FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:27552 core dump dir: /tmp secrets file: /etc/ipsec.secrets leak-detective enabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x56121285d8b8 size 40 | libevent_malloc: new ptr-libevent@0x561212858cd8 size 40 | libevent_malloc: new ptr-libevent@0x561212858dd8 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x5612128dd398 size 56 | libevent_malloc: new ptr-libevent@0x561212881508 size 664 | libevent_malloc: new ptr-libevent@0x5612128dd408 size 24 | libevent_malloc: new ptr-libevent@0x5612128dd458 size 384 | libevent_malloc: new ptr-libevent@0x5612128dd358 size 16 | libevent_malloc: new ptr-libevent@0x561212858908 size 40 | libevent_malloc: new ptr-libevent@0x561212858d38 size 48 | libevent_realloc: new ptr-libevent@0x561212881198 size 256 | libevent_malloc: new ptr-libevent@0x5612128dd608 size 16 | libevent_free: release ptr-libevent@0x5612128dd398 | libevent initialized | libevent_realloc: new ptr-libevent@0x5612128dd398 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds | encryption algorithm assertion checks | encryption algorithm AES_CCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 ESP ID id: 16 enum name: AES_CCM_C | IKEv2 ID id: 16 enum name: AES_CCM_C | encryption algorithm AES_CCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 ESP ID id: 15 enum name: AES_CCM_B | IKEv2 ID id: 15 enum name: AES_CCM_B | encryption algorithm AES_CCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 ESP ID id: 14 enum name: AES_CCM_A | IKEv2 ID id: 14 enum name: AES_CCM_A | encryption algorithm 3DES_CBC, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 3, IKEv2 id: 3 | IKEv1 OAKLEY ID id: 5 enum name: 3DES_CBC | IKEv1 ESP ID id: 3 enum name: 3DES | IKEv2 ID id: 3 enum name: 3DES | encryption algorithm CAMELLIA_CTR, IKEv1 OAKLEY id: 24, IKEv1 ESP_INFO id: 24, IKEv2 id: 24 | IKEv1 OAKLEY ID id: 24 enum name: CAMELLIA_CTR | IKEv1 ESP ID id: 24 enum name: CAMELLIA_CTR | IKEv2 ID id: 24 enum name: CAMELLIA_CTR | encryption algorithm CAMELLIA_CBC, IKEv1 OAKLEY id: 8, IKEv1 ESP_INFO id: 22, IKEv2 id: 23 | IKEv1 OAKLEY ID id: 8 enum name: CAMELLIA_CBC | IKEv1 ESP ID id: 22 enum name: CAMELLIA | IKEv2 ID id: 23 enum name: CAMELLIA_CBC | encryption algorithm AES_GCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 20, IKEv2 id: 20 | IKEv1 ESP ID id: 20 enum name: AES_GCM_C | IKEv2 ID id: 20 enum name: AES_GCM_C | encryption algorithm AES_GCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 19, IKEv2 id: 19 | IKEv1 ESP ID id: 19 enum name: AES_GCM_B | IKEv2 ID id: 19 enum name: AES_GCM_B | encryption algorithm AES_GCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 ESP ID id: 18 enum name: AES_GCM_A | IKEv2 ID id: 18 enum name: AES_GCM_A | encryption algorithm AES_CTR, IKEv1 OAKLEY id: 13, IKEv1 ESP_INFO id: 13, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 13 enum name: AES_CTR | IKEv1 ESP ID id: 13 enum name: AES_CTR | IKEv2 ID id: 13 enum name: AES_CTR | encryption algorithm AES_CBC, IKEv1 OAKLEY id: 7, IKEv1 ESP_INFO id: 12, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 7 enum name: AES_CBC | IKEv1 ESP ID id: 12 enum name: AES | IKEv2 ID id: 12 enum name: AES_CBC | encryption algorithm SERPENT_CBC, IKEv1 OAKLEY id: 65004, IKEv1 ESP_INFO id: 252, IKEv2 id: 65004 | IKEv1 OAKLEY ID id: 65004 enum name: SERPENT_CBC | IKEv1 ESP ID id: 252 enum name: SERPENT | IKEv2 ID id: 65004 enum name: SERPENT_CBC | encryption algorithm TWOFISH_CBC, IKEv1 OAKLEY id: 65005, IKEv1 ESP_INFO id: 253, IKEv2 id: 65005 | IKEv1 OAKLEY ID id: 65005 enum name: TWOFISH_CBC | IKEv1 ESP ID id: 253 enum name: TWOFISH | IKEv2 ID id: 65005 enum name: TWOFISH_CBC | encryption algorithm TWOFISH_SSH, IKEv1 OAKLEY id: 65289, IKEv1 ESP_INFO id: -1, IKEv2 id: 65289 | IKEv1 OAKLEY ID id: 65289 enum name: TWOFISH_CBC_SSH | IKEv2 ID id: 65289 enum name: TWOFISH_CBC_SSH | encryption algorithm NULL_AUTH_AES_GMAC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 23, IKEv2 id: 21 | IKEv1 ESP ID id: 23 enum name: NULL_AUTH_AES_GMAC | IKEv2 ID id: 21 enum name: NULL_AUTH_AES_GMAC | encryption algorithm NULL, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 11, IKEv2 id: 11 | IKEv1 ESP ID id: 11 enum name: NULL | IKEv2 ID id: 11 enum name: NULL | encryption algorithm CHACHA20_POLY1305, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 28 | IKEv2 ID id: 28 enum name: CHACHA20_POLY1305 Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 | hash algorithm assertion checks | hash algorithm MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | hash algorithm SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | hash algorithm SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | hash algorithm SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | hash algorithm SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 | PRF algorithm assertion checks | PRF algorithm HMAC_MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5 | PRF algorithm HMAC_SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1 | PRF algorithm HMAC_SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv2 ID id: 5 enum name: HMAC_SHA2_256 | PRF algorithm HMAC_SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: 6 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv2 ID id: 6 enum name: HMAC_SHA2_384 | PRF algorithm HMAC_SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: 7 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv2 ID id: 7 enum name: HMAC_SHA2_512 | PRF algorithm AES_XCBC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 4 | IKEv2 ID id: 4 enum name: AES128_XCBC PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc | integrity algorithm assertion checks | integrity algorithm HMAC_MD5_96, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: 1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv1 ESP ID id: 1 enum name: HMAC_MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5_96 | integrity algorithm HMAC_SHA1_96, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: 2, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv1 ESP ID id: 2 enum name: HMAC_SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1_96 | integrity algorithm HMAC_SHA2_512_256, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: 7, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv1 ESP ID id: 7 enum name: HMAC_SHA2_512 | IKEv2 ID id: 14 enum name: HMAC_SHA2_512_256 | integrity algorithm HMAC_SHA2_384_192, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 6, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv1 ESP ID id: 6 enum name: HMAC_SHA2_384 | IKEv2 ID id: 13 enum name: HMAC_SHA2_384_192 | integrity algorithm HMAC_SHA2_256_128, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: 5, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv1 ESP ID id: 5 enum name: HMAC_SHA2_256 | IKEv2 ID id: 12 enum name: HMAC_SHA2_256_128 | integrity algorithm HMAC_SHA2_256_TRUNCBUG, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 252, IKEv2 id: -1 | IKEv1 ESP ID id: 252 enum name: HMAC_SHA2_256_TRUNCBUG | integrity algorithm AES_XCBC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 9, IKEv2 id: 5 | IKEv1 ESP ID id: 9 enum name: AES_XCBC | IKEv2 ID id: 5 enum name: AES_XCBC_96 | integrity algorithm AES_CMAC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 250, IKEv2 id: 8 | IKEv1 ESP ID id: 250 enum name: AES_CMAC_96 | IKEv2 ID id: 8 enum name: AES_CMAC_96 | integrity algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 0, IKEv2 id: 0 | IKEv1 ESP ID id: 0 enum name: NONE | IKEv2 ID id: 0 enum name: NONE Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null | DH algorithm assertion checks | DH algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 0 | IKEv2 ID id: 0 enum name: NONE | DH algorithm MODP1536, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 5, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 5 enum name: MODP1536 | IKEv1 ESP ID id: 5 enum name: MODP1536 | IKEv2 ID id: 5 enum name: MODP1536 | DH algorithm MODP2048, IKEv1 OAKLEY id: 14, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 14 enum name: MODP2048 | IKEv1 ESP ID id: 14 enum name: MODP2048 | IKEv2 ID id: 14 enum name: MODP2048 | DH algorithm MODP3072, IKEv1 OAKLEY id: 15, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 OAKLEY ID id: 15 enum name: MODP3072 | IKEv1 ESP ID id: 15 enum name: MODP3072 | IKEv2 ID id: 15 enum name: MODP3072 | DH algorithm MODP4096, IKEv1 OAKLEY id: 16, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 OAKLEY ID id: 16 enum name: MODP4096 | IKEv1 ESP ID id: 16 enum name: MODP4096 | IKEv2 ID id: 16 enum name: MODP4096 | DH algorithm MODP6144, IKEv1 OAKLEY id: 17, IKEv1 ESP_INFO id: 17, IKEv2 id: 17 | IKEv1 OAKLEY ID id: 17 enum name: MODP6144 | IKEv1 ESP ID id: 17 enum name: MODP6144 | IKEv2 ID id: 17 enum name: MODP6144 | DH algorithm MODP8192, IKEv1 OAKLEY id: 18, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 OAKLEY ID id: 18 enum name: MODP8192 | IKEv1 ESP ID id: 18 enum name: MODP8192 | IKEv2 ID id: 18 enum name: MODP8192 | DH algorithm DH19, IKEv1 OAKLEY id: 19, IKEv1 ESP_INFO id: -1, IKEv2 id: 19 | IKEv1 OAKLEY ID id: 19 enum name: ECP_256 | IKEv2 ID id: 19 enum name: ECP_256 | DH algorithm DH20, IKEv1 OAKLEY id: 20, IKEv1 ESP_INFO id: -1, IKEv2 id: 20 | IKEv1 OAKLEY ID id: 20 enum name: ECP_384 | IKEv2 ID id: 20 enum name: ECP_384 | DH algorithm DH21, IKEv1 OAKLEY id: 21, IKEv1 ESP_INFO id: -1, IKEv2 id: 21 | IKEv1 OAKLEY ID id: 21 enum name: ECP_521 | IKEv2 ID id: 21 enum name: ECP_521 | DH algorithm DH31, IKEv1 OAKLEY id: 31, IKEv1 ESP_INFO id: -1, IKEv2 id: 31 | IKEv1 OAKLEY ID id: 31 enum name: CURVE25519 | IKEv2 ID id: 31 enum name: CURVE25519 DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d70 | result: symkey-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d58 | result: symkey-key@0x56121285f080 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: cipertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x56121285f080 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d70 | result: symkey-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d58 | result: symkey-key@0x56121285f080 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: cipertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x56121285f080 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d70 | result: symkey-key@0x5612128e0610 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x5612128e0610 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d58 | result: symkey-key@0x56121285f080 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: cipertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x56121285f080 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF FF EE DD CC BB AA 99 88 77 66 55 44 33 22 11 00" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11 00 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d70 | result: symkey-key@0x5612128e0610 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x5612128e0610 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d58 | result: symkey-key@0x56121285f080 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: cipertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x56121285f080 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed testing AES_GCM_16: empty string | decode_to_chunk: raw_key: input "0xcf063a34d4a9a76c2c86787d3f96db71" | decode_to_chunk: output: | cf 06 3a 34 d4 a9 a7 6c 2c 86 78 7d 3f 96 db 71 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d10 | result: symkey-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cf8 | result: symkey-key@0x56121285f080 (16-bytes, AES_GCM) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: salted IV: input "0x113b9785971864c83b01c787" | decode_to_chunk: output: | 11 3b 97 85 97 18 64 c8 3b 01 c7 87 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "" | decode_to_chunk: output: | | decode_to_chunk: ciphertext: input "" | decode_to_chunk: output: | | decode_to_chunk: tag: input "0x72ac8493e3a5228b5d130a69d2510e42" | decode_to_chunk: output: | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: release sym_key-key@0x56121285f080 | test_gcm_vector: passed one block | decode_to_chunk: raw_key: input "0xe98b72a9881a84ca6b76e0f43e68647a" | decode_to_chunk: output: | e9 8b 72 a9 88 1a 84 ca 6b 76 e0 f4 3e 68 64 7a | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d10 | result: symkey-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cf8 | result: symkey-key@0x56121285f080 (16-bytes, AES_GCM) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: salted IV: input "0x8b23299fde174053f3d652ba" | decode_to_chunk: output: | 8b 23 29 9f de 17 40 53 f3 d6 52 ba | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0x28286a321293253c3e0aa2704a278032" | decode_to_chunk: output: | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | decode_to_chunk: ciphertext: input "0x5a3c1cf1985dbb8bed818036fdd5ab42" | decode_to_chunk: output: | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | decode_to_chunk: tag: input "0x23c7ab0f952b7091cd324835043b5eb5" | decode_to_chunk: output: | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: release sym_key-key@0x56121285f080 | test_gcm_vector: passed two blocks | decode_to_chunk: raw_key: input "0xbfd414a6212958a607a0f5d3ab48471d" | decode_to_chunk: output: | bf d4 14 a6 21 29 58 a6 07 a0 f5 d3 ab 48 47 1d | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d10 | result: symkey-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cf8 | result: symkey-key@0x56121285f080 (16-bytes, AES_GCM) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: salted IV: input "0x86d8ea0ab8e40dcc481cd0e2" | decode_to_chunk: output: | 86 d8 ea 0a b8 e4 0d cc 48 1c d0 e2 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0xa6b76a066e63392c9443e60272ceaeb9d25c991b0f2e55e2804e168c05ea591a" | decode_to_chunk: output: | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | decode_to_chunk: ciphertext: input "0x62171db33193292d930bf6647347652c1ef33316d7feca99d54f1db4fcf513f8" | decode_to_chunk: output: | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | decode_to_chunk: tag: input "0xc28280aa5c6c7a8bd366f28c1cfd1f6e" | decode_to_chunk: output: | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: release sym_key-key@0x56121285f080 | test_gcm_vector: passed two blocks with associated data | decode_to_chunk: raw_key: input "0x006c458100fc5f4d62949d2c833b82d1" | decode_to_chunk: output: | 00 6c 45 81 00 fc 5f 4d 62 94 9d 2c 83 3b 82 d1 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d10 | result: symkey-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cf8 | result: symkey-key@0x56121285f080 (16-bytes, AES_GCM) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: salted IV: input "0xa4e9c4bc5725a21ff42c82b2" | decode_to_chunk: output: | a4 e9 c4 bc 57 25 a2 1f f4 2c 82 b2 | decode_to_chunk: AAD: input "0x2efb14fb3657cdd6b9a8ff1a5f5a39b9" | decode_to_chunk: output: | 2e fb 14 fb 36 57 cd d6 b9 a8 ff 1a 5f 5a 39 b9 | decode_to_chunk: plaintext: input "0xf381d3bfbee0a879f7a4e17b623278cedd6978053dd313530a18f1a836100950" | decode_to_chunk: output: | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | decode_to_chunk: ciphertext: input "0xf39b4db3542d8542fb73fd2d66be568f26d7f814b3f87d1eceac3dd09a8d697e" | decode_to_chunk: output: | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | decode_to_chunk: tag: input "0x39f045cb23b698c925db134d56c5" | decode_to_chunk: output: | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: decrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: encrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: release sym_key-key@0x56121285f080 | test_gcm_vector: passed testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x AE 68 52 F8 12 10 67 CC 4B F7 A5 76 55 77 F3 9E" | decode_to_chunk: output: | ae 68 52 f8 12 10 67 cc 4b f7 a5 76 55 77 f3 9e | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d70 | result: symkey-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d58 | result: symkey-key@0x56121285f080 (16-bytes, AES_CTR) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x56121285f080 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 128-bit key passed Encrypting 32 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 7E 24 06 78 17 FA E0 D7 43 D6 CE 1F 32 53 91 63" | decode_to_chunk: output: | 7e 24 06 78 17 fa e0 d7 43 d6 ce 1f 32 53 91 63 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d70 | result: symkey-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d58 | result: symkey-key@0x56121285f080 (16-bytes, AES_CTR) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x56121285f080 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 128-bit key passed Encrypting 36 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 76 91 BE 03 5E 50 20 A8 AC 6E 61 85 29 F9 A0 DC" | decode_to_chunk: output: | 76 91 be 03 5e 50 20 a8 ac 6e 61 85 29 f9 a0 dc | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d70 | result: symkey-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d58 | result: symkey-key@0x56121285f080 (16-bytes, AES_CTR) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x56121285f080 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 128-bit key passed Encrypting 16 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x16 AF 5B 14 5F C9 F5 79 C1 75 F9 3E 3B FB 0E ED86 3D 06 CC FD B7 85 15" | decode_to_chunk: output: | 16 af 5b 14 5f c9 f5 79 c1 75 f9 3e 3b fb 0e ed | 86 3d 06 cc fd b7 85 15 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d70 | result: symkey-key@0x5612128e0610 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x5612128e0610 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d58 | result: symkey-key@0x56121285f080 (24-bytes, AES_CTR) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x56121285f080 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 192-bit key passed Encrypting 32 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x7C 5C B2 40 1B 3D C3 3C 19 E7 34 08 19 E0 F6 9C67 8C 3D B8 E6 F6 A9 1A" | decode_to_chunk: output: | 7c 5c b2 40 1b 3d c3 3c 19 e7 34 08 19 e0 f6 9c | 67 8c 3d b8 e6 f6 a9 1a | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d70 | result: symkey-key@0x5612128e0610 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x5612128e0610 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d58 | result: symkey-key@0x56121285f080 (24-bytes, AES_CTR) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x56121285f080 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 192-bit key passed Encrypting 36 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x02 BF 39 1E E8 EC B1 59 B9 59 61 7B 09 65 27 9BF5 9B 60 A7 86 D3 E0 FE" | decode_to_chunk: output: | 02 bf 39 1e e8 ec b1 59 b9 59 61 7b 09 65 27 9b | f5 9b 60 a7 86 d3 e0 fe | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d70 | result: symkey-key@0x5612128e0610 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x5612128e0610 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d58 | result: symkey-key@0x56121285f080 (24-bytes, AES_CTR) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x56121285f080 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 192-bit key passed Encrypting 16 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0x77 6B EF F2 85 1D B0 6F 4C 8A 05 42 C8 69 6F 6C6A 81 AF 1E EC 96 B4 D3 7F C1 D6 89 E6 C1 C1 04" | decode_to_chunk: output: | 77 6b ef f2 85 1d b0 6f 4c 8a 05 42 c8 69 6f 6c | 6a 81 af 1e ec 96 b4 d3 7f c1 d6 89 e6 c1 c1 04 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d70 | result: symkey-key@0x5612128e0610 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x5612128e0610 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d58 | result: symkey-key@0x56121285f080 (32-bytes, AES_CTR) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x56121285f080 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 256-bit key passed Encrypting 32 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xF6 D6 6D 6B D5 2D 59 BB 07 96 36 58 79 EF F8 86C6 6D D5 1A 5B 6A 99 74 4B 50 59 0C 87 A2 38 84" | decode_to_chunk: output: | f6 d6 6d 6b d5 2d 59 bb 07 96 36 58 79 ef f8 86 | c6 6d d5 1a 5b 6a 99 74 4b 50 59 0c 87 a2 38 84 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d70 | result: symkey-key@0x5612128e0610 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x5612128e0610 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d58 | result: symkey-key@0x56121285f080 (32-bytes, AES_CTR) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x56121285f080 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 256-bit key passed Encrypting 36 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xFF 7A 61 7C E6 91 48 E4 F1 72 6E 2F 43 58 1D E2AA 62 D9 F8 05 53 2E DF F1 EE D6 87 FB 54 15 3D" | decode_to_chunk: output: | ff 7a 61 7c e6 91 48 e4 f1 72 6e 2f 43 58 1d e2 | aa 62 d9 f8 05 53 2e df f1 ee d6 87 fb 54 15 3d | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d70 | result: symkey-key@0x5612128e0610 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x5612128e0610 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d58 | result: symkey-key@0x56121285f080 (32-bytes, AES_CTR) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x56121285f080 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 256-bit key passed testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x06a9214036b8a15b512e03d534120006" | decode_to_chunk: output: | 06 a9 21 40 36 b8 a1 5b 51 2e 03 d5 34 12 00 06 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d70 | result: symkey-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d58 | result: symkey-key@0x56121285f080 (16-bytes, AES_CBC) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: ciphertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: cipertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x56121285f080 | test_ctr_vector: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key passed Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0xc286696d887c9aa0611bbb3e2025a45a" | decode_to_chunk: output: | c2 86 69 6d 88 7c 9a a0 61 1b bb 3e 20 25 a4 5a | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d70 | result: symkey-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d58 | result: symkey-key@0x56121285f080 (16-bytes, AES_CBC) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: ciphertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: cipertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x56121285f080 | test_ctr_vector: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key passed Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x6c3ea0477630ce21a2ce334aa746c2cd" | decode_to_chunk: output: | 6c 3e a0 47 76 30 ce 21 a2 ce 33 4a a7 46 c2 cd | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d70 | result: symkey-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d58 | result: symkey-key@0x56121285f080 (16-bytes, AES_CBC) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | decode_to_chunk: ciphertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: cipertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x56121285f080 | test_ctr_vector: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key passed Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x56e47a38c5598974bc46903dba290349" | decode_to_chunk: output: | 56 e4 7a 38 c5 59 89 74 bc 46 90 3d ba 29 03 49 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d70 | result: symkey-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d58 | result: symkey-key@0x56121285f080 (16-bytes, AES_CBC) | symkey: release tmp-key@0x5612128e0610 | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | decode_to_chunk: ciphertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: cipertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x56121285f080 | test_ctr_vector: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key passed testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "" | decode_to_chunk: output: | | decode_to_chunk: test_prf_vector: input "0x75f0251d528ac01c4573dfd584d79f29" | decode_to_chunk: output: | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | PRF chunk interface PRF aes_xcbc init key-chunk@0x5612128e20f8 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7cf0 | result: key-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cd8 | result: key-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5612128e0610 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cb8 | result: key-key@0x5612128e0610 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x56121285f080 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5612128dd648 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5612128e21a8 (length 0) | | XCBC: data | K extracting all 16 bytes of key@0x5612128e0610 | K: symkey-key@0x5612128e0610 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)293503888: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e2aa8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c50 | result: k1-key@0x5612128e3090 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e3090 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c38 | result: k1-key@0x56121285f080 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e3090 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x56121285f080 | PRF chunk interface: release key-key@0x5612128e0610 | PRF chunk interface PRF aes_xcbc final-chunk@0x5612128e27b8 (length 16) | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | chunk output 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: key symkey-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: key symkey-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x56121285f080 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x5612128e0610 (size 16) | PRF symkey interface: key symkey-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: key symkey-key@0x56121285f080 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x5612128dd648 | PRF symkey interface PRF aes_xcbc update symkey message-key@(nil) (size 0) | PRF symkey interface: symkey message-key@NULL | symkey message NULL key has no bytes | XCBC: data | K extracting all 16 bytes of key@0x56121285f080 | K: symkey-key@0x56121285f080 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1023: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e20b8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c70 | result: k1-key@0x5612128e4910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e4910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c58 | result: k1-key@0x5612128e3090 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e4910 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x5612128e3090 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d00 | result: xcbc-key@0x5612128e4910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e4910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: xcbc-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5612128e4910 | PRF symkey interface: release key-key@0x56121285f080 | PRF symkey interface PRF aes_xcbc final-key@0x5612128e3090 (size 16) | PRF symkey interface: key-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracting all 16 bytes of key@0x5612128e3090 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: symkey-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: new slot-key@0x5612128e2eb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)293388138: 64 06 1b 1b 69 2b 62 fa ba e1 69 31 43 d2 a1 b0 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: release slot-key-key@0x5612128e2eb0 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracted len 16 bytes at 0x5612128e2778 | unwrapped: 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | test_prf_vector: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input passed | test_prf_vector: release symkey-key@0x5612128e3090 | test_prf_vector: release message-key@NULL | test_prf_vector: release key-key@0x5612128e0610 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102" | decode_to_chunk: output: | 00 01 02 | decode_to_chunk: test_prf_vector: input "0x5b376580ae2f19afe7219ceef172756f" | decode_to_chunk: output: | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | PRF chunk interface PRF aes_xcbc init key-chunk@0x5612128e21a8 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7cf0 | result: key-key@0x5612128e3090 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e3090 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cd8 | result: key-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5612128e3090 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cb8 | result: key-key@0x5612128e3090 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x5612128e0610 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5612128dd648 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5612128e2778 (length 3) | 00 01 02 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x5612128e3090 | K: symkey-key@0x5612128e3090 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)293503888: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e2bc8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c50 | result: k1-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c38 | result: k1-key@0x5612128e0610 (16-bytes, AES_ECB) | k1: release tmp-key@0x56121285f080 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x5612128e0610 | PRF chunk interface: release key-key@0x5612128e3090 | PRF chunk interface PRF aes_xcbc final-chunk@0x5612128e2c68 (length 16) | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | chunk output 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: key symkey-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: key symkey-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5612128e0610 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x5612128e3090 (size 16) | PRF symkey interface: key symkey-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: key symkey-key@0x5612128e0610 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x5612128dd648 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: message symkey-key@0x5612128e4910 (19-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 3 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 3-bytes | base: base-key@0x5612128e4910 (19-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: message symkey-key@0x56121285f080 (3-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5612128e4910 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x56121285f080 (size 3) | PRF symkey interface: symkey message-key@0x56121285f080 (3-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 3 bytes of key@0x56121285f080 | symkey message: symkey-key@0x56121285f080 (3-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5612128e2eb0 (3-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)293388192: f0 a5 49 ae 31 79 7f 96 b6 c6 65 4b 4e 59 8a 56 | symkey message: release slot-key-key@0x5612128e2eb0 | symkey message extracted len 16 bytes at 0x5612128e20b8 | unwrapped: 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x5612128e0610 | K: symkey-key@0x5612128e0610 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e2aa8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c70 | result: k1-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c58 | result: k1-key@0x5612128e4910 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e6190 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x5612128e4910 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d00 | result: xcbc-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: xcbc-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5612128e6190 | PRF symkey interface: release key-key@0x5612128e0610 | PRF symkey interface PRF aes_xcbc final-key@0x5612128e4910 (size 16) | PRF symkey interface: key-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracting all 16 bytes of key@0x5612128e4910 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: symkey-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: new slot-key@0x5612128e2eb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)293388138: 79 b8 a6 9c 0e a5 a8 a7 07 28 c5 06 97 04 25 4f | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: release slot-key-key@0x5612128e2eb0 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracted len 16 bytes at 0x5612128e20b8 | unwrapped: 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | test_prf_vector: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input passed | test_prf_vector: release symkey-key@0x5612128e4910 | test_prf_vector: release message-key@0x56121285f080 | test_prf_vector: release key-key@0x5612128e3090 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xd2a246fa349b68a79998a4394ff7a263" | decode_to_chunk: output: | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | PRF chunk interface PRF aes_xcbc init key-chunk@0x5612128e2778 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7cf0 | result: key-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cd8 | result: key-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x56121285f080 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cb8 | result: key-key@0x56121285f080 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x5612128e3090 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5612128dd648 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5612128e20b8 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x56121285f080 | K: symkey-key@0x56121285f080 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e21e8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c50 | result: k1-key@0x5612128e4910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e4910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c38 | result: k1-key@0x5612128e3090 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e4910 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x5612128e3090 | PRF chunk interface: release key-key@0x56121285f080 | PRF chunk interface PRF aes_xcbc final-chunk@0x5612128e20f8 (length 16) | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | chunk output d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: key symkey-key@0x5612128e3090 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e3090 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: key symkey-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5612128e3090 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x56121285f080 (size 16) | PRF symkey interface: key symkey-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: key symkey-key@0x5612128e3090 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x5612128dd648 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: message symkey-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: message symkey-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5612128e0610 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x5612128e4910 (size 16) | PRF symkey interface: symkey message-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 16 bytes of key@0x5612128e4910 | symkey message: symkey-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5612128e2eb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)293388192: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 | symkey message: release slot-key-key@0x5612128e2eb0 | symkey message extracted len 16 bytes at 0x5612128e2aa8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x5612128e3090 | K: symkey-key@0x5612128e3090 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e2bc8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c70 | result: k1-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c58 | result: k1-key@0x5612128e0610 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e6190 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x5612128e0610 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d00 | result: xcbc-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: xcbc-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5612128e6190 | PRF symkey interface: release key-key@0x5612128e3090 | PRF symkey interface PRF aes_xcbc final-key@0x5612128e0610 (size 16) | PRF symkey interface: key-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracting all 16 bytes of key@0x5612128e0610 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: symkey-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: new slot-key@0x5612128e2eb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)293388138: 36 64 34 86 d1 b7 b9 c5 6a 9c 16 f4 57 a5 ba 8f | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: release slot-key-key@0x5612128e2eb0 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracted len 16 bytes at 0x5612128e2aa8 | unwrapped: d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | test_prf_vector: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input passed | test_prf_vector: release symkey-key@0x5612128e0610 | test_prf_vector: release message-key@0x5612128e4910 | test_prf_vector: release key-key@0x56121285f080 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x5612128e20b8 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7cf0 | result: key-key@0x5612128e4910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e4910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cd8 | result: key-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5612128e4910 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cb8 | result: key-key@0x5612128e4910 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x56121285f080 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5612128e1eb8 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5612128dd648 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x5612128e4910 | K: symkey-key@0x5612128e4910 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e21a8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c50 | result: k1-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c38 | result: k1-key@0x56121285f080 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e0610 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x56121285f080 | PRF chunk interface: release key-key@0x5612128e4910 | PRF chunk interface PRF aes_xcbc final-chunk@0x5612128e20f8 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: key symkey-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: key symkey-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x56121285f080 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x5612128e4910 (size 16) | PRF symkey interface: key symkey-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: key symkey-key@0x56121285f080 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x5612128e1eb8 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: message symkey-key@0x5612128e3090 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e3090 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: message symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5612128e3090 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x5612128e0610 (size 20) | PRF symkey interface: symkey message-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x5612128e0610 | symkey message: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293388192: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 dc 31 8f 55 43 e6 f3 52 63 c7 60 82 f7 a2 9f 65 | symkey message: release slot-key-key@0x5612128e2eb0 | symkey message extracted len 32 bytes at 0x5612128e1f58 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x56121285f080 | K: symkey-key@0x56121285f080 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e2bc8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c70 | result: k1-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c58 | result: k1-key@0x5612128e3090 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e6190 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x5612128e3090 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d00 | result: xcbc-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: xcbc-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5612128e6190 | PRF symkey interface: release key-key@0x56121285f080 | PRF symkey interface PRF aes_xcbc final-key@0x5612128e3090 (size 16) | PRF symkey interface: key-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracting all 16 bytes of key@0x5612128e3090 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: symkey-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: new slot-key@0x5612128e2eb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)293388138: b3 65 9d 36 3f 36 7d cb 94 27 34 de f1 c7 ba 86 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: release slot-key-key@0x5612128e2eb0 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracted len 16 bytes at 0x5612128e2bc8 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | test_prf_vector: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input passed | test_prf_vector: release symkey-key@0x5612128e3090 | test_prf_vector: release message-key@0x5612128e0610 | test_prf_vector: release key-key@0x5612128e4910 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: test_prf_vector: input "0xf54f0ec8d2b9f3d36807734bd5283fd4" | decode_to_chunk: output: | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x5612128e2aa8 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7cf0 | result: key-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cd8 | result: key-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5612128e0610 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cb8 | result: key-key@0x5612128e0610 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x5612128e4910 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5612128e1eb8 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5612128dd648 (length 32) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x5612128e0610 | K: symkey-key@0x5612128e0610 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e27b8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c50 | result: k1-key@0x5612128e3090 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e3090 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c38 | result: k1-key@0x5612128e4910 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e3090 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x5612128e4910 | PRF chunk interface: release key-key@0x5612128e0610 | PRF chunk interface PRF aes_xcbc final-chunk@0x5612128e2bc8 (length 16) | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | chunk output f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: key symkey-key@0x5612128e4910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e4910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: key symkey-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5612128e4910 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x5612128e0610 (size 16) | PRF symkey interface: key symkey-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: key symkey-key@0x5612128e4910 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x5612128e1eb8 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: message symkey-key@0x56121285f080 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x56121285f080 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: message symkey-key@0x5612128e3090 (32-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x56121285f080 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x5612128e3090 (size 32) | PRF symkey interface: symkey message-key@0x5612128e3090 (32-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 32 bytes of key@0x5612128e3090 | symkey message: symkey-key@0x5612128e3090 (32-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5612128e2eb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293388192: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 2e 9d 04 4c 4b 22 72 db f9 d5 32 ab 8b ce 8c 37 | symkey message: release slot-key-key@0x5612128e2eb0 | symkey message extracted len 32 bytes at 0x5612128e1f58 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x5612128e4910 | K: symkey-key@0x5612128e4910 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e20f8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c70 | result: k1-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c58 | result: k1-key@0x56121285f080 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e6190 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x56121285f080 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d00 | result: xcbc-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: xcbc-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5612128e6190 | PRF symkey interface: release key-key@0x5612128e4910 | PRF symkey interface PRF aes_xcbc final-key@0x56121285f080 (size 16) | PRF symkey interface: key-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracting all 16 bytes of key@0x56121285f080 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: symkey-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: new slot-key@0x5612128e2eb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)293388138: 10 b0 87 4a b4 69 88 48 94 07 16 34 77 6f fa 83 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: release slot-key-key@0x5612128e2eb0 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracted len 16 bytes at 0x5612128e20f8 | unwrapped: f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | test_prf_vector: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input passed | test_prf_vector: release symkey-key@0x56121285f080 | test_prf_vector: release message-key@0x5612128e3090 | test_prf_vector: release key-key@0x5612128e0610 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2021" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | decode_to_chunk: test_prf_vector: input "0xbecbb3bccdb518a30677d5481fb6b4d8" | decode_to_chunk: output: | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | PRF chunk interface PRF aes_xcbc init key-chunk@0x5612128e20b8 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7cf0 | result: key-key@0x5612128e3090 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e3090 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cd8 | result: key-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5612128e3090 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cb8 | result: key-key@0x5612128e3090 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x5612128e0610 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5612128dd648 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5612128e2c08 (length 34) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x5612128e3090 | K: symkey-key@0x5612128e3090 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e21e8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c50 | result: k1-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c38 | result: k1-key@0x5612128e0610 (16-bytes, AES_ECB) | k1: release tmp-key@0x56121285f080 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x5612128e0610 | PRF chunk interface: release key-key@0x5612128e3090 | PRF chunk interface PRF aes_xcbc final-chunk@0x5612128e20f8 (length 16) | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | chunk output be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: key symkey-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: key symkey-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5612128e0610 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x5612128e3090 (size 16) | PRF symkey interface: key symkey-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: key symkey-key@0x5612128e0610 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x5612128dd648 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: message symkey-key@0x5612128e4910 (50-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 34 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 34-bytes | base: base-key@0x5612128e4910 (50-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: message symkey-key@0x56121285f080 (34-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5612128e4910 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x56121285f080 (size 34) | PRF symkey interface: symkey message-key@0x56121285f080 (34-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 34 bytes of key@0x56121285f080 | symkey message: symkey-key@0x56121285f080 (34-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5612128e2eb0 (34-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)293388192: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 2e 9d 04 4c 4b 22 72 db f9 d5 32 ab 8b ce 8c 37 54 82 06 d8 99 aa cc ac 50 0a f9 c1 28 4a 14 e7 | symkey message: release slot-key-key@0x5612128e2eb0 | symkey message extracted len 48 bytes at 0x5612128e2e08 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | unwrapped: 20 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x5612128e0610 | K: symkey-key@0x5612128e0610 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e2778 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c70 | result: k1-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c58 | result: k1-key@0x5612128e4910 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e6190 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x5612128e4910 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d00 | result: xcbc-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: xcbc-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5612128e6190 | PRF symkey interface: release key-key@0x5612128e0610 | PRF symkey interface PRF aes_xcbc final-key@0x5612128e4910 (size 16) | PRF symkey interface: key-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracting all 16 bytes of key@0x5612128e4910 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: symkey-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: new slot-key@0x5612128e2eb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)293388138: b3 45 d1 4c 3c 15 a8 65 82 c1 a3 24 cb a2 75 f8 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: release slot-key-key@0x5612128e2eb0 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracted len 16 bytes at 0x5612128e2778 | unwrapped: be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | test_prf_vector: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input passed | test_prf_vector: release symkey-key@0x5612128e4910 | test_prf_vector: release message-key@0x56121285f080 | test_prf_vector: release key-key@0x5612128e3090 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xf0dafee895db30253761103b5d84528f" | decode_to_chunk: output: | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | PRF chunk interface PRF aes_xcbc init key-chunk@0x5612128e2778 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7cf0 | result: key-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cd8 | result: key-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x56121285f080 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cb8 | result: key-key@0x56121285f080 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x5612128e3090 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5612128dd648 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5612128e7a38 (length 1000) | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x56121285f080 | K: symkey-key@0x56121285f080 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540028960: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e21e8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c50 | result: k1-key@0x5612128e4910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e4910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c38 | result: k1-key@0x5612128e3090 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e4910 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x5612128e3090 | PRF chunk interface: release key-key@0x56121285f080 | PRF chunk interface PRF aes_xcbc final-chunk@0x5612128e2bc8 (length 16) | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | chunk output f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: key symkey-key@0x5612128e3090 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e3090 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: key symkey-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5612128e3090 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x56121285f080 (size 16) | PRF symkey interface: key symkey-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: key symkey-key@0x5612128e3090 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x5612128dd648 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: message symkey-key@0x5612128e0610 (1016-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 1000 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 1000-bytes | base: base-key@0x5612128e0610 (1016-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: message symkey-key@0x5612128e4910 (1000-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5612128e0610 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x5612128e4910 (size 1000) | PRF symkey interface: symkey message-key@0x5612128e4910 (1000-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 1000 bytes of key@0x5612128e4910 | symkey message: symkey-key@0x5612128e4910 (1000-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5612128e2eb0 (1000-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 1008 | wrapper: (SECItemType)293388192: 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 | symkey message: release slot-key-key@0x5612128e2eb0 | symkey message extracted len 1008 bytes at 0x5612128ea038 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x5612128e3090 | K: symkey-key@0x5612128e3090 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e20f8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c70 | result: k1-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c58 | result: k1-key@0x5612128e0610 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e6190 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x5612128e0610 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d00 | result: xcbc-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: xcbc-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5612128e6190 | PRF symkey interface: release key-key@0x5612128e3090 | PRF symkey interface PRF aes_xcbc final-key@0x5612128e0610 (size 16) | PRF symkey interface: key-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracting all 16 bytes of key@0x5612128e0610 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: symkey-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: new slot-key@0x5612128e2eb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)293388138: fa 6c e2 a3 85 1b e4 1a ef 35 aa 80 86 b5 73 e1 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: release slot-key-key@0x5612128e2eb0 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracted len 16 bytes at 0x5612128e20f8 | unwrapped: f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | test_prf_vector: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input passed | test_prf_vector: release symkey-key@0x5612128e0610 | test_prf_vector: release message-key@0x5612128e4910 | test_prf_vector: release key-key@0x56121285f080 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x5612128e2c68 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7cf0 | result: key-key@0x5612128e4910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e4910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cd8 | result: key-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5612128e4910 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cb8 | result: key-key@0x5612128e4910 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x56121285f080 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5612128e1eb8 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5612128dd648 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x5612128e4910 | K: symkey-key@0x5612128e4910 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e27b8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c50 | result: k1-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c38 | result: k1-key@0x56121285f080 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e0610 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x56121285f080 | PRF chunk interface: release key-key@0x5612128e4910 | PRF chunk interface PRF aes_xcbc final-chunk@0x5612128e20f8 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: key symkey-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: key symkey-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x56121285f080 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x5612128e4910 (size 16) | PRF symkey interface: key symkey-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: key symkey-key@0x56121285f080 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x5612128e1eb8 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: message symkey-key@0x5612128e3090 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e3090 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: message symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5612128e3090 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x5612128e0610 (size 20) | PRF symkey interface: symkey message-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x5612128e0610 | symkey message: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293388192: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 dc 31 8f 55 43 e6 f3 52 63 c7 60 82 f7 a2 9f 65 | symkey message: release slot-key-key@0x5612128e2eb0 | symkey message extracted len 32 bytes at 0x5612128e1f58 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x56121285f080 | K: symkey-key@0x56121285f080 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e2bc8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c70 | result: k1-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c58 | result: k1-key@0x5612128e3090 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e6190 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x5612128e3090 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d00 | result: xcbc-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: xcbc-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5612128e6190 | PRF symkey interface: release key-key@0x56121285f080 | PRF symkey interface PRF aes_xcbc final-key@0x5612128e3090 (size 16) | PRF symkey interface: key-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracting all 16 bytes of key@0x5612128e3090 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): symkey-key@0x5612128e3090 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): new slot-key@0x5612128e2eb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)293388138: b3 65 9d 36 3f 36 7d cb 94 27 34 de f1 c7 ba 86 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): release slot-key-key@0x5612128e2eb0 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracted len 16 bytes at 0x5612128e2bc8 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) passed | test_prf_vector: release symkey-key@0x5612128e3090 | test_prf_vector: release message-key@0x5612128e0610 | test_prf_vector: release key-key@0x5612128e4910 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) | decode_to_chunk: test_prf_vector: input "0x00010203040506070809" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x0fa087af7d866e7653434e602fdde835" | decode_to_chunk: output: | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | PRF chunk interface PRF aes_xcbc init key-chunk@0x5612128e2778 (length 10) | 00 01 02 03 04 05 06 07 08 09 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7cf0 | result: key-key@0x5612128e0610 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x5612128e0610 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cd8 | result: key-key@0x5612128e4910 (10-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5612128e0610 | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x5612128e4910 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e4910 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c90 | result: tmp+=0-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e4910 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cb8 | result: PRF chunk interface-key@0x5612128e3090 (16-bytes, AES_ECB) | PRF chunk interface: release tmp-key@0x5612128e0610 | PRF chunk interface: release clone-key@0x5612128e4910 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5612128e1eb8 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5612128dd648 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x5612128e3090 | K: symkey-key@0x5612128e3090 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 43 bc c3 1a d3 6a 40 5c b4 95 13 41 fe 35 37 be | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e21a8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c50 | result: k1-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c38 | result: k1-key@0x5612128e4910 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e0610 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x5612128e4910 | PRF chunk interface: release key-key@0x5612128e3090 | PRF chunk interface PRF aes_xcbc final-chunk@0x5612128e2bc8 (length 16) | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | chunk output 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: key symkey-key@0x5612128e4910 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x5612128e4910 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: key symkey-key@0x5612128e3090 (10-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5612128e4910 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x5612128e3090 (size 10) | PRF symkey interface: key symkey-key@0x5612128e3090 (10-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x5612128e3090 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e3090 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7cc0 | result: tmp+=0-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e3090 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e4910 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: PRF symkey interface-key@0x5612128e0610 (16-bytes, AES_ECB) | PRF symkey interface: release tmp-key@0x5612128e4910 | PRF symkey interface PRF aes_xcbc crypt-prf@0x5612128e1eb8 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: message symkey-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: message symkey-key@0x5612128e4910 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x56121285f080 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x5612128e4910 (size 20) | PRF symkey interface: symkey message-key@0x5612128e4910 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x5612128e4910 | symkey message: symkey-key@0x5612128e4910 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293388192: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 dc 31 8f 55 43 e6 f3 52 63 c7 60 82 f7 a2 9f 65 | symkey message: release slot-key-key@0x5612128e2eb0 | symkey message extracted len 32 bytes at 0x5612128e1f58 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x5612128e0610 | K: symkey-key@0x5612128e0610 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 43 bc c3 1a d3 6a 40 5c b4 95 13 41 fe 35 37 be | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e20f8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c70 | result: k1-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c58 | result: k1-key@0x56121285f080 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e6190 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x56121285f080 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d00 | result: xcbc-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: xcbc-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5612128e6190 | PRF symkey interface: release key-key@0x5612128e0610 | PRF symkey interface PRF aes_xcbc final-key@0x56121285f080 (size 16) | PRF symkey interface: key-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracting all 16 bytes of key@0x56121285f080 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): symkey-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): new slot-key@0x5612128e2eb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)293388138: 7f dc 5e c8 3d 32 32 67 9d 23 f6 ff 1b bd 5f 63 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): release slot-key-key@0x5612128e2eb0 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracted len 16 bytes at 0x5612128e20f8 | unwrapped: 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) passed | test_prf_vector: release symkey-key@0x56121285f080 | test_prf_vector: release message-key@0x5612128e4910 | test_prf_vector: release key-key@0x5612128e3090 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0fedcb" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x8cd3c93ae598a9803006ffb67c40e9e4" | decode_to_chunk: output: | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x5612128dd648 (length 18) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7cf0 | result: key-key@0x5612128e4910 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x5612128e4910 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cd8 | result: key-key@0x5612128e3090 (18-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x5612128e4910 | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c90 | result: key-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c78 | result: key-key@0x5612128e4910 (16-bytes, AES_ECB) | key: release tmp-key@0x56121285f080 | key extracting all 18 bytes of key@0x5612128e3090 | key: symkey-key@0x5612128e3090 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | key: new slot-key@0x5612128e2eb0 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 11 a4 34 01 e8 80 d3 f1 8a 94 84 fb fb fc 4f e2 | key: release slot-key-key@0x5612128e2eb0 | key extracted len 32 bytes at 0x5612128e1f58 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x5612128e4910 | K: symkey-key@0x5612128e4910 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e20f8 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c10 | result: k1-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7bf8 | result: k1-key@0x56121285f080 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e0610 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x56121285f080 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c90 | result: key-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c78 | result: key-key@0x56121285f080 (16-bytes, AES_ECB) | key: release tmp-key@0x5612128e0610 | PRF chunk interface: release clone-key@0x5612128e3090 | PRF chunk interface PRF aes_xcbc crypt-prf@0x5612128e1f58 | PRF chunk interface PRF aes_xcbc update message-bytes@0x5612128e1eb8 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x56121285f080 | K: symkey-key@0x56121285f080 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: b3 cc 6c b5 7a 32 a5 db 6e 40 22 60 00 e1 4f 47 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e21e8 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c50 | result: k1-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c38 | result: k1-key@0x5612128e3090 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e0610 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x5612128e3090 | PRF chunk interface: release key-key@0x56121285f080 | PRF chunk interface PRF aes_xcbc final-chunk@0x5612128e2778 (length 16) | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | chunk output 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: key symkey-key@0x5612128e3090 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x5612128e3090 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: key symkey-key@0x56121285f080 (18-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5612128e3090 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x56121285f080 (size 18) | PRF symkey interface: key symkey-key@0x56121285f080 (18-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7cc0 | result: key symkey-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ca8 | result: key symkey-key@0x5612128e3090 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x5612128e0610 | key symkey extracting all 18 bytes of key@0x56121285f080 | key symkey: symkey-key@0x56121285f080 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | key symkey: new slot-key@0x5612128e2eb0 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 11 a4 34 01 e8 80 d3 f1 8a 94 84 fb fb fc 4f e2 | key symkey: release slot-key-key@0x5612128e2eb0 | key symkey extracted len 32 bytes at 0x5612128e1f08 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x5612128e3090 | K: symkey-key@0x5612128e3090 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: 90 61 49 06 34 f3 ba cf 70 c6 a4 43 ef f5 c6 22 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e20f8 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c40 | result: k1-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c28 | result: k1-key@0x5612128e0610 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e6190 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x5612128e0610 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7cc0 | result: key symkey-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ca8 | result: key symkey-key@0x5612128e0610 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x5612128e6190 | PRF symkey interface PRF aes_xcbc crypt-prf@0x5612128e1f08 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: message symkey-key@0x5612128e7c40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e7c40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: message symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5612128e7c40 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x5612128e6190 (size 20) | PRF symkey interface: symkey message-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x5612128e6190 | symkey message: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293388192: c2 17 a0 16 b5 31 c8 3c 1b 75 87 27 6d b3 50 52 dc 31 8f 55 43 e6 f3 52 63 c7 60 82 f7 a2 9f 65 | symkey message: release slot-key-key@0x5612128e2eb0 | symkey message extracted len 32 bytes at 0x5612128e7de8 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x5612128e0610 | K: symkey-key@0x5612128e0610 (16-bytes, AES_ECB) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x5612128e2eb0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: b3 cc 6c b5 7a 32 a5 db 6e 40 22 60 00 e1 4f 47 | K: release slot-key-key@0x5612128e2eb0 | K extracted len 16 bytes at 0x5612128e20f8 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c70 | result: k1-key@0x5612128e96a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x5612128e96a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7c58 | result: k1-key@0x5612128e7c40 (16-bytes, AES_ECB) | k1: release tmp-key@0x5612128e96a0 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x5612128e7c40 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d00 | result: xcbc-key@0x5612128e96a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e96a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ce8 | result: xcbc-key@0x5612128e7c40 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x5612128e96a0 | PRF symkey interface: release key-key@0x5612128e0610 | PRF symkey interface PRF aes_xcbc final-key@0x5612128e7c40 (size 16) | PRF symkey interface: key-key@0x5612128e7c40 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5612128e7c40 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracting all 16 bytes of key@0x5612128e7c40 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): symkey-key@0x5612128e7c40 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): new slot-key@0x5612128e2eb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)293388138: 37 99 1c e1 d6 f3 c9 08 16 8c 2c 2e c6 a5 30 ab | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): release slot-key-key@0x5612128e2eb0 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracted len 16 bytes at 0x5612128e20f8 | unwrapped: 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) passed | test_prf_vector: release symkey-key@0x5612128e7c40 | test_prf_vector: release message-key@0x5612128e6190 | test_prf_vector: release key-key@0x56121285f080 | test_prf_vector: release output-key@NULL testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 | decode_to_chunk: test_prf_vector: input "0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b" | decode_to_chunk: output: | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | decode_to_chunk: test_prf_vector: input "Hi There" | decode_to_chunk: output: | 48 69 20 54 68 65 72 65 | decode_to_chunk: test_prf_vector: input "0x9294727a3638bb1c13f48ef8158bfc9d" | decode_to_chunk: output: | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface PRF md5 init key-chunk@0x5612128e2c68 (length 16) | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7ce0 | result: PRF chunk interface-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cc8 | result: PRF chunk interface-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x5612128e6190 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c20 | result: trimed key-key@0x5612128e6190 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x56121285f080 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e6190 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c60 | result: result-key@0x56121285f080 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x5612128e7bb8 | PRF chunk interface PRF md5 update message-bytes@0x5612128e20f8 (length 8) | 48 69 20 54 68 65 72 65 | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x56121285f080 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7ffe4aed7d50 | result: message-key@0x5612128e7c40 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x56121285f080 | PRF HMAC inner hash hash md5 inner-key@0x5612128e7c40 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x5612128e7c40 (size 72) | PRF HMAC inner hash: inner-key@0x5612128e7c40 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x5612128e21a8 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7be0 | result: PRF HMAC inner hash-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7bc8 | result: PRF HMAC inner hash-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x5612128e0610 | PRF chunk interface: release inner-key@0x5612128e7c40 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e6190 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c50 | result: result-key@0x5612128e7c40 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e7c40 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe4aed7c38 | result: result-key@0x5612128e0610 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x5612128e7c40 | PRF chunk interface: release hashed-inner-key@0x56121285f080 | PRF chunk interface: release key-key@0x5612128e6190 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x5612128e0610 (size 80) | PRF HMAC outer hash: outer-key@0x5612128e0610 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x5612128e21e8 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface: release outer-key@0x5612128e0610 | PRF chunk interface PRF md5 final-chunk@0x5612128e21e8 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | chunk output 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: key symkey-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: key symkey-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5612128e6190 | PRF symkey interface PRF md5 init key symkey-key@0x5612128e0610 (size 16) | PRF symkey interface: key symkey-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x5612128e0610 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c20 | result: trimed key-key@0x5612128e6190 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e0610 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e6190 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c60 | result: result-key@0x56121285f080 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x5612128e7de8 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: message symkey-key@0x5612128e96a0 (24-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 8 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 8-bytes | base: base-key@0x5612128e96a0 (24-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: message symkey-key@0x5612128e7c40 (8-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5612128e96a0 | PRF symkey interface PRF md5 update symkey message-key@0x5612128e7c40 (size 8) | PRF symkey interface: symkey message-key@0x5612128e7c40 (8-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x56121285f080 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe4aed7d78 | result: result-key@0x5612128e96a0 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x56121285f080 | PRF HMAC inner hash hash md5 inner-key@0x5612128e96a0 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x5612128e96a0 (size 72) | PRF HMAC inner hash: inner-key@0x5612128e96a0 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x5612128e21e8 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c00 | result: PRF HMAC inner hash-key@0x5612128e9a80 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e9a80 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7be8 | result: PRF HMAC inner hash-key@0x56121285f080 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x5612128e9a80 | PRF symkey interface: release inner-key@0x5612128e96a0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e6190 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c70 | result: result-key@0x5612128e96a0 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e96a0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe4aed7c58 | result: result-key@0x5612128e9a80 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x5612128e96a0 | PRF symkey interface: release hashed-inner-key@0x56121285f080 | PRF symkey interface: release key-key@0x5612128e6190 | PRF HMAC outer hash hash md5 outer-key@0x5612128e9a80 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x5612128e9a80 (size 80) | PRF HMAC outer hash: outer-key@0x5612128e9a80 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x5612128e21e8 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7cc0 | result: PRF HMAC outer hash-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ca8 | result: PRF HMAC outer hash-key@0x5612128e6190 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x56121285f080 | PRF symkey interface: release outer-key@0x5612128e9a80 | : hashed-outer-key@0x5612128e6190 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x5612128e6190 (size 16) | PRF symkey interface: key-key@0x5612128e6190 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5612128e6190 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 1 extracting all 16 bytes of key@0x5612128e6190 | RFC 2104: MD5_HMAC test 1: symkey-key@0x5612128e6190 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 1: new slot-key@0x5612128e2eb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)293388138: ee bc b0 55 a5 1d 8f b9 8a f8 c3 47 a9 a2 d0 1d | RFC 2104: MD5_HMAC test 1: release slot-key-key@0x5612128e2eb0 | RFC 2104: MD5_HMAC test 1 extracted len 16 bytes at 0x5612128e21a8 | unwrapped: 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | test_prf_vector: RFC 2104: MD5_HMAC test 1 passed | test_prf_vector: release symkey-key@0x5612128e6190 | test_prf_vector: release message-key@0x5612128e7c40 | test_prf_vector: release key-key@0x5612128e0610 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 2 | decode_to_chunk: test_prf_vector: input "Jefe" | decode_to_chunk: output: | 4a 65 66 65 | decode_to_chunk: test_prf_vector: input "what do ya want for nothing?" | decode_to_chunk: output: | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | decode_to_chunk: test_prf_vector: input "0x750c783e6ab0b503eaa86e310a5db738" | decode_to_chunk: output: | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface PRF md5 init key-chunk@0x5612128e2778 (length 4) | 4a 65 66 65 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7ce0 | result: PRF chunk interface-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cc8 | result: PRF chunk interface-key@0x5612128e0610 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x5612128e7c40 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e0610 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c20 | result: trimed key-key@0x5612128e7c40 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e0610 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e7c40 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c60 | result: result-key@0x5612128e0610 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x5612128e9a08 | PRF chunk interface PRF md5 update message-bytes@0x5612128dd648 (length 28) | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e0610 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7ffe4aed7d50 | result: message-key@0x5612128e6190 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x5612128e0610 | PRF HMAC inner hash hash md5 inner-key@0x5612128e6190 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x5612128e6190 (size 92) | PRF HMAC inner hash: inner-key@0x5612128e6190 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x5612128e21a8 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7be0 | result: PRF HMAC inner hash-key@0x5612128e9a80 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e9a80 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7bc8 | result: PRF HMAC inner hash-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x5612128e9a80 | PRF chunk interface: release inner-key@0x5612128e6190 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e7c40 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c50 | result: result-key@0x5612128e6190 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e6190 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe4aed7c38 | result: result-key@0x5612128e9a80 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x5612128e6190 | PRF chunk interface: release hashed-inner-key@0x5612128e0610 | PRF chunk interface: release key-key@0x5612128e7c40 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x5612128e9a80 (size 80) | PRF HMAC outer hash: outer-key@0x5612128e9a80 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x5612128e20f8 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface: release outer-key@0x5612128e9a80 | PRF chunk interface PRF md5 final-chunk@0x5612128e20f8 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | chunk output 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: key symkey-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: key symkey-key@0x5612128e9a80 (4-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5612128e7c40 | PRF symkey interface PRF md5 init key symkey-key@0x5612128e9a80 (size 4) | PRF symkey interface: key symkey-key@0x5612128e9a80 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x5612128e9a80 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e9a80 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c20 | result: trimed key-key@0x5612128e7c40 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e9a80 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e7c40 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c60 | result: result-key@0x5612128e0610 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x5612128e7bb8 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: message symkey-key@0x56121285f080 (44-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 28 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 28-bytes | base: base-key@0x56121285f080 (44-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: message symkey-key@0x5612128e6190 (28-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x56121285f080 | PRF symkey interface PRF md5 update symkey message-key@0x5612128e6190 (size 28) | PRF symkey interface: symkey message-key@0x5612128e6190 (28-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e0610 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe4aed7d78 | result: result-key@0x56121285f080 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x5612128e0610 | PRF HMAC inner hash hash md5 inner-key@0x56121285f080 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x56121285f080 (size 92) | PRF HMAC inner hash: inner-key@0x56121285f080 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x5612128e20f8 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c00 | result: PRF HMAC inner hash-key@0x5612128e96a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e96a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7be8 | result: PRF HMAC inner hash-key@0x5612128e0610 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x5612128e96a0 | PRF symkey interface: release inner-key@0x56121285f080 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e7c40 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c70 | result: result-key@0x56121285f080 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x56121285f080 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe4aed7c58 | result: result-key@0x5612128e96a0 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x56121285f080 | PRF symkey interface: release hashed-inner-key@0x5612128e0610 | PRF symkey interface: release key-key@0x5612128e7c40 | PRF HMAC outer hash hash md5 outer-key@0x5612128e96a0 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x5612128e96a0 (size 80) | PRF HMAC outer hash: outer-key@0x5612128e96a0 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x5612128e20f8 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7cc0 | result: PRF HMAC outer hash-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ca8 | result: PRF HMAC outer hash-key@0x5612128e7c40 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x5612128e0610 | PRF symkey interface: release outer-key@0x5612128e96a0 | : hashed-outer-key@0x5612128e7c40 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x5612128e7c40 (size 16) | PRF symkey interface: key-key@0x5612128e7c40 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5612128e7c40 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 2 extracting all 16 bytes of key@0x5612128e7c40 | RFC 2104: MD5_HMAC test 2: symkey-key@0x5612128e7c40 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 2: new slot-key@0x5612128e2eb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)293388138: a4 8e e5 ef e3 17 e1 bf d3 96 16 0a e9 5d 83 b8 | RFC 2104: MD5_HMAC test 2: release slot-key-key@0x5612128e2eb0 | RFC 2104: MD5_HMAC test 2 extracted len 16 bytes at 0x5612128e21a8 | unwrapped: 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | test_prf_vector: RFC 2104: MD5_HMAC test 2 passed | test_prf_vector: release symkey-key@0x5612128e7c40 | test_prf_vector: release message-key@0x5612128e6190 | test_prf_vector: release key-key@0x5612128e9a80 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 3 | decode_to_chunk: test_prf_vector: input "0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" | decode_to_chunk: output: | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | decode_to_chunk: test_prf_vector: input "0xDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD" | decode_to_chunk: output: | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | decode_to_chunk: test_prf_vector: input "0x56be34521d144c88dbb8c733f0e8b3f6" | decode_to_chunk: output: | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface PRF md5 init key-chunk@0x5612128e2c68 (length 16) | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7ce0 | result: PRF chunk interface-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7cc8 | result: PRF chunk interface-key@0x5612128e9a80 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x5612128e6190 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e9a80 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c20 | result: trimed key-key@0x5612128e6190 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e9a80 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e6190 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c60 | result: result-key@0x5612128e9a80 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x5612128e9a58 | PRF chunk interface PRF md5 update message-bytes@0x5612128e1fa8 (length 50) | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e9a80 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7ffe4aed7d50 | result: message-key@0x5612128e7c40 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x5612128e9a80 | PRF HMAC inner hash hash md5 inner-key@0x5612128e7c40 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x5612128e7c40 (size 114) | PRF HMAC inner hash: inner-key@0x5612128e7c40 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x5612128e20f8 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7be0 | result: PRF HMAC inner hash-key@0x5612128e96a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e96a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7bc8 | result: PRF HMAC inner hash-key@0x5612128e9a80 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x5612128e96a0 | PRF chunk interface: release inner-key@0x5612128e7c40 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e6190 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c50 | result: result-key@0x5612128e7c40 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e7c40 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe4aed7c38 | result: result-key@0x5612128e96a0 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x5612128e7c40 | PRF chunk interface: release hashed-inner-key@0x5612128e9a80 | PRF chunk interface: release key-key@0x5612128e6190 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x5612128e96a0 (size 80) | PRF HMAC outer hash: outer-key@0x5612128e96a0 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x5612128e21a8 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface: release outer-key@0x5612128e96a0 | PRF chunk interface PRF md5 final-chunk@0x5612128e21a8 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | chunk output 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: key symkey-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: key symkey-key@0x5612128e96a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x5612128e6190 | PRF symkey interface PRF md5 init key symkey-key@0x5612128e96a0 (size 16) | PRF symkey interface: key symkey-key@0x5612128e96a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x5612128e96a0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e96a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c20 | result: trimed key-key@0x5612128e6190 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e96a0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e6190 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c60 | result: result-key@0x5612128e9a80 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x5612128e1f58 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7d60 | result: message symkey-key@0x5612128e0610 (66-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 50 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 50-bytes | base: base-key@0x5612128e0610 (66-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7d48 | result: message symkey-key@0x5612128e7c40 (50-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x5612128e0610 | PRF symkey interface PRF md5 update symkey message-key@0x5612128e7c40 (size 50) | PRF symkey interface: symkey message-key@0x5612128e7c40 (50-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e9a80 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe4aed7d78 | result: result-key@0x5612128e0610 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x5612128e9a80 | PRF HMAC inner hash hash md5 inner-key@0x5612128e0610 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x5612128e0610 (size 114) | PRF HMAC inner hash: inner-key@0x5612128e0610 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x5612128e21a8 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7c00 | result: PRF HMAC inner hash-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7be8 | result: PRF HMAC inner hash-key@0x5612128e9a80 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x56121285f080 | PRF symkey interface: release inner-key@0x5612128e0610 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e6190 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed7c70 | result: result-key@0x5612128e0610 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x5612128e0610 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffe4aed7c58 | result: result-key@0x56121285f080 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x5612128e0610 | PRF symkey interface: release hashed-inner-key@0x5612128e9a80 | PRF symkey interface: release key-key@0x5612128e6190 | PRF HMAC outer hash hash md5 outer-key@0x56121285f080 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x56121285f080 (size 80) | PRF HMAC outer hash: outer-key@0x56121285f080 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x5612128e21a8 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed7cc0 | result: PRF HMAC outer hash-key@0x5612128e9a80 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x5612128e9a80 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed7ca8 | result: PRF HMAC outer hash-key@0x5612128e6190 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x5612128e9a80 | PRF symkey interface: release outer-key@0x56121285f080 | : hashed-outer-key@0x5612128e6190 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x5612128e6190 (size 16) | PRF symkey interface: key-key@0x5612128e6190 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x5612128e6190 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 3 extracting all 16 bytes of key@0x5612128e6190 | RFC 2104: MD5_HMAC test 3: symkey-key@0x5612128e6190 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 3: new slot-key@0x5612128e2eb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)293388138: 4b 28 7e 12 35 b7 c6 50 23 1f ee f1 29 8c e0 d4 | RFC 2104: MD5_HMAC test 3: release slot-key-key@0x5612128e2eb0 | RFC 2104: MD5_HMAC test 3 extracted len 16 bytes at 0x5612128e20f8 | unwrapped: 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | test_prf_vector: RFC 2104: MD5_HMAC test 3 passed | test_prf_vector: release symkey-key@0x5612128e6190 | test_prf_vector: release message-key@0x5612128e7c40 | test_prf_vector: release key-key@0x5612128e96a0 | test_prf_vector: release output-key@NULL 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 started thread for crypto helper 1 | starting up helper thread 1 | status value returned by setting the priority of this thread (crypto helper 1) 22 | starting up helper thread 0 | crypto helper 1 waiting (nothing to do) started thread for crypto helper 2 | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 0) 22 | status value returned by setting the priority of this thread (crypto helper 2) 22 started thread for crypto helper 3 | starting up helper thread 3 | crypto helper 0 waiting (nothing to do) | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) started thread for crypto helper 4 | starting up helper thread 4 | crypto helper 2 waiting (nothing to do) | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 4 waiting (nothing to do) started thread for crypto helper 5 | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) started thread for crypto helper 6 | starting up helper thread 6 | status value returned by setting the priority of this thread (crypto helper 6) 22 | crypto helper 6 waiting (nothing to do) | checking IKEv1 state table | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x5612128e1fa8 | libevent_malloc: new ptr-libevent@0x5612128c6548 size 128 | libevent_malloc: new ptr-libevent@0x5612128e2778 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x5612128e2ae8 | libevent_malloc: new ptr-libevent@0x561212884508 size 128 | libevent_malloc: new ptr-libevent@0x5612128e2c68 size 16 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f020b (length 11) | 4b 41 4d 45 2f 72 61 63 6f 6f 6e | vendor id hash md5 final bytes@0x5612128e21a8 (length 16) | 70 03 cb c1 09 7d be 9c 26 00 ba 69 83 bc 8b 35 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f1000 (length 46) | 4e 4c 42 53 5f 50 52 45 53 45 4e 54 28 4e 4c 42 | 2f 4d 53 43 53 20 66 61 73 74 20 66 61 69 6c 6f | 76 65 72 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x5612128e21e8 (length 16) | ec 22 62 b5 12 32 63 83 67 12 3b ce 3d 37 3c 5e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f1030 (length 32) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 28 41 | 75 74 68 49 50 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x5612128e2bc8 (length 16) | 6f fe a4 ae ec 37 f4 9a 02 6f 97 cf b5 53 30 6d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f038e (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x5612128e27b8 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f1058 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x5612128e2ca8 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f03a0 (length 23) | 4d 69 63 72 6f 73 6f 66 74 20 58 62 6f 78 20 4f | 6e 65 20 32 30 31 33 | vendor id hash md5 final bytes@0x5612128e20b8 (length 16) | 8a a3 94 cf 8a 55 77 dc 31 10 c1 13 b0 27 a4 f2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f03b8 (length 22) | 58 62 6f 78 20 49 4b 45 76 32 20 4e 65 67 6f 74 | 69 61 74 69 6f 6e | vendor id hash md5 final bytes@0x5612128e2aa8 (length 16) | aa 28 1f cc d6 8c f8 a8 dc b8 5c c0 a7 10 40 2a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f03cf (length 28) | 4d 53 46 54 20 49 50 73 65 63 20 53 65 63 75 72 | 69 74 79 20 52 65 61 6c 6d 20 49 64 | vendor id hash md5 final bytes@0x5612128e9be8 (length 16) | 68 6a 8c bd fe 63 4b 40 51 46 fb 2b af 33 e9 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f1080 (length 39) | 41 20 47 53 53 2d 41 50 49 20 41 75 74 68 65 6e | 74 69 63 61 74 69 6f 6e 20 4d 65 74 68 6f 64 20 | 66 6f 72 20 49 4b 45 | vendor id hash md5 final bytes@0x5612128eef48 (length 16) | ad 2c 0d d0 b9 c3 20 83 cc ba 25 b8 86 1e c4 55 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f03ec (length 6) | 47 53 53 41 50 49 | vendor id hash md5 final bytes@0x5612128eef88 (length 16) | 62 1b 04 bb 09 88 2a c1 e1 59 35 fe fa 24 ae ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f03f3 (length 12) | 53 53 48 20 53 65 6e 74 69 6e 65 6c | vendor id hash md5 final bytes@0x5612128eefc8 (length 16) | 05 41 82 a0 7c 7a e2 06 f9 d2 cf 9d 24 32 c4 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0400 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 31 | vendor id hash md5 final bytes@0x5612128ef008 (length 16) | b9 16 23 e6 93 ca 18 a5 4c 6a 27 78 55 23 05 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0411 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 32 | vendor id hash md5 final bytes@0x5612128ef048 (length 16) | 54 30 88 8d e0 1a 31 a6 fa 8f 60 22 4e 44 99 58 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0422 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 33 | vendor id hash md5 final bytes@0x5612128ef088 (length 16) | 7e e5 cb 85 f7 1c e2 59 c9 4a 5c 73 1e e4 e7 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0433 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | vendor id hash md5 final bytes@0x5612128ef0c8 (length 16) | 63 d9 a1 a7 00 94 91 b5 a0 a6 fd eb 2a 82 84 f0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0444 (length 18) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | 2e 31 | vendor id hash md5 final bytes@0x5612128ef108 (length 16) | eb 4b 0d 96 27 6b 4e 22 0a d1 62 21 a7 b2 a5 e6 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f10a8 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 30 | vendor id hash md5 final bytes@0x5612128ef148 (length 16) | fb f4 76 14 98 40 31 fa 8e 3b b6 19 80 89 b2 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f10e0 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 31 | vendor id hash md5 final bytes@0x5612128ef188 (length 16) | 19 52 dc 91 ac 20 f6 46 fb 01 cf 42 a3 3a ee 30 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f1118 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 32 | vendor id hash md5 final bytes@0x5612128ef1c8 (length 16) | e8 bf fa 64 3e 5c 8f 2c d1 0f da 73 70 b6 eb e5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f1150 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 31 | vendor id hash md5 final bytes@0x5612128ef208 (length 16) | c1 11 1b 2d ee 8c bc 3d 62 05 73 ec 57 aa b9 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f1188 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 32 | vendor id hash md5 final bytes@0x5612128ef248 (length 16) | 09 ec 27 bf bc 09 c7 58 23 cf ec bf fe 56 5a 2e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f11c0 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 30 2e 30 | vendor id hash md5 final bytes@0x5612128ef288 (length 16) | 7f 21 a5 96 e4 e3 18 f0 b2 f4 94 4c 23 84 cb 84 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f11f8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 30 | vendor id hash md5 final bytes@0x5612128ef2c8 (length 16) | 28 36 d1 fd 28 07 bc 9e 5a e3 07 86 32 04 51 ec | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f1230 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 31 | vendor id hash md5 final bytes@0x5612128ef308 (length 16) | a6 8d e7 56 a9 c5 22 9b ae 66 49 80 40 95 1a d5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f1268 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 32 | vendor id hash md5 final bytes@0x5612128ef348 (length 16) | 3f 23 72 86 7e 23 7c 1c d8 25 0a 75 55 9c ae 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f12a0 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 30 | vendor id hash md5 final bytes@0x5612128ef388 (length 16) | 0e 58 d5 77 4d f6 02 00 7d 0b 02 44 36 60 f7 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f12d8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 31 | vendor id hash md5 final bytes@0x5612128ef3c8 (length 16) | f5 ce 31 eb c2 10 f4 43 50 cf 71 26 5b 57 38 0f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f1310 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x5612128ef408 (length 16) | f6 42 60 af 2e 27 42 da dd d5 69 87 06 8a 99 a0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f1348 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x5612128ef448 (length 16) | 7a 54 d3 bd b3 b1 e6 d9 23 89 20 64 be 2d 98 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f1380 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x5612128ef488 (length 16) | 9a a1 f3 b4 34 72 a4 5d 5f 50 6a eb 26 0c f2 14 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f13b8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x5612128ef4c8 (length 16) | 68 80 c7 d0 26 09 91 14 e4 86 c5 54 30 e7 ab ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f13f0 (length 41) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 50 4c 55 54 4f 5f 53 45 4e 44 53 | 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7ffe4aed7e40 (length 16) | 44 76 1b d7 6b 80 85 41 74 87 ee 8a 51 cf fc f3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f1420 (length 53) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 50 4c 55 54 4f 5f 53 45 4e 44 53 5f 56 45 4e | 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7ffe4aed7e40 (length 16) | b7 0e 8a c3 92 b1 6e 05 48 2f c4 dc 36 10 91 68 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f1458 (length 58) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 4c 44 41 50 20 50 4c 55 54 4f 5f 53 45 4e 44 | 53 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7ffe4aed7e40 (length 16) | 97 1d ea 93 c3 c2 06 74 f9 ae 35 40 83 de 3e 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0531 (length 14) | 4f 70 65 6e 73 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x7ffe4aed7e40 (length 16) | 08 72 0b ee 9e 28 95 3c e0 8f 0a 18 b6 e2 9d da | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f14c0 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 31 | vendor id hash md5 final bytes@0x5612128ef688 (length 16) | 27 ba b5 dc 01 ea 07 60 ea 4e 31 90 ac 27 c0 d0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f14e8 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 32 | vendor id hash md5 final bytes@0x5612128ef6c8 (length 16) | 61 05 c4 22 e7 68 47 e4 3f 96 84 80 12 92 ae cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0559 (length 10) | 45 53 50 54 68 72 75 4e 41 54 | vendor id hash md5 final bytes@0x5612128ef708 (length 16) | 50 76 0f 62 4c 63 e5 c5 3e ea 38 6c 68 5c a0 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f1510 (length 38) | 64 72 61 66 74 2d 68 75 74 74 75 6e 65 6e 2d 69 | 70 73 65 63 2d 65 73 70 2d 69 6e 2d 75 64 70 2d | 30 30 2e 74 78 74 | vendor id hash md5 final bytes@0x5612128ef748 (length 16) | 6a 74 34 c1 9d 7e 36 34 80 90 a0 23 34 c9 c8 05 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0564 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 30 | vendor id hash md5 final bytes@0x5612128ef788 (length 16) | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0582 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 31 | vendor id hash md5 final bytes@0x5612128ef7c8 (length 16) | 16 f6 ca 16 e4 a4 06 6d 83 82 1a 0f 0a ea a8 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f05a0 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 | vendor id hash md5 final bytes@0x5612128ef808 (length 16) | cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f1538 (length 30) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 0a | vendor id hash md5 final bytes@0x5612128ef848 (length 16) | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f05be (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 33 | vendor id hash md5 final bytes@0x5612128ef888 (length 16) | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f05dc (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 34 | vendor id hash md5 final bytes@0x5612128ef8c8 (length 16) | 99 09 b6 4e ed 93 7c 65 73 de 52 ac e9 52 fa 6b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f05fa (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 35 | vendor id hash md5 final bytes@0x5612128ef908 (length 16) | 80 d0 bb 3d ef 54 56 5e e8 46 45 d4 c8 5c e3 ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0618 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 36 | vendor id hash md5 final bytes@0x5612128ef948 (length 16) | 4d 1e 0e 13 6d ea fa 34 c4 f3 ea 9f 02 ec 72 85 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0636 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 37 | vendor id hash md5 final bytes@0x5612128ef988 (length 16) | 43 9b 59 f8 ba 67 6c 4c 77 37 ae 22 ea b8 f5 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0654 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 38 | vendor id hash md5 final bytes@0x5612128ef9c8 (length 16) | 8f 8d 83 82 6d 24 6b 6f c7 a8 a6 a4 28 c1 1d e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0672 (length 26) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 | vendor id hash md5 final bytes@0x5612128efa08 (length 16) | 4d f3 79 28 e9 fc 4f d1 b3 26 21 70 d5 15 c6 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f068d (length 8) | 52 46 43 20 33 39 34 37 | vendor id hash md5 final bytes@0x5612128efa48 (length 16) | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f94f9 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x5612128efb08 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f073d (length 19) | 56 69 64 2d 49 6e 69 74 69 61 6c 2d 43 6f 6e 74 | 61 63 74 | vendor id hash md5 final bytes@0x5612128efb48 (length 16) | 26 24 4d 38 ed db 61 b3 17 2a 36 e3 d0 cf b8 19 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f1058 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x5612128efb88 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f038e (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x5612128efbc8 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0751 (length 14) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 | vendor id hash md5 final bytes@0x5612128efc08 (length 16) | 21 4c a4 fa ff a7 f3 2d 67 48 e5 30 33 95 ae 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117df8dd (length 10) | 73 74 72 6f 6e 67 53 77 61 6e | vendor id hash md5 final bytes@0x5612128efc48 (length 16) | 88 2f e5 6d 6f d2 0d bc 22 51 61 3b 2e be 5b eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0760 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x5612128efc88 (length 16) | 2c e9 c9 46 a4 c8 79 bf 11 b5 0b 76 cc 56 92 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0771 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x5612128efcc8 (length 16) | 9d bb af cf 1d b0 dd 59 5a e0 65 29 40 03 ad 3e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0782 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 32 | vendor id hash md5 final bytes@0x5612128efd08 (length 16) | 77 e8 ee a6 f5 56 a4 99 de 3f fe 7f 7f 95 66 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0793 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 33 | vendor id hash md5 final bytes@0x5612128efd48 (length 16) | b1 81 b1 8e 11 4f c2 09 b3 c6 e2 6c 3a 80 71 8e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f07a4 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 34 | vendor id hash md5 final bytes@0x5612128efd88 (length 16) | 1e f2 83 f8 35 49 b5 ff 96 08 b6 d6 34 f8 4d 75 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f07b5 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 35 | vendor id hash md5 final bytes@0x5612128efdc8 (length 16) | dd 18 0d 21 e5 ce 65 5a 76 8b a3 22 11 dd 8a d9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f07c6 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 36 | vendor id hash md5 final bytes@0x5612128efe08 (length 16) | 4c 90 13 69 46 57 7b 51 91 9d 8d 9a 6b 8e 4a 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f07d7 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 37 | vendor id hash md5 final bytes@0x5612128efe48 (length 16) | ab 07 46 22 1c c8 fd 0d 52 38 f7 3a 9b 3d a5 57 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f07e8 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x5612128efe88 (length 16) | 47 94 ce f6 84 34 22 98 0d 1a 3d 06 af 41 c5 cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f07f9 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | vendor id hash md5 final bytes@0x5612128efec8 (length 16) | d3 f1 c4 88 c3 68 17 5d 5f 40 a8 f5 ca 5f 5e 12 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f080a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 32 | vendor id hash md5 final bytes@0x5612128eff08 (length 16) | 15 a1 ac e7 ee 52 fd df ef 04 f9 28 db 2d d1 34 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f081b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 33 | vendor id hash md5 final bytes@0x5612128eff48 (length 16) | 58 49 ab 6d 8b ea bd 6e 4d 09 e5 a3 b8 8c 08 9a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f082c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 34 | vendor id hash md5 final bytes@0x5612128eff88 (length 16) | 31 2f 9c b1 a6 b9 0e 19 de 75 28 c9 04 ac 30 87 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f083d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 35 | vendor id hash md5 final bytes@0x5612128effc8 (length 16) | bf 0f bf 73 06 eb b7 82 70 42 d8 93 53 98 86 e2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f084e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 36 | vendor id hash md5 final bytes@0x5612128f0008 (length 16) | d1 96 83 36 8a f4 b0 ed c2 1c cd e9 82 b1 d1 b0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f085f (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 37 | vendor id hash md5 final bytes@0x5612128f0048 (length 16) | ea 84 0a a4 df c9 71 2d 6c 32 b5 a1 6e b3 29 a3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0870 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 38 | vendor id hash md5 final bytes@0x5612128f0088 (length 16) | 66 a2 04 55 07 c1 19 da 78 a4 66 62 59 cd ea 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0881 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 39 | vendor id hash md5 final bytes@0x5612128f00c8 (length 16) | 78 fd d2 87 de f0 1a 3f 07 4b 53 69 ea b4 fd 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0892 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 30 | vendor id hash md5 final bytes@0x5612128f0108 (length 16) | bf 3a 89 ae 5b ef 8e 72 d4 4d ac 8b b8 8d 7d 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f08a4 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 31 | vendor id hash md5 final bytes@0x5612128f0148 (length 16) | b7 bd 9f 2f 97 8e 32 59 a7 aa 9f 7a 13 96 ad 6c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f08b6 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x5612128f0188 (length 16) | 9f 68 90 13 25 a9 72 89 43 35 30 2a 95 31 ab 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f08c7 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 31 | vendor id hash md5 final bytes@0x5612128f01c8 (length 16) | ba b2 53 f4 cb 10 a8 10 8a 7c 92 7c 56 c8 78 86 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f08d8 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 32 | vendor id hash md5 final bytes@0x5612128f0208 (length 16) | 2a 51 7d 0d 23 c3 7d 08 bc e7 c2 92 a0 21 7b 39 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f08e9 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 33 | vendor id hash md5 final bytes@0x5612128f0248 (length 16) | 2d 1f 40 61 18 fb d5 d2 84 74 79 1f fa 00 48 8a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f08fa (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 38 | vendor id hash md5 final bytes@0x5612128f0288 (length 16) | 8c 4a 3b cb 72 9b 11 f7 03 d2 2a 5b 39 64 0c a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f090b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 37 | vendor id hash md5 final bytes@0x5612128f02c8 (length 16) | 3a 0d 4e 7c a4 e4 92 ed 4d fe 47 6d 1a c6 01 8b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f091c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 36 | vendor id hash md5 final bytes@0x5612128f0308 (length 16) | fe 3f 49 70 6e 26 a9 fb 36 a8 7b fc e9 ea 36 ce | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f092d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 35 | vendor id hash md5 final bytes@0x5612128f0348 (length 16) | 4c 7e fa 31 b3 9e 51 04 32 a3 17 57 0d 97 bb b9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f093e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 34 | vendor id hash md5 final bytes@0x5612128f0388 (length 16) | 76 c7 2b fd 39 84 24 dd 00 1b 86 d0 01 2f e0 61 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f094f (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 33 | vendor id hash md5 final bytes@0x5612128f03c8 (length 16) | fb 46 41 ad 0e eb 2a 34 49 1d 15 f4 ef f5 10 63 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0960 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 32 | vendor id hash md5 final bytes@0x5612128f0408 (length 16) | 29 99 32 27 7b 7d fe 38 2c e2 34 65 33 3a 7d 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0971 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 31 | vendor id hash md5 final bytes@0x5612128f0448 (length 16) | e3 7f 2d 5b a8 9a 62 cd 20 2e e2 7d ac 06 c8 a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0982 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 30 | vendor id hash md5 final bytes@0x5612128f0488 (length 16) | 32 f0 e9 b9 c0 6d fe 8c 9a d5 59 9a 63 69 71 a1 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0993 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 33 | vendor id hash md5 final bytes@0x5612128f04c8 (length 16) | 7f 50 cc 4e bf 04 c2 d9 da 73 ab fd 69 b7 7a a2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f09a4 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 32 | vendor id hash md5 final bytes@0x5612128f0508 (length 16) | a1 94 e2 aa dd d0 ba fb 95 25 3d d9 6d c7 33 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f09b5 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 31 | vendor id hash md5 final bytes@0x5612128f0548 (length 16) | 81 34 87 85 82 12 17 85 ba 65 ea 34 5d 6b a7 24 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f09c6 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 30 | vendor id hash md5 final bytes@0x5612128f0588 (length 16) | 07 fa 12 8e 47 54 f9 44 7b 1d d4 63 74 ee f3 60 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f09d7 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 34 | vendor id hash md5 final bytes@0x5612128f05c8 (length 16) | b9 27 f9 52 19 a0 fe 36 00 db a3 c1 18 2a e5 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f09e8 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 33 | vendor id hash md5 final bytes@0x5612128f0608 (length 16) | b2 86 0e 78 37 f7 11 be f3 d0 ee b1 06 87 2d ed | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f09f9 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 32 | vendor id hash md5 final bytes@0x5612128f0648 (length 16) | 5b 1c d6 fe 7d 05 0e da 6c 93 87 1c 10 7d b3 d2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0a0a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 31 | vendor id hash md5 final bytes@0x5612128f0688 (length 16) | 66 af bc 12 bb fe 6c e1 08 b1 f6 9f 4b c9 17 b7 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0a1b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 30 | vendor id hash md5 final bytes@0x5612128f06c8 (length 16) | 3f 32 66 49 9f fd bd 85 95 0e 70 22 98 06 28 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0a2c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 37 | vendor id hash md5 final bytes@0x5612128f0708 (length 16) | 1f 44 42 29 6b 83 d7 e3 3a 8b 45 20 9b a0 e5 90 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0a3d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 36 | vendor id hash md5 final bytes@0x5612128f0748 (length 16) | 3c 5e ba 3d 85 64 92 8e 32 ae 43 c3 d9 92 4d ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0a4e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 35 | vendor id hash md5 final bytes@0x5612128f0788 (length 16) | 3f 26 7e d6 21 ad a7 ee 6c 7d 88 93 cc b0 b1 4b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0a5f (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 34 | vendor id hash md5 final bytes@0x5612128f07c8 (length 16) | 7a 6b f5 b7 df 89 64 2a 75 a7 8e f7 d6 57 c1 c0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0a70 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 33 | vendor id hash md5 final bytes@0x5612128f0808 (length 16) | df 5b 1f 0f 1d 56 79 d9 f8 51 2b 16 c5 5a 60 65 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0a81 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 32 | vendor id hash md5 final bytes@0x5612128f0848 (length 16) | 86 1c e5 eb 72 16 4b 19 0e 9e 62 9a 31 cf 49 01 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0a92 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 31 | vendor id hash md5 final bytes@0x5612128f0888 (length 16) | 9a 4a 46 48 f6 0f 8e da 7c fc bf e2 71 ee 5b 7d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0aa3 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 30 | vendor id hash md5 final bytes@0x5612128f08c8 (length 16) | 9e b3 d9 07 ed 7a da 4e 3c bc ac b9 17 ab c8 e4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0ab4 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 34 | vendor id hash md5 final bytes@0x5612128f0908 (length 16) | 48 5a 70 36 1b 44 33 b3 1d ea 1c 6b e0 df 24 3e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0ac5 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 33 | vendor id hash md5 final bytes@0x5612128f0948 (length 16) | 98 2b 7a 06 3a 33 c1 43 a8 ea dc 88 24 9f 6b cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0ad6 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 32 | vendor id hash md5 final bytes@0x5612128f0988 (length 16) | e7 a3 fd 0c 6d 77 1a 8f 1b 8a 86 a4 16 9c 9e a4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0ae7 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 31 | vendor id hash md5 final bytes@0x5612128f09c8 (length 16) | 75 b0 65 3c b2 81 eb 26 d3 1e de 38 c8 e1 e2 28 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0af8 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 30 | vendor id hash md5 final bytes@0x5612128f0a08 (length 16) | e8 29 c8 81 49 ba b3 c0 ce e8 5d a6 0e 18 ae 9b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0b09 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 32 | vendor id hash md5 final bytes@0x5612128f0a48 (length 16) | 42 a4 83 4c 92 ab 9a 77 77 06 3a fa 25 4b cb 69 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0b1a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 31 | vendor id hash md5 final bytes@0x5612128f0a88 (length 16) | f6 97 c1 af cc 2e c8 dd cd f9 9d c7 af 03 a6 7f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0b2b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 30 | vendor id hash md5 final bytes@0x5612128f0ac8 (length 16) | b8 f9 2b 2f a2 d3 fe 5f e1 58 34 4b da 1c c6 ae | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0b3c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 32 | vendor id hash md5 final bytes@0x5612128f0b08 (length 16) | 99 dc 7c c8 23 37 6b 3b 33 d0 43 57 89 6a e0 7b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0b4d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 31 | vendor id hash md5 final bytes@0x5612128f0b48 (length 16) | d9 11 8b 1e 9d e5 ef ce d9 cc 9d 88 3f 21 68 ff | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f0b5e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x5612128f0b88 (length 16) | 85 b6 cb ec 48 0d 5c 8c d9 88 2c 82 5a c2 c2 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x5612117f94f9 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x5612128f0bc8 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5612128e2b58 | libevent_malloc: new ptr-libevent@0x5612128eee98 size 128 | libevent_malloc: new ptr-libevent@0x5612128fa068 size 16 | libevent_realloc: new ptr-libevent@0x5612128fa0a8 size 256 | libevent_malloc: new ptr-libevent@0x5612128fa1d8 size 8 | libevent_realloc: new ptr-libevent@0x56121288ab08 size 144 | libevent_malloc: new ptr-libevent@0x561212882068 size 152 | libevent_malloc: new ptr-libevent@0x5612128fa218 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x5612128fa258 size 8 | libevent_malloc: new ptr-libevent@0x56121288aa38 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x5612128fa298 size 8 | libevent_malloc: new ptr-libevent@0x5612128fa2d8 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x5612128fa3a8 size 8 | libevent_realloc: release ptr-libevent@0x56121288ab08 | libevent_realloc: new ptr-libevent@0x5612128fa3e8 size 256 | libevent_malloc: new ptr-libevent@0x5612128fa518 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:27590) using fork+execve | forked child 27590 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.45:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.1.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x5612128faaf8 | libevent_malloc: new ptr-libevent@0x5612128eede8 size 128 | libevent_malloc: new ptr-libevent@0x5612128fab68 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x5612128faba8 | libevent_malloc: new ptr-libevent@0x5612128829a8 size 128 | libevent_malloc: new ptr-libevent@0x5612128fac18 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x5612128fac58 | libevent_malloc: new ptr-libevent@0x561212886088 size 128 | libevent_malloc: new ptr-libevent@0x5612128facc8 size 16 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x5612128fad08 | libevent_malloc: new ptr-libevent@0x561212859868 size 128 | libevent_malloc: new ptr-libevent@0x5612128fad78 size 16 | setup callback for interface eth0 192.0.1.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x5612128fadb8 | libevent_malloc: new ptr-libevent@0x5612128594e8 size 128 | libevent_malloc: new ptr-libevent@0x5612128fae28 size 16 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x5612128fae68 | libevent_malloc: new ptr-libevent@0x5612128591d8 size 128 | libevent_malloc: new ptr-libevent@0x5612128faed8 size 16 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x561212854c48) PKK_PSK: @west | id type added to secret(0x561212854c48) PKK_PSK: @east | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.373 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 | no interfaces to sort | libevent_free: release ptr-libevent@0x5612128eede8 | free_event_entry: release EVENT_NULL-pe@0x5612128faaf8 | add_fd_read_event_handler: new ethX-pe@0x5612128faaf8 | libevent_malloc: new ptr-libevent@0x5612128eede8 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x5612128829a8 | free_event_entry: release EVENT_NULL-pe@0x5612128faba8 | add_fd_read_event_handler: new ethX-pe@0x5612128faba8 | libevent_malloc: new ptr-libevent@0x5612128829a8 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x561212886088 | free_event_entry: release EVENT_NULL-pe@0x5612128fac58 | add_fd_read_event_handler: new ethX-pe@0x5612128fac58 | libevent_malloc: new ptr-libevent@0x561212886088 size 128 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | libevent_free: release ptr-libevent@0x561212859868 | free_event_entry: release EVENT_NULL-pe@0x5612128fad08 | add_fd_read_event_handler: new ethX-pe@0x5612128fad08 | libevent_malloc: new ptr-libevent@0x561212859868 size 128 | setup callback for interface eth0 192.0.1.254:500 fd 19 | libevent_free: release ptr-libevent@0x5612128594e8 | free_event_entry: release EVENT_NULL-pe@0x5612128fadb8 | add_fd_read_event_handler: new ethX-pe@0x5612128fadb8 | libevent_malloc: new ptr-libevent@0x5612128594e8 size 128 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | libevent_free: release ptr-libevent@0x5612128591d8 | free_event_entry: release EVENT_NULL-pe@0x5612128fae68 | add_fd_read_event_handler: new ethX-pe@0x5612128fae68 | libevent_malloc: new ptr-libevent@0x5612128591d8 size 128 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x561212854c48) PKK_PSK: @west | id type added to secret(0x561212854c48) PKK_PSK: @east | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.333 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 27590 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0157 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0562 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x5612128fbe98 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.113 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #1 at 0x5612128fc548 | State DB: adding IKEv2 state #1 in UNDEFINED | pstats #1 ikev2.ike started | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #1 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #1 "aes128" "aes128" #1: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 1 for state #1 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5612128fc008 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x5612128fc078 size 128 | #1 spent 0.233 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 1 resuming | RESET processing: state #1 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 1 starting work-order 1 for state #1 | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 1 | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.328 milliseconds in whack | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5354003a28: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5354003a28 | NSS: Public DH wire value: | df 79 23 e4 c4 b5 a3 bb 68 a4 38 4e f5 a7 89 76 | a6 38 f1 dd 94 3d 84 32 7f bd 5b 8e 41 b1 e9 44 | c9 46 2b a9 b1 0f ef 1a cb 28 27 3c 6a 08 f3 1c | 77 96 22 93 16 e0 d0 71 27 d0 b4 2a 27 42 06 85 | f1 3a b4 e2 4e e3 fc db 29 f6 bf e6 5e b7 39 51 | 14 8d 55 b5 e4 8e 58 9e c3 21 45 e5 2e 67 37 cc | 34 89 d1 57 ac fc fc 71 ac 2c 92 98 57 b9 3b e0 | d8 4a 2a 68 e2 c3 db 19 7a ff 14 a2 4d 2e 62 bf | 44 0a b5 95 ae 6b ea da 2c ac 7d 55 48 60 53 8a | ba 56 67 53 1c 76 d4 fc ad d4 48 9f b1 aa 23 95 | 56 2f 20 62 a4 3e 63 44 eb 95 37 f2 89 28 9d 85 | 35 20 20 f2 0f 6b 71 7b b4 39 62 19 c7 db 8c 45 | 99 b7 a4 f9 9e d3 9e c4 82 ee 33 07 9b c9 30 fc | 8d 8d c3 34 f3 7a bb e3 73 86 c9 29 f7 04 bc ef | 9e 5e a7 51 ff 98 c5 84 d7 4b 12 c4 d7 7e 20 f4 | 9d e4 1a e2 89 cb 3a 76 22 67 84 66 28 17 75 d9 | Generated nonce: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | Generated nonce: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000878 seconds | (#1) spent 0.856 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) | crypto helper 1 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f5354002888 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 1 | calling continuation function 0x561211773b50 | ikev2_parent_outI1_continue for #1 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5354003a28: transferring ownership from helper KE to state #1 | **emit ISAKMP Message: | initiator cookie: | a3 28 a4 06 50 ac 66 0b | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x df 79 23 e4 c4 b5 a3 bb 68 a4 38 4e f5 a7 89 76 | ikev2 g^x a6 38 f1 dd 94 3d 84 32 7f bd 5b 8e 41 b1 e9 44 | ikev2 g^x c9 46 2b a9 b1 0f ef 1a cb 28 27 3c 6a 08 f3 1c | ikev2 g^x 77 96 22 93 16 e0 d0 71 27 d0 b4 2a 27 42 06 85 | ikev2 g^x f1 3a b4 e2 4e e3 fc db 29 f6 bf e6 5e b7 39 51 | ikev2 g^x 14 8d 55 b5 e4 8e 58 9e c3 21 45 e5 2e 67 37 cc | ikev2 g^x 34 89 d1 57 ac fc fc 71 ac 2c 92 98 57 b9 3b e0 | ikev2 g^x d8 4a 2a 68 e2 c3 db 19 7a ff 14 a2 4d 2e 62 bf | ikev2 g^x 44 0a b5 95 ae 6b ea da 2c ac 7d 55 48 60 53 8a | ikev2 g^x ba 56 67 53 1c 76 d4 fc ad d4 48 9f b1 aa 23 95 | ikev2 g^x 56 2f 20 62 a4 3e 63 44 eb 95 37 f2 89 28 9d 85 | ikev2 g^x 35 20 20 f2 0f 6b 71 7b b4 39 62 19 c7 db 8c 45 | ikev2 g^x 99 b7 a4 f9 9e d3 9e c4 82 ee 33 07 9b c9 30 fc | ikev2 g^x 8d 8d c3 34 f3 7a bb e3 73 86 c9 29 f7 04 bc ef | ikev2 g^x 9e 5e a7 51 ff 98 c5 84 d7 4b 12 c4 d7 7e 20 f4 | ikev2 g^x 9d e4 1a e2 89 cb 3a 76 22 67 84 66 28 17 75 d9 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | IKEv2 nonce b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | a3 28 a4 06 50 ac 66 0b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 07 0d a8 32 c3 4e 46 ac 17 8b 05 71 15 fc 70 d2 | 4f f7 f1 09 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= a3 28 a4 06 50 ac 66 0b | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 07 0d a8 32 c3 4e 46 ac 17 8b 05 71 15 fc 70 d2 | natd_hash: hash= 4f f7 f1 09 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 07 0d a8 32 c3 4e 46 ac 17 8b 05 71 15 fc 70 d2 | Notify data 4f f7 f1 09 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | a3 28 a4 06 50 ac 66 0b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 9e b9 c7 9f 46 b9 92 aa 21 77 d0 5e 25 74 32 d7 | ab fb 96 35 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= a3 28 a4 06 50 ac 66 0b | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 9e b9 c7 9f 46 b9 92 aa 21 77 d0 5e 25 74 32 d7 | natd_hash: hash= ab fb 96 35 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 9e b9 c7 9f 46 b9 92 aa 21 77 d0 5e 25 74 32 d7 | Notify data ab fb 96 35 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #1 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #1 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #1 to 4294967295 after switching state | Message ID: IKE #1 skipping update_recv as MD is fake | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | a3 28 a4 06 50 ac 66 0b 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 df 79 23 e4 c4 b5 a3 bb 68 a4 38 4e | f5 a7 89 76 a6 38 f1 dd 94 3d 84 32 7f bd 5b 8e | 41 b1 e9 44 c9 46 2b a9 b1 0f ef 1a cb 28 27 3c | 6a 08 f3 1c 77 96 22 93 16 e0 d0 71 27 d0 b4 2a | 27 42 06 85 f1 3a b4 e2 4e e3 fc db 29 f6 bf e6 | 5e b7 39 51 14 8d 55 b5 e4 8e 58 9e c3 21 45 e5 | 2e 67 37 cc 34 89 d1 57 ac fc fc 71 ac 2c 92 98 | 57 b9 3b e0 d8 4a 2a 68 e2 c3 db 19 7a ff 14 a2 | 4d 2e 62 bf 44 0a b5 95 ae 6b ea da 2c ac 7d 55 | 48 60 53 8a ba 56 67 53 1c 76 d4 fc ad d4 48 9f | b1 aa 23 95 56 2f 20 62 a4 3e 63 44 eb 95 37 f2 | 89 28 9d 85 35 20 20 f2 0f 6b 71 7b b4 39 62 19 | c7 db 8c 45 99 b7 a4 f9 9e d3 9e c4 82 ee 33 07 | 9b c9 30 fc 8d 8d c3 34 f3 7a bb e3 73 86 c9 29 | f7 04 bc ef 9e 5e a7 51 ff 98 c5 84 d7 4b 12 c4 | d7 7e 20 f4 9d e4 1a e2 89 cb 3a 76 22 67 84 66 | 28 17 75 d9 29 00 00 24 0a aa aa 01 3e 47 4d 47 | d6 3c 56 77 62 da 3f 80 b5 ed d0 59 c2 a9 fc 2c | 23 c9 31 e0 a1 e9 87 47 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 07 0d a8 32 c3 4e 46 ac | 17 8b 05 71 15 fc 70 d2 4f f7 f1 09 00 00 00 1c | 00 00 40 05 9e b9 c7 9f 46 b9 92 aa 21 77 d0 5e | 25 74 32 d7 ab fb 96 35 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x5612128fc078 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5612128fc008 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x5612128fc008 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x5612128fc078 size 128 | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10447.728484 | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD | #1 spent 0.409 milliseconds in resume sending helper answer | stop processing: state #1 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5354002888 | spent 0.00224 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 d0 db 04 80 65 00 a0 5c 69 4d 35 20 | 9c 62 ab d0 e0 c3 60 6d 69 99 4c 35 6d ce 81 a0 | aa 2a 5b 30 0e fc 7e 89 5d 74 e4 10 ce 3f f3 9d | 63 6f ca 90 26 c5 47 4a a9 97 7b 3a 2b 03 23 ce | 1d 39 ba 98 67 0a 84 22 d0 82 38 df d2 7f 10 30 | 3d fa d6 b9 82 f6 ac cc 36 d6 44 7e 40 c7 13 9a | c9 9e 10 e6 a9 fe 1c 41 e8 34 91 39 d0 54 cd 0a | cd 0d 3c c3 60 83 51 3b 14 ab 0d 3d 75 cc d9 1a | 90 87 d1 99 21 0e f4 99 23 2b dd 81 19 12 9a 4d | 59 ea 0e ff c7 f1 29 50 3a 00 e6 58 e2 a1 80 38 | 49 53 7e cf 10 6e 13 ea 1f 02 0d 1f 36 ea 2e dc | b6 27 22 93 54 60 ae 07 d5 94 7c f8 4b 6b dd 40 | 60 68 8c f9 9d 0c d3 be 3b 58 48 38 6d d0 75 6e | ee f8 89 e5 c5 ad 98 90 5e 09 e4 63 cf b6 90 52 | 88 ca 16 ef dc 87 19 4f 4a 78 a0 9c 8e 1e af f8 | e4 90 ff 7c 46 e2 40 43 e9 36 7b 14 31 30 b3 86 | 55 5e 08 f9 29 00 00 24 61 2b 76 d7 49 cb 1d ff | 6a 1d 86 dd a0 e1 7e be 4a fa 5b 19 60 19 34 a0 | 4d c8 e0 fc 90 50 2e 09 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 c5 81 9c a4 d4 6a d6 f6 | 4b 57 94 1f c1 7a 29 01 0c 52 ec 7c 00 00 00 1c | 00 00 40 05 b9 bc 98 30 c9 88 f3 a4 fc 6b 26 72 | 3f e1 8f c2 7b 32 43 82 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a3 28 a4 06 50 ac 66 0b | responder cookie: | 7b 9b 0e b0 51 12 e9 cd | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #1 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #1 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #1 is idle | #1 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] | #1 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | d0 db 04 80 65 00 a0 5c 69 4d 35 20 9c 62 ab d0 | e0 c3 60 6d 69 99 4c 35 6d ce 81 a0 aa 2a 5b 30 | 0e fc 7e 89 5d 74 e4 10 ce 3f f3 9d 63 6f ca 90 | 26 c5 47 4a a9 97 7b 3a 2b 03 23 ce 1d 39 ba 98 | 67 0a 84 22 d0 82 38 df d2 7f 10 30 3d fa d6 b9 | 82 f6 ac cc 36 d6 44 7e 40 c7 13 9a c9 9e 10 e6 | a9 fe 1c 41 e8 34 91 39 d0 54 cd 0a cd 0d 3c c3 | 60 83 51 3b 14 ab 0d 3d 75 cc d9 1a 90 87 d1 99 | 21 0e f4 99 23 2b dd 81 19 12 9a 4d 59 ea 0e ff | c7 f1 29 50 3a 00 e6 58 e2 a1 80 38 49 53 7e cf | 10 6e 13 ea 1f 02 0d 1f 36 ea 2e dc b6 27 22 93 | 54 60 ae 07 d5 94 7c f8 4b 6b dd 40 60 68 8c f9 | 9d 0c d3 be 3b 58 48 38 6d d0 75 6e ee f8 89 e5 | c5 ad 98 90 5e 09 e4 63 cf b6 90 52 88 ca 16 ef | dc 87 19 4f 4a 78 a0 9c 8e 1e af f8 e4 90 ff 7c | 46 e2 40 43 e9 36 7b 14 31 30 b3 86 55 5e 08 f9 | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed60a0 (length 8) | a3 28 a4 06 50 ac 66 0b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed60a8 (length 8) | 7b 9b 0e b0 51 12 e9 cd | NATD hash sha digest IP addr-bytes@0x7ffe4aed6034 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6026 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed60b0 (length 20) | b9 bc 98 30 c9 88 f3 a4 fc 6b 26 72 3f e1 8f c2 | 7b 32 43 82 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= a3 28 a4 06 50 ac 66 0b | natd_hash: rcookie= 7b 9b 0e b0 51 12 e9 cd | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= b9 bc 98 30 c9 88 f3 a4 fc 6b 26 72 3f e1 8f c2 | natd_hash: hash= 7b 32 43 82 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed60a0 (length 8) | a3 28 a4 06 50 ac 66 0b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed60a8 (length 8) | 7b 9b 0e b0 51 12 e9 cd | NATD hash sha digest IP addr-bytes@0x7ffe4aed6034 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6026 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed60d0 (length 20) | c5 81 9c a4 d4 6a d6 f6 4b 57 94 1f c1 7a 29 01 | 0c 52 ec 7c | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= a3 28 a4 06 50 ac 66 0b | natd_hash: rcookie= 7b 9b 0e b0 51 12 e9 cd | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= c5 81 9c a4 d4 6a d6 f6 4b 57 94 1f c1 7a 29 01 | natd_hash: hash= 0c 52 ec 7c | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f5354003a28: transferring ownership from state #1 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 2 for state #1 | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x5612128fc078 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5612128fc008 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5612128fc008 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x5612128fddf8 size 128 | #1 spent 0.214 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #1 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #1 and saving MD | #1 is busy; has a suspended MD | [RE]START processing: state #1 connection "aes128" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) | "aes128" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #1 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 0.366 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.373 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 0 resuming | crypto helper 0 starting work-order 2 for state #1 | crypto helper 0 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 | peer's g: d0 db 04 80 65 00 a0 5c 69 4d 35 20 9c 62 ab d0 | peer's g: e0 c3 60 6d 69 99 4c 35 6d ce 81 a0 aa 2a 5b 30 | peer's g: 0e fc 7e 89 5d 74 e4 10 ce 3f f3 9d 63 6f ca 90 | peer's g: 26 c5 47 4a a9 97 7b 3a 2b 03 23 ce 1d 39 ba 98 | peer's g: 67 0a 84 22 d0 82 38 df d2 7f 10 30 3d fa d6 b9 | peer's g: 82 f6 ac cc 36 d6 44 7e 40 c7 13 9a c9 9e 10 e6 | peer's g: a9 fe 1c 41 e8 34 91 39 d0 54 cd 0a cd 0d 3c c3 | peer's g: 60 83 51 3b 14 ab 0d 3d 75 cc d9 1a 90 87 d1 99 | peer's g: 21 0e f4 99 23 2b dd 81 19 12 9a 4d 59 ea 0e ff | peer's g: c7 f1 29 50 3a 00 e6 58 e2 a1 80 38 49 53 7e cf | peer's g: 10 6e 13 ea 1f 02 0d 1f 36 ea 2e dc b6 27 22 93 | peer's g: 54 60 ae 07 d5 94 7c f8 4b 6b dd 40 60 68 8c f9 | peer's g: 9d 0c d3 be 3b 58 48 38 6d d0 75 6e ee f8 89 e5 | peer's g: c5 ad 98 90 5e 09 e4 63 cf b6 90 52 88 ca 16 ef | peer's g: dc 87 19 4f 4a 78 a0 9c 8e 1e af f8 e4 90 ff 7c | peer's g: 46 e2 40 43 e9 36 7b 14 31 30 b3 86 55 5e 08 f9 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x5612128e96a0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f5354003a28: computed shared DH secret key@0x5612128e96a0 | dh-shared : g^ir-key@0x5612128e96a0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f534c001f18 (length 64) | 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d9e96e0 | result: Ni | Nr-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e96c8 | result: Ni | Nr-key@0x5612128e7c40 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x5612128e6190 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f534c002fa0 from Ni | Nr-key@0x5612128e7c40 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f534c002fa0 from Ni | Nr-key@0x5612128e7c40 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x5612128e7c40 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f534c003a78 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x5612128e96a0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x5612128e96a0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x5612128e96a0 | nss hmac digest hack: symkey-key@0x5612128e96a0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)293531842: 1e 42 ca 1d 48 05 a0 54 b6 9b 9d fc 1a a1 f2 e5 8d 8e a9 98 e1 c1 06 2e de 03 72 46 4e 19 55 b8 ec 53 7d 68 20 63 96 c0 0d 4d 43 35 cf 56 ff 7f 6a 5e 05 d0 ad 1c 44 4a c0 83 1d 49 35 d0 c6 7a 97 51 0c 8e 57 71 7d 84 45 28 39 b8 7f 20 71 7c ca a5 a7 b6 12 1d 82 63 f4 bf 59 33 92 72 66 30 ac af 4b 8e 00 66 f1 4f 65 59 65 9f e6 c6 9f 62 35 14 98 5f ee 04 e2 73 a3 86 7e 3a 35 c3 ca 1f 02 f5 dc a6 da 05 f6 f2 77 8c ab e6 15 80 4c 89 ea 72 54 5f 35 af 6e 34 af c6 23 ca 15 02 64 ce 25 ce ca 56 2c d3 30 c4 e2 66 29 f1 ca a9 1d a6 be 42 bf b6 be 61 f5 ba cb 6d e4 53 1a a1 73 62 45 e0 ba 69 bb 8e 32 40 f4 26 55 2f 9b 79 78 a4 a4 d1 e3 19 7d 09 fd e7 40 16 06 56 69 96 c0 6c 4f c8 78 24 fb 88 9c 0b f0 53 3f 0a 00 b2 33 6d 4c 36 e5 6d 50 d6 91 0e 00 5d cc 2b 8b b8 02 7e | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 256 bytes at 0x7f534c003fa8 | unwrapped: a0 df 30 f8 1f 5d 9b 2a bf e5 3e be 60 fb 05 91 | unwrapped: 27 7e 84 f6 fb 42 72 5e bf 80 2a b5 0a 5c 64 a8 | unwrapped: 0b e0 01 f0 49 a5 d9 ff 9d c5 d7 99 91 c1 59 01 | unwrapped: ba 60 b1 76 ff 71 e1 f2 59 93 3d 86 74 72 61 14 | unwrapped: 77 05 d6 20 f3 7e 0c ca 79 e1 96 7d 85 47 f9 39 | unwrapped: b3 fb 52 d1 aa 13 97 d2 0b 7e 26 a9 76 24 d7 0a | unwrapped: 32 9c 4a c4 7b af b0 6d e6 2d ee 85 84 97 2b bd | unwrapped: 2b 58 c4 e4 87 d9 71 60 f1 f5 f6 f1 db 38 41 43 | unwrapped: 5e dc 66 fd b0 c9 0f c3 92 4d 13 d9 bd 65 af 3f | unwrapped: f0 7a d0 b6 07 33 ba 0d ac fb e5 b3 ec 88 dd 19 | unwrapped: 6b b9 c2 0a 34 82 a2 3e 8b 5d e6 d4 c7 a8 38 5f | unwrapped: 09 42 08 2b e9 8b f6 8f c6 a9 54 a7 fc aa 8a 5c | unwrapped: 54 4f df b8 f0 9c eb 1c ba 2f 9a 15 1b 40 25 88 | unwrapped: a8 97 db 6a 41 38 de 52 bf 3c 89 65 77 bf 1b 26 | unwrapped: 76 15 01 89 90 49 ba 50 96 db 7d 44 4f 65 98 4b | unwrapped: 0a 54 cf 8a ad c0 28 5a 84 7d 0c 66 ed 4e 86 d2 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d9e9700 | result: final-key@0x5612128e6190 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e6190 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e96e8 | result: final-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e6190 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x5612128e7c40 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d9e9670 | result: data=Ni-key@0x56121285f080 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x56121285f080 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e9658 | result: data=Ni-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x56121285f080 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535d9e9660 | result: data+=Nr-key@0x56121285f080 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e6190 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285f080 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535d9e9660 | result: data+=SPIi-key@0x5612128e6190 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x56121285f080 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e6190 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535d9e9660 | result: data+=SPIr-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e6190 | prf+0 PRF sha init key-key@0x5612128e7c40 (size 20) | prf+0: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e9588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f534c002fa0 from key-key@0x5612128e6190 | prf+0 prf: begin sha with context 0x7f534c002fa0 from key-key@0x5612128e6190 | prf+0: release clone-key@0x5612128e6190 | prf+0 PRF sha crypt-prf@0x7f534c002f78 | prf+0 PRF sha update seed-key@0x56121285f080 (size 80) | prf+0: seed-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: aa 35 04 f2 4e de 2c 49 2c 16 cd 74 94 7c c2 ac c4 85 eb 1c 8c f8 f0 ff 6b 4b d9 37 98 7c b3 28 b6 e2 fd 99 0f 96 18 86 85 85 c4 5b 33 84 67 d2 8e d1 4c 60 5c dc e9 45 eb e8 67 fe 31 0a 7a 42 42 f0 d3 3d 6d 05 60 26 53 93 c0 95 59 e8 a4 df | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f534c0069d8 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | unwrapped: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d9e9590 | result: final-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e9578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e9a80 | prf+0 PRF sha final-key@0x5612128e6190 (size 20) | prf+0: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x5612128e6190 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e9588 | result: clone-key@0x5612128e9a80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f534c002fa0 from key-key@0x5612128e9a80 | prf+N prf: begin sha with context 0x7f534c002fa0 from key-key@0x5612128e9a80 | prf+N: release clone-key@0x5612128e9a80 | prf+N PRF sha crypt-prf@0x7f534c0030d8 | prf+N PRF sha update old_t-key@0x5612128e6190 (size 20) | prf+N: old_t-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: d1 96 3f a5 60 c3 fb f9 7d 16 a1 e2 7c 42 65 01 a4 01 59 64 b7 6f e6 0c 8b 5b 1d ec d3 84 5d e7 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f534c002f28 | unwrapped: 54 67 34 1c 36 fc 7d 68 bb f0 74 5d 05 15 cf 92 | unwrapped: de ef 9f eb 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x56121285f080 (size 80) | prf+N: seed-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: aa 35 04 f2 4e de 2c 49 2c 16 cd 74 94 7c c2 ac c4 85 eb 1c 8c f8 f0 ff 6b 4b d9 37 98 7c b3 28 b6 e2 fd 99 0f 96 18 86 85 85 c4 5b 33 84 67 d2 8e d1 4c 60 5c dc e9 45 eb e8 67 fe 31 0a 7a 42 42 f0 d3 3d 6d 05 60 26 53 93 c0 95 59 e8 a4 df | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f534c006958 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | unwrapped: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d9e9590 | result: final-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e9578 | result: final-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e0610 | prf+N PRF sha final-key@0x5612128e9a80 (size 20) | prf+N: key-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d9e9608 | result: result-key@0x5612128e0610 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e6190 | prfplus: release old_t[N]-key@0x5612128e6190 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e9588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f534c002fa0 from key-key@0x5612128e6190 | prf+N prf: begin sha with context 0x7f534c002fa0 from key-key@0x5612128e6190 | prf+N: release clone-key@0x5612128e6190 | prf+N PRF sha crypt-prf@0x7f534c002f78 | prf+N PRF sha update old_t-key@0x5612128e9a80 (size 20) | prf+N: old_t-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 62 ff 83 f8 ae eb 01 4b 00 c2 f5 13 fd a1 43 e3 d6 85 c6 72 c5 e0 75 8d fc 8f 43 bc 79 06 8b a6 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f534c003a78 | unwrapped: 10 80 4f 58 38 b9 34 13 43 e7 32 89 e6 16 be 0b | unwrapped: b0 f2 d7 a8 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x56121285f080 (size 80) | prf+N: seed-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: aa 35 04 f2 4e de 2c 49 2c 16 cd 74 94 7c c2 ac c4 85 eb 1c 8c f8 f0 ff 6b 4b d9 37 98 7c b3 28 b6 e2 fd 99 0f 96 18 86 85 85 c4 5b 33 84 67 d2 8e d1 4c 60 5c dc e9 45 eb e8 67 fe 31 0a 7a 42 42 f0 d3 3d 6d 05 60 26 53 93 c0 95 59 e8 a4 df | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f534c0069d8 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | unwrapped: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d9e9590 | result: final-key@0x7f534c006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e9578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f534c006bb0 | prf+N PRF sha final-key@0x5612128e6190 (size 20) | prf+N: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e0610 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d9e9608 | result: result-key@0x7f534c006bb0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e0610 | prfplus: release old_t[N]-key@0x5612128e9a80 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e9588 | result: clone-key@0x5612128e9a80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f534c002fa0 from key-key@0x5612128e9a80 | prf+N prf: begin sha with context 0x7f534c002fa0 from key-key@0x5612128e9a80 | prf+N: release clone-key@0x5612128e9a80 | prf+N PRF sha crypt-prf@0x7f534c002f28 | prf+N PRF sha update old_t-key@0x5612128e6190 (size 20) | prf+N: old_t-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 3a 70 09 e5 d7 51 92 8d ff df 03 fa c6 4d 95 bd 2a 85 a5 9c e5 61 e5 86 cf 6e e6 0c 26 35 94 0b | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f534c00a408 | unwrapped: 58 8e ca 06 3b 2b ca 95 3c bc e9 af 3f 1a fc 14 | unwrapped: ec 04 1d 02 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x56121285f080 (size 80) | prf+N: seed-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: aa 35 04 f2 4e de 2c 49 2c 16 cd 74 94 7c c2 ac c4 85 eb 1c 8c f8 f0 ff 6b 4b d9 37 98 7c b3 28 b6 e2 fd 99 0f 96 18 86 85 85 c4 5b 33 84 67 d2 8e d1 4c 60 5c dc e9 45 eb e8 67 fe 31 0a 7a 42 42 f0 d3 3d 6d 05 60 26 53 93 c0 95 59 e8 a4 df | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f534c006958 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | unwrapped: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d9e9590 | result: final-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e9578 | result: final-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e0610 | prf+N PRF sha final-key@0x5612128e9a80 (size 20) | prf+N: key-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f534c006bb0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d9e9608 | result: result-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f534c006bb0 | prfplus: release old_t[N]-key@0x5612128e6190 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e9588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f534c002fa0 from key-key@0x5612128e6190 | prf+N prf: begin sha with context 0x7f534c002fa0 from key-key@0x5612128e6190 | prf+N: release clone-key@0x5612128e6190 | prf+N PRF sha crypt-prf@0x7f534c0030d8 | prf+N PRF sha update old_t-key@0x5612128e9a80 (size 20) | prf+N: old_t-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 77 45 46 5c bb 90 cd 12 19 72 f4 eb ca 05 2b 0b 49 16 0f 6e 3e d1 dc 3c 4f 6f f1 b9 b4 ce 90 6a | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f534c003a78 | unwrapped: a9 37 f3 d3 20 c5 f7 46 6d a7 56 d6 6d 0a c3 2f | unwrapped: 17 1b 55 3c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x56121285f080 (size 80) | prf+N: seed-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: aa 35 04 f2 4e de 2c 49 2c 16 cd 74 94 7c c2 ac c4 85 eb 1c 8c f8 f0 ff 6b 4b d9 37 98 7c b3 28 b6 e2 fd 99 0f 96 18 86 85 85 c4 5b 33 84 67 d2 8e d1 4c 60 5c dc e9 45 eb e8 67 fe 31 0a 7a 42 42 f0 d3 3d 6d 05 60 26 53 93 c0 95 59 e8 a4 df | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f534c0069d8 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | unwrapped: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d9e9590 | result: final-key@0x7f534c006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e9578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f534c006bb0 | prf+N PRF sha final-key@0x5612128e6190 (size 20) | prf+N: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d9e9608 | result: result-key@0x7f534c006bb0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e0610 | prfplus: release old_t[N]-key@0x5612128e9a80 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e9588 | result: clone-key@0x5612128e9a80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f534c00a070 from key-key@0x5612128e9a80 | prf+N prf: begin sha with context 0x7f534c00a070 from key-key@0x5612128e9a80 | prf+N: release clone-key@0x5612128e9a80 | prf+N PRF sha crypt-prf@0x7f534c002f78 | prf+N PRF sha update old_t-key@0x5612128e6190 (size 20) | prf+N: old_t-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: b4 61 7c 59 52 a7 c4 a0 0d 8a 0d e7 9a 2b 6b 1d a3 c0 83 aa 51 7c 9f 85 81 9a cc 7f cf b7 9f 44 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f534c002f28 | unwrapped: 91 b3 02 92 62 97 b5 99 cc 66 4c 17 69 59 fa 6d | unwrapped: 0d 66 ed db 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x56121285f080 (size 80) | prf+N: seed-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: aa 35 04 f2 4e de 2c 49 2c 16 cd 74 94 7c c2 ac c4 85 eb 1c 8c f8 f0 ff 6b 4b d9 37 98 7c b3 28 b6 e2 fd 99 0f 96 18 86 85 85 c4 5b 33 84 67 d2 8e d1 4c 60 5c dc e9 45 eb e8 67 fe 31 0a 7a 42 42 f0 d3 3d 6d 05 60 26 53 93 c0 95 59 e8 a4 df | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f534c006958 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | unwrapped: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d9e9590 | result: final-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e9578 | result: final-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e0610 | prf+N PRF sha final-key@0x5612128e9a80 (size 20) | prf+N: key-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f534c006bb0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d9e9608 | result: result-key@0x5612128e0610 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f534c006bb0 | prfplus: release old_t[N]-key@0x5612128e6190 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e9588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f534c002fa0 from key-key@0x5612128e6190 | prf+N prf: begin sha with context 0x7f534c002fa0 from key-key@0x5612128e6190 | prf+N: release clone-key@0x5612128e6190 | prf+N PRF sha crypt-prf@0x7f534c0030d8 | prf+N PRF sha update old_t-key@0x5612128e9a80 (size 20) | prf+N: old_t-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: fd 90 26 40 01 c9 d1 2e 6e db 78 0f 9a 8c fc e7 9c dd 1f 4a 2d 74 b4 73 8a 36 42 0b 60 28 56 0b | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f534c003a78 | unwrapped: 1e 15 11 fe 01 5f ad 18 6f 77 dc 50 88 21 a2 ce | unwrapped: 1d 1b ba 3f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x56121285f080 (size 80) | prf+N: seed-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: aa 35 04 f2 4e de 2c 49 2c 16 cd 74 94 7c c2 ac c4 85 eb 1c 8c f8 f0 ff 6b 4b d9 37 98 7c b3 28 b6 e2 fd 99 0f 96 18 86 85 85 c4 5b 33 84 67 d2 8e d1 4c 60 5c dc e9 45 eb e8 67 fe 31 0a 7a 42 42 f0 d3 3d 6d 05 60 26 53 93 c0 95 59 e8 a4 df | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f534c00aa08 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | unwrapped: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d9e9590 | result: final-key@0x7f534c006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e9578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f534c006bb0 | prf+N PRF sha final-key@0x5612128e6190 (size 20) | prf+N: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e0610 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d9e9608 | result: result-key@0x7f534c006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e0610 | prfplus: release old_t[N]-key@0x5612128e9a80 | prfplus: release old_t[final]-key@0x5612128e6190 | ike_sa_keymat: release data-key@0x56121285f080 | calc_skeyseed_v2: release skeyseed_k-key@0x5612128e7c40 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e97a8 | result: result-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e97a8 | result: result-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e97a8 | result: result-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f534c006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e97b8 | result: SK_ei_k-key@0x5612128e9a80 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f534c006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e97b8 | result: SK_er_k-key@0x5612128e0610 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e97b8 | result: result-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f534c00a0e0 | chunk_SK_pi: symkey-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: f5 6f 4b 74 2e 3f 8e 6d 31 db e3 33 03 35 df b3 d1 bb e8 21 c4 29 af 99 80 92 e8 40 0b b0 96 8c | chunk_SK_pi: release slot-key-key@0x5612128e2eb0 | chunk_SK_pi extracted len 32 bytes at 0x7f534c002f78 | unwrapped: 69 59 fa 6d 0d 66 ed db 1e 15 11 fe 01 5f ad 18 | unwrapped: 6f 77 dc 50 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d9e97b8 | result: result-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f534c00d840 | chunk_SK_pr: symkey-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: c3 64 ab 13 73 c8 e2 76 8c 92 79 51 ff 8e 45 be 78 95 3e db c0 e3 25 03 23 e0 6c a3 8b 0e 16 67 | chunk_SK_pr: release slot-key-key@0x5612128e2eb0 | chunk_SK_pr extracted len 32 bytes at 0x7f534c003a78 | unwrapped: 88 21 a2 ce 1d 1b ba 3f 0e cb 80 18 11 b7 f5 ed | unwrapped: d7 f2 4f 36 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f534c006bb0 | calc_skeyseed_v2 pointers: shared-key@0x5612128e96a0, SK_d-key@0x5612128e7c40, SK_ai-key@0x56121285f080, SK_ar-key@0x5612128e6190, SK_ei-key@0x5612128e9a80, SK_er-key@0x5612128e0610, SK_pi-key@0x7f534c00a0e0, SK_pr-key@0x7f534c00d840 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 69 59 fa 6d 0d 66 ed db 1e 15 11 fe 01 5f ad 18 | 6f 77 dc 50 | calc_skeyseed_v2 SK_pr | 88 21 a2 ce 1d 1b ba 3f 0e cb 80 18 11 b7 f5 ed | d7 f2 4f 36 | crypto helper 0 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.002196 seconds | (#1) spent 2.2 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) | crypto helper 0 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f534c005088 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 2 | calling continuation function 0x561211773b50 | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f5354003a28: transferring ownership from helper IKEv2 DH to state #1 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #2 at 0x5612129007b8 | State DB: adding IKEv2 state #2 in UNDEFINED | pstats #2 ikev2.child started | duplicating state object #1 "aes128" as #2 for IPSEC SA | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x5612128e7c40 | duplicate_state: reference st_skey_ai_nss-key@0x56121285f080 | duplicate_state: reference st_skey_ar_nss-key@0x5612128e6190 | duplicate_state: reference st_skey_ei_nss-key@0x5612128e9a80 | duplicate_state: reference st_skey_er_nss-key@0x5612128e0610 | duplicate_state: reference st_skey_pi_nss-key@0x7f534c00a0e0 | duplicate_state: reference st_skey_pr_nss-key@0x7f534c00d840 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x5612128fddf8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5612128fc008 | event_schedule: new EVENT_SA_REPLACE-pe@0x5612128fc008 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x5612128fddf8 size 128 | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | a3 28 a4 06 50 ac 66 0b | responder cookie: | 7b 9b 0e b0 51 12 e9 cd | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x7f534c00a0e0 (size 20) | hmac: symkey-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed6138 | result: clone-key@0x7f534c006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5354002b50 from symkey-key@0x7f534c006bb0 | hmac prf: begin sha with context 0x7f5354002b50 from symkey-key@0x7f534c006bb0 | hmac: release clone-key@0x7f534c006bb0 | hmac PRF sha crypt-prf@0x5612128fe1e8 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x5612118718f4 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffe4aed64d0 (length 20) | 6c 52 15 c3 ad 5b dd ad 84 c8 69 5e 7d f9 4b 9f | 95 0f 2e bb | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x561212854c48 (line=1) | concluding with best_match=014 best=0x561212854c48 (lineno=1) | inputs to hash1 (first packet) | a3 28 a4 06 50 ac 66 0b 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 df 79 23 e4 c4 b5 a3 bb 68 a4 38 4e | f5 a7 89 76 a6 38 f1 dd 94 3d 84 32 7f bd 5b 8e | 41 b1 e9 44 c9 46 2b a9 b1 0f ef 1a cb 28 27 3c | 6a 08 f3 1c 77 96 22 93 16 e0 d0 71 27 d0 b4 2a | 27 42 06 85 f1 3a b4 e2 4e e3 fc db 29 f6 bf e6 | 5e b7 39 51 14 8d 55 b5 e4 8e 58 9e c3 21 45 e5 | 2e 67 37 cc 34 89 d1 57 ac fc fc 71 ac 2c 92 98 | 57 b9 3b e0 d8 4a 2a 68 e2 c3 db 19 7a ff 14 a2 | 4d 2e 62 bf 44 0a b5 95 ae 6b ea da 2c ac 7d 55 | 48 60 53 8a ba 56 67 53 1c 76 d4 fc ad d4 48 9f | b1 aa 23 95 56 2f 20 62 a4 3e 63 44 eb 95 37 f2 | 89 28 9d 85 35 20 20 f2 0f 6b 71 7b b4 39 62 19 | c7 db 8c 45 99 b7 a4 f9 9e d3 9e c4 82 ee 33 07 | 9b c9 30 fc 8d 8d c3 34 f3 7a bb e3 73 86 c9 29 | f7 04 bc ef 9e 5e a7 51 ff 98 c5 84 d7 4b 12 c4 | d7 7e 20 f4 9d e4 1a e2 89 cb 3a 76 22 67 84 66 | 28 17 75 d9 29 00 00 24 0a aa aa 01 3e 47 4d 47 | d6 3c 56 77 62 da 3f 80 b5 ed d0 59 c2 a9 fc 2c | 23 c9 31 e0 a1 e9 87 47 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 07 0d a8 32 c3 4e 46 ac | 17 8b 05 71 15 fc 70 d2 4f f7 f1 09 00 00 00 1c | 00 00 40 05 9e b9 c7 9f 46 b9 92 aa 21 77 d0 5e | 25 74 32 d7 ab fb 96 35 | create: initiator inputs to hash2 (responder nonce) | 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | idhash 6c 52 15 c3 ad 5b dd ad 84 c8 69 5e 7d f9 4b 9f | idhash 95 0f 2e bb | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5612128e2e08 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5f20 | result: shared secret-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f08 | result: shared secret-key@0x7f534c006bb0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f5354002b50 from shared secret-key@0x7f534c006bb0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f5354002b50 from shared secret-key@0x7f534c006bb0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f534c006bb0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5612128fe198 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5612118064d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5f40 | result: final-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f28 | result: final-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f534c006bb0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f534c006bb0 (size 20) | = prf(, ): -key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f38 | result: clone-key@0x5612128fa5c0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f5354002b50 from -key@0x5612128fa5c0 | = prf(, ) prf: begin sha with context 0x7f5354002b50 from -key@0x5612128fa5c0 | = prf(, ): release clone-key@0x5612128fa5c0 | = prf(, ) PRF sha crypt-prf@0x5612128fe1e8 | = prf(, ) PRF sha update first-packet-bytes@0x5612128fe3f8 (length 440) | a3 28 a4 06 50 ac 66 0b 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 df 79 23 e4 c4 b5 a3 bb 68 a4 38 4e | f5 a7 89 76 a6 38 f1 dd 94 3d 84 32 7f bd 5b 8e | 41 b1 e9 44 c9 46 2b a9 b1 0f ef 1a cb 28 27 3c | 6a 08 f3 1c 77 96 22 93 16 e0 d0 71 27 d0 b4 2a | 27 42 06 85 f1 3a b4 e2 4e e3 fc db 29 f6 bf e6 | 5e b7 39 51 14 8d 55 b5 e4 8e 58 9e c3 21 45 e5 | 2e 67 37 cc 34 89 d1 57 ac fc fc 71 ac 2c 92 98 | 57 b9 3b e0 d8 4a 2a 68 e2 c3 db 19 7a ff 14 a2 | 4d 2e 62 bf 44 0a b5 95 ae 6b ea da 2c ac 7d 55 | 48 60 53 8a ba 56 67 53 1c 76 d4 fc ad d4 48 9f | b1 aa 23 95 56 2f 20 62 a4 3e 63 44 eb 95 37 f2 | 89 28 9d 85 35 20 20 f2 0f 6b 71 7b b4 39 62 19 | c7 db 8c 45 99 b7 a4 f9 9e d3 9e c4 82 ee 33 07 | 9b c9 30 fc 8d 8d c3 34 f3 7a bb e3 73 86 c9 29 | f7 04 bc ef 9e 5e a7 51 ff 98 c5 84 d7 4b 12 c4 | d7 7e 20 f4 9d e4 1a e2 89 cb 3a 76 22 67 84 66 | 28 17 75 d9 29 00 00 24 0a aa aa 01 3e 47 4d 47 | d6 3c 56 77 62 da 3f 80 b5 ed d0 59 c2 a9 fc 2c | 23 c9 31 e0 a1 e9 87 47 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 07 0d a8 32 c3 4e 46 ac | 17 8b 05 71 15 fc 70 d2 4f f7 f1 09 00 00 00 1c | 00 00 40 05 9e b9 c7 9f 46 b9 92 aa 21 77 d0 5e | 25 74 32 d7 ab fb 96 35 | = prf(, ) PRF sha update nonce-bytes@0x5612128fc128 (length 32) | 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | = prf(, ) PRF sha update hash-bytes@0x7ffe4aed64d0 (length 20) | 6c 52 15 c3 ad 5b dd ad 84 c8 69 5e 7d f9 4b 9f | 95 0f 2e bb | = prf(, ) PRF sha final-chunk@0x561212901608 (length 20) | e0 c5 bd 45 58 ff 36 ce c2 90 ce 0a c2 a7 3d f2 | d8 d2 db d4 | psk_auth: release prf-psk-key@0x7f534c006bb0 | PSK auth octets e0 c5 bd 45 58 ff 36 ce c2 90 ce 0a c2 a7 3d f2 | PSK auth octets d8 d2 db d4 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth e0 c5 bd 45 58 ff 36 ce c2 90 ce 0a c2 a7 3d f2 | PSK auth d8 d2 db d4 | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #1 | netlink_get_spi: allocated 0xbc69695f for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi bc 69 69 5f | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 192 | emitting length of ISAKMP Message: 220 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 49 be 68 39 fb fb 25 e9 27 dd 38 48 54 43 da fc | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | e0 c5 bd 45 58 ff 36 ce c2 90 ce 0a c2 a7 3d f2 | d8 d2 db d4 2c 00 00 2c 00 00 00 28 01 03 04 03 | bc 69 69 5f 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 51 6d 37 26 56 88 d5 48 4b cd f5 98 d4 b6 89 06 | 88 b6 e9 12 ea 83 f7 4f 68 3b 73 ba cc 2d 0a 6e | a5 09 57 a5 58 62 40 a2 ac 8e bb 46 6d 6b 70 f9 | 92 a4 e9 ab b0 15 94 f8 d7 43 35 50 05 8f 64 5a | 34 85 2a d1 ef aa 28 a8 82 65 49 db 89 7d a5 aa | 8a 3b e4 00 cc b4 4b 5a b7 23 42 fe 8b 83 0c d3 | 8b 04 83 1d 89 eb a2 fc a7 36 f9 0f 6c c3 3c 52 | f0 e6 a9 df 1f 91 76 e4 18 48 6b dc fb fa 44 6e | 8a 5a ab 43 c1 7a 50 e7 ef f8 3c ce ab 88 d0 fa | 9f 80 47 48 10 25 45 39 78 61 68 04 e3 60 9e 78 | hmac PRF sha init symkey-key@0x56121285f080 (size 20) | hmac: symkey-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed6048 | result: clone-key@0x7f534c006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5354002b50 from symkey-key@0x7f534c006bb0 | hmac prf: begin sha with context 0x7f5354002b50 from symkey-key@0x7f534c006bb0 | hmac: release clone-key@0x7f534c006bb0 | hmac PRF sha crypt-prf@0x5612128fe198 | hmac PRF sha update data-bytes@0x5612118718c0 (length 208) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 49 be 68 39 fb fb 25 e9 27 dd 38 48 54 43 da fc | 51 6d 37 26 56 88 d5 48 4b cd f5 98 d4 b6 89 06 | 88 b6 e9 12 ea 83 f7 4f 68 3b 73 ba cc 2d 0a 6e | a5 09 57 a5 58 62 40 a2 ac 8e bb 46 6d 6b 70 f9 | 92 a4 e9 ab b0 15 94 f8 d7 43 35 50 05 8f 64 5a | 34 85 2a d1 ef aa 28 a8 82 65 49 db 89 7d a5 aa | 8a 3b e4 00 cc b4 4b 5a b7 23 42 fe 8b 83 0c d3 | 8b 04 83 1d 89 eb a2 fc a7 36 f9 0f 6c c3 3c 52 | f0 e6 a9 df 1f 91 76 e4 18 48 6b dc fb fa 44 6e | 8a 5a ab 43 c1 7a 50 e7 ef f8 3c ce ab 88 d0 fa | 9f 80 47 48 10 25 45 39 78 61 68 04 e3 60 9e 78 | hmac PRF sha final-bytes@0x561211871990 (length 20) | 8c a0 cd fd 5a 4e a8 7f ed 96 19 b2 96 63 fa 26 | 99 fb 44 4c | data being hmac: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data being hmac: 49 be 68 39 fb fb 25 e9 27 dd 38 48 54 43 da fc | data being hmac: 51 6d 37 26 56 88 d5 48 4b cd f5 98 d4 b6 89 06 | data being hmac: 88 b6 e9 12 ea 83 f7 4f 68 3b 73 ba cc 2d 0a 6e | data being hmac: a5 09 57 a5 58 62 40 a2 ac 8e bb 46 6d 6b 70 f9 | data being hmac: 92 a4 e9 ab b0 15 94 f8 d7 43 35 50 05 8f 64 5a | data being hmac: 34 85 2a d1 ef aa 28 a8 82 65 49 db 89 7d a5 aa | data being hmac: 8a 3b e4 00 cc b4 4b 5a b7 23 42 fe 8b 83 0c d3 | data being hmac: 8b 04 83 1d 89 eb a2 fc a7 36 f9 0f 6c c3 3c 52 | data being hmac: f0 e6 a9 df 1f 91 76 e4 18 48 6b dc fb fa 44 6e | data being hmac: 8a 5a ab 43 c1 7a 50 e7 ef f8 3c ce ab 88 d0 fa | data being hmac: 9f 80 47 48 10 25 45 39 78 61 68 04 e3 60 9e 78 | out calculated auth: | 8c a0 cd fd 5a 4e a8 7f ed 96 19 b2 | suspend processing: state #1 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #2 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #2 to 0 after switching state | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 220 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 49 be 68 39 fb fb 25 e9 27 dd 38 48 54 43 da fc | 51 6d 37 26 56 88 d5 48 4b cd f5 98 d4 b6 89 06 | 88 b6 e9 12 ea 83 f7 4f 68 3b 73 ba cc 2d 0a 6e | a5 09 57 a5 58 62 40 a2 ac 8e bb 46 6d 6b 70 f9 | 92 a4 e9 ab b0 15 94 f8 d7 43 35 50 05 8f 64 5a | 34 85 2a d1 ef aa 28 a8 82 65 49 db 89 7d a5 aa | 8a 3b e4 00 cc b4 4b 5a b7 23 42 fe 8b 83 0c d3 | 8b 04 83 1d 89 eb a2 fc a7 36 f9 0f 6c c3 3c 52 | f0 e6 a9 df 1f 91 76 e4 18 48 6b dc fb fa 44 6e | 8a 5a ab 43 c1 7a 50 e7 ef f8 3c ce ab 88 d0 fa | 9f 80 47 48 10 25 45 39 78 61 68 04 e3 60 9e 78 | 8c a0 cd fd 5a 4e a8 7f ed 96 19 b2 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5354002b78 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x561212901388 size 128 | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10447.733995 | resume sending helper answer for #1 suppresed complete_v2_state_transition() | #1 spent 0.839 milliseconds in resume sending helper answer | stop processing: state #2 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f534c005088 | spent 0.00253 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 204 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 26 1d 67 c2 66 7a 0a 7f 45 75 9d 25 ee 26 37 12 | a3 e7 5d f2 69 5a 2c 16 9d d1 99 0c a2 54 7b 1b | 38 f1 14 63 83 72 f3 f8 03 45 e8 a4 67 8c c9 38 | d8 d2 6d 72 65 69 4e 29 eb f6 67 2a a1 7b 58 53 | 7a 83 7b ea 3a f5 5f 93 98 16 73 26 e7 3e 12 32 | fe 53 c6 21 36 53 7f fb 4c 8b 69 b1 30 3a 25 87 | 04 f0 e9 f6 56 1d c7 28 6e 4c a8 22 ba a1 ad c3 | e0 7f 68 21 59 e2 bd 98 61 61 86 2b d7 49 4d 05 | 95 10 eb dd 22 d2 c9 95 5a 37 8a a2 bb d0 a6 64 | df 14 9e e8 a7 ae df 91 72 3c 20 6d 57 9f f8 1f | 05 67 58 81 49 10 8c ed 09 17 98 b2 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a3 28 a4 06 50 ac 66 0b | responder cookie: | 7b 9b 0e b0 51 12 e9 cd | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 204 (0xcc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) | start processing: state #1 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #1 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | start processing: state #2 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #2 is idle | #2 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 176 (0xb0) | processing payload: ISAKMP_NEXT_v2SK (len=172) | #2 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x5612128e6190 (size 20) | hmac: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5e98 | result: clone-key@0x7f534c006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x5612128fc150 from symkey-key@0x7f534c006bb0 | hmac prf: begin sha with context 0x5612128fc150 from symkey-key@0x7f534c006bb0 | hmac: release clone-key@0x7f534c006bb0 | hmac PRF sha crypt-prf@0x5612128fe1e8 | hmac PRF sha update data-bytes@0x56121288e368 (length 192) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 26 1d 67 c2 66 7a 0a 7f 45 75 9d 25 ee 26 37 12 | a3 e7 5d f2 69 5a 2c 16 9d d1 99 0c a2 54 7b 1b | 38 f1 14 63 83 72 f3 f8 03 45 e8 a4 67 8c c9 38 | d8 d2 6d 72 65 69 4e 29 eb f6 67 2a a1 7b 58 53 | 7a 83 7b ea 3a f5 5f 93 98 16 73 26 e7 3e 12 32 | fe 53 c6 21 36 53 7f fb 4c 8b 69 b1 30 3a 25 87 | 04 f0 e9 f6 56 1d c7 28 6e 4c a8 22 ba a1 ad c3 | e0 7f 68 21 59 e2 bd 98 61 61 86 2b d7 49 4d 05 | 95 10 eb dd 22 d2 c9 95 5a 37 8a a2 bb d0 a6 64 | df 14 9e e8 a7 ae df 91 72 3c 20 6d 57 9f f8 1f | hmac PRF sha final-bytes@0x7ffe4aed6060 (length 20) | 05 67 58 81 49 10 8c ed 09 17 98 b2 1a bc e7 65 | 50 25 55 94 | data for hmac: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data for hmac: 26 1d 67 c2 66 7a 0a 7f 45 75 9d 25 ee 26 37 12 | data for hmac: a3 e7 5d f2 69 5a 2c 16 9d d1 99 0c a2 54 7b 1b | data for hmac: 38 f1 14 63 83 72 f3 f8 03 45 e8 a4 67 8c c9 38 | data for hmac: d8 d2 6d 72 65 69 4e 29 eb f6 67 2a a1 7b 58 53 | data for hmac: 7a 83 7b ea 3a f5 5f 93 98 16 73 26 e7 3e 12 32 | data for hmac: fe 53 c6 21 36 53 7f fb 4c 8b 69 b1 30 3a 25 87 | data for hmac: 04 f0 e9 f6 56 1d c7 28 6e 4c a8 22 ba a1 ad c3 | data for hmac: e0 7f 68 21 59 e2 bd 98 61 61 86 2b d7 49 4d 05 | data for hmac: 95 10 eb dd 22 d2 c9 95 5a 37 8a a2 bb d0 a6 64 | data for hmac: df 14 9e e8 a7 ae df 91 72 3c 20 6d 57 9f f8 1f | calculated auth: 05 67 58 81 49 10 8c ed 09 17 98 b2 | provided auth: 05 67 58 81 49 10 8c ed 09 17 98 b2 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 26 1d 67 c2 66 7a 0a 7f 45 75 9d 25 ee 26 37 12 | payload before decryption: | a3 e7 5d f2 69 5a 2c 16 9d d1 99 0c a2 54 7b 1b | 38 f1 14 63 83 72 f3 f8 03 45 e8 a4 67 8c c9 38 | d8 d2 6d 72 65 69 4e 29 eb f6 67 2a a1 7b 58 53 | 7a 83 7b ea 3a f5 5f 93 98 16 73 26 e7 3e 12 32 | fe 53 c6 21 36 53 7f fb 4c 8b 69 b1 30 3a 25 87 | 04 f0 e9 f6 56 1d c7 28 6e 4c a8 22 ba a1 ad c3 | e0 7f 68 21 59 e2 bd 98 61 61 86 2b d7 49 4d 05 | 95 10 eb dd 22 d2 c9 95 5a 37 8a a2 bb d0 a6 64 | df 14 9e e8 a7 ae df 91 72 3c 20 6d 57 9f f8 1f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 1e 74 52 ed f3 a0 c0 02 1f 0a 94 a5 | 68 26 27 31 08 5a 97 ff 2c 00 00 2c 00 00 00 28 | 01 03 04 03 6a cb 1e 21 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | stripping 12 octets as pad | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "aes128" #2: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x7f534c00d840 (size 20) | hmac: symkey-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5fc8 | result: clone-key@0x7f534c006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x5612128fc150 from symkey-key@0x7f534c006bb0 | hmac prf: begin sha with context 0x5612128fc150 from symkey-key@0x7f534c006bb0 | hmac: release clone-key@0x7f534c006bb0 | hmac PRF sha crypt-prf@0x5612128fe198 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x56121288e39c (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffe4aed6120 (length 20) | 32 a7 07 d7 26 13 bf 9f e0 37 93 29 5c 61 92 08 | 7a 10 00 ea | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x561212854c48 (line=1) | concluding with best_match=014 best=0x561212854c48 (lineno=1) | inputs to hash1 (first packet) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 d0 db 04 80 65 00 a0 5c 69 4d 35 20 | 9c 62 ab d0 e0 c3 60 6d 69 99 4c 35 6d ce 81 a0 | aa 2a 5b 30 0e fc 7e 89 5d 74 e4 10 ce 3f f3 9d | 63 6f ca 90 26 c5 47 4a a9 97 7b 3a 2b 03 23 ce | 1d 39 ba 98 67 0a 84 22 d0 82 38 df d2 7f 10 30 | 3d fa d6 b9 82 f6 ac cc 36 d6 44 7e 40 c7 13 9a | c9 9e 10 e6 a9 fe 1c 41 e8 34 91 39 d0 54 cd 0a | cd 0d 3c c3 60 83 51 3b 14 ab 0d 3d 75 cc d9 1a | 90 87 d1 99 21 0e f4 99 23 2b dd 81 19 12 9a 4d | 59 ea 0e ff c7 f1 29 50 3a 00 e6 58 e2 a1 80 38 | 49 53 7e cf 10 6e 13 ea 1f 02 0d 1f 36 ea 2e dc | b6 27 22 93 54 60 ae 07 d5 94 7c f8 4b 6b dd 40 | 60 68 8c f9 9d 0c d3 be 3b 58 48 38 6d d0 75 6e | ee f8 89 e5 c5 ad 98 90 5e 09 e4 63 cf b6 90 52 | 88 ca 16 ef dc 87 19 4f 4a 78 a0 9c 8e 1e af f8 | e4 90 ff 7c 46 e2 40 43 e9 36 7b 14 31 30 b3 86 | 55 5e 08 f9 29 00 00 24 61 2b 76 d7 49 cb 1d ff | 6a 1d 86 dd a0 e1 7e be 4a fa 5b 19 60 19 34 a0 | 4d c8 e0 fc 90 50 2e 09 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 c5 81 9c a4 d4 6a d6 f6 | 4b 57 94 1f c1 7a 29 01 0c 52 ec 7c 00 00 00 1c | 00 00 40 05 b9 bc 98 30 c9 88 f3 a4 fc 6b 26 72 | 3f e1 8f c2 7b 32 43 82 | verify: initiator inputs to hash2 (initiator nonce) | 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | idhash 32 a7 07 d7 26 13 bf 9f e0 37 93 29 5c 61 92 08 | idhash 7a 10 00 ea | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5612128e2e08 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dc0 | result: shared secret-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5da8 | result: shared secret-key@0x7f534c006bb0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x5612128fc150 from shared secret-key@0x7f534c006bb0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x5612128fc150 from shared secret-key@0x7f534c006bb0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f534c006bb0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5612128fe1e8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5612118064d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5de0 | result: final-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: final-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f534c006bb0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f534c006bb0 (size 20) | = prf(, ): -key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dd8 | result: clone-key@0x5612128fa5c0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x5612128fc150 from -key@0x5612128fa5c0 | = prf(, ) prf: begin sha with context 0x5612128fc150 from -key@0x5612128fa5c0 | = prf(, ): release clone-key@0x5612128fa5c0 | = prf(, ) PRF sha crypt-prf@0x5612128fe198 | = prf(, ) PRF sha update first-packet-bytes@0x5612128fdef8 (length 440) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 d0 db 04 80 65 00 a0 5c 69 4d 35 20 | 9c 62 ab d0 e0 c3 60 6d 69 99 4c 35 6d ce 81 a0 | aa 2a 5b 30 0e fc 7e 89 5d 74 e4 10 ce 3f f3 9d | 63 6f ca 90 26 c5 47 4a a9 97 7b 3a 2b 03 23 ce | 1d 39 ba 98 67 0a 84 22 d0 82 38 df d2 7f 10 30 | 3d fa d6 b9 82 f6 ac cc 36 d6 44 7e 40 c7 13 9a | c9 9e 10 e6 a9 fe 1c 41 e8 34 91 39 d0 54 cd 0a | cd 0d 3c c3 60 83 51 3b 14 ab 0d 3d 75 cc d9 1a | 90 87 d1 99 21 0e f4 99 23 2b dd 81 19 12 9a 4d | 59 ea 0e ff c7 f1 29 50 3a 00 e6 58 e2 a1 80 38 | 49 53 7e cf 10 6e 13 ea 1f 02 0d 1f 36 ea 2e dc | b6 27 22 93 54 60 ae 07 d5 94 7c f8 4b 6b dd 40 | 60 68 8c f9 9d 0c d3 be 3b 58 48 38 6d d0 75 6e | ee f8 89 e5 c5 ad 98 90 5e 09 e4 63 cf b6 90 52 | 88 ca 16 ef dc 87 19 4f 4a 78 a0 9c 8e 1e af f8 | e4 90 ff 7c 46 e2 40 43 e9 36 7b 14 31 30 b3 86 | 55 5e 08 f9 29 00 00 24 61 2b 76 d7 49 cb 1d ff | 6a 1d 86 dd a0 e1 7e be 4a fa 5b 19 60 19 34 a0 | 4d c8 e0 fc 90 50 2e 09 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 c5 81 9c a4 d4 6a d6 f6 | 4b 57 94 1f c1 7a 29 01 0c 52 ec 7c 00 00 00 1c | 00 00 40 05 b9 bc 98 30 c9 88 f3 a4 fc 6b 26 72 | 3f e1 8f c2 7b 32 43 82 | = prf(, ) PRF sha update nonce-bytes@0x7f5354001278 (length 32) | 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | = prf(, ) PRF sha update hash-bytes@0x7ffe4aed6120 (length 20) | 32 a7 07 d7 26 13 bf 9f e0 37 93 29 5c 61 92 08 | 7a 10 00 ea | = prf(, ) PRF sha final-chunk@0x561212901558 (length 20) | 1e 74 52 ed f3 a0 c0 02 1f 0a 94 a5 68 26 27 31 | 08 5a 97 ff | psk_auth: release prf-psk-key@0x7f534c006bb0 | Received PSK auth octets | 1e 74 52 ed f3 a0 c0 02 1f 0a 94 a5 68 26 27 31 | 08 5a 97 ff | Calculated PSK auth octets | 1e 74 52 ed f3 a0 c0 02 1f 0a 94 a5 68 26 27 31 | 08 5a 97 ff "aes128" #2: Authenticated using authby=secret | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) | state #1 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x5612128fddf8 | free_event_entry: release EVENT_SA_REPLACE-pe@0x5612128fc008 | event_schedule: new EVENT_SA_REKEY-pe@0x5612128fc008 | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 | libevent_malloc: new ptr-libevent@0x7f534c005088 size 128 | pstats #1 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="aes128" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for aes128 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 6a cb 1e 21 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=6acb1e21;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5eb0 | result: data=Ni-key@0x5612128fa5c0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5612128fa5c0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5e98 | result: data=Ni-key@0x7f534c006bb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5612128fa5c0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f534c006bb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed5ea0 | result: data+=Nr-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f534c006bb0 | prf+0 PRF sha init key-key@0x5612128e7c40 (size 20) | prf+0: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x7f534c006bb0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x5612128fc150 from key-key@0x7f534c006bb0 | prf+0 prf: begin sha with context 0x5612128fc150 from key-key@0x7f534c006bb0 | prf+0: release clone-key@0x7f534c006bb0 | prf+0 PRF sha crypt-prf@0x5612129015a8 | prf+0 PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+0: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: aa 35 04 f2 4e de 2c 49 2c 16 cd 74 94 7c c2 ac c4 85 eb 1c 8c f8 f0 ff 6b 4b d9 37 98 7c b3 28 b6 e2 fd 99 0f 96 18 86 85 85 c4 5b 33 84 67 d2 8e d1 4c 60 5c dc e9 45 eb e8 67 fe 31 0a 7a 42 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x561212900358 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x561212901410 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x561212901410 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x561212901410 | prf+0 PRF sha final-key@0x7f534c006bb0 (size 20) | prf+0: key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f534c006bb0 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x561212901410 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x5612128fc150 from key-key@0x561212901410 | prf+N prf: begin sha with context 0x5612128fc150 from key-key@0x561212901410 | prf+N: release clone-key@0x561212901410 | prf+N PRF sha crypt-prf@0x5612129014e8 | prf+N PRF sha update old_t-key@0x7f534c006bb0 (size 20) | prf+N: old_t-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f534c006bb0 | nss hmac digest hack: symkey-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: d2 6b ea 88 0a 62 1e 62 c8 91 cd 9c 26 a5 ca d0 49 d3 de c9 3e 08 32 b2 45 82 7d 10 74 f7 6a bf | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x561212900758 | unwrapped: 59 82 41 74 02 aa ca b7 cf a9 f4 cd a1 ba 4f b7 | unwrapped: 59 7a b0 b3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+N: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: aa 35 04 f2 4e de 2c 49 2c 16 cd 74 94 7c c2 ac c4 85 eb 1c 8c f8 f0 ff 6b 4b d9 37 98 7c b3 28 b6 e2 fd 99 0f 96 18 86 85 85 c4 5b 33 84 67 d2 8e d1 4c 60 5c dc e9 45 eb e8 67 fe 31 0a 7a 42 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x5612129002e8 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x5612128ffbc0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128ffbc0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128ffbc0 | prf+N PRF sha final-key@0x561212901410 (size 20) | prf+N: key-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe4aed5e48 | result: result-key@0x5612128ffbc0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f534c006bb0 | prfplus: release old_t[N]-key@0x7f534c006bb0 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x7f534c006bb0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x5612128fc150 from key-key@0x7f534c006bb0 | prf+N prf: begin sha with context 0x5612128fc150 from key-key@0x7f534c006bb0 | prf+N: release clone-key@0x7f534c006bb0 | prf+N PRF sha crypt-prf@0x5612128fe1e8 | prf+N PRF sha update old_t-key@0x561212901410 (size 20) | prf+N: old_t-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x561212901410 | nss hmac digest hack: symkey-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 4e 70 3d 2d ec 8c af 41 47 7d f9 1f f7 ac ba 65 3c 9b b6 90 02 43 79 03 3c ac b4 c4 a8 2d ff b4 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x561212904818 | unwrapped: 5a f2 26 df 07 c3 33 aa 69 96 c2 da 57 b6 1d 00 | unwrapped: 34 c6 35 89 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+N: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: aa 35 04 f2 4e de 2c 49 2c 16 cd 74 94 7c c2 ac c4 85 eb 1c 8c f8 f0 ff 6b 4b d9 37 98 7c b3 28 b6 e2 fd 99 0f 96 18 86 85 85 c4 5b 33 84 67 d2 8e d1 4c 60 5c dc e9 45 eb e8 67 fe 31 0a 7a 42 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x561212900358 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x561212900560 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x561212900560 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x561212900560 | prf+N PRF sha final-key@0x7f534c006bb0 (size 20) | prf+N: key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128ffbc0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe4aed5e48 | result: result-key@0x561212900560 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128ffbc0 | prfplus: release old_t[N]-key@0x561212901410 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x561212901410 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x5612128fc150 from key-key@0x561212901410 | prf+N prf: begin sha with context 0x5612128fc150 from key-key@0x561212901410 | prf+N: release clone-key@0x561212901410 | prf+N PRF sha