 45 e3 34 7e 1a b4 7e 57 0b bd 2d 06 8c | 66 7f 82 57 a3 02 e7 66 c4 79 77 64 54 4e 4a 09 | 96 60 c4 87 8c 43 ad ea 09 10 dc 58 8a 58 39 fe | d2 a4 62 09 73 6f 70 f1 d6 3c 88 4a 6f 82 6b 55 | a9 b5 8f ce 08 42 91 12 1e 6a 4e 28 66 65 bf f8 | a6 e7 4c 87 fa 89 51 32 dc 1f d7 b9 b4 3f 2e 37 | a0 f9 3e ad 7b f2 f7 85 34 51 ee 73 5b 9e 4d 73 | 02 67 b1 e8 53 2b 2c 44 6a 0c 99 28 8e 19 60 e6 | be b1 b9 02 22 b5 89 2f 85 70 54 2f 7f e3 26 2a | 20 d3 be 3a 56 c5 60 ec 9e d7 e6 54 3d d1 d3 0d | 31 83 df 3f 4d 00 19 b3 a4 ee ce 30 68 a7 8d 10 | 84 35 e8 ff 7e ae 99 45 1b b4 9b 8b b8 e1 25 dd | 2d 4b a7 12 19 bc 67 f1 8c 53 8d e8 12 ab 71 d6 | b6 e8 8c da ae 63 54 87 95 50 82 e8 a5 6b 80 2e | 29 00 00 24 ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 | 71 6a 0f ed 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c | d8 5a d4 1a 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 79 0f f4 52 05 2f e4 74 38 bd 01 af | c7 f6 cf 7a 8c 48 07 a1 00 00 00 1c 00 00 40 05 | e9 b0 5e 19 7c c7 91 78 6c 06 5b f2 9a d2 92 54 | d5 d9 8a 4d | create: responder inputs to hash2 (initiator nonce) | 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | idhash 83 53 84 76 4b d7 04 42 4f 1b 2e 12 e5 86 78 12 | idhash f8 fb 49 8b | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x55593e3d0da8 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2800 | result: shared secret-key@0x55593e3fc720 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x55593e3fc720 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27e8 | result: shared secret-key@0x55593e3e8620 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x55593e3fc720 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f848c002b50 from shared secret-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f848c002b50 from shared secret-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2"): release clone-key@0x55593e3e8620 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x55593e3eeed8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x55593d3d54d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2820 | result: final-key@0x55593e3fc720 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3fc720 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2808 | result: final-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3fc720 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x55593e3e8620 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x55593e3e8620 (size 20) | = prf(, ): -key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2818 | result: clone-key@0x55593e3fc720 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f848c002b50 from -key@0x55593e3fc720 | = prf(, ) prf: begin sha with context 0x7f848c002b50 from -key@0x55593e3fc720 | = prf(, ): release clone-key@0x55593e3fc720 | = prf(, ) PRF sha crypt-prf@0x55593e3fc7d8 | = prf(, ) PRF sha update first-packet-bytes@0x55593e3f6978 (length 436) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | ec 96 41 18 89 32 e0 13 70 8f 32 13 27 02 65 39 | 1b 60 70 98 17 2c dd 0a 19 e3 ed 08 c1 df 9a ed | d1 11 37 45 e3 34 7e 1a b4 7e 57 0b bd 2d 06 8c | 66 7f 82 57 a3 02 e7 66 c4 79 77 64 54 4e 4a 09 | 96 60 c4 87 8c 43 ad ea 09 10 dc 58 8a 58 39 fe | d2 a4 62 09 73 6f 70 f1 d6 3c 88 4a 6f 82 6b 55 | a9 b5 8f ce 08 42 91 12 1e 6a 4e 28 66 65 bf f8 | a6 e7 4c 87 fa 89 51 32 dc 1f d7 b9 b4 3f 2e 37 | a0 f9 3e ad 7b f2 f7 85 34 51 ee 73 5b 9e 4d 73 | 02 67 b1 e8 53 2b 2c 44 6a 0c 99 28 8e 19 60 e6 | be b1 b9 02 22 b5 89 2f 85 70 54 2f 7f e3 26 2a | 20 d3 be 3a 56 c5 60 ec 9e d7 e6 54 3d d1 d3 0d | 31 83 df 3f 4d 00 19 b3 a4 ee ce 30 68 a7 8d 10 | 84 35 e8 ff 7e ae 99 45 1b b4 9b 8b b8 e1 25 dd | 2d 4b a7 12 19 bc 67 f1 8c 53 8d e8 12 ab 71 d6 | b6 e8 8c da ae 63 54 87 95 50 82 e8 a5 6b 80 2e | 29 00 00 24 ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 | 71 6a 0f ed 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c | d8 5a d4 1a 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 79 0f f4 52 05 2f e4 74 38 bd 01 af | c7 f6 cf 7a 8c 48 07 a1 00 00 00 1c 00 00 40 05 | e9 b0 5e 19 7c c7 91 78 6c 06 5b f2 9a d2 92 54 | d5 d9 8a 4d | = prf(, ) PRF sha update nonce-bytes@0x55593e3f9438 (length 32) | 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | = prf(, ) PRF sha update hash-bytes@0x7ffe993d2d10 (length 20) | 83 53 84 76 4b d7 04 42 4f 1b 2e 12 e5 86 78 12 | f8 fb 49 8b | = prf(, ) PRF sha final-chunk@0x55593e3ee8d8 (length 20) | d8 b6 0c cc dd 1b 8d ae e4 80 53 c9 b9 98 b8 de | 83 4b 50 0a | psk_auth: release prf-psk-key@0x55593e3e8620 | PSK auth octets d8 b6 0c cc dd 1b 8d ae e4 80 53 c9 b9 98 b8 de | PSK auth octets 83 4b 50 0a | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth d8 b6 0c cc dd 1b 8d ae e4 80 53 c9 b9 98 b8 de | PSK auth 83 4b 50 0a | emitting length of IKEv2 Authentication Payload: 28 | creating state object #22 at 0x55593e3fc958 | State DB: adding IKEv2 state #22 in UNDEFINED | pstats #22 ikev2.child started | duplicating state object #21 "east" as #22 for IPSEC SA | #22 setting local endpoint to 192.1.2.23:500 from #21.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f848c00c660 | duplicate_state: reference st_skey_ai_nss-key@0x55593e3f7af0 | duplicate_state: reference st_skey_ar_nss-key@0x55593e3fae10 | duplicate_state: reference st_skey_ei_nss-key@0x7f848c00a2d0 | duplicate_state: reference st_skey_er_nss-key@0x55593e3f3e30 | duplicate_state: reference st_skey_pi_nss-key@0x7f848000b980 | duplicate_state: reference st_skey_pr_nss-key@0x55593e401c60 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #21.#22; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #21 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #21.#22 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI de a6 7d 75 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 2 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: INTEG+ESN | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR; missing transforms: ENCR | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 2; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 2 "east" #21: proposal 1:ESP:SPI=dea67d75;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=dea67d75;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0x8e42e08e for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 8e 42 e0 8e | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=3des_cbc: .key_size=24 .salt_size=0 keymat_len=44 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d2890 | result: data=Ni-key@0x55593e3fc720 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55593e3fc720 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2878 | result: data=Ni-key@0x55593e3e8620 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55593e3fc720 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3e8620 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe993d2880 | result: data+=Nr-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55593e3e8620 | prf+0 PRF sha init key-key@0x7f848c00c660 (size 20) | prf+0: key-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x55593e3e8620 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f848c002b50 from key-key@0x55593e3e8620 | prf+0 prf: begin sha with context 0x7f848c002b50 from key-key@0x55593e3e8620 | prf+0: release clone-key@0x55593e3e8620 | prf+0 PRF sha crypt-prf@0x55593e401d18 | prf+0 PRF sha update seed-key@0x55593e3fc720 (size 64) | prf+0: seed-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3fc720 | nss hmac digest hack: symkey-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: c2 0b 6f a9 5a 54 e6 7b f6 1e c7 24 32 e1 12 dc 68 ce 2b 27 e4 c7 c5 5a ec bd e9 3f 52 b6 ca 75 62 c5 8b d5 64 ec 75 d0 01 89 3e 95 94 d7 b4 ac a9 88 b2 46 e8 bd bf 0f 91 00 f3 20 61 67 de 1c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e3f2308 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x7f848c004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f848c004900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f848c004900 | prf+0 PRF sha final-key@0x55593e3e8620 (size 20) | prf+0: key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x55593e3e8620 | prf+N PRF sha init key-key@0x7f848c00c660 (size 20) | prf+N: key-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x7f848c004900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f848c002b50 from key-key@0x7f848c004900 | prf+N prf: begin sha with context 0x7f848c002b50 from key-key@0x7f848c004900 | prf+N: release clone-key@0x7f848c004900 | prf+N PRF sha crypt-prf@0x55593e4004d8 | prf+N PRF sha update old_t-key@0x55593e3e8620 (size 20) | prf+N: old_t-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3e8620 | nss hmac digest hack: symkey-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: cd 79 1b a6 3b 61 e7 e2 e1 3a b8 38 ac d1 69 9d 23 15 de 27 3e c9 ec e2 39 63 95 69 db c7 44 66 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x55593e3f2218 | unwrapped: be 52 88 fa dc ac 5d 40 e4 64 a4 ee ca fa ae 47 | unwrapped: 2d 62 30 3f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3fc720 (size 64) | prf+N: seed-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3fc720 | nss hmac digest hack: symkey-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: c2 0b 6f a9 5a 54 e6 7b f6 1e c7 24 32 e1 12 dc 68 ce 2b 27 e4 c7 c5 5a ec bd e9 3f 52 b6 ca 75 62 c5 8b d5 64 ec 75 d0 01 89 3e 95 94 d7 b4 ac a9 88 b2 46 e8 bd bf 0f 91 00 f3 20 61 67 de 1c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e400308 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e3fe920 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3fe920 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3fe920 | prf+N PRF sha final-key@0x7f848c004900 (size 20) | prf+N: key-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe993d2828 | result: result-key@0x55593e3fe920 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3e8620 | prfplus: release old_t[N]-key@0x55593e3e8620 | prf+N PRF sha init key-key@0x7f848c00c660 (size 20) | prf+N: key-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x55593e3e8620 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f848c002b50 from key-key@0x55593e3e8620 | prf+N prf: begin sha with context 0x7f848c002b50 from key-key@0x55593e3e8620 | prf+N: release clone-key@0x55593e3e8620 | prf+N PRF sha crypt-prf@0x55593e401d18 | prf+N PRF sha update old_t-key@0x7f848c004900 (size 20) | prf+N: old_t-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f848c004900 | nss hmac digest hack: symkey-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 19 e0 cb b0 21 f5 dd a3 9b 94 ef 24 f4 ca 5c 22 f6 f9 d5 11 ac 65 98 89 9e 05 0c c0 70 b3 b7 6d | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x55593e3f0b28 | unwrapped: cc 47 ce 3a 63 94 79 5d 0b 2c d7 c8 50 bd 9d ca | unwrapped: 82 35 42 69 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3fc720 (size 64) | prf+N: seed-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3fc720 | nss hmac digest hack: symkey-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: c2 0b 6f a9 5a 54 e6 7b f6 1e c7 24 32 e1 12 dc 68 ce 2b 27 e4 c7 c5 5a ec bd e9 3f 52 b6 ca 75 62 c5 8b d5 64 ec 75 d0 01 89 3e 95 94 d7 b4 ac a9 88 b2 46 e8 bd bf 0f 91 00 f3 20 61 67 de 1c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e3f2308 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e3fea60 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3fea60 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3fea60 | prf+N PRF sha final-key@0x55593e3e8620 (size 20) | prf+N: key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3fe920 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe993d2828 | result: result-key@0x55593e3fea60 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3fe920 | prfplus: release old_t[N]-key@0x7f848c004900 | prf+N PRF sha init key-key@0x7f848c00c660 (size 20) | prf+N: key-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x7f848c004900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f848c002b50 from key-key@0x7f848c004900 | prf+N prf: begin sha with context 0x7f848c002b50 from key-key@0x7f848c004900 | prf+N: release clone-key@0x7f848c004900 | prf+N PRF sha crypt-prf@0x55593e3f2218 | prf+N PRF sha update old_t-key@0x55593e3e8620 (size 20) | prf+N: old_t-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x55593e3e8620 | nss hmac digest hack: symkey-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: bf 61 c1 46 23 30 32 81 05 b4 bb 4d 85 c4 df 24 63 73 03 2b 6e 98 68 da b2 a8 a8 1f 66 b8 f8 69 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x55593e3f5868 | unwrapped: 5d ef 61 db 8b e8 9e 2b 48 8c bb 15 d2 92 dc 7c | unwrapped: b9 44 66 02 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3fc720 (size 64) | prf+N: seed-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3fc720 | nss hmac digest hack: symkey-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: c2 0b 6f a9 5a 54 e6 7b f6 1e c7 24 32 e1 12 dc 68 ce 2b 27 e4 c7 c5 5a ec bd e9 3f 52 b6 ca 75 62 c5 8b d5 64 ec 75 d0 01 89 3e 95 94 d7 b4 ac a9 88 b2 46 e8 bd bf 0f 91 00 f3 20 61 67 de 1c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e400308 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e3fe920 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3fe920 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3fe920 | prf+N PRF sha final-key@0x7f848c004900 (size 20) | prf+N: key-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3fea60 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe993d2828 | result: result-key@0x55593e3fe920 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3fea60 | prfplus: release old_t[N]-key@0x55593e3e8620 | prf+N PRF sha init key-key@0x7f848c00c660 (size 20) | prf+N: key-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f848c00c660 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d27a8 | result: clone-key@0x55593e3e8620 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f848c002b50 from key-key@0x55593e3e8620 | prf+N prf: begin sha with context 0x7f848c002b50 from key-key@0x55593e3e8620 | prf+N: release clone-key@0x55593e3e8620 | prf+N PRF sha crypt-prf@0x55593e4004d8 | prf+N PRF sha update old_t-key@0x7f848c004900 (size 20) | prf+N: old_t-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f848c004900 | nss hmac digest hack: symkey-key@0x7f848c004900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1027428960: 99 e0 83 1a 5d 51 5f 4a 31 6d 40 e0 f2 30 d5 ee e9 99 28 ae d2 6e e5 b2 e5 de 0d cb 4f 3f 13 c1 | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 32 bytes at 0x55593e3f0b28 | unwrapped: 07 4e ca 60 d9 d2 d8 b3 b2 2f f5 5a 9a f8 99 84 | unwrapped: 3f 02 49 17 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x55593e3fc720 (size 64) | prf+N: seed-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55593e3fc720 | nss hmac digest hack: symkey-key@0x55593e3fc720 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55593e3d0e50 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1027428861: c2 0b 6f a9 5a 54 e6 7b f6 1e c7 24 32 e1 12 dc 68 ce 2b 27 e4 c7 c5 5a ec bd e9 3f 52 b6 ca 75 62 c5 8b d5 64 ec 75 d0 01 89 3e 95 94 d7 b4 ac a9 88 b2 46 e8 bd bf 0f 91 00 f3 20 61 67 de 1c | nss hmac digest hack: release slot-key-key@0x55593e3d0e50 | nss hmac digest hack extracted len 64 bytes at 0x55593e3f2308 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe993d27b0 | result: final-key@0x55593e3fea60 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55593e3fea60 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2798 | result: final-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55593e3fea60 | prf+N PRF sha final-key@0x55593e3e8620 (size 20) | prf+N: key-key@0x55593e3e8620 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55593e3fe920 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe993d2828 | result: result-key@0x55593e3fea60 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55593e3fe920 | prfplus: release old_t[N]-key@0x7f848c004900 | prfplus: release old_t[final]-key@0x55593e3e8620 | child_sa_keymat: release data-key@0x55593e3fc720 | key-offset: 0, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x55593e3fea60 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2908 | result: result-key@0x55593e3fc720 (44-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 44 bytes of key@0x55593e3fc720 | initiator to responder keys: symkey-key@0x55593e3fc720 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x55593e3d0e50 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1646290018: cd 79 1b a6 3b 61 e7 e2 e1 3a b8 38 ac d1 69 9d aa fb 48 94 bc d5 29 15 50 34 ff f4 0a da 3d 7e 3b 76 33 c1 7a 21 bb 10 10 b1 c0 c7 1c e8 50 87 | initiator to responder keys: release slot-key-key@0x55593e3d0e50 | initiator to responder keys extracted len 48 bytes at 0x7f848c002108 | unwrapped: be 52 88 fa dc ac 5d 40 e4 64 a4 ee ca fa ae 47 | unwrapped: 2d 62 30 3f cc 47 ce 3a 63 94 79 5d 0b 2c d7 c8 | unwrapped: 50 bd 9d ca 82 35 42 69 5d ef 61 db 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x55593e3fc720 | key-offset: 44, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x55593e3fea60 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2908 | result: result-key@0x55593e3fc720 (44-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 44 bytes of key@0x55593e3fc720 | responder to initiator keys:: symkey-key@0x55593e3fc720 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55593e346ec0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x55593e3d0e50 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1646290018: 7d fc b0 c7 75 7d 58 d3 e4 ca 3e c9 a4 06 27 42 99 e0 83 1a 5d 51 5f 4a 31 6d 40 e0 f2 30 d5 ee ce 78 67 45 d4 4d 61 ec 9c df 33 d9 95 26 e0 27 | responder to initiator keys:: release slot-key-key@0x55593e3d0e50 | responder to initiator keys: extracted len 48 bytes at 0x55593e3f3df8 | unwrapped: 8b e8 9e 2b 48 8c bb 15 d2 92 dc 7c b9 44 66 02 | unwrapped: 07 4e ca 60 d9 d2 d8 b3 b2 2f f5 5a 9a f8 99 84 | unwrapped: 3f 02 49 17 8d ec f1 c3 22 bf 67 70 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x55593e3fc720 | ikev2_derive_child_keys: release keymat-key@0x55593e3fea60 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #21 spent 1.91 milliseconds | install_ipsec_sa() for #22: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.dea67d75@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.8e42e08e@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #22: prospective erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #22 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdea67d75 SPI_OUT=0x8e4 | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0xdea67d75 SPI_OUT=0x8e42e08e ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "east", setting eroute_owner {spd=0x55593e3e95b8,sr=0x55593e3e95b8} to #22 (was #0) (newest_ipsec_sa=#0) | #21 spent 0.64 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #22 (was #0) (spd.eroute=#22) cloned from #21 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 160 | emitting length of ISAKMP Message: 188 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 93 11 be 5b fa d3 c4 4c | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 d8 b6 0c cc dd 1b 8d ae e4 80 53 c9 | b9 98 b8 de 83 4b 50 0a 2c 00 00 28 00 00 00 24 | 01 03 04 03 8e 42 e0 8e 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 11 99 90 be a3 8e f8 f2 c9 fd 78 75 8f cb e0 38 | 8c 30 6e 2f 42 e7 bd aa 09 ea e0 15 b4 12 3d eb | 06 a3 73 0a 93 92 5d 6b da cb a5 63 41 08 4a 59 | eb f1 6d 5d 86 90 d5 52 db 9b 13 28 2a 64 75 bc | 2b 3a 4c 98 b2 86 9e 5e b7 7d 12 08 0f 90 ac b8 | 6a 79 9a 4d 58 69 6d 07 d6 34 5d ea 58 32 24 54 | 72 dc 5f 5a 8f 9c a0 f3 b4 7b fc 7b 1b 0e a9 ff | 6d 41 de 7e 7e 29 c4 59 ce a9 4d 24 f6 1f d2 77 | e9 9c 90 e8 15 2c 9a 34 | hmac PRF sha init symkey-key@0x55593e3fae10 (size 20) | hmac: symkey-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d2928 | result: clone-key@0x55593e3fea60 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f848c002b50 from symkey-key@0x55593e3fea60 | hmac prf: begin sha with context 0x7f848c002b50 from symkey-key@0x55593e3fea60 | hmac: release clone-key@0x55593e3fea60 | hmac PRF sha crypt-prf@0x55593e4004d8 | hmac PRF sha update data-bytes@0x55593d4408c0 (length 176) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 93 11 be 5b fa d3 c4 4c 11 99 90 be a3 8e f8 f2 | c9 fd 78 75 8f cb e0 38 8c 30 6e 2f 42 e7 bd aa | 09 ea e0 15 b4 12 3d eb 06 a3 73 0a 93 92 5d 6b | da cb a5 63 41 08 4a 59 eb f1 6d 5d 86 90 d5 52 | db 9b 13 28 2a 64 75 bc 2b 3a 4c 98 b2 86 9e 5e | b7 7d 12 08 0f 90 ac b8 6a 79 9a 4d 58 69 6d 07 | d6 34 5d ea 58 32 24 54 72 dc 5f 5a 8f 9c a0 f3 | b4 7b fc 7b 1b 0e a9 ff 6d 41 de 7e 7e 29 c4 59 | ce a9 4d 24 f6 1f d2 77 e9 9c 90 e8 15 2c 9a 34 | hmac PRF sha final-bytes@0x55593d440970 (length 20) | c0 60 e3 be 52 ac 61 98 92 c0 98 40 31 59 39 57 | 75 97 e2 67 | data being hmac: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | data being hmac: 93 11 be 5b fa d3 c4 4c 11 99 90 be a3 8e f8 f2 | data being hmac: c9 fd 78 75 8f cb e0 38 8c 30 6e 2f 42 e7 bd aa | data being hmac: 09 ea e0 15 b4 12 3d eb 06 a3 73 0a 93 92 5d 6b | data being hmac: da cb a5 63 41 08 4a 59 eb f1 6d 5d 86 90 d5 52 | data being hmac: db 9b 13 28 2a 64 75 bc 2b 3a 4c 98 b2 86 9e 5e | data being hmac: b7 7d 12 08 0f 90 ac b8 6a 79 9a 4d 58 69 6d 07 | data being hmac: d6 34 5d ea 58 32 24 54 72 dc 5f 5a 8f 9c a0 f3 | data being hmac: b4 7b fc 7b 1b 0e a9 ff 6d 41 de 7e 7e 29 c4 59 | data being hmac: ce a9 4d 24 f6 1f d2 77 e9 9c 90 e8 15 2c 9a 34 | out calculated auth: | c0 60 e3 be 52 ac 61 98 92 c0 98 40 | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #21 spent 2.74 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #22 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #22 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #22: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #22 to 1 after switching state | Message ID: recv #21.