crypt-prf@0x561212900298 | prf+N PRF sha update old_t-key@0x7f534c006bb0 (size 20) | prf+N: old_t-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f534c006bb0 | nss hmac digest hack: symkey-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 6d dc 5f 4d 97 12 7f 98 08 9a 52 0c e3 f6 9c 53 54 91 d9 ae b8 84 67 c3 32 48 d4 63 12 ae c9 1c | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x5612129063e8 | unwrapped: 53 b9 e4 0e 11 05 5a 62 07 57 f3 18 6f 37 02 64 | unwrapped: 19 14 fa b9 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+N: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: aa 35 04 f2 4e de 2c 49 2c 16 cd 74 94 7c c2 ac c4 85 eb 1c 8c f8 f0 ff 6b 4b d9 37 98 7c b3 28 b6 e2 fd 99 0f 96 18 86 85 85 c4 5b 33 84 67 d2 8e d1 4c 60 5c dc e9 45 eb e8 67 fe 31 0a 7a 42 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x5612129002e8 | unwrapped: 0a aa aa 01 3e 47 4d 47 d6 3c 56 77 62 da 3f 80 | unwrapped: b5 ed d0 59 c2 a9 fc 2c 23 c9 31 e0 a1 e9 87 47 | unwrapped: 61 2b 76 d7 49 cb 1d ff 6a 1d 86 dd a0 e1 7e be | unwrapped: 4a fa 5b 19 60 19 34 a0 4d c8 e0 fc 90 50 2e 09 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x5612128ffbc0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128ffbc0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128ffbc0 | prf+N PRF sha final-key@0x561212901410 (size 20) | prf+N: key-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x561212900560 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe4aed5e48 | result: result-key@0x5612128ffbc0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x561212900560 | prfplus: release old_t[N]-key@0x7f534c006bb0 | prfplus: release old_t[final]-key@0x561212901410 | child_sa_keymat: release data-key@0x5612128fa5c0 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x5612128ffbc0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f28 | result: result-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x5612128fa5c0 | initiator to responder keys: symkey-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x5612128e2eb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)962928739: d2 6b ea 88 0a 62 1e 62 c8 91 cd 9c 26 a5 ca d0 e1 90 07 6d 82 30 9f 39 15 ae 00 b7 da 5f 6d 6f b7 55 a5 08 62 a6 e5 b2 da 4c 94 4b 44 0d 46 07 | initiator to responder keys: release slot-key-key@0x5612128e2eb0 | initiator to responder keys extracted len 48 bytes at 0x561212859918 | unwrapped: 59 82 41 74 02 aa ca b7 cf a9 f4 cd a1 ba 4f b7 | unwrapped: 59 7a b0 b3 5a f2 26 df 07 c3 33 aa 69 96 c2 da | unwrapped: 57 b6 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x5612128fa5c0 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x5612128ffbc0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f28 | result: result-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x5612128fa5c0 | responder to initiator keys:: symkey-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x5612128e2eb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)962928739: 17 86 99 25 c9 35 15 26 da 15 9c fd d8 02 6b 42 c4 d8 9b b8 eb 80 45 99 e9 c2 0d f0 9a 07 3e 1d 03 b4 af 1d fd 52 b8 fb 1f 22 79 68 15 16 66 3b | responder to initiator keys:: release slot-key-key@0x5612128e2eb0 | responder to initiator keys: extracted len 48 bytes at 0x561212904918 | unwrapped: 34 c6 35 89 53 b9 e4 0e 11 05 5a 62 07 57 f3 18 | unwrapped: 6f 37 02 64 19 14 fa b9 4b ad cd cc d0 0f 1d 70 | unwrapped: 2d 9d 2a 4a 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x5612128fa5c0 | ikev2_derive_child_keys: release keymat-key@0x5612128ffbc0 | #1 spent 1.44 milliseconds | install_ipsec_sa() for #2: inbound and outbound | could_route called for aes128 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.6acb1e21@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.bc69695f@192.1.2.45 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #2: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: aes128 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 | priority calculation of connection "aes128" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6acb1e21 SPI_OUT= | popen cmd is 1025 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+U: | cmd( 640):P+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' : | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: | cmd( 960):ARED='no' SPI_IN=0x6acb1e21 SPI_OUT=0xbc69695f ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6acb1e2 | popen cmd is 1030 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUT: | cmd( 400):O_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT: | cmd( 480):_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=: | cmd( 560):'' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+: | cmd( 640):PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMAN: | cmd( 720):ENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_P: | cmd( 800):EER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=: | cmd( 880):'0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V: | cmd( 960):TI_SHARED='no' SPI_IN=0x6acb1e21 SPI_OUT=0xbc69695f ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6acb1e21 SP | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x6acb1e21 SPI_OUT=0xbc69695f ipsec _updown 2>&1: | route_and_eroute: instance "aes128", setting eroute_owner {spd=0x5612128fb5d8,sr=0x5612128fb5d8} to #2 (was #0) (newest_ipsec_sa=#0) | #1 spent 1.48 milliseconds in install_ipsec_sa() | inR2: instance aes128[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x561212901388 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5354002b78 | #2 spent 2.7 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #2 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #2 to 1 after switching state | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #2 ikev2.child established "aes128" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "aes128" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x6acb1e21 <0xbc69695f xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #2 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #1 | unpending state #1 connection "aes128" | delete from pending Child SA with 192.1.2.23 "aes128" | removing pending policy for no connection {0x5612128ee1f8} | close_any(fd@24) (in release_whack() at state.c:654) | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f5354002b78 | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 | libevent_malloc: new ptr-libevent@0x5612128fddf8 size 128 | stop processing: state #2 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 3.07 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 3.09 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00435 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00252 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00266 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.bc69695f@192.1.2.45 | get_sa_info esp.6acb1e21@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0888 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #2 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #2 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #2 ikev2.child deleted completed | #2 spent 2.7 milliseconds in total | [RE]START processing: state #2 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #2: deleting state (STATE_V2_IPSEC_I) aged 0.088s and sending notification | child state #2: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.6acb1e21@192.1.2.23 | get_sa_info esp.bc69695f@192.1.2.45 "aes128" #2: ESP traffic information: in=84B out=84B | #2 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | a3 28 a4 06 50 ac 66 0b | responder cookie: | 7b 9b 0e b0 51 12 e9 cd | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis bc 69 69 5f | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | be 63 e1 fd 6f 2d 6f 7c 38 ce 3b 7d 9c 64 f9 43 | data before encryption: | 00 00 00 0c 03 04 00 01 bc 69 69 5f 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 7d 52 59 3d 5d d7 97 cc b7 67 e1 94 4c ff b8 a3 | hmac PRF sha init symkey-key@0x56121285f080 (size 20) | hmac: symkey-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed2d78 | result: clone-key@0x5612128ffbc0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x5612128fc150 from symkey-key@0x5612128ffbc0 | hmac prf: begin sha with context 0x5612128fc150 from symkey-key@0x5612128ffbc0 | hmac: release clone-key@0x5612128ffbc0 | hmac PRF sha crypt-prf@0x5612128fe1e8 | hmac PRF sha update data-bytes@0x7ffe4aed3150 (length 64) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | be 63 e1 fd 6f 2d 6f 7c 38 ce 3b 7d 9c 64 f9 43 | 7d 52 59 3d 5d d7 97 cc b7 67 e1 94 4c ff b8 a3 | hmac PRF sha final-bytes@0x7ffe4aed3190 (length 20) | 3b 9b fc 3c 4b a5 00 0e 1b f9 fa 9d 02 5b 08 a6 | 36 2a 77 ab | data being hmac: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: be 63 e1 fd 6f 2d 6f 7c 38 ce 3b 7d 9c 64 f9 43 | data being hmac: 7d 52 59 3d 5d d7 97 cc b7 67 e1 94 4c ff b8 a3 | out calculated auth: | 3b 9b fc 3c 4b a5 00 0e 1b f9 fa 9d | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #2) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | be 63 e1 fd 6f 2d 6f 7c 38 ce 3b 7d 9c 64 f9 43 | 7d 52 59 3d 5d d7 97 cc b7 67 e1 94 4c ff b8 a3 | 3b 9b fc 3c 4b a5 00 0e 1b f9 fa 9d | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #2 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x5612128fddf8 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f5354002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825162' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6acb1e2 | popen cmd is 1033 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INT: | cmd( 80):ERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@we: | cmd( 160):st' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIE: | cmd( 240):NT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=': | cmd( 320):16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_P: | cmd( 400):EER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MA: | cmd( 480):SK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' : | cmd( 560):PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825162' PLUTO_CONN_POLICY='PSK+ENCRYPT+T: | cmd( 640):UNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PER: | cmd( 720):MANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUT: | cmd( 800):O_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERV: | cmd( 880):ER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no: | cmd( 960):' VTI_SHARED='no' SPI_IN=0x6acb1e21 SPI_OUT=0xbc69695f ipsec _updown 2>&1: | shunt_eroute() called for connection 'aes128' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "aes128" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.6acb1e21@192.1.2.23 | netlink response for Del SA esp.6acb1e21@192.1.2.23 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.bc69695f@192.1.2.45 | netlink response for Del SA esp.bc69695f@192.1.2.45 included non-error error | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #2 in V2_IPSEC_I | child state #2: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x5612128e7c40 | delete_state: release st->st_skey_ai_nss-key@0x56121285f080 | delete_state: release st->st_skey_ar_nss-key@0x5612128e6190 | delete_state: release st->st_skey_ei_nss-key@0x5612128e9a80 | delete_state: release st->st_skey_er_nss-key@0x5612128e0610 | delete_state: release st->st_skey_pi_nss-key@0x7f534c00a0e0 | delete_state: release st->st_skey_pr_nss-key@0x7f534c00d840 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #1 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #1 | start processing: state #1 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #1 ikev2.ike deleted completed | #1 spent 7.97 milliseconds in total | [RE]START processing: state #1 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #1: deleting state (STATE_PARENT_I3) aged 0.102s and sending notification | parent state #1: PARENT_I3(established IKE SA) => delete | #1 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | a3 28 a4 06 50 ac 66 0b | responder cookie: | 7b 9b 0e b0 51 12 e9 cd | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 3f f6 5f 70 05 fe a1 b7 6c 93 fe 5c cf 97 06 97 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 52 a0 6b 6d 67 00 c1 36 f8 19 f7 e9 fe a9 13 0d | hmac PRF sha init symkey-key@0x56121285f080 (size 20) | hmac: symkey-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed2d78 | result: clone-key@0x5612128ffbc0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5354002b50 from symkey-key@0x5612128ffbc0 | hmac prf: begin sha with context 0x7f5354002b50 from symkey-key@0x5612128ffbc0 | hmac: release clone-key@0x5612128ffbc0 | hmac PRF sha crypt-prf@0x5612128fe198 | hmac PRF sha update data-bytes@0x7ffe4aed3150 (length 64) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 3f f6 5f 70 05 fe a1 b7 6c 93 fe 5c cf 97 06 97 | 52 a0 6b 6d 67 00 c1 36 f8 19 f7 e9 fe a9 13 0d | hmac PRF sha final-bytes@0x7ffe4aed3190 (length 20) | 21 ad 0b bc 38 83 b7 be 9a db 1a 20 fd 60 ea 81 | 82 fa 65 17 | data being hmac: a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data being hmac: 3f f6 5f 70 05 fe a1 b7 6c 93 fe 5c cf 97 06 97 | data being hmac: 52 a0 6b 6d 67 00 c1 36 f8 19 f7 e9 fe a9 13 0d | out calculated auth: | 21 ad 0b bc 38 83 b7 be 9a db 1a 20 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 3f f6 5f 70 05 fe a1 b7 6c 93 fe 5c cf 97 06 97 | 52 a0 6b 6d 67 00 c1 36 f8 19 f7 e9 fe a9 13 0d | 21 ad 0b bc 38 83 b7 be 9a db 1a 20 | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send | Message ID: #1 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #1 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #1 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f534c005088 | free_event_entry: release EVENT_SA_REKEY-pe@0x5612128fc008 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #1 in PARENT_I3 | parent state #1: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5354003a28: destroyed | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x5612128e96a0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x5612128e7c40 | delete_state: release st->st_skey_ai_nss-key@0x56121285f080 | delete_state: release st->st_skey_ar_nss-key@0x5612128e6190 | delete_state: release st->st_skey_ei_nss-key@0x5612128e9a80 | delete_state: release st->st_skey_er_nss-key@0x5612128e0610 | delete_state: release st->st_skey_pi_nss-key@0x7f534c00a0e0 | delete_state: release st->st_skey_pr_nss-key@0x7f534c00d840 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.34 milliseconds in whack | spent 0.00132 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 6c ca 14 4e 71 46 33 2b bb 2f f3 b2 79 ff 84 a3 | 78 e3 2f f2 4d ab bf da 71 51 09 51 6c a0 4f 2d | f8 2a d6 5e 52 01 a2 0a 9a e4 f4 41 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a3 28 a4 06 50 ac 66 0b | responder cookie: | 7b 9b 0e b0 51 12 e9 cd | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0429 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00606 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00218 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | a3 28 a4 06 50 ac 66 0b 7b 9b 0e b0 51 12 e9 cd | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | d5 a2 6c d1 36 05 7f 1c ca 67 1d ab 96 52 49 84 | d2 70 2a 93 27 ce 9f 77 19 08 d4 3a e9 f2 2a 27 | 14 70 aa 3f 44 da f8 76 44 b6 bb 3a | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a3 28 a4 06 50 ac 66 0b | responder cookie: | 7b 9b 0e b0 51 12 e9 cd | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0443 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "aes128" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'aes128' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "aes128" is 0xfe7e7 | priority calculation of connection "aes128" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT | popen cmd is 1014 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLU: | cmd( 400):TO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIEN: | cmd( 480):T_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA: | cmd( 560):='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL: | cmd( 640):+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x5612128fbe98 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.806 milliseconds in whack | kernel_process_msg_cb process netlink message | netlink_get: XFRM_MSG_UPDPOLICY message | spent 0.00623 milliseconds in kernel message | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0034 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.319 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.103 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0444 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x5612128fbe98 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.127 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #3 at 0x5612129007b8 | State DB: adding IKEv2 state #3 in UNDEFINED | pstats #3 ikev2.ike started | Message ID: init #3: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #3: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #3; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #3 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #3 "aes128" "aes128" #3: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 3 for state #3 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5612128fc008 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x561212901388 size 128 | #3 spent 0.114 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #3 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.177 milliseconds in whack | crypto helper 3 resuming | crypto helper 3 starting work-order 3 for state #3 | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 3 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5350003a28: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5350003a28 | NSS: Public DH wire value: | d7 6d c8 34 ad 79 22 d4 04 1d 9b 7d 1a ff ec a3 | bc 80 9c ef 7b 1c c8 1b a0 c2 3c 8b 3c 00 39 60 | 0f 1e a4 67 e9 eb 29 ed 89 fe e4 2c 2d 95 68 13 | 69 f4 64 0d ba 0d 9b e8 9f 44 32 fd 92 45 08 e4 | 26 7f 51 f9 93 46 ae ed 13 00 d2 fd 23 ad 0b cd | 54 58 30 91 3a 6b b3 bf 8b e5 d7 81 cb 26 12 1e | 17 64 bf 10 7b a8 8c 32 5c 46 dd c9 49 cb 1c 6c | 03 9f 19 d5 14 45 e7 53 29 f9 66 eb 34 b0 0c 54 | 66 df eb be a4 a1 6b 16 7e 77 4f f2 7e 59 c1 25 | b0 55 31 ee 1a 28 cc c6 99 b0 0e 04 df 7d f1 d5 | 4e 91 09 2e c1 6d 73 50 bd 5a 61 f4 d7 06 38 9f | a4 e9 40 6f 28 16 07 56 0c 5b 9b ca f6 ab 52 83 | 56 d4 25 b0 32 6f 2c 88 83 05 bb 39 66 47 d9 9c | ed 47 9e 77 4b 46 bb 64 f3 32 60 5f b8 6e 8f 8d | 2c bb af b6 14 cb 34 6f 92 05 32 d4 29 43 01 b1 | 3a a5 78 bb 7d f2 10 c3 9d e0 d7 15 e0 26 5f c8 | Generated nonce: 91 1d a2 fd 4e ea be f1 fd 66 3e a8 94 2e f5 5e | Generated nonce: 9c 16 37 c6 0e 59 ad d4 ed 4d 35 1d f4 67 69 84 | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 3 time elapsed 0.00064 seconds | (#3) spent 0.624 milliseconds in crypto helper computing work-order 3: ikev2_outI1 KE (pcr) | crypto helper 3 sending results from work-order 3 for state #3 to event queue | scheduling resume sending helper answer for #3 | libevent_malloc: new ptr-libevent@0x7f5350002888 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #3 | start processing: state #3 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 3 | calling continuation function 0x561211773b50 | ikev2_parent_outI1_continue for #3 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5350003a28: transferring ownership from helper KE to state #3 | **emit ISAKMP Message: | initiator cookie: | a9 37 54 0b 27 15 5f ee | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #3: IMPAIR: emitting fixed-length key-length attribute with 0 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x d7 6d c8 34 ad 79 22 d4 04 1d 9b 7d 1a ff ec a3 | ikev2 g^x bc 80 9c ef 7b 1c c8 1b a0 c2 3c 8b 3c 00 39 60 | ikev2 g^x 0f 1e a4 67 e9 eb 29 ed 89 fe e4 2c 2d 95 68 13 | ikev2 g^x 69 f4 64 0d ba 0d 9b e8 9f 44 32 fd 92 45 08 e4 | ikev2 g^x 26 7f 51 f9 93 46 ae ed 13 00 d2 fd 23 ad 0b cd | ikev2 g^x 54 58 30 91 3a 6b b3 bf 8b e5 d7 81 cb 26 12 1e | ikev2 g^x 17 64 bf 10 7b a8 8c 32 5c 46 dd c9 49 cb 1c 6c | ikev2 g^x 03 9f 19 d5 14 45 e7 53 29 f9 66 eb 34 b0 0c 54 | ikev2 g^x 66 df eb be a4 a1 6b 16 7e 77 4f f2 7e 59 c1 25 | ikev2 g^x b0 55 31 ee 1a 28 cc c6 99 b0 0e 04 df 7d f1 d5 | ikev2 g^x 4e 91 09 2e c1 6d 73 50 bd 5a 61 f4 d7 06 38 9f | ikev2 g^x a4 e9 40 6f 28 16 07 56 0c 5b 9b ca f6 ab 52 83 | ikev2 g^x 56 d4 25 b0 32 6f 2c 88 83 05 bb 39 66 47 d9 9c | ikev2 g^x ed 47 9e 77 4b 46 bb 64 f3 32 60 5f b8 6e 8f 8d | ikev2 g^x 2c bb af b6 14 cb 34 6f 92 05 32 d4 29 43 01 b1 | ikev2 g^x 3a a5 78 bb 7d f2 10 c3 9d e0 d7 15 e0 26 5f c8 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 91 1d a2 fd 4e ea be f1 fd 66 3e a8 94 2e f5 5e | IKEv2 nonce 9c 16 37 c6 0e 59 ad d4 ed 4d 35 1d f4 67 69 84 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | a9 37 54 0b 27 15 5f ee | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 73 a5 28 29 29 0f 59 78 49 e5 1b 49 b8 bc 4e 51 | 4b 96 43 e4 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= a9 37 54 0b 27 15 5f ee | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 73 a5 28 29 29 0f 59 78 49 e5 1b 49 b8 bc 4e 51 | natd_hash: hash= 4b 96 43 e4 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 73 a5 28 29 29 0f 59 78 49 e5 1b 49 b8 bc 4e 51 | Notify data 4b 96 43 e4 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | a9 37 54 0b 27 15 5f ee | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | a0 b1 b1 68 16 f5 4d 50 4c 62 8e 71 91 ee dc 54 | e9 37 2f 8d | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= a9 37 54 0b 27 15 5f ee | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= a0 b1 b1 68 16 f5 4d 50 4c 62 8e 71 91 ee dc 54 | natd_hash: hash= e9 37 2f 8d | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data a0 b1 b1 68 16 f5 4d 50 4c 62 8e 71 91 ee dc 54 | Notify data e9 37 2f 8d | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #3 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #3 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #3 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #3: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #3 to 4294967295 after switching state | Message ID: IKE #3 skipping update_recv as MD is fake | Message ID: sent #3 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #3: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #3) | a9 37 54 0b 27 15 5f ee 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 d7 6d c8 34 ad 79 22 d4 04 1d 9b 7d | 1a ff ec a3 bc 80 9c ef 7b 1c c8 1b a0 c2 3c 8b | 3c 00 39 60 0f 1e a4 67 e9 eb 29 ed 89 fe e4 2c | 2d 95 68 13 69 f4 64 0d ba 0d 9b e8 9f 44 32 fd | 92 45 08 e4 26 7f 51 f9 93 46 ae ed 13 00 d2 fd | 23 ad 0b cd 54 58 30 91 3a 6b b3 bf 8b e5 d7 81 | cb 26 12 1e 17 64 bf 10 7b a8 8c 32 5c 46 dd c9 | 49 cb 1c 6c 03 9f 19 d5 14 45 e7 53 29 f9 66 eb | 34 b0 0c 54 66 df eb be a4 a1 6b 16 7e 77 4f f2 | 7e 59 c1 25 b0 55 31 ee 1a 28 cc c6 99 b0 0e 04 | df 7d f1 d5 4e 91 09 2e c1 6d 73 50 bd 5a 61 f4 | d7 06 38 9f a4 e9 40 6f 28 16 07 56 0c 5b 9b ca | f6 ab 52 83 56 d4 25 b0 32 6f 2c 88 83 05 bb 39 | 66 47 d9 9c ed 47 9e 77 4b 46 bb 64 f3 32 60 5f | b8 6e 8f 8d 2c bb af b6 14 cb 34 6f 92 05 32 d4 | 29 43 01 b1 3a a5 78 bb 7d f2 10 c3 9d e0 d7 15 | e0 26 5f c8 29 00 00 24 91 1d a2 fd 4e ea be f1 | fd 66 3e a8 94 2e f5 5e 9c 16 37 c6 0e 59 ad d4 | ed 4d 35 1d f4 67 69 84 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 73 a5 28 29 29 0f 59 78 | 49 e5 1b 49 b8 bc 4e 51 4b 96 43 e4 00 00 00 1c | 00 00 40 05 a0 b1 b1 68 16 f5 4d 50 4c 62 8e 71 | 91 ee dc 54 e9 37 2f 8d | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x561212901388 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5612128fc008 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x5612128fc008 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 | libevent_malloc: new ptr-libevent@0x561212901bf8 size 128 | #3 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10448.308509 | resume sending helper answer for #3 suppresed complete_v2_state_transition() and stole MD | #3 spent 0.471 milliseconds in resume sending helper answer | stop processing: state #3 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5350002888 | spent 0.00221 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | a9 37 54 0b 27 15 5f ee 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a9 37 54 0b 27 15 5f ee | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #3 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #3 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #3 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #3 is idle | #3 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #3 IKE SPIi and SPI[ir] | #3 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #3: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #3 spent 0.0131 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #3 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #3 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #3 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #3 spent 0.203 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.232 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x5612128fc008 | handling event EVENT_RETRANSMIT for parent state #3 | start processing: state #3 connection "aes128" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #3 connection "aes128" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "aes128" #3 attempt 2 of 0 | and parent for 192.1.2.23 "aes128" #3 keying attempt 1 of 0; retransmit 1 "aes128" #3: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #3 connection "aes128" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:234) | pstats #3 ikev2.ike failed too-many-retransmits | pstats #3 ikev2.ike deleted too-many-retransmits | #3 spent 1.41 milliseconds in total | [RE]START processing: state #3 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #3: deleting state (STATE_PARENT_I1) aged 0.502s and NOT sending notification | parent state #3: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection aes128 | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "aes128" {0x5612128ee1f8} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #3 "aes128" #3: deleting IKE SA for connection 'aes128' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'aes128' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #3 in PARENT_I1 | parent state #3: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f5350003a28: destroyed | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x561212901bf8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5612128fc008 | in statetime_stop() and could not find #3 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection aes128 which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #4 at 0x5612129007b8 | State DB: adding IKEv2 state #4 in UNDEFINED | pstats #4 ikev2.ike started | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #4 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #4 "aes128" "aes128" #4: initiating v2 parent SA | using existing local IKE proposals for connection aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 4 for state #4 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5612128fc008 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 | libevent_malloc: new ptr-libevent@0x7f5350002888 size 128 | #4 spent 0.0882 milliseconds in ikev2_parent_outI1() | RESET processing: state #4 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 2 resuming | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | crypto helper 2 starting work-order 4 for state #4 | spent 0.112 milliseconds in global timer EVENT_REVIVE_CONNS | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 4 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5344003a28: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5344003a28 | NSS: Public DH wire value: | db 0c bb 83 4d ef 27 83 e9 7f 42 55 49 d0 25 64 | 78 ba e0 8d 2e 43 2b 86 57 0b 2b e6 df dd ce ac | 03 70 66 28 1d 0c e6 85 6d 84 49 f9 b2 6c bf 6e | 54 82 67 59 ba 16 a4 f6 8f 39 1a ac 2f c1 86 1a | 6d ac 47 0e 64 1d 28 54 93 2e ee fa 7c 5b 94 16 | 41 28 94 69 da 5e f0 1e a4 80 41 c1 f8 e4 94 75 | 8d b4 d0 fd 10 4b 3e 45 fd e0 e3 05 17 4f 03 a3 | c9 dc a8 5b 7d db b9 f8 41 4e 18 2a e3 af 64 35 | b4 f4 39 8f 52 bf 70 0d e9 f4 b9 93 92 6b 38 4f | 23 c6 d5 f0 26 46 b4 a7 5e 83 5d d9 df 60 b2 85 | 9d 32 d1 43 f0 4a c6 19 9a da 17 71 d5 b3 fd ed | ce c1 29 4c dd 13 4d d3 de 91 b8 89 57 2e 06 14 | cb 3a 44 2a f0 93 f5 f9 9c e8 6c 0a e0 d3 de 4b | 33 b2 98 4c 41 91 11 5f 34 19 b7 b8 53 c0 32 78 | 3c 83 8d ec e8 8e 21 fe 1d 46 33 62 67 08 04 40 | aa 0f 72 af 06 4d 99 7d 0f 1f 0b f8 4d dc f5 3b | Generated nonce: e1 76 38 ee 2f 3f 4e d2 0e 6d 81 af 1f 7c 80 54 | Generated nonce: 20 45 28 69 bb 30 65 21 d1 aa a3 6c ac 20 9c 38 | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000813 seconds | (#4) spent 0.814 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) | crypto helper 2 sending results from work-order 4 for state #4 to event queue | scheduling resume sending helper answer for #4 | libevent_malloc: new ptr-libevent@0x7f5344002888 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #4 | start processing: state #4 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 4 | calling continuation function 0x561211773b50 | ikev2_parent_outI1_continue for #4 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5344003a28: transferring ownership from helper KE to state #4 | **emit ISAKMP Message: | initiator cookie: | 75 f4 b3 20 16 59 35 3f | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #4: IMPAIR: emitting fixed-length key-length attribute with 0 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x db 0c bb 83 4d ef 27 83 e9 7f 42 55 49 d0 25 64 | ikev2 g^x 78 ba e0 8d 2e 43 2b 86 57 0b 2b e6 df dd ce ac | ikev2 g^x 03 70 66 28 1d 0c e6 85 6d 84 49 f9 b2 6c bf 6e | ikev2 g^x 54 82 67 59 ba 16 a4 f6 8f 39 1a ac 2f c1 86 1a | ikev2 g^x 6d ac 47 0e 64 1d 28 54 93 2e ee fa 7c 5b 94 16 | ikev2 g^x 41 28 94 69 da 5e f0 1e a4 80 41 c1 f8 e4 94 75 | ikev2 g^x 8d b4 d0 fd 10 4b 3e 45 fd e0 e3 05 17 4f 03 a3 | ikev2 g^x c9 dc a8 5b 7d db b9 f8 41 4e 18 2a e3 af 64 35 | ikev2 g^x b4 f4 39 8f 52 bf 70 0d e9 f4 b9 93 92 6b 38 4f | ikev2 g^x 23 c6 d5 f0 26 46 b4 a7 5e 83 5d d9 df 60 b2 85 | ikev2 g^x 9d 32 d1 43 f0 4a c6 19 9a da 17 71 d5 b3 fd ed | ikev2 g^x ce c1 29 4c dd 13 4d d3 de 91 b8 89 57 2e 06 14 | ikev2 g^x cb 3a 44 2a f0 93 f5 f9 9c e8 6c 0a e0 d3 de 4b | ikev2 g^x 33 b2 98 4c 41 91 11 5f 34 19 b7 b8 53 c0 32 78 | ikev2 g^x 3c 83 8d ec e8 8e 21 fe 1d 46 33 62 67 08 04 40 | ikev2 g^x aa 0f 72 af 06 4d 99 7d 0f 1f 0b f8 4d dc f5 3b | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce e1 76 38 ee 2f 3f 4e d2 0e 6d 81 af 1f 7c 80 54 | IKEv2 nonce 20 45 28 69 bb 30 65 21 d1 aa a3 6c ac 20 9c 38 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 75 f4 b3 20 16 59 35 3f | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 98 94 84 ca 0b ae cb a4 9b d5 f2 36 89 37 41 f7 | 4a c0 34 f6 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 75 f4 b3 20 16 59 35 3f | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 98 94 84 ca 0b ae cb a4 9b d5 f2 36 89 37 41 f7 | natd_hash: hash= 4a c0 34 f6 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 98 94 84 ca 0b ae cb a4 9b d5 f2 36 89 37 41 f7 | Notify data 4a c0 34 f6 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 75 f4 b3 20 16 59 35 3f | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | cc 01 67 e3 70 e5 ef b0 23 bc 71 4e ad 9a f1 9f | c8 09 d6 e9 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 75 f4 b3 20 16 59 35 3f | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= cc 01 67 e3 70 e5 ef b0 23 bc 71 4e ad 9a f1 9f | natd_hash: hash= c8 09 d6 e9 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data cc 01 67 e3 70 e5 ef b0 23 bc 71 4e ad 9a f1 9f | Notify data c8 09 d6 e9 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #4 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #4 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #4 to 4294967295 after switching state | Message ID: IKE #4 skipping update_recv as MD is fake | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) | 75 f4 b3 20 16 59 35 3f 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 db 0c bb 83 4d ef 27 83 e9 7f 42 55 | 49 d0 25 64 78 ba e0 8d 2e 43 2b 86 57 0b 2b e6 | df dd ce ac 03 70 66 28 1d 0c e6 85 6d 84 49 f9 | b2 6c bf 6e 54 82 67 59 ba 16 a4 f6 8f 39 1a ac | 2f c1 86 1a 6d ac 47 0e 64 1d 28 54 93 2e ee fa | 7c 5b 94 16 41 28 94 69 da 5e f0 1e a4 80 41 c1 | f8 e4 94 75 8d b4 d0 fd 10 4b 3e 45 fd e0 e3 05 | 17 4f 03 a3 c9 dc a8 5b 7d db b9 f8 41 4e 18 2a | e3 af 64 35 b4 f4 39 8f 52 bf 70 0d e9 f4 b9 93 | 92 6b 38 4f 23 c6 d5 f0 26 46 b4 a7 5e 83 5d d9 | df 60 b2 85 9d 32 d1 43 f0 4a c6 19 9a da 17 71 | d5 b3 fd ed ce c1 29 4c dd 13 4d d3 de 91 b8 89 | 57 2e 06 14 cb 3a 44 2a f0 93 f5 f9 9c e8 6c 0a | e0 d3 de 4b 33 b2 98 4c 41 91 11 5f 34 19 b7 b8 | 53 c0 32 78 3c 83 8d ec e8 8e 21 fe 1d 46 33 62 | 67 08 04 40 aa 0f 72 af 06 4d 99 7d 0f 1f 0b f8 | 4d dc f5 3b 29 00 00 24 e1 76 38 ee 2f 3f 4e d2 | 0e 6d 81 af 1f 7c 80 54 20 45 28 69 bb 30 65 21 | d1 aa a3 6c ac 20 9c 38 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 98 94 84 ca 0b ae cb a4 | 9b d5 f2 36 89 37 41 f7 4a c0 34 f6 00 00 00 1c | 00 00 40 05 cc 01 67 e3 70 e5 ef b0 23 bc 71 4e | ad 9a f1 9f c8 09 d6 e9 | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5350002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5612128fc008 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x5612128fc008 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 | libevent_malloc: new ptr-libevent@0x561212901bf8 size 128 | #4 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10448.811403 | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD | #4 spent 0.452 milliseconds in resume sending helper answer | stop processing: state #4 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5344002888 | spent 0.00208 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 75 f4 b3 20 16 59 35 3f 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 75 f4 b3 20 16 59 35 3f | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #4 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #4 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #4 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #4 is idle | #4 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #4 IKE SPIi and SPI[ir] | #4 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #4: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #4 spent 0.00646 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #4 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #4 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #4 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #4 spent 0.104 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.118 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0322 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | removing pending policy for no connection {0x5612128ee1f8} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #4 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #4 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #4 ikev2.ike deleted other | #4 spent 1.46 milliseconds in total | [RE]START processing: state #4 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #4: deleting state (STATE_PARENT_I1) aged 0.012s and NOT sending notification | parent state #4: PARENT_I1(half-open IKE SA) => delete | state #4 requesting EVENT_RETRANSMIT to be deleted | #4 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x561212901bf8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5612128fc008 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #4 in PARENT_I1 | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5344003a28: destroyed | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x5612128fbe98 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.191 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0472 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0448 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | child-key-length-attribute:0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0413 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x5612128fbe98 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.132 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #5 at 0x5612129007b8 | State DB: adding IKEv2 state #5 in UNDEFINED | pstats #5 ikev2.ike started | Message ID: init #5: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #5: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #5; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #5 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #5 "aes128" "aes128" #5: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 5 for state #5 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5612128fc008 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x7f5344002888 size 128 | #5 spent 0.0868 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 4 resuming | crypto helper 4 starting work-order 5 for state #5 | RESET processing: state #5 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 5 | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.145 milliseconds in whack | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5348003a28: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5348003a28 | NSS: Public DH wire value: | 48 dd 31 6b 4c b1 49 55 93 b4 5b 2c f4 36 d5 06 | ad 4a 23 54 71 b3 bb bc 54 38 f7 23 6a 77 05 35 | 3f 95 a7 7a 1b cf ee 0a 33 17 b1 cb c9 a6 59 c5 | bb 6e 39 bd 12 91 54 83 ec aa 76 59 d8 f7 e5 9c | 52 8f 33 bf 65 99 e1 5c b4 2c 9f 82 72 33 e1 d2 | ff 52 fa e6 58 dd e5 ce da 30 8a 6c fb 3a f1 3d | 74 ad 0d 3c f3 33 46 6b 93 d7 d8 3d 85 8a bd 86 | 2e 39 00 5a 16 d2 6e 2d e1 d8 73 fa b3 c8 e3 3a | 88 c8 65 25 79 80 90 12 28 38 72 b2 c6 f8 62 43 | 11 75 65 b5 20 14 53 b1 38 c0 16 6a 44 92 01 fb | 9e 19 91 e7 87 62 2f 19 b1 4c 37 88 bc 4c 91 26 | 56 e0 1a ab 8b 37 76 8a 00 26 9d b4 10 49 5e a6 | 81 57 e9 27 d5 45 e0 d9 a1 b1 16 c6 5f aa c0 c9 | fc af b8 72 84 a2 49 3c a4 f0 34 e2 f1 3a 2c 5d | 30 ae b9 40 a6 4e 71 ca 1b a8 ab c4 75 49 79 57 | 78 60 eb f9 ea 85 7b 7e ed 76 f2 09 d5 4e 9d 10 | Generated nonce: 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | Generated nonce: dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 5 time elapsed 0.000652 seconds | (#5) spent 0.653 milliseconds in crypto helper computing work-order 5: ikev2_outI1 KE (pcr) | crypto helper 4 sending results from work-order 5 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f5348002888 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #5 | start processing: state #5 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 5 | calling continuation function 0x561211773b50 | ikev2_parent_outI1_continue for #5 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5348003a28: transferring ownership from helper KE to state #5 | **emit ISAKMP Message: | initiator cookie: | 33 f0 f4 e3 3a 9f 15 4f | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 48 dd 31 6b 4c b1 49 55 93 b4 5b 2c f4 36 d5 06 | ikev2 g^x ad 4a 23 54 71 b3 bb bc 54 38 f7 23 6a 77 05 35 | ikev2 g^x 3f 95 a7 7a 1b cf ee 0a 33 17 b1 cb c9 a6 59 c5 | ikev2 g^x bb 6e 39 bd 12 91 54 83 ec aa 76 59 d8 f7 e5 9c | ikev2 g^x 52 8f 33 bf 65 99 e1 5c b4 2c 9f 82 72 33 e1 d2 | ikev2 g^x ff 52 fa e6 58 dd e5 ce da 30 8a 6c fb 3a f1 3d | ikev2 g^x 74 ad 0d 3c f3 33 46 6b 93 d7 d8 3d 85 8a bd 86 | ikev2 g^x 2e 39 00 5a 16 d2 6e 2d e1 d8 73 fa b3 c8 e3 3a | ikev2 g^x 88 c8 65 25 79 80 90 12 28 38 72 b2 c6 f8 62 43 | ikev2 g^x 11 75 65 b5 20 14 53 b1 38 c0 16 6a 44 92 01 fb | ikev2 g^x 9e 19 91 e7 87 62 2f 19 b1 4c 37 88 bc 4c 91 26 | ikev2 g^x 56 e0 1a ab 8b 37 76 8a 00 26 9d b4 10 49 5e a6 | ikev2 g^x 81 57 e9 27 d5 45 e0 d9 a1 b1 16 c6 5f aa c0 c9 | ikev2 g^x fc af b8 72 84 a2 49 3c a4 f0 34 e2 f1 3a 2c 5d | ikev2 g^x 30 ae b9 40 a6 4e 71 ca 1b a8 ab c4 75 49 79 57 | ikev2 g^x 78 60 eb f9 ea 85 7b 7e ed 76 f2 09 d5 4e 9d 10 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | IKEv2 nonce dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 33 f0 f4 e3 3a 9f 15 4f | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 89 55 4e e0 41 f1 c5 9a 62 fc 07 bb 85 93 86 74 | c7 ff 1c cd | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 33 f0 f4 e3 3a 9f 15 4f | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 89 55 4e e0 41 f1 c5 9a 62 fc 07 bb 85 93 86 74 | natd_hash: hash= c7 ff 1c cd | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 89 55 4e e0 41 f1 c5 9a 62 fc 07 bb 85 93 86 74 | Notify data c7 ff 1c cd | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 33 f0 f4 e3 3a 9f 15 4f | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 2a 4c 31 5f 30 eb b1 a2 23 70 68 ab d5 c8 28 a2 | 35 a3 69 01 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 33 f0 f4 e3 3a 9f 15 4f | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 2a 4c 31 5f 30 eb b1 a2 23 70 68 ab d5 c8 28 a2 | natd_hash: hash= 35 a3 69 01 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 2a 4c 31 5f 30 eb b1 a2 23 70 68 ab d5 c8 28 a2 | Notify data 35 a3 69 01 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #5 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #5 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #5 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #5: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #5 to 4294967295 after switching state | Message ID: IKE #5 skipping update_recv as MD is fake | Message ID: sent #5 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #5: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #5) | 33 f0 f4 e3 3a 9f 15 4f 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 48 dd 31 6b 4c b1 49 55 93 b4 5b 2c | f4 36 d5 06 ad 4a 23 54 71 b3 bb bc 54 38 f7 23 | 6a 77 05 35 3f 95 a7 7a 1b cf ee 0a 33 17 b1 cb | c9 a6 59 c5 bb 6e 39 bd 12 91 54 83 ec aa 76 59 | d8 f7 e5 9c 52 8f 33 bf 65 99 e1 5c b4 2c 9f 82 | 72 33 e1 d2 ff 52 fa e6 58 dd e5 ce da 30 8a 6c | fb 3a f1 3d 74 ad 0d 3c f3 33 46 6b 93 d7 d8 3d | 85 8a bd 86 2e 39 00 5a 16 d2 6e 2d e1 d8 73 fa | b3 c8 e3 3a 88 c8 65 25 79 80 90 12 28 38 72 b2 | c6 f8 62 43 11 75 65 b5 20 14 53 b1 38 c0 16 6a | 44 92 01 fb 9e 19 91 e7 87 62 2f 19 b1 4c 37 88 | bc 4c 91 26 56 e0 1a ab 8b 37 76 8a 00 26 9d b4 | 10 49 5e a6 81 57 e9 27 d5 45 e0 d9 a1 b1 16 c6 | 5f aa c0 c9 fc af b8 72 84 a2 49 3c a4 f0 34 e2 | f1 3a 2c 5d 30 ae b9 40 a6 4e 71 ca 1b a8 ab c4 | 75 49 79 57 78 60 eb f9 ea 85 7b 7e ed 76 f2 09 | d5 4e 9d 10 29 00 00 24 90 cc 73 ea 3a 23 bc ca | eb 1e 13 3e 6c e0 86 7f dc c9 f9 61 96 b1 83 ad | bc 7c 55 38 a6 0f dd 51 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 89 55 4e e0 41 f1 c5 9a | 62 fc 07 bb 85 93 86 74 c7 ff 1c cd 00 00 00 1c | 00 00 40 05 2a 4c 31 5f 30 eb b1 a2 23 70 68 ab | d5 c8 28 a2 35 a3 69 01 | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5344002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5612128fc008 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x5612128fc008 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 | libevent_malloc: new ptr-libevent@0x561212901bf8 size 128 | #5 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10449.142577 | resume sending helper answer for #5 suppresed complete_v2_state_transition() and stole MD | #5 spent 0.355 milliseconds in resume sending helper answer | stop processing: state #5 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5348002888 | spent 0.00198 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 f7 d2 f4 06 3b f9 f2 71 a9 a5 eb 08 | 9e c0 42 43 9a fe db 61 15 75 e4 72 6a 85 17 1c | 94 4b e3 f8 4e 85 e1 11 5b 5c 36 d6 e2 4b 16 a1 | e1 9e 7e 8c 31 f3 a9 bb 15 4b ac 6e 96 45 6e 5f | bb 20 12 82 9e 6b 5e f3 81 39 4c b9 1d 9d a5 80 | 35 de 54 41 60 83 17 bc 30 03 9e fa 4f bd 1c c9 | 50 6b 9d 20 ec 59 1a cf 19 25 29 de 3a ba 7f 4f | 85 9c 9a 80 49 23 70 3c 33 1a 0d 5a 02 ba 9f 1d | c5 9e 36 ae 24 8b 5e b4 f5 c7 48 3c 63 90 de c9 | 3a 29 f9 58 21 f3 6b 7c b1 a9 fb 63 b1 81 ef bf | 17 ea 6f 45 f3 ea bc 43 c2 af c8 85 e2 a7 0f 1e | dd 16 d9 e2 33 f2 cc 25 78 cc 64 fd 5b 88 54 1f | 60 e9 6c 19 17 1d 41 c2 27 42 c3 f7 b3 67 46 1e | 7d 66 6e 61 14 9e 5b 71 9f 44 95 69 ea 0b 80 cf | 22 74 df 29 c2 3c cc 77 60 28 92 6e 0a ba 3d 6a | 30 f1 4b 6c e1 80 ce c4 50 6c a3 5a 56 26 52 a3 | 92 00 f7 58 29 00 00 24 09 a6 b4 60 eb d3 b2 3a | e4 4c e0 68 3a d6 a8 df 7c 1d 61 0c d9 6c 2c d6 | de 6b 57 27 2b 8c 03 cd 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 81 8b 5b 41 80 a4 8a 1d | 07 2a 6e 91 43 86 b1 47 65 1d 77 fa 00 00 00 1c | 00 00 40 05 83 06 94 67 52 f4 80 5f c3 42 98 99 | 79 da ef 87 ec 62 58 09 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 33 f0 f4 e3 3a 9f 15 4f | responder cookie: | 26 2f 74 3b 36 e8 b1 a8 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #5 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #5 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #5 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #5 is idle | #5 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #5 IKE SPIi and SPI[ir] | #5 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | f7 d2 f4 06 3b f9 f2 71 a9 a5 eb 08 9e c0 42 43 | 9a fe db 61 15 75 e4 72 6a 85 17 1c 94 4b e3 f8 | 4e 85 e1 11 5b 5c 36 d6 e2 4b 16 a1 e1 9e 7e 8c | 31 f3 a9 bb 15 4b ac 6e 96 45 6e 5f bb 20 12 82 | 9e 6b 5e f3 81 39 4c b9 1d 9d a5 80 35 de 54 41 | 60 83 17 bc 30 03 9e fa 4f bd 1c c9 50 6b 9d 20 | ec 59 1a cf 19 25 29 de 3a ba 7f 4f 85 9c 9a 80 | 49 23 70 3c 33 1a 0d 5a 02 ba 9f 1d c5 9e 36 ae | 24 8b 5e b4 f5 c7 48 3c 63 90 de c9 3a 29 f9 58 | 21 f3 6b 7c b1 a9 fb 63 b1 81 ef bf 17 ea 6f 45 | f3 ea bc 43 c2 af c8 85 e2 a7 0f 1e dd 16 d9 e2 | 33 f2 cc 25 78 cc 64 fd 5b 88 54 1f 60 e9 6c 19 | 17 1d 41 c2 27 42 c3 f7 b3 67 46 1e 7d 66 6e 61 | 14 9e 5b 71 9f 44 95 69 ea 0b 80 cf 22 74 df 29 | c2 3c cc 77 60 28 92 6e 0a ba 3d 6a 30 f1 4b 6c | e1 80 ce c4 50 6c a3 5a 56 26 52 a3 92 00 f7 58 | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed60a0 (length 8) | 33 f0 f4 e3 3a 9f 15 4f | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed60a8 (length 8) | 26 2f 74 3b 36 e8 b1 a8 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6034 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6026 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed60b0 (length 20) | 83 06 94 67 52 f4 80 5f c3 42 98 99 79 da ef 87 | ec 62 58 09 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 33 f0 f4 e3 3a 9f 15 4f | natd_hash: rcookie= 26 2f 74 3b 36 e8 b1 a8 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 83 06 94 67 52 f4 80 5f c3 42 98 99 79 da ef 87 | natd_hash: hash= ec 62 58 09 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed60a0 (length 8) | 33 f0 f4 e3 3a 9f 15 4f | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed60a8 (length 8) | 26 2f 74 3b 36 e8 b1 a8 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6034 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6026 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed60d0 (length 20) | 81 8b 5b 41 80 a4 8a 1d 07 2a 6e 91 43 86 b1 47 | 65 1d 77 fa | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 33 f0 f4 e3 3a 9f 15 4f | natd_hash: rcookie= 26 2f 74 3b 36 e8 b1 a8 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 81 8b 5b 41 80 a4 8a 1d 07 2a 6e 91 43 86 b1 47 | natd_hash: hash= 65 1d 77 fa | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f5348003a28: transferring ownership from state #5 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 6 for state #5 | state #5 requesting EVENT_RETRANSMIT to be deleted | #5 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x561212901bf8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5612128fc008 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5348002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x7f5348002888 size 128 | #5 spent 0.265 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | crypto helper 5 resuming | crypto helper 5 starting work-order 6 for state #5 | [RE]START processing: state #5 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | crypto helper 5 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 6 | peer's g: f7 d2 f4 06 3b f9 f2 71 a9 a5 eb 08 9e c0 42 43 | peer's g: 9a fe db 61 15 75 e4 72 6a 85 17 1c 94 4b e3 f8 | #5 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #5 and saving MD | #5 is busy; has a suspended MD | peer's g: 4e 85 e1 11 5b 5c 36 d6 e2 4b 16 a1 e1 9e 7e 8c | peer's g: 31 f3 a9 bb 15 4b ac 6e 96 45 6e 5f bb 20 12 82 | peer's g: 9e 6b 5e f3 81 39 4c b9 1d 9d a5 80 35 de 54 41 | [RE]START processing: state #5 connection "aes128" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) | peer's g: 60 83 17 bc 30 03 9e fa 4f bd 1c c9 50 6b 9d 20 | peer's g: ec 59 1a cf 19 25 29 de 3a ba 7f 4f 85 9c 9a 80 | peer's g: 49 23 70 3c 33 1a 0d 5a 02 ba 9f 1d c5 9e 36 ae | peer's g: 24 8b 5e b4 f5 c7 48 3c 63 90 de c9 3a 29 f9 58 | peer's g: 21 f3 6b 7c b1 a9 fb 63 b1 81 ef bf 17 ea 6f 45 | peer's g: f3 ea bc 43 c2 af c8 85 e2 a7 0f 1e dd 16 d9 e2 | peer's g: 33 f2 cc 25 78 cc 64 fd 5b 88 54 1f 60 e9 6c 19 | peer's g: 17 1d 41 c2 27 42 c3 f7 b3 67 46 1e 7d 66 6e 61 | peer's g: 14 9e 5b 71 9f 44 95 69 ea 0b 80 cf 22 74 df 29 | peer's g: c2 3c cc 77 60 28 92 6e 0a ba 3d 6a 30 f1 4b 6c | peer's g: e1 80 ce c4 50 6c a3 5a 56 26 52 a3 92 00 f7 58 | "aes128" #5 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | Started DH shared-secret computation in NSS: | stop processing: state #5 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #5 spent 0.495 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.507 milliseconds in comm_handle_cb() reading and processing packet | new : g_ir-key@0x7f534c00d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f5348003a28: computed shared DH secret key@0x7f534c00d840 | dh-shared : g^ir-key@0x7f534c00d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f533c001f18 (length 64) | 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e46e0 | result: Ni | Nr-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e46c8 | result: Ni | Nr-key@0x7f534c00a0e0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x5612128e0610 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f533c002fa0 from Ni | Nr-key@0x7f534c00a0e0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f533c002fa0 from Ni | Nr-key@0x7f534c00a0e0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f534c00a0e0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f533c003a78 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f534c00d840 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f534c00d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f534c00d840 | nss hmac digest hack: symkey-key@0x7f534c00d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)293531842: bb 94 a6 24 08 a4 0c b1 48 b8 7f e2 21 78 77 0a c2 e2 dc 97 1b c2 d6 d9 6c 25 7f 15 7f 25 52 8d 31 fe 90 7a 61 d5 59 6a f3 6f 42 13 4c 1b 66 5a d0 c6 b6 da c4 09 15 b5 14 ed 78 48 9e 25 5e 72 67 d3 d1 82 af 00 b0 d1 00 60 4b 67 8f 1c 33 92 d7 3d da 8e 5d f1 8f db 00 5e d0 4e 16 9d 03 ed 9b a0 dd 81 76 0b 46 7e 8b d4 16 a5 35 16 2b 64 3f 2b 4e a7 36 73 f0 8b 1c 36 83 67 f3 a4 c9 1c 91 e9 51 bd 91 c3 07 71 c4 88 51 42 ac 4d c6 83 8c 35 d6 2e af cd a2 57 0a 0f 89 6f b8 05 4b c2 7f ee e5 25 88 27 96 40 7d ec 7f 22 a6 ea 71 00 bc 3e 5a 2a e1 db 2b d3 46 5c c2 8d 17 ae 50 f6 86 71 54 4e 7a 7c 58 8d 84 b4 1c c2 53 72 75 01 e2 62 ce a6 ec cd 87 c9 ae 78 82 79 b3 23 f5 61 6d 87 70 52 58 a6 ce c0 88 bf aa bf fc 96 cd a4 20 9a af eb 1a c1 c8 25 f1 ba d4 b3 a0 3c 1b 73 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 256 bytes at 0x7f533c003fa8 | unwrapped: 76 1c ce b5 f3 94 39 65 71 96 3f 74 b3 fe 2d 7c | unwrapped: 39 3d 2a c0 15 21 00 1f 7f 71 b6 4f da 9d 62 e9 | unwrapped: 12 44 e8 16 e4 78 ab 48 8d a2 f7 4c f1 3e 9f 56 | unwrapped: 75 33 35 51 b0 f8 6b 23 ea 78 94 44 c3 ef ad 84 | unwrapped: 5d 66 94 b3 dc 5e 7b e5 ad 56 f8 5b c6 6f ea f8 | unwrapped: fb 4b ce fc 68 1c 55 76 dc 12 60 49 22 86 0b 38 | unwrapped: b1 34 37 f3 44 cd 66 ee 41 19 9c 61 7e db d9 10 | unwrapped: b5 38 a5 cb 1a db 42 f6 c0 24 b3 1b 03 aa e2 79 | unwrapped: 8a c4 01 75 ac 2e 2c a8 0e 4e 87 ce 3b 3b b8 55 | unwrapped: 02 40 1d 93 7d 0f dc 9f 58 ae fe 11 7b fa 79 eb | unwrapped: d0 ef 4c 86 3a 95 02 49 63 07 f4 0f 7c f5 f3 75 | unwrapped: 46 84 27 1d ef d9 59 6a 7c a5 47 da e3 4e dd 4b | unwrapped: 10 d0 1b 99 e6 9f c6 9a eb f8 bf 40 86 cb c1 05 | unwrapped: 79 13 a2 37 2b fc f2 ab 39 37 ba f4 6b f2 bb 3d | unwrapped: ec 0f 6c 7f 10 9c 58 b2 75 6a f9 09 b1 00 7f 43 | unwrapped: 27 11 df 10 94 c9 af f4 a2 5d 5e da f8 f6 9f f1 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4700 | result: final-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e46e8 | result: final-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e0610 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f534c00a0e0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4670 | result: data=Ni-key@0x5612128e9a80 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5612128e9a80 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4658 | result: data=Ni-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5612128e9a80 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535b1e4660 | result: data+=Nr-key@0x5612128e9a80 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e0610 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e9a80 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535b1e4660 | result: data+=SPIi-key@0x5612128e0610 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e9a80 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e0610 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535b1e4660 | result: data+=SPIr-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e0610 | prf+0 PRF sha init key-key@0x7f534c00a0e0 (size 20) | prf+0: key-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4588 | result: clone-key@0x5612128e0610 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f533c002fa0 from key-key@0x5612128e0610 | prf+0 prf: begin sha with context 0x7f533c002fa0 from key-key@0x5612128e0610 | prf+0: release clone-key@0x5612128e0610 | prf+0 PRF sha crypt-prf@0x7f533c002f78 | prf+0 PRF sha update seed-key@0x5612128e9a80 (size 80) | prf+0: seed-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 55 a4 7e a9 e2 cd 47 1e f8 ec 5a e6 4a de e1 0b d2 66 71 ad 87 cd fb eb bb 19 1d b2 e6 45 36 68 8c 73 c7 87 13 c0 f8 90 b4 e3 f5 0c c6 a2 8c 9e 81 e7 7f 7b 96 f9 2c 80 24 b4 26 dd 6a 88 fa e1 d2 cd 0c f4 cb d5 bb 83 70 81 bd 80 d8 c1 91 8d | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f533c005338 | unwrapped: 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | unwrapped: dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | unwrapped: 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | unwrapped: 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | unwrapped: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4590 | result: final-key@0x5612128e6190 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e6190 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4578 | result: final-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e6190 | prf+0 PRF sha final-key@0x5612128e0610 (size 20) | prf+0: key-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x5612128e0610 | prf+N PRF sha init key-key@0x7f534c00a0e0 (size 20) | prf+N: key-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f533c002fa0 from key-key@0x5612128e6190 | prf+N prf: begin sha with context 0x7f533c002fa0 from key-key@0x5612128e6190 | prf+N: release clone-key@0x5612128e6190 | prf+N PRF sha crypt-prf@0x7f533c0030d8 | prf+N PRF sha update old_t-key@0x5612128e0610 (size 20) | prf+N: old_t-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 38 de 70 b1 8f 90 f7 b7 0b dc 36 84 fa 87 bf 1d a4 a7 26 de 3d 96 ee cd aa fd 41 a5 c9 d2 d8 cc | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f533c002f28 | unwrapped: 0b 5f 94 d9 52 06 c0 bc 73 54 c0 e8 66 c9 9c 08 | unwrapped: 73 fb d5 a3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e9a80 (size 80) | prf+N: seed-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 55 a4 7e a9 e2 cd 47 1e f8 ec 5a e6 4a de e1 0b d2 66 71 ad 87 cd fb eb bb 19 1d b2 e6 45 36 68 8c 73 c7 87 13 c0 f8 90 b4 e3 f5 0c c6 a2 8c 9e 81 e7 7f 7b 96 f9 2c 80 24 b4 26 dd 6a 88 fa e1 d2 cd 0c f4 cb d5 bb 83 70 81 bd 80 d8 c1 91 8d | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f533c0052b8 | unwrapped: 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | unwrapped: dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | unwrapped: 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | unwrapped: 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | unwrapped: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4590 | result: final-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x56121285f080 | prf+N PRF sha final-key@0x5612128e6190 (size 20) | prf+N: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535b1e4608 | result: result-key@0x56121285f080 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e0610 | prfplus: release old_t[N]-key@0x5612128e0610 | prf+N PRF sha init key-key@0x7f534c00a0e0 (size 20) | prf+N: key-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4588 | result: clone-key@0x5612128e0610 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f533c002fa0 from key-key@0x5612128e0610 | prf+N prf: begin sha with context 0x7f533c002fa0 from key-key@0x5612128e0610 | prf+N: release clone-key@0x5612128e0610 | prf+N PRF sha crypt-prf@0x7f533c002f78 | prf+N PRF sha update old_t-key@0x5612128e6190 (size 20) | prf+N: old_t-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: e3 97 13 c4 a1 12 ec b2 b7 64 c1 52 69 30 50 e7 96 62 11 71 58 f4 a7 81 90 67 06 99 cb ba 54 a9 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f533c003a78 | unwrapped: 72 ef 6a 63 09 9b 62 a9 2c 39 fd f1 5e 5f 6d 97 | unwrapped: bb 53 78 32 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e9a80 (size 80) | prf+N: seed-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 55 a4 7e a9 e2 cd 47 1e f8 ec 5a e6 4a de e1 0b d2 66 71 ad 87 cd fb eb bb 19 1d b2 e6 45 36 68 8c 73 c7 87 13 c0 f8 90 b4 e3 f5 0c c6 a2 8c 9e 81 e7 7f 7b 96 f9 2c 80 24 b4 26 dd 6a 88 fa e1 d2 cd 0c f4 cb d5 bb 83 70 81 bd 80 d8 c1 91 8d | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f533c005338 | unwrapped: 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | unwrapped: dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | unwrapped: 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | unwrapped: 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | unwrapped: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4590 | result: final-key@0x5612128e7c40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e7c40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4578 | result: final-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e7c40 | prf+N PRF sha final-key@0x5612128e0610 (size 20) | prf+N: key-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285f080 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535b1e4608 | result: result-key@0x5612128e7c40 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x56121285f080 | prfplus: release old_t[N]-key@0x5612128e6190 | prf+N PRF sha init key-key@0x7f534c00a0e0 (size 20) | prf+N: key-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f533c002fa0 from key-key@0x5612128e6190 | prf+N prf: begin sha with context 0x7f533c002fa0 from key-key@0x5612128e6190 | prf+N: release clone-key@0x5612128e6190 | prf+N PRF sha crypt-prf@0x7f533c002f28 | prf+N PRF sha update old_t-key@0x5612128e0610 (size 20) | prf+N: old_t-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: e5 cd 0d b5 d7 98 b6 bd 30 9e 8a 1f 5d b9 e0 ec b6 69 d2 76 83 f9 0c 8e db 38 ba 6f a0 15 5f b1 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f533c005e88 | unwrapped: 5f 25 3b 2b 0c 50 c0 18 70 d3 71 03 20 54 c8 b8 | unwrapped: 42 eb c5 31 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e9a80 (size 80) | prf+N: seed-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 55 a4 7e a9 e2 cd 47 1e f8 ec 5a e6 4a de e1 0b d2 66 71 ad 87 cd fb eb bb 19 1d b2 e6 45 36 68 8c 73 c7 87 13 c0 f8 90 b4 e3 f5 0c c6 a2 8c 9e 81 e7 7f 7b 96 f9 2c 80 24 b4 26 dd 6a 88 fa e1 d2 cd 0c f4 cb d5 bb 83 70 81 bd 80 d8 c1 91 8d | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f533c0052b8 | unwrapped: 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | unwrapped: dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | unwrapped: 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | unwrapped: 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | unwrapped: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4590 | result: final-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x56121285f080 | prf+N PRF sha final-key@0x5612128e6190 (size 20) | prf+N: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e7c40 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535b1e4608 | result: result-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e7c40 | prfplus: release old_t[N]-key@0x5612128e0610 | prf+N PRF sha init key-key@0x7f534c00a0e0 (size 20) | prf+N: key-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4588 | result: clone-key@0x5612128e0610 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f533c002fa0 from key-key@0x5612128e0610 | prf+N prf: begin sha with context 0x7f533c002fa0 from key-key@0x5612128e0610 | prf+N: release clone-key@0x5612128e0610 | prf+N PRF sha crypt-prf@0x7f533c0030d8 | prf+N PRF sha update old_t-key@0x5612128e6190 (size 20) | prf+N: old_t-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 5c b7 59 61 65 7b ee 7d be 6b a6 81 99 16 06 99 40 13 74 b3 90 9c 50 f5 1b a5 fc b6 14 3f b4 89 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f533c003a78 | unwrapped: dc 1a 83 6e 28 9f 63 86 ed 6c 77 e7 aa 7b bc 47 | unwrapped: 17 75 93 49 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e9a80 (size 80) | prf+N: seed-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 55 a4 7e a9 e2 cd 47 1e f8 ec 5a e6 4a de e1 0b d2 66 71 ad 87 cd fb eb bb 19 1d b2 e6 45 36 68 8c 73 c7 87 13 c0 f8 90 b4 e3 f5 0c c6 a2 8c 9e 81 e7 7f 7b 96 f9 2c 80 24 b4 26 dd 6a 88 fa e1 d2 cd 0c f4 cb d5 bb 83 70 81 bd 80 d8 c1 91 8d | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f533c005338 | unwrapped: 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | unwrapped: dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | unwrapped: 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | unwrapped: 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | unwrapped: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4590 | result: final-key@0x5612128e7c40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e7c40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4578 | result: final-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e7c40 | prf+N PRF sha final-key@0x5612128e0610 (size 20) | prf+N: key-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535b1e4608 | result: result-key@0x5612128e7c40 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x56121285f080 | prfplus: release old_t[N]-key@0x5612128e6190 | prf+N PRF sha init key-key@0x7f534c00a0e0 (size 20) | prf+N: key-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f533c005510 from key-key@0x5612128e6190 | prf+N prf: begin sha with context 0x7f533c005510 from key-key@0x5612128e6190 | prf+N: release clone-key@0x5612128e6190 | prf+N PRF sha crypt-prf@0x7f533c002f78 | prf+N PRF sha update old_t-key@0x5612128e0610 (size 20) | prf+N: old_t-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: b4 28 46 b2 9a c2 16 09 0a f7 b2 99 40 ce 7e d9 0b c1 7d ce 8b 1a c5 7a 77 50 b7 eb 27 f5 10 7c | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f533c002f28 | unwrapped: de 5f 19 ff b6 39 0b 05 fd 88 0b a9 d8 d7 3b 7e | unwrapped: 26 ea 3d b0 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e9a80 (size 80) | prf+N: seed-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 55 a4 7e a9 e2 cd 47 1e f8 ec 5a e6 4a de e1 0b d2 66 71 ad 87 cd fb eb bb 19 1d b2 e6 45 36 68 8c 73 c7 87 13 c0 f8 90 b4 e3 f5 0c c6 a2 8c 9e 81 e7 7f 7b 96 f9 2c 80 24 b4 26 dd 6a 88 fa e1 d2 cd 0c f4 cb d5 bb 83 70 81 bd 80 d8 c1 91 8d | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f533c0052b8 | unwrapped: 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | unwrapped: dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | unwrapped: 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | unwrapped: 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | unwrapped: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4590 | result: final-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x56121285f080 | prf+N PRF sha final-key@0x5612128e6190 (size 20) | prf+N: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e7c40 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535b1e4608 | result: result-key@0x56121285f080 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e7c40 | prfplus: release old_t[N]-key@0x5612128e0610 | prf+N PRF sha init key-key@0x7f534c00a0e0 (size 20) | prf+N: key-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4588 | result: clone-key@0x5612128e0610 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f533c002fa0 from key-key@0x5612128e0610 | prf+N prf: begin sha with context 0x7f533c002fa0 from key-key@0x5612128e0610 | prf+N: release clone-key@0x5612128e0610 | prf+N PRF sha crypt-prf@0x7f533c0030d8 | prf+N PRF sha update old_t-key@0x5612128e6190 (size 20) | prf+N: old_t-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: c5 c5 df 6e 1a 59 8a c1 50 61 dc 67 54 2a 94 36 74 03 9d 00 26 05 49 e2 af f7 c0 6c 2e 01 81 da | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f533c003a78 | unwrapped: 17 e9 31 69 1b b9 66 69 24 c0 56 42 1f 5f 92 60 | unwrapped: 1a 4d 01 c2 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e9a80 (size 80) | prf+N: seed-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 55 a4 7e a9 e2 cd 47 1e f8 ec 5a e6 4a de e1 0b d2 66 71 ad 87 cd fb eb bb 19 1d b2 e6 45 36 68 8c 73 c7 87 13 c0 f8 90 b4 e3 f5 0c c6 a2 8c 9e 81 e7 7f 7b 96 f9 2c 80 24 b4 26 dd 6a 88 fa e1 d2 cd 0c f4 cb d5 bb 83 70 81 bd 80 d8 c1 91 8d | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f533c0064e8 | unwrapped: 90 cc 73 ea 3a 23 bc ca eb 1e 13 3e 6c e0 86 7f | unwrapped: dc c9 f9 61 96 b1 83 ad bc 7c 55 38 a6 0f dd 51 | unwrapped: 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | unwrapped: 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | unwrapped: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4590 | result: final-key@0x5612128e7c40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e7c40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4578 | result: final-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e7c40 | prf+N PRF sha final-key@0x5612128e0610 (size 20) | prf+N: key-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285f080 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535b1e4608 | result: result-key@0x5612128e7c40 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x56121285f080 | prfplus: release old_t[N]-key@0x5612128e6190 | prfplus: release old_t[final]-key@0x5612128e0610 | ike_sa_keymat: release data-key@0x5612128e9a80 | calc_skeyseed_v2: release skeyseed_k-key@0x7f534c00a0e0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e7c40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e47a8 | result: result-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e7c40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e47a8 | result: result-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e7c40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e47a8 | result: result-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5612128e7c40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e47b8 | result: SK_ei_k-key@0x5612128e6190 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5612128e7c40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e47b8 | result: SK_er_k-key@0x56121285f080 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e7c40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e47b8 | result: result-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x5612128e96a0 | chunk_SK_pi: symkey-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 59 82 61 e2 6c 96 30 80 81 66 41 1c ac 0c a9 e8 57 19 19 2e 13 30 4b fc 80 f6 a9 87 e8 e7 57 7f | chunk_SK_pi: release slot-key-key@0x5612128e2eb0 | chunk_SK_pi extracted len 32 bytes at 0x7f533c002f78 | unwrapped: d8 d7 3b 7e 26 ea 3d b0 17 e9 31 69 1b b9 66 69 | unwrapped: 24 c0 56 42 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e7c40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e47b8 | result: result-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x5612128ffbc0 | chunk_SK_pr: symkey-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 68 82 2d 88 19 8d 83 ed 5e 72 ec 4d d9 c8 c6 8f 02 83 16 37 5f e5 5c aa c0 d2 df 6e 19 47 d4 03 | chunk_SK_pr: release slot-key-key@0x5612128e2eb0 | chunk_SK_pr extracted len 32 bytes at 0x7f533c003a78 | unwrapped: 1f 5f 92 60 1a 4d 01 c2 1a 12 4c 9b d6 4c 50 36 | unwrapped: d3 8f 2a 21 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x5612128e7c40 | calc_skeyseed_v2 pointers: shared-key@0x7f534c00d840, SK_d-key@0x7f534c00a0e0, SK_ai-key@0x5612128e9a80, SK_ar-key@0x5612128e0610, SK_ei-key@0x5612128e6190, SK_er-key@0x56121285f080, SK_pi-key@0x5612128e96a0, SK_pr-key@0x5612128ffbc0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | d8 d7 3b 7e 26 ea 3d b0 17 e9 31 69 1b b9 66 69 | 24 c0 56 42 | calc_skeyseed_v2 SK_pr | 1f 5f 92 60 1a 4d 01 c2 1a 12 4c 9b d6 4c 50 36 | d3 8f 2a 21 | crypto helper 5 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 6 time elapsed 0.002374 seconds | (#5) spent 2.35 milliseconds in crypto helper computing work-order 6: ikev2_inR1outI2 KE (pcr) | crypto helper 5 sending results from work-order 6 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f533c005088 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #5 | start processing: state #5 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 6 | calling continuation function 0x561211773b50 | ikev2_parent_inR1outI2_continue for #5: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f5348003a28: transferring ownership from helper IKEv2 DH to state #5 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #6 at 0x5612129063e8 | State DB: adding IKEv2 state #6 in UNDEFINED | pstats #6 ikev2.child started | duplicating state object #5 "aes128" as #6 for IPSEC SA | #6 setting local endpoint to 192.1.2.45:500 from #5.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f534c00a0e0 | duplicate_state: reference st_skey_ai_nss-key@0x5612128e9a80 | duplicate_state: reference st_skey_ar_nss-key@0x5612128e0610 | duplicate_state: reference st_skey_ei_nss-key@0x5612128e6190 | duplicate_state: reference st_skey_er_nss-key@0x56121285f080 | duplicate_state: reference st_skey_pi_nss-key@0x5612128e96a0 | duplicate_state: reference st_skey_pr_nss-key@0x5612128ffbc0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #5.#6; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #5 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #5.#6 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5348002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5348002b78 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f5348002b78 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x7f5348002888 size 128 | parent state #5: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 33 f0 f4 e3 3a 9f 15 4f | responder cookie: | 26 2f 74 3b 36 e8 b1 a8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x5612128e96a0 (size 20) | hmac: symkey-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed6138 | result: clone-key@0x5612128e7c40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5344002b50 from symkey-key@0x5612128e7c40 | hmac prf: begin sha with context 0x7f5344002b50 from symkey-key@0x5612128e7c40 | hmac: release clone-key@0x5612128e7c40 | hmac PRF sha crypt-prf@0x5612128fbd38 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x5612118718f4 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffe4aed64d0 (length 20) | 96 fb 30 44 47 60 91 0e 93 d7 e7 1f 4b ec cc 97 | fd 21 9c 82 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x561212854c48 (line=1) | concluding with best_match=014 best=0x561212854c48 (lineno=1) | inputs to hash1 (first packet) | 33 f0 f4 e3 3a 9f 15 4f 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 48 dd 31 6b 4c b1 49 55 93 b4 5b 2c | f4 36 d5 06 ad 4a 23 54 71 b3 bb bc 54 38 f7 23 | 6a 77 05 35 3f 95 a7 7a 1b cf ee 0a 33 17 b1 cb | c9 a6 59 c5 bb 6e 39 bd 12 91 54 83 ec aa 76 59 | d8 f7 e5 9c 52 8f 33 bf 65 99 e1 5c b4 2c 9f 82 | 72 33 e1 d2 ff 52 fa e6 58 dd e5 ce da 30 8a 6c | fb 3a f1 3d 74 ad 0d 3c f3 33 46 6b 93 d7 d8 3d | 85 8a bd 86 2e 39 00 5a 16 d2 6e 2d e1 d8 73 fa | b3 c8 e3 3a 88 c8 65 25 79 80 90 12 28 38 72 b2 | c6 f8 62 43 11 75 65 b5 20 14 53 b1 38 c0 16 6a | 44 92 01 fb 9e 19 91 e7 87 62 2f 19 b1 4c 37 88 | bc 4c 91 26 56 e0 1a ab 8b 37 76 8a 00 26 9d b4 | 10 49 5e a6 81 57 e9 27 d5 45 e0 d9 a1 b1 16 c6 | 5f aa c0 c9 fc af b8 72 84 a2 49 3c a4 f0 34 e2 | f1 3a 2c 5d 30 ae b9 40 a6 4e 71 ca 1b a8 ab c4 | 75 49 79 57 78 60 eb f9 ea 85 7b 7e ed 76 f2 09 | d5 4e 9d 10 29 00 00 24 90 cc 73 ea 3a 23 bc ca | eb 1e 13 3e 6c e0 86 7f dc c9 f9 61 96 b1 83 ad | bc 7c 55 38 a6 0f dd 51 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 89 55 4e e0 41 f1 c5 9a | 62 fc 07 bb 85 93 86 74 c7 ff 1c cd 00 00 00 1c | 00 00 40 05 2a 4c 31 5f 30 eb b1 a2 23 70 68 ab | d5 c8 28 a2 35 a3 69 01 | create: initiator inputs to hash2 (responder nonce) | 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | idhash 96 fb 30 44 47 60 91 0e 93 d7 e7 1f 4b ec cc 97 | idhash fd 21 9c 82 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5612128e2e08 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5f20 | result: shared secret-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f08 | result: shared secret-key@0x5612128e7c40 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f5344002b50 from shared secret-key@0x5612128e7c40 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f5344002b50 from shared secret-key@0x5612128e7c40 | = prf(,"Key Pad for IKEv2"): release clone-key@0x5612128e7c40 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5612128fbce8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5612118064d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5f40 | result: final-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f28 | result: final-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x5612128e7c40 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x5612128e7c40 (size 20) | = prf(, ): -key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f38 | result: clone-key@0x5612128fa5c0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f5344002b50 from -key@0x5612128fa5c0 | = prf(, ) prf: begin sha with context 0x7f5344002b50 from -key@0x5612128fa5c0 | = prf(, ): release clone-key@0x5612128fa5c0 | = prf(, ) PRF sha crypt-prf@0x5612128fbd38 | = prf(, ) PRF sha update first-packet-bytes@0x5612128fdef8 (length 440) | 33 f0 f4 e3 3a 9f 15 4f 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 48 dd 31 6b 4c b1 49 55 93 b4 5b 2c | f4 36 d5 06 ad 4a 23 54 71 b3 bb bc 54 38 f7 23 | 6a 77 05 35 3f 95 a7 7a 1b cf ee 0a 33 17 b1 cb | c9 a6 59 c5 bb 6e 39 bd 12 91 54 83 ec aa 76 59 | d8 f7 e5 9c 52 8f 33 bf 65 99 e1 5c b4 2c 9f 82 | 72 33 e1 d2 ff 52 fa e6 58 dd e5 ce da 30 8a 6c | fb 3a f1 3d 74 ad 0d 3c f3 33 46 6b 93 d7 d8 3d | 85 8a bd 86 2e 39 00 5a 16 d2 6e 2d e1 d8 73 fa | b3 c8 e3 3a 88 c8 65 25 79 80 90 12 28 38 72 b2 | c6 f8 62 43 11 75 65 b5 20 14 53 b1 38 c0 16 6a | 44 92 01 fb 9e 19 91 e7 87 62 2f 19 b1 4c 37 88 | bc 4c 91 26 56 e0 1a ab 8b 37 76 8a 00 26 9d b4 | 10 49 5e a6 81 57 e9 27 d5 45 e0 d9 a1 b1 16 c6 | 5f aa c0 c9 fc af b8 72 84 a2 49 3c a4 f0 34 e2 | f1 3a 2c 5d 30 ae b9 40 a6 4e 71 ca 1b a8 ab c4 | 75 49 79 57 78 60 eb f9 ea 85 7b 7e ed 76 f2 09 | d5 4e 9d 10 29 00 00 24 90 cc 73 ea 3a 23 bc ca | eb 1e 13 3e 6c e0 86 7f dc c9 f9 61 96 b1 83 ad | bc 7c 55 38 a6 0f dd 51 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 89 55 4e e0 41 f1 c5 9a | 62 fc 07 bb 85 93 86 74 c7 ff 1c cd 00 00 00 1c | 00 00 40 05 2a 4c 31 5f 30 eb b1 a2 23 70 68 ab | d5 c8 28 a2 35 a3 69 01 | = prf(, ) PRF sha update nonce-bytes@0x561212900298 (length 32) | 09 a6 b4 60 eb d3 b2 3a e4 4c e0 68 3a d6 a8 df | 7c 1d 61 0c d9 6c 2c d6 de 6b 57 27 2b 8c 03 cd | = prf(, ) PRF sha update hash-bytes@0x7ffe4aed64d0 (length 20) | 96 fb 30 44 47 60 91 0e 93 d7 e7 1f 4b ec cc 97 | fd 21 9c 82 | = prf(, ) PRF sha final-chunk@0x5612128fbc38 (length 20) | 16 9d d8 b6 1e 91 be 1d 84 33 b9 6c 19 6c 4c fd | 88 8a 1d 77 | psk_auth: release prf-psk-key@0x5612128e7c40 | PSK auth octets 16 9d d8 b6 1e 91 be 1d 84 33 b9 6c 19 6c 4c fd | PSK auth octets 88 8a 1d 77 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 16 9d d8 b6 1e 91 be 1d 84 33 b9 6c 19 6c 4c fd | PSK auth 88 8a 1d 77 | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #5 | netlink_get_spi: allocated 0xba42f335 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi ba 42 f3 35 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #5: IMPAIR: emitting fixed-length key-length attribute with 0 key | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 192 | emitting length of ISAKMP Message: 220 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | e6 bc 78 f9 0d a1 86 de 13 cd ad f5 43 27 68 88 | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 16 9d d8 b6 1e 91 be 1d 84 33 b9 6c 19 6c 4c fd | 88 8a 1d 77 2c 00 00 2c 00 00 00 28 01 03 04 03 | ba 42 f3 35 03 00 00 0c 01 00 00 0c 80 0e 00 00 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 77 ec 56 5c 7c 60 c6 35 24 09 9d 2c 8a 73 96 88 | 91 05 00 a2 f5 44 18 51 a8 ea d4 98 9f 2d 9a ee | 64 eb e7 22 91 4c 6c 58 02 59 dd 71 bf 79 f4 87 | 2f ae 3a 00 a9 41 59 d3 b7 dc 37 12 6c 02 8a 0e | 92 2e 5e 72 ca b1 e3 52 ea 88 e7 d5 72 54 91 60 | b9 62 96 18 bf 45 61 61 c3 a7 77 65 50 5f c2 b9 | c0 4a 91 d0 80 61 f4 9a d7 eb af 86 77 ab 44 43 | f1 f1 41 bd 59 14 87 7e e5 df 53 c3 a1 c0 6c 51 | d6 a9 e5 d8 ff f3 68 b5 f1 1b 99 9f fd f8 09 3c | bf 04 ec e5 98 60 a9 87 1b 2f b8 4a de 9f 67 66 | hmac PRF sha init symkey-key@0x5612128e9a80 (size 20) | hmac: symkey-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed6048 | result: clone-key@0x5612128e7c40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5344002b50 from symkey-key@0x5612128e7c40 | hmac prf: begin sha with context 0x7f5344002b50 from symkey-key@0x5612128e7c40 | hmac: release clone-key@0x5612128e7c40 | hmac PRF sha crypt-prf@0x5612128fbce8 | hmac PRF sha update data-bytes@0x5612118718c0 (length 208) | 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | e6 bc 78 f9 0d a1 86 de 13 cd ad f5 43 27 68 88 | 77 ec 56 5c 7c 60 c6 35 24 09 9d 2c 8a 73 96 88 | 91 05 00 a2 f5 44 18 51 a8 ea d4 98 9f 2d 9a ee | 64 eb e7 22 91 4c 6c 58 02 59 dd 71 bf 79 f4 87 | 2f ae 3a 00 a9 41 59 d3 b7 dc 37 12 6c 02 8a 0e | 92 2e 5e 72 ca b1 e3 52 ea 88 e7 d5 72 54 91 60 | b9 62 96 18 bf 45 61 61 c3 a7 77 65 50 5f c2 b9 | c0 4a 91 d0 80 61 f4 9a d7 eb af 86 77 ab 44 43 | f1 f1 41 bd 59 14 87 7e e5 df 53 c3 a1 c0 6c 51 | d6 a9 e5 d8 ff f3 68 b5 f1 1b 99 9f fd f8 09 3c | bf 04 ec e5 98 60 a9 87 1b 2f b8 4a de 9f 67 66 | hmac PRF sha final-bytes@0x561211871990 (length 20) | 26 56 e3 51 a2 61 c3 72 91 58 98 43 bd 96 10 8a | b7 99 fa db | data being hmac: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data being hmac: e6 bc 78 f9 0d a1 86 de 13 cd ad f5 43 27 68 88 | data being hmac: 77 ec 56 5c 7c 60 c6 35 24 09 9d 2c 8a 73 96 88 | data being hmac: 91 05 00 a2 f5 44 18 51 a8 ea d4 98 9f 2d 9a ee | data being hmac: 64 eb e7 22 91 4c 6c 58 02 59 dd 71 bf 79 f4 87 | data being hmac: 2f ae 3a 00 a9 41 59 d3 b7 dc 37 12 6c 02 8a 0e | data being hmac: 92 2e 5e 72 ca b1 e3 52 ea 88 e7 d5 72 54 91 60 | data being hmac: b9 62 96 18 bf 45 61 61 c3 a7 77 65 50 5f c2 b9 | data being hmac: c0 4a 91 d0 80 61 f4 9a d7 eb af 86 77 ab 44 43 | data being hmac: f1 f1 41 bd 59 14 87 7e e5 df 53 c3 a1 c0 6c 51 | data being hmac: d6 a9 e5 d8 ff f3 68 b5 f1 1b 99 9f fd f8 09 3c | data being hmac: bf 04 ec e5 98 60 a9 87 1b 2f b8 4a de 9f 67 66 | out calculated auth: | 26 56 e3 51 a2 61 c3 72 91 58 98 43 | suspend processing: state #5 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #6 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #6 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #6: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #6 to 0 after switching state | Message ID: recv #5.#6 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #5.#6 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #6: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 220 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #5) | 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | e6 bc 78 f9 0d a1 86 de 13 cd ad f5 43 27 68 88 | 77 ec 56 5c 7c 60 c6 35 24 09 9d 2c 8a 73 96 88 | 91 05 00 a2 f5 44 18 51 a8 ea d4 98 9f 2d 9a ee | 64 eb e7 22 91 4c 6c 58 02 59 dd 71 bf 79 f4 87 | 2f ae 3a 00 a9 41 59 d3 b7 dc 37 12 6c 02 8a 0e | 92 2e 5e 72 ca b1 e3 52 ea 88 e7 d5 72 54 91 60 | b9 62 96 18 bf 45 61 61 c3 a7 77 65 50 5f c2 b9 | c0 4a 91 d0 80 61 f4 9a d7 eb af 86 77 ab 44 43 | f1 f1 41 bd 59 14 87 7e e5 df 53 c3 a1 c0 6c 51 | d6 a9 e5 d8 ff f3 68 b5 f1 1b 99 9f fd f8 09 3c | bf 04 ec e5 98 60 a9 87 1b 2f b8 4a de 9f 67 66 | 26 56 e3 51 a2 61 c3 72 91 58 98 43 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5344002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 | libevent_malloc: new ptr-libevent@0x5612128fddf8 size 128 | #6 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10449.148447 | resume sending helper answer for #5 suppresed complete_v2_state_transition() | #5 spent 0.979 milliseconds in resume sending helper answer | stop processing: state #6 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f533c005088 | spent 0.0027 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 93 cd cb 4d 75 a4 a0 bc 6f 8c db 56 69 61 ab 9c | 15 c4 22 f7 69 f6 3a 16 45 f6 80 1e d3 83 1f 5f | 0b da cd 9f d4 4e 44 88 2c 75 55 41 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 33 f0 f4 e3 3a 9f 15 4f | responder cookie: | 26 2f 74 3b 36 e8 b1 a8 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #5 in PARENT_I2 (find_v2_ike_sa) | start processing: state #5 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #6 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #5 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | start processing: state #6 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #6 is idle | #6 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | #6 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x5612128e0610 (size 20) | hmac: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5e98 | result: clone-key@0x5612128e7c40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5350002b50 from symkey-key@0x5612128e7c40 | hmac prf: begin sha with context 0x7f5350002b50 from symkey-key@0x5612128e7c40 | hmac: release clone-key@0x5612128e7c40 | hmac PRF sha crypt-prf@0x5612128fbd38 | hmac PRF sha update data-bytes@0x5612128ee278 (length 64) | 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 93 cd cb 4d 75 a4 a0 bc 6f 8c db 56 69 61 ab 9c | 15 c4 22 f7 69 f6 3a 16 45 f6 80 1e d3 83 1f 5f | hmac PRF sha final-bytes@0x7ffe4aed6060 (length 20) | 0b da cd 9f d4 4e 44 88 2c 75 55 41 ab 1d e3 1d | 25 22 91 4f | data for hmac: 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | data for hmac: 93 cd cb 4d 75 a4 a0 bc 6f 8c db 56 69 61 ab 9c | data for hmac: 15 c4 22 f7 69 f6 3a 16 45 f6 80 1e d3 83 1f 5f | calculated auth: 0b da cd 9f d4 4e 44 88 2c 75 55 41 | provided auth: 0b da cd 9f d4 4e 44 88 2c 75 55 41 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 93 cd cb 4d 75 a4 a0 bc 6f 8c db 56 69 61 ab 9c | payload before decryption: | 15 c4 22 f7 69 f6 3a 16 45 f6 80 1e d3 83 1f 5f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 00 00 00 0e 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #6 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode IKE SA: process IKE_AUTH response containing unknown notification | Now let's proceed with state specific processing | calling processor IKE SA: process IKE_AUTH response containing unknown notification "aes128" #6: IKE_AUTH response contained the error notification NO_PROPOSAL_CHOSEN "aes128" #6: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #6 fd@25 .st_dev=9 .st_ino=7180511 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #5 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x5612128fddf8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5344002b78 | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5344002b78 | inserting event EVENT_RETRANSMIT, timeout in 59.995368 seconds for #6 | libevent_malloc: new ptr-libevent@0x7f533c005088 size 128 "aes128" #6: STATE_PARENT_I2: suppressing retransmits; will wait 59.995368 seconds for retry | #6 spent 0.0974 milliseconds in processing: IKE SA: process IKE_AUTH response containing unknown notification in ikev2_process_state_packet() | [RE]START processing: state #6 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #6 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #6 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #5 spent 0.261 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.268 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0354 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x5612128ee1f8} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #6 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #6 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #6 ikev2.child deleted other | #6 spent 0.0974 milliseconds in total | [RE]START processing: state #6 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #6: deleting state (STATE_PARENT_I2) aged 0.017s and NOT sending notification | child state #6: PARENT_I2(open IKE SA) => delete | child state #6: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #6 requesting EVENT_RETRANSMIT to be deleted | #6 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f533c005088 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5344002b78 | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #6 in CHILDSA_DEL | child state #6: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #6 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f534c00a0e0 | delete_state: release st->st_skey_ai_nss-key@0x5612128e9a80 | delete_state: release st->st_skey_ar_nss-key@0x5612128e0610 | delete_state: release st->st_skey_ei_nss-key@0x5612128e6190 | delete_state: release st->st_skey_er_nss-key@0x56121285f080 | delete_state: release st->st_skey_pi_nss-key@0x5612128e96a0 | delete_state: release st->st_skey_pr_nss-key@0x5612128ffbc0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #5 | start processing: state #5 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #5 ikev2.ike deleted other | #5 spent 5.18 milliseconds in total | [RE]START processing: state #5 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #5: deleting state (STATE_PARENT_I2) aged 0.023s and NOT sending notification | parent state #5: PARENT_I2(open IKE SA) => delete | state #5 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f5348002888 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f5348002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #5 in PARENT_I2 | parent state #5: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5348003a28: destroyed | stop processing: state #5 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f534c00d840 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f534c00a0e0 | delete_state: release st->st_skey_ai_nss-key@0x5612128e9a80 | delete_state: release st->st_skey_ar_nss-key@0x5612128e0610 | delete_state: release st->st_skey_ei_nss-key@0x5612128e6190 | delete_state: release st->st_skey_er_nss-key@0x56121285f080 | delete_state: release st->st_skey_pi_nss-key@0x5612128e96a0 | delete_state: release st->st_skey_pr_nss-key@0x5612128ffbc0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x5612128fbe98 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.378 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | child-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0461 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0549 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none | base impairing = suppress-retransmits | ike-key-length-attribute:DUPLICATE | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0529 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x5612128fbe98 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.148 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #7 at 0x5612129007b8 | State DB: adding IKEv2 state #7 in UNDEFINED | pstats #7 ikev2.ike started | Message ID: init #7: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #7: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #7; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #7 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #7 "aes128" "aes128" #7: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 7 for state #7 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5348002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f533c005088 size 128 | #7 spent 0.108 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 6 resuming | RESET processing: state #7 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 6 starting work-order 7 for state #7 | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 7 | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.2 milliseconds in whack | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5340003618: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5340003618 | NSS: Public DH wire value: | 6e 13 10 d9 0b db 0e 76 ce 8e 8d a9 16 aa 4c 6a | 48 18 61 df bf 08 3e 11 a4 2e 59 51 2b 85 27 50 | 7d 12 90 df e5 7b 67 52 a5 04 51 81 e5 66 66 0f | 8a 2d 15 16 e7 34 5f ae ba 86 4e 83 19 a2 19 21 | a6 70 ad fd 3f d5 91 3f b9 fa fe b8 49 f1 63 79 | 69 e3 70 80 78 5a ab 01 1d 42 12 a9 77 f4 63 0a | d8 db 9b d8 cc fe 86 98 9b 70 32 37 12 2b 37 9b | 8d 22 92 43 66 95 f6 79 09 ce 3c 40 0e 39 9d 19 | 1b 3a 8f dd 19 c6 8b df 2c cf b7 cd d0 d6 14 1d | eb 61 7f de 98 03 93 1d 93 70 88 e2 78 32 9b 52 | 9a ec 06 9f 35 d5 7c 77 c1 e1 a4 ae f3 47 14 e6 | 5b 2d 92 51 87 90 b5 0f 6a 8b 1f 60 1c 97 df c9 | 45 0d 89 1e 42 33 8b 9a 77 6d ab 11 cc 7a 4d c5 | c1 7b 17 48 8f 47 1e 5e d0 43 d7 5d cc e5 e6 40 | 10 d9 83 20 8f a3 fd da f9 b4 37 be 27 fe 4d 0b | 5a b8 d8 b5 6e bd 8e 3b 45 7e 61 de 4e 89 b7 c8 | Generated nonce: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | Generated nonce: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 7 time elapsed 0.00065 seconds | (#7) spent 0.649 milliseconds in crypto helper computing work-order 7: ikev2_outI1 KE (pcr) | crypto helper 6 sending results from work-order 7 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7f5340002888 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #7 | start processing: state #7 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 7 | calling continuation function 0x561211773b50 | ikev2_parent_outI1_continue for #7 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5340003618: transferring ownership from helper KE to state #7 | **emit ISAKMP Message: | initiator cookie: | ae 1b cd 2e da cd 37 42 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #7: IMPAIR: duplicating key-length attribute | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 16 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 52 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 6e 13 10 d9 0b db 0e 76 ce 8e 8d a9 16 aa 4c 6a | ikev2 g^x 48 18 61 df bf 08 3e 11 a4 2e 59 51 2b 85 27 50 | ikev2 g^x 7d 12 90 df e5 7b 67 52 a5 04 51 81 e5 66 66 0f | ikev2 g^x 8a 2d 15 16 e7 34 5f ae ba 86 4e 83 19 a2 19 21 | ikev2 g^x a6 70 ad fd 3f d5 91 3f b9 fa fe b8 49 f1 63 79 | ikev2 g^x 69 e3 70 80 78 5a ab 01 1d 42 12 a9 77 f4 63 0a | ikev2 g^x d8 db 9b d8 cc fe 86 98 9b 70 32 37 12 2b 37 9b | ikev2 g^x 8d 22 92 43 66 95 f6 79 09 ce 3c 40 0e 39 9d 19 | ikev2 g^x 1b 3a 8f dd 19 c6 8b df 2c cf b7 cd d0 d6 14 1d | ikev2 g^x eb 61 7f de 98 03 93 1d 93 70 88 e2 78 32 9b 52 | ikev2 g^x 9a ec 06 9f 35 d5 7c 77 c1 e1 a4 ae f3 47 14 e6 | ikev2 g^x 5b 2d 92 51 87 90 b5 0f 6a 8b 1f 60 1c 97 df c9 | ikev2 g^x 45 0d 89 1e 42 33 8b 9a 77 6d ab 11 cc 7a 4d c5 | ikev2 g^x c1 7b 17 48 8f 47 1e 5e d0 43 d7 5d cc e5 e6 40 | ikev2 g^x 10 d9 83 20 8f a3 fd da f9 b4 37 be 27 fe 4d 0b | ikev2 g^x 5a b8 d8 b5 6e bd 8e 3b 45 7e 61 de 4e 89 b7 c8 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | IKEv2 nonce 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | ae 1b cd 2e da cd 37 42 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | b6 bc dc 59 83 46 94 b7 a5 43 e5 3e a8 95 e4 6a | fa 8d 62 26 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= ae 1b cd 2e da cd 37 42 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= b6 bc dc 59 83 46 94 b7 a5 43 e5 3e a8 95 e4 6a | natd_hash: hash= fa 8d 62 26 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data b6 bc dc 59 83 46 94 b7 a5 43 e5 3e a8 95 e4 6a | Notify data fa 8d 62 26 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | ae 1b cd 2e da cd 37 42 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 43 cd 90 4f 0f 61 2b 13 69 87 35 b5 64 66 76 ef | c1 59 31 00 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= ae 1b cd 2e da cd 37 42 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 43 cd 90 4f 0f 61 2b 13 69 87 35 b5 64 66 76 ef | natd_hash: hash= c1 59 31 00 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 43 cd 90 4f 0f 61 2b 13 69 87 35 b5 64 66 76 ef | Notify data c1 59 31 00 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 444 | stop processing: state #7 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #7 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #7 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #7: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #7 to 4294967295 after switching state | Message ID: IKE #7 skipping update_recv as MD is fake | Message ID: sent #7 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #7: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 444 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | ae 1b cd 2e da cd 37 42 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 6e 13 10 d9 0b db 0e 76 | ce 8e 8d a9 16 aa 4c 6a 48 18 61 df bf 08 3e 11 | a4 2e 59 51 2b 85 27 50 7d 12 90 df e5 7b 67 52 | a5 04 51 81 e5 66 66 0f 8a 2d 15 16 e7 34 5f ae | ba 86 4e 83 19 a2 19 21 a6 70 ad fd 3f d5 91 3f | b9 fa fe b8 49 f1 63 79 69 e3 70 80 78 5a ab 01 | 1d 42 12 a9 77 f4 63 0a d8 db 9b d8 cc fe 86 98 | 9b 70 32 37 12 2b 37 9b 8d 22 92 43 66 95 f6 79 | 09 ce 3c 40 0e 39 9d 19 1b 3a 8f dd 19 c6 8b df | 2c cf b7 cd d0 d6 14 1d eb 61 7f de 98 03 93 1d | 93 70 88 e2 78 32 9b 52 9a ec 06 9f 35 d5 7c 77 | c1 e1 a4 ae f3 47 14 e6 5b 2d 92 51 87 90 b5 0f | 6a 8b 1f 60 1c 97 df c9 45 0d 89 1e 42 33 8b 9a | 77 6d ab 11 cc 7a 4d c5 c1 7b 17 48 8f 47 1e 5e | d0 43 d7 5d cc e5 e6 40 10 d9 83 20 8f a3 fd da | f9 b4 37 be 27 fe 4d 0b 5a b8 d8 b5 6e bd 8e 3b | 45 7e 61 de 4e 89 b7 c8 29 00 00 24 4b 26 a9 4a | 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 72 e1 6b 24 | a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 b6 bc dc 59 | 83 46 94 b7 a5 43 e5 3e a8 95 e4 6a fa 8d 62 26 | 00 00 00 1c 00 00 40 05 43 cd 90 4f 0f 61 2b 13 | 69 87 35 b5 64 66 76 ef c1 59 31 00 | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f533c005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5348002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #7: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5348002b78 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x5612128fddf8 size 128 | #7 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10449.59296 | resume sending helper answer for #7 suppresed complete_v2_state_transition() and stole MD | #7 spent 0.494 milliseconds in resume sending helper answer | stop processing: state #7 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5340002888 | spent 0.00302 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 71 87 60 59 b3 25 92 fa 3b f4 8b 5f | 1a 17 0f 4d 7d 66 37 9f 62 c8 11 92 3d 76 d5 ba | 1c b3 8e 0a 69 0c 33 96 e3 be d9 33 1a ba f0 50 | 1c 69 e3 89 13 93 3b b7 56 a1 38 d0 66 3a c6 34 | 0c bc 16 a6 84 9c 15 5b 7c 67 78 72 b0 d2 12 6e | 69 57 57 83 ad 5e 79 f9 af 84 3d 95 5a 51 24 24 | a7 73 2c 72 bd ce 18 86 bd a5 44 88 2b 20 f4 28 | c9 c5 4e b9 e1 5d da c7 86 81 55 fa 78 d6 ac 5c | 40 51 21 b1 82 78 e2 ff cb 55 01 41 49 1f 4b 32 | c1 4e 99 15 d6 48 35 de 58 9a ed 52 cc 4e 3e e1 | 8e b8 57 92 1f c5 80 c9 8f 05 d4 28 36 69 f7 2d | 07 50 b8 b2 77 a7 fc 61 70 fa 1f 31 15 f0 af 44 | 4e 41 f9 f9 c7 64 6a 97 95 bb be 9d 98 f3 64 c1 | 3c be d6 7a 08 cb a5 5b dd 37 e4 4d 28 3f 82 4b | a8 d2 52 b6 47 63 5e 02 b7 ee 3f 64 4b ff 18 a6 | 62 91 0f 09 0d 87 43 6e cf 69 25 ff 93 cd 07 63 | e3 bc e1 8e 29 00 00 24 a6 0a ff 48 17 18 60 6a | 3a 98 89 9e 53 40 73 53 cf c3 95 e7 0d 13 d1 e5 | fb 45 06 3e 23 4b 45 47 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 21 b4 b4 ba 04 f8 93 5f | 42 57 32 c2 61 fe 8e 04 c1 f5 4c ea 00 00 00 1c | 00 00 40 05 e6 df 5c 1d 21 4c 9f a3 6e f2 ab bb | 20 42 85 36 90 25 a8 d1 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ae 1b cd 2e da cd 37 42 | responder cookie: | 2a c7 2c 58 e6 75 73 b1 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #7 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #7 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #7 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #7 is idle | #7 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #7 IKE SPIi and SPI[ir] | #7 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | 71 87 60 59 b3 25 92 fa 3b f4 8b 5f 1a 17 0f 4d | 7d 66 37 9f 62 c8 11 92 3d 76 d5 ba 1c b3 8e 0a | 69 0c 33 96 e3 be d9 33 1a ba f0 50 1c 69 e3 89 | 13 93 3b b7 56 a1 38 d0 66 3a c6 34 0c bc 16 a6 | 84 9c 15 5b 7c 67 78 72 b0 d2 12 6e 69 57 57 83 | ad 5e 79 f9 af 84 3d 95 5a 51 24 24 a7 73 2c 72 | bd ce 18 86 bd a5 44 88 2b 20 f4 28 c9 c5 4e b9 | e1 5d da c7 86 81 55 fa 78 d6 ac 5c 40 51 21 b1 | 82 78 e2 ff cb 55 01 41 49 1f 4b 32 c1 4e 99 15 | d6 48 35 de 58 9a ed 52 cc 4e 3e e1 8e b8 57 92 | 1f c5 80 c9 8f 05 d4 28 36 69 f7 2d 07 50 b8 b2 | 77 a7 fc 61 70 fa 1f 31 15 f0 af 44 4e 41 f9 f9 | c7 64 6a 97 95 bb be 9d 98 f3 64 c1 3c be d6 7a | 08 cb a5 5b dd 37 e4 4d 28 3f 82 4b a8 d2 52 b6 | 47 63 5e 02 b7 ee 3f 64 4b ff 18 a6 62 91 0f 09 | 0d 87 43 6e cf 69 25 ff 93 cd 07 63 e3 bc e1 8e | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed60a0 (length 8) | ae 1b cd 2e da cd 37 42 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed60a8 (length 8) | 2a c7 2c 58 e6 75 73 b1 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6034 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6026 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed60b0 (length 20) | e6 df 5c 1d 21 4c 9f a3 6e f2 ab bb 20 42 85 36 | 90 25 a8 d1 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= ae 1b cd 2e da cd 37 42 | natd_hash: rcookie= 2a c7 2c 58 e6 75 73 b1 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= e6 df 5c 1d 21 4c 9f a3 6e f2 ab bb 20 42 85 36 | natd_hash: hash= 90 25 a8 d1 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed60a0 (length 8) | ae 1b cd 2e da cd 37 42 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed60a8 (length 8) | 2a c7 2c 58 e6 75 73 b1 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6034 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6026 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed60d0 (length 20) | 21 b4 b4 ba 04 f8 93 5f 42 57 32 c2 61 fe 8e 04 | c1 f5 4c ea | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= ae 1b cd 2e da cd 37 42 | natd_hash: rcookie= 2a c7 2c 58 e6 75 73 b1 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 21 b4 b4 ba 04 f8 93 5f 42 57 32 c2 61 fe 8e 04 | natd_hash: hash= c1 f5 4c ea | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f5340003618: transferring ownership from state #7 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 8 for state #7 | state #7 requesting EVENT_RETRANSMIT to be deleted | #7 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x5612128fddf8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5348002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f5340002888 size 128 | crypto helper 1 resuming | crypto helper 1 starting work-order 8 for state #7 | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 8 | peer's g: 71 87 60 59 b3 25 92 fa 3b f4 8b 5f 1a 17 0f 4d | peer's g: 7d 66 37 9f 62 c8 11 92 3d 76 d5 ba 1c b3 8e 0a | peer's g: 69 0c 33 96 e3 be d9 33 1a ba f0 50 1c 69 e3 89 | peer's g: 13 93 3b b7 56 a1 38 d0 66 3a c6 34 0c bc 16 a6 | peer's g: 84 9c 15 5b 7c 67 78 72 b0 d2 12 6e 69 57 57 83 | peer's g: ad 5e 79 f9 af 84 3d 95 5a 51 24 24 a7 73 2c 72 | peer's g: bd ce 18 86 bd a5 44 88 2b 20 f4 28 c9 c5 4e b9 | peer's g: e1 5d da c7 86 81 55 fa 78 d6 ac 5c 40 51 21 b1 | peer's g: 82 78 e2 ff cb 55 01 41 49 1f 4b 32 c1 4e 99 15 | peer's g: d6 48 35 de 58 9a ed 52 cc 4e 3e e1 8e b8 57 92 | peer's g: 1f c5 80 c9 8f 05 d4 28 36 69 f7 2d 07 50 b8 b2 | peer's g: 77 a7 fc 61 70 fa 1f 31 15 f0 af 44 4e 41 f9 f9 | peer's g: c7 64 6a 97 95 bb be 9d 98 f3 64 c1 3c be d6 7a | peer's g: 08 cb a5 5b dd 37 e4 4d 28 3f 82 4b a8 d2 52 b6 | peer's g: 47 63 5e 02 b7 ee 3f 64 4b ff 18 a6 62 91 0f 09 | peer's g: 0d 87 43 6e cf 69 25 ff 93 cd 07 63 e3 bc e1 8e | Started DH shared-secret computation in NSS: | new : g_ir-key@0x5612128ffbc0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f5340003618: computed shared DH secret key@0x5612128ffbc0 | dh-shared : g^ir-key@0x5612128ffbc0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f5354003b28 (length 64) | 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e86e0 | result: Ni | Nr-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e86c8 | result: Ni | Nr-key@0x5612128e96a0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x56121285f080 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f53540014c0 from Ni | Nr-key@0x5612128e96a0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f53540014c0 from Ni | Nr-key@0x5612128e96a0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x5612128e96a0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f5354001278 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x5612128ffbc0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x5612128ffbc0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x5612128ffbc0 | nss hmac digest hack: symkey-key@0x5612128ffbc0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)293531842: c1 34 19 d5 ee 7b 92 60 1b 61 e4 28 7f 7b 21 18 73 92 50 7e c5 95 a6 4f ec 34 9a 3b 66 b0 0b b2 f6 66 05 7e 15 d8 27 a0 8f 7e ce b5 73 fb 46 4b 53 dc ce 62 08 97 3f 71 75 96 5c e8 17 0e 05 e6 bc 9b 02 78 ca 59 5c 9e 2f 70 16 ed da 7f d6 f5 fa c6 01 de 21 a2 ce 4b ef 69 01 85 24 2f 20 58 e4 2a a1 92 f1 2c 7b 68 50 9a a4 cc cd 05 5b 1d 14 a8 e1 47 b1 06 6c 68 14 cb f9 9d 52 ee ae 1e 2f 22 d8 7c 16 f5 00 92 f7 f4 8b 2e 49 95 a2 e3 1b 18 c7 32 32 1e 1d 85 a0 c8 08 9f b0 25 38 b1 aa 44 b2 45 01 33 af 30 aa d1 50 85 ba ad 2a a0 e0 5e 40 15 7e 80 d1 3b a0 a4 fe d8 21 da aa 6f 61 85 d5 ef 79 6f cb e8 38 ff 49 f8 52 ea 51 8b 05 cb 3e dc 56 7e 5f b7 8a 36 10 74 df 4c 90 72 17 21 80 ce c1 b4 c8 35 95 94 91 4e 62 e2 fa 4f d7 b8 91 d0 96 6f 5e a6 70 e7 89 7d ea 1f e9 d3 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 256 bytes at 0x7f53540048f8 | unwrapped: a2 66 72 9b 48 28 c7 d0 bd b5 f4 4d b3 c7 38 85 | unwrapped: 9e 7f 96 e4 1b 20 45 eb 6c 0c 84 11 cb a5 7e ac | unwrapped: 75 4c 55 da ae 05 62 ce 41 66 49 44 04 bf cc be | unwrapped: 00 d4 70 8f 4d 39 66 84 a4 a5 c8 a4 cc 6d e2 e4 | unwrapped: d3 3f 2e 81 24 3d e5 69 e2 b4 f1 45 2e a3 82 c4 | unwrapped: c2 ba e9 7d c7 91 68 61 a6 e2 82 14 46 23 bf d2 | unwrapped: 1d 5d 5e 7b d3 5a 7d b8 14 81 4c 56 5e 44 ad 4f | unwrapped: 1f 9a 45 2b 07 95 3c f4 d8 1c 9c 26 26 f7 56 74 | unwrapped: fa f7 d0 2c c3 44 1e fc 75 fb 6c 4f 29 12 fa 4e | unwrapped: 74 59 cd bb db 65 7f 72 dd 39 38 bc 85 70 02 e3 | unwrapped: 6b 0c b8 d0 dd 44 9b 9f 9c 08 6f 6b 3d 9b fa 53 | unwrapped: ce b7 a9 c8 4a 85 a3 f0 5d 3d 28 30 5e ef ea 2e | unwrapped: bd 78 0f d4 19 93 8f e3 30 01 6b 01 bc ad 6d 5a | unwrapped: 73 dd 52 97 95 50 06 d6 44 6e 45 4a 5c fd 89 89 | unwrapped: 1d 65 14 26 e5 e5 9b 5a a1 b2 d6 1b f5 1a 39 c6 | unwrapped: e4 9e a2 9b 46 c3 b5 98 d9 81 b4 14 63 e6 41 b4 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8700 | result: final-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e86e8 | result: final-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x56121285f080 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x5612128e96a0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8670 | result: data=Ni-key@0x5612128e6190 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5612128e6190 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8658 | result: data=Ni-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5612128e6190 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535d1e8660 | result: data+=Nr-key@0x5612128e6190 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x56121285f080 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e6190 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535d1e8660 | result: data+=SPIi-key@0x56121285f080 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e6190 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285f080 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535d1e8660 | #7 spent 0.278 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | result: data+=SPIr-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | [RE]START processing: state #7 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #7 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #7 and saving MD | #7 is busy; has a suspended MD | append_symkey_bytes: release lhs-key@0x56121285f080 | [RE]START processing: state #7 connection "aes128" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) | prf+0 PRF sha init key-key@0x5612128e96a0 (size 20) | "aes128" #7 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | prf+0: key-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | stop processing: state #7 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | EXTRACT_KEY_FROM_KEY: | #7 spent 0.521 milliseconds in ikev2_process_packet() | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8588 | result: clone-key@0x56121285f080 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f53540014c0 from key-key@0x56121285f080 | prf+0 prf: begin sha with context 0x7f53540014c0 from key-key@0x56121285f080 | prf+0: release clone-key@0x56121285f080 | prf+0 PRF sha crypt-prf@0x7f5354002168 | prf+0 PRF sha update seed-key@0x5612128e6190 (size 80) | prf+0: seed-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 45 23 c7 a8 56 6f bc b0 6e 66 a5 b8 de 9e b0 37 ee 78 29 68 ad 20 3c 3f ff b4 0e 5c 94 e6 de 43 ac 76 74 e5 4f 06 26 64 31 5f 00 a6 c7 f0 89 27 92 c9 b3 79 3c 4e 8c 73 9d 3e ca 9a d8 83 f4 54 a1 6f 23 ce 3e b8 56 10 dd 58 5b 60 c9 5a 56 8d | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5354005ab8 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | unwrapped: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8590 | result: final-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8578 | result: final-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e0610 | prf+0 PRF sha final-key@0x56121285f080 (size 20) | prf+0: key-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x56121285f080 | prf+N PRF sha init key-key@0x5612128e96a0 (size 20) | prf+N: key-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8588 | result: clone-key@0x5612128e0610 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f53540014c0 from key-key@0x5612128e0610 | prf+N prf: begin sha with context 0x7f53540014c0 from key-key@0x5612128e0610 | prf+N: release clone-key@0x5612128e0610 | prf+N PRF sha crypt-prf@0x7f5354004c28 | prf+N PRF sha update old_t-key@0x56121285f080 (size 20) | prf+N: old_t-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 77 2b c5 50 c6 b2 43 b8 82 b7 07 61 e5 02 f8 54 86 15 ca f0 84 4e c9 78 d3 57 08 be 5f 15 0a fe | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5354002b28 | unwrapped: 48 2a e4 9b 97 54 29 54 6d ea 05 d3 cb 29 13 e3 | unwrapped: 9f ef 1d 06 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e6190 (size 80) | prf+N: seed-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 45 23 c7 a8 56 6f bc b0 6e 66 a5 b8 de 9e b0 37 ee 78 29 68 ad 20 3c 3f ff b4 0e 5c 94 e6 de 43 ac 76 74 e5 4f 06 26 64 31 5f 00 a6 c7 f0 89 27 92 c9 b3 79 3c 4e 8c 73 9d 3e ca 9a d8 83 f4 54 a1 6f 23 ce 3e b8 56 10 dd 58 5b 60 c9 5a 56 8d | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5354005a38 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | unwrapped: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8590 | result: final-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8578 | result: final-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e9a80 | prf+N PRF sha final-key@0x5612128e0610 (size 20) | prf+N: key-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d1e8608 | result: result-key@0x5612128e9a80 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x56121285f080 | prfplus: release old_t[N]-key@0x56121285f080 | prf+N PRF sha init key-key@0x5612128e96a0 (size 20) | prf+N: key-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8588 | result: clone-key@0x56121285f080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f53540014c0 from key-key@0x56121285f080 | prf+N prf: begin sha with context 0x7f53540014c0 from key-key@0x56121285f080 | prf+N: release clone-key@0x56121285f080 | prf+N PRF sha crypt-prf@0x7f5354002168 | prf+N PRF sha update old_t-key@0x5612128e0610 (size 20) | prf+N: old_t-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 51 55 2e c8 44 c6 8a 60 39 33 a1 0c 0e d7 90 be 7f a5 b2 88 b5 49 5f 78 4a 22 f8 ca a5 1b a3 61 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5354001278 | unwrapped: ef e1 4a bc bc 66 bb 76 31 42 84 aa f4 ba 44 1b | unwrapped: 64 ca 3f a4 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e6190 (size 80) | prf+N: seed-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 45 23 c7 a8 56 6f bc b0 6e 66 a5 b8 de 9e b0 37 ee 78 29 68 ad 20 3c 3f ff b4 0e 5c 94 e6 de 43 ac 76 74 e5 4f 06 26 64 31 5f 00 a6 c7 f0 89 27 92 c9 b3 79 3c 4e 8c 73 9d 3e ca 9a d8 83 f4 54 a1 6f 23 ce 3e b8 56 10 dd 58 5b 60 c9 5a 56 8d | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5354005ab8 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | unwrapped: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8590 | result: final-key@0x7f534c00a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8578 | result: final-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f534c00a0e0 | prf+N PRF sha final-key@0x56121285f080 (size 20) | prf+N: key-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e9a80 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d1e8608 | result: result-key@0x7f534c00a0e0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e9a80 | prfplus: release old_t[N]-key@0x5612128e0610 | prf+N PRF sha init key-key@0x5612128e96a0 (size 20) | prf+N: key-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8588 | result: clone-key@0x5612128e0610 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f53540014c0 from key-key@0x5612128e0610 | prf+N prf: begin sha with context 0x7f53540014c0 from key-key@0x5612128e0610 | prf+N: release clone-key@0x5612128e0610 | prf+N PRF sha crypt-prf@0x7f5354002b28 | prf+N PRF sha update old_t-key@0x56121285f080 (size 20) | prf+N: old_t-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: f4 88 b3 53 41 af 0f f2 5a 11 9e 5f 76 23 d5 e8 dc 37 06 f9 d9 dc f8 66 6d 8d fd 19 dd a3 a2 ae | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5354005d08 | unwrapped: 42 97 96 4e ef 30 33 95 03 99 f0 6e 16 27 a1 7c | unwrapped: cf 9d 8e 6d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e6190 (size 80) | prf+N: seed-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 45 23 c7 a8 56 6f bc b0 6e 66 a5 b8 de 9e b0 37 ee 78 29 68 ad 20 3c 3f ff b4 0e 5c 94 e6 de 43 ac 76 74 e5 4f 06 26 64 31 5f 00 a6 c7 f0 89 27 92 c9 b3 79 3c 4e 8c 73 9d 3e ca 9a d8 83 f4 54 a1 6f 23 ce 3e b8 56 10 dd 58 5b 60 c9 5a 56 8d | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5354005a38 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | unwrapped: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8590 | result: final-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8578 | result: final-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e9a80 | prf+N PRF sha final-key@0x5612128e0610 (size 20) | prf+N: key-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f534c00a0e0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d1e8608 | result: result-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f534c00a0e0 | prfplus: release old_t[N]-key@0x56121285f080 | prf+N PRF sha init key-key@0x5612128e96a0 (size 20) | prf+N: key-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8588 | result: clone-key@0x56121285f080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f53540014c0 from key-key@0x56121285f080 | prf+N prf: begin sha with context 0x7f53540014c0 from key-key@0x56121285f080 | prf+N: release clone-key@0x56121285f080 | prf+N PRF sha crypt-prf@0x7f5354004c28 | prf+N PRF sha update old_t-key@0x5612128e0610 (size 20) | prf+N: old_t-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 82 e8 e2 b4 c6 63 b2 63 32 c9 17 0b 48 f7 c9 86 c5 b5 55 6c 16 01 e2 df 24 08 87 4b 6d 46 13 46 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5354001278 | unwrapped: a3 f3 8e 87 31 ee d0 9a 69 a7 f0 ea a9 e1 19 51 | unwrapped: 55 0a 7b be 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e6190 (size 80) | prf+N: seed-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 45 23 c7 a8 56 6f bc b0 6e 66 a5 b8 de 9e b0 37 ee 78 29 68 ad 20 3c 3f ff b4 0e 5c 94 e6 de 43 ac 76 74 e5 4f 06 26 64 31 5f 00 a6 c7 f0 89 27 92 c9 b3 79 3c 4e 8c 73 9d 3e ca 9a d8 83 f4 54 a1 6f 23 ce 3e b8 56 10 dd 58 5b 60 c9 5a 56 8d | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5354005ab8 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | unwrapped: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8590 | result: final-key@0x7f534c00a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8578 | result: final-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f534c00a0e0 | prf+N PRF sha final-key@0x56121285f080 (size 20) | prf+N: key-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d1e8608 | result: result-key@0x7f534c00a0e0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e9a80 | prfplus: release old_t[N]-key@0x5612128e0610 | prf+N PRF sha init key-key@0x5612128e96a0 (size 20) | prf+N: key-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8588 | result: clone-key@0x5612128e0610 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5354001530 from key-key@0x5612128e0610 | prf+N prf: begin sha with context 0x7f5354001530 from key-key@0x5612128e0610 | prf+N: release clone-key@0x5612128e0610 | prf+N PRF sha crypt-prf@0x7f5354002168 | prf+N PRF sha update old_t-key@0x56121285f080 (size 20) | prf+N: old_t-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 43 cd bb 6e 18 56 21 cf b4 56 cf d7 85 8c 66 3d a4 0f 85 e0 c3 d3 d1 1d a2 e7 99 38 8a 70 75 fe | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5354002b28 | unwrapped: d6 4d 85 00 cb 53 ed 1d 29 b7 c7 22 07 48 24 cc | unwrapped: 51 9d 71 76 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e6190 (size 80) | prf+N: seed-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 45 23 c7 a8 56 6f bc b0 6e 66 a5 b8 de 9e b0 37 ee 78 29 68 ad 20 3c 3f ff b4 0e 5c 94 e6 de 43 ac 76 74 e5 4f 06 26 64 31 5f 00 a6 c7 f0 89 27 92 c9 b3 79 3c 4e 8c 73 9d 3e ca 9a d8 83 f4 54 a1 6f 23 ce 3e b8 56 10 dd 58 5b 60 c9 5a 56 8d | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5354005a38 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | unwrapped: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8590 | result: final-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8578 | result: final-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e9a80 | prf+N PRF sha final-key@0x5612128e0610 (size 20) | prf+N: key-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f534c00a0e0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d1e8608 | result: result-key@0x5612128e9a80 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f534c00a0e0 | prfplus: release old_t[N]-key@0x56121285f080 | prf+N PRF sha init key-key@0x5612128e96a0 (size 20) | prf+N: key-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8588 | result: clone-key@0x56121285f080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f53540014c0 from key-key@0x56121285f080 | prf+N prf: begin sha with context 0x7f53540014c0 from key-key@0x56121285f080 | prf+N: release clone-key@0x56121285f080 | prf+N PRF sha crypt-prf@0x7f5354004c28 | prf+N PRF sha update old_t-key@0x5612128e0610 (size 20) | prf+N: old_t-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: c8 94 19 41 bd b8 14 b4 bf a8 9d 16 b6 24 2c a3 2c 37 39 1d 7c c5 6c d9 fa 36 c4 48 2f fa 05 91 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5354001278 | unwrapped: 6b f3 79 84 49 70 8b 1f fe cc 90 fa ae c6 d7 a5 | unwrapped: 03 a8 45 37 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e6190 (size 80) | prf+N: seed-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 45 23 c7 a8 56 6f bc b0 6e 66 a5 b8 de 9e b0 37 ee 78 29 68 ad 20 3c 3f ff b4 0e 5c 94 e6 de 43 ac 76 74 e5 4f 06 26 64 31 5f 00 a6 c7 f0 89 27 92 c9 b3 79 3c 4e 8c 73 9d 3e ca 9a d8 83 f4 54 a1 6f 23 ce 3e b8 56 10 dd 58 5b 60 c9 5a 56 8d | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5354006aa8 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | unwrapped: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8590 | result: final-key@0x7f534c00a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8578 | result: final-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f534c00a0e0 | prf+N PRF sha final-key@0x56121285f080 (size 20) | prf+N: key-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e9a80 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d1e8608 | result: result-key@0x7f534c00a0e0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e9a80 | prfplus: release old_t[N]-key@0x5612128e0610 | prfplus: release old_t[final]-key@0x56121285f080 | ike_sa_keymat: release data-key@0x5612128e6190 | calc_skeyseed_v2: release skeyseed_k-key@0x5612128e96a0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e87a8 | result: result-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e87a8 | result: result-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e87a8 | result: result-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f534c00a0e0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e87b8 | result: SK_ei_k-key@0x5612128e0610 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f534c00a0e0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e87b8 | result: SK_er_k-key@0x5612128e9a80 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e87b8 | result: result-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f534c00d840 | chunk_SK_pi: symkey-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 11 e9 81 13 15 a0 3a 7d 75 f2 f1 fd 2e 08 f3 9e 29 5f ae 58 dd 04 fb 8c fa 54 0f 8a 68 3f 0b e8 | chunk_SK_pi: release slot-key-key@0x5612128e2eb0 | chunk_SK_pi extracted len 32 bytes at 0x7f5354002168 | unwrapped: 07 48 24 cc 51 9d 71 76 6b f3 79 84 49 70 8b 1f | unwrapped: fe cc 90 fa 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e87b8 | result: result-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x5612128e7c40 | chunk_SK_pr: symkey-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: da 28 91 9d 64 38 c5 1e fb 93 11 e6 80 73 6d 24 8e ac 51 78 fa fd 73 02 f0 9e b3 7a e5 98 28 9d | chunk_SK_pr: release slot-key-key@0x5612128e2eb0 | chunk_SK_pr extracted len 32 bytes at 0x7f5354001278 | unwrapped: ae c6 d7 a5 03 a8 45 37 3c c4 24 93 10 6c 6b 76 | unwrapped: 1d 8b 81 2d 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f534c00a0e0 | calc_skeyseed_v2 pointers: shared-key@0x5612128ffbc0, SK_d-key@0x5612128e96a0, SK_ai-key@0x5612128e6190, SK_ar-key@0x56121285f080, SK_ei-key@0x5612128e0610, SK_er-key@0x5612128e9a80, SK_pi-key@0x7f534c00d840, SK_pr-key@0x5612128e7c40 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 07 48 24 cc 51 9d 71 76 6b f3 79 84 49 70 8b 1f | fe cc 90 fa | calc_skeyseed_v2 SK_pr | ae c6 d7 a5 03 a8 45 37 3c c4 24 93 10 6c 6b 76 | 1d 8b 81 2d | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 8 time elapsed 0.0029 seconds | (#7) spent 2.83 milliseconds in crypto helper computing work-order 8: ikev2_inR1outI2 KE (pcr) | crypto helper 1 sending results from work-order 8 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7f5354004628 size 128 | crypto helper 1 waiting (nothing to do) | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.541 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #7 | start processing: state #7 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 8 | calling continuation function 0x561211773b50 | ikev2_parent_inR1outI2_continue for #7: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f5340003618: transferring ownership from helper IKEv2 DH to state #7 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #8 at 0x5612129063e8 | State DB: adding IKEv2 state #8 in UNDEFINED | pstats #8 ikev2.child started | duplicating state object #7 "aes128" as #8 for IPSEC SA | #8 setting local endpoint to 192.1.2.45:500 from #7.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x5612128e96a0 | duplicate_state: reference st_skey_ai_nss-key@0x5612128e6190 | duplicate_state: reference st_skey_ar_nss-key@0x56121285f080 | duplicate_state: reference st_skey_ei_nss-key@0x5612128e0610 | duplicate_state: reference st_skey_er_nss-key@0x5612128e9a80 | duplicate_state: reference st_skey_pi_nss-key@0x7f534c00d840 | duplicate_state: reference st_skey_pr_nss-key@0x5612128e7c40 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #7.#8; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #7 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #7.#8 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5340002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f5340002b78 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f5340002888 size 128 | parent state #7: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | ae 1b cd 2e da cd 37 42 | responder cookie: | 2a c7 2c 58 e6 75 73 b1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x7f534c00d840 (size 20) | hmac: symkey-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed6138 | result: clone-key@0x7f534c00a0e0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5344002b50 from symkey-key@0x7f534c00a0e0 | hmac prf: begin sha with context 0x7f5344002b50 from symkey-key@0x7f534c00a0e0 | hmac: release clone-key@0x7f534c00a0e0 | hmac PRF sha crypt-prf@0x5612128fc418 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x5612118718f4 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffe4aed64d0 (length 20) | db 33 8e 86 c2 56 eb 2e cf bd 3b 87 00 65 50 c5 | bb b3 ca 83 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x561212854c48 (line=1) | concluding with best_match=014 best=0x561212854c48 (lineno=1) | inputs to hash1 (first packet) | ae 1b cd 2e da cd 37 42 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 6e 13 10 d9 0b db 0e 76 | ce 8e 8d a9 16 aa 4c 6a 48 18 61 df bf 08 3e 11 | a4 2e 59 51 2b 85 27 50 7d 12 90 df e5 7b 67 52 | a5 04 51 81 e5 66 66 0f 8a 2d 15 16 e7 34 5f ae | ba 86 4e 83 19 a2 19 21 a6 70 ad fd 3f d5 91 3f | b9 fa fe b8 49 f1 63 79 69 e3 70 80 78 5a ab 01 | 1d 42 12 a9 77 f4 63 0a d8 db 9b d8 cc fe 86 98 | 9b 70 32 37 12 2b 37 9b 8d 22 92 43 66 95 f6 79 | 09 ce 3c 40 0e 39 9d 19 1b 3a 8f dd 19 c6 8b df | 2c cf b7 cd d0 d6 14 1d eb 61 7f de 98 03 93 1d | 93 70 88 e2 78 32 9b 52 9a ec 06 9f 35 d5 7c 77 | c1 e1 a4 ae f3 47 14 e6 5b 2d 92 51 87 90 b5 0f | 6a 8b 1f 60 1c 97 df c9 45 0d 89 1e 42 33 8b 9a | 77 6d ab 11 cc 7a 4d c5 c1 7b 17 48 8f 47 1e 5e | d0 43 d7 5d cc e5 e6 40 10 d9 83 20 8f a3 fd da | f9 b4 37 be 27 fe 4d 0b 5a b8 d8 b5 6e bd 8e 3b | 45 7e 61 de 4e 89 b7 c8 29 00 00 24 4b 26 a9 4a | 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 72 e1 6b 24 | a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 b6 bc dc 59 | 83 46 94 b7 a5 43 e5 3e a8 95 e4 6a fa 8d 62 26 | 00 00 00 1c 00 00 40 05 43 cd 90 4f 0f 61 2b 13 | 69 87 35 b5 64 66 76 ef c1 59 31 00 | create: initiator inputs to hash2 (responder nonce) | a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | idhash db 33 8e 86 c2 56 eb 2e cf bd 3b 87 00 65 50 c5 | idhash bb b3 ca 83 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5612128e2e08 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5f20 | result: shared secret-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f08 | result: shared secret-key@0x7f534c00a0e0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f5344002b50 from shared secret-key@0x7f534c00a0e0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f5344002b50 from shared secret-key@0x7f534c00a0e0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f534c00a0e0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5612128fbf78 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5612118064d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5f40 | result: final-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f28 | result: final-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f534c00a0e0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f534c00a0e0 (size 20) | = prf(, ): -key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f38 | result: clone-key@0x5612128fa5c0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f5344002b50 from -key@0x5612128fa5c0 | = prf(, ) prf: begin sha with context 0x7f5344002b50 from -key@0x5612128fa5c0 | = prf(, ): release clone-key@0x5612128fa5c0 | = prf(, ) PRF sha crypt-prf@0x5612128fc418 | = prf(, ) PRF sha update first-packet-bytes@0x5612128fe5e8 (length 444) | ae 1b cd 2e da cd 37 42 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 6e 13 10 d9 0b db 0e 76 | ce 8e 8d a9 16 aa 4c 6a 48 18 61 df bf 08 3e 11 | a4 2e 59 51 2b 85 27 50 7d 12 90 df e5 7b 67 52 | a5 04 51 81 e5 66 66 0f 8a 2d 15 16 e7 34 5f ae | ba 86 4e 83 19 a2 19 21 a6 70 ad fd 3f d5 91 3f | b9 fa fe b8 49 f1 63 79 69 e3 70 80 78 5a ab 01 | 1d 42 12 a9 77 f4 63 0a d8 db 9b d8 cc fe 86 98 | 9b 70 32 37 12 2b 37 9b 8d 22 92 43 66 95 f6 79 | 09 ce 3c 40 0e 39 9d 19 1b 3a 8f dd 19 c6 8b df | 2c cf b7 cd d0 d6 14 1d eb 61 7f de 98 03 93 1d | 93 70 88 e2 78 32 9b 52 9a ec 06 9f 35 d5 7c 77 | c1 e1 a4 ae f3 47 14 e6 5b 2d 92 51 87 90 b5 0f | 6a 8b 1f 60 1c 97 df c9 45 0d 89 1e 42 33 8b 9a | 77 6d ab 11 cc 7a 4d c5 c1 7b 17 48 8f 47 1e 5e | d0 43 d7 5d cc e5 e6 40 10 d9 83 20 8f a3 fd da | f9 b4 37 be 27 fe 4d 0b 5a b8 d8 b5 6e bd 8e 3b | 45 7e 61 de 4e 89 b7 c8 29 00 00 24 4b 26 a9 4a | 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 72 e1 6b 24 | a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 b6 bc dc 59 | 83 46 94 b7 a5 43 e5 3e a8 95 e4 6a fa 8d 62 26 | 00 00 00 1c 00 00 40 05 43 cd 90 4f 0f 61 2b 13 | 69 87 35 b5 64 66 76 ef c1 59 31 00 | = prf(, ) PRF sha update nonce-bytes@0x561212900298 (length 32) | a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | = prf(, ) PRF sha update hash-bytes@0x7ffe4aed64d0 (length 20) | db 33 8e 86 c2 56 eb 2e cf bd 3b 87 00 65 50 c5 | bb b3 ca 83 | = prf(, ) PRF sha final-chunk@0x5612128fbc38 (length 20) | a5 38 a9 d4 2c ec 34 f6 eb db fc 5e 87 e2 81 95 | e0 69 96 e9 | psk_auth: release prf-psk-key@0x7f534c00a0e0 | PSK auth octets a5 38 a9 d4 2c ec 34 f6 eb db fc 5e 87 e2 81 95 | PSK auth octets e0 69 96 e9 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth a5 38 a9 d4 2c ec 34 f6 eb db fc 5e 87 e2 81 95 | PSK auth e0 69 96 e9 | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #7 | netlink_get_spi: allocated 0xf428fd6d for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi f4 28 fd 6d | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 192 | emitting length of ISAKMP Message: 220 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 29 40 d7 fe 9a 66 21 17 14 12 14 e8 72 a6 a7 ae | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | a5 38 a9 d4 2c ec 34 f6 eb db fc 5e 87 e2 81 95 | e0 69 96 e9 2c 00 00 2c 00 00 00 28 01 03 04 03 | f4 28 fd 6d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 27 cf b8 77 30 e6 ed e4 06 5e 1f 3a c8 d7 07 1d | e5 cd 4a 8b 0a b3 53 c2 44 40 ef b4 dd 73 ad 30 | 3c 3c 43 e8 fa 7d 15 e6 d1 3e 5c 7e 61 13 f7 7f | 01 a4 4a 5d 87 ee 70 2f 92 05 dc d6 8b f2 e7 f8 | b6 01 2c 9b 10 d9 5a 00 7b 5e 0a fc 2e db 65 a0 | 26 f0 f0 ae 61 c3 26 6a 90 22 48 a2 8c 48 eb aa | ec 7c 10 f2 df 32 49 65 c9 2c 26 30 84 3d c2 2a | d1 41 d1 93 b8 f3 0f 3f 38 b2 15 d7 18 80 21 c7 | 9f 2f 1b 84 fd 20 2e bc c1 a9 03 be 6c c6 c6 49 | f8 f4 40 7c 2c be 21 b5 0d 73 8e 37 10 79 e7 0a | hmac PRF sha init symkey-key@0x5612128e6190 (size 20) | hmac: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed6048 | result: clone-key@0x7f534c00a0e0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5344002b50 from symkey-key@0x7f534c00a0e0 | hmac prf: begin sha with context 0x7f5344002b50 from symkey-key@0x7f534c00a0e0 | hmac: release clone-key@0x7f534c00a0e0 | hmac PRF sha crypt-prf@0x5612128fbf78 | hmac PRF sha update data-bytes@0x5612118718c0 (length 208) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 29 40 d7 fe 9a 66 21 17 14 12 14 e8 72 a6 a7 ae | 27 cf b8 77 30 e6 ed e4 06 5e 1f 3a c8 d7 07 1d | e5 cd 4a 8b 0a b3 53 c2 44 40 ef b4 dd 73 ad 30 | 3c 3c 43 e8 fa 7d 15 e6 d1 3e 5c 7e 61 13 f7 7f | 01 a4 4a 5d 87 ee 70 2f 92 05 dc d6 8b f2 e7 f8 | b6 01 2c 9b 10 d9 5a 00 7b 5e 0a fc 2e db 65 a0 | 26 f0 f0 ae 61 c3 26 6a 90 22 48 a2 8c 48 eb aa | ec 7c 10 f2 df 32 49 65 c9 2c 26 30 84 3d c2 2a | d1 41 d1 93 b8 f3 0f 3f 38 b2 15 d7 18 80 21 c7 | 9f 2f 1b 84 fd 20 2e bc c1 a9 03 be 6c c6 c6 49 | f8 f4 40 7c 2c be 21 b5 0d 73 8e 37 10 79 e7 0a | hmac PRF sha final-bytes@0x561211871990 (length 20) | 35 36 d1 7b 75 e4 7f e6 c1 fb 7b a1 ac 87 1e 93 | 01 fb 5c 75 | data being hmac: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data being hmac: 29 40 d7 fe 9a 66 21 17 14 12 14 e8 72 a6 a7 ae | data being hmac: 27 cf b8 77 30 e6 ed e4 06 5e 1f 3a c8 d7 07 1d | data being hmac: e5 cd 4a 8b 0a b3 53 c2 44 40 ef b4 dd 73 ad 30 | data being hmac: 3c 3c 43 e8 fa 7d 15 e6 d1 3e 5c 7e 61 13 f7 7f | data being hmac: 01 a4 4a 5d 87 ee 70 2f 92 05 dc d6 8b f2 e7 f8 | data being hmac: b6 01 2c 9b 10 d9 5a 00 7b 5e 0a fc 2e db 65 a0 | data being hmac: 26 f0 f0 ae 61 c3 26 6a 90 22 48 a2 8c 48 eb aa | data being hmac: ec 7c 10 f2 df 32 49 65 c9 2c 26 30 84 3d c2 2a | data being hmac: d1 41 d1 93 b8 f3 0f 3f 38 b2 15 d7 18 80 21 c7 | data being hmac: 9f 2f 1b 84 fd 20 2e bc c1 a9 03 be 6c c6 c6 49 | data being hmac: f8 f4 40 7c 2c be 21 b5 0d 73 8e 37 10 79 e7 0a | out calculated auth: | 35 36 d1 7b 75 e4 7f e6 c1 fb 7b a1 | suspend processing: state #7 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #8 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #8 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #8: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #8 to 0 after switching state | Message ID: recv #7.#8 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #7.#8 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #8: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 220 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 29 40 d7 fe 9a 66 21 17 14 12 14 e8 72 a6 a7 ae | 27 cf b8 77 30 e6 ed e4 06 5e 1f 3a c8 d7 07 1d | e5 cd 4a 8b 0a b3 53 c2 44 40 ef b4 dd 73 ad 30 | 3c 3c 43 e8 fa 7d 15 e6 d1 3e 5c 7e 61 13 f7 7f | 01 a4 4a 5d 87 ee 70 2f 92 05 dc d6 8b f2 e7 f8 | b6 01 2c 9b 10 d9 5a 00 7b 5e 0a fc 2e db 65 a0 | 26 f0 f0 ae 61 c3 26 6a 90 22 48 a2 8c 48 eb aa | ec 7c 10 f2 df 32 49 65 c9 2c 26 30 84 3d c2 2a | d1 41 d1 93 b8 f3 0f 3f 38 b2 15 d7 18 80 21 c7 | 9f 2f 1b 84 fd 20 2e bc c1 a9 03 be 6c c6 c6 49 | f8 f4 40 7c 2c be 21 b5 0d 73 8e 37 10 79 e7 0a | 35 36 d1 7b 75 e4 7f e6 c1 fb 7b a1 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #8: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5344002b78 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #8 | libevent_malloc: new ptr-libevent@0x5612128fe198 size 128 | #8 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10449.599817 | resume sending helper answer for #7 suppresed complete_v2_state_transition() | #7 spent 1.15 milliseconds in resume sending helper answer | stop processing: state #8 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5354004628 | spent 0.00291 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 204 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | df b7 e6 d4 ad 7f 01 eb 59 a4 71 07 9e c1 4e 49 | f5 6d 89 01 85 cb 4a 8a ee 5b 29 94 97 b2 39 8d | 95 0d d9 25 a0 70 bb c7 ec ac 6c 19 ce f6 15 13 | 61 eb 82 30 22 fc 91 af 86 16 ee ec a7 d4 69 cf | 60 96 29 e7 8b 4b ad 98 99 3c 0d 94 0c 3a 48 c9 | 00 58 d6 f7 f4 ed 83 cd 94 08 42 3d 10 6f b6 79 | a1 e3 3f 08 3c 45 93 db ef 9c c8 75 35 69 e3 59 | a8 88 bc af 56 71 f4 0c 11 9e ca b3 82 8a e2 0e | 22 89 13 aa 95 e4 40 eb 4c 1f e8 e5 34 1d ae 48 | d3 3b 4e 42 5f ad ea 56 c3 b4 fa 01 d1 75 01 eb | ac a5 1a a5 0c fe ad 56 90 50 0b 17 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ae 1b cd 2e da cd 37 42 | responder cookie: | 2a c7 2c 58 e6 75 73 b1 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 204 (0xcc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #7 in PARENT_I2 (find_v2_ike_sa) | start processing: state #7 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #8 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #7 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | start processing: state #8 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #8 is idle | #8 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 176 (0xb0) | processing payload: ISAKMP_NEXT_v2SK (len=172) | #8 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x56121285f080 (size 20) | hmac: symkey-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5e98 | result: clone-key@0x7f534c00a0e0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5350002b50 from symkey-key@0x7f534c00a0e0 | hmac prf: begin sha with context 0x7f5350002b50 from symkey-key@0x7f534c00a0e0 | hmac: release clone-key@0x7f534c00a0e0 | hmac PRF sha crypt-prf@0x5612128fc418 | hmac PRF sha update data-bytes@0x56121288e368 (length 192) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | df b7 e6 d4 ad 7f 01 eb 59 a4 71 07 9e c1 4e 49 | f5 6d 89 01 85 cb 4a 8a ee 5b 29 94 97 b2 39 8d | 95 0d d9 25 a0 70 bb c7 ec ac 6c 19 ce f6 15 13 | 61 eb 82 30 22 fc 91 af 86 16 ee ec a7 d4 69 cf | 60 96 29 e7 8b 4b ad 98 99 3c 0d 94 0c 3a 48 c9 | 00 58 d6 f7 f4 ed 83 cd 94 08 42 3d 10 6f b6 79 | a1 e3 3f 08 3c 45 93 db ef 9c c8 75 35 69 e3 59 | a8 88 bc af 56 71 f4 0c 11 9e ca b3 82 8a e2 0e | 22 89 13 aa 95 e4 40 eb 4c 1f e8 e5 34 1d ae 48 | d3 3b 4e 42 5f ad ea 56 c3 b4 fa 01 d1 75 01 eb | hmac PRF sha final-bytes@0x7ffe4aed6060 (length 20) | ac a5 1a a5 0c fe ad 56 90 50 0b 17 07 9c a2 53 | 11 32 5d 62 | data for hmac: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data for hmac: df b7 e6 d4 ad 7f 01 eb 59 a4 71 07 9e c1 4e 49 | data for hmac: f5 6d 89 01 85 cb 4a 8a ee 5b 29 94 97 b2 39 8d | data for hmac: 95 0d d9 25 a0 70 bb c7 ec ac 6c 19 ce f6 15 13 | data for hmac: 61 eb 82 30 22 fc 91 af 86 16 ee ec a7 d4 69 cf | data for hmac: 60 96 29 e7 8b 4b ad 98 99 3c 0d 94 0c 3a 48 c9 | data for hmac: 00 58 d6 f7 f4 ed 83 cd 94 08 42 3d 10 6f b6 79 | data for hmac: a1 e3 3f 08 3c 45 93 db ef 9c c8 75 35 69 e3 59 | data for hmac: a8 88 bc af 56 71 f4 0c 11 9e ca b3 82 8a e2 0e | data for hmac: 22 89 13 aa 95 e4 40 eb 4c 1f e8 e5 34 1d ae 48 | data for hmac: d3 3b 4e 42 5f ad ea 56 c3 b4 fa 01 d1 75 01 eb | calculated auth: ac a5 1a a5 0c fe ad 56 90 50 0b 17 | provided auth: ac a5 1a a5 0c fe ad 56 90 50 0b 17 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | df b7 e6 d4 ad 7f 01 eb 59 a4 71 07 9e c1 4e 49 | payload before decryption: | f5 6d 89 01 85 cb 4a 8a ee 5b 29 94 97 b2 39 8d | 95 0d d9 25 a0 70 bb c7 ec ac 6c 19 ce f6 15 13 | 61 eb 82 30 22 fc 91 af 86 16 ee ec a7 d4 69 cf | 60 96 29 e7 8b 4b ad 98 99 3c 0d 94 0c 3a 48 c9 | 00 58 d6 f7 f4 ed 83 cd 94 08 42 3d 10 6f b6 79 | a1 e3 3f 08 3c 45 93 db ef 9c c8 75 35 69 e3 59 | a8 88 bc af 56 71 f4 0c 11 9e ca b3 82 8a e2 0e | 22 89 13 aa 95 e4 40 eb 4c 1f e8 e5 34 1d ae 48 | d3 3b 4e 42 5f ad ea 56 c3 b4 fa 01 d1 75 01 eb | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 7e c7 68 b4 10 95 1f 13 62 fd e4 08 | 35 ae 04 fb 38 10 19 e5 2c 00 00 2c 00 00 00 28 | 01 03 04 03 81 55 e5 6f 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | stripping 12 octets as pad | #8 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "aes128" #8: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x5612128e7c40 (size 20) | hmac: symkey-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5fc8 | result: clone-key@0x7f534c00a0e0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5350002b50 from symkey-key@0x7f534c00a0e0 | hmac prf: begin sha with context 0x7f5350002b50 from symkey-key@0x7f534c00a0e0 | hmac: release clone-key@0x7f534c00a0e0 | hmac PRF sha crypt-prf@0x5612128fbf78 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x56121288e39c (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffe4aed6120 (length 20) | ba f8 a7 95 21 9b f4 40 d5 9d 1f f2 d7 9a 1f 28 | 69 75 43 a7 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x561212854c48 (line=1) | concluding with best_match=014 best=0x561212854c48 (lineno=1) | inputs to hash1 (first packet) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 71 87 60 59 b3 25 92 fa 3b f4 8b 5f | 1a 17 0f 4d 7d 66 37 9f 62 c8 11 92 3d 76 d5 ba | 1c b3 8e 0a 69 0c 33 96 e3 be d9 33 1a ba f0 50 | 1c 69 e3 89 13 93 3b b7 56 a1 38 d0 66 3a c6 34 | 0c bc 16 a6 84 9c 15 5b 7c 67 78 72 b0 d2 12 6e | 69 57 57 83 ad 5e 79 f9 af 84 3d 95 5a 51 24 24 | a7 73 2c 72 bd ce 18 86 bd a5 44 88 2b 20 f4 28 | c9 c5 4e b9 e1 5d da c7 86 81 55 fa 78 d6 ac 5c | 40 51 21 b1 82 78 e2 ff cb 55 01 41 49 1f 4b 32 | c1 4e 99 15 d6 48 35 de 58 9a ed 52 cc 4e 3e e1 | 8e b8 57 92 1f c5 80 c9 8f 05 d4 28 36 69 f7 2d | 07 50 b8 b2 77 a7 fc 61 70 fa 1f 31 15 f0 af 44 | 4e 41 f9 f9 c7 64 6a 97 95 bb be 9d 98 f3 64 c1 | 3c be d6 7a 08 cb a5 5b dd 37 e4 4d 28 3f 82 4b | a8 d2 52 b6 47 63 5e 02 b7 ee 3f 64 4b ff 18 a6 | 62 91 0f 09 0d 87 43 6e cf 69 25 ff 93 cd 07 63 | e3 bc e1 8e 29 00 00 24 a6 0a ff 48 17 18 60 6a | 3a 98 89 9e 53 40 73 53 cf c3 95 e7 0d 13 d1 e5 | fb 45 06 3e 23 4b 45 47 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 21 b4 b4 ba 04 f8 93 5f | 42 57 32 c2 61 fe 8e 04 c1 f5 4c ea 00 00 00 1c | 00 00 40 05 e6 df 5c 1d 21 4c 9f a3 6e f2 ab bb | 20 42 85 36 90 25 a8 d1 | verify: initiator inputs to hash2 (initiator nonce) | 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | idhash ba f8 a7 95 21 9b f4 40 d5 9d 1f f2 d7 9a 1f 28 | idhash 69 75 43 a7 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5612128e2e08 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dc0 | result: shared secret-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5da8 | result: shared secret-key@0x7f534c00a0e0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f5350002b50 from shared secret-key@0x7f534c00a0e0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f5350002b50 from shared secret-key@0x7f534c00a0e0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f534c00a0e0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5612128fc418 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5612118064d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5de0 | result: final-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: final-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f534c00a0e0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f534c00a0e0 (size 20) | = prf(, ): -key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dd8 | result: clone-key@0x5612128fa5c0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f5350002b50 from -key@0x5612128fa5c0 | = prf(, ) prf: begin sha with context 0x7f5350002b50 from -key@0x5612128fa5c0 | = prf(, ): release clone-key@0x5612128fa5c0 | = prf(, ) PRF sha crypt-prf@0x5612128fbf78 | = prf(, ) PRF sha update first-packet-bytes@0x5612128fe3f8 (length 440) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 71 87 60 59 b3 25 92 fa 3b f4 8b 5f | 1a 17 0f 4d 7d 66 37 9f 62 c8 11 92 3d 76 d5 ba | 1c b3 8e 0a 69 0c 33 96 e3 be d9 33 1a ba f0 50 | 1c 69 e3 89 13 93 3b b7 56 a1 38 d0 66 3a c6 34 | 0c bc 16 a6 84 9c 15 5b 7c 67 78 72 b0 d2 12 6e | 69 57 57 83 ad 5e 79 f9 af 84 3d 95 5a 51 24 24 | a7 73 2c 72 bd ce 18 86 bd a5 44 88 2b 20 f4 28 | c9 c5 4e b9 e1 5d da c7 86 81 55 fa 78 d6 ac 5c | 40 51 21 b1 82 78 e2 ff cb 55 01 41 49 1f 4b 32 | c1 4e 99 15 d6 48 35 de 58 9a ed 52 cc 4e 3e e1 | 8e b8 57 92 1f c5 80 c9 8f 05 d4 28 36 69 f7 2d | 07 50 b8 b2 77 a7 fc 61 70 fa 1f 31 15 f0 af 44 | 4e 41 f9 f9 c7 64 6a 97 95 bb be 9d 98 f3 64 c1 | 3c be d6 7a 08 cb a5 5b dd 37 e4 4d 28 3f 82 4b | a8 d2 52 b6 47 63 5e 02 b7 ee 3f 64 4b ff 18 a6 | 62 91 0f 09 0d 87 43 6e cf 69 25 ff 93 cd 07 63 | e3 bc e1 8e 29 00 00 24 a6 0a ff 48 17 18 60 6a | 3a 98 89 9e 53 40 73 53 cf c3 95 e7 0d 13 d1 e5 | fb 45 06 3e 23 4b 45 47 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 21 b4 b4 ba 04 f8 93 5f | 42 57 32 c2 61 fe 8e 04 c1 f5 4c ea 00 00 00 1c | 00 00 40 05 e6 df 5c 1d 21 4c 9f a3 6e f2 ab bb | 20 42 85 36 90 25 a8 d1 | = prf(, ) PRF sha update nonce-bytes@0x7f5340001278 (length 32) | 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | = prf(, ) PRF sha update hash-bytes@0x7ffe4aed6120 (length 20) | ba f8 a7 95 21 9b f4 40 d5 9d 1f f2 d7 9a 1f 28 | 69 75 43 a7 | = prf(, ) PRF sha final-chunk@0x561212904978 (length 20) | 7e c7 68 b4 10 95 1f 13 62 fd e4 08 35 ae 04 fb | 38 10 19 e5 | psk_auth: release prf-psk-key@0x7f534c00a0e0 | Received PSK auth octets | 7e c7 68 b4 10 95 1f 13 62 fd e4 08 35 ae 04 fb | 38 10 19 e5 | Calculated PSK auth octets | 7e c7 68 b4 10 95 1f 13 62 fd e4 08 35 ae 04 fb | 38 10 19 e5 "aes128" #8: Authenticated using authby=secret | parent state #7: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #7 will start re-keying in 2638 seconds with margin of 962 seconds (attempting re-key) | state #7 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f5340002888 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f5340002b78 | event_schedule: new EVENT_SA_REKEY-pe@0x7f5340002b78 | inserting event EVENT_SA_REKEY, timeout in 2638 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f5354004628 size 128 | pstats #7 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="aes128" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for aes128 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 81 55 e5 6f | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=8155e56f;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5eb0 | result: data=Ni-key@0x5612128fa5c0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5612128fa5c0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5e98 | result: data=Ni-key@0x7f534c00a0e0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5612128fa5c0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f534c00a0e0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed5ea0 | result: data+=Nr-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f534c00a0e0 | prf+0 PRF sha init key-key@0x5612128e96a0 (size 20) | prf+0: key-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x7f534c00a0e0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f5350002b50 from key-key@0x7f534c00a0e0 | prf+0 prf: begin sha with context 0x7f5350002b50 from key-key@0x7f534c00a0e0 | prf+0: release clone-key@0x7f534c00a0e0 | prf+0 PRF sha crypt-prf@0x5612129049c8 | prf+0 PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+0: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 45 23 c7 a8 56 6f bc b0 6e 66 a5 b8 de 9e b0 37 ee 78 29 68 ad 20 3c 3f ff b4 0e 5c 94 e6 de 43 ac 76 74 e5 4f 06 26 64 31 5f 00 a6 c7 f0 89 27 92 c9 b3 79 3c 4e 8c 73 9d 3e ca 9a d8 83 f4 54 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x5612128fc178 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x561212901410 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x561212901410 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x561212901410 | prf+0 PRF sha final-key@0x7f534c00a0e0 (size 20) | prf+0: key-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f534c00a0e0 | prf+N PRF sha init key-key@0x5612128e96a0 (size 20) | prf+N: key-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x561212901410 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350002b50 from key-key@0x561212901410 | prf+N prf: begin sha with context 0x7f5350002b50 from key-key@0x561212901410 | prf+N: release clone-key@0x561212901410 | prf+N PRF sha crypt-prf@0x5612128fc418 | prf+N PRF sha update old_t-key@0x7f534c00a0e0 (size 20) | prf+N: old_t-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f534c00a0e0 | nss hmac digest hack: symkey-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 62 e0 34 77 fc 0d 3e 61 04 ee cd 6a ea 9f ff 3b 8f 5f aa 88 b9 c4 25 2c a3 30 c0 b1 1c 8f c3 c3 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x5612128fc598 | unwrapped: e0 03 dc 8b 70 ee d6 3f ab 35 8c c3 71 25 50 4f | unwrapped: e9 70 a8 4f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+N: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 45 23 c7 a8 56 6f bc b0 6e 66 a5 b8 de 9e b0 37 ee 78 29 68 ad 20 3c 3f ff b4 0e 5c 94 e6 de 43 ac 76 74 e5 4f 06 26 64 31 5f 00 a6 c7 f0 89 27 92 c9 b3 79 3c 4e 8c 73 9d 3e ca 9a d8 83 f4 54 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x7f5354002b78 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x7f534c006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f534c006bb0 | prf+N PRF sha final-key@0x561212901410 (size 20) | prf+N: key-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe4aed5e48 | result: result-key@0x7f534c006bb0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f534c00a0e0 | prfplus: release old_t[N]-key@0x7f534c00a0e0 | prf+N PRF sha init key-key@0x5612128e96a0 (size 20) | prf+N: key-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x7f534c00a0e0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350002b50 from key-key@0x7f534c00a0e0 | prf+N prf: begin sha with context 0x7f5350002b50 from key-key@0x7f534c00a0e0 | prf+N: release clone-key@0x7f534c00a0e0 | prf+N PRF sha crypt-prf@0x5612129049c8 | prf+N PRF sha update old_t-key@0x561212901410 (size 20) | prf+N: old_t-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x561212901410 | nss hmac digest hack: symkey-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 5a de 99 19 0c 21 ed 04 f4 2a 2e 9a 62 75 33 91 34 ec 81 09 43 1a cb 0a 7a 3f 47 b1 3f 31 31 4e | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x5612128fc548 | unwrapped: e9 cd b7 3e 43 5c c7 41 00 58 ee 7c 9a 0a ff 98 | unwrapped: 93 3f 95 b7 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+N: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 45 23 c7 a8 56 6f bc b0 6e 66 a5 b8 de 9e b0 37 ee 78 29 68 ad 20 3c 3f ff b4 0e 5c 94 e6 de 43 ac 76 74 e5 4f 06 26 64 31 5f 00 a6 c7 f0 89 27 92 c9 b3 79 3c 4e 8c 73 9d 3e ca 9a d8 83 f4 54 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x5612128fc178 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x561212900560 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x561212900560 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x561212900560 | prf+N PRF sha final-key@0x7f534c00a0e0 (size 20) | prf+N: key-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f534c006bb0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe4aed5e48 | result: result-key@0x561212900560 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f534c006bb0 | prfplus: release old_t[N]-key@0x561212901410 | prf+N PRF sha init key-key@0x5612128e96a0 (size 20) | prf+N: key-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x561212901410 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350002b50 from key-key@0x561212901410 | prf+N prf: begin sha with context 0x7f5350002b50 from key-key@0x561212901410 | prf+N: release clone-key@0x561212901410 | prf+N PRF sha crypt-prf@0x5612128fc598 | prf+N PRF sha update old_t-key@0x7f534c00a0e0 (size 20) | prf+N: old_t-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f534c00a0e0 | nss hmac digest hack: symkey-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: b8 49 a7 4e 44 10 a3 39 7f 9f 4b c7 31 05 0a 68 a1 54 0e 73 64 7f 31 b9 7b 44 8f c0 a5 50 95 8d | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x5612128fc818 | unwrapped: a3 d8 fb c3 0a 45 f6 1e 46 f5 21 e6 db 39 e0 4f | unwrapped: 2c 51 33 fd 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+N: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 45 23 c7 a8 56 6f bc b0 6e 66 a5 b8 de 9e b0 37 ee 78 29 68 ad 20 3c 3f ff b4 0e 5c 94 e6 de 43 ac 76 74 e5 4f 06 26 64 31 5f 00 a6 c7 f0 89 27 92 c9 b3 79 3c 4e 8c 73 9d 3e ca 9a d8 83 f4 54 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x7f5354002b78 | unwrapped: 4b 26 a9 4a 32 d9 c8 ca cb 99 18 e0 4d 7b 58 d1 | unwrapped: 72 e1 6b 24 a3 e6 66 5b a2 fb 7b ec 7d fa 21 6f | unwrapped: a6 0a ff 48 17 18 60 6a 3a 98 89 9e 53 40 73 53 | unwrapped: cf c3 95 e7 0d 13 d1 e5 fb 45 06 3e 23 4b 45 47 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x7f534c006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f534c006bb0 | prf+N PRF sha final-key@0x561212901410 (size 20) | prf+N: key-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x561212900560 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe4aed5e48 | result: result-key@0x7f534c006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x561212900560 | prfplus: release old_t[N]-key@0x7f534c00a0e0 | prfplus: release old_t[final]-key@0x561212901410 | child_sa_keymat: release data-key@0x5612128fa5c0 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f534c006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f28 | result: result-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x5612128fa5c0 | initiator to responder keys: symkey-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x5612128e2eb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1664622693: 62 e0 34 77 fc 0d 3e 61 04 ee cd 6a ea 9f ff 3b 88 2e e2 70 31 5c 94 d4 f9 7c c0 1a 65 f0 bd b6 21 46 7c 91 49 df b8 73 35 30 f9 f9 9b b1 ee 4b | initiator to responder keys: release slot-key-key@0x5612128e2eb0 | initiator to responder keys extracted len 48 bytes at 0x561212904918 | unwrapped: e0 03 dc 8b 70 ee d6 3f ab 35 8c c3 71 25 50 4f | unwrapped: e9 70 a8 4f e9 cd b7 3e 43 5c c7 41 00 58 ee 7c | unwrapped: 9a 0a ff 98 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x5612128fa5c0 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f534c006bb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f28 | result: result-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x5612128fa5c0 | responder to initiator keys:: symkey-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x5612128e2eb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1664622693: 2b 36 de 68 a2 a5 2b 65 70 3d b8 4e 34 0e 46 ea be 18 57 bd 92 d9 54 62 81 c4 b9 15 0b 98 6a 7d 11 59 db 13 8c 44 12 4a f7 2e 74 e6 4b 66 e7 4d | responder to initiator keys:: release slot-key-key@0x5612128e2eb0 | responder to initiator keys: extracted len 48 bytes at 0x561212900758 | unwrapped: 93 3f 95 b7 a3 d8 fb c3 0a 45 f6 1e 46 f5 21 e6 | unwrapped: db 39 e0 4f 2c 51 33 fd 4f e6 b4 5f 17 44 cf d4 | unwrapped: 91 58 14 52 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x5612128fa5c0 | ikev2_derive_child_keys: release keymat-key@0x7f534c006bb0 | #7 spent 2.09 milliseconds | install_ipsec_sa() for #8: inbound and outbound | could_route called for aes128 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.8155e56f@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.f428fd6d@192.1.2.45 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #8: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: aes128 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #8 | priority calculation of connection "aes128" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8155e56f SPI_OUT= | popen cmd is 1025 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+U: | cmd( 640):P+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' : | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: | cmd( 960):ARED='no' SPI_IN=0x8155e56f SPI_OUT=0xf428fd6d ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8155e56 | popen cmd is 1030 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUT: | cmd( 400):O_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT: | cmd( 480):_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=: | cmd( 560):'' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+: | cmd( 640):PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMAN: | cmd( 720):ENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_P: | cmd( 800):EER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=: | cmd( 880):'0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V: | cmd( 960):TI_SHARED='no' SPI_IN=0x8155e56f SPI_OUT=0xf428fd6d ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8155e56f SP | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x8155e56f SPI_OUT=0xf428fd6d ipsec _updown 2>&1: | route_and_eroute: instance "aes128", setting eroute_owner {spd=0x561212901758,sr=0x561212901758} to #8 (was #0) (newest_ipsec_sa=#0) | #7 spent 2.07 milliseconds in install_ipsec_sa() | inR2: instance aes128[0], setting IKEv2 newest_ipsec_sa to #8 (was #0) (spd.eroute=#8) cloned from #7 | state #8 requesting EVENT_RETRANSMIT to be deleted | #8 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x5612128fe198 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5344002b78 | #8 spent 3.81 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #8 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #8 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #8: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #8 to 1 after switching state | Message ID: recv #7.#8 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #7.#8 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #8 ikev2.child established "aes128" #8: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "aes128" #8: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x8155e56f <0xf428fd6d xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #8 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #7 | unpending state #7 connection "aes128" | delete from pending Child SA with 192.1.2.23 "aes128" | removing pending policy for no connection {0x5612128ee1f8} | close_any(fd@24) (in release_whack() at state.c:654) | #8 will start re-keying in 27829 seconds with margin of 971 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f5344002b78 | inserting event EVENT_SA_REKEY, timeout in 27829 seconds for #8 | libevent_malloc: new ptr-libevent@0x5612128fbd88 size 128 | stop processing: state #8 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 4.53 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 4.54 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00478 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00257 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00278 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.f428fd6d@192.1.2.45 | get_sa_info esp.8155e56f@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.14 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #8 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #8 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #8 ikev2.child deleted completed | #8 spent 3.81 milliseconds in total | [RE]START processing: state #8 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #8: deleting state (STATE_V2_IPSEC_I) aged 0.088s and sending notification | child state #8: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.8155e56f@192.1.2.23 | get_sa_info esp.f428fd6d@192.1.2.45 "aes128" #8: ESP traffic information: in=84B out=84B | #8 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | ae 1b cd 2e da cd 37 42 | responder cookie: | 2a c7 2c 58 e6 75 73 b1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis f4 28 fd 6d | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 3c c7 e7 32 a2 61 31 ca 22 e8 2c 6a 77 f2 23 d8 | data before encryption: | 00 00 00 0c 03 04 00 01 f4 28 fd 6d 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 6a de 81 7d 3b 47 29 d1 9d f7 1c ac 4e 84 1e 59 | hmac PRF sha init symkey-key@0x5612128e6190 (size 20) | hmac: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed2d78 | result: clone-key@0x7f534c006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5350002b50 from symkey-key@0x7f534c006bb0 | hmac prf: begin sha with context 0x7f5350002b50 from symkey-key@0x7f534c006bb0 | hmac: release clone-key@0x7f534c006bb0 | hmac PRF sha crypt-prf@0x5612129049c8 | hmac PRF sha update data-bytes@0x7ffe4aed3150 (length 64) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 3c c7 e7 32 a2 61 31 ca 22 e8 2c 6a 77 f2 23 d8 | 6a de 81 7d 3b 47 29 d1 9d f7 1c ac 4e 84 1e 59 | hmac PRF sha final-bytes@0x7ffe4aed3190 (length 20) | 25 33 89 88 66 e5 b9 0e 79 cb d1 e0 05 55 1c d6 | 29 b4 26 23 | data being hmac: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: 3c c7 e7 32 a2 61 31 ca 22 e8 2c 6a 77 f2 23 d8 | data being hmac: 6a de 81 7d 3b 47 29 d1 9d f7 1c ac 4e 84 1e 59 | out calculated auth: | 25 33 89 88 66 e5 b9 0e 79 cb d1 e0 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #8) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 3c c7 e7 32 a2 61 31 ca 22 e8 2c 6a 77 f2 23 d8 | 6a de 81 7d 3b 47 29 d1 9d f7 1c ac 4e 84 1e 59 | 25 33 89 88 66 e5 b9 0e 79 cb d1 e0 | Message ID: IKE #7 sender #8 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #7 sender #8 in send_delete hacking around record ' send | Message ID: sent #7 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #8 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x5612128fbd88 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f5344002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825163' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8155e56 | popen cmd is 1033 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INT: | cmd( 80):ERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@we: | cmd( 160):st' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIE: | cmd( 240):NT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=': | cmd( 320):16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_P: | cmd( 400):EER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MA: | cmd( 480):SK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' : | cmd( 560):PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825163' PLUTO_CONN_POLICY='PSK+ENCRYPT+T: | cmd( 640):UNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PER: | cmd( 720):MANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUT: | cmd( 800):O_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERV: | cmd( 880):ER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no: | cmd( 960):' VTI_SHARED='no' SPI_IN=0x8155e56f SPI_OUT=0xf428fd6d ipsec _updown 2>&1: | shunt_eroute() called for connection 'aes128' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "aes128" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.8155e56f@192.1.2.23 | netlink response for Del SA esp.8155e56f@192.1.2.23 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.f428fd6d@192.1.2.45 | netlink response for Del SA esp.f428fd6d@192.1.2.45 included non-error error | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #8 in V2_IPSEC_I | child state #8: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #8 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x5612128e96a0 | delete_state: release st->st_skey_ai_nss-key@0x5612128e6190 | delete_state: release st->st_skey_ar_nss-key@0x56121285f080 | delete_state: release st->st_skey_ei_nss-key@0x5612128e0610 | delete_state: release st->st_skey_er_nss-key@0x5612128e9a80 | delete_state: release st->st_skey_pi_nss-key@0x7f534c00d840 | delete_state: release st->st_skey_pr_nss-key@0x5612128e7c40 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #7 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #7 | start processing: state #7 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #7 ikev2.ike deleted completed | #7 spent 10.3 milliseconds in total | [RE]START processing: state #7 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #7: deleting state (STATE_PARENT_I3) aged 0.106s and sending notification | parent state #7: PARENT_I3(established IKE SA) => delete | #7 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | ae 1b cd 2e da cd 37 42 | responder cookie: | 2a c7 2c 58 e6 75 73 b1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 05 e9 c5 5b 7e 8a 5f 7e 42 f8 9d 28 cf 43 4e 8f | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 44 92 e3 da 85 69 1d bc 8b cf 68 15 3b 63 fd 4b | hmac PRF sha init symkey-key@0x5612128e6190 (size 20) | hmac: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed2d78 | result: clone-key@0x7f534c006bb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5344002b50 from symkey-key@0x7f534c006bb0 | hmac prf: begin sha with context 0x7f5344002b50 from symkey-key@0x7f534c006bb0 | hmac: release clone-key@0x7f534c006bb0 | hmac PRF sha crypt-prf@0x5612128fbf78 | hmac PRF sha update data-bytes@0x7ffe4aed3150 (length 64) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 05 e9 c5 5b 7e 8a 5f 7e 42 f8 9d 28 cf 43 4e 8f | 44 92 e3 da 85 69 1d bc 8b cf 68 15 3b 63 fd 4b | hmac PRF sha final-bytes@0x7ffe4aed3190 (length 20) | 0b 72 ac d7 c8 58 46 d7 24 28 49 45 98 00 e6 cf | 9c 8a 73 d9 | data being hmac: ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data being hmac: 05 e9 c5 5b 7e 8a 5f 7e 42 f8 9d 28 cf 43 4e 8f | data being hmac: 44 92 e3 da 85 69 1d bc 8b cf 68 15 3b 63 fd 4b | out calculated auth: | 0b 72 ac d7 c8 58 46 d7 24 28 49 45 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 05 e9 c5 5b 7e 8a 5f 7e 42 f8 9d 28 cf 43 4e 8f | 44 92 e3 da 85 69 1d bc 8b cf 68 15 3b 63 fd 4b | 0b 72 ac d7 c8 58 46 d7 24 28 49 45 | Message ID: IKE #7 sender #7 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #7 sender #7 in send_delete hacking around record ' send | Message ID: #7 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #7 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #7 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f5354004628 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f5340002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #7 in PARENT_I3 | parent state #7: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5340003618: destroyed | stop processing: state #7 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x5612128ffbc0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x5612128e96a0 | delete_state: release st->st_skey_ai_nss-key@0x5612128e6190 | delete_state: release st->st_skey_ar_nss-key@0x56121285f080 | delete_state: release st->st_skey_ei_nss-key@0x5612128e0610 | delete_state: release st->st_skey_er_nss-key@0x5612128e9a80 | delete_state: release st->st_skey_pi_nss-key@0x7f534c00d840 | delete_state: release st->st_skey_pr_nss-key@0x5612128e7c40 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.96 milliseconds in whack | spent 0.00183 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | b5 c6 9c 72 f6 73 a2 47 9a 36 70 85 b1 f1 a3 b4 | 13 31 cf 0b 85 e2 ce ae 08 6e 29 83 7d 41 e9 22 | af 2a f5 73 27 2d 23 43 f3 86 11 bb | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ae 1b cd 2e da cd 37 42 | responder cookie: | 2a c7 2c 58 e6 75 73 b1 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0614 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00374 milliseconds in signal handler PLUTO_SIGCHLD | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | ae 1b cd 2e da cd 37 42 2a c7 2c 58 e6 75 73 b1 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 54 85 5f 4e 2f f6 5a 92 7c 27 74 cc d9 9b b9 cf | 76 09 dc bd fd 8c 80 79 1e 31 64 16 4b 16 22 56 | 99 25 96 10 d0 de c0 84 42 2a c2 f3 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ae 1b cd 2e da cd 37 42 | responder cookie: | 2a c7 2c 58 e6 75 73 b1 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0651 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "aes128" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'aes128' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "aes128" is 0xfe7e7 | priority calculation of connection "aes128" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT | popen cmd is 1014 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16400' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLU: | cmd( 400):TO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIEN: | cmd( 480):T_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA: | cmd( 560):='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL: | cmd( 640):+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x5612128fbe98 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.756 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0035 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0703 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.265 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none | base impairing = suppress-retransmits | child-key-length-attribute:DUPLICATE | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0767 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x5612128fbe98 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.134 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #9 at 0x5612129007b8 | State DB: adding IKEv2 state #9 in UNDEFINED | pstats #9 ikev2.ike started | Message ID: init #9: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #9: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #9; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #9 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #9 "aes128" "aes128" #9: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 9 for state #9 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x561212901c38 size 128 | #9 spent 0.116 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #9 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.168 milliseconds in whack | crypto helper 0 resuming | crypto helper 0 starting work-order 9 for state #9 | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 9 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f534c0103b8: created | NSS: Local DH MODP2048 secret (pointer): 0x7f534c0103b8 | NSS: Public DH wire value: | 58 c4 51 48 8f 18 8d 84 f7 39 d4 48 3a 1c fe ad | c8 5f 2e 8e 63 98 34 0e 87 67 59 bf 35 39 51 5d | d6 4e b7 0a 5c 59 2f e8 d7 fc 33 94 fc 66 6e 77 | ae f2 99 a6 b1 fe 4d 11 a8 e4 c2 d4 4b dd 41 74 | 4b b6 3e 49 1c bb 90 6c 8f 27 e1 59 6a 31 38 4b | b7 2d e2 29 31 fb 7b 46 45 4d 59 27 03 40 e3 ee | 8a 1e bd 16 cb 0e 1f ec 28 4d 09 66 fe e4 ec 25 | 9b 57 94 f7 45 12 a1 52 f6 51 ed e5 f1 ae 95 15 | 27 d5 cd d6 f2 9b 71 ab 11 31 af 2e 67 13 93 a1 | 38 e0 62 ea a4 ac ef 5a 02 1d b6 91 04 6e a4 d7 | ae 8b b4 00 7f dc ee 87 b4 15 d8 6b 32 09 bb 32 | de 11 6c cb 3b 6b 8b fa 41 91 25 5c 08 97 1b 83 | 4c b5 cd 92 87 82 75 98 cf 8e 58 a3 60 04 22 1e | bc 55 0d 1d 90 c4 73 8e 47 69 71 22 7e 45 0f 79 | 53 bd af f0 bc 78 b6 89 53 29 f2 7a 13 df d7 f6 | 86 df e7 61 40 30 eb de d8 8a ae f3 b1 b9 43 04 | Generated nonce: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | Generated nonce: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 9 time elapsed 0.000629 seconds | (#9) spent 0.623 milliseconds in crypto helper computing work-order 9: ikev2_outI1 KE (pcr) | crypto helper 0 sending results from work-order 9 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f534c005088 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #9 | start processing: state #9 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 9 | calling continuation function 0x561211773b50 | ikev2_parent_outI1_continue for #9 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f534c0103b8: transferring ownership from helper KE to state #9 | **emit ISAKMP Message: | initiator cookie: | a1 a5 ef 5f b6 53 4e 06 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 58 c4 51 48 8f 18 8d 84 f7 39 d4 48 3a 1c fe ad | ikev2 g^x c8 5f 2e 8e 63 98 34 0e 87 67 59 bf 35 39 51 5d | ikev2 g^x d6 4e b7 0a 5c 59 2f e8 d7 fc 33 94 fc 66 6e 77 | ikev2 g^x ae f2 99 a6 b1 fe 4d 11 a8 e4 c2 d4 4b dd 41 74 | ikev2 g^x 4b b6 3e 49 1c bb 90 6c 8f 27 e1 59 6a 31 38 4b | ikev2 g^x b7 2d e2 29 31 fb 7b 46 45 4d 59 27 03 40 e3 ee | ikev2 g^x 8a 1e bd 16 cb 0e 1f ec 28 4d 09 66 fe e4 ec 25 | ikev2 g^x 9b 57 94 f7 45 12 a1 52 f6 51 ed e5 f1 ae 95 15 | ikev2 g^x 27 d5 cd d6 f2 9b 71 ab 11 31 af 2e 67 13 93 a1 | ikev2 g^x 38 e0 62 ea a4 ac ef 5a 02 1d b6 91 04 6e a4 d7 | ikev2 g^x ae 8b b4 00 7f dc ee 87 b4 15 d8 6b 32 09 bb 32 | ikev2 g^x de 11 6c cb 3b 6b 8b fa 41 91 25 5c 08 97 1b 83 | ikev2 g^x 4c b5 cd 92 87 82 75 98 cf 8e 58 a3 60 04 22 1e | ikev2 g^x bc 55 0d 1d 90 c4 73 8e 47 69 71 22 7e 45 0f 79 | ikev2 g^x 53 bd af f0 bc 78 b6 89 53 29 f2 7a 13 df d7 f6 | ikev2 g^x 86 df e7 61 40 30 eb de d8 8a ae f3 b1 b9 43 04 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | IKEv2 nonce 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | a1 a5 ef 5f b6 53 4e 06 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | d4 d8 c2 c0 cf 69 ce a7 36 f8 2e f6 e8 49 32 69 | c6 26 b9 8f | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= a1 a5 ef 5f b6 53 4e 06 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= d4 d8 c2 c0 cf 69 ce a7 36 f8 2e f6 e8 49 32 69 | natd_hash: hash= c6 26 b9 8f | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data d4 d8 c2 c0 cf 69 ce a7 36 f8 2e f6 e8 49 32 69 | Notify data c6 26 b9 8f | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | a1 a5 ef 5f b6 53 4e 06 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | e5 72 1c 20 df fc fe 83 70 a2 09 85 a8 b2 59 98 | f6 c6 f1 c6 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= a1 a5 ef 5f b6 53 4e 06 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= e5 72 1c 20 df fc fe 83 70 a2 09 85 a8 b2 59 98 | natd_hash: hash= f6 c6 f1 c6 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data e5 72 1c 20 df fc fe 83 70 a2 09 85 a8 b2 59 98 | Notify data f6 c6 f1 c6 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #9 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #9 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #9 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #9: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #9 to 4294967295 after switching state | Message ID: IKE #9 skipping update_recv as MD is fake | Message ID: sent #9 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #9: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | a1 a5 ef 5f b6 53 4e 06 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 58 c4 51 48 8f 18 8d 84 f7 39 d4 48 | 3a 1c fe ad c8 5f 2e 8e 63 98 34 0e 87 67 59 bf | 35 39 51 5d d6 4e b7 0a 5c 59 2f e8 d7 fc 33 94 | fc 66 6e 77 ae f2 99 a6 b1 fe 4d 11 a8 e4 c2 d4 | 4b dd 41 74 4b b6 3e 49 1c bb 90 6c 8f 27 e1 59 | 6a 31 38 4b b7 2d e2 29 31 fb 7b 46 45 4d 59 27 | 03 40 e3 ee 8a 1e bd 16 cb 0e 1f ec 28 4d 09 66 | fe e4 ec 25 9b 57 94 f7 45 12 a1 52 f6 51 ed e5 | f1 ae 95 15 27 d5 cd d6 f2 9b 71 ab 11 31 af 2e | 67 13 93 a1 38 e0 62 ea a4 ac ef 5a 02 1d b6 91 | 04 6e a4 d7 ae 8b b4 00 7f dc ee 87 b4 15 d8 6b | 32 09 bb 32 de 11 6c cb 3b 6b 8b fa 41 91 25 5c | 08 97 1b 83 4c b5 cd 92 87 82 75 98 cf 8e 58 a3 | 60 04 22 1e bc 55 0d 1d 90 c4 73 8e 47 69 71 22 | 7e 45 0f 79 53 bd af f0 bc 78 b6 89 53 29 f2 7a | 13 df d7 f6 86 df e7 61 40 30 eb de d8 8a ae f3 | b1 b9 43 04 29 00 00 24 8c 36 27 bd 7f 73 ac df | 7f 16 79 e3 5e d4 c9 1c 1b 63 52 c4 b8 7c 4f 1a | 39 6e dd f3 b8 1c a2 1e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 d4 d8 c2 c0 cf 69 ce a7 | 36 f8 2e f6 e8 49 32 69 c6 26 b9 8f 00 00 00 1c | 00 00 40 05 e5 72 1c 20 df fc fe 83 70 a2 09 85 | a8 b2 59 98 f6 c6 f1 c6 | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x561212901c38 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #9: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5340002b78 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x5612128fe198 size 128 | #9 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10450.041437 | resume sending helper answer for #9 suppresed complete_v2_state_transition() and stole MD | #9 spent 0.4 milliseconds in resume sending helper answer | stop processing: state #9 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f534c005088 | spent 0.00253 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 c4 1e 8b 7d 62 1e 50 13 6b 35 55 83 | 81 5e 57 88 ff cd ef 1b 91 fc 46 65 70 0e 42 86 | ce 8f f2 87 cb 8f d6 eb d1 44 f3 c4 3f 31 6a ff | 2e 32 f2 48 79 56 2c 8f 34 e6 65 ea ac 4f bf f8 | f0 5e 32 ac 4f f7 ce 4d 68 f8 b2 0e 41 07 67 89 | dc 16 9d 9f 6c ca e5 02 69 ed 5c 6c 2a 21 c9 8f | 9b 42 28 a2 ab e2 1a 33 09 7c b3 cc 86 b6 da c4 | d4 02 c1 47 a8 c7 72 c1 d8 9a ff e0 ac 79 cc 92 | be 7d 17 31 02 9c 57 8d e0 ff 1f 0b c9 ba 53 be | 1a 59 2b aa c4 43 0f b3 b2 5e 67 c1 1d eb 4e 06 | 08 ca 15 42 88 34 5a f1 e5 99 f1 9d 43 6b ee 32 | 41 87 79 c3 ae e3 cb 0c 87 54 cb 94 3c f2 f5 d7 | 3e 12 71 30 30 4a 3e 88 fd b7 16 b5 de cd 89 36 | ea 11 00 2a ce 5d e1 fe c2 1d 64 d1 c6 37 f4 c8 | ea 31 25 e4 9f 74 f2 80 aa a0 68 79 ea 7e ee 9e | 43 77 b9 5b 8d 97 aa f3 03 85 ae 6b 07 4c 36 87 | f3 8b c8 c0 29 00 00 24 e4 12 d1 81 ce 74 fb 40 | fa 67 f0 1f 7f 49 83 58 3b 9a 3e 26 c6 7b 8b 8c | 92 28 3c b2 78 c0 1d 44 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 1e 11 bd 1d f7 6a ec c7 | 25 b8 d4 e5 86 27 73 4a 78 a9 24 bd 00 00 00 1c | 00 00 40 05 74 5c 12 01 32 d7 d6 9b e8 74 77 d2 | 86 ce b4 b4 8c fb 28 85 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a1 a5 ef 5f b6 53 4e 06 | responder cookie: | e8 44 78 5d d7 ab 7d 93 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #9 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #9 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #9 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #9 is idle | #9 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #9 IKE SPIi and SPI[ir] | #9 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | c4 1e 8b 7d 62 1e 50 13 6b 35 55 83 81 5e 57 88 | ff cd ef 1b 91 fc 46 65 70 0e 42 86 ce 8f f2 87 | cb 8f d6 eb d1 44 f3 c4 3f 31 6a ff 2e 32 f2 48 | 79 56 2c 8f 34 e6 65 ea ac 4f bf f8 f0 5e 32 ac | 4f f7 ce 4d 68 f8 b2 0e 41 07 67 89 dc 16 9d 9f | 6c ca e5 02 69 ed 5c 6c 2a 21 c9 8f 9b 42 28 a2 | ab e2 1a 33 09 7c b3 cc 86 b6 da c4 d4 02 c1 47 | a8 c7 72 c1 d8 9a ff e0 ac 79 cc 92 be 7d 17 31 | 02 9c 57 8d e0 ff 1f 0b c9 ba 53 be 1a 59 2b aa | c4 43 0f b3 b2 5e 67 c1 1d eb 4e 06 08 ca 15 42 | 88 34 5a f1 e5 99 f1 9d 43 6b ee 32 41 87 79 c3 | ae e3 cb 0c 87 54 cb 94 3c f2 f5 d7 3e 12 71 30 | 30 4a 3e 88 fd b7 16 b5 de cd 89 36 ea 11 00 2a | ce 5d e1 fe c2 1d 64 d1 c6 37 f4 c8 ea 31 25 e4 | 9f 74 f2 80 aa a0 68 79 ea 7e ee 9e 43 77 b9 5b | 8d 97 aa f3 03 85 ae 6b 07 4c 36 87 f3 8b c8 c0 | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed60a0 (length 8) | a1 a5 ef 5f b6 53 4e 06 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed60a8 (length 8) | e8 44 78 5d d7 ab 7d 93 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6034 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6026 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed60b0 (length 20) | 74 5c 12 01 32 d7 d6 9b e8 74 77 d2 86 ce b4 b4 | 8c fb 28 85 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= a1 a5 ef 5f b6 53 4e 06 | natd_hash: rcookie= e8 44 78 5d d7 ab 7d 93 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 74 5c 12 01 32 d7 d6 9b e8 74 77 d2 86 ce b4 b4 | natd_hash: hash= 8c fb 28 85 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed60a0 (length 8) | a1 a5 ef 5f b6 53 4e 06 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed60a8 (length 8) | e8 44 78 5d d7 ab 7d 93 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6034 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6026 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed60d0 (length 20) | 1e 11 bd 1d f7 6a ec c7 25 b8 d4 e5 86 27 73 4a | 78 a9 24 bd | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= a1 a5 ef 5f b6 53 4e 06 | natd_hash: rcookie= e8 44 78 5d d7 ab 7d 93 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 1e 11 bd 1d f7 6a ec c7 25 b8 d4 e5 86 27 73 4a | natd_hash: hash= 78 a9 24 bd | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f534c0103b8: transferring ownership from state #9 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 10 for state #9 | state #9 requesting EVENT_RETRANSMIT to be deleted | #9 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x5612128fe198 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5340002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f534c005088 size 128 | #9 spent 0.181 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #9 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #9 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #9 and saving MD | #9 is busy; has a suspended MD | [RE]START processing: state #9 connection "aes128" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) | "aes128" #9 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #9 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 0.344 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.351 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 3 resuming | crypto helper 3 starting work-order 10 for state #9 | crypto helper 3 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 10 | peer's g: c4 1e 8b 7d 62 1e 50 13 6b 35 55 83 81 5e 57 88 | peer's g: ff cd ef 1b 91 fc 46 65 70 0e 42 86 ce 8f f2 87 | peer's g: cb 8f d6 eb d1 44 f3 c4 3f 31 6a ff 2e 32 f2 48 | peer's g: 79 56 2c 8f 34 e6 65 ea ac 4f bf f8 f0 5e 32 ac | peer's g: 4f f7 ce 4d 68 f8 b2 0e 41 07 67 89 dc 16 9d 9f | peer's g: 6c ca e5 02 69 ed 5c 6c 2a 21 c9 8f 9b 42 28 a2 | peer's g: ab e2 1a 33 09 7c b3 cc 86 b6 da c4 d4 02 c1 47 | peer's g: a8 c7 72 c1 d8 9a ff e0 ac 79 cc 92 be 7d 17 31 | peer's g: 02 9c 57 8d e0 ff 1f 0b c9 ba 53 be 1a 59 2b aa | peer's g: c4 43 0f b3 b2 5e 67 c1 1d eb 4e 06 08 ca 15 42 | peer's g: 88 34 5a f1 e5 99 f1 9d 43 6b ee 32 41 87 79 c3 | peer's g: ae e3 cb 0c 87 54 cb 94 3c f2 f5 d7 3e 12 71 30 | peer's g: 30 4a 3e 88 fd b7 16 b5 de cd 89 36 ea 11 00 2a | peer's g: ce 5d e1 fe c2 1d 64 d1 c6 37 f4 c8 ea 31 25 e4 | peer's g: 9f 74 f2 80 aa a0 68 79 ea 7e ee 9e 43 77 b9 5b | peer's g: 8d 97 aa f3 03 85 ae 6b 07 4c 36 87 f3 8b c8 c0 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x5612128e7c40 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f534c0103b8: computed shared DH secret key@0x5612128e7c40 | dh-shared : g^ir-key@0x5612128e7c40 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f5350003b28 (length 64) | 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535c1e66e0 | result: Ni | Nr-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e66c8 | result: Ni | Nr-key@0x7f534c00d840 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x5612128e9a80 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f5350001410 from Ni | Nr-key@0x7f534c00d840 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f5350001410 from Ni | Nr-key@0x7f534c00d840 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f534c00d840 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f5350001278 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x5612128e7c40 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x5612128e7c40 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x5612128e7c40 | nss hmac digest hack: symkey-key@0x5612128e7c40 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)293531842: 29 10 94 f9 2c c5 94 37 62 b9 79 d8 ff 69 6b 79 e1 21 8e 55 ba 20 ad ed 80 34 99 c1 0e 32 46 d4 05 64 4a 58 c2 32 04 89 13 35 57 f1 cb 79 af 7c fd 03 39 ba 68 65 b3 cf e8 45 80 c5 06 80 68 09 f6 b5 e8 b0 83 5d 9b 8d 25 c0 5d b1 23 56 84 3b 95 74 6b dc 5d 7d 6c f6 b0 42 f2 64 27 fa 22 c9 d4 7e 30 46 4d 13 4f 6b 42 ad 44 eb e8 97 f3 11 7f 83 2b 08 50 7e a6 b7 72 70 d6 5b 1b c3 23 96 58 87 25 8e f2 71 20 06 fb e1 00 e7 a0 0f f2 e6 41 8c df 69 40 18 25 3f 0e 7f 4a ff ef 9f f7 34 86 63 03 3f fe 22 00 ce 3c e0 07 d2 9f 7f 94 27 1e f0 fc fa 75 a8 b9 04 74 84 dd d6 6f fd d6 9a db 13 71 8b 4b 9c 31 c2 5e f9 39 a2 f0 4f f2 f4 59 e4 52 b6 81 16 8c d0 70 b6 70 a5 c2 97 20 ce d3 36 8b 59 21 1b 4a 59 e8 e8 7a 5a c2 99 c3 de 5f 53 01 24 51 18 da 4c bb d0 98 90 29 43 14 a5 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 256 bytes at 0x7f53500045a8 | unwrapped: 88 7e 39 b6 16 36 db 61 4f a2 fb 99 7d cb 96 8a | unwrapped: e1 85 4d 21 66 ef ad 23 ef f2 43 9e d5 e2 90 30 | unwrapped: cd 98 bf 1c ad 15 7b 07 ae a9 88 ba f9 89 c4 3b | unwrapped: 19 7b a0 48 df ea ff 5b 8b 48 f5 9b db 68 b3 41 | unwrapped: 3c f5 1a 00 ab 9b 7a 62 dc 1c d4 a8 a4 31 2b d6 | unwrapped: ba 1a 1e 40 80 f1 c7 6e 30 7c e4 1e 80 f6 b2 78 | unwrapped: 1c 74 89 48 91 62 7f 4b de aa 49 a9 d9 7c 8f 88 | unwrapped: eb 85 56 10 9e 16 ec b4 0f 87 a0 bf d6 50 dc d5 | unwrapped: ba 20 32 f0 5f d0 ad 95 3b 8a 56 0e 0a db 2d ce | unwrapped: 0d 67 96 59 13 e6 bd 47 0a d3 0b 80 8f 7e bc 23 | unwrapped: c2 fd 2d 5f 00 fc db b5 0a a7 15 54 7f fe 42 2a | unwrapped: 2a 3b 9a fc d7 ad 06 0e 8d ea 6e 20 10 ae 2e cf | unwrapped: d0 d5 1e f3 10 5a f8 03 30 8a 1b 59 9d 96 2b 1b | unwrapped: 33 1d 36 be a3 6f 1f 89 03 86 ab 65 d1 bc 7d 55 | unwrapped: 3b 51 c9 de 25 52 8a 62 e4 47 c4 a0 ac f1 55 ff | unwrapped: 41 26 0a 93 07 0b b8 53 34 ec 80 38 f2 41 20 95 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535c1e6700 | result: final-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e66e8 | result: final-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e9a80 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f534c00d840 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535c1e6670 | result: data=Ni-key@0x5612128e0610 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5612128e0610 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e6658 | result: data=Ni-key@0x5612128e9a80 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5612128e0610 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e9a80 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535c1e6660 | result: data+=Nr-key@0x5612128e0610 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e9a80 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e0610 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535c1e6660 | result: data+=SPIi-key@0x5612128e9a80 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e0610 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e9a80 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535c1e6660 | result: data+=SPIr-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e9a80 | prf+0 PRF sha init key-key@0x7f534c00d840 (size 20) | prf+0: key-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e6588 | result: clone-key@0x5612128e9a80 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f5350001410 