#22 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #21.#22 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #22 ikev2.child established "east" #22: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #22: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xdea67d75 <0x8e42e08e xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 188 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #21) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 93 11 be 5b fa d3 c4 4c 11 99 90 be a3 8e f8 f2 | c9 fd 78 75 8f cb e0 38 8c 30 6e 2f 42 e7 bd aa | 09 ea e0 15 b4 12 3d eb 06 a3 73 0a 93 92 5d 6b | da cb a5 63 41 08 4a 59 eb f1 6d 5d 86 90 d5 52 | db 9b 13 28 2a 64 75 bc 2b 3a 4c 98 b2 86 9e 5e | b7 7d 12 08 0f 90 ac b8 6a 79 9a 4d 58 69 6d 07 | d6 34 5d ea 58 32 24 54 72 dc 5f 5a 8f 9c a0 f3 | b4 7b fc 7b 1b 0e a9 ff 6d 41 de 7e 7e 29 c4 59 | ce a9 4d 24 f6 1f d2 77 e9 9c 90 e8 15 2c 9a 34 | c0 60 e3 be 52 ac 61 98 92 c0 98 40 | releasing whack for #22 (sock=fd@-1) | releasing whack and unpending for parent #21 | unpending state #21 connection "east" | #22 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f848c002b78 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #22 | libevent_malloc: new ptr-libevent@0x55593e400428 size 128 | resume sending helper answer for #21 suppresed complete_v2_state_transition() | #21 spent 3.04 milliseconds in resume sending helper answer | stop processing: state #22 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f84840060e8 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00441 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00339 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | d7 9d ec bf f4 f8 e6 50 b3 35 bc c7 c8 87 1c b1 | 6b 24 7f c2 40 ed f5 da 0f 85 87 bd 1d 44 2f 17 | 52 ef d1 0a | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | db 0d e7 9d 7c be 70 ca | responder cookie: | cb 84 1d a1 eb 0c 43 41 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #21 in PARENT_R2 (find_v2_ike_sa) | start processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #21 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #21 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SK (len=36) | Message ID: start-responder #21 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #21 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x55593e3f7af0 (size 20) | hmac: symkey-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3558 | result: clone-key@0x55593e3fea60 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x55593e3f22e0 from symkey-key@0x55593e3fea60 | hmac prf: begin sha with context 0x55593e3f22e0 from symkey-key@0x55593e3fea60 | hmac: release clone-key@0x55593e3fea60 | hmac PRF sha crypt-prf@0x55593e3ea3d8 | hmac PRF sha update data-bytes@0x55593e3dc198 (length 56) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | d7 9d ec bf f4 f8 e6 50 b3 35 bc c7 c8 87 1c b1 | 6b 24 7f c2 40 ed f5 da | hmac PRF sha final-bytes@0x7ffe993d3720 (length 20) | 0f 85 87 bd 1d 44 2f 17 52 ef d1 0a 4e d0 89 81 | 57 16 b9 af | data for hmac: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | data for hmac: d7 9d ec bf f4 f8 e6 50 b3 35 bc c7 c8 87 1c b1 | data for hmac: 6b 24 7f c2 40 ed f5 da | calculated auth: 0f 85 87 bd 1d 44 2f 17 52 ef d1 0a | provided auth: 0f 85 87 bd 1d 44 2f 17 52 ef d1 0a | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | d7 9d ec bf f4 f8 e6 50 | payload before decryption: | b3 35 bc c7 c8 87 1c b1 6b 24 7f c2 40 ed f5 da | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 de a6 7d 75 00 01 02 03 | stripping 4 octets as pad | #21 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | db 0d e7 9d 7c be 70 ca | responder cookie: | cb 84 1d a1 eb 0c 43 41 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI de a6 7d 75 | delete PROTO_v2_ESP SA(0xdea67d75) | v2 CHILD SA #22 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #22 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xdea67d75) "east" #21: received Delete SA payload: delete IPsec State #22 now | pstats #22 ikev2.child deleted completed | suspend processing: state #21 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #22 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #22: deleting other state #22 (STATE_V2_IPSEC_R) aged 0.066s and NOT sending notification | child state #22: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.dea67d75@192.1.2.45 | get_sa_info esp.8e42e08e@192.1.2.23 "east" #22: ESP traffic information: in=84B out=84B | child state #22: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #22 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55593e400428 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f848c002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825168' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdea67d75 | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1566825168' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0xdea67d75 SPI_OUT=0x8e42e08e ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.dea67d75@192.1.2.45 | netlink response for Del SA esp.dea67d75@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.8e42e08e@192.1.2.23 | netlink response for Del SA esp.8e42e08e@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #22 in CHILDSA_DEL | child state #22: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #22 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #21 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f848c00c660 | delete_state: release st->st_skey_ai_nss-key@0x55593e3f7af0 | delete_state: release st->st_skey_ar_nss-key@0x55593e3fae10 | delete_state: release st->st_skey_ei_nss-key@0x7f848c00a2d0 | delete_state: release st->st_skey_er_nss-key@0x55593e3f3e30 | delete_state: release st->st_skey_pi_nss-key@0x7f848000b980 | delete_state: release st->st_skey_pr_nss-key@0x55593e401c60 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs 8e 42 e0 8e | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 