from key-key@0x5612128e9a80 | prf+0 prf: begin sha with context 0x7f5350001410 from key-key@0x5612128e9a80 | prf+0: release clone-key@0x5612128e9a80 | prf+0 PRF sha crypt-prf@0x7f5350002168 | prf+0 PRF sha update seed-key@0x5612128e0610 (size 80) | prf+0: seed-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 4e c2 f0 44 00 50 05 4f 01 eb a5 1c 57 7c 38 04 d6 79 e3 3a 7d 5f 16 0c 9e 43 3c 1c 7f ea c5 43 1c d3 fe e8 cb eb cd be b0 f7 99 ee 15 e4 3f fe 15 7b 69 d5 9d e3 5c 5a 9b bd 9e ca 8a 57 17 51 f3 1c b0 82 2d f7 07 b2 5d 4f 51 8e fc 6b eb e3 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5350004b88 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | unwrapped: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535c1e6590 | result: final-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e6578 | result: final-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x56121285f080 | prf+0 PRF sha final-key@0x5612128e9a80 (size 20) | prf+0: key-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x5612128e9a80 | prf+N PRF sha init key-key@0x7f534c00d840 (size 20) | prf+N: key-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e6588 | result: clone-key@0x56121285f080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350001410 from key-key@0x56121285f080 | prf+N prf: begin sha with context 0x7f5350001410 from key-key@0x56121285f080 | prf+N: release clone-key@0x56121285f080 | prf+N PRF sha crypt-prf@0x7f53500048d8 | prf+N PRF sha update old_t-key@0x5612128e9a80 (size 20) | prf+N: old_t-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 28 45 de 5e 6d 21 b8 4f 5e 97 38 cd 15 73 7e 54 ff 38 40 f4 7b af 1f 19 02 ef 4f 0c c0 42 20 9b | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5350002b28 | unwrapped: b0 32 79 1d 90 17 a0 2c 80 e9 cf 25 43 23 65 0f | unwrapped: 90 29 60 39 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e0610 (size 80) | prf+N: seed-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 4e c2 f0 44 00 50 05 4f 01 eb a5 1c 57 7c 38 04 d6 79 e3 3a 7d 5f 16 0c 9e 43 3c 1c 7f ea c5 43 1c d3 fe e8 cb eb cd be b0 f7 99 ee 15 e4 3f fe 15 7b 69 d5 9d e3 5c 5a 9b bd 9e ca 8a 57 17 51 f3 1c b0 82 2d f7 07 b2 5d 4f 51 8e fc 6b eb e3 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5350004b08 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | unwrapped: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535c1e6590 | result: final-key@0x5612128e6190 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e6190 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e6578 | result: final-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e6190 | prf+N PRF sha final-key@0x56121285f080 (size 20) | prf+N: key-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535c1e6608 | result: result-key@0x5612128e6190 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e9a80 | prfplus: release old_t[N]-key@0x5612128e9a80 | prf+N PRF sha init key-key@0x7f534c00d840 (size 20) | prf+N: key-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e6588 | result: clone-key@0x5612128e9a80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350001410 from key-key@0x5612128e9a80 | prf+N prf: begin sha with context 0x7f5350001410 from key-key@0x5612128e9a80 | prf+N: release clone-key@0x5612128e9a80 | prf+N PRF sha crypt-prf@0x7f5350002168 | prf+N PRF sha update old_t-key@0x56121285f080 (size 20) | prf+N: old_t-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: fa 52 5f b6 ad ea 01 d9 58 b9 e4 23 d2 5e 26 1f 3e 57 a8 3b 99 b7 89 a7 14 ee aa 03 16 b6 6d a8 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5350001278 | unwrapped: 20 ff 13 33 a3 07 d4 16 2c 5b 31 71 11 f4 f8 65 | unwrapped: 0c bd 05 3d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e0610 (size 80) | prf+N: seed-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 4e c2 f0 44 00 50 05 4f 01 eb a5 1c 57 7c 38 04 d6 79 e3 3a 7d 5f 16 0c 9e 43 3c 1c 7f ea c5 43 1c d3 fe e8 cb eb cd be b0 f7 99 ee 15 e4 3f fe 15 7b 69 d5 9d e3 5c 5a 9b bd 9e ca 8a 57 17 51 f3 1c b0 82 2d f7 07 b2 5d 4f 51 8e fc 6b eb e3 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5350004b88 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | unwrapped: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535c1e6590 | result: final-key@0x5612128e96a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e96a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e6578 | result: final-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e96a0 | prf+N PRF sha final-key@0x5612128e9a80 (size 20) | prf+N: key-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e6190 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535c1e6608 | result: result-key@0x5612128e96a0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e6190 | prfplus: release old_t[N]-key@0x56121285f080 | prf+N PRF sha init key-key@0x7f534c00d840 (size 20) | prf+N: key-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e6588 | result: clone-key@0x56121285f080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350001410 from key-key@0x56121285f080 | prf+N prf: begin sha with context 0x7f5350001410 from key-key@0x56121285f080 | prf+N: release clone-key@0x56121285f080 | prf+N PRF sha crypt-prf@0x7f5350002b28 | prf+N PRF sha update old_t-key@0x5612128e9a80 (size 20) | prf+N: old_t-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 57 f6 59 14 2d d9 e3 f4 27 d6 3d fe 8f b2 a7 6f cf 4a 35 d0 b3 67 3c 60 22 4b 43 64 39 e1 cf 10 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5350006208 | unwrapped: 95 42 35 74 61 05 9f 5f 50 ff a2 23 36 1a 62 7f | unwrapped: c0 9a 53 8d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e0610 (size 80) | prf+N: seed-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 4e c2 f0 44 00 50 05 4f 01 eb a5 1c 57 7c 38 04 d6 79 e3 3a 7d 5f 16 0c 9e 43 3c 1c 7f ea c5 43 1c d3 fe e8 cb eb cd be b0 f7 99 ee 15 e4 3f fe 15 7b 69 d5 9d e3 5c 5a 9b bd 9e ca 8a 57 17 51 f3 1c b0 82 2d f7 07 b2 5d 4f 51 8e fc 6b eb e3 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5350004b08 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | unwrapped: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535c1e6590 | result: final-key@0x5612128e6190 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e6190 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e6578 | result: final-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e6190 | prf+N PRF sha final-key@0x56121285f080 (size 20) | prf+N: key-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e96a0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535c1e6608 | result: result-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e96a0 | prfplus: release old_t[N]-key@0x5612128e9a80 | prf+N PRF sha init key-key@0x7f534c00d840 (size 20) | prf+N: key-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e6588 | result: clone-key@0x5612128e9a80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350001410 from key-key@0x5612128e9a80 | prf+N prf: begin sha with context 0x7f5350001410 from key-key@0x5612128e9a80 | prf+N: release clone-key@0x5612128e9a80 | prf+N PRF sha crypt-prf@0x7f53500048d8 | prf+N PRF sha update old_t-key@0x56121285f080 (size 20) | prf+N: old_t-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 57 f2 d4 d9 f3 28 e9 76 dd 8b ad 11 73 8a 50 02 a0 36 eb 1f 75 59 1e 60 2b 4f ef 42 2f 53 d9 7b | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5350001278 | unwrapped: fc 50 01 c6 4b e8 65 87 81 90 d9 2a c5 b2 ee 0d | unwrapped: 8d d5 07 87 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e0610 (size 80) | prf+N: seed-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 4e c2 f0 44 00 50 05 4f 01 eb a5 1c 57 7c 38 04 d6 79 e3 3a 7d 5f 16 0c 9e 43 3c 1c 7f ea c5 43 1c d3 fe e8 cb eb cd be b0 f7 99 ee 15 e4 3f fe 15 7b 69 d5 9d e3 5c 5a 9b bd 9e ca 8a 57 17 51 f3 1c b0 82 2d f7 07 b2 5d 4f 51 8e fc 6b eb e3 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5350004b88 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | unwrapped: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535c1e6590 | result: final-key@0x5612128e96a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e96a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e6578 | result: final-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e96a0 | prf+N PRF sha final-key@0x5612128e9a80 (size 20) | prf+N: key-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535c1e6608 | result: result-key@0x5612128e96a0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e6190 | prfplus: release old_t[N]-key@0x56121285f080 | prf+N PRF sha init key-key@0x7f534c00d840 (size 20) | prf+N: key-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e6588 | result: clone-key@0x56121285f080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f53500059e0 from key-key@0x56121285f080 | prf+N prf: begin sha with context 0x7f53500059e0 from key-key@0x56121285f080 | prf+N: release clone-key@0x56121285f080 | prf+N PRF sha crypt-prf@0x7f5350002168 | prf+N PRF sha update old_t-key@0x5612128e9a80 (size 20) | prf+N: old_t-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: c0 c5 44 44 49 96 a8 68 48 d7 0b 6f 18 0a a5 14 c0 55 7e 5a fe 3a d1 34 80 17 aa c4 a3 78 b5 e2 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5350002b28 | unwrapped: d0 27 57 83 38 3d 2c 91 b0 cb b5 bd 48 29 9f 87 | unwrapped: ed c0 0a e1 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e0610 (size 80) | prf+N: seed-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 4e c2 f0 44 00 50 05 4f 01 eb a5 1c 57 7c 38 04 d6 79 e3 3a 7d 5f 16 0c 9e 43 3c 1c 7f ea c5 43 1c d3 fe e8 cb eb cd be b0 f7 99 ee 15 e4 3f fe 15 7b 69 d5 9d e3 5c 5a 9b bd 9e ca 8a 57 17 51 f3 1c b0 82 2d f7 07 b2 5d 4f 51 8e fc 6b eb e3 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5350004b08 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | unwrapped: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535c1e6590 | result: final-key@0x5612128e6190 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e6190 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e6578 | result: final-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e6190 | prf+N PRF sha final-key@0x56121285f080 (size 20) | prf+N: key-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e96a0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535c1e6608 | result: result-key@0x5612128e6190 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e96a0 | prfplus: release old_t[N]-key@0x5612128e9a80 | prf+N PRF sha init key-key@0x7f534c00d840 (size 20) | prf+N: key-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e6588 | result: clone-key@0x5612128e9a80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350001410 from key-key@0x5612128e9a80 | prf+N prf: begin sha with context 0x7f5350001410 from key-key@0x5612128e9a80 | prf+N: release clone-key@0x5612128e9a80 | prf+N PRF sha crypt-prf@0x7f53500048d8 | prf+N PRF sha update old_t-key@0x56121285f080 (size 20) | prf+N: old_t-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: e1 24 98 aa 71 03 c2 90 88 31 72 b6 d9 d1 40 25 70 7c c9 e1 93 d3 87 6b ed e5 aa 80 ec 71 1a 77 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5350001278 | unwrapped: ad a0 89 01 df ab 13 c9 44 c0 c3 d7 ad d6 5e 80 | unwrapped: 56 6c 67 76 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e0610 (size 80) | prf+N: seed-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 4e c2 f0 44 00 50 05 4f 01 eb a5 1c 57 7c 38 04 d6 79 e3 3a 7d 5f 16 0c 9e 43 3c 1c 7f ea c5 43 1c d3 fe e8 cb eb cd be b0 f7 99 ee 15 e4 3f fe 15 7b 69 d5 9d e3 5c 5a 9b bd 9e ca 8a 57 17 51 f3 1c b0 82 2d f7 07 b2 5d 4f 51 8e fc 6b eb e3 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5350006868 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | unwrapped: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535c1e6590 | result: final-key@0x5612128e96a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e96a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e6578 | result: final-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e96a0 | prf+N PRF sha final-key@0x5612128e9a80 (size 20) | prf+N: key-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e6190 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535c1e6608 | result: result-key@0x5612128e96a0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e6190 | prfplus: release old_t[N]-key@0x56121285f080 | prfplus: release old_t[final]-key@0x5612128e9a80 | ike_sa_keymat: release data-key@0x5612128e0610 | calc_skeyseed_v2: release skeyseed_k-key@0x7f534c00d840 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e96a0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e67a8 | result: result-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e96a0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e67a8 | result: result-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e96a0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e67a8 | result: result-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5612128e96a0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e67b8 | result: SK_ei_k-key@0x56121285f080 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x5612128e96a0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e67b8 | result: SK_er_k-key@0x5612128e6190 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e96a0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e67b8 | result: result-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x5612128ffbc0 | chunk_SK_pi: symkey-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 70 c2 ce 7c fe 48 24 3e 23 f2 ed f2 bc 64 c3 d1 f6 d9 6c cf a8 94 3e f2 a0 10 08 82 01 80 64 c2 | chunk_SK_pi: release slot-key-key@0x5612128e2eb0 | chunk_SK_pi extracted len 32 bytes at 0x7f5350002168 | unwrapped: 48 29 9f 87 ed c0 0a e1 ad a0 89 01 df ab 13 c9 | unwrapped: 44 c0 c3 d7 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e96a0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535c1e67b8 | result: result-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f534c006bb0 | chunk_SK_pr: symkey-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 58 0e a6 a7 68 a3 2b f6 b3 ec 6e e7 06 fd 9b 49 88 bb 0c 23 e8 91 1b 9b c4 cf 31 10 da 67 5c f9 | chunk_SK_pr: release slot-key-key@0x5612128e2eb0 | chunk_SK_pr extracted len 32 bytes at 0x7f5350001278 | unwrapped: ad d6 5e 80 56 6c 67 76 d3 71 0f ee ed 2b 33 6f | unwrapped: f1 15 12 b7 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x5612128e96a0 | calc_skeyseed_v2 pointers: shared-key@0x5612128e7c40, SK_d-key@0x7f534c00d840, SK_ai-key@0x5612128e0610, SK_ar-key@0x5612128e9a80, SK_ei-key@0x56121285f080, SK_er-key@0x5612128e6190, SK_pi-key@0x5612128ffbc0, SK_pr-key@0x7f534c006bb0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 48 29 9f 87 ed c0 0a e1 ad a0 89 01 df ab 13 c9 | 44 c0 c3 d7 | calc_skeyseed_v2 SK_pr | ad d6 5e 80 56 6c 67 76 d3 71 0f ee ed 2b 33 6f | f1 15 12 b7 | crypto helper 3 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 10 time elapsed 0.001863 seconds | (#9) spent 1.85 milliseconds in crypto helper computing work-order 10: ikev2_inR1outI2 KE (pcr) | crypto helper 3 sending results from work-order 10 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f53500046d8 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #9 | start processing: state #9 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 10 | calling continuation function 0x561211773b50 | ikev2_parent_inR1outI2_continue for #9: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f534c0103b8: transferring ownership from helper IKEv2 DH to state #9 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #10 at 0x5612129063e8 | State DB: adding IKEv2 state #10 in UNDEFINED | pstats #10 ikev2.child started | duplicating state object #9 "aes128" as #10 for IPSEC SA | #10 setting local endpoint to 192.1.2.45:500 from #9.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f534c00d840 | duplicate_state: reference st_skey_ai_nss-key@0x5612128e0610 | duplicate_state: reference st_skey_ar_nss-key@0x5612128e9a80 | duplicate_state: reference st_skey_ei_nss-key@0x56121285f080 | duplicate_state: reference st_skey_er_nss-key@0x5612128e6190 | duplicate_state: reference st_skey_pi_nss-key@0x5612128ffbc0 | duplicate_state: reference st_skey_pr_nss-key@0x7f534c006bb0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #9.#10; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #9 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #9.#10 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f534c005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f5340002b78 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f534c005088 size 128 | parent state #9: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | a1 a5 ef 5f b6 53 4e 06 | responder cookie: | e8 44 78 5d d7 ab 7d 93 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x5612128ffbc0 (size 20) | hmac: symkey-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed6138 | result: clone-key@0x5612128e96a0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5344002b50 from symkey-key@0x5612128e96a0 | hmac prf: begin sha with context 0x7f5344002b50 from symkey-key@0x5612128e96a0 | hmac: release clone-key@0x5612128e96a0 | hmac PRF sha crypt-prf@0x5612128fdea8 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x5612118718f4 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffe4aed64d0 (length 20) | 27 c6 3f 77 08 3f 3d 7d 72 33 76 69 54 7a dd 92 | 8c b8 ab 2d | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x561212854c48 (line=1) | concluding with best_match=014 best=0x561212854c48 (lineno=1) | inputs to hash1 (first packet) | a1 a5 ef 5f b6 53 4e 06 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 58 c4 51 48 8f 18 8d 84 f7 39 d4 48 | 3a 1c fe ad c8 5f 2e 8e 63 98 34 0e 87 67 59 bf | 35 39 51 5d d6 4e b7 0a 5c 59 2f e8 d7 fc 33 94 | fc 66 6e 77 ae f2 99 a6 b1 fe 4d 11 a8 e4 c2 d4 | 4b dd 41 74 4b b6 3e 49 1c bb 90 6c 8f 27 e1 59 | 6a 31 38 4b b7 2d e2 29 31 fb 7b 46 45 4d 59 27 | 03 40 e3 ee 8a 1e bd 16 cb 0e 1f ec 28 4d 09 66 | fe e4 ec 25 9b 57 94 f7 45 12 a1 52 f6 51 ed e5 | f1 ae 95 15 27 d5 cd d6 f2 9b 71 ab 11 31 af 2e | 67 13 93 a1 38 e0 62 ea a4 ac ef 5a 02 1d b6 91 | 04 6e a4 d7 ae 8b b4 00 7f dc ee 87 b4 15 d8 6b | 32 09 bb 32 de 11 6c cb 3b 6b 8b fa 41 91 25 5c | 08 97 1b 83 4c b5 cd 92 87 82 75 98 cf 8e 58 a3 | 60 04 22 1e bc 55 0d 1d 90 c4 73 8e 47 69 71 22 | 7e 45 0f 79 53 bd af f0 bc 78 b6 89 53 29 f2 7a | 13 df d7 f6 86 df e7 61 40 30 eb de d8 8a ae f3 | b1 b9 43 04 29 00 00 24 8c 36 27 bd 7f 73 ac df | 7f 16 79 e3 5e d4 c9 1c 1b 63 52 c4 b8 7c 4f 1a | 39 6e dd f3 b8 1c a2 1e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 d4 d8 c2 c0 cf 69 ce a7 | 36 f8 2e f6 e8 49 32 69 c6 26 b9 8f 00 00 00 1c | 00 00 40 05 e5 72 1c 20 df fc fe 83 70 a2 09 85 | a8 b2 59 98 f6 c6 f1 c6 | create: initiator inputs to hash2 (responder nonce) | e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | idhash 27 c6 3f 77 08 3f 3d 7d 72 33 76 69 54 7a dd 92 | idhash 8c b8 ab 2d | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5612128e2e08 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5f20 | result: shared secret-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f08 | result: shared secret-key@0x5612128e96a0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f5344002b50 from shared secret-key@0x5612128e96a0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f5344002b50 from shared secret-key@0x5612128e96a0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x5612128e96a0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x561212900298 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5612118064d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5f40 | result: final-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f28 | result: final-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x5612128e96a0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x5612128e96a0 (size 20) | = prf(, ): -key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f38 | result: clone-key@0x5612128fa5c0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f5344002b50 from -key@0x5612128fa5c0 | = prf(, ) prf: begin sha with context 0x7f5344002b50 from -key@0x5612128fa5c0 | = prf(, ): release clone-key@0x5612128fa5c0 | = prf(, ) PRF sha crypt-prf@0x5612128fdea8 | = prf(, ) PRF sha update first-packet-bytes@0x5612128fe3f8 (length 440) | a1 a5 ef 5f b6 53 4e 06 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 58 c4 51 48 8f 18 8d 84 f7 39 d4 48 | 3a 1c fe ad c8 5f 2e 8e 63 98 34 0e 87 67 59 bf | 35 39 51 5d d6 4e b7 0a 5c 59 2f e8 d7 fc 33 94 | fc 66 6e 77 ae f2 99 a6 b1 fe 4d 11 a8 e4 c2 d4 | 4b dd 41 74 4b b6 3e 49 1c bb 90 6c 8f 27 e1 59 | 6a 31 38 4b b7 2d e2 29 31 fb 7b 46 45 4d 59 27 | 03 40 e3 ee 8a 1e bd 16 cb 0e 1f ec 28 4d 09 66 | fe e4 ec 25 9b 57 94 f7 45 12 a1 52 f6 51 ed e5 | f1 ae 95 15 27 d5 cd d6 f2 9b 71 ab 11 31 af 2e | 67 13 93 a1 38 e0 62 ea a4 ac ef 5a 02 1d b6 91 | 04 6e a4 d7 ae 8b b4 00 7f dc ee 87 b4 15 d8 6b | 32 09 bb 32 de 11 6c cb 3b 6b 8b fa 41 91 25 5c | 08 97 1b 83 4c b5 cd 92 87 82 75 98 cf 8e 58 a3 | 60 04 22 1e bc 55 0d 1d 90 c4 73 8e 47 69 71 22 | 7e 45 0f 79 53 bd af f0 bc 78 b6 89 53 29 f2 7a | 13 df d7 f6 86 df e7 61 40 30 eb de d8 8a ae f3 | b1 b9 43 04 29 00 00 24 8c 36 27 bd 7f 73 ac df | 7f 16 79 e3 5e d4 c9 1c 1b 63 52 c4 b8 7c 4f 1a | 39 6e dd f3 b8 1c a2 1e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 d4 d8 c2 c0 cf 69 ce a7 | 36 f8 2e f6 e8 49 32 69 c6 26 b9 8f 00 00 00 1c | 00 00 40 05 e5 72 1c 20 df fc fe 83 70 a2 09 85 | a8 b2 59 98 f6 c6 f1 c6 | = prf(, ) PRF sha update nonce-bytes@0x561212904818 (length 32) | e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | = prf(, ) PRF sha update hash-bytes@0x7ffe4aed64d0 (length 20) | 27 c6 3f 77 08 3f 3d 7d 72 33 76 69 54 7a dd 92 | 8c b8 ab 2d | = prf(, ) PRF sha final-chunk@0x5612129014e8 (length 20) | c0 80 24 41 bd 22 e6 ab 52 5a 81 ef 9a 8b 80 39 | f5 ff ec 74 | psk_auth: release prf-psk-key@0x5612128e96a0 | PSK auth octets c0 80 24 41 bd 22 e6 ab 52 5a 81 ef 9a 8b 80 39 | PSK auth octets f5 ff ec 74 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth c0 80 24 41 bd 22 e6 ab 52 5a 81 ef 9a 8b 80 39 | PSK auth f5 ff ec 74 | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #9 | netlink_get_spi: allocated 0xcd45a691 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi cd 45 a6 91 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #9: IMPAIR: duplicating key-length attribute | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 16 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 12 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 192 | emitting length of ISAKMP Message: 220 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | f1 70 62 27 80 ef c5 32 c9 9a 70 71 3d f7 94 9b | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | c0 80 24 41 bd 22 e6 ab 52 5a 81 ef 9a 8b 80 39 | f5 ff ec 74 2c 00 00 30 00 00 00 2c 01 03 04 03 | cd 45 a6 91 03 00 00 10 01 00 00 0c 80 0e 00 80 | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 03 7d e4 39 f9 d0 28 dd 97 5c 77 41 bb 17 c5 e3 | ba 9e 8e 5b 02 11 c6 09 30 cb 0c 82 23 01 e8 d1 | 77 49 b7 ca f6 73 57 d9 d8 d9 04 cb ca df 23 99 | 34 5b 06 a2 0d c5 e3 1e 5d 42 02 67 8a 80 1f 39 | 20 5b 0e be 53 c2 f8 db a7 2e 4a ad 39 77 27 c1 | b9 1b e2 c3 cd 73 fc 1c 6a 2b d6 f4 54 e4 c0 fd | 4f 8e 82 2b 37 74 0c ba f5 89 45 ef a4 d1 2e 49 | 96 2a 96 28 cf 9a cb 40 bb 6a 91 c2 d2 91 8f 48 | 97 9e b0 32 16 c2 b8 c9 27 80 c1 66 37 d7 2d 54 | 8d 87 c1 1e 9b d4 08 53 7a 64 47 a9 6a 9e c2 df | hmac PRF sha init symkey-key@0x5612128e0610 (size 20) | hmac: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed6048 | result: clone-key@0x5612128e96a0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5344002b50 from symkey-key@0x5612128e96a0 | hmac prf: begin sha with context 0x7f5344002b50 from symkey-key@0x5612128e96a0 | hmac: release clone-key@0x5612128e96a0 | hmac PRF sha crypt-prf@0x561212900298 | hmac PRF sha update data-bytes@0x5612118718c0 (length 208) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | f1 70 62 27 80 ef c5 32 c9 9a 70 71 3d f7 94 9b | 03 7d e4 39 f9 d0 28 dd 97 5c 77 41 bb 17 c5 e3 | ba 9e 8e 5b 02 11 c6 09 30 cb 0c 82 23 01 e8 d1 | 77 49 b7 ca f6 73 57 d9 d8 d9 04 cb ca df 23 99 | 34 5b 06 a2 0d c5 e3 1e 5d 42 02 67 8a 80 1f 39 | 20 5b 0e be 53 c2 f8 db a7 2e 4a ad 39 77 27 c1 | b9 1b e2 c3 cd 73 fc 1c 6a 2b d6 f4 54 e4 c0 fd | 4f 8e 82 2b 37 74 0c ba f5 89 45 ef a4 d1 2e 49 | 96 2a 96 28 cf 9a cb 40 bb 6a 91 c2 d2 91 8f 48 | 97 9e b0 32 16 c2 b8 c9 27 80 c1 66 37 d7 2d 54 | 8d 87 c1 1e 9b d4 08 53 7a 64 47 a9 6a 9e c2 df | hmac PRF sha final-bytes@0x561211871990 (length 20) | 3c 91 dd 2b cc fb 55 8d 4b 10 e5 b7 f0 d4 f6 c0 | 66 54 e2 75 | data being hmac: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data being hmac: f1 70 62 27 80 ef c5 32 c9 9a 70 71 3d f7 94 9b | data being hmac: 03 7d e4 39 f9 d0 28 dd 97 5c 77 41 bb 17 c5 e3 | data being hmac: ba 9e 8e 5b 02 11 c6 09 30 cb 0c 82 23 01 e8 d1 | data being hmac: 77 49 b7 ca f6 73 57 d9 d8 d9 04 cb ca df 23 99 | data being hmac: 34 5b 06 a2 0d c5 e3 1e 5d 42 02 67 8a 80 1f 39 | data being hmac: 20 5b 0e be 53 c2 f8 db a7 2e 4a ad 39 77 27 c1 | data being hmac: b9 1b e2 c3 cd 73 fc 1c 6a 2b d6 f4 54 e4 c0 fd | data being hmac: 4f 8e 82 2b 37 74 0c ba f5 89 45 ef a4 d1 2e 49 | data being hmac: 96 2a 96 28 cf 9a cb 40 bb 6a 91 c2 d2 91 8f 48 | data being hmac: 97 9e b0 32 16 c2 b8 c9 27 80 c1 66 37 d7 2d 54 | data being hmac: 8d 87 c1 1e 9b d4 08 53 7a 64 47 a9 6a 9e c2 df | out calculated auth: | 3c 91 dd 2b cc fb 55 8d 4b 10 e5 b7 | suspend processing: state #9 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #10 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #10 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #10: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #10 to 0 after switching state | Message ID: recv #9.#10 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #9.#10 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #10: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 220 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | f1 70 62 27 80 ef c5 32 c9 9a 70 71 3d f7 94 9b | 03 7d e4 39 f9 d0 28 dd 97 5c 77 41 bb 17 c5 e3 | ba 9e 8e 5b 02 11 c6 09 30 cb 0c 82 23 01 e8 d1 | 77 49 b7 ca f6 73 57 d9 d8 d9 04 cb ca df 23 99 | 34 5b 06 a2 0d c5 e3 1e 5d 42 02 67 8a 80 1f 39 | 20 5b 0e be 53 c2 f8 db a7 2e 4a ad 39 77 27 c1 | b9 1b e2 c3 cd 73 fc 1c 6a 2b d6 f4 54 e4 c0 fd | 4f 8e 82 2b 37 74 0c ba f5 89 45 ef a4 d1 2e 49 | 96 2a 96 28 cf 9a cb 40 bb 6a 91 c2 d2 91 8f 48 | 97 9e b0 32 16 c2 b8 c9 27 80 c1 66 37 d7 2d 54 | 8d 87 c1 1e 9b d4 08 53 7a 64 47 a9 6a 9e c2 df | 3c 91 dd 2b cc fb 55 8d 4b 10 e5 b7 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #10: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5344002b78 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #10 | libevent_malloc: new ptr-libevent@0x561212901c38 size 128 | #10 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10450.046201 | resume sending helper answer for #9 suppresed complete_v2_state_transition() | #9 spent 0.802 milliseconds in resume sending helper answer | stop processing: state #10 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f53500046d8 | spent 0.00297 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 204 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | d3 11 13 7a 1c 41 37 35 03 65 19 17 60 62 78 b3 | 52 76 a3 6c e1 26 c6 f5 e8 f0 8f a1 f8 82 38 2e | 26 ec f0 6e 60 cd d3 34 20 1a b4 63 bf 28 fb bf | 92 67 82 72 8c 43 2c b3 62 3a a0 8c 0d e9 4c c3 | d3 e5 4c c0 a9 f3 32 f7 b5 15 bf ce 8b 66 e9 af | 96 b8 bd 77 c9 af a3 14 3d 91 06 fc 93 f9 0b 15 | e2 46 b6 35 a8 ca ae d8 11 25 54 f2 4d 3a f1 85 | 04 bb 9a f4 fd 1d 7f 37 40 6e cc 32 53 0a c2 a2 | 82 c7 eb ea 09 e8 bc 44 0a 89 91 4a 9e f5 db 9f | e1 40 26 62 32 be 90 c2 31 e7 d5 dc c8 70 aa e2 | 6b 54 6a b0 ac 2e 2e db 28 c3 9e 38 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a1 a5 ef 5f b6 53 4e 06 | responder cookie: | e8 44 78 5d d7 ab 7d 93 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 204 (0xcc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #9 in PARENT_I2 (find_v2_ike_sa) | start processing: state #9 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #10 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #9 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | start processing: state #10 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #10 is idle | #10 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 176 (0xb0) | processing payload: ISAKMP_NEXT_v2SK (len=172) | #10 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x5612128e9a80 (size 20) | hmac: symkey-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5e98 | result: clone-key@0x5612128e96a0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5350002b50 from symkey-key@0x5612128e96a0 | hmac prf: begin sha with context 0x7f5350002b50 from symkey-key@0x5612128e96a0 | hmac: release clone-key@0x5612128e96a0 | hmac PRF sha crypt-prf@0x5612128fdea8 | hmac PRF sha update data-bytes@0x56121288e368 (length 192) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | d3 11 13 7a 1c 41 37 35 03 65 19 17 60 62 78 b3 | 52 76 a3 6c e1 26 c6 f5 e8 f0 8f a1 f8 82 38 2e | 26 ec f0 6e 60 cd d3 34 20 1a b4 63 bf 28 fb bf | 92 67 82 72 8c 43 2c b3 62 3a a0 8c 0d e9 4c c3 | d3 e5 4c c0 a9 f3 32 f7 b5 15 bf ce 8b 66 e9 af | 96 b8 bd 77 c9 af a3 14 3d 91 06 fc 93 f9 0b 15 | e2 46 b6 35 a8 ca ae d8 11 25 54 f2 4d 3a f1 85 | 04 bb 9a f4 fd 1d 7f 37 40 6e cc 32 53 0a c2 a2 | 82 c7 eb ea 09 e8 bc 44 0a 89 91 4a 9e f5 db 9f | e1 40 26 62 32 be 90 c2 31 e7 d5 dc c8 70 aa e2 | hmac PRF sha final-bytes@0x7ffe4aed6060 (length 20) | 6b 54 6a b0 ac 2e 2e db 28 c3 9e 38 84 eb 2e 81 | f8 60 d8 93 | data for hmac: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data for hmac: d3 11 13 7a 1c 41 37 35 03 65 19 17 60 62 78 b3 | data for hmac: 52 76 a3 6c e1 26 c6 f5 e8 f0 8f a1 f8 82 38 2e | data for hmac: 26 ec f0 6e 60 cd d3 34 20 1a b4 63 bf 28 fb bf | data for hmac: 92 67 82 72 8c 43 2c b3 62 3a a0 8c 0d e9 4c c3 | data for hmac: d3 e5 4c c0 a9 f3 32 f7 b5 15 bf ce 8b 66 e9 af | data for hmac: 96 b8 bd 77 c9 af a3 14 3d 91 06 fc 93 f9 0b 15 | data for hmac: e2 46 b6 35 a8 ca ae d8 11 25 54 f2 4d 3a f1 85 | data for hmac: 04 bb 9a f4 fd 1d 7f 37 40 6e cc 32 53 0a c2 a2 | data for hmac: 82 c7 eb ea 09 e8 bc 44 0a 89 91 4a 9e f5 db 9f | data for hmac: e1 40 26 62 32 be 90 c2 31 e7 d5 dc c8 70 aa e2 | calculated auth: 6b 54 6a b0 ac 2e 2e db 28 c3 9e 38 | provided auth: 6b 54 6a b0 ac 2e 2e db 28 c3 9e 38 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | d3 11 13 7a 1c 41 37 35 03 65 19 17 60 62 78 b3 | payload before decryption: | 52 76 a3 6c e1 26 c6 f5 e8 f0 8f a1 f8 82 38 2e | 26 ec f0 6e 60 cd d3 34 20 1a b4 63 bf 28 fb bf | 92 67 82 72 8c 43 2c b3 62 3a a0 8c 0d e9 4c c3 | d3 e5 4c c0 a9 f3 32 f7 b5 15 bf ce 8b 66 e9 af | 96 b8 bd 77 c9 af a3 14 3d 91 06 fc 93 f9 0b 15 | e2 46 b6 35 a8 ca ae d8 11 25 54 f2 4d 3a f1 85 | 04 bb 9a f4 fd 1d 7f 37 40 6e cc 32 53 0a c2 a2 | 82 c7 eb ea 09 e8 bc 44 0a 89 91 4a 9e f5 db 9f | e1 40 26 62 32 be 90 c2 31 e7 d5 dc c8 70 aa e2 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 bb 05 8d 78 a0 96 f4 cd ac 4d 02 6b | 6e 71 3c 26 4d a1 dd 5c 2c 00 00 2c 00 00 00 28 | 01 03 04 03 5d fe db 6a 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | stripping 12 octets as pad | #10 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "aes128" #10: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x7f534c006bb0 (size 20) | hmac: symkey-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5fc8 | result: clone-key@0x5612128e96a0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5350002b50 from symkey-key@0x5612128e96a0 | hmac prf: begin sha with context 0x7f5350002b50 from symkey-key@0x5612128e96a0 | hmac: release clone-key@0x5612128e96a0 | hmac PRF sha crypt-prf@0x561212900298 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x56121288e39c (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffe4aed6120 (length 20) | 3c 66 35 d4 9b 57 15 14 7d 32 cb 86 6f cb 98 84 | e0 89 d4 bd | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x561212854c48 (line=1) | concluding with best_match=014 best=0x561212854c48 (lineno=1) | inputs to hash1 (first packet) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 c4 1e 8b 7d 62 1e 50 13 6b 35 55 83 | 81 5e 57 88 ff cd ef 1b 91 fc 46 65 70 0e 42 86 | ce 8f f2 87 cb 8f d6 eb d1 44 f3 c4 3f 31 6a ff | 2e 32 f2 48 79 56 2c 8f 34 e6 65 ea ac 4f bf f8 | f0 5e 32 ac 4f f7 ce 4d 68 f8 b2 0e 41 07 67 89 | dc 16 9d 9f 6c ca e5 02 69 ed 5c 6c 2a 21 c9 8f | 9b 42 28 a2 ab e2 1a 33 09 7c b3 cc 86 b6 da c4 | d4 02 c1 47 a8 c7 72 c1 d8 9a ff e0 ac 79 cc 92 | be 7d 17 31 02 9c 57 8d e0 ff 1f 0b c9 ba 53 be | 1a 59 2b aa c4 43 0f b3 b2 5e 67 c1 1d eb 4e 06 | 08 ca 15 42 88 34 5a f1 e5 99 f1 9d 43 6b ee 32 | 41 87 79 c3 ae e3 cb 0c 87 54 cb 94 3c f2 f5 d7 | 3e 12 71 30 30 4a 3e 88 fd b7 16 b5 de cd 89 36 | ea 11 00 2a ce 5d e1 fe c2 1d 64 d1 c6 37 f4 c8 | ea 31 25 e4 9f 74 f2 80 aa a0 68 79 ea 7e ee 9e | 43 77 b9 5b 8d 97 aa f3 03 85 ae 6b 07 4c 36 87 | f3 8b c8 c0 29 00 00 24 e4 12 d1 81 ce 74 fb 40 | fa 67 f0 1f 7f 49 83 58 3b 9a 3e 26 c6 7b 8b 8c | 92 28 3c b2 78 c0 1d 44 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 1e 11 bd 1d f7 6a ec c7 | 25 b8 d4 e5 86 27 73 4a 78 a9 24 bd 00 00 00 1c | 00 00 40 05 74 5c 12 01 32 d7 d6 9b e8 74 77 d2 | 86 ce b4 b4 8c fb 28 85 | verify: initiator inputs to hash2 (initiator nonce) | 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | idhash 3c 66 35 d4 9b 57 15 14 7d 32 cb 86 6f cb 98 84 | idhash e0 89 d4 bd | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5612128e2e08 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dc0 | result: shared secret-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5da8 | result: shared secret-key@0x5612128e96a0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f5350002b50 from shared secret-key@0x5612128e96a0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f5350002b50 from shared secret-key@0x5612128e96a0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x5612128e96a0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5612128fdea8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5612118064d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5de0 | result: final-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: final-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x5612128e96a0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x5612128e96a0 (size 20) | = prf(, ): -key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dd8 | result: clone-key@0x5612128fa5c0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f5350002b50 from -key@0x5612128fa5c0 | = prf(, ) prf: begin sha with context 0x7f5350002b50 from -key@0x5612128fa5c0 | = prf(, ): release clone-key@0x5612128fa5c0 | = prf(, ) PRF sha crypt-prf@0x561212900298 | = prf(, ) PRF sha update first-packet-bytes@0x5612128fdef8 (length 440) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 c4 1e 8b 7d 62 1e 50 13 6b 35 55 83 | 81 5e 57 88 ff cd ef 1b 91 fc 46 65 70 0e 42 86 | ce 8f f2 87 cb 8f d6 eb d1 44 f3 c4 3f 31 6a ff | 2e 32 f2 48 79 56 2c 8f 34 e6 65 ea ac 4f bf f8 | f0 5e 32 ac 4f f7 ce 4d 68 f8 b2 0e 41 07 67 89 | dc 16 9d 9f 6c ca e5 02 69 ed 5c 6c 2a 21 c9 8f | 9b 42 28 a2 ab e2 1a 33 09 7c b3 cc 86 b6 da c4 | d4 02 c1 47 a8 c7 72 c1 d8 9a ff e0 ac 79 cc 92 | be 7d 17 31 02 9c 57 8d e0 ff 1f 0b c9 ba 53 be | 1a 59 2b aa c4 43 0f b3 b2 5e 67 c1 1d eb 4e 06 | 08 ca 15 42 88 34 5a f1 e5 99 f1 9d 43 6b ee 32 | 41 87 79 c3 ae e3 cb 0c 87 54 cb 94 3c f2 f5 d7 | 3e 12 71 30 30 4a 3e 88 fd b7 16 b5 de cd 89 36 | ea 11 00 2a ce 5d e1 fe c2 1d 64 d1 c6 37 f4 c8 | ea 31 25 e4 9f 74 f2 80 aa a0 68 79 ea 7e ee 9e | 43 77 b9 5b 8d 97 aa f3 03 85 ae 6b 07 4c 36 87 | f3 8b c8 c0 29 00 00 24 e4 12 d1 81 ce 74 fb 40 | fa 67 f0 1f 7f 49 83 58 3b 9a 3e 26 c6 7b 8b 8c | 92 28 3c b2 78 c0 1d 44 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 1e 11 bd 1d f7 6a ec c7 | 25 b8 d4 e5 86 27 73 4a 78 a9 24 bd 00 00 00 1c | 00 00 40 05 74 5c 12 01 32 d7 d6 9b e8 74 77 d2 | 86 ce b4 b4 8c fb 28 85 | = prf(, ) PRF sha update nonce-bytes@0x7f534c003a78 (length 32) | 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | = prf(, ) PRF sha update hash-bytes@0x7ffe4aed6120 (length 20) | 3c 66 35 d4 9b 57 15 14 7d 32 cb 86 6f cb 98 84 | e0 89 d4 bd | = prf(, ) PRF sha final-chunk@0x5612128fbb18 (length 20) | bb 05 8d 78 a0 96 f4 cd ac 4d 02 6b 6e 71 3c 26 | 4d a1 dd 5c | psk_auth: release prf-psk-key@0x5612128e96a0 | Received PSK auth octets | bb 05 8d 78 a0 96 f4 cd ac 4d 02 6b 6e 71 3c 26 | 4d a1 dd 5c | Calculated PSK auth octets | bb 05 8d 78 a0 96 f4 cd ac 4d 02 6b 6e 71 3c 26 | 4d a1 dd 5c "aes128" #10: Authenticated using authby=secret | parent state #9: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #9 will start re-keying in 2568 seconds with margin of 1032 seconds (attempting re-key) | state #9 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f534c005088 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f5340002b78 | event_schedule: new EVENT_SA_REKEY-pe@0x7f5340002b78 | inserting event EVENT_SA_REKEY, timeout in 2568 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f53500046d8 size 128 | pstats #9 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="aes128" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for aes128 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 5d fe db 6a | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=5dfedb6a;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5eb0 | result: data=Ni-key@0x5612128fa5c0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5612128fa5c0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5e98 | result: data=Ni-key@0x5612128e96a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5612128fa5c0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e96a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed5ea0 | result: data+=Nr-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e96a0 | prf+0 PRF sha init key-key@0x7f534c00d840 (size 20) | prf+0: key-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x5612128e96a0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f5350002b50 from key-key@0x5612128e96a0 | prf+0 prf: begin sha with context 0x7f5350002b50 from key-key@0x5612128e96a0 | prf+0: release clone-key@0x5612128e96a0 | prf+0 PRF sha crypt-prf@0x5612128fbc18 | prf+0 PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+0: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 4e c2 f0 44 00 50 05 4f 01 eb a5 1c 57 7c 38 04 d6 79 e3 3a 7d 5f 16 0c 9e 43 3c 1c 7f ea c5 43 1c d3 fe e8 cb eb cd be b0 f7 99 ee 15 e4 3f fe 15 7b 69 d5 9d e3 5c 5a 9b bd 9e ca 8a 57 17 51 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x5612128fc178 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x561212901410 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x561212901410 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x561212901410 | prf+0 PRF sha final-key@0x5612128e96a0 (size 20) | prf+0: key-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x5612128e96a0 | prf+N PRF sha init key-key@0x7f534c00d840 (size 20) | prf+N: key-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x561212901410 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350002b50 from key-key@0x561212901410 | prf+N prf: begin sha with context 0x7f5350002b50 from key-key@0x561212901410 | prf+N: release clone-key@0x561212901410 | prf+N PRF sha crypt-prf@0x5612128fdea8 | prf+N PRF sha update old_t-key@0x5612128e96a0 (size 20) | prf+N: old_t-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e96a0 | nss hmac digest hack: symkey-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 2d c2 09 c5 cd b6 9b 05 9a bc ce 5d bf 67 4e 68 33 ca c0 92 eb a8 c3 36 3b e7 29 75 42 63 f4 fc | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x5612128fbd38 | unwrapped: 09 cc 84 ba b7 2b 19 31 21 01 14 22 a2 16 2e 9b | unwrapped: 1d 36 19 01 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+N: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 4e c2 f0 44 00 50 05 4f 01 eb a5 1c 57 7c 38 04 d6 79 e3 3a 7d 5f 16 0c 9e 43 3c 1c 7f ea c5 43 1c d3 fe e8 cb eb cd be b0 f7 99 ee 15 e4 3f fe 15 7b 69 d5 9d e3 5c 5a 9b bd 9e ca 8a 57 17 51 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x7f5354002b78 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x7f534c00a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f534c00a0e0 | prf+N PRF sha final-key@0x561212901410 (size 20) | prf+N: key-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe4aed5e48 | result: result-key@0x7f534c00a0e0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e96a0 | prfplus: release old_t[N]-key@0x5612128e96a0 | prf+N PRF sha init key-key@0x7f534c00d840 (size 20) | prf+N: key-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x5612128e96a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350002b50 from key-key@0x5612128e96a0 | prf+N prf: begin sha with context 0x7f5350002b50 from key-key@0x5612128e96a0 | prf+N: release clone-key@0x5612128e96a0 | prf+N PRF sha crypt-prf@0x5612128fbc18 | prf+N PRF sha update old_t-key@0x561212901410 (size 20) | prf+N: old_t-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x561212901410 | nss hmac digest hack: symkey-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 79 da 8c aa 48 1a 99 35 81 1f 1d da 90 30 35 f7 6f 7a f5 0a 5b 8e 9f 63 70 03 b3 34 19 22 8e 82 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x5612128fbce8 | unwrapped: ca f7 45 a6 bb 79 ac 89 38 de 7b e2 9f 51 0b 98 | unwrapped: 26 e1 1e 1c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+N: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 4e c2 f0 44 00 50 05 4f 01 eb a5 1c 57 7c 38 04 d6 79 e3 3a 7d 5f 16 0c 9e 43 3c 1c 7f ea c5 43 1c d3 fe e8 cb eb cd be b0 f7 99 ee 15 e4 3f fe 15 7b 69 d5 9d e3 5c 5a 9b bd 9e ca 8a 57 17 51 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x5612128fc178 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x561212900560 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x561212900560 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x561212900560 | prf+N PRF sha final-key@0x5612128e96a0 (size 20) | prf+N: key-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f534c00a0e0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe4aed5e48 | result: result-key@0x561212900560 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f534c00a0e0 | prfplus: release old_t[N]-key@0x561212901410 | prf+N PRF sha init key-key@0x7f534c00d840 (size 20) | prf+N: key-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x561212901410 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350002b50 from key-key@0x561212901410 | prf+N prf: begin sha with context 0x7f5350002b50 from key-key@0x561212901410 | prf+N: release clone-key@0x561212901410 | prf+N PRF sha crypt-prf@0x5612128fbd38 | prf+N PRF sha update old_t-key@0x5612128e96a0 (size 20) | prf+N: old_t-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e96a0 | nss hmac digest hack: symkey-key@0x5612128e96a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 1f e8 86 96 7c 4b d5 f5 e1 87 64 54 53 15 e1 e4 91 33 1f 17 aa 1e 7f 65 b0 70 0d 75 04 8c 1b 4e | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x5612128fc868 | unwrapped: 01 e1 ff 76 6f 25 94 d2 92 48 21 06 d3 14 ff 58 | unwrapped: 80 50 7d 49 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+N: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 4e c2 f0 44 00 50 05 4f 01 eb a5 1c 57 7c 38 04 d6 79 e3 3a 7d 5f 16 0c 9e 43 3c 1c 7f ea c5 43 1c d3 fe e8 cb eb cd be b0 f7 99 ee 15 e4 3f fe 15 7b 69 d5 9d e3 5c 5a 9b bd 9e ca 8a 57 17 51 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x7f5354002b78 | unwrapped: 8c 36 27 bd 7f 73 ac df 7f 16 79 e3 5e d4 c9 1c | unwrapped: 1b 63 52 c4 b8 7c 4f 1a 39 6e dd f3 b8 1c a2 1e | unwrapped: e4 12 d1 81 ce 74 fb 40 fa 67 f0 1f 7f 49 83 58 | unwrapped: 3b 9a 3e 26 c6 7b 8b 8c 92 28 3c b2 78 c0 1d 44 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x7f534c00a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f534c00a0e0 | prf+N PRF sha final-key@0x561212901410 (size 20) | prf+N: key-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x561212900560 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe4aed5e48 | result: result-key@0x7f534c00a0e0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x561212900560 | prfplus: release old_t[N]-key@0x5612128e96a0 | prfplus: release old_t[final]-key@0x561212901410 | child_sa_keymat: release data-key@0x5612128fa5c0 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f534c00a0e0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f28 | result: result-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x5612128fa5c0 | initiator to responder keys: symkey-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x5612128e2eb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1664426035: 2d c2 09 c5 cd b6 9b 05 9a bc ce 5d bf 67 4e 68 f9 d9 72 3e 45 17 f3 a0 1c 8c 38 28 0d 5a e4 77 7c f6 5e 77 e6 07 38 7d d4 14 ec 28 c2 00 12 76 | initiator to responder keys: release slot-key-key@0x5612128e2eb0 | initiator to responder keys extracted len 48 bytes at 0x7f5354001428 | unwrapped: 09 cc 84 ba b7 2b 19 31 21 01 14 22 a2 16 2e 9b | unwrapped: 1d 36 19 01 ca f7 45 a6 bb 79 ac 89 38 de 7b e2 | unwrapped: 9f 51 0b 98 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x5612128fa5c0 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f534c00a0e0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f28 | result: result-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x5612128fa5c0 | responder to initiator keys:: symkey-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x5612128e2eb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1664426035: 97 6e 72 38 ed 78 2b ec f1 18 9d 8c 04 1f 97 cf d8 93 18 54 56 ef bd 41 a6 27 56 7f d3 5a 4a 23 a1 c1 ab 2a 75 f5 ac ee b4 1a 09 01 05 95 67 b7 | responder to initiator keys:: release slot-key-key@0x5612128e2eb0 | responder to initiator keys: extracted len 48 bytes at 0x561212859918 | unwrapped: 26 e1 1e 1c 01 e1 ff 76 6f 25 94 d2 92 48 21 06 | unwrapped: d3 14 ff 58 80 50 7d 49 fe 99 60 6e 3b c9 f5 e8 | unwrapped: ea 81 ff 29 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x5612128fa5c0 | ikev2_derive_child_keys: release keymat-key@0x7f534c00a0e0 | #9 spent 1.33 milliseconds | install_ipsec_sa() for #10: inbound and outbound | could_route called for aes128 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.5dfedb6a@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.cd45a691@192.1.2.45 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #10: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: aes128 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #10 | priority calculation of connection "aes128" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5dfedb6a SPI_OUT= | popen cmd is 1025 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+U: | cmd( 640):P+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' : | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: | cmd( 960):ARED='no' SPI_IN=0x5dfedb6a SPI_OUT=0xcd45a691 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5dfedb6 | popen cmd is 1030 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUT: | cmd( 400):O_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT: | cmd( 480):_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=: | cmd( 560):'' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+: | cmd( 640):PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMAN: | cmd( 720):ENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_P: | cmd( 800):EER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=: | cmd( 880):'0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V: | cmd( 960):TI_SHARED='no' SPI_IN=0x5dfedb6a SPI_OUT=0xcd45a691 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5dfedb6a SP | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x5dfedb6a SPI_OUT=0xcd45a691 ipsec _updown 2>&1: | route_and_eroute: instance "aes128", setting eroute_owner {spd=0x561212901758,sr=0x561212901758} to #10 (was #0) (newest_ipsec_sa=#0) | #9 spent 1.75 milliseconds in install_ipsec_sa() | inR2: instance aes128[0], setting IKEv2 newest_ipsec_sa to #10 (was #0) (spd.eroute=#10) cloned from #9 | state #10 requesting EVENT_RETRANSMIT to be deleted | #10 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x561212901c38 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5344002b78 | #10 spent 2.86 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #10 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #10 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #10: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #10 to 1 after switching state | Message ID: recv #9.#10 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #9.#10 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #10 ikev2.child established "aes128" #10: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "aes128" #10: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x5dfedb6a <0xcd45a691 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #10 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #9 | unpending state #9 connection "aes128" | delete from pending Child SA with 192.1.2.23 "aes128" | removing pending policy for no connection {0x5612128ee1f8} | close_any(fd@24) (in release_whack() at state.c:654) | #10 will start re-keying in 28154 seconds with margin of 646 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f5344002b78 | inserting event EVENT_SA_REKEY, timeout in 28154 seconds for #10 | libevent_malloc: new ptr-libevent@0x5612128fddf8 size 128 | stop processing: state #10 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 3.22 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 3.23 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00413 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00229 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00429 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.cd45a691@192.1.2.45 | get_sa_info esp.5dfedb6a@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.067 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #10 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #10 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #10 ikev2.child deleted completed | #10 spent 2.86 milliseconds in total | [RE]START processing: state #10 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #10: deleting state (STATE_V2_IPSEC_I) aged 0.077s and sending notification | child state #10: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.5dfedb6a@192.1.2.23 | get_sa_info esp.cd45a691@192.1.2.45 "aes128" #10: ESP traffic information: in=84B out=84B | #10 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | a1 a5 ef 5f b6 53 4e 06 | responder cookie: | e8 44 78 5d d7 ab 7d 93 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis cd 45 a6 91 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | f2 f3 90 5d 53 ac 9b 77 db db e1 cf 1b 99 f4 b7 | data before encryption: | 00 00 00 0c 03 04 00 01 cd 45 a6 91 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 51 62 18 28 44 4f b9 97 06 e4 d3 c8 0f 8e 96 ba | hmac PRF sha init symkey-key@0x5612128e0610 (size 20) | hmac: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed2d78 | result: clone-key@0x7f534c00a0e0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5350002b50 from symkey-key@0x7f534c00a0e0 | hmac prf: begin sha with context 0x7f5350002b50 from symkey-key@0x7f534c00a0e0 | hmac: release clone-key@0x7f534c00a0e0 | hmac PRF sha crypt-prf@0x5612128fbc18 | hmac PRF sha update data-bytes@0x7ffe4aed3150 (length 64) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | f2 f3 90 5d 53 ac 9b 77 db db e1 cf 1b 99 f4 b7 | 51 62 18 28 44 4f b9 97 06 e4 d3 c8 0f 8e 96 ba | hmac PRF sha final-bytes@0x7ffe4aed3190 (length 20) | 2e d0 4a 5a 8d 31 11 aa 58 e7 54 c6 a5 9c b4 92 | 92 80 ba 0f | data being hmac: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: f2 f3 90 5d 53 ac 9b 77 db db e1 cf 1b 99 f4 b7 | data being hmac: 51 62 18 28 44 4f b9 97 06 e4 d3 c8 0f 8e 96 ba | out calculated auth: | 2e d0 4a 5a 8d 31 11 aa 58 e7 54 c6 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #10) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | f2 f3 90 5d 53 ac 9b 77 db db e1 cf 1b 99 f4 b7 | 51 62 18 28 44 4f b9 97 06 e4 d3 c8 0f 8e 96 ba | 2e d0 4a 5a 8d 31 11 aa 58 e7 54 c6 | Message ID: IKE #9 sender #10 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #9 sender #10 in send_delete hacking around record ' send | Message ID: sent #9 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #10 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x5612128fddf8 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f5344002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825164' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5dfedb6 | popen cmd is 1033 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INT: | cmd( 80):ERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@we: | cmd( 160):st' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIE: | cmd( 240):NT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=': | cmd( 320):16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_P: | cmd( 400):EER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MA: | cmd( 480):SK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' : | cmd( 560):PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825164' PLUTO_CONN_POLICY='PSK+ENCRYPT+T: | cmd( 640):UNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PER: | cmd( 720):MANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUT: | cmd( 800):O_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERV: | cmd( 880):ER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no: | cmd( 960):' VTI_SHARED='no' SPI_IN=0x5dfedb6a SPI_OUT=0xcd45a691 ipsec _updown 2>&1: | shunt_eroute() called for connection 'aes128' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "aes128" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.5dfedb6a@192.1.2.23 | netlink response for Del SA esp.5dfedb6a@192.1.2.23 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.cd45a691@192.1.2.45 | netlink response for Del SA esp.cd45a691@192.1.2.45 included non-error error | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #10 in V2_IPSEC_I | child state #10: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #10 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f534c00d840 | delete_state: release st->st_skey_ai_nss-key@0x5612128e0610 | delete_state: release st->st_skey_ar_nss-key@0x5612128e9a80 | delete_state: release st->st_skey_ei_nss-key@0x56121285f080 | delete_state: release st->st_skey_er_nss-key@0x5612128e6190 | delete_state: release st->st_skey_pi_nss-key@0x5612128ffbc0 | delete_state: release st->st_skey_pr_nss-key@0x7f534c006bb0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #9 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #9 | start processing: state #9 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #9 ikev2.ike deleted completed | #9 spent 7.35 milliseconds in total | [RE]START processing: state #9 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #9: deleting state (STATE_PARENT_I3) aged 0.094s and sending notification | parent state #9: PARENT_I3(established IKE SA) => delete | #9 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | a1 a5 ef 5f b6 53 4e 06 | responder cookie: | e8 44 78 5d d7 ab 7d 93 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | e1 30 0c 43 97 29 8b 4d 01 03 40 b7 5a 75 20 12 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 00 e7 e5 3d d5 84 0e 93 bc 36 f2 d0 e8 8f fa 5e | hmac PRF sha init symkey-key@0x5612128e0610 (size 20) | hmac: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed2d78 | result: clone-key@0x7f534c00a0e0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5344002b50 from symkey-key@0x7f534c00a0e0 | hmac prf: begin sha with context 0x7f5344002b50 from symkey-key@0x7f534c00a0e0 | hmac: release clone-key@0x7f534c00a0e0 | hmac PRF sha crypt-prf@0x561212900298 | hmac PRF sha update data-bytes@0x7ffe4aed3150 (length 64) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | e1 30 0c 43 97 29 8b 4d 01 03 40 b7 5a 75 20 12 | 00 e7 e5 3d d5 84 0e 93 bc 36 f2 d0 e8 8f fa 5e | hmac PRF sha final-bytes@0x7ffe4aed3190 (length 20) | 12 5b 21 20 7f bd 15 df 5e 54 e5 d2 d1 ca f3 8b | 19 56 65 8f | data being hmac: a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data being hmac: e1 30 0c 43 97 29 8b 4d 01 03 40 b7 5a 75 20 12 | data being hmac: 00 e7 e5 3d d5 84 0e 93 bc 36 f2 d0 e8 8f fa 5e | out calculated auth: | 12 5b 21 20 7f bd 15 df 5e 54 e5 d2 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | e1 30 0c 43 97 29 8b 4d 01 03 40 b7 5a 75 20 12 | 00 e7 e5 3d d5 84 0e 93 bc 36 f2 d0 e8 8f fa 5e | 12 5b 21 20 7f bd 15 df 5e 54 e5 d2 | Message ID: IKE #9 sender #9 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #9 sender #9 in send_delete hacking around record ' send | Message ID: #9 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #9 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #9 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f53500046d8 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f5340002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #9 in PARENT_I3 | parent state #9: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f534c0103b8: destroyed | stop processing: state #9 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x5612128e7c40 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f534c00d840 | delete_state: release st->st_skey_ai_nss-key@0x5612128e0610 | delete_state: release st->st_skey_ar_nss-key@0x5612128e9a80 | delete_state: release st->st_skey_ei_nss-key@0x56121285f080 | delete_state: release st->st_skey_er_nss-key@0x5612128e6190 | delete_state: release st->st_skey_pi_nss-key@0x5612128ffbc0 | delete_state: release st->st_skey_pr_nss-key@0x7f534c006bb0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 2.04 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00433 milliseconds in signal handler PLUTO_SIGCHLD | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 19 da e4 19 41 07 df 11 cd b8 20 b1 21 1c b0 6b | f0 fb a5 6c c9 33 ce 3b 96 32 60 ae 76 d6 2c e2 | 16 17 ed 90 8b ef 84 c9 8f be ba b9 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a1 a5 ef 5f b6 53 4e 06 | responder cookie: | e8 44 78 5d d7 ab 7d 93 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0803 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00246 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | a1 a5 ef 5f b6 53 4e 06 e8 44 78 5d d7 ab 7d 93 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | fb fb cb 3f 25 37 a3 dc 83 f8 c7 eb e8 6b 01 6c | ec 7e 96 d6 9c c1 03 d2 3e d4 32 07 3e bb 6a 72 | ff ad b9 a1 a7 c0 52 89 f4 36 9a 36 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | a1 a5 ef 5f b6 53 4e 06 | responder cookie: | e8 44 78 5d d7 ab 7d 93 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0639 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "aes128" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'aes128' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "aes128" is 0xfe7e7 | priority calculation of connection "aes128" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT | popen cmd is 1014 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16404' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLU: | cmd( 400):TO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIEN: | cmd( 480):T_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA: | cmd( 560):='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL: | cmd( 640):+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x5612128fbe98 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.04 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00489 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | child-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0595 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0541 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:OMIT | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.493 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x5612128fbe98 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.182 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #11 at 0x561212900758 | State DB: adding IKEv2 state #11 in UNDEFINED | pstats #11 ikev2.ike started | Message ID: init #11: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #11: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #11; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #11 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #11 "aes128" "aes128" #11: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 11 for state #11 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #11 | libevent_malloc: new ptr-libevent@0x5612128fe198 size 128 | #11 spent 0.139 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 2 resuming | RESET processing: state #11 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 2 starting work-order 11 for state #11 | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 11 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f53440059b8: created | NSS: Local DH MODP2048 secret (pointer): 0x7f53440059b8 | NSS: Public DH wire value: | f9 b8 b4 f6 2c ef 24 dc 0c 70 be 8e 7b 86 2d 6a | 5d df 6b 54 49 a7 e2 9e 01 8f 6d e4 2f 7d 9e 06 | d0 1f 6f 6b 7d e8 18 42 32 52 b4 6b f1 62 ba 22 | fd 3e 45 e1 38 08 28 07 e0 f6 ea 59 92 de 50 1f | 4f c3 ba cf 85 5d 4c 75 67 13 2e c4 85 66 fe 58 | e9 a5 61 6b 76 0c 75 29 d4 47 68 30 a3 38 40 16 | 9a 5d 88 f6 58 73 06 11 3d 97 a1 e0 b4 30 d3 fb | 13 10 5a b4 0e 0e 4d 8f 18 01 71 50 a3 9d 21 c9 | cb 2e 7d d4 92 62 d7 6d 2c b2 05 c6 e4 40 a6 90 | 5a ac c0 d4 0e 67 41 5a 12 93 be ca c8 14 7a d7 | b9 03 c7 db 9a f7 cf d0 e3 82 c5 f4 96 dd a2 e8 | c5 a2 7b 8a db 20 fb 50 d1 78 65 20 95 c5 88 36 | ab f3 98 8d 83 1f f4 73 55 0f 58 f9 ec 56 a6 4a | 49 67 76 e4 78 f7 d0 9e 2f d5 37 c2 00 5d c8 f4 | 9e a5 4e 44 45 b1 b8 34 76 9a 67 a1 5f 2c 30 1d | 03 e6 6a 44 64 71 76 45 40 3b 93 2a 38 45 f8 9a | Generated nonce: 6b 57 0e 43 02 b0 e1 93 b7 1b 82 d6 73 20 45 90 | Generated nonce: e7 89 18 db 91 99 f0 2b a8 f9 6c 47 11 c7 ca 61 | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 11 time elapsed 0.000936 seconds | (#11) spent 0.932 milliseconds in crypto helper computing work-order 11: ikev2_outI1 KE (pcr) | crypto helper 2 sending results from work-order 11 for state #11 to event queue | scheduling resume sending helper answer for #11 | libevent_malloc: new ptr-libevent@0x7f5344006378 size 128 | crypto helper 2 waiting (nothing to do) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.223 milliseconds in whack | processing resume sending helper answer for #11 | start processing: state #11 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 11 | calling continuation function 0x561211773b50 | ikev2_parent_outI1_continue for #11 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f53440059b8: transferring ownership from helper KE to state #11 | **emit ISAKMP Message: | initiator cookie: | 60 b2 33 cd a9 5d 09 e4 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #11: IMPAIR: omitting fixed-size key-length attribute | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x f9 b8 b4 f6 2c ef 24 dc 0c 70 be 8e 7b 86 2d 6a | ikev2 g^x 5d df 6b 54 49 a7 e2 9e 01 8f 6d e4 2f 7d 9e 06 | ikev2 g^x d0 1f 6f 6b 7d e8 18 42 32 52 b4 6b f1 62 ba 22 | ikev2 g^x fd 3e 45 e1 38 08 28 07 e0 f6 ea 59 92 de 50 1f | ikev2 g^x 4f c3 ba cf 85 5d 4c 75 67 13 2e c4 85 66 fe 58 | ikev2 g^x e9 a5 61 6b 76 0c 75 29 d4 47 68 30 a3 38 40 16 | ikev2 g^x 9a 5d 88 f6 58 73 06 11 3d 97 a1 e0 b4 30 d3 fb | ikev2 g^x 13 10 5a b4 0e 0e 4d 8f 18 01 71 50 a3 9d 21 c9 | ikev2 g^x cb 2e 7d d4 92 62 d7 6d 2c b2 05 c6 e4 40 a6 90 | ikev2 g^x 5a ac c0 d4 0e 67 41 5a 12 93 be ca c8 14 7a d7 | ikev2 g^x b9 03 c7 db 9a f7 cf d0 e3 82 c5 f4 96 dd a2 e8 | ikev2 g^x c5 a2 7b 8a db 20 fb 50 d1 78 65 20 95 c5 88 36 | ikev2 g^x ab f3 98 8d 83 1f f4 73 55 0f 58 f9 ec 56 a6 4a | ikev2 g^x 49 67 76 e4 78 f7 d0 9e 2f d5 37 c2 00 5d c8 f4 | ikev2 g^x 9e a5 4e 44 45 b1 b8 34 76 9a 67 a1 5f 2c 30 1d | ikev2 g^x 03 e6 6a 44 64 71 76 45 40 3b 93 2a 38 45 f8 9a | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 6b 57 0e 43 02 b0 e1 93 b7 1b 82 d6 73 20 45 90 | IKEv2 nonce e7 89 18 db 91 99 f0 2b a8 f9 6c 47 11 c7 ca 61 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 60 b2 33 cd a9 5d 09 e4 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 46 f7 58 c1 64 08 36 bd c6 79 71 a7 0f 50 f9 0d | 6e df 57 2f | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 60 b2 33 cd a9 5d 09 e4 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 46 f7 58 c1 64 08 36 bd c6 79 71 a7 0f 50 f9 0d | natd_hash: hash= 6e df 57 2f | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 46 f7 58 c1 64 08 36 bd c6 79 71 a7 0f 50 f9 0d | Notify data 6e df 57 2f | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 60 b2 33 cd a9 5d 09 e4 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 84 bd 62 e9 fc fc 21 10 58 cc 7c 70 53 52 5f 50 | bf dc 6d 00 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 60 b2 33 cd a9 5d 09 e4 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 84 bd 62 e9 fc fc 21 10 58 cc 7c 70 53 52 5f 50 | natd_hash: hash= bf dc 6d 00 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 84 bd 62 e9 fc fc 21 10 58 cc 7c 70 53 52 5f 50 | Notify data bf dc 6d 00 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | stop processing: state #11 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #11 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #11 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #11: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #11 to 4294967295 after switching state | Message ID: IKE #11 skipping update_recv as MD is fake | Message ID: sent #11 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #11: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 436 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #11) | 60 b2 33 cd a9 5d 09 e4 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | f9 b8 b4 f6 2c ef 24 dc 0c 70 be 8e 7b 86 2d 6a | 5d df 6b 54 49 a7 e2 9e 01 8f 6d e4 2f 7d 9e 06 | d0 1f 6f 6b 7d e8 18 42 32 52 b4 6b f1 62 ba 22 | fd 3e 45 e1 38 08 28 07 e0 f6 ea 59 92 de 50 1f | 4f c3 ba cf 85 5d 4c 75 67 13 2e c4 85 66 fe 58 | e9 a5 61 6b 76 0c 75 29 d4 47 68 30 a3 38 40 16 | 9a 5d 88 f6 58 73 06 11 3d 97 a1 e0 b4 30 d3 fb | 13 10 5a b4 0e 0e 4d 8f 18 01 71 50 a3 9d 21 c9 | cb 2e 7d d4 92 62 d7 6d 2c b2 05 c6 e4 40 a6 90 | 5a ac c0 d4 0e 67 41 5a 12 93 be ca c8 14 7a d7 | b9 03 c7 db 9a f7 cf d0 e3 82 c5 f4 96 dd a2 e8 | c5 a2 7b 8a db 20 fb 50 d1 78 65 20 95 c5 88 36 | ab f3 98 8d 83 1f f4 73 55 0f 58 f9 ec 56 a6 4a | 49 67 76 e4 78 f7 d0 9e 2f d5 37 c2 00 5d c8 f4 | 9e a5 4e 44 45 b1 b8 34 76 9a 67 a1 5f 2c 30 1d | 03 e6 6a 44 64 71 76 45 40 3b 93 2a 38 45 f8 9a | 29 00 00 24 6b 57 0e 43 02 b0 e1 93 b7 1b 82 d6 | 73 20 45 90 e7 89 18 db 91 99 f0 2b a8 f9 6c 47 | 11 c7 ca 61 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 46 f7 58 c1 64 08 36 bd c6 79 71 a7 | 0f 50 f9 0d 6e df 57 2f 00 00 00 1c 00 00 40 05 | 84 bd 62 e9 fc fc 21 10 58 cc 7c 70 53 52 5f 50 | bf dc 6d 00 | state #11 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x5612128fe198 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5340002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #11 | libevent_malloc: new ptr-libevent@0x5612128fd618 size 128 | #11 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10450.651341 | resume sending helper answer for #11 suppresed complete_v2_state_transition() and stole MD | #11 spent 0.921 milliseconds in resume sending helper answer | stop processing: state #11 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5344006378 | spent 0.00202 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 60 b2 33 cd a9 5d 09 e4 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 60 b2 33 cd a9 5d 09 e4 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #11 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #11 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #11 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #11 is idle | #11 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #11 IKE SPIi and SPI[ir] | #11 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #11: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #11 spent 0.0105 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #11 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #11 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #11 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #11 spent 0.0917 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.104 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x7f5340002b78 | handling event EVENT_RETRANSMIT for parent state #11 | start processing: state #11 connection "aes128" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #11 connection "aes128" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "aes128" #11 attempt 2 of 0 | and parent for 192.1.2.23 "aes128" #11 keying attempt 1 of 0; retransmit 1 "aes128" #11: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #11 connection "aes128" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:234) | pstats #11 ikev2.ike failed too-many-retransmits | pstats #11 ikev2.ike deleted too-many-retransmits | #11 spent 2.08 milliseconds in total | [RE]START processing: state #11 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #11: deleting state (STATE_PARENT_I1) aged 0.502s and NOT sending notification | parent state #11: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection aes128 | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "aes128" {0x5612128ee1f8} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #11 "aes128" #11: deleting IKE SA for connection 'aes128' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'aes128' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #11 in PARENT_I1 | parent state #11: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f53440059b8: destroyed | stop processing: state #11 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x5612128fd618 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5340002b78 | in statetime_stop() and could not find #11 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection aes128 which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #12 at 0x561212900758 | State DB: adding IKEv2 state #12 in UNDEFINED | pstats #12 ikev2.ike started | Message ID: init #12: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #12: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #12; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #12 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #12 "aes128" "aes128" #12: initiating v2 parent SA | using existing local IKE proposals for connection aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 12 for state #12 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #12 | libevent_malloc: new ptr-libevent@0x7f5344006378 size 128 | #12 spent 0.0769 milliseconds in ikev2_parent_outI1() | RESET processing: state #12 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 4 resuming | crypto helper 4 starting work-order 12 for state #12 | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 12 | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | spent 0.107 milliseconds in global timer EVENT_REVIVE_CONNS | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5348001818: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5348001818 | NSS: Public DH wire value: | f8 4a e0 36 91 71 4b 67 1c 25 34 58 36 1e b4 61 | 70 20 5f 12 23 ab 76 1f b1 c0 ce 57 0c 98 9c db | 04 1c 22 19 ca d4 cd d1 7f 91 3e 0b 1e d9 92 cc | fa aa e6 48 73 df 22 3e 37 73 2b eb e0 97 13 41 | 9b 76 8e 56 ab 29 a5 b2 c2 94 64 3d be b0 ff 13 | 00 cd ef 25 66 4d 73 b7 52 d0 67 e5 32 95 c4 11 | b4 3e e6 fa a4 68 5d 7c af 87 23 dd 9e 70 f7 e0 | 92 b6 99 d5 7a cd 0f 6a e6 2c 0f 0c 6b 9c ea dc | 26 b6 fe cc 95 3b 46 c5 8c 63 a0 bc 93 df e4 18 | 73 e7 ce af 40 93 3a a7 bf 81 15 db 1c af bf 67 | 8c 13 c9 0c ea 46 44 8e e0 3a d5 4d 77 d0 4a fd | 12 80 f4 d9 32 82 6b 34 55 69 a2 09 3e 6f c1 aa | 85 db b8 bb 71 23 11 2e c8 2a 4d c3 2b 7c d6 00 | 97 c6 e3 18 51 cf 76 f5 e0 19 29 57 85 52 00 e5 | a6 da 9a 6f fd 59 95 21 98 f4 de d3 e7 ca de a6 | 35 1e 1f 54 d3 86 b0 5a 71 12 ab 05 6f 80 c0 08 | Generated nonce: 32 cb 47 fc a2 09 fc b7 73 2e ee d7 ae 19 39 45 | Generated nonce: ca 57 96 11 6b 04 52 2c d3 ed 9b b8 3d fa 4a 69 | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 12 time elapsed 0.000957 seconds | (#12) spent 0.926 milliseconds in crypto helper computing work-order 12: ikev2_outI1 KE (pcr) | crypto helper 4 sending results from work-order 12 for state #12 to event queue | scheduling resume sending helper answer for #12 | libevent_malloc: new ptr-libevent@0x7f5348002888 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #12 | start processing: state #12 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 12 | calling continuation function 0x561211773b50 | ikev2_parent_outI1_continue for #12 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5348001818: transferring ownership from helper KE to state #12 | **emit ISAKMP Message: | initiator cookie: | 22 ae 7f 15 59 e5 72 a1 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #12: IMPAIR: omitting fixed-size key-length attribute | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x f8 4a e0 36 91 71 4b 67 1c 25 34 58 36 1e b4 61 | ikev2 g^x 70 20 5f 12 23 ab 76 1f b1 c0 ce 57 0c 98 9c db | ikev2 g^x 04 1c 22 19 ca d4 cd d1 7f 91 3e 0b 1e d9 92 cc | ikev2 g^x fa aa e6 48 73 df 22 3e 37 73 2b eb e0 97 13 41 | ikev2 g^x 9b 76 8e 56 ab 29 a5 b2 c2 94 64 3d be b0 ff 13 | ikev2 g^x 00 cd ef 25 66 4d 73 b7 52 d0 67 e5 32 95 c4 11 | ikev2 g^x b4 3e e6 fa a4 68 5d 7c af 87 23 dd 9e 70 f7 e0 | ikev2 g^x 92 b6 99 d5 7a cd 0f 6a e6 2c 0f 0c 6b 9c ea dc | ikev2 g^x 26 b6 fe cc 95 3b 46 c5 8c 63 a0 bc 93 df e4 18 | ikev2 g^x 73 e7 ce af 40 93 3a a7 bf 81 15 db 1c af bf 67 | ikev2 g^x 8c 13 c9 0c ea 46 44 8e e0 3a d5 4d 77 d0 4a fd | ikev2 g^x 12 80 f4 d9 32 82 6b 34 55 69 a2 09 3e 6f c1 aa | ikev2 g^x 85 db b8 bb 71 23 11 2e c8 2a 4d c3 2b 7c d6 00 | ikev2 g^x 97 c6 e3 18 51 cf 76 f5 e0 19 29 57 85 52 00 e5 | ikev2 g^x a6 da 9a 6f fd 59 95 21 98 f4 de d3 e7 ca de a6 | ikev2 g^x 35 1e 1f 54 d3 86 b0 5a 71 12 ab 05 6f 80 c0 08 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 32 cb 47 fc a2 09 fc b7 73 2e ee d7 ae 19 39 45 | IKEv2 nonce ca 57 96 11 6b 04 52 2c d3 ed 9b b8 3d fa 4a 69 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 22 ae 7f 15 59 e5 72 a1 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | a3 5c a5 f8 fe 9c 58 0a 9c 91 25 be 07 70 b4 35 | 6e 7b 8f d3 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 22 ae 7f 15 59 e5 72 a1 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= a3 5c a5 f8 fe 9c 58 0a 9c 91 25 be 07 70 b4 35 | natd_hash: hash= 6e 7b 8f d3 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data a3 5c a5 f8 fe 9c 58 0a 9c 91 25 be 07 70 b4 35 | Notify data 6e 7b 8f d3 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 22 ae 7f 15 59 e5 72 a1 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 56 9c fd 81 2c 7b db 07 d0 95 3c 4f 3b 4e ee c1 | 0d 4d 8e 25 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 22 ae 7f 15 59 e5 72 a1 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 56 9c fd 81 2c 7b db 07 d0 95 3c 4f 3b 4e ee c1 | natd_hash: hash= 0d 4d 8e 25 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 56 9c fd 81 2c 7b db 07 d0 95 3c 4f 3b 4e ee c1 | Notify data 0d 4d 8e 25 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | stop processing: state #12 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #12 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #12 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #12: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #12 to 4294967295 after switching state | Message ID: IKE #12 skipping update_recv as MD is fake | Message ID: sent #12 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #12: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 436 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #12) | 22 ae 7f 15 59 e5 72 a1 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | f8 4a e0 36 91 71 4b 67 1c 25 34 58 36 1e b4 61 | 70 20 5f 12 23 ab 76 1f b1 c0 ce 57 0c 98 9c db | 04 1c 22 19 ca d4 cd d1 7f 91 3e 0b 1e d9 92 cc | fa aa e6 48 73 df 22 3e 37 73 2b eb e0 97 13 41 | 9b 76 8e 56 ab 29 a5 b2 c2 94 64 3d be b0 ff 13 | 00 cd ef 25 66 4d 73 b7 52 d0 67 e5 32 95 c4 11 | b4 3e e6 fa a4 68 5d 7c af 87 23 dd 9e 70 f7 e0 | 92 b6 99 d5 7a cd 0f 6a e6 2c 0f 0c 6b 9c ea dc | 26 b6 fe cc 95 3b 46 c5 8c 63 a0 bc 93 df e4 18 | 73 e7 ce af 40 93 3a a7 bf 81 15 db 1c af bf 67 | 8c 13 c9 0c ea 46 44 8e e0 3a d5 4d 77 d0 4a fd | 12 80 f4 d9 32 82 6b 34 55 69 a2 09 3e 6f c1 aa | 85 db b8 bb 71 23 11 2e c8 2a 4d c3 2b 7c d6 00 | 97 c6 e3 18 51 cf 76 f5 e0 19 29 57 85 52 00 e5 | a6 da 9a 6f fd 59 95 21 98 f4 de d3 e7 ca de a6 | 35 1e 1f 54 d3 86 b0 5a 71 12 ab 05 6f 80 c0 08 | 29 00 00 24 32 cb 47 fc a2 09 fc b7 73 2e ee d7 | ae 19 39 45 ca 57 96 11 6b 04 52 2c d3 ed 9b b8 | 3d fa 4a 69 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 a3 5c a5 f8 fe 9c 58 0a 9c 91 25 be | 07 70 b4 35 6e 7b 8f d3 00 00 00 1c 00 00 40 05 | 56 9c fd 81 2c 7b db 07 d0 95 3c 4f 3b 4e ee c1 | 0d 4d 8e 25 | state #12 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5344006378 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5340002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #12 | libevent_malloc: new ptr-libevent@0x5612128fe198 size 128 | #12 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10451.153403 | resume sending helper answer for #12 suppresed complete_v2_state_transition() and stole MD | #12 spent 0.497 milliseconds in resume sending helper answer | stop processing: state #12 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5348002888 | spent 0.00199 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 22 ae 7f 15 59 e5 72 a1 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 22 ae 7f 15 59 e5 72 a1 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #12 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #12 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #12 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #12 is idle | #12 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #12 IKE SPIi and SPI[ir] | #12 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #12: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #12 spent 0.00369 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #12 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #12 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #12 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #12 spent 0.107 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.119 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0332 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | removing pending policy for no connection {0x5612128ee1f8} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #12 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #12 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #12 ikev2.ike deleted other | #12 spent 1.61 milliseconds in total | [RE]START processing: state #12 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #12: deleting state (STATE_PARENT_I1) aged 0.014s and NOT sending notification | parent state #12: PARENT_I1(half-open IKE SA) => delete | state #12 requesting EVENT_RETRANSMIT to be deleted | #12 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x5612128fe198 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5340002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #12 in PARENT_I1 | parent state #12: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5348001818: destroyed | stop processing: state #12 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x5612128fbe98 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.164 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.328 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0588 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | child-key-length-attribute:OMIT | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0549 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x5612128fbe98 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.106 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #13 at 0x561212900758 | State DB: adding IKEv2 state #13 in UNDEFINED | pstats #13 ikev2.ike started | Message ID: init #13: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #13: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #13; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #13 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #13 "aes128" "aes128" #13: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 13 for state #13 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f5348002888 size 128 | #13 spent 0.0948 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #13 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 5 resuming | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | crypto helper 5 starting work-order 13 for state #13 | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | crypto helper 5 doing build KE and nonce (ikev2_outI1 KE); request ID 13 | spent 0.154 milliseconds in whack | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f533c007588: created | NSS: Local DH MODP2048 secret (pointer): 0x7f533c007588 | NSS: Public DH wire value: | 81 8b 15 c5 fc 8a 9c 97 b7 7b 26 f3 e5 a5 5a 43 | 35 b9 32 51 79 94 ec b9 87 c1 a7 20 f7 62 4e e5 | 2b 0e 49 b7 60 fe 31 f8 a9 7f 52 c8 ee 1d 62 7f | 87 c3 25 b2 42 af ac a5 55 77 54 60 ae 96 99 aa | 23 dd 8a ea 5d df e2 c3 f9 10 83 92 6f 09 b3 81 | 1e b5 41 9e c7 aa 24 2b cf 05 22 00 9a 1d 63 91 | 0f 0c a7 09 08 55 93 bd 35 11 ea 43 03 a7 3d a7 | e2 c2 eb b5 a5 a4 4f 22 a7 31 40 11 d0 29 13 61 | 69 00 46 bd d1 6f 77 4a dd 02 6b ea 67 d5 ab d6 | 36 45 7b 9f 52 b6 13 56 74 78 77 0e 7f a8 e7 32 | 26 e3 dd 34 e9 8e f1 c9 be 36 cb 17 0a 1c 45 09 | ff 4e 08 3b 1c 8e 93 1c 76 34 65 f8 21 46 25 08 | 13 e8 ba ac 50 1d 87 a8 43 e1 19 ab af 71 cd 39 | 97 7e d9 d2 31 b6 ca c9 ca f5 22 fd 4f 34 82 32 | 7f 86 d6 5e f7 28 b3 2b 7e db 07 6c e8 1a 53 ba | d7 9a 59 a3 37 45 62 5f 5e 6b 86 e0 ac 8c 64 e3 | Generated nonce: 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | Generated nonce: 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | crypto helper 5 finished build KE and nonce (ikev2_outI1 KE); request ID 13 time elapsed 0.000816 seconds | (#13) spent 0.819 milliseconds in crypto helper computing work-order 13: ikev2_outI1 KE (pcr) | crypto helper 5 sending results from work-order 13 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7f533c004f28 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #13 | start processing: state #13 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 13 | calling continuation function 0x561211773b50 | ikev2_parent_outI1_continue for #13 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f533c007588: transferring ownership from helper KE to state #13 | **emit ISAKMP Message: | initiator cookie: | 4d 43 64 2b 14 89 89 a8 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 81 8b 15 c5 fc 8a 9c 97 b7 7b 26 f3 e5 a5 5a 43 | ikev2 g^x 35 b9 32 51 79 94 ec b9 87 c1 a7 20 f7 62 4e e5 | ikev2 g^x 2b 0e 49 b7 60 fe 31 f8 a9 7f 52 c8 ee 1d 62 7f | ikev2 g^x 87 c3 25 b2 42 af ac a5 55 77 54 60 ae 96 99 aa | ikev2 g^x 23 dd 8a ea 5d df e2 c3 f9 10 83 92 6f 09 b3 81 | ikev2 g^x 1e b5 41 9e c7 aa 24 2b cf 05 22 00 9a 1d 63 91 | ikev2 g^x 0f 0c a7 09 08 55 93 bd 35 11 ea 43 03 a7 3d a7 | ikev2 g^x e2 c2 eb b5 a5 a4 4f 22 a7 31 40 11 d0 29 13 61 | ikev2 g^x 69 00 46 bd d1 6f 77 4a dd 02 6b ea 67 d5 ab d6 | ikev2 g^x 36 45 7b 9f 52 b6 13 56 74 78 77 0e 7f a8 e7 32 | ikev2 g^x 26 e3 dd 34 e9 8e f1 c9 be 36 cb 17 0a 1c 45 09 | ikev2 g^x ff 4e 08 3b 1c 8e 93 1c 76 34 65 f8 21 46 25 08 | ikev2 g^x 13 e8 ba ac 50 1d 87 a8 43 e1 19 ab af 71 cd 39 | ikev2 g^x 97 7e d9 d2 31 b6 ca c9 ca f5 22 fd 4f 34 82 32 | ikev2 g^x 7f 86 d6 5e f7 28 b3 2b 7e db 07 6c e8 1a 53 ba | ikev2 g^x d7 9a 59 a3 37 45 62 5f 5e 6b 86 e0 ac 8c 64 e3 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | IKEv2 nonce 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 4d 43 64 2b 14 89 89 a8 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 4a 5d 89 a3 85 6f fe 71 c6 5a d0 9b 49 b7 4c a3 | 27 7c 52 77 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 4d 43 64 2b 14 89 89 a8 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 4a 5d 89 a3 85 6f fe 71 c6 5a d0 9b 49 b7 4c a3 | natd_hash: hash= 27 7c 52 77 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 4a 5d 89 a3 85 6f fe 71 c6 5a d0 9b 49 b7 4c a3 | Notify data 27 7c 52 77 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 4d 43 64 2b 14 89 89 a8 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 2b 64 75 e1 1d 54 66 bb 6d 45 e1 d2 89 e4 1a a1 | 4b 8b c3 64 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 4d 43 64 2b 14 89 89 a8 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 2b 64 75 e1 1d 54 66 bb 6d 45 e1 d2 89 e4 1a a1 | natd_hash: hash= 4b 8b c3 64 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 2b 64 75 e1 1d 54 66 bb 6d 45 e1 d2 89 e4 1a a1 | Notify data 4b 8b c3 64 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #13 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #13 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #13 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #13: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #13 to 4294967295 after switching state | Message ID: IKE #13 skipping update_recv as MD is fake | Message ID: sent #13 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #13: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #13) | 4d 43 64 2b 14 89 89 a8 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 81 8b 15 c5 fc 8a 9c 97 b7 7b 26 f3 | e5 a5 5a 43 35 b9 32 51 79 94 ec b9 87 c1 a7 20 | f7 62 4e e5 2b 0e 49 b7 60 fe 31 f8 a9 7f 52 c8 | ee 1d 62 7f 87 c3 25 b2 42 af ac a5 55 77 54 60 | ae 96 99 aa 23 dd 8a ea 5d df e2 c3 f9 10 83 92 | 6f 09 b3 81 1e b5 41 9e c7 aa 24 2b cf 05 22 00 | 9a 1d 63 91 0f 0c a7 09 08 55 93 bd 35 11 ea 43 | 03 a7 3d a7 e2 c2 eb b5 a5 a4 4f 22 a7 31 40 11 | d0 29 13 61 69 00 46 bd d1 6f 77 4a dd 02 6b ea | 67 d5 ab d6 36 45 7b 9f 52 b6 13 56 74 78 77 0e | 7f a8 e7 32 26 e3 dd 34 e9 8e f1 c9 be 36 cb 17 | 0a 1c 45 09 ff 4e 08 3b 1c 8e 93 1c 76 34 65 f8 | 21 46 25 08 13 e8 ba ac 50 1d 87 a8 43 e1 19 ab | af 71 cd 39 97 7e d9 d2 31 b6 ca c9 ca f5 22 fd | 4f 34 82 32 7f 86 d6 5e f7 28 b3 2b 7e db 07 6c | e8 1a 53 ba d7 9a 59 a3 37 45 62 5f 5e 6b 86 e0 | ac 8c 64 e3 29 00 00 24 75 df dc ee 1d d4 9b ea | d6 d4 fe 43 e1 f4 92 f3 18 a9 d9 eb 4b 08 2c 48 | c2 3f 8b 6a ef 9c f2 f2 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 4a 5d 89 a3 85 6f fe 71 | c6 5a d0 9b 49 b7 4c a3 27 7c 52 77 00 00 00 1c | 00 00 40 05 2b 64 75 e1 1d 54 66 bb 6d 45 e1 d2 | 89 e4 1a a1 4b 8b c3 64 | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5348002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5340002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #13 | libevent_malloc: new ptr-libevent@0x5612128fe198 size 128 | #13 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10451.482115 | resume sending helper answer for #13 suppresed complete_v2_state_transition() and stole MD | #13 spent 0.39 milliseconds in resume sending helper answer | stop processing: state #13 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f533c004f28 | spent 0.00228 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 c7 61 ca a3 30 15 2a 16 1d c2 0a 58 | 16 2c 98 07 b2 49 24 5a e3 48 83 61 c7 0b 97 92 | 94 d5 5c 00 72 6b 70 78 e4 2b 25 5a 72 81 11 bf | a0 44 51 1d 94 1b 4c f9 44 60 eb 89 f9 09 b6 32 | a4 b6 ed 95 47 75 86 02 b3 0f b4 a6 9a 56 f6 65 | 3e 8d 2d 21 5a 99 7f da 51 d2 5e 64 24 32 06 2c | f6 c2 20 1b 97 9f ef 14 4d f0 fd 94 6e 72 6f 3e | 44 9e 93 49 a7 d4 ac 8a 84 17 db ee ca 41 d7 d9 | 96 29 a7 7e d7 ad 54 73 11 b3 98 02 a5 99 27 77 | 95 05 5c 45 80 e4 b0 5c 3d dd 9a f0 39 4f d5 07 | 01 97 5c 22 75 bc 00 60 c2 dc d8 7e 1d 50 85 15 | 02 2c e3 2e d0 54 73 fc e8 ae 20 05 a5 0e ea 48 | c4 35 95 6d c2 dd 93 ce c2 7b e6 c1 0c f7 25 b4 | 89 6b 2a 57 36 d9 2b 7e c0 5e 75 20 fe 98 50 31 | 32 a4 ba 99 7a 42 48 22 49 1e 99 71 2a 8b d8 2d | 12 89 fc 49 cd 52 9d a5 ea 25 56 f7 92 ac 7a 12 | a1 0f c8 5f 29 00 00 24 69 5f 03 28 4f d8 42 20 | 8f f0 0a 8a 73 c9 a0 13 fa 61 e9 65 22 8d f5 a4 | 27 1d 47 65 e8 07 7b f7 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 d5 32 23 af d9 d7 9a 6f | 37 90 30 b2 85 d0 e1 96 ed 69 eb 8e 00 00 00 1c | 00 00 40 05 31 b5 87 f2 7e f9 2b d9 ef 58 f3 b6 | 7c 30 6f 90 de 34 7f 51 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 4d 43 64 2b 14 89 89 a8 | responder cookie: | 8d 1d b1 78 1a 7b 37 8b | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #13 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #13 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #13 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #13 is idle | #13 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #13 IKE SPIi and SPI[ir] | #13 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | c7 61 ca a3 30 15 2a 16 1d c2 0a 58 16 2c 98 07 | b2 49 24 5a e3 48 83 61 c7 0b 97 92 94 d5 5c 00 | 72 6b 70 78 e4 2b 25 5a 72 81 11 bf a0 44 51 1d | 94 1b 4c f9 44 60 eb 89 f9 09 b6 32 a4 b6 ed 95 | 47 75 86 02 b3 0f b4 a6 9a 56 f6 65 3e 8d 2d 21 | 5a 99 7f da 51 d2 5e 64 24 32 06 2c f6 c2 20 1b | 97 9f ef 14 4d f0 fd 94 6e 72 6f 3e 44 9e 93 49 | a7 d4 ac 8a 84 17 db ee ca 41 d7 d9 96 29 a7 7e | d7 ad 54 73 11 b3 98 02 a5 99 27 77 95 05 5c 45 | 80 e4 b0 5c 3d dd 9a f0 39 4f d5 07 01 97 5c 22 | 75 bc 00 60 c2 dc d8 7e 1d 50 85 15 02 2c e3 2e | d0 54 73 fc e8 ae 20 05 a5 0e ea 48 c4 35 95 6d | c2 dd 93 ce c2 7b e6 c1 0c f7 25 b4 89 6b 2a 57 | 36 d9 2b 7e c0 5e 75 20 fe 98 50 31 32 a4 ba 99 | 7a 42 48 22 49 1e 99 71 2a 8b d8 2d 12 89 fc 49 | cd 52 9d a5 ea 25 56 f7 92 ac 7a 12 a1 0f c8 5f | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed60a0 (length 8) | 4d 43 64 2b 14 89 89 a8 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed60a8 (length 8) | 8d 1d b1 78 1a 7b 37 8b | NATD hash sha digest IP addr-bytes@0x7ffe4aed6034 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6026 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed60b0 (length 20) | 31 b5 87 f2 7e f9 2b d9 ef 58 f3 b6 7c 30 6f 90 | de 34 7f 51 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 4d 43 64 2b 14 89 89 a8 | natd_hash: rcookie= 8d 1d b1 78 1a 7b 37 8b | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 31 b5 87 f2 7e f9 2b d9 ef 58 f3 b6 7c 30 6f 90 | natd_hash: hash= de 34 7f 51 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed60a0 (length 8) | 4d 43 64 2b 14 89 89 a8 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed60a8 (length 8) | 8d 1d b1 78 1a 7b 37 8b | NATD hash sha digest IP addr-bytes@0x7ffe4aed6034 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6026 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed60d0 (length 20) | d5 32 23 af d9 d7 9a 6f 37 90 30 b2 85 d0 e1 96 | ed 69 eb 8e | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 4d 43 64 2b 14 89 89 a8 | natd_hash: rcookie= 8d 1d b1 78 1a 7b 37 8b | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= d5 32 23 af d9 d7 9a 6f 37 90 30 b2 85 d0 e1 96 | natd_hash: hash= ed 69 eb 8e | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f533c007588: transferring ownership from state #13 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 14 for state #13 | state #13 requesting EVENT_RETRANSMIT to be deleted | #13 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x5612128fe198 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5340002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f533c004f28 size 128 | #13 spent 0.186 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #13 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | crypto helper 6 resuming | #13 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | crypto helper 6 starting work-order 14 for state #13 | suspending state #13 and saving MD | #13 is busy; has a suspended MD | crypto helper 6 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 14 | [RE]START processing: state #13 connection "aes128" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) | peer's g: c7 61 ca a3 30 15 2a 16 1d c2 0a 58 16 2c 98 07 | "aes128" #13 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | peer's g: b2 49 24 5a e3 48 83 61 c7 0b 97 92 94 d5 5c 00 | stop processing: state #13 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | peer's g: 72 6b 70 78 e4 2b 25 5a 72 81 11 bf a0 44 51 1d | #13 spent 0.37 milliseconds in ikev2_process_packet() | peer's g: 94 1b 4c f9 44 60 eb 89 f9 09 b6 32 a4 b6 ed 95 | peer's g: 47 75 86 02 b3 0f b4 a6 9a 56 f6 65 3e 8d 2d 21 | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | peer's g: 5a 99 7f da 51 d2 5e 64 24 32 06 2c f6 c2 20 1b | spent 0.396 milliseconds in comm_handle_cb() reading and processing packet | peer's g: 97 9f ef 14 4d f0 fd 94 6e 72 6f 3e 44 9e 93 49 | peer's g: a7 d4 ac 8a 84 17 db ee ca 41 d7 d9 96 29 a7 7e | peer's g: d7 ad 54 73 11 b3 98 02 a5 99 27 77 95 05 5c 45 | peer's g: 80 e4 b0 5c 3d dd 9a f0 39 4f d5 07 01 97 5c 22 | peer's g: 75 bc 00 60 c2 dc d8 7e 1d 50 85 15 02 2c e3 2e | peer's g: d0 54 73 fc e8 ae 20 05 a5 0e ea 48 c4 35 95 6d | peer's g: c2 dd 93 ce c2 7b e6 c1 0c f7 25 b4 89 6b 2a 57 | peer's g: 36 d9 2b 7e c0 5e 75 20 fe 98 50 31 32 a4 ba 99 | peer's g: 7a 42 48 22 49 1e 99 71 2a 8b d8 2d 12 89 fc 49 | peer's g: cd 52 9d a5 ea 25 56 f7 92 ac 7a 12 a1 0f c8 5f | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f534c006bb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f533c007588: computed shared DH secret key@0x7f534c006bb0 | dh-shared : g^ir-key@0x7f534c006bb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f5340003718 (length 64) | 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535a9e36e0 | result: Ni | Nr-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x5612128e6190 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e36c8 | result: Ni | Nr-key@0x5612128ffbc0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x5612128e6190 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f53400013b0 from Ni | Nr-key@0x5612128ffbc0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f53400013b0 from Ni | Nr-key@0x5612128ffbc0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x5612128ffbc0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f53400016c8 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f534c006bb0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f534c006bb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f534c006bb0 | nss hmac digest hack: symkey-key@0x7f534c006bb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)293531842: 1c c0 5d 09 b1 eb 9c 03 4d 45 62 c0 80 93 5e e8 b7 aa f7 fb a7 1a 11 92 9e 91 af 35 a9 de 82 c9 38 e5 a5 1c d5 51 a1 43 04 6a 78 7c 81 77 7b 4c 9f 3e 05 35 b0 d7 4c 7e b1 ec 5c be 99 99 89 9c 89 08 1a 16 17 78 ae 51 31 e9 d1 67 da 97 2b 03 b3 79 0e 12 5b b7 de a9 13 0d 8c 30 e5 db 20 4f 74 eb 69 c1 31 b1 64 96 97 e2 4d aa f9 51 ba 1a 88 d1 60 7e 35 65 c7 af f3 25 49 47 79 51 14 98 af 69 5b 9c f1 dc 81 c7 bb 9e 51 11 bc 39 b2 77 35 b4 47 8a 2a 8a f2 d1 c6 66 f3 d7 ba cf 5c d4 ce a1 d1 3f 18 84 97 57 56 fb 2c d6 00 84 15 1e 7a 09 54 5e 0f d1 c0 6c b0 91 b9 0f a3 57 62 17 b7 ab 19 dc 20 08 ae 5d 1d 9c 26 e0 cb a9 35 e6 d7 53 11 21 50 fa e3 7e f6 89 81 06 9a 7c d1 e2 1f a9 38 4d 5a 5c ef 65 d0 32 73 9a 05 0e 88 a8 26 54 d4 64 d4 6f 11 e8 86 79 10 28 67 39 6d 8b | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 256 bytes at 0x7f53400045a8 | unwrapped: 14 fc 51 18 fc 3c f7 11 a3 c5 71 7c ab 4f 84 88 | unwrapped: 4f cf 5e 34 73 24 d1 be d6 84 36 a6 9d be 68 29 | unwrapped: 97 f3 f8 0f 01 45 b5 45 ed 8e 87 38 70 1e b6 53 | unwrapped: 34 73 95 9e 18 fe 0f 65 64 8e 8c b2 6b 62 3b 33 | unwrapped: 5c 73 98 7d 48 55 1e ca 6e 04 84 1e b4 0a 52 1a | unwrapped: 32 d0 5d 47 67 cc 8c 87 e5 70 38 72 58 fa a1 9a | unwrapped: 23 ba 5e 5a 03 d0 f2 e1 2d 5a a7 c5 95 5e cf c9 | unwrapped: 7a a5 35 c3 94 05 af 7d 04 14 3b d2 57 8a 9a a8 | unwrapped: 4b b4 bf 19 60 77 f4 a4 25 bd a1 a4 5d 7b c4 db | unwrapped: 53 24 f6 e4 d6 ca 0e 6c 61 dc f8 6e 00 18 cb e6 | unwrapped: 54 f7 4b 12 7b 32 f2 98 d4 fb ab 62 38 80 a2 65 | unwrapped: 7e 2f 62 d0 5f f5 7d 51 f8 68 c7 41 15 63 ed 49 | unwrapped: 58 99 c6 b3 2b 5f 18 01 76 a1 77 48 b7 fe fb a7 | unwrapped: 7e e8 d7 8c 2a fb 89 6c 16 b4 02 3e e3 7e bb 23 | unwrapped: c0 6c 67 a6 f4 51 10 93 61 4a 78 6e e5 4b 4b d3 | unwrapped: e0 96 28 16 ef 2a 4c 13 69 55 b6 bf 9f 31 77 04 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535a9e3700 | result: final-key@0x5612128e6190 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e6190 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e36e8 | result: final-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e6190 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x5612128ffbc0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535a9e3670 | result: data=Ni-key@0x56121285f080 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x56121285f080 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e3658 | result: data=Ni-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x56121285f080 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e6190 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535a9e3660 | result: data+=Nr-key@0x56121285f080 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e6190 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285f080 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535a9e3660 | result: data+=SPIi-key@0x5612128e6190 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x56121285f080 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e6190 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535a9e3660 | result: data+=SPIr-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e6190 | prf+0 PRF sha init key-key@0x5612128ffbc0 (size 20) | prf+0: key-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e3588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f53400013b0 from key-key@0x5612128e6190 | prf+0 prf: begin sha with context 0x7f53400013b0 from key-key@0x5612128e6190 | prf+0: release clone-key@0x5612128e6190 | prf+0 PRF sha crypt-prf@0x7f5340002168 | prf+0 PRF sha update seed-key@0x56121285f080 (size 80) | prf+0: seed-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 3e 51 93 61 1e 8b 68 7d c9 b3 ef 31 4e 27 8d b7 47 59 50 e7 ff 30 25 ce 2e b0 cd 1c 9a 5b c9 2f 4a 41 1c 02 9e 5b ff 0e b4 ac 8d 77 19 8d 1f 1d 47 23 d0 27 8d 8a 38 93 56 cf d9 0e a5 08 33 db 12 08 56 72 77 99 99 96 df 4a cd b1 6d a1 97 be | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5340004ba8 | unwrapped: 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | unwrapped: 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | unwrapped: 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | unwrapped: fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | unwrapped: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535a9e3590 | result: final-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e3578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e9a80 | prf+0 PRF sha final-key@0x5612128e6190 (size 20) | prf+0: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x5612128e6190 | prf+N PRF sha init key-key@0x5612128ffbc0 (size 20) | prf+N: key-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e3588 | result: clone-key@0x5612128e9a80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f53400013b0 from key-key@0x5612128e9a80 | prf+N prf: begin sha with context 0x7f53400013b0 from key-key@0x5612128e9a80 | prf+N: release clone-key@0x5612128e9a80 | prf+N PRF sha crypt-prf@0x7f53400046d8 | prf+N PRF sha update old_t-key@0x5612128e6190 (size 20) | prf+N: old_t-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 84 09 8e 23 a1 02 db 3e 50 fc d4 b7 0e cf e9 b4 fa 3f 88 41 9a f1 eb 4a ba 16 4c 99 69 dc 21 fd | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5340001278 | unwrapped: a5 c1 21 61 20 2d bf 90 c5 05 5a 74 b8 09 97 a8 | unwrapped: 14 fd d1 82 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x56121285f080 (size 80) | prf+N: seed-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 3e 51 93 61 1e 8b 68 7d c9 b3 ef 31 4e 27 8d b7 47 59 50 e7 ff 30 25 ce 2e b0 cd 1c 9a 5b c9 2f 4a 41 1c 02 9e 5b ff 0e b4 ac 8d 77 19 8d 1f 1d 47 23 d0 27 8d 8a 38 93 56 cf d9 0e a5 08 33 db 12 08 56 72 77 99 99 96 df 4a cd b1 6d a1 97 be | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5340004b28 | unwrapped: 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | unwrapped: 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | unwrapped: 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | unwrapped: fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | unwrapped: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535a9e3590 | result: final-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e3578 | result: final-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e0610 | prf+N PRF sha final-key@0x5612128e9a80 (size 20) | prf+N: key-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535a9e3608 | result: result-key@0x5612128e0610 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e6190 | prfplus: release old_t[N]-key@0x5612128e6190 | prf+N PRF sha init key-key@0x5612128ffbc0 (size 20) | prf+N: key-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e3588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f53400013b0 from key-key@0x5612128e6190 | prf+N prf: begin sha with context 0x7f53400013b0 from key-key@0x5612128e6190 | prf+N: release clone-key@0x5612128e6190 | prf+N PRF sha crypt-prf@0x7f5340002168 | prf+N PRF sha update old_t-key@0x5612128e9a80 (size 20) | prf+N: old_t-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 0a ac 07 41 ad e0 36 2a b8 09 fc a8 b6 3b a3 fe 44 c7 68 14 08 58 c8 a8 33 f4 75 c2 cc 40 27 6a | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f53400016c8 | unwrapped: b4 20 97 3d 1c ab 20 7f d9 8a d5 e6 91 09 c2 19 | unwrapped: d7 7d a5 fc 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x56121285f080 (size 80) | prf+N: seed-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 3e 51 93 61 1e 8b 68 7d c9 b3 ef 31 4e 27 8d b7 47 59 50 e7 ff 30 25 ce 2e b0 cd 1c 9a 5b c9 2f 4a 41 1c 02 9e 5b ff 0e b4 ac 8d 77 19 8d 1f 1d 47 23 d0 27 8d 8a 38 93 56 cf d9 0e a5 08 33 db 12 08 56 72 77 99 99 96 df 4a cd b1 6d a1 97 be | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5340004ba8 | unwrapped: 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | unwrapped: 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | unwrapped: 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | unwrapped: fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | unwrapped: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535a9e3590 | result: final-key@0x7f534c00d840 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00d840 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e3578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f534c00d840 | prf+N PRF sha final-key@0x5612128e6190 (size 20) | prf+N: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e0610 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535a9e3608 | result: result-key@0x7f534c00d840 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e0610 | prfplus: release old_t[N]-key@0x5612128e9a80 | prf+N PRF sha init key-key@0x5612128ffbc0 (size 20) | prf+N: key-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e3588 | result: clone-key@0x5612128e9a80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f53400013b0 from key-key@0x5612128e9a80 | prf+N prf: begin sha with context 0x7f53400013b0 from key-key@0x5612128e9a80 | prf+N: release clone-key@0x5612128e9a80 | prf+N PRF sha crypt-prf@0x7f5340001278 | prf+N PRF sha update old_t-key@0x5612128e6190 (size 20) | prf+N: old_t-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 41 8f 1a 0f 07 94 4e 1b 26 51 f4 4d 9e 73 3a 25 7c e9 6a 92 cd 1f ad c6 c7 9a 69 76 5c a3 bc 90 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f53400061e8 | unwrapped: 22 9f 76 76 68 81 0d 30 a0 fe b0 27 a7 b1 9e 84 | unwrapped: cf 39 5d 38 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x56121285f080 (size 80) | prf+N: seed-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 3e 51 93 61 1e 8b 68 7d c9 b3 ef 31 4e 27 8d b7 47 59 50 e7 ff 30 25 ce 2e b0 cd 1c 9a 5b c9 2f 4a 41 1c 02 9e 5b ff 0e b4 ac 8d 77 19 8d 1f 1d 47 23 d0 27 8d 8a 38 93 56 cf d9 0e a5 08 33 db 12 08 56 72 77 99 99 96 df 4a cd b1 6d a1 97 be | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5340004b28 | unwrapped: 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | unwrapped: 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | unwrapped: 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | unwrapped: fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | unwrapped: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535a9e3590 | result: final-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e3578 | result: final-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e0610 | prf+N PRF sha final-key@0x5612128e9a80 (size 20) | prf+N: key-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f534c00d840 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535a9e3608 | result: result-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f534c00d840 | prfplus: release old_t[N]-key@0x5612128e6190 | prf+N PRF sha init key-key@0x5612128ffbc0 (size 20) | prf+N: key-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e3588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f53400013b0 from key-key@0x5612128e6190 | prf+N prf: begin sha with context 0x7f53400013b0 from key-key@0x5612128e6190 | prf+N: release clone-key@0x5612128e6190 | prf+N PRF sha crypt-prf@0x7f53400046d8 | prf+N PRF sha update old_t-key@0x5612128e9a80 (size 20) | prf+N: old_t-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: ef 98 ff 7e ae 2e f3 ef 85 35 26 6f a6 bc da a3 17 ac c6 dd 47 f2 1a c0 cb fa b9 10 a4 0d 3d df | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f53400016c8 | unwrapped: 23 43 b5 58 ea 96 d5 a7 3c 8e 16 0e 76 92 24 2a | unwrapped: 55 8c 92 88 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x56121285f080 (size 80) | prf+N: seed-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 3e 51 93 61 1e 8b 68 7d c9 b3 ef 31 4e 27 8d b7 47 59 50 e7 ff 30 25 ce 2e b0 cd 1c 9a 5b c9 2f 4a 41 1c 02 9e 5b ff 0e b4 ac 8d 77 19 8d 1f 1d 47 23 d0 27 8d 8a 38 93 56 cf d9 0e a5 08 33 db 12 08 56 72 77 99 99 96 df 4a cd b1 6d a1 97 be | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5340004ba8 | unwrapped: 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | unwrapped: 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | unwrapped: 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | unwrapped: fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | unwrapped: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535a9e3590 | result: final-key@0x7f534c00d840 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00d840 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e3578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f534c00d840 | prf+N PRF sha final-key@0x5612128e6190 (size 20) | prf+N: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535a9e3608 | result: result-key@0x7f534c00d840 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e0610 | prfplus: release old_t[N]-key@0x5612128e9a80 | prf+N PRF sha init key-key@0x5612128ffbc0 (size 20) | prf+N: key-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e3588 | result: clone-key@0x5612128e9a80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f53400059e0 from key-key@0x5612128e9a80 | prf+N prf: begin sha with context 0x7f53400059e0 from key-key@0x5612128e9a80 | prf+N: release clone-key@0x5612128e9a80 | prf+N PRF sha crypt-prf@0x7f5340002168 | prf+N PRF sha update old_t-key@0x5612128e6190 (size 20) | prf+N: old_t-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 1f d4 fd ae e0 bf 3e 2c bf 0b 37 c8 7e 4a 53 02 3f 0a d8 31 d5 9a 98 f1 2b 5f 47 6f 2d 63 c9 2d | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5340001278 | unwrapped: ba 90 dd 29 c0 b7 53 5d 61 57 da 4d ce 1e 86 42 | unwrapped: 82 ae 7f 23 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x56121285f080 (size 80) | prf+N: seed-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 3e 51 93 61 1e 8b 68 7d c9 b3 ef 31 4e 27 8d b7 47 59 50 e7 ff 30 25 ce 2e b0 cd 1c 9a 5b c9 2f 4a 41 1c 02 9e 5b ff 0e b4 ac 8d 77 19 8d 1f 1d 47 23 d0 27 8d 8a 38 93 56 cf d9 0e a5 08 33 db 12 08 56 72 77 99 99 96 df 4a cd b1 6d a1 97 be | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5340004b28 | unwrapped: 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | unwrapped: 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | unwrapped: 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | unwrapped: fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | unwrapped: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535a9e3590 | result: final-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e3578 | result: final-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e0610 | prf+N PRF sha final-key@0x5612128e9a80 (size 20) | prf+N: key-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f534c00d840 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535a9e3608 | result: result-key@0x5612128e0610 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f534c00d840 | prfplus: release old_t[N]-key@0x5612128e6190 | prf+N PRF sha init key-key@0x5612128ffbc0 (size 20) | prf+N: key-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e3588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f53400013b0 from key-key@0x5612128e6190 | prf+N prf: begin sha with context 0x7f53400013b0 from key-key@0x5612128e6190 | prf+N: release clone-key@0x5612128e6190 | prf+N PRF sha crypt-prf@0x7f53400046d8 | prf+N PRF sha update old_t-key@0x5612128e9a80 (size 20) | prf+N: old_t-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 84 3a 55 ae de 82 27 5c c3 e2 f2 c9 09 06 a4 8a 22 0a 71 a4 fc 04 50 f2 8b 14 ff f3 18 e6 11 5c | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f53400016c8 | unwrapped: d7 60 75 16 82 e8 eb 79 6d b7 48 85 98 3e 17 36 | unwrapped: 68 a2 66 8f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x56121285f080 (size 80) | prf+N: seed-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 3e 51 93 61 1e 8b 68 7d c9 b3 ef 31 4e 27 8d b7 47 59 50 e7 ff 30 25 ce 2e b0 cd 1c 9a 5b c9 2f 4a 41 1c 02 9e 5b ff 0e b4 ac 8d 77 19 8d 1f 1d 47 23 d0 27 8d 8a 38 93 56 cf d9 0e a5 08 33 db 12 08 56 72 77 99 99 96 df 4a cd b1 6d a1 97 be | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5340006878 | unwrapped: 75 df dc ee 1d d4 9b ea d6 d4 fe 43 e1 f4 92 f3 | unwrapped: 18 a9 d9 eb 4b 08 2c 48 c2 3f 8b 6a ef 9c f2 f2 | unwrapped: 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | unwrapped: fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | unwrapped: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535a9e3590 | result: final-key@0x7f534c00d840 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00d840 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e3578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f534c00d840 | prf+N PRF sha final-key@0x5612128e6190 (size 20) | prf+N: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e0610 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535a9e3608 | result: result-key@0x7f534c00d840 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e0610 | prfplus: release old_t[N]-key@0x5612128e9a80 | prfplus: release old_t[final]-key@0x5612128e6190 | ike_sa_keymat: release data-key@0x56121285f080 | calc_skeyseed_v2: release skeyseed_k-key@0x5612128ffbc0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00d840 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e37a8 | result: result-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00d840 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e37a8 | result: result-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00d840 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e37a8 | result: result-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f534c00d840 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e37b8 | result: SK_ei_k-key@0x5612128e9a80 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f534c00d840 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e37b8 | result: SK_er_k-key@0x5612128e0610 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00d840 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e37b8 | result: result-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x5612128e7c40 | chunk_SK_pi: symkey-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: f1 08 9a e2 60 d4 67 2b 1f 45 37 bf 6d f9 9a 69 5a bb 16 a0 6b 23 c5 9c 8a 94 c0 81 15 10 b6 96 | chunk_SK_pi: release slot-key-key@0x5612128e2eb0 | chunk_SK_pi extracted len 32 bytes at 0x7f5340002168 | unwrapped: ce 1e 86 42 82 ae 7f 23 d7 60 75 16 82 e8 eb 79 | unwrapped: 6d b7 48 85 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f534c00d840 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535a9e37b8 | result: result-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f534c00a0e0 | chunk_SK_pr: symkey-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 01 34 4a 88 67 53 9c bd 7e 09 74 86 69 43 e8 43 b9 9c 1a fe aa 7a a9 76 03 c8 a0 7d 29 de 63 04 | chunk_SK_pr: release slot-key-key@0x5612128e2eb0 | chunk_SK_pr extracted len 32 bytes at 0x7f53400016c8 | unwrapped: 98 3e 17 36 68 a2 66 8f 83 3b c9 1d c7 fe c6 23 | unwrapped: c2 90 99 60 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f534c00d840 | calc_skeyseed_v2 pointers: shared-key@0x7f534c006bb0, SK_d-key@0x5612128ffbc0, SK_ai-key@0x56121285f080, SK_ar-key@0x5612128e6190, SK_ei-key@0x5612128e9a80, SK_er-key@0x5612128e0610, SK_pi-key@0x5612128e7c40, SK_pr-key@0x7f534c00a0e0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | ce 1e 86 42 82 ae 7f 23 d7 60 75 16 82 e8 eb 79 | 6d b7 48 85 | calc_skeyseed_v2 SK_pr | 98 3e 17 36 68 a2 66 8f 83 3b c9 1d c7 fe c6 23 | c2 90 99 60 | crypto helper 6 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 14 time elapsed 0.002001 seconds | (#13) spent 1.98 milliseconds in crypto helper computing work-order 14: ikev2_inR1outI2 KE (pcr) | crypto helper 6 sending results from work-order 14 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7f53400019f8 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #13 | start processing: state #13 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 14 | calling continuation function 0x561211773b50 | ikev2_parent_inR1outI2_continue for #13: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f533c007588: transferring ownership from helper IKEv2 DH to state #13 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #14 at 0x5612129063e8 | State DB: adding IKEv2 state #14 in UNDEFINED | pstats #14 ikev2.child started | duplicating state object #13 "aes128" as #14 for IPSEC SA | #14 setting local endpoint to 192.1.2.45:500 from #13.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x5612128ffbc0 | duplicate_state: reference st_skey_ai_nss-key@0x56121285f080 | duplicate_state: reference st_skey_ar_nss-key@0x5612128e6190 | duplicate_state: reference st_skey_ei_nss-key@0x5612128e9a80 | duplicate_state: reference st_skey_er_nss-key@0x5612128e0610 | duplicate_state: reference st_skey_pi_nss-key@0x5612128e7c40 | duplicate_state: reference st_skey_pr_nss-key@0x7f534c00a0e0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #13.#14; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #13 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #13.#14 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f533c004f28 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f5340002b78 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f533c004f28 size 128 | parent state #13: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 4d 43 64 2b 14 89 89 a8 | responder cookie: | 8d 1d b1 78 1a 7b 37 8b | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x5612128e7c40 (size 20) | hmac: symkey-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed6138 | result: clone-key@0x7f534c00d840 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5344002b50 from symkey-key@0x7f534c00d840 | hmac prf: begin sha with context 0x7f5344002b50 from symkey-key@0x7f534c00d840 | hmac: release clone-key@0x7f534c00d840 | hmac PRF sha crypt-prf@0x5612128fbce8 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x5612118718f4 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffe4aed64d0 (length 20) | 42 b9 e3 7c 50 8b ef f0 e1 bd dd 7c d9 d7 9a 50 | 43 fd a1 e7 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x561212854c48 (line=1) | concluding with best_match=014 best=0x561212854c48 (lineno=1) | inputs to hash1 (first packet) | 4d 43 64 2b 14 89 89 a8 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 81 8b 15 c5 fc 8a 9c 97 b7 7b 26 f3 | e5 a5 5a 43 35 b9 32 51 79 94 ec b9 87 c1 a7 20 | f7 62 4e e5 2b 0e 49 b7 60 fe 31 f8 a9 7f 52 c8 | ee 1d 62 7f 87 c3 25 b2 42 af ac a5 55 77 54 60 | ae 96 99 aa 23 dd 8a ea 5d df e2 c3 f9 10 83 92 | 6f 09 b3 81 1e b5 41 9e c7 aa 24 2b cf 05 22 00 | 9a 1d 63 91 0f 0c a7 09 08 55 93 bd 35 11 ea 43 | 03 a7 3d a7 e2 c2 eb b5 a5 a4 4f 22 a7 31 40 11 | d0 29 13 61 69 00 46 bd d1 6f 77 4a dd 02 6b ea | 67 d5 ab d6 36 45 7b 9f 52 b6 13 56 74 78 77 0e | 7f a8 e7 32 26 e3 dd 34 e9 8e f1 c9 be 36 cb 17 | 0a 1c 45 09 ff 4e 08 3b 1c 8e 93 1c 76 34 65 f8 | 21 46 25 08 13 e8 ba ac 50 1d 87 a8 43 e1 19 ab | af 71 cd 39 97 7e d9 d2 31 b6 ca c9 ca f5 22 fd | 4f 34 82 32 7f 86 d6 5e f7 28 b3 2b 7e db 07 6c | e8 1a 53 ba d7 9a 59 a3 37 45 62 5f 5e 6b 86 e0 | ac 8c 64 e3 29 00 00 24 75 df dc ee 1d d4 9b ea | d6 d4 fe 43 e1 f4 92 f3 18 a9 d9 eb 4b 08 2c 48 | c2 3f 8b 6a ef 9c f2 f2 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 4a 5d 89 a3 85 6f fe 71 | c6 5a d0 9b 49 b7 4c a3 27 7c 52 77 00 00 00 1c | 00 00 40 05 2b 64 75 e1 1d 54 66 bb 6d 45 e1 d2 | 89 e4 1a a1 4b 8b c3 64 | create: initiator inputs to hash2 (responder nonce) | 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | idhash 42 b9 e3 7c 50 8b ef f0 e1 bd dd 7c d9 d7 9a 50 | idhash 43 fd a1 e7 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5612128e2e08 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5f20 | result: shared secret-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f08 | result: shared secret-key@0x7f534c00d840 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f5344002b50 from shared secret-key@0x7f534c00d840 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f5344002b50 from shared secret-key@0x7f534c00d840 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f534c00d840 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5612128fbc38 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5612118064d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5f40 | result: final-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f28 | result: final-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f534c00d840 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f534c00d840 (size 20) | = prf(, ): -key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f38 | result: clone-key@0x5612128fa5c0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f5344002b50 from -key@0x5612128fa5c0 | = prf(, ) prf: begin sha with context 0x7f5344002b50 from -key@0x5612128fa5c0 | = prf(, ): release clone-key@0x5612128fa5c0 | = prf(, ) PRF sha crypt-prf@0x5612128fbce8 | = prf(, ) PRF sha update first-packet-bytes@0x5612128fdef8 (length 440) | 4d 43 64 2b 14 89 89 a8 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 81 8b 15 c5 fc 8a 9c 97 b7 7b 26 f3 | e5 a5 5a 43 35 b9 32 51 79 94 ec b9 87 c1 a7 20 | f7 62 4e e5 2b 0e 49 b7 60 fe 31 f8 a9 7f 52 c8 | ee 1d 62 7f 87 c3 25 b2 42 af ac a5 55 77 54 60 | ae 96 99 aa 23 dd 8a ea 5d df e2 c3 f9 10 83 92 | 6f 09 b3 81 1e b5 41 9e c7 aa 24 2b cf 05 22 00 | 9a 1d 63 91 0f 0c a7 09 08 55 93 bd 35 11 ea 43 | 03 a7 3d a7 e2 c2 eb b5 a5 a4 4f 22 a7 31 40 11 | d0 29 13 61 69 00 46 bd d1 6f 77 4a dd 02 6b ea | 67 d5 ab d6 36 45 7b 9f 52 b6 13 56 74 78 77 0e | 7f a8 e7 32 26 e3 dd 34 e9 8e f1 c9 be 36 cb 17 | 0a 1c 45 09 ff 4e 08 3b 1c 8e 93 1c 76 34 65 f8 | 21 46 25 08 13 e8 ba ac 50 1d 87 a8 43 e1 19 ab | af 71 cd 39 97 7e d9 d2 31 b6 ca c9 ca f5 22 fd | 4f 34 82 32 7f 86 d6 5e f7 28 b3 2b 7e db 07 6c | e8 1a 53 ba d7 9a 59 a3 37 45 62 5f 5e 6b 86 e0 | ac 8c 64 e3 29 00 00 24 75 df dc ee 1d d4 9b ea | d6 d4 fe 43 e1 f4 92 f3 18 a9 d9 eb 4b 08 2c 48 | c2 3f 8b 6a ef 9c f2 f2 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 4a 5d 89 a3 85 6f fe 71 | c6 5a d0 9b 49 b7 4c a3 27 7c 52 77 00 00 00 1c | 00 00 40 05 2b 64 75 e1 1d 54 66 bb 6d 45 e1 d2 | 89 e4 1a a1 4b 8b c3 64 | = prf(, ) PRF sha update nonce-bytes@0x561212901388 (length 32) | 69 5f 03 28 4f d8 42 20 8f f0 0a 8a 73 c9 a0 13 | fa 61 e9 65 22 8d f5 a4 27 1d 47 65 e8 07 7b f7 | = prf(, ) PRF sha update hash-bytes@0x7ffe4aed64d0 (length 20) | 42 b9 e3 7c 50 8b ef f0 e1 bd dd 7c d9 d7 9a 50 | 43 fd a1 e7 | = prf(, ) PRF sha final-chunk@0x5612128fddf8 (length 20) | 6d e0 38 8f 11 39 6b bf 25 17 58 fd f5 fc 7b ee | 18 d2 67 ec | psk_auth: release prf-psk-key@0x7f534c00d840 | PSK auth octets 6d e0 38 8f 11 39 6b bf 25 17 58 fd f5 fc 7b ee | PSK auth octets 18 d2 67 ec | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 6d e0 38 8f 11 39 6b bf 25 17 58 fd f5 fc 7b ee | PSK auth 18 d2 67 ec | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #13 | netlink_get_spi: allocated 0x62aa5724 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 62 aa 57 24 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #13: IMPAIR: omitting fixed-size key-length attribute | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 176 | emitting length of ISAKMP Message: 204 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | fb 84 e4 ad bb 34 3e dd 1e 8d 2a ae ea d9 33 c5 | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 6d e0 38 8f 11 39 6b bf 25 17 58 fd f5 fc 7b ee | 18 d2 67 ec 2c 00 00 28 00 00 00 24 01 03 04 03 | 62 aa 57 24 03 00 00 08 01 00 00 0c 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 80 1c 25 a6 78 0b 2b 32 93 3b 7a 1f 46 2d 68 d0 | 12 3e b8 aa 17 d0 75 2e 8c bb 21 83 af 61 9f 75 | bf d5 9a 29 99 bf 1a 44 86 46 20 2e 33 d0 70 1a | 7c 10 3e ec d2 17 c3 7d 79 83 85 be 47 7c 88 73 | be fa 20 9f 4d 68 b5 4a cc 89 d9 10 72 1f 67 5f | 6c fd 36 46 1e 92 c7 eb 6d 65 f5 5b 17 5c 5e c4 | 6a 18 4a d8 2d b2 4b 2f cb 28 34 d1 74 f1 cf 1e | 49 58 c6 b9 33 63 02 4e 2b b8 ff 79 7e 49 ea c9 | 13 b7 31 d2 d2 1e db 06 46 fa 96 92 7e 37 9a f9 | hmac PRF sha init symkey-key@0x56121285f080 (size 20) | hmac: symkey-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed6048 | result: clone-key@0x7f534c00d840 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5344002b50 from symkey-key@0x7f534c00d840 | hmac prf: begin sha with context 0x7f5344002b50 from symkey-key@0x7f534c00d840 | hmac: release clone-key@0x7f534c00d840 | hmac PRF sha crypt-prf@0x5612128fbc38 | hmac PRF sha update data-bytes@0x5612118718c0 (length 192) | 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | fb 84 e4 ad bb 34 3e dd 1e 8d 2a ae ea d9 33 c5 | 80 1c 25 a6 78 0b 2b 32 93 3b 7a 1f 46 2d 68 d0 | 12 3e b8 aa 17 d0 75 2e 8c bb 21 83 af 61 9f 75 | bf d5 9a 29 99 bf 1a 44 86 46 20 2e 33 d0 70 1a | 7c 10 3e ec d2 17 c3 7d 79 83 85 be 47 7c 88 73 | be fa 20 9f 4d 68 b5 4a cc 89 d9 10 72 1f 67 5f | 6c fd 36 46 1e 92 c7 eb 6d 65 f5 5b 17 5c 5e c4 | 6a 18 4a d8 2d b2 4b 2f cb 28 34 d1 74 f1 cf 1e | 49 58 c6 b9 33 63 02 4e 2b b8 ff 79 7e 49 ea c9 | 13 b7 31 d2 d2 1e db 06 46 fa 96 92 7e 37 9a f9 | hmac PRF sha final-bytes@0x561211871980 (length 20) | a2 8f af 5b 1d 93 3d e3 70 9e 3d e8 00 11 a5 03 | f6 0e ef c4 | data being hmac: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | data being hmac: fb 84 e4 ad bb 34 3e dd 1e 8d 2a ae ea d9 33 c5 | data being hmac: 80 1c 25 a6 78 0b 2b 32 93 3b 7a 1f 46 2d 68 d0 | data being hmac: 12 3e b8 aa 17 d0 75 2e 8c bb 21 83 af 61 9f 75 | data being hmac: bf d5 9a 29 99 bf 1a 44 86 46 20 2e 33 d0 70 1a | data being hmac: 7c 10 3e ec d2 17 c3 7d 79 83 85 be 47 7c 88 73 | data being hmac: be fa 20 9f 4d 68 b5 4a cc 89 d9 10 72 1f 67 5f | data being hmac: 6c fd 36 46 1e 92 c7 eb 6d 65 f5 5b 17 5c 5e c4 | data being hmac: 6a 18 4a d8 2d b2 4b 2f cb 28 34 d1 74 f1 cf 1e | data being hmac: 49 58 c6 b9 33 63 02 4e 2b b8 ff 79 7e 49 ea c9 | data being hmac: 13 b7 31 d2 d2 1e db 06 46 fa 96 92 7e 37 9a f9 | out calculated auth: | a2 8f af 5b 1d 93 3d e3 70 9e 3d e8 | suspend processing: state #13 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #14 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #14 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #14: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #14 to 0 after switching state | Message ID: recv #13.#14 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #13.#14 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #14: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 204 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #13) | 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | fb 84 e4 ad bb 34 3e dd 1e 8d 2a ae ea d9 33 c5 | 80 1c 25 a6 78 0b 2b 32 93 3b 7a 1f 46 2d 68 d0 | 12 3e b8 aa 17 d0 75 2e 8c bb 21 83 af 61 9f 75 | bf d5 9a 29 99 bf 1a 44 86 46 20 2e 33 d0 70 1a | 7c 10 3e ec d2 17 c3 7d 79 83 85 be 47 7c 88 73 | be fa 20 9f 4d 68 b5 4a cc 89 d9 10 72 1f 67 5f | 6c fd 36 46 1e 92 c7 eb 6d 65 f5 5b 17 5c 5e c4 | 6a 18 4a d8 2d b2 4b 2f cb 28 34 d1 74 f1 cf 1e | 49 58 c6 b9 33 63 02 4e 2b b8 ff 79 7e 49 ea c9 | 13 b7 31 d2 d2 1e db 06 46 fa 96 92 7e 37 9a f9 | a2 8f af 5b 1d 93 3d e3 70 9e 3d e8 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5344002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #14 | libevent_malloc: new ptr-libevent@0x5612128fe198 size 128 | #14 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10451.487089 | resume sending helper answer for #13 suppresed complete_v2_state_transition() | #13 spent 0.727 milliseconds in resume sending helper answer | stop processing: state #14 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f53400019f8 | spent 0.00306 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 4d 7d be dc a5 f2 ca 6e 4c 75 3e db ec 16 cb e8 | 3f d7 bf 20 4f a4 7a 1d 97 d2 53 5a 7a 4d 30 7f | 79 60 62 d4 50 c1 e4 a0 8f b8 55 d6 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 4d 43 64 2b 14 89 89 a8 | responder cookie: | 8d 1d b1 78 1a 7b 37 8b | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #13 in PARENT_I2 (find_v2_ike_sa) | start processing: state #13 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #14 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #13 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | start processing: state #14 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #14 is idle | #14 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | #14 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x5612128e6190 (size 20) | hmac: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5e98 | result: clone-key@0x7f534c00d840 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5350002b50 from symkey-key@0x7f534c00d840 | hmac prf: begin sha with context 0x7f5350002b50 from symkey-key@0x7f534c00d840 | hmac: release clone-key@0x7f534c00d840 | hmac PRF sha crypt-prf@0x5612128fbce8 | hmac PRF sha update data-bytes@0x5612128ee278 (length 64) | 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 4d 7d be dc a5 f2 ca 6e 4c 75 3e db ec 16 cb e8 | 3f d7 bf 20 4f a4 7a 1d 97 d2 53 5a 7a 4d 30 7f | hmac PRF sha final-bytes@0x7ffe4aed6060 (length 20) | 79 60 62 d4 50 c1 e4 a0 8f b8 55 d6 8e 18 7d 9f | 1a 96 66 e7 | data for hmac: 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | data for hmac: 4d 7d be dc a5 f2 ca 6e 4c 75 3e db ec 16 cb e8 | data for hmac: 3f d7 bf 20 4f a4 7a 1d 97 d2 53 5a 7a 4d 30 7f | calculated auth: 79 60 62 d4 50 c1 e4 a0 8f b8 55 d6 | provided auth: 79 60 62 d4 50 c1 e4 a0 8f b8 55 d6 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 4d 7d be dc a5 f2 ca 6e 4c 75 3e db ec 16 cb e8 | payload before decryption: | 3f d7 bf 20 4f a4 7a 1d 97 d2 53 5a 7a 4d 30 7f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 00 00 00 0e 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #14 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode IKE SA: process IKE_AUTH response containing unknown notification | Now let's proceed with state specific processing | calling processor IKE SA: process IKE_AUTH response containing unknown notification "aes128" #14: IKE_AUTH response contained the error notification NO_PROPOSAL_CHOSEN "aes128" #14: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #14 fd@25 .st_dev=9 .st_ino=7183988 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #13 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x5612128fe198 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5344002b78 | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5344002b78 | inserting event EVENT_RETRANSMIT, timeout in 59.994914 seconds for #14 | libevent_malloc: new ptr-libevent@0x7f53400019f8 size 128 "aes128" #14: STATE_PARENT_I2: suppressing retransmits; will wait 59.994914 seconds for retry | #14 spent 0.106 milliseconds in processing: IKE SA: process IKE_AUTH response containing unknown notification in ikev2_process_state_packet() | [RE]START processing: state #14 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #14 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #14 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #13 spent 0.359 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.371 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0381 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x5612128ee1f8} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #14 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #14 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #14 ikev2.child deleted other | #14 spent 0.106 milliseconds in total | [RE]START processing: state #14 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #14: deleting state (STATE_PARENT_I2) aged 0.018s and NOT sending notification | child state #14: PARENT_I2(open IKE SA) => delete | child state #14: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #14 requesting EVENT_RETRANSMIT to be deleted | #14 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f53400019f8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5344002b78 | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #14 in CHILDSA_DEL | child state #14: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #14 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x5612128ffbc0 | delete_state: release st->st_skey_ai_nss-key@0x56121285f080 | delete_state: release st->st_skey_ar_nss-key@0x5612128e6190 | delete_state: release st->st_skey_ei_nss-key@0x5612128e9a80 | delete_state: release st->st_skey_er_nss-key@0x5612128e0610 | delete_state: release st->st_skey_pi_nss-key@0x5612128e7c40 | delete_state: release st->st_skey_pr_nss-key@0x7f534c00a0e0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #13 | start processing: state #13 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #13 ikev2.ike deleted other | #13 spent 4.74 milliseconds in total | [RE]START processing: state #13 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #13: deleting state (STATE_PARENT_I2) aged 0.024s and NOT sending notification | parent state #13: PARENT_I2(open IKE SA) => delete | state #13 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f533c004f28 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f5340002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #13 in PARENT_I2 | parent state #13: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f533c007588: destroyed | stop processing: state #13 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f534c006bb0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x5612128ffbc0 | delete_state: release st->st_skey_ai_nss-key@0x56121285f080 | delete_state: release st->st_skey_ar_nss-key@0x5612128e6190 | delete_state: release st->st_skey_ei_nss-key@0x5612128e9a80 | delete_state: release st->st_skey_er_nss-key@0x5612128e0610 | delete_state: release st->st_skey_pi_nss-key@0x5612128e7c40 | delete_state: release st->st_skey_pr_nss-key@0x7f534c00a0e0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x5612128fbe98 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.239 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | child-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0739 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0447 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | emitting | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0506 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:EMPTY | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0465 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x5612128fbe98 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.1 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #15 at 0x561212900758 | State DB: adding IKEv2 state #15 in UNDEFINED | pstats #15 ikev2.ike started | Message ID: init #15: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #15: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #15; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #15 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #15 "aes128" "aes128" #15: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 15 for state #15 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #15 | libevent_malloc: new ptr-libevent@0x7f53400019f8 size 128 | #15 spent 0.0903 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #15 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 1 resuming | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | crypto helper 1 starting work-order 15 for state #15 | close_any(fd@23) (in initiate_connection() at initiate.c:372) | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 15 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.155 milliseconds in whack | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5354006a38: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5354006a38 | NSS: Public DH wire value: | 1c 6e 21 f1 4d c9 20 b1 b1 70 48 b1 ed 3e 5f ff | c0 17 6c 00 f5 8b 96 93 e8 92 15 0f 00 d7 b0 be | ef 0b 6e 40 6d 6d 60 4f a2 c0 a4 fc 71 9e ae 3c | b1 e8 29 56 f6 c4 d4 27 a4 fd 88 ee 0f a6 1f af | bc 48 d7 c4 d1 41 e6 e8 7e 01 d5 82 4c da c7 0c | f1 4b c5 c2 e8 1e 70 80 25 8b ed 39 20 c0 50 63 | ad b4 03 80 a7 ab 03 ad ed ac 07 10 8f 0b 23 9a | 91 f2 a7 f1 8a 2c 80 9c b4 f8 80 56 0e a3 90 54 | a1 9e a2 04 96 55 64 9c b4 44 09 00 d6 c5 9e 65 | 53 87 ad df c8 52 dd 4b 8d dc eb 7b b6 53 0d 23 | ae 80 e4 ff 4b 49 c2 de 19 df da 8f 19 85 0d f3 | 5c ce 77 f5 19 24 d8 07 57 97 d2 8a 30 70 9a e6 | fc 7f 14 48 97 2e ca 28 26 d6 73 fe 3a d3 c1 a9 | b1 5c 2c 38 3c 53 a0 42 9a 28 72 a2 ae 81 60 e2 | 9f 83 84 b6 ec e6 39 ef 3c ae d2 d9 14 a8 81 bf | 8f 7b 97 7b c7 c8 1b ec bf 89 0e aa 7d 6f 5b 53 | Generated nonce: fd bb a2 9b 09 33 48 61 37 18 b0 c2 62 12 88 9a | Generated nonce: c2 22 88 4a 55 02 81 69 f7 5e 97 17 35 e4 79 dd | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 15 time elapsed 0.001063 seconds | (#15) spent 1.06 milliseconds in crypto helper computing work-order 15: ikev2_outI1 KE (pcr) | crypto helper 1 sending results from work-order 15 for state #15 to event queue | scheduling resume sending helper answer for #15 | libevent_malloc: new ptr-libevent@0x7f5354004a28 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #15 | start processing: state #15 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 15 | calling continuation function 0x561211773b50 | ikev2_parent_outI1_continue for #15 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5354006a38: transferring ownership from helper KE to state #15 | **emit ISAKMP Message: | initiator cookie: | cd 27 53 3b d0 6f c5 49 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #15: IMPAIR: emitting variable-size key-length attribute with no key | ******emit IKEv2 Attribute Substructure Payload: | af+type: 14?? (0xe) | length/value: 0 (0x0) "aes128" #15: IMPAIR: emitting af+type of IKEv2 Attribute Substructure Payload has an unknown value: 0x0+14 (0xe) | emitting length of IKEv2 Attribute Substructure Payload: 0 | emitting 0 raw bytes of attribute value into IKEv2 Transform Substructure Payload | attribute value | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 1c 6e 21 f1 4d c9 20 b1 b1 70 48 b1 ed 3e 5f ff | ikev2 g^x c0 17 6c 00 f5 8b 96 93 e8 92 15 0f 00 d7 b0 be | ikev2 g^x ef 0b 6e 40 6d 6d 60 4f a2 c0 a4 fc 71 9e ae 3c | ikev2 g^x b1 e8 29 56 f6 c4 d4 27 a4 fd 88 ee 0f a6 1f af | ikev2 g^x bc 48 d7 c4 d1 41 e6 e8 7e 01 d5 82 4c da c7 0c | ikev2 g^x f1 4b c5 c2 e8 1e 70 80 25 8b ed 39 20 c0 50 63 | ikev2 g^x ad b4 03 80 a7 ab 03 ad ed ac 07 10 8f 0b 23 9a | ikev2 g^x 91 f2 a7 f1 8a 2c 80 9c b4 f8 80 56 0e a3 90 54 | ikev2 g^x a1 9e a2 04 96 55 64 9c b4 44 09 00 d6 c5 9e 65 | ikev2 g^x 53 87 ad df c8 52 dd 4b 8d dc eb 7b b6 53 0d 23 | ikev2 g^x ae 80 e4 ff 4b 49 c2 de 19 df da 8f 19 85 0d f3 | ikev2 g^x 5c ce 77 f5 19 24 d8 07 57 97 d2 8a 30 70 9a e6 | ikev2 g^x fc 7f 14 48 97 2e ca 28 26 d6 73 fe 3a d3 c1 a9 | ikev2 g^x b1 5c 2c 38 3c 53 a0 42 9a 28 72 a2 ae 81 60 e2 | ikev2 g^x 9f 83 84 b6 ec e6 39 ef 3c ae d2 d9 14 a8 81 bf | ikev2 g^x 8f 7b 97 7b c7 c8 1b ec bf 89 0e aa 7d 6f 5b 53 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce fd bb a2 9b 09 33 48 61 37 18 b0 c2 62 12 88 9a | IKEv2 nonce c2 22 88 4a 55 02 81 69 f7 5e 97 17 35 e4 79 dd | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | cd 27 53 3b d0 6f c5 49 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 46 14 5f 88 aa 25 e0 f2 1d 5a fa d3 4a f8 b1 cc | 0d e0 fa e3 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= cd 27 53 3b d0 6f c5 49 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 46 14 5f 88 aa 25 e0 f2 1d 5a fa d3 4a f8 b1 cc | natd_hash: hash= 0d e0 fa e3 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 46 14 5f 88 aa 25 e0 f2 1d 5a fa d3 4a f8 b1 cc | Notify data 0d e0 fa e3 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | cd 27 53 3b d0 6f c5 49 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 96 f7 df 26 0e 42 5e 01 e1 e1 36 2c f2 d6 be d1 | 6b f8 17 36 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= cd 27 53 3b d0 6f c5 49 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 96 f7 df 26 0e 42 5e 01 e1 e1 36 2c f2 d6 be d1 | natd_hash: hash= 6b f8 17 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 96 f7 df 26 0e 42 5e 01 e1 e1 36 2c f2 d6 be d1 | Notify data 6b f8 17 36 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #15 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #15 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #15 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #15: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #15 to 4294967295 after switching state | Message ID: IKE #15 skipping update_recv as MD is fake | Message ID: sent #15 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #15: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #15) | cd 27 53 3b d0 6f c5 49 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 1c 6e 21 f1 4d c9 20 b1 b1 70 48 b1 | ed 3e 5f ff c0 17 6c 00 f5 8b 96 93 e8 92 15 0f | 00 d7 b0 be ef 0b 6e 40 6d 6d 60 4f a2 c0 a4 fc | 71 9e ae 3c b1 e8 29 56 f6 c4 d4 27 a4 fd 88 ee | 0f a6 1f af bc 48 d7 c4 d1 41 e6 e8 7e 01 d5 82 | 4c da c7 0c f1 4b c5 c2 e8 1e 70 80 25 8b ed 39 | 20 c0 50 63 ad b4 03 80 a7 ab 03 ad ed ac 07 10 | 8f 0b 23 9a 91 f2 a7 f1 8a 2c 80 9c b4 f8 80 56 | 0e a3 90 54 a1 9e a2 04 96 55 64 9c b4 44 09 00 | d6 c5 9e 65 53 87 ad df c8 52 dd 4b 8d dc eb 7b | b6 53 0d 23 ae 80 e4 ff 4b 49 c2 de 19 df da 8f | 19 85 0d f3 5c ce 77 f5 19 24 d8 07 57 97 d2 8a | 30 70 9a e6 fc 7f 14 48 97 2e ca 28 26 d6 73 fe | 3a d3 c1 a9 b1 5c 2c 38 3c 53 a0 42 9a 28 72 a2 | ae 81 60 e2 9f 83 84 b6 ec e6 39 ef 3c ae d2 d9 | 14 a8 81 bf 8f 7b 97 7b c7 c8 1b ec bf 89 0e aa | 7d 6f 5b 53 29 00 00 24 fd bb a2 9b 09 33 48 61 | 37 18 b0 c2 62 12 88 9a c2 22 88 4a 55 02 81 69 | f7 5e 97 17 35 e4 79 dd 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 46 14 5f 88 aa 25 e0 f2 | 1d 5a fa d3 4a f8 b1 cc 0d e0 fa e3 00 00 00 1c | 00 00 40 05 96 f7 df 26 0e 42 5e 01 e1 e1 36 2c | f2 d6 be d1 6b f8 17 36 | state #15 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f53400019f8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5340002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #15 | libevent_malloc: new ptr-libevent@0x5612128fe198 size 128 | #15 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10451.975442 | resume sending helper answer for #15 suppresed complete_v2_state_transition() and stole MD | #15 spent 0.72 milliseconds in resume sending helper answer | stop processing: state #15 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5354004a28 | spent 0.00155 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | cd 27 53 3b d0 6f c5 49 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cd 27 53 3b d0 6f c5 49 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #15 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #15 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #15 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #15 is idle | #15 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #15 IKE SPIi and SPI[ir] | #15 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #15: STATE_PARENT_I1: received unauthenticated v2N_INVALID_SYNTAX - ignored | #15 spent 0.00714 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #15 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #15 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #15 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #15 spent 0.0915 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.103 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x7f5340002b78 | handling event EVENT_RETRANSMIT for parent state #15 | start processing: state #15 connection "aes128" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #15 connection "aes128" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "aes128" #15 attempt 2 of 0 | and parent for 192.1.2.23 "aes128" #15 keying attempt 1 of 0; retransmit 1 "aes128" #15: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #15 connection "aes128" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:234) | pstats #15 ikev2.ike failed too-many-retransmits | pstats #15 ikev2.ike deleted too-many-retransmits | #15 spent 1.96 milliseconds in total | [RE]START processing: state #15 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #15: deleting state (STATE_PARENT_I1) aged 0.502s and NOT sending notification | parent state #15: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection aes128 | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "aes128" {0x5612128ee1f8} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #15 "aes128" #15: deleting IKE SA for connection 'aes128' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'aes128' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #15 in PARENT_I1 | parent state #15: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f5354006a38: destroyed | stop processing: state #15 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x5612128fe198 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5340002b78 | in statetime_stop() and could not find #15 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection aes128 which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #16 at 0x561212900758 | State DB: adding IKEv2 state #16 in UNDEFINED | pstats #16 ikev2.ike started | Message ID: init #16: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #16: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #16; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #16 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #16 "aes128" "aes128" #16: initiating v2 parent SA | using existing local IKE proposals for connection aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 16 for state #16 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #16 | libevent_malloc: new ptr-libevent@0x7f5354004a28 size 128 | #16 spent 0.0716 milliseconds in ikev2_parent_outI1() | RESET processing: state #16 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 0 resuming | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 0 starting work-order 16 for state #16 | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 16 | spent 0.101 milliseconds in global timer EVENT_REVIVE_CONNS | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f534c003a78: created | NSS: Local DH MODP2048 secret (pointer): 0x7f534c003a78 | NSS: Public DH wire value: | 87 7d bd 09 dd 1e 05 78 a5 a5 57 10 5b a0 9d f8 | 20 23 52 2c 60 f7 62 ba c4 a3 a4 7c 38 7d d1 ec | 7a d6 a4 6d 06 a6 86 ff 93 28 06 e6 f8 b6 fd cc | c5 f7 70 3b 8e 07 11 fa 1c 96 68 b1 ee 0f 96 32 | 38 66 4d fd 30 3c 5a 4c 19 4e e2 3f b3 05 8b a7 | f6 ff a8 c7 18 44 87 4f d6 df ab 52 77 9a 60 29 | c3 07 80 4b c4 61 87 8c 56 22 c2 6c d8 86 c2 20 | b4 61 0d 2c b8 22 48 84 a4 c5 db 59 18 58 8f e6 | f1 52 9f 2d e0 af 42 4c f3 00 30 a8 72 57 54 c3 | fa b4 bb 24 4f b0 bf 73 9b b3 03 68 bc a6 16 c3 | cf b8 61 fc 15 78 4e 67 eb 1e a7 88 09 cf 3b 7f | ac 38 80 48 08 27 04 d9 02 71 60 20 81 ca 4a 5d | d2 37 7c 2c 3a 05 4e dd c4 cb ff a8 02 8c 14 69 | 02 cf e3 8e 47 be 93 b1 25 ca 0b 93 48 ce 34 00 | e9 b2 82 be e5 fc b7 21 08 dd 8c 43 d0 c2 01 84 | 4b 38 ca a5 93 47 96 e3 d4 1c 7f f9 97 ac 9e dc | Generated nonce: e9 69 63 8c be e4 65 47 42 99 1e 8d 5e bf 3b b4 | Generated nonce: 7e 38 a1 13 6a 04 a0 dc 1b 7e ab a7 0d 94 b6 0d | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 16 time elapsed 0.000754 seconds | (#16) spent 0.753 milliseconds in crypto helper computing work-order 16: ikev2_outI1 KE (pcr) | crypto helper 0 sending results from work-order 16 for state #16 to event queue | scheduling resume sending helper answer for #16 | libevent_malloc: new ptr-libevent@0x7f534c005088 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #16 | start processing: state #16 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 16 | calling continuation function 0x561211773b50 | ikev2_parent_outI1_continue for #16 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f534c003a78: transferring ownership from helper KE to state #16 | **emit ISAKMP Message: | initiator cookie: | 2a 0b 3d 54 f7 50 12 5b | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #16: IMPAIR: emitting variable-size key-length attribute with no key | ******emit IKEv2 Attribute Substructure Payload: | af+type: 14?? (0xe) | length/value: 0 (0x0) "aes128" #16: IMPAIR: emitting af+type of IKEv2 Attribute Substructure Payload has an unknown value: 0x0+14 (0xe) | emitting length of IKEv2 Attribute Substructure Payload: 0 | emitting 0 raw bytes of attribute value into IKEv2 Transform Substructure Payload | attribute value | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 87 7d bd 09 dd 1e 05 78 a5 a5 57 10 5b a0 9d f8 | ikev2 g^x 20 23 52 2c 60 f7 62 ba c4 a3 a4 7c 38 7d d1 ec | ikev2 g^x 7a d6 a4 6d 06 a6 86 ff 93 28 06 e6 f8 b6 fd cc | ikev2 g^x c5 f7 70 3b 8e 07 11 fa 1c 96 68 b1 ee 0f 96 32 | ikev2 g^x 38 66 4d fd 30 3c 5a 4c 19 4e e2 3f b3 05 8b a7 | ikev2 g^x f6 ff a8 c7 18 44 87 4f d6 df ab 52 77 9a 60 29 | ikev2 g^x c3 07 80 4b c4 61 87 8c 56 22 c2 6c d8 86 c2 20 | ikev2 g^x b4 61 0d 2c b8 22 48 84 a4 c5 db 59 18 58 8f e6 | ikev2 g^x f1 52 9f 2d e0 af 42 4c f3 00 30 a8 72 57 54 c3 | ikev2 g^x fa b4 bb 24 4f b0 bf 73 9b b3 03 68 bc a6 16 c3 | ikev2 g^x cf b8 61 fc 15 78 4e 67 eb 1e a7 88 09 cf 3b 7f | ikev2 g^x ac 38 80 48 08 27 04 d9 02 71 60 20 81 ca 4a 5d | ikev2 g^x d2 37 7c 2c 3a 05 4e dd c4 cb ff a8 02 8c 14 69 | ikev2 g^x 02 cf e3 8e 47 be 93 b1 25 ca 0b 93 48 ce 34 00 | ikev2 g^x e9 b2 82 be e5 fc b7 21 08 dd 8c 43 d0 c2 01 84 | ikev2 g^x 4b 38 ca a5 93 47 96 e3 d4 1c 7f f9 97 ac 9e dc | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce e9 69 63 8c be e4 65 47 42 99 1e 8d 5e bf 3b b4 | IKEv2 nonce 7e 38 a1 13 6a 04 a0 dc 1b 7e ab a7 0d 94 b6 0d | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 2a 0b 3d 54 f7 50 12 5b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 2f 85 be 5a 13 e8 ac 02 78 87 11 c9 8b 87 d5 da | f9 d9 62 b2 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 2a 0b 3d 54 f7 50 12 5b | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 2f 85 be 5a 13 e8 ac 02 78 87 11 c9 8b 87 d5 da | natd_hash: hash= f9 d9 62 b2 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 2f 85 be 5a 13 e8 ac 02 78 87 11 c9 8b 87 d5 da | Notify data f9 d9 62 b2 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 2a 0b 3d 54 f7 50 12 5b | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 13 93 d0 5e 73 8a 7a bb e5 e4 85 60 0a 58 74 2f | ff b0 66 e3 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 2a 0b 3d 54 f7 50 12 5b | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 13 93 d0 5e 73 8a 7a bb e5 e4 85 60 0a 58 74 2f | natd_hash: hash= ff b0 66 e3 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 13 93 d0 5e 73 8a 7a bb e5 e4 85 60 0a 58 74 2f | Notify data ff b0 66 e3 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #16 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #16 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #16 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #16: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #16 to 4294967295 after switching state | Message ID: IKE #16 skipping update_recv as MD is fake | Message ID: sent #16 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #16: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #16) | 2a 0b 3d 54 f7 50 12 5b 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 87 7d bd 09 dd 1e 05 78 a5 a5 57 10 | 5b a0 9d f8 20 23 52 2c 60 f7 62 ba c4 a3 a4 7c | 38 7d d1 ec 7a d6 a4 6d 06 a6 86 ff 93 28 06 e6 | f8 b6 fd cc c5 f7 70 3b 8e 07 11 fa 1c 96 68 b1 | ee 0f 96 32 38 66 4d fd 30 3c 5a 4c 19 4e e2 3f | b3 05 8b a7 f6 ff a8 c7 18 44 87 4f d6 df ab 52 | 77 9a 60 29 c3 07 80 4b c4 61 87 8c 56 22 c2 6c | d8 86 c2 20 b4 61 0d 2c b8 22 48 84 a4 c5 db 59 | 18 58 8f e6 f1 52 9f 2d e0 af 42 4c f3 00 30 a8 | 72 57 54 c3 fa b4 bb 24 4f b0 bf 73 9b b3 03 68 | bc a6 16 c3 cf b8 61 fc 15 78 4e 67 eb 1e a7 88 | 09 cf 3b 7f ac 38 80 48 08 27 04 d9 02 71 60 20 | 81 ca 4a 5d d2 37 7c 2c 3a 05 4e dd c4 cb ff a8 | 02 8c 14 69 02 cf e3 8e 47 be 93 b1 25 ca 0b 93 | 48 ce 34 00 e9 b2 82 be e5 fc b7 21 08 dd 8c 43 | d0 c2 01 84 4b 38 ca a5 93 47 96 e3 d4 1c 7f f9 | 97 ac 9e dc 29 00 00 24 e9 69 63 8c be e4 65 47 | 42 99 1e 8d 5e bf 3b b4 7e 38 a1 13 6a 04 a0 dc | 1b 7e ab a7 0d 94 b6 0d 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 2f 85 be 5a 13 e8 ac 02 | 78 87 11 c9 8b 87 d5 da f9 d9 62 b2 00 00 00 1c | 00 00 40 05 13 93 d0 5e 73 8a 7a bb e5 e4 85 60 | 0a 58 74 2f ff b0 66 e3 | state #16 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5354004a28 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5340002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #16 | libevent_malloc: new ptr-libevent@0x5612128fe198 size 128 | #16 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10452.477199 | resume sending helper answer for #16 suppresed complete_v2_state_transition() and stole MD | #16 spent 0.376 milliseconds in resume sending helper answer | stop processing: state #16 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f534c005088 | spent 0.00223 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 2a 0b 3d 54 f7 50 12 5b 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 2a 0b 3d 54 f7 50 12 5b | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #16 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #16 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #16 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #16 is idle | #16 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #16 IKE SPIi and SPI[ir] | #16 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #16: STATE_PARENT_I1: received unauthenticated v2N_INVALID_SYNTAX - ignored | #16 spent 0.00259 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #16 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #16 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #16 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #16 spent 0.0967 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.107 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0757 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | removing pending policy for no connection {0x5612128ee1f8} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #16 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #16 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #16 ikev2.ike deleted other | #16 spent 1.3 milliseconds in total | [RE]START processing: state #16 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #16: deleting state (STATE_PARENT_I1) aged 0.013s and NOT sending notification | parent state #16: PARENT_I1(half-open IKE SA) => delete | state #16 requesting EVENT_RETRANSMIT to be deleted | #16 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x5612128fe198 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5340002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #16 in PARENT_I1 | parent state #16: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f534c003a78: destroyed | stop processing: state #16 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x5612128fbe98 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.175 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | emitting: disabled | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.112 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0448 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | emitting | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0594 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:EMPTY | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0434 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x5612128fbe98 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.147 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #17 at 0x561212900758 | State DB: adding IKEv2 state #17 in UNDEFINED | pstats #17 ikev2.ike started | Message ID: init #17: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #17: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #17; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #17 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #17 "aes128" "aes128" #17: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 17 for state #17 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #17 | libevent_malloc: new ptr-libevent@0x7f534c005088 size 128 | #17 spent 0.114 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #17 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | crypto helper 3 resuming | crypto helper 3 starting work-order 17 for state #17 | close_any(fd@23) (in initiate_connection() at initiate.c:372) | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 17 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.207 milliseconds in whack | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5350006778: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5350006778 | NSS: Public DH wire value: | db 76 e7 a1 32 ad c4 2b 8f e4 ae 11 dd a4 ea e0 | 54 d8 67 67 d8 63 3c e6 3e a4 43 6d c6 b1 84 73 | 65 e1 a2 62 49 aa 95 24 67 5e 90 f6 f1 0d 07 c6 | 46 0d 69 25 14 a5 2c b1 74 ef 36 6a e9 70 f9 5f | de 86 c0 9d 03 3b 9a 4b a5 a1 75 c2 00 74 7c dc | 52 2b 5f 51 b2 71 6b ce 51 b1 9b c9 d9 f3 78 ad | 99 4f b9 1a 4f 30 d4 ed 5d 35 d0 55 a4 63 7d c4 | 28 04 cf e5 db 95 ae c3 3e 09 6e e0 9c 17 be 28 | 16 e8 b9 cd 2c 28 14 b5 5b 8e 50 cd ef 82 3b b6 | e2 d9 62 8b 40 d0 b4 3f 70 81 d4 f8 3e 82 6e 24 | 49 79 16 d1 53 e6 e2 ff 26 c0 0a 18 b8 86 75 60 | f9 08 f4 a8 f4 ab 6a 56 11 c4 83 56 81 f3 8a 10 | 60 dd 70 c8 b2 06 5a 14 dc ce 41 51 3f 77 15 e1 | 9e ae fb f8 98 e8 14 31 19 ec 19 d2 1e 1d 61 28 | 7d d4 29 52 25 7d 15 c1 69 d3 28 25 2b ae 10 6b | 75 cf 9a 42 7b 27 d7 0b 90 4a a9 5b d2 88 07 15 | Generated nonce: fc a1 c7 3c 4c 3a 6f c7 04 7b 95 88 eb 4e 4d a2 | Generated nonce: 97 b6 c0 c5 94 12 52 25 b3 cf b3 78 94 3e c1 b8 | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 17 time elapsed 0.000907 seconds | (#17) spent 0.903 milliseconds in crypto helper computing work-order 17: ikev2_outI1 KE (pcr) | crypto helper 3 sending results from work-order 17 for state #17 to event queue | scheduling resume sending helper answer for #17 | libevent_malloc: new ptr-libevent@0x7f53500014a8 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #17 | start processing: state #17 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 17 | calling continuation function 0x561211773b50 | ikev2_parent_outI1_continue for #17 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5350006778: transferring ownership from helper KE to state #17 | **emit ISAKMP Message: | initiator cookie: | 4c f5 04 2a 45 a2 dd 5c | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #17: IMPAIR: emitting variable-size key-length attribute with no key | ******emit IKEv2 Attribute Substructure Payload: | af+type: 14?? (0xe) | length/value: 0 (0x0) "aes128" #17: IMPAIR: emitting af+type of IKEv2 Attribute Substructure Payload has an unknown value: 0x0+14 (0xe) | emitting length of IKEv2 Attribute Substructure Payload: 0 | emitting 0 raw bytes of attribute value into IKEv2 Transform Substructure Payload | attribute value | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x db 76 e7 a1 32 ad c4 2b 8f e4 ae 11 dd a4 ea e0 | ikev2 g^x 54 d8 67 67 d8 63 3c e6 3e a4 43 6d c6 b1 84 73 | ikev2 g^x 65 e1 a2 62 49 aa 95 24 67 5e 90 f6 f1 0d 07 c6 | ikev2 g^x 46 0d 69 25 14 a5 2c b1 74 ef 36 6a e9 70 f9 5f | ikev2 g^x de 86 c0 9d 03 3b 9a 4b a5 a1 75 c2 00 74 7c dc | ikev2 g^x 52 2b 5f 51 b2 71 6b ce 51 b1 9b c9 d9 f3 78 ad | ikev2 g^x 99 4f b9 1a 4f 30 d4 ed 5d 35 d0 55 a4 63 7d c4 | ikev2 g^x 28 04 cf e5 db 95 ae c3 3e 09 6e e0 9c 17 be 28 | ikev2 g^x 16 e8 b9 cd 2c 28 14 b5 5b 8e 50 cd ef 82 3b b6 | ikev2 g^x e2 d9 62 8b 40 d0 b4 3f 70 81 d4 f8 3e 82 6e 24 | ikev2 g^x 49 79 16 d1 53 e6 e2 ff 26 c0 0a 18 b8 86 75 60 | ikev2 g^x f9 08 f4 a8 f4 ab 6a 56 11 c4 83 56 81 f3 8a 10 | ikev2 g^x 60 dd 70 c8 b2 06 5a 14 dc ce 41 51 3f 77 15 e1 | ikev2 g^x 9e ae fb f8 98 e8 14 31 19 ec 19 d2 1e 1d 61 28 | ikev2 g^x 7d d4 29 52 25 7d 15 c1 69 d3 28 25 2b ae 10 6b | ikev2 g^x 75 cf 9a 42 7b 27 d7 0b 90 4a a9 5b d2 88 07 15 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce fc a1 c7 3c 4c 3a 6f c7 04 7b 95 88 eb 4e 4d a2 | IKEv2 nonce 97 b6 c0 c5 94 12 52 25 b3 cf b3 78 94 3e c1 b8 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 4c f5 04 2a 45 a2 dd 5c | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | a0 eb 0e e3 0a 88 35 71 66 38 b4 9b 33 6d ab 27 | ca 2b 2f 3c | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 4c f5 04 2a 45 a2 dd 5c | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= a0 eb 0e e3 0a 88 35 71 66 38 b4 9b 33 6d ab 27 | natd_hash: hash= ca 2b 2f 3c | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data a0 eb 0e e3 0a 88 35 71 66 38 b4 9b 33 6d ab 27 | Notify data ca 2b 2f 3c | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 4c f5 04 2a 45 a2 dd 5c | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | be 77 30 20 de 23 47 94 8a 86 df 3a 2a b1 a2 9e | fe 69 d5 0f | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 4c f5 04 2a 45 a2 dd 5c | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= be 77 30 20 de 23 47 94 8a 86 df 3a 2a b1 a2 9e | natd_hash: hash= fe 69 d5 0f | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data be 77 30 20 de 23 47 94 8a 86 df 3a 2a b1 a2 9e | Notify data fe 69 d5 0f | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #17 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #17 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #17 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #17: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #17 to 4294967295 after switching state | Message ID: IKE #17 skipping update_recv as MD is fake | Message ID: sent #17 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #17: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #17) | 4c f5 04 2a 45 a2 dd 5c 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 db 76 e7 a1 32 ad c4 2b 8f e4 ae 11 | dd a4 ea e0 54 d8 67 67 d8 63 3c e6 3e a4 43 6d | c6 b1 84 73 65 e1 a2 62 49 aa 95 24 67 5e 90 f6 | f1 0d 07 c6 46 0d 69 25 14 a5 2c b1 74 ef 36 6a | e9 70 f9 5f de 86 c0 9d 03 3b 9a 4b a5 a1 75 c2 | 00 74 7c dc 52 2b 5f 51 b2 71 6b ce 51 b1 9b c9 | d9 f3 78 ad 99 4f b9 1a 4f 30 d4 ed 5d 35 d0 55 | a4 63 7d c4 28 04 cf e5 db 95 ae c3 3e 09 6e e0 | 9c 17 be 28 16 e8 b9 cd 2c 28 14 b5 5b 8e 50 cd | ef 82 3b b6 e2 d9 62 8b 40 d0 b4 3f 70 81 d4 f8 | 3e 82 6e 24 49 79 16 d1 53 e6 e2 ff 26 c0 0a 18 | b8 86 75 60 f9 08 f4 a8 f4 ab 6a 56 11 c4 83 56 | 81 f3 8a 10 60 dd 70 c8 b2 06 5a 14 dc ce 41 51 | 3f 77 15 e1 9e ae fb f8 98 e8 14 31 19 ec 19 d2 | 1e 1d 61 28 7d d4 29 52 25 7d 15 c1 69 d3 28 25 | 2b ae 10 6b 75 cf 9a 42 7b 27 d7 0b 90 4a a9 5b | d2 88 07 15 29 00 00 24 fc a1 c7 3c 4c 3a 6f c7 | 04 7b 95 88 eb 4e 4d a2 97 b6 c0 c5 94 12 52 25 | b3 cf b3 78 94 3e c1 b8 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a0 eb 0e e3 0a 88 35 71 | 66 38 b4 9b 33 6d ab 27 ca 2b 2f 3c 00 00 00 1c | 00 00 40 05 be 77 30 20 de 23 47 94 8a 86 df 3a | 2a b1 a2 9e fe 69 d5 0f | state #17 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f534c005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5340002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #17 | libevent_malloc: new ptr-libevent@0x5612128fe198 size 128 | #17 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10452.872527 | resume sending helper answer for #17 suppresed complete_v2_state_transition() and stole MD | #17 spent 0.379 milliseconds in resume sending helper answer | stop processing: state #17 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f53500014a8 | spent 0.00197 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 4c f5 04 2a 45 a2 dd 5c 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 4c f5 04 2a 45 a2 dd 5c | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #17 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #17 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #17 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #17 is idle | #17 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #17 IKE SPIi and SPI[ir] | #17 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #17: STATE_PARENT_I1: received unauthenticated v2N_INVALID_SYNTAX - ignored | #17 spent 0.0109 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #17 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #17 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #17 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #17 spent 0.128 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.142 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x7f5340002b78 | handling event EVENT_RETRANSMIT for parent state #17 | start processing: state #17 connection "aes128" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #17 connection "aes128" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "aes128" #17 attempt 2 of 0 | and parent for 192.1.2.23 "aes128" #17 keying attempt 1 of 0; retransmit 1 "aes128" #17: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #17 connection "aes128" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:234) | pstats #17 ikev2.ike failed too-many-retransmits | pstats #17 ikev2.ike deleted too-many-retransmits | #17 spent 1.52 milliseconds in total | [RE]START processing: state #17 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #17: deleting state (STATE_PARENT_I1) aged 0.502s and NOT sending notification | parent state #17: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection aes128 | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "aes128" {0x5612128ee1f8} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #17 "aes128" #17: deleting IKE SA for connection 'aes128' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'aes128' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #17 in PARENT_I1 | parent state #17: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f5350006778: destroyed | stop processing: state #17 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x5612128fe198 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5340002b78 | in statetime_stop() and could not find #17 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection aes128 which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #18 at 0x561212900758 | State DB: adding IKEv2 state #18 in UNDEFINED | pstats #18 ikev2.ike started | Message ID: init #18: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #18: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #18; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #18 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #18 "aes128" "aes128" #18: initiating v2 parent SA | using existing local IKE proposals for connection aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 18 for state #18 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #18 | libevent_malloc: new ptr-libevent@0x7f53500014a8 size 128 | #18 spent 0.0667 milliseconds in ikev2_parent_outI1() | RESET processing: state #18 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 2 resuming | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | crypto helper 2 starting work-order 18 for state #18 | spent 0.0926 milliseconds in global timer EVENT_REVIVE_CONNS | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 18 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f53440020b8: created | NSS: Local DH MODP2048 secret (pointer): 0x7f53440020b8 | NSS: Public DH wire value: | 68 e9 d1 67 31 1c 74 4c 1f c6 06 69 35 e0 c8 60 | 78 e4 78 86 7f 8b a2 47 12 c1 fe 0c c0 65 a4 ea | 6b cb 4f 31 73 54 8f 4e b3 31 ee ba b5 d9 d6 a8 | 08 a5 28 27 19 86 9c b6 c3 76 4c 6a b1 9b 20 55 | 60 c3 95 f8 6f 65 2d e1 d2 cb 01 32 72 fe 18 30 | cc 54 17 5a f7 81 b6 21 cd f2 45 59 d5 4b e4 54 | 6a 80 48 2d cf 95 05 2f f9 e0 54 06 c4 b1 60 4a | cc 31 c9 01 a9 2a 12 ef 1c c4 52 eb f1 64 14 fb | 67 79 01 01 c8 b1 a0 ae 36 fc 57 1b e8 09 c0 d2 | 6f 0b 26 ab 30 c8 5b 81 da 92 b3 ea bb c0 42 c0 | 19 9f fd 08 a1 93 9f 9b 44 17 29 99 42 b4 13 dc | 97 1c 74 2d 28 98 17 2e 8c 34 40 88 34 aa a0 7c | 1e 04 d9 c6 b3 21 22 af 67 40 fb d8 84 96 a2 d5 | 26 26 b5 d2 6a 7b bb cc 38 21 57 c1 96 8e 55 c7 | 9e 40 a1 55 33 4b c2 05 41 61 29 d5 3e e9 a0 da | 4b b9 e6 36 bc fd 1c 18 8f 25 e7 01 6f a4 77 9f | Generated nonce: 81 3c 1d 8d 34 a6 61 d1 25 a8 84 3d 7e a8 b7 ea | Generated nonce: 24 5e fc 08 74 35 eb eb c7 75 77 eb 74 9d 92 3c | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 18 time elapsed 0.001058 seconds | (#18) spent 1.06 milliseconds in crypto helper computing work-order 18: ikev2_outI1 KE (pcr) | crypto helper 2 sending results from work-order 18 for state #18 to event queue | scheduling resume sending helper answer for #18 | libevent_malloc: new ptr-libevent@0x7f5344005908 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #18 | start processing: state #18 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 18 | calling continuation function 0x561211773b50 | ikev2_parent_outI1_continue for #18 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f53440020b8: transferring ownership from helper KE to state #18 | **emit ISAKMP Message: | initiator cookie: | 7b b1 55 66 ac 32 cf 71 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #18: IMPAIR: emitting variable-size key-length attribute with no key | ******emit IKEv2 Attribute Substructure Payload: | af+type: 14?? (0xe) | length/value: 0 (0x0) "aes128" #18: IMPAIR: emitting af+type of IKEv2 Attribute Substructure Payload has an unknown value: 0x0+14 (0xe) | emitting length of IKEv2 Attribute Substructure Payload: 0 | emitting 0 raw bytes of attribute value into IKEv2 Transform Substructure Payload | attribute value | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 68 e9 d1 67 31 1c 74 4c 1f c6 06 69 35 e0 c8 60 | ikev2 g^x 78 e4 78 86 7f 8b a2 47 12 c1 fe 0c c0 65 a4 ea | ikev2 g^x 6b cb 4f 31 73 54 8f 4e b3 31 ee ba b5 d9 d6 a8 | ikev2 g^x 08 a5 28 27 19 86 9c b6 c3 76 4c 6a b1 9b 20 55 | ikev2 g^x 60 c3 95 f8 6f 65 2d e1 d2 cb 01 32 72 fe 18 30 | ikev2 g^x cc 54 17 5a f7 81 b6 21 cd f2 45 59 d5 4b e4 54 | ikev2 g^x 6a 80 48 2d cf 95 05 2f f9 e0 54 06 c4 b1 60 4a | ikev2 g^x cc 31 c9 01 a9 2a 12 ef 1c c4 52 eb f1 64 14 fb | ikev2 g^x 67 79 01 01 c8 b1 a0 ae 36 fc 57 1b e8 09 c0 d2 | ikev2 g^x 6f 0b 26 ab 30 c8 5b 81 da 92 b3 ea bb c0 42 c0 | ikev2 g^x 19 9f fd 08 a1 93 9f 9b 44 17 29 99 42 b4 13 dc | ikev2 g^x 97 1c 74 2d 28 98 17 2e 8c 34 40 88 34 aa a0 7c | ikev2 g^x 1e 04 d9 c6 b3 21 22 af 67 40 fb d8 84 96 a2 d5 | ikev2 g^x 26 26 b5 d2 6a 7b bb cc 38 21 57 c1 96 8e 55 c7 | ikev2 g^x 9e 40 a1 55 33 4b c2 05 41 61 29 d5 3e e9 a0 da | ikev2 g^x 4b b9 e6 36 bc fd 1c 18 8f 25 e7 01 6f a4 77 9f | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 81 3c 1d 8d 34 a6 61 d1 25 a8 84 3d 7e a8 b7 ea | IKEv2 nonce 24 5e fc 08 74 35 eb eb c7 75 77 eb 74 9d 92 3c | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 7b b1 55 66 ac 32 cf 71 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 15 25 10 f4 ff ae 4d 5d e4 9a e2 0c fa 55 e9 0c | 30 b5 9a f4 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 7b b1 55 66 ac 32 cf 71 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 15 25 10 f4 ff ae 4d 5d e4 9a e2 0c fa 55 e9 0c | natd_hash: hash= 30 b5 9a f4 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 15 25 10 f4 ff ae 4d 5d e4 9a e2 0c fa 55 e9 0c | Notify data 30 b5 9a f4 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 7b b1 55 66 ac 32 cf 71 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 87 14 3a df df b2 b5 01 3b 7b 38 24 bc c4 84 15 | 2e 1a 20 9b | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 7b b1 55 66 ac 32 cf 71 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 87 14 3a df df b2 b5 01 3b 7b 38 24 bc c4 84 15 | natd_hash: hash= 2e 1a 20 9b | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 87 14 3a df df b2 b5 01 3b 7b 38 24 bc c4 84 15 | Notify data 2e 1a 20 9b | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #18 connection "aes128" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #18 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #18 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #18: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #18 to 4294967295 after switching state | Message ID: IKE #18 skipping update_recv as MD is fake | Message ID: sent #18 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #18: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #18) | 7b b1 55 66 ac 32 cf 71 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 68 e9 d1 67 31 1c 74 4c 1f c6 06 69 | 35 e0 c8 60 78 e4 78 86 7f 8b a2 47 12 c1 fe 0c | c0 65 a4 ea 6b cb 4f 31 73 54 8f 4e b3 31 ee ba | b5 d9 d6 a8 08 a5 28 27 19 86 9c b6 c3 76 4c 6a | b1 9b 20 55 60 c3 95 f8 6f 65 2d e1 d2 cb 01 32 | 72 fe 18 30 cc 54 17 5a f7 81 b6 21 cd f2 45 59 | d5 4b e4 54 6a 80 48 2d cf 95 05 2f f9 e0 54 06 | c4 b1 60 4a cc 31 c9 01 a9 2a 12 ef 1c c4 52 eb | f1 64 14 fb 67 79 01 01 c8 b1 a0 ae 36 fc 57 1b | e8 09 c0 d2 6f 0b 26 ab 30 c8 5b 81 da 92 b3 ea | bb c0 42 c0 19 9f fd 08 a1 93 9f 9b 44 17 29 99 | 42 b4 13 dc 97 1c 74 2d 28 98 17 2e 8c 34 40 88 | 34 aa a0 7c 1e 04 d9 c6 b3 21 22 af 67 40 fb d8 | 84 96 a2 d5 26 26 b5 d2 6a 7b bb cc 38 21 57 c1 | 96 8e 55 c7 9e 40 a1 55 33 4b c2 05 41 61 29 d5 | 3e e9 a0 da 4b b9 e6 36 bc fd 1c 18 8f 25 e7 01 | 6f a4 77 9f 29 00 00 24 81 3c 1d 8d 34 a6 61 d1 | 25 a8 84 3d 7e a8 b7 ea 24 5e fc 08 74 35 eb eb | c7 75 77 eb 74 9d 92 3c 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 15 25 10 f4 ff ae 4d 5d | e4 9a e2 0c fa 55 e9 0c 30 b5 9a f4 00 00 00 1c | 00 00 40 05 87 14 3a df df b2 b5 01 3b 7b 38 24 | bc c4 84 15 2e 1a 20 9b | state #18 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f53500014a8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5340002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #18 | libevent_malloc: new ptr-libevent@0x5612128fe198 size 128 | #18 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10453.37555 | resume sending helper answer for #18 suppresed complete_v2_state_transition() and stole MD | #18 spent 0.413 milliseconds in resume sending helper answer | stop processing: state #18 connection "aes128" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5344005908 | spent 0.00222 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 7b b1 55 66 ac 32 cf 71 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 7b b1 55 66 ac 32 cf 71 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #18 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #18 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #18 connection "aes128" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #18 is idle | #18 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #18 IKE SPIi and SPI[ir] | #18 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #18: STATE_PARENT_I1: received unauthenticated v2N_INVALID_SYNTAX - ignored | #18 spent 0.00332 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #18 connection "aes128" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #18 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #18 connection "aes128" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #18 spent 0.108 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.119 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0641 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | removing pending policy for no connection {0x5612128ee1f8} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #18 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #18 connection "aes128" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #18 ikev2.ike deleted other | #18 spent 1.64 milliseconds in total | [RE]START processing: state #18 connection "aes128" from 192.1.2.23 (in delete_state() at state.c:879) "aes128" #18: deleting state (STATE_PARENT_I1) aged 0.013s and NOT sending notification | parent state #18: PARENT_I1(half-open IKE SA) => delete | state #18 requesting EVENT_RETRANSMIT to be deleted | #18 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x5612128fe198 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5340002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #18 in PARENT_I1 | parent state #18: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f53440020b8: destroyed | stop processing: state #18 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x5612128fbe98 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.158 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | emitting: disabled | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.061 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0485 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection 3des with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: 3DES_CBC-HMAC_SHA1-MODP2048 | from whack: got --esp=3des-sha1;modp2048 | ESP/AH string values: 3DES_CBC-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x5612128fbe98 added connection description "3des" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.16 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in initiate_a_connection() at initiate.c:186) | connection '3des' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #19 at 0x561212900758 | State DB: adding IKEv2 state #19 in UNDEFINED | pstats #19 ikev2.ike started | Message ID: init #19: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #19: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #19; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #19 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "3des" IKE SA #19 "3des" "3des" #19: initiating v2 parent SA | constructing local IKE proposals for 3des (IKE SA initiator selecting KE) | converting ike_info 3DES_CBC-HMAC_SHA1-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_IKE 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "3des": constructed local IKE proposals for 3des (IKE SA initiator selecting KE): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 19 for state #19 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f5344005908 size 128 | #19 spent 0.124 milliseconds in ikev2_parent_outI1() | crypto helper 4 resuming | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 4 starting work-order 19 for state #19 | RESET processing: state #19 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 19 | RESET processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.214 milliseconds in whack | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5348003828: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5348003828 | NSS: Public DH wire value: | c9 51 af 3e 93 c2 18 4d c6 9a 26 49 3a 7f 4c 33 | 45 77 e8 15 9a c9 d8 f0 0a 63 f6 d1 a2 a3 1e 1d | c3 c9 3d c5 9d 96 25 fd 50 48 c7 14 a1 cb c4 41 | 2e 63 c5 6a 87 fc 75 80 2f 93 fb 17 3e 6f e5 1b | f5 a9 4f 1c 07 e6 d1 51 1c 49 1f f3 f0 6b 84 71 | 7d e7 54 1d 73 a4 ce f5 47 24 ef e9 47 e5 1a c5 | c9 74 8e cd e6 7f 57 45 72 ed 14 22 78 fb c4 6b | b1 99 c2 a8 88 43 52 39 b8 1a ea 1d e1 41 da 9d | 99 4f 9f 66 d7 5d 8b 11 5c c4 79 9a 1c 8b 03 88 | a9 69 ef e8 a4 cf 97 f0 ce 5b 3b 30 c1 1e 54 ae | 54 e8 af f2 0a 87 4f 6e 32 45 e9 38 7a c7 16 30 | 14 2a 2c 9c ef ac a7 55 01 34 6c c3 3d 62 0c be | 25 ad da 1c e6 eb 34 4b 97 50 01 a5 56 92 ba f5 | 5a 1b 3b fe cb 39 9b 03 6c 36 0a 05 e5 29 c2 e9 | 83 db 88 62 5b c9 14 67 04 a7 7d 5e fe e6 bd c7 | 8f 0b d6 7f e3 24 56 c0 af 94 84 cd 40 68 e9 32 | Generated nonce: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | Generated nonce: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 19 time elapsed 0.000747 seconds | (#19) spent 0.733 milliseconds in crypto helper computing work-order 19: ikev2_outI1 KE (pcr) | crypto helper 4 sending results from work-order 19 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7f5348002888 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #19 | start processing: state #19 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 19 | calling continuation function 0x561211773b50 | ikev2_parent_outI1_continue for #19 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5348003828: transferring ownership from helper KE to state #19 | **emit ISAKMP Message: | initiator cookie: | cb c5 b5 f0 c8 84 7d fe | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection 3des (IKE SA initiator emitting local proposals): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x c9 51 af 3e 93 c2 18 4d c6 9a 26 49 3a 7f 4c 33 | ikev2 g^x 45 77 e8 15 9a c9 d8 f0 0a 63 f6 d1 a2 a3 1e 1d | ikev2 g^x c3 c9 3d c5 9d 96 25 fd 50 48 c7 14 a1 cb c4 41 | ikev2 g^x 2e 63 c5 6a 87 fc 75 80 2f 93 fb 17 3e 6f e5 1b | ikev2 g^x f5 a9 4f 1c 07 e6 d1 51 1c 49 1f f3 f0 6b 84 71 | ikev2 g^x 7d e7 54 1d 73 a4 ce f5 47 24 ef e9 47 e5 1a c5 | ikev2 g^x c9 74 8e cd e6 7f 57 45 72 ed 14 22 78 fb c4 6b | ikev2 g^x b1 99 c2 a8 88 43 52 39 b8 1a ea 1d e1 41 da 9d | ikev2 g^x 99 4f 9f 66 d7 5d 8b 11 5c c4 79 9a 1c 8b 03 88 | ikev2 g^x a9 69 ef e8 a4 cf 97 f0 ce 5b 3b 30 c1 1e 54 ae | ikev2 g^x 54 e8 af f2 0a 87 4f 6e 32 45 e9 38 7a c7 16 30 | ikev2 g^x 14 2a 2c 9c ef ac a7 55 01 34 6c c3 3d 62 0c be | ikev2 g^x 25 ad da 1c e6 eb 34 4b 97 50 01 a5 56 92 ba f5 | ikev2 g^x 5a 1b 3b fe cb 39 9b 03 6c 36 0a 05 e5 29 c2 e9 | ikev2 g^x 83 db 88 62 5b c9 14 67 04 a7 7d 5e fe e6 bd c7 | ikev2 g^x 8f 0b d6 7f e3 24 56 c0 af 94 84 cd 40 68 e9 32 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | IKEv2 nonce 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | cb c5 b5 f0 c8 84 7d fe | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | cc d8 2d 4d c4 bd 76 bc aa 85 26 0e 01 b2 a3 af | bb 22 1b 9c | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= cb c5 b5 f0 c8 84 7d fe | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= cc d8 2d 4d c4 bd 76 bc aa 85 26 0e 01 b2 a3 af | natd_hash: hash= bb 22 1b 9c | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data cc d8 2d 4d c4 bd 76 bc aa 85 26 0e 01 b2 a3 af | Notify data bb 22 1b 9c | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | cb c5 b5 f0 c8 84 7d fe | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | a9 b7 c7 51 18 43 48 77 df e3 2c 8f 05 10 a4 b0 | 0d a2 9b 40 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= cb c5 b5 f0 c8 84 7d fe | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= a9 b7 c7 51 18 43 48 77 df e3 2c 8f 05 10 a4 b0 | natd_hash: hash= 0d a2 9b 40 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data a9 b7 c7 51 18 43 48 77 df e3 2c 8f 05 10 a4 b0 | Notify data 0d a2 9b 40 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | stop processing: state #19 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #19 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #19 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #19: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #19 to 4294967295 after switching state | Message ID: IKE #19 skipping update_recv as MD is fake | Message ID: sent #19 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "3des" #19: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 436 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | cb c5 b5 f0 c8 84 7d fe 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | c9 51 af 3e 93 c2 18 4d c6 9a 26 49 3a 7f 4c 33 | 45 77 e8 15 9a c9 d8 f0 0a 63 f6 d1 a2 a3 1e 1d | c3 c9 3d c5 9d 96 25 fd 50 48 c7 14 a1 cb c4 41 | 2e 63 c5 6a 87 fc 75 80 2f 93 fb 17 3e 6f e5 1b | f5 a9 4f 1c 07 e6 d1 51 1c 49 1f f3 f0 6b 84 71 | 7d e7 54 1d 73 a4 ce f5 47 24 ef e9 47 e5 1a c5 | c9 74 8e cd e6 7f 57 45 72 ed 14 22 78 fb c4 6b | b1 99 c2 a8 88 43 52 39 b8 1a ea 1d e1 41 da 9d | 99 4f 9f 66 d7 5d 8b 11 5c c4 79 9a 1c 8b 03 88 | a9 69 ef e8 a4 cf 97 f0 ce 5b 3b 30 c1 1e 54 ae | 54 e8 af f2 0a 87 4f 6e 32 45 e9 38 7a c7 16 30 | 14 2a 2c 9c ef ac a7 55 01 34 6c c3 3d 62 0c be | 25 ad da 1c e6 eb 34 4b 97 50 01 a5 56 92 ba f5 | 5a 1b 3b fe cb 39 9b 03 6c 36 0a 05 e5 29 c2 e9 | 83 db 88 62 5b c9 14 67 04 a7 7d 5e fe e6 bd c7 | 8f 0b d6 7f e3 24 56 c0 af 94 84 cd 40 68 e9 32 | 29 00 00 24 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 | b5 20 1f 50 57 cc b3 0b 96 29 01 2e 97 f1 db ed | 8a 08 d1 6b 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 cc d8 2d 4d c4 bd 76 bc aa 85 26 0e | 01 b2 a3 af bb 22 1b 9c 00 00 00 1c 00 00 40 05 | a9 b7 c7 51 18 43 48 77 df e3 2c 8f 05 10 a4 b0 | 0d a2 9b 40 | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5344005908 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "3des" #19: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5340002b78 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x5612128fe198 size 128 | #19 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10453.764938 | resume sending helper answer for #19 suppresed complete_v2_state_transition() and stole MD | #19 spent 0.525 milliseconds in