9b 81 a4 83 9e 8b 40 c1 | data before encryption: | 00 00 00 0c 03 04 00 01 8e 42 e0 8e 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 23 1f e6 7a e0 17 95 b0 73 67 cf 3e 92 1f 51 79 | hmac PRF sha init symkey-key@0x55593e3fae10 (size 20) | hmac: symkey-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3108 | result: clone-key@0x55593e3fea60 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f848c002b50 from symkey-key@0x55593e3fea60 | hmac prf: begin sha with context 0x7f848c002b50 from symkey-key@0x55593e3fea60 | hmac: release clone-key@0x55593e3fea60 | hmac PRF sha crypt-prf@0x55593e4004d8 | hmac PRF sha update data-bytes@0x55593d4408c0 (length 56) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 9b 81 a4 83 9e 8b 40 c1 23 1f e6 7a e0 17 95 b0 | 73 67 cf 3e 92 1f 51 79 | hmac PRF sha final-bytes@0x55593d4408f8 (length 20) | 0d 24 8d 11 ac 74 7c ac 02 3a c3 e6 a9 0d 8f f1 | 76 35 3c 1e | data being hmac: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | data being hmac: 9b 81 a4 83 9e 8b 40 c1 23 1f e6 7a e0 17 95 b0 | data being hmac: 73 67 cf 3e 92 1f 51 79 | out calculated auth: | 0d 24 8d 11 ac 74 7c ac 02 3a c3 e6 | sending 68 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #21) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 9b 81 a4 83 9e 8b 40 c1 23 1f e6 7a e0 17 95 b0 | 73 67 cf 3e 92 1f 51 79 0d 24 8d 11 ac 74 7c ac | 02 3a c3 e6 | Message ID: #21 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #21 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #21 spent 1.17 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #21 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #21 to 2 after switching state | Message ID: recv #21 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #21 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #21: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #21 spent 1.46 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.47 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0039 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00246 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | de 4f 03 d1 bc f7 08 c9 48 49 06 87 11 61 d3 72 | 86 4d 0a 87 64 2d 43 99 6b ef 1d 6c 07 f1 e6 9a | 53 f4 4b 2c | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | db 0d e7 9d 7c be 70 ca | responder cookie: | cb 84 1d a1 eb 0c 43 41 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #21 in PARENT_R2 (find_v2_ike_sa) | start processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #21 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #21 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SK (len=36) | Message ID: start-responder #21 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #21 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x55593e3f7af0 (size 20) | hmac: symkey-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3f7af0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3558 | result: clone-key@0x55593e3fea60 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f848c002b50 from symkey-key@0x55593e3fea60 | hmac prf: begin sha with context 0x7f848c002b50 from symkey-key@0x55593e3fea60 | hmac: release clone-key@0x55593e3fea60 | hmac PRF sha crypt-prf@0x55593e3ea3d8 | hmac PRF sha update data-bytes@0x55593e3dc198 (length 56) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | de 4f 03 d1 bc f7 08 c9 48 49 06 87 11 61 d3 72 | 86 4d 0a 87 64 2d 43 99 | hmac PRF sha final-bytes@0x7ffe993d3720 (length 20) | 6b ef 1d 6c 07 f1 e6 9a 53 f4 4b 2c 54 74 13 ee | ba 9b 86 5f | data for hmac: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | data for hmac: de 4f 03 d1 bc f7 08 c9 48 49 06 87 11 61 d3 72 | data for hmac: 86 4d 0a 87 64 2d 43 99 | calculated auth: 6b ef 1d 6c 07 f1 e6 9a 53 f4 4b 2c | provided auth: 6b ef 1d 6c 07 f1 e6 9a 53 f4 4b 2c | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | de 4f 03 d1 bc f7 08 c9 | payload before decryption: | 48 49 06 87 11 61 d3 72 86 4d 0a 87 64 2d 43 99 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #21 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | db 0d e7 9d 7c be 70 ca | responder cookie: | cb 84 1d a1 eb 0c 43 41 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 32 | emitting length of ISAKMP Message: 60 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 32 78 36 15 ab d4 eb 51 | data before encryption: | 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | cd 0b 9b d9 2f 5b 83 78 | hmac PRF sha init symkey-key@0x55593e3fae10 (size 20) | hmac: symkey-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3fae10 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d3108 | result: clone-key@0x55593e3fea60 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f848c002b50 from symkey-key@0x55593e3fea60 | hmac prf: begin sha with context 0x7f848c002b50 from symkey-key@0x55593e3fea60 | hmac: release clone-key@0x55593e3fea60 | hmac PRF sha crypt-prf@0x55593e4004d8 | hmac PRF sha update data-bytes@0x55593d4408c0 (length 48) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | 32 78 36 15 ab d4 eb 51 cd 0b 9b d9 2f 5b 83 78 | hmac PRF sha final-bytes@0x55593d4408f0 (length 20) | d1 0d 1d 9b c8 45 60 08 b2 f7 43 b6 e0 f5 59 be | 61 9a 8e fd | data being hmac: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | data being hmac: 32 78 36 15 ab d4 eb 51 cd 0b 9b d9 2f 5b 83 78 | out calculated auth: | d1 0d 1d 9b c8 45 60 08 b2 f7 43 b6 | sending 60 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #21) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | 32 78 36 15 ab d4 eb 51 cd 0b 9b d9 2f 5b 83 78 | d1 0d 1d 9b c8 45 60 08 b2 f7 43 b6 | Message ID: #21 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #21 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #21: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #21 ikev2.ike deleted completed | #21 spent 8.03 milliseconds in total | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #21: deleting state (STATE_IKESA_DEL) aged 0.086s and NOT sending notification | parent state #21: IKESA_DEL(established IKE SA) => delete | state #21 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55593e3f7708 | free_event_entry: release EVENT_SA_REKEY-pe@0x55593e3ee708 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #21 in IKESA_DEL | parent state #21: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f8480011c58: destroyed | stop processing: state #21 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f848c00c6f0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f848c00c660 | delete_state: release st->st_skey_ai_nss-key@0x55593e3f7af0 | delete_state: release st->st_skey_ar_nss-key@0x55593e3fae10 | delete_state: release st->st_skey_ei_nss-key@0x7f848c00a2d0 | delete_state: release st->st_skey_er_nss-key@0x55593e3f3e30 | delete_state: release st->st_skey_pi_nss-key@0x7f848000b980 | delete_state: release st->st_skey_pr_nss-key@0x55593e401c60 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #21 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #21 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.612 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00268 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | de ac 7f e4 26 db 83 34 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 c0 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 6a f3 c1 95 5f 59 76 99 d9 6a ee 45 | 25 dc 52 68 42 c7 af f8 9d 02 db 0c e6 74 fd ec | 23 19 fc 96 11 6f c9 54 cb cd a0 86 aa 96 e9 c6 | 5f a4 00 4e b1 32 0d f7 47 ea e4 3c e4 54 81 54 | a3 61 d4 d5 d3 d6 bb 5c 9b 71 60 3e d6 a2 e3 34 | 49 bf 98 a0 74 d6 d2 92 3a 54 5e a2 96 08 bd b4 | ee c2 db 28 ba 52 3e bd 53 53 bc 2d a2 da 68 53 | 27 56 8e e6 c0 cb b8 87 75 af 8f 93 a5 bb 2f a9 | bb 23 e0 98 3f 5d 72 e6 e3 ba cb ce 04 cd 6a 63 | b0 e0 59 3f fa b7 05 6b ab 86 31 1d 4e 83 ae d9 | d9 28 82 31 dd 1e 18 da c7 16 c2 74 7d a5 5c c9 | 4e 99 db 19 24 28 56 3a df c1 fb bf cd d0 37 11 | 1f 52 e5 6a 7e 9e fb 79 9b 95 6c 4a 6e b7 44 52 | 45 37 23 c0 76 76 c5 f4 e5 c8 ee 2e b0 8c f5 1e | 7c 4d 2b 6c 4a 65 18 49 67 2d 32 fd 62 26 4e 91 | 97 ae 33 2d 87 6c 1a 41 6f 7c f2 86 b1 25 40 73 | 45 3a a9 df 29 00 00 24 ab 57 ac ea 77 7b f7 64 | 01 3b 8f 9f b1 c7 ea b9 8d fa 6c f9 18 7b 5a 15 | 61 18 70 3f 35 e1 c4 6e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 b9 36 9e 8a f1 04 90 5a | 6a cd 4a d5 28 3d cf 37 c6 07 29 fc 00 00 00 1c | 00 00 40 05 cc 30 c0 54 78 e7 af fd a0 a5 9e 70 | 1e 3a 5b 95 82 d1 22 9f | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | de ac 7f e4 26 db 83 34 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x55593e3ea5d8 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x55593d434700 (length 32) | c4 5b 99 07 46 d6 b8 54 7e b5 91 29 51 b8 2a 78 | a9 67 8c 5b f0 7f 01 45 df c1 c8 27 69 7e 9f f4 | IKE SPIr hash sha2_256 digest counter-bytes@0x55593d4346e0 (length 4) | 10 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7ffe993d3d80 (length 32) | 22 f2 8c 3a 28 82 b2 f8 ee 5e 71 c8 bc 63 b7 62 | 96 8c 90 b4 5d 60 81 6d d7 61 1d 31 43 92 8c 2c | creating state object #23 at 0x55593e3fdaf8 | State DB: adding IKEv2 state #23 in UNDEFINED | pstats #23 ikev2.ike started | Message ID: init #23: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #23: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #23; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #23 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #23 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #23 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #23 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #23 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #23 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #23 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 192 (0xc0) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #23: no local proposal matches remote proposals 1:IKE:ENCR=3DES_192;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #23: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | de ac 7f e4 26 db 83 34 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | de ac 7f e4 26 db 83 34 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #23 spent 0.182 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #23 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #23 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #23 has no whack fd | pstats #23 ikev2.ike deleted other | [RE]START processing: state #23 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #23: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #23: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #23 in PARENT_R0 | parent state #23: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #23 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #23 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.632 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00332 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 7a 07 64 b3 75 f8 69 8d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 c0 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 fd 05 bc fc 98 d9 a3 b8 99 20 61 79 | cf 46 48 3b b8 c9 4a 9a 25 ad 7a 26 c3 bf a8 1b | 24 99 b6 94 f4 cf db 66 e5 87 bd 1b 40 f6 80 82 | 5b de c6 62 d8 69 0e c7 2b 88 8d 5c 63 74 d5 c0 | 2d d8 9a c2 60 b3 2a 73 e6 f0 cc f4 47 84 cd 8a | 71 f1 30 94 c6 b2 85 97 15 0b 69 14 ae 97 82 08 | 97 0b d4 31 0e 7d 5a b8 ee 0f 3b cf 11 23 3a b1 | 23 07 6c de 1b 22 37 58 d9 de b6 bf db 12 56 76 | 2a 63 27 35 4e cc c3 00 15 f8 f9 ff 06 e2 cc b6 | ab 22 ba 15 86 52 4d d9 4b 8d 54 48 43 ff 1c 9c | 96 e9 5a 36 88 8c 41 8c c1 4d 62 19 12 86 e7 5f | 8d 24 2a d4 42 6e 3b 9e a8 4c 42 df 13 fc 31 92 | ba 36 a8 ef 22 b6 97 3a a6 0a cf d4 fd 06 b8 5d | 0d 5b 3e 05 bc 76 2f 39 9d 7c 84 d0 39 3a 3b 0d | af a5 53 31 42 1c e4 f6 68 8c af e9 8b f2 cd 19 | eb 78 c4 01 e5 f0 63 76 c7 ee dc 39 9b 01 94 d4 | 93 b0 83 75 29 00 00 24 32 b7 a2 b1 90 de a5 e9 | 4c f7 0d b6 e2 47 2c 2a 8c de 2e ad 9f 69 55 77 | b2 21 d6 7e 62 bb 32 7c 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 5d af 8a 4e 66 5a 30 60 | f1 00 fb 2e 04 98 f7 53 94 f7 3c b5 00 00 00 1c | 00 00 40 05 99 6a 5f 9a a9 19 fc 1e 45 39 14 15 | 5e ca 52 10 8b 20 fd db | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 7a 07 64 b3 75 f8 69 8d | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x55593e3ea5d8 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x55593d434700 (length 32) | c4 5b 99 07 46 d6 b8 54 7e b5 91 29 51 b8 2a 78 | a9 67 8c 5b f0 7f 01 45 df c1 c8 27 69 7e 9f f4 | IKE SPIr hash sha2_256 digest counter-bytes@0x55593d4346e0 (length 4) | 11 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7ffe993d3d80 (length 32) | ff 07 ad ad 3c d0 6b 4e 89 39 8a 75 b4 92 0c ac | 36 72 14 e3 44 82 32 71 28 06 e9 15 80 b8 2b 2b | creating state object #24 at 0x55593e3fdaf8 | State DB: adding IKEv2 state #24 in UNDEFINED | pstats #24 ikev2.ike started | Message ID: init #24: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #24: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #24; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #24 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #24 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) | #24 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #24 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #24 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #24 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #24 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 192 (0xc0) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #24: no local proposal matches remote proposals 1:IKE:ENCR=3DES_192;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #24: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 7a 07 64 b3 75 f8 69 8d | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 7a 07 64 b3 75 f8 69 8d 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #24 spent 0.206 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #24 