resume sending helper answer | stop processing: state #19 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5348002888 | spent 0.00196 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | d1 78 1b 74 de 03 45 2e 07 51 a2 8e 70 a3 65 2d | 3f 74 cc 57 c4 34 da 0f bf e4 c6 fe 85 4e 84 b7 | ec 37 fe 8d 1f 09 80 95 2f 2d eb 0f 59 92 c4 17 | d3 f2 2b 43 37 89 f6 f1 5d 32 cf 58 19 fe dd b9 | 20 74 b6 79 01 8a 57 c1 6e 2e d9 16 66 bc d2 2e | a5 f0 20 b8 a5 52 43 ae 58 54 48 e4 ba 3a 73 2f | e3 1e 2d b0 3b 73 5b 3e b3 4f 1e 36 c4 22 4f 72 | 32 9d 32 04 4e 69 ee 4e b2 41 f3 49 85 2b e4 cd | be 2f 8d 62 ab 08 a3 5a 58 6d 65 64 81 df d4 59 | 4e 75 09 76 bd 1e 9d 97 7d d1 a3 ce d6 6d 6b 02 | 9a f4 5b ab 7c 34 26 ef d0 ad 5b e8 41 58 d6 15 | e4 d3 6a ac c5 0c 87 80 bd 0c 72 fe de ae 36 b0 | 7b c3 2d 43 29 48 84 1d c5 0d a0 6e 73 a1 d7 32 | 1e c6 c5 88 47 5c 6b 0c 19 ee 2e c1 b9 02 2e aa | 79 6f cb 4f e2 0c 73 f3 e3 27 5d b4 f4 d5 3e 9e | 6e 7d 35 42 48 98 14 48 3e 30 bd 64 41 3f 0b 40 | 29 00 00 24 3b 80 63 3c d1 0f f8 6e 33 25 95 ef | b1 16 20 16 22 30 1f 60 3c de 93 9c d7 47 06 90 | e8 5f 48 44 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 88 d6 01 e9 25 8f 4c 49 2b 22 fa cf | ea 53 7a 34 c5 a6 3c 68 00 00 00 1c 00 00 40 05 | 74 3e fe e0 9b 23 0a e9 f7 8c ea 32 cb b9 ed 69 | e8 60 f1 4f | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cb c5 b5 f0 c8 84 7d fe | responder cookie: | 10 8f 3c dd 34 67 78 f3 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #19 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #19 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #19 connection "3des" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #19 is idle | #19 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #19 IKE SPIi and SPI[ir] | #19 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | d1 78 1b 74 de 03 45 2e 07 51 a2 8e 70 a3 65 2d | 3f 74 cc 57 c4 34 da 0f bf e4 c6 fe 85 4e 84 b7 | ec 37 fe 8d 1f 09 80 95 2f 2d eb 0f 59 92 c4 17 | d3 f2 2b 43 37 89 f6 f1 5d 32 cf 58 19 fe dd b9 | 20 74 b6 79 01 8a 57 c1 6e 2e d9 16 66 bc d2 2e | a5 f0 20 b8 a5 52 43 ae 58 54 48 e4 ba 3a 73 2f | e3 1e 2d b0 3b 73 5b 3e b3 4f 1e 36 c4 22 4f 72 | 32 9d 32 04 4e 69 ee 4e b2 41 f3 49 85 2b e4 cd | be 2f 8d 62 ab 08 a3 5a 58 6d 65 64 81 df d4 59 | 4e 75 09 76 bd 1e 9d 97 7d d1 a3 ce d6 6d 6b 02 | 9a f4 5b ab 7c 34 26 ef d0 ad 5b e8 41 58 d6 15 | e4 d3 6a ac c5 0c 87 80 bd 0c 72 fe de ae 36 b0 | 7b c3 2d 43 29 48 84 1d c5 0d a0 6e 73 a1 d7 32 | 1e c6 c5 88 47 5c 6b 0c 19 ee 2e c1 b9 02 2e aa | 79 6f cb 4f e2 0c 73 f3 e3 27 5d b4 f4 d5 3e 9e | 6e 7d 35 42 48 98 14 48 3e 30 bd 64 41 3f 0b 40 | using existing local IKE proposals for connection 3des (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed60a0 (length 8) | cb c5 b5 f0 c8 84 7d fe | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed60a8 (length 8) | 10 8f 3c dd 34 67 78 f3 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6034 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6026 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed60b0 (length 20) | 74 3e fe e0 9b 23 0a e9 f7 8c ea 32 cb b9 ed 69 | e8 60 f1 4f | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= cb c5 b5 f0 c8 84 7d fe | natd_hash: rcookie= 10 8f 3c dd 34 67 78 f3 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 74 3e fe e0 9b 23 0a e9 f7 8c ea 32 cb b9 ed 69 | natd_hash: hash= e8 60 f1 4f | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed60a0 (length 8) | cb c5 b5 f0 c8 84 7d fe | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed60a8 (length 8) | 10 8f 3c dd 34 67 78 f3 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6034 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6026 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed60d0 (length 20) | 88 d6 01 e9 25 8f 4c 49 2b 22 fa cf ea 53 7a 34 | c5 a6 3c 68 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= cb c5 b5 f0 c8 84 7d fe | natd_hash: rcookie= 10 8f 3c dd 34 67 78 f3 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 88 d6 01 e9 25 8f 4c 49 2b 22 fa cf ea 53 7a 34 | natd_hash: hash= c5 a6 3c 68 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=3DES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f5348003828: transferring ownership from state #19 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 20 for state #19 | state #19 requesting EVENT_RETRANSMIT to be deleted | #19 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x5612128fe198 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5340002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f5348002888 size 128 | #19 spent 0.178 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #19 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #19 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #19 and saving MD | #19 is busy; has a suspended MD | [RE]START processing: state #19 connection "3des" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) | "3des" #19 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #19 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 0.334 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.341 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 5 resuming | crypto helper 5 starting work-order 20 for state #19 | crypto helper 5 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 20 | peer's g: d1 78 1b 74 de 03 45 2e 07 51 a2 8e 70 a3 65 2d | peer's g: 3f 74 cc 57 c4 34 da 0f bf e4 c6 fe 85 4e 84 b7 | peer's g: ec 37 fe 8d 1f 09 80 95 2f 2d eb 0f 59 92 c4 17 | peer's g: d3 f2 2b 43 37 89 f6 f1 5d 32 cf 58 19 fe dd b9 | peer's g: 20 74 b6 79 01 8a 57 c1 6e 2e d9 16 66 bc d2 2e | peer's g: a5 f0 20 b8 a5 52 43 ae 58 54 48 e4 ba 3a 73 2f | peer's g: e3 1e 2d b0 3b 73 5b 3e b3 4f 1e 36 c4 22 4f 72 | peer's g: 32 9d 32 04 4e 69 ee 4e b2 41 f3 49 85 2b e4 cd | peer's g: be 2f 8d 62 ab 08 a3 5a 58 6d 65 64 81 df d4 59 | peer's g: 4e 75 09 76 bd 1e 9d 97 7d d1 a3 ce d6 6d 6b 02 | peer's g: 9a f4 5b ab 7c 34 26 ef d0 ad 5b e8 41 58 d6 15 | peer's g: e4 d3 6a ac c5 0c 87 80 bd 0c 72 fe de ae 36 b0 | peer's g: 7b c3 2d 43 29 48 84 1d c5 0d a0 6e 73 a1 d7 32 | peer's g: 1e c6 c5 88 47 5c 6b 0c 19 ee 2e c1 b9 02 2e aa | peer's g: 79 6f cb 4f e2 0c 73 f3 e3 27 5d b4 f4 d5 3e 9e | peer's g: 6e 7d 35 42 48 98 14 48 3e 30 bd 64 41 3f 0b 40 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f534c00a0e0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f5348003828: computed shared DH secret key@0x7f534c00a0e0 | dh-shared : g^ir-key@0x7f534c00a0e0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=24 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f533c002fc8 (length 64) | 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e46e0 | result: Ni | Nr-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e46c8 | result: Ni | Nr-key@0x5612128e7c40 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x5612128e0610 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f533c001ef0 from Ni | Nr-key@0x5612128e7c40 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f533c001ef0 from Ni | Nr-key@0x5612128e7c40 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x5612128e7c40 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f533c002f28 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f534c00a0e0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f534c00a0e0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f534c00a0e0 | nss hmac digest hack: symkey-key@0x7f534c00a0e0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)293531842: 10 e1 e6 2c da 9b 1f a6 59 ab 3a e1 80 74 c6 f7 e2 83 1e ef 86 27 e0 4f 86 13 6e dc 49 15 c8 59 04 60 01 d7 33 57 37 5b 04 ce 1a c7 39 c4 45 1c 27 9e 06 21 56 31 6d 87 34 cc 7d b5 0b 72 13 83 c3 0f 62 13 7c f6 4c 4c ed f4 a4 e6 6c e8 08 4b f6 e0 0f dc d4 12 9b 82 28 6f 66 db be b7 54 b8 59 7d c2 a6 7a 96 4b 96 ee 17 b0 26 31 3d a1 0c f2 9f eb 8a 96 89 13 98 9f 5f ac c1 54 e0 5c 7c 4f b5 4f 98 48 31 eb 2f 93 67 24 19 71 c1 8e ac 62 9f 27 7e 67 9d 3e b4 4b 6e 2d cd 70 e4 5d 48 e3 4f 21 ff 28 b1 39 0c a5 84 08 80 d1 35 61 1a ee bf 0c e5 f0 93 21 e5 c1 d3 06 2b 1d 5b cb d4 31 3a 41 0b a8 40 27 9f 57 b8 c4 a1 22 1a d0 a6 26 25 8f 32 ac 7e 7b a0 f2 e9 22 76 49 91 68 97 ef b1 80 7f 3e 16 62 c2 f4 3c 3e 3f 18 c4 dd 25 98 95 74 f4 87 04 25 db 57 00 67 0b e9 77 08 57 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 256 bytes at 0x7f533c006678 | unwrapped: 98 74 62 01 3e 2f a5 59 f9 76 11 e4 d9 23 66 68 | unwrapped: 6f 05 29 b5 f1 0f 76 f8 f8 9b cf 74 f0 81 df d1 | unwrapped: 28 d5 8e 3d b9 e8 d3 97 3b a8 3f f8 83 4f e4 92 | unwrapped: 56 c6 75 b0 80 23 9c e5 1a 1d 25 ad 45 2a 0d 74 | unwrapped: d8 61 1e 80 3b 1c fc 7a 1f 89 01 cb 7a 93 01 9c | unwrapped: 8c eb 52 67 c0 24 7b 01 56 fd b1 08 fa e1 dd 16 | unwrapped: 18 fd 06 d8 ce 15 fb 22 3d e4 e4 3b 86 e8 7d 48 | unwrapped: 6e cc 0a bf 2c 10 c7 18 a4 b7 d4 29 8b d8 33 8b | unwrapped: fd c6 c3 87 97 2e a0 ca fa 3e fe 6b 6f 51 48 8a | unwrapped: ad cb fc c0 99 e0 d1 57 8f ac 37 f4 c4 47 67 3a | unwrapped: 6e 77 13 d4 31 a0 b7 4d f0 94 31 b1 05 a1 bc cd | unwrapped: f7 28 04 c6 3a b1 66 72 c4 8f b7 fd b6 ba ee 40 | unwrapped: b8 7c d0 c0 c7 db 2b cc 73 d1 59 0f 3f 01 41 e2 | unwrapped: 3f 11 6d 4b 64 bf 9f 28 00 9a 2f c5 14 90 46 8f | unwrapped: c1 9a 80 e2 0f b9 47 c3 6b 11 4d 91 89 57 1f 37 | unwrapped: 62 9f 2a 05 5c 83 50 f2 a1 27 66 7a 3f 3c e0 99 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4700 | result: final-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e0610 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e46e8 | result: final-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e0610 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x5612128e7c40 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4670 | result: data=Ni-key@0x5612128e9a80 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5612128e9a80 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4658 | result: data=Ni-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5612128e9a80 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e0610 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535b1e4660 | result: data+=Nr-key@0x5612128e9a80 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e0610 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e9a80 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535b1e4660 | result: data+=SPIi-key@0x5612128e0610 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e9a80 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e0610 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535b1e4660 | result: data+=SPIr-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e0610 | prf+0 PRF sha init key-key@0x5612128e7c40 (size 20) | prf+0: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4588 | result: clone-key@0x5612128e0610 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f533c001ef0 from key-key@0x5612128e0610 | prf+0 prf: begin sha with context 0x7f533c001ef0 from key-key@0x5612128e0610 | prf+0: release clone-key@0x5612128e0610 | prf+0 PRF sha crypt-prf@0x7f533c0030d8 | prf+0 PRF sha update seed-key@0x5612128e9a80 (size 80) | prf+0: seed-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 10 ed 82 74 c0 6c c4 44 00 98 d7 6a ed 35 74 be 70 aa fe 45 55 f5 5f d8 16 bf f8 b5 ae 5d 54 1a 43 03 65 fe d2 dd d3 43 d2 51 d6 3a 28 d7 cf 2a 81 86 4b 68 70 3a 0e 0a 3a 2f a9 b8 35 97 e3 9c fd c7 e6 50 11 9e f0 44 37 1d 56 80 02 a5 7e 9e | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f533c005338 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | unwrapped: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4590 | result: final-key@0x5612128e6190 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e6190 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4578 | result: final-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e6190 | prf+0 PRF sha final-key@0x5612128e0610 (size 20) | prf+0: key-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x5612128e0610 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f533c001ef0 from key-key@0x5612128e6190 | prf+N prf: begin sha with context 0x7f533c001ef0 from key-key@0x5612128e6190 | prf+N: release clone-key@0x5612128e6190 | prf+N PRF sha crypt-prf@0x7f533c005e88 | prf+N PRF sha update old_t-key@0x5612128e0610 (size 20) | prf+N: old_t-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 87 c1 ca 88 84 1b 79 e9 7d 3d be c0 01 bf e7 fe e1 b6 a3 cd a1 0c 1e 6a 53 78 78 6e 7e 68 51 ba | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f533c002f78 | unwrapped: 7b a1 f0 88 eb db 4f 1f 2e 42 2c ce b7 ea db 85 | unwrapped: 4a f4 3f 81 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e9a80 (size 80) | prf+N: seed-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 10 ed 82 74 c0 6c c4 44 00 98 d7 6a ed 35 74 be 70 aa fe 45 55 f5 5f d8 16 bf f8 b5 ae 5d 54 1a 43 03 65 fe d2 dd d3 43 d2 51 d6 3a 28 d7 cf 2a 81 86 4b 68 70 3a 0e 0a 3a 2f a9 b8 35 97 e3 9c fd c7 e6 50 11 9e f0 44 37 1d 56 80 02 a5 7e 9e | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f533c0052b8 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | unwrapped: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4590 | result: final-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x56121285f080 | prf+N PRF sha final-key@0x5612128e6190 (size 20) | prf+N: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535b1e4608 | result: result-key@0x56121285f080 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e0610 | prfplus: release old_t[N]-key@0x5612128e0610 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4588 | result: clone-key@0x5612128e0610 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f533c001ef0 from key-key@0x5612128e0610 | prf+N prf: begin sha with context 0x7f533c001ef0 from key-key@0x5612128e0610 | prf+N: release clone-key@0x5612128e0610 | prf+N PRF sha crypt-prf@0x7f533c0030d8 | prf+N PRF sha update old_t-key@0x5612128e6190 (size 20) | prf+N: old_t-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 3a 60 61 b8 26 c7 03 02 42 cc 05 34 e2 a2 99 23 da 69 4c f2 56 e4 41 38 4b 49 df ac c2 1f 00 50 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f533c002f28 | unwrapped: 6e 11 99 cf a8 3e dd b4 38 57 da ae 73 0a de 5d | unwrapped: b3 33 c6 4b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e9a80 (size 80) | prf+N: seed-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 10 ed 82 74 c0 6c c4 44 00 98 d7 6a ed 35 74 be 70 aa fe 45 55 f5 5f d8 16 bf f8 b5 ae 5d 54 1a 43 03 65 fe d2 dd d3 43 d2 51 d6 3a 28 d7 cf 2a 81 86 4b 68 70 3a 0e 0a 3a 2f a9 b8 35 97 e3 9c fd c7 e6 50 11 9e f0 44 37 1d 56 80 02 a5 7e 9e | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f533c005338 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | unwrapped: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4590 | result: final-key@0x5612128ffbc0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128ffbc0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4578 | result: final-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128ffbc0 | prf+N PRF sha final-key@0x5612128e0610 (size 20) | prf+N: key-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285f080 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535b1e4608 | result: result-key@0x5612128ffbc0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x56121285f080 | prfplus: release old_t[N]-key@0x5612128e6190 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f533c001ef0 from key-key@0x5612128e6190 | prf+N prf: begin sha with context 0x7f533c001ef0 from key-key@0x5612128e6190 | prf+N: release clone-key@0x5612128e6190 | prf+N PRF sha crypt-prf@0x7f533c002f78 | prf+N PRF sha update old_t-key@0x5612128e0610 (size 20) | prf+N: old_t-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 54 40 e7 12 e5 18 61 6d c2 93 87 31 92 b2 f3 7d ab be 78 b2 c1 cc c5 11 14 87 16 00 bc ee 86 41 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f533c003a78 | unwrapped: 6d c9 5c 38 1f 2c 0d 26 7d 45 df 9d 6b 33 6f 66 | unwrapped: dd 45 cb 4d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e9a80 (size 80) | prf+N: seed-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 10 ed 82 74 c0 6c c4 44 00 98 d7 6a ed 35 74 be 70 aa fe 45 55 f5 5f d8 16 bf f8 b5 ae 5d 54 1a 43 03 65 fe d2 dd d3 43 d2 51 d6 3a 28 d7 cf 2a 81 86 4b 68 70 3a 0e 0a 3a 2f a9 b8 35 97 e3 9c fd c7 e6 50 11 9e f0 44 37 1d 56 80 02 a5 7e 9e | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f533c0052b8 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | unwrapped: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4590 | result: final-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x56121285f080 | prf+N PRF sha final-key@0x5612128e6190 (size 20) | prf+N: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128ffbc0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535b1e4608 | result: result-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128ffbc0 | prfplus: release old_t[N]-key@0x5612128e0610 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4588 | result: clone-key@0x5612128e0610 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f533c001ef0 from key-key@0x5612128e0610 | prf+N prf: begin sha with context 0x7f533c001ef0 from key-key@0x5612128e0610 | prf+N: release clone-key@0x5612128e0610 | prf+N PRF sha crypt-prf@0x7f533c005e88 | prf+N PRF sha update old_t-key@0x5612128e6190 (size 20) | prf+N: old_t-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 88 80 4f 54 aa d7 0f 73 b7 82 db 5e fd 3c d7 91 e1 2b 66 a8 d7 84 b6 55 f3 76 dc 87 16 d1 09 3d | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f533c002f28 | unwrapped: 4e 3c b6 86 9a b2 14 6f 2e 29 47 e0 82 a2 4e 4c | unwrapped: 6c 46 a5 80 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e9a80 (size 80) | prf+N: seed-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 10 ed 82 74 c0 6c c4 44 00 98 d7 6a ed 35 74 be 70 aa fe 45 55 f5 5f d8 16 bf f8 b5 ae 5d 54 1a 43 03 65 fe d2 dd d3 43 d2 51 d6 3a 28 d7 cf 2a 81 86 4b 68 70 3a 0e 0a 3a 2f a9 b8 35 97 e3 9c fd c7 e6 50 11 9e f0 44 37 1d 56 80 02 a5 7e 9e | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f533c005338 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | unwrapped: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4590 | result: final-key@0x5612128ffbc0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128ffbc0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4578 | result: final-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128ffbc0 | prf+N PRF sha final-key@0x5612128e0610 (size 20) | prf+N: key-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285f080 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535b1e4608 | result: result-key@0x5612128ffbc0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x56121285f080 | prfplus: release old_t[N]-key@0x5612128e6190 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f533c005510 from key-key@0x5612128e6190 | prf+N prf: begin sha with context 0x7f533c005510 from key-key@0x5612128e6190 | prf+N: release clone-key@0x5612128e6190 | prf+N PRF sha crypt-prf@0x7f533c0030d8 | prf+N PRF sha update old_t-key@0x5612128e0610 (size 20) | prf+N: old_t-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: c3 cb b5 49 ac e0 73 4f a0 43 ae c1 4e bd 2e f1 bc e7 1d 3f 00 49 3b 27 fe e9 e9 37 58 97 b3 72 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f533c002f78 | unwrapped: 02 b4 13 ac 7a 49 e1 5a 53 f9 14 b8 9d 34 5e ff | unwrapped: 57 f4 6b 77 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e9a80 (size 80) | prf+N: seed-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 10 ed 82 74 c0 6c c4 44 00 98 d7 6a ed 35 74 be 70 aa fe 45 55 f5 5f d8 16 bf f8 b5 ae 5d 54 1a 43 03 65 fe d2 dd d3 43 d2 51 d6 3a 28 d7 cf 2a 81 86 4b 68 70 3a 0e 0a 3a 2f a9 b8 35 97 e3 9c fd c7 e6 50 11 9e f0 44 37 1d 56 80 02 a5 7e 9e | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f533c0052b8 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | unwrapped: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4590 | result: final-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x56121285f080 | prf+N PRF sha final-key@0x5612128e6190 (size 20) | prf+N: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128ffbc0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535b1e4608 | result: result-key@0x56121285f080 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128ffbc0 | prfplus: release old_t[N]-key@0x5612128e0610 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4588 | result: clone-key@0x5612128e0610 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f533c001ef0 from key-key@0x5612128e0610 | prf+N prf: begin sha with context 0x7f533c001ef0 from key-key@0x5612128e0610 | prf+N: release clone-key@0x5612128e0610 | prf+N PRF sha crypt-prf@0x7f533c005e88 | prf+N PRF sha update old_t-key@0x5612128e6190 (size 20) | prf+N: old_t-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 0b 57 bb e1 f9 ca d8 4e f1 99 cf 46 2f 11 4b 40 95 6a 18 a2 01 c1 39 0c 50 a2 4b a2 78 b6 ce ec | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f533c002f28 | unwrapped: 13 aa d9 53 3f 82 69 36 65 38 78 ac 46 70 05 91 | unwrapped: bf 11 a2 2c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e9a80 (size 80) | prf+N: seed-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 10 ed 82 74 c0 6c c4 44 00 98 d7 6a ed 35 74 be 70 aa fe 45 55 f5 5f d8 16 bf f8 b5 ae 5d 54 1a 43 03 65 fe d2 dd d3 43 d2 51 d6 3a 28 d7 cf 2a 81 86 4b 68 70 3a 0e 0a 3a 2f a9 b8 35 97 e3 9c fd c7 e6 50 11 9e f0 44 37 1d 56 80 02 a5 7e 9e | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f533c006468 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | unwrapped: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4590 | result: final-key@0x5612128ffbc0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128ffbc0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4578 | result: final-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128ffbc0 | prf+N PRF sha final-key@0x5612128e0610 (size 20) | prf+N: key-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285f080 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535b1e4608 | result: result-key@0x5612128ffbc0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x56121285f080 | prfplus: release old_t[N]-key@0x5612128e6190 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f533c001ef0 from key-key@0x5612128e6190 | prf+N prf: begin sha with context 0x7f533c001ef0 from key-key@0x5612128e6190 | prf+N: release clone-key@0x5612128e6190 | prf+N PRF sha crypt-prf@0x7f533c0030d8 | prf+N PRF sha update old_t-key@0x5612128e0610 (size 20) | prf+N: old_t-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 9b 44 91 81 ef 53 d2 ca 7e 82 25 01 de 45 9b 6a fd 35 38 3a 1c 48 d0 41 8c 19 d7 3a 1f 48 c2 fb | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f533c002f78 | unwrapped: 5e d0 56 f0 8a bb 1b 18 0d cb 66 81 25 8d 1a f6 | unwrapped: 60 11 a3 61 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e9a80 (size 80) | prf+N: seed-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 10 ed 82 74 c0 6c c4 44 00 98 d7 6a ed 35 74 be 70 aa fe 45 55 f5 5f d8 16 bf f8 b5 ae 5d 54 1a 43 03 65 fe d2 dd d3 43 d2 51 d6 3a 28 d7 cf 2a 81 86 4b 68 70 3a 0e 0a 3a 2f a9 b8 35 97 e3 9c fd c7 e6 50 11 9e f0 44 37 1d 56 80 02 a5 7e 9e | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f533c005338 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | unwrapped: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | prf+N PRF sha update N++-byte@0x8 (8) | 08 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535b1e4590 | result: final-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e4578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x56121285f080 | prf+N PRF sha final-key@0x5612128e6190 (size 20) | prf+N: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128ffbc0 (140-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535b1e4608 | result: result-key@0x56121285f080 (160-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128ffbc0 | prfplus: release old_t[N]-key@0x5612128e0610 | prfplus: release old_t[final]-key@0x5612128e6190 | ike_sa_keymat: release data-key@0x5612128e9a80 | calc_skeyseed_v2: release skeyseed_k-key@0x5612128e7c40 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x56121285f080 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e47a8 | result: result-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x56121285f080 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e47a8 | result: result-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x56121285f080 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e47a8 | result: result-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x56121285f080 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e47b8 | result: SK_ei_k-key@0x5612128e0610 (24-bytes, DES3_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 84, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x56121285f080 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e47b8 | result: SK_er_k-key@0x5612128ffbc0 (24-bytes, DES3_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 108, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x56121285f080 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e47b8 | result: result-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f534c006bb0 | chunk_SK_pi: symkey-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: f5 ec 90 eb 16 1c da 65 c4 6c d1 9c 42 37 66 e6 1d 25 58 b2 f2 93 e6 e3 d8 39 8c 4f 02 34 94 d2 | chunk_SK_pi: release slot-key-key@0x5612128e2eb0 | chunk_SK_pi extracted len 32 bytes at 0x7f533c005e88 | unwrapped: 65 38 78 ac 46 70 05 91 bf 11 a2 2c 5e d0 56 f0 | unwrapped: 8a bb 1b 18 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 128, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x56121285f080 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535b1e47b8 | result: result-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f534c00d840 | chunk_SK_pr: symkey-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 24 34 d7 c9 0b c1 59 81 0d b8 50 0c ae 83 1f ca 3b 88 d5 23 e8 cc bd 48 aa 77 f8 29 fd 5b 7a b4 | chunk_SK_pr: release slot-key-key@0x5612128e2eb0 | chunk_SK_pr extracted len 32 bytes at 0x7f533c002f78 | unwrapped: 0d cb 66 81 25 8d 1a f6 60 11 a3 61 07 3b ff d5 | unwrapped: 79 14 8e c1 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x56121285f080 | calc_skeyseed_v2 pointers: shared-key@0x7f534c00a0e0, SK_d-key@0x5612128e7c40, SK_ai-key@0x5612128e9a80, SK_ar-key@0x5612128e6190, SK_ei-key@0x5612128e0610, SK_er-key@0x5612128ffbc0, SK_pi-key@0x7f534c006bb0, SK_pr-key@0x7f534c00d840 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 65 38 78 ac 46 70 05 91 bf 11 a2 2c 5e d0 56 f0 | 8a bb 1b 18 | calc_skeyseed_v2 SK_pr | 0d cb 66 81 25 8d 1a f6 60 11 a3 61 07 3b ff d5 | 79 14 8e c1 | crypto helper 5 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 20 time elapsed 0.001962 seconds | (#19) spent 1.94 milliseconds in crypto helper computing work-order 20: ikev2_inR1outI2 KE (pcr) | crypto helper 5 sending results from work-order 20 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7f533c005088 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #19 | start processing: state #19 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 20 | calling continuation function 0x561211773b50 | ikev2_parent_inR1outI2_continue for #19: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f5348003828: transferring ownership from helper IKEv2 DH to state #19 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #20 at 0x5612129063e8 | State DB: adding IKEv2 state #20 in UNDEFINED | pstats #20 ikev2.child started | duplicating state object #19 "3des" as #20 for IPSEC SA | #20 setting local endpoint to 192.1.2.45:500 from #19.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x5612128e7c40 | duplicate_state: reference st_skey_ai_nss-key@0x5612128e9a80 | duplicate_state: reference st_skey_ar_nss-key@0x5612128e6190 | duplicate_state: reference st_skey_ei_nss-key@0x5612128e0610 | duplicate_state: reference st_skey_er_nss-key@0x5612128ffbc0 | duplicate_state: reference st_skey_pi_nss-key@0x7f534c006bb0 | duplicate_state: reference st_skey_pr_nss-key@0x7f534c00d840 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #19.#20; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #19 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #19.#20 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f5348002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f5340002b78 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f5348002888 size 128 | parent state #19: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | cb c5 b5 f0 c8 84 7d fe | responder cookie: | 10 8f 3c dd 34 67 78 f3 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x7f534c006bb0 (size 20) | hmac: symkey-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed6138 | result: clone-key@0x56121285f080 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5344002b50 from symkey-key@0x56121285f080 | hmac prf: begin sha with context 0x7f5344002b50 from symkey-key@0x56121285f080 | hmac: release clone-key@0x56121285f080 | hmac PRF sha crypt-prf@0x5612128fbc38 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x5612118718ec (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffe4aed64d0 (length 20) | 0c ad 70 d0 fa 28 d8 2e 33 40 51 ff b6 8e 7c 25 | 99 43 1b 5f | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x561212854c48 (line=1) | concluding with best_match=014 best=0x561212854c48 (lineno=1) | inputs to hash1 (first packet) | cb c5 b5 f0 c8 84 7d fe 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | c9 51 af 3e 93 c2 18 4d c6 9a 26 49 3a 7f 4c 33 | 45 77 e8 15 9a c9 d8 f0 0a 63 f6 d1 a2 a3 1e 1d | c3 c9 3d c5 9d 96 25 fd 50 48 c7 14 a1 cb c4 41 | 2e 63 c5 6a 87 fc 75 80 2f 93 fb 17 3e 6f e5 1b | f5 a9 4f 1c 07 e6 d1 51 1c 49 1f f3 f0 6b 84 71 | 7d e7 54 1d 73 a4 ce f5 47 24 ef e9 47 e5 1a c5 | c9 74 8e cd e6 7f 57 45 72 ed 14 22 78 fb c4 6b | b1 99 c2 a8 88 43 52 39 b8 1a ea 1d e1 41 da 9d | 99 4f 9f 66 d7 5d 8b 11 5c c4 79 9a 1c 8b 03 88 | a9 69 ef e8 a4 cf 97 f0 ce 5b 3b 30 c1 1e 54 ae | 54 e8 af f2 0a 87 4f 6e 32 45 e9 38 7a c7 16 30 | 14 2a 2c 9c ef ac a7 55 01 34 6c c3 3d 62 0c be | 25 ad da 1c e6 eb 34 4b 97 50 01 a5 56 92 ba f5 | 5a 1b 3b fe cb 39 9b 03 6c 36 0a 05 e5 29 c2 e9 | 83 db 88 62 5b c9 14 67 04 a7 7d 5e fe e6 bd c7 | 8f 0b d6 7f e3 24 56 c0 af 94 84 cd 40 68 e9 32 | 29 00 00 24 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 | b5 20 1f 50 57 cc b3 0b 96 29 01 2e 97 f1 db ed | 8a 08 d1 6b 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 cc d8 2d 4d c4 bd 76 bc aa 85 26 0e | 01 b2 a3 af bb 22 1b 9c 00 00 00 1c 00 00 40 05 | a9 b7 c7 51 18 43 48 77 df e3 2c 8f 05 10 a4 b0 | 0d a2 9b 40 | create: initiator inputs to hash2 (responder nonce) | 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | idhash 0c ad 70 d0 fa 28 d8 2e 33 40 51 ff b6 8e 7c 25 | idhash 99 43 1b 5f | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5612128e2e08 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5f20 | result: shared secret-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f08 | result: shared secret-key@0x56121285f080 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f5344002b50 from shared secret-key@0x56121285f080 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f5344002b50 from shared secret-key@0x56121285f080 | = prf(,"Key Pad for IKEv2"): release clone-key@0x56121285f080 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5612128fbf78 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5612118064d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5f40 | result: final-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f28 | result: final-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x56121285f080 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x56121285f080 (size 20) | = prf(, ): -key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f38 | result: clone-key@0x5612128fa5c0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f5344002b50 from -key@0x5612128fa5c0 | = prf(, ) prf: begin sha with context 0x7f5344002b50 from -key@0x5612128fa5c0 | = prf(, ): release clone-key@0x5612128fa5c0 | = prf(, ) PRF sha crypt-prf@0x5612128fbc38 | = prf(, ) PRF sha update first-packet-bytes@0x5612128fe5e8 (length 436) | cb c5 b5 f0 c8 84 7d fe 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | c9 51 af 3e 93 c2 18 4d c6 9a 26 49 3a 7f 4c 33 | 45 77 e8 15 9a c9 d8 f0 0a 63 f6 d1 a2 a3 1e 1d | c3 c9 3d c5 9d 96 25 fd 50 48 c7 14 a1 cb c4 41 | 2e 63 c5 6a 87 fc 75 80 2f 93 fb 17 3e 6f e5 1b | f5 a9 4f 1c 07 e6 d1 51 1c 49 1f f3 f0 6b 84 71 | 7d e7 54 1d 73 a4 ce f5 47 24 ef e9 47 e5 1a c5 | c9 74 8e cd e6 7f 57 45 72 ed 14 22 78 fb c4 6b | b1 99 c2 a8 88 43 52 39 b8 1a ea 1d e1 41 da 9d | 99 4f 9f 66 d7 5d 8b 11 5c c4 79 9a 1c 8b 03 88 | a9 69 ef e8 a4 cf 97 f0 ce 5b 3b 30 c1 1e 54 ae | 54 e8 af f2 0a 87 4f 6e 32 45 e9 38 7a c7 16 30 | 14 2a 2c 9c ef ac a7 55 01 34 6c c3 3d 62 0c be | 25 ad da 1c e6 eb 34 4b 97 50 01 a5 56 92 ba f5 | 5a 1b 3b fe cb 39 9b 03 6c 36 0a 05 e5 29 c2 e9 | 83 db 88 62 5b c9 14 67 04 a7 7d 5e fe e6 bd c7 | 8f 0b d6 7f e3 24 56 c0 af 94 84 cd 40 68 e9 32 | 29 00 00 24 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 | b5 20 1f 50 57 cc b3 0b 96 29 01 2e 97 f1 db ed | 8a 08 d1 6b 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 cc d8 2d 4d c4 bd 76 bc aa 85 26 0e | 01 b2 a3 af bb 22 1b 9c 00 00 00 1c 00 00 40 05 | a9 b7 c7 51 18 43 48 77 df e3 2c 8f 05 10 a4 b0 | 0d a2 9b 40 | = prf(, ) PRF sha update nonce-bytes@0x561212900298 (length 32) | 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | = prf(, ) PRF sha update hash-bytes@0x7ffe4aed64d0 (length 20) | 0c ad 70 d0 fa 28 d8 2e 33 40 51 ff b6 8e 7c 25 | 99 43 1b 5f | = prf(, ) PRF sha final-chunk@0x5612128fbd28 (length 20) | cb c2 b6 8e a3 11 2b ff 5e 74 e0 a2 54 13 81 6c | 93 ba 39 fe | psk_auth: release prf-psk-key@0x56121285f080 | PSK auth octets cb c2 b6 8e a3 11 2b ff 5e 74 e0 a2 54 13 81 6c | PSK auth octets 93 ba 39 fe | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth cb c2 b6 8e a3 11 2b ff 5e 74 e0 a2 54 13 81 6c | PSK auth 93 ba 39 fe | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #19 | netlink_get_spi: allocated 0xbffb9c9f for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for 3des (IKE SA initiator emitting ESP/AH proposals) | converting proposal 3DES_CBC-HMAC_SHA1_96-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_ESP 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "3des": constructed local ESP/AH proposals for 3des (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi bf fb 9c 9f | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 168 | emitting length of ISAKMP Message: 196 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | db d3 12 5b 7b ef 79 35 | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | cb c2 b6 8e a3 11 2b ff 5e 74 e0 a2 54 13 81 6c | 93 ba 39 fe 2c 00 00 28 00 00 00 24 01 03 04 03 | bf fb 9c 9f 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 35 e4 db 34 30 9e 20 93 46 f5 d6 d9 84 fe 7a f4 | 15 14 58 00 27 fa 86 2f cb cc 7f 52 e2 e3 c9 7e | 18 15 37 58 3e 34 29 95 18 f4 4d ee aa 31 ad d1 | 04 38 03 6a 36 88 37 9d 8b d8 fc 72 be 0f f7 c6 | 3d b0 b8 6b 7a 72 2e 1b 61 b7 d3 a3 7c 93 fa f9 | dc da 5c c9 c4 82 4c 3f 69 c7 34 9e bb 50 85 c3 | 6f c3 f1 98 54 c5 be 3b e6 3a a2 73 78 52 11 bd | 3b 8e a2 45 0a 34 66 4b cf e6 f6 5e e6 34 70 72 | 9a e9 22 55 c6 9f 61 1c f6 4c 9d a5 7d ad ac c8 | hmac PRF sha init symkey-key@0x5612128e9a80 (size 20) | hmac: symkey-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed6048 | result: clone-key@0x56121285f080 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5344002b50 from symkey-key@0x56121285f080 | hmac prf: begin sha with context 0x7f5344002b50 from symkey-key@0x56121285f080 | hmac: release clone-key@0x56121285f080 | hmac PRF sha crypt-prf@0x5612128fbf78 | hmac PRF sha update data-bytes@0x5612118718c0 (length 184) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | db d3 12 5b 7b ef 79 35 35 e4 db 34 30 9e 20 93 | 46 f5 d6 d9 84 fe 7a f4 15 14 58 00 27 fa 86 2f | cb cc 7f 52 e2 e3 c9 7e 18 15 37 58 3e 34 29 95 | 18 f4 4d ee aa 31 ad d1 04 38 03 6a 36 88 37 9d | 8b d8 fc 72 be 0f f7 c6 3d b0 b8 6b 7a 72 2e 1b | 61 b7 d3 a3 7c 93 fa f9 dc da 5c c9 c4 82 4c 3f | 69 c7 34 9e bb 50 85 c3 6f c3 f1 98 54 c5 be 3b | e6 3a a2 73 78 52 11 bd 3b 8e a2 45 0a 34 66 4b | cf e6 f6 5e e6 34 70 72 9a e9 22 55 c6 9f 61 1c | f6 4c 9d a5 7d ad ac c8 | hmac PRF sha final-bytes@0x561211871978 (length 20) | 2a 6c 28 11 e3 63 c1 ca fe 71 36 d5 82 62 64 4d | fd 40 33 db | data being hmac: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | data being hmac: db d3 12 5b 7b ef 79 35 35 e4 db 34 30 9e 20 93 | data being hmac: 46 f5 d6 d9 84 fe 7a f4 15 14 58 00 27 fa 86 2f | data being hmac: cb cc 7f 52 e2 e3 c9 7e 18 15 37 58 3e 34 29 95 | data being hmac: 18 f4 4d ee aa 31 ad d1 04 38 03 6a 36 88 37 9d | data being hmac: 8b d8 fc 72 be 0f f7 c6 3d b0 b8 6b 7a 72 2e 1b | data being hmac: 61 b7 d3 a3 7c 93 fa f9 dc da 5c c9 c4 82 4c 3f | data being hmac: 69 c7 34 9e bb 50 85 c3 6f c3 f1 98 54 c5 be 3b | data being hmac: e6 3a a2 73 78 52 11 bd 3b 8e a2 45 0a 34 66 4b | data being hmac: cf e6 f6 5e e6 34 70 72 9a e9 22 55 c6 9f 61 1c | data being hmac: f6 4c 9d a5 7d ad ac c8 | out calculated auth: | 2a 6c 28 11 e3 63 c1 ca fe 71 36 d5 | suspend processing: state #19 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #20 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #20 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #20: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #20 to 0 after switching state | Message ID: recv #19.#20 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #19.#20 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "3des" #20: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=3DES_CBC_192 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 196 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | db d3 12 5b 7b ef 79 35 35 e4 db 34 30 9e 20 93 | 46 f5 d6 d9 84 fe 7a f4 15 14 58 00 27 fa 86 2f | cb cc 7f 52 e2 e3 c9 7e 18 15 37 58 3e 34 29 95 | 18 f4 4d ee aa 31 ad d1 04 38 03 6a 36 88 37 9d | 8b d8 fc 72 be 0f f7 c6 3d b0 b8 6b 7a 72 2e 1b | 61 b7 d3 a3 7c 93 fa f9 dc da 5c c9 c4 82 4c 3f | 69 c7 34 9e bb 50 85 c3 6f c3 f1 98 54 c5 be 3b | e6 3a a2 73 78 52 11 bd 3b 8e a2 45 0a 34 66 4b | cf e6 f6 5e e6 34 70 72 9a e9 22 55 c6 9f 61 1c | f6 4c 9d a5 7d ad ac c8 2a 6c 28 11 e3 63 c1 ca | fe 71 36 d5 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "3des" #20: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5344002b78 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #20 | libevent_malloc: new ptr-libevent@0x5612128fe198 size 128 | #20 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10453.769773 | resume sending helper answer for #19 suppresed complete_v2_state_transition() | #19 spent 0.743 milliseconds in resume sending helper answer | stop processing: state #20 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f533c005088 | spent 0.00247 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 188 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 38 9c bc b8 05 29 cd 14 04 38 c0 75 a1 67 34 f2 | 4f e5 65 8c ef ff 4f a0 c1 9d 0a 6a 8b b5 37 0a | c1 e4 5e e9 7d 04 15 40 82 6f 07 f7 e3 fb 5a 8f | fa df 1b 20 a2 b7 aa 9d 04 74 f8 dc 0f 93 e5 76 | df 0c 15 63 95 a6 35 55 da 3b 86 fa a4 45 25 63 | 26 63 52 e7 fc 89 78 ff fe e3 cf c8 81 7d 2e 3a | 40 d4 db ae 96 ee d3 01 8d 1d 95 c7 4e 42 48 5a | 1b 82 f8 8f e8 66 05 3d 2e 78 84 c5 87 d5 c8 6d | c3 09 31 1c a9 d1 41 dd ad 46 1a 26 f3 60 14 b7 | 9b 72 82 d5 08 c7 27 b7 c7 27 20 f6 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cb c5 b5 f0 c8 84 7d fe | responder cookie: | 10 8f 3c dd 34 67 78 f3 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 188 (0xbc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #19 in PARENT_I2 (find_v2_ike_sa) | start processing: state #19 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #20 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #19 connection "3des" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | start processing: state #20 connection "3des" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #20 is idle | #20 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 160 (0xa0) | processing payload: ISAKMP_NEXT_v2SK (len=156) | #20 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x5612128e6190 (size 20) | hmac: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5e98 | result: clone-key@0x56121285f080 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5350002b50 from symkey-key@0x56121285f080 | hmac prf: begin sha with context 0x7f5350002b50 from symkey-key@0x56121285f080 | hmac: release clone-key@0x56121285f080 | hmac PRF sha crypt-prf@0x5612128fbc38 | hmac PRF sha update data-bytes@0x561212901bf8 (length 176) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 38 9c bc b8 05 29 cd 14 04 38 c0 75 a1 67 34 f2 | 4f e5 65 8c ef ff 4f a0 c1 9d 0a 6a 8b b5 37 0a | c1 e4 5e e9 7d 04 15 40 82 6f 07 f7 e3 fb 5a 8f | fa df 1b 20 a2 b7 aa 9d 04 74 f8 dc 0f 93 e5 76 | df 0c 15 63 95 a6 35 55 da 3b 86 fa a4 45 25 63 | 26 63 52 e7 fc 89 78 ff fe e3 cf c8 81 7d 2e 3a | 40 d4 db ae 96 ee d3 01 8d 1d 95 c7 4e 42 48 5a | 1b 82 f8 8f e8 66 05 3d 2e 78 84 c5 87 d5 c8 6d | c3 09 31 1c a9 d1 41 dd ad 46 1a 26 f3 60 14 b7 | hmac PRF sha final-bytes@0x7ffe4aed6060 (length 20) | 9b 72 82 d5 08 c7 27 b7 c7 27 20 f6 ca 88 8d 93 | b5 35 75 1f | data for hmac: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | data for hmac: 38 9c bc b8 05 29 cd 14 04 38 c0 75 a1 67 34 f2 | data for hmac: 4f e5 65 8c ef ff 4f a0 c1 9d 0a 6a 8b b5 37 0a | data for hmac: c1 e4 5e e9 7d 04 15 40 82 6f 07 f7 e3 fb 5a 8f | data for hmac: fa df 1b 20 a2 b7 aa 9d 04 74 f8 dc 0f 93 e5 76 | data for hmac: df 0c 15 63 95 a6 35 55 da 3b 86 fa a4 45 25 63 | data for hmac: 26 63 52 e7 fc 89 78 ff fe e3 cf c8 81 7d 2e 3a | data for hmac: 40 d4 db ae 96 ee d3 01 8d 1d 95 c7 4e 42 48 5a | data for hmac: 1b 82 f8 8f e8 66 05 3d 2e 78 84 c5 87 d5 c8 6d | data for hmac: c3 09 31 1c a9 d1 41 dd ad 46 1a 26 f3 60 14 b7 | calculated auth: 9b 72 82 d5 08 c7 27 b7 c7 27 20 f6 | provided auth: 9b 72 82 d5 08 c7 27 b7 c7 27 20 f6 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 38 9c bc b8 05 29 cd 14 | payload before decryption: | 04 38 c0 75 a1 67 34 f2 4f e5 65 8c ef ff 4f a0 | c1 9d 0a 6a 8b b5 37 0a c1 e4 5e e9 7d 04 15 40 | 82 6f 07 f7 e3 fb 5a 8f fa df 1b 20 a2 b7 aa 9d | 04 74 f8 dc 0f 93 e5 76 df 0c 15 63 95 a6 35 55 | da 3b 86 fa a4 45 25 63 26 63 52 e7 fc 89 78 ff | fe e3 cf c8 81 7d 2e 3a 40 d4 db ae 96 ee d3 01 | 8d 1d 95 c7 4e 42 48 5a 1b 82 f8 8f e8 66 05 3d | 2e 78 84 c5 87 d5 c8 6d c3 09 31 1c a9 d1 41 dd | ad 46 1a 26 f3 60 14 b7 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 9c a9 a8 72 c7 03 b1 48 cd 07 ca 73 | 03 4e 0c 70 f8 e4 12 41 2c 00 00 28 00 00 00 24 | 01 03 04 03 26 f3 df 92 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #20 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "3des" #20: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x7f534c00d840 (size 20) | hmac: symkey-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00d840 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5fc8 | result: clone-key@0x56121285f080 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5350002b50 from symkey-key@0x56121285f080 | hmac prf: begin sha with context 0x7f5350002b50 from symkey-key@0x56121285f080 | hmac: release clone-key@0x56121285f080 | hmac PRF sha crypt-prf@0x5612128fbf78 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x561212901c24 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffe4aed6120 (length 20) | c0 6f 99 84 67 10 70 86 16 15 34 00 0c d1 b0 24 | 37 2f b6 18 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x561212854c48 (line=1) | concluding with best_match=014 best=0x561212854c48 (lineno=1) | inputs to hash1 (first packet) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | d1 78 1b 74 de 03 45 2e 07 51 a2 8e 70 a3 65 2d | 3f 74 cc 57 c4 34 da 0f bf e4 c6 fe 85 4e 84 b7 | ec 37 fe 8d 1f 09 80 95 2f 2d eb 0f 59 92 c4 17 | d3 f2 2b 43 37 89 f6 f1 5d 32 cf 58 19 fe dd b9 | 20 74 b6 79 01 8a 57 c1 6e 2e d9 16 66 bc d2 2e | a5 f0 20 b8 a5 52 43 ae 58 54 48 e4 ba 3a 73 2f | e3 1e 2d b0 3b 73 5b 3e b3 4f 1e 36 c4 22 4f 72 | 32 9d 32 04 4e 69 ee 4e b2 41 f3 49 85 2b e4 cd | be 2f 8d 62 ab 08 a3 5a 58 6d 65 64 81 df d4 59 | 4e 75 09 76 bd 1e 9d 97 7d d1 a3 ce d6 6d 6b 02 | 9a f4 5b ab 7c 34 26 ef d0 ad 5b e8 41 58 d6 15 | e4 d3 6a ac c5 0c 87 80 bd 0c 72 fe de ae 36 b0 | 7b c3 2d 43 29 48 84 1d c5 0d a0 6e 73 a1 d7 32 | 1e c6 c5 88 47 5c 6b 0c 19 ee 2e c1 b9 02 2e aa | 79 6f cb 4f e2 0c 73 f3 e3 27 5d b4 f4 d5 3e 9e | 6e 7d 35 42 48 98 14 48 3e 30 bd 64 41 3f 0b 40 | 29 00 00 24 3b 80 63 3c d1 0f f8 6e 33 25 95 ef | b1 16 20 16 22 30 1f 60 3c de 93 9c d7 47 06 90 | e8 5f 48 44 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 88 d6 01 e9 25 8f 4c 49 2b 22 fa cf | ea 53 7a 34 c5 a6 3c 68 00 00 00 1c 00 00 40 05 | 74 3e fe e0 9b 23 0a e9 f7 8c ea 32 cb b9 ed 69 | e8 60 f1 4f | verify: initiator inputs to hash2 (initiator nonce) | 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | idhash c0 6f 99 84 67 10 70 86 16 15 34 00 0c d1 b0 24 | idhash 37 2f b6 18 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5612128e2e08 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dc0 | result: shared secret-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5da8 | result: shared secret-key@0x56121285f080 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f5350002b50 from shared secret-key@0x56121285f080 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f5350002b50 from shared secret-key@0x56121285f080 | = prf(,"Key Pad for IKEv2"): release clone-key@0x56121285f080 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5612128fbc38 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5612118064d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5de0 | result: final-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: final-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x56121285f080 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x56121285f080 (size 20) | = prf(, ): -key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dd8 | result: clone-key@0x5612128fa5c0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f5350002b50 from -key@0x5612128fa5c0 | = prf(, ) prf: begin sha with context 0x7f5350002b50 from -key@0x5612128fa5c0 | = prf(, ): release clone-key@0x5612128fa5c0 | = prf(, ) PRF sha crypt-prf@0x5612128fbf78 | = prf(, ) PRF sha update first-packet-bytes@0x5612128fe3f8 (length 436) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | d1 78 1b 74 de 03 45 2e 07 51 a2 8e 70 a3 65 2d | 3f 74 cc 57 c4 34 da 0f bf e4 c6 fe 85 4e 84 b7 | ec 37 fe 8d 1f 09 80 95 2f 2d eb 0f 59 92 c4 17 | d3 f2 2b 43 37 89 f6 f1 5d 32 cf 58 19 fe dd b9 | 20 74 b6 79 01 8a 57 c1 6e 2e d9 16 66 bc d2 2e | a5 f0 20 b8 a5 52 43 ae 58 54 48 e4 ba 3a 73 2f | e3 1e 2d b0 3b 73 5b 3e b3 4f 1e 36 c4 22 4f 72 | 32 9d 32 04 4e 69 ee 4e b2 41 f3 49 85 2b e4 cd | be 2f 8d 62 ab 08 a3 5a 58 6d 65 64 81 df d4 59 | 4e 75 09 76 bd 1e 9d 97 7d d1 a3 ce d6 6d 6b 02 | 9a f4 5b ab 7c 34 26 ef d0 ad 5b e8 41 58 d6 15 | e4 d3 6a ac c5 0c 87 80 bd 0c 72 fe de ae 36 b0 | 7b c3 2d 43 29 48 84 1d c5 0d a0 6e 73 a1 d7 32 | 1e c6 c5 88 47 5c 6b 0c 19 ee 2e c1 b9 02 2e aa | 79 6f cb 4f e2 0c 73 f3 e3 27 5d b4 f4 d5 3e 9e | 6e 7d 35 42 48 98 14 48 3e 30 bd 64 41 3f 0b 40 | 29 00 00 24 3b 80 63 3c d1 0f f8 6e 33 25 95 ef | b1 16 20 16 22 30 1f 60 3c de 93 9c d7 47 06 90 | e8 5f 48 44 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 88 d6 01 e9 25 8f 4c 49 2b 22 fa cf | ea 53 7a 34 c5 a6 3c 68 00 00 00 1c 00 00 40 05 | 74 3e fe e0 9b 23 0a e9 f7 8c ea 32 cb b9 ed 69 | e8 60 f1 4f | = prf(, ) PRF sha update nonce-bytes@0x7f5348001868 (length 32) | 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | = prf(, ) PRF sha update hash-bytes@0x7ffe4aed6120 (length 20) | c0 6f 99 84 67 10 70 86 16 15 34 00 0c d1 b0 24 | 37 2f b6 18 | = prf(, ) PRF sha final-chunk@0x5612129049c8 (length 20) | 9c a9 a8 72 c7 03 b1 48 cd 07 ca 73 03 4e 0c 70 | f8 e4 12 41 | psk_auth: release prf-psk-key@0x56121285f080 | Received PSK auth octets | 9c a9 a8 72 c7 03 b1 48 cd 07 ca 73 03 4e 0c 70 | f8 e4 12 41 | Calculated PSK auth octets | 9c a9 a8 72 c7 03 b1 48 cd 07 ca 73 03 4e 0c 70 | f8 e4 12 41 "3des" #20: Authenticated using authby=secret | parent state #19: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #19 will start re-keying in 2879 seconds with margin of 721 seconds (attempting re-key) | state #19 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f5348002888 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f5340002b78 | event_schedule: new EVENT_SA_REKEY-pe@0x7f5340002b78 | inserting event EVENT_SA_REKEY, timeout in 2879 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f533c005088 size 128 | pstats #19 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="3des" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for 3des (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 26 f3 df 92 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=26f3df92;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=3des_cbc: .key_size=24 .salt_size=0 keymat_len=44 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5eb0 | result: data=Ni-key@0x5612128fa5c0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5612128fa5c0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5e98 | result: data=Ni-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5612128fa5c0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285f080 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed5ea0 | result: data+=Nr-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x56121285f080 | prf+0 PRF sha init key-key@0x5612128e7c40 (size 20) | prf+0: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x56121285f080 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f5350002b50 from key-key@0x56121285f080 | prf+0 prf: begin sha with context 0x7f5350002b50 from key-key@0x56121285f080 | prf+0: release clone-key@0x56121285f080 | prf+0 PRF sha crypt-prf@0x5612128fbba8 | prf+0 PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+0: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 10 ed 82 74 c0 6c c4 44 00 98 d7 6a ed 35 74 be 70 aa fe 45 55 f5 5f d8 16 bf f8 b5 ae 5d 54 1a 43 03 65 fe d2 dd d3 43 d2 51 d6 3a 28 d7 cf 2a 81 86 4b 68 70 3a 0e 0a 3a 2f a9 b8 35 97 e3 9c | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x5612128fc178 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x561212901410 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x561212901410 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x561212901410 | prf+0 PRF sha final-key@0x56121285f080 (size 20) | prf+0: key-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x56121285f080 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x561212901410 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350002b50 from key-key@0x561212901410 | prf+N prf: begin sha with context 0x7f5350002b50 from key-key@0x561212901410 | prf+N: release clone-key@0x561212901410 | prf+N PRF sha crypt-prf@0x5612128fbc38 | prf+N PRF sha update old_t-key@0x56121285f080 (size 20) | prf+N: old_t-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: e9 82 a3 5f 71 a4 75 07 62 5e ea 7a 15 43 23 9f 64 b6 c5 cd 3e 04 58 44 05 87 77 f9 35 14 aa 25 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x5612128fc868 | unwrapped: da 64 e9 44 fd 28 8b 6e 49 a7 72 0b 12 7c 9e 87 | unwrapped: 3d b0 1c f3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+N: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 10 ed 82 74 c0 6c c4 44 00 98 d7 6a ed 35 74 be 70 aa fe 45 55 f5 5f d8 16 bf f8 b5 ae 5d 54 1a 43 03 65 fe d2 dd d3 43 d2 51 d6 3a 28 d7 cf 2a 81 86 4b 68 70 3a 0e 0a 3a 2f a9 b8 35 97 e3 9c | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x7f5354002b78 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x5612128e96a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e96a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e96a0 | prf+N PRF sha final-key@0x561212901410 (size 20) | prf+N: key-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe4aed5e48 | result: result-key@0x5612128e96a0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x56121285f080 | prfplus: release old_t[N]-key@0x56121285f080 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x56121285f080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350002b50 from key-key@0x56121285f080 | prf+N prf: begin sha with context 0x7f5350002b50 from key-key@0x56121285f080 | prf+N: release clone-key@0x56121285f080 | prf+N PRF sha crypt-prf@0x5612128fbba8 | prf+N PRF sha update old_t-key@0x561212901410 (size 20) | prf+N: old_t-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x561212901410 | nss hmac digest hack: symkey-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 6a 4b e9 db 38 b2 12 8e ef f6 c6 4f 32 c0 29 cf b8 a3 96 ea e3 41 ee e5 35 5c cc 92 eb 5f a6 a5 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x5612128fc818 | unwrapped: 2d a1 66 e4 74 c7 4a 41 73 f9 48 2d 1d 78 eb 39 | unwrapped: c7 4a 04 2c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+N: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 10 ed 82 74 c0 6c c4 44 00 98 d7 6a ed 35 74 be 70 aa fe 45 55 f5 5f d8 16 bf f8 b5 ae 5d 54 1a 43 03 65 fe d2 dd d3 43 d2 51 d6 3a 28 d7 cf 2a 81 86 4b 68 70 3a 0e 0a 3a 2f a9 b8 35 97 e3 9c | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x5612128fc178 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x561212900560 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x561212900560 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x561212900560 | prf+N PRF sha final-key@0x56121285f080 (size 20) | prf+N: key-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e96a0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe4aed5e48 | result: result-key@0x561212900560 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e96a0 | prfplus: release old_t[N]-key@0x561212901410 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x561212901410 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350002b50 from key-key@0x561212901410 | prf+N prf: begin sha with context 0x7f5350002b50 from key-key@0x561212901410 | prf+N: release clone-key@0x561212901410 | prf+N PRF sha crypt-prf@0x5612128fc868 | prf+N PRF sha update old_t-key@0x56121285f080 (size 20) | prf+N: old_t-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 55 7d a0 7f 27 df 17 9a 5a 12 86 58 b6 f4 0a 42 ae e7 b5 5b 56 ac 18 50 49 6f 3a da e0 a9 9f 3a | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x5612128fc598 | unwrapped: c5 ef 63 71 8f 94 d8 0d 87 3f af 01 a0 6f 50 1e | unwrapped: f5 b5 dd 42 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+N: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 10 ed 82 74 c0 6c c4 44 00 98 d7 6a ed 35 74 be 70 aa fe 45 55 f5 5f d8 16 bf f8 b5 ae 5d 54 1a 43 03 65 fe d2 dd d3 43 d2 51 d6 3a 28 d7 cf 2a 81 86 4b 68 70 3a 0e 0a 3a 2f a9 b8 35 97 e3 9c | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x7f5354002b78 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x5612128e96a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e96a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e96a0 | prf+N PRF sha final-key@0x561212901410 (size 20) | prf+N: key-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x561212900560 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe4aed5e48 | result: result-key@0x5612128e96a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x561212900560 | prfplus: release old_t[N]-key@0x56121285f080 | prf+N PRF sha init key-key@0x5612128e7c40 (size 20) | prf+N: key-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e7c40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x56121285f080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350002b50 from key-key@0x56121285f080 | prf+N prf: begin sha with context 0x7f5350002b50 from key-key@0x56121285f080 | prf+N: release clone-key@0x56121285f080 | prf+N PRF sha crypt-prf@0x5612128fbc38 | prf+N PRF sha update old_t-key@0x561212901410 (size 20) | prf+N: old_t-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x561212901410 | nss hmac digest hack: symkey-key@0x561212901410 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: b7 65 3b 7a 4a 5d 15 f6 59 1c 93 d5 a3 6a 77 9a 05 59 a2 59 5d a9 da 2b a1 45 a6 25 37 69 34 fc | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x5612128fc818 | unwrapped: 5f 94 f6 94 66 57 c5 29 ae 9d c9 78 cb cc 1a 32 | unwrapped: 79 88 f6 a1 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+N: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 10 ed 82 74 c0 6c c4 44 00 98 d7 6a ed 35 74 be 70 aa fe 45 55 f5 5f d8 16 bf f8 b5 ae 5d 54 1a 43 03 65 fe d2 dd d3 43 d2 51 d6 3a 28 d7 cf 2a 81 86 4b 68 70 3a 0e 0a 3a 2f a9 b8 35 97 e3 9c | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x5612128fc178 | unwrapped: 4d 0b 7c dc 93 0a ff 24 1b 53 e2 94 b5 20 1f 50 | unwrapped: 57 cc b3 0b 96 29 01 2e 97 f1 db ed 8a 08 d1 6b | unwrapped: 3b 80 63 3c d1 0f f8 6e 33 25 95 ef b1 16 20 16 | unwrapped: 22 30 1f 60 3c de 93 9c d7 47 06 90 e8 5f 48 44 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x561212900560 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x561212900560 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x561212900560 | prf+N PRF sha final-key@0x56121285f080 (size 20) | prf+N: key-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e96a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe4aed5e48 | result: result-key@0x561212900560 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e96a0 | prfplus: release old_t[N]-key@0x561212901410 | prfplus: release old_t[final]-key@0x56121285f080 | child_sa_keymat: release data-key@0x5612128fa5c0 | key-offset: 0, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x561212900560 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f28 | result: result-key@0x5612128fa5c0 (44-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 44 bytes of key@0x5612128fa5c0 | initiator to responder keys: symkey-key@0x5612128fa5c0 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x5612128e2eb0 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1697652833: e9 82 a3 5f 71 a4 75 07 62 5e ea 7a 15 43 23 9f 6e 04 18 15 77 bb e3 90 5b aa 9b 2d ad f2 3f b6 8d 04 53 cc fb 5c e1 e5 82 5f d5 eb 4a 1f d5 3b | initiator to responder keys: release slot-key-key@0x5612128e2eb0 | initiator to responder keys extracted len 48 bytes at 0x7f5348001688 | unwrapped: da 64 e9 44 fd 28 8b 6e 49 a7 72 0b 12 7c 9e 87 | unwrapped: 3d b0 1c f3 2d a1 66 e4 74 c7 4a 41 73 f9 48 2d | unwrapped: 1d 78 eb 39 c7 4a 04 2c c5 ef 63 71 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x5612128fa5c0 | key-offset: 44, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x561212900560 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f28 | result: result-key@0x5612128fa5c0 (44-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 44 bytes of key@0x5612128fa5c0 | responder to initiator keys:: symkey-key@0x5612128fa5c0 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x5612128e2eb0 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1697652833: e9 de 28 9d a2 fc ea bf 6d 5b 47 df b5 62 f3 49 b7 65 3b 7a 4a 5d 15 f6 59 1c 93 d5 a3 6a 77 9a 72 8d a7 d5 c5 cf e7 ee 06 c1 76 7b 3e 91 9a 55 | responder to initiator keys:: release slot-key-key@0x5612128e2eb0 | responder to initiator keys: extracted len 48 bytes at 0x5612128e2da8 | unwrapped: 8f 94 d8 0d 87 3f af 01 a0 6f 50 1e f5 b5 dd 42 | unwrapped: 5f 94 f6 94 66 57 c5 29 ae 9d c9 78 cb cc 1a 32 | unwrapped: 79 88 f6 a1 89 b2 bc 71 14 12 86 c8 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x5612128fa5c0 | ikev2_derive_child_keys: release keymat-key@0x561212900560 | #19 spent 1.58 milliseconds | install_ipsec_sa() for #20: inbound and outbound | could_route called for 3des (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection '3des' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.26f3df92@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection '3des' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.bffb9c9f@192.1.2.45 included non-error error | priority calculation of connection "3des" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #20: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: 3des (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #20 | priority calculation of connection "3des" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x26f3df92 SPI_OUT=0x | popen cmd is 1023 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' : | cmd( 160):PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1642: | cmd( 320):4' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: | cmd( 960):ED='no' SPI_IN=0x26f3df92 SPI_OUT=0xbffb9c9f ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x26f3df92 | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x26f3df92 SPI_OUT=0xbffb9c9f ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x26f3df92 SPI_ | popen cmd is 1026 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTE: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@wes: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIEN: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: | cmd( 320):6424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PE: | cmd( 400):ER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MAS: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: | cmd( 640):UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x26f3df92 SPI_OUT=0xbffb9c9f ipsec _updown 2>&1: | route_and_eroute: instance "3des", setting eroute_owner {spd=0x561212901758,sr=0x561212901758} to #20 (was #0) (newest_ipsec_sa=#0) | #19 spent 1.55 milliseconds in install_ipsec_sa() | inR2: instance 3des[0], setting IKEv2 newest_ipsec_sa to #20 (was #0) (spd.eroute=#20) cloned from #19 | state #20 requesting EVENT_RETRANSMIT to be deleted | #20 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x5612128fe198 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5344002b78 | #20 spent 2.92 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #20 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #20 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #20: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #20 to 1 after switching state | Message ID: recv #19.#20 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #19.#20 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #20 ikev2.child established "3des" #20: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "3des" #20: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x26f3df92 <0xbffb9c9f xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #20 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #19 | unpending state #19 connection "3des" | delete from pending Child SA with 192.1.2.23 "3des" | removing pending policy for no connection {0x5612128ee1f8} | close_any(fd@24) (in release_whack() at state.c:654) | #20 will start re-keying in 27846 seconds with margin of 954 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f5344002b78 | inserting event EVENT_SA_REKEY, timeout in 27846 seconds for #20 | libevent_malloc: new ptr-libevent@0x561212904918 size 128 | stop processing: state #20 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 3.28 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 3.3 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00496 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00288 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00271 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.bffb9c9f@192.1.2.45 | get_sa_info esp.26f3df92@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0876 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #20 | suspend processing: connection "3des" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #20 connection "3des" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #20 ikev2.child deleted completed | #20 spent 2.92 milliseconds in total | [RE]START processing: state #20 connection "3des" from 192.1.2.23 (in delete_state() at state.c:879) "3des" #20: deleting state (STATE_V2_IPSEC_I) aged 0.086s and sending notification | child state #20: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.26f3df92@192.1.2.23 | get_sa_info esp.bffb9c9f@192.1.2.45 "3des" #20: ESP traffic information: in=84B out=84B | #20 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | cb c5 b5 f0 c8 84 7d fe | responder cookie: | 10 8f 3c dd 34 67 78 f3 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis bf fb 9c 9f | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 67 18 ad 04 82 8f d6 d1 | data before encryption: | 00 00 00 0c 03 04 00 01 bf fb 9c 9f 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 93 bb fb b2 1c 5f d8 f8 e4 38 11 82 02 49 55 03 | hmac PRF sha init symkey-key@0x5612128e9a80 (size 20) | hmac: symkey-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed2d78 | result: clone-key@0x561212900560 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5350002b50 from symkey-key@0x561212900560 | hmac prf: begin sha with context 0x7f5350002b50 from symkey-key@0x561212900560 | hmac: release clone-key@0x561212900560 | hmac PRF sha crypt-prf@0x5612128fbc38 | hmac PRF sha update data-bytes@0x7ffe4aed3150 (length 56) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | 67 18 ad 04 82 8f d6 d1 93 bb fb b2 1c 5f d8 f8 | e4 38 11 82 02 49 55 03 | hmac PRF sha final-bytes@0x7ffe4aed3188 (length 20) | 5d 18 08 e5 06 0e c1 02 d4 af d3 06 b9 cb 9c 19 | 11 49 d1 59 | data being hmac: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | data being hmac: 67 18 ad 04 82 8f d6 d1 93 bb fb b2 1c 5f d8 f8 | data being hmac: e4 38 11 82 02 49 55 03 | out calculated auth: | 5d 18 08 e5 06 0e c1 02 d4 af d3 06 | sending 68 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #20) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | 67 18 ad 04 82 8f d6 d1 93 bb fb b2 1c 5f d8 f8 | e4 38 11 82 02 49 55 03 5d 18 08 e5 06 0e c1 02 | d4 af d3 06 | Message ID: IKE #19 sender #20 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #19 sender #20 in send_delete hacking around record ' send | Message ID: sent #19 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #20 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x561212904918 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f5344002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825168' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x26f3df92 | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1566825168' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0x26f3df92 SPI_OUT=0xbffb9c9f ipsec _updown 2>&1: | shunt_eroute() called for connection '3des' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "3des" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.26f3df92@192.1.2.23 | netlink response for Del SA esp.26f3df92@192.1.2.23 included non-error error | priority calculation of connection "3des" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.bffb9c9f@192.1.2.45 | netlink response for Del SA esp.bffb9c9f@192.1.2.45 included non-error error | stop processing: connection "3des" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #20 in V2_IPSEC_I | child state #20: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #20 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x5612128e7c40 | delete_state: release st->st_skey_ai_nss-key@0x5612128e9a80 | delete_state: release st->st_skey_ar_nss-key@0x5612128e6190 | delete_state: release st->st_skey_ei_nss-key@0x5612128e0610 | delete_state: release st->st_skey_er_nss-key@0x5612128ffbc0 | delete_state: release st->st_skey_pi_nss-key@0x7f534c006bb0 | delete_state: release st->st_skey_pr_nss-key@0x7f534c00d840 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #19 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #19 | start processing: state #19 connection "3des" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #19 ikev2.ike deleted completed | #19 spent 7.68 milliseconds in total | [RE]START processing: state #19 connection "3des" from 192.1.2.23 (in delete_state() at state.c:879) "3des" #19: deleting state (STATE_PARENT_I3) aged 0.103s and sending notification | parent state #19: PARENT_I3(established IKE SA) => delete | #19 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | cb c5 b5 f0 c8 84 7d fe | responder cookie: | 10 8f 3c dd 34 67 78 f3 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 12 cd 1c 35 d4 68 56 ac | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | da fa 41 13 1a 96 2f e9 99 81 71 6d 5a 93 7a d6 | hmac PRF sha init symkey-key@0x5612128e9a80 (size 20) | hmac: symkey-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed2d78 | result: clone-key@0x561212900560 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5344002b50 from symkey-key@0x561212900560 | hmac prf: begin sha with context 0x7f5344002b50 from symkey-key@0x561212900560 | hmac: release clone-key@0x561212900560 | hmac PRF sha crypt-prf@0x5612128fbf78 | hmac PRF sha update data-bytes@0x7ffe4aed3150 (length 56) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | 12 cd 1c 35 d4 68 56 ac da fa 41 13 1a 96 2f e9 | 99 81 71 6d 5a 93 7a d6 | hmac PRF sha final-bytes@0x7ffe4aed3188 (length 20) | 84 bd 36 56 6c 21 65 45 d9 85 ad 8b 0c 8b 9e d1 | 15 ac eb f7 | data being hmac: cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | data being hmac: 12 cd 1c 35 d4 68 56 ac da fa 41 13 1a 96 2f e9 | data being hmac: 99 81 71 6d 5a 93 7a d6 | out calculated auth: | 84 bd 36 56 6c 21 65 45 d9 85 ad 8b | sending 68 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | 12 cd 1c 35 d4 68 56 ac da fa 41 13 1a 96 2f e9 | 99 81 71 6d 5a 93 7a d6 84 bd 36 56 6c 21 65 45 | d9 85 ad 8b | Message ID: IKE #19 sender #19 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #19 sender #19 in send_delete hacking around record ' send | Message ID: #19 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #19 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #19 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f533c005088 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f5340002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #19 in PARENT_I3 | parent state #19: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5348003828: destroyed | stop processing: state #19 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f534c00a0e0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x5612128e7c40 | delete_state: release st->st_skey_ai_nss-key@0x5612128e9a80 | delete_state: release st->st_skey_ar_nss-key@0x5612128e6190 | delete_state: release st->st_skey_ei_nss-key@0x5612128e0610 | delete_state: release st->st_skey_er_nss-key@0x5612128ffbc0 | delete_state: release st->st_skey_pi_nss-key@0x7f534c006bb0 | delete_state: release st->st_skey_pr_nss-key@0x7f534c00d840 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.71 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00467 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00215 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 6e ae f2 47 05 82 99 e1 e2 b1 14 20 59 c6 f4 bd | 9e ac 43 08 b8 1d 9d 6e 41 93 af e5 33 01 34 5b | 91 96 9a 6a | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cb c5 b5 f0 c8 84 7d fe | responder cookie: | 10 8f 3c dd 34 67 78 f3 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0696 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00187 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 60 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | cb c5 b5 f0 c8 84 7d fe 10 8f 3c dd 34 67 78 f3 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | 29 3c f0 65 d8 02 82 2a 04 e4 a3 4a 23 1d 29 c2 | a0 c5 c7 23 df 5a 00 d1 67 78 af ba | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cb c5 b5 f0 c8 84 7d fe | responder cookie: | 10 8f 3c dd 34 67 78 f3 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 60 (0x3c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0531 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "3des" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection '3des' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "3des" is 0xfe7e7 | priority calculation of connection "3des" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0 | popen cmd is 1012 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16424' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO: | cmd( 400):_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_: | cmd( 480):MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=': | cmd( 560):' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+P: | cmd( 640):FS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x5612128fbe98 | flush revival: connection '3des' wasn't on the list | stop processing: connection "3des" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.34 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00381 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.089 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.044 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0624 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection 3des with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: 3DES_CBC-HMAC_SHA1-MODP2048 | from whack: got --esp=3des-sha1;modp2048 | ESP/AH string values: 3DES_CBC-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x5612128fbe98 added connection description "3des" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.128 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in initiate_a_connection() at initiate.c:186) | connection '3des' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #21 at 0x561212900758 | State DB: adding IKEv2 state #21 in UNDEFINED | pstats #21 ikev2.ike started | Message ID: init #21: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #21: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #21; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #21 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "3des" IKE SA #21 "3des" "3des" #21: initiating v2 parent SA | constructing local IKE proposals for 3des (IKE SA initiator selecting KE) | converting ike_info 3DES_CBC-HMAC_SHA1-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_IKE 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "3des": constructed local IKE proposals for 3des (IKE SA initiator selecting KE): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 21 for state #21 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x5612128fc5e8 size 128 | #21 spent 0.122 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #21 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.176 milliseconds in whack | crypto helper 6 resuming | crypto helper 6 starting work-order 21 for state #21 | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 21 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f5340006788: created | NSS: Local DH MODP2048 secret (pointer): 0x7f5340006788 | NSS: Public DH wire value: | e1 4c 71 3a 5a da 81 05 4a e6 9a dd 7e 81 a8 41 | 1b 61 d9 42 d4 9c cc d1 37 57 cf 95 d9 bd 6b d5 | 0f 2c e1 1a dc c1 c7 b0 1d b0 26 30 0f 54 4c c8 | e1 a3 9e 7f 83 b7 b3 50 90 e6 3d a0 91 0f 93 3a | fa ca 1f ff 1d 05 07 fd b6 75 e5 27 9e eb 5a df | 17 ce a1 e7 6a 54 64 be 3e 8d 9a 51 e7 36 d3 42 | c8 12 f8 3a d1 c0 ce c9 44 5e 17 9f 1c 90 32 ac | 75 e5 46 8f 75 a2 44 73 a1 f2 16 fc db d9 05 d2 | 3e 2d ce 37 60 f7 73 3a 7e 71 f1 86 76 2c 7a 47 | 02 22 01 ae f2 22 a1 23 64 04 ee a6 ed ca 8b c8 | 03 aa 09 7a 8c 5e 3f 9c c0 35 34 e1 8d 5b 58 54 | c7 bf ad 7a 13 fa 2f 0e 82 cd 35 f1 f5 e9 88 21 | 02 b0 20 67 80 b3 9c b0 ef 3b 76 56 5f f7 c3 8c | b2 d3 a9 74 60 a5 77 38 28 f7 74 28 62 f8 5f d3 | 8a 3d e2 6f de 46 56 99 37 c8 6f 56 60 e8 aa 83 | 3f c1 19 5f e2 39 5f b5 46 57 9c f5 47 b1 74 60 | Generated nonce: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | Generated nonce: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 21 time elapsed 0.000613 seconds | (#21) spent 0.613 milliseconds in crypto helper computing work-order 21: ikev2_outI1 KE (pcr) | crypto helper 6 sending results from work-order 21 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7f53400060e8 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #21 | start processing: state #21 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 21 | calling continuation function 0x561211773b50 | ikev2_parent_outI1_continue for #21 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f5340006788: transferring ownership from helper KE to state #21 | **emit ISAKMP Message: | initiator cookie: | db 0d e7 9d 7c be 70 ca | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection 3des (IKE SA initiator emitting local proposals): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "3des" #21: IMPAIR: emitting fixed-length key-length attribute with 0 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x e1 4c 71 3a 5a da 81 05 4a e6 9a dd 7e 81 a8 41 | ikev2 g^x 1b 61 d9 42 d4 9c cc d1 37 57 cf 95 d9 bd 6b d5 | ikev2 g^x 0f 2c e1 1a dc c1 c7 b0 1d b0 26 30 0f 54 4c c8 | ikev2 g^x e1 a3 9e 7f 83 b7 b3 50 90 e6 3d a0 91 0f 93 3a | ikev2 g^x fa ca 1f ff 1d 05 07 fd b6 75 e5 27 9e eb 5a df | ikev2 g^x 17 ce a1 e7 6a 54 64 be 3e 8d 9a 51 e7 36 d3 42 | ikev2 g^x c8 12 f8 3a d1 c0 ce c9 44 5e 17 9f 1c 90 32 ac | ikev2 g^x 75 e5 46 8f 75 a2 44 73 a1 f2 16 fc db d9 05 d2 | ikev2 g^x 3e 2d ce 37 60 f7 73 3a 7e 71 f1 86 76 2c 7a 47 | ikev2 g^x 02 22 01 ae f2 22 a1 23 64 04 ee a6 ed ca 8b c8 | ikev2 g^x 03 aa 09 7a 8c 5e 3f 9c c0 35 34 e1 8d 5b 58 54 | ikev2 g^x c7 bf ad 7a 13 fa 2f 0e 82 cd 35 f1 f5 e9 88 21 | ikev2 g^x 02 b0 20 67 80 b3 9c b0 ef 3b 76 56 5f f7 c3 8c | ikev2 g^x b2 d3 a9 74 60 a5 77 38 28 f7 74 28 62 f8 5f d3 | ikev2 g^x 8a 3d e2 6f de 46 56 99 37 c8 6f 56 60 e8 aa 83 | ikev2 g^x 3f c1 19 5f e2 39 5f b5 46 57 9c f5 47 b1 74 60 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | IKEv2 nonce bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | db 0d e7 9d 7c be 70 ca | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | eb e4 21 38 40 b6 f3 63 9e 64 01 d6 08 89 56 cf | 98 e2 43 d9 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= db 0d e7 9d 7c be 70 ca | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= eb e4 21 38 40 b6 f3 63 9e 64 01 d6 08 89 56 cf | natd_hash: hash= 98 e2 43 d9 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data eb e4 21 38 40 b6 f3 63 9e 64 01 d6 08 89 56 cf | Notify data 98 e2 43 d9 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | db 0d e7 9d 7c be 70 ca | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 8f b9 29 ef 17 b3 7e f9 56 05 4c 3d 99 cb 42 68 | f6 85 1c d5 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= db 0d e7 9d 7c be 70 ca | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 8f b9 29 ef 17 b3 7e f9 56 05 4c 3d 99 cb 42 68 | natd_hash: hash= f6 85 1c d5 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 8f b9 29 ef 17 b3 7e f9 56 05 4c 3d 99 cb 42 68 | Notify data f6 85 1c d5 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #21 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #21 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #21 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #21: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #21 to 4294967295 after switching state | Message ID: IKE #21 skipping update_recv as MD is fake | Message ID: sent #21 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "3des" #21: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | db 0d e7 9d 7c be 70 ca 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 e1 4c 71 3a 5a da 81 05 4a e6 9a dd | 7e 81 a8 41 1b 61 d9 42 d4 9c cc d1 37 57 cf 95 | d9 bd 6b d5 0f 2c e1 1a dc c1 c7 b0 1d b0 26 30 | 0f 54 4c c8 e1 a3 9e 7f 83 b7 b3 50 90 e6 3d a0 | 91 0f 93 3a fa ca 1f ff 1d 05 07 fd b6 75 e5 27 | 9e eb 5a df 17 ce a1 e7 6a 54 64 be 3e 8d 9a 51 | e7 36 d3 42 c8 12 f8 3a d1 c0 ce c9 44 5e 17 9f | 1c 90 32 ac 75 e5 46 8f 75 a2 44 73 a1 f2 16 fc | db d9 05 d2 3e 2d ce 37 60 f7 73 3a 7e 71 f1 86 | 76 2c 7a 47 02 22 01 ae f2 22 a1 23 64 04 ee a6 | ed ca 8b c8 03 aa 09 7a 8c 5e 3f 9c c0 35 34 e1 | 8d 5b 58 54 c7 bf ad 7a 13 fa 2f 0e 82 cd 35 f1 | f5 e9 88 21 02 b0 20 67 80 b3 9c b0 ef 3b 76 56 | 5f f7 c3 8c b2 d3 a9 74 60 a5 77 38 28 f7 74 28 | 62 f8 5f d3 8a 3d e2 6f de 46 56 99 37 c8 6f 56 | 60 e8 aa 83 3f c1 19 5f e2 39 5f b5 46 57 9c f5 | 47 b1 74 60 29 00 00 24 6b 13 c7 9a e2 88 62 d3 | 4b c1 aa 1d c9 95 0a d9 bf fb 77 5e d5 65 bf ef | 7d b7 80 5e e6 34 42 96 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 eb e4 21 38 40 b6 f3 63 | 9e 64 01 d6 08 89 56 cf 98 e2 43 d9 00 00 00 1c | 00 00 40 05 8f b9 29 ef 17 b3 7e f9 56 05 4c 3d | 99 cb 42 68 f6 85 1c d5 | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x5612128fc5e8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5340002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #21 | libevent_malloc: new ptr-libevent@0x5612128fbd28 size 128 | #21 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10454.308582 | resume sending helper answer for #21 suppresed complete_v2_state_transition() and stole MD | #21 spent 0.514 milliseconds in resume sending helper answer | stop processing: state #21 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f53400060e8 | spent 0.00176 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | ec 96 41 18 89 32 e0 13 70 8f 32 13 27 02 65 39 | 1b 60 70 98 17 2c dd 0a 19 e3 ed 08 c1 df 9a ed | d1 11 37 45 e3 34 7e 1a b4 7e 57 0b bd 2d 06 8c | 66 7f 82 57 a3 02 e7 66 c4 79 77 64 54 4e 4a 09 | 96 60 c4 87 8c 43 ad ea 09 10 dc 58 8a 58 39 fe | d2 a4 62 09 73 6f 70 f1 d6 3c 88 4a 6f 82 6b 55 | a9 b5 8f ce 08 42 91 12 1e 6a 4e 28 66 65 bf f8 | a6 e7 4c 87 fa 89 51 32 dc 1f d7 b9 b4 3f 2e 37 | a0 f9 3e ad 7b f2 f7 85 34 51 ee 73 5b 9e 4d 73 | 02 67 b1 e8 53 2b 2c 44 6a 0c 99 28 8e 19 60 e6 | be b1 b9 02 22 b5 89 2f 85 70 54 2f 7f e3 26 2a | 20 d3 be 3a 56 c5 60 ec 9e d7 e6 54 3d d1 d3 0d | 31 83 df 3f 4d 00 19 b3 a4 ee ce 30 68 a7 8d 10 | 84 35 e8 ff 7e ae 99 45 1b b4 9b 8b b8 e1 25 dd | 2d 4b a7 12 19 bc 67 f1 8c 53 8d e8 12 ab 71 d6 | b6 e8 8c da ae 63 54 87 95 50 82 e8 a5 6b 80 2e | 29 00 00 24 ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 | 71 6a 0f ed 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c | d8 5a d4 1a 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 79 0f f4 52 05 2f e4 74 38 bd 01 af | c7 f6 cf 7a 8c 48 07 a1 00 00 00 1c 00 00 40 05 | e9 b0 5e 19 7c c7 91 78 6c 06 5b f2 9a d2 92 54 | d5 d9 8a 4d | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | db 0d e7 9d 7c be 70 ca | responder cookie: | cb 84 1d a1 eb 0c 43 41 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #21 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #21 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #21 connection "3des" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #21 is idle | #21 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #21 IKE SPIi and SPI[ir] | #21 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | ec 96 41 18 89 32 e0 13 70 8f 32 13 27 02 65 39 | 1b 60 70 98 17 2c dd 0a 19 e3 ed 08 c1 df 9a ed | d1 11 37 45 e3 34 7e 1a b4 7e 57 0b bd 2d 06 8c | 66 7f 82 57 a3 02 e7 66 c4 79 77 64 54 4e 4a 09 | 96 60 c4 87 8c 43 ad ea 09 10 dc 58 8a 58 39 fe | d2 a4 62 09 73 6f 70 f1 d6 3c 88 4a 6f 82 6b 55 | a9 b5 8f ce 08 42 91 12 1e 6a 4e 28 66 65 bf f8 | a6 e7 4c 87 fa 89 51 32 dc 1f d7 b9 b4 3f 2e 37 | a0 f9 3e ad 7b f2 f7 85 34 51 ee 73 5b 9e 4d 73 | 02 67 b1 e8 53 2b 2c 44 6a 0c 99 28 8e 19 60 e6 | be b1 b9 02 22 b5 89 2f 85 70 54 2f 7f e3 26 2a | 20 d3 be 3a 56 c5 60 ec 9e d7 e6 54 3d d1 d3 0d | 31 83 df 3f 4d 00 19 b3 a4 ee ce 30 68 a7 8d 10 | 84 35 e8 ff 7e ae 99 45 1b b4 9b 8b b8 e1 25 dd | 2d 4b a7 12 19 bc 67 f1 8c 53 8d e8 12 ab 71 d6 | b6 e8 8c da ae 63 54 87 95 50 82 e8 a5 6b 80 2e | using existing local IKE proposals for connection 3des (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed60a0 (length 8) | db 0d e7 9d 7c be 70 ca | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed60a8 (length 8) | cb 84 1d a1 eb 0c 43 41 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6034 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6026 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed60b0 (length 20) | e9 b0 5e 19 7c c7 91 78 6c 06 5b f2 9a d2 92 54 | d5 d9 8a 4d | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= db 0d e7 9d 7c be 70 ca | natd_hash: rcookie= cb 84 1d a1 eb 0c 43 41 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= e9 b0 5e 19 7c c7 91 78 6c 06 5b f2 9a d2 92 54 | natd_hash: hash= d5 d9 8a 4d | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed60a0 (length 8) | db 0d e7 9d 7c be 70 ca | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed60a8 (length 8) | cb 84 1d a1 eb 0c 43 41 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6034 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6026 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed60d0 (length 20) | 79 0f f4 52 05 2f e4 74 38 bd 01 af c7 f6 cf 7a | 8c 48 07 a1 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= db 0d e7 9d 7c be 70 ca | natd_hash: rcookie= cb 84 1d a1 eb 0c 43 41 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 79 0f f4 52 05 2f e4 74 38 bd 01 af c7 f6 cf 7a | natd_hash: hash= 8c 48 07 a1 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=3DES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f5340006788: transferring ownership from state #21 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 22 for state #21 | state #21 requesting EVENT_RETRANSMIT to be deleted | #21 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x5612128fbd28 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5340002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f53400060e8 size 128 | #21 spent 0.267 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #21 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #21 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #21 and saving MD | #21 is busy; has a suspended MD | [RE]START processing: state #21 connection "3des" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) | "3des" #21 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 | stop processing: state #21 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #21 spent 0.485 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | crypto helper 1 resuming | processing: STOP connection NULL (in process_md() at demux.c:383) | crypto helper 1 starting work-order 22 for state #21 | spent 0.506 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 22 | peer's g: ec 96 41 18 89 32 e0 13 70 8f 32 13 27 02 65 39 | peer's g: 1b 60 70 98 17 2c dd 0a 19 e3 ed 08 c1 df 9a ed | peer's g: d1 11 37 45 e3 34 7e 1a b4 7e 57 0b bd 2d 06 8c | peer's g: 66 7f 82 57 a3 02 e7 66 c4 79 77 64 54 4e 4a 09 | peer's g: 96 60 c4 87 8c 43 ad ea 09 10 dc 58 8a 58 39 fe | peer's g: d2 a4 62 09 73 6f 70 f1 d6 3c 88 4a 6f 82 6b 55 | peer's g: a9 b5 8f ce 08 42 91 12 1e 6a 4e 28 66 65 bf f8 | peer's g: a6 e7 4c 87 fa 89 51 32 dc 1f d7 b9 b4 3f 2e 37 | peer's g: a0 f9 3e ad 7b f2 f7 85 34 51 ee 73 5b 9e 4d 73 | peer's g: 02 67 b1 e8 53 2b 2c 44 6a 0c 99 28 8e 19 60 e6 | peer's g: be b1 b9 02 22 b5 89 2f 85 70 54 2f 7f e3 26 2a | peer's g: 20 d3 be 3a 56 c5 60 ec 9e d7 e6 54 3d d1 d3 0d | peer's g: 31 83 df 3f 4d 00 19 b3 a4 ee ce 30 68 a7 8d 10 | peer's g: 84 35 e8 ff 7e ae 99 45 1b b4 9b 8b b8 e1 25 dd | peer's g: 2d 4b a7 12 19 bc 67 f1 8c 53 8d e8 12 ab 71 d6 | peer's g: b6 e8 8c da ae 63 54 87 95 50 82 e8 a5 6b 80 2e | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f534c00d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f5340006788: computed shared DH secret key@0x7f534c00d840 | dh-shared : g^ir-key@0x7f534c00d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=24 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f53540014e8 (length 64) | 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e86e0 | result: Ni | Nr-key@0x5612128ffbc0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x5612128ffbc0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e86c8 | result: Ni | Nr-key@0x7f534c006bb0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x5612128ffbc0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f5354003b00 from Ni | Nr-key@0x7f534c006bb0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f5354003b00 from Ni | Nr-key@0x7f534c006bb0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f534c006bb0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f5354002b28 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f534c00d840 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f534c00d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f534c00d840 | nss hmac digest hack: symkey-key@0x7f534c00d840 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)293531842: 31 9f 34 fa 74 9c 70 6c 94 92 d1 e6 56 e0 82 86 3e d7 45 f8 8b 87 d8 79 47 70 91 7c da a8 a9 c9 50 5e 50 44 97 1a cb 19 7a 5d 0f 08 9c a6 7e a3 7c 9a f3 32 3d 53 9a 53 15 be 13 25 a9 0e 91 f6 be ca a7 c1 20 86 21 14 8a 30 05 b2 fa 2d c7 d7 bf 1c e3 42 e6 cf ee bb c7 56 bd 05 f0 7e 63 4f fc d8 2b 47 4b 05 d4 10 4b 39 ae ba 58 9a d9 75 e4 b0 9c ee 1e 0f 3c ed 1d fa a9 e7 23 5a a9 85 1b e2 76 15 65 f8 52 fb 35 ba b8 be 54 95 8b f9 3f 09 ce 6e ad 1a d6 63 92 21 4e 12 67 14 ba 54 b6 e0 a7 6f dc a1 d2 e7 3f 26 13 dc 4e 2a 55 3d 18 1b d1 e4 f2 49 bc eb c3 c3 5d aa c2 71 ff 44 66 f1 9b 8a 90 e7 f9 30 1e 47 0c 82 6b 27 29 cd b3 fe 82 63 97 e8 b9 b2 4e fa 60 d8 45 08 93 0b e2 24 fe ce 15 59 f0 76 7d 75 13 3d f3 45 2b 00 c3 4e bc c8 d5 e6 d1 2e 76 f3 b3 00 e3 53 8f e0 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 256 bytes at 0x7f5354006b28 | unwrapped: 94 96 1a d5 fc e6 45 ff a1 d0 b7 6e b4 4c b0 32 | unwrapped: d1 03 1c a8 e8 db e5 a3 a9 cc 69 22 26 0b 50 82 | unwrapped: ce a1 e6 cc a8 e2 42 df eb d7 e8 db 43 94 fa e5 | unwrapped: bf a3 20 d1 f2 fc 2b d5 b7 5e 5d 40 4a 08 5d 46 | unwrapped: d3 26 57 bf 1f f0 d7 45 b6 21 85 7c 07 62 14 0a | unwrapped: 54 d7 26 72 5d 64 c7 44 34 01 60 32 55 60 df c1 | unwrapped: 81 b2 d8 12 25 f8 56 ed fa f6 90 2f 1b 1c 5a 86 | unwrapped: 2d 67 bd 47 6a e3 a5 ae 58 03 3f e1 c4 19 c3 0a | unwrapped: 7f 17 36 a7 17 7b d7 00 30 9d e0 c9 e2 ac ff 77 | unwrapped: ce b7 09 ad 41 c5 e2 1d 7a 42 06 98 12 e8 fb 00 | unwrapped: 80 d0 9d 2c bd 99 3e 7b a9 23 81 55 fd c9 e9 a0 | unwrapped: 55 d8 1f cb 51 6f 1c 75 d1 5b ba 59 27 86 67 9d | unwrapped: 28 34 1f 9f 5e 46 b0 f4 f5 44 68 fd 59 68 ed 9e | unwrapped: 0d d2 12 0e 3a d7 11 3d b9 68 41 d6 8f f1 f1 b5 | unwrapped: d9 b0 47 b6 ae 7f 1f 65 f3 35 82 c9 af 0a f5 39 | unwrapped: 88 ed 06 10 47 c9 6d 03 eb 29 08 c7 75 0f 6a ff | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8700 | result: final-key@0x5612128ffbc0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128ffbc0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e86e8 | result: final-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128ffbc0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f534c006bb0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8670 | result: data=Ni-key@0x5612128e0610 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5612128e0610 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8658 | result: data=Ni-key@0x5612128ffbc0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5612128e0610 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128ffbc0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535d1e8660 | result: data+=Nr-key@0x5612128e0610 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128ffbc0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e0610 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535d1e8660 | result: data+=SPIi-key@0x5612128ffbc0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e0610 