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) | #24 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #24 has no whack fd | pstats #24 ikev2.ike deleted other | [RE]START processing: state #24 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #24: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #24: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #24 in PARENT_R0 | parent state #24: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #24 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #24 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.06 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.07 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | start processing: connection "east" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #14 | suspend processing: connection "east" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #14 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #14 ikev2.child deleted other | [RE]START processing: state #14 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #14: deleting state (STATE_UNDEFINED) aged 4.899s and NOT sending notification | child state #14: UNDEFINED(ignore) => delete | child state #14: UNDEFINED(ignore) => CHILDSA_DEL(informational) | state #14 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x55593e3fc698 | free_event_entry: release EVENT_SO_DISCARD-pe@0x7f8484002b78 | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | stop processing: connection "east" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection east | State DB: deleting IKEv2 state #14 in CHILDSA_DEL | child state #14: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #14 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55593e3d5be0 | delete_state: release st->st_skey_ai_nss-key@0x55593e3eef50 | delete_state: release st->st_skey_ar_nss-key@0x7f8490006bb0 | delete_state: release st->st_skey_ei_nss-key@0x7f8480006650 | delete_state: release st->st_skey_er_nss-key@0x55593e3f0a20 | delete_state: release st->st_skey_pi_nss-key@0x7f848000f0e0 | delete_state: release st->st_skey_pr_nss-key@0x7f848000a000 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #13 | state #6 | start processing: state #6 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #6 ikev2.child deleted other | [RE]START processing: state #6 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #6: deleting state (STATE_UNDEFINED) aged 7.238s and NOT sending notification | child state #6: UNDEFINED(ignore) => delete | child state #6: UNDEFINED(ignore) => CHILDSA_DEL(informational) | state #6 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x55593e3ee828 | free_event_entry: release EVENT_SO_DISCARD-pe@0x7f8494002b78 | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | in connection_discard for connection east | State DB: deleting IKEv2 state #6 in CHILDSA_DEL | child state #6: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #6 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f849000a0e0 | delete_state: release st->st_skey_ai_nss-key@0x55593e3d7a20 | delete_state: release st->st_skey_ar_nss-key@0x55593e3ce5b0 | delete_state: release st->st_skey_ei_nss-key@0x55593e3d4130 | delete_state: release st->st_skey_er_nss-key@0x55593e34d080 | delete_state: release st->st_skey_pi_nss-key@0x55593e3d7640 | delete_state: release st->st_skey_pr_nss-key@0x55593e3f0990 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #5 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #13 | start processing: state #13 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #13 ikev2.ike deleted completed | #13 spent 6.22 milliseconds in total | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #13: deleting state (STATE_PARENT_R2) aged 4.908s and sending notification | parent state #13: PARENT_R2(established IKE SA) => delete | #13 send IKEv2 delete notification for STATE_PARENT_R2 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 4d 43 64 2b 14 89 89 a8 | responder cookie: | 8d 1d b1 78 1a 7b 37 8b | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | bf 24 52 54 66 e9 f4 9c 94 c5 37 f6 fb ba 45 b2 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 80 35 3a 9b f3 c2 47 5b 3b 58 6f b5 23 30 11 3d | hmac PRF sha init symkey-key@0x7f8490006bb0 (size 20) | hmac: symkey-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f8490006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d02d8 | result: clone-key@0x55593e401c60 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8484002b50 from symkey-key@0x55593e401c60 | hmac prf: begin sha with context 0x7f8484002b50 from symkey-key@0x55593e401c60 | hmac: release clone-key@0x55593e401c60 | hmac PRF sha crypt-prf@0x55593e3ea3d8 | hmac PRF sha update data-bytes@0x7ffe993d06b0 (length 64) | 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | bf 24 52 54 66 e9 f4 9c 94 c5 37 f6 fb ba 45 b2 | 80 35 3a 9b f3 c2 47 5b 3b 58 6f b5 23 30 11 3d | hmac PRF sha final-bytes@0x7ffe993d06f0 (length 20) | 00 02 22 da d1 06 92 31 b5 0e 69 70 48 1d f0 8c | f2 33 d1 2d | data being hmac: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | data being hmac: 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | data being hmac: bf 24 52 54 66 e9 f4 9c 94 c5 37 f6 fb ba 45 b2 | data being hmac: 80 35 3a 9b f3 c2 47 5b 3b 58 6f b5 23 30 11 3d | out calculated auth: | 00 02 22 da d1 06 92 31 b5 0e 69 70 | sending 76 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #13) | 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | bf 24 52 54 66 e9 f4 9c 94 c5 37 f6 fb ba 45 b2 | 80 35 3a 9b f3 c2 47 5b 3b 58 6f b5 23 30 11 3d | 00 02 22 da d1 06 92 31 b5 0e 69 70 | Message ID: IKE #13 sender #13 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #13 sender #13 in send_delete hacking around record ' send | Message ID: sent #13 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1->0 wip.responder=-1 | state #13 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55593e3f95d8 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f8498002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #13 in PARENT_R2 | parent state #13: PARENT_R2(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f849000f398: destroyed | stop processing: state #13 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x55593e3f7c30 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55593e3d5be0 | delete_state: release st->st_skey_ai_nss-key@0x55593e3eef50 | delete_state: release st->st_skey_ar_nss-key@0x7f8490006bb0 | delete_state: release st->st_skey_ei_nss-key@0x7f8480006650 | delete_state: release st->st_skey_er_nss-key@0x55593e3f0a20 | delete_state: release st->st_skey_pi_nss-key@0x7f848000f0e0 | delete_state: release st->st_skey_pr_nss-key@0x7f848000a000 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #5 | start processing: state #5 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #5 ikev2.ike deleted completed | #5 spent 6.19 milliseconds in total | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #5: deleting state (STATE_PARENT_R2) aged 7.248s and sending notification | parent state #5: PARENT_R2(established IKE SA) => delete | #5 send IKEv2 delete notification for STATE_PARENT_R2 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 33 f0 f4 e3 3a 9f 15 4f | responder cookie: | 26 2f 74 3b 36 e8 b1 a8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | ac f3 2d 68 66 28 ea 5e be 8f bf 49 2c dd a2 bf | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 5b d3 c5 7c 79 89 57 44 94 8e 3a 7d 44 0a d5 40 | hmac PRF sha init symkey-key@0x55593e3ce5b0 (size 20) | hmac: symkey-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x55593e3ce5b0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe993d02d8 | result: clone-key@0x7f848000a000 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f8484002b50 from symkey-key@0x7f848000a000 | hmac prf: begin sha with context 0x7f8484002b50 from symkey-key@0x7f848000a000 | hmac: release clone-key@0x7f848000a000 | hmac PRF sha crypt-prf@0x55593e4004d8 | hmac PRF sha update data-bytes@0x7ffe993d06b0 (length 64) | 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | ac f3 2d 68 66 28 ea 5e be 8f bf 49 2c dd a2 bf | 5b d3 c5 7c 79 89 57 44 94 8e 3a 7d 44 0a d5 40 | hmac PRF sha final-bytes@0x7ffe993d06f0 (length 20) | a7 b6 ff 3e a3 c6 ab b3 78 11 bd 31 39 1e f9 fc | cb 66 c6 ee | data being hmac: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | data being hmac: 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | data being hmac: ac f3 2d 68 66 28 ea 5e be 8f bf 49 2c dd a2 bf | data being hmac: 5b d3 c5 7c 79 89 57 44 94 8e 3a 7d 44 0a d5 40 | out calculated auth: | a7 b6 ff 3e a3 c6 ab b3 78 11 bd 31 | sending 76 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #5) | 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | ac f3 2d 68 66 28 ea 5e be 8f bf 49 2c dd a2 bf | 5b d3 c5 7c 79 89 57 44 94 8e 3a 7d 44 0a d5 40 | a7 b6 ff 3e a3 c6 ab b3 78 11 bd 31 | Message ID: IKE #5 sender #5 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #5 sender #5 in send_delete hacking around record ' send | Message ID: sent #5 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1->0 wip.responder=-1 | state #5 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55593e3eee28 | free_event_entry: release EVENT_SA_REKEY-pe@0x55593e3eb9c8 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #5 in PARENT_R2 | parent state #5: PARENT_R2(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f8494003a28: destroyed | stop processing: state #5 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f849000d840 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f849000a0e0 | delete_state: release st->st_skey_ai_nss-key@0x55593e3d7a20 | delete_state: release st->st_skey_ar_nss-key@0x55593e3ce5b0 | delete_state: release st->st_skey_ei_nss-key@0x55593e3d4130 | delete_state: release st->st_skey_er_nss-key@0x55593e34d080 | delete_state: release st->st_skey_pi_nss-key@0x55593e3d7640 | delete_state: release st->st_skey_pr_nss-key@0x55593e3f0990 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | shunt_eroute() called for connection 'east' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "east" is 0xfe7e7 | priority calculation of connection "east" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0 | popen cmd is 1012 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@e: | cmd( 160):ast' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO: | cmd( 400):_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_: | cmd( 480):MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=': | cmd( 560):' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+P: | cmd( 640):FS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. | free hp@0x55593e3ea108 | flush revival: connection 'east' wasn't on the list | processing: STOP connection NULL (in discard_connection() at connections.c:249) | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.2.254:4500 shutting down interface eth0/eth0 192.0.2.254:500 shutting down interface eth1/eth1 192.1.2.23:4500 shutting down interface eth1/eth1 192.1.2.23:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x55593e3dcd88 | free_event_entry: release EVENT_NULL-pe@0x55593e3e8b58 | libevent_free: release ptr-libevent@0x55593e370898 | free_event_entry: release EVENT_NULL-pe@0x55593e3e8c08 | libevent_free: release ptr-libevent@0x55593e372ed8 | free_event_entry: release EVENT_NULL-pe@0x55593e3e8cb8 | libevent_free: release ptr-libevent@0x55593e373aa8 | free_event_entry: release EVENT_NULL-pe@0x55593e3e8d68 | libevent_free: release ptr-libevent@0x55593e3474e8 | free_event_entry: release EVENT_NULL-pe@0x55593e3e8e18 | libevent_free: release ptr-libevent@0x55593e3471d8 | free_event_entry: release EVENT_NULL-pe@0x55593e3e8ec8 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x55593e3dce38 | free_event_entry: release EVENT_NULL-pe@0x55593e3d0af8 | libevent_free: release ptr-libevent@0x55593e372448 | free_event_entry: release EVENT_NULL-pe@0x55593e3d0a88 | libevent_free: release ptr-libevent@0x55593e3b44a8 | free_event_entry: release EVENT_NULL-pe@0x55593e3cff48 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x55593e36ffa8 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x55593e373f38 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x55593e3e8338 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x55593e3e8578 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x55593e3e8448 | libevent_free: release ptr-libevent@0x55593e3cb3f8 | libevent_free: release ptr-libevent@0x55593e3cb3a8 | libevent_free: release ptr-libevent@0x7f848c0027d8 | libevent_free: release ptr-libevent@0x55593e3cb2f8 | libevent_free: release ptr-libevent@0x55593e3e8008 | libevent_free: release ptr-libevent@0x55593e3e8278 | libevent_free: release ptr-libevent@0x55593e3cb5a8 | libevent_free: release ptr-libevent@0x55593e3d0718 | libevent_free: release ptr-libevent@0x55593e3d0c08 | libevent_free: release ptr-libevent@0x55593e3e8f38 | libevent_free: release ptr-libevent@0x55593e3e8e88 | libevent_free: release ptr-libevent@0x55593e3e8dd8 | libevent_free: release ptr-libevent@0x55593e3e8d28 | libevent_free: release ptr-libevent@0x55593e3e8c78 | libevent_free: release ptr-libevent@0x55593e3e8bc8 | libevent_free: release ptr-libevent@0x55593e36f0d8 | libevent_free: release ptr-libevent@0x55593e3e82f8 | libevent_free: release ptr-libevent@0x55593e3e82b8 | libevent_free: release ptr-libevent@0x55593e3e8178 | libevent_free: release ptr-libevent@0x55593e3e8408 | libevent_free: release ptr-libevent@0x55593e3e8048 | libevent_free: release ptr-libevent@0x55593e346908 | libevent_free: release ptr-libevent@0x55593e346d38 | libevent_free: release ptr-libevent@0x55593e36f448 | releasing global libevent data | libevent_free: release ptr-libevent@0x55593e34c138 | libevent_free: release ptr-libevent@0x55593e346cd8 | libevent_free: release ptr-libevent@0x55593e346dd8 leak detective found no leaks