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128ffbc0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f535d1e8660 | result: data+=SPIr-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128ffbc0 | prf+0 PRF sha init key-key@0x7f534c006bb0 (size 20) | prf+0: key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8588 | result: clone-key@0x5612128ffbc0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f5354003b00 from key-key@0x5612128ffbc0 | prf+0 prf: begin sha with context 0x7f5354003b00 from key-key@0x5612128ffbc0 | prf+0: release clone-key@0x5612128ffbc0 | prf+0 PRF sha crypt-prf@0x7f5354004c28 | prf+0 PRF sha update seed-key@0x5612128e0610 (size 80) | prf+0: seed-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 91 05 fb cf c4 3d a7 1b d6 e9 01 c9 53 07 e4 1c 69 16 58 7f 85 59 52 71 9b fd bc cc 08 9a 49 36 c2 54 50 3e 83 07 5e 7d f2 51 f0 64 eb 5b d7 d4 13 11 d8 f0 7c 9f 93 79 6d 12 ee 7d be 2e d9 36 a3 a7 cb 73 09 fa ca c5 00 0b 0f 8b f5 23 a3 bb | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5354005ab8 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | unwrapped: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8590 | result: final-key@0x5612128e6190 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e6190 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8578 | result: final-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e6190 | prf+0 PRF sha final-key@0x5612128ffbc0 (size 20) | prf+0: key-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x5612128ffbc0 | prf+N PRF sha init key-key@0x7f534c006bb0 (size 20) | prf+N: key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5354003b00 from key-key@0x5612128e6190 | prf+N prf: begin sha with context 0x7f5354003b00 from key-key@0x5612128e6190 | prf+N: release clone-key@0x5612128e6190 | prf+N PRF sha crypt-prf@0x7f5354005cb8 | prf+N PRF sha update old_t-key@0x5612128ffbc0 (size 20) | prf+N: old_t-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128ffbc0 | nss hmac digest hack: symkey-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: d0 2c 73 10 be b8 d8 45 b0 e8 5a a7 55 78 3b 09 83 59 5f 78 13 b7 b0 5c e0 f0 99 cf 4b 00 86 38 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5354002168 | unwrapped: ac 10 16 97 91 3a 1e 79 3a 39 06 cb 0d a8 22 9a | unwrapped: d9 50 cd bd 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e0610 (size 80) | prf+N: seed-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 91 05 fb cf c4 3d a7 1b d6 e9 01 c9 53 07 e4 1c 69 16 58 7f 85 59 52 71 9b fd bc cc 08 9a 49 36 c2 54 50 3e 83 07 5e 7d f2 51 f0 64 eb 5b d7 d4 13 11 d8 f0 7c 9f 93 79 6d 12 ee 7d be 2e d9 36 a3 a7 cb 73 09 fa ca c5 00 0b 0f 8b f5 23 a3 bb | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5354005a38 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | unwrapped: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8590 | result: final-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e9a80 | prf+N PRF sha final-key@0x5612128e6190 (size 20) | prf+N: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d1e8608 | result: result-key@0x5612128e9a80 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128ffbc0 | prfplus: release old_t[N]-key@0x5612128ffbc0 | prf+N PRF sha init key-key@0x7f534c006bb0 (size 20) | prf+N: key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8588 | result: clone-key@0x5612128ffbc0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5354003b00 from key-key@0x5612128ffbc0 | prf+N prf: begin sha with context 0x7f5354003b00 from key-key@0x5612128ffbc0 | prf+N: release clone-key@0x5612128ffbc0 | prf+N PRF sha crypt-prf@0x7f5354004c28 | prf+N PRF sha update old_t-key@0x5612128e6190 (size 20) | prf+N: old_t-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 1d 33 e2 13 61 80 aa cb 25 fd fb fe ac 38 45 6f 35 86 d7 25 16 d5 d4 1c d1 95 1e 0b 05 35 9c 56 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5354002b28 | unwrapped: 9a d9 aa 75 1c 2b 54 b4 19 1d 5d aa 72 0e 1e c9 | unwrapped: a6 cd 5b d1 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e0610 (size 80) | prf+N: seed-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 91 05 fb cf c4 3d a7 1b d6 e9 01 c9 53 07 e4 1c 69 16 58 7f 85 59 52 71 9b fd bc cc 08 9a 49 36 c2 54 50 3e 83 07 5e 7d f2 51 f0 64 eb 5b d7 d4 13 11 d8 f0 7c 9f 93 79 6d 12 ee 7d be 2e d9 36 a3 a7 cb 73 09 fa ca c5 00 0b 0f 8b f5 23 a3 bb | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5354005ab8 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | unwrapped: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8590 | result: final-key@0x5612128e7c40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e7c40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8578 | result: final-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e7c40 | prf+N PRF sha final-key@0x5612128ffbc0 (size 20) | prf+N: key-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e9a80 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d1e8608 | result: result-key@0x5612128e7c40 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e9a80 | prfplus: release old_t[N]-key@0x5612128e6190 | prf+N PRF sha init key-key@0x7f534c006bb0 (size 20) | prf+N: key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5354003b00 from key-key@0x5612128e6190 | prf+N prf: begin sha with context 0x7f5354003b00 from key-key@0x5612128e6190 | prf+N: release clone-key@0x5612128e6190 | prf+N PRF sha crypt-prf@0x7f5354002168 | prf+N PRF sha update old_t-key@0x5612128ffbc0 (size 20) | prf+N: old_t-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128ffbc0 | nss hmac digest hack: symkey-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: ea ed 76 69 f4 47 31 ea d1 c2 18 10 db 80 a0 d4 a0 9f e0 41 40 24 43 01 bf 27 0b 45 6e 25 f2 38 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5354006c58 | unwrapped: f6 98 fa 9d ac 1f e6 8f 2b e6 43 4c 35 5e 21 06 | unwrapped: 7d e3 ee 16 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e0610 (size 80) | prf+N: seed-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 91 05 fb cf c4 3d a7 1b d6 e9 01 c9 53 07 e4 1c 69 16 58 7f 85 59 52 71 9b fd bc cc 08 9a 49 36 c2 54 50 3e 83 07 5e 7d f2 51 f0 64 eb 5b d7 d4 13 11 d8 f0 7c 9f 93 79 6d 12 ee 7d be 2e d9 36 a3 a7 cb 73 09 fa ca c5 00 0b 0f 8b f5 23 a3 bb | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5354005a38 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | unwrapped: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8590 | result: final-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e9a80 | prf+N PRF sha final-key@0x5612128e6190 (size 20) | prf+N: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e7c40 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d1e8608 | result: result-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e7c40 | prfplus: release old_t[N]-key@0x5612128ffbc0 | prf+N PRF sha init key-key@0x7f534c006bb0 (size 20) | prf+N: key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8588 | result: clone-key@0x5612128ffbc0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5354003b00 from key-key@0x5612128ffbc0 | prf+N prf: begin sha with context 0x7f5354003b00 from key-key@0x5612128ffbc0 | prf+N: release clone-key@0x5612128ffbc0 | prf+N PRF sha crypt-prf@0x7f5354005cb8 | prf+N PRF sha update old_t-key@0x5612128e6190 (size 20) | prf+N: old_t-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: b0 c7 dd 81 71 dc f2 71 1f a5 8b 0f 19 8f b7 44 2c 0d 44 b2 51 7c 39 71 8c 76 ba 63 9b be 02 63 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5354002b28 | unwrapped: 8f 46 76 c0 04 af 97 b2 eb 2b 63 1a a5 4c 93 0b | unwrapped: 66 06 27 11 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e0610 (size 80) | prf+N: seed-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 91 05 fb cf c4 3d a7 1b d6 e9 01 c9 53 07 e4 1c 69 16 58 7f 85 59 52 71 9b fd bc cc 08 9a 49 36 c2 54 50 3e 83 07 5e 7d f2 51 f0 64 eb 5b d7 d4 13 11 d8 f0 7c 9f 93 79 6d 12 ee 7d be 2e d9 36 a3 a7 cb 73 09 fa ca c5 00 0b 0f 8b f5 23 a3 bb | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5354005ab8 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | unwrapped: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8590 | result: final-key@0x5612128e7c40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e7c40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8578 | result: final-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e7c40 | prf+N PRF sha final-key@0x5612128ffbc0 (size 20) | prf+N: key-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e9a80 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d1e8608 | result: result-key@0x5612128e7c40 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e9a80 | prfplus: release old_t[N]-key@0x5612128e6190 | prf+N PRF sha init key-key@0x7f534c006bb0 (size 20) | prf+N: key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5354001530 from key-key@0x5612128e6190 | prf+N prf: begin sha with context 0x7f5354001530 from key-key@0x5612128e6190 | prf+N: release clone-key@0x5612128e6190 | prf+N PRF sha crypt-prf@0x7f5354004c28 | prf+N PRF sha update old_t-key@0x5612128ffbc0 (size 20) | prf+N: old_t-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128ffbc0 | nss hmac digest hack: symkey-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 64 e8 83 fd bd 0e a7 51 2c 72 db e6 18 86 ce 2c 15 c9 8e 4e d9 dd 81 81 0c a0 1a 7b 7a 76 90 b6 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5354002168 | unwrapped: e7 6c d3 9c 62 a7 61 8e 96 64 a5 26 3d 48 5f 9b | unwrapped: 7e f4 4a aa 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e0610 (size 80) | prf+N: seed-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 91 05 fb cf c4 3d a7 1b d6 e9 01 c9 53 07 e4 1c 69 16 58 7f 85 59 52 71 9b fd bc cc 08 9a 49 36 c2 54 50 3e 83 07 5e 7d f2 51 f0 64 eb 5b d7 d4 13 11 d8 f0 7c 9f 93 79 6d 12 ee 7d be 2e d9 36 a3 a7 cb 73 09 fa ca c5 00 0b 0f 8b f5 23 a3 bb | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5354005a38 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | unwrapped: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8590 | result: final-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e9a80 | prf+N PRF sha final-key@0x5612128e6190 (size 20) | prf+N: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e7c40 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d1e8608 | result: result-key@0x5612128e9a80 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e7c40 | prfplus: release old_t[N]-key@0x5612128ffbc0 | prf+N PRF sha init key-key@0x7f534c006bb0 (size 20) | prf+N: key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8588 | result: clone-key@0x5612128ffbc0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5354003b00 from key-key@0x5612128ffbc0 | prf+N prf: begin sha with context 0x7f5354003b00 from key-key@0x5612128ffbc0 | prf+N: release clone-key@0x5612128ffbc0 | prf+N PRF sha crypt-prf@0x7f5354005cb8 | prf+N PRF sha update old_t-key@0x5612128e6190 (size 20) | prf+N: old_t-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e6190 | nss hmac digest hack: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: f4 8f bc ba 06 27 95 7d 24 d4 10 a6 39 e0 a8 31 94 6b ec e7 e0 68 c0 4e 2f a8 eb bb 87 72 40 d6 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5354002b28 | unwrapped: 51 9e 27 67 05 8b bb cd 78 e7 3d 15 33 29 d6 56 | unwrapped: ea bd 8f a2 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e0610 (size 80) | prf+N: seed-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 91 05 fb cf c4 3d a7 1b d6 e9 01 c9 53 07 e4 1c 69 16 58 7f 85 59 52 71 9b fd bc cc 08 9a 49 36 c2 54 50 3e 83 07 5e 7d f2 51 f0 64 eb 5b d7 d4 13 11 d8 f0 7c 9f 93 79 6d 12 ee 7d be 2e d9 36 a3 a7 cb 73 09 fa ca c5 00 0b 0f 8b f5 23 a3 bb | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5354006748 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | unwrapped: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8590 | result: final-key@0x5612128e7c40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e7c40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8578 | result: final-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e7c40 | prf+N PRF sha final-key@0x5612128ffbc0 (size 20) | prf+N: key-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e9a80 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d1e8608 | result: result-key@0x5612128e7c40 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e9a80 | prfplus: release old_t[N]-key@0x5612128e6190 | prf+N PRF sha init key-key@0x7f534c006bb0 (size 20) | prf+N: key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8588 | result: clone-key@0x5612128e6190 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5354003b00 from key-key@0x5612128e6190 | prf+N prf: begin sha with context 0x7f5354003b00 from key-key@0x5612128e6190 | prf+N: release clone-key@0x5612128e6190 | prf+N PRF sha crypt-prf@0x7f5354004c28 | prf+N PRF sha update old_t-key@0x5612128ffbc0 (size 20) | prf+N: old_t-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128ffbc0 | nss hmac digest hack: symkey-key@0x5612128ffbc0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 67 c6 da 4f 5d 37 29 03 87 eb 4d 77 2a b8 55 a5 f1 fb 88 f1 a4 d4 bf f1 84 c0 f5 f0 97 53 bf c9 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x7f5354002168 | unwrapped: 7c c6 d6 e4 fd 88 b1 4d 63 1e c3 da 98 8a 9e dd | unwrapped: c4 61 00 99 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128e0610 (size 80) | prf+N: seed-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x5612128e0610 | nss hmac digest hack: symkey-key@0x5612128e0610 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)293626365: 91 05 fb cf c4 3d a7 1b d6 e9 01 c9 53 07 e4 1c 69 16 58 7f 85 59 52 71 9b fd bc cc 08 9a 49 36 c2 54 50 3e 83 07 5e 7d f2 51 f0 64 eb 5b d7 d4 13 11 d8 f0 7c 9f 93 79 6d 12 ee 7d be 2e d9 36 a3 a7 cb 73 09 fa ca c5 00 0b 0f 8b f5 23 a3 bb | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 80 bytes at 0x7f5354005ab8 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | unwrapped: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | prf+N PRF sha update N++-byte@0x8 (8) | 08 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f535d1e8590 | result: final-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e9a80 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e8578 | result: final-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e9a80 | prf+N PRF sha final-key@0x5612128e6190 (size 20) | prf+N: key-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e7c40 (140-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f535d1e8608 | result: result-key@0x5612128e9a80 (160-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e7c40 | prfplus: release old_t[N]-key@0x5612128ffbc0 | prfplus: release old_t[final]-key@0x5612128e6190 | ike_sa_keymat: release data-key@0x5612128e0610 | calc_skeyseed_v2: release skeyseed_k-key@0x7f534c006bb0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e9a80 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e87a8 | result: result-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e9a80 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e87a8 | result: result-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e9a80 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e87a8 | result: result-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x5612128e9a80 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e87b8 | result: SK_ei_k-key@0x5612128ffbc0 (24-bytes, DES3_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 84, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x5612128e9a80 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e87b8 | result: SK_er_k-key@0x5612128e7c40 (24-bytes, DES3_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 108, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e9a80 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e87b8 | result: result-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f534c00a0e0 | chunk_SK_pi: symkey-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: 3a 12 ef 43 7a 68 e6 5e 06 0b 82 2c fe 32 11 19 e7 c3 8c 1d 49 0c 04 32 88 ea d1 58 dc 1f 2b 80 | chunk_SK_pi: release slot-key-key@0x5612128e2eb0 | chunk_SK_pi extracted len 32 bytes at 0x7f5354005cb8 | unwrapped: 78 e7 3d 15 33 29 d6 56 ea bd 8f a2 7c c6 d6 e4 | unwrapped: fd 88 b1 4d 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 128, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e9a80 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f535d1e87b8 | result: result-key@0x561212900560 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x561212900560 | chunk_SK_pr: symkey-key@0x561212900560 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2036689696: a4 eb 57 66 ff 5c 04 c0 b2 37 dd 33 09 72 97 b7 46 63 01 69 56 40 1e 8d de d9 32 4e 9e fa 92 77 | chunk_SK_pr: release slot-key-key@0x5612128e2eb0 | chunk_SK_pr extracted len 32 bytes at 0x7f5354002168 | unwrapped: 63 1e c3 da 98 8a 9e dd c4 61 00 99 e2 f3 96 20 | unwrapped: f6 1e 32 0b 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x5612128e9a80 | calc_skeyseed_v2 pointers: shared-key@0x7f534c00d840, SK_d-key@0x7f534c006bb0, SK_ai-key@0x5612128e0610, SK_ar-key@0x5612128e6190, SK_ei-key@0x5612128ffbc0, SK_er-key@0x5612128e7c40, SK_pi-key@0x7f534c00a0e0, SK_pr-key@0x561212900560 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 78 e7 3d 15 33 29 d6 56 ea bd 8f a2 7c c6 d6 e4 | fd 88 b1 4d | calc_skeyseed_v2 SK_pr | 63 1e c3 da 98 8a 9e dd c4 61 00 99 e2 f3 96 20 | f6 1e 32 0b | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 22 time elapsed 0.001967 seconds | (#21) spent 1.96 milliseconds in crypto helper computing work-order 22: ikev2_inR1outI2 KE (pcr) | crypto helper 1 sending results from work-order 22 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7f53540048f8 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #21 | start processing: state #21 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 22 | calling continuation function 0x561211773b50 | ikev2_parent_inR1outI2_continue for #21: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f5340006788: transferring ownership from helper IKEv2 DH to state #21 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #22 at 0x5612129063e8 | State DB: adding IKEv2 state #22 in UNDEFINED | pstats #22 ikev2.child started | duplicating state object #21 "3des" as #22 for IPSEC SA | #22 setting local endpoint to 192.1.2.45:500 from #21.st_localport (in duplicate_state() at state.c:1484) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f534c006bb0 | duplicate_state: reference st_skey_ai_nss-key@0x5612128e0610 | duplicate_state: reference st_skey_ar_nss-key@0x5612128e6190 | duplicate_state: reference st_skey_ei_nss-key@0x5612128ffbc0 | duplicate_state: reference st_skey_er_nss-key@0x5612128e7c40 | duplicate_state: reference st_skey_pi_nss-key@0x7f534c00a0e0 | duplicate_state: reference st_skey_pr_nss-key@0x561212900560 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #21.#22; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #21 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #21.#22 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f53400060e8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f5340002b78 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f53400060e8 size 128 | parent state #21: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | db 0d e7 9d 7c be 70 ca | responder cookie: | cb 84 1d a1 eb 0c 43 41 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x7f534c00a0e0 (size 20) | hmac: symkey-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c00a0e0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed6138 | result: clone-key@0x5612128e9a80 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5344002b50 from symkey-key@0x5612128e9a80 | hmac prf: begin sha with context 0x7f5344002b50 from symkey-key@0x5612128e9a80 | hmac: release clone-key@0x5612128e9a80 | hmac PRF sha crypt-prf@0x561212858e38 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x5612118718ec (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffe4aed64d0 (length 20) | 87 bf 04 74 2c c6 bf ca d5 8d dc 21 70 7c 34 3e | 90 81 06 a1 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x561212854c48 (line=1) | concluding with best_match=014 best=0x561212854c48 (lineno=1) | inputs to hash1 (first packet) | db 0d e7 9d 7c be 70 ca 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 e1 4c 71 3a 5a da 81 05 4a e6 9a dd | 7e 81 a8 41 1b 61 d9 42 d4 9c cc d1 37 57 cf 95 | d9 bd 6b d5 0f 2c e1 1a dc c1 c7 b0 1d b0 26 30 | 0f 54 4c c8 e1 a3 9e 7f 83 b7 b3 50 90 e6 3d a0 | 91 0f 93 3a fa ca 1f ff 1d 05 07 fd b6 75 e5 27 | 9e eb 5a df 17 ce a1 e7 6a 54 64 be 3e 8d 9a 51 | e7 36 d3 42 c8 12 f8 3a d1 c0 ce c9 44 5e 17 9f | 1c 90 32 ac 75 e5 46 8f 75 a2 44 73 a1 f2 16 fc | db d9 05 d2 3e 2d ce 37 60 f7 73 3a 7e 71 f1 86 | 76 2c 7a 47 02 22 01 ae f2 22 a1 23 64 04 ee a6 | ed ca 8b c8 03 aa 09 7a 8c 5e 3f 9c c0 35 34 e1 | 8d 5b 58 54 c7 bf ad 7a 13 fa 2f 0e 82 cd 35 f1 | f5 e9 88 21 02 b0 20 67 80 b3 9c b0 ef 3b 76 56 | 5f f7 c3 8c b2 d3 a9 74 60 a5 77 38 28 f7 74 28 | 62 f8 5f d3 8a 3d e2 6f de 46 56 99 37 c8 6f 56 | 60 e8 aa 83 3f c1 19 5f e2 39 5f b5 46 57 9c f5 | 47 b1 74 60 29 00 00 24 6b 13 c7 9a e2 88 62 d3 | 4b c1 aa 1d c9 95 0a d9 bf fb 77 5e d5 65 bf ef | 7d b7 80 5e e6 34 42 96 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 eb e4 21 38 40 b6 f3 63 | 9e 64 01 d6 08 89 56 cf 98 e2 43 d9 00 00 00 1c | 00 00 40 05 8f b9 29 ef 17 b3 7e f9 56 05 4c 3d | 99 cb 42 68 f6 85 1c d5 | create: initiator inputs to hash2 (responder nonce) | ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | idhash 87 bf 04 74 2c c6 bf ca d5 8d dc 21 70 7c 34 3e | idhash 90 81 06 a1 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5612128e2e08 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5f20 | result: shared secret-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f08 | result: shared secret-key@0x5612128e9a80 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f5344002b50 from shared secret-key@0x5612128e9a80 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f5344002b50 from shared secret-key@0x5612128e9a80 | = prf(,"Key Pad for IKEv2"): release clone-key@0x5612128e9a80 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5612128fddf8 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5612118064d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5f40 | result: final-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f28 | result: final-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x5612128e9a80 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x5612128e9a80 (size 20) | = prf(, ): -key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f38 | result: clone-key@0x5612128fa5c0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f5344002b50 from -key@0x5612128fa5c0 | = prf(, ) prf: begin sha with context 0x7f5344002b50 from -key@0x5612128fa5c0 | = prf(, ): release clone-key@0x5612128fa5c0 | = prf(, ) PRF sha crypt-prf@0x5612128fc758 | = prf(, ) PRF sha update first-packet-bytes@0x5612128fe3f8 (length 440) | db 0d e7 9d 7c be 70 ca 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 e1 4c 71 3a 5a da 81 05 4a e6 9a dd | 7e 81 a8 41 1b 61 d9 42 d4 9c cc d1 37 57 cf 95 | d9 bd 6b d5 0f 2c e1 1a dc c1 c7 b0 1d b0 26 30 | 0f 54 4c c8 e1 a3 9e 7f 83 b7 b3 50 90 e6 3d a0 | 91 0f 93 3a fa ca 1f ff 1d 05 07 fd b6 75 e5 27 | 9e eb 5a df 17 ce a1 e7 6a 54 64 be 3e 8d 9a 51 | e7 36 d3 42 c8 12 f8 3a d1 c0 ce c9 44 5e 17 9f | 1c 90 32 ac 75 e5 46 8f 75 a2 44 73 a1 f2 16 fc | db d9 05 d2 3e 2d ce 37 60 f7 73 3a 7e 71 f1 86 | 76 2c 7a 47 02 22 01 ae f2 22 a1 23 64 04 ee a6 | ed ca 8b c8 03 aa 09 7a 8c 5e 3f 9c c0 35 34 e1 | 8d 5b 58 54 c7 bf ad 7a 13 fa 2f 0e 82 cd 35 f1 | f5 e9 88 21 02 b0 20 67 80 b3 9c b0 ef 3b 76 56 | 5f f7 c3 8c b2 d3 a9 74 60 a5 77 38 28 f7 74 28 | 62 f8 5f d3 8a 3d e2 6f de 46 56 99 37 c8 6f 56 | 60 e8 aa 83 3f c1 19 5f e2 39 5f b5 46 57 9c f5 | 47 b1 74 60 29 00 00 24 6b 13 c7 9a e2 88 62 d3 | 4b c1 aa 1d c9 95 0a d9 bf fb 77 5e d5 65 bf ef | 7d b7 80 5e e6 34 42 96 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 eb e4 21 38 40 b6 f3 63 | 9e 64 01 d6 08 89 56 cf 98 e2 43 d9 00 00 00 1c | 00 00 40 05 8f b9 29 ef 17 b3 7e f9 56 05 4c 3d | 99 cb 42 68 f6 85 1c d5 | = prf(, ) PRF sha update nonce-bytes@0x561212904818 (length 32) | ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | = prf(, ) PRF sha update hash-bytes@0x7ffe4aed64d0 (length 20) | 87 bf 04 74 2c c6 bf ca d5 8d dc 21 70 7c 34 3e | 90 81 06 a1 | = prf(, ) PRF sha final-chunk@0x5612128fde48 (length 20) | 40 43 8c e2 4e 42 51 24 36 59 95 93 17 83 5a e8 | fa 06 ad 1a | psk_auth: release prf-psk-key@0x5612128e9a80 | PSK auth octets 40 43 8c e2 4e 42 51 24 36 59 95 93 17 83 5a e8 | PSK auth octets fa 06 ad 1a | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 40 43 8c e2 4e 42 51 24 36 59 95 93 17 83 5a e8 | PSK auth fa 06 ad 1a | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #21 | netlink_get_spi: allocated 0xdea67d75 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for 3des (IKE SA initiator emitting ESP/AH proposals) | converting proposal 3DES_CBC-HMAC_SHA1_96-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_ESP 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "3des": constructed local ESP/AH proposals for 3des (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi de a6 7d 75 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 01 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector | ipv4 start c0 00 02 00 | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector | ipv4 end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 168 | emitting length of ISAKMP Message: 196 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 64 a9 3e 78 30 07 25 7f | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 40 43 8c e2 4e 42 51 24 36 59 95 93 17 83 5a e8 | fa 06 ad 1a 2c 00 00 28 00 00 00 24 01 03 04 03 | de a6 7d 75 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 14 45 bd 2d 72 11 f0 ce a1 06 98 91 38 d2 29 70 | 94 4f ad ce 44 01 3f 0a 9d e7 54 97 11 e7 bf eb | fb a6 45 58 64 ed 3f 1d 29 87 e6 7e 1b 48 5d 09 | 6b fd b3 de 1c c6 6c d3 4e 34 4b c1 71 e2 35 9f | e9 50 ba a8 c2 52 7f ca fe 23 51 26 ea d0 ab 66 | 67 10 fe 8b 84 e1 ce f9 94 b0 5e 6d 0e 36 3d 70 | 46 b8 f4 ce dd 84 09 67 67 12 f9 a4 51 a4 5c 8e | 45 ec 09 9d 70 5e 09 13 26 69 a0 48 ea 72 1d b2 | e5 ab be be 75 d1 47 95 12 d2 b7 3b 3d 00 97 1f | hmac PRF sha init symkey-key@0x5612128e0610 (size 20) | hmac: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed6048 | result: clone-key@0x5612128e9a80 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5344002b50 from symkey-key@0x5612128e9a80 | hmac prf: begin sha with context 0x7f5344002b50 from symkey-key@0x5612128e9a80 | hmac: release clone-key@0x5612128e9a80 | hmac PRF sha crypt-prf@0x5612128fddf8 | hmac PRF sha update data-bytes@0x5612118718c0 (length 184) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 64 a9 3e 78 30 07 25 7f 14 45 bd 2d 72 11 f0 ce | a1 06 98 91 38 d2 29 70 94 4f ad ce 44 01 3f 0a | 9d e7 54 97 11 e7 bf eb fb a6 45 58 64 ed 3f 1d | 29 87 e6 7e 1b 48 5d 09 6b fd b3 de 1c c6 6c d3 | 4e 34 4b c1 71 e2 35 9f e9 50 ba a8 c2 52 7f ca | fe 23 51 26 ea d0 ab 66 67 10 fe 8b 84 e1 ce f9 | 94 b0 5e 6d 0e 36 3d 70 46 b8 f4 ce dd 84 09 67 | 67 12 f9 a4 51 a4 5c 8e 45 ec 09 9d 70 5e 09 13 | 26 69 a0 48 ea 72 1d b2 e5 ab be be 75 d1 47 95 | 12 d2 b7 3b 3d 00 97 1f | hmac PRF sha final-bytes@0x561211871978 (length 20) | 67 c1 43 2e f9 79 05 11 de e9 74 cb f9 c9 c8 24 | ad 10 b3 4a | data being hmac: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | data being hmac: 64 a9 3e 78 30 07 25 7f 14 45 bd 2d 72 11 f0 ce | data being hmac: a1 06 98 91 38 d2 29 70 94 4f ad ce 44 01 3f 0a | data being hmac: 9d e7 54 97 11 e7 bf eb fb a6 45 58 64 ed 3f 1d | data being hmac: 29 87 e6 7e 1b 48 5d 09 6b fd b3 de 1c c6 6c d3 | data being hmac: 4e 34 4b c1 71 e2 35 9f e9 50 ba a8 c2 52 7f ca | data being hmac: fe 23 51 26 ea d0 ab 66 67 10 fe 8b 84 e1 ce f9 | data being hmac: 94 b0 5e 6d 0e 36 3d 70 46 b8 f4 ce dd 84 09 67 | data being hmac: 67 12 f9 a4 51 a4 5c 8e 45 ec 09 9d 70 5e 09 13 | data being hmac: 26 69 a0 48 ea 72 1d b2 e5 ab be be 75 d1 47 95 | data being hmac: 12 d2 b7 3b 3d 00 97 1f | out calculated auth: | 67 c1 43 2e f9 79 05 11 de e9 74 cb | suspend processing: state #21 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | start processing: state #22 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #22 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #22: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #22 to 0 after switching state | Message ID: recv #21.#22 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #21.#22 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "3des" #22: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=3DES_CBC_192 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 196 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 64 a9 3e 78 30 07 25 7f 14 45 bd 2d 72 11 f0 ce | a1 06 98 91 38 d2 29 70 94 4f ad ce 44 01 3f 0a | 9d e7 54 97 11 e7 bf eb fb a6 45 58 64 ed 3f 1d | 29 87 e6 7e 1b 48 5d 09 6b fd b3 de 1c c6 6c d3 | 4e 34 4b c1 71 e2 35 9f e9 50 ba a8 c2 52 7f ca | fe 23 51 26 ea d0 ab 66 67 10 fe 8b 84 e1 ce f9 | 94 b0 5e 6d 0e 36 3d 70 46 b8 f4 ce dd 84 09 67 | 67 12 f9 a4 51 a4 5c 8e 45 ec 09 9d 70 5e 09 13 | 26 69 a0 48 ea 72 1d b2 e5 ab be be 75 d1 47 95 | 12 d2 b7 3b 3d 00 97 1f 67 c1 43 2e f9 79 05 11 | de e9 74 cb | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5344002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #22 | libevent_malloc: new ptr-libevent@0x5612128fc5e8 size 128 | #22 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10454.31361 | resume sending helper answer for #21 suppresed complete_v2_state_transition() | #21 spent 0.99 milliseconds in resume sending helper answer | stop processing: state #22 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f53540048f8 | spent 0.00343 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 188 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 93 11 be 5b fa d3 c4 4c 11 99 90 be a3 8e f8 f2 | c9 fd 78 75 8f cb e0 38 8c 30 6e 2f 42 e7 bd aa | 09 ea e0 15 b4 12 3d eb 06 a3 73 0a 93 92 5d 6b | da cb a5 63 41 08 4a 59 eb f1 6d 5d 86 90 d5 52 | db 9b 13 28 2a 64 75 bc 2b 3a 4c 98 b2 86 9e 5e | b7 7d 12 08 0f 90 ac b8 6a 79 9a 4d 58 69 6d 07 | d6 34 5d ea 58 32 24 54 72 dc 5f 5a 8f 9c a0 f3 | b4 7b fc 7b 1b 0e a9 ff 6d 41 de 7e 7e 29 c4 59 | ce a9 4d 24 f6 1f d2 77 e9 9c 90 e8 15 2c 9a 34 | c0 60 e3 be 52 ac 61 98 92 c0 98 40 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | db 0d e7 9d 7c be 70 ca | responder cookie: | cb 84 1d a1 eb 0c 43 41 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 188 (0xbc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #21 in PARENT_I2 (find_v2_ike_sa) | start processing: state #21 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #22 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #21 connection "3des" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | start processing: state #22 connection "3des" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #22 is idle | #22 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 160 (0xa0) | processing payload: ISAKMP_NEXT_v2SK (len=156) | #22 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x5612128e6190 (size 20) | hmac: symkey-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e6190 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5e98 | result: clone-key@0x5612128e9a80 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5350002b50 from symkey-key@0x5612128e9a80 | hmac prf: begin sha with context 0x7f5350002b50 from symkey-key@0x5612128e9a80 | hmac: release clone-key@0x5612128e9a80 | hmac PRF sha crypt-prf@0x5612128fc758 | hmac PRF sha update data-bytes@0x561212901bf8 (length 176) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 93 11 be 5b fa d3 c4 4c 11 99 90 be a3 8e f8 f2 | c9 fd 78 75 8f cb e0 38 8c 30 6e 2f 42 e7 bd aa | 09 ea e0 15 b4 12 3d eb 06 a3 73 0a 93 92 5d 6b | da cb a5 63 41 08 4a 59 eb f1 6d 5d 86 90 d5 52 | db 9b 13 28 2a 64 75 bc 2b 3a 4c 98 b2 86 9e 5e | b7 7d 12 08 0f 90 ac b8 6a 79 9a 4d 58 69 6d 07 | d6 34 5d ea 58 32 24 54 72 dc 5f 5a 8f 9c a0 f3 | b4 7b fc 7b 1b 0e a9 ff 6d 41 de 7e 7e 29 c4 59 | ce a9 4d 24 f6 1f d2 77 e9 9c 90 e8 15 2c 9a 34 | hmac PRF sha final-bytes@0x7ffe4aed6060 (length 20) | c0 60 e3 be 52 ac 61 98 92 c0 98 40 31 59 39 57 | 75 97 e2 67 | data for hmac: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | data for hmac: 93 11 be 5b fa d3 c4 4c 11 99 90 be a3 8e f8 f2 | data for hmac: c9 fd 78 75 8f cb e0 38 8c 30 6e 2f 42 e7 bd aa | data for hmac: 09 ea e0 15 b4 12 3d eb 06 a3 73 0a 93 92 5d 6b | data for hmac: da cb a5 63 41 08 4a 59 eb f1 6d 5d 86 90 d5 52 | data for hmac: db 9b 13 28 2a 64 75 bc 2b 3a 4c 98 b2 86 9e 5e | data for hmac: b7 7d 12 08 0f 90 ac b8 6a 79 9a 4d 58 69 6d 07 | data for hmac: d6 34 5d ea 58 32 24 54 72 dc 5f 5a 8f 9c a0 f3 | data for hmac: b4 7b fc 7b 1b 0e a9 ff 6d 41 de 7e 7e 29 c4 59 | data for hmac: ce a9 4d 24 f6 1f d2 77 e9 9c 90 e8 15 2c 9a 34 | calculated auth: c0 60 e3 be 52 ac 61 98 92 c0 98 40 | provided auth: c0 60 e3 be 52 ac 61 98 92 c0 98 40 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 93 11 be 5b fa d3 c4 4c | payload before decryption: | 11 99 90 be a3 8e f8 f2 c9 fd 78 75 8f cb e0 38 | 8c 30 6e 2f 42 e7 bd aa 09 ea e0 15 b4 12 3d eb | 06 a3 73 0a 93 92 5d 6b da cb a5 63 41 08 4a 59 | eb f1 6d 5d 86 90 d5 52 db 9b 13 28 2a 64 75 bc | 2b 3a 4c 98 b2 86 9e 5e b7 7d 12 08 0f 90 ac b8 | 6a 79 9a 4d 58 69 6d 07 d6 34 5d ea 58 32 24 54 | 72 dc 5f 5a 8f 9c a0 f3 b4 7b fc 7b 1b 0e a9 ff | 6d 41 de 7e 7e 29 c4 59 ce a9 4d 24 f6 1f d2 77 | e9 9c 90 e8 15 2c 9a 34 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 d8 b6 0c cc dd 1b 8d ae e4 80 53 c9 | b9 98 b8 de 83 4b 50 0a 2c 00 00 28 00 00 00 24 | 01 03 04 03 8e 42 e0 8e 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #22 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "3des" #22: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x561212900560 (size 20) | hmac: symkey-key@0x561212900560 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x561212900560 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5fc8 | result: clone-key@0x5612128e9a80 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5350002b50 from symkey-key@0x5612128e9a80 | hmac prf: begin sha with context 0x7f5350002b50 from symkey-key@0x5612128e9a80 | hmac: release clone-key@0x5612128e9a80 | hmac PRF sha crypt-prf@0x5612128fddf8 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x561212901c24 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffe4aed6120 (length 20) | 83 53 84 76 4b d7 04 42 4f 1b 2e 12 e5 86 78 12 | f8 fb 49 8b | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x561212854c48 (line=1) | concluding with best_match=014 best=0x561212854c48 (lineno=1) | inputs to hash1 (first packet) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | ec 96 41 18 89 32 e0 13 70 8f 32 13 27 02 65 39 | 1b 60 70 98 17 2c dd 0a 19 e3 ed 08 c1 df 9a ed | d1 11 37 45 e3 34 7e 1a b4 7e 57 0b bd 2d 06 8c | 66 7f 82 57 a3 02 e7 66 c4 79 77 64 54 4e 4a 09 | 96 60 c4 87 8c 43 ad ea 09 10 dc 58 8a 58 39 fe | d2 a4 62 09 73 6f 70 f1 d6 3c 88 4a 6f 82 6b 55 | a9 b5 8f ce 08 42 91 12 1e 6a 4e 28 66 65 bf f8 | a6 e7 4c 87 fa 89 51 32 dc 1f d7 b9 b4 3f 2e 37 | a0 f9 3e ad 7b f2 f7 85 34 51 ee 73 5b 9e 4d 73 | 02 67 b1 e8 53 2b 2c 44 6a 0c 99 28 8e 19 60 e6 | be b1 b9 02 22 b5 89 2f 85 70 54 2f 7f e3 26 2a | 20 d3 be 3a 56 c5 60 ec 9e d7 e6 54 3d d1 d3 0d | 31 83 df 3f 4d 00 19 b3 a4 ee ce 30 68 a7 8d 10 | 84 35 e8 ff 7e ae 99 45 1b b4 9b 8b b8 e1 25 dd | 2d 4b a7 12 19 bc 67 f1 8c 53 8d e8 12 ab 71 d6 | b6 e8 8c da ae 63 54 87 95 50 82 e8 a5 6b 80 2e | 29 00 00 24 ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 | 71 6a 0f ed 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c | d8 5a d4 1a 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 79 0f f4 52 05 2f e4 74 38 bd 01 af | c7 f6 cf 7a 8c 48 07 a1 00 00 00 1c 00 00 40 05 | e9 b0 5e 19 7c c7 91 78 6c 06 5b f2 9a d2 92 54 | d5 d9 8a 4d | verify: initiator inputs to hash2 (initiator nonce) | 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | idhash 83 53 84 76 4b d7 04 42 4f 1b 2e 12 e5 86 78 12 | idhash f8 fb 49 8b | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x5612128e2e08 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dc0 | result: shared secret-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x5612128fa5c0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5da8 | result: shared secret-key@0x5612128e9a80 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x7f5350002b50 from shared secret-key@0x5612128e9a80 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x7f5350002b50 from shared secret-key@0x5612128e9a80 | = prf(,"Key Pad for IKEv2"): release clone-key@0x5612128e9a80 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x5612128fc758 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x5612118064d0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5de0 | result: final-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128fa5c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: final-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128fa5c0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x5612128e9a80 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x5612128e9a80 (size 20) | = prf(, ): -key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dd8 | result: clone-key@0x5612128fa5c0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x7f5350002b50 from -key@0x5612128fa5c0 | = prf(, ) prf: begin sha with context 0x7f5350002b50 from -key@0x5612128fa5c0 | = prf(, ): release clone-key@0x5612128fa5c0 | = prf(, ) PRF sha crypt-prf@0x5612128fddf8 | = prf(, ) PRF sha update first-packet-bytes@0x5612128fdef8 (length 436) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | ec 96 41 18 89 32 e0 13 70 8f 32 13 27 02 65 39 | 1b 60 70 98 17 2c dd 0a 19 e3 ed 08 c1 df 9a ed | d1 11 37 45 e3 34 7e 1a b4 7e 57 0b bd 2d 06 8c | 66 7f 82 57 a3 02 e7 66 c4 79 77 64 54 4e 4a 09 | 96 60 c4 87 8c 43 ad ea 09 10 dc 58 8a 58 39 fe | d2 a4 62 09 73 6f 70 f1 d6 3c 88 4a 6f 82 6b 55 | a9 b5 8f ce 08 42 91 12 1e 6a 4e 28 66 65 bf f8 | a6 e7 4c 87 fa 89 51 32 dc 1f d7 b9 b4 3f 2e 37 | a0 f9 3e ad 7b f2 f7 85 34 51 ee 73 5b 9e 4d 73 | 02 67 b1 e8 53 2b 2c 44 6a 0c 99 28 8e 19 60 e6 | be b1 b9 02 22 b5 89 2f 85 70 54 2f 7f e3 26 2a | 20 d3 be 3a 56 c5 60 ec 9e d7 e6 54 3d d1 d3 0d | 31 83 df 3f 4d 00 19 b3 a4 ee ce 30 68 a7 8d 10 | 84 35 e8 ff 7e ae 99 45 1b b4 9b 8b b8 e1 25 dd | 2d 4b a7 12 19 bc 67 f1 8c 53 8d e8 12 ab 71 d6 | b6 e8 8c da ae 63 54 87 95 50 82 e8 a5 6b 80 2e | 29 00 00 24 ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 | 71 6a 0f ed 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c | d8 5a d4 1a 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 79 0f f4 52 05 2f e4 74 38 bd 01 af | c7 f6 cf 7a 8c 48 07 a1 00 00 00 1c 00 00 40 05 | e9 b0 5e 19 7c c7 91 78 6c 06 5b f2 9a d2 92 54 | d5 d9 8a 4d | = prf(, ) PRF sha update nonce-bytes@0x7f53400016c8 (length 32) | 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | = prf(, ) PRF sha update hash-bytes@0x7ffe4aed6120 (length 20) | 83 53 84 76 4b d7 04 42 4f 1b 2e 12 e5 86 78 12 | f8 fb 49 8b | = prf(, ) PRF sha final-chunk@0x561212858e38 (length 20) | d8 b6 0c cc dd 1b 8d ae e4 80 53 c9 b9 98 b8 de | 83 4b 50 0a | psk_auth: release prf-psk-key@0x5612128e9a80 | Received PSK auth octets | d8 b6 0c cc dd 1b 8d ae e4 80 53 c9 b9 98 b8 de | 83 4b 50 0a | Calculated PSK auth octets | d8 b6 0c cc dd 1b 8d ae e4 80 53 c9 b9 98 b8 de | 83 4b 50 0a "3des" #22: Authenticated using authby=secret | parent state #21: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #21 will start re-keying in 2911 seconds with margin of 689 seconds (attempting re-key) | state #21 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f53400060e8 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f5340002b78 | event_schedule: new EVENT_SA_REKEY-pe@0x7f5340002b78 | inserting event EVENT_SA_REKEY, timeout in 2911 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f53540048f8 size 128 | pstats #21 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="3des" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for 3des (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 8e 42 e0 8e | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=8e42e08e;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=3des_cbc: .key_size=24 .salt_size=0 keymat_len=44 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5eb0 | result: data=Ni-key@0x5612128fa5c0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x5612128fa5c0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5e98 | result: data=Ni-key@0x5612128e9a80 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x5612128fa5c0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e9a80 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffe4aed5ea0 | result: data+=Nr-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x5612128e9a80 | prf+0 PRF sha init key-key@0x7f534c006bb0 (size 20) | prf+0: key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x5612128e9a80 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f5350002b50 from key-key@0x5612128e9a80 | prf+0 prf: begin sha with context 0x7f5350002b50 from key-key@0x5612128e9a80 | prf+0: release clone-key@0x5612128e9a80 | prf+0 PRF sha crypt-prf@0x5612128fcae8 | prf+0 PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+0: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 91 05 fb cf c4 3d a7 1b d6 e9 01 c9 53 07 e4 1c 69 16 58 7f 85 59 52 71 9b fd bc cc 08 9a 49 36 c2 54 50 3e 83 07 5e 7d f2 51 f0 64 eb 5b d7 d4 13 11 d8 f0 7c 9f 93 79 6d 12 ee 7d be 2e d9 36 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x7f5354002b78 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x56121285f080 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x56121285f080 | prf+0 PRF sha final-key@0x5612128e9a80 (size 20) | prf+0: key-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x5612128e9a80 | prf+N PRF sha init key-key@0x7f534c006bb0 (size 20) | prf+N: key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x56121285f080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350002b50 from key-key@0x56121285f080 | prf+N prf: begin sha with context 0x7f5350002b50 from key-key@0x56121285f080 | prf+N: release clone-key@0x56121285f080 | prf+N PRF sha crypt-prf@0x5612129049c8 | prf+N PRF sha update old_t-key@0x5612128e9a80 (size 20) | prf+N: old_t-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: b0 b7 71 95 65 4a f9 ab 42 9b 08 76 2b 19 c1 a2 54 dc 32 0a 50 a0 e5 55 b1 db 16 bb 50 16 b2 d1 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x5612128fcb88 | unwrapped: be 52 88 fa dc ac 5d 40 e4 64 a4 ee ca fa ae 47 | unwrapped: 2d 62 30 3f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+N: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 91 05 fb cf c4 3d a7 1b d6 e9 01 c9 53 07 e4 1c 69 16 58 7f 85 59 52 71 9b fd bc cc 08 9a 49 36 c2 54 50 3e 83 07 5e 7d f2 51 f0 64 eb 5b d7 d4 13 11 d8 f0 7c 9f 93 79 6d 12 ee 7d be 2e d9 36 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x5612128fc178 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x561212901410 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x561212901410 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x561212901410 | prf+N PRF sha final-key@0x56121285f080 (size 20) | prf+N: key-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe4aed5e48 | result: result-key@0x561212901410 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e9a80 | prfplus: release old_t[N]-key@0x5612128e9a80 | prf+N PRF sha init key-key@0x7f534c006bb0 (size 20) | prf+N: key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x5612128e9a80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350002b50 from key-key@0x5612128e9a80 | prf+N prf: begin sha with context 0x7f5350002b50 from key-key@0x5612128e9a80 | prf+N: release clone-key@0x5612128e9a80 | prf+N PRF sha crypt-prf@0x5612128fcae8 | prf+N PRF sha update old_t-key@0x56121285f080 (size 20) | prf+N: old_t-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: d2 80 d3 14 ff ac 58 7c 6e f8 ea e2 f4 d4 db d1 6e c4 2d 56 a8 d6 c4 07 67 0a 5d f5 6f c5 89 06 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x5612128fcb38 | unwrapped: cc 47 ce 3a 63 94 79 5d 0b 2c d7 c8 50 bd 9d ca | unwrapped: 82 35 42 69 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+N: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 91 05 fb cf c4 3d a7 1b d6 e9 01 c9 53 07 e4 1c 69 16 58 7f 85 59 52 71 9b fd bc cc 08 9a 49 36 c2 54 50 3e 83 07 5e 7d f2 51 f0 64 eb 5b d7 d4 13 11 d8 f0 7c 9f 93 79 6d 12 ee 7d be 2e d9 36 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x7f5354002b78 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x5612128e96a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e96a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e96a0 | prf+N PRF sha final-key@0x5612128e9a80 (size 20) | prf+N: key-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x561212901410 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe4aed5e48 | result: result-key@0x5612128e96a0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x561212901410 | prfplus: release old_t[N]-key@0x56121285f080 | prf+N PRF sha init key-key@0x7f534c006bb0 (size 20) | prf+N: key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x56121285f080 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350002b50 from key-key@0x56121285f080 | prf+N prf: begin sha with context 0x7f5350002b50 from key-key@0x56121285f080 | prf+N: release clone-key@0x56121285f080 | prf+N PRF sha crypt-prf@0x5612128fcb88 | prf+N PRF sha update old_t-key@0x5612128e9a80 (size 20) | prf+N: old_t-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x5612128e9a80 | nss hmac digest hack: symkey-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: c2 fd 7f 05 fa 14 e8 ad ec 9d ff 21 ef 84 a0 0b a6 6d 23 b9 0a e6 c7 3c 71 05 71 71 1e ea 7c ef | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x5612128fcc28 | unwrapped: 5d ef 61 db 8b e8 9e 2b 48 8c bb 15 d2 92 dc 7c | unwrapped: b9 44 66 02 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+N: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 91 05 fb cf c4 3d a7 1b d6 e9 01 c9 53 07 e4 1c 69 16 58 7f 85 59 52 71 9b fd bc cc 08 9a 49 36 c2 54 50 3e 83 07 5e 7d f2 51 f0 64 eb 5b d7 d4 13 11 d8 f0 7c 9f 93 79 6d 12 ee 7d be 2e d9 36 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x5612128fc178 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x561212901410 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x561212901410 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x561212901410 | prf+N PRF sha final-key@0x56121285f080 (size 20) | prf+N: key-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x5612128e96a0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe4aed5e48 | result: result-key@0x561212901410 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x5612128e96a0 | prfplus: release old_t[N]-key@0x5612128e9a80 | prf+N PRF sha init key-key@0x7f534c006bb0 (size 20) | prf+N: key-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f534c006bb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5dc8 | result: clone-key@0x5612128e9a80 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f5350002b50 from key-key@0x5612128e9a80 | prf+N prf: begin sha with context 0x7f5350002b50 from key-key@0x5612128e9a80 | prf+N: release clone-key@0x5612128e9a80 | prf+N PRF sha crypt-prf@0x5612129049c8 | prf+N PRF sha update old_t-key@0x56121285f080 (size 20) | prf+N: old_t-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x56121285f080 | nss hmac digest hack: symkey-key@0x56121285f080 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)293626464: 24 3b c4 c6 84 af 97 37 5c 5f 58 2e 3c 5d c6 0f d8 de 64 d3 77 bf 41 cb b1 cf 1f 11 f7 4d 7a d8 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 32 bytes at 0x5612128fcb38 | unwrapped: 07 4e ca 60 d9 d2 d8 b3 b2 2f f5 5a 9a f8 99 84 | unwrapped: 3f 02 49 17 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x5612128fa5c0 (size 64) | prf+N: seed-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x5612128fa5c0 | nss hmac digest hack: symkey-key@0x5612128fa5c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x5612128e2eb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)293626365: 91 05 fb cf c4 3d a7 1b d6 e9 01 c9 53 07 e4 1c 69 16 58 7f 85 59 52 71 9b fd bc cc 08 9a 49 36 c2 54 50 3e 83 07 5e 7d f2 51 f0 64 eb 5b d7 d4 13 11 d8 f0 7c 9f 93 79 6d 12 ee 7d be 2e d9 36 | nss hmac digest hack: release slot-key-key@0x5612128e2eb0 | nss hmac digest hack extracted len 64 bytes at 0x7f5354002b78 | unwrapped: 6b 13 c7 9a e2 88 62 d3 4b c1 aa 1d c9 95 0a d9 | unwrapped: bf fb 77 5e d5 65 bf ef 7d b7 80 5e e6 34 42 96 | unwrapped: ab 0c 49 fa 7b 41 28 1b 41 c4 f6 d5 71 6a 0f ed | unwrapped: 0d 12 82 be 05 9f 63 ba a1 ef 9a 1c d8 5a d4 1a | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffe4aed5dd0 | result: final-key@0x5612128e96a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x5612128e96a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5db8 | result: final-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x5612128e96a0 | prf+N PRF sha final-key@0x5612128e9a80 (size 20) | prf+N: key-key@0x5612128e9a80 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x561212901410 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffe4aed5e48 | result: result-key@0x5612128e96a0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x561212901410 | prfplus: release old_t[N]-key@0x56121285f080 | prfplus: release old_t[final]-key@0x5612128e9a80 | child_sa_keymat: release data-key@0x5612128fa5c0 | key-offset: 0, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x5612128e96a0 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f28 | result: result-key@0x5612128fa5c0 (44-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 44 bytes of key@0x5612128fa5c0 | initiator to responder keys: symkey-key@0x5612128fa5c0 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x5612128e2eb0 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)859381862: b0 b7 71 95 65 4a f9 ab 42 9b 08 76 2b 19 c1 a2 dd e5 1c 61 88 d1 f7 16 2e b5 bc bd 84 6e 52 63 6e d6 6c 76 0f cc c8 b4 bf 4c 19 7e fb 30 8b ad | initiator to responder keys: release slot-key-key@0x5612128e2eb0 | initiator to responder keys extracted len 48 bytes at 0x7f5340001378 | unwrapped: be 52 88 fa dc ac 5d 40 e4 64 a4 ee ca fa ae 47 | unwrapped: 2d 62 30 3f cc 47 ce 3a 63 94 79 5d 0b 2c d7 c8 | unwrapped: 50 bd 9d ca 82 35 42 69 5d ef 61 db 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x5612128fa5c0 | key-offset: 44, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x5612128e96a0 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed5f28 | result: result-key@0x5612128fa5c0 (44-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 44 bytes of key@0x5612128fa5c0 | responder to initiator keys:: symkey-key@0x5612128fa5c0 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x56121285e1c0 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x5612128e2eb0 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)859381862: 04 d0 92 c2 df b0 ff d8 e2 f2 77 c1 10 a3 ef dc 24 3b c4 c6 84 af 97 37 5c 5f 58 2e 3c 5d c6 0f 71 98 ed 82 9f ce 39 d0 c4 6f 32 e7 a9 80 1d 29 | responder to initiator keys:: release slot-key-key@0x5612128e2eb0 | responder to initiator keys: extracted len 48 bytes at 0x7f533c001858 | unwrapped: 8b e8 9e 2b 48 8c bb 15 d2 92 dc 7c b9 44 66 02 | unwrapped: 07 4e ca 60 d9 d2 d8 b3 b2 2f f5 5a 9a f8 99 84 | unwrapped: 3f 02 49 17 8d ec f1 c3 22 bf 67 70 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x5612128fa5c0 | ikev2_derive_child_keys: release keymat-key@0x5612128e96a0 | #21 spent 1.49 milliseconds | install_ipsec_sa() for #22: inbound and outbound | could_route called for 3des (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection '3des' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.8e42e08e@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection '3des' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.dea67d75@192.1.2.45 included non-error error | priority calculation of connection "3des" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #22: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: 3des (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #22 | priority calculation of connection "3des" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8e42e08e SPI_OUT=0x | popen cmd is 1023 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' : | cmd( 160):PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1642: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: | cmd( 960):ED='no' SPI_IN=0x8e42e08e SPI_OUT=0xdea67d75 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8e42e08e | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x8e42e08e SPI_OUT=0xdea67d75 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8e42e08e SPI_ | popen cmd is 1026 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTE: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@wes: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIEN: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: | cmd( 320):6428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PE: | cmd( 400):ER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MAS: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: | cmd( 640):UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x8e42e08e SPI_OUT=0xdea67d75 ipsec _updown 2>&1: | route_and_eroute: instance "3des", setting eroute_owner {spd=0x561212901758,sr=0x561212901758} to #22 (was #0) (newest_ipsec_sa=#0) | #21 spent 1.48 milliseconds in install_ipsec_sa() | inR2: instance 3des[0], setting IKEv2 newest_ipsec_sa to #22 (was #0) (spd.eroute=#22) cloned from #21 | state #22 requesting EVENT_RETRANSMIT to be deleted | #22 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x5612128fc5e8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5344002b78 | #22 spent 2.75 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #22 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #22 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #22: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #22 to 1 after switching state | Message ID: recv #21.#22 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #21.#22 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #22 ikev2.child established "3des" #22: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "3des" #22: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x8e42e08e <0xdea67d75 xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #22 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #21 | unpending state #21 connection "3des" | delete from pending Child SA with 192.1.2.23 "3des" | removing pending policy for no connection {0x5612128ee1f8} | close_any(fd@24) (in release_whack() at state.c:654) | #22 will start re-keying in 27961 seconds with margin of 839 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f5344002b78 | inserting event EVENT_SA_REKEY, timeout in 27961 seconds for #22 | libevent_malloc: new ptr-libevent@0x5612128fe198 size 128 | stop processing: state #22 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #21 spent 3.11 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 3.13 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00467 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00315 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00298 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.dea67d75@192.1.2.45 | get_sa_info esp.8e42e08e@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0683 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #22 | suspend processing: connection "3des" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #22 connection "3des" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #22 ikev2.child deleted completed | #22 spent 2.75 milliseconds in total | [RE]START processing: state #22 connection "3des" from 192.1.2.23 (in delete_state() at state.c:879) "3des" #22: deleting state (STATE_V2_IPSEC_I) aged 0.070s and sending notification | child state #22: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.8e42e08e@192.1.2.23 | get_sa_info esp.dea67d75@192.1.2.45 "3des" #22: ESP traffic information: in=84B out=84B | #22 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | db 0d e7 9d 7c be 70 ca | responder cookie: | cb 84 1d a1 eb 0c 43 41 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis de a6 7d 75 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | d7 9d ec bf f4 f8 e6 50 | data before encryption: | 00 00 00 0c 03 04 00 01 de a6 7d 75 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | b3 35 bc c7 c8 87 1c b1 6b 24 7f c2 40 ed f5 da | hmac PRF sha init symkey-key@0x5612128e0610 (size 20) | hmac: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed2d78 | result: clone-key@0x5612128e96a0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5350002b50 from symkey-key@0x5612128e96a0 | hmac prf: begin sha with context 0x7f5350002b50 from symkey-key@0x5612128e96a0 | hmac: release clone-key@0x5612128e96a0 | hmac PRF sha crypt-prf@0x5612129049c8 | hmac PRF sha update data-bytes@0x7ffe4aed3150 (length 56) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | d7 9d ec bf f4 f8 e6 50 b3 35 bc c7 c8 87 1c b1 | 6b 24 7f c2 40 ed f5 da | hmac PRF sha final-bytes@0x7ffe4aed3188 (length 20) | 0f 85 87 bd 1d 44 2f 17 52 ef d1 0a 4e d0 89 81 | 57 16 b9 af | data being hmac: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | data being hmac: d7 9d ec bf f4 f8 e6 50 b3 35 bc c7 c8 87 1c b1 | data being hmac: 6b 24 7f c2 40 ed f5 da | out calculated auth: | 0f 85 87 bd 1d 44 2f 17 52 ef d1 0a | sending 68 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #22) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | d7 9d ec bf f4 f8 e6 50 b3 35 bc c7 c8 87 1c b1 | 6b 24 7f c2 40 ed f5 da 0f 85 87 bd 1d 44 2f 17 | 52 ef d1 0a | Message ID: IKE #21 sender #22 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #21 sender #22 in send_delete hacking around record ' send | Message ID: sent #21 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #22 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x5612128fe198 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f5344002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825168' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8e42e08e | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1566825168' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0x8e42e08e SPI_OUT=0xdea67d75 ipsec _updown 2>&1: | shunt_eroute() called for connection '3des' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "3des" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.8e42e08e@192.1.2.23 | netlink response for Del SA esp.8e42e08e@192.1.2.23 included non-error error | priority calculation of connection "3des" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.dea67d75@192.1.2.45 | netlink response for Del SA esp.dea67d75@192.1.2.45 included non-error error | stop processing: connection "3des" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #22 in V2_IPSEC_I | child state #22: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #22 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f534c006bb0 | delete_state: release st->st_skey_ai_nss-key@0x5612128e0610 | delete_state: release st->st_skey_ar_nss-key@0x5612128e6190 | delete_state: release st->st_skey_ei_nss-key@0x5612128ffbc0 | delete_state: release st->st_skey_er_nss-key@0x5612128e7c40 | delete_state: release st->st_skey_pi_nss-key@0x7f534c00a0e0 | delete_state: release st->st_skey_pr_nss-key@0x561212900560 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #21 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #21 | start processing: state #21 connection "3des" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #21 ikev2.ike deleted completed | #21 spent 7.8 milliseconds in total | [RE]START processing: state #21 connection "3des" from 192.1.2.23 (in delete_state() at state.c:879) "3des" #21: deleting state (STATE_PARENT_I3) aged 0.087s and sending notification | parent state #21: PARENT_I3(established IKE SA) => delete | #21 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | db 0d e7 9d 7c be 70 ca | responder cookie: | cb 84 1d a1 eb 0c 43 41 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | de 4f 03 d1 bc f7 08 c9 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 48 49 06 87 11 61 d3 72 86 4d 0a 87 64 2d 43 99 | hmac PRF sha init symkey-key@0x5612128e0610 (size 20) | hmac: symkey-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x5612128e0610 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffe4aed2d78 | result: clone-key@0x5612128e96a0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x7f5344002b50 from symkey-key@0x5612128e96a0 | hmac prf: begin sha with context 0x7f5344002b50 from symkey-key@0x5612128e96a0 | hmac: release clone-key@0x5612128e96a0 | hmac PRF sha crypt-prf@0x5612128fc758 | hmac PRF sha update data-bytes@0x7ffe4aed3150 (length 56) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | de 4f 03 d1 bc f7 08 c9 48 49 06 87 11 61 d3 72 | 86 4d 0a 87 64 2d 43 99 | hmac PRF sha final-bytes@0x7ffe4aed3188 (length 20) | 6b ef 1d 6c 07 f1 e6 9a 53 f4 4b 2c 54 74 13 ee | ba 9b 86 5f | data being hmac: db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | data being hmac: de 4f 03 d1 bc f7 08 c9 48 49 06 87 11 61 d3 72 | data being hmac: 86 4d 0a 87 64 2d 43 99 | out calculated auth: | 6b ef 1d 6c 07 f1 e6 9a 53 f4 4b 2c | sending 68 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | de 4f 03 d1 bc f7 08 c9 48 49 06 87 11 61 d3 72 | 86 4d 0a 87 64 2d 43 99 6b ef 1d 6c 07 f1 e6 9a | 53 f4 4b 2c | Message ID: IKE #21 sender #21 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #21 sender #21 in send_delete hacking around record ' send | Message ID: #21 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #21 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #21 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f53540048f8 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f5340002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #21 in PARENT_I3 | parent state #21: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f5340006788: destroyed | stop processing: state #21 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f534c00d840 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f534c006bb0 | delete_state: release st->st_skey_ai_nss-key@0x5612128e0610 | delete_state: release st->st_skey_ar_nss-key@0x5612128e6190 | delete_state: release st->st_skey_ei_nss-key@0x5612128ffbc0 | delete_state: release st->st_skey_er_nss-key@0x5612128e7c40 | delete_state: release st->st_skey_pi_nss-key@0x7f534c00a0e0 | delete_state: release st->st_skey_pr_nss-key@0x561212900560 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.78 milliseconds in whack | spent 0.00174 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 9b 81 a4 83 9e 8b 40 c1 23 1f e6 7a e0 17 95 b0 | 73 67 cf 3e 92 1f 51 79 0d 24 8d 11 ac 74 7c ac | 02 3a c3 e6 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | db 0d e7 9d 7c be 70 ca | responder cookie: | cb 84 1d a1 eb 0c 43 41 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0644 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00437 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00208 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 60 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | db 0d e7 9d 7c be 70 ca cb 84 1d a1 eb 0c 43 41 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | 32 78 36 15 ab d4 eb 51 cd 0b 9b d9 2f 5b 83 78 | d1 0d 1d 9b c8 45 60 08 b2 f7 43 b6 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | db 0d e7 9d 7c be 70 ca | responder cookie: | cb 84 1d a1 eb 0c 43 41 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 60 (0x3c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0557 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "3des" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection '3des' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "3des" is 0xfe7e7 | priority calculation of connection "3des" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0 | popen cmd is 1012 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16428' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO: | cmd( 400):_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_: | cmd( 480):MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=': | cmd( 560):' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+P: | cmd( 640):FS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x5612128fbe98 | flush revival: connection '3des' wasn't on the list | stop processing: connection "3des" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.808 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00354 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.413 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0669 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:192 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.046 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection 3des with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: 3DES_CBC-HMAC_SHA1-MODP2048 | from whack: got --esp=3des-sha1;modp2048 | ESP/AH string values: 3DES_CBC-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x5612128fbe98 added connection description "3des" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.135 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in initiate_a_connection() at initiate.c:186) | connection '3des' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #23 at 0x561212900758 | State DB: adding IKEv2 state #23 in UNDEFINED | pstats #23 ikev2.ike started | Message ID: init #23: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #23: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #23; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #23 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "3des" IKE SA #23 "3des" "3des" #23: initiating v2 parent SA | constructing local IKE proposals for 3des (IKE SA initiator selecting KE) | converting ike_info 3DES_CBC-HMAC_SHA1-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_IKE 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "3des": constructed local IKE proposals for 3des (IKE SA initiator selecting KE): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 23 for state #23 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #23 | libevent_malloc: new ptr-libevent@0x561212904918 size 128 | #23 spent 0.107 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 0 resuming | RESET processing: state #23 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 0 starting work-order 23 for state #23 | RESET processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 23 | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.198 milliseconds in whack | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f534c0103b8: created | NSS: Local DH MODP2048 secret (pointer): 0x7f534c0103b8 | NSS: Public DH wire value: | 6a f3 c1 95 5f 59 76 99 d9 6a ee 45 25 dc 52 68 | 42 c7 af f8 9d 02 db 0c e6 74 fd ec 23 19 fc 96 | 11 6f c9 54 cb cd a0 86 aa 96 e9 c6 5f a4 00 4e | b1 32 0d f7 47 ea e4 3c e4 54 81 54 a3 61 d4 d5 | d3 d6 bb 5c 9b 71 60 3e d6 a2 e3 34 49 bf 98 a0 | 74 d6 d2 92 3a 54 5e a2 96 08 bd b4 ee c2 db 28 | ba 52 3e bd 53 53 bc 2d a2 da 68 53 27 56 8e e6 | c0 cb b8 87 75 af 8f 93 a5 bb 2f a9 bb 23 e0 98 | 3f 5d 72 e6 e3 ba cb ce 04 cd 6a 63 b0 e0 59 3f | fa b7 05 6b ab 86 31 1d 4e 83 ae d9 d9 28 82 31 | dd 1e 18 da c7 16 c2 74 7d a5 5c c9 4e 99 db 19 | 24 28 56 3a df c1 fb bf cd d0 37 11 1f 52 e5 6a | 7e 9e fb 79 9b 95 6c 4a 6e b7 44 52 45 37 23 c0 | 76 76 c5 f4 e5 c8 ee 2e b0 8c f5 1e 7c 4d 2b 6c | 4a 65 18 49 67 2d 32 fd 62 26 4e 91 97 ae 33 2d | 87 6c 1a 41 6f 7c f2 86 b1 25 40 73 45 3a a9 df | Generated nonce: ab 57 ac ea 77 7b f7 64 01 3b 8f 9f b1 c7 ea b9 | Generated nonce: 8d fa 6c f9 18 7b 5a 15 61 18 70 3f 35 e1 c4 6e | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 23 time elapsed 0.000907 seconds | (#23) spent 0.897 milliseconds in crypto helper computing work-order 23: ikev2_outI1 KE (pcr) | crypto helper 0 sending results from work-order 23 for state #23 to event queue | scheduling resume sending helper answer for #23 | libevent_malloc: new ptr-libevent@0x7f534c005088 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #23 | start processing: state #23 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 23 | calling continuation function 0x561211773b50 | ikev2_parent_outI1_continue for #23 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f534c0103b8: transferring ownership from helper KE to state #23 | **emit ISAKMP Message: | initiator cookie: | de ac 7f e4 26 db 83 34 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection 3des (IKE SA initiator emitting local proposals): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "3des" #23: IMPAIR: emitting fixed-length key-length attribute with 192 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 192 (0xc0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 6a f3 c1 95 5f 59 76 99 d9 6a ee 45 25 dc 52 68 | ikev2 g^x 42 c7 af f8 9d 02 db 0c e6 74 fd ec 23 19 fc 96 | ikev2 g^x 11 6f c9 54 cb cd a0 86 aa 96 e9 c6 5f a4 00 4e | ikev2 g^x b1 32 0d f7 47 ea e4 3c e4 54 81 54 a3 61 d4 d5 | ikev2 g^x d3 d6 bb 5c 9b 71 60 3e d6 a2 e3 34 49 bf 98 a0 | ikev2 g^x 74 d6 d2 92 3a 54 5e a2 96 08 bd b4 ee c2 db 28 | ikev2 g^x ba 52 3e bd 53 53 bc 2d a2 da 68 53 27 56 8e e6 | ikev2 g^x c0 cb b8 87 75 af 8f 93 a5 bb 2f a9 bb 23 e0 98 | ikev2 g^x 3f 5d 72 e6 e3 ba cb ce 04 cd 6a 63 b0 e0 59 3f | ikev2 g^x fa b7 05 6b ab 86 31 1d 4e 83 ae d9 d9 28 82 31 | ikev2 g^x dd 1e 18 da c7 16 c2 74 7d a5 5c c9 4e 99 db 19 | ikev2 g^x 24 28 56 3a df c1 fb bf cd d0 37 11 1f 52 e5 6a | ikev2 g^x 7e 9e fb 79 9b 95 6c 4a 6e b7 44 52 45 37 23 c0 | ikev2 g^x 76 76 c5 f4 e5 c8 ee 2e b0 8c f5 1e 7c 4d 2b 6c | ikev2 g^x 4a 65 18 49 67 2d 32 fd 62 26 4e 91 97 ae 33 2d | ikev2 g^x 87 6c 1a 41 6f 7c f2 86 b1 25 40 73 45 3a a9 df | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce ab 57 ac ea 77 7b f7 64 01 3b 8f 9f b1 c7 ea b9 | IKEv2 nonce 8d fa 6c f9 18 7b 5a 15 61 18 70 3f 35 e1 c4 6e | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | de ac 7f e4 26 db 83 34 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | b9 36 9e 8a f1 04 90 5a 6a cd 4a d5 28 3d cf 37 | c6 07 29 fc | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= de ac 7f e4 26 db 83 34 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= b9 36 9e 8a f1 04 90 5a 6a cd 4a d5 28 3d cf 37 | natd_hash: hash= c6 07 29 fc | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data b9 36 9e 8a f1 04 90 5a 6a cd 4a d5 28 3d cf 37 | Notify data c6 07 29 fc | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | de ac 7f e4 26 db 83 34 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | cc 30 c0 54 78 e7 af fd a0 a5 9e 70 1e 3a 5b 95 | 82 d1 22 9f | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= de ac 7f e4 26 db 83 34 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= cc 30 c0 54 78 e7 af fd a0 a5 9e 70 1e 3a 5b 95 | natd_hash: hash= 82 d1 22 9f | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data cc 30 c0 54 78 e7 af fd a0 a5 9e 70 1e 3a 5b 95 | Notify data 82 d1 22 9f | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #23 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #23 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #23 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #23: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #23 to 4294967295 after switching state | Message ID: IKE #23 skipping update_recv as MD is fake | Message ID: sent #23 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "3des" #23: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #23) | de ac 7f e4 26 db 83 34 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 c0 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 6a f3 c1 95 5f 59 76 99 d9 6a ee 45 | 25 dc 52 68 42 c7 af f8 9d 02 db 0c e6 74 fd ec | 23 19 fc 96 11 6f c9 54 cb cd a0 86 aa 96 e9 c6 | 5f a4 00 4e b1 32 0d f7 47 ea e4 3c e4 54 81 54 | a3 61 d4 d5 d3 d6 bb 5c 9b 71 60 3e d6 a2 e3 34 | 49 bf 98 a0 74 d6 d2 92 3a 54 5e a2 96 08 bd b4 | ee c2 db 28 ba 52 3e bd 53 53 bc 2d a2 da 68 53 | 27 56 8e e6 c0 cb b8 87 75 af 8f 93 a5 bb 2f a9 | bb 23 e0 98 3f 5d 72 e6 e3 ba cb ce 04 cd 6a 63 | b0 e0 59 3f fa b7 05 6b ab 86 31 1d 4e 83 ae d9 | d9 28 82 31 dd 1e 18 da c7 16 c2 74 7d a5 5c c9 | 4e 99 db 19 24 28 56 3a df c1 fb bf cd d0 37 11 | 1f 52 e5 6a 7e 9e fb 79 9b 95 6c 4a 6e b7 44 52 | 45 37 23 c0 76 76 c5 f4 e5 c8 ee 2e b0 8c f5 1e | 7c 4d 2b 6c 4a 65 18 49 67 2d 32 fd 62 26 4e 91 | 97 ae 33 2d 87 6c 1a 41 6f 7c f2 86 b1 25 40 73 | 45 3a a9 df 29 00 00 24 ab 57 ac ea 77 7b f7 64 | 01 3b 8f 9f b1 c7 ea b9 8d fa 6c f9 18 7b 5a 15 | 61 18 70 3f 35 e1 c4 6e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 b9 36 9e 8a f1 04 90 5a | 6a cd 4a d5 28 3d cf 37 c6 07 29 fc 00 00 00 1c | 00 00 40 05 cc 30 c0 54 78 e7 af fd a0 a5 9e 70 | 1e 3a 5b 95 82 d1 22 9f | state #23 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x561212904918 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5340002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #23 | libevent_malloc: new ptr-libevent@0x5612128fe198 size 128 | #23 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10454.837228 | resume sending helper answer for #23 suppresed complete_v2_state_transition() and stole MD | #23 spent 0.576 milliseconds in resume sending helper answer | stop processing: state #23 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f534c005088 | spent 0.00239 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | de ac 7f e4 26 db 83 34 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | de ac 7f e4 26 db 83 34 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #23 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #23 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #23 connection "3des" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #23 is idle | #23 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #23 IKE SPIi and SPI[ir] | #23 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "3des" #23: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #23 spent 0.00822 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #23 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #23 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #23 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #23 spent 0.131 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.144 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x7f5340002b78 | handling event EVENT_RETRANSMIT for parent state #23 | start processing: state #23 connection "3des" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #23 connection "3des" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "3des" #23 attempt 2 of 0 | and parent for 192.1.2.23 "3des" #23 keying attempt 1 of 0; retransmit 1 "3des" #23: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #23 connection "3des" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:234) | pstats #23 ikev2.ike failed too-many-retransmits | pstats #23 ikev2.ike deleted too-many-retransmits | #23 spent 1.71 milliseconds in total | [RE]START processing: state #23 connection "3des" from 192.1.2.23 (in delete_state() at state.c:879) "3des" #23: deleting state (STATE_PARENT_I1) aged 0.502s and NOT sending notification | parent state #23: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection 3des | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "3des" {0x5612128ee1f8} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #23 "3des" #23: deleting IKE SA for connection '3des' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection '3des' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection 3des | State DB: deleting IKEv2 state #23 in PARENT_I1 | parent state #23: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f534c0103b8: destroyed | stop processing: state #23 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x5612128fe198 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5340002b78 | in statetime_stop() and could not find #23 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection 3des which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in initiate_a_connection() at initiate.c:186) | connection '3des' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #24 at 0x561212900758 | State DB: adding IKEv2 state #24 in UNDEFINED | pstats #24 ikev2.ike started | Message ID: init #24: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #24: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #24; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #24 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "3des" IKE SA #24 "3des" "3des" #24: initiating v2 parent SA | using existing local IKE proposals for connection 3des (IKE SA initiator selecting KE): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 24 for state #24 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #24 | libevent_malloc: new ptr-libevent@0x7f534c005088 size 128 | #24 spent 0.0869 milliseconds in ikev2_parent_outI1() | RESET processing: state #24 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 3 resuming | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | crypto helper 3 starting work-order 24 for state #24 | spent 0.115 milliseconds in global timer EVENT_REVIVE_CONNS | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 24 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f53500079b8: created | NSS: Local DH MODP2048 secret (pointer): 0x7f53500079b8 | NSS: Public DH wire value: | fd 05 bc fc 98 d9 a3 b8 99 20 61 79 cf 46 48 3b | b8 c9 4a 9a 25 ad 7a 26 c3 bf a8 1b 24 99 b6 94 | f4 cf db 66 e5 87 bd 1b 40 f6 80 82 5b de c6 62 | d8 69 0e c7 2b 88 8d 5c 63 74 d5 c0 2d d8 9a c2 | 60 b3 2a 73 e6 f0 cc f4 47 84 cd 8a 71 f1 30 94 | c6 b2 85 97 15 0b 69 14 ae 97 82 08 97 0b d4 31 | 0e 7d 5a b8 ee 0f 3b cf 11 23 3a b1 23 07 6c de | 1b 22 37 58 d9 de b6 bf db 12 56 76 2a 63 27 35 | 4e cc c3 00 15 f8 f9 ff 06 e2 cc b6 ab 22 ba 15 | 86 52 4d d9 4b 8d 54 48 43 ff 1c 9c 96 e9 5a 36 | 88 8c 41 8c c1 4d 62 19 12 86 e7 5f 8d 24 2a d4 | 42 6e 3b 9e a8 4c 42 df 13 fc 31 92 ba 36 a8 ef | 22 b6 97 3a a6 0a cf d4 fd 06 b8 5d 0d 5b 3e 05 | bc 76 2f 39 9d 7c 84 d0 39 3a 3b 0d af a5 53 31 | 42 1c e4 f6 68 8c af e9 8b f2 cd 19 eb 78 c4 01 | e5 f0 63 76 c7 ee dc 39 9b 01 94 d4 93 b0 83 75 | Generated nonce: 32 b7 a2 b1 90 de a5 e9 4c f7 0d b6 e2 47 2c 2a | Generated nonce: 8c de 2e ad 9f 69 55 77 b2 21 d6 7e 62 bb 32 7c | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 24 time elapsed 0.00075 seconds | (#24) spent 0.753 milliseconds in crypto helper computing work-order 24: ikev2_outI1 KE (pcr) | crypto helper 3 sending results from work-order 24 for state #24 to event queue | scheduling resume sending helper answer for #24 | libevent_malloc: new ptr-libevent@0x7f53500014a8 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #24 | start processing: state #24 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 24 | calling continuation function 0x561211773b50 | ikev2_parent_outI1_continue for #24 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f53500079b8: transferring ownership from helper KE to state #24 | **emit ISAKMP Message: | initiator cookie: | 7a 07 64 b3 75 f8 69 8d | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection 3des (IKE SA initiator emitting local proposals): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "3des" #24: IMPAIR: emitting fixed-length key-length attribute with 192 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 192 (0xc0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x fd 05 bc fc 98 d9 a3 b8 99 20 61 79 cf 46 48 3b | ikev2 g^x b8 c9 4a 9a 25 ad 7a 26 c3 bf a8 1b 24 99 b6 94 | ikev2 g^x f4 cf db 66 e5 87 bd 1b 40 f6 80 82 5b de c6 62 | ikev2 g^x d8 69 0e c7 2b 88 8d 5c 63 74 d5 c0 2d d8 9a c2 | ikev2 g^x 60 b3 2a 73 e6 f0 cc f4 47 84 cd 8a 71 f1 30 94 | ikev2 g^x c6 b2 85 97 15 0b 69 14 ae 97 82 08 97 0b d4 31 | ikev2 g^x 0e 7d 5a b8 ee 0f 3b cf 11 23 3a b1 23 07 6c de | ikev2 g^x 1b 22 37 58 d9 de b6 bf db 12 56 76 2a 63 27 35 | ikev2 g^x 4e cc c3 00 15 f8 f9 ff 06 e2 cc b6 ab 22 ba 15 | ikev2 g^x 86 52 4d d9 4b 8d 54 48 43 ff 1c 9c 96 e9 5a 36 | ikev2 g^x 88 8c 41 8c c1 4d 62 19 12 86 e7 5f 8d 24 2a d4 | ikev2 g^x 42 6e 3b 9e a8 4c 42 df 13 fc 31 92 ba 36 a8 ef | ikev2 g^x 22 b6 97 3a a6 0a cf d4 fd 06 b8 5d 0d 5b 3e 05 | ikev2 g^x bc 76 2f 39 9d 7c 84 d0 39 3a 3b 0d af a5 53 31 | ikev2 g^x 42 1c e4 f6 68 8c af e9 8b f2 cd 19 eb 78 c4 01 | ikev2 g^x e5 f0 63 76 c7 ee dc 39 9b 01 94 d4 93 b0 83 75 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 32 b7 a2 b1 90 de a5 e9 4c f7 0d b6 e2 47 2c 2a | IKEv2 nonce 8c de 2e ad 9f 69 55 77 b2 21 d6 7e 62 bb 32 7c | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 7a 07 64 b3 75 f8 69 8d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 5d af 8a 4e 66 5a 30 60 f1 00 fb 2e 04 98 f7 53 | 94 f7 3c b5 | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 7a 07 64 b3 75 f8 69 8d | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 5d af 8a 4e 66 5a 30 60 f1 00 fb 2e 04 98 f7 53 | natd_hash: hash= 94 f7 3c b5 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 5d af 8a 4e 66 5a 30 60 f1 00 fb 2e 04 98 f7 53 | Notify data 94 f7 3c b5 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffe4aed65e0 (length 8) | 7a 07 64 b3 75 f8 69 8d | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffe4aed65e8 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffe4aed6514 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffe4aed6506 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffe4aed6590 (length 20) | 99 6a 5f 9a a9 19 fc 1e 45 39 14 15 5e ca 52 10 | 8b 20 fd db | natd_hash: hasher=0x561211848800(20) | natd_hash: icookie= 7a 07 64 b3 75 f8 69 8d | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 99 6a 5f 9a a9 19 fc 1e 45 39 14 15 5e ca 52 10 | natd_hash: hash= 8b 20 fd db | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 99 6a 5f 9a a9 19 fc 1e 45 39 14 15 5e ca 52 10 | Notify data 8b 20 fd db | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #24 connection "3des" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #24 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #24 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #24: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #24 to 4294967295 after switching state | Message ID: IKE #24 skipping update_recv as MD is fake | Message ID: sent #24 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "3des" #24: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #24) | 7a 07 64 b3 75 f8 69 8d 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 c0 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 fd 05 bc fc 98 d9 a3 b8 99 20 61 79 | cf 46 48 3b b8 c9 4a 9a 25 ad 7a 26 c3 bf a8 1b | 24 99 b6 94 f4 cf db 66 e5 87 bd 1b 40 f6 80 82 | 5b de c6 62 d8 69 0e c7 2b 88 8d 5c 63 74 d5 c0 | 2d d8 9a c2 60 b3 2a 73 e6 f0 cc f4 47 84 cd 8a | 71 f1 30 94 c6 b2 85 97 15 0b 69 14 ae 97 82 08 | 97 0b d4 31 0e 7d 5a b8 ee 0f 3b cf 11 23 3a b1 | 23 07 6c de 1b 22 37 58 d9 de b6 bf db 12 56 76 | 2a 63 27 35 4e cc c3 00 15 f8 f9 ff 06 e2 cc b6 | ab 22 ba 15 86 52 4d d9 4b 8d 54 48 43 ff 1c 9c | 96 e9 5a 36 88 8c 41 8c c1 4d 62 19 12 86 e7 5f | 8d 24 2a d4 42 6e 3b 9e a8 4c 42 df 13 fc 31 92 | ba 36 a8 ef 22 b6 97 3a a6 0a cf d4 fd 06 b8 5d | 0d 5b 3e 05 bc 76 2f 39 9d 7c 84 d0 39 3a 3b 0d | af a5 53 31 42 1c e4 f6 68 8c af e9 8b f2 cd 19 | eb 78 c4 01 e5 f0 63 76 c7 ee dc 39 9b 01 94 d4 | 93 b0 83 75 29 00 00 24 32 b7 a2 b1 90 de a5 e9 | 4c f7 0d b6 e2 47 2c 2a 8c de 2e ad 9f 69 55 77 | b2 21 d6 7e 62 bb 32 7c 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 5d af 8a 4e 66 5a 30 60 | f1 00 fb 2e 04 98 f7 53 94 f7 3c b5 00 00 00 1c | 00 00 40 05 99 6a 5f 9a a9 19 fc 1e 45 39 14 15 | 5e ca 52 10 8b 20 fd db | state #24 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f534c005088 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f5340002b78 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5340002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #24 | libevent_malloc: new ptr-libevent@0x5612128fe198 size 128 | #24 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10455.339244 | resume sending helper answer for #24 suppresed complete_v2_state_transition() and stole MD | #24 spent 0.574 milliseconds in resume sending helper answer | stop processing: state #24 connection "3des" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f53500014a8 | spent 0.00218 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 7a 07 64 b3 75 f8 69 8d 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 7a 07 64 b3 75 f8 69 8d | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #24 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #24 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #24 connection "3des" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) | #24 is idle | #24 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #24 IKE SPIi and SPI[ir] | #24 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "3des" #24: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #24 spent 0.00414 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #24 connection "3des" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) | #24 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #24 connection "3des" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) | #24 spent 0.11 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.121 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.164 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | removing pending policy for no connection {0x5612128ee1f8} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #24 | suspend processing: connection "3des" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #24 connection "3des" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #24 ikev2.ike deleted other | #24 spent 1.52 milliseconds in total | [RE]START processing: state #24 connection "3des" from 192.1.2.23 (in delete_state() at state.c:879) "3des" #24: deleting state (STATE_PARENT_I1) aged 0.016s and NOT sending notification | parent state #24: PARENT_I1(half-open IKE SA) => delete | state #24 requesting EVENT_RETRANSMIT to be deleted | #24 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x5612128fe198 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5340002b78 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "3des" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #24 in PARENT_I1 | parent state #24: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f53500079b8: destroyed | stop processing: state #24 from 192.1.2.23 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x5612128fbe98 | flush revival: connection '3des' wasn't on the list | stop processing: connection "3des" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.159 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.286 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.25 milliseconds in whack | spent 0.00308 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 4d 43 64 2b 14 89 89 a8 8d 1d b1 78 1a 7b 37 8b | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | bf 24 52 54 66 e9 f4 9c 94 c5 37 f6 fb ba 45 b2 | 80 35 3a 9b f3 c2 47 5b 3b 58 6f b5 23 30 11 3d | 00 02 22 da d1 06 92 31 b5 0e 69 70 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 4d 43 64 2b 14 89 89 a8 | responder cookie: | 8d 1d b1 78 1a 7b 37 8b | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 0 (0x0) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: INFORMATIONAL message request has no corresponding IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0529 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00196 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 33 f0 f4 e3 3a 9f 15 4f 26 2f 74 3b 36 e8 b1 a8 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | ac f3 2d 68 66 28 ea 5e be 8f bf 49 2c dd a2 bf | 5b d3 c5 7c 79 89 57 44 94 8e 3a 7d 44 0a d5 40 | a7 b6 ff 3e a3 c6 ab b3 78 11 bd 31 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 33 f0 f4 e3 3a 9f 15 4f | responder cookie: | 26 2f 74 3b 36 e8 b1 a8 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 0 (0x0) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: INFORMATIONAL message request has no corresponding IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0438 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.1.254:4500 shutting down interface eth0/eth0 192.0.1.254:500 shutting down interface eth1/eth1 192.1.2.45:4500 shutting down interface eth1/eth1 192.1.2.45:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x5612128eede8 | free_event_entry: release EVENT_NULL-pe@0x5612128faaf8 | libevent_free: release ptr-libevent@0x5612128829a8 | free_event_entry: release EVENT_NULL-pe@0x5612128faba8 | libevent_free: release ptr-libevent@0x561212886088 | free_event_entry: release EVENT_NULL-pe@0x5612128fac58 | libevent_free: release ptr-libevent@0x561212859868 | free_event_entry: release EVENT_NULL-pe@0x5612128fad08 | libevent_free: release ptr-libevent@0x5612128594e8 | free_event_entry: release EVENT_NULL-pe@0x5612128fadb8 | libevent_free: release ptr-libevent@0x5612128591d8 | free_event_entry: release EVENT_NULL-pe@0x5612128fae68 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x5612128eee98 | free_event_entry: release EVENT_NULL-pe@0x5612128e2b58 | libevent_free: release ptr-libevent@0x561212884508 | free_event_entry: release EVENT_NULL-pe@0x5612128e2ae8 | libevent_free: release ptr-libevent@0x5612128c6548 | free_event_entry: release EVENT_NULL-pe@0x5612128e1fa8 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x561212882068 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x56121288aa38 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x5612128fa2d8 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x5612128fa518 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x5612128fa3e8 | libevent_free: release ptr-libevent@0x5612128dd458 | libevent_free: release ptr-libevent@0x5612128dd408 | libevent_free: release ptr-libevent@0x5612128dd398 | libevent_free: release ptr-libevent@0x5612128dd358 | libevent_free: release ptr-libevent@0x5612128fa068 | libevent_free: release ptr-libevent@0x5612128fa218 | libevent_free: release ptr-libevent@0x5612128dd608 | libevent_free: release ptr-libevent@0x5612128e2778 | libevent_free: release ptr-libevent@0x5612128e2c68 | libevent_free: release ptr-libevent@0x5612128faed8 | libevent_free: release ptr-libevent@0x5612128fae28 | libevent_free: release ptr-libevent@0x5612128fad78 | libevent_free: release ptr-libevent@0x5612128facc8 | libevent_free: release ptr-libevent@0x5612128fac18 | libevent_free: release ptr-libevent@0x5612128fab68 | libevent_free: release ptr-libevent@0x561212881198 | libevent_free: release ptr-libevent@0x5612128fa298 | libevent_free: release ptr-libevent@0x5612128fa258 | libevent_free: release ptr-libevent@0x5612128fa1d8 | libevent_free: release ptr-libevent@0x5612128fa3a8 | libevent_free: release ptr-libevent@0x5612128fa0a8 | libevent_free: release ptr-libevent@0x561212858908 | libevent_free: release ptr-libevent@0x561212858d38 | libevent_free: release ptr-libevent@0x561212881508 | releasing global libevent data | libevent_free: release ptr-libevent@0x56121285d8b8 | libevent_free: release ptr-libevent@0x561212858cd8 | libevent_free: release ptr-libevent@0x561212858dd8 leak